Validate xray url (#160)

Author: hadarshjfrog

audit_test.go

@@ -17,6 +17,7 @@ import (
 	"github.com/jfrog/jfrog-cli-security/utils/formats"
 	"github.com/jfrog/jfrog-cli-security/utils/validations"
 
+	testsUtils "github.com/jfrog/jfrog-cli-security/tests/utils"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 
 	"github.com/stretchr/testify/assert"
@@ -566,7 +567,7 @@ func TestXrayAuditWithoutSastCppFlagSimpleJson(t *testing.T) {
 }
 
 func TestXrayAuditNotEntitledForJas(t *testing.T) {
-	cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getNoJasAuditMockCommand)
+	cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, false, getNoJasAuditMockCommand)
 	defer cleanUp()
 	output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false)
 	validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8})
@@ -739,3 +740,31 @@ func TestAuditOnEmptyProject(t *testing.T) {
 	// No issues should be found in an empty project
 	validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{})
 }
+
+// xray-url only - the following tests check the case of adding "xray-url", instead of "url", which is the more common one
+
+func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) {
+	cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand)
+	defer cleanUp()
+	output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false)
+	// Verify that scan results are printed
+	validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8})
+	// Verify that JAS results are not printed
+	validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{})
+}
+
+func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) {
+	cliToRun := testsUtils.GetTestCli(cli.GetJfrogCliSecurityApp(), true)
+	output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false)
+	validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
+		Sast:    1,
+		Iac:     9,
+		Secrets: 6,
+
+		Vulnerabilities: 8,
+		Applicable:      3,
+		Undetermined:    1,
+		NotCovered:      1,
+		NotApplicable:   2,
+	})
+}

jas/analyzermanager.go

@@ -24,7 +24,7 @@ import (
 const (
 	ApplicabilityFeatureId                    = "contextual_analysis"
 	AnalyzerManagerZipName                    = "analyzerManager.zip"
-	defaultAnalyzerManagerVersion             = "1.9.11"
+	defaultAnalyzerManagerVersion             = "1.10.2"
 	analyzerManagerDownloadPath               = "xsc-gen-exe-analyzer-manager-local/v1"
 	analyzerManagerDirName                    = "analyzerManager"
 	analyzerManagerExecutableName             = "analyzerManager"
@@ -33,6 +33,7 @@ const (
 	jfPasswordEnvVariable                     = "JF_PASS"
 	jfTokenEnvVariable                        = "JF_TOKEN"
 	jfPlatformUrlEnvVariable                  = "JF_PLATFORM_URL"
+	jfPlatformXrayUrlEnvVariable              = "JF_PLATFORM_XRAY_URL"
 	logDirEnvVariable                         = "AM_LOG_DIRECTORY"
 	notEntitledExitCode                       = 31
 	unsupportedCommandExitCode                = 13
@@ -138,10 +139,11 @@ func GetAnalyzerManagerExecutableName() string {
 
 func GetAnalyzerManagerEnvVariables(serverDetails *config.ServerDetails) (envVars map[string]string, err error) {
 	envVars = map[string]string{
-		jfUserEnvVariable:        serverDetails.User,
-		jfPasswordEnvVariable:    serverDetails.Password,
-		jfPlatformUrlEnvVariable: serverDetails.Url,
-		jfTokenEnvVariable:       serverDetails.AccessToken,
+		jfUserEnvVariable:            serverDetails.User,
+		jfPasswordEnvVariable:        serverDetails.Password,
+		jfPlatformUrlEnvVariable:     serverDetails.Url,
+		jfPlatformXrayUrlEnvVariable: serverDetails.XrayUrl,
+		jfTokenEnvVariable:           serverDetails.AccessToken,
 	}
 	if !utils.IsCI() {
 		analyzerManagerLogFolder, err := coreutils.CreateDirInJfrogHome(filepath.Join(coreutils.JfrogLogsDirName, analyzerManagerLogDirName))

jas/common.go

@@ -54,12 +54,13 @@ func CreateJasScanner(serverDetails *config.ServerDetails, validateSecrets bool,
 	if len(serverDetails.Url) == 0 {
 		if len(serverDetails.XrayUrl) != 0 {
 			log.Debug("Xray URL provided without platform URL")
+		} else {
+			if len(serverDetails.ArtifactoryUrl) != 0 {
+				log.Debug("Artifactory URL provided without platform URL")
+			}
+			log.Warn(NoServerUrlWarn)
+			return
 		}
-		if len(serverDetails.ArtifactoryUrl) != 0 {
-			log.Debug("Artifactory URL provided without platform URL")
-		}
-		log.Warn(NoServerUrlWarn)
-		return
 	}
 	scanner = &JasScanner{}
 	if scanner.EnvVars, err = getJasEnvVars(serverDetails, validateSecrets, envVars); err != nil {
@@ -81,6 +82,7 @@ func CreateJasScanner(serverDetails *config.ServerDetails, validateSecrets bool,
 
 func getJasEnvVars(serverDetails *config.ServerDetails, validateSecrets bool, vars map[string]string) (map[string]string, error) {
 	amBasicVars, err := GetAnalyzerManagerEnvVariables(serverDetails)
+	log.Debug("Adding the following environment variables to the analyzer manager", amBasicVars)
 	if err != nil {
 		return nil, err
 	}

jas/common_test.go

@@ -157,6 +157,40 @@ func TestGetJasEnvVars(t *testing.T) {
 				"test":                        "testValue",
 			},
 		},
+		{
+			name: "Valid server details xray only",
+			serverDetails: &config.ServerDetails{
+				Url:         "",
+				XrayUrl:     "url/xray",
+				User:        "user",
+				Password:    "password",
+				AccessToken: "token",
+			},
+			expectedOutput: map[string]string{
+				jfPlatformUrlEnvVariable:     "",
+				jfPlatformXrayUrlEnvVariable: "url/xray",
+				jfUserEnvVariable:            "user",
+				jfPasswordEnvVariable:        "password",
+				jfTokenEnvVariable:           "token",
+			},
+		},
+		{
+			name: "Valid server details both url and xray",
+			serverDetails: &config.ServerDetails{
+				Url:         "url",
+				XrayUrl:     "url/xray",
+				User:        "user",
+				Password:    "password",
+				AccessToken: "token",
+			},
+			expectedOutput: map[string]string{
+				jfPlatformUrlEnvVariable:     "url",
+				jfPlatformXrayUrlEnvVariable: "url/xray",
+				jfUserEnvVariable:            "user",
+				jfPasswordEnvVariable:        "password",
+				jfTokenEnvVariable:           "token",
+			},
+		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {

scans_test.go

@@ -162,7 +162,7 @@ func initNativeDockerWithXrayTest(t *testing.T) (mockCli *coreTests.JfrogCli, cl
 	if !*securityTests.TestDockerScan || !*securityTests.TestSecurity {
 		t.Skip("Skipping Docker scan test. To run Xray Docker test add the '-test.dockerScan=true' and '-test.security=true' options.")
 	}
-	return securityTestUtils.InitTestWithMockCommandOrParams(t, cli.DockerScanMockCommand)
+	return securityTestUtils.InitTestWithMockCommandOrParams(t, false, cli.DockerScanMockCommand)
 }
 
 func runDockerScan(t *testing.T, testCli *coreTests.JfrogCli, imageName, watchName string, minViolations, minVulnerabilities, minLicenses int, minInactives int, validateSecrets bool) {

tests/utils/test_config.go

@@ -50,19 +50,25 @@ func CreateJfrogHomeConfig(t *testing.T, encryptPassword bool) {
 func InitTestCliDetails(testApplication components.App) {
 	configTests.TestApplication = &testApplication
 	if configTests.PlatformCli == nil {
-		configTests.PlatformCli = GetTestCli(testApplication)
+		configTests.PlatformCli = GetTestCli(testApplication, false)
 	}
 }
 
-func GetTestCli(testApplication components.App) (testCli *coreTests.JfrogCli) {
-	creds := authenticateXray()
+func GetTestCli(testApplication components.App, xrayUrlOnly bool) (testCli *coreTests.JfrogCli) {
+	creds := authenticateXray(xrayUrlOnly)
 	return coreTests.NewJfrogCli(func() error { return plugins.RunCliWithPlugin(testApplication)() }, "", creds)
 }
 
-func authenticateXray() string {
+func authenticateXray(xrayUrlOnly bool) string {
 	*configTests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*configTests.JfrogUrl)
-	configTests.XrDetails = &config.ServerDetails{Url: *configTests.JfrogUrl, ArtifactoryUrl: *configTests.JfrogUrl + configTests.ArtifactoryEndpoint, XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint}
-	cred := fmt.Sprintf("--url=%s", configTests.XrDetails.XrayUrl)
+	var cred string
+	if xrayUrlOnly {
+		configTests.XrDetails = &config.ServerDetails{XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint}
+		cred = fmt.Sprintf("--xray-url=%s", configTests.XrDetails.XrayUrl)
+	} else {
+		configTests.XrDetails = &config.ServerDetails{Url: *configTests.JfrogUrl, ArtifactoryUrl: *configTests.JfrogUrl + configTests.ArtifactoryEndpoint, XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint}
+		cred = fmt.Sprintf("--url=%s", configTests.XrDetails.XrayUrl)
+	}
 	if *configTests.JfrogAccessToken != "" {
 		configTests.XrDetails.AccessToken = *configTests.JfrogAccessToken
 		cred += fmt.Sprintf(" --access-token=%s", configTests.XrDetails.AccessToken)

tests/utils/test_utils.go

@@ -78,7 +78,7 @@ func ValidateXscVersion(t *testing.T, minVersion string) {
 	}
 }
 
-func InitTestWithMockCommandOrParams(t *testing.T, mockCommands ...func() components.Command) (mockCli *coreTests.JfrogCli, cleanUp func()) {
+func InitTestWithMockCommandOrParams(t *testing.T, xrayUrlOnly bool, mockCommands ...func() components.Command) (mockCli *coreTests.JfrogCli, cleanUp func()) {
 	oldHomeDir := os.Getenv(coreutils.HomeDir)
 	// Create server config to use with the command.
 	CreateJfrogHomeConfig(t, true)
@@ -87,7 +87,7 @@ func InitTestWithMockCommandOrParams(t *testing.T, mockCommands ...func() compon
 	for _, mockCommand := range mockCommands {
 		commands = append(commands, mockCommand())
 	}
-	return GetTestCli(components.CreateEmbeddedApp("security", commands)), func() {
+	return GetTestCli(components.CreateEmbeddedApp("security", commands), xrayUrlOnly), func() {
 		clientTests.SetEnvAndAssert(t, coreutils.HomeDir, oldHomeDir)
 	}
 }