Skip to content

Add one model service support#1385

Closed
dortam888 wants to merge 131 commits intojfrog:devfrom
dortam888:add_onemodel_service_support
Closed

Add one model service support#1385
dortam888 wants to merge 131 commits intojfrog:devfrom
dortam888:add_onemodel_service_support

Conversation

@dortam888
Copy link
Collaborator

@dortam888 dortam888 commented May 10, 2025
edited
Loading

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • All static analysis checks passed.
  • This pull request is on the dev branch.
  • I used gofmt for formatting the code before submitting the pull request.

Depend on jfrog/jfrog-client-go#1115
Add support to create onemodel config.

omerzi and others added 30 commits April 5, 2023 10:15
@omerzi @sarao1310
@eyalbe4 @sverdlov93 @yahavi
Upgrade jfrog-cli-core to 2.31.1 (jfrog#739)
4d20901 
* Improve UI for scan command (jfrog#706)

* Upgrade go version in go.mod to 1.20 (jfrog#732)

* Fix lint issues found (jfrog#733)

* Config transfer - ensure target not older than source (jfrog#721)

* Update tests environment - nuget and dotnet to version 6  (jfrog#734)

* Flatten audit graph (jfrog#736)

* Use gradle-dep-tree with Audit (jfrog#719)

---------

Co-authored-by: Sara Omari <114062096+sarao1310@users.noreply.github.com>
Co-authored-by: Eyal Ben Moshe <eyalbenmoshe@jfrog.com>
Co-authored-by: Michael Sverdlov <sverdlov93@gmail.com>
Co-authored-by: Yahav Itzhak <yahavi@users.noreply.github.com>
@eyalbe4
Added the Frogbot badge to the README (jfrog#745)
9b4006e
@sverdlov93
Merge remote-tracking branch 'upstream/dev' into mastercore
1381a8b 
# Conflicts:
#	.github/workflows/analysis.yml
#	go.mod
#	go.sum
#	xray/audit/java/gradle.go
#	xray/commands/audit/generic/auditmanager.go
@sverdlov93
Merge remote-tracking branch 'upstream/dev' into mastercore
f8e3a22
@omerzi
Merge remote-tracking branch 'origin/dev'
4f7259c
@omerzi
Merge remote-tracking branch 'origin/dev'
932793d
@eyalbe4
Merge branch 'dev'
2ddeac0
@talarian1
Merge branch 'dev' into master
11ce1e8
@talarian1
Merge branch 'dev'
521d832
@talarian1
Merge remote-tracking branch 'origin/dev'
f470da2
@omerzi
Merge remote-tracking branch 'origin/dev'
2c85766
@talarian1
Merge remote-tracking branch 'origin/dev'
ae0b91d
@yahavi
Merge remote-tracking branch 'upstream/dev'
5a53932
@yahavi
Merge remote-tracking branch 'upstream/dev'
c07d9fb
@talarian1
Merge remote-tracking branch 'origin/dev'
7040b6a
@eyalbe4
Merge branch 'dev'
e91d430
@talarian1
Upgrade jfrog-cli-core to 2.34.6
2680fdb
@eyalbe4
Merge branch 'master' into dev
b4ddac8
@eyalbe4
Merge branch 'dev'
6dca5e7
@talarian1
Merge remote-tracking branch 'origin/dev'
9fa7b09
@yahavi
Merge branch 'dev'
a46fb01
@eyalbe4
Merge branch 'dev'
94469f4
@eyalbe4
Merge branch 'dev'
b330d82
@omerzi
Merge branch 'master' into dev
7141b4c
@eyalbe4
Merge branch 'dev'
ec17933
@RobiNino
Merge branch 'dev'
83ced5a
@yahavi
Merge branch 'dev'
9e57a49
@omerzi
Merge branch 'master' into dev
fe4c82a
@omerzi
Upgrade jfrog-cli-core to 2.38.0
47a0f3f
@talarian1
Remove Secrets Scanner Sacanners Names config (jfrog#862)
40e7d2d
@dortam888 dortam888 requested a review from bhanurp May 19, 2025 10:03
bhanurp
bhanurp requested changes May 22, 2025
View reviewed changes
Copy link
Contributor

@bhanurp bhanurp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Please add appropriate label for the PR
  • Please check static analysis failures.

utils/config/config.go
return serverDetails.createAuthConfig(mdAuth)
}

func (serverDetails *ServerDetails) CreateOnemodelAuthConfig() (auth.ServiceDetails, error) {
Copy link
Contributor

@bhanurp bhanurp May 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update README about new APIs available

utils/config/config.go

func (serverDetails *ServerDetails) CreateOnemodelAuthConfig() (auth.ServiceDetails, error) {
omAuth := onemodelAuth.NewOnemodelDetails()
omAuth.SetUrl(serverDetails.OnemodelUrl)
Copy link
Contributor

@bhanurp bhanurp May 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

serverDetails.OnemodelUrl is this optional?

@dortam888 dortam888 added the new feature Automatically generated release notes label May 22, 2025
@dortam888 dortam888 force-pushed the add_onemodel_service_support branch from ce9f62f to 21ee276 Compare May 31, 2025 18:46
@dortam888 dortam888 requested a review from bhanurp May 31, 2025 19:03
bhanurp
bhanurp approved these changes Jun 6, 2025
View reviewed changes
Copy link
Contributor

@bhanurp bhanurp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Please update the PR description with couple of lines describing what this PR does.

@github-actions
Copy link
Contributor

github-actions bot commented Jun 6, 2025

🚨 Frogbot scanned this pull request and found the below:

📗 Scan Summary

  • Frogbot scanned for vulnerabilities and found 4 issues
Scan Category Status Security Issues
Software Composition Analysis ℹ️ Not Scanned -
Contextual Analysis ℹ️ Not Scanned -
Static Application Security Testing (SAST) ✅ Done
4 Issues Found 4 Low
Secrets ✅ Done -
Infrastructure as Code (IaC) ✅ Done Not Found

github-actions[bot]
github-actions bot reviewed Jun 6, 2025
View reviewed changes
common/build/buildinfoproperties_test.go
Comment on lines 146 to 149
}
props, err := CreateBuildInfoProps("", vConfig, project.Maven)
props, err := CreateBuildInfoProps("", vConfig, Maven)
if err != nil {
t.Error(err)
Copy link
Contributor

@github-actions github-actions bot Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Static Application Security Testing (SAST) Vulnerability

Severity Finding
low
Low		 Detected usage of communication methods lacking encryption.
Full description

Vulnerability Details
CWE: 319
Rule ID: go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

github-actions[bot]
github-actions bot reviewed Jun 6, 2025
View reviewed changes
artifactory/commands/utils/npmcmdutils_test.go
@@ -21,53 +15,8 @@ func TestGetRegistry(t *testing.T) {
}

for _, testCase := range getRegistryTest {
Copy link
Contributor

@github-actions github-actions bot Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Static Application Security Testing (SAST) Vulnerability

Severity Finding
low
Low		 Detected usage of communication methods lacking encryption.
Full description

Vulnerability Details
CWE: 319
Rule ID: go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

github-actions[bot]
github-actions bot reviewed Jun 6, 2025
View reviewed changes
artifactory/commands/utils/npmcmdutils_test.go Outdated
for _, testCase := range getRegistryTest {
if GetNpmRepositoryUrl(testCase.repo, testCase.url) != testCase.expected {
t.Errorf("The expected output of getRegistry(\"%s\", \"%s\") is %s. But the actual result is:%s", testCase.repo, testCase.url, testCase.expected, GetNpmRepositoryUrl(testCase.repo, testCase.url))
if getNpmRepositoryUrl(testCase.repo, testCase.url) != testCase.expected {
Copy link
Contributor

@github-actions github-actions bot Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Static Application Security Testing (SAST) Vulnerability

Severity Finding
low
Low		 Detected usage of communication methods lacking encryption.
Full description

Vulnerability Details
CWE: 319
Rule ID: go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

github-actions[bot]
github-actions bot reviewed Jun 6, 2025
View reviewed changes
artifactory/commands/utils/npmcmdutils_test.go
t.Errorf("The expected output of getRegistry(\"%s\", \"%s\") is %s. But the actual result is:%s", testCase.repo, testCase.url, testCase.expected, GetNpmRepositoryUrl(testCase.repo, testCase.url))
if getNpmRepositoryUrl(testCase.repo, testCase.url) != testCase.expected {
t.Errorf("The expected output of getRegistry(\"%s\", \"%s\") is %s. But the actual result is:%s", testCase.repo, testCase.url, testCase.expected, getNpmRepositoryUrl(testCase.repo, testCase.url))
}
Copy link
Contributor

@github-actions github-actions bot Jun 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Static Application Security Testing (SAST) Vulnerability

Severity Finding
low
Low		 Detected usage of communication methods lacking encryption.
Full description

Vulnerability Details
CWE: 319
Rule ID: go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

@dortam888 dortam888 force-pushed the add_onemodel_service_support branch from 4aa8e82 to 3145117 Compare June 10, 2025 10:46
@dortam888 dortam888 force-pushed the add_onemodel_service_support branch from 3145117 to 392ebf8 Compare June 10, 2025 10:46
@dortam888 dortam888 force-pushed the add_onemodel_service_support branch from 5f34539 to 392ebf8 Compare June 10, 2025 14:10
@dortam888 dortam888 closed this Jun 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@bhanurp bhanurp bhanurp approved these changes

Assignees

No one assigned

Labels

new feature Automatically generated release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.