Skip to content

Commit 8ddda9c

Browse files
attiasasattiasas
authored
Merge branch 'dev' into use-included-builds
2 parents 35dd086 + b1e195a commit 8ddda9c

File tree

9 files changed

+166
-70
lines changed

9 files changed

+166
-70
lines changed

cli/docs/flags.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -170,15 +170,15 @@ var commandFlags = map[string][]string{
170170
XrCurl: {ServerId},
171171
OfflineUpdate: {LicenseId, From, To, Version, Target, Stream, Periodic},
172172
XrScan: {
173-
Url, user, password, accessToken, ServerId, SpecFlag, Threads, scanRecursive, scanRegexp, scanAnt,
173+
Url, XrayUrl, user, password, accessToken, ServerId, SpecFlag, Threads, scanRecursive, scanRegexp, scanAnt,
174174
scanProjectKey, Watches, RepoPath, Licenses, Sbom, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, InsecureTls,
175175
binarySca, binarySecrets, binaryWithoutCA, SecretValidation,
176176
},
177177
Enrich: {
178178
Url, user, password, accessToken, ServerId, Threads, InsecureTls,
179179
},
180180
BuildScan: {
181-
Url, user, password, accessToken, ServerId, scanProjectKey, BuildVuln, OutputFormat, Fail, ExtendedTable, Rescan, InsecureTls, TriggerScanRetries,
181+
Url, XrayUrl, user, password, accessToken, ServerId, scanProjectKey, BuildVuln, OutputFormat, Fail, ExtendedTable, Rescan, InsecureTls, TriggerScanRetries,
182182
},
183183
DockerScan: {
184184
Url, XrayUrl, user, password, accessToken, ServerId, scanProjectKey, Watches, RepoPath, Licenses, Sbom, OutputFormat, Fail, ExtendedTable, BypassArchiveLimits, MinSeverity, FixableOnly, ScanVuln, InsecureTls,

commands/curation/curationaudit.go

Lines changed: 24 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -955,18 +955,31 @@ func getUrlNameAndVersionByTech(tech techutils.Technology, node *xrayUtils.Graph
955955
}
956956

957957
func getPythonNameVersion(id string, downloadUrlsMap map[string]string) (downloadUrls []string, name, version string) {
958-
if downloadUrlsMap != nil {
959-
if dl, ok := downloadUrlsMap[id]; ok {
960-
downloadUrls = []string{dl}
961-
} else {
962-
log.Warn(fmt.Sprintf("couldn't find download url for node id %s", id))
963-
}
958+
idWithoutPrefix := strings.TrimPrefix(id, python.PythonPackageTypeIdentifier)
959+
parts := strings.Split(idWithoutPrefix, ":")
960+
if len(parts) < 2 {
961+
log.Debug(fmt.Sprintf("Package %s has unexpected format", id))
962+
return
964963
}
965-
id = strings.TrimPrefix(id, python.PythonPackageTypeIdentifier)
966-
allParts := strings.Split(id, ":")
967-
if len(allParts) >= 2 {
968-
name = allParts[0]
969-
version = allParts[1]
964+
965+
name, version = parts[0], parts[1]
966+
967+
if downloadUrlsMap == nil {
968+
return
969+
}
970+
if dl, ok := downloadUrlsMap[id]; ok {
971+
downloadUrls = []string{dl}
972+
return
973+
}
974+
975+
// Python package names are case-insensitive and treat hyphens/underscores as equivalentl.
976+
// The download URLs map uses normalized names, so we normalize the id to find a match.
977+
normalizedName := strings.ReplaceAll(strings.ToLower(strings.TrimSpace(parts[0])), "-", "_")
978+
normalizedId := python.PythonPackageTypeIdentifier + normalizedName + ":" + strings.TrimSpace(parts[1])
979+
if dl, ok := downloadUrlsMap[normalizedId]; ok {
980+
downloadUrls = []string{dl}
981+
} else {
982+
log.Warn(fmt.Sprintf("couldn't find download url for node id %s in report.json", id))
970983
}
971984
return
972985
}

commands/curation/curationaudit_test.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -704,8 +704,10 @@ func getTestCasesForDoCurationAudit() []testCase {
704704
"pip": filepath.Join("resources", "pip-resp"),
705705
"pexpect": filepath.Join("resources", "pexpect-resp"),
706706
"ptyprocess": filepath.Join("resources", "ptyprocess-resp"),
707+
"typing-extensions": filepath.Join("resources", "typing-extensions-resp"),
707708
"pexpect-4.8.0-py2.py3-none-any.whl": filepath.Join("resources", "pexpect-4.8.0-py2.py3-none-any.whl"),
708709
"ptyprocess-0.7.0-py2.py3-none-any.whl": filepath.Join("resources", "ptyprocess-0.7.0-py2.py3-none-any.whl"),
710+
"typing_extensions-4.15.0-py3-none-any.whl": filepath.Join("resources", "typing_extensions-4.15.0-py3-none-any.whl"),
709711
},
710712
requestToFail: map[string]bool{
711713
"/api/pypi/pypi-remote/packages/packages/39/7b/88dbb785881c28a102619d46423cb853b46dbccc70d3ac362d99773a78ce/pexpect-4.8.0-py2.py3-none-any.whl": false,

go.mod

Lines changed: 26 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -11,20 +11,20 @@ require (
1111
github.com/gookit/color v1.6.0
1212
github.com/hashicorp/go-hclog v1.6.3
1313
github.com/hashicorp/go-plugin v1.6.3
14-
github.com/jfrog/build-info-go v1.12.4
14+
github.com/jfrog/build-info-go v1.12.5-0.20251209171349-eb030db986f9
1515
github.com/jfrog/froggit-go v1.20.4
1616
github.com/jfrog/gofrog v1.7.6
1717
github.com/jfrog/jfrog-apps-config v1.0.1
18-
github.com/jfrog/jfrog-cli-artifactory v0.7.3-0.20251021143342-49bab7f38cec
18+
github.com/jfrog/jfrog-cli-artifactory v0.8.1-0.20251210120128-176c677fed4c
1919
github.com/jfrog/jfrog-cli-core/v2 v2.60.1-0.20251125083543-e689762c4ff0
20-
github.com/jfrog/jfrog-client-go v1.55.1-0.20251119183924-d765eb708cec
20+
github.com/jfrog/jfrog-client-go v1.55.1-0.20251209090954-d6b1c70d3a5e
2121
github.com/magiconair/properties v1.8.10
2222
github.com/owenrumney/go-sarif/v3 v3.2.3
2323
github.com/package-url/packageurl-go v0.1.3
2424
github.com/stretchr/testify v1.11.1
2525
github.com/urfave/cli v1.22.17
2626
github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74
27-
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546
27+
golang.org/x/exp v0.0.0-20251125195548-87e1e737ad39
2828
golang.org/x/sync v0.18.0
2929
golang.org/x/text v0.31.0
3030
gopkg.in/yaml.v3 v3.0.1
@@ -41,10 +41,16 @@ require (
4141
github.com/buger/jsonparser v1.1.1 // indirect
4242
github.com/c-bata/go-prompt v0.2.6 // indirect
4343
github.com/chzyer/readline v1.5.1 // indirect
44+
github.com/clipperhouse/stringish v0.1.1 // indirect
45+
github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
4446
github.com/cloudflare/circl v1.6.1 // indirect
47+
github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect
4548
github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
46-
github.com/cyphar/filepath-securejoin v0.4.1 // indirect
49+
github.com/cyphar/filepath-securejoin v0.6.0 // indirect
4750
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
51+
github.com/docker/cli v29.0.3+incompatible // indirect
52+
github.com/docker/distribution v2.8.3+incompatible // indirect
53+
github.com/docker/docker-credential-helpers v0.9.3 // indirect
4854
github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
4955
github.com/emirpasic/gods v1.18.1 // indirect
5056
github.com/fatih/color v1.16.0 // indirect
@@ -59,30 +65,34 @@ require (
5965
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
6066
github.com/golang/protobuf v1.5.4 // indirect
6167
github.com/golang/snappy v1.0.0 // indirect
68+
github.com/google/go-containerregistry v0.20.7 // indirect
6269
github.com/google/go-github/v74 v74.0.0 // indirect
6370
github.com/google/go-querystring v1.1.0 // indirect
6471
github.com/grokify/mogo v0.64.12 // indirect
6572
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
6673
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
6774
github.com/hashicorp/yamux v0.1.1 // indirect
6875
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
69-
github.com/jedib0t/go-pretty/v6 v6.6.8 // indirect
76+
github.com/jedib0t/go-pretty/v6 v6.7.5 // indirect
7077
github.com/jfrog/archiver/v3 v3.6.1 // indirect
7178
github.com/kevinburke/ssh_config v1.2.0 // indirect
72-
github.com/klauspost/compress v1.18.0 // indirect
79+
github.com/klauspost/compress v1.18.1 // indirect
7380
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
7481
github.com/klauspost/pgzip v1.2.6 // indirect
7582
github.com/ktrysmt/go-bitbucket v0.9.80 // indirect
7683
github.com/manifoldco/promptui v0.9.0 // indirect
7784
github.com/mattn/go-colorable v0.1.14 // indirect
7885
github.com/mattn/go-isatty v0.0.20 // indirect
79-
github.com/mattn/go-runewidth v0.0.16 // indirect
80-
github.com/mattn/go-tty v0.0.3 // indirect
86+
github.com/mattn/go-runewidth v0.0.19 // indirect
87+
github.com/mattn/go-tty v0.0.7 // indirect
8188
github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.0 // indirect
8289
github.com/minio/sha256-simd v1.0.1 // indirect
90+
github.com/mitchellh/go-homedir v1.1.0 // indirect
8391
github.com/mitchellh/mapstructure v1.5.0 // indirect
8492
github.com/nwaples/rardecode v1.1.3 // indirect
8593
github.com/oklog/run v1.0.0 // indirect
94+
github.com/opencontainers/go-digest v1.0.0 // indirect
95+
github.com/opencontainers/image-spec v1.1.1 // indirect
8696
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
8797
github.com/pierrec/lz4/v4 v4.1.22 // indirect
8898
github.com/pjbgf/sha1cd v0.3.2 // indirect
@@ -91,16 +101,17 @@ require (
91101
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
92102
github.com/rivo/uniseg v0.4.7 // indirect
93103
github.com/russross/blackfriday/v2 v2.1.0 // indirect
94-
github.com/sagikazarmark/locafero v0.11.0 // indirect
104+
github.com/sagikazarmark/locafero v0.12.0 // indirect
95105
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
106+
github.com/sirupsen/logrus v1.9.3 // indirect
96107
github.com/skeema/knownhosts v1.3.1 // indirect
97-
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
98108
github.com/spf13/afero v1.15.0 // indirect
99109
github.com/spf13/cast v1.10.0 // indirect
100110
github.com/spf13/pflag v1.0.10 // indirect
101111
github.com/spf13/viper v1.21.0 // indirect
102112
github.com/subosito/gotenv v1.6.0 // indirect
103113
github.com/ulikunitz/xz v0.5.15 // indirect
114+
github.com/vbatts/tar-split v0.12.2 // indirect
104115
github.com/vbauerster/mpb/v8 v8.10.2 // indirect
105116
github.com/xanzy/go-gitlab v0.110.0 // indirect
106117
github.com/xanzy/ssh-agent v0.3.3 // indirect
@@ -111,14 +122,14 @@ require (
111122
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
112123
go.yaml.in/yaml/v3 v3.0.4 // indirect
113124
golang.org/x/crypto v0.45.0 // indirect
114-
golang.org/x/mod v0.29.0 // indirect
125+
golang.org/x/mod v0.30.0 // indirect
115126
golang.org/x/net v0.47.0 // indirect
116-
golang.org/x/oauth2 v0.31.0 // indirect
127+
golang.org/x/oauth2 v0.33.0 // indirect
117128
golang.org/x/sys v0.38.0 // indirect
118129
golang.org/x/term v0.37.0 // indirect
119130
golang.org/x/time v0.12.0 // indirect
120-
google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect
121-
google.golang.org/grpc v1.67.3 // indirect
131+
google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
132+
google.golang.org/grpc v1.72.1 // indirect
122133
google.golang.org/protobuf v1.36.8 // indirect
123134
gopkg.in/ini.v1 v1.67.0 // indirect
124135
gopkg.in/warnings.v0 v0.1.2 // indirect

0 commit comments

Comments
 (0)