merge with main

cx-celso-silva · cx-celso-silva · commit d40a15212a56 · 2025-01-22T11:00:43.000Z
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -146,5 +146,5 @@ jobs:
       cli_release_version: ""
       release_author: "Phoenix Team"
       release_url: https://github.com/Checkmarx/ast-cli/releases/tag/${{ inputs.tag }}
-      jira_product_name: ASTCLI_${{ inputs.tag }}
+      jira_product_name: ASTCLI
     secrets: inherit
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM cgr.dev/chainguard/bash@sha256:1abc09ac352efdc60d855bd159b9b66df6596a174400752ae3c537b5350779a9
+FROM checkmarx/bash:5.2.37-r2
 USER nonroot
 
 COPY cx /app/bin/cx
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
@@ -86,6 +86,7 @@ const (
 	configFilterKey                 = "filter"
 	configFilterPlatforms           = "platforms"
 	configIncremental               = "incremental"
+	configFastScan                  = "fastScanMode"
 	configPresetName                = "presetName"
 	configEngineVerbose             = "engineVerbose"
 	configLanguageMode              = "languageMode"
@@ -818,45 +819,66 @@ func getResubmitConfiguration(scansWrapper wrappers.ScansWrapper, projectID, use
 }
 
 func addSastScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) map[string]interface{} {
-	if scanTypeEnabled(commonParams.SastType) {
-		sastMapConfig := make(map[string]interface{})
-		sastConfig := wrappers.SastConfig{}
-		sastMapConfig[resultsMapType] = commonParams.SastType
-		incrementalVal, _ := cmd.Flags().GetBool(commonParams.IncrementalSast)
+	// Check if SAST is enabled
+	if !scanTypeEnabled(commonParams.SastType) {
+		return nil
+	}
+
+	sastMapConfig := make(map[string]interface{})
+	sastConfig := wrappers.SastConfig{}
+	sastMapConfig[resultsMapType] = commonParams.SastType
+
+	sastFastScanChanged := cmd.Flags().Changed(commonParams.SastFastScanFlag)
+	sastIncrementalChanged := cmd.Flags().Changed(commonParams.IncrementalSast)
+
+	if sastFastScanChanged {
 		fastScan, _ := cmd.Flags().GetBool(commonParams.SastFastScanFlag)
-		sastConfig.Incremental = strconv.FormatBool(incrementalVal)
 		sastConfig.FastScanMode = strconv.FormatBool(fastScan)
-		sastConfig.PresetName, _ = cmd.Flags().GetString(commonParams.PresetName)
-		sastConfig.Filter, _ = cmd.Flags().GetString(commonParams.SastFilterFlag)
-		for _, config := range resubmitConfig {
-			if config.Type != commonParams.SastType {
-				continue
-			}
-			resubmitIncremental := config.Value[configIncremental]
-			if resubmitIncremental != nil && !incrementalVal {
-				sastConfig.Incremental = resubmitIncremental.(string)
-			}
-			resubmitPreset := config.Value[configPresetName]
-			if resubmitPreset != nil && sastConfig.PresetName == "" {
-				sastConfig.PresetName = resubmitPreset.(string)
-			}
-			resubmitFilter := config.Value[configFilterKey]
-			if resubmitFilter != nil && sastConfig.Filter == "" {
-				sastConfig.Filter = resubmitFilter.(string)
-			}
-			resubmitEngineVerbose := config.Value[configEngineVerbose]
-			if resubmitEngineVerbose != nil {
-				sastConfig.EngineVerbose = resubmitEngineVerbose.(string)
-			}
-			resubmitLanguageMode := config.Value[configLanguageMode]
-			if resubmitLanguageMode != nil {
-				sastConfig.LanguageMode = resubmitLanguageMode.(string)
-			}
+	}
+
+	if sastIncrementalChanged {
+		incrementalVal, _ := cmd.Flags().GetBool(commonParams.IncrementalSast)
+		sastConfig.Incremental = strconv.FormatBool(incrementalVal)
+	}
+
+	sastConfig.PresetName, _ = cmd.Flags().GetString(commonParams.PresetName)
+	sastConfig.Filter, _ = cmd.Flags().GetString(commonParams.SastFilterFlag)
+
+	for _, config := range resubmitConfig {
+		if config.Type != commonParams.SastType {
+			continue
 		}
-		sastMapConfig[resultsMapValue] = &sastConfig
-		return sastMapConfig
+
+		overrideSastConfigValue(sastFastScanChanged, sastIncrementalChanged, &sastConfig, config)
+	}
+
+	sastMapConfig[resultsMapValue] = &sastConfig
+	return sastMapConfig
+}
+
+func overrideSastConfigValue(sastFastScanChanged, sastIncrementalChanged bool, sastConfig *wrappers.SastConfig, config wrappers.Config) {
+	setIfEmpty := func(configValue *string, resubmitValue interface{}) {
+		if *configValue == "" && resubmitValue != nil {
+			*configValue = resubmitValue.(string)
+		}
+	}
+
+	if resubmitIncremental := config.Value[configIncremental]; resubmitIncremental != nil && !sastIncrementalChanged {
+		sastConfig.Incremental = resubmitIncremental.(string)
+	}
+	if resubmitFastScan := config.Value[configFastScan]; resubmitFastScan != nil && !sastFastScanChanged {
+		sastConfig.FastScanMode = resubmitFastScan.(string)
+	}
+
+	setIfEmpty(&sastConfig.PresetName, config.Value[configPresetName])
+	setIfEmpty(&sastConfig.Filter, config.Value[configFilterKey])
+
+	if resubmitEngineVerbose := config.Value[configEngineVerbose]; resubmitEngineVerbose != nil {
+		sastConfig.EngineVerbose = resubmitEngineVerbose.(string)
+	}
+	if resubmitLanguageMode := config.Value[configLanguageMode]; resubmitLanguageMode != nil {
+		sastConfig.LanguageMode = resubmitLanguageMode.(string)
 	}
-	return nil
 }
 
 func addKicsScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) map[string]interface{} {
diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go
@@ -869,7 +869,7 @@ func TestAddSastScan(t *testing.T) {
 	cmdCommand.PersistentFlags().String(commonParams.PresetName, "", "Preset name")
 	cmdCommand.PersistentFlags().String(commonParams.SastFilterFlag, "", "Filter for SAST scan")
 	cmdCommand.PersistentFlags().Bool(commonParams.IncrementalSast, false, "Incremental SAST scan")
-	cmdCommand.PersistentFlags().Bool(commonParams.SastFastScanFlag, true, "Enable SAST Fast Scan")
+	cmdCommand.PersistentFlags().Bool(commonParams.SastFastScanFlag, false, "Enable SAST Fast Scan")
 
 	_ = cmdCommand.Execute()
 
@@ -883,7 +883,7 @@ func TestAddSastScan(t *testing.T) {
 		PresetName:   "test",
 		Filter:       "test",
 		Incremental:  "true",
-		FastScanMode: "true",
+		FastScanMode: "",
 	}
 	sastMapConfig := make(map[string]interface{})
 	sastMapConfig[resultsMapType] = commonParams.SastType
@@ -1766,6 +1766,129 @@ func TestUploadZip_whenUserNotProvideZip_shouldReturnZipFilePathInFailureCase(t
 	assert.Equal(t, zipPath, "failureCase.zip")
 }
 
+func TestAddSastScan_ScanFlags(t *testing.T) {
+	var resubmitConfig []wrappers.Config
+
+	tests := []struct {
+		name                   string
+		requiredIncrementalSet bool
+		requiredFastScanSet    bool
+		fastScanFlag           string
+		incrementalFlag        string
+		expectedConfig         wrappers.SastConfig
+	}{
+		{
+			name:                   "Fast scan and Incremental scan both false",
+			requiredIncrementalSet: true,
+			requiredFastScanSet:    true,
+			fastScanFlag:           "false",
+			incrementalFlag:        "false",
+			expectedConfig: wrappers.SastConfig{
+				FastScanMode: "false",
+				Incremental:  "false",
+			},
+		},
+		{
+			name:                   "Fast scan and Incremental scan both true",
+			requiredIncrementalSet: true,
+			requiredFastScanSet:    true,
+			fastScanFlag:           "true",
+			incrementalFlag:        "true",
+			expectedConfig: wrappers.SastConfig{
+				FastScanMode: "true",
+				Incremental:  "true",
+			},
+		},
+		{
+			name:                   "Fast scan and Incremental not set",
+			requiredIncrementalSet: false,
+			requiredFastScanSet:    false,
+			expectedConfig:         wrappers.SastConfig{},
+		},
+		{
+			name:                   "Fast scan is true and Incremental is false",
+			requiredIncrementalSet: true,
+			requiredFastScanSet:    true,
+			fastScanFlag:           "true",
+			incrementalFlag:        "false",
+			expectedConfig: wrappers.SastConfig{
+				FastScanMode: "true",
+				Incremental:  "false",
+			},
+		},
+		{
+			name:                   "Fast scan is false and Incremental is true",
+			requiredIncrementalSet: true,
+			requiredFastScanSet:    true,
+			fastScanFlag:           "false",
+			incrementalFlag:        "true",
+			expectedConfig: wrappers.SastConfig{
+				FastScanMode: "false",
+				Incremental:  "true",
+			},
+		},
+		{
+			name:                   "Fast scan is not set and Incremental is true",
+			requiredIncrementalSet: true,
+			incrementalFlag:        "true",
+			expectedConfig: wrappers.SastConfig{
+				Incremental: "true",
+			},
+		},
+		{
+			name:                "Fast scan is true and Incremental is not set",
+			requiredFastScanSet: true,
+			fastScanFlag:        "true",
+			expectedConfig: wrappers.SastConfig{
+				FastScanMode: "true",
+			},
+		},
+	}
+
+	oldActualScanTypes := actualScanTypes
+
+	defer func() {
+		actualScanTypes = oldActualScanTypes
+	}()
+
+	for _, tt := range tests {
+		actualScanTypes = "sast,sca,kics,scs"
+		t.Run(tt.name, func(t *testing.T) {
+			cmdCommand := &cobra.Command{
+				Use:   "scan",
+				Short: "Scan a project",
+				Long:  `Scan a project`,
+			}
+			cmdCommand.PersistentFlags().Bool(commonParams.SastFastScanFlag, false, "Fast scan flag")
+			cmdCommand.PersistentFlags().Bool(commonParams.IncrementalSast, false, "Incremental scan flag")
+
+			_ = cmdCommand.Execute()
+
+			if tt.requiredFastScanSet {
+				_ = cmdCommand.PersistentFlags().Set(commonParams.SastFastScanFlag, tt.fastScanFlag)
+			}
+			if tt.requiredIncrementalSet {
+				_ = cmdCommand.PersistentFlags().Set(commonParams.IncrementalSast, tt.incrementalFlag)
+			}
+
+			result := addSastScan(cmdCommand, resubmitConfig)
+
+			actualSastConfig := wrappers.SastConfig{}
+			for key, value := range result {
+				if key == resultsMapType {
+					assert.Equal(t, commonParams.SastType, value)
+				} else if key == resultsMapValue {
+					actualSastConfig = *value.(*wrappers.SastConfig)
+				}
+			}
+
+			if !reflect.DeepEqual(actualSastConfig, tt.expectedConfig) {
+				t.Errorf("Expected %+v, but got %+v", tt.expectedConfig, actualSastConfig)
+			}
+		})
+	}
+}
+
 func TestValidateScanTypes(t *testing.T) {
 	tests := []struct {
 		name                      string
diff --git a/internal/wrappers/export-http.go b/internal/wrappers/export-http.go
@@ -134,7 +134,7 @@ func (e *ExportHTTPWrapper) GetExportReportStatus(reportID string) (*ExportPolli
 			return &model, nil
 		case http.StatusNotFound:
 			_ = resp.Body.Close()
-			time.Sleep(time.Second)
+			time.Sleep(retryInterval)
 		default:
 			_ = resp.Body.Close()
 			return nil, errors.Errorf("response status code %d", resp.StatusCode)

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM cgr.dev/chainguard/bash@sha256:1abc09ac352efdc60d855bd159b9b66df6596a174400752ae3c537b5350779a9`
	`1`	`+FROM checkmarx/bash:5.2.37-r2`
`2`	`2`	`USER nonroot`
`3`	`3`
`4`	`4`	`COPY cx /app/bin/cx`