Merge pull request #2539 from snyk/feat/unmanaged-security-url

feat: support unmanaged snyk security url

package.json

@@ -119,7 +119,7 @@
     "rimraf": "^2.6.3",
     "semver": "^6.0.0",
     "snyk-config": "4.0.0",
-    "snyk-cpp-plugin": "2.14.1",
+    "snyk-cpp-plugin": "2.15.0",
     "snyk-docker-plugin": "^4.33.0",
     "snyk-go-plugin": "1.18.0",
     "snyk-gradle-plugin": "3.17.0",

src/lib/ecosystems/common.ts

@@ -0,0 +1,5 @@
+import { Ecosystem } from './types';
+
+export function isUnmanagedEcosystem(ecosystem: Ecosystem): boolean {
+  return ecosystem === 'cpp';
+}

src/lib/ecosystems/monitor.ts

@@ -31,6 +31,7 @@ import {
   validateProjectAttributes,
   validateTags,
 } from '../../cli/commands/monitor';
+import { isUnmanagedEcosystem } from './common';
 
 const SEPARATOR = '\n-------------------------------------------------------\n';
 
@@ -81,8 +82,7 @@ async function selectAndExecuteMonitorStrategy(
   scanResultsByPath: { [dir: string]: ScanResult[] },
   options: Options,
 ): Promise<[EcosystemMonitorResult[], EcosystemMonitorError[]]> {
-  const isUnmanagedEcosystem = ecosystem === 'cpp';
-  return isUnmanagedEcosystem
+  return isUnmanagedEcosystem(ecosystem)
     ? await resolveAndMonitorFacts(scanResultsByPath, options)
     : await monitorDependencies(scanResultsByPath, options);
 }

src/lib/ecosystems/test.ts

@@ -10,6 +10,8 @@ import { TestDependenciesResponse } from '../snyk-test/legacy';
 import { assembleQueryString } from '../snyk-test/common';
 import { getAuthHeader } from '../api-token';
 import { resolveAndTestFacts } from './resolve-test-facts';
+import { hasFeatureFlag } from '../feature-flags';
+import { isUnmanagedEcosystem } from './common';
 
 export async function testEcosystem(
   ecosystem: Ecosystem,
@@ -44,11 +46,21 @@ export async function testEcosystem(
   }
   const emptyResults: ScanResult[] = [];
   const scanResults = emptyResults.concat(...Object.values(scanResultsByPath));
+
+  const enhancedOptions = { ...options };
+
+  if (isUnmanagedEcosystem(ecosystem)) {
+    enhancedOptions.supportUnmanagedVulnDB = await hasFeatureFlag(
+      'snykUnmanagedVulnDB',
+      options,
+    );
+  }
+
   const readableResult = await plugin.display(
     scanResults,
     testResults,
     errors,
-    options,
+    enhancedOptions,
   );
 
   return TestCommandResult.createHumanReadableTestCommandResult(
@@ -62,8 +74,7 @@ export async function selectAndExecuteTestStrategy(
   scanResultsByPath: { [dir: string]: ScanResult[] },
   options: Options,
 ): Promise<[TestResult[], string[]]> {
-  const isUnmanagedEcosystem = ecosystem === 'cpp';
-  return isUnmanagedEcosystem
+  return isUnmanagedEcosystem(ecosystem)
     ? await resolveAndTestFacts(ecosystem, scanResultsByPath, options)
     : await testDependencies(scanResultsByPath, options);
 }

src/lib/feature-flags/index.ts

@@ -3,6 +3,8 @@ import { getAuthHeader } from '../api-token';
 import config from '../config';
 import { assembleQueryString } from '../snyk-test/common';
 import { OrgFeatureFlagResponse } from './types';
+import { Options } from '../types';
+import { AuthFailedError } from '../errors';
 
 export async function isFeatureFlagSupportedForOrg(
   featureFlag: string,
@@ -21,3 +23,18 @@ export async function isFeatureFlagSupportedForOrg(
 
   return (response as any).body;
 }
+
+export async function hasFeatureFlag(
+  featureFlag: string,
+  options: Options,
+): Promise<boolean | undefined> {
+  const { code, error, ok } = await isFeatureFlagSupportedForOrg(
+    featureFlag,
+    options.org,
+  );
+
+  if (code === 401 || code === 403) {
+    throw AuthFailedError(error, code);
+  }
+  return ok;
+}

src/lib/types.ts

@@ -90,6 +90,7 @@ export interface Options {
   tags?: string;
   'target-reference'?: string;
   'exclude-base-image-vulns'?: boolean;
+  supportUnmanagedVulnDB?: boolean;
 }
 
 // TODO(kyegupov): catch accessing ['undefined-properties'] via noImplicitAny

test/jest/unit/lib/ecosystems/common.spec.ts

@@ -0,0 +1,15 @@
+import { isUnmanagedEcosystem } from '../../../../../src/lib/ecosystems/common';
+
+describe('isUnmanagedEcosystem fn', () => {
+  it.each`
+    actual      | expected
+    ${'cpp'}    | ${true}
+    ${'docker'} | ${false}
+    ${'code'}   | ${false}
+  `(
+    'should validate that given $actual as input, is considered or not an unmanaged ecosystem',
+    ({ actual, expected }) => {
+      expect(isUnmanagedEcosystem(actual)).toEqual(expected);
+    },
+  );
+});

test/jest/unit/lib/feature-flags/feature-flags.spec.ts

@@ -0,0 +1,37 @@
+import { hasFeatureFlag } from '../../../../../src/lib/feature-flags';
+import * as request from '../../../../../src/lib/request';
+
+describe('hasFeatureFlag fn', () => {
+  it.each`
+    hasFlag  | expected
+    ${true}  | ${true}
+    ${false} | ${false}
+  `(
+    'should validate that given an org with feature flag $hasFlag as input, hasFeatureFlag returns $expected',
+    async ({ hasFlag, expected }) => {
+      jest
+        .spyOn(request, 'makeRequest')
+        .mockResolvedValue({ body: { code: 200, ok: hasFlag } } as any);
+
+      const result = await hasFeatureFlag('test-ff', { path: 'test-path' });
+      expect(result).toEqual(expected);
+    },
+  );
+
+  it('should throw error if there are authentication/authorization failures', async () => {
+    jest.spyOn(request, 'makeRequest').mockResolvedValue({
+      body: { code: 401, error: 'Unauthorized', ok: false },
+    } as any);
+
+    await expect(
+      hasFeatureFlag('test-ff', { path: 'test-path' }),
+    ).rejects.toThrowError('Unauthorized');
+
+    jest.spyOn(request, 'makeRequest').mockResolvedValue({
+      body: { code: 403, error: 'Forbidden', ok: false },
+    } as any);
+    await expect(
+      hasFeatureFlag('test-ff', { path: 'test-path' }),
+    ).rejects.toThrowError('Forbidden');
+  });
+});