From e8dc477e6e3ab586ce638cd6ba3bc0e261bd0b96 Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Mon, 5 Jan 2026 15:40:31 +0530 Subject: [PATCH 01/10] - Added fallback mechanism of container engine location for IAC scan --- .../iacrealtime/container-manager.go | 14 +++++++++++++- .../realtimeengine/iacrealtime/iac-realtime.go | 13 +++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/internal/services/realtimeengine/iacrealtime/container-manager.go b/internal/services/realtimeengine/iacrealtime/container-manager.go index f8bdc5d99..8507d2bb8 100644 --- a/internal/services/realtimeengine/iacrealtime/container-manager.go +++ b/internal/services/realtimeengine/iacrealtime/container-manager.go @@ -1,11 +1,12 @@ package iacrealtime import ( + "github.com/google/uuid" "os/exec" + "strings" "github.com/checkmarx/ast-cli/internal/commands/util" commonParams "github.com/checkmarx/ast-cli/internal/params" - "github.com/google/uuid" "github.com/spf13/viper" ) @@ -42,5 +43,16 @@ func (dm *ContainerManager) RunKicsContainer(engine, volumeMap string) error { } _, err := exec.Command(engine, args...).CombinedOutput() + + var msg string + if err != nil { + msg = err.Error() + if strings.Contains(msg, util.InvalidEngineError) { + enginePath, err := checkEnginePresentInPath(engine) + if err != nil { + _, err = exec.Command(enginePath, args...).CombinedOutput() + } + } + } return err } diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime.go b/internal/services/realtimeengine/iacrealtime/iac-realtime.go index 2e2faf120..155ea482d 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime.go @@ -3,11 +3,11 @@ package iacrealtime import ( "encoding/json" "fmt" - "os" - errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" "github.com/checkmarx/ast-cli/internal/services/realtimeengine" "github.com/checkmarx/ast-cli/internal/wrappers" + "os" + "path/filepath" ) type IacRealtimeService struct { @@ -136,3 +136,12 @@ func (svc *IacRealtimeService) validateFilePath(filePath string) error { } return nil } + +func checkEnginePresentInPath(engineName string) (string, error) { + fallbackPath := filepath.Join("/usr/local/bin", engineName) + info, err := os.Stat(fallbackPath) + if err == nil && !info.IsDir() { + return fallbackPath, nil + } + return "", fmt.Errorf(engineName + " not found in PATH or /usr/local/bin") +} From ecc7bc8f9bbe268d686f8546c539c0d4da5d9602 Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Mon, 5 Jan 2026 22:51:44 +0530 Subject: [PATCH 02/10] - Modified fallback mechanism of container engine location for IAC scan --- .../iacrealtime/container-manager.go | 23 ++++++------------- .../iacrealtime/iac-realtime.go | 9 ++++++-- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/internal/services/realtimeengine/iacrealtime/container-manager.go b/internal/services/realtimeengine/iacrealtime/container-manager.go index 8507d2bb8..36d6e4fbf 100644 --- a/internal/services/realtimeengine/iacrealtime/container-manager.go +++ b/internal/services/realtimeengine/iacrealtime/container-manager.go @@ -1,13 +1,11 @@ package iacrealtime import ( - "github.com/google/uuid" - "os/exec" - "strings" - "github.com/checkmarx/ast-cli/internal/commands/util" commonParams "github.com/checkmarx/ast-cli/internal/params" + "github.com/google/uuid" "github.com/spf13/viper" + "os/exec" ) // IContainerManager interface for container operations @@ -31,6 +29,10 @@ func (dm *ContainerManager) GenerateContainerID() string { } func (dm *ContainerManager) RunKicsContainer(engine, volumeMap string) error { + engine, err := engineNameResolution(engine) + if err != nil { + return err + } args := []string{ "run", "--rm", "-v", volumeMap, @@ -41,18 +43,7 @@ func (dm *ContainerManager) RunKicsContainer(engine, volumeMap string) error { "-o", ContainerPath, "--report-formats", ContainerFormat, } + _, err = exec.Command(engine, args...).CombinedOutput() - _, err := exec.Command(engine, args...).CombinedOutput() - - var msg string - if err != nil { - msg = err.Error() - if strings.Contains(msg, util.InvalidEngineError) { - enginePath, err := checkEnginePresentInPath(engine) - if err != nil { - _, err = exec.Command(enginePath, args...).CombinedOutput() - } - } - } return err } diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime.go b/internal/services/realtimeengine/iacrealtime/iac-realtime.go index 155ea482d..98c45991b 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime.go @@ -7,6 +7,7 @@ import ( "github.com/checkmarx/ast-cli/internal/services/realtimeengine" "github.com/checkmarx/ast-cli/internal/wrappers" "os" + "os/exec" "path/filepath" ) @@ -137,11 +138,15 @@ func (svc *IacRealtimeService) validateFilePath(filePath string) error { return nil } -func checkEnginePresentInPath(engineName string) (string, error) { +func engineNameResolution(engineName string) (string, error) { + if _, err := exec.LookPath(engineName); err == nil { + return engineName, nil + } + fallbackPath := filepath.Join("/usr/local/bin", engineName) info, err := os.Stat(fallbackPath) if err == nil && !info.IsDir() { return fallbackPath, nil } - return "", fmt.Errorf(engineName + " not found in PATH or /usr/local/bin") + return "", fmt.Errorf(engineName + " not found in PATH or in /usr/local/bin") } From ae0d16538e34004a06c453663c15aa40de9a7df1 Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Mon, 12 Jan 2026 13:12:23 +0530 Subject: [PATCH 03/10] - Go Lint fixed issues --- .../services/realtimeengine/iacrealtime/constants.go | 1 + .../realtimeengine/iacrealtime/container-manager.go | 3 ++- .../services/realtimeengine/iacrealtime/iac-realtime.go | 9 +++++---- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/internal/services/realtimeengine/iacrealtime/constants.go b/internal/services/realtimeengine/iacrealtime/constants.go index e0947f4fb..5d8c1f449 100644 --- a/internal/services/realtimeengine/iacrealtime/constants.go +++ b/internal/services/realtimeengine/iacrealtime/constants.go @@ -7,6 +7,7 @@ const ( KicsContainerPrefix = "cli-iac-realtime-" ContainerResultsFileName = "results.json" InfoSeverity = "info" + IacEnginePath = "/usr/local/bin" ) var KicsErrorCodes = []string{"60", "50", "40", "30", "20"} diff --git a/internal/services/realtimeengine/iacrealtime/container-manager.go b/internal/services/realtimeengine/iacrealtime/container-manager.go index 36d6e4fbf..028e86766 100644 --- a/internal/services/realtimeengine/iacrealtime/container-manager.go +++ b/internal/services/realtimeengine/iacrealtime/container-manager.go @@ -1,11 +1,12 @@ package iacrealtime import ( + "os/exec" + "github.com/checkmarx/ast-cli/internal/commands/util" commonParams "github.com/checkmarx/ast-cli/internal/params" "github.com/google/uuid" "github.com/spf13/viper" - "os/exec" ) // IContainerManager interface for container operations diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime.go b/internal/services/realtimeengine/iacrealtime/iac-realtime.go index 98c45991b..8e7fdfeab 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime.go @@ -3,12 +3,14 @@ package iacrealtime import ( "encoding/json" "fmt" - errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" "github.com/checkmarx/ast-cli/internal/services/realtimeengine" "github.com/checkmarx/ast-cli/internal/wrappers" + "github.com/pkg/errors" "os" "os/exec" "path/filepath" + + errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" ) type IacRealtimeService struct { @@ -142,11 +144,10 @@ func engineNameResolution(engineName string) (string, error) { if _, err := exec.LookPath(engineName); err == nil { return engineName, nil } - - fallbackPath := filepath.Join("/usr/local/bin", engineName) + fallbackPath := filepath.Join(IacEnginePath, engineName) info, err := os.Stat(fallbackPath) if err == nil && !info.IsDir() { return fallbackPath, nil } - return "", fmt.Errorf(engineName + " not found in PATH or in /usr/local/bin") + return "", errors.New(engineName + " not found in PATH or in " + IacEnginePath) } From 87ac0e63c3937d1e59d0fbf7eb8443f5551c971c Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Mon, 12 Jan 2026 14:23:16 +0530 Subject: [PATCH 04/10] - Fixed another issue of lint --- internal/services/realtimeengine/iacrealtime/iac-realtime.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime.go b/internal/services/realtimeengine/iacrealtime/iac-realtime.go index 8e7fdfeab..29686e5d6 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime.go @@ -3,13 +3,14 @@ package iacrealtime import ( "encoding/json" "fmt" - "github.com/checkmarx/ast-cli/internal/services/realtimeengine" "github.com/checkmarx/ast-cli/internal/wrappers" "github.com/pkg/errors" "os" "os/exec" "path/filepath" + "github.com/checkmarx/ast-cli/internal/services/realtimeengine" + errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" ) From 07f3e3362c41d56cc537f789a021d8d43a5e88a5 Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Mon, 12 Jan 2026 14:29:15 +0530 Subject: [PATCH 05/10] - Fixed another issue of lint --- internal/services/realtimeengine/iacrealtime/iac-realtime.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime.go b/internal/services/realtimeengine/iacrealtime/iac-realtime.go index 29686e5d6..39a29cd72 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime.go @@ -3,13 +3,13 @@ package iacrealtime import ( "encoding/json" "fmt" - "github.com/checkmarx/ast-cli/internal/wrappers" - "github.com/pkg/errors" "os" "os/exec" "path/filepath" "github.com/checkmarx/ast-cli/internal/services/realtimeengine" + "github.com/checkmarx/ast-cli/internal/wrappers" + "github.com/pkg/errors" errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" ) From 31d8eff9c2e750e4eee86907023fe5a372baba50 Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Wed, 14 Jan 2026 16:12:46 +0530 Subject: [PATCH 06/10] - Added unit and integration tests --- .../iacrealtime/container-manager.go | 2 +- .../iacrealtime/container-manager_test.go | 7 ++ .../iacrealtime/iac-realtime.go | 4 +- .../iacrealtime/iac-realtime_test.go | 67 +++++++++++++++++++ test/integration/iac-realtime_test.go | 43 ++++++++++++ 5 files changed, 120 insertions(+), 3 deletions(-) diff --git a/internal/services/realtimeengine/iacrealtime/container-manager.go b/internal/services/realtimeengine/iacrealtime/container-manager.go index 028e86766..f42b8c870 100644 --- a/internal/services/realtimeengine/iacrealtime/container-manager.go +++ b/internal/services/realtimeengine/iacrealtime/container-manager.go @@ -30,7 +30,7 @@ func (dm *ContainerManager) GenerateContainerID() string { } func (dm *ContainerManager) RunKicsContainer(engine, volumeMap string) error { - engine, err := engineNameResolution(engine) + engine, err := engineNameResolution(engine, IacEnginePath) if err != nil { return err } diff --git a/internal/services/realtimeengine/iacrealtime/container-manager_test.go b/internal/services/realtimeengine/iacrealtime/container-manager_test.go index 037f2aaa6..f1d93ace6 100644 --- a/internal/services/realtimeengine/iacrealtime/container-manager_test.go +++ b/internal/services/realtimeengine/iacrealtime/container-manager_test.go @@ -176,6 +176,13 @@ func TestMockContainerManager_RunKicsContainer(t *testing.T) { volumeMap: "/tmp/test:/path", expectErr: false, // Mock doesn't validate parameters }, + { + name: "FallBack engine Path verification", + engine: "/usr/local/bin/docker", + volumeMap: "/tmp/test:/path", + expectErr: false, // Mock doesn't validate parameters + + }, } for _, tt := range tests { diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime.go b/internal/services/realtimeengine/iacrealtime/iac-realtime.go index 39a29cd72..94468c3f1 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime.go @@ -141,11 +141,11 @@ func (svc *IacRealtimeService) validateFilePath(filePath string) error { return nil } -func engineNameResolution(engineName string) (string, error) { +func engineNameResolution(engineName string, fallBackDir string) (string, error) { if _, err := exec.LookPath(engineName); err == nil { return engineName, nil } - fallbackPath := filepath.Join(IacEnginePath, engineName) + fallbackPath := filepath.Join(fallBackDir, engineName) info, err := os.Stat(fallbackPath) if err == nil && !info.IsDir() { return fallbackPath, nil diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go b/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go index 562726d37..9d6a6c9d7 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go @@ -3,6 +3,7 @@ package iacrealtime import ( "os" "path/filepath" + "runtime" "testing" commonParams "github.com/checkmarx/ast-cli/internal/params" @@ -448,3 +449,69 @@ func TestFilterIgnoredFindings_WithOneIgnored(t *testing.T) { t.Errorf("Unexpected result after filtering: got %s, expected 'Memory Not Limited'", filtered[0].Title) } } + +func createExecutable(t *testing.T, tempDir string, name string) string { + t.Helper() + path := filepath.Join(tempDir, name) + if runtime.GOOS == "windows" { + path += ".exe" + } + + err := os.WriteFile(path, []byte("#!/bin/sh\necho test"), 0755) + if err != nil { + t.Fatalf("failed to create executable: %v", err) + } + return filepath.Base(path) + +} + +func TestEngineName_Resolution_FoundInPATH(t *testing.T) { + tmpDir := t.TempDir() + engineName := createExecutable(t, tmpDir, "docker") + previousPath := os.Getenv("PATH") + + err := os.Setenv("PATH", tmpDir+string(os.PathListSeparator)+previousPath) + if err != nil { + t.Fatalf("Failed to set the PATH in env") + } + defer func(key, value string) { + err := os.Setenv(key, value) + if err != nil { + + } + }("PATH", previousPath) + + res, err := engineNameResolution(engineName, IacEnginePath) + if err != nil || res != engineName { + t.Fatalf("Expected enginename in return , got %v , err %d", res, err) + } +} + +func TestEngineName_Resolution_check_fallBackPath(t *testing.T) { + testPath := IacEnginePath + testFile := filepath.Join(testPath, "docker") + + err := os.WriteFile(testFile, []byte("#!/bin/sh\necho test"), 0755) + if err != nil { + t.Skipf("skippin test , cannot write the file %s", err) + } + + defer func() { + _ = os.Remove(testFile) + }() + oldPATH := os.Getenv("PATH") + defer func() { + _ = os.Setenv("PATH", oldPATH) + }() + _ = os.Setenv("PATH", "") + result, err := engineNameResolution("docker", IacEnginePath) + if err != nil { + t.Fatalf("expected no error, got %v", err) + } + + expected := filepath.Join(IacEnginePath, "docker") + if result != expected { + t.Fatalf("expected %q, got %q", expected, result) + } + +} diff --git a/test/integration/iac-realtime_test.go b/test/integration/iac-realtime_test.go index 705655030..741a9c5d4 100644 --- a/test/integration/iac-realtime_test.go +++ b/test/integration/iac-realtime_test.go @@ -258,4 +258,47 @@ func TestIacRealtimeScan_ResultsValidation_DetailedCheck(t *testing.T) { "EndIndex should be >= StartIndex") } } + +} + +func TestEngineNameResolution_engine_NotFound(t *testing.T) { + oldPath := os.Getenv("PATH") + t.Cleanup(func() { + _ = os.Setenv("PATH", oldPath) + }) + _ = os.Setenv("PATH", "") + + args := []string{ + "scan", "iac-realtime", + flag(commonParams.SourcesFlag), "data/positive1.tf", + flag(commonParams.EngineFlag), "docker", + } + err, _ := executeCommand(t, args...) + + if err == nil { + t.Fatalf("expected error, got nil") + } + assert.NotNil(t, err, "docker executables not set in PATH or usr/local/bin") +} + +func TestEngineNameResolution_containerEngine_Found_inPATH_exists(t *testing.T) { + path := "/usr/local/bin" + testFile := filepath.Join(path, "docker.exe") + + err := os.WriteFile(testFile, []byte("#!/bin/sh\necho test"), 0755) + if err != nil { + t.Skipf("skipping test , cannot write the file %s", err) + } + defer func() { + _ = os.Remove(testFile) + }() + + args := []string{ + "scan", "iac-realtime", + flag(commonParams.SourcesFlag), "data/positive1.tf", + flag(commonParams.EngineFlag), "docker", + } + err, _ = executeCommand(t, args...) + + assert.Nil(t, err, "docker executables are found in PATH or usr/local/bin") } From ecb2dd451b56ac1949aa0ebc5c803aa8bb66b8d9 Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Wed, 14 Jan 2026 16:25:00 +0530 Subject: [PATCH 07/10] - Fixed new lint issue --- .../services/realtimeengine/iacrealtime/iac-realtime.go | 2 +- .../realtimeengine/iacrealtime/iac-realtime_test.go | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime.go b/internal/services/realtimeengine/iacrealtime/iac-realtime.go index 94468c3f1..a0590e452 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime.go @@ -141,7 +141,7 @@ func (svc *IacRealtimeService) validateFilePath(filePath string) error { return nil } -func engineNameResolution(engineName string, fallBackDir string) (string, error) { +func engineNameResolution(engineName, fallBackDir string) (string, error) { if _, err := exec.LookPath(engineName); err == nil { return engineName, nil } diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go b/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go index 9d6a6c9d7..59dba9cbf 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go @@ -450,7 +450,7 @@ func TestFilterIgnoredFindings_WithOneIgnored(t *testing.T) { } } -func createExecutable(t *testing.T, tempDir string, name string) string { +func createExecutable(t *testing.T, tempDir, name string) string { t.Helper() path := filepath.Join(tempDir, name) if runtime.GOOS == "windows" { @@ -462,7 +462,6 @@ func createExecutable(t *testing.T, tempDir string, name string) string { t.Fatalf("failed to create executable: %v", err) } return filepath.Base(path) - } func TestEngineName_Resolution_FoundInPATH(t *testing.T) { @@ -475,10 +474,8 @@ func TestEngineName_Resolution_FoundInPATH(t *testing.T) { t.Fatalf("Failed to set the PATH in env") } defer func(key, value string) { - err := os.Setenv(key, value) - if err != nil { + _ = os.Setenv(key, value) - } }("PATH", previousPath) res, err := engineNameResolution(engineName, IacEnginePath) From 73039584b2bbcf0e06e334b1fe67f77cbc858350 Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Wed, 14 Jan 2026 16:30:28 +0530 Subject: [PATCH 08/10] - Fixed new lint issue --- .../realtimeengine/iacrealtime/iac-realtime_test.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go b/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go index 59dba9cbf..eec075baa 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go @@ -473,11 +473,9 @@ func TestEngineName_Resolution_FoundInPATH(t *testing.T) { if err != nil { t.Fatalf("Failed to set the PATH in env") } - defer func(key, value string) { - _ = os.Setenv(key, value) - - }("PATH", previousPath) - + defer func() { + _ = os.Setenv("PATH", previousPath) + }() res, err := engineNameResolution(engineName, IacEnginePath) if err != nil || res != engineName { t.Fatalf("Expected enginename in return , got %v , err %d", res, err) @@ -510,5 +508,4 @@ func TestEngineName_Resolution_check_fallBackPath(t *testing.T) { if result != expected { t.Fatalf("expected %q, got %q", expected, result) } - } From eabe9fdf83782794a5251bef6347b9a01b05fab2 Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Thu, 15 Jan 2026 12:34:31 +0530 Subject: [PATCH 09/10] - Added check for windows OS --- .../realtimeengine/iacrealtime/iac-realtime.go | 15 ++++++++++++++- .../iacrealtime/iac-realtime_test.go | 17 +++++++++-------- test/integration/iac-realtime_test.go | 9 +++++++++ 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime.go b/internal/services/realtimeengine/iacrealtime/iac-realtime.go index a0590e452..17f46ffb2 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime.go @@ -6,6 +6,7 @@ import ( "os" "os/exec" "path/filepath" + "runtime" "github.com/checkmarx/ast-cli/internal/services/realtimeengine" "github.com/checkmarx/ast-cli/internal/wrappers" @@ -14,6 +15,10 @@ import ( errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" ) +const ( + osWindows = "windows" +) + type IacRealtimeService struct { JwtWrapper wrappers.JWTWrapper FeatureFlagWrapper wrappers.FeatureFlagsWrapper @@ -142,9 +147,13 @@ func (svc *IacRealtimeService) validateFilePath(filePath string) error { } func engineNameResolution(engineName, fallBackDir string) (string, error) { - if _, err := exec.LookPath(engineName); err == nil { + var err error + if _, err = exec.LookPath(engineName); err == nil { return engineName, nil } + if err != nil && getOS() == osWindows { + return "", errors.New(engineName + ": executable file not found in PATH") + } fallbackPath := filepath.Join(fallBackDir, engineName) info, err := os.Stat(fallbackPath) if err == nil && !info.IsDir() { @@ -152,3 +161,7 @@ func engineNameResolution(engineName, fallBackDir string) (string, error) { } return "", errors.New(engineName + " not found in PATH or in " + IacEnginePath) } + +var getOS = func() string { + return runtime.GOOS +} diff --git a/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go b/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go index eec075baa..1ce51c145 100644 --- a/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go +++ b/internal/services/realtimeengine/iacrealtime/iac-realtime_test.go @@ -482,23 +482,24 @@ func TestEngineName_Resolution_FoundInPATH(t *testing.T) { } } -func TestEngineName_Resolution_check_fallBackPath(t *testing.T) { +func TestEngineName_Resolution_check_fallBackPath_for_MAC_Linux(t *testing.T) { + origGOOS := getOS + defer func() { getOS = origGOOS }() + getOS = func() string { return "darwin" } // or "linux" + testPath := IacEnginePath testFile := filepath.Join(testPath, "docker") err := os.WriteFile(testFile, []byte("#!/bin/sh\necho test"), 0755) if err != nil { - t.Skipf("skippin test , cannot write the file %s", err) + t.Skipf("skipping test, cannot write file: %v", err) } + defer func() { _ = os.Remove(testFile) }() - defer func() { - _ = os.Remove(testFile) - }() oldPATH := os.Getenv("PATH") - defer func() { - _ = os.Setenv("PATH", oldPATH) - }() + defer func() { _ = os.Setenv("PATH", oldPATH) }() _ = os.Setenv("PATH", "") + result, err := engineNameResolution("docker", IacEnginePath) if err != nil { t.Fatalf("expected no error, got %v", err) diff --git a/test/integration/iac-realtime_test.go b/test/integration/iac-realtime_test.go index 741a9c5d4..612c3178c 100644 --- a/test/integration/iac-realtime_test.go +++ b/test/integration/iac-realtime_test.go @@ -6,6 +6,7 @@ import ( "encoding/json" "os" "path/filepath" + "runtime" "testing" commonParams "github.com/checkmarx/ast-cli/internal/params" @@ -282,6 +283,14 @@ func TestEngineNameResolution_engine_NotFound(t *testing.T) { } func TestEngineNameResolution_containerEngine_Found_inPATH_exists(t *testing.T) { + if runtime.GOOS == "windows" { + t.Skip("Skipping test on windows") + } + oldPath := os.Getenv("PATH") + t.Cleanup(func() { + _ = os.Setenv("PATH", oldPath) + }) + _ = os.Setenv("PATH", "/usr/local/bin:"+os.Getenv("PATH")) path := "/usr/local/bin" testFile := filepath.Join(path, "docker.exe") From 1b64b6248c419a0c379c97c43339db43275c61e1 Mon Sep 17 00:00:00 2001 From: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com> Date: Thu, 15 Jan 2026 14:11:39 +0530 Subject: [PATCH 10/10] - Fixed SCA vulnerability --- internal/commands/data/manifests/requirements.txt | 1 + test/integration/data/manifests/requirements.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/internal/commands/data/manifests/requirements.txt b/internal/commands/data/manifests/requirements.txt index 9e27501c6..9f6f443a3 100644 --- a/internal/commands/data/manifests/requirements.txt +++ b/internal/commands/data/manifests/requirements.txt @@ -52,6 +52,7 @@ tzdata==2025.1 # Exact version flask==3.1.2 +werkzeug>=3.0.6 # Range: greater than or equal and less than diff --git a/test/integration/data/manifests/requirements.txt b/test/integration/data/manifests/requirements.txt index 7ee12e2f8..bc288b7a6 100644 --- a/test/integration/data/manifests/requirements.txt +++ b/test/integration/data/manifests/requirements.txt @@ -52,6 +52,7 @@ tzdata==2025.1 # Exact version flask==3.1.2 +werkzeug>=3.0.6 # Range: greater than or equal and less than