Added pr-branch support

Author: rohitcoder

src/main.rs

@@ -10,8 +10,8 @@ use utils::pipeline;
 async fn execute_scan(
     scan_type: &str,
     path: &str,
-    commit_id: Option<&str>,
-    branch: Option<&str>,
+    base_branch: Option<&str>,
+    pr_branch: Option<&str>,
     no_install: bool,
     root_only: bool,
     build_args: String,
@@ -30,8 +30,8 @@ async fn execute_scan(
         .execute_scan(
             scan_type,
             path,
-            commit_id,
-            branch,
+            base_branch,
+            pr_branch,
             no_install,
             root_only,
             build_args,
@@ -41,6 +41,7 @@ async fn execute_scan(
         )
         .await;
 }
+
 #[tokio::main]
 async fn main() {
     // Parse command-line arguments
@@ -53,12 +54,12 @@ async fn main() {
     let mut verbose = false;
     let mut path = String::new();
     let mut rule_path = String::new();
-    let mut commit_id = String::new();
+    let mut base_branch = String::new();
+    let mut pr_branch = String::new();
     let mut defectdojo_url = String::new();
     let mut defectdojo_token = String::new();
     let mut product_name = String::new();
     let mut engagement_name = String::new();
-    let mut branch = String::new();
     let mut policy_url = String::new();
     let mut build_args = String::new();
     let mut manifests = String::new();
@@ -82,15 +83,15 @@ async fn main() {
             Store,
             "Pass the path of the rules to use (Local Path or HTTP Git URL)",
         );
-        ap.refer(&mut commit_id).add_option(
-            &["-i", "--commit-id"],
+        ap.refer(&mut base_branch).add_option(
+            &["--branch"],
             Store,
-            "Pass the commit ID to scan (Optional)",
+            "Specify the base branch to scan or compare",
         );
-        ap.refer(&mut branch).add_option(
-            &["-b", "--branch"],
+        ap.refer(&mut pr_branch).add_option(
+            &["--pr-branch"],
             Store,
-            "Pass the branch name to scan (Optional)",
+            "Specify the PR branch to compare with the base branch (optional)",
         );
         ap.refer(&mut is_sast)
             .add_option(&["-s", "--sast"], StoreTrue, "Run SAST scan");
@@ -148,8 +149,11 @@ async fn main() {
             Store,
             "Pass the build context args to scan",
         );
-        ap.refer(&mut manifests)
-            .add_option(&["-m", "--manifests"], Store, "Pass the manifests pom.xml, requirements.txt etc to scan and we will look for only that kind of manifests");
+        ap.refer(&mut manifests).add_option(
+            &["-m", "--manifests"],
+            Store,
+            "Specify manifest files to scan",
+        );
         ap.refer(&mut slack_url).add_option(
             &["-k", "--slack-url"],
             Store,
@@ -174,20 +178,19 @@ async fn main() {
     if mongo_uri != "" {
         println!("[+] Found DbConnection, we will be using it for filtering out the results");
     }
+
+    let pr_branch_option = if pr_branch.is_empty() {
+        None
+    } else {
+        Some(pr_branch.as_str())
+    };
+
     if is_sast {
         execute_scan(
             "sast",
             &path,
-            if commit_id.is_empty() {
-                None
-            } else {
-                Some(&commit_id)
-            },
-            if branch.is_empty() {
-                None
-            } else {
-                Some(&branch)
-            },
+            Some(&base_branch),
+            pr_branch_option,
             no_install,
             root_only,
             build_args.clone(),
@@ -202,16 +205,8 @@ async fn main() {
         execute_scan(
             "sca",
             &path,
-            if commit_id.is_empty() {
-                None
-            } else {
-                Some(&commit_id)
-            },
-            if branch.is_empty() {
-                None
-            } else {
-                Some(&branch)
-            },
+            Some(&base_branch),
+            pr_branch_option,
             no_install,
             root_only,
             build_args.clone(),
@@ -226,16 +221,8 @@ async fn main() {
         execute_scan(
             "secret",
             &path,
-            if commit_id.is_empty() {
-                None
-            } else {
-                Some(&commit_id)
-            },
-            if branch.is_empty() {
-                None
-            } else {
-                Some(&branch)
-            },
+            Some(&base_branch),
+            pr_branch_option,
             no_install,
             root_only,
             build_args.clone(),
@@ -250,16 +237,8 @@ async fn main() {
         execute_scan(
             "license-compliance",
             &path,
-            if commit_id.is_empty() {
-                None
-            } else {
-                Some(&commit_id)
-            },
-            if branch.is_empty() {
-                None
-            } else {
-                Some(&branch)
-            },
+            Some(&base_branch),
+            pr_branch_option,
             no_install,
             root_only,
             build_args.clone(),
@@ -288,7 +267,6 @@ async fn main() {
             is_license_compliance,
             policy_url,
             slack_url,
-            commit_id,
             job_id,
             mongo_uri,
             defectdojo_url,

src/scans/scanner.rs

@@ -1,4 +1,6 @@
-use crate::scans::tools::{sast_tool::SastTool, sca_tool::ScaTool, secret_tool::SecretTool, license_tool::LicenseTool};
+use crate::scans::tools::{
+    license_tool::LicenseTool, sast_tool::SastTool, sca_tool::ScaTool, secret_tool::SecretTool,
+};
 
 pub struct ScanRunner {
     sast_tool: SastTool,
@@ -8,7 +10,12 @@ pub struct ScanRunner {
 }
 
 impl ScanRunner {
-    pub fn new(sast_tool: SastTool, sca_tool: ScaTool, secret_tool: SecretTool, license_tool: LicenseTool) -> Self {
+    pub fn new(
+        sast_tool: SastTool,
+        sca_tool: ScaTool,
+        secret_tool: SecretTool,
+        license_tool: LicenseTool,
+    ) -> Self {
         ScanRunner {
             sast_tool,
             sca_tool,
@@ -17,20 +24,43 @@ impl ScanRunner {
         }
     }
 
-    pub async fn execute_scan(&self, scan_type: &str, path: &str, commit_id: Option<&str>, branch: Option<&str>, no_install: bool, root_only:bool, build_args:String, manifests: String, rule_path: String, verbose: bool) {
-        if verbose {
-
-            if let Some(commit_id) = commit_id {
-                println!("Commit ID: {}", commit_id);
-            }else {
-                println!("Commit ID: None");
-            }
-        }
+    pub async fn execute_scan(
+        &self,
+        scan_type: &str,
+        path: &str,
+        branch: Option<&str>,
+        pr_branch: Option<&str>,
+        no_install: bool,
+        root_only: bool,
+        build_args: String,
+        manifests: String,
+        rule_path: String,
+        verbose: bool,
+    ) {
         match scan_type {
-            "sast" => self.sast_tool.run_scan(path, commit_id, branch, rule_path, verbose).await,
-            "sca" => self.sca_tool.run_scan(path, commit_id, branch, no_install, root_only, build_args, manifests, verbose).await,
-            "secret" => self.secret_tool.run_scan(path, commit_id, branch, verbose).await,
-            "license-compliance" => self.license_tool.run_scan(path, commit_id, branch, verbose).await,
+            "sast" => {
+                self.sast_tool
+                    .run_scan(path, branch, pr_branch, rule_path, verbose)
+                    .await
+            }
+            "sca" => {
+                self.sca_tool
+                    .run_scan(
+                        path, branch, pr_branch, no_install, root_only, build_args, manifests,
+                        verbose,
+                    )
+                    .await
+            }
+            "secret" => {
+                self.secret_tool
+                    .run_scan(path, branch, pr_branch, verbose)
+                    .await
+            }
+            "license-compliance" => {
+                self.license_tool
+                    .run_scan(path, branch, pr_branch, verbose)
+                    .await
+            }
             _ => println!("Invalid scan type: {}", scan_type),
         }
     }

src/scans/tools/sca_tool.rs

@@ -204,8 +204,8 @@ impl ScaTool {
     pub async fn run_scan(
         &self,
         _path: &str,
-        _commit_id: Option<&str>,
         _branch: Option<&str>,
+        pr_branch: Option<&str>,
         no_install: bool,
         root_only: bool,
         build_args: String,
@@ -215,8 +215,6 @@ impl ScaTool {
         let start_time = Instant::now();
         if verbose {
             println!("[+] Running SCA scan on path: {}", _path);
-            println!("[+] Commit ID: {}", _commit_id.unwrap_or("None"));
-            println!("[+] Branch: {}", _branch.unwrap_or("None"));
             println!("[+] Build args: {}", build_args.clone());
             println!("[+] Manifests: {}", manfiests.clone());
         }
@@ -245,25 +243,9 @@ impl ScaTool {
                 if verbose {
                     println!("[+] Cloning git repo...");
                 }
-                if let Some(_branch) = _branch {
-                    if _commit_id.is_some() {
-                        let branch = Some(_branch);
-                        let out = checkout(_path, "/tmp/app", _commit_id, branch);
-                        if out.is_err() {
-                            println!("Error while cloning: {}", out.err().unwrap());
-                        }
-                    } else {
-                        let branch = Some(_branch);
-                        let out = checkout(_path, "/tmp/app", None, branch);
-                        if out.is_err() {
-                            println!("Error while cloning: {}", out.err().unwrap());
-                        }
-                    }
-                } else {
-                    let out = checkout(_path, "/tmp/app", None, None);
-                    if out.is_err() {
-                        println!("Error while cloning: {}", out.err().unwrap());
-                    }
+                let out = checkout(_path, "/tmp/app", _branch, pr_branch);
+                if out.is_err() {
+                    println!("Error while cloning: {}", out.err().unwrap());
                 }
             } else {
                 if verbose {

src/scans/tools/secret_tool.rs

@@ -14,8 +14,8 @@ impl SecretTool {
     pub async fn run_scan(
         &self,
         _path: &str,
-        _commit_id: Option<&str>,
         _branch: Option<&str>,
+        pr_branch: Option<&str>,
         verbose: bool,
     ) {
         let start_time = Instant::now();
@@ -24,25 +24,9 @@ impl SecretTool {
                 if verbose {
                     println!("[+] Cloning git repo...");
                 }
-                if let Some(_branch) = _branch {
-                    if _commit_id.is_some() {
-                        let branch = Some(_branch);
-                        let out = checkout(_path, "/tmp/app", _commit_id, branch);
-                        if out.is_err() {
-                            println!("Error while cloning: {}", out.err().unwrap());
-                        }
-                    } else {
-                        let branch = Some(_branch);
-                        let out = checkout(_path, "/tmp/app", None, branch);
-                        if out.is_err() {
-                            println!("Error while cloning: {}", out.err().unwrap());
-                        }
-                    }
-                } else {
-                    let out = checkout(_path, "/tmp/app", None, None);
-                    if out.is_err() {
-                        println!("Error while cloning: {}", out.err().unwrap());
-                    }
+                let out = checkout(_path, "/tmp/app", _branch, pr_branch);
+                if out.is_err() {
+                    println!("Error while cloning: {}", out.err().unwrap());
                 }
             } else {
                 if verbose {