diff --git a/internal/params/flags.go b/internal/params/flags.go index 85abf3a4c..169a2aace 100644 --- a/internal/params/flags.go +++ b/internal/params/flags.go @@ -291,6 +291,13 @@ const ( ResultPolicyDefaultTimeout = 1 ) +// License +const ( + CxOneAssistEnabledKey = "scan.config.plugins.cxoneassist" + CxDevAssistEnabledKey = "scan.config.plugins.cxdevassist" + DastEnabledKey = "scan.config.plugins.dastenabled" +) + // Results const ( SastType = "sast" diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go index 25012ed28..5ef0c1d15 100644 --- a/internal/wrappers/jwt-helper.go +++ b/internal/wrappers/jwt-helper.go @@ -21,6 +21,7 @@ type JWTStruct struct { AstLicense struct { LicenseData struct { AllowedEngines []string `json:"allowedEngines"` + DastEnabled bool `json:"dastEnabled"` } `json:"LicenseData"` } `json:"ast-license"` ASTRoles []string `json:"roles_ast"` @@ -84,20 +85,25 @@ func (*JWTStruct) GetAllowedEngines(featureFlagsWrapper FeatureFlagsWrapper) (al } func (*JWTStruct) GetLicenseDetails() (licenseDetails map[string]string, err error) { - licenseDetails = make(map[string]string) - jwtStruct, err := getJwtStruct() if err != nil { return nil, err } + return buildLicenseDetailsFromJWT(jwtStruct), nil +} + +func buildLicenseDetailsFromJWT(jwtStruct *JWTStruct) map[string]string { + licenseDetails := make(map[string]string) assistEnabled := containsIgnoreCase(jwtStruct.AstLicense.LicenseData.AllowedEngines, commonParams.CheckmarxOneAssistType) || containsIgnoreCase(jwtStruct.AstLicense.LicenseData.AllowedEngines, commonParams.AIProtectionType) devAssistEnabled := containsIgnoreCase(jwtStruct.AstLicense.LicenseData.AllowedEngines, commonParams.CheckmarxDevAssistType) - licenseDetails["scan.config.plugins.cxoneassist"] = strconv.FormatBool(assistEnabled) - licenseDetails["scan.config.plugins.cxdevassist"] = strconv.FormatBool(devAssistEnabled) - return licenseDetails, nil + licenseDetails[commonParams.CxOneAssistEnabledKey] = strconv.FormatBool(assistEnabled) + licenseDetails[commonParams.CxDevAssistEnabledKey] = strconv.FormatBool(devAssistEnabled) + licenseDetails[commonParams.DastEnabledKey] = strconv.FormatBool(jwtStruct.AstLicense.LicenseData.DastEnabled) + + return licenseDetails } // containsIgnoreCase returns true if target exists in arr using case-insensitive comparison diff --git a/internal/wrappers/jwt-helper_test.go b/internal/wrappers/jwt-helper_test.go index ca51c1e19..cae93448d 100644 --- a/internal/wrappers/jwt-helper_test.go +++ b/internal/wrappers/jwt-helper_test.go @@ -115,3 +115,91 @@ func TestGetUniqueID(t *testing.T) { assert.Assert(t, !strings.Contains(parts[1], "\\"), "Username should not contain backslash") }) } + +func TestBuildLicenseDetailsFromJWT(t *testing.T) { + tests := []struct { + name string + allowedEngines []string + dastEnabled bool + expectedCxOneAssist string + expectedCxDevAssist string + expectedDast string + }{ + { + name: "all features enabled", + allowedEngines: []string{"sast", "sca", commonParams.CheckmarxOneAssistType, commonParams.CheckmarxDevAssistType}, + dastEnabled: true, + expectedCxOneAssist: "true", + expectedCxDevAssist: "true", + expectedDast: "true", + }, + { + name: "all features enabled - AIProtection", + allowedEngines: []string{"sast", "sca", commonParams.CheckmarxOneAssistType, commonParams.AIProtectionType}, + dastEnabled: true, + expectedCxOneAssist: "true", + expectedCxDevAssist: "false", + expectedDast: "true", + }, + { + name: "only dev assist enabled", + allowedEngines: []string{"sast", commonParams.CheckmarxDevAssistType}, + dastEnabled: false, + expectedCxOneAssist: "false", + expectedCxDevAssist: "true", + expectedDast: "false", + }, + { + name: "no assist features enabled", + allowedEngines: []string{"sast", "sca", "iac-security"}, + dastEnabled: false, + expectedCxOneAssist: "false", + expectedCxDevAssist: "false", + expectedDast: "false", + }, + { + name: "only dast enabled", + allowedEngines: []string{"sast"}, + dastEnabled: true, + expectedCxOneAssist: "false", + expectedCxDevAssist: "false", + expectedDast: "true", + }, + { + name: "case insensitive matching", + allowedEngines: []string{"checkmarx one assist", "checkmarx developer assist"}, + dastEnabled: false, + expectedCxOneAssist: "true", + expectedCxDevAssist: "true", + expectedDast: "false", + }, + { + name: "empty allowed engines", + allowedEngines: []string{}, + dastEnabled: false, + expectedCxOneAssist: "false", + expectedCxDevAssist: "false", + expectedDast: "false", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Create a JWT struct with test data + jwtStruct := &JWTStruct{} + jwtStruct.AstLicense.LicenseData.AllowedEngines = tt.allowedEngines + jwtStruct.AstLicense.LicenseData.DastEnabled = tt.dastEnabled + + // Call the function under test + licenseDetails := buildLicenseDetailsFromJWT(jwtStruct) + + // Assert the results + assert.Equal(t, tt.expectedCxOneAssist, licenseDetails[commonParams.CxOneAssistEnabledKey], + "CxOneAssist should be %s", tt.expectedCxOneAssist) + assert.Equal(t, tt.expectedCxDevAssist, licenseDetails[commonParams.CxDevAssistEnabledKey], + "CxDevAssist should be %s", tt.expectedCxDevAssist) + assert.Equal(t, tt.expectedDast, licenseDetails[commonParams.DastEnabledKey], + "Dast should be %s", tt.expectedDast) + }) + } +} diff --git a/internal/wrappers/mock/jwt-helper-mock.go b/internal/wrappers/mock/jwt-helper-mock.go index eeb751aba..9991b9629 100644 --- a/internal/wrappers/mock/jwt-helper-mock.go +++ b/internal/wrappers/mock/jwt-helper-mock.go @@ -13,6 +13,7 @@ type JWTMockWrapper struct { EnterpriseSecretsEnabled int SecretDetectionEnabled int CheckmarxOneAssistEnabled int + DastEnabled bool CustomGetAllowedEngines func(wrappers.FeatureFlagsWrapper) (map[string]bool, error) } @@ -83,10 +84,11 @@ func (j *JWTMockWrapper) GetLicenseDetails() (licenseDetails map[string]string, licenseDetails = make(map[string]string) assistEnabled := (j.CheckmarxOneAssistEnabled != CheckmarxOneAssistDisabled) || (j.AIEnabled != AIProtectionDisabled) - licenseDetails["scan.config.plugins.cxoneassist"] = strconv.FormatBool(assistEnabled) + licenseDetails[params.CxOneAssistEnabledKey] = strconv.FormatBool(assistEnabled) standaloneEnabled := true - licenseDetails["scan.config.plugins.cxdevassist"] = strconv.FormatBool(standaloneEnabled) + licenseDetails[params.CxDevAssistEnabledKey] = strconv.FormatBool(standaloneEnabled) + licenseDetails[params.DastEnabledKey] = strconv.FormatBool(j.DastEnabled) for _, engine := range engines { licenseDetails[engine] = licenseEnabledValue