Merge pull request #1205 from Checkmarx/bug/AST-100708

Bug/sca-prarams-bug (AST-100708)

Author: cx-hitesh-madgulkar

go.mod

@@ -140,7 +140,7 @@ require (
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/go-restruct/restruct v1.2.0-alpha // indirect
-	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
+	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect

go.sum

@@ -421,8 +421,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZ
 github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
-github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
+github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=

internal/commands/scan.go

@@ -19,6 +19,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"unicode"
 
 	"github.com/checkmarx/ast-cli/internal/commands/asca"
 	"github.com/checkmarx/ast-cli/internal/commands/scarealtime"
@@ -1551,9 +1552,9 @@ func runScaResolver(sourceDir, scaResolver, scaResolverParams, projectName strin
 			scaResolverResultsFile,
 		}
 		if scaResolverParams != "" {
-			args = append(args, scaResolverParams)
+			parsedscaResolverParams := parseArgs(scaResolverParams)
+			args = append(args, parsedscaResolverParams...)
 		}
-
 		log.Println(fmt.Sprintf("Using SCA resolver: %s %v", scaResolver, args))
 		out, err := exec.Command(scaResolver, args...).Output()
 		logger.PrintIfVerbose(string(out))
@@ -1727,6 +1728,7 @@ func getScaResolverFlags(cmd *cobra.Command) (scaResolverParams, scaResolver str
 		scaResolver = ""
 		scaResolverParams = ""
 	}
+	logger.PrintfIfVerbose("Sca-Resolver params:: %v", scaResolverParams)
 	return scaResolverParams, scaResolver
 }
 
@@ -2973,3 +2975,34 @@ func validateBooleanString(value string) error {
 	}
 	return nil
 }
+
+func parseArgs(input string) []string {
+	var args []string
+	var current strings.Builder
+	var quote rune
+	inQuotes := false
+
+	for i, r := range input {
+		switch {
+		case (r == '\'' || r == '"') && !inQuotes:
+			inQuotes = true
+			quote = r
+		case r == quote && inQuotes:
+			inQuotes = false
+		case unicode.IsSpace(r) && !inQuotes:
+			if current.Len() > 0 {
+				args = append(args, current.String())
+				current.Reset()
+			}
+		default:
+			current.WriteRune(r)
+		}
+
+		// Append last token if input ends
+		if i == len(input)-1 && current.Len() > 0 {
+			args = append(args, current.String())
+		}
+	}
+
+	return args
+}

internal/commands/scan_test.go

@@ -2237,3 +2237,22 @@ func TestCreateScanWith_ScaResolver_Source_as_Zip(t *testing.T) {
 	err := execCmdNotNilAssertion(t, baseArgs...)
 	assert.Assert(t, strings.Contains(err.Error(), ScaResolverZipNotSupportedErr), err.Error())
 }
+
+func Test_parseArgs(t *testing.T) {
+	tests := []struct {
+		inputString string
+		lenOfArgs   int
+	}{
+		{"--log-level Debug --break-on-manifest-failure", 3},
+		{`test test1`, 2},
+		{"--gradle-parameters='-Prepository.proxy.url=123 -Prepository.proxy.username=123 -Prepository.proxy.password=123' --log-level Debug", 3},
+	}
+
+	for _, test := range tests {
+		fmt.Println("test ::", test)
+		result := parseArgs(test.inputString)
+		if len(result) != test.lenOfArgs {
+			t.Errorf(" test case failed for params %v", test)
+		}
+	}
+}