Merge branch 'main' into CM-46734-improve-help

MarshalX · MarshalX · commit 6029de613aaf · 2025-04-25T14:41:00.000+02:00
# Conflicts:
#	cycode/cli/apps/scan/code_scanner.py
#	cycode/cli/apps/scan/pre_commit/pre_commit_command.py
#	cycode/cli/apps/scan/repository/repository_command.py
#	cycode/cli/consts.py
#	cycode/cli/printers/tables/sca_table_printer.py
#	cycode/cli/utils/scan_batch.py
#	tests/test_code_scanner.py
diff --git a/.github/workflows/build_executable.yml b/.github/workflows/build_executable.yml
@@ -166,6 +166,7 @@ jobs:
         shell: cmd
         env:
           SM_HOST: ${{ secrets.SM_HOST }}
+          SM_KEYPAIR_ALIAS: ${{ secrets.SM_KEYPAIR_ALIAS }}
           SM_API_KEY: ${{ secrets.SM_API_KEY }}
           SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
           SM_CODE_SIGNING_CERT_SHA1_HASH: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}
@@ -174,7 +175,7 @@ jobs:
           curl -X GET  https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi 
           msiexec /i smtools-windows-x64.msi /quiet /qn
           C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
-          smksp_cert_sync.exe
+          smctl windows certsync --keypair-alias=%SM_KEYPAIR_ALIAS%
 
           :: sign executable
           signtool.exe sign /sha1 %SM_CODE_SIGNING_CERT_SHA1_HASH% /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 ".\dist\cycode-cli.exe" 
diff --git a/cycode/cli/apps/scan/code_scanner.py b/cycode/cli/apps/scan/code_scanner.py
@@ -34,6 +34,7 @@
 from cycode.cli.utils.progress_bar import ScanProgressBarSection
 from cycode.cli.utils.scan_batch import run_parallel_batched_scan
 from cycode.cli.utils.scan_utils import set_issue_detected
+from cycode.cli.utils.shell_executor import shell
 from cycode.cyclient.models import Detection, DetectionSchema, DetectionsPerFile, ZippedFileScanResult
 from cycode.logger import get_logger, set_logging_level
 
@@ -661,6 +662,9 @@ def get_scan_parameters(ctx: typer.Context, paths: Optional[Tuple[str]] = None)
         return scan_parameters
 
     remote_url = try_get_git_remote_url(paths[0])
+    if not remote_url:
+        remote_url = try_to_get_plastic_remote_url(paths[0])
+
     if remote_url:
         # TODO(MarshalX): remove hardcode in context
         ctx.obj['remote_url'] = remote_url
@@ -679,6 +683,93 @@ def try_get_git_remote_url(path: str) -> Optional[str]:
         return None
 
 
+def _get_plastic_repository_name(path: str) -> Optional[str]:
+    """Gets the name of the Plastic repository from the current working directory.
+
+    The command to execute is:
+        cm status --header --machinereadable --fieldseparator=":::"
+
+    Example of status header in machine-readable format:
+        STATUS:::0:::Project/RepoName:::OrgName@ServerInfo
+    """
+
+    try:
+        command = [
+            'cm',
+            'status',
+            '--header',
+            '--machinereadable',
+            f'--fieldseparator={consts.PLASTIC_VCS_DATA_SEPARATOR}',
+        ]
+
+        status = shell(command=command, timeout=consts.PLASTIC_VSC_CLI_TIMEOUT, working_directory=path)
+        if not status:
+            logger.debug('Failed to get Plastic repository name (command failed)')
+            return None
+
+        status_parts = status.split(consts.PLASTIC_VCS_DATA_SEPARATOR)
+        if len(status_parts) < 2:
+            logger.debug('Failed to parse Plastic repository name (command returned unexpected format)')
+            return None
+
+        return status_parts[2].strip()
+    except Exception as e:
+        logger.debug('Failed to get Plastic repository name', exc_info=e)
+        return None
+
+
+def _get_plastic_repository_list(working_dir: Optional[str] = None) -> Dict[str, str]:
+    """Gets the list of Plastic repositories and their GUIDs.
+
+    The command to execute is:
+        cm repo list --format="{repname}:::{repguid}"
+
+    Example line with data:
+        Project/RepoName:::tapo1zqt-wn99-4752-h61m-7d9k79d40r4v
+
+    Each line represents an individual repository.
+    """
+
+    repo_name_to_guid = {}
+
+    try:
+        command = ['cm', 'repo', 'ls', f'--format={{repname}}{consts.PLASTIC_VCS_DATA_SEPARATOR}{{repguid}}']
+
+        status = shell(command=command, timeout=consts.PLASTIC_VSC_CLI_TIMEOUT, working_directory=working_dir)
+        if not status:
+            logger.debug('Failed to get Plastic repository list (command failed)')
+            return repo_name_to_guid
+
+        status_lines = status.splitlines()
+        for line in status_lines:
+            data_parts = line.split(consts.PLASTIC_VCS_DATA_SEPARATOR)
+            if len(data_parts) < 2:
+                logger.debug('Failed to parse Plastic repository list line (unexpected format), %s', {'line': line})
+                continue
+
+            repo_name, repo_guid = data_parts
+            repo_name_to_guid[repo_name.strip()] = repo_guid.strip()
+
+        return repo_name_to_guid
+    except Exception as e:
+        logger.debug('Failed to get Plastic repository list', exc_info=e)
+        return repo_name_to_guid
+
+
+def try_to_get_plastic_remote_url(path: str) -> Optional[str]:
+    repository_name = _get_plastic_repository_name(path)
+    if not repository_name:
+        return None
+
+    repository_map = _get_plastic_repository_list(path)
+    if repository_name not in repository_map:
+        logger.debug('Failed to get Plastic repository GUID (repository not found in the list)')
+        return None
+
+    repository_guid = repository_map[repository_name]
+    return f'{consts.PLASTIC_VCS_REMOTE_URI_PREFIX}{repository_guid}'
+
+
 def exclude_irrelevant_detections(
     detections: List[Detection], scan_type: str, command_scan_type: str, severity_threshold: str
 ) -> List[Detection]:
@@ -690,9 +781,7 @@ def exclude_irrelevant_detections(
 def _exclude_detections_by_severity(detections: List[Detection], severity_threshold: str) -> List[Detection]:
     relevant_detections = []
     for detection in detections:
-        severity = detection.detection_details.get('advisory_severity')
-        if not severity:
-            severity = detection.severity
+        severity = detection.severity
 
         if _does_severity_match_severity_threshold(severity, severity_threshold):
             relevant_detections.append(detection)
diff --git a/cycode/cli/consts.py b/cycode/cli/consts.py
@@ -231,3 +231,11 @@
 # Example: A -> B -> C
 # Result: A -> ... -> C
 SCA_SHORTCUT_DEPENDENCY_PATHS = 2
+
+SCA_SKIP_RESTORE_DEPENDENCIES_FLAG = 'no-restore'
+
+SCA_GRADLE_ALL_SUB_PROJECTS_FLAG = 'gradle-all-sub-projects'
+
+PLASTIC_VCS_DATA_SEPARATOR = ':::'
+PLASTIC_VSC_CLI_TIMEOUT = 10
+PLASTIC_VCS_REMOTE_URI_PREFIX = 'plastic::'
diff --git a/cycode/cli/printers/tables/sca_table_printer.py b/cycode/cli/printers/tables/sca_table_printer.py
@@ -83,14 +83,8 @@ def _get_table(self, policy_id: str) -> Table:
     def _enrich_table_with_values(policy_id: str, table: Table, detection: Detection) -> None:
         detection_details = detection.detection_details
 
-        severity = None
-        if policy_id == PACKAGE_VULNERABILITY_POLICY_ID:
-            severity = detection_details.get('advisory_severity')
-        elif policy_id == LICENSE_COMPLIANCE_POLICY_ID:
-            severity = detection.severity
-
-        if severity:
-            table.add_cell(SEVERITY_COLUMN, SeverityOption(severity))
+        if detection.severity:
+            table.add_cell(SEVERITY_COLUMN, SeverityOption(detection.severity))
         else:
             table.add_cell(SEVERITY_COLUMN, 'N/A')
 
