From 3463d4854e0d56be8853849be4de409ddeebd2a4 Mon Sep 17 00:00:00 2001 From: Assaf Attias <49212512+attiasas@users.noreply.github.com> Date: Thu, 25 Jan 2024 16:39:36 +0200 Subject: [PATCH] Scan if config exists but resolver not defined (#11) --- commands/audit/sca/go/gloang_test.go | 2 +- commands/audit/scarunner.go | 27 +++++++++++++++++++-------- go.mod | 4 ++-- go.sum | 8 ++++---- 4 files changed, 26 insertions(+), 15 deletions(-) diff --git a/commands/audit/sca/go/gloang_test.go b/commands/audit/sca/go/gloang_test.go index d8e5d063..db5b94d8 100644 --- a/commands/audit/sca/go/gloang_test.go +++ b/commands/audit/sca/go/gloang_test.go @@ -51,7 +51,7 @@ func TestBuildGoDependencyList(t *testing.T) { assert.NoError(t, err) assert.ElementsMatch(t, uniqueDeps, expectedUniqueDeps, "First is actual, Second is Expected") - assert.Equal(t, "https://user:sdsdccs2232@api.go.here/artifactoryapi/go/test-remote|direct", os.Getenv("GOPROXY")) + assert.Equal(t, "https://user:sdsdccs2232@api.go.here/artifactory/api/go/test-remote|direct", os.Getenv("GOPROXY")) assert.NotEmpty(t, rootNode) // Check root module diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go index 7d521912..eb8789ed 100644 --- a/commands/audit/scarunner.go +++ b/commands/audit/scarunner.go @@ -268,16 +268,27 @@ func SetResolutionRepoIfExists(params xrayutils.AuditParams, tech coreutils.Tech log.Debug("Using resolver config from", configFilePath) repoConfig, err := project.ReadResolutionOnlyConfiguration(configFilePath) if err != nil { - err = fmt.Errorf("failed while reading %s.yaml config file: %s", tech.String(), err.Error()) - return + var missingResolverErr *project.MissingResolverErr + if !errors.As(err, &missingResolverErr) { + err = fmt.Errorf("failed while reading %s.yaml config file: %s", tech.String(), err.Error()) + return + } + // When the resolver repository is absent from the configuration file, ReadResolutionOnlyConfiguration throws an error. + // However, this situation isn't considered an error here as the resolver repository isn't mandatory for constructing the dependencies tree. + err = nil } - details, err := repoConfig.ServerDetails() - if err != nil { - err = fmt.Errorf("failed getting server details: %s", err.Error()) - return + + // If the resolver repository doesn't exist and triggers a MissingResolverErr in ReadResolutionOnlyConfiguration, the repoConfig becomes nil. In this scenario, there is no depsRepo to set, nor is there a necessity to do so. + if repoConfig != nil { + log.Debug("Using resolver config from", configFilePath) + details, e := repoConfig.ServerDetails() + if e != nil { + err = fmt.Errorf("failed getting server details: %s", e.Error()) + } else { + params.SetServerDetails(details) + params.SetDepsRepo(repoConfig.TargetRepo()) + } } - params.SetServerDetails(details) - params.SetDepsRepo(repoConfig.TargetRepo()) return } diff --git a/go.mod b/go.mod index 861be4ea..7c6ab147 100644 --- a/go.mod +++ b/go.mod @@ -98,6 +98,6 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240124134548-78e293fce02b +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240125123849-6997ffac7c67 -replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7 +// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev diff --git a/go.sum b/go.sum index 2c06ca55..5113700e 100644 --- a/go.sum +++ b/go.sum @@ -93,10 +93,10 @@ github.com/jfrog/gofrog v1.5.1 h1:2AXL8hHu1jJFMIoCqTp2OyRUfEqEp4nC7J8fwn6KtwE= github.com/jfrog/gofrog v1.5.1/go.mod h1:SZ1EPJUruxrVGndOzHd+LTiwWYKMlHqhKD+eu+v5Hqg= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240124134548-78e293fce02b h1:dUZOuqsa/3jLZ01B1xJeh2vTHchW7O+MbWn+VEp/Qj4= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240124134548-78e293fce02b/go.mod h1:RVn4pIkR5fPUnr8gFXt61ou3pCNrrDdRQUpcolP4lhw= -github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7 h1:+6FMON+6D2ojqR+bKewlahVcQGXLifFH76hXITg9p6k= -github.com/jfrog/jfrog-client-go v1.28.1-0.20240122091504-cd958f60aef7/go.mod h1:V+XKC27k6GA5OcWIAItpnxZAZnCigg8xCkpXKP905Fk= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240125123849-6997ffac7c67 h1:ZYgj1OHFKDagSZe4Cj6RiKtBUSV5/Aj5L/gn565Q6NA= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240125123849-6997ffac7c67/go.mod h1:RVn4pIkR5fPUnr8gFXt61ou3pCNrrDdRQUpcolP4lhw= +github.com/jfrog/jfrog-client-go v1.36.0 h1:iODLDjYSlK7rLH8/lEmAFHwYsboeBfaqxXybz6waraE= +github.com/jfrog/jfrog-client-go v1.36.0/go.mod h1:y1WF6eiZ7V2DortiwjpMEicEH6NIJH+hOXI5QI2W3NU= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=