cherry pick core pr 1105

commands/audit/audit.go

@@ -83,6 +83,8 @@ func (auditCmd *AuditCommand) CreateXrayGraphScanParams() *services.XrayGraphSca
 }
 
 func (auditCmd *AuditCommand) Run() (err error) {
+	// If no workingDirs were provided by the user, we apply a recursive scan on the root repository
+	isRecursiveScan := len(auditCmd.workingDirs) == 0
 	workingDirs, err := coreutils.GetFullPathsWorkingDirs(auditCmd.workingDirs)
 	if err != nil {
 		return
@@ -94,7 +96,8 @@ func (auditCmd *AuditCommand) Run() (err error) {
 		SetFixableOnly(auditCmd.fixableOnly).
 		SetGraphBasicParams(auditCmd.AuditBasicParams).
 		SetThirdPartyApplicabilityScan(auditCmd.thirdPartyApplicabilityScan).
-		SetExclusions(auditCmd.exclusions)
+		SetExclusions(auditCmd.exclusions).
+		SetIsRecursiveScan(isRecursiveScan)
 	auditResults, err := RunAudit(auditParams)
 	if err != nil {
 		return

commands/audit/auditparams.go

@@ -16,6 +16,7 @@ type AuditParams struct {
 	xrayVersion string
 	// Include third party dependencies source code in the applicability scan.
 	thirdPartyApplicabilityScan bool
+	isRecursiveScan             bool
 }
 
 func NewAuditParams() *AuditParams {
@@ -50,6 +51,11 @@ func (params *AuditParams) SetExclusions(exclusions []string) *AuditParams {
 	return params
 }
 
+func (params *AuditParams) SetIsRecursiveScan(isRecursiveScan bool) *AuditParams {
+	params.isRecursiveScan = isRecursiveScan
+	return params
+}
+
 func (params *AuditParams) SetXrayGraphScanParams(xrayGraphScanParams *services.XrayGraphScanParams) *AuditParams {
 	params.xrayGraphScanParams = xrayGraphScanParams
 	return params

commands/audit/scarunner.go

@@ -42,7 +42,7 @@ func runScaScan(params *AuditParams, results *xrayutils.Results) (err error) {
 		return
 	}
 
-	scans := getScaScansToPreform(currentWorkingDir, params)
+	scans := getScaScansToPreform(params)
 	if len(scans) == 0 {
 		log.Info("Couldn't determine a package manager or build tool used by this project. Skipping the SCA scan...")
 		return
@@ -71,11 +71,10 @@ func runScaScan(params *AuditParams, results *xrayutils.Results) (err error) {
 }
 
 // Calculate the scans to preform
-func getScaScansToPreform(currentWorkingDir string, params *AuditParams) (scansToPreform []*xrayutils.ScaScanResult) {
-	requestedDirectories, isRecursive := getRequestedDirectoriesToScan(currentWorkingDir, params)
-	for _, requestedDirectory := range requestedDirectories {
+func getScaScansToPreform(params *AuditParams) (scansToPreform []*xrayutils.ScaScanResult) {
+	for _, requestedDirectory := range params.workingDirs {
 		// Detect descriptors and technologies in the requested directory.
-		techToWorkingDirs, err := coreutils.DetectTechnologiesDescriptors(requestedDirectory, isRecursive, params.Technologies(), getRequestedDescriptors(params), getExcludePattern(params, isRecursive))
+		techToWorkingDirs, err := coreutils.DetectTechnologiesDescriptors(requestedDirectory, params.isRecursiveScan, params.Technologies(), getRequestedDescriptors(params), getExcludePattern(params, params.isRecursiveScan))
 		if err != nil {
 			log.Warn("Couldn't detect technologies in", requestedDirectory, "directory.", err.Error())
 			continue
@@ -116,20 +115,6 @@ func getExcludePattern(params *AuditParams, recursive bool) string {
 	return fspatterns.PrepareExcludePathPattern(exclusions, clientutils.WildCardPattern, recursive)
 }
 
-// Get the directories to scan base on the given parameters.
-// If no working directories were specified, the current working directory will be returned with recursive mode.
-// If working directories were specified, the recursive mode will be false.
-func getRequestedDirectoriesToScan(currentWorkingDir string, params *AuditParams) ([]string, bool) {
-	workingDirs := datastructures.MakeSet[string]()
-	for _, wd := range params.workingDirs {
-		workingDirs.Add(wd)
-	}
-	if len(params.workingDirs) == 0 {
-		return []string{currentWorkingDir}, true
-	}
-	return workingDirs.ToSlice(), false
-}
-
 // Preform the SCA scan for the given scan information.
 // This method will change the working directory to the scan's working directory.
 func executeScaScan(serverDetails *config.ServerDetails, params *AuditParams, scan *xrayutils.ScaScanResult) (err error) {

commands/audit/scarunner_test.go

@@ -166,43 +166,6 @@ func TestGetExcludePattern(t *testing.T) {
 	}
 }
 
-func TestGetRequestedDirectoriesToScan(t *testing.T) {
-	tests := []struct {
-		name              string
-		cwd               string
-		params            func() *AuditParams
-		expectedRecursive bool
-		expectedDirs      []string
-	}{
-		{
-			name: "Test specific directories",
-			cwd:  "tmp",
-			params: func() *AuditParams {
-				param := NewAuditParams()
-				param.SetWorkingDirs([]string{filepath.Join("tmp", "dir1"), filepath.Join("tmp", "dir2")})
-				return param
-			},
-			expectedRecursive: false,
-			expectedDirs:      []string{filepath.Join("tmp", "dir1"), filepath.Join("tmp", "dir2")},
-		},
-		{
-			name:              "Test recursive",
-			cwd:               "tmp",
-			params:            NewAuditParams,
-			expectedRecursive: true,
-			expectedDirs:      []string{"tmp"},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			dirs, recursive := getRequestedDirectoriesToScan(test.cwd, test.params())
-			assert.ElementsMatch(t, test.expectedDirs, dirs)
-			assert.Equal(t, test.expectedRecursive, recursive)
-		})
-	}
-}
-
 func TestGetScaScansToPreform(t *testing.T) {
 
 	dir, cleanUp := createTestDir(t)
@@ -217,7 +180,7 @@ func TestGetScaScansToPreform(t *testing.T) {
 			name: "Test specific technologies",
 			wd:   dir,
 			params: func() *AuditParams {
-				param := NewAuditParams()
+				param := NewAuditParams().SetIsRecursiveScan(true).SetWorkingDirs([]string{dir})
 				param.SetTechnologies([]string{"maven", "npm", "go"})
 				return param
 			},
@@ -246,7 +209,9 @@ func TestGetScaScansToPreform(t *testing.T) {
 		{
 			name:   "Test all",
 			wd:     dir,
-			params: NewAuditParams,
+			params: func() *AuditParams {
+				return NewAuditParams().SetIsRecursiveScan(true).SetWorkingDirs([]string{dir})
+			},
 			expected: []*xrayutils.ScaScanResult{
 				{
 					Technology:       coreutils.Maven,
@@ -293,7 +258,7 @@ func TestGetScaScansToPreform(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			result := getScaScansToPreform(test.wd, test.params())
+			result := getScaScansToPreform(test.params())
 			for i := range result {
 				sort.Strings(result[i].Descriptors)
 				sort.Strings(test.expected[i].Descriptors)

go.mod

@@ -98,4 +98,4 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-replace github.com/jfrog/jfrog-cli-core/v2 => github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240116073017-ba718fa44435
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240116081935-724d749b6b84

go.sum

@@ -18,8 +18,8 @@ github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240116073017-ba718fa44435 h1:DuGbu21nmWP7isSPRbwQ1jwAzRnW3QPT4h7FO4UNK8s=
-github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240116073017-ba718fa44435/go.mod h1:MBdk6VvRW27IojGy9UJ2F2pAucVuB6ecS15DQ5rHAH8=
+github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240116081935-724d749b6b84 h1:HuduAQoEx35ybYGrVCNL3nrHUQeSrS8QJuxC4HG3qjU=
+github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240116081935-724d749b6b84/go.mod h1:MBdk6VvRW27IojGy9UJ2F2pAucVuB6ecS15DQ5rHAH8=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=