added policy skip when agent is from plugin.

remove second call to export service in calculating threshold
Checkmarx · Nov 6, 2024 · dc74288 · dc74288
1 parent 87ba5a9
commit dc74288
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 113 deletions.
diff --git a/internal/commands/result.go b/internal/commands/result.go
@@ -113,62 +113,66 @@ const (
 	noFileForScorecardResultString          = "Issue Found in your GitHub repository"
 )
 
-var summaryFormats = []string{
-	printer.FormatSummaryConsole,
-	printer.FormatSummary,
-	printer.FormatSummaryJSON,
-	printer.FormatPDF,
-	printer.FormatSummaryMarkdown,
-	printer.FormatSbom,
-	printer.FormatGLSast,
-	printer.FormatGLSca,
-}
-
-var filterResultsListFlagUsage = fmt.Sprintf(
-	"Filter the list of results. Use ';' as the delimiter for arrays. Available filters are: %s",
-	strings.Join(
-		[]string{
-			commonParams.ScanIDQueryParam,
-			commonParams.LimitQueryParam,
-			commonParams.OffsetQueryParam,
-			commonParams.SortQueryParam,
-			commonParams.IncludeNodesQueryParam,
-			commonParams.NodeIDsQueryParam,
-			commonParams.QueryQueryParam,
-			commonParams.GroupQueryParam,
-			commonParams.StatusQueryParam,
-			commonParams.SeverityQueryParam,
-			commonParams.StateQueryParam,
-		}, ",",
-	),
-)
+var (
+	summaryFormats = []string{
+		printer.FormatSummaryConsole,
+		printer.FormatSummary,
+		printer.FormatSummaryJSON,
+		printer.FormatPDF,
+		printer.FormatSummaryMarkdown,
+		printer.FormatSbom,
+		printer.FormatGLSast,
+		printer.FormatGLSca,
+	}
 
-// Follows: over 9.0 is critical, 7.0 to 8.9 is high, 4.0 to 6.9 is medium and 3.9 or less is low.
-var securities = map[string]string{
-	infoCx:     "1.0",
-	lowCx:      "2.0",
-	mediumCx:   "4.0",
-	highCx:     "7.0",
-	criticalCx: "9.0",
-}
+	filterResultsListFlagUsage = fmt.Sprintf(
+		"Filter the list of results. Use ';' as the delimiter for arrays. Available filters are: %s",
+		strings.Join(
+			[]string{
+				commonParams.ScanIDQueryParam,
+				commonParams.LimitQueryParam,
+				commonParams.OffsetQueryParam,
+				commonParams.SortQueryParam,
+				commonParams.IncludeNodesQueryParam,
+				commonParams.NodeIDsQueryParam,
+				commonParams.QueryQueryParam,
+				commonParams.GroupQueryParam,
+				commonParams.StatusQueryParam,
+				commonParams.SeverityQueryParam,
+				commonParams.StateQueryParam,
+			}, ",",
+		),
+	)
 
-// Match cx severity with sonar severity
-var sonarSeverities = map[string]string{
-	infoCx:     infoSonar,
-	lowCx:      lowSonar,
-	mediumCx:   mediumSonar,
-	highCx:     highSonar,
-	criticalCx: criticalSonar,
-}
+	// Follows: over 9.0 is critical, 7.0 to 8.9 is high, 4.0 to 6.9 is medium and 3.9 or less is low.
+	securities = map[string]string{
+		infoCx:     "1.0",
+		lowCx:      "2.0",
+		mediumCx:   "4.0",
+		highCx:     "7.0",
+		criticalCx: "9.0",
+	}
 
-var containerEngineUnsupportedAgents = []string{
-	commonParams.JetbrainsAgent, commonParams.VSCodeAgent, commonParams.VisualStudioAgent, commonParams.EclipseAgent,
-}
+	// Match cx severity with sonar severity
+	sonarSeverities = map[string]string{
+		infoCx:     infoSonar,
+		lowCx:      lowSonar,
+		mediumCx:   mediumSonar,
+		highCx:     highSonar,
+		criticalCx: criticalSonar,
+	}
 
-var sscsEngineToOverviewEngineMap = map[string]string{
-	commonParams.SCSScorecardType:       commonParams.SCSScorecardOverviewType,
-	commonParams.SCSSecretDetectionType: commonParams.SCSSecretDetectionOverviewType,
-}
+	containerEngineUnsupportedAgents = []string{
+		commonParams.JetbrainsAgent, commonParams.VSCodeAgent, commonParams.VisualStudioAgent, commonParams.EclipseAgent,
+	}
+
+	sscsEngineToOverviewEngineMap = map[string]string{
+		commonParams.SCSScorecardType:       commonParams.SCSScorecardOverviewType,
+		commonParams.SCSSecretDetectionType: commonParams.SCSSecretDetectionOverviewType,
+	}
+
+	noPolicyEvaluatingIDEs = []string{commonParams.EclipseAgent, commonParams.JetbrainsAgent, commonParams.VSCodeAgent, commonParams.VisualStudioAgent}
+)
 
 func NewResultsCommand(
 	resultsWrapper wrappers.ResultsWrapper,
@@ -982,45 +986,40 @@ func runGetResultCommand(
 			return errors.Errorf("%s: CODE: %d, %s", failedGettingScan, errorModel.Code, errorModel.Message)
 		}
 
-		policyResponseModel := &wrappers.PolicyResponseModel{}
-		policyOverrideFlag, _ := cmd.Flags().GetBool(commonParams.IgnorePolicyFlag)
-		waitDelay, _ := cmd.Flags().GetInt(commonParams.WaitDelayFlag)
-		if !policyOverrideFlag {
-			policyTimeout, _ := cmd.Flags().GetInt(commonParams.PolicyTimeoutFlag)
-			if policyTimeout < 0 {
-				return errors.Errorf("--%s should be equal or higher than 0", commonParams.PolicyTimeoutFlag)
-			}
-			policyResponseModel, err = policymanagement.HandlePolicyWait(waitDelay, policyTimeout, policyWrapper, scan.ID, scan.ProjectID, cmd)
-			if err != nil {
-				return err
-			}
-		} else {
-			logger.PrintIfVerbose("Skipping policy evaluation")
+		policyResponseModel, err := handlePolicyEvaluation(cmd, policyWrapper, scan, agent)
+		if err != nil {
+			return err
 		}
+
 		if sastRedundancy {
 			resultsParams[commonParams.SastRedundancyFlag] = ""
 		}
 
-		return CreateScanReport(
-			resultsWrapper,
-			risksOverviewWrapper,
-			scsScanOverviewWrapper,
-			exportWrapper,
-			policyResponseModel,
-			resultsPdfReportsWrapper,
-			scan,
-			format,
-			formatPdfToEmail,
-			formatPdfOptions,
-			formatSbomOptions,
-			targetFile,
-			targetPath,
-			agent,
-			resultsParams,
-			featureFlagsWrapper)
+		_, err = CreateScanReport(resultsWrapper, risksOverviewWrapper, scsScanOverviewWrapper, exportWrapper,
+			policyResponseModel, resultsPdfReportsWrapper, scan, format, formatPdfToEmail, formatPdfOptions,
+			formatSbomOptions, targetFile, targetPath, agent, resultsParams, featureFlagsWrapper)
+		return err
 	}
 }
 
+func handlePolicyEvaluation(cmd *cobra.Command, policyWrapper wrappers.PolicyWrapper, scan *wrappers.ScanResponseModel, agent string) (*wrappers.PolicyResponseModel, error) {
+	policyResponseModel := &wrappers.PolicyResponseModel{}
+	policyOverrideFlag, _ := cmd.Flags().GetBool(commonParams.IgnorePolicyFlag)
+	waitDelay, _ := cmd.Flags().GetInt(commonParams.WaitDelayFlag)
+
+	if policyOverrideFlag && slices.Contains(noPolicyEvaluatingIDEs, agent) {
+		logger.PrintIfVerbose("Skipping policy evaluation")
+		return policyResponseModel, nil
+	}
+
+	policyTimeout, _ := cmd.Flags().GetInt(commonParams.PolicyTimeoutFlag)
+	if policyTimeout < 0 {
+		return nil, errors.Errorf("--%s should be equal or higher than 0", commonParams.PolicyTimeoutFlag)
+	}
+
+	return policymanagement.HandlePolicyWait(waitDelay, policyTimeout, policyWrapper, scan.ID, scan.ProjectID, cmd)
+}
+
 func runGetCodeBashingCommand(
 	codeBashingWrapper wrappers.CodeBashingWrapper,
 ) func(cmd *cobra.Command, args []string) error {
@@ -1125,42 +1124,42 @@ func CreateScanReport(
 	agent string,
 	resultsParams map[string]string,
 	featureFlagsWrapper wrappers.FeatureFlagsWrapper,
-) error {
+) (*wrappers.ScanResultsCollection, error) {
 	reportList := strings.Split(reportTypes, ",")
 	results := &wrappers.ScanResultsCollection{}
 	setIsSCSEnabled(featureFlagsWrapper)
 	setIsContainersEnabled(agent, featureFlagsWrapper)
 	summary, err := convertScanToResultsSummary(scan, resultsWrapper)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	scanPending := isScanPending(summary.Status)
 
 	err = createDirectory(targetPath)
 	if err != nil {
-		return err
+		return results, err
 	}
 	if !scanPending {
 		results, err = ReadResults(resultsWrapper, exportWrapper, scan, resultsParams, agent)
 		if err != nil {
-			return err
+			return nil, err
 		}
 	}
 	isSummaryNeeded := verifyFormatsByReportList(reportList, summaryFormats...)
 	if isSummaryNeeded && !scanPending {
 		summary, err = summaryReport(summary, policyResponseModel, risksOverviewWrapper, scsScanOverviewWrapper, featureFlagsWrapper, results)
 		if err != nil {
-			return err
+			return nil, err
 		}
 	}
 	for _, reportType := range reportList {
 		err = createReport(reportType, formatPdfToEmail, formatPdfOptions, formatSbomOptions, targetFile,
 			targetPath, results, summary, exportWrapper, resultsPdfReportsWrapper, featureFlagsWrapper, agent)
 		if err != nil {
-			return err
+			return nil, err
 		}
 	}
-	return nil
+	return results, nil
 }
 
 func countResult(summary *wrappers.ResultSummary, result *wrappers.ScanResult) {

diff --git a/internal/commands/scan.go b/internal/commands/scan.go
@@ -1696,19 +1696,19 @@ func runCreateScanCommand(
 			} else {
 				logger.PrintIfVerbose("Skipping policy evaluation")
 			}
-			err = createReportsAfterScan(cmd, scanResponseModel.ID, scansWrapper, exportWrapper, resultsPdfReportsWrapper,
+			results, reportErr := createReportsAfterScan(cmd, scanResponseModel.ID, scansWrapper, exportWrapper, resultsPdfReportsWrapper,
 				resultsWrapper, risksOverviewWrapper, scsScanOverviewWrapper, policyResponseModel, featureFlagsWrapper)
-			if err != nil {
-				return err
+			if reportErr != nil {
+				return reportErr
 			}
 
-			err = applyThreshold(cmd, resultsWrapper, exportWrapper, scanResponseModel, thresholdMap, risksOverviewWrapper)
+			err = applyThreshold(cmd, scanResponseModel, thresholdMap, risksOverviewWrapper, results)
 
 			if err != nil {
-				return err
+				return reportErr
 			}
 		} else {
-			err = createReportsAfterScan(cmd, scanResponseModel.ID, scansWrapper, exportWrapper, resultsPdfReportsWrapper, resultsWrapper,
+			_, err = createReportsAfterScan(cmd, scanResponseModel.ID, scansWrapper, exportWrapper, resultsPdfReportsWrapper, resultsWrapper,
 				risksOverviewWrapper, scsScanOverviewWrapper, nil, featureFlagsWrapper)
 			if err != nil {
 				return err
@@ -1906,7 +1906,7 @@ func createReportsAfterScan(
 	scsScanOverviewWrapper wrappers.ScanOverviewWrapper,
 	policyResponseModel *wrappers.PolicyResponseModel,
 	featureFlagsWrapper wrappers.FeatureFlagsWrapper,
-) error {
+) (*wrappers.ScanResultsCollection, error) {
 	// Create the required reports
 	targetFile, _ := cmd.Flags().GetString(commonParams.TargetFlag)
 	targetPath, _ := cmd.Flags().GetString(commonParams.TargetPathFlag)
@@ -1919,7 +1919,7 @@ func createReportsAfterScan(
 
 	resultsParams, err := getFilters(cmd)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	if scaHideDevAndTestDep {
@@ -1931,10 +1931,10 @@ func createReportsAfterScan(
 	}
 	scan, errorModel, scanErr := scansWrapper.GetByID(scanID)
 	if scanErr != nil {
-		return errors.Wrapf(scanErr, "%s", failedGetting)
+		return nil, errors.Wrapf(scanErr, "%s", failedGetting)
 	}
 	if errorModel != nil {
-		return errors.Errorf("%s: CODE: %d, %s", failedGettingScan, errorModel.Code, errorModel.Message)
+		return nil, errors.Errorf("%s: CODE: %d, %s", failedGettingScan, errorModel.Code, errorModel.Message)
 	}
 	return CreateScanReport(
 		resultsWrapper,
@@ -1958,24 +1958,22 @@ func createReportsAfterScan(
 
 func applyThreshold(
 	cmd *cobra.Command,
-	resultsWrapper wrappers.ResultsWrapper,
-	exportWrapper wrappers.ExportWrapper,
 	scanResponseModel *wrappers.ScanResponseModel,
 	thresholdMap map[string]int,
 	risksOverviewWrapper wrappers.RisksOverviewWrapper,
+	results *wrappers.ScanResultsCollection,
 ) error {
 	if len(thresholdMap) == 0 {
 		return nil
 	}
 
 	sastRedundancy, _ := cmd.Flags().GetBool(commonParams.SastRedundancyFlag)
-	agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)
 	params := make(map[string]string)
 	if sastRedundancy {
 		params[commonParams.SastRedundancyFlag] = ""
 	}
 
-	summaryMap, err := getSummaryThresholdMap(resultsWrapper, exportWrapper, scanResponseModel, params, risksOverviewWrapper, agent)
+	summaryMap, err := getSummaryThresholdMap(scanResponseModel, risksOverviewWrapper, results)
 
 	if err != nil {
 		return err
@@ -2060,19 +2058,12 @@ func parseThresholdLimit(limit string) (engineName string, intLimit int, err err
 }
 
 func getSummaryThresholdMap(
-	resultsWrapper wrappers.ResultsWrapper,
-	exportWrapper wrappers.ExportWrapper,
 	scan *wrappers.ScanResponseModel,
-	resultsParams map[string]string,
 	risksOverviewWrapper wrappers.RisksOverviewWrapper,
-	agent string,
+	results *wrappers.ScanResultsCollection,
 ) (map[string]int, error) {
 	summaryMap := make(map[string]int)
-	results, err := ReadResults(resultsWrapper, exportWrapper, scan, resultsParams, agent)
 
-	if err != nil {
-		return nil, err
-	}
 	for _, result := range results.Results {
 		if isExploitable(result.State) {
 			key := strings.ToLower(fmt.Sprintf("%s-%s", strings.Replace(result.Type, commonParams.KicsType, commonParams.IacType, 1), result.Severity))
@@ -2175,7 +2166,7 @@ func isScanRunning(
 	log.Println("Scan Finished with status: ", scanResponseModel.Status)
 	if scanResponseModel.Status == wrappers.ScanPartial {
 		_ = printer.Print(cmd.OutOrStdout(), scanResponseModel.StatusDetails, printer.FormatList)
-		reportErr := createReportsAfterScan(
+		_, reportErr := createReportsAfterScan(
 			cmd,
 			scanResponseModel.ID,
 			scansWrapper,