Merge branch 'main' into feature/AST-110820

cx-rahul-pidde · web-flow · commit b13285075630 · 2025-09-15T12:19:07.000+05:30
diff --git a/internal/commands/result.go b/internal/commands/result.go
@@ -1158,7 +1158,7 @@ func filterResultsByType(results *wrappers.ScanResultsCollection, excludedTypes
 func filterScsResultsByAgent(results *wrappers.ScanResultsCollection, agent string) *wrappers.ScanResultsCollection {
 	unsupportedTypesByAgent := map[string][]string{
 		commonParams.VSCodeAgent:       {commonParams.SCSScorecardType},
-		commonParams.JetbrainsAgent:    {commonParams.SCSScorecardType, commonParams.SCSSecretDetectionType},
+		commonParams.JetbrainsAgent:    {commonParams.SCSScorecardType},
 		commonParams.EclipseAgent:      {commonParams.SCSScorecardType, commonParams.SCSSecretDetectionType},
 		commonParams.VisualStudioAgent: {commonParams.SCSScorecardType},
 	}
@@ -1211,7 +1211,7 @@ func CreateScanReport(
 		return nil, err
 	}
 	if !scanPending {
-		results, err = ReadResults(resultsWrapper, exportWrapper, scan, resultsParams, agent)
+		results, err = ReadResults(resultsWrapper, exportWrapper, scan, resultsParams, agent, featureFlagsWrapper)
 		if err != nil {
 			return nil, err
 		}
@@ -1498,8 +1498,7 @@ func ReadResults(
 	exportWrapper wrappers.ExportWrapper,
 	scan *wrappers.ScanResponseModel,
 	resultsParams map[string]string,
-	agent string,
-) (results *wrappers.ScanResultsCollection, err error) {
+	agent string, featureflagsWrappers wrappers.FeatureFlagsWrapper) (results *wrappers.ScanResultsCollection, err error) {
 	var resultsModel *wrappers.ScanResultsCollection
 	var errorModel *wrappers.WebError
 
@@ -1522,7 +1521,7 @@ func ReadResults(
 			// Compute SAST results redundancy
 			resultsModel = ComputeRedundantSastResults(resultsModel)
 		}
-		resultsModel, err = enrichScaResults(exportWrapper, scan, resultsModel, scaHideDevAndTestDep)
+		resultsModel, err = enrichScaResults(exportWrapper, scan, resultsModel, scaHideDevAndTestDep, featureflagsWrappers)
 		if err != nil {
 			return nil, err
 		}
@@ -1545,10 +1544,9 @@ func enrichScaResults(
 	exportWrapper wrappers.ExportWrapper,
 	scan *wrappers.ScanResponseModel,
 	resultsModel *wrappers.ScanResultsCollection,
-	scaHideDevAndTestDep bool,
-) (*wrappers.ScanResultsCollection, error) {
+	scaHideDevAndTestDep bool, featureflagWrapper wrappers.FeatureFlagsWrapper) (*wrappers.ScanResultsCollection, error) {
 	if slices.Contains(scan.Engines, commonParams.ScaType) {
-		scaExportDetails, err := services.GetExportPackage(exportWrapper, scan.ID, scaHideDevAndTestDep)
+		scaExportDetails, err := services.GetExportPackage(exportWrapper, scan.ID, scaHideDevAndTestDep, featureflagWrapper)
 		if err != nil {
 			return nil, errors.Wrapf(err, "%s", failedListingResults)
 		}
diff --git a/internal/commands/result_test.go b/internal/commands/result_test.go
@@ -197,7 +197,7 @@ func TestRunScsResultsShow_VSCode_AgentShouldNotShowScorecardResults(t *testing.
 	mock.SetScsMockVarsToDefault()
 }
 
-func TestRunScsResultsShow_Other_AgentsShouldNotShowScsResults(t *testing.T) {
+func TestRunScsResultsShow_Jetbrains_AgentShouldShowScsResults(t *testing.T) {
 	clearFlags()
 	mock.HasScs = true
 	mock.ScsScanPartial = false
@@ -206,8 +206,8 @@ func TestRunScsResultsShow_Other_AgentsShouldNotShowScsResults(t *testing.T) {
 
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "SCS_ONLY", "--report-format", "json", "--agent", params.JetbrainsAgent)
 	assertTypePresentJSON(t, params.SCSScorecardType, 0)
-	assertTypePresentJSON(t, params.SCSSecretDetectionType, 0)
-	assertTotalCountJSON(t, 0)
+	assertTypePresentJSON(t, params.SCSSecretDetectionType, 2)
+	assertTotalCountJSON(t, 2)
 
 	removeFileBySuffix(t, printer.FormatJSON)
 	mock.SetScsMockVarsToDefault()
diff --git a/internal/commands/telemetry.go b/internal/commands/telemetry.go
@@ -40,6 +40,9 @@ func telemetryAISubCommand(telemetryAIWrapper wrappers.TelemetryWrapper) *cobra.
 	telemetryAICmd.PersistentFlags().String(params.SubTypeFlag, "", "Sub Type")
 	telemetryAICmd.PersistentFlags().String(params.EngineFlag, "", "Engine")
 	telemetryAICmd.PersistentFlags().String(params.AgentFlag, "", "Agent")
+	telemetryAICmd.PersistentFlags().String(params.ScanTypeFlag, "", "Scan Type")
+	telemetryAICmd.PersistentFlags().String(params.StatusFlag, "", "Status")
+	telemetryAICmd.PersistentFlags().Int(params.TotalCountFlag, 0, "Total Count")
 
 	return telemetryAICmd
 }
@@ -52,6 +55,9 @@ func runTelemetryAI(telemetryWrapper wrappers.TelemetryWrapper) func(*cobra.Comm
 		subType, _ := cmd.Flags().GetString("sub-type")
 		agent, _ := cmd.Flags().GetString("agent")
 		engine, _ := cmd.Flags().GetString("engine")
+		scanType, _ := cmd.Flags().GetString("scan-type")
+		status, _ := cmd.Flags().GetString("status")
+		totalCount, _ := cmd.Flags().GetInt("total-count")
 
 		err := telemetryWrapper.SendAIDataToLog(&wrappers.DataForAITelemetry{
 			AIProvider:      aiProvider,
@@ -60,6 +66,9 @@ func runTelemetryAI(telemetryWrapper wrappers.TelemetryWrapper) func(*cobra.Comm
 			SubType:         subType,
 			Agent:           agent,
 			Engine:          engine,
+			ScanType:        scanType,
+			Status:          status,
+			TotalCount:      totalCount,
 		})
 
 		if err != nil {
diff --git a/internal/params/filters.go b/internal/params/filters.go
@@ -141,6 +141,10 @@ var BaseIncludeFilters = []string{
 	"*.bicepparam",
 	"*.bicep",
 	"Gemfile",
+	"*.cjs",
+	"*.mjs",
+	"*.mts",
+	"*.cts",
 }
 
 var BaseExcludeFilters = []string{
diff --git a/internal/params/flags.go b/internal/params/flags.go
@@ -9,6 +9,9 @@ const (
 	TypeFlag                       = "type"
 	SubTypeFlag                    = "sub-type"
 	EngineFlag                     = "engine"
+	StatusFlag                     = "status"
+	scanTypeFlag                   = "scan-type"
+	TotalCountFlag                 = "total-count"
 	OriginFlag                     = "origin"
 	AgentFlagUsage                 = "Scan origin name"
 	ApplicationName                = "application-name"
diff --git a/internal/services/export.go b/internal/services/export.go
@@ -20,7 +20,7 @@ const (
 	pollingTimeout      = 15 // minutes
 )
 
-func GetExportPackage(exportWrapper wrappers.ExportWrapper, scanID string, scaHideDevAndTestDep bool) (*wrappers.ScaPackageCollectionExport, error) {
+func GetExportPackage(exportWrapper wrappers.ExportWrapper, scanID string, scaHideDevAndTestDep bool, featureflagWrappers wrappers.FeatureFlagsWrapper) (*wrappers.ScaPackageCollectionExport, error) {
 	var scaPackageCollection = &wrappers.ScaPackageCollectionExport{
 		Packages: []wrappers.ScaPackage{},
 		ScaTypes: []wrappers.ScaType{},
@@ -44,9 +44,16 @@ func GetExportPackage(exportWrapper wrappers.ExportWrapper, scanID string, scaHi
 	if err != nil {
 		return nil, err
 	}
+	minioEnabled, _ := wrappers.GetSpecificFeatureFlag(featureflagWrappers, wrappers.MinioEnabled)
 
 	if exportResponse != nil && strings.EqualFold(exportResponse.ExportStatus, completedStatus) && exportResponse.FileURL != "" {
-		scaPackageCollection, err = exportWrapper.GetScaPackageCollectionExport(exportResponse.FileURL)
+		filePath := ""
+		if minioEnabled.Status {
+			filePath = exportResponse.FileURL
+		} else {
+			filePath = exportID.ExportID
+		}
+		scaPackageCollection, err = exportWrapper.GetScaPackageCollectionExport(filePath, minioEnabled.Status)
 		if err != nil {
 			return nil, err
 		}
diff --git a/internal/wrappers/export-http.go b/internal/wrappers/export-http.go
@@ -176,23 +176,27 @@ func (e *ExportHTTPWrapper) DownloadExportReport(reportID, targetFile string) er
 	return nil
 }
 
-func (e *ExportHTTPWrapper) GetScaPackageCollectionExport(fileURL string) (*ScaPackageCollectionExport, error) {
+func (e *ExportHTTPWrapper) GetScaPackageCollectionExport(fileURL string, auth bool) (*ScaPackageCollectionExport, error) {
 	const bomPrefix = "\xef\xbb\xbf"
-
-	accessToken, err := GetAccessToken()
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to get access token")
-	}
-
 	start := time.Now()
 	var resp *http.Response
+	var err error
+	var accessToken string
 
 	for {
 		if time.Since(start) > timeout {
 			return nil, errors.New(errorTimeoutMsg)
 		}
-
-		resp, err = SendHTTPRequestByFullURL(http.MethodGet, fileURL, http.NoBody, true, viper.GetUint(commonParams.ClientTimeoutKey), accessToken, true)
+		if !auth {
+			customURL := fmt.Sprintf("%s/requests/%s/download", e.path, fileURL)
+			resp, err = SendHTTPRequest(http.MethodGet, customURL, http.NoBody, true, viper.GetUint(commonParams.ClientTimeoutKey))
+		} else {
+			accessToken, err = GetAccessToken()
+			if err != nil {
+				return nil, errors.Wrap(err, "failed to get access token")
+			}
+			resp, err = SendHTTPRequestByFullURL(http.MethodGet, fileURL, http.NoBody, true, viper.GetUint(commonParams.ClientTimeoutKey), accessToken, true)
+		}
 		if err == nil && resp.StatusCode == http.StatusOK {
 			break
 		}
diff --git a/internal/wrappers/export.go b/internal/wrappers/export.go
@@ -4,7 +4,7 @@ type ExportWrapper interface {
 	InitiateExportRequest(payload *ExportRequestPayload) (*ExportResponse, error)
 	GetExportReportStatus(reportID string) (*ExportPollingResponse, error)
 	DownloadExportReport(reportID, targetFile string) error
-	GetScaPackageCollectionExport(fileURL string) (*ScaPackageCollectionExport, error)
+	GetScaPackageCollectionExport(fileURL string, auth bool) (*ScaPackageCollectionExport, error)
 }
 
 type ScaPackageCollectionExport struct {
diff --git a/internal/wrappers/mock/export-mock.go b/internal/wrappers/mock/export-mock.go
@@ -43,6 +43,6 @@ func (*ExportMockWrapper) DownloadExportReport(_, targetFile string) error {
 	return nil
 }
 
-func (e *ExportMockWrapper) GetScaPackageCollectionExport(fileURL string) (*wrappers.ScaPackageCollectionExport, error) {
+func (e *ExportMockWrapper) GetScaPackageCollectionExport(fileURL string, auth bool) (*wrappers.ScaPackageCollectionExport, error) {
 	return &wrappers.ScaPackageCollectionExport{}, nil
 }
diff --git a/internal/wrappers/realtime-scanner-http.go b/internal/wrappers/realtime-scanner-http.go
@@ -34,7 +34,7 @@ func (r RealtimeScannerHTTPWrapper) ScanPackages(packages *RealtimeScannerPackag
 	}
 
 	fn := func() (*http.Response, error) {
-		return SendHTTPRequest(http.MethodPost, fmt.Sprint(r.path, "/analyze-manifest"), bytes.NewBuffer(jsonBytes), true, clientTimeout)
+		return SendHTTPRequest(http.MethodPost, fmt.Sprint(r.path, "/scan/packages"), bytes.NewBuffer(jsonBytes), true, clientTimeout)
 	}
 	resp, err := retryHTTPRequest(fn, retryAttempts, retryDelay*time.Millisecond)
 	if err != nil {
diff --git a/internal/wrappers/telemetry.go b/internal/wrappers/telemetry.go
@@ -7,6 +7,9 @@ type DataForAITelemetry struct {
 	SubType         string `json:"subType"`
 	Agent           string `json:"agent"`
 	Engine          string `json:"engine"`
+	ScanType        string `json:"scanType"`
+	Status          string `json:"status"`
+	TotalCount      int    `json:"totalCount"`
 }
 
 type TelemetryWrapper interface {
diff --git a/test/integration/logs_test.go b/test/integration/logs_test.go
@@ -0,0 +1,36 @@
+//go:build integration
+
+package integration
+
+import (
+	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
+	commonParams "github.com/checkmarx/ast-cli/internal/params"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func Test_DownloadScan_Logs_Success(t *testing.T) {
+	args := []string{
+		"scan", "create",
+		flag(commonParams.ProjectName), GenerateRandomProjectNameForScan(),
+		flag(commonParams.SourcesFlag), "data/sources.zip",
+		flag(commonParams.ScanTypes), commonParams.SastType,
+		flag(commonParams.BranchFlag), "dummy_branch",
+		flag(commonParams.ScanInfoFormatFlag), printer.FormatJSON,
+	}
+	scanID, _ := executeCreateScan(t, args)
+	args1 := []string{
+		"scan", "logs", flag(commonParams.ScanIDFlag), scanID, flag(commonParams.ScanTypeFlag), commonParams.SastType,
+	}
+	err, _ := executeCommand(t, args1...)
+	assert.Nil(t, err)
+
+}
+
+func Test_DownloadScan_Logs_Failed(t *testing.T) {
+	args1 := []string{
+		"scan", "logs", flag(commonParams.ScanIDFlag), "fake-scan-id", flag(commonParams.ScanTypeFlag), commonParams.SastType,
+	}
+	err, _ := executeCommand(t, args1...)
+	assert.Error(t, err, "failed to download log")
+}
diff --git a/test/integration/pre_commit_test.go b/test/integration/pre_commit_test.go
@@ -39,6 +39,15 @@ func TestHooksPreCommitUpdatePreCommitHook(t *testing.T) {
 	_ = executeCmdNilAssertion(t, "Uninstalling cx-secret-detection hook", "hooks", "pre-commit", "secrets-uninstall-git-hook")
 }
 
+func TestHooksPreCommitSecretsIgnore(t *testing.T) {
+	tmpDir, cleanup := setupTempDir(t)
+	defer cleanup()
+	// Initialize Git repository
+	execCmd(t, tmpDir, "git", "init")
+	// Ignore precommit hook command
+	_ = executeCmdNilAssertion(t, "precommit secrets Ignore", "hooks", "pre-commit", "secrets-ignore", "--all")
+}
+
 // Helper functions
 func execCmd(t *testing.T, dir string, name string, args ...string) {
 	cmd := exec.Command(name, args...)
diff --git a/test/integration/predicate_test.go b/test/integration/predicate_test.go
@@ -150,6 +150,69 @@ func TestPredicateWithInvalidValues(t *testing.T) {
 	assert.Assert(t, kicsPredicate.TotalCount == 0, "Predicate with invalid values should have 0 as the result.")
 }
 
+func TestSastUpdateAndGetPredicatesForNotFoundSimilarityId(t *testing.T) {
+	scanID, projectID := getRootScan(t)
+	_ = executeCmdNilAssertion(
+		t, "Results show generating JSON report with options should pass",
+		"results", "show",
+		flag(params.ScanIDFlag), scanID, flag(params.TargetFormatFlag), printer.FormatJSON,
+		flag(params.TargetPathFlag), resultsDirectory,
+		flag(params.TargetFlag), fileName,
+	)
+
+	defer func() {
+		_ = os.RemoveAll(fmt.Sprintf(resultsDirectory))
+	}()
+
+	result := wrappers.ScanResultsCollection{}
+
+	_, err := os.Stat(fmt.Sprintf("%s%s.%s", resultsDirectory, fileName, printer.FormatJSON))
+	assert.NilError(t, err, "Report file should exist for extension "+printer.FormatJSON)
+
+	file, err := os.ReadFile(fmt.Sprintf("%s%s.%s", resultsDirectory, fileName, printer.FormatJSON))
+	assert.NilError(t, err, "error reading file")
+
+	err = json.Unmarshal(file, &result)
+	assert.NilError(t, err, "error unmarshalling file")
+
+	index := 0
+	for i := range result.Results {
+		if strings.EqualFold(result.Results[i].Type, params.SastType) {
+			index = i
+			break
+		}
+	}
+
+	similarityID := "1"
+
+	state := "CONFIRMED"
+	if !strings.EqualFold(result.Results[index].State, "Urgent") {
+		state = "URGENT"
+	}
+	severity := "HIGH"
+	if !strings.EqualFold(result.Results[index].Severity, "Medium") {
+		severity = "MEDIUM"
+	}
+	comment := "Testing CLI Command for triage."
+	scanType := result.Results[index].Type
+
+	args := []string{
+		"triage", "update",
+		flag(params.ProjectIDFlag), projectID,
+		flag(params.SimilarityIDFlag), similarityID,
+		flag(params.StateFlag), state,
+		flag(params.SeverityFlag), severity,
+		flag(params.CommentFlag), comment,
+		flag(params.ScanTypeFlag), scanType,
+	}
+
+	err, outputBufferForStep1 := executeCommand(t, args...)
+	_, readingError := io.ReadAll(outputBufferForStep1)
+	assert.NilError(t, readingError, "Reading result should pass")
+
+	assert.ErrorContains(t, err, "Predicate not found")
+}
+
 func TestTriageShowAndUpdateWithCustomStates(t *testing.T) {
 	t.Skip("Skipping this test temporarily until the API becomes available in the DEU environment.")
 	fmt.Println("Step 1: Testing the command 'triage show' with predefined values.")
diff --git a/test/integration/project_test.go b/test/integration/project_test.go
@@ -143,19 +143,18 @@ func TestCreateProjectWhenUserdoes_not_have_groups_permission(t *testing.T) {
 	}
 
 	groups := []string{
-		"it_test_group_1",
-		"it_test_group_2",
+		"TT_Group1",
 	}
 
 	groupsStr := formatGroups(groups)
 
-	err, _ := executeCommand(
+	_, outBuffer := executeCommand(
 		t, "project", "create",
 		flag(params.FormatFlag),
 		printer.FormatJSON,
-		flag(params.ProjectName), "project-1", flag(params.GroupList), groupsStr,
+		flag(params.ProjectName), projectNameRandom, flag(params.GroupList), groupsStr,
 	)
-	assertError(t, err, "Failed creating a project: CODE: 233, Unauthorized groups")
+	assert.Assert(t, outBuffer != nil, "Project creation output response should not be nil")
 }
 
 func TestCreateProjectWhenUserdoes_not_have_groups_permission_butonlyAM1_is_On(t *testing.T) {
@@ -180,6 +179,7 @@ func TestCreateProjectWhenUserdoes_not_have_groups_permission_butonlyAM1_is_On(t
 	createdProject := wrappers.ProjectResponseModel{}
 	unmarshall(t, outBuffer, &createdProject, "Reading project create response JSON should pass")
 	fmt.Printf("New project created with id: %s \n", createdProject.ID)
+	assert.Assert(t, createdProject.ID != "", "Project ID should not be empty")
 	defer deleteProject(t, createdProject.ID)
 }
 
diff --git a/test/integration/scan_test.go b/test/integration/scan_test.go
@@ -27,6 +27,7 @@ import (
 	errorConstants "github.com/checkmarx/ast-cli/internal/constants/errors"
 	exitCodes "github.com/checkmarx/ast-cli/internal/constants/exit-codes"
 	"github.com/checkmarx/ast-cli/internal/params"
+	commonParams "github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/services"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/checkmarx/ast-cli/internal/wrappers/configuration"
@@ -2136,7 +2137,8 @@ func TestCreateAsyncScan_CallExportServiceBeforeScanFinishWithRetry_Success(t *t
 		flag(params.ScanInfoFormatFlag), printer.FormatJSON,
 	}
 	scanID, _ := executeCreateScan(t, args)
-	exportRes, err := services.GetExportPackage(wrappers.NewExportHTTPWrapper("api/sca/export"), scanID, false)
+	featureFlagsPath := viper.GetString(commonParams.FeatureFlagsKey)
+	exportRes, err := services.GetExportPackage(wrappers.NewExportHTTPWrapper("api/sca/export"), scanID, false, wrappers.NewFeatureFlagsHTTPWrapper(featureFlagsPath))
 	asserts.Nil(t, err)
 	assert.Assert(t, exportRes != nil, "Export response should not be nil")
 }
diff --git a/test/integration/secrets-realtime_test.go b/test/integration/secrets-realtime_test.go

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ type ExportWrapper interface {`
`4`	`4`	`InitiateExportRequest(payload ExportRequestPayload) (ExportResponse, error)`
`5`	`5`	`GetExportReportStatus(reportID string) (*ExportPollingResponse, error)`
`6`	`6`	`DownloadExportReport(reportID, targetFile string) error`
`7`		`- GetScaPackageCollectionExport(fileURL string) (*ScaPackageCollectionExport, error)`
	`7`	`+ GetScaPackageCollectionExport(fileURL string, auth bool) (*ScaPackageCollectionExport, error)`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`type ScaPackageCollectionExport struct {`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,6 @@ func (*ExportMockWrapper) DownloadExportReport(_, targetFile string) error {`
`43`	`43`	`return nil`
`44`	`44`	`}`
`45`	`45`
`46`		`-func (e ExportMockWrapper) GetScaPackageCollectionExport(fileURL string) (wrappers.ScaPackageCollectionExport, error) {`
	`46`	`+func (e ExportMockWrapper) GetScaPackageCollectionExport(fileURL string, auth bool) (wrappers.ScaPackageCollectionExport, error) {`
`47`	`47`	`return &wrappers.ScaPackageCollectionExport{}, nil`
`48`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ func (r RealtimeScannerHTTPWrapper) ScanPackages(packages *RealtimeScannerPackag`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`fn := func() (*http.Response, error) {`
`37`		`- return SendHTTPRequest(http.MethodPost, fmt.Sprint(r.path, "/analyze-manifest"), bytes.NewBuffer(jsonBytes), true, clientTimeout)`
	`37`	`+ return SendHTTPRequest(http.MethodPost, fmt.Sprint(r.path, "/scan/packages"), bytes.NewBuffer(jsonBytes), true, clientTimeout)`
`38`	`38`	`}`
`39`	`39`	`resp, err := retryHTTPRequest(fn, retryAttempts, retryDelay*time.Millisecond)`
`40`	`40`	`if err != nil {`