From 182e837a08dcdfc3e8a7b3a667fdf2ab92d79cd4 Mon Sep 17 00:00:00 2001
From: Eyal Kapon <eyalk@jfrog.com>
Date: Sun, 27 Oct 2024 14:23:07 +0200
Subject: [PATCH] checking all cves in applicability scan

---
 .../ide/idea/scan/SourceCodeScannerManager.java   | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/src/main/java/com/jfrog/ide/idea/scan/SourceCodeScannerManager.java b/src/main/java/com/jfrog/ide/idea/scan/SourceCodeScannerManager.java
index 071df92c..1649a2c4 100644
--- a/src/main/java/com/jfrog/ide/idea/scan/SourceCodeScannerManager.java
+++ b/src/main/java/com/jfrog/ide/idea/scan/SourceCodeScannerManager.java
@@ -90,16 +90,14 @@ public List<FileTreeNode> applicabilityScan(ProgressIndicator indicator, Collect
             return Collections.emptyList();
         }
         List<JFrogSecurityWarning> scanResults = new ArrayList<>();
-        Map<String, List<VulnerabilityNode>> issuesMap = mapDirectIssuesByCve(fileTreeNodes);
-
+        Map<String, List<VulnerabilityNode>> issuesMap = mapIssuesByCve(fileTreeNodes);
         try {
             if (applicability.isPackageTypeSupported(packageType)) {
                 indicator.setText("Running applicability scan");
                 indicator.setFraction(0.25);
-                Set<String> directIssuesCVEs = issuesMap.keySet();
-                // If no direct dependencies with issues are found by Xray, the applicability scan is irrelevant.
-                if (!directIssuesCVEs.isEmpty()) {
-                    List<JFrogSecurityWarning> applicabilityResults = applicability.execute(createBasicScannerInput().cves(List.copyOf(directIssuesCVEs)), checkCanceled, indicator);
+                Set<String> issuesCVEs = issuesMap.keySet();
+                if (!issuesCVEs.isEmpty()) {
+                    List<JFrogSecurityWarning> applicabilityResults = applicability.execute(createBasicScannerInput().cves(List.copyOf(issuesCVEs)), checkCanceled, indicator);
                     scanResults.addAll(applicabilityResults);
                 }
             }
@@ -294,14 +292,11 @@ public static List<String> convertToSkippedFolders(String excludePattern) {
      * @param fileTreeNodes collection of FileTreeNodes.
      * @return a map of CVE IDs to lists of issues with them.
      */
-    private Map<String, List<VulnerabilityNode>> mapDirectIssuesByCve(Collection<FileTreeNode> fileTreeNodes) {
+    private Map<String, List<VulnerabilityNode>> mapIssuesByCve(Collection<FileTreeNode> fileTreeNodes) {
         Map<String, List<VulnerabilityNode>> issues = new HashMap<>();
         for (FileTreeNode fileTreeNode : fileTreeNodes) {
             for (TreeNode treeNode : fileTreeNode.getChildren()) {
                 DependencyNode dep = (DependencyNode) treeNode;
-                if (dep.isIndirect()) {
-                    continue;
-                }
                 Enumeration<TreeNode> treeNodeEnumeration = dep.children();
                 while (treeNodeEnumeration.hasMoreElements()) {
                     TreeNode node = treeNodeEnumeration.nextElement();