Support Ignore file path for Oss real time and Secrets real time

.github/scripts/update_cli.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-release=$1
+release=2.3.27-ItayIgnore-Secrets-oss
 filename_windows=ast-cli_${release}_windows_x64.zip
 filename_linux=ast-cli_${release}_linux_x64.tar.gz
 filename_darwin=ast-cli_${release}_darwin_x64.tar.gz

checkmarx-ast-cli.version

@@ -1 +1 @@
-2.3.26
+2.3.27

src/main/wrapper/CxConstants.ts

@@ -1,4 +1,5 @@
 export enum CxConstants {
+    IGNORE__FILE_PATH = "--ignored-file-path",
     SOURCE = "-s",
     VERBOSE = "-v",
     PROJECT_NAME = "--project-name",

src/main/wrapper/CxWrapper.ts

@@ -57,7 +57,7 @@ export class CxWrapper {
         }
     }
 
-    
+
     initializeCommands(formatRequired: boolean): string[] {
         const list: string[] = [];
         if (this.config.clientId) {
@@ -149,20 +149,44 @@ export class CxWrapper {
         return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_ASCA);
     }
 
-    async ossScanResults(sourceFile: string): Promise<CxCommandOutput> {
-        const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_OSS, CxConstants.SOURCE, sourceFile];
-        commands.push(...this.initializeCommands(false));
-        const exec = new ExecutionService();
-        return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS);
+    async ossScanResults(sourceFile: string, ignoredFilePath?: string): Promise<CxCommandOutput> {
+    const commands: string[] = [
+        CxConstants.CMD_SCAN,
+        CxConstants.CMD_OSS,
+        CxConstants.SOURCE,
+        sourceFile
+    ];
+
+    if (ignoredFilePath) {
+        commands.push(CxConstants.IGNORE__FILE_PATH);
+        commands.push(ignoredFilePath);
     }
 
-    async secretsScanResults(sourceFile: string): Promise<CxCommandOutput> {
-        const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_SECRETS, CxConstants.SOURCE, sourceFile];
-        commands.push(...this.initializeCommands(false));
-        const exec = new ExecutionService();
-        return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS);
+    commands.push(...this.initializeCommands(false));
+
+    const exec = new ExecutionService();
+    return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS);
+}
+
+    async secretsScanResults(sourceFile: string, ignoredFilePath?: string): Promise<CxCommandOutput> {
+    const commands: string[] = [
+        CxConstants.CMD_SCAN,
+        CxConstants.CMD_SECRETS,
+        CxConstants.SOURCE,
+        sourceFile
+    ];
+
+    if (ignoredFilePath) {
+        commands.push(CxConstants.IGNORE__FILE_PATH);
+        commands.push(ignoredFilePath);
     }
 
+    commands.push(...this.initializeCommands(false));
+
+    const exec = new ExecutionService();
+    return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS);
+}
+
     async scanCancel(id: string): Promise<CxCommandOutput> {
         const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.SUB_CMD_CANCEL, CxConstants.SCAN_ID, id];
         commands.push(...this.initializeCommands(false));

src/tests/ScanTest.test.ts

@@ -2,6 +2,7 @@ import { CxWrapper } from '../main/wrapper/CxWrapper';
 import { CxCommandOutput } from "../main/wrapper/CxCommandOutput";
 import { CxParamType } from "../main/wrapper/CxParamType";
 import { BaseTest } from "./BaseTest";
+import {OssPackage} from "./data/ossTypes";
 
 describe("ScanCreate cases", () => {
     const cxScanConfig = new BaseTest();
@@ -173,21 +174,58 @@ describe("ScanCreate cases", () => {
         expect(Number.isInteger(scanObject.scanDetails[0].line)).toBe(true);
         expect(typeof scanObject.scanDetails[0].description).toBe('string');
     });
-    
+
     it('ScanOss Successful case', async () => {
         const wrapper = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json");
+        const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json","");
         console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput));
         expect(cxCommandOutput.payload).toBeDefined();
         expect(cxCommandOutput.exitCode).toBe(0);
     });
 
-    it.skip('ScanSecrets Successful case', async () => {
+    it.skip('ScanOss with ignored package should filter results', async () => {
+    const wrapper = new CxWrapper(cxScanConfig);
+    const sourceFile = "tsc/tests/data/package.json";
+    const ignoredFile = "tsc/tests/data/checkmarxIgnoredTempFile.json";
+
+    const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults(sourceFile, ignoredFile);
+
+    expect(cxCommandOutput.exitCode).toBe(0);
+    expect(cxCommandOutput.payload).toBeDefined();
+
+    const results = cxCommandOutput.payload as OssPackage[];
+
+    console.log("Filtered OSS packages:", results);
+
+    expect(results.length).toBe(1);
+
+    const hasCOA = results.some(pkg =>
+        pkg.PackageManager === "coa" && pkg.PackageVersion === "3.1.3"
+    );
+    expect(hasCOA).toBe(false);
+});
+
+    it('ScanSecrets Successful case', async () => {
         const wrapper = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults("src/tests/data/secret-exposed.txt");
+        const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults("src/tests/data/secret-exposed.txt","");
         console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput));
         expect(cxCommandOutput.payload).toBeDefined();
         expect(cxCommandOutput.exitCode).toBe(0);
     });
 
+    it.skip('ScanSecrets with ignore file filters the result', async () => {
+    const wrapper = new CxWrapper(cxScanConfig);
+    const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults(
+        "src/tests/data/secret-exposed.txt",
+        "src/tests/data/ignoreFileSecrets.json"
+    );
+
+    console.log("Json object from scanSecrets with ignore file: " + JSON.stringify(cxCommandOutput));
+    expect(cxCommandOutput.payload).toBeDefined();
+    expect(Array.isArray(cxCommandOutput.payload)).toBe(true);
+    expect(cxCommandOutput.payload.length).toBe(0);
+    expect(cxCommandOutput.exitCode).toBe(0);
 });
+
+});
+

src/tests/data/ignoreFileSecrets.json

@@ -0,0 +1,7 @@
+[
+{
+    "Title": "github-pat",
+    "FilePath": "/Users/itaypaz/Library/CloudStorage/OneDrive-Checkmarx/Documents/jswrapper/ast-cli-javascript-wrapper/src/tests/data/secret-exposed.txt",
+    "Line": 3
+  }
+]

src/tests/data/ossTypes.ts

@@ -0,0 +1,21 @@
+export interface Location {
+    Line: number;
+    StartIndex: number;
+    EndIndex: number;
+}
+
+export interface Vulnerability {
+    CVE: string;
+    Description: string;
+    Severity: string;
+}
+
+export interface OssPackage {
+    PackageManager: string;
+    PackageName: string;
+    PackageVersion: string;
+    FilePath: string;
+    Locations: Location[];
+    Status: string;
+    Vulnerabilities: Vulnerability[];
+}

tsc/tests/data/checkmarxIgnoredTempFile.json

@@ -0,0 +1,7 @@
+[
+  {
+    "PackageManager": "npm",
+    "PackageName": "coa",
+    "PackageVersion": "3.1.3"
+  }
+]

tsc/tests/data/package.json

@@ -3,6 +3,7 @@
   "version": "0.0.1",
   "description": "AST CLI Javascript wrapper tests",
   "dependencies": {
-    "log4js": "^6.9.1"
+    "log4js": "^6.9.1",
+    "coa":"3.1.3"
   }
 }