From 4eea19c2f7940b1160876f921636b222a4843937 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 25 Jan 2024 13:24:33 +0200 Subject: [PATCH 1/4] Scan if config exists but resolver not defined --- commands/audit/scarunner.go | 27 +++++++++++++++++++-------- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 22 insertions(+), 11 deletions(-) diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go index 7d521912..eb8789ed 100644 --- a/commands/audit/scarunner.go +++ b/commands/audit/scarunner.go @@ -268,16 +268,27 @@ func SetResolutionRepoIfExists(params xrayutils.AuditParams, tech coreutils.Tech log.Debug("Using resolver config from", configFilePath) repoConfig, err := project.ReadResolutionOnlyConfiguration(configFilePath) if err != nil { - err = fmt.Errorf("failed while reading %s.yaml config file: %s", tech.String(), err.Error()) - return + var missingResolverErr *project.MissingResolverErr + if !errors.As(err, &missingResolverErr) { + err = fmt.Errorf("failed while reading %s.yaml config file: %s", tech.String(), err.Error()) + return + } + // When the resolver repository is absent from the configuration file, ReadResolutionOnlyConfiguration throws an error. + // However, this situation isn't considered an error here as the resolver repository isn't mandatory for constructing the dependencies tree. + err = nil } - details, err := repoConfig.ServerDetails() - if err != nil { - err = fmt.Errorf("failed getting server details: %s", err.Error()) - return + + // If the resolver repository doesn't exist and triggers a MissingResolverErr in ReadResolutionOnlyConfiguration, the repoConfig becomes nil. In this scenario, there is no depsRepo to set, nor is there a necessity to do so. + if repoConfig != nil { + log.Debug("Using resolver config from", configFilePath) + details, e := repoConfig.ServerDetails() + if e != nil { + err = fmt.Errorf("failed getting server details: %s", e.Error()) + } else { + params.SetServerDetails(details) + params.SetDepsRepo(repoConfig.TargetRepo()) + } } - params.SetServerDetails(details) - params.SetDepsRepo(repoConfig.TargetRepo()) return } diff --git a/go.mod b/go.mod index 861be4ea..daa746cd 100644 --- a/go.mod +++ b/go.mod @@ -98,6 +98,6 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240124134548-78e293fce02b +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240125111519-f3cdb35159a2 replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7 diff --git a/go.sum b/go.sum index 2c06ca55..fc312ccc 100644 --- a/go.sum +++ b/go.sum @@ -18,6 +18,8 @@ github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer5 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240125111519-f3cdb35159a2 h1:JEeyfjTpxmffq4ZTRybqYZxeYkmcZKnEkyNnbGWqjSU= +github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240125111519-f3cdb35159a2/go.mod h1:RVn4pIkR5fPUnr8gFXt61ou3pCNrrDdRQUpcolP4lhw= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= @@ -93,8 +95,6 @@ github.com/jfrog/gofrog v1.5.1 h1:2AXL8hHu1jJFMIoCqTp2OyRUfEqEp4nC7J8fwn6KtwE= github.com/jfrog/gofrog v1.5.1/go.mod h1:SZ1EPJUruxrVGndOzHd+LTiwWYKMlHqhKD+eu+v5Hqg= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240124134548-78e293fce02b h1:dUZOuqsa/3jLZ01B1xJeh2vTHchW7O+MbWn+VEp/Qj4= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240124134548-78e293fce02b/go.mod h1:RVn4pIkR5fPUnr8gFXt61ou3pCNrrDdRQUpcolP4lhw= github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7 h1:+6FMON+6D2ojqR+bKewlahVcQGXLifFH76hXITg9p6k= github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7/go.mod h1:V+XKC27k6GA5OcWIAItpnxZAZnCigg8xCkpXKP905Fk= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= From 39ca9518d0ee73b6da946b16f8375fb9d77cc6ac Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 25 Jan 2024 14:40:53 +0200 Subject: [PATCH 2/4] update go mod to point to core dev --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index daa746cd..6df4f118 100644 --- a/go.mod +++ b/go.mod @@ -98,6 +98,6 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240125111519-f3cdb35159a2 +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240125123849-6997ffac7c67 -replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7 +// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7 diff --git a/go.sum b/go.sum index fc312ccc..5113700e 100644 --- a/go.sum +++ b/go.sum @@ -18,8 +18,6 @@ github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer5 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240125111519-f3cdb35159a2 h1:JEeyfjTpxmffq4ZTRybqYZxeYkmcZKnEkyNnbGWqjSU= -github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240125111519-f3cdb35159a2/go.mod h1:RVn4pIkR5fPUnr8gFXt61ou3pCNrrDdRQUpcolP4lhw= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= @@ -95,8 +93,10 @@ github.com/jfrog/gofrog v1.5.1 h1:2AXL8hHu1jJFMIoCqTp2OyRUfEqEp4nC7J8fwn6KtwE= github.com/jfrog/gofrog v1.5.1/go.mod h1:SZ1EPJUruxrVGndOzHd+LTiwWYKMlHqhKD+eu+v5Hqg= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7 h1:+6FMON+6D2ojqR+bKewlahVcQGXLifFH76hXITg9p6k= -github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7/go.mod h1:V+XKC27k6GA5OcWIAItpnxZAZnCigg8xCkpXKP905Fk= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240125123849-6997ffac7c67 h1:ZYgj1OHFKDagSZe4Cj6RiKtBUSV5/Aj5L/gn565Q6NA= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240125123849-6997ffac7c67/go.mod h1:RVn4pIkR5fPUnr8gFXt61ou3pCNrrDdRQUpcolP4lhw= +github.com/jfrog/jfrog-client-go v1.36.0 h1:iODLDjYSlK7rLH8/lEmAFHwYsboeBfaqxXybz6waraE= +github.com/jfrog/jfrog-client-go v1.36.0/go.mod h1:y1WF6eiZ7V2DortiwjpMEicEH6NIJH+hOXI5QI2W3NU= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= From 37c3341b15f0e1607c2684d1cfae90333a088006 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 25 Jan 2024 15:31:39 +0200 Subject: [PATCH 3/4] fix tests --- commands/audit/sca/go/gloang_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commands/audit/sca/go/gloang_test.go b/commands/audit/sca/go/gloang_test.go index d8e5d063..db5b94d8 100644 --- a/commands/audit/sca/go/gloang_test.go +++ b/commands/audit/sca/go/gloang_test.go @@ -51,7 +51,7 @@ func TestBuildGoDependencyList(t *testing.T) { assert.NoError(t, err) assert.ElementsMatch(t, uniqueDeps, expectedUniqueDeps, "First is actual, Second is Expected") - assert.Equal(t, "https://user:sdsdccs2232@api.go.here/artifactoryapi/go/test-remote|direct", os.Getenv("GOPROXY")) + assert.Equal(t, "https://user:sdsdccs2232@api.go.here/artifactory/api/go/test-remote|direct", os.Getenv("GOPROXY")) assert.NotEmpty(t, rootNode) // Check root module From 8307fd0b639b19cc82fdebb15e75bb95d906c137 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 25 Jan 2024 15:35:30 +0200 Subject: [PATCH 4/4] clean --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6df4f118..7c6ab147 100644 --- a/go.mod +++ b/go.mod @@ -100,4 +100,4 @@ require ( replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240125123849-6997ffac7c67 -// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7 +// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev