Add support for IaC realtime (AST-102219) (#883)

cx-ben-alvo · web-flow · commit 1772cb83ecd3 · 2025-07-30T11:47:21.000+03:00
* Add support for IaC realtime scanning and update related constants and tests (AST-102219)

* Enable ScanContainersRealtime test case
diff --git a/src/main/iacRealtime/CxIac.ts b/src/main/iacRealtime/CxIac.ts
@@ -0,0 +1,48 @@
+import {CxRealtimeEngineStatus} from "../oss/CxRealtimeEngineStatus";
+
+export default class CxIacResult {
+    title: string;
+    description: string;
+    similarityID: string;
+    filepath: string;
+    severity: CxRealtimeEngineStatus;
+    locations: { line: number, startIndex: number, endIndex: number }[];
+
+    static parseResult(resultObject: any): CxIacResult[] {
+        let iacResults: CxIacResult[] = [];
+        if (resultObject instanceof Array) {
+            iacResults = resultObject.map((member: any) => {
+                const iacResult = new CxIacResult();
+                iacResult.title = member.Title;
+                iacResult.description = member.Description;
+                iacResult.similarityID = member.SimilarityID;
+                iacResult.filepath = member.FilePath;
+                iacResult.severity = member.Severity as CxRealtimeEngineStatus;
+                iacResult.locations = Array.isArray(member.Locations)
+                    ? member.Locations.map((l: any) => ({
+                        line: l.Line,
+                        startIndex: l.StartIndex,
+                        endIndex: l.EndIndex,
+                    }))
+                    : [];
+                return iacResult;
+            });
+        } else {
+            const iacResult = new CxIacResult();
+            iacResult.title = resultObject.Title;
+            iacResult.description = resultObject.Description;
+            iacResult.severity = resultObject.Severity;
+            iacResult.filepath = resultObject.FilePath;
+            iacResult.filepath = resultObject.FilePath;
+            iacResult.locations = Array.isArray(resultObject.Locations)
+                ? resultObject.Locations.map((l: any) => ({
+                    line: l.Line,
+                    startIndex: l.StartIndex,
+                    endIndex: l.EndIndex,
+                }))
+                : [];
+            iacResults.push(iacResult);
+        }
+        return iacResults;
+    }
+}
diff --git a/src/main/wrapper/CxConstants.ts b/src/main/wrapper/CxConstants.ts
@@ -76,6 +76,7 @@ export enum CxConstants {
     CMD_OSS = "oss-realtime",
     CMD_SECRETS = "secrets-realtime",
     CMD_CONTAINERS_REALTIME = "containers-realtime",
+    CMD_IAC_REALTIME = "iac-realtime",
     PROJECT_ID = "--project-id",
     SIMILARITY_ID = "--similarity-id",
     QUERY_ID = "--query-id",
@@ -92,6 +93,7 @@ export enum CxConstants {
     SCAN_TYPE = "CxScan",
     SCAN_ASCA = "CxAsca",
     SCAN_OSS = "CxOss",
+    SCAN_IAC = "CxIac",
     SCAN_SECRETS = "CxSecrets",
     SCAN_CONTAINERS_REALTIME = "CxContainersRealtime",
     PROJECT_TYPE = "CxProject",
diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts
@@ -175,6 +175,13 @@ export class CxWrapper {
         return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_CONTAINERS_REALTIME);
     }
 
+    async iacRealtimeScanResults(sourceFile: string, engine: string): Promise<CxCommandOutput> {
+        const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_IAC_REALTIME, CxConstants.SOURCE, sourceFile, CxConstants.ENGINE, engine];
+        commands.push(...this.initializeCommands(false));
+        const exec = new ExecutionService();
+        return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_IAC);
+    }
+
     async secretsScanResults(sourceFile: string, ignoredFilePath?: string): Promise<CxCommandOutput> {
     const commands: string[] = [
         CxConstants.CMD_SCAN,
diff --git a/src/main/wrapper/ExecutionService.ts b/src/main/wrapper/ExecutionService.ts
@@ -26,6 +26,7 @@ import CxAsca from "../asca/CxAsca";
 import CxOssResult from "../oss/CxOss";
 import CxSecretsResult from "../secrets/CxSecrets";
 import CxContainerRealtimeResult from "../containersRealtime/CxContainerRealtime";
+import CxIacResult from "../iacRealtime/CxIac";
 
 let skipValue = false;
 const fileSourceFlag = "--file-source"
@@ -212,6 +213,10 @@ export class ExecutionService {
                         const oss = CxOssResult.parseResult(resultObject);
                         cxCommandOutput.payload = [oss];
                         break;
+                    case CxConstants.SCAN_IAC:
+                        const iac = CxIacResult.parseResult(resultObject);
+                        cxCommandOutput.payload = [iac];
+                        break;
                     case CxConstants.SCAN_CONTAINERS_REALTIME:
                         const images = CxContainerRealtimeResult.parseResult(resultObject);
                         cxCommandOutput.payload = [images];
diff --git a/src/tests/ScanTest.test.ts b/src/tests/ScanTest.test.ts
@@ -227,13 +227,21 @@ describe("ScanCreate cases", () => {
     expect(cxCommandOutput.exitCode).toBe(0);
 });
 
-    it.skip('ScanContainersRealtime Successful case', async () => {
+    it('ScanContainersRealtime Successful case', async () => {
         const wrapper = new CxWrapper(cxScanConfig);
         const cxCommandOutput: CxCommandOutput = await wrapper.containersRealtimeScanResults("src/tests/data/Dockerfile");
         console.log("Json object from scanContainersRealtime successful case: " + JSON.stringify(cxCommandOutput));
         expect(cxCommandOutput.payload).toBeDefined();
         expect(cxCommandOutput.exitCode).toBe(0);
     });
 
+    it.skip('ScanIacRealtime Successful case', async () => {
+        const wrapper = new CxWrapper(cxScanConfig);
+        const cxCommandOutput: CxCommandOutput = await wrapper.iacRealtimeScanResults("src/tests/data/Dockerfile", "docker");
+        console.log("Json object from scanIacRealtime successful case: " + JSON.stringify(cxCommandOutput));
+        expect(cxCommandOutput.payload).toBeDefined();
+        expect(cxCommandOutput.exitCode).toBe(0);
+    });
+
 });
 
