refactor: commands folder

chore: fix most linting issues

Author: paulrosca-snyk

cmd/develop/main.go

@@ -4,10 +4,12 @@ import (
 	"log"
 
 	"github.com/snyk/go-application-framework/pkg/devtools"
+
+	"github.com/snyk/cli-extension-os-flows/pkg/osflows"
 )
 
 func main() {
-	cmd, err := devtools.Cmd()
+	cmd, err := devtools.Cmd(osflows.Init)
 	if err != nil {
 		log.Fatal(err)
 	}

internal/bundlestore/client.go

@@ -13,9 +13,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/rs/zerolog"
 	codeclient "github.com/snyk/code-client-go"
-	codeclienthttp "github.com/snyk/code-client-go/http"
 	codeclientscan "github.com/snyk/code-client-go/scan"
-	"github.com/snyk/go-application-framework/pkg/configuration"
 
 	listsources "github.com/snyk/cli-extension-os-flows/internal/files"
 )
@@ -26,14 +24,15 @@ type Client interface {
 	UploadSBOM(ctx context.Context, sbomPath string) (string, error)
 }
 
-type client struct {
+// HTTPClient is the concrete implementation of the Client interface.
+type HTTPClient struct {
 	httpClient *http.Client
-	codeClientConfig
+	CodeClientConfig
 	codeScanner codeclient.CodeScanner
 	logger      *zerolog.Logger
 }
 
-var _ Client = (*client)(nil)
+var _ Client = (*HTTPClient)(nil)
 
 type (
 	// BundleFile represents a file to be included in a bundle, including its hash and content.
@@ -53,46 +52,24 @@ type (
 	}
 )
 
-// CodeScanner is a global instance of the Snyk Code scanner.
-var CodeScanner codeclient.CodeScanner
-
 // NewClient creates a new client for interacting with the Snyk bundle store.
-//
-//nolint:ireturn // returning an interface is desired here to decouple the implementation
-func NewClient(config configuration.Configuration, hc codeclienthttp.HTTPClientFactory, logger *zerolog.Logger) Client {
-	codeScannerConfig := &codeClientConfig{
-		localConfiguration: config,
-	}
-
-	httpClient := codeclienthttp.NewHTTPClient(
-		hc,
-		codeclienthttp.WithLogger(logger),
-	)
-
-	if CodeScanner == nil {
-		CodeScanner = codeclient.NewCodeScanner(
-			codeScannerConfig,
-			httpClient,
-			codeclient.WithLogger(logger),
-		)
-	}
-
-	return &client{
-		hc(),
-		*codeScannerConfig,
-		CodeScanner,
+func NewClient(httpClient *http.Client, csConfig CodeClientConfig, cScanner codeclient.CodeScanner, logger *zerolog.Logger) *HTTPClient {
+	return &HTTPClient{
+		httpClient,
+		csConfig,
+		cScanner,
 		logger,
 	}
 }
 
-func (c *client) host() string {
-	if c.codeClientConfig.IsFedramp() {
-		return c.SnykApi() + "/hidden/orgs/" + c.codeClientConfig.Organization() + "/code"
+func (c *HTTPClient) host() string {
+	if c.CodeClientConfig.IsFedramp() {
+		return c.SnykApi() + "/hidden/orgs/" + c.CodeClientConfig.Organization() + "/code"
 	}
 	return c.SnykCodeApi()
 }
 
-func (c *client) request(
+func (c *HTTPClient) request(
 	ctx context.Context,
 	method string,
 	path string,
@@ -108,7 +85,7 @@ func (c *client) request(
 		return nil, fmt.Errorf("error creating request: %w", err)
 	}
 
-	org := c.codeClientConfig.Organization()
+	org := c.CodeClientConfig.Organization()
 	if org != "" {
 		req.Header.Set("snyk-org-name", org)
 	}
@@ -141,7 +118,7 @@ func (c *client) request(
 }
 
 //nolint:gocritic // Code copied verbatim from code-client-go
-func (c *client) createBundle(ctx context.Context, fileHashes map[string]string) (string, []string, error) {
+func (c *HTTPClient) createBundle(ctx context.Context, fileHashes map[string]string) (string, []string, error) {
 	requestBody, err := json.Marshal(fileHashes)
 	if err != nil {
 		return "", nil, fmt.Errorf("failed to marshal create bundle request: %w", err)
@@ -161,7 +138,7 @@ func (c *client) createBundle(ctx context.Context, fileHashes map[string]string)
 }
 
 //nolint:gocritic // Code copied verbatim from code-client-go
-func (c *client) extendBundle(ctx context.Context, bundleHash string, files map[string]BundleFile, removedFiles []string) (string, []string, error) {
+func (c *HTTPClient) extendBundle(ctx context.Context, bundleHash string, files map[string]BundleFile, removedFiles []string) (string, []string, error) {
 	requestBody, err := json.Marshal(ExtendBundleRequest{
 		Files:        files,
 		RemovedFiles: removedFiles,
@@ -183,7 +160,8 @@ func (c *client) extendBundle(ctx context.Context, bundleHash string, files map[
 	return bundleResponse.BundleHash, bundleResponse.MissingFiles, nil
 }
 
-func (c *client) UploadSBOM(ctx context.Context, sbomPath string) (string, error) {
+// UploadSBOM uploads an SBOM file to the bundle store and returns the bundle hash.
+func (c *HTTPClient) UploadSBOM(ctx context.Context, sbomPath string) (string, error) {
 	var fileContent []byte
 	fileContent, err := os.ReadFile(sbomPath)
 	if err != nil {
@@ -216,7 +194,8 @@ func (c *client) UploadSBOM(ctx context.Context, sbomPath string) (string, error
 	return bundleHash, nil
 }
 
-func (c *client) UploadSourceCode(ctx context.Context, sourceCodePath string) (string, error) {
+// UploadSourceCode uploads source code from the specified path to the bundle store and returns the bundle hash.
+func (c *HTTPClient) UploadSourceCode(ctx context.Context, sourceCodePath string) (string, error) {
 	numThreads := runtime.NumCPU()
 	filesChan, err := listsources.ForPath(sourceCodePath, c.logger, numThreads)
 	if err != nil {

internal/bundlestore/config.go

@@ -9,33 +9,43 @@ import (
 
 var defaultSnykCodeTimeout = 12 * time.Hour
 
-type codeClientConfig struct {
-	localConfiguration configuration.Configuration
+// CodeClientConfig holds the configuration for the code client.
+type CodeClientConfig struct {
+	// LocalConfiguration is the underlying configuration source.
+	LocalConfiguration configuration.Configuration
 }
 
-func (c *codeClientConfig) Organization() string {
-	return c.localConfiguration.GetString(configuration.ORGANIZATION)
+// Organization returns the organization ID from the configuration.
+func (c *CodeClientConfig) Organization() string {
+	return c.LocalConfiguration.GetString(configuration.ORGANIZATION)
 }
 
-func (c *codeClientConfig) IsFedramp() bool {
-	return c.localConfiguration.GetBool(configuration.IS_FEDRAMP)
+// IsFedramp returns true if the configuration is set for FedRAMP.
+func (c *CodeClientConfig) IsFedramp() bool {
+	return c.LocalConfiguration.GetBool(configuration.IS_FEDRAMP)
 }
 
+// SnykCodeApi returns the Snyk Code API URL, replacing "api" with "deeproxy" in the base API URL.
+//
 //nolint:revive,var-naming // SnykCodeApi is intentionally cased this way.
-func (c *codeClientConfig) SnykCodeApi() string {
+func (c *CodeClientConfig) SnykCodeApi() string {
 	//nolint:gocritic // Code copied verbatim from code-client-go
-	return strings.Replace(c.localConfiguration.GetString(configuration.API_URL), "api", "deeproxy", -1)
+	return strings.Replace(c.LocalConfiguration.GetString(configuration.API_URL), "api", "deeproxy", -1)
 }
 
+// SnykApi returns the base Snyk API URL from the configuration.
+//
 //nolint:revive,var-naming // SnykApi is intentionally cased this way.
-func (c *codeClientConfig) SnykApi() string {
-	return c.localConfiguration.GetString(configuration.API_URL)
+func (c *CodeClientConfig) SnykApi() string {
+	return c.LocalConfiguration.GetString(configuration.API_URL)
 }
 
-func (c *codeClientConfig) SnykCodeAnalysisTimeout() time.Duration {
-	if !c.localConfiguration.IsSet(configuration.TIMEOUT) {
+// SnykCodeAnalysisTimeout returns the timeout duration for Snyk Code analysis.
+// If not set in the configuration, it returns the default timeout.
+func (c *CodeClientConfig) SnykCodeAnalysisTimeout() time.Duration {
+	if !c.LocalConfiguration.IsSet(configuration.TIMEOUT) {
 		return defaultSnykCodeTimeout
 	}
-	timeoutInSeconds := c.localConfiguration.GetInt(configuration.TIMEOUT)
+	timeoutInSeconds := c.LocalConfiguration.GetInt(configuration.TIMEOUT)
 	return time.Duration(timeoutInSeconds) * time.Second
 }

internal/commands/ostest/depgraph_flow.go

@@ -0,0 +1,157 @@
+package ostest
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/rs/zerolog"
+	"github.com/snyk/go-application-framework/pkg/apiclients/testapi"
+	"github.com/snyk/go-application-framework/pkg/workflow"
+
+	service "github.com/snyk/cli-extension-os-flows/internal/common"
+	"github.com/snyk/cli-extension-os-flows/internal/errors"
+	"github.com/snyk/cli-extension-os-flows/internal/flags"
+	"github.com/snyk/cli-extension-os-flows/internal/legacy/definitions"
+)
+
+// RunUnifiedTestFlow handles the unified test API flow.
+func RunUnifiedTestFlow(
+	ctx context.Context,
+	ictx workflow.InvocationContext,
+	testClient testapi.TestClient,
+	riskScoreThreshold *uint16,
+	severityThreshold *testapi.Severity,
+	orgID string,
+	errFactory *errors.ErrorFactory,
+	logger *zerolog.Logger,
+) ([]workflow.Data, error) {
+	logger.Info().Msg("Starting open source test")
+
+	// Create depgraphs and get their associated target files
+	depGraphs, displayTargetFiles, err := createDepGraphs(ictx)
+	if err != nil {
+		return nil, err
+	}
+	var allFindings []definitions.LegacyVulnerabilityResponse
+	var allSummaries []workflow.Data
+
+	localPolicy := createLocalPolicy(riskScoreThreshold, severityThreshold)
+
+	for i, depGraph := range depGraphs {
+		displayTargetFile := ""
+		if i < len(displayTargetFiles) {
+			displayTargetFile = displayTargetFiles[i]
+		}
+
+		// Create depgraph subject
+		depGraphSubject := testapi.DepGraphSubjectCreate{
+			Type:     testapi.DepGraphSubjectCreateTypeDepGraph,
+			DepGraph: depGraph,
+			Locator: testapi.LocalPathLocator{
+				Paths: []string{displayTargetFile},
+				Type:  testapi.LocalPath,
+			},
+		}
+
+		// Create test subject with depgraph
+		var subject testapi.TestSubjectCreate
+		err = subject.FromDepGraphSubjectCreate(depGraphSubject)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create test subject: %w", err)
+		}
+
+		// Project name assigned as follows: --project-name || config project name || scannedProject?.depTree?.name
+		// TODO: use project name from Config file
+		config := ictx.GetConfiguration()
+		projectName := config.GetString(flags.FlagProjectName)
+		if projectName == "" && len(depGraph.Pkgs) > 0 {
+			projectName = depGraph.Pkgs[0].Info.Name
+		}
+
+		packageManager := depGraph.PkgManager.Name
+		depCount := max(0, len(depGraph.Pkgs)-1)
+
+		// Run the test with the depgraph subject
+		findings, summary, err := RunTest(ctx, testClient, subject, projectName, packageManager, depCount, displayTargetFile, orgID, errFactory, logger, localPolicy)
+		if err != nil {
+			return nil, err
+		}
+
+		if findings != nil {
+			allFindings = append(allFindings, *findings)
+		}
+		if summary != nil {
+			allSummaries = append(allSummaries, summary)
+		}
+	}
+
+	var finalOutput []workflow.Data
+	if len(allFindings) > 0 {
+		var findingsData any
+		if len(allFindings) == 1 {
+			findingsData = allFindings[0]
+		} else {
+			findingsData = allFindings
+		}
+
+		var buffer bytes.Buffer
+		encoder := json.NewEncoder(&buffer)
+		encoder.SetEscapeHTML(false)
+		encoder.SetIndent("", "  ")
+		err := encoder.Encode(findingsData)
+		if err != nil {
+			return nil, errFactory.NewLegacyJSONTransformerError(fmt.Errorf("marshaling to json: %w", err))
+		}
+		// encoder.Encode adds a newline, which we trim to match Marshal's behavior.
+		findingsBytes := bytes.TrimRight(buffer.Bytes(), "\n")
+
+		finalOutput = append(finalOutput, NewWorkflowData(ApplicationJSONContentType, findingsBytes))
+	}
+
+	finalOutput = append(finalOutput, allSummaries...)
+
+	return finalOutput, nil
+}
+
+// Create local policy only if risk score or severity threshold are specified.
+func createLocalPolicy(riskScoreThreshold *uint16, severityThreshold *testapi.Severity) *testapi.LocalPolicy {
+	if riskScoreThreshold == nil && severityThreshold == nil {
+		return nil
+	}
+
+	localPolicy := &testapi.LocalPolicy{}
+	if riskScoreThreshold != nil {
+		localPolicy.RiskScoreThreshold = riskScoreThreshold
+	}
+	if severityThreshold != nil {
+		localPolicy.SeverityThreshold = severityThreshold
+	}
+	return localPolicy
+}
+
+// createDepGraphs creates depgraphs from the file parameter in the context.
+func createDepGraphs(ictx workflow.InvocationContext) ([]testapi.IoSnykApiV1testdepgraphRequestDepGraph, []string, error) {
+	depGraphResult, err := service.GetDepGraph(ictx)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to get dependency graph: %w", err)
+	}
+
+	if len(depGraphResult.DepGraphBytes) == 0 {
+		return nil, nil, fmt.Errorf("no dependency graphs found")
+	}
+
+	depGraphs := make([]testapi.IoSnykApiV1testdepgraphRequestDepGraph, len(depGraphResult.DepGraphBytes))
+	for i, depGraphBytes := range depGraphResult.DepGraphBytes {
+		var depGraphStruct testapi.IoSnykApiV1testdepgraphRequestDepGraph
+		err = json.Unmarshal(depGraphBytes, &depGraphStruct)
+		if err != nil {
+			return nil, nil,
+				fmt.Errorf("unmarshaling depGraph from args failed: %w", err)
+		}
+		depGraphs[i] = depGraphStruct
+	}
+
+	return depGraphs, depGraphResult.DisplayTargetFiles, nil
+}