From b55ca95c2acff4a3422b44ba8179b293fb197d28 Mon Sep 17 00:00:00 2001
From: Shachar Menashe <shacharm@jfrog.com>
Date: Mon, 27 Nov 2023 23:20:06 +0200
Subject: [PATCH] CR fixes #1

---
 .../jas/applicability/applicabilitymanager.go | 42 ++++++++-----------
 .../applicabilitymanager_test.go              |  4 +-
 2 files changed, 19 insertions(+), 27 deletions(-)

diff --git a/xray/commands/audit/jas/applicability/applicabilitymanager.go b/xray/commands/audit/jas/applicability/applicabilitymanager.go
index 982c8c7e7..9ab2a3229 100644
--- a/xray/commands/audit/jas/applicability/applicabilitymanager.go
+++ b/xray/commands/audit/jas/applicability/applicabilitymanager.go
@@ -56,7 +56,7 @@ func RunApplicabilityScan(xrayResults []services.ScanResponse, directDependencie
 }
 
 func newApplicabilityScanManager(xrayScanResults []services.ScanResponse, directDependencies []string, scanner *jas.JasScanner, thirdPartyScan bool) (manager *ApplicabilityScanManager) {
-	directDependenciesCves, indirectDependenciesCves := extractDirectDependenciesCvesFromScan(xrayScanResults, directDependencies)
+	directDependenciesCves, indirectDependenciesCves := extractDependenciesCvesFromScan(xrayScanResults, directDependencies)
 	return &ApplicabilityScanManager{
 		applicabilityScanResults: []*sarif.Run{},
 		directDependenciesCves:   directDependenciesCves,
@@ -67,45 +67,37 @@ func newApplicabilityScanManager(xrayScanResults []services.ScanResponse, direct
 	}
 }
 
+func addCvesToSet(cves []services.Cve, set *datastructures.Set[string]) {
+	for _, cve := range cves {
+		if cve.Id != "" {
+			set.Add(cve.Id)
+		}
+	}
+}
+
 // This function gets a list of xray scan responses that contain direct and indirect vulnerabilities and returns separate
 // lists of the direct and indirect CVEs
-func extractDirectDependenciesCvesFromScan(xrayScanResults []services.ScanResponse, directDependencies []string) ([]string, []string) {
-	directsCves := datastructures.MakeSet[string]()
-	indirectCves := datastructures.MakeSet[string]()
+func extractDependenciesCvesFromScan(xrayScanResults []services.ScanResponse, directDependencies []string) (directCves []string, indirectCves []string) {
+	directCvesSet := datastructures.MakeSet[string]()
+	indirectCvesSet := datastructures.MakeSet[string]()
 	for _, scanResult := range xrayScanResults {
 		for _, vulnerability := range scanResult.Vulnerabilities {
 			if isDirectComponents(maps.Keys(vulnerability.Components), directDependencies) {
-				for _, cve := range vulnerability.Cves {
-					if cve.Id != "" {
-						directsCves.Add(cve.Id)
-					}
-				}
+				addCvesToSet(vulnerability.Cves, directCvesSet)
 			} else {
-				for _, cve := range vulnerability.Cves {
-					if cve.Id != "" {
-						indirectCves.Add(cve.Id)
-					}
-				}
+				addCvesToSet(vulnerability.Cves, indirectCvesSet)
 			}
 		}
 		for _, violation := range scanResult.Violations {
 			if isDirectComponents(maps.Keys(violation.Components), directDependencies) {
-				for _, cve := range violation.Cves {
-					if cve.Id != "" {
-						directsCves.Add(cve.Id)
-					}
-				}
+				addCvesToSet(violation.Cves, directCvesSet)
 			} else {
-				for _, cve := range violation.Cves {
-					if cve.Id != "" {
-						indirectCves.Add(cve.Id)
-					}
-				}
+				addCvesToSet(violation.Cves, indirectCvesSet)
 			}
 		}
 	}
 
-	return directsCves.ToSlice(), indirectCves.ToSlice()
+	return directCvesSet.ToSlice(), indirectCvesSet.ToSlice()
 }
 
 func isDirectComponents(components []string, directDependencies []string) bool {
diff --git a/xray/commands/audit/jas/applicability/applicabilitymanager_test.go b/xray/commands/audit/jas/applicability/applicabilitymanager_test.go
index 94c2465ac..78f2e239d 100644
--- a/xray/commands/audit/jas/applicability/applicabilitymanager_test.go
+++ b/xray/commands/audit/jas/applicability/applicabilitymanager_test.go
@@ -207,7 +207,7 @@ func TestExtractXrayDirectViolations(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		directCves, indirectCves := extractDirectDependenciesCvesFromScan(xrayResponseForDirectViolationsTest, test.directDependencies)
+		directCves, indirectCves := extractDependenciesCvesFromScan(xrayResponseForDirectViolationsTest, test.directDependencies)
 		assert.Len(t, directCves, test.directCvesCount)
 		assert.Len(t, indirectCves, test.indirectCvesCount)
 	}
@@ -253,7 +253,7 @@ func TestExtractXrayDirectVulnerabilities(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		directCves, indirectCves := extractDirectDependenciesCvesFromScan(xrayResponseForDirectVulnerabilitiesTest, test.directDependencies)
+		directCves, indirectCves := extractDependenciesCvesFromScan(xrayResponseForDirectVulnerabilitiesTest, test.directDependencies)
 		assert.Len(t, directCves, test.directCvesCount)
 		assert.Len(t, indirectCves, test.indirectCvesCount)
 	}