From 109c5a2d4f87facbd1f08af540473a56700ebdd1 Mon Sep 17 00:00:00 2001 From: Or Toren Date: Sun, 22 Sep 2024 10:37:50 +0300 Subject: [PATCH 1/2] calling conan BuildDependencyTree --- audit_test.go | 30 ++++++++++++++++++++++++++++++ commands/audit/scarunner.go | 3 +++ 2 files changed, 33 insertions(+) diff --git a/audit_test.go b/audit_test.go index d3e6e7f3..0b11bea4 100644 --- a/audit_test.go +++ b/audit_test.go @@ -64,6 +64,36 @@ func testAuditNpm(t *testing.T, format string, withVuln bool) string { return securityTests.PlatformCli.RunCliCmdWithOutput(t, args...) } +func TestXrayAuditConanJson(t *testing.T) { + output := testAuditConan(t, string(format.Json), false) + securityTestUtils.VerifyJsonScanResults(t, output, 8, 0, 3) +} + +func TestXrayAuditConanSimpleJson(t *testing.T) { + output := testAuditConan(t, string(format.SimpleJson), true) + securityTestUtils.VerifySimpleJsonScanResults(t, output, 8, 0, 3) +} + +func testAuditConan(t *testing.T, format string, withVuln bool) string { + securityTestUtils.InitSecurityTest(t, scangraph.GraphScanMinXrayVersion) + tempDirPath, createTempDirCallback := coreTests.CreateTempDirWithCallbackAndAssert(t) + defer createTempDirCallback() + conanProjectPath := filepath.Join(filepath.FromSlash(securityTestUtils.GetTestResourcesPath()), "projects", "package-managers", "conan") + // Copy the conan project from the testdata to a temp dir + assert.NoError(t, biutils.CopyDir(conanProjectPath, tempDirPath, true, nil)) + prevWd := securityTestUtils.ChangeWD(t, tempDirPath) + defer clientTests.ChangeDirAndAssert(t, prevWd) + // Run conan install before executing jfrog audit + assert.NoError(t, exec.Command("conan", "install").Run()) + watchName, deleteWatch := securityTestUtils.CreateTestWatch(t, "audit-policy", "audit-watch", xrayUtils.High) + defer deleteWatch() + args := []string{"audit", "--licenses", "--format=" + format, "--watches=" + watchName, "--fail=false"} + if withVuln { + args = append(args, "--vuln") + } + return securityTests.PlatformCli.RunCliCmdWithOutput(t, args...) +} + func TestXrayAuditPnpmJson(t *testing.T) { output := testXrayAuditPnpm(t, string(format.Json)) securityTestUtils.VerifyJsonScanResults(t, output, 0, 1, 1) diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go index 36c58864..38054d23 100644 --- a/commands/audit/scarunner.go +++ b/commands/audit/scarunner.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "github.com/jfrog/build-info-go/utils/pythonutils" + "github.com/jfrog/jfrog-cli-security/commands/audit/sca/conan" "github.com/jfrog/jfrog-client-go/utils/io/fileutils" "golang.org/x/exp/slices" @@ -247,6 +248,8 @@ func GetTechDependencyTree(params xrayutils.AuditParams, artifactoryServerDetail depTreeResult.FullDepTrees, uniqueDeps, err = npm.BuildDependencyTree(params) case techutils.Pnpm: depTreeResult.FullDepTrees, uniqueDeps, err = pnpm.BuildDependencyTree(params) + case techutils.Conan: + depTreeResult.FullDepTrees, uniqueDeps, err = conan.BuildDependencyTree(params) case techutils.Yarn: depTreeResult.FullDepTrees, uniqueDeps, err = yarn.BuildDependencyTree(params) case techutils.Go: From 381feeb635073ef3e076dfad6ba936d4224080af Mon Sep 17 00:00:00 2001 From: Or Toren Date: Sun, 22 Sep 2024 14:03:43 +0300 Subject: [PATCH 2/2] fixing integration tests --- audit_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/audit_test.go b/audit_test.go index 5b60f4a3..5bf8a2bc 100644 --- a/audit_test.go +++ b/audit_test.go @@ -66,13 +66,13 @@ func testAuditNpm(t *testing.T, format string, withVuln bool) string { } func TestXrayAuditConanJson(t *testing.T) { - output := testAuditConan(t, string(format.Json), false) - securityTestUtils.VerifyJsonScanResults(t, output, 8, 0, 3) + output := testAuditConan(t, string(format.Json), true) + securityTestUtils.VerifyJsonScanResults(t, output, 0, 8, 2) } func TestXrayAuditConanSimpleJson(t *testing.T) { output := testAuditConan(t, string(format.SimpleJson), true) - securityTestUtils.VerifySimpleJsonScanResults(t, output, 8, 0, 3) + securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 2) } func testAuditConan(t *testing.T, format string, withVuln bool) string { @@ -85,7 +85,7 @@ func testAuditConan(t *testing.T, format string, withVuln bool) string { prevWd := securityTestUtils.ChangeWD(t, tempDirPath) defer clientTests.ChangeDirAndAssert(t, prevWd) // Run conan install before executing jfrog audit - assert.NoError(t, exec.Command("conan", "install").Run()) + assert.NoError(t, exec.Command("conan").Run()) watchName, deleteWatch := securityTestUtils.CreateTestWatch(t, "audit-policy", "audit-watch", xrayUtils.High) defer deleteWatch() args := []string{"audit", "--licenses", "--format=" + format, "--watches=" + watchName, "--fail=false"}