Fix scan-and-fix-repos faulty checkout (#437)

jfrog · Aug 14, 2023 · 1021885 · 1021885
1 parent 33d33fd
commit 1021885
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 28 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -64,6 +64,7 @@ body:
         - GitHub
         - Bitbucket Server
         - GitLab
+        - Azure DevOps
     validations:
       required: true
 

diff --git a/commands/scanrepository/scanmultiplerepositories.go b/commands/scanrepository/scanmultiplerepositories.go
@@ -55,5 +55,8 @@ func (saf *ScanMultipleRepositories) downloadAndRunScanAndFix(repository *utils.
 	}()
 
 	cfp := ScanRepositoryCmd{dryRun: saf.dryRun, dryRunRepoPath: wd}
-	return cfp.scanAndFixRepository(repository, branch, client)
+	if err = cfp.setCommandPrerequisites(repository, branch, client); err != nil {
+		return
+	}
+	return cfp.scanAndFixRepository(repository)
 }
diff --git a/commands/scanrepository/scanrepository.go b/commands/scanrepository/scanrepository.go
@@ -50,23 +50,23 @@ func (cfp *ScanRepositoryCmd) Run(repoAggregator utils.RepoAggregator, client vc
 	}
 	repository := repoAggregator[0]
 	for _, branch := range repository.Branches {
-		if err = cfp.scanAndFixRepository(&repository, branch, client); err != nil {
+		if err = cfp.setCommandPrerequisites(&repository, branch, client); err != nil {
+			return
+		}
+		if err = cfp.gitManager.Checkout(branch); err != nil {
+			return
+		}
+		if err = cfp.scanAndFixRepository(&repository); err != nil {
 			return
 		}
 	}
 	return
 }
 
-func (cfp *ScanRepositoryCmd) scanAndFixRepository(repository *utils.Repository, branch string, client vcsclient.VcsClient) (err error) {
+func (cfp *ScanRepositoryCmd) scanAndFixRepository(repository *utils.Repository) (err error) {
 	if cfp.baseWd, err = os.Getwd(); err != nil {
 		return
 	}
-	if err = cfp.setCommandPrerequisites(repository, branch, client); err != nil {
-		return
-	}
-	if err = cfp.gitManager.Checkout(branch); err != nil {
-		return fmt.Errorf("failed to checkout to %s branch before scanning. The following error has been received:\n%s", branch, err.Error())
-	}
 	for i := range repository.Projects {
 		cfp.details.Project = &repository.Projects[i]
 		cfp.projectTech = ""
@@ -81,7 +81,7 @@ func (cfp *ScanRepositoryCmd) setCommandPrerequisites(repository *utils.Reposito
 	cfp.details = utils.NewScanDetails(client, &repository.Server, &repository.Git).
 		SetXrayGraphScanParams(repository.Watches, repository.JFrogProjectKey).
 		SetFailOnInstallationErrors(*repository.FailOnSecurityIssues).
-		SetBranch(branch).
+		SetBaseBranch(branch).
 		SetFixableOnly(repository.FixableOnly).
 		SetMinSeverity(repository.MinSeverity)
 	cfp.aggregateFixes = repository.Git.AggregateFixes
@@ -104,7 +104,7 @@ func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) er
 		}
 
 		if !cfp.dryRun {
-			if err = utils.UploadScanToGitProvider(scanResults, repository, cfp.details.Branch(), cfp.details.Client()); err != nil {
+			if err = utils.UploadScanToGitProvider(scanResults, repository, cfp.details.BaseBranch(), cfp.details.Client()); err != nil {
 				log.Warn(err)
 			}
 		}
@@ -153,7 +153,7 @@ func (cfp *ScanRepositoryCmd) getVulnerabilitiesMap(scanResults *xrayutils.Exten
 }
 
 func (cfp *ScanRepositoryCmd) fixVulnerablePackages(vulnerabilitiesByWdMap map[string]map[string]*utils.VulnerabilityDetails) (err error) {
-	clonedRepoDir, restoreBaseDir, err := cfp.cloneRepository()
+	clonedRepoDir, restoreBaseDir, err := cfp.cloneRepositoryAndCheckoutToBranch()
 	if err != nil {
 		return
 	}
@@ -202,8 +202,7 @@ func (cfp *ScanRepositoryCmd) fixProjectVulnerabilities(fullProjectPath string,
 		}
 
 		// After fixing the current vulnerability, checkout to the base branch to start fixing the next vulnerability
-		log.Debug("Running git checkout to base branch:", cfp.details.Branch())
-		if e := cfp.gitManager.Checkout(cfp.details.Branch()); e != nil {
+		if e := cfp.gitManager.Checkout(cfp.details.BaseBranch()); e != nil {
 			err = errors.Join(err, cfp.handleUpdatePackageErrors(e))
 			return
 		}
@@ -270,7 +269,7 @@ func (cfp *ScanRepositoryCmd) handleUpdatePackageErrors(err error) error {
 func (cfp *ScanRepositoryCmd) fixSinglePackageAndCreatePR(vulnDetails *utils.VulnerabilityDetails) (err error) {
 	fixVersion := vulnDetails.SuggestedFixedVersion
 	log.Debug("Attempting to fix", vulnDetails.ImpactedDependencyName, "with", fixVersion)
-	fixBranchName, err := cfp.gitManager.GenerateFixBranchName(cfp.details.Branch(), vulnDetails.ImpactedDependencyName, fixVersion)
+	fixBranchName, err := cfp.gitManager.GenerateFixBranchName(cfp.details.BaseBranch(), vulnDetails.ImpactedDependencyName, fixVersion)
 	if err != nil {
 		return
 	}
@@ -317,8 +316,8 @@ func (cfp *ScanRepositoryCmd) openFixingPullRequest(fixBranchName string, vulnDe
 		return err
 	}
 	pullRequestTitle, prBody := cfp.preparePullRequestDetails(scanHash, []formats.VulnerabilityOrViolationRow{vulnDetails.VulnerabilityOrViolationRow})
-	log.Debug("Creating Pull Request form:", fixBranchName, " to:", cfp.details.Branch())
-	return cfp.details.Client().CreatePullRequest(context.Background(), cfp.details.RepoOwner, cfp.details.RepoName, fixBranchName, cfp.details.Branch(), pullRequestTitle, prBody)
+	log.Debug("Creating Pull Request form:", fixBranchName, " to:", cfp.details.BaseBranch())
+	return cfp.details.Client().CreatePullRequest(context.Background(), cfp.details.RepoOwner, cfp.details.RepoName, fixBranchName, cfp.details.BaseBranch(), pullRequestTitle, prBody)
 }
 
 // openAggregatedPullRequest handles the opening or updating of a pull request when the aggregate mode is active.
@@ -338,10 +337,10 @@ func (cfp *ScanRepositoryCmd) openAggregatedPullRequest(fixBranchName string, pu
 	}
 	pullRequestTitle, prBody := cfp.preparePullRequestDetails(scanHash, vulnerabilityRows)
 	if pullRequestInfo == nil {
-		log.Info("Creating Pull Request from:", fixBranchName, "to:", cfp.details.Branch())
-		return cfp.details.Client().CreatePullRequest(context.Background(), cfp.details.RepoOwner, cfp.details.RepoName, fixBranchName, cfp.details.Branch(), pullRequestTitle, prBody)
+		log.Info("Creating Pull Request from:", fixBranchName, "to:", cfp.details.BaseBranch())
+		return cfp.details.Client().CreatePullRequest(context.Background(), cfp.details.RepoOwner, cfp.details.RepoName, fixBranchName, cfp.details.BaseBranch(), pullRequestTitle, prBody)
 	}
-	log.Info("Updating Pull Request from:", fixBranchName, "to:", cfp.details.Branch())
+	log.Info("Updating Pull Request from:", fixBranchName, "to:", cfp.details.BaseBranch())
 	return cfp.details.Client().UpdatePullRequest(context.Background(), cfp.details.RepoOwner, cfp.details.RepoName, pullRequestTitle, prBody, "", int(pullRequestInfo.ID), vcsutils.Open)
 }
 
@@ -361,7 +360,7 @@ func (cfp *ScanRepositoryCmd) preparePullRequestDetails(scanHash string, vulnera
 	return pullRequestTitle, prBody
 }
 
-func (cfp *ScanRepositoryCmd) cloneRepository() (tempWd string, restoreDir func() error, err error) {
+func (cfp *ScanRepositoryCmd) cloneRepositoryAndCheckoutToBranch() (tempWd string, restoreDir func() error, err error) {
 	if cfp.dryRunRepoPath != "" {
 		tempWd, err = cfp.getDryRunClonedRepo()
 	} else {
@@ -374,7 +373,7 @@ func (cfp *ScanRepositoryCmd) cloneRepository() (tempWd string, restoreDir func(
 	log.Debug("Created temp working directory:", tempWd)
 
 	// Clone the content of the repo to the new working directory
-	if err = cfp.gitManager.Clone(tempWd, cfp.details.Branch()); err != nil {
+	if err = cfp.gitManager.Clone(tempWd, cfp.details.BaseBranch()); err != nil {
 		return
 	}
 
@@ -545,7 +544,7 @@ func (cfp *ScanRepositoryCmd) aggregateFixAndOpenPullRequest(vulnerabilitiesMap
 		}
 	}
 	log.Info("-----------------------------------------------------------------")
-	if e := cfp.gitManager.Checkout(cfp.details.Branch()); e != nil {
+	if e := cfp.gitManager.Checkout(cfp.details.BaseBranch()); e != nil {
 		err = errors.Join(err, e)
 	}
 	return

diff --git a/commands/utils/scandetails.go b/commands/utils/scandetails.go
@@ -27,7 +27,7 @@ type ScanDetails struct {
 	failOnInstallationErrors bool
 	fixableOnly              bool
 	minSeverityFilter        string
-	branch                   string
+	baseBranch               string
 }
 
 func NewScanDetails(client vcsclient.VcsClient, server *config.ServerDetails, git *Git) *ScanDetails {
@@ -59,17 +59,17 @@ func (sc *ScanDetails) SetMinSeverity(minSeverity string) *ScanDetails {
 	return sc
 }
 
-func (sc *ScanDetails) SetBranch(branch string) *ScanDetails {
-	sc.branch = branch
+func (sc *ScanDetails) SetBaseBranch(branch string) *ScanDetails {
+	sc.baseBranch = branch
 	return sc
 }
 
 func (sc *ScanDetails) Client() vcsclient.VcsClient {
 	return sc.client
 }
 
-func (sc *ScanDetails) Branch() string {
-	return sc.branch
+func (sc *ScanDetails) BaseBranch() string {
+	return sc.baseBranch
 }
 
 func (sc *ScanDetails) FailOnInstallationErrors() bool {