Add SCA Triage Show and Update Support (AST-14824) (#933)

Author: cx-rahul-pidde

src/main/wrapper/CxConstants.ts

@@ -1,4 +1,5 @@
 export enum CxConstants {
+    VULNERABILITIES = "--vulnerability-identifiers",
     IGNORE__FILE_PATH = "--ignored-file-path",
     SOURCE = "-s",
     VERBOSE = "-v",

src/main/wrapper/CxWrapper.ts

@@ -298,6 +298,34 @@ export class CxWrapper {
         return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE);
     }
 
+    async triageSCAShow(projectId: string, vulnerabilities: string, scanType: string): Promise<CxCommandOutput> {
+        const commands: string[] = [
+            CxConstants.CMD_TRIAGE,
+            CxConstants.SUB_CMD_SHOW,
+            CxConstants.SCAN_TYPES_SUB_CMD, scanType,
+            CxConstants.VULNERABILITIES, vulnerabilities,
+            CxConstants.PROJECT_ID, projectId
+        ];
+        commands.push(...this.initializeCommands(true));
+        const exec = new ExecutionService();
+        return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE);
+    }
+
+    async triageSCAUpdate(projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string): Promise<CxCommandOutput> {
+        const commands: string[] = [
+            CxConstants.CMD_TRIAGE,
+            CxConstants.SUB_CMD_UPDATE,
+            CxConstants.SCAN_TYPES_SUB_CMD, scanType,
+            CxConstants.VULNERABILITIES, vulnerabilities,
+            CxConstants.STATE, state,
+            CxConstants.COMMENT, comment,
+            CxConstants.PROJECT_ID, projectId
+        ];
+        commands.push(...this.initializeCommands(false));
+        const exec = new ExecutionService();
+        return await exec.executeCommands(this.config.pathToExecutable, commands);
+    }
+
     async triageUpdate(projectId: string, similarityId: string, scanType: string, state: string, comment: string, severity: string, stateId: number | null = null): Promise<CxCommandOutput> {
         const commands: string[] = [CxConstants.CMD_TRIAGE, CxConstants.SUB_CMD_UPDATE, CxConstants.PROJECT_ID, projectId, CxConstants.SIMILARITY_ID, similarityId, CxConstants.SCAN_TYPES_SUB_CMD, scanType, CxConstants.STATE, state, CxConstants.COMMENT, comment, CxConstants.SEVERITY, severity];
         if (stateId) {

src/tests/PredicateTest.test.ts

@@ -39,6 +39,19 @@ describe("Triage cases", () => {
         );
         expect(cxUpdate.exitCode).toEqual(0);
     };
+
+    // Helper for SCA triage show
+    const handleTriageSCAShow = async (projectId: string, vulnerabilities: string, scanType: string) => {
+        const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
+        expect(cxShow.exitCode).toEqual(0);
+    };
+
+    // Helper for SCA triage update
+    const handleTriageSCAUpdate = async (projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string) => {
+        const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
+        expect(cxUpdate.exitCode).toEqual(0);
+    };
+    
     const handlegetStates = async () => {
         const cxCommandOutput: CxCommandOutput = await auth.triageGetStates(false);
         console.log("Json object from states successful case: " + JSON.stringify(cxCommandOutput));
@@ -47,12 +60,57 @@ describe("Triage cases", () => {
         return cxCommandOutput
     };
 
+    it('SCA Triage Show and Update Successful case', async () => {
+        const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8";
+        const vulnerabilities = "packagename=Maven-org.apache.tomcat.embed:tomcat-embed-core,packageversion=9.0.14,vulnerabilityId=CVE-2024-56337,packagemanager=maven";
+        const scanType = "sca";
+        const state = "To_verify";
+        const comment = "comment1";
+        await handleTriageSCAShow(projectId, vulnerabilities, scanType);
+        await handleTriageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
+    });
+    
+    it('SCA Triage Show and Update Failure case', async () => {
+        const projectId = "invalid-project-id";
+        const vulnerabilities = "invalid-vulnerability-string";
+        const scanType = "invalid";
+        const state = "invalid_state";
+        const comment = "invalid_comment";
+
+        const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
+        expect(cxShow.exitCode).not.toEqual(0);
+        
+        const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
+        expect(cxUpdate.exitCode).not.toEqual(0);
+    });
+    
+    it('SCA Triage Show and Update with empty vulnerabilities', async () => {
+        const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8";
+        const vulnerabilities = "";
+        const scanType = "sca";
+        const state = "To_verify";
+        const comment = "comment1";
+        const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
+        expect(cxShow.exitCode).not.toEqual(0);
+
+        const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
+        expect(cxUpdate.exitCode).not.toEqual(0);
+    });
+
+    it('SCA Triage Show and Update with null/undefined arguments', async () => {
+        const cxShow: CxCommandOutput = await auth.triageSCAShow(undefined, undefined, undefined);
+        expect(cxShow.exitCode).not.toEqual(0);
+        const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(undefined, undefined, undefined, undefined, undefined);
+        expect(cxUpdate.exitCode).not.toEqual(0);
+    });
+
     it('Triage Successful case', async () => {
         const { scan, result } = await getScanAndResult();
         await handleTriageShow(scan, result);
         await handleTriageUpdate(scan, result, result.state, result.severity.toLowerCase() === "high" ? CxConstants.SEVERITY_MEDIUM : CxConstants.SEVERITY_HIGH);
     });
 
+    
     it.skip('Triage with custom state Successful case', async () => {
         const { scan, result } = await getScanAndResult();