diff --git a/go.mod b/go.mod index 329abfe7e..fcdceb717 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/spf13/cobra v1.7.0 github.com/spf13/viper v1.16.0 github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 - golang.org/x/crypto v0.11.0 + golang.org/x/crypto v0.12.0 gotest.tools v2.2.0+incompatible ) @@ -33,8 +33,8 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect - golang.org/x/sys v0.10.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 4ff4eae15..6d6c53314 100644 --- a/go.sum +++ b/go.sum @@ -1074,8 +1074,8 @@ golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1340,8 +1340,9 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1352,7 +1353,7 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1369,8 +1370,8 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/internal/commands/result.go b/internal/commands/result.go index c8f0df91d..0662364bf 100644 --- a/internal/commands/result.go +++ b/internal/commands/result.go @@ -75,6 +75,7 @@ const ( scaLastScanTimeFlagDescription = "SCA last scan time. Available options: integer above 1" projectPrivatePackageFlagDescription = "Enable or disable project private package. Available options: true,false" scaPrivatePackageVersionFlagDescription = "SCA project private package version. Example: 0.1.1" + policeManagementNoneStatus = "none" ) var filterResultsListFlagUsage = fmt.Sprintf( @@ -493,7 +494,7 @@ func writeConsoleSummary(summary *wrappers.ResultSummary) error { " API Security - Total Detected APIs: %d \n", summary.APISecurity.APICount) } - if summary.Policies != nil { + if summary.Policies != nil && !strings.EqualFold(summary.Policies.Status, policeManagementNoneStatus) { fmt.Printf(" ----------------------------------- \n\n") if summary.Policies.BreakBuild { fmt.Printf(" Policy Management Violation - Break Build Enabled: \n") @@ -541,7 +542,7 @@ func writeConsoleSummary(summary *wrappers.ResultSummary) error { } else { fmt.Printf(" | SCA: %*d| \n", defaultPaddingSize, summary.ScaIssues) } - fmt.Printf("\n") + fmt.Printf(" ----------------------------------- \n\n") fmt.Printf(" Checkmarx One - Scan Summary & Details: %s\n", summary.BaseURI) } else { fmt.Printf("Scan executed in asynchronous mode or still running. Hence, no results generated.\n") diff --git a/internal/commands/util/learnmore.go b/internal/commands/util/learnmore.go index c1b2aa9d4..b1d734b0e 100644 --- a/internal/commands/util/learnmore.go +++ b/internal/commands/util/learnmore.go @@ -1,14 +1,15 @@ package util +// nolint:goimports import ( - "log" - "github.com/MakeNowJust/heredoc" "github.com/checkmarx/ast-cli/internal/commands/util/printer" "github.com/checkmarx/ast-cli/internal/params" "github.com/checkmarx/ast-cli/internal/wrappers" "github.com/pkg/errors" "github.com/spf13/cobra" + "html" + "log" ) const defaultFormat = "list" @@ -100,9 +101,9 @@ func toLearnMoreResponseView(response *[]*wrappers.LearnMoreResponse) interface{ QueryName: resp.QueryName, QueryDescriptionID: resp.QueryDescriptionID, ResultDescription: resp.ResultDescription, - Risk: resp.Risk, - Cause: resp.Cause, - GeneralRecommendations: resp.GeneralRecommendations, + Risk: html.EscapeString(resp.Risk), + Cause: html.EscapeString(resp.Cause), + GeneralRecommendations: html.EscapeString(resp.GeneralRecommendations), Samples: addSampleResponses(resp.Samples), }, ) diff --git a/internal/params/filters.go b/internal/params/filters.go index a2eef8942..2404e6305 100644 --- a/internal/params/filters.go +++ b/internal/params/filters.go @@ -128,6 +128,8 @@ var BaseFilters = []string{ "*.plist", "go.mod", "go.sum", + "Podfile", + "Podfile.lock", } var KicsBaseFilters = []string{ diff --git a/internal/wrappers/results-http.go b/internal/wrappers/results-http.go index ee388ec1b..4e832b923 100644 --- a/internal/wrappers/results-http.go +++ b/internal/wrappers/results-http.go @@ -61,6 +61,7 @@ func (r *ResultsHTTPWrapper) GetAllResultsByScanID(params map[string]string) ( if err != nil { return nil, nil, errors.Wrapf(err, failedToParseGetResults) } + return &model, nil, nil default: return nil, nil, errors.Errorf("response status code %d", resp.StatusCode) diff --git a/internal/wrappers/results-modifier.go b/internal/wrappers/results-modifier.go index 9ee29117e..4019f6d0c 100644 --- a/internal/wrappers/results-modifier.go +++ b/internal/wrappers/results-modifier.go @@ -4,6 +4,7 @@ import ( "bytes" "encoding/json" "fmt" + "html" "strings" "github.com/checkmarx/ast-cli/internal/logger" @@ -54,12 +55,22 @@ func (s *ScanResult) UnmarshalJSON(data []byte) error { s.Status = strings.TrimSpace(s.Status) s.State = strings.TrimSpace(s.State) s.Severity = strings.TrimSpace(s.Severity) - if s.Description == "" && s.ScanResultData.Description != "" { s.Description = s.ScanResultData.Description s.ScanResultData.Description = "" + } else { + s.Description = html.EscapeString(s.Description) + s.ScanResultData.Description = html.EscapeString(s.ScanResultData.Description) + } + if s.ScanResultData.Nodes != nil { + for _, node := range s.ScanResultData.Nodes { + if node.Name == "" { + continue + } + node.Name = html.EscapeString(node.Name) + node.FullName = html.EscapeString(node.FullName) + } } - // Convert markdown description to html description s.DescriptionHTML = string(markdown.ToHTML([]byte(s.Description), nil, nil)) diff --git a/internal/wrappers/scan-kics-realtime.go b/internal/wrappers/scan-kics-realtime.go index e7d686e63..9ce1b3838 100644 --- a/internal/wrappers/scan-kics-realtime.go +++ b/internal/wrappers/scan-kics-realtime.go @@ -24,7 +24,7 @@ type KicsFiles struct { Line uint `json:"line"` IssueType string `json:"issue_type"` SearchKey string `json:"search_key"` - SearchLine uint `json:"search_line"` + SearchLine int `json:"search_line"` SearchValue string `json:"search_value"` ExpectedValue string `json:"expected_value"` ActualValue string `json:"actual_value"`