Merge branch 'main' into CM-40909-supports-go-restore

# Conflicts: # cycode/cli/files_collector/sca/base_restore_dependencies.py # cycode/cli/files_collector/sca/maven/restore_gradle_dependencies.py # cycode/cli/files_collector/sca/npm/restore_npm_dependencies.py # cycode/cli/files_collector/sca/sca_code_scanner.py # cycode/cli/utils/shell_executor.py
cycodehq · Oct 21, 2024 · c017636 · c017636
2 parents dde8b9a + 68ad6c8
commit c017636
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 31 deletions.
diff --git a/cycode/cli/consts.py b/cycode/cli/consts.py
@@ -48,7 +48,7 @@
     '.model',
 )
 
-SCA_CONFIGURATION_SCAN_SUPPORTED_FILES = (
+SCA_CONFIGURATION_SCAN_SUPPORTED_FILES = (  # keep in lowercase
     'cargo.lock',
     'cargo.toml',
     'composer.json',
@@ -82,6 +82,8 @@
     'setup.py',
     'mix.exs',
     'mix.lock',
+    'package.swift',
+    'package.resolved',
 )
 
 SCA_EXCLUDED_PATHS = ('node_modules',)
@@ -101,6 +103,7 @@
     'pypi_requirements': ['requirements.txt'],
     'pypi_setup': ['setup.py'],
     'hex': ['mix.exs', 'mix.lock'],
+    'swift_pm': ['Package.swift', 'Package.resolved'],
 }
 
 COMMIT_RANGE_SCAN_SUPPORTED_SCAN_TYPES = [SECRET_SCAN_TYPE, SCA_SCAN_TYPE]

diff --git a/cycode/cli/files_collector/sca/base_restore_dependencies.py b/cycode/cli/files_collector/sca/base_restore_dependencies.py
@@ -14,10 +14,14 @@ def build_dep_tree_path(path: str, generated_file_name: str) -> str:
 
 
 def execute_command(
-    command: List[str], file_name: str, command_timeout: int, dependencies_file_name: str = None
+    command: List[str], file_name: str, command_timeout: int, dependencies_file_name: Optional[str] = None
 ) -> Optional[str]:
     try:
-        dependencies = shell(command=command, timeout=command_timeout, output_file_path=dependencies_file_name)
+        dependencies = shell(command=command, timeout=command_timeout)
+        # Write stdout output to the file if output_file_path is provided
+        if dependencies_file_name:
+            with open(dependencies_file_name, 'w') as output_file:
+                output_file.write(dependencies)
     except Exception as e:
         logger.debug('Failed to restore dependencies via shell command, %s', {'filename': file_name}, exc_info=e)
         return None
@@ -27,7 +31,7 @@ def execute_command(
 
 class BaseRestoreDependencies(ABC):
     def __init__(
-        self, context: click.Context, is_git_diff: bool, command_timeout: int, create_output_file_manually: bool
+        self, context: click.Context, is_git_diff: bool, command_timeout: int, create_output_file_manually: bool = False
     ) -> None:
         self.context = context
         self.is_git_diff = is_git_diff

diff --git a/cycode/cli/files_collector/sca/maven/restore_gradle_dependencies.py b/cycode/cli/files_collector/sca/maven/restore_gradle_dependencies.py
@@ -9,12 +9,11 @@
 BUILD_GRADLE_FILE_NAME = 'build.gradle'
 BUILD_GRADLE_KTS_FILE_NAME = 'build.gradle.kts'
 BUILD_GRADLE_DEP_TREE_FILE_NAME = 'gradle-dependencies-generated.txt'
-OUTPUT_FILE_MANUALLY = True
 
 
 class RestoreGradleDependencies(BaseRestoreDependencies):
     def __init__(self, context: click.Context, is_git_diff: bool, command_timeout: int) -> None:
-        super().__init__(context, is_git_diff, command_timeout, OUTPUT_FILE_MANUALLY)
+        super().__init__(context, is_git_diff, command_timeout, create_output_file_manually=True)
 
     def is_project(self, document: Document) -> bool:
         return document.path.endswith(BUILD_GRADLE_FILE_NAME) or document.path.endswith(BUILD_GRADLE_KTS_FILE_NAME)
@@ -27,6 +26,3 @@ def get_lock_file_name(self) -> str:
 
     def verify_restore_file_already_exist(self, restore_file_path: str) -> bool:
         return os.path.isfile(restore_file_path)
-
-    def prepare_tree_file_path_for_command(self, manifest_file_path: str) -> str:
-        return '/' + manifest_file_path.strip('/' + BUILD_GRADLE_FILE_NAME) + '/' + BUILD_GRADLE_DEP_TREE_FILE_NAME
diff --git a/cycode/cli/files_collector/sca/npm/restore_npm_dependencies.py b/cycode/cli/files_collector/sca/npm/restore_npm_dependencies.py
@@ -9,12 +9,11 @@
 NPM_PROJECT_FILE_EXTENSIONS = ['.json']
 NPM_LOCK_FILE_NAME = 'package-lock.json'
 NPM_MANIFEST_FILE_NAME = 'package.json'
-OUTPUT_FILE_MANUALLY = False
 
 
 class RestoreNpmDependencies(BaseRestoreDependencies):
     def __init__(self, context: click.Context, is_git_diff: bool, command_timeout: int) -> None:
-        super().__init__(context, is_git_diff, command_timeout, OUTPUT_FILE_MANUALLY)
+        super().__init__(context, is_git_diff, command_timeout)
 
     def is_project(self, document: Document) -> bool:
         return any(document.path.endswith(ext) for ext in NPM_PROJECT_FILE_EXTENSIONS)
@@ -37,4 +36,4 @@ def verify_restore_file_already_exist(self, restore_file_path: str) -> bool:
         return os.path.isfile(restore_file_path)
 
     def prepare_manifest_file_path_for_command(self, manifest_file_path: str) -> str:
-        return '/' + manifest_file_path.strip('/' + NPM_MANIFEST_FILE_NAME)
+        return manifest_file_path.replace(os.sep + NPM_MANIFEST_FILE_NAME, '')
diff --git a/cycode/cli/files_collector/sca/sca_code_scanner.py b/cycode/cli/files_collector/sca/sca_code_scanner.py
@@ -5,7 +5,6 @@
 
 from cycode.cli import consts
 from cycode.cli.files_collector.sca.base_restore_dependencies import BaseRestoreDependencies
-from cycode.cli.files_collector.sca.go.restore_go_dependencies import RestoreGoDependencies
 from cycode.cli.files_collector.sca.maven.restore_gradle_dependencies import RestoreGradleDependencies
 from cycode.cli.files_collector.sca.maven.restore_maven_dependencies import RestoreMavenDependencies
 from cycode.cli.files_collector.sca.npm.restore_npm_dependencies import RestoreNpmDependencies
@@ -21,7 +20,6 @@
 BUILD_GRADLE_DEP_TREE_TIMEOUT = 180
 BUILD_NUGET_DEP_TREE_TIMEOUT = 180
 BUILD_NPM_DEP_TREE_TIMEOUT = 180
-BUILD_GO_DEP_TREE_TIMEOUT = 180
 
 
 def perform_pre_commit_range_scan_actions(
@@ -137,7 +135,6 @@ def restore_handlers(context: click.Context, is_git_diff: bool) -> List[BaseRest
         RestoreMavenDependencies(context, is_git_diff, BUILD_GRADLE_DEP_TREE_TIMEOUT),
         RestoreNugetDependencies(context, is_git_diff, BUILD_NUGET_DEP_TREE_TIMEOUT),
         RestoreNpmDependencies(context, is_git_diff, BUILD_NPM_DEP_TREE_TIMEOUT),
-        RestoreGoDependencies(context, is_git_diff, BUILD_GO_DEP_TREE_TIMEOUT),
     ]
 
 

diff --git a/cycode/cli/utils/shell_executor.py b/cycode/cli/utils/shell_executor.py
@@ -8,28 +8,14 @@
 _SUBPROCESS_DEFAULT_TIMEOUT_SEC = 60
 
 
-def shell(
-    command: Union[str, List[str]],
-    timeout: int = _SUBPROCESS_DEFAULT_TIMEOUT_SEC,
-    output_file_path: Optional[str] = None,
-) -> Optional[str]:
+def shell(command: Union[str, List[str]], timeout: int = _SUBPROCESS_DEFAULT_TIMEOUT_SEC) -> Optional[str]:
     logger.debug('Executing shell command: %s', command)
 
     try:
         result = subprocess.run(  # noqa: S603
-            command,
-            timeout=timeout,
-            shell=False,
-            check=True,
-            capture_output=True,
-            text=True,
+            command, timeout=timeout, check=True, capture_output=True
         )
 
-        # Write stdout output to the file if output_file_path is provided
-        if output_file_path:
-            with open(output_file_path, 'w') as output_file:
-                output_file.write(result.stdout)
-
         return result.stdout.decode('UTF-8').strip()
     except subprocess.CalledProcessError as e:
         logger.debug('Error occurred while running shell command', exc_info=e)