Merge pull request #1098 from Checkmarx/feature/elchanan/add-sca-dependency-types

Add dev and test dependency flags to SCA results (AST-80203)

Author: cx-elchanan-arbiv

internal/commands/result.go

@@ -1536,11 +1536,13 @@ func parseScaExportPackage(packages []wrappers.ScaPackage) *[]wrappers.ScaPackag
 	for _, pkg := range packages {
 		pkg := pkg
 		scaPackages = append(scaPackages, wrappers.ScaPackageCollection{
-			ID:                  pkg.ID,
-			Locations:           pkg.Locations,
-			DependencyPathArray: parsePackagePathToDependencyPath(&pkg),
-			Outdated:            pkg.Outdated,
-			IsDirectDependency:  pkg.IsDirectDependency,
+			ID:                      pkg.ID,
+			Locations:               pkg.Locations,
+			DependencyPathArray:     parsePackagePathToDependencyPath(&pkg),
+			Outdated:                pkg.Outdated,
+			IsDirectDependency:      pkg.IsDirectDependency,
+			IsDevelopmentDependency: pkg.IsDevelopmentDependency,
+			IsTestDependency:        pkg.IsTestDependency,
 		})
 	}
 	return &scaPackages

internal/commands/result_test.go

@@ -1565,3 +1565,67 @@ func TestRiskManagementHelp(t *testing.T) {
 func TestRiskManagement(t *testing.T) {
 	execCmdNilAssertion(t, "results", "risk-management")
 }
+
+func Test_addPackageInformation_DependencyTypes(t *testing.T) {
+	// Create dependency paths with different types
+	var dependencyPaths = [][]wrappers.DependencyPath{
+		{{
+			ID:            "dev-pkg",
+			IsDevelopment: true,
+		}},
+		{{
+			ID:            "test-pkg",
+			IsDevelopment: false,
+		}},
+	}
+
+	// Create results model with two results - one dev and one test
+	resultsModel := &wrappers.ScanResultsCollection{
+		Results: []*wrappers.ScanResult{
+			{
+				Type: "sca",
+				ScanResultData: wrappers.ScanResultData{
+					PackageIdentifier: "dev-pkg",
+				},
+			},
+			{
+				Type: "sca",
+				ScanResultData: wrappers.ScanResultData{
+					PackageIdentifier: "test-pkg",
+				},
+			},
+		},
+	}
+
+	// Create package model with different dev/test settings
+	scaPackageModel := &[]wrappers.ScaPackageCollection{
+		{
+			ID:                      "dev-pkg",
+			DependencyPathArray:     dependencyPaths[:1],
+			IsDevelopmentDependency: true,
+			IsTestDependency:        false,
+		},
+		{
+			ID:                      "test-pkg",
+			DependencyPathArray:     dependencyPaths[1:],
+			IsDevelopmentDependency: false,
+			IsTestDependency:        true,
+		},
+	}
+
+	scaTypeModel := &[]wrappers.ScaTypeCollection{{}}
+
+	// Execute the function
+	resultsModel = addPackageInformation(resultsModel, scaPackageModel, scaTypeModel)
+
+	// Get the results
+	devPackage := resultsModel.Results[0].ScanResultData.ScaPackageCollection
+	testPackage := resultsModel.Results[1].ScanResultData.ScaPackageCollection
+
+	// Verify the fields were transferred correctly
+	assert.Equal(t, true, devPackage.IsDevelopmentDependency, "First package should be marked as development dependency")
+	assert.Equal(t, false, devPackage.IsTestDependency, "First package should not be marked as test dependency")
+
+	assert.Equal(t, false, testPackage.IsDevelopmentDependency, "Second package should not be marked as development dependency")
+	assert.Equal(t, true, testPackage.IsTestDependency, "Second package should be marked as test dependency")
+}

internal/wrappers/export.go

@@ -20,6 +20,7 @@ type ScaPackage struct {
 	Outdated                bool            `json:"Outdated,omitempty"`
 	IsDirectDependency      bool            `json:"IsDirectDependency"`
 	IsDevelopmentDependency bool            `json:"IsDevelopmentDependency"`
+	IsTestDependency        bool            `json:"IsTestDependency"`
 	SupportsQuickFix        bool
 	FixLink                 string
 	TypeOfDependency        string

internal/wrappers/results-sca-package.go

@@ -1,15 +1,17 @@
 package wrappers
 
 type ScaPackageCollection struct {
-	ID                  string             `json:"id,omitempty"`
-	FixLink             string             `json:"fixLink,omitempty"`
-	BestPackageLink     string             `json:"bestPackageLink,omitempty"`
-	Locations           []*string          `json:"locations,omitempty"`
-	DependencyPathArray [][]DependencyPath `json:"dependencyPaths,omitempty"`
-	Outdated            bool               `json:"outdated,omitempty"`
-	SupportsQuickFix    bool               `json:"supportsQuickFix"`
-	IsDirectDependency  bool               `json:"isDirectDependency"`
-	TypeOfDependency    string             `json:"typeOfDependency"`
+	ID                      string             `json:"id,omitempty"`
+	FixLink                 string             `json:"fixLink,omitempty"`
+	BestPackageLink         string             `json:"bestPackageLink,omitempty"`
+	Locations               []*string          `json:"locations,omitempty"`
+	DependencyPathArray     [][]DependencyPath `json:"dependencyPaths,omitempty"`
+	Outdated                bool               `json:"outdated,omitempty"`
+	SupportsQuickFix        bool               `json:"supportsQuickFix"`
+	IsDirectDependency      bool               `json:"isDirectDependency"`
+	TypeOfDependency        string             `json:"typeOfDependency"`
+	IsDevelopmentDependency bool               `json:"isDevelopmentDependency"`
+	IsTestDependency        bool               `json:"isTestDependency"`
 }
 
 type DependencyPath struct {