From 33f766fefd83ec6eb2916aacf123866814cca57a Mon Sep 17 00:00:00 2001
From: Assaf Attias <49212512+attiasas@users.noreply.github.com>
Date: Thu, 2 Jan 2025 12:55:38 +0200
Subject: [PATCH] Fix and add tests for Jas Violations (#273)

---
 .github/workflows/test.yml |  1 +
 audit_test.go              |  4 ++--
 go.mod                     |  2 +-
 go.sum                     |  4 ++--
 xsc_test.go                | 12 ++++++++----
 5 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4dc0f409..48e5175a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -22,6 +22,7 @@ env:
   GRADLE_OPTS: -Dorg.gradle.daemon=false
   CI: true
   JFROG_CLI_LOG_LEVEL: DEBUG
+  JFROG_SECURITY_CLI_TESTS_JFROG_PLATFORM_PROJECT_KEY: ${{ var.JFROG_TEST_PROJECT_KEY }}
 
 jobs:
   Pretest:
diff --git a/audit_test.go b/audit_test.go
index 8393b677..0f08f63e 100644
--- a/audit_test.go
+++ b/audit_test.go
@@ -816,7 +816,7 @@ type auditCommandTestParams struct {
 }
 
 // run audit command with different flags and params for integration tests
-func testAuditCommand(t *testing.T, testCli *coreTests.JfrogCli, params auditCommandTestParams) string {
+func testAuditCommand(t *testing.T, testCli *coreTests.JfrogCli, params auditCommandTestParams) (string, error) {
 	args := []string{"audit"}
 	if len(params.WorkingDirsToScan) > 0 {
 		args = append(args, "--working-dirs="+strings.Join(params.WorkingDirsToScan, ","))
@@ -846,5 +846,5 @@ func testAuditCommand(t *testing.T, testCli *coreTests.JfrogCli, params auditCom
 	if params.WithVuln {
 		args = append(args, "--vuln")
 	}
-	return testCli.RunCliCmdWithOutput(t, args...)
+	return testCli.RunCliCmdWithOutputs(t, args...)
 }
diff --git a/go.mod b/go.mod
index 2eb9ed0c..bb324514 100644
--- a/go.mod
+++ b/go.mod
@@ -114,7 +114,7 @@ require (
 
 replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20241230154616-e342ed5065f1
 
-// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250101110857-b26e9a6644c6
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev
 
diff --git a/go.sum b/go.sum
index 8685e030..25024829 100644
--- a/go.sum
+++ b/go.sum
@@ -127,8 +127,8 @@ github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s=
 github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-core/v2 v2.57.5 h1:guVB/zPPtS8CWpNvAFPCxNvSgVra4TyX8lzs4V4+I/4=
-github.com/jfrog/jfrog-cli-core/v2 v2.57.5/go.mod h1:LfKvCRXbvwgE0V6aX3/GabkzCedghXq0Y6lmsEuxr44=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250101110857-b26e9a6644c6 h1:/i1sIQS0q0gRN531ChVToQWcjaVZOKZ4KuGk7j7vDTc=
+github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20250101110857-b26e9a6644c6/go.mod h1:LfKvCRXbvwgE0V6aX3/GabkzCedghXq0Y6lmsEuxr44=
 github.com/jfrog/jfrog-client-go v1.28.1-0.20241230154616-e342ed5065f1 h1:JQvbTSPDkPNpts1NLHGTKvtG4cMFY1ptBHTNMYFyMhs=
 github.com/jfrog/jfrog-client-go v1.28.1-0.20241230154616-e342ed5065f1/go.mod h1:2ySOMva54L3EYYIlCBYBTcTgqfrrQ19gtpA/MWfA/ec=
 github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
diff --git a/xsc_test.go b/xsc_test.go
index b081d8f0..96f92eba 100644
--- a/xsc_test.go
+++ b/xsc_test.go
@@ -15,6 +15,7 @@ import (
 	"github.com/jfrog/jfrog-cli-security/cli"
 	"github.com/jfrog/jfrog-cli-security/cli/docs"
 	"github.com/jfrog/jfrog-cli-security/utils/formats"
+	"github.com/jfrog/jfrog-cli-security/utils/results"
 	"github.com/jfrog/jfrog-cli-security/utils/validations"
 	"github.com/jfrog/jfrog-cli-security/utils/xsc"
 
@@ -70,7 +71,8 @@ func TestXscAuditViolationsWithIgnoreRule(t *testing.T) {
 	_, cleanUpWatch := securityTestUtils.CreateWatchForTests(t, policyName, "git-repo-ignore-rule-watch", xscutils.GetGitRepoUrlKey(validations.TestMockGitInfo.GitRepoHttpsCloneUrl))
 	defer cleanUpWatch()
 	// Run the audit command with git repo and verify violations are reported to the platform.
-	output := testAuditCommand(t, cliToRun, auditCommandTestParams{Format: string(format.SimpleJson), WithLicense: true, WithVuln: true})
+	output, err := testAuditCommand(t, cliToRun, auditCommandTestParams{Format: string(format.SimpleJson), WithLicense: true, WithVuln: true})
+	assert.NoError(t, err)
 	validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
 		Total: &validations.TotalCount{Licenses: 3, Violations: 26, Vulnerabilities: 39},
 		// Check that we have at least one violation for each scan type. (IAC is not supported yet)
@@ -93,7 +95,8 @@ func TestXscAuditViolationsWithIgnoreRule(t *testing.T) {
 	})
 	defer cleanSastUpIgnoreRule()
 	// Run the audit command and verify no issues. (all violations are ignored)
-	output = testAuditCommand(t, cliToRun, auditCommandTestParams{Format: string(format.SimpleJson)})
+	output, err = testAuditCommand(t, cliToRun, auditCommandTestParams{Format: string(format.SimpleJson)})
+	assert.NoError(t, err)
 	validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ExactResultsMatch: true, Total: &validations.TotalCount{}, Violations: &validations.ViolationCount{ValidateScan: &validations.ScanCount{}}})
 }
 
@@ -111,12 +114,13 @@ func TestAuditJasViolationsProjectKeySimpleJson(t *testing.T) {
 	_, cleanUpProject := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(tests.GetTestResourcesPath()), "projects", "jas", "jas"))
 	defer cleanUpProject()
 	// Create policy and watch for the project so we will get violations (unknown = all vulnerabilities will be reported as violations)
-	policyName, cleanUpPolicy := securityTestUtils.CreateTestSecurityPolicy(t, "project-key-jas-violations-policy", utils.Unknown, false)
+	policyName, cleanUpPolicy := securityTestUtils.CreateTestSecurityPolicy(t, "project-key-jas-violations-policy", utils.Unknown, true)
 	defer cleanUpPolicy()
 	_, cleanUpWatch := securityTestUtils.CreateTestProjectKeyWatch(t, policyName, "project-key-jas-violations-watch", *tests.JfrogTestProjectKey)
 	defer cleanUpWatch()
 	// Run the audit command with project key and verify violations are reported.
-	output := testAuditCommand(t, cliToRun, auditCommandTestParams{Format: string(format.SimpleJson), ProjectKey: *tests.JfrogTestProjectKey})
+	output, err := testAuditCommand(t, cliToRun, auditCommandTestParams{Format: string(format.SimpleJson), ProjectKey: *tests.JfrogTestProjectKey})
+	assert.ErrorContains(t, err, results.NewFailBuildError().Error())
 	validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
 		Total: &validations.TotalCount{Violations: 14},
 		// Check that we have at least one violation for each scan type. (IAC is not supported yet)