continue

Author: attiasas

resources/deptreemanager.go

@@ -0,0 +1 @@
+package resources

technologies/technologies.go

@@ -61,6 +61,11 @@ func ChangeTechDependencyVersion(tech techutils.Technology, directDependencyName
 }
 
 func GetDependencyTree(params techutils.DetectDependencyTreeParams) (techutils.TechnologyDependencyTrees, error) {
+	msg := fmt.Sprintf("Calculating %s dependencies...", params.Technology.ToFormal())
+	if params.IncludeCuration {
+		getCurationCacheFolderAndLogMsg(params.Technology)
+	}
+	
 	if handler, err := GetTechHandler(params.Technology); err == nil {
 		log.Info(fmt.Sprintf("Handler Calculating %s dependencies...", params.Technology.ToFormal()))
 		if tree, err := handler.GetTechDependencyTree(params); err == nil {
@@ -210,10 +215,7 @@ func logDeps(uniqueDeps any) (err error) {
 	return
 }
 
-func getCurationCacheFolderAndLogMsg(params utils.AuditParams, tech techutils.Technology) (logMessage string, curationCacheFolder string, err error) {
-	if !params.IsCurationCmd() {
-		return
-	}
+func getCurationCacheFolderAndLogMsg(tech techutils.Technology) (logMessage string, curationCacheFolder string, err error) {
 	if curationCacheFolder, err = getCurationCacheByTech(tech); err != nil || curationCacheFolder == "" {
 		return
 	}

utils/techutils/techhandler.go

@@ -0,0 +1,57 @@
+package techutils
+
+import (
+	"github.com/owenrumney/go-sarif/v2/sarif"
+
+	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
+
+	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
+)
+
+// In order to support a new technology with the security commands, you need to implement this interface.
+type TechnologyHandler interface {
+	// Get a dependency tree for each descriptor file, the tree will have a root node id with the descriptor/project id, second level nodes are the direct dependencies...
+	// If no descriptor files are provided, the handler will try to use cwd as the context to find the dependencies.
+	GetTechDependencyTree(params DetectDependencyTreeParams) (TechnologyDependencyTrees, error)
+	// Get the locations of the direct dependency in the given descriptor files. if no descriptor files are provided, the handler will try to find at cwd.
+	GetTechDependencyLocations(directDependencyName, directDependencyVersion string, descriptorPaths ...string) ([]*sarif.Location, error) // maybe ([]formats.ComponentRow, error)
+	// Change a direct dependency version in the given descriptor files. if no descriptor files are provided, the handler will try to find at cwd.
+	ChangeTechDependencyVersion(directDependencyName, directDependencyVersion, fixVersion string, descriptorPaths ...string) error
+}
+
+type DetectDependencyTreeParams struct {
+	Technology Technology `json:"technology"`
+	// If the tech need to create temp file for the output of the command it should output it to this path.
+	OutputDirPath string `json:"outputDirPath,omitempty"`
+	// Files that the technology handlers use to detect the project's dependencies.
+	Descriptors []string `json:"descriptors"`
+	// Artifactory related options
+	DependenciesRepository string `json:"dependenciesRepository,omitempty"`
+	// Curation related options
+	IncludeCuration bool `json:"includeCuration,omitempty"`
+	ServerDetails *config.ServerDetails `json:"artifactoryServerDetails,omitempty"`
+	CurationCacheFolder string `json:"curationCacheFolder,omitempty"`
+	
+	// Common Tech options
+	UseWrapper bool `json:"useWrapper,omitempty"`
+
+	// Specific Maven options
+	IsMavenDepTreeInstalled bool `json:"isMavenDepTreeInstalled,omitempty"`
+}
+
+type TechnologyDependencyTrees struct {
+	UniqueDependencies []string `json:"uniqueDependencies"`
+	DownloadUrls       map[string]string `json:"downloadUrls,omitempty"`
+	// descriptor path -> dependency tree
+	DependencyTrees map[string]*xrayUtils.GraphNode `json:"dependencyTrees,omitempty"`
+}
+
+func (tdr TechnologyDependencyTrees) GetAsXrayScaScanParam() *xrayUtils.GraphNode {
+	return &xrayUtils.GraphNode{
+		Id: "root",
+	}
+}
+
+func (tdr TechnologyDependencyTrees) GetUnifiedTree() []*xrayUtils.GraphNode {
+	return []*xrayUtils.GraphNode{}
+}

utils/techutils/techutils.go

@@ -8,20 +8,18 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/owenrumney/go-sarif/v2/sarif"
 	"golang.org/x/exp/maps"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
 
 	"github.com/jfrog/gofrog/datastructures"
 	"github.com/jfrog/jfrog-cli-core/v2/common/project"
-	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
+	
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-client-go/artifactory/services/fspatterns"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
-	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 )
 
 type Technology string
@@ -72,53 +70,6 @@ var TechToProjectType = map[Technology]project.ProjectType{
 	Dotnet: project.Dotnet,
 }
 
-type DetectDependencyTreeParams struct {
-	Technology Technology `json:"technology"`
-	// If the tech need to create temp file for the output of the command it should output it to this path.
-	OutputDirPath string `json:"outputDirPath,omitempty"`
-	// Files that the technology handlers use to detect the project's dependencies.
-	Descriptors []string `json:"descriptors"`
-	// Artifactory related options
-	DependenciesRepository string `json:"dependenciesRepository,omitempty"`
-	// Curation related options
-	IncludeCuration bool `json:"includeCuration,omitempty"`
-	ServerDetails *config.ServerDetails `json:"artifactoryServerDetails,omitempty"`
-	CurationCacheFolder string `json:"curationCacheFolder,omitempty"`
-	
-	// Common Tech options
-	UseWrapper bool `json:"useWrapper,omitempty"`
-
-	// Specific Maven options
-	IsMavenDepTreeInstalled bool `json:"isMavenDepTreeInstalled,omitempty"`
-}
-
-type TechnologyDependencyTrees struct {
-	UniqueDependencies []string `json:"uniqueDependencies"`
-	DownloadUrls       map[string]string `json:"downloadUrls,omitempty"`
-	// descriptor path -> dependency tree
-	DependencyTrees map[string]*xrayUtils.GraphNode `json:"dependencyTrees,omitempty"`
-}
-
-func (tdr TechnologyDependencyTrees) GetAsXrayScaScanParam() *xrayUtils.GraphNode {
-	return &xrayUtils.GraphNode{
-		Id: "root",
-	}
-}
-
-func (tdr TechnologyDependencyTrees) GetUnifiedTree() []*xrayUtils.GraphNode {
-	return []*xrayUtils.GraphNode{}
-}
-
-type TechnologyHandler interface {
-	// Get a dependency tree for each descriptor file, the tree will have a root node id with the descriptor/project id, second level nodes are the direct dependencies...
-	// If no descriptor files are provided, the handler will try to use cwd as the context to find the dependencies.
-	GetTechDependencyTree(params DetectDependencyTreeParams) (TechnologyDependencyTrees, error)
-	// Get the locations of the direct dependency in the given descriptor files. if no descriptor files are provided, the handler will try to find at cwd.
-	GetTechDependencyLocations(directDependencyName, directDependencyVersion string, descriptorPaths ...string) ([]*sarif.Location, error) // maybe ([]formats.ComponentRow, error)
-	// Change a direct dependency version in the given descriptor files. if no descriptor files are provided, the handler will try to find at cwd.
-	ChangeTechDependencyVersion(directDependencyName, directDependencyVersion, fixVersion string, descriptorPaths ...string) error
-}
-
 type TechData struct {
 	techIdentifier string
 
@@ -286,6 +237,10 @@ func (tech Technology) String() string {
 	return string(tech)
 }
 
+func (tech Technology) GetIdentifier() string {
+	return technologiesData[tech].techIdentifier
+}
+
 func (tech Technology) GetExecCommandName() string {
 	if technologiesData[tech].execCommand == "" {
 		return tech.String()