From 70ed56b22d5523f4223275522b40c65e13b94315 Mon Sep 17 00:00:00 2001 From: sumeet patil Date: Wed, 3 May 2023 12:29:04 +0200 Subject: [PATCH] fix(codeqlExecuteScan): checkForComplaince flag refactoring (#4344) --- cmd/codeqlExecuteScan.go | 33 +++++++++++++++------------------ cmd/codeqlExecuteScan_test.go | 4 ++-- 2 files changed, 17 insertions(+), 20 deletions(-) diff --git a/cmd/codeqlExecuteScan.go b/cmd/codeqlExecuteScan.go index 312414db0..b57ca6afc 100644 --- a/cmd/codeqlExecuteScan.go +++ b/cmd/codeqlExecuteScan.go @@ -280,30 +280,27 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem return reports, err } - codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(config.GithubAPIURL, repoInfo.owner, repoInfo.repo, token, []string{}) - scanResults, err := codeqlScanAuditInstance.GetVulnerabilities(repoInfo.ref) - if err != nil { - return reports, errors.Wrap(err, "failed to get scan results") - } - - unaudited := (scanResults.Total - scanResults.Audited) - if unaudited > config.VulnerabilityThresholdTotal { - msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.ref, unaudited, config.VulnerabilityThresholdTotal) - if config.CheckForCompliance { + if config.CheckForCompliance { + codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(config.GithubAPIURL, repoInfo.owner, repoInfo.repo, token, []string{}) + scanResults, err := codeqlScanAuditInstance.GetVulnerabilities(repoInfo.ref) + if err != nil { + return reports, errors.Wrap(err, "failed to get scan results") + } + unaudited := (scanResults.Total - scanResults.Audited) + if unaudited > config.VulnerabilityThresholdTotal { + msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.ref, unaudited, config.VulnerabilityThresholdTotal) return reports, errors.Errorf(msg) } - log.Entry().Warning(msg) - } + codeqlAudit := codeql.CodeqlAudit{ToolName: "codeql", RepositoryUrl: repoUrl, CodeScanningLink: repoCodeqlScanUrl, RepositoryReferenceUrl: repoReference, ScanResults: scanResults} + paths, err := codeql.WriteJSONReport(codeqlAudit, config.ModulePath) + if err != nil { + return reports, errors.Wrap(err, "failed to write json compliance report") + } - codeqlAudit := codeql.CodeqlAudit{ToolName: "codeql", RepositoryUrl: repoUrl, CodeScanningLink: repoCodeqlScanUrl, RepositoryReferenceUrl: repoReference, ScanResults: scanResults} - paths, err := codeql.WriteJSONReport(codeqlAudit, config.ModulePath) - if err != nil { - return reports, errors.Wrap(err, "failed to write json compliance report") + reports = append(reports, paths...) } - - reports = append(reports, paths...) } toolRecordFileName, err := createAndPersistToolRecord(utils, repoInfo, repoReference, repoUrl, repoCodeqlScanUrl) diff --git a/cmd/codeqlExecuteScan_test.go b/cmd/codeqlExecuteScan_test.go index 6cc03013a..745844d87 100644 --- a/cmd/codeqlExecuteScan_test.go +++ b/cmd/codeqlExecuteScan_test.go @@ -42,8 +42,8 @@ func TestRunCodeqlExecuteScan(t *testing.T) { assert.Error(t, err) }) - t.Run("Upload results fails as repository not specified", func(t *testing.T) { - config := codeqlExecuteScanOptions{BuildTool: "maven", ModulePath: "./", UploadResults: true, GithubToken: "test"} + t.Run("Check for compliace fails as repository not specified", func(t *testing.T) { + config := codeqlExecuteScanOptions{BuildTool: "maven", ModulePath: "./", UploadResults: true, GithubToken: "test", CheckForCompliance: true} _, err := runCodeqlExecuteScan(&config, nil, newCodeqlExecuteScanTestsUtils()) assert.Error(t, err) })