66 "os"
77 "path"
88 "strconv"
9+ "strings"
910
1011 "github.com/jfrog/frogbot/icons"
1112 "github.com/jfrog/froggit-go/vcsclient"
@@ -24,17 +25,20 @@ import (
2425const (
2526 frogbotVersion = "0.0.0"
2627 // Env
27- jfrogUser = "FROGBOT_JF_USER"
28- jfrogUrl = "FROGBOT_JF_URL"
29- jfrogXrayUrl = "FROGBOT_JF_XRAY_URL"
30- jfrogArtifactoryUrl = "FROGBOT_JF_ARTIFACTORY_URL"
31- jfrogPassword = "FROGBOT_JF_PASSWORD"
32- jfrogToken = "FROGBOT_JF_TOKEN"
33- gitRepoOwner = "FROGBOT_GIT_OWNER"
34- gitRepo = "FROGBOT_GIT_REPO"
35- gitToken = "FROGBOT_GIT_TOKEN"
36- gitBaseBranch = "FROGBOT_GIT_BASE_BRANCH"
37- prID = "FROGBOT_PR"
28+ jfrogUser = "JF_USER"
29+ jfrogUrl = "JF_URL"
30+ jfrogXrayUrl = "JF_XRAY_URL"
31+ jfrogArtifactoryUrl = "JF_ARTIFACTORY_URL"
32+ jfrogPassword = "JF_PASSWORD"
33+ jfrogToken = "JF_TOKEN"
34+ jfrogWatches = "JF_WATCHES"
35+ watchesDelimiter = ","
36+ jfrogProject = "JF_PROJECT"
37+ gitRepoOwner = "JF_GIT_OWNER"
38+ gitRepo = "JF_GIT_REPO"
39+ gitToken = "JF_GIT_TOKEN"
40+ gitBaseBranch = "JF_GIT_BASE_BRANCH"
41+ gitPullRequestID = "JF_GIT_PULL_REQUEST_ID"
3842)
3943
4044func main () {
@@ -71,7 +75,7 @@ func getCommands() []*clitool.Command {
7175}
7276
7377func scanPullRequest (c * clitool.Context ) error {
74- server , repoOwner , token , repo , baseBranch , pullRequestID , err := extractParamsFromEnv ()
78+ server , repoOwner , token , repo , baseBranch , watches , project , pullRequestID , err := extractParamsFromEnv ()
7579 if err != nil {
7680 return err
7781 }
@@ -81,8 +85,7 @@ func scanPullRequest(c *clitool.Context) error {
8185 }
8286
8387 // Audit PR code
84- // TODO - fill contex according to env/flags
85- xrayScanParams := services.XrayGraphScanParams {IncludeVulnerabilities : true }
88+ xrayScanParams := createXrayScanParams (watches , project )
8689 wd , err := os .Getwd ()
8790 if err != nil {
8891 return err
@@ -100,19 +103,20 @@ func scanPullRequest(c *clitool.Context) error {
100103 }
101104 // Get only the new issues added by this PR
102105 var vulnerabilitiesRows []xrayutils.VulnerabilityRow
103- // TODO - handle array of scan results!
104- if len (currentScan [0 ].Violations ) > 0 {
105- vulnerabilitiesRows = getNewViolations (previousScan [0 ], currentScan [0 ])
106- } else if len (currentScan [0 ].Vulnerabilities ) > 0 {
107- vulnerabilitiesRows = getNewVulnerabilities (previousScan [0 ], currentScan [0 ])
106+ for i := 0 ; i < len (currentScan ); i += 1 {
107+ if len (currentScan [i ].Violations ) > 0 {
108+ vulnerabilitiesRows = append (vulnerabilitiesRows , getNewViolations (previousScan [i ], currentScan [i ])... )
109+ } else if len (currentScan [i ].Vulnerabilities ) > 0 {
110+ vulnerabilitiesRows = append (vulnerabilitiesRows , getNewVulnerabilities (previousScan [i ], currentScan [i ])... )
111+ }
108112 }
109113 // Comment frogbot message on the PR
110114 message := createPullRequestMessage (vulnerabilitiesRows )
111115 return client .AddPullRequestComment (context .Background (), repoOwner , repo , message , pullRequestID )
112116
113117}
114118
115- func extractParamsFromEnv () (server coreconfig.ServerDetails , repoOwner , token , repo , baseBranch string , pullRequestID int , err error ) {
119+ func extractParamsFromEnv () (server coreconfig.ServerDetails , repoOwner , token , repo , baseBranch , project , watches string , pullRequestID int , err error ) {
116120 url := os .Getenv (jfrogUrl )
117121 xrUrl := os .Getenv (jfrogXrayUrl )
118122 rtUrl := os .Getenv (jfrogArtifactoryUrl )
@@ -121,7 +125,7 @@ func extractParamsFromEnv() (server coreconfig.ServerDetails, repoOwner, token,
121125 server .ArtifactoryUrl = rtUrl
122126 } else {
123127 if url == "" {
124- err = fmt .Errorf ("%s or %s and %s are missing" , url , xrUrl , rtUrl )
128+ err = fmt .Errorf ("%s or %s and %s are missing" , jfrogUrl , jfrogXrayUrl , jfrogArtifactoryUrl )
125129 return
126130 }
127131 server .Url = url
@@ -156,15 +160,36 @@ func extractParamsFromEnv() (server coreconfig.ServerDetails, repoOwner, token,
156160 err = fmt .Errorf ("%s is missing" , gitBaseBranch )
157161 return
158162 }
159- pullRequestIDString := os .Getenv (prID )
163+ pullRequestIDString := os .Getenv (gitPullRequestID )
160164 if pullRequestIDString == "" {
161- err = fmt .Errorf ("%s is missing" , prID )
165+ err = fmt .Errorf ("%s is missing" , gitPullRequestID )
162166 return
163167 }
164168 pullRequestID , err = strconv .Atoi (pullRequestIDString )
165169 if err != nil {
166170 return
167171 }
172+
173+ // No mandatory Xray context params
174+ watches = os .Getenv (jfrogWatches )
175+ project = os .Getenv (jfrogProject )
176+
177+ return
178+ }
179+
180+ func createXrayScanParams (watches , project string ) (params services.XrayGraphScanParams ) {
181+ params .ScanType = services .Dependency
182+ params .IncludeLicenses = false
183+ if watches != "" {
184+ params .Watches = strings .Split (watches , watchesDelimiter )
185+ return
186+ }
187+ if project != "" {
188+ params .ProjectKey = project
189+ return
190+ }
191+ // No context was supplied, request from Xray to return all known vulnerabilities.
192+ params .IncludeVulnerabilities = true
168193 return
169194}
170195
@@ -260,7 +285,7 @@ func createPullRequestMessage(vulnerabilitiesRows []xrayutils.VulnerabilityRow)
260285 ":--: | -- | -- | -- | -- | :--: | --"
261286 var tableContent string
262287 for _ , vulnerability := range vulnerabilitiesRows {
263- tableContent += fmt .Sprintf ("\n | %s | %s | %s | %s | %s | %s | %s " , icons .GetIconTag (icons .GetIconSource (vulnerability .Severity )), vulnerability .ImpactedPackageName ,
288+ tableContent += fmt .Sprintf ("\n | %s | %s | %s | %s | %s | %s | %s " , icons .GetIconTag (icons .GetIconSource (vulnerability .Severity ))+ " " + vulnerability . Severity , vulnerability .ImpactedPackageName ,
264289 vulnerability .ImpactedPackageVersion , vulnerability .FixedVersions , vulnerability .Components [0 ].Name , vulnerability .Components [0 ].Version , vulnerability .Cves [0 ].Id )
265290 }
266291 return icons .GetIconTag (icons .VulnerabilitiesBannerSource ) + tableHeder + tableContent
0 commit comments