passing tech got from TargetResults to BuildDependencyTree

eranturgeman · eranturgeman · commit 077847b5dda3 · 2025-03-25T15:23:49.000+02:00
diff --git a/commands/audit/sca/python/python.go b/commands/audit/sca/python/python.go
@@ -34,8 +34,8 @@ const (
 	CurationPipMinimumVersion = "23.0.0"
 )
 
-func BuildDependencyTree(params utils.AuditParams) (dependencyTree []*clientutils.GraphNode, uniqueDeps []string, downloadUrls map[string]string, err error) {
-	dependenciesGraph, directDependenciesList, pipUrls, errGetTree := getDependencies(params)
+func BuildDependencyTree(params utils.AuditParams, technology techutils.Technology) (dependencyTree []*clientutils.GraphNode, uniqueDeps []string, downloadUrls map[string]string, err error) {
+	dependenciesGraph, directDependenciesList, pipUrls, errGetTree := getDependencies(params, technology)
 	if errGetTree != nil {
 		err = errGetTree
 		return
@@ -60,7 +60,7 @@ func BuildDependencyTree(params utils.AuditParams) (dependencyTree []*clientutil
 	return
 }
 
-func getDependencies(params utils.AuditParams) (dependenciesGraph map[string][]string, directDependencies []string, pipUrls map[string]string, err error) {
+func getDependencies(params utils.AuditParams, technology techutils.Technology) (dependenciesGraph map[string][]string, directDependencies []string, pipUrls map[string]string, err error) {
 	wd, err := os.Getwd()
 	if errorutils.CheckError(err) != nil {
 		return
@@ -91,8 +91,8 @@ func getDependencies(params utils.AuditParams) (dependenciesGraph map[string][]s
 		return
 	}
 
-	pythonTool := pythonutils.PythonTool(params.Technologies()[0])
-	if !params.SkipAutoInstall() {
+	pythonTool := pythonutils.PythonTool(technology)
+	if technology == techutils.Pipenv || !params.SkipAutoInstall() {
 		var restoreEnv func() error
 		restoreEnv, err = runPythonInstall(params, pythonTool)
 		defer func() {
diff --git a/commands/audit/sca/python/python_test.go b/commands/audit/sca/python/python_test.go
@@ -27,8 +27,7 @@ func TestBuildPipDependencyListSetuppy(t *testing.T) {
 	defer cleanUp()
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	params.AddTechnologyIfNotExist(techutils.Pip.String())
-	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
+	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params, techutils.Pip)
 	assert.NoError(t, err)
 	assert.Contains(t, uniqueDeps, PythonPackageTypeIdentifier+"pexpect:4.8.0")
 	assert.Contains(t, uniqueDeps, PythonPackageTypeIdentifier+"ptyprocess:0.7.0")
@@ -55,9 +54,8 @@ func TestPipDependencyListCustomInstallArgs(t *testing.T) {
 	assert.NoError(t, os.Chdir(filepath.Join(actualMainPath, "referenceproject")))
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	params.AddTechnologyIfNotExist(techutils.Pip.String())
 	params.SetInstallCommandArgs([]string{"--force-reinstall"})
-	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
+	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params, techutils.Pip)
 	validatePipRequirementsProject(t, err, uniqueDeps, rootNode)
 }
 
@@ -67,9 +65,8 @@ func TestBuildPipDependencyListSetuppyForCuration(t *testing.T) {
 	defer cleanUp()
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	params.AddTechnologyIfNotExist(techutils.Pip.String())
 	params.SetIsCurationCmd(true)
-	rootNode, uniqueDeps, downloadUrls, err := BuildDependencyTree(&params)
+	rootNode, uniqueDeps, downloadUrls, err := BuildDependencyTree(&params, techutils.Pip)
 	assert.NoError(t, err)
 	assert.Contains(t, uniqueDeps, PythonPackageTypeIdentifier+"pexpect:4.8.0")
 	assert.Contains(t, uniqueDeps, PythonPackageTypeIdentifier+"ptyprocess:0.7.0")
@@ -100,8 +97,7 @@ func TestPipDependencyListRequirementsFallback(t *testing.T) {
 	defer cleanUp()
 	// No requirements file field specified, expect the command to use the fallback 'pip install -r requirements.txt' command
 	params := clisecurityutils.AuditBasicParams{}
-	params.AddTechnologyIfNotExist(techutils.Pip.String())
-	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
+	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params, techutils.Pip)
 	validatePipRequirementsProject(t, err, uniqueDeps, rootNode)
 }
 
@@ -125,9 +121,8 @@ func TestBuildPipDependencyListRequirements(t *testing.T) {
 	defer cleanUp()
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	params.AddTechnologyIfNotExist(techutils.Pip.String())
 	params.SetPipRequirementsFile("requirements.txt")
-	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
+	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params, techutils.Pip)
 	assert.NoError(t, err)
 	assert.Contains(t, uniqueDeps, PythonPackageTypeIdentifier+"pexpect:4.7.0")
 	assert.Contains(t, uniqueDeps, PythonPackageTypeIdentifier+"ptyprocess:0.7.0")
@@ -154,8 +149,7 @@ func TestBuildPipenvDependencyList(t *testing.T) {
 	}
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	params.AddTechnologyIfNotExist(techutils.Pipenv.String())
-	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
+	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params, techutils.Pipenv)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -191,8 +185,7 @@ func TestBuildPoetryDependencyList(t *testing.T) {
 	}
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	params.AddTechnologyIfNotExist(techutils.Poetry.String())
-	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
+	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params, techutils.Poetry)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -210,25 +203,38 @@ func TestBuildPoetryDependencyList(t *testing.T) {
 }
 
 func TestBuildDependencyTreeWhenInstallForbidden(t *testing.T) {
+	// This feature is currently supported and tested for Pip and Poetry only
 	testcases := []struct {
 		name                             string
 		testDir                          string
-		technology                       string
+		technology                       techutils.Technology
 		installBeforeFetchingInitialDeps bool
 	}{
+		// pip
 		{
 			name:                             "pip: project not installed | install forbidden",
 			testDir:                          filepath.Join("projects", "package-managers", "python", "pip", "pip", "requirementsproject"),
-			technology:                       techutils.Pip.String(),
+			technology:                       techutils.Pip,
 			installBeforeFetchingInitialDeps: false,
 		},
 		{
 			name:                             "pip: project installed before dep tree construction| install forbidden",
 			testDir:                          filepath.Join("projects", "package-managers", "python", "pip", "pip", "requirementsproject"),
-			technology:                       techutils.Pip.String(),
+			technology:                       techutils.Pip,
+			installBeforeFetchingInitialDeps: true,
+		},
+		{
+			name:                             "poetry: project not installed | install forbidden",
+			testDir:                          filepath.Join("projects", "package-managers", "python", "poetry", "poetry"),
+			technology:                       techutils.Poetry,
+			installBeforeFetchingInitialDeps: false,
+		},
+		{
+			name:                             "poetry: project installed before dep tree construction| install forbidden",
+			testDir:                          filepath.Join("projects", "package-managers", "python", "poetry", "poetry"),
+			technology:                       techutils.Poetry,
 			installBeforeFetchingInitialDeps: true,
 		},
-		// TODO add similar test cases for pipenv and poetry
 	}
 
 	for _, test := range testcases {
@@ -239,27 +245,25 @@ func TestBuildDependencyTreeWhenInstallForbidden(t *testing.T) {
 			// Create virtual env according to package manager if needed
 			if !test.installBeforeFetchingInitialDeps {
 				// If we install before calling BuildDependencyTree a virtual environment is going to be created, and we don't have to do it manually
-				switch test.technology {
-				case techutils.Pip.String():
+				if test.technology == techutils.Pip {
 					restoreEnv, err := SetPipVirtualEnvPath()
 					defer func() {
-						assert.NoError(t, restoreEnv(), "restoring env after pip virtual env creation failed")
+						assert.NoError(t, restoreEnv(), "restoring env after setting pip virtual env creation failed")
 					}()
 					require.NoError(t, err)
-				default:
 				}
 			}
 
 			// Setting scan params
-			params := (&clisecurityutils.AuditBasicParams{}).SetSkipAutoInstall(true).AddTechnologyIfNotExist(test.technology)
-			if test.technology == techutils.Pip.String() {
+			params := (&clisecurityutils.AuditBasicParams{}).SetSkipAutoInstall(true)
+			if test.technology == techutils.Pip {
 				params.SetPipRequirementsFile("requirements.txt")
 			}
 
 			if test.installBeforeFetchingInitialDeps {
 				restoreEnv, err := runPythonInstall(params, pythonutils.PythonTool(test.technology))
 				defer func() {
-					assert.NoError(t, restoreEnv(), "restoring env after pip virtual env creation failed")
+					assert.NoError(t, restoreEnv(), "restoring env after setting "+test.technology+" virtual env creation failed")
 				}()
 				require.NoError(t, err)
 			}
@@ -269,12 +273,21 @@ func TestBuildDependencyTreeWhenInstallForbidden(t *testing.T) {
 			assert.NoError(t, err)
 			// We use the dependencies graph and not the list of dependencies since the list includes only direct dependencies
 			dependenciesGraphBeforeBuildDepTree, _, err := pythonutils.GetPythonDependencies(pythonutils.PythonTool(test.technology), testDir, localDependenciesPath, log.GetLogger())
-			print(dependenciesGraphBeforeBuildDepTree)
-			dependenciesBeforeBuildDepTree := maps.Keys(dependenciesGraphBeforeBuildDepTree)
 			assert.NoError(t, err)
 
+			var dependenciesBeforeBuildDepTree []string
+			switch test.technology {
+			case techutils.Pip:
+				dependenciesBeforeBuildDepTree = maps.Keys(dependenciesGraphBeforeBuildDepTree)
+			case techutils.Poetry:
+				if len(dependenciesGraphBeforeBuildDepTree) != 0 {
+					mapKey := maps.Keys(dependenciesGraphBeforeBuildDepTree)[0]
+					dependenciesBeforeBuildDepTree = dependenciesGraphBeforeBuildDepTree[mapKey]
+				}
+			}
+
 			// Build dependency tree
-			_, uniqueDeps, _, err := BuildDependencyTree(params)
+			_, uniqueDeps, _, err := BuildDependencyTree(params, test.technology)
 			require.NoError(t, err)
 			var trimmedUniqueDeps []string
 			for _, dep := range uniqueDeps {
diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go
@@ -255,9 +255,8 @@ func GetTechDependencyTree(params xrayutils.AuditParams, artifactoryServerDetail
 	case techutils.Go:
 		depTreeResult.FullDepTrees, uniqueDeps, err = _go.BuildDependencyTree(params)
 	case techutils.Pipenv, techutils.Pip, techutils.Poetry:
-		params.AddTechnologyIfNotExist(tech.String())
 		depTreeResult.FullDepTrees, uniqueDeps,
-			depTreeResult.DownloadUrls, err = python.BuildDependencyTree(params)
+			depTreeResult.DownloadUrls, err = python.BuildDependencyTree(params, tech)
 	case techutils.Nuget:
 		depTreeResult.FullDepTrees, uniqueDeps, err = nuget.BuildDependencyTree(params)
 	case techutils.Cocoapods:
diff --git a/utils/auditbasicparams.go b/utils/auditbasicparams.go
@@ -21,7 +21,6 @@ type AuditParams interface {
 	SetInsecureTls(insecureTls bool) *AuditBasicParams
 	Technologies() []string
 	SetTechnologies(technologies []string) *AuditBasicParams
-	AddTechnologyIfNotExist(technology string) *AuditBasicParams
 	Progress() ioUtils.ProgressMgr
 	SetProgress(progress ioUtils.ProgressMgr)
 	Args() []string
@@ -177,16 +176,6 @@ func (abp *AuditBasicParams) SetTechnologies(technologies []string) *AuditBasicP
 	return abp
 }
 
-func (abp *AuditBasicParams) AddTechnologyIfNotExist(technology string) *AuditBasicParams {
-	for _, tech := range abp.technologies {
-		if tech == technology {
-			return abp
-		}
-	}
-	abp.technologies = append(abp.technologies, technology)
-	return abp
-}
-
 func (abp *AuditBasicParams) SetScansToPerform(scansToPerform []SubScanType) *AuditBasicParams {
 	abp.scansToPerform = scansToPerform
 	return abp
