Add is entitlement check for MCP command (jfrog#553)

Author: attiasas

cli/scancommands.go

@@ -30,7 +30,6 @@ import (
 
 	"github.com/jfrog/jfrog-cli-security/commands/enrich"
 	"github.com/jfrog/jfrog-cli-security/commands/source_mcp"
-	"github.com/jfrog/jfrog-cli-security/jas"
 	"github.com/jfrog/jfrog-cli-security/sca/bom/indexer"
 	"github.com/jfrog/jfrog-cli-security/utils/xray"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
@@ -196,17 +195,12 @@ func SourceMcpCmd(c *components.Context) error {
 		return err
 	}
 
-	am_env, err := jas.GetAnalyzerManagerEnvVariables(serverDetails)
-	if err != nil {
-		return err
-	}
-
 	mcp_cmd := source_mcp.McpCommand{
-		Env:        am_env,
-		Arguments:  c.Arguments,
-		InputPipe:  os.Stdin,
-		OutputPipe: os.Stdout,
-		ErrorPipe:  os.Stderr,
+		ServerDetails: serverDetails,
+		Arguments:     c.Arguments,
+		InputPipe:     os.Stdin,
+		OutputPipe:    os.Stdout,
+		ErrorPipe:     os.Stderr,
 	}
 	return mcp_cmd.Run()
 }

commands/curation/curationaudit.go

@@ -1140,10 +1140,5 @@ func IsEntitledForCuration(xrayManager *xrayClient.XrayServicesManager) (entitle
 	if err != nil {
 		return
 	}
-	if err = clientutils.ValidateMinimumVersion(clientutils.Xray, xrayVersion, utils.EntitlementsMinVersion); err != nil {
-		log.Debug(err)
-		return
-	}
-	return xrayManager.IsEntitled("curation")
-
+	return xray.IsEntitled(xrayManager, xrayVersion, "curation")
 }

commands/scan/scan.go

@@ -333,7 +333,7 @@ func (scanCmd *ScanCommand) initScanCmdResults(cmdType utils.CommandType) (xrayM
 	cmdResults.SetStartTime(scanCmd.startTime)
 	cmdResults.SetResultsContext(scanCmd.resultsContext)
 	// Send entitlement request
-	if entitledForJas, err := isEntitledForJas(xrayManager, scanCmd.xrayVersion); err != nil {
+	if entitledForJas, err := jas.IsEntitledForJas(xrayManager, scanCmd.xrayVersion); err != nil {
 		return xrayManager, cmdResults.AddGeneralError(err, false)
 	} else {
 		cmdResults.SetEntitledForJas(entitledForJas)
@@ -344,10 +344,6 @@ func (scanCmd *ScanCommand) initScanCmdResults(cmdType utils.CommandType) (xrayM
 	return
 }
 
-func isEntitledForJas(xrayManager *xrayClient.XrayServicesManager, xrayVersion string) (bool, error) {
-	return jas.IsEntitledForJas(xrayManager, xrayVersion)
-}
-
 func NewScanCommand() *ScanCommand {
 	return &ScanCommand{}
 }

commands/source_mcp/source_mcp.go

@@ -6,17 +6,25 @@ import (
 	"os/exec"
 	"time"
 
+	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-security/jas"
 	"github.com/jfrog/jfrog-cli-security/utils"
+	"github.com/jfrog/jfrog-cli-security/utils/xray"
+
 	"github.com/jfrog/jfrog-client-go/utils/log"
 )
 
+const (
+	cmd            = "mcp-sast"
+	mcpEntitlement = "local_sast_mcp"
+)
+
 type McpCommand struct {
-	Env        map[string]string
-	Arguments  []string
-	InputPipe  io.Reader
-	OutputPipe io.Writer
-	ErrorPipe  io.Writer
+	ServerDetails *config.ServerDetails
+	Arguments     []string
+	InputPipe     io.Reader
+	OutputPipe    io.Writer
+	ErrorPipe     io.Writer
 }
 
 func establishPipeToFile(dst io.WriteCloser, src io.Reader) {
@@ -99,15 +107,35 @@ func RunAmMcpWithPipes(env map[string]string, cmd string, input_pipe io.Reader,
 	return nil
 }
 
-func (mcpCmd *McpCommand) runWithTimeout(timeout int, cmd string) (err error) {
+func (mcpCmd *McpCommand) runWithTimeout(timeout int, cmd string, envVars map[string]string) (err error) {
 	err_ := jas.DownloadAnalyzerManagerIfNeeded(0)
 	if err_ != nil {
 		log.Error(fmt.Sprintf("Failed to download Analyzer Manager: %v", err))
 	}
-
-	return RunAmMcpWithPipes(mcpCmd.Env, cmd, mcpCmd.InputPipe, mcpCmd.OutputPipe, mcpCmd.ErrorPipe, timeout, mcpCmd.Arguments...)
+	return RunAmMcpWithPipes(envVars, cmd, mcpCmd.InputPipe, mcpCmd.OutputPipe, mcpCmd.ErrorPipe, timeout, mcpCmd.Arguments...)
 }
 
 func (mcpCmd *McpCommand) Run() (err error) {
-	return mcpCmd.runWithTimeout(0, "mcp-sast")
+	am_env, err := jas.GetAnalyzerManagerEnvVariables(mcpCmd.ServerDetails)
+	if err != nil {
+		return err
+	}
+	if entitled, err := isEntitledForSourceMCP(mcpCmd.ServerDetails); err != nil {
+		return err
+	} else if !entitled {
+		return fmt.Errorf("it appears your current license doesn't include this feature.\nTo enable this functionality, an upgraded license is required. Please contact your JFrog representative for more details")
+	}
+	return mcpCmd.runWithTimeout(0, cmd, am_env)
+}
+
+func isEntitledForSourceMCP(serverDetails *config.ServerDetails) (entitled bool, err error) {
+	xrayManager, err := xray.CreateXrayServiceManager(serverDetails)
+	if err != nil {
+		return
+	}
+	xrayVersion, err := xrayManager.GetVersion()
+	if err != nil {
+		return
+	}
+	return xray.IsEntitled(xrayManager, xrayVersion, mcpEntitlement)
 }

commands/source_mcp/source_mcp_test.go

@@ -25,14 +25,14 @@ func TestRunSourceMcpHappyFlow(t *testing.T) {
 	am_env, _ := jas.GetAnalyzerManagerEnvVariables(scanner.ServerDetails)
 
 	mcp_cmd := McpCommand{
-		Env:        am_env,
-		Arguments:  []string{scanned_path},
-		InputPipe:  &input_buffer,
-		OutputPipe: &output_buffer,
-		ErrorPipe:  &error_buffer,
+		ServerDetails: serverDetails,
+		Arguments:     []string{scanned_path},
+		InputPipe:     &input_buffer,
+		OutputPipe:    &output_buffer,
+		ErrorPipe:     &error_buffer,
 	}
 
-	err := mcp_cmd.runWithTimeout(5, "mcp-sast")
+	err := mcp_cmd.runWithTimeout(5, "mcp-sast", am_env)
 	assert.NoError(t, err) // returns error because it was terminated upon timeout
 	if !assert.Contains(t, error_buffer.String(), "Generated IR") {
 		t.Error(error_buffer.String())
@@ -57,12 +57,12 @@ func TestRunSourceMcpScannerError(t *testing.T) {
 	error_buffer := *bytes.NewBuffer(make([]byte, 0, 500))
 	am_env, _ := jas.GetAnalyzerManagerEnvVariables(scanner.ServerDetails)
 	mcp_cmd := McpCommand{
-		Env:        am_env,
-		Arguments:  []string{scanned_path},
-		InputPipe:  &input_buffer,
-		OutputPipe: &output_buffer,
-		ErrorPipe:  &error_buffer,
+		ServerDetails: serverDetails,
+		Arguments:     []string{scanned_path},
+		InputPipe:     &input_buffer,
+		OutputPipe:    &output_buffer,
+		ErrorPipe:     &error_buffer,
 	}
-	err := mcp_cmd.runWithTimeout(0, "mcp-sast1") // no such command
+	err := mcp_cmd.runWithTimeout(0, "mcp-sast1", am_env) // no such command
 	assert.ErrorContains(t, err, "exit status 99")
 }

jas/common.go

@@ -23,6 +23,7 @@ import (
 	"github.com/jfrog/jfrog-cli-security/utils/results"
 	"github.com/jfrog/jfrog-cli-security/utils/severityutils"
 	"github.com/jfrog/jfrog-cli-security/utils/techutils"
+	xrayUtils "github.com/jfrog/jfrog-cli-security/utils/xray"
 	goclientutils "github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
@@ -491,12 +492,7 @@ func GetAnalyzerManagerXscEnvVars(msi string, gitRepoUrl, projectKey string, wat
 }
 
 func IsEntitledForJas(xrayManager *xray.XrayServicesManager, xrayVersion string) (entitled bool, err error) {
-	if e := goclientutils.ValidateMinimumVersion(goclientutils.Xray, xrayVersion, utils.EntitlementsMinVersion); e != nil {
-		log.Debug(e)
-		return
-	}
-	entitled, err = xrayManager.IsEntitled(ApplicabilityFeatureId)
-	return
+	return xrayUtils.IsEntitled(xrayManager, xrayVersion, ApplicabilityFeatureId)
 }
 
 func CreateScannerTempDirectory(scanner *JasScanner, scanType string, threadId int) (string, error) {

utils/xray/xraymanager.go

@@ -5,6 +5,10 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	clientconfig "github.com/jfrog/jfrog-client-go/config"
 	"github.com/jfrog/jfrog-client-go/xray"
+
+	"github.com/jfrog/jfrog-cli-security/utils"
+	clientutils "github.com/jfrog/jfrog-client-go/utils"
+	"github.com/jfrog/jfrog-client-go/utils/log"
 )
 
 // Options for creating an Xray service manager.
@@ -55,3 +59,11 @@ func CreateXrayServiceManagerAndGetVersion(serviceDetails *config.ServerDetails,
 	}
 	return xrayManager, xrayVersion, nil
 }
+
+func IsEntitled(xrayManager *xray.XrayServicesManager, xrayVersion, featureId string) (entitled bool, err error) {
+	if e := clientutils.ValidateMinimumVersion(clientutils.Xray, xrayVersion, utils.EntitlementsMinVersion); e != nil {
+		log.Debug(e)
+		return
+	}
+	return xrayManager.IsEntitled(featureId)
+}