pre receive validate command

cx-anjali-deore · cx-anjali-deore · commit ce1c5673a9db · 2025-07-21T18:33:39.000+05:30
diff --git a/internal/commands/pre-receive.go b/internal/commands/pre-receive.go
@@ -1,10 +1,17 @@
 package commands
 
 import (
+	"fmt"
 	prereceive "github.com/Checkmarx/secret-detection/pkg/hooks/pre-receive"
 	"github.com/MakeNowJust/heredoc"
+	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/spf13/cobra"
+	"log"
+)
+
+const (
+	SuccessFullSecretsLicenceValidation = "Successfully Validated the Enterprise Secrets licence!"
 )
 
 func PreReceiveCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Command {
@@ -18,12 +25,13 @@ func PreReceiveCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Command {
 			`,
 		),
 	}
-	preReceiveCmd.AddCommand(scanSecretsPreReceiveCommand(jwtWrapper))
+	preReceiveCmd.AddCommand(scanSecretsPreReceiveCommand())
+	preReceiveCmd.AddCommand(validateSecretsLicence(jwtWrapper))
 
 	return preReceiveCmd
 }
 
-func scanSecretsPreReceiveCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Command {
+func scanSecretsPreReceiveCommand() *cobra.Command {
 	var configFile string
 	scanPrereceiveCmd := &cobra.Command{
 		Use:   "secrets-scan",
@@ -35,9 +43,6 @@ func scanSecretsPreReceiveCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Command
 		    $ cx hooks pre-receive secrets-scan --config /path/to/config.yaml		
 			`,
 		),
-		PreRunE: func(cmd *cobra.Command, args []string) error {
-			return validateLicense(jwtWrapper)
-		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return prereceive.Scan(configFile)
 		},
@@ -47,3 +52,32 @@ func scanSecretsPreReceiveCommand(jwtWrapper wrappers.JWTWrapper) *cobra.Command
 
 	return scanPrereceiveCmd
 }
+
+func validateSecretsLicence(jwtWrapper wrappers.JWTWrapper) *cobra.Command {
+	validateLicence := &cobra.Command{
+		Use:   "validate",
+		Short: "Validates the license for pre-receive secret detection",
+		Long:  "Validates the license for pre-receive secret detection",
+		Example: heredoc.Doc(
+			`
+		    $ cx hooks pre-receive validate
+			`,
+		),
+		RunE: checkLicence(jwtWrapper),
+	}
+	return validateLicence
+}
+
+func checkLicence(jwtWrapper wrappers.JWTWrapper) func(cmd *cobra.Command, args []string) error {
+	return func(cmd *cobra.Command, args []string) error {
+		isAllowed, err := jwtWrapper.IsAllowedEngine(params.EnterpriseSecretsLabel)
+		if err != nil {
+			log.Fatalf("%s: %s", "Failed licence check", err)
+		}
+		if !isAllowed {
+			log.Fatalf("Error: License validation failed. Please ensure your CxOne license includes Enterprise Secrets")
+		}
+		_, _ = fmt.Fprintln(cmd.OutOrStdout(), SuccessFullSecretsLicenceValidation)
+		return nil
+	}
+}
diff --git a/internal/commands/pre_receive_test.go b/internal/commands/pre_receive_test.go
@@ -47,3 +47,11 @@ func TestPreReceiveCommand_withWrongFlagConfig(t *testing.T) {
 	)
 	assert.NotNil(t, err)
 }
+
+func TestPreReceiveCommand_Licence_success(t *testing.T) {
+	cmd := createASTTestCommand()
+	err := executeTestCommand(
+		cmd,
+		"hooks", "pre-receive", "validate")
+	assert.Nil(t, err)
+}
diff --git a/internal/wrappers/mock/jwt-helper-mock.go b/internal/wrappers/mock/jwt-helper-mock.go
@@ -13,13 +13,15 @@ type JWTMockWrapper struct {
 
 const AIProtectionDisabled = 1
 
+var engines = []string{"sast", "sca", "api-security", "iac-security", "scs", "containers", "enterprise-secrets"}
+
 // GetAllowedEngines mock for tests
 func (j *JWTMockWrapper) GetAllowedEngines(featureFlagsWrapper wrappers.FeatureFlagsWrapper) (allowedEngines map[string]bool, err error) {
 	if j.CustomGetAllowedEngines != nil {
 		return j.CustomGetAllowedEngines(featureFlagsWrapper)
 	}
 	allowedEngines = make(map[string]bool)
-	engines := []string{"sast", "iac-security", "sca", "api-security", "containers", "scs"}
+
 	for _, value := range engines {
 		allowedEngines[strings.ToLower(value)] = true
 	}
diff --git a/test/integration/pre-receive_test.go b/test/integration/pre-receive_test.go
@@ -270,6 +270,17 @@ func TestPreReceive_IgnoreFolderExclusion_ConfigFile(t *testing.T) {
 	assert.Contains(t, outputString, "No secrets detected by Cx Secret Scanner")
 }
 
+func TestPre_Receive_Validate_Command_success(t *testing.T) {
+	args := []string{
+		"hooks",
+		"pre-receive",
+		"validate",
+	}
+
+	err, _ := executeCommand(t, args...)
+	assert.NoError(t, err, "Error should be nil")
+}
+
 func setGlobalGitAccount(t *testing.T, repoName string) {
 	// Set global git config
 	username := os.Getenv("GITHUB_ACTOR")

Original file line number	Diff line number	Diff line change
`@@ -47,3 +47,11 @@ func TestPreReceiveCommand_withWrongFlagConfig(t *testing.T) {`
`47`	`47`	`)`
`48`	`48`	`assert.NotNil(t, err)`
`49`	`49`	`}`
	`50`	`+`
	`51`	`+func TestPreReceiveCommand_Licence_success(t *testing.T) {`
	`52`	`+ cmd := createASTTestCommand()`
	`53`	`+ err := executeTestCommand(`
	`54`	`+ cmd,`
	`55`	`+ "hooks", "pre-receive", "validate")`
	`56`	`+ assert.Nil(t, err)`
	`57`	`+}`