Improve Golang audit logs (#948)

jfrog · Sep 12, 2023 · 7ea8130 · 7ea8130
1 parent c3f0b35
commit 7ea8130
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 62 deletions.
diff --git a/xray/commands/audit/sca/go/golang.go b/xray/commands/audit/sca/go/golang.go
@@ -29,7 +29,7 @@ func BuildDependencyTree(server *config.ServerDetails, remoteGoRepo string) (dep
 	}
 	// Calculate go dependencies graph
 	dependenciesGraph, err := goutils.GetDependenciesGraph(currentDir)
-	if err != nil {
+	if err != nil || len(dependenciesGraph) == 0 {
 		return
 	}
 	// Calculate go dependencies list

diff --git a/xray/commands/audit/scarunner.go b/xray/commands/audit/scarunner.go
@@ -79,7 +79,7 @@ func runScaScanOnWorkingDir(params *AuditParams, results *Results, workingDir, r
 			err = errors.Join(err, fmt.Errorf("failed while building '%s' dependency tree:\n%s\n", tech, techErr.Error()))
 			continue
 		}
-		if len(flattenTree.Nodes) == 0 {
+		if flattenTree == nil || len(flattenTree.Nodes) == 0 {
 			err = errors.Join(err, errors.New("no dependencies were found. Please try to build your project and re-run the audit command"))
 			continue
 		}
@@ -158,7 +158,7 @@ func GetTechDependencyTree(params *xrayutils.AuditBasicParams, tech coreutils.Te
 	default:
 		err = errorutils.CheckErrorf("%s is currently not supported", string(tech))
 	}
-	if err != nil {
+	if err != nil || len(uniqueDeps) == 0 {
 		return
 	}
 	log.Debug(fmt.Sprintf("Created '%s' dependency tree with %d nodes. Elapsed time: %.1f seconds.", tech.ToFormal(), len(uniqueDeps), time.Since(startTime).Seconds()))

diff --git a/xray/utils/analyzermanager_test.go b/xray/utils/analyzermanager_test.go
@@ -79,13 +79,15 @@ func TestExtractRelativePath(t *testing.T) {
 		expectedResult string
 	}{
 		{secretPath: "file:///Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js",
-			projectPath: "Users/user/Desktop/secrets_scanner/", expectedResult: "/tests/req.nodejs/file.js"},
+			projectPath: "Users/user/Desktop/secrets_scanner/", expectedResult: "tests/req.nodejs/file.js"},
 		{secretPath: "invalidSecretPath",
 			projectPath: "Users/user/Desktop/secrets_scanner/", expectedResult: "invalidSecretPath"},
 		{secretPath: "",
 			projectPath: "Users/user/Desktop/secrets_scanner/", expectedResult: ""},
 		{secretPath: "file:///Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js",
-			projectPath: "invalidProjectPath", expectedResult: "/Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js"},
+			projectPath: "invalidProjectPath", expectedResult: "Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js"},
+		{secretPath: "file:///private/Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js",
+			projectPath: "invalidProjectPath", expectedResult: "Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js"},
 	}
 
 	for _, test := range tests {

diff --git a/xray/utils/sarifutils.go b/xray/utils/sarifutils.go
@@ -81,62 +81,6 @@ func AggregateMultipleRunsIntoSingle(runs []*sarif.Run, destination *sarif.Run)
 	}
 }
 
-func getRunInformationUri(run *sarif.Run) string {
-	if run != nil && run.Tool.Driver != nil && run.Tool.Driver.InformationURI != nil {
-		return *run.Tool.Driver.InformationURI
-	}
-	return ""
-}
-
-// Calculate new information that exists at the run and not at the source
-func GetDiffFromRun(sources []*sarif.Run, targets []*sarif.Run) (runWithNewOnly *sarif.Run) {
-	// Combine
-	combinedSource := sarif.NewRunWithInformationURI(sources[0].Tool.Driver.Name, getRunInformationUri(sources[0])).WithInvocations([]*sarif.Invocation{})
-	AggregateMultipleRunsIntoSingle(sources, combinedSource)
-	if combinedSource == nil {
-		return
-	}
-	if len(targets) == 0 {
-		return combinedSource
-	}
-	combinedTarget := sarif.NewRunWithInformationURI(targets[0].Tool.Driver.Name, getRunInformationUri(targets[0])).WithInvocations([]*sarif.Invocation{})
-	AggregateMultipleRunsIntoSingle(targets, combinedTarget)
-	if combinedTarget == nil {
-		return combinedSource
-	}
-	// Get diff
-	runWithNewOnly = sarif.NewRun(combinedSource.Tool).WithInvocations(combinedSource.Invocations)
-	for _, sourceResult := range combinedSource.Results {
-		targetMatchingResults := GetResultsByRuleId(combinedTarget, *sourceResult.RuleID)
-		if len(targetMatchingResults) == 0 {
-			runWithNewOnly.AddResult(sourceResult)
-			if rule, _ := combinedSource.GetRuleById(*sourceResult.RuleID); rule != nil {
-				runWithNewOnly.Tool.Driver.AddRule(rule)
-			}
-			continue
-		}
-		for _, targetMatchingResult := range targetMatchingResults {
-			if len(sourceResult.Locations) > len(targetMatchingResult.Locations) ||
-				len(sourceResult.CodeFlows) > len(targetMatchingResult.CodeFlows) {
-				runWithNewOnly.AddResult(sourceResult)
-				if rule, _ := combinedSource.GetRuleById(*sourceResult.RuleID); rule != nil {
-					runWithNewOnly.Tool.Driver.AddRule(rule)
-				}
-			}
-		}
-	}
-	return
-}
-
-func FilterResultsByRuleIdAndMsgText(source []*sarif.Result, ruleId, msgText string) (results []*sarif.Result) {
-	for _, result := range source {
-		if ruleId == *result.RuleID && msgText == GetResultMsgText(result) {
-			results = append(results, result)
-		}
-	}
-	return
-}
-
 func GetLocationRelatedCodeFlowsFromResult(location *sarif.Location, result *sarif.Result) (codeFlows []*sarif.CodeFlow) {
 	for _, codeFlow := range result.CodeFlows {
 		for _, stackTrace := range codeFlow.ThreadFlows {
@@ -300,7 +244,8 @@ func ExtractRelativePath(resultPath string, projectRoot string) string {
 
 	// Get relative path
 	relativePath := strings.ReplaceAll(resultPath, projectRoot, "")
-	return strings.TrimPrefix(relativePath, string(filepath.Separator))
+	trimSlash := strings.TrimPrefix(relativePath, string(filepath.Separator))
+	return strings.TrimPrefix(trimSlash, "/")
 }
 
 func GetResultSeverity(result *sarif.Result) string {