Cocoapods support for audit #196

barv-jfrog · 2024-09-30T10:38:50Z

The pull request is targeting the dev branch.
The code has been validated to compile successfully by running go vet ./....
The code has been formatted properly using go fmt ./....
All static analysis checks passed.
All tests have passed. If this feature is not already covered by the tests, new tests have been added.
All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

Description:
jf audit for cocoapods package manager

Depends on:
jfrog/jfrog-cli-core#1274

audit example on nanopb package in a cocoapods project:

Minimum pod version - 1.15.2

attiasas

Nice, take a look at my comments:

Add integration tests to artifactory_test.go
Add integraion tests to audit_test.go
Add screen shot of the table results running on a cocoapods project to the PR details

attiasas · 2024-10-13T10:34:01Z

utils/techutils/techutils.go

+	Java          CodeLanguage = "java"
+	CSharp        CodeLanguage = "C#"
+	CPP           CodeLanguage = "C++"
+	CocoapodsLang CodeLanguage = "any"


why its any? is it not used for objective C / swift languages?
Is there a Cocoapods Lang that is used in the files?

Cocoapods actually houses packages built with many languages, not just ObjC / Swift

please add this as a comment above.
Change the name of the const to Any / Multiple

attiasas · 2024-10-13T10:37:40Z

tests/testdata/projects/package-managers/go/missing-context/go.sum

what is this? why is missing-context related to this PR?

Will be removed from PR

attiasas · 2024-10-13T12:26:27Z

commands/audit/sca/cocoapods/cocoapods.go

+}
+
+func GetDependenciesData(exePath, currentDir string) (string, error) {
+	_, _, err := cocoapods.RunPodCmd(exePath, currentDir, []string{"install"})


Do we have to install everytime? what if the user already have Podfile.lock?

Will add a test to skip installation if Podfile.lock exists and has newer ModTime than Podfile

commands/audit/sca/cocoapods/cocoapods.go

commands/audit/sca/cocoapods/cocoapods_test.go

commands/audit/sca/cocoapods/cocoapods.go

github-actions · 2024-11-12T15:46:31Z

Merging this branch will not change overall coverage

Impacted Packages	Coverage Δ	🤖
github.com/jfrog/jfrog-cli-security	0.00% (ø)
github.com/jfrog/jfrog-cli-security/commands/audit	0.00% (ø)
github.com/jfrog/jfrog-cli-security/commands/audit/sca/cocoapods	0.00% (ø)
github.com/jfrog/jfrog-cli-security/tests	0.00% (ø)
github.com/jfrog/jfrog-cli-security/tests/utils/integration	0.00% (ø)
github.com/jfrog/jfrog-cli-security/utils/techutils	0.00% (ø)

Coverage by file

Changed files (no unit tests)

Changed File	Coverage Δ	Total	Covered	Missed	🤖
github.com/jfrog/jfrog-cli-security/commands/audit/sca/cocoapods/cocoapods.go	0.00% (ø)	0	0	0
github.com/jfrog/jfrog-cli-security/commands/audit/sca/cocoapods/podcommand.go	0.00% (ø)	0	0	0
github.com/jfrog/jfrog-cli-security/commands/audit/scarunner.go	0.00% (ø)	0	0	0
github.com/jfrog/jfrog-cli-security/tests/config.go	0.00% (ø)	0	0	0
github.com/jfrog/jfrog-cli-security/tests/consts.go	0.00% (ø)	0	0	0
github.com/jfrog/jfrog-cli-security/tests/utils/integration/test_integrationutils.go	0.00% (ø)	0	0	0
github.com/jfrog/jfrog-cli-security/utils/techutils/techutils.go	0.00% (ø)	0	0	0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Changed unit test files

github.com/jfrog/jfrog-cli-security/artifactory_test.go
github.com/jfrog/jfrog-cli-security/audit_test.go
github.com/jfrog/jfrog-cli-security/commands/audit/sca/cocoapods/cocoapods_test.go

barv-jfrog added 5 commits September 17, 2024 12:51

cocoapods-audit

3ea86ce

fixes

606169e

cocoapods-audit

fc6df17

cocoapods-audit

243dfcd

cocoapods-audit

a181880

barv-jfrog had a problem deploying to frogbot September 30, 2024 10:38 — with GitHub Actions Failure

cocoapods-audit

08e3bd5

barv-jfrog had a problem deploying to frogbot September 30, 2024 10:51 — with GitHub Actions Failure

cocoapods-audit

895ccfa

barv-jfrog had a problem deploying to frogbot September 30, 2024 12:05 — with GitHub Actions Failure

cocoapods-audit

5f51f0a

barv-jfrog had a problem deploying to frogbot September 30, 2024 12:26 — with GitHub Actions Failure

cocoapods-audit

4763b35

barv-jfrog had a problem deploying to frogbot October 1, 2024 07:49 — with GitHub Actions Failure

cocoapods-audit

17d8b80

barv-jfrog had a problem deploying to frogbot October 1, 2024 11:51 — with GitHub Actions Failure

Merge branch 'dev' into cocoapods-audit

9db6be2

barv-jfrog had a problem deploying to frogbot October 6, 2024 08:42 — with GitHub Actions Failure

attiasas self-requested a review October 13, 2024 09:33

attiasas added the new feature Automatically generated release notes label Oct 13, 2024

attiasas changed the title ~~Cocoapods audit~~ Cocoapods support for audit Oct 13, 2024

attiasas requested changes Oct 13, 2024

View reviewed changes

cocoapods-audit

de4c5fd

srmish-jfrog mentioned this pull request Nov 2, 2024

Cocoapods support for audit #219

Draft

6 tasks

cocoapods-audit

26481ec

barv-jfrog requested a deployment to frogbot November 4, 2024 10:24 — with GitHub Actions Waiting

cocoapods-audit

775f8e0

barv-jfrog requested a deployment to frogbot November 4, 2024 11:08 — with GitHub Actions Waiting

barv-jfrog added 2 commits November 4, 2024 17:00

cocoapods-audit

8c56a03

cocoapods-audit

a9aebdb

barv-jfrog added the safe to test Approve running integration tests on a pull request label Nov 12, 2024

barv-jfrog requested a deployment to frogbot November 12, 2024 15:20 — with GitHub Actions Waiting

github-actions bot removed the safe to test Approve running integration tests on a pull request label Nov 12, 2024

cocoapods-audit

a95c72e

barv-jfrog requested a deployment to frogbot November 13, 2024 09:15 — with GitHub Actions Waiting