Merge pull request #1198 from Checkmarx/dima/cloud-default-scan

Containers scan should start by default on cloud (AST-84506)

Author: cx-dmitri-rivin

internal/commands/pre_commit.go

@@ -2,13 +2,14 @@ package commands
 
 import (
 	"fmt"
+	"strings"
+
 	precommit "github.com/Checkmarx/secret-detection/pkg/hooks"
 	"github.com/MakeNowJust/heredoc"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
-	"strings"
 )
 
 // NewHooksCommand creates the hooks command with pre-commit subcommand
@@ -65,7 +66,6 @@ func PreCommitCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Command {
 
 // / validateLicense verifies the user has the required license for secret detection
 func validateLicense(jwtWrapper wrappers.JWTWrapper) error {
-
 	allowed, err := jwtWrapper.IsAllowedEngine(params.EnterpriseSecretsLabel)
 	if err != nil {
 		return errors.Wrapf(err, "Failed checking license")

internal/commands/result.go

@@ -1119,10 +1119,8 @@ func setIsSCSEnabled(featureFlagsWrapper wrappers.FeatureFlagsWrapper) {
 	wrappers.IsSCSEnabled = scsEngineCLIEnabled.Status
 }
 
-func setIsContainersEnabled(agent string, featureFlagsWrapper wrappers.FeatureFlagsWrapper) {
-	agentSupported := !containsIgnoreCase(containerEngineUnsupportedAgents, agent)
-	containerEngineCLIEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagsWrapper, wrappers.ContainerEngineCLIEnabled)
-	wrappers.IsContainersEnabled = containerEngineCLIEnabled.Status && agentSupported
+func setIsContainersEnabled(agent string) {
+	wrappers.IsContainersEnabled = !containsIgnoreCase(containerEngineUnsupportedAgents, agent)
 }
 
 func filterResultsByType(results *wrappers.ScanResultsCollection, excludedTypes map[string]struct{}) *wrappers.ScanResultsCollection {
@@ -1182,7 +1180,7 @@ func CreateScanReport(
 	reportList := strings.Split(reportTypes, ",")
 	results := &wrappers.ScanResultsCollection{}
 	setIsSCSEnabled(featureFlagsWrapper)
-	setIsContainersEnabled(agent, featureFlagsWrapper)
+	setIsContainersEnabled(agent)
 	summary, err := convertScanToResultsSummary(scan, resultsWrapper)
 	if err != nil {
 		return nil, err
@@ -2752,7 +2750,6 @@ func addPackageInformation(
 	scaPackageModel *[]wrappers.ScaPackageCollection,
 	scaTypeModel *[]wrappers.ScaTypeCollection,
 ) *wrappers.ScanResultsCollection {
-
 	locationsByID, typesByCVE := buildAuxiliaryScaMaps(resultsModel, scaPackageModel, scaTypeModel)
 	scaPackageMap := buildScaPackageMap(*scaPackageModel)
 

internal/commands/result_test.go

@@ -312,7 +312,6 @@ func TestRunGetResultsByScanIdSarifFormat(t *testing.T) {
 }
 func TestRunGetResultsByScanIdSarifFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sarif")
 	// Remove generated sarif file
 	removeFileBySuffix(t, printer.FormatSarif)
@@ -334,7 +333,6 @@ func TestRunGetResultsByScanIdSonarFormat(t *testing.T) {
 
 func TestRunGetResultsByScanIdSonarFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sonar")
 	// Remove generated sonar file
 	removeFile(t, fileName+"_"+printer.FormatSonar, printer.FormatJSON)
@@ -367,7 +365,6 @@ func TestDecodeHTMLEntitiesInResults(t *testing.T) {
 
 func TestRunGetResultsByScanIdJsonFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
 
 	// Remove generated json file
@@ -390,7 +387,6 @@ func TestRunGetResultsByScanIdSummaryJsonFormat(t *testing.T) {
 
 func TestRunGetResultsByScanIdSummaryJsonFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryJSON")
 
 	// Remove generated json file
@@ -406,7 +402,6 @@ func TestRunGetResultsByScanIdSummaryHtmlFormat(t *testing.T) {
 
 func TestRunGetResultsByScanIdSummaryHtmlFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryHTML")
 
 	// Remove generated html file
@@ -425,13 +420,11 @@ func TestRunGetResultsByScanIdSummaryMarkdownFormatWithContainers(t *testing.T)
 
 func TestRunGetResultsByScanIdSummaryConsoleFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryConsole")
 }
 
 func TestRunGetResultsByScanIdSummaryMarkdownFormat(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "markdown")
 	// Remove generated md file
 	removeFileBySuffix(t, "md")
@@ -480,7 +473,6 @@ func TestRunGetResultsByScanIdPDFFormat(t *testing.T) {
 
 func TestRunGetResultsByScanIdPDFFormatWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "pdf")
 	_, err := os.Stat(fmt.Sprintf("%s.%s", fileName, printer.FormatPDF))
 	assert.NilError(t, err, "Report file should exist for extension "+printer.FormatPDF)
@@ -769,7 +761,6 @@ func TestSBOMReportXML(t *testing.T) {
 
 func TestSBOMReportJsonWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sbom")
 	_, err := os.Stat(fmt.Sprintf("%s.%s", fileName+"_"+printer.FormatSbom, printer.FormatJSON))
 	assert.NilError(t, err, "Report file should exist for extension "+printer.FormatJSON)
@@ -779,7 +770,6 @@ func TestSBOMReportJsonWithContainers(t *testing.T) {
 
 func TestSBOMReportXMLWithContainers(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sbom", "--report-sbom-format", "CycloneDxXml")
 	_, err := os.Stat(fmt.Sprintf("%s.%s", fileName+"_"+printer.FormatSbom, printer.FormatXML))
 	assert.NilError(t, err, "Report file should exist for extension "+printer.FormatXML)
@@ -794,24 +784,14 @@ func TestRunGetResultsByScanIdGLFormat(t *testing.T) {
 }
 func TestRunResultsShow_ContainersFFIsOn_includeContainersResult(t *testing.T) {
 	clearFlags()
-	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
 	assertTypePresentJSON(t, params.ContainersType, 1)
 	// Remove generated json file
 	removeFileBySuffix(t, printer.FormatJSON)
 }
-func TestRunResultsShow_ContainersFFIsOff_excludeContainersResult(t *testing.T) {
-	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: false}
-	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
-	assertTypePresentJSON(t, params.ContainersType, 0)
-	// Remove generated json file
-	removeFileBySuffix(t, printer.FormatJSON)
-}
+
 func TestRunResultsShow_jetbrainsIsNotSupported_excludeContainersResult(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "jetbrains")
 	assertTypePresentJSON(t, params.ContainersType, 0)
 	// Remove generated json file
@@ -820,7 +800,6 @@ func TestRunResultsShow_jetbrainsIsNotSupported_excludeContainersResult(t *testi
 
 func TestRunResultsShow_EclipseIsNotSupported_excludeContainersResult(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "Eclipse")
 	assertTypePresentJSON(t, params.ContainersType, 0)
 	// Remove generated json file
@@ -829,7 +808,6 @@ func TestRunResultsShow_EclipseIsNotSupported_excludeContainersResult(t *testing
 
 func TestRunResultsShow_VsCodeIsNotSupported_excludeContainersResult(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "vs code")
 	assertTypePresentJSON(t, params.ContainersType, 0)
 	// Remove generated json file
@@ -838,7 +816,6 @@ func TestRunResultsShow_VsCodeIsNotSupported_excludeContainersResult(t *testing.
 
 func TestRunResultsShow_VisualStudioIsNotSupported_excludeContainersResult(t *testing.T) {
 	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "Visual Studio")
 	assertTypePresentJSON(t, params.ContainersType, 0)
 	// Remove generated json file
@@ -966,11 +943,7 @@ func assertResultsPresentSummaryJSON(t *testing.T, isResultsEnabled bool, scanTy
 		assert.Assert(t, false, "%s result summary should be present", scanType)
 	}
 }
-func TestRunGetResultsShow_ContainersFFOffAndResultsHasContainersResultsOnly_NilAssertion(t *testing.T) {
-	clearFlags()
-	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: false}
-	execCmdNilAssertion(t, "results", "show", "--scan-id", "CONTAINERS_ONLY", "--report-format", "summaryConsole")
-}
+
 func TestRunGetResultsByScanIdGLSastAndAScaFormat(t *testing.T) {
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "gl-sast,gl-sca")
 	// Run test for gl-sast report type
@@ -1229,7 +1202,7 @@ func TestGetResultsSummaryConsoleFormatWithCriticalDisabled(t *testing.T) {
 	stdoutString := buffer.String()
 	fmt.Print(stdoutString)
 
-	totalSummary := "| TOTAL           N/A       5        1       1      0   Completed   |"
+	totalSummary := "| TOTAL           N/A       5        2       1      0   Completed   |"
 	assert.Equal(t, strings.Contains(stdoutString, totalSummary), true,
 		"Expected Total summary without critical:"+totalSummary)
 
@@ -1248,7 +1221,7 @@ func Test_enhanceWithScanSummary(t *testing.T) {
 			name:    "scan summary with no vulnerabilities",
 			summary: createEmptyResultSummary(),
 			results: &wrappers.ScanResultsCollection{
-				Results:    nil,
+				Results:    []*wrappers.ScanResult{},
 				TotalCount: 0,
 				ScanID:     "MOCK",
 			},
@@ -1266,17 +1239,21 @@ func Test_enhanceWithScanSummary(t *testing.T) {
 }
 
 func createEmptyResultSummary() *wrappers.ResultSummary {
+	var containersIssues = new(int)
+	*containersIssues = 0
+
 	return &wrappers.ResultSummary{
-		TotalIssues:    0,
-		CriticalIssues: 0,
-		HighIssues:     0,
-		MediumIssues:   0,
-		LowIssues:      0,
-		InfoIssues:     0,
-		SastIssues:     0,
-		ScaIssues:      0,
-		KicsIssues:     0,
-		SCSOverview:    &wrappers.SCSOverview{},
+		TotalIssues:      0,
+		CriticalIssues:   0,
+		HighIssues:       0,
+		MediumIssues:     0,
+		LowIssues:        0,
+		InfoIssues:       0,
+		SastIssues:       0,
+		ScaIssues:        0,
+		KicsIssues:       0,
+		ContainersIssues: containersIssues,
+		SCSOverview:      &wrappers.SCSOverview{},
 		APISecurity: wrappers.APISecResult{
 			APICount:        0,
 			TotalRisksCount: 0,