From ff980f0f788eed0864ed5837603c3be152ce19c4 Mon Sep 17 00:00:00 2001 From: igorlombacx Date: Mon, 9 Oct 2023 09:46:46 +0100 Subject: [PATCH 1/4] improving sca exploitable path validations --- internal/commands/scan.go | 7 +++++-- internal/commands/scan_test.go | 8 +++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 2f46df28a..7446e4fa0 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -2419,8 +2419,7 @@ func validateCreateScanFlags(cmd *cobra.Command) error { exploitablePath, _ := cmd.Flags().GetString(commonParams.ExploitablePathFlag) lastSastScanTime, _ := cmd.Flags().GetString(commonParams.LastSastScanTime) exploitablePath = strings.ToLower(exploitablePath) - if !strings.Contains(strings.ToLower(actualScanTypes), commonParams.SastType) && - (exploitablePath != "" || lastSastScanTime != "") { + if !strings.Contains(strings.ToLower(actualScanTypes), commonParams.SastType) && strings.EqualFold(exploitablePath, trueString) { return errors.Errorf("Please to use either --sca-exploitable-path or --sca-last-sast-scan-time flags in SCA, " + "you must enable SAST scan type.") } @@ -2428,6 +2427,10 @@ func validateCreateScanFlags(cmd *cobra.Command) error { if err != nil { return errors.Errorf("Invalid value for --sca-exploitable-path flag. The value must be true or false.") } + if lastSastScanTime != "" && !strings.EqualFold(exploitablePath, trueString) { + return errors.Errorf("Please to use --sca-last-sast-scan-time flag in SCA, " + + "you must set --exploitable-path flag to true.") + } if lastSastScanTime != "" { lsst, sastErr := strconv.Atoi(lastSastScanTime) diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go index d2af1f8b5..628ef03b1 100644 --- a/internal/commands/scan_test.go +++ b/internal/commands/scan_test.go @@ -443,11 +443,17 @@ func TestCreateScanProjecGroupsError(t *testing.T) { assert.Error(t, err, "Failed updating a project: Failed finding groups: [err]", err.Error()) } func TestScanCreateLastSastScanTimeWithInvalidValue(t *testing.T) { - baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-last-sast-scan-time", "notaniteger"} + baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "true", "--sca-last-sast-scan-time", "notaniteger"} err := execCmdNotNilAssertion(t, baseArgs...) assert.ErrorContains(t, err, "Invalid value for --sca-last-sast-scan-time flag", err.Error()) } +func TestScanCreateLastSastScanTimeWithoutExploitablePathEnabled(t *testing.T) { + baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "false", "--sca-last-sast-scan-time", "notaniteger"} + err := execCmdNotNilAssertion(t, baseArgs...) + assert.ErrorContains(t, err, "Please to use --sca-last-sast-scan-time flag in SCA, you must set --exploitable-path flag to true", err.Error()) +} + func TestScanCreateExploitablePathWithWrongValue(t *testing.T) { baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "nottrueorfalse"} err := execCmdNotNilAssertion(t, baseArgs...) From a88e7feb11b44d260fa2474539bddff7cbc86fa8 Mon Sep 17 00:00:00 2001 From: igorlombacx Date: Mon, 9 Oct 2023 16:11:05 +0100 Subject: [PATCH 2/4] error message --- internal/commands/scan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 7446e4fa0..d506d26b7 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -2420,7 +2420,7 @@ func validateCreateScanFlags(cmd *cobra.Command) error { lastSastScanTime, _ := cmd.Flags().GetString(commonParams.LastSastScanTime) exploitablePath = strings.ToLower(exploitablePath) if !strings.Contains(strings.ToLower(actualScanTypes), commonParams.SastType) && strings.EqualFold(exploitablePath, trueString) { - return errors.Errorf("Please to use either --sca-exploitable-path or --sca-last-sast-scan-time flags in SCA, " + + return errors.Errorf("Please to use --sca-exploitable-path flag in SCA, " + "you must enable SAST scan type.") } err := validateBooleanString(exploitablePath) From 772610d05a54d45dc79f6af90f3a83b0a004c21f Mon Sep 17 00:00:00 2001 From: igorlombacx Date: Thu, 12 Oct 2023 11:58:33 +0100 Subject: [PATCH 3/4] review suggestions --- internal/commands/scan.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/internal/commands/scan.go b/internal/commands/scan.go index d506d26b7..e8c50f7ef 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -2427,10 +2427,6 @@ func validateCreateScanFlags(cmd *cobra.Command) error { if err != nil { return errors.Errorf("Invalid value for --sca-exploitable-path flag. The value must be true or false.") } - if lastSastScanTime != "" && !strings.EqualFold(exploitablePath, trueString) { - return errors.Errorf("Please to use --sca-last-sast-scan-time flag in SCA, " + - "you must set --exploitable-path flag to true.") - } if lastSastScanTime != "" { lsst, sastErr := strconv.Atoi(lastSastScanTime) From d0f039af103e834b3be8b9f9384b55c3e667ddb0 Mon Sep 17 00:00:00 2001 From: igorlombacx Date: Thu, 12 Oct 2023 12:45:50 +0100 Subject: [PATCH 4/4] deleting unreachable unity test --- internal/commands/scan_test.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go index 628ef03b1..51eba6774 100644 --- a/internal/commands/scan_test.go +++ b/internal/commands/scan_test.go @@ -448,12 +448,6 @@ func TestScanCreateLastSastScanTimeWithInvalidValue(t *testing.T) { assert.ErrorContains(t, err, "Invalid value for --sca-last-sast-scan-time flag", err.Error()) } -func TestScanCreateLastSastScanTimeWithoutExploitablePathEnabled(t *testing.T) { - baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "false", "--sca-last-sast-scan-time", "notaniteger"} - err := execCmdNotNilAssertion(t, baseArgs...) - assert.ErrorContains(t, err, "Please to use --sca-last-sast-scan-time flag in SCA, you must set --exploitable-path flag to true", err.Error()) -} - func TestScanCreateExploitablePathWithWrongValue(t *testing.T) { baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "nottrueorfalse"} err := execCmdNotNilAssertion(t, baseArgs...)