fix statuses bug and refactor for more simple way

Author: attiasas

jas/runner/jasrunner.go

@@ -149,7 +149,7 @@ func runSecretsScan(params *JasRunnerParams) parallel.TaskFunc {
 		params.Runner.ResultsMu.Lock()
 		defer params.Runner.ResultsMu.Unlock()
 		// We first add the scan results and only then check for errors, so we can store the exit code in order to report it in the end
-		params.ScanResults.JasResults.AddJasScanResults(jasutils.Secrets, vulnerabilitiesResults, violationsResults, jas.GetAnalyzerManagerExitCode(err))
+		params.ScanResults.AddJasScanResults(jasutils.Secrets, vulnerabilitiesResults, violationsResults, jas.GetAnalyzerManagerExitCode(err))
 		if err = jas.ParseAnalyzerManagerError(jasutils.Secrets, err); err != nil {
 			return fmt.Errorf("%s%s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
 		}
@@ -166,7 +166,7 @@ func runIacScan(params *JasRunnerParams) parallel.TaskFunc {
 		params.Runner.ResultsMu.Lock()
 		defer params.Runner.ResultsMu.Unlock()
 		// We first add the scan results and only then check for errors, so we can store the exit code in order to report it in the end
-		params.ScanResults.JasResults.AddJasScanResults(jasutils.IaC, vulnerabilitiesResults, violationsResults, jas.GetAnalyzerManagerExitCode(err))
+		params.ScanResults.AddJasScanResults(jasutils.IaC, vulnerabilitiesResults, violationsResults, jas.GetAnalyzerManagerExitCode(err))
 		if err = jas.ParseAnalyzerManagerError(jasutils.IaC, err); err != nil {
 			return fmt.Errorf("%s%s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
 		}
@@ -183,7 +183,7 @@ func runSastScan(params *JasRunnerParams) parallel.TaskFunc {
 		params.Runner.ResultsMu.Lock()
 		defer params.Runner.ResultsMu.Unlock()
 		// We first add the scan results and only then check for errors, so we can store the exit code in order to report it in the end
-		params.ScanResults.JasResults.AddJasScanResults(jasutils.Sast, vulnerabilitiesResults, violationsResults, jas.GetAnalyzerManagerExitCode(err))
+		params.ScanResults.AddJasScanResults(jasutils.Sast, vulnerabilitiesResults, violationsResults, jas.GetAnalyzerManagerExitCode(err))
 		if err = jas.ParseAnalyzerManagerError(jasutils.Sast, err); err != nil {
 			return fmt.Errorf("%s%s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
 		}
@@ -216,7 +216,7 @@ func runContextualScan(params *JasRunnerParams) parallel.TaskFunc {
 		params.Runner.ResultsMu.Lock()
 		defer params.Runner.ResultsMu.Unlock()
 		// We first add the scan results and only then check for errors, so we can store the exit code in order to report it in the end
-		params.ScanResults.JasResults.AddApplicabilityScanResults(jas.GetAnalyzerManagerExitCode(err), caScanResults...)
+		params.ScanResults.AddApplicabilityScanResults(jas.GetAnalyzerManagerExitCode(err), caScanResults...)
 		if err = jas.ParseAnalyzerManagerError(jasutils.Applicability, err); err != nil {
 			return fmt.Errorf("%s%s", clientutils.GetLogMsgPrefix(threadId, false), err.Error())
 		}

policy/enforcer/policyenforcer.go

@@ -257,10 +257,6 @@ func locateBomVulnerabilityInfo(cmdResults *results.SecurityCommandResults, issu
 		if target.ScaResults == nil || target.ScaResults.Sbom == nil || target.ScaResults.Sbom.Vulnerabilities == nil {
 			continue
 		}
-		var applicabilityRuns []*sarif.Run
-		if cmdResults.EntitledForJas && target.JasResults != nil {
-			applicabilityRuns = results.ScanResultsToRuns(target.JasResults.ApplicabilityScanResults)
-		}
 		for _, vulnerability := range *target.ScaResults.Sbom.Vulnerabilities {
 			if vulnerability.ID != issueId || vulnerability.Affects == nil || len(*vulnerability.Affects) == 0 {
 				continue
@@ -269,7 +265,7 @@ func locateBomVulnerabilityInfo(cmdResults *results.SecurityCommandResults, issu
 				if affected.Ref == impactedComponent.BOMRef {
 					// Found the relevant component in a vulnerability
 					relevantVulnerability = &vulnerability
-					contextualAnalysis = results.GetCveApplicabilityField(vulnerability.BOMRef, applicabilityRuns)
+					contextualAnalysis = results.GetCveApplicabilityField(vulnerability.BOMRef, target.JasResults.ApplicabilityScanResults)
 					break
 				}
 			}

policy/handler.go

@@ -56,20 +56,20 @@ func getStatusCodeFromErr(err error) int {
 }
 
 func CheckPolicyFailBuildError(cmdResults *results.SecurityCommandResults) (err error) {
-	if cmdResults == nil || cmdResults.Violations.IsScanFailed() {
+	if cmdResults == nil || (cmdResults.ViolationsStatusCode != nil && *cmdResults.ViolationsStatusCode != 0) {
 		return
 	}
-	if cmdResults.Violations.Scan.ShouldFailBuild() {
+	if cmdResults.Violations.ShouldFailBuild() {
 		err = NewFailBuildError()
 	}
 	return
 }
 
 func CheckPolicyFailPrError(cmdResults *results.SecurityCommandResults) (err error) {
-	if cmdResults == nil || cmdResults.Violations.IsScanFailed() {
+	if cmdResults == nil || (cmdResults.ViolationsStatusCode != nil && *cmdResults.ViolationsStatusCode != 0) {
 		return
 	}
-	if cmdResults.Violations.Scan.ShouldFailPR() {
+	if cmdResults.Violations.ShouldFailPR() {
 		err = NewFailPrError()
 	}
 	return

policy/local/localconvertor.go

@@ -57,17 +57,17 @@ func (d *DeprecatedViolationGenerator) GenerateViolations(cmdResults *results.Se
 		// JAS violations (from JasResults)
 		if target.JasResults != nil {
 			if len(target.JasResults.JasViolations.SecretsScanResults) > 0 {
-				if e := results.ForEachJasIssue(results.ScanResultsToRuns(target.JasResults.JasViolations.SecretsScanResults), cmdResults.EntitledForJas, convertJasViolationsToPolicyViolations(&convertedViolations, jasutils.Secrets)); e != nil {
+				if e := results.ForEachJasIssue(target.JasResults.JasViolations.SecretsScanResults, cmdResults.EntitledForJas, convertJasViolationsToPolicyViolations(&convertedViolations, jasutils.Secrets)); e != nil {
 					err = errors.Join(err, fmt.Errorf("failed to convert JAS Secret violations for target %s: %w", target.ScanTarget.Target, e))
 				}
 			}
 			if len(target.JasResults.JasViolations.IacScanResults) > 0 {
-				if e := results.ForEachJasIssue(results.ScanResultsToRuns(target.JasResults.JasViolations.IacScanResults), cmdResults.EntitledForJas, convertJasViolationsToPolicyViolations(&convertedViolations, jasutils.IaC)); e != nil {
+				if e := results.ForEachJasIssue(target.JasResults.JasViolations.IacScanResults, cmdResults.EntitledForJas, convertJasViolationsToPolicyViolations(&convertedViolations, jasutils.IaC)); e != nil {
 					err = errors.Join(err, fmt.Errorf("failed to convert JAS IaC violations for target %s: %w", target.ScanTarget.Target, e))
 				}
 			}
 			if len(target.JasResults.JasViolations.SastScanResults) > 0 {
-				if e := results.ForEachJasIssue(results.ScanResultsToRuns(target.JasResults.JasViolations.SastScanResults), cmdResults.EntitledForJas, convertJasViolationsToPolicyViolations(&convertedViolations, jasutils.Sast)); e != nil {
+				if e := results.ForEachJasIssue(target.JasResults.JasViolations.SastScanResults, cmdResults.EntitledForJas, convertJasViolationsToPolicyViolations(&convertedViolations, jasutils.Sast)); e != nil {
 					err = errors.Join(err, fmt.Errorf("failed to convert JAS SAST violations for target %s: %w", target.ScanTarget.Target, e))
 				}
 			}
@@ -87,19 +87,19 @@ func (d *DeprecatedViolationGenerator) generateScaViolations(target *results.Tar
 		_, _, e := ForEachScanGraphViolation(
 			target.ScanTarget,
 			target.ScaResults.Descriptors,
-			deprecatedXrayResult.Scan.Violations,
+			deprecatedXrayResult.Violations,
 			entitledForJas,
 			applicableRuns,
 			convertScaSecurityViolationToPolicyViolation(convertedViolations),
 			convertScaLicenseViolationToPolicyViolation(convertedViolations),
 			convertOperationalRiskViolationToPolicyViolation(convertedViolations),
 		)
 		if e != nil {
-			err = errors.Join(err, fmt.Errorf("failed to convert scan graph results (scanId: %s): %w", deprecatedXrayResult.Scan.ScanId, e))
+			err = errors.Join(err, fmt.Errorf("failed to convert scan graph results (scanId: %s): %w", deprecatedXrayResult.ScanId, e))
 			continue
 		}
 		// Collect licenses for local license violation generation
-		licenses = append(licenses, deprecatedXrayResult.Scan.Licenses...)
+		licenses = append(licenses, deprecatedXrayResult.Licenses...)
 	}
 	if len(convertedViolations.License) > 0 || len(d.AllowedLicenses) == 0 {
 		// Deprecated option to provide allowed-licenses to generate local violations (only if no violations were found)

sca/bom/bomgenerator.go

@@ -39,6 +39,7 @@ func GenerateSbomForTarget(generator SbomGenerator, params SbomGeneratorParams)
 	// Generate the SBOM for the target
 	sbom, err := generator.GenerateSbom(params.Target.ScanTarget)
 	if err != nil {
+		params.Target.ResultsStatus.UpdateStatus(results.CmdStepSbom, utils.NewIntPtr(1))
 		_ = params.Target.AddTargetError(fmt.Errorf("failed to generate SBOM for %s: %s", params.Target.Target, err.Error()), params.AllowPartialResults)
 		return
 	}
@@ -73,6 +74,7 @@ func getDiffSbom(sbom *cyclonedx.BOM, params SbomGeneratorParams) *cyclonedx.BOM
 
 func updateTarget(target *results.TargetResults, sbom *cyclonedx.BOM) {
 	target.SetSbom(sbom)
+	target.ResultsStatus.UpdateStatus(results.CmdStepSbom, utils.NewIntPtr(0))
 	if err := logLibComponents(sbom.Components); err != nil {
 		log.Warn(fmt.Sprintf("Failed to log library components in SBOM for %s: %s", target.Target, err.Error()))
 	}

tests/validations/test_mocks.go

@@ -14,10 +14,8 @@ import (
 	"github.com/jfrog/jfrog-cli-security/utils/formats"
 	"github.com/jfrog/jfrog-cli-security/utils/formats/sarifutils"
 	"github.com/jfrog/jfrog-cli-security/utils/jasutils"
-	"github.com/jfrog/jfrog-cli-security/utils/results"
 	"github.com/jfrog/jfrog-cli-security/utils/severityutils"
 	"github.com/jfrog/jfrog-client-go/artifactory"
-	"github.com/jfrog/jfrog-client-go/xray/services"
 	xrayutils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	xscservices "github.com/jfrog/jfrog-client-go/xsc/services"
 	xscutils "github.com/jfrog/jfrog-client-go/xsc/services/utils"
@@ -231,21 +229,6 @@ func XrayServer(t *testing.T, params MockServerParams) (*httptest.Server, *confi
 	return serverMock, serverDetails, &apiCallCounts
 }
 
-func NewMockJasRuns(runs ...*sarif.Run) []results.ScanResult[[]*sarif.Run] {
-	return []results.ScanResult[[]*sarif.Run]{{Scan: runs}}
-}
-
-func NewMockScaResults(responses ...services.ScanResponse) (converted []results.ScanResult[services.ScanResponse]) {
-	for _, response := range responses {
-		status := 0
-		if response.ScannedStatus == "failed" {
-			status = 1
-		}
-		converted = append(converted, results.ScanResult[services.ScanResponse]{Scan: response, StatusCode: status})
-	}
-	return
-}
-
 func CreateDummyApplicabilityRule(cve string, applicableStatus jasutils.ApplicabilityStatus) *sarif.ReportingDescriptor {
 	id := fmt.Sprintf("applic_%s", cve)
 	properties := sarif.NewPropertyBag()

utils/results/common.go

@@ -563,14 +563,6 @@ func GetApplicableCveStatus(entitledForJas bool, applicabilityScanResults []*sar
 	return GetFinalApplicabilityStatus(applicableStatuses)
 }
 
-// We only care to update the status if it's the first time we see it or if status is 0 (completed) and the new status is not (failed)
-func ShouldUpdateStatus(currentStatus, newStatus *int) bool {
-	if currentStatus == nil || (*currentStatus == 0 && newStatus != nil) {
-		return true
-	}
-	return false
-}
-
 func getApplicabilityStatusFromRule(rule *sarif.ReportingDescriptor) jasutils.ApplicabilityStatus {
 	if rule != nil && rule.Properties != nil && rule.Properties.Properties[jasutils.ApplicabilitySarifPropertyKey] != nil {
 		status, ok := rule.Properties.Properties[jasutils.ApplicabilitySarifPropertyKey].(string)
@@ -698,11 +690,12 @@ func ConvertPolicesToString(policies []services.Policy) []string {
 	return policiesStr
 }
 
-func ScanResultsToRuns(results []ScanResult[[]*sarif.Run]) (runs []*sarif.Run) {
-	for _, result := range results {
-		runs = append(runs, result.Scan...)
+func CollectRuns(runs ...[]*sarif.Run) []*sarif.Run {
+	flat := []*sarif.Run{}
+	for _, runSlice := range runs {
+		flat = append(flat, runSlice...)
 	}
-	return
+	return flat
 }
 
 // Resolve the actual technology from multiple sources: