Curation - added-pass-through for gradle (jfrog#561)

Author: basel1322

buildscripts/download-jars.sh

@@ -7,7 +7,7 @@
 # https://github.com/jfrog/maven-dep-tree
 
 # Once you have updated the versions mentioned below, please execute this script from the root directory of the jfrog-cli-core to ensure the JAR files are updated.
-GRADLE_DEP_TREE_VERSION="3.0.4"
+GRADLE_DEP_TREE_VERSION="3.1.0"
 # Changing this version also requires a change in mavenDepTreeVersion within utils/java/mvn.go.
 MAVEN_DEP_TREE_VERSION="1.1.5"
 

jfrog-security

@@ -50,7 +50,10 @@ func TestGetGradleGraphFromDepTree(t *testing.T) {
 		"org.slf4j:slf4j-api:1.4.2",
 	}
 
-	manager := &gradleDepTreeManager{DepTreeManager{}}
+	manager := &gradleDepTreeManager{
+		DepTreeManager: DepTreeManager{},
+		isCurationCmd:  false,
+	}
 	outputFileContent, err := manager.runGradleDepTree()
 	assert.NoError(t, err)
 	depTree, uniqueDeps, err := getGraphFromDepTree(outputFileContent)
@@ -64,3 +67,20 @@ func TestGetGradleGraphFromDepTree(t *testing.T) {
 		assert.Equal(t, len(depChild), len(dependency.Nodes))
 	}
 }
+
+func TestGetGradleGraphFromDepTreeWithCuration(t *testing.T) {
+	tempDirPath, cleanUp := technologies.CreateTestWorkspace(t, filepath.Join("projects", "package-managers", "gradle", "gradle"))
+	defer cleanUp()
+	assert.NoError(t, os.Chmod(filepath.Join(tempDirPath, "gradlew"), 0700))
+
+	manager := &gradleDepTreeManager{
+		DepTreeManager: DepTreeManager{},
+		isCurationCmd:  true,
+	}
+	outputFileContent, err := manager.runGradleDepTree()
+	assert.NoError(t, err)
+	depTree, uniqueDeps, err := getGraphFromDepTree(outputFileContent)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, depTree)
+	assert.NotEmpty(t, uniqueDeps)
+}

sca/bom/buildinfo/technologies/java/deptreemanager_test.go

@@ -57,10 +57,14 @@ var gradleDepTreeJar []byte
 
 type gradleDepTreeManager struct {
 	DepTreeManager
+	isCurationCmd bool
 }
 
 func buildGradleDependencyTree(params *DepTreeParams) (dependencyTree []*xrayUtils.GraphNode, uniqueDeps map[string]*xray.DepTreeNode, err error) {
-	manager := &gradleDepTreeManager{DepTreeManager: NewDepTreeManager(params)}
+	manager := &gradleDepTreeManager{
+		DepTreeManager: NewDepTreeManager(params),
+		isCurationCmd:  params.IsCurationCmd,
+	}
 	outputFileContent, err := manager.runGradleDepTree()
 	if err != nil {
 		return
@@ -160,6 +164,12 @@ func (gdt *gradleDepTreeManager) execGradleDepTree(depTreeDir string) (outputFil
 		gradleNoCacheFlag,
 		fmt.Sprintf("-Dcom.jfrog.depsTreeOutputFile=%s", outputFilePath),
 		"-Dcom.jfrog.includeAllBuildFiles=true"}
+
+	// Add curation audit mode for pass-through functionality if this is a curation command
+	if gdt.isCurationCmd {
+		tasks = append(tasks, "-Dcom.jfrog.curationAuditMode=true")
+	}
+
 	log.Info("Running gradle deps tree command:", gradleExecPath, strings.Join(tasks, " "))
 	if output, err := exec.Command(gradleExecPath, tasks...).CombinedOutput(); err != nil {
 		return nil, errorutils.CheckErrorf("error running gradle-dep-tree: %s\n%s", err.Error(), string(output))

sca/bom/buildinfo/technologies/java/gradle.go

@@ -229,3 +229,31 @@ func TestConstructReleasesRemoteRepo(t *testing.T) {
 		}()
 	}
 }
+
+func TestGradleCurationAuditMode(t *testing.T) {
+	// Test that curation audit mode flag is added when IsCurationCmd is true
+	params := &DepTreeParams{
+		IsCurationCmd: true,
+	}
+
+	manager := &gradleDepTreeManager{
+		DepTreeManager: NewDepTreeManager(params),
+		isCurationCmd:  params.IsCurationCmd,
+	}
+
+	// Verify that the manager has the curation flag set
+	assert.True(t, manager.isCurationCmd, "isCurationCmd should be true for curation commands")
+
+	// Test with non-curation command
+	paramsNonCuration := &DepTreeParams{
+		IsCurationCmd: false,
+	}
+
+	managerNonCuration := &gradleDepTreeManager{
+		DepTreeManager: NewDepTreeManager(paramsNonCuration),
+		isCurationCmd:  paramsNonCuration.IsCurationCmd,
+	}
+
+	// Verify that the manager does not have the curation flag set
+	assert.False(t, managerNonCuration.isCurationCmd, "isCurationCmd should be false for non-curation commands")
+}