fix code review issues

refoo0 · refoo0 · commit 0fc2d5d76040 · 2025-07-29T16:54:25.000+02:00
Signed-off-by: Rafi &lt;refaei.shikho@hotmail.com&gt;
diff --git a/internal/common/integrations_obj.go b/internal/common/integrations_obj.go
@@ -20,7 +20,6 @@ type WebhookIntegrationDTO struct {
 	Name        string `json:"name"`
 	Description string `json:"description"`
 	URL         string `json:"url"`
-	Secret      string `json:"secret"`
 	SbomEnabled bool   `json:"sbomEnabled"`
 	VulnEnabled bool   `json:"vulnEnabled"`
 }
diff --git a/internal/core/assetversion/asset_version_service.go b/internal/core/assetversion/asset_version_service.go
@@ -95,7 +95,7 @@ func preferMarkdown(text common.Text) string {
 	return text.Text
 }
 
-func (s *service) HandleFirstPartyVulnResult(asset models.Asset, assetVersion *models.AssetVersion, sarifScan common.SarifResult, scannerID string, userID string) (int, int, []models.FirstPartyVuln, error) {
+func (s *service) HandleFirstPartyVulnResult(org models.Org, project models.Project, asset models.Asset, assetVersion *models.AssetVersion, sarifScan common.SarifResult, scannerID string, userID string) (int, int, []models.FirstPartyVuln, error) {
 
 	firstPartyVulnerabilities := []models.FirstPartyVuln{}
 
@@ -152,7 +152,7 @@ func (s *service) HandleFirstPartyVulnResult(asset models.Asset, assetVersion *m
 		return f.CalculateHash()
 	})
 
-	amountOpened, amountClosed, amountExisting, err := s.handleFirstPartyVulnResult(userID, scannerID, assetVersion, firstPartyVulnerabilities, asset)
+	amountOpened, amountClosed, amountExisting, err := s.handleFirstPartyVulnResult(userID, scannerID, assetVersion, firstPartyVulnerabilities, asset, org, project)
 	if err != nil {
 		return 0, 0, []models.FirstPartyVuln{}, err
 	}
@@ -166,7 +166,7 @@ func (s *service) HandleFirstPartyVulnResult(asset models.Asset, assetVersion *m
 	return amountOpened, amountClosed, amountExisting, nil
 }
 
-func (s *service) handleFirstPartyVulnResult(userID string, scannerID string, assetVersion *models.AssetVersion, vulns []models.FirstPartyVuln, asset models.Asset) (int, int, []models.FirstPartyVuln, error) {
+func (s *service) handleFirstPartyVulnResult(userID string, scannerID string, assetVersion *models.AssetVersion, vulns []models.FirstPartyVuln, asset models.Asset, org models.Org, project models.Project) (int, int, []models.FirstPartyVuln, error) {
 	// get all existing vulns from the database - this is the old state
 	existingVulns, err := s.firstPartyVulnRepository.ListByScanner(assetVersion.Name, assetVersion.AssetID, scannerID)
 	if err != nil {
@@ -209,21 +209,10 @@ func (s *service) handleFirstPartyVulnResult(userID string, scannerID string, as
 			return
 		}
 
-		pro, err := s.projectRepository.GetProjectByAssetID(asset.ID)
-		if err != nil {
-			slog.Error("could not get project by asset ID", "err", err)
-			return
-		}
-		org, err := s.orgRepository.Read(pro.OrganizationID)
-		if err != nil {
-			slog.Error("could not get organization by ID", "err", err)
-			return
-		}
-
 		if err = s.thirdPartyIntegration.HandleEvent(core.FirstPartyVulnsDetectedEvent{
 			AssetVersion: core.ToAssetVersionObject(*assetVersion),
 			Asset:        core.ToAssetObject(asset),
-			Project:      core.ToProjectObject(pro),
+			Project:      core.ToProjectObject(project),
 			Org:          core.ToOrgObject(org),
 			Vulns:        utils.Map(newVulns, vuln.FirstPartyVulnToDto),
 		}); err != nil {
@@ -234,7 +223,7 @@ func (s *service) handleFirstPartyVulnResult(userID string, scannerID string, as
 	return len(newVulns), len(fixedVulns), append(newVulns, comparison.InBoth...), nil
 }
 
-func (s *service) HandleScanResult(asset models.Asset, assetVersion *models.AssetVersion, vulns []models.VulnInPackage, scannerID string, userID string) (opened []models.DependencyVuln, closed []models.DependencyVuln, newState []models.DependencyVuln, err error) {
+func (s *service) HandleScanResult(org models.Org, project models.Project, asset models.Asset, assetVersion *models.AssetVersion, vulns []models.VulnInPackage, scannerID string, userID string) (opened []models.DependencyVuln, closed []models.DependencyVuln, newState []models.DependencyVuln, err error) {
 
 	// create dependencyVulns out of those vulnerabilities
 	dependencyVulns := []models.DependencyVuln{}
@@ -293,22 +282,11 @@ func (s *service) HandleScanResult(asset models.Asset, assetVersion *models.Asse
 		if len(opened) == 0 {
 			return
 		}
-		pro, err := s.projectRepository.GetProjectByAssetID(asset.ID)
-		if err != nil {
-			slog.Error("could not get project by asset ID", "err", err)
-			return
-		}
-
-		org, err := s.orgRepository.Read(pro.OrganizationID)
-		if err != nil {
-			slog.Error("could not get organization by ID", "err", err)
-			return
-		}
 
 		if err = s.thirdPartyIntegration.HandleEvent(core.DependencyVulnsDetectedEvent{
 			AssetVersion: core.ToAssetVersionObject(*assetVersion),
 			Asset:        core.ToAssetObject(asset),
-			Project:      core.ToProjectObject(pro),
+			Project:      core.ToProjectObject(project),
 			Org:          core.ToOrgObject(org),
 
 			Vulns: utils.Map(opened, vuln.DependencyVulnToDto),
@@ -483,7 +461,7 @@ func buildBomRefMap(bom normalize.SBOM) map[string]cdx.Component {
 	return res
 }
 
-func (s *service) UpdateSBOM(assetVersion models.AssetVersion, scannerID string, sbom normalize.SBOM) error {
+func (s *service) UpdateSBOM(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, scannerID string, sbom normalize.SBOM) error {
 
 	sbomUpdated := false
 
@@ -603,28 +581,11 @@ func (s *service) UpdateSBOM(assetVersion models.AssetVersion, scannerID string,
 	go func(sbomUpdated bool) {
 
 		if sbomUpdated {
-			asset, err := s.assetRepository.Read(assetVersion.AssetID)
-			if err != nil {
-				slog.Error("could not read asset", "assetID", assetVersion.AssetID, "err", err)
-				return
-			}
-
-			pro, err := s.projectRepository.GetProjectByAssetID(asset.ID)
-			if err != nil {
-				slog.Error("could not get project by asset ID", "err", err)
-				return
-			}
-
-			org, err := s.orgRepository.Read(pro.OrganizationID)
-			if err != nil {
-				slog.Error("could not get organization by ID", "err", err)
-				return
-			}
 
 			if err = s.thirdPartyIntegration.HandleEvent(core.SBOMCreatedEvent{
 				AssetVersion: core.ToAssetVersionObject(assetVersion),
 				Asset:        core.ToAssetObject(asset),
-				Project:      core.ToProjectObject(pro),
+				Project:      core.ToProjectObject(project),
 				Org:          core.ToOrgObject(org),
 				SBOM:         sbom.GetCdxBom(),
 			}); err != nil {
diff --git a/internal/core/common_interfaces.go b/internal/core/common_interfaces.go
@@ -251,9 +251,9 @@ type AssetVersionService interface {
 	BuildSBOM(assetVersion models.AssetVersion, version, orgName string, components []models.ComponentDependency) *cdx.BOM
 	BuildVeX(asset models.Asset, assetVersion models.AssetVersion, orgName string, dependencyVulns []models.DependencyVuln) *cdx.BOM
 	GetAssetVersionsByAssetID(assetID uuid.UUID) ([]models.AssetVersion, error)
-	HandleFirstPartyVulnResult(asset models.Asset, assetVersion *models.AssetVersion, sarifScan common.SarifResult, scannerID string, userID string) (int, int, []models.FirstPartyVuln, error)
-	UpdateSBOM(assetVersion models.AssetVersion, scannerID string, sbom normalize.SBOM) error
-	HandleScanResult(asset models.Asset, assetVersion *models.AssetVersion, vulns []models.VulnInPackage, scannerID string, userID string) (opened []models.DependencyVuln, closed []models.DependencyVuln, newState []models.DependencyVuln, err error)
+	HandleFirstPartyVulnResult(org models.Org, project models.Project, asset models.Asset, assetVersion *models.AssetVersion, sarifScan common.SarifResult, scannerID string, userID string) (int, int, []models.FirstPartyVuln, error)
+	UpdateSBOM(org models.Org, project models.Project, asset models.Asset, assetVersion models.AssetVersion, scannerID string, sbom normalize.SBOM) error
+	HandleScanResult(org models.Org, project models.Project, asset models.Asset, assetVersion *models.AssetVersion, vulns []models.VulnInPackage, scannerID string, userID string) (opened []models.DependencyVuln, closed []models.DependencyVuln, newState []models.DependencyVuln, err error)
 	BuildOpenVeX(asset models.Asset, assetVersion models.AssetVersion, organizationSlug string, dependencyVulns []models.DependencyVuln) vex.VEX
 }
 
diff --git a/internal/core/integrations/integration_controller.go b/internal/core/integrations/integration_controller.go
@@ -132,7 +132,7 @@ func (c *integrationController) TestAndSaveWebhookIntegration(ctx core.Context)
 		return ctx.JSON(404, "Webhook integration not enabled")
 	}
 
-	if err := wh.(*webhook.WebhookIntegration).TestAndSave(ctx); err != nil {
+	if err := wh.(*webhook.WebhookIntegration).Save(ctx); err != nil {
 		slog.Error("could not test GitLab integration", "err", err)
 		return err
 	}
diff --git a/internal/core/integrations/webhook/webhook_client.go b/internal/core/integrations/webhook/webhook_client.go
@@ -58,7 +58,7 @@ func (c *webhookClient) CreateRequest(method, url string, body io.Reader) (*http
 	}
 
 	if c.Secret != nil {
-		req.Header.Set("X-DevGuard-Token", *c.Secret)
+		req.Header.Set("X-Webhook-Secret", *c.Secret)
 	}
 
 	req.Header.Set("Content-Type", "application/json")
diff --git a/internal/core/integrations/webhook/webhook_integration.go b/internal/core/integrations/webhook/webhook_integration.go
@@ -98,12 +98,11 @@ func (w *WebhookIntegration) Update(ctx core.Context) error {
 		Name:        *webhookIntegration.Name,
 		Description: *webhookIntegration.Description,
 		URL:         webhookIntegration.URL,
-		Secret:      *webhookIntegration.Secret,
 		SbomEnabled: webhookIntegration.SbomEnabled,
 		VulnEnabled: webhookIntegration.VulnEnabled,
 	})
 }
-func (w *WebhookIntegration) TestAndSave(ctx core.Context) error {
+func (w *WebhookIntegration) Save(ctx core.Context) error {
 	var data struct {
 		Name        string `json:"name"`
 		Description string `json:"description"`
@@ -148,7 +147,6 @@ func (w *WebhookIntegration) TestAndSave(ctx core.Context) error {
 		Name:        *webhookIntegration.Name,
 		Description: *webhookIntegration.Description,
 		URL:         webhookIntegration.URL,
-		Secret:      *webhookIntegration.Secret,
 		SbomEnabled: webhookIntegration.SbomEnabled,
 		VulnEnabled: webhookIntegration.VulnEnabled,
 	})
diff --git a/internal/core/org/org_dto.go b/internal/core/org/org_dto.go
@@ -212,7 +212,6 @@ func obfuscateWebhookIntegrations(integration models.WebhookIntegration) common.
 		Name:        *integration.Name,
 		Description: *integration.Description,
 		URL:         integration.URL,
-		Secret:      *integration.Secret,
 		SbomEnabled: integration.SbomEnabled,
 		VulnEnabled: integration.VulnEnabled,
 	}
diff --git a/internal/core/project/project_controller.go b/internal/core/project/project_controller.go
@@ -302,7 +302,6 @@ func (projectController *controller) getWebhooks(c core.Context) ([]common.Webho
 			Name:        *w.Name,
 			Description: *w.Description,
 			URL:         w.URL,
-			Secret:      *w.Secret,
 			SbomEnabled: w.SbomEnabled,
 			VulnEnabled: w.VulnEnabled,
 		}
diff --git a/internal/core/vulndb/scan/scan_controller.go b/internal/core/vulndb/scan/scan_controller.go
@@ -113,7 +113,7 @@ func (s *HTTPController) DependencyVulnScan(c core.Context, bom normalize.SBOM)
 	}
 
 	// update the sbom in the database in parallel
-	err = s.assetVersionService.UpdateSBOM(assetVersion, scannerID, normalizedBom)
+	err = s.assetVersionService.UpdateSBOM(org, project, asset, assetVersion, scannerID, normalizedBom)
 	if err != nil {
 		slog.Error("could not update sbom", "err", err)
 		return scanResults, err
@@ -133,7 +133,7 @@ func (s *HTTPController) ScanNormalizedSBOM(org models.Org, project models.Proje
 	}
 
 	// handle the scan result
-	opened, closed, newState, err := s.assetVersionService.HandleScanResult(asset, &assetVersion, vulns, scannerID, userID)
+	opened, closed, newState, err := s.assetVersionService.HandleScanResult(org, project, asset, &assetVersion, vulns, scannerID, userID)
 	if err != nil {
 		slog.Error("could not handle scan result", "err", err)
 		return scanResults, err
@@ -183,6 +183,9 @@ func (s *HTTPController) FirstPartyVulnScan(c core.Context) error {
 		return err
 	}
 
+	org := core.GetOrg(c)
+	project := core.GetProject(c)
+
 	asset := core.GetAsset(c)
 	userID := core.GetSession(c).GetUserID()
 
@@ -211,7 +214,7 @@ func (s *HTTPController) FirstPartyVulnScan(c core.Context) error {
 	}
 
 	// handle the scan result
-	amountOpened, amountClose, newState, err := s.assetVersionService.HandleFirstPartyVulnResult(asset, &assetVersion, sarifScan, scannerID, userID)
+	amountOpened, amountClose, newState, err := s.assetVersionService.HandleFirstPartyVulnResult(org, project, asset, &assetVersion, sarifScan, scannerID, userID)
 	if err != nil {
 		slog.Error("could not handle scan result", "err", err)
 		return c.JSON(500, map[string]string{"error": "could not handle scan result"})

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,6 @@ type WebhookIntegrationDTO struct {`
`20`	`20`	Name string `json:"name"`
`21`	`21`	Description string `json:"description"`
`22`	`22`	URL string `json:"url"`
`23`		- Secret string `json:"secret"`
`24`	`23`	SbomEnabled bool `json:"sbomEnabled"`
`25`	`24`	VulnEnabled bool `json:"vulnEnabled"`
`26`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ func (c *integrationController) TestAndSaveWebhookIntegration(ctx core.Context)`
`132`	`132`	`return ctx.JSON(404, "Webhook integration not enabled")`
`133`	`133`	`}`
`134`	`134`
`135`		`- if err := wh.(*webhook.WebhookIntegration).TestAndSave(ctx); err != nil {`
	`135`	`+ if err := wh.(*webhook.WebhookIntegration).Save(ctx); err != nil {`
`136`	`136`	`slog.Error("could not test GitLab integration", "err", err)`
`137`	`137`	`return err`
`138`	`138`	`}`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ func (c webhookClient) CreateRequest(method, url string, body io.Reader) (http`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`if c.Secret != nil {`
`61`		`- req.Header.Set("X-DevGuard-Token", *c.Secret)`
	`61`	`+ req.Header.Set("X-Webhook-Secret", *c.Secret)`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`req.Header.Set("Content-Type", "application/json")`
Original file line number	Diff line number	Diff line change
`@@ -212,7 +212,6 @@ func obfuscateWebhookIntegrations(integration models.WebhookIntegration) common.`
`212`	`212`	`Name: *integration.Name,`
`213`	`213`	`Description: *integration.Description,`
`214`	`214`	`URL: integration.URL,`
`215`		`- Secret: *integration.Secret,`
`216`	`215`	`SbomEnabled: integration.SbomEnabled,`
`217`	`216`	`VulnEnabled: integration.VulnEnabled,`
`218`	`217`	`}`
Original file line number	Diff line number	Diff line change
`@@ -302,7 +302,6 @@ func (projectController *controller) getWebhooks(c core.Context) ([]common.Webho`
`302`	`302`	`Name: *w.Name,`
`303`	`303`	`Description: *w.Description,`
`304`	`304`	`URL: w.URL,`
`305`		`- Secret: *w.Secret,`
`306`	`305`	`SbomEnabled: w.SbomEnabled,`
`307`	`306`	`VulnEnabled: w.VulnEnabled,`
`308`	`307`	`}`