Skip to content

Commit 333ac33

Browse files
attiasasattiasas
authored
Use Technology in issue first (jfrog#279)
1 parent f077d9d commit 333ac33

File tree

5 files changed

+36
-37
lines changed

5 files changed

+36
-37
lines changed

tests/testdata/projects/package-managers/python/poetry/poetry-project/poetry.lock

Lines changed: 21 additions & 25 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

tests/testdata/projects/package-managers/python/poetry/poetry-project/pyproject.toml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,15 @@ name = "poetry-project"
33
version = "0.1.0"
44
description = ""
55
authors = ["Your Name <you@example.com>"]
6+
package-mode = false
67

78
[tool.poetry.dependencies]
89
python = "*"
910
urllib3 = "<1.24"
1011
django = "<1.11.16"
1112
Werkzeug = "<0.10"
1213

13-
[tool.poetry.dev-dependencies]
14+
[tool.poetry.group.dev.dependencies]
1415

1516
[build-system]
1617
requires = ["poetry-core>=1.0.0"]

tests/testdata/projects/package-managers/python/poetry/poetry/pyproject.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ name = "my-poetry-project"
33
version = "1.1.0"
44
description = ""
55
authors = ["Severus Snape <Severuss@jfrog.com>"]
6+
package-mode = false
67

78
[tool.poetry.dependencies]
89
python = "^3.10"

utils/results/common.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -645,3 +645,13 @@ func ScanResultsToRuns(results []ScanResult[[]*sarif.Run]) (runs []*sarif.Run) {
645645
}
646646
return
647647
}
648+
649+
// Resolve the actual technology from multiple sources:
650+
func GetIssueTechnology(responseTechnology string, targetTech techutils.Technology) techutils.Technology {
651+
if responseTechnology != "" {
652+
// technology returned in the vulnerability/violation obj is the most specific technology
653+
return techutils.Technology(responseTechnology)
654+
}
655+
// if no technology is provided, use the target technology
656+
return targetTech
657+
}

utils/results/conversion/simplejsonparser/simplejsonparser.go

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ import (
1010
"github.com/jfrog/jfrog-cli-security/utils/jasutils"
1111
"github.com/jfrog/jfrog-cli-security/utils/results"
1212
"github.com/jfrog/jfrog-cli-security/utils/severityutils"
13-
"github.com/jfrog/jfrog-cli-security/utils/techutils"
1413
"github.com/jfrog/jfrog-client-go/xray/services"
1514
"github.com/owenrumney/go-sarif/v2/sarif"
1615
)
@@ -236,10 +235,6 @@ func PrepareSimpleJsonVulnerabilities(target results.ScanTarget, scaResponse ser
236235

237236
func addSimpleJsonVulnerability(target results.ScanTarget, vulnerabilitiesRows *[]formats.VulnerabilityOrViolationRow, pretty bool) results.ParseScaVulnerabilityFunc {
238237
return func(vulnerability services.Vulnerability, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error {
239-
tech := target.Technology
240-
if tech == "" {
241-
tech = techutils.Technology(impactedPackagesType)
242-
}
243238
*vulnerabilitiesRows = append(*vulnerabilitiesRows,
244239
formats.VulnerabilityOrViolationRow{
245240
Summary: vulnerability.Summary,
@@ -256,7 +251,7 @@ func addSimpleJsonVulnerability(target results.ScanTarget, vulnerabilitiesRows *
256251
References: vulnerability.References,
257252
JfrogResearchInformation: convertJfrogResearchInformation(vulnerability.ExtendedInformation),
258253
ImpactPaths: impactPaths,
259-
Technology: tech,
254+
Technology: results.GetIssueTechnology(vulnerability.Technology, target.Technology),
260255
Applicable: applicabilityStatus.ToString(pretty),
261256
},
262257
)
@@ -266,10 +261,6 @@ func addSimpleJsonVulnerability(target results.ScanTarget, vulnerabilitiesRows *
266261

267262
func addSimpleJsonSecurityViolation(target results.ScanTarget, securityViolationsRows *[]formats.VulnerabilityOrViolationRow, pretty bool) results.ParseScaViolationFunc {
268263
return func(violation services.Violation, cves []formats.CveRow, applicabilityStatus jasutils.ApplicabilityStatus, severity severityutils.Severity, impactedPackagesName, impactedPackagesVersion, impactedPackagesType string, fixedVersion []string, directComponents []formats.ComponentRow, impactPaths [][]formats.ComponentRow) error {
269-
tech := target.Technology
270-
if tech == "" {
271-
tech = techutils.Technology(impactedPackagesType)
272-
}
273264
*securityViolationsRows = append(*securityViolationsRows,
274265
formats.VulnerabilityOrViolationRow{
275266
Summary: violation.Summary,
@@ -290,7 +281,7 @@ func addSimpleJsonSecurityViolation(target results.ScanTarget, securityViolation
290281
References: violation.References,
291282
JfrogResearchInformation: convertJfrogResearchInformation(violation.ExtendedInformation),
292283
ImpactPaths: impactPaths,
293-
Technology: tech,
284+
Technology: results.GetIssueTechnology(violation.Technology, target.Technology),
294285
Applicable: applicabilityStatus.ToString(pretty),
295286
},
296287
)

0 commit comments

Comments
 (0)