added method to adjust quotes in cli command and added test case for exclusions

Author: kerenr-jfrog

src/main/java/com/jfrog/ide/common/configuration/AuditConfig.java

@@ -1,12 +1,16 @@
 package com.jfrog.ide.common.configuration;
 
+import lombok.Getter;
+
 import java.util.List;
 import java.util.Map;
 
+@Getter
 public class AuditConfig {
+    // Getters
     private final List<String> scannedDirectories;
     private final String serverId;
-    private final String excludedPattern;
+    private final List<String> excludedPattern;
     private final List<String> extraArgs;
     private final Map<String, String> envVars;
 
@@ -21,7 +25,7 @@ private AuditConfig(Builder builder) {
     public static class Builder {
         private List<String> scannedDirectories;
         private String serverId;
-        private String excludedPattern;
+        private List<String> excludedPattern;
         private List<String> extraArgs;
         private Map<String, String> envVars;
 
@@ -35,7 +39,7 @@ public Builder scannedDirectories(List<String> scannedDirectories) {
             return this;
         }
 
-        public Builder excludedPattern(String excludedPattern) {
+        public Builder excludedPattern(List<String> excludedPattern) {
             this.excludedPattern = excludedPattern;
             return this;
         }
@@ -55,10 +59,4 @@ public AuditConfig build() {
         }
     }
 
-    // Getters
-    public List<String> getScannedDirectories() { return scannedDirectories; }
-    public String getServerId() { return serverId; }
-    public String getExcludedPattern() { return excludedPattern; }
-    public List<String> getExtraArgs() { return extraArgs; }
-    public Map<String, String> getEnvVars() { return envVars; }
 }

src/main/java/com/jfrog/ide/common/configuration/JfrogCliDriver.java

@@ -200,15 +200,17 @@ public CommandResults runCliAudit(File workingDirectory, AuditConfig config) thr
             String workingDirsString = config.getScannedDirectories().size() > 1 ?
                     String.join(", ", config.getScannedDirectories()) :
                     config.getScannedDirectories().get(0);
-            args.add("--working-dirs=" + workingDirsString);
+            args.add("--working-dirs=" + quoteArgumentForUnix(workingDirsString));
         }
 
         args.add("--server-id=" + config.getServerId());
         args.add("--format=sarif");
 
-        if (StringUtils.isNotBlank(config.getExcludedPattern())) {
-            args.add("--exclusions=" + config.getExcludedPattern());
+        if (config.getExcludedPattern() != null && !config.getExcludedPattern().isEmpty()) {
+            String excludedPatterns = String.join(",", config.getExcludedPattern());
+            args.add("--exclusions=" + quoteArgumentForUnix(excludedPatterns));
         }
+        System.out.println("Running JF audit with args: " + args);
 
         try {
             return runCommand(workingDirectory, config.getEnvVars(), args.toArray(new String[0]),
@@ -238,4 +240,9 @@ private void addDefaultEnvVars(Map<String, String> env) {
             env.put("JFROG_CLI_AVOID_NEW_VERSION_WARNING", "true");
         }
     }
+
+    private String quoteArgumentForUnix(String commaSeparatedValues) {
+        // macOS/Linux: add quotes around the comma-separated values
+        return SystemUtils.IS_OS_WINDOWS ? commaSeparatedValues : "\"" + commaSeparatedValues + "\"";
+    }
 }

src/test/java/com/jfrog/ide/common/configuration/JfrogCliDriverTest.java

@@ -1,6 +1,9 @@
 package com.jfrog.ide.common.configuration;
 
+import com.jfrog.ide.common.nodes.FileIssueNode;
 import com.jfrog.ide.common.nodes.FileTreeNode;
+import com.jfrog.ide.common.nodes.subentities.Severity;
+import com.jfrog.ide.common.nodes.subentities.SourceCodeScanType;
 import com.jfrog.ide.common.parse.SarifParser;
 import org.apache.commons.lang3.SystemUtils;
 import org.jfrog.build.api.util.NullLog;
@@ -85,6 +88,8 @@ private void configJfrogCli(Boolean skipDownload) {
             fail(e.getMessage(), e);
         }
         testEnv.put("JFROG_CLI_HOME_DIR", tempDir.getAbsolutePath());
+        testEnv.put("JFROG_CLI_LOG_LEVEL", "DEBUG");
+        testEnv.put("CI", "true");
         jfrogCliDriver = new JfrogCliDriver(testEnv, tempDir.getAbsolutePath() + File.separator, new NullLog());
     }
 
@@ -155,7 +160,6 @@ public void testAddCliServerConfig_withUsernameAndPassword() {
             CommandResults response = jfrogCliDriver.addCliServerConfig(XRAY_URL, ARTIFACTORY_URL, testServerId, USER_NAME, PASSWORD, null, tempDir, testEnv);
             JfrogCliServerConfig serverConfig = jfrogCliDriver.getServerConfig(tempDir, Collections.emptyList(), testEnv);
             assertTrue(response.isOk());
-            assertTrue(response.getErr().isBlank());
             assertNotNull(serverConfig);
             assertEquals(serverConfig.getUsername(), USER_NAME);
             assertEquals(serverConfig.getPassword(), PASSWORD);
@@ -172,7 +176,6 @@ public void testAddCliServerConfig_withAccessToken() {
             CommandResults response = jfrogCliDriver.addCliServerConfig(XRAY_URL, ARTIFACTORY_URL, testServerId, null, null, ACCESS_TOKEN, tempDir, testEnv);
             JfrogCliServerConfig serverConfig = jfrogCliDriver.getServerConfig(tempDir, Collections.emptyList(), testEnv);
             assertTrue(response.isOk());
-            assertTrue(response.getErr().isBlank());
             assertNotNull(serverConfig);
             assertEquals(serverConfig.getAccessToken(), ACCESS_TOKEN);
             assertEquals(serverConfig.getArtifactoryUrl(), ARTIFACTORY_URL);
@@ -200,14 +203,20 @@ public void testAddServerConfig_withBadCredentials() {
     public void testRunAudit_NpmProject() {
         String projectToCheck = "npm";
         try {
-            Path exampleProjectsFolder = Path.of("src/test/resources/example-projects/npm");
+            Path exampleProjectsFolder = Path.of("src/test/resources/example-projects");
             CommandResults response = jfrogCliDriver.runCliAudit(exampleProjectsFolder.toFile(),
                     singletonList(projectToCheck), testServerId, null, testEnv);
             assertEquals(response.getExitValue(),0);
             List<FileTreeNode> findings = parser.parse(response.getRes());
             assertNotNull(findings);
             assertFalse(findings.isEmpty(), "Expected findings in SARIF output for npm project");
-            // TODO: Add more checks on the findings
+            // Verify the findings
+            assertEquals(findings.size(), 1, "Expected exactly one file with findings");
+            FileTreeNode node = findings.get(0);
+            assertEquals(node.getChildren().size(), 1, "Expected exactly one vulnerabilities");
+            FileIssueNode issue = (FileIssueNode) node.getChildren().get(0);
+            assertEquals(issue.getSeverity(), Severity.High, "Expected severity to be HIGH");
+            assertEquals(issue.getReporterType(), SourceCodeScanType.SCA, "Expected reporter type to be SCA");
         } catch (Exception e) {
             fail(e.getMessage(), e);
         }
@@ -221,10 +230,18 @@ public void testRunAudit_MultiMavenProject() {
             CommandResults response = jfrogCliDriver.runCliAudit(exampleProjectsFolder.toFile(),
                     projectsToCheck, testServerId, null, testEnv);
             assertEquals(response.getExitValue(), 0);
+            System.out.println("Audit debug logs: \n" + response.getErr());
+            System.out.println("Audit response: \n" + response.getRes());
             List<FileTreeNode> findings = parser.parse(response.getRes());
             assertNotNull(findings);
             assertFalse(findings.isEmpty(), "Expected findings in SARIF output for multi-maven project");
-            // TODO: Add more checks on the findings
+            // Verifiy the findings
+            assertEquals(findings.size(), 1, "Expected exactly one file with findings");
+            FileTreeNode node = findings.get(0);
+            assertEquals(node.getChildren().size(), 3, "Expected exactly three vulnerabilities");
+            assertEquals(node.getSeverity(), Severity.High, "Expected severity to be HIGH");
+            FileIssueNode issue = (FileIssueNode) node.getChildren().get(0);
+            assertEquals(issue.getReporterType(), SourceCodeScanType.SCA, "Expected reporter type to be SCA");
         } catch (Exception e) {
             fail(e.getMessage(), e);
         }
@@ -234,6 +251,34 @@ private String createServerId() {
         return "ide-plugins-common-test-server-" + timeStampFormat.format(System.currentTimeMillis());
     }
 
+    @Test
+    public void testRunAudit_WithExcludedPattern() {
+        try {
+            Path exampleProjectsFolder = Path.of("src/test/resources/example-projects/maven-example");
+            AuditConfig config = new AuditConfig.Builder()
+                    .serverId(testServerId)
+                    .excludedPattern(new ArrayList<>(List.of("*multi3*")))
+                    .serverId(testServerId)
+                    .extraArgs(null)
+                    .envVars(testEnv)
+                    .build();
+            CommandResults response = jfrogCliDriver.runCliAudit(exampleProjectsFolder.toFile(), config);
+            assertEquals(response.getExitValue(), 0);
+            List<FileTreeNode> findings = parser.parse(response.getRes());
+            assertNotNull(findings);
+            assertFalse(findings.isEmpty(), "Expected findings in SARIF output for multi-maven project");
+            // Verifiy the findings
+            assertEquals(findings.size(), 1, "Expected exactly one file with findings");
+            FileTreeNode node = findings.get(0);
+            assertEquals(node.getChildren().size(), 3, "Expected exactly three vulnerabilities");
+            assertEquals(node.getSeverity(), Severity.High, "Expected severity to be HIGH");
+            FileIssueNode issue = (FileIssueNode) node.getChildren().get(0);
+            assertEquals(issue.getReporterType(), SourceCodeScanType.SCA, "Expected reporter type to be SCA");
+        } catch (Exception e) {
+            fail(e.getMessage(), e);
+        }
+    }
+
     @AfterMethod
     public void cleanUp(Method method) {
         try {