Add JAS integration tests

go.mod

@@ -13,7 +13,6 @@ require (
 	github.com/jfrog/jfrog-client-go v1.31.4
 	github.com/jszwec/csvutil v1.8.0
 	github.com/mholt/archiver/v3 v3.5.1
-	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.8.4
 	github.com/testcontainers/testcontainers-go v0.21.0
 	github.com/urfave/cli v1.22.14
@@ -89,6 +88,7 @@ require (
 	github.com/pierrec/lz4/v4 v4.1.15 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pkg/term v1.1.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.4.3 // indirect
@@ -129,6 +129,6 @@ require (
 
 // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27
 
-//replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230717090738-b2e0c7bcc026
+// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230717090738-b2e0c7bcc026
 
-replace github.com/jfrog/jfrog-cli-core/v2 => ../jfrog-cli-core
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/omerzi/jfrog-cli-core/v2 v2.15.3-0.20230808143723-2a75ee9b5cf2

go.sum

@@ -310,6 +310,8 @@ github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nwaples/rardecode v1.1.0 h1:vSxaY8vQhOcVr4mm5e8XllHWTiM4JF507A0Katqw7MQ=
 github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
+github.com/omerzi/jfrog-cli-core/v2 v2.15.3-0.20230808143723-2a75ee9b5cf2 h1:5ZkqYiBNyonLy6fzipLek0Pj6p/S/9zaE5naMWuONmM=
+github.com/omerzi/jfrog-cli-core/v2 v2.15.3-0.20230808143723-2a75ee9b5cf2/go.mod h1:/rFsWMQN+nq+BLSkXyO5UC326k0YAo0gq0jSU+0v+DU=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=

testdata/xray/jas/main.py

@@ -0,0 +1,5 @@
+import yaml
+
+with open('example.yaml') as f:
+    data = yaml.full_load(f)
+    print(data)

testdata/xray/jas/requirements.txt

@@ -0,0 +1 @@
+PyYAML==5.2

xray_test.go

@@ -95,7 +95,7 @@ func TestXrayBinaryScanJson(t *testing.T) {
 
 func TestXrayBinaryScanSimpleJson(t *testing.T) {
 	output := testXrayBinaryScan(t, string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 1, 1, 0, 0)
+	verifySimpleJsonScanResults(t, output, 1, 1)
 }
 
 func TestXrayBinaryScanJsonWithProgress(t *testing.T) {
@@ -109,7 +109,7 @@ func TestXrayBinaryScanSimpleJsonWithProgress(t *testing.T) {
 	callback := tests.MockProgressInitialization()
 	defer callback()
 	output := testXrayBinaryScan(t, string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 1, 1, 0, 0)
+	verifySimpleJsonScanResults(t, output, 1, 1)
 }
 
 func testXrayBinaryScan(t *testing.T, format string) string {
@@ -143,7 +143,7 @@ func TestXrayAuditNpmJson(t *testing.T) {
 
 func TestXrayAuditNpmSimpleJson(t *testing.T) {
 	output := testXrayAuditNpm(t, string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 1, 1, 0, 0)
+	verifySimpleJsonScanResults(t, output, 1, 1)
 }
 
 func testXrayAuditNpm(t *testing.T, format string) string {
@@ -172,14 +172,20 @@ func TestXrayAuditYarnV2Json(t *testing.T) {
 func TestXrayAuditYarnV2SimpleJson(t *testing.T) {
 	testXrayAuditYarn(t, "yarn-v2", func() {
 		output := runXrayAuditYarnWithOutput(t, string(utils.SimpleJson))
-		verifySimpleJsonScanResults(t, output, 1, 1, 0, 0)
+		verifySimpleJsonScanResults(t, output, 1, 1)
 	})
 }
 
-func TestXrayAuditYarnV1(t *testing.T) {
+func TestXrayAuditYarnV1Json(t *testing.T) {
 	testXrayAuditYarn(t, "yarn-v1", func() {
-		err := xrayCli.Exec("audit", "--yarn")
-		assert.ErrorContains(t, err, yarn.YarnV1ErrorPrefix)
+		output := runXrayAuditYarnWithOutput(t, string(utils.Json))
+		verifyJsonScanResults(t, output, 0, 1, 1)
+	})
+}
+func TestXrayAuditYarnV1SimpleJson(t *testing.T) {
+	testXrayAuditYarn(t, "yarn-v1", func() {
+		output := runXrayAuditYarnWithOutput(t, string(utils.SimpleJson))
+		verifySimpleJsonScanResults(t, output, 1, 1)
 	})
 }
 
@@ -211,7 +217,7 @@ func TestXrayAuditNugetJson(t *testing.T) {
 
 func TestXrayAuditNugetSimpleJson(t *testing.T) {
 	output := testXrayAuditNuget(t, "single", string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 2, 0, 0, 0)
+	verifySimpleJsonScanResults(t, output, 2, 0)
 }
 
 // Tests NuGet audit by providing a multi-project NuGet project and asserts any error.
@@ -243,7 +249,7 @@ func TestXrayAuditGradleJson(t *testing.T) {
 
 func TestXrayAuditGradleSimpleJson(t *testing.T) {
 	output := testXrayAuditGradle(t, string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 0, 0, 0, 0)
+	verifySimpleJsonScanResults(t, output, 0, 0)
 }
 
 func testXrayAuditGradle(t *testing.T, format string) string {
@@ -267,7 +273,7 @@ func TestXrayAuditMavenJson(t *testing.T) {
 
 func TestXrayAuditMavenSimpleJson(t *testing.T) {
 	output := testXrayAuditMaven(t, string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 1, 1, 0, 0)
+	verifySimpleJsonScanResults(t, output, 1, 1)
 }
 
 func testXrayAuditMaven(t *testing.T, format string) string {
@@ -320,14 +326,15 @@ func TestXrayAuditMultiProjects(t *testing.T) {
 	multiProject := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "xray")
 	// Copy the multi project from the testdata to a temp dir
 	assert.NoError(t, fileutils.CopyDir(multiProject, tempDirPath, true, nil))
-	workingDirsFlag := fmt.Sprintf("--working-dirs=%s, %s ,%s, %s, %s",
-		filepath.Join(tempDirPath, "maven"), filepath.Join(tempDirPath, "nuget", "single"), filepath.Join(tempDirPath, "python", "pip"),
-		filepath.Join(tempDirPath, "secrets"), filepath.Join(tempDirPath, "iac"))
+	workingDirsFlag := fmt.Sprintf("--working-dirs=%s, %s ,%s, %s",
+		filepath.Join(tempDirPath, "maven"), filepath.Join(tempDirPath, "nuget", "single"),
+		filepath.Join(tempDirPath, "python", "pip"), filepath.Join(tempDirPath, "jas"))
 	// Configure a new server named "default"
 	createJfrogHomeConfig(t, true)
 	defer cleanTestsHomeEnv()
 	output := xrayCli.WithoutCredentials().RunCliCmdWithOutput(t, "audit", "--format="+string(utils.SimpleJson), workingDirsFlag)
-	verifySimpleJsonScanResults(t, output, 35, 0, 7, 9)
+	verifySimpleJsonScanResults(t, output, 35, 0)
+	verifySimpleJsonJasResults(t, output, 7, 9, 0, 1)
 }
 
 func TestXrayAuditPipJson(t *testing.T) {
@@ -337,7 +344,7 @@ func TestXrayAuditPipJson(t *testing.T) {
 
 func TestXrayAuditPipSimpleJson(t *testing.T) {
 	output := testXrayAuditPip(t, string(utils.SimpleJson), "")
-	verifySimpleJsonScanResults(t, output, 3, 1, 0, 0)
+	verifySimpleJsonScanResults(t, output, 3, 1)
 }
 
 func TestXrayAuditPipJsonWithRequirementsFile(t *testing.T) {
@@ -347,7 +354,7 @@ func TestXrayAuditPipJsonWithRequirementsFile(t *testing.T) {
 
 func TestXrayAuditPipSimpleJsonWithRequirementsFile(t *testing.T) {
 	output := testXrayAuditPip(t, string(utils.SimpleJson), "requirements.txt")
-	verifySimpleJsonScanResults(t, output, 2, 0, 0, 0)
+	verifySimpleJsonScanResults(t, output, 2, 0)
 }
 
 func testXrayAuditPip(t *testing.T, format, requirementsFile string) string {
@@ -376,7 +383,7 @@ func TestXrayAuditPipenvJson(t *testing.T) {
 
 func TestXrayAuditPipenvSimpleJson(t *testing.T) {
 	output := testXrayAuditPipenv(t, string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 3, 1, 0, 0)
+	verifySimpleJsonScanResults(t, output, 3, 1)
 }
 
 func testXrayAuditPipenv(t *testing.T, format string) string {
@@ -438,7 +445,7 @@ func TestXrayAuditPoetryJson(t *testing.T) {
 
 func TestXrayAuditPoetrySimpleJson(t *testing.T) {
 	output := testXrayAuditPoetry(t, string(utils.SimpleJson))
-	verifySimpleJsonScanResults(t, output, 3, 1, 0, 0)
+	verifySimpleJsonScanResults(t, output, 3, 1)
 }
 
 func testXrayAuditPoetry(t *testing.T, format string) string {
@@ -507,14 +514,12 @@ func verifyJsonScanResults(t *testing.T, content string, minViolations, minVulne
 	}
 }
 
-func verifySimpleJsonScanResults(t *testing.T, content string, minVulnerabilities, minLicenses, minSecrets, minIaC int) {
+func verifySimpleJsonScanResults(t *testing.T, content string, minVulnerabilities, minLicenses int) {
 	var results formats.SimpleJsonResults
 	err := json.Unmarshal([]byte(content), &results)
 	if assert.NoError(t, err) {
 		assert.GreaterOrEqual(t, len(results.Vulnerabilities), minVulnerabilities)
 		assert.GreaterOrEqual(t, len(results.Licenses), minLicenses)
-		assert.GreaterOrEqual(t, len(results.Iacs), minIaC)
-		assert.GreaterOrEqual(t, len(results.Secrets), minSecrets)
 	}
 }
 
@@ -661,6 +666,53 @@ func TestXrayOfflineDBSyncV3(t *testing.T) {
 	assert.ErrorContains(t, err, "Invalid stream type")
 }
 
+func TestXrayAuditJasSimpleJson(t *testing.T) {
+	output := testXrayAuditJas(t, string(utils.SimpleJson), "jas")
+	verifySimpleJsonJasResults(t, output, 9, 7, 2, 1)
+}
+
+func TestXrayAuditJasNoViolationsSimpleJson(t *testing.T) {
+	output := testXrayAuditJas(t, string(utils.SimpleJson), "npm")
+	verifySimpleJsonScanResults(t, output, 2, 0)
+	verifySimpleJsonJasResults(t, output, 0, 0, 0, 1)
+}
+
+func testXrayAuditJas(t *testing.T, format string, project string) string {
+	initXrayTest(t, commands.GraphScanMinXrayVersion)
+	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)
+	defer createTempDirCallback()
+	projectDir := filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), filepath.Join("xray", project))
+	// Copy the multi project from the testdata to a temp dir
+	assert.NoError(t, fileutils.CopyDir(projectDir, tempDirPath, true, nil))
+	// Configure a new server named "default"
+	createJfrogHomeConfig(t, true)
+	defer cleanTestsHomeEnv()
+	baseWd := changeWD(t, tempDirPath)
+	defer func() {
+		assert.NoError(t, os.Chdir(baseWd))
+	}()
+	return xrayCli.WithoutCredentials().RunCliCmdWithOutput(t, "audit", "--format="+format)
+}
+
+func verifySimpleJsonJasResults(t *testing.T, content string, minIacViolations, minSecrets, minApplicable, minNotApplicable int) {
+	var results formats.SimpleJsonResults
+	err := json.Unmarshal([]byte(content), &results)
+	if assert.NoError(t, err) {
+		assert.GreaterOrEqual(t, len(results.Secrets), minSecrets)
+		assert.GreaterOrEqual(t, len(results.Iacs), minIacViolations)
+		var applicableResults, notApplicableResults int
+		for _, vuln := range results.Vulnerabilities {
+			if vuln.Applicable == utils.NotApplicableStringValue {
+				notApplicableResults++
+			} else if vuln.Applicable == utils.ApplicableStringValue {
+				applicableResults++
+			}
+		}
+		assert.GreaterOrEqual(t, applicableResults, minApplicable)
+		assert.GreaterOrEqual(t, notApplicableResults, minNotApplicable)
+	}
+}
+
 func TestCurationAudit(t *testing.T) {
 	initXrayTest(t, "")
 	tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t)