improved the code

Author: basel1322

commands/curation/curationaudit.go

@@ -405,20 +405,8 @@ func (ca *CurationAuditCommand) getRtManagerAndAuth(tech techutils.Technology) (
 
 func (ca *CurationAuditCommand) GetAuth(tech techutils.Technology) (serverDetails *config.ServerDetails, err error) {
 	if ca.PackageManagerConfig == nil {
-		if tech == techutils.Docker {
-			serverDetails, err = ca.ServerDetails()
-			if err != nil {
-				return
-			}
-			repoConfig, err := docker.GetDockerRepositoryConfig(serverDetails, ca.DockerImageName())
-			if err != nil {
-				return nil, err
-			}
-			ca.setPackageManagerConfig(repoConfig)
-		} else {
-			if err = ca.SetRepo(tech); err != nil {
-				return
-			}
+		if err = ca.SetRepo(tech); err != nil {
+			return
 		}
 	}
 	serverDetails, err = ca.PackageManagerConfig.ServerDetails()
@@ -747,6 +735,16 @@ func (ca *CurationAuditCommand) CommandName() string {
 }
 
 func (ca *CurationAuditCommand) SetRepo(tech techutils.Technology) error {
+	// If the technology is Docker, we need to get the repository config from the Docker image name
+	if tech == techutils.Docker {
+		repoConfig, err := docker.GetDockerRepositoryConfig(ca.DockerImageName())
+		if err != nil {
+			return err
+		}
+		ca.setPackageManagerConfig(repoConfig)
+		return nil
+	}
+
 	resolverParams, err := ca.getRepoParams(techutils.TechToProjectType[tech])
 	if err != nil {
 		return err
@@ -1176,11 +1174,14 @@ func getDockerNameScopeAndVersion(id, artiUrl, repo string) (downloadUrls []stri
 	id = strings.TrimPrefix(id, "docker://")
 
 	if idx := strings.Index(id, ":sha256:"); idx > 0 {
-		name, version = id[:idx], id[idx+1:]
+		name = id[:idx]
+		version = id[idx+1:]
 	} else if idx := strings.LastIndex(id, ":"); idx > 0 {
-		name, version = id[:idx], id[idx+1:]
+		name = id[:idx]
+		version = id[idx+1:]
 	} else {
-		name, version = id, "latest"
+		name = id
+		version = "latest"
 	}
 
 	if artiUrl != "" && repo != "" {

commands/curation/curationaudit_test.go

@@ -16,6 +16,7 @@ import (
 	"sync"
 	"testing"
 
+	"github.com/jfrog/jfrog-cli-security/sca/bom/buildinfo/technologies/docker"
 	"github.com/jfrog/jfrog-cli-security/sca/bom/buildinfo/technologies/java"
 	"github.com/jfrog/jfrog-cli-security/utils/formats"
 
@@ -507,8 +508,9 @@ func runPreTestExec(t *testing.T, basePathToTests string, testCase testCase) {
 }
 
 func createCurationCmdAndRun(tt testCase, serverDetails *config.ServerDetails) (cmdResults map[string]*CurationReport, err error) {
-	if tt.tech == techutils.Docker && tt.mockDepTree != nil {
-		return runDockerCurationWithMockTree(tt, serverDetails)
+	// For Docker, building dep tree manually (since its not possible to do docker pull )
+	if tt.tech == techutils.Docker {
+		return runDockerCurationTest(tt, serverDetails)
 	}
 	curationCmd := NewCurationAuditCommand()
 	curationCmd.SetIsCurationCmd(true)
@@ -517,44 +519,38 @@ func createCurationCmdAndRun(tt testCase, serverDetails *config.ServerDetails) (
 	curationCmd.SetInsecureTls(true)
 	curationCmd.SetIgnoreConfigFile(tt.shouldIgnoreConfigFile)
 	curationCmd.SetInsecureTls(tt.allowInsecureTls)
-	if tt.dockerImageName != "" {
-		curationCmd.SetDockerImageName(tt.dockerImageName)
-		// Docker requires server details to be set explicitly
-		curationCmd.SetServerDetails(serverDetails)
-	}
+	curationCmd.SetDockerImageName(tt.dockerImageName)
 	cmdResults = map[string]*CurationReport{}
 	err = curationCmd.doCurateAudit(cmdResults)
 	return
 }
 
-func runDockerCurationWithMockTree(tt testCase, serverDetails *config.ServerDetails) (map[string]*CurationReport, error) {
-	rtAuth, _ := serverDetails.CreateArtAuthConfig()
+func runDockerCurationTest(tt testCase, serverDetails *config.ServerDetails) (map[string]*CurationReport, error) {
+	imageInfo, _ := docker.ParseDockerImage(tt.dockerImageName)
+	rootId := imageInfo.Image + ":" + imageInfo.Tag
+
 	rtManager, _ := rtUtils.CreateServiceManager(serverDetails, 2, 0, false)
+	rtAuth, _ := serverDetails.CreateArtAuthConfig()
 
 	analyzer := treeAnalyzer{
 		rtManager:            rtManager,
 		extractPoliciesRegex: regexp.MustCompile(extractPoliciesRegexTemplate),
 		rtAuth:               rtAuth,
 		httpClientDetails:    rtAuth.CreateHttpClientDetails(),
 		url:                  rtAuth.GetUrl(),
-		repo:                 strings.SplitN(tt.dockerImageName, "/", 2)[0],
+		repo:                 imageInfo.Repo,
 		tech:                 techutils.Docker,
 		parallelRequests:     3,
 	}
 
-	packagesStatusMap := sync.Map{}
-	rootNodes := map[string]struct{}{tt.mockDepTree.Id: {}}
-	_ = analyzer.fetchNodesStatus(tt.mockDepTree, &packagesStatusMap, rootNodes)
+	tree := []*xrayUtils.GraphNode{{Id: rootId, Nodes: []*xrayUtils.GraphNode{{Id: "docker://" + rootId}}}}
+	statusMap := sync.Map{}
+	var status []*PackageStatus
 
-	var packagesStatus []*PackageStatus
-	analyzer.GraphsRelations([]*xrayUtils.GraphNode{tt.mockDepTree}, &packagesStatusMap, &packagesStatus)
+	analyzer.fetchNodesStatus(tree[0], &statusMap, map[string]struct{}{rootId: {}})
+	analyzer.GraphsRelations(tree, &statusMap, &status)
 
-	return map[string]*CurationReport{
-		tt.mockDepTree.Id: {
-			packagesStatus:        packagesStatus,
-			totalNumberOfPackages: len(tt.mockDepTree.Nodes),
-		},
-	}, nil
+	return map[string]*CurationReport{rootId: {packagesStatus: status, totalNumberOfPackages: 1}}, nil
 }
 
 func validateCurationResults(t *testing.T, testCase testCase, results map[string]*CurationReport, config *config.ServerDetails) {
@@ -608,8 +604,6 @@ type testCase struct {
 	createServerWithoutCreds bool
 	allowInsecureTls         bool
 	dockerImageName          string
-	// mockDepTree is used for Docker tests to bypass docker pull
-	mockDepTree *xrayUtils.GraphNode
 }
 
 func (tc testCase) getPathToTests() string {
@@ -1028,26 +1022,26 @@ func getTestCasesForDoCurationAudit() []testCase {
 			allowInsecureTls: true,
 		},
 		{
-			name:            "docker tree - malicious package blocked",
+			name:            "docker tree - one blocked package",
 			tech:            techutils.Docker,
 			pathToProject:   filepath.Join("projects", "package-managers", "docker", "curation-project"),
-			dockerImageName: "docker-curation/ganodndentcom/drupal:latest",
+			dockerImageName: "repo-test-docker/dweomer/nginx-auth-ldap:1.13.5-on-alpine-3.5",
 			requestToFail: map[string]bool{
-				"/api/docker/docker-curation/v2/ganodndentcom/drupal/manifests/latest": true,
+				"/api/docker/dweomer/v2/nginx-auth-ldap/manifests/1.13.5-on-alpine-3.5": true,
 			},
 			expectedRequest: map[string]bool{
-				"/api/docker/docker-curation/v2/ganodndentcom/drupal/manifests/latest": false,
+				"/api/docker/dweomer/v2/nginx-auth-ldap/manifests/1.13.5-on-alpine-3.5": false,
 			},
 			expectedResp: map[string]*CurationReport{
-				"ganodndentcom/drupal:latest": {
+				"nginx-auth-ldap:1.13.5-on-alpine-3.5": {
 					packagesStatus: []*PackageStatus{
 						{
 							Action:            "blocked",
-							ParentName:        "ganodndentcom/drupal",
-							ParentVersion:     "latest",
-							BlockedPackageUrl: "/api/docker/docker-curation/v2/ganodndentcom/drupal/manifests/latest",
-							PackageName:       "ganodndentcom/drupal",
-							PackageVersion:    "latest",
+							ParentName:        "nginx-auth-ldap",
+							ParentVersion:     "1.13.5-on-alpine-3.5",
+							BlockedPackageUrl: "/api/docker/dweomer/v2/nginx-auth-ldap/manifests/1.13.5-on-alpine-3.5",
+							PackageName:       "nginx-auth-ldap",
+							PackageVersion:    "1.13.5-on-alpine-3.5",
 							DepRelation:       "direct",
 							PkgType:           "docker",
 							BlockingReason:    "Policy violations",
@@ -1063,13 +1057,6 @@ func getTestCasesForDoCurationAudit() []testCase {
 				},
 			},
 			allowInsecureTls: true,
-			// Mock dependency tree to bypass docker pull
-			mockDepTree: &xrayUtils.GraphNode{
-				Id: "ganodndentcom/drupal:latest",
-				Nodes: []*xrayUtils.GraphNode{
-					{Id: "docker://ganodndentcom/drupal:latest"},
-				},
-			},
 		},
 	}
 	return tests

sca/bom/buildinfo/technologies/docker/docker.go

@@ -45,7 +45,9 @@ func ParseDockerImage(imageName string) (*DockerImageInfo, error) {
 	}
 
 	info.Registry = parts[0]
-	info.Repo, info.Image = parseRegistryAndExtract(info.Registry, parts[1:])
+	repo, image := parseRegistryAndExtract(info.Registry, parts[1:])
+	info.Repo = repo
+	info.Image = image
 
 	log.Debug(fmt.Sprintf("Parsed Docker image - Registry: %s, Repo: %s, Image: %s, Tag: %s",
 		info.Registry, info.Repo, info.Image, info.Tag))
@@ -57,7 +59,7 @@ func parseRegistryAndExtract(registry string, remainingParts []string) (repo, im
 	image = strings.Join(remainingParts, "/")
 
 	// SaaS subdomain: <INSTANCE>-<REPO>.jfrog.io/image:tag (repo in subdomain, check first)
-	if matches := jfrogSubdomainPattern.FindStringSubmatch(registry); matches != nil {
+	if matches := jfrogSubdomainPattern.FindStringSubmatch(registry); len(matches) > 2 {
 		repo = matches[2]
 		return
 	}
@@ -135,15 +137,17 @@ func extractDigestFromBlockedMessage(output string) string {
 	return ""
 }
 
-func GetDockerRepositoryConfig(serverDetails *config.ServerDetails, imageName string) (*project.RepositoryConfig, error) {
+func GetDockerRepositoryConfig(imageName string) (*project.RepositoryConfig, error) {
 	imageInfo, err := ParseDockerImage(imageName)
 	if err != nil {
 		return nil, err
 	}
-	return GetDockerRepositoryConfigFromInfo(serverDetails, imageInfo)
-}
 
-func GetDockerRepositoryConfigFromInfo(serverDetails *config.ServerDetails, imageInfo *DockerImageInfo) (*project.RepositoryConfig, error) {
+	serverDetails, err := config.GetDefaultServerConf()
+	if err != nil {
+		return nil, err
+	}
+
 	repoConfig := &project.RepositoryConfig{}
 	repoConfig.SetServerDetails(serverDetails).SetTargetRepo(imageInfo.Repo)
 	return repoConfig, nil