From 97cc1e21dfe499283d0da8e0e3fc0297602f979d Mon Sep 17 00:00:00 2001 From: Dima R <90623914+cx-dmitri-rivin@users.noreply.github.com> Date: Tue, 15 Jul 2025 11:52:21 +0300 Subject: [PATCH 1/5] bug fixed --- internal/commands/scan.go | 7 ++++--- internal/commands/scan_test.go | 36 +++++++++++++++++++++++++--------- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 3c5b9306b..7ead1a1ee 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -1118,7 +1118,8 @@ func addContainersScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (ma containerMapConfig[resultsMapType] = commonParams.ContainersType containerConfig := wrappers.ContainerConfig{} - initializeContainersConfigWithResubmitValues(resubmitConfig, &containerConfig) + containerResolveLocally, _ := cmd.Flags().GetBool(commonParams.ContainerResolveLocallyFlag) + initializeContainersConfigWithResubmitValues(resubmitConfig, &containerConfig, containerResolveLocally) fileFolderFilter, _ := cmd.PersistentFlags().GetString(commonParams.ContainersFileFolderFilterFlag) if fileFolderFilter != "" { @@ -1152,7 +1153,7 @@ func addContainersScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (ma return containerMapConfig, nil } -func initializeContainersConfigWithResubmitValues(resubmitConfig []wrappers.Config, containerConfig *wrappers.ContainerConfig) { +func initializeContainersConfigWithResubmitValues(resubmitConfig []wrappers.Config, containerConfig *wrappers.ContainerConfig, containerResolveLocally bool) { for _, config := range resubmitConfig { if config.Type != commonParams.ContainersType { continue @@ -1174,7 +1175,7 @@ func initializeContainersConfigWithResubmitValues(resubmitConfig []wrappers.Conf containerConfig.ImagesFilter = resubmitImagesFilter.(string) } resubmitUserCustomImages := config.Value[ConfigUserCustomImagesKey] - if resubmitUserCustomImages != nil && resubmitUserCustomImages != "" { + if resubmitUserCustomImages != nil && resubmitUserCustomImages != "" && !containerResolveLocally { containerConfig.UserCustomImages = resubmitUserCustomImages.(string) } } diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go index 83954a5a9..eed7cf9fd 100644 --- a/internal/commands/scan_test.go +++ b/internal/commands/scan_test.go @@ -1827,12 +1827,13 @@ func TestAddContainersScan_WithCustomImages_ShouldSetUserCustomImages(t *testing func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testing.T) { // Define test cases testCases := []struct { - name string - resubmitConfig []wrappers.Config - expectedCustomImages string + name string + resubmitConfig []wrappers.Config + containerResolveLocally bool + expectedCustomImages string }{ { - name: "When UserCustomImages is valid string, it should be set in containerConfig", + name: "When UserCustomImages is valid string and ContainerResolveLocally is false, it should be set in containerConfig", resubmitConfig: []wrappers.Config{ { Type: commonParams.ContainersType, @@ -1841,7 +1842,21 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin }, }, }, - expectedCustomImages: "image1:tag1,image2:tag2", + containerResolveLocally: false, + expectedCustomImages: "image1:tag1,image2:tag2", + }, + { + name: "When UserCustomImages is valid string and ContainerResolveLocally is true, it should not be set in containerConfig", + resubmitConfig: []wrappers.Config{ + { + Type: commonParams.ContainersType, + Value: map[string]interface{}{ + ConfigUserCustomImagesKey: "image1:tag1,image2:tag2", + }, + }, + }, + containerResolveLocally: true, + expectedCustomImages: "", }, { name: "When UserCustomImages is empty string, containerConfig should not be updated", @@ -1853,7 +1868,8 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin }, }, }, - expectedCustomImages: "", + containerResolveLocally: false, + expectedCustomImages: "", }, { name: "When UserCustomImages is nil, containerConfig should not be updated", @@ -1865,7 +1881,8 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin }, }, }, - expectedCustomImages: "", + containerResolveLocally: false, + expectedCustomImages: "", }, { name: "When config.Value doesn't have UserCustomImages key, containerConfig should not be updated", @@ -1875,7 +1892,8 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin Value: map[string]interface{}{}, }, }, - expectedCustomImages: "", + containerResolveLocally: false, + expectedCustomImages: "", }, } @@ -1886,7 +1904,7 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin containerConfig := &wrappers.ContainerConfig{} // Call the function under test - initializeContainersConfigWithResubmitValues(tc.resubmitConfig, containerConfig) + initializeContainersConfigWithResubmitValues(tc.resubmitConfig, containerConfig, tc.containerResolveLocally) // Assert the result assert.Equal(t, tc.expectedCustomImages, containerConfig.UserCustomImages, From 1a4e5f73924d253b283dd520f9cc14036e6469fe Mon Sep 17 00:00:00 2001 From: Dima R <90623914+cx-dmitri-rivin@users.noreply.github.com> Date: Tue, 15 Jul 2025 14:35:32 +0300 Subject: [PATCH 2/5] bug fixed 02 --- internal/commands/scan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 7ead1a1ee..18a3b178a 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -1138,7 +1138,7 @@ func addContainersScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (ma containerConfig.ImagesFilter = imageTagFilter } userCustomImages, _ := cmd.Flags().GetString(commonParams.ContainerImagesFlag) - if userCustomImages != "" { + if userCustomImages != "" && !containerResolveLocally { containerImagesList := strings.Split(strings.TrimSpace(userCustomImages), ",") for _, containerImageName := range containerImagesList { if containerImagesErr := validateContainerImageFormat(containerImageName); containerImagesErr != nil { From a06574e9a2d84187bed42612c2b54e3e8b4e71ee Mon Sep 17 00:00:00 2001 From: Dima R <90623914+cx-dmitri-rivin@users.noreply.github.com> Date: Wed, 16 Jul 2025 16:41:33 +0300 Subject: [PATCH 3/5] path fix. containers-resolver upgraded --- go.mod | 4 ++-- go.sum | 8 ++++---- internal/commands/scan.go | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 6ce874770..ee4d72360 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/checkmarx/ast-cli go 1.24.4 require ( - github.com/Checkmarx/containers-resolver v1.0.15 + github.com/Checkmarx/containers-resolver v1.0.16 github.com/Checkmarx/containers-types v1.0.6 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 github.com/Checkmarx/gen-ai-wrapper v1.0.2 @@ -42,7 +42,7 @@ require ( github.com/BobuSumisu/aho-corasick v1.0.3 // indirect github.com/BurntSushi/toml v1.5.0 // indirect github.com/Checkmarx/containers-images-extractor v1.0.11 - github.com/Checkmarx/containers-syft-packages-extractor v1.0.13 // indirect + github.com/Checkmarx/containers-syft-packages-extractor v1.0.14 // indirect github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect github.com/DataDog/zstd v1.5.6 // indirect github.com/Masterminds/goutils v1.1.1 // indirect diff --git a/go.sum b/go.sum index 59c37f5ab..c2220cef3 100644 --- a/go.sum +++ b/go.sum @@ -65,10 +65,10 @@ github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Checkmarx/containers-images-extractor v1.0.11 h1:vkXenD5d9oiTn5CjMXx4V+Lr2Ol0WvMLaw+tUgY+Ky4= github.com/Checkmarx/containers-images-extractor v1.0.11/go.mod h1:5R3RtBHmMu9bjuXZCKBacPZwxtitXzIdRqQTnO2BeII= -github.com/Checkmarx/containers-resolver v1.0.15 h1:cm4d6vYWi6G9J9vnAw+dWcMsJwEFMo+anCHVaSp0nMQ= -github.com/Checkmarx/containers-resolver v1.0.15/go.mod h1:9mdw8elUHj9NO9+ejjuuuCByfxvx9mG+JTJxDLi9ubM= -github.com/Checkmarx/containers-syft-packages-extractor v1.0.13 h1:9ah0rruMGgRiug/bD/JJDSrDqEqS7sKGVdc5sqbkwk8= -github.com/Checkmarx/containers-syft-packages-extractor v1.0.13/go.mod h1:EFeB4//lO4KMVj9+eMg6z5jnO9F1e1T4jUoIcx0/19M= +github.com/Checkmarx/containers-resolver v1.0.16 h1:xFJ5dEnFZg4IOphPLLzncpVGXfJs01xQZ1PhLp101kw= +github.com/Checkmarx/containers-resolver v1.0.16/go.mod h1:ku1wo0cxBd0DH3RMQ/r96HIh1lCYfJnf1EGDI1hBVVk= +github.com/Checkmarx/containers-syft-packages-extractor v1.0.14 h1:wh+VBe3wZrN4qwxw3OV3tO6UVa6Tc7X6ib+RlWKNe7s= +github.com/Checkmarx/containers-syft-packages-extractor v1.0.14/go.mod h1:EFeB4//lO4KMVj9+eMg6z5jnO9F1e1T4jUoIcx0/19M= github.com/Checkmarx/containers-types v1.0.6 h1:wshT95XKnFhn1zfZabg89+SoxwyfjHnkUSOm/OnWtGY= github.com/Checkmarx/containers-types v1.0.6/go.mod h1:KR0w8XCosq3+6jRCfQrH7i//Nj2u11qaUJM62CREFZA= github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE+CFvgjbIxUNL8rsdB2sAhfuNx85HvxImKta3g= diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 18a3b178a..74a31f053 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -1699,7 +1699,7 @@ func getUploadURLFromSource(cmd *cobra.Command, uploadsWrapper wrappers.UploadsW if isSingleContainerScanTriggered() && containerResolveLocally { logger.PrintIfVerbose("Single container scan triggered: compressing only the container resolution file") - containerResolutionFilePath := filepath.Join(directoryPath, containerResolutionFileName) + containerResolutionFilePath := filepath.Join(directoryPath, ".checkmarx", "containers", containerResolutionFileName) zipFilePath, dirPathErr = util.CompressFile(containerResolutionFilePath, containerResolutionFileName, directoryCreationPrefix) } else if isSingleContainerScanTriggered() && containerImagesFlag != "" { logger.PrintIfVerbose("Single container scan with external images: creating minimal zip file") From 4bfdbff5e3e6c6e7f5d28cdd1a7a798046dc618e Mon Sep 17 00:00:00 2001 From: Dima R <90623914+cx-dmitri-rivin@users.noreply.github.com> Date: Tue, 22 Jul 2025 15:19:27 +0300 Subject: [PATCH 4/5] versions updated --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index dfb9ab73b..5c2de1700 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/checkmarx/ast-cli go 1.24.4 require ( - github.com/Checkmarx/containers-resolver v1.0.15 - github.com/Checkmarx/containers-types v1.0.7 + github.com/Checkmarx/containers-resolver v1.0.18 + github.com/Checkmarx/containers-types v1.0.9 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 github.com/Checkmarx/gen-ai-wrapper v1.0.2 github.com/Checkmarx/manifest-parser v0.1.0 @@ -41,8 +41,8 @@ require ( github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect github.com/BobuSumisu/aho-corasick v1.0.3 // indirect github.com/BurntSushi/toml v1.5.0 // indirect - github.com/Checkmarx/containers-images-extractor v1.0.14 - github.com/Checkmarx/containers-syft-packages-extractor v1.0.13 // indirect + github.com/Checkmarx/containers-images-extractor v1.0.16 + github.com/Checkmarx/containers-syft-packages-extractor v1.0.15 // indirect github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect github.com/DataDog/zstd v1.5.6 // indirect github.com/Masterminds/goutils v1.1.1 // indirect diff --git a/go.sum b/go.sum index 1f54bcf52..fe9240dbb 100644 --- a/go.sum +++ b/go.sum @@ -63,14 +63,14 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/Checkmarx/containers-images-extractor v1.0.14 h1:ehGaOupkSbowq7LhiOG+bSuif9cyRuW+LNYFNPF3JKY= -github.com/Checkmarx/containers-images-extractor v1.0.14/go.mod h1:/oMzTVB9exQNec/xfnVOtu752hRd223SOQt54JvGWUA= -github.com/Checkmarx/containers-resolver v1.0.15 h1:cm4d6vYWi6G9J9vnAw+dWcMsJwEFMo+anCHVaSp0nMQ= -github.com/Checkmarx/containers-resolver v1.0.15/go.mod h1:9mdw8elUHj9NO9+ejjuuuCByfxvx9mG+JTJxDLi9ubM= -github.com/Checkmarx/containers-syft-packages-extractor v1.0.13 h1:9ah0rruMGgRiug/bD/JJDSrDqEqS7sKGVdc5sqbkwk8= -github.com/Checkmarx/containers-syft-packages-extractor v1.0.13/go.mod h1:EFeB4//lO4KMVj9+eMg6z5jnO9F1e1T4jUoIcx0/19M= -github.com/Checkmarx/containers-types v1.0.7 h1:SZUB8S//yFc1WlgLbw33conN5eR9CLv+DTewxMGVp7M= -github.com/Checkmarx/containers-types v1.0.7/go.mod h1:KR0w8XCosq3+6jRCfQrH7i//Nj2u11qaUJM62CREFZA= +github.com/Checkmarx/containers-images-extractor v1.0.16 h1:Uo69VEcPe1Puy47JeRn902xN+e+nFmmFAcHlbdQeqy8= +github.com/Checkmarx/containers-images-extractor v1.0.16/go.mod h1:hRXOiq6Vw2QiIuxIqV+6+osMk0vvIpoMdTMLyz9OfE8= +github.com/Checkmarx/containers-resolver v1.0.18 h1:c4Ra6dWtlFyq1N9oVWo0IwTzviM1DcuWQvDMjILUJDs= +github.com/Checkmarx/containers-resolver v1.0.18/go.mod h1:UwT3Z+rf6RZv1voMt1xtEctWguhQrzHk1dhEb0Dl5fY= +github.com/Checkmarx/containers-syft-packages-extractor v1.0.15 h1:yM7Plt86oL47Kijr1fwsrWwuACNTwWgxZSZ/lifXTlk= +github.com/Checkmarx/containers-syft-packages-extractor v1.0.15/go.mod h1:Jr3dQVFslMCJ+8orsF1orFn05cO3mprUy5b43yn0IIM= +github.com/Checkmarx/containers-types v1.0.9 h1:LbHDj9LZ0x3f28wDx398WC19sw0U0EfEewHMLStBwvs= +github.com/Checkmarx/containers-types v1.0.9/go.mod h1:KR0w8XCosq3+6jRCfQrH7i//Nj2u11qaUJM62CREFZA= github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE+CFvgjbIxUNL8rsdB2sAhfuNx85HvxImKta3g= github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63/go.mod h1:MI6lfLerXU+5eTV/EPTDavgnV3owz3GPT4g/msZBWPo= github.com/Checkmarx/gen-ai-wrapper v1.0.2 h1:T6X40+4hYnwfDsvkjWs9VIcE6s1O+8DUu0+sDdCY3GI= From fe6e0fd3d8b1869d3eb2535e5cb8092f6750bd9d Mon Sep 17 00:00:00 2001 From: Checkmarx Automation Date: Tue, 22 Jul 2025 20:40:14 +0300 Subject: [PATCH 5/5] Update containers-resolver dependency to v1.0.19 in go.mod and go.sum --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fa0c6eb85..c58350b35 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/checkmarx/ast-cli go 1.24.4 require ( - github.com/Checkmarx/containers-resolver v1.0.18 + github.com/Checkmarx/containers-resolver v1.0.19 github.com/Checkmarx/containers-types v1.0.9 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 github.com/Checkmarx/gen-ai-wrapper v1.0.2 diff --git a/go.sum b/go.sum index 043dba420..e722f05b8 100644 --- a/go.sum +++ b/go.sum @@ -65,8 +65,8 @@ github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Checkmarx/containers-images-extractor v1.0.17 h1:lzisdh50nR5yzTjTkT9r9dlHHI7aC72XTGjTp35KqHM= github.com/Checkmarx/containers-images-extractor v1.0.17/go.mod h1:hRXOiq6Vw2QiIuxIqV+6+osMk0vvIpoMdTMLyz9OfE8= -github.com/Checkmarx/containers-resolver v1.0.18 h1:c4Ra6dWtlFyq1N9oVWo0IwTzviM1DcuWQvDMjILUJDs= -github.com/Checkmarx/containers-resolver v1.0.18/go.mod h1:UwT3Z+rf6RZv1voMt1xtEctWguhQrzHk1dhEb0Dl5fY= +github.com/Checkmarx/containers-resolver v1.0.19 h1:OqPJq3dL0vv8BC2Qco6/VTqmg1Jurk32Yf/bW9cZuq8= +github.com/Checkmarx/containers-resolver v1.0.19/go.mod h1:UwT3Z+rf6RZv1voMt1xtEctWguhQrzHk1dhEb0Dl5fY= github.com/Checkmarx/containers-syft-packages-extractor v1.0.15 h1:yM7Plt86oL47Kijr1fwsrWwuACNTwWgxZSZ/lifXTlk= github.com/Checkmarx/containers-syft-packages-extractor v1.0.15/go.mod h1:Jr3dQVFslMCJ+8orsF1orFn05cO3mprUy5b43yn0IIM= github.com/Checkmarx/containers-types v1.0.9 h1:LbHDj9LZ0x3f28wDx398WC19sw0U0EfEewHMLStBwvs=