From c0822e1dbc99032664a03c87b3100c98ca245734 Mon Sep 17 00:00:00 2001 From: Noy Shabtay <70848358+noyshabtay@users.noreply.github.com> Date: Wed, 8 Nov 2023 16:57:10 +0200 Subject: [PATCH] Fixed Aarch64 support on source code scanning (#432) Resolved a macOS issue where the Aarch64 architecture was incorrectly fetching the AMD-64 binary. Now, the correct ARM-64 architecture binary is retrieved. --- .../com/jfrog/ide/idea/scan/ScanUtils.java | 3 +- .../com/jfrog/ide/idea/scan/ScannerBase.java | 29 ++++++++++--------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/src/main/java/com/jfrog/ide/idea/scan/ScanUtils.java b/src/main/java/com/jfrog/ide/idea/scan/ScanUtils.java index 2d816005..fab31beb 100644 --- a/src/main/java/com/jfrog/ide/idea/scan/ScanUtils.java +++ b/src/main/java/com/jfrog/ide/idea/scan/ScanUtils.java @@ -7,6 +7,7 @@ import com.intellij.openapi.project.ProjectUtil; import com.intellij.openapi.vfs.VirtualFile; import com.jfrog.ide.idea.log.Logger; +import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.SystemUtils; import java.io.IOException; @@ -49,7 +50,7 @@ static String getOSAndArc() throws IOException { } // Mac if (SystemUtils.IS_OS_MAC) { - if (arch.equals("arm64")) { + if (StringUtils.equalsAny(arch, "aarch64", "arm64")) { return "mac-arm64"; } else { return "mac-amd64"; diff --git a/src/main/java/com/jfrog/ide/idea/scan/ScannerBase.java b/src/main/java/com/jfrog/ide/idea/scan/ScannerBase.java index 900c470a..22826062 100644 --- a/src/main/java/com/jfrog/ide/idea/scan/ScannerBase.java +++ b/src/main/java/com/jfrog/ide/idea/scan/ScannerBase.java @@ -182,12 +182,12 @@ private void scanAndUpdate(ProgressIndicator indicator) { * Walks through a {@link DepTree}'s nodes. * Builds impact paths for {@link DependencyNode} objects and groups them in {@link DescriptorFileTreeNode}s. * - * @param dependencies a map of component IDs and the DependencyNode object matching each of them. - * @param depTree the project's dependency tree to walk through. + * @param vulnerableDependencies a map of component IDs and the DependencyNode object matching each of them. + * @param depTree the project's dependency tree to walk through. */ - private List walkDepTree(Map dependencies, DepTree depTree) { + private List walkDepTree(Map vulnerableDependencies, DepTree depTree) { Map descriptorNodes = new HashMap<>(); - visitDepTreeNode(dependencies, depTree, Collections.singletonList(depTree.getRootId()), descriptorNodes, new ArrayList<>(), new HashMap<>()); + visitDepTreeNode(vulnerableDependencies, depTree, Collections.singletonList(depTree.getRootId()), descriptorNodes, new ArrayList<>(), new HashMap<>()); return new CopyOnWriteArrayList<>(descriptorNodes.values()); } @@ -196,14 +196,14 @@ private List walkDepTree(Map dependencies, * Each impact path to a vulnerable dependency is added in its {@link DependencyNode}. * Each DependencyNode is added to the relevant {@link DescriptorFileTreeNode}s. * - * @param dependencies a map of {@link DependencyNode}s by their component IDs. - * @param depTree the project's dependency tree. - * @param path a path of nodes (represented by their component IDs) from the root to the current node. - * @param descriptorNodes a map of {@link DescriptorFileTreeNode}s by the descriptor file path. Missing DescriptorFileTreeNodes will be added to this map. - * @param descriptorPaths a list of descriptor file paths that their matching components are in the path to the current node. - * @param addedDeps a map of all {@link DependencyNode}s already grouped to {@link DescriptorFileTreeNode}s. Newly grouped DependencyNodes will be added to this map. + * @param vulnerableDependencies a map of {@link DependencyNode}s by their component IDs. + * @param depTree the project's dependency tree. + * @param path a path of nodes (represented by their component IDs) from the root to the current node. + * @param descriptorNodes a map of {@link DescriptorFileTreeNode}s by the descriptor file path. Missing DescriptorFileTreeNodes will be added to this map. + * @param descriptorPaths a list of descriptor file paths that their matching components are in the path to the current node. + * @param addedDeps a map of all {@link DependencyNode}s already grouped to {@link DescriptorFileTreeNode}s. Newly grouped DependencyNodes will be added to this map. */ - private void visitDepTreeNode(Map dependencies, DepTree depTree, List path, + private void visitDepTreeNode(Map vulnerableDependencies, DepTree depTree, List path, Map descriptorNodes, List descriptorPaths, Map> addedDeps) { String compId = path.get(path.size() - 1); @@ -213,8 +213,8 @@ private void visitDepTreeNode(Map dependencies, DepTree innerDescriptorPaths = new ArrayList<>(descriptorPaths); innerDescriptorPaths.add(compNode.getDescriptorFilePath()); } - if (dependencies.containsKey(compId)) { - DependencyNode dependencyNode = dependencies.get(compId); + if (vulnerableDependencies.containsKey(compId)) { + DependencyNode dependencyNode = vulnerableDependencies.get(compId); addImpactPathToDependencyNode(dependencyNode, path); DepTreeNode parentCompNode = null; @@ -240,6 +240,7 @@ private void visitDepTreeNode(Map dependencies, DepTree // The solution for this is to clone the dependency before adding it as a child of the POM. DependencyNode clonedDep = (DependencyNode) dependencyNode.clone(); clonedDep.setIndirect(indirect); + descriptorNodes.get(descriptorPath).addDependency(clonedDep); addedDeps.get(descriptorPath).put(compId, clonedDep); } @@ -249,7 +250,7 @@ private void visitDepTreeNode(Map dependencies, DepTree List pathToChild = new ArrayList<>(path); pathToChild.add(childId); if (!path.contains(childId)) { - visitDepTreeNode(dependencies, depTree, pathToChild, descriptorNodes, innerDescriptorPaths, addedDeps); + visitDepTreeNode(vulnerableDependencies, depTree, pathToChild, descriptorNodes, innerDescriptorPaths, addedDeps); } } }