sap-jenkins-library/vars/protecodeExecuteScan.groovy

import com.sap.piper.JenkinsUtils
import com.sap.piper.MapUtils
import com.sap.piper.PiperGoUtils
import com.sap.piper.Utils
import groovy.transform.Field

import static com.sap.piper.Prerequisites.checkScript

@Field String STEP_NAME = getClass().getName()
@Field String METADATA_FILE = 'metadata/protecode.yaml'

/**
 * Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family. You can find more details on its capabilities in the [OS3 - Open Source Software Security JAM](https://jam4.sapjam.com/groups/XgeUs0CXItfeWyuI4k7lM3/overview_page/aoAsA0k4TbezGFyOkhsXFs). For getting access to Protecode please visit the [guide](https://go.sap.corp/protecode).
 */
void call(Map parameters = [:]) {
    handlePipelineStepErrors (stepName: STEP_NAME, stepParameters: parameters,  failOnError: true) {
        def script = checkScript(this, parameters) ?: this
        def utils = parameters.juStabUtils ?: new Utils()
        parameters.juStabUtils = null
        def jenkinsUtils = parameters.jenkinsUtilsStub ?: new JenkinsUtils()
        parameters.jenkinsUtilsStub = null

        new PiperGoUtils(this, utils).unstashPiperBin()
        utils.unstash('pipelineConfigAndTests')

        writeFile(file: ".pipeline/tmp/${METADATA_FILE}", text: libraryResource(METADATA_FILE))

        withEnv([
            "PIPER_parametersJSON=${getParametersJSON(parameters)}",
        ]) {
            // get context configuration
            Map config = readJSON (text: sh(returnStdout: true, script: "./piper getConfig --contextConfig --stepMetadata '.pipeline/tmp/${METADATA_FILE}'"))

            def creds = []
            if (config.protecodeCredentialsId) creds.add(usernamePassword(credentialsId: config.protecodeCredentialsId, passwordVariable: 'PIPER_password', usernameVariable: 'PIPER_username'))
            if (config.dockerCredentialsId) creds.add(file(credentialsId: config.dockerCredentialsId, variable: 'DOCKER_CONFIG'))

            // execute step
            try {
                withCredentials(creds) {
                    sh "./piper protecodeExecuteScan"
                }
            } finally {
                jenkinsUtils.handleStepResults(STEP_NAME, false, false)
            }
        }
    }
}

String getParametersJSON(Map parameters = [:]){
    Map stepParameters = [:].plus(parameters)
    // Remove script parameter etc.
    stepParameters.remove('script')
    stepParameters.remove('juStabUtils')
    stepParameters.remove('jenkinsUtilsStub')
    // When converting to JSON and back again, entries which had a 'null' value will now have a value
    // of type 'net.sf.json.JSONNull', for which the Groovy Truth resolves to 'true' in for example if-conditions
    stepParameters = MapUtils.pruneNulls(stepParameters)
    return groovy.json.JsonOutput.toJson(stepParameters)
}
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00			`import com.sap.piper.JenkinsUtils`
fix: prevent script to json conversion (#1495) * prevent script to json conversion * use piperExecuteBin * correct imports * fix trailing spaces 2020-05-05 15:21:59 +02:00			`import com.sap.piper.MapUtils`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00			`import com.sap.piper.PiperGoUtils`
			`import com.sap.piper.Utils`
			`import groovy.transform.Field`

			`import static com.sap.piper.Prerequisites.checkScript`

			`@Field String STEP_NAME = getClass().getName()`
			`@Field String METADATA_FILE = 'metadata/protecode.yaml'`

			`/**`
			`* Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family. You can find more details on its capabilities in the [OS3 - Open Source Software Security JAM](https://jam4.sapjam.com/groups/XgeUs0CXItfeWyuI4k7lM3/overview_page/aoAsA0k4TbezGFyOkhsXFs). For getting access to Protecode please visit the [guide](https://go.sap.corp/protecode).`
			`*/`
			`void call(Map parameters = [:]) {`
			`handlePipelineStepErrors (stepName: STEP_NAME, stepParameters: parameters, failOnError: true) {`
			`def script = checkScript(this, parameters) ?: this`
			`def utils = parameters.juStabUtils ?: new Utils()`
fix: prevent script to json conversion (#1495) * prevent script to json conversion * use piperExecuteBin * correct imports * fix trailing spaces 2020-05-05 15:21:59 +02:00			`parameters.juStabUtils = null`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00			`def jenkinsUtils = parameters.jenkinsUtilsStub ?: new JenkinsUtils()`
fix: prevent script to json conversion (#1495) * prevent script to json conversion * use piperExecuteBin * correct imports * fix trailing spaces 2020-05-05 15:21:59 +02:00			`parameters.jenkinsUtilsStub = null`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00
			`new PiperGoUtils(this, utils).unstashPiperBin()`
			`utils.unstash('pipelineConfigAndTests')`

fix: prevent script to json conversion (#1495) * prevent script to json conversion * use piperExecuteBin * correct imports * fix trailing spaces 2020-05-05 15:21:59 +02:00			`writeFile(file: ".pipeline/tmp/${METADATA_FILE}", text: libraryResource(METADATA_FILE))`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00
			`withEnv([`
fix: prevent script to json conversion (#1495) * prevent script to json conversion * use piperExecuteBin * correct imports * fix trailing spaces 2020-05-05 15:21:59 +02:00			`"PIPER_parametersJSON=${getParametersJSON(parameters)}",`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00			`]) {`
			`// get context configuration`
fix: prevent script to json conversion (#1495) * prevent script to json conversion * use piperExecuteBin * correct imports * fix trailing spaces 2020-05-05 15:21:59 +02:00			`Map config = readJSON (text: sh(returnStdout: true, script: "./piper getConfig --contextConfig --stepMetadata '.pipeline/tmp/${METADATA_FILE}'"))`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00
			`def creds = []`
fix(protecode): provide correct username value (#1500) leftover of #1426 2020-05-04 16:50:17 +02:00			`if (config.protecodeCredentialsId) creds.add(usernamePassword(credentialsId: config.protecodeCredentialsId, passwordVariable: 'PIPER_password', usernameVariable: 'PIPER_username'))`
refactor(protecode): handle DOCKER_CONFIG in go (#1502) * handle DOCKER_CONFIG in go * cleanup * always use parent dir * take care of errors 2020-05-06 16:07:10 +02:00			`if (config.dockerCredentialsId) creds.add(file(credentialsId: config.dockerCredentialsId, variable: 'DOCKER_CONFIG'))`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00
			`// execute step`
refactor(protecode): handle reports inside go (#1891) * publish artifacts * publish project report link * archive scan report * fix typo * remove obsolete reading iof result file * publish sidebar link Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> 2020-08-07 13:03:38 +02:00			`try {`
			`withCredentials(creds) {`
			`sh "./piper protecodeExecuteScan"`
			`}`
			`} finally {`
			`jenkinsUtils.handleStepResults(STEP_NAME, false, false)`
Protecode as GoLang (#1119) * Protecode as go implementation Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2020-02-06 17:16:34 +02:00			`}`
			`}`
			`}`
			`}`

fix: prevent script to json conversion (#1495) * prevent script to json conversion * use piperExecuteBin * correct imports * fix trailing spaces 2020-05-05 15:21:59 +02:00			`String getParametersJSON(Map parameters = [:]){`
			`Map stepParameters = [:].plus(parameters)`
			`// Remove script parameter etc.`
			`stepParameters.remove('script')`
			`stepParameters.remove('juStabUtils')`
			`stepParameters.remove('jenkinsUtilsStub')`
			`// When converting to JSON and back again, entries which had a 'null' value will now have a value`
			`// of type 'net.sf.json.JSONNull', for which the Groovy Truth resolves to 'true' in for example if-conditions`
			`stepParameters = MapUtils.pruneNulls(stepParameters)`
			`return groovy.json.JsonOutput.toJson(stepParameters)`
			`}`