Allow optional license reporting of scan report

Author: pvdz

src/commands/scan/cmd-scan-report.test.ts

@@ -24,17 +24,17 @@ describe('socket scan report', async () => {
             $ socket scan report <org slug> <scan ID> [path to output file]
 
           API Token Requirements
-            - Quota: 3 units
+            - Quota: 2 units
             - Permissions: full-scans:list security-policy:read
 
           Options
             --dryRun          Do input validation for a command and exit 0 when input is ok
             --fold            Fold reported alerts to some degree
             --help            Print this help
             --json            Output result as json
+            --license         Also report the license policy status. Default: false
             --markdown        Output result as markdown
             --reportLevel     Which policy level alerts should be reported
-            --security        Report the security policy status. Default: true
             --short           Report only the healthy status
 
           By default the result is a nested object that looks like this:
@@ -47,7 +47,8 @@ describe('socket scan report', async () => {
           Short responses: JSON: \`{healthy:bool}\`, markdown: \`healthy = bool\`, text: \`OK/ERR\`
 
           Examples
-            $ socket scan report FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 --json --fold=version"
+            $ socket scan report FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 --json --fold=version
+            $ socket scan report FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 --license --markdown --short"
       `
       )
       expect(`\n   ${stderr}`).toMatchInlineSnapshot(`

src/commands/scan/cmd-scan-report.ts

@@ -39,23 +39,18 @@ const config: CliCommandConfig = {
       default: false,
       description: 'Report only the healthy status'
     },
-    // license: {
-    //   type: 'boolean',
-    //   default: true,
-    //   description: 'Report the license policy status. Default: true'
-    // },
-    security: {
+    license: {
       type: 'boolean',
-      default: true,
-      description: 'Report the security policy status. Default: true'
+      default: false,
+      description: 'Also report the license policy status. Default: false'
     }
   },
   help: (command, config) => `
     Usage
       $ ${command} <org slug> <scan ID> [path to output file]
 
     API Token Requirements
-      - Quota: 3 units
+      - Quota: 2 units
       - Permissions: full-scans:list security-policy:read
 
     Options
@@ -72,6 +67,7 @@ const config: CliCommandConfig = {
 
     Examples
       $ ${command} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 --json --fold=version
+      $ ${command} FakeOrg 000aaaa1-0000-0a0a-00a0-00a0000000a0 --license --markdown --short
   `
 }
 
@@ -96,10 +92,9 @@ async function run(
   const {
     fold = 'none',
     json,
-    // license,
+    license,
     markdown,
-    reportLevel = 'warn',
-    security
+    reportLevel = 'warn'
   } = cli.flags
 
   const defaultOrgSlug = getConfigValue('defaultOrg')
@@ -150,8 +145,7 @@ async function run(
   await handleScanReport({
     orgSlug,
     scanId: scanId,
-    includeLicensePolicy: false, // !!license,
-    includeSecurityPolicy: typeof security === 'boolean' ? security : true,
+    includeLicensePolicy: !!license,
     outputKind: json ? 'json' : markdown ? 'markdown' : 'text',
     filePath: file,
     fold: fold as 'none' | 'file' | 'pkg' | 'version',

src/commands/scan/fetch-report-data.ts

@@ -15,24 +15,20 @@ import type { components } from '@socketsecurity/sdk/types/api'
 /**
  * This fetches all the relevant pieces of data to generate a report, given a
  * full scan ID.
- * It can optionally only fetch the security or license side of things.
  */
 export async function fetchReportData(
   orgSlug: string,
   scanId: string,
-  // includeLicensePolicy: boolean,
-  includeSecurityPolicy: boolean
+  includeLicensePolicy: boolean
 ): Promise<
   | {
       ok: true
       scan: Array<components['schemas']['SocketArtifact']>
-      // licensePolicy: undefined | SocketSdkReturnType<'getOrgSecurityPolicy'>
       securityPolicy: undefined | SocketSdkReturnType<'getOrgSecurityPolicy'>
     }
   | {
       ok: false
       scan: undefined
-      // licensePolicy: undefined
       securityPolicy: undefined
     }
 > {
@@ -46,7 +42,6 @@ export async function fetchReportData(
   const sockSdk = await setupSdk(apiToken)
 
   let haveScan = false
-  // let haveLicensePolicy = false
   let haveSecurityPolicy = false
 
   // Lazily access constants.spinner.
@@ -55,54 +50,32 @@ export async function fetchReportData(
   function updateProgress() {
     const needs = [
       !haveScan ? 'scan' : undefined,
-      // includeLicensePolicy && !haveLicensePolicy ? 'license policy' : undefined,
-      includeSecurityPolicy && !haveSecurityPolicy
-        ? 'security policy'
-        : undefined
+      !haveSecurityPolicy ? 'security policy' : undefined
     ].filter(Boolean)
-    if (needs.length > 2) {
-      // .toOxford()
-      needs[needs.length - 1] = `and ${needs[needs.length - 1]}`
-    }
     const haves = [
       haveScan ? 'scan' : undefined,
-      // includeLicensePolicy && haveLicensePolicy ? 'license policy' : undefined,
-      includeSecurityPolicy && haveSecurityPolicy
-        ? 'security policy'
-        : undefined
+      haveSecurityPolicy ? 'security policy' : undefined
     ].filter(Boolean)
-    if (haves.length > 2) {
-      // .toOxford()
-      haves[haves.length - 1] = `and ${haves[haves.length - 1]}`
-    }
 
     if (needs.length) {
       spinner.start(
-        `Fetching ${needs.join(needs.length > 2 ? ', ' : ' and ')}...${haves.length ? ` Completed fetching ${haves.join(haves.length > 2 ? ', ' : ' and ')}.` : ''}`
+        `Fetching ${needs.join(' and ')}...${haves.length ? ` Completed fetching ${haves.join(' and ')}.` : ''}`
       )
     } else {
-      spinner.successAndStop(
-        `Completed fetching ${haves.join(haves.length > 2 ? ', ' : ' and ')}.`
-      )
+      spinner.successAndStop(`Completed fetching ${haves.join(' and ')}.`)
     }
   }
 
   updateProgress()
 
-  // @ts-ignore
-  const [
-    scan,
-    // licensePolicyMaybe,
-    securityPolicyMaybe
-  ]: [
+  const [scan, securityPolicyMaybe]: [
     undefined | Array<components['schemas']['SocketArtifact']>,
-    // undefined | SocketSdkResultType<'getOrgSecurityPolicy'>,
-    undefined | SocketSdkResultType<'getOrgSecurityPolicy'>
+    SocketSdkResultType<'getOrgSecurityPolicy'>
   ] = await Promise.all([
     (async () => {
       try {
         const response = await queryApi(
-          `orgs/${orgSlug}/full-scans/${encodeURIComponent(scanId)}`,
+          `orgs/${orgSlug}/full-scans/${encodeURIComponent(scanId)}${includeLicensePolicy ? '?include_license_details=true' : ''}`,
           apiToken
         )
 
@@ -138,26 +111,12 @@ export async function fetchReportData(
         throw e
       }
     })(),
-    // includeLicensePolicy &&
-    //   (async () => {
-    //     const r = await sockSdk.getOrgSecurityPolicy(orgSlug)
-    //     haveLicensePolicy = true
-    //     updateProgress()
-    //     return await handleApiCall(
-    //       r,
-    //       "looking up organization's license policy"
-    //     )
-    //   })(),
-    includeSecurityPolicy &&
-      (async () => {
-        const r = await sockSdk.getOrgSecurityPolicy(orgSlug)
-        haveSecurityPolicy = true
-        updateProgress()
-        return await handleApiCall(
-          r,
-          "looking up organization's security policy"
-        )
-      })()
+    (async () => {
+      const r = await sockSdk.getOrgSecurityPolicy(orgSlug)
+      haveSecurityPolicy = true
+      updateProgress()
+      return await handleApiCall(r, "looking up organization's security policy")
+    })()
   ]).finally(() => spinner.stop())
 
   if (!Array.isArray(scan)) {
@@ -166,50 +125,27 @@ export async function fetchReportData(
     return {
       ok: false,
       scan: undefined,
-      // licensePolicy: undefined,
       securityPolicy: undefined
     }
   }
 
-  // // Note: security->license once the api ships in the sdk
-  // let licensePolicy: undefined | SocketSdkReturnType<'getOrgSecurityPolicy'> =
-  //   undefined
-  // if (includeLicensePolicy) {
-  //   if (licensePolicyMaybe && licensePolicyMaybe.success) {
-  //     licensePolicy = licensePolicyMaybe
-  //   } else {
-  //     logger.error('Was unable to fetch license policy, bailing')
-  //     process.exitCode = 1
-  //     return {
-  //       ok: false,
-  //       scan: undefined,
-  //       licensePolicy: undefined,
-  //       securityPolicy: undefined
-  //     }
-  //   }
-  // }
-
   let securityPolicy: undefined | SocketSdkReturnType<'getOrgSecurityPolicy'> =
     undefined
-  if (includeSecurityPolicy) {
-    if (securityPolicyMaybe && securityPolicyMaybe.success) {
-      securityPolicy = securityPolicyMaybe
-    } else {
-      logger.error('Was unable to fetch security policy, bailing')
-      process.exitCode = 1
-      return {
-        ok: false,
-        scan: undefined,
-        // licensePolicy: undefined,
-        securityPolicy: undefined
-      }
+  if (securityPolicyMaybe && securityPolicyMaybe.success) {
+    securityPolicy = securityPolicyMaybe
+  } else {
+    logger.error('Was unable to fetch security policy, bailing')
+    process.exitCode = 1
+    return {
+      ok: false,
+      scan: undefined,
+      securityPolicy: undefined
     }
   }
 
   return {
     ok: true,
     scan,
-    // licensePolicy,
     securityPolicy
   }
 }