From ebbc314c7d0d0160922097de6559474cf374b9f6 Mon Sep 17 00:00:00 2001 From: sarao Date: Mon, 16 Jan 2023 13:09:46 +0200 Subject: [PATCH 1/8] supporting audit with gradle wrapper --- scan/cli.go | 2 +- utils/cliutils/commandsflags.go | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/scan/cli.go b/scan/cli.go index a6a53441b..10aa08ea2 100644 --- a/scan/cli.go +++ b/scan/cli.go @@ -226,7 +226,7 @@ func createGenericAuditCmd(c *cli.Context) (*audit.GenericAuditCommand, error) { } return auditCmd.SetExcludeTestDependencies(c.Bool(cliutils.ExcludeTestDeps)). - SetUseWrapper(c.Bool(cliutils.UseWrapper)). + SetUseWrapper(c.BoolT(cliutils.UseWrapper)). SetInsecureTls(c.Bool(cliutils.InsecureTls)). SetNpmScope(c.String(cliutils.DepType)). SetPipRequirementsFile(c.String(cliutils.RequirementsFile)), diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index 0aabffca9..51ddde41b 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -384,6 +384,7 @@ const ( Force = "force" Verbose = "verbose" WorkingDir = "working-dir" + Merge = "merge" // *** Distribution Commands' flags *** // Base flags @@ -1001,9 +1002,9 @@ var flagsMap = map[string]cli.Flag{ Name: usesPlugin, Usage: "[Default: false] Set to true if the Gradle Artifactory Plugin is already applied in the build script.` `", }, - UseWrapper: cli.BoolFlag{ + UseWrapper: cli.BoolTFlag{ Name: UseWrapper, - Usage: "[Default: false] [Gradle] Set to true if you'd like to use the Gradle wrapper.` `", + Usage: "[Default: true] [Gradle] Set to false if you do not wish to use the Gradle wrapper.` `", }, deployMavenDesc: cli.BoolTFlag{ Name: deployMavenDesc, @@ -1096,6 +1097,10 @@ var flagsMap = map[string]cli.Flag{ Name: Force, Usage: "[Default: false] Set to true to allow config transfer to a non-empty Artifactory server.` `", }, + Merge: cli.BoolFlag{ + Name: Merge, + Usage: "[Default: false] Set to true to merge source in target.` `", + }, Verbose: cli.BoolFlag{ Name: Verbose, Usage: "[Default: false] Set to true to increase verbosity during the export configuration from the source Artifactory phase.` `", @@ -1548,7 +1553,7 @@ var commandFlags = map[string][]string{ }, Docker: { buildName, buildNumber, module, project, - serverId, skipLogin, threads, detailedSummary, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, + serverId, skipLogin, threads, detailedSummary, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, BypassArchiveLimits, }, DockerPush: { buildName, buildNumber, module, project, @@ -1613,7 +1618,7 @@ var commandFlags = map[string][]string{ url, user, password, accessToken, }, TransferConfig: { - Force, Verbose, IncludeRepos, ExcludeRepos, WorkingDir, PreChecks, + Force, Verbose, IncludeRepos, ExcludeRepos, WorkingDir, Merge, }, Ping: { url, user, password, accessToken, sshPassphrase, sshKeyPath, serverId, ClientCertPath, From e8616cf31b0c58123588f7b9645862388310d5e4 Mon Sep 17 00:00:00 2001 From: sarao Date: Mon, 16 Jan 2023 13:12:45 +0200 Subject: [PATCH 2/8] supporting audit with gradle wrapper --- utils/cliutils/commandsflags.go | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index 51ddde41b..9014bfce0 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -1097,10 +1097,6 @@ var flagsMap = map[string]cli.Flag{ Name: Force, Usage: "[Default: false] Set to true to allow config transfer to a non-empty Artifactory server.` `", }, - Merge: cli.BoolFlag{ - Name: Merge, - Usage: "[Default: false] Set to true to merge source in target.` `", - }, Verbose: cli.BoolFlag{ Name: Verbose, Usage: "[Default: false] Set to true to increase verbosity during the export configuration from the source Artifactory phase.` `", @@ -1553,7 +1549,7 @@ var commandFlags = map[string][]string{ }, Docker: { buildName, buildNumber, module, project, - serverId, skipLogin, threads, detailedSummary, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, BypassArchiveLimits, + serverId, skipLogin, threads, detailedSummary, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, }, DockerPush: { buildName, buildNumber, module, project, @@ -1618,7 +1614,7 @@ var commandFlags = map[string][]string{ url, user, password, accessToken, }, TransferConfig: { - Force, Verbose, IncludeRepos, ExcludeRepos, WorkingDir, Merge, + Force, Verbose, IncludeRepos, ExcludeRepos, WorkingDir, }, Ping: { url, user, password, accessToken, sshPassphrase, sshKeyPath, serverId, ClientCertPath, From bc5eba8cd82da6ba1cfd4e40c45b6114bb8c231e Mon Sep 17 00:00:00 2001 From: sarao Date: Mon, 16 Jan 2023 13:13:27 +0200 Subject: [PATCH 3/8] supporting audit with gradle wrapper --- utils/cliutils/commandsflags.go | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index 9014bfce0..9b1710fcf 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -384,7 +384,6 @@ const ( Force = "force" Verbose = "verbose" WorkingDir = "working-dir" - Merge = "merge" // *** Distribution Commands' flags *** // Base flags From 4d0d458c58647f30c69bc5c79a01a51841ac999b Mon Sep 17 00:00:00 2001 From: sarao Date: Thu, 26 Jan 2023 14:09:56 +0200 Subject: [PATCH 4/8] supporting audit with gradle wrapper --- utils/cliutils/commandsflags.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index a60910137..c910da87a 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -1636,7 +1636,7 @@ var commandFlags = map[string][]string{ buildName, buildNumber, module, project, }, TransferConfig: { - Force, Verbose, IncludeRepos, ExcludeRepos, WorkingDir, + Force, Verbose, IncludeRepos, ExcludeRepos, WorkingDir, PreChecks, }, Ping: { url, user, password, accessToken, sshPassphrase, sshKeyPath, serverId, ClientCertPath, From 0fc035c4c1c7849455663909fabead349b66b520 Mon Sep 17 00:00:00 2001 From: sarao Date: Sun, 12 Feb 2023 12:38:33 +0200 Subject: [PATCH 5/8] supporting audit with gradle wrapper --- scan/cli.go | 2 +- utils/cliutils/commandsflags.go | 21 +++++++++++++-------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/scan/cli.go b/scan/cli.go index 4779eb113..6b340b837 100644 --- a/scan/cli.go +++ b/scan/cli.go @@ -226,7 +226,7 @@ func createGenericAuditCmd(c *cli.Context) (*audit.GenericAuditCommand, error) { } return auditCmd.SetExcludeTestDependencies(c.Bool(cliutils.ExcludeTestDeps)). - SetUseWrapper(c.BoolT(cliutils.UseWrapper)). + SetUseWrapper(c.Bool(cliutils.AuditUseWrapper)). SetInsecureTls(c.Bool(cliutils.InsecureTls)). SetNpmScope(c.String(cliutils.DepType)). SetPipRequirementsFile(c.String(cliutils.RequirementsFile)), diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index c910da87a..d1da4765a 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -325,7 +325,7 @@ const ( // Unique gradle-config flags usesPlugin = "uses-plugin" - UseWrapper = "use-wrapper" + ConfigUseWrapper = "use-wrapper" deployMavenDesc = "deploy-maven-desc" deployIvyDesc = "deploy-ivy-desc" ivyDescPattern = "ivy-desc-pattern" @@ -445,6 +445,7 @@ const ( licenses = "licenses" vuln = "vuln" ExtendedTable = "extended-table" + AuditUseWrapper = "audit-use-wrapper" // *** Mission Control Commands' flags *** missionControlPrefix = "mc-" @@ -1007,9 +1008,9 @@ var flagsMap = map[string]cli.Flag{ Name: usesPlugin, Usage: "[Default: false] Set to true if the Gradle Artifactory Plugin is already applied in the build script.` `", }, - UseWrapper: cli.BoolTFlag{ - Name: UseWrapper, - Usage: "[Default: true] [Gradle] Set to false if you do not wish to use the Gradle wrapper.` `", + ConfigUseWrapper: cli.BoolFlag{ + Name: ConfigUseWrapper, + Usage: "[Default: false] [Gradle] Set to true if you'd like to use the Gradle wrapper.` `", }, deployMavenDesc: cli.BoolTFlag{ Name: deployMavenDesc, @@ -1259,6 +1260,10 @@ var flagsMap = map[string]cli.Flag{ Name: ExtendedTable, Usage: "[Default: false] Set to true if you'd like the table to include extended fields such as 'CVSS' & 'Xray Issue Id'. Ignored if provided 'format' is not 'table'. ` `", }, + AuditUseWrapper: cli.BoolTFlag{ + Name: AuditUseWrapper, + Usage: "[Default: True] Set to fale if you wish to not use the wrapper ", + }, licenses: cli.BoolFlag{ Name: licenses, Usage: "[Default: false] Set to true if you'd like to receive licenses from Xray scanning. ` `", @@ -1556,10 +1561,10 @@ var commandFlags = map[string][]string{ glcQuiet, InsecureTls, retries, retryWaitTime, }, MvnConfig: { - global, serverIdResolve, serverIdDeploy, repoResolveReleases, repoResolveSnapshots, repoDeployReleases, repoDeploySnapshots, includePatterns, excludePatterns, + global, serverIdResolve, serverIdDeploy, repoResolveReleases, repoResolveSnapshots, repoDeployReleases, repoDeploySnapshots, includePatterns, excludePatterns, ConfigUseWrapper, }, GradleConfig: { - global, serverIdResolve, serverIdDeploy, repoResolve, repoDeploy, usesPlugin, UseWrapper, deployMavenDesc, + global, serverIdResolve, serverIdDeploy, repoResolve, repoDeploy, usesPlugin, ConfigUseWrapper, deployMavenDesc, deployIvyDesc, ivyDescPattern, ivyArtifactsPattern, }, Mvn: { @@ -1740,13 +1745,13 @@ var commandFlags = map[string][]string{ }, Audit: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, ExcludeTestDeps, - UseWrapper, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, + AuditUseWrapper, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, }, AuditMvn: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, }, AuditGradle: { - xrUrl, user, password, accessToken, serverId, ExcludeTestDeps, UseWrapper, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, + xrUrl, user, password, accessToken, serverId, ExcludeTestDeps, ConfigUseWrapper, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, }, AuditNpm: { xrUrl, user, password, accessToken, serverId, DepType, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, From 7bed346a7398acd04630ea920086b8aa1076150c Mon Sep 17 00:00:00 2001 From: sarao Date: Thu, 2 Mar 2023 15:06:29 +0200 Subject: [PATCH 6/8] supporting audit with gradle wrapper --- scan/cli.go | 2 +- utils/cliutils/commandsflags.go | 24 +++++++++++++++--------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/scan/cli.go b/scan/cli.go index 6b340b837..4779eb113 100644 --- a/scan/cli.go +++ b/scan/cli.go @@ -226,7 +226,7 @@ func createGenericAuditCmd(c *cli.Context) (*audit.GenericAuditCommand, error) { } return auditCmd.SetExcludeTestDependencies(c.Bool(cliutils.ExcludeTestDeps)). - SetUseWrapper(c.Bool(cliutils.AuditUseWrapper)). + SetUseWrapper(c.BoolT(cliutils.UseWrapper)). SetInsecureTls(c.Bool(cliutils.InsecureTls)). SetNpmScope(c.String(cliutils.DepType)). SetPipRequirementsFile(c.String(cliutils.RequirementsFile)), diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index d1da4765a..cd7022fdd 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -325,7 +325,7 @@ const ( // Unique gradle-config flags usesPlugin = "uses-plugin" - ConfigUseWrapper = "use-wrapper" + UseWrapper = "use-wrapper" deployMavenDesc = "deploy-maven-desc" deployIvyDesc = "deploy-ivy-desc" ivyDescPattern = "ivy-desc-pattern" @@ -436,6 +436,8 @@ const ( BypassArchiveLimits = "bypass-archive-limits" // Audit commands + auditPrefix = "audit-" + useWrapperAudit = auditPrefix + UseWrapper ExcludeTestDeps = "exclude-test-deps" DepType = "dep-type" RequirementsFile = "requirements-file" @@ -1236,6 +1238,10 @@ var flagsMap = map[string]cli.Flag{ Name: PeriodicDBSyncV3, Usage: fmt.Sprintf("[Default: false] Set to true to get the Xray DBSync V3 Periodic Package (Use with %s flag). ` `", DBSyncV3), }, + useWrapperAudit: cli.BoolTFlag{ + Name: UseWrapper, + Usage: "[Default: true] Set to false if you wish to not use the wrapper. ` `", + }, ExcludeTestDeps: cli.BoolFlag{ Name: ExcludeTestDeps, Usage: "[Default: false] [Gradle] Set to true if you'd like to exclude Gradle test dependencies from Xray scanning.` `", @@ -1260,9 +1266,9 @@ var flagsMap = map[string]cli.Flag{ Name: ExtendedTable, Usage: "[Default: false] Set to true if you'd like the table to include extended fields such as 'CVSS' & 'Xray Issue Id'. Ignored if provided 'format' is not 'table'. ` `", }, - AuditUseWrapper: cli.BoolTFlag{ - Name: AuditUseWrapper, - Usage: "[Default: True] Set to fale if you wish to not use the wrapper ", + UseWrapper: cli.BoolFlag{ + Name: UseWrapper, + Usage: "[Default: false] Set to true if you wish to use the wrapper. ` `", }, licenses: cli.BoolFlag{ Name: licenses, @@ -1561,10 +1567,10 @@ var commandFlags = map[string][]string{ glcQuiet, InsecureTls, retries, retryWaitTime, }, MvnConfig: { - global, serverIdResolve, serverIdDeploy, repoResolveReleases, repoResolveSnapshots, repoDeployReleases, repoDeploySnapshots, includePatterns, excludePatterns, ConfigUseWrapper, + global, serverIdResolve, serverIdDeploy, repoResolveReleases, repoResolveSnapshots, repoDeployReleases, repoDeploySnapshots, includePatterns, excludePatterns, UseWrapper, }, GradleConfig: { - global, serverIdResolve, serverIdDeploy, repoResolve, repoDeploy, usesPlugin, ConfigUseWrapper, deployMavenDesc, + global, serverIdResolve, serverIdDeploy, repoResolve, repoDeploy, usesPlugin, UseWrapper, deployMavenDesc, deployIvyDesc, ivyDescPattern, ivyArtifactsPattern, }, Mvn: { @@ -1745,13 +1751,13 @@ var commandFlags = map[string][]string{ }, Audit: { xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, ExcludeTestDeps, - AuditUseWrapper, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, + useWrapperAudit, DepType, RequirementsFile, fail, ExtendedTable, workingDirs, Mvn, Gradle, Npm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, }, AuditMvn: { - xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, + xrUrl, user, password, accessToken, serverId, InsecureTls, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, useWrapperAudit, }, AuditGradle: { - xrUrl, user, password, accessToken, serverId, ExcludeTestDeps, ConfigUseWrapper, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, + xrUrl, user, password, accessToken, serverId, ExcludeTestDeps, useWrapperAudit, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, }, AuditNpm: { xrUrl, user, password, accessToken, serverId, DepType, project, watches, repoPath, licenses, xrOutput, fail, ExtendedTable, From 1ec140b53b3114a5503dd4d4e51273329cae8f14 Mon Sep 17 00:00:00 2001 From: sarao Date: Thu, 2 Mar 2023 15:17:09 +0200 Subject: [PATCH 7/8] supporting audit with gradle wrapper --- utils/cliutils/commandsflags.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index cd7022fdd..1f879a600 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -447,7 +447,6 @@ const ( licenses = "licenses" vuln = "vuln" ExtendedTable = "extended-table" - AuditUseWrapper = "audit-use-wrapper" // *** Mission Control Commands' flags *** missionControlPrefix = "mc-" @@ -1010,10 +1009,6 @@ var flagsMap = map[string]cli.Flag{ Name: usesPlugin, Usage: "[Default: false] Set to true if the Gradle Artifactory Plugin is already applied in the build script.` `", }, - ConfigUseWrapper: cli.BoolFlag{ - Name: ConfigUseWrapper, - Usage: "[Default: false] [Gradle] Set to true if you'd like to use the Gradle wrapper.` `", - }, deployMavenDesc: cli.BoolTFlag{ Name: deployMavenDesc, Usage: "[Default: true] Set to false if you do not wish to deploy Maven descriptors.` `", From c7301aef88e6c8ab9a89427eb53c267dbc3ef33c Mon Sep 17 00:00:00 2001 From: sarao Date: Mon, 6 Mar 2023 10:22:26 +0200 Subject: [PATCH 8/8] supporting audit with gradle and maven wrapper --- utils/cliutils/commandsflags.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/cliutils/commandsflags.go b/utils/cliutils/commandsflags.go index 1f879a600..0c21e630f 100644 --- a/utils/cliutils/commandsflags.go +++ b/utils/cliutils/commandsflags.go @@ -1235,7 +1235,7 @@ var flagsMap = map[string]cli.Flag{ }, useWrapperAudit: cli.BoolTFlag{ Name: UseWrapper, - Usage: "[Default: true] Set to false if you wish to not use the wrapper. ` `", + Usage: "[Default: true] Set to false if you wish to not use the gradle or maven wrapper. ` `", }, ExcludeTestDeps: cli.BoolFlag{ Name: ExcludeTestDeps,