CM-44581 gradle - support restore projects and by selecting specific project

morsa4406 · morsa4406 · commit 1656ec6bbdf2 · 2025-02-18T16:58:00.000+02:00
diff --git a/cycode/cli/commands/scan/scan_command.py b/cycode/cli/commands/scan/scan_command.py
@@ -12,7 +12,7 @@
 from cycode.cli.consts import (
     ISSUE_DETECTED_STATUS_CODE,
     NO_ISSUES_STATUS_CODE,
-    SCA_SKIP_RESTORE_DEPENDENCIES_FLAG,
+    SCA_SKIP_RESTORE_DEPENDENCIES_FLAG, SCA_GRADLE_ALL_SUB_PROJECTS_FLAG,
 )
 from cycode.cli.models import Severity
 from cycode.cli.sentry import add_breadcrumb
@@ -109,6 +109,14 @@
     type=bool,
     required=False,
 )
+@click.option(
+    f'--{SCA_GRADLE_ALL_SUB_PROJECTS_FLAG}',
+    is_flag=True,
+    default=False,
+    help='When specified, Cycode will run gradle restore command for all sub projects. Should run from root project directory ONLY!',
+    type=bool,
+    required=False,
+)
 @click.pass_context
 def scan_command(
     context: click.Context,
@@ -123,6 +131,7 @@ def scan_command(
     report: bool,
     no_restore: bool,
     sync: bool,
+    gradle_all_sub_projects: bool
 ) -> int:
     """Scans for Secrets, IaC, SCA or SAST violations."""
     add_breadcrumb('scan')
@@ -144,6 +153,7 @@ def scan_command(
     context.obj['monitor'] = monitor
     context.obj['report'] = report
     context.obj[SCA_SKIP_RESTORE_DEPENDENCIES_FLAG] = no_restore
+    context.obj[SCA_GRADLE_ALL_SUB_PROJECTS_FLAG] = gradle_all_sub_projects
 
     _sca_scan_to_context(context, sca_scan)
 
diff --git a/cycode/cli/consts.py b/cycode/cli/consts.py
@@ -222,3 +222,4 @@
 SCA_SHORTCUT_DEPENDENCY_PATHS = 2
 
 SCA_SKIP_RESTORE_DEPENDENCIES_FLAG = 'no-restore'
+SCA_GRADLE_ALL_SUB_PROJECTS_FLAG = 'gradle-all-sub-projects'
diff --git a/cycode/cli/files_collector/sca/maven/restore_gradle_dependencies.py b/cycode/cli/files_collector/sca/maven/restore_gradle_dependencies.py
@@ -1,28 +1,58 @@
 import os
-from typing import List
+import re
+from typing import List, Set, Optional
 
 import click
 
+from cycode.cli.consts import SCA_GRADLE_ALL_SUB_PROJECTS_FLAG
 from cycode.cli.files_collector.sca.base_restore_dependencies import BaseRestoreDependencies
 from cycode.cli.models import Document
+from cycode.cli.utils.shell_executor import shell
 
 BUILD_GRADLE_FILE_NAME = 'build.gradle'
 BUILD_GRADLE_KTS_FILE_NAME = 'build.gradle.kts'
 BUILD_GRADLE_DEP_TREE_FILE_NAME = 'gradle-dependencies-generated.txt'
+BUILD_GRADLE_ALL_PROJECTS_TIMEOUT = 180
+BUILD_GRADLE_ALL_PROJECTS_COMMAND = ['gradle', 'projects']
+ALL_PROJECTS_REGEX = r"[+-]{3} Project '(.*?)'"
 
 
 class RestoreGradleDependencies(BaseRestoreDependencies):
-    def __init__(self, context: click.Context, is_git_diff: bool, command_timeout: int) -> None:
+    def __init__(self, context: click.Context, is_git_diff: bool, command_timeout: int,
+                 projects: Set[str] = set()) -> None:
         super().__init__(context, is_git_diff, command_timeout, create_output_file_manually=True)
+        self.projects = projects
+        self.projects = self.get_all_projects() if self.is_gradle_sub_projects() else set()
+
+    def is_gradle_sub_projects(self):
+        return self.context.obj.get(SCA_GRADLE_ALL_SUB_PROJECTS_FLAG)
 
     def is_project(self, document: Document) -> bool:
         return document.path.endswith(BUILD_GRADLE_FILE_NAME) or document.path.endswith(BUILD_GRADLE_KTS_FILE_NAME)
 
     def get_commands(self, manifest_file_path: str) -> List[List[str]]:
-        return [['gradle', 'dependencies', '-b', manifest_file_path, '-q', '--console', 'plain']]
+        return self.get_commands_for_sub_projects(manifest_file_path) if self.is_gradle_sub_projects() else [
+            ['gradle', 'dependencies', '-b', manifest_file_path, '-q', '--console', 'plain']]
 
     def get_lock_file_name(self) -> str:
         return BUILD_GRADLE_DEP_TREE_FILE_NAME
 
     def verify_restore_file_already_exist(self, restore_file_path: str) -> bool:
         return os.path.isfile(restore_file_path)
+
+    def get_working_directory(self, document: Document) -> Optional[str]:
+        return self.context.params.get('paths')[0] if self.is_gradle_sub_projects() else None
+
+    def get_all_projects(self) -> List[str]:
+        projects_output = shell(command=BUILD_GRADLE_ALL_PROJECTS_COMMAND, timeout=BUILD_GRADLE_ALL_PROJECTS_TIMEOUT,
+                                working_directory=self.context.params.get('paths')[0])
+
+        projects = re.findall(ALL_PROJECTS_REGEX, projects_output)
+
+        return set(projects)
+
+    def get_commands_for_sub_projects(self, manifest_file_path: str) -> List[List[str]]:
+        project_name = os.path.basename(os.path.dirname(manifest_file_path))
+        project_name = f':{project_name}'
+        return [['gradle', f'{project_name}:dependencies', '-q', '--console',
+                 'plain']] if project_name in self.projects else []

Original file line number	Diff line number	Diff line change
`@@ -222,3 +222,4 @@`
`222`	`222`	`SCA_SHORTCUT_DEPENDENCY_PATHS = 2`
`223`	`223`
`224`	`224`	`SCA_SKIP_RESTORE_DEPENDENCIES_FLAG = 'no-restore'`
	`225`	`+SCA_GRADLE_ALL_SUB_PROJECTS_FLAG = 'gradle-all-sub-projects'`