Merge branch 'main' into containers-cli-1.10

Author: cx-daniel-greenspan

internal/services/ossrealtime/oss-realtime.go

@@ -3,6 +3,7 @@ package ossrealtime
 import (
 	"fmt"
 	"log"
+	"strings"
 
 	"github.com/Checkmarx/manifest-parser/pkg/parser"
 	"github.com/Checkmarx/manifest-parser/pkg/parser/models"
@@ -53,11 +54,11 @@ func (o *OssRealtimeService) RunOssRealtimeScan(filePath string) (*OssPackageRes
 	response, toScan := prepareScan(pkgs)
 
 	if len(toScan.Packages) > 0 {
-		packageMap := createPackageMap(pkgs)
 		result, err := o.scanAndCache(toScan)
 		if err != nil {
 			return nil, errors.Wrap(err, "scanning packages via realtime service")
 		}
+		packageMap := createPackageMap(pkgs)
 		enrichResponseWithRealtimeScannerResults(response, result, packageMap)
 	}
 	return response, nil
@@ -199,12 +200,33 @@ func (o *OssRealtimeService) scanAndCache(requestPackages *wrappers.RealtimeScan
 		return nil, errors.New("empty response from oss-realtime scan")
 	}
 
-	if err = osscache.AppendToCache(result); err != nil {
+	versionMapping := createVersionMapping(requestPackages, result)
+
+	if err := osscache.AppendToCache(result, versionMapping); err != nil {
 		log.Printf("ossrealtime: failed to update cache: %v", err)
 	}
+
 	return result, nil
 }
 
+func createVersionMapping(requestPackages *wrappers.RealtimeScannerPackageRequest, result *wrappers.RealtimeScannerPackageResponse) map[string]string {
+	requestedPackagesVersion := make(map[string]string)
+	for _, pkg := range requestPackages.Packages {
+		key := fmt.Sprintf("%s|%s", strings.ToLower(pkg.PackageManager), strings.ToLower(pkg.PackageName))
+		requestedPackagesVersion[key] = pkg.Version
+	}
+
+	versionMapping := make(map[string]string)
+	for _, resPkg := range result.Packages {
+		key := fmt.Sprintf("%s|%s", strings.ToLower(resPkg.PackageManager), strings.ToLower(resPkg.PackageName))
+		if requestedVersion, found := requestedPackagesVersion[key]; found {
+			versionMapping[osscache.GenerateCacheKey(resPkg.PackageManager, resPkg.PackageName, resPkg.Version)] = requestedVersion
+		}
+	}
+
+	return versionMapping
+}
+
 // pkgToRequest transforms a parsed package into a scan request.
 func pkgToRequest(pkg *models.Package) wrappers.RealtimeScannerPackage {
 	return wrappers.RealtimeScannerPackage{

internal/services/ossrealtime/osscache/mapper.go

@@ -0,0 +1,21 @@
+package osscache
+
+import "github.com/checkmarx/ast-cli/internal/wrappers"
+
+type OssCacheVulnerabilityMapper struct{}
+
+func NewOssCacheVulnerabilityMapper() *OssCacheVulnerabilityMapper {
+	return &OssCacheVulnerabilityMapper{}
+}
+
+func (o *OssCacheVulnerabilityMapper) FromRealtimeScannerVulnerability(in []wrappers.RealtimeScannerVulnerability) []Vulnerability {
+	out := make([]Vulnerability, len(in))
+	for i, v := range in {
+		out[i] = Vulnerability{
+			CVE:         v.CVE,
+			Description: v.Description,
+			Severity:    v.Severity,
+		}
+	}
+	return out
+}

internal/services/ossrealtime/osscache/oss-realtime-cache.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/checkmarx/ast-cli/internal/wrappers"
@@ -58,7 +59,8 @@ func WriteCache(cache Cache, cacheTTL *time.Time) error {
 	return nil
 }
 
-func AppendToCache(packages *wrappers.RealtimeScannerPackageResponse) error {
+func AppendToCache(packages *wrappers.RealtimeScannerPackageResponse, versionMapping map[string]string) error {
+	vulnerabilityMapper := NewOssCacheVulnerabilityMapper()
 	cache := ReadCache()
 	if cache == nil {
 		cache = &Cache{
@@ -68,28 +70,35 @@ func AppendToCache(packages *wrappers.RealtimeScannerPackageResponse) error {
 	}
 
 	for _, pkg := range packages.Packages {
-		vulnerabilities := make([]Vulnerability, 0)
-		if pkg.Status != "Unknown" {
-			for _, v := range pkg.Vulnerabilities {
-				vulnerabilities = append(vulnerabilities, Vulnerability{
-					CVE:         v.CVE,
-					Description: v.Description,
-					Severity:    v.Severity,
-				})
+		if pkg.Status == "Unknown" {
+			continue
+		}
+
+		key := GenerateCacheKey(pkg.PackageManager, pkg.PackageName, pkg.Version)
+		vulnerabilities := vulnerabilityMapper.FromRealtimeScannerVulnerability(pkg.Vulnerabilities)
+
+		if requestedVersion, exists := versionMapping[key]; exists {
+			if !strings.EqualFold(requestedVersion, pkg.Version) && strings.EqualFold("latest", requestedVersion) {
+				cache.Packages = append(cache.Packages, createPackageEntry(&pkg, requestedVersion, vulnerabilities))
 			}
-			cache.Packages = append(cache.Packages, PackageEntry{
-				PackageID:       GenerateCacheKey(pkg.PackageManager, pkg.PackageName, pkg.Version),
-				PackageManager:  pkg.PackageManager,
-				PackageName:     pkg.PackageName,
-				PackageVersion:  pkg.Version,
-				Status:          pkg.Status,
-				Vulnerabilities: vulnerabilities,
-			})
 		}
+		cache.Packages = append(cache.Packages, createPackageEntry(&pkg, pkg.Version, vulnerabilities))
 	}
+
 	return WriteCache(*cache, &cache.TTL)
 }
 
+func createPackageEntry(pkg *wrappers.RealtimeScannerResults, version string, vulnerabilities []Vulnerability) PackageEntry {
+	return PackageEntry{
+		PackageID:       GenerateCacheKey(pkg.PackageManager, pkg.PackageName, version),
+		PackageManager:  pkg.PackageManager,
+		PackageName:     pkg.PackageName,
+		PackageVersion:  version,
+		Status:          pkg.Status,
+		Vulnerabilities: vulnerabilities,
+	}
+}
+
 func GetCacheFilePath() string {
 	tempFolder := os.TempDir()
 	return fmt.Sprint(tempFolder, "/", cacheFileName)

internal/services/ossrealtime/osscache/oss-realtime-cache_test.go

@@ -3,6 +3,7 @@ package osscache
 import (
 	"os"
 	"reflect"
+	"strings"
 	"testing"
 	"time"
 
@@ -26,7 +27,6 @@ func TestWriteAndReadCache(t *testing.T) {
 	cacheFile := GetCacheFilePath()
 	defer os.Remove(cacheFile)
 
-	// prepare a cache object
 	ttl := time.Now().Add(time.Hour).Truncate(time.Second)
 	want := Cache{
 		TTL: ttl,
@@ -40,12 +40,10 @@ func TestWriteAndReadCache(t *testing.T) {
 		},
 	}
 
-	// write it
 	if err := WriteCache(want, &want.TTL); err != nil {
 		t.Fatalf("WriteCache() error = %v; want no error", err)
 	}
 
-	// read it back
 	got := ReadCache()
 	if got == nil {
 		t.Fatal("ReadCache() returned nil; want non-nil")
@@ -61,27 +59,24 @@ func TestAppendToCache(t *testing.T) {
 	cacheFile := GetCacheFilePath()
 	defer os.Remove(cacheFile)
 
-	// first batch
 	first := &wrappers.RealtimeScannerPackageResponse{
 		Packages: []wrappers.RealtimeScannerResults{
 			{PackageManager: "npm", PackageName: "lodash", Version: "4.17.21", Status: "OK"},
 		},
 	}
-	if err := AppendToCache(first); err != nil {
+	if err := AppendToCache(first, nil); err != nil {
 		t.Fatalf("AppendToCache(first) error = %v; want no error", err)
 	}
 
-	// second batch
 	second := &wrappers.RealtimeScannerPackageResponse{
 		Packages: []wrappers.RealtimeScannerResults{
 			{PackageManager: "npm", PackageName: "express", Version: "4.17.1", Status: "Malicious"},
 		},
 	}
-	if err := AppendToCache(second); err != nil {
+	if err := AppendToCache(second, nil); err != nil {
 		t.Fatalf("AppendToCache(second) error = %v; want no error", err)
 	}
 
-	// now read & verify we have both entries
 	cache := ReadCache()
 	if cache == nil {
 		t.Fatal("ReadCache() returned nil; want non-nil")
@@ -107,44 +102,46 @@ func TestAppendToCache(t *testing.T) {
 	}
 }
 
-func Test_buildCacheMap(t *testing.T) {
-	type args struct {
-		cache Cache
-	}
-	tests := []struct {
-		name string
-		args args
-		want map[string]string
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := BuildCacheMap(tt.args.cache); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("buildCacheMap() = %v, want %v", got, tt.want)
-			}
-		})
+func TestAppendToCache_WithVersionMapping(t *testing.T) {
+	cacheFile := GetCacheFilePath()
+	var latestVersionInCache bool
+	var exactVersionInCache bool
+	defer os.Remove(cacheFile)
+
+	pkgResponse := &wrappers.RealtimeScannerPackageResponse{
+		Packages: []wrappers.RealtimeScannerResults{
+			{PackageManager: "npm", PackageName: "lodash", Version: "4.17.21", Status: "OK"},
+			{PackageManager: "npm", PackageName: "express", Version: "1.1.1", Status: "Malicious"},
+		},
+	}
+	versionMapping := map[string]string{
+		"npm-express-1.1.1": "latest",
+	}
+	if err := AppendToCache(pkgResponse, versionMapping); err != nil {
+		t.Fatalf("AppendToCache(first) error = %v; want no error", err)
 	}
-}
 
-func Test_cacheKey(t *testing.T) {
-	type args struct {
-		manager string
-		name    string
-		version string
-	}
-	tests := []struct {
-		name string
-		args args
-		want string
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := GenerateCacheKey(tt.args.manager, tt.args.name, tt.args.version); got != tt.want {
-				t.Errorf("cacheKey() = %v, want %v", got, tt.want)
-			}
-		})
+	cache := ReadCache()
+	if cache == nil {
+		t.Fatal("ReadCache() returned nil; want non-nil")
 	}
+
+	var got []wrappers.RealtimeScannerResults
+	for _, e := range cache.Packages {
+		pkg := wrappers.RealtimeScannerResults{
+			PackageManager: e.PackageManager,
+			PackageName:    e.PackageName,
+			Version:        e.PackageVersion,
+			Status:         e.Status,
+		}
+		got = append(got, pkg)
+		if strings.EqualFold(pkg.PackageName, "express") && strings.EqualFold(pkg.Version, "latest") {
+			latestVersionInCache = true
+		} else if strings.EqualFold(pkg.PackageName, "express") && strings.EqualFold(pkg.Version, "1.1.1") {
+			exactVersionInCache = true
+		}
+	}
+	asserts.True(t, latestVersionInCache, "Expected latest version of express to be in cache")
+	asserts.True(t, exactVersionInCache, "Expected exact versions of express to be in cache")
+	asserts.Greater(t, len(got), len(pkgResponse.Packages)) // Ensure that the cache contains the exact version and the latest version of express
 }

internal/services/ossrealtime/osscache/types.go

@@ -12,7 +12,6 @@ type PackageEntry struct {
 	Status          string          `json:"status"`
 	Vulnerabilities []Vulnerability `json:"vulnerabilities"`
 }
-
 type Vulnerability struct {
 	CVE         string `json:"cve"`
 	Description string `json:"description"`