removing all comments

Author: eranturgeman

commands/audit/sca/python/python.go

@@ -34,18 +34,6 @@ const (
 	CurationPipMinimumVersion = "23.0.0"
 )
 
-/* TODO eran delete at the end
-type AuditPython struct {
-	Server              *config.ServerDetails
-	Tool                pythonutils.PythonTool
-	RemotePypiRepo      string
-	PipRequirementsFile string
-	InstallCommandArgs  []string
-	IsCurationCmd       bool
-}
-
-*/
-
 func BuildDependencyTree(params utils.AuditParams) (dependencyTree []*clientutils.GraphNode, uniqueDeps []string, downloadUrls map[string]string, err error) {
 	dependenciesGraph, directDependenciesList, pipUrls, errGetTree := getDependencies(params)
 	if errGetTree != nil {
@@ -103,13 +91,6 @@ func getDependencies(params utils.AuditParams) (dependenciesGraph map[string][]s
 		return
 	}
 
-	// TODO eran - is it possible to not have the technology here so we need to place pip first? is that even correct doing that?
-	/*
-		pythonTool := pythonutils.Pip
-		if len(params.Technologies()) > 0 {
-			pythonTool = pythonutils.PythonTool(params.Technologies()[0])
-		}
-	*/
 	pythonTool := pythonutils.PythonTool(params.Technologies()[0])
 	if !params.SkipAutoInstall() {
 		var restoreEnv func() error

commands/audit/sca/python/python_test.go

@@ -27,7 +27,6 @@ func TestBuildPipDependencyListSetuppy(t *testing.T) {
 	defer cleanUp()
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	// params.SetTechnologies([]string{string(techutils.Pip)}) // TODO eran delete
 	params.AddTechnologyIfNotExist(techutils.Pip.String())
 	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
 	assert.NoError(t, err)
@@ -56,7 +55,6 @@ func TestPipDependencyListCustomInstallArgs(t *testing.T) {
 	assert.NoError(t, os.Chdir(filepath.Join(actualMainPath, "referenceproject")))
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	//params.SetTechnologies([]string{string(techutils.Pip)}) // TODO eran delete
 	params.AddTechnologyIfNotExist(techutils.Pip.String())
 	params.SetInstallCommandArgs([]string{"--force-reinstall"})
 	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
@@ -69,7 +67,6 @@ func TestBuildPipDependencyListSetuppyForCuration(t *testing.T) {
 	defer cleanUp()
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	// params.SetTechnologies([]string{string(techutils.Pip)}) // TODO eran delete
 	params.AddTechnologyIfNotExist(techutils.Pip.String())
 	params.SetIsCurationCmd(true)
 	rootNode, uniqueDeps, downloadUrls, err := BuildDependencyTree(&params)
@@ -103,7 +100,6 @@ func TestPipDependencyListRequirementsFallback(t *testing.T) {
 	defer cleanUp()
 	// No requirements file field specified, expect the command to use the fallback 'pip install -r requirements.txt' command
 	params := clisecurityutils.AuditBasicParams{}
-	// params.SetTechnologies([]string{string(techutils.Pip)}) // TODO eran delete
 	params.AddTechnologyIfNotExist(techutils.Pip.String())
 	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
 	validatePipRequirementsProject(t, err, uniqueDeps, rootNode)
@@ -129,7 +125,6 @@ func TestBuildPipDependencyListRequirements(t *testing.T) {
 	defer cleanUp()
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	// params.SetTechnologies([]string{string(techutils.Pip)}) // TODO eran delete
 	params.AddTechnologyIfNotExist(techutils.Pip.String())
 	params.SetPipRequirementsFile("requirements.txt")
 	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
@@ -159,7 +154,6 @@ func TestBuildPipenvDependencyList(t *testing.T) {
 	}
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	// params.SetTechnologies([]string{string(techutils.Pipenv)}) // TODO eran delete
 	params.AddTechnologyIfNotExist(techutils.Pipenv.String())
 	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
 	if err != nil {
@@ -197,7 +191,6 @@ func TestBuildPoetryDependencyList(t *testing.T) {
 	}
 	// Run getModulesDependencyTrees
 	params := clisecurityutils.AuditBasicParams{}
-	// params.SetTechnologies([]string{string(techutils.Poetry)}) // TODO eran delete
 	params.AddTechnologyIfNotExist(techutils.Poetry.String())
 	rootNode, uniqueDeps, _, err := BuildDependencyTree(&params)
 	if err != nil {

commands/audit/scarunner.go

@@ -85,29 +85,6 @@ func buildDepTreeAndRunScaScan(auditParallelRunner *utils.SecurityParallelRunner
 		// Make sure to return to the original working directory, buildDependencyTree may change it
 		generalError = errors.Join(generalError, errorutils.CheckError(os.Chdir(currentWorkingDir)))
 	}()
-	/* TODO eran delete the special case for maven
-	The code part from which this was copied is not trying to do the same, therefore this check for Maven is redundant.
-	if we look at cli-security/cli/scancommands.go, AuditCmd we can see a loop that is referring maven specifically.
-	in this loop we iterate all existing Technology types and check if a flag specifying each technology is provided.
-	If so we add this technology to the audit params we use for the command execution.
-	The reason for the specific reference for Maven is: the flag for Maven is 'mvn' and not similar to the name of the technology like the rest of the technologies
-	Therefore, we check for the 'mvn' bool flag instead of 'maven' bool flag.
-	This is NOT relevant here since the Technology is still Maven (techutils.Maven) and not the flags.mvn.
-	*/
-	/*
-		if len(auditParams.Technologies()) == 0 {
-			var technologies []string
-			for _, tech := range cmdResults.GetTechnologies() {
-				if tech == techutils.Maven {
-					// On Maven we use '--mvn' flag
-					technologies = append(technologies, flags.Mvn)
-				} else {
-					technologies = append(technologies, tech.String())
-				}
-			}
-			auditParams.SetTechnologies(technologies)
-		}
-	*/
 
 	// Perform SCA scans
 	for _, targetResult := range cmdResults.Targets {
@@ -259,7 +236,6 @@ func GetTechDependencyTree(params xrayutils.AuditParams, artifactoryServerDetail
 
 	switch tech {
 	case techutils.Maven, techutils.Gradle:
-		// TODO eran - if we changed python to work with auditParams do we want it here as well?
 		depTreeResult.FullDepTrees, uniqDepsWithTypes, err = java.BuildDependencyTree(java.DepTreeParams{
 			Server:                  artifactoryServerDetails,
 			DepsRepo:                params.DepsRepo(),
@@ -279,7 +255,6 @@ func GetTechDependencyTree(params xrayutils.AuditParams, artifactoryServerDetail
 	case techutils.Go:
 		depTreeResult.FullDepTrees, uniqueDeps, err = _go.BuildDependencyTree(params)
 	case techutils.Pipenv, techutils.Pip, techutils.Poetry:
-		// TODO eran - consider adding the tech here and not prior to this step in buildDepTreeAndRunScaScan. make sure to filer before adding to avoid duplicates (we can have dup if we came from CLI and not frogbot since we have tech flags)
 		params.AddTechnologyIfNotExist(tech.String())
 		depTreeResult.FullDepTrees, uniqueDeps,
 			depTreeResult.DownloadUrls, err = python.BuildDependencyTree(params)