From c989616b5ed6574921fba27d1b112f063696ab66 Mon Sep 17 00:00:00 2001 From: Keren Reshef Date: Mon, 28 Oct 2024 13:15:05 +0200 Subject: [PATCH] Audit - Do not copy Visual Studio inner folder when building dependency tree (#205) --- commands/audit/sca/common.go | 5 +++++ commands/audit/sca/nuget/nuget.go | 3 ++- commands/audit/sca/pnpm/pnpm.go | 5 ++++- commands/audit/sca/python/python.go | 5 +++-- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/commands/audit/sca/common.go b/commands/audit/sca/common.go index 6f60e886..901ae18c 100644 --- a/commands/audit/sca/common.go +++ b/commands/audit/sca/common.go @@ -21,6 +21,11 @@ import ( xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils" ) +const ( + // Visual Studio inner directory. + DotVsRepoSuffix = ".vs" +) + var CurationErrorMsgToUserTemplate = "Failed to retrieve the dependencies tree for the %s project. Please contact your " + "Artifactory administrator to verify pass-through for Curation audit is enabled for your project" diff --git a/commands/audit/sca/nuget/nuget.go b/commands/audit/sca/nuget/nuget.go index 125eb8d1..d34c4e47 100644 --- a/commands/audit/sca/nuget/nuget.go +++ b/commands/audit/sca/nuget/nuget.go @@ -65,7 +65,8 @@ func BuildDependencyTree(params utils.AuditParams) (dependencyTree []*xrayUtils. err = errors.Join(err, fileutils.RemoveTempDir(tmpWd)) }() - err = biutils.CopyDir(wd, tmpWd, true, nil) + // Exclude Visual Studio inner directorty since it is not neccessary for the scan process and may cause race condition. + err = biutils.CopyDir(wd, tmpWd, true, []string{sca.DotVsRepoSuffix}) if err != nil { err = fmt.Errorf("failed copying project to temp dir: %w", err) return diff --git a/commands/audit/sca/pnpm/pnpm.go b/commands/audit/sca/pnpm/pnpm.go index de324b2d..aec0f134 100644 --- a/commands/audit/sca/pnpm/pnpm.go +++ b/commands/audit/sca/pnpm/pnpm.go @@ -13,6 +13,7 @@ import ( "golang.org/x/exp/maps" "golang.org/x/exp/slices" + "github.com/jfrog/jfrog-cli-security/commands/audit/sca" "github.com/jfrog/jfrog-cli-security/commands/audit/sca/npm" "github.com/jfrog/jfrog-cli-security/utils" "github.com/jfrog/jfrog-cli-security/utils/techutils" @@ -115,7 +116,9 @@ func installProjectIfNeeded(pnpmExecPath, workingDir string) (dirForDependencies err = errors.Join(err, fileutils.RemoveTempDir(dirForDependenciesCalculation)) } }() - err = biutils.CopyDir(workingDir, dirForDependenciesCalculation, true, nil) + + // Exclude Visual Studio inner directorty since it is not neccessary for the scan process and may cause race condition. + err = biutils.CopyDir(workingDir, dirForDependenciesCalculation, true, []string{sca.DotVsRepoSuffix}) if err != nil { err = fmt.Errorf("failed copying project to temp dir: %w", err) return diff --git a/commands/audit/sca/python/python.go b/commands/audit/sca/python/python.go index afef19d8..eaff7e2e 100644 --- a/commands/audit/sca/python/python.go +++ b/commands/audit/sca/python/python.go @@ -94,7 +94,8 @@ func getDependencies(auditPython *AuditPython) (dependenciesGraph map[string][]s ) }() - err = biutils.CopyDir(wd, tempDirPath, true, nil) + // Exclude Visual Studio inner directorty since it is not neccessary for the scan process and may cause race condition. + err = biutils.CopyDir(wd, tempDirPath, true, []string{sca.DotVsRepoSuffix}) if err != nil { return } @@ -439,4 +440,4 @@ func populatePythonDependencyTree(currNode *xrayUtils.GraphNode, dependenciesGra currNode.Nodes = append(currNode.Nodes, childNode) populatePythonDependencyTree(childNode, dependenciesGraph, uniqueDepsSet) } -} +} \ No newline at end of file