Skip to content

Commit b4d178a

Browse files
hadarshjfroghadarshjfrog
committed
add audit e2e test with jfrog sast am 198
1 parent 49dcd35 commit b4d178a

File tree

2 files changed

+32
-11
lines changed

2 files changed

+32
-11
lines changed

audit_test.go

Lines changed: 31 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import (
44
"encoding/json"
55
"fmt"
66
"github.com/jfrog/jfrog-cli-security/utils/jasutils"
7+
"github.com/owenrumney/go-sarif/v2/sarif"
78
"os"
89
"os/exec"
910
"path/filepath"
@@ -552,23 +553,23 @@ func addDummyPackageDescriptor(t *testing.T, hasPackageJson bool) {
552553
// JAS
553554

554555
func TestXrayAuditSastCppFlagSimpleJson(t *testing.T) {
555-
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "c"), "3", false, true)
556+
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "c"), "3", string(format.SimpleJson), false, true)
556557
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
557558
Vulnerabilities: 1,
558559
Sast: 1,
559560
})
560561
}
561562

562563
func TestXrayAuditWithoutSastCppFlagSimpleJson(t *testing.T) {
563-
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "c"), "3", false, false)
564+
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "c"), "3", string(format.SimpleJson), false, false)
564565
// verify no results for Sast
565566
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{})
566567
}
567568

568569
func TestXrayAuditNotEntitledForJas(t *testing.T) {
569570
cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getNoJasAuditMockCommand)
570571
defer cleanUp()
571-
output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false)
572+
output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", string(format.SimpleJson), false, false)
572573
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8})
573574
}
574575

@@ -589,7 +590,7 @@ func getNoJasAuditMockCommand() components.Command {
589590
}
590591

591592
func TestXrayAuditJasSimpleJson(t *testing.T) {
592-
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", false, false)
593+
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", string(format.SimpleJson), false, false)
593594
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
594595
Sast: 1,
595596
Iac: 9,
@@ -603,14 +604,34 @@ func TestXrayAuditJasSimpleJson(t *testing.T) {
603604
})
604605
}
605606

607+
func TestXrayAuditJasSarif(t *testing.T) {
608+
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", string(format.Sarif), false, false)
609+
610+
sarifOutput := sarif.Report{}
611+
err := json.Unmarshal([]byte(output), &sarifOutput)
612+
assert.NoError(t, err)
613+
validations.ValidateCommandSarifOutput(t, validations.ValidationParams{
614+
Actual: &sarifOutput,
615+
Sast: 1,
616+
Iac: 9,
617+
Secrets: 6,
618+
619+
Vulnerabilities: 8,
620+
Applicable: 3,
621+
Undetermined: 1,
622+
NotCovered: 1,
623+
NotApplicable: 2,
624+
})
625+
}
626+
606627
func TestXrayAuditJasSimpleJsonWithTokenValidation(t *testing.T) {
607628
securityTestUtils.InitSecurityTest(t, jasutils.DynamicTokenValidationMinXrayVersion)
608-
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", true, false)
629+
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", string(format.SimpleJson), true, false)
609630
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Inactive: 5})
610631
}
611632

612633
func TestXrayAuditJasSimpleJsonWithOneThread(t *testing.T) {
613-
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "1", false, false)
634+
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "1", string(format.SimpleJson), false, false)
614635
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
615636
Sast: 1,
616637
Iac: 9,
@@ -625,7 +646,7 @@ func TestXrayAuditJasSimpleJsonWithOneThread(t *testing.T) {
625646
}
626647

627648
func TestXrayAuditJasSimpleJsonWithConfig(t *testing.T) {
628-
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas-config"), "3", false, false)
649+
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas-config"), "3", string(format.SimpleJson), false, false)
629650
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
630651
Secrets: 1,
631652

@@ -638,11 +659,11 @@ func TestXrayAuditJasSimpleJsonWithConfig(t *testing.T) {
638659
}
639660

640661
func TestXrayAuditJasNoViolationsSimpleJson(t *testing.T) {
641-
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "npm", "npm"), "3", false, false)
662+
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "npm", "npm"), "3", string(format.SimpleJson), false, false)
642663
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 1, NotApplicable: 1})
643664
}
644665

645-
func testXrayAuditJas(t *testing.T, testCli *coreTests.JfrogCli, project string, threads string, validateSecrets, validateSastCpp bool) string {
666+
func testXrayAuditJas(t *testing.T, testCli *coreTests.JfrogCli, project string, threads string, format string, validateSecrets, validateSastCpp bool) string {
646667
securityTestUtils.InitSecurityTest(t, scangraph.GraphScanMinXrayVersion)
647668
tempDirPath, createTempDirCallback := coreTests.CreateTempDirWithCallbackAndAssert(t)
648669
defer createTempDirCallback()
@@ -656,7 +677,7 @@ func testXrayAuditJas(t *testing.T, testCli *coreTests.JfrogCli, project string,
656677
assert.NoError(t, err)
657678
chdirCallback := clientTests.ChangeDirWithCallback(t, baseWd, tempDirPath)
658679
defer chdirCallback()
659-
args := []string{"audit", "--format=" + string(format.SimpleJson), "--threads=" + threads}
680+
args := []string{"audit", "--format=" + format, "--threads=" + threads}
660681
if validateSecrets {
661682
args = append(args, "--secrets", "--validate-secrets")
662683
}

jas/analyzermanager.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ import (
2424
const (
2525
ApplicabilityFeatureId = "contextual_analysis"
2626
AnalyzerManagerZipName = "analyzerManager.zip"
27-
defaultAnalyzerManagerVersion = "1.9.7"
27+
defaultAnalyzerManagerVersion = "1.9.8"
2828
analyzerManagerDownloadPath = "xsc-gen-exe-analyzer-manager-local/v1"
2929
analyzerManagerDirName = "analyzerManager"
3030
analyzerManagerExecutableName = "analyzerManager"

0 commit comments

Comments
 (0)