2020-02-21 13:56:09 +02:00
// Code generated by piper's step-generator. DO NOT EDIT.
2020-02-06 17:16:34 +02:00
package cmd
import (
"fmt"
"os"
"path/filepath"
"time"
"github.com/SAP/jenkins-library/pkg/config"
"github.com/SAP/jenkins-library/pkg/log"
"github.com/SAP/jenkins-library/pkg/piperenv"
"github.com/SAP/jenkins-library/pkg/telemetry"
"github.com/spf13/cobra"
)
type protecodeExecuteScanOptions struct {
ExcludeCVEs string ` json:"excludeCVEs,omitempty" `
FailOnSevereVulnerabilities bool ` json:"failOnSevereVulnerabilities,omitempty" `
ScanImage string ` json:"scanImage,omitempty" `
DockerRegistryURL string ` json:"dockerRegistryUrl,omitempty" `
2020-08-12 14:57:11 +02:00
DockerConfigJSON string ` json:"dockerConfigJSON,omitempty" `
2020-02-06 17:16:34 +02:00
CleanupMode string ` json:"cleanupMode,omitempty" `
FilePath string ` json:"filePath,omitempty" `
IncludeLayers bool ` json:"includeLayers,omitempty" `
TimeoutMinutes string ` json:"timeoutMinutes,omitempty" `
ServerURL string ` json:"serverUrl,omitempty" `
ReportFileName string ` json:"reportFileName,omitempty" `
FetchURL string ` json:"fetchUrl,omitempty" `
Group string ` json:"group,omitempty" `
ReuseExisting bool ` json:"reuseExisting,omitempty" `
2020-04-20 16:44:01 +02:00
Username string ` json:"username,omitempty" `
2020-02-06 17:16:34 +02:00
Password string ` json:"password,omitempty" `
ArtifactVersion string ` json:"artifactVersion,omitempty" `
PullRequestName string ` json:"pullRequestName,omitempty" `
}
type protecodeExecuteScanInflux struct {
2020-02-07 15:12:40 +02:00
protecode_data struct {
2020-02-06 17:16:34 +02:00
fields struct {
2020-02-07 15:12:40 +02:00
historical_vulnerabilities string
triaged_vulnerabilities string
excluded_vulnerabilities string
minor_vulnerabilities string
major_vulnerabilities string
vulnerabilities string
2020-02-06 17:16:34 +02:00
}
tags struct {
}
}
}
func ( i * protecodeExecuteScanInflux ) persist ( path , resourceName string ) {
measurementContent := [ ] struct {
measurement string
valType string
name string
2020-10-05 15:33:28 +02:00
value interface { }
2020-02-06 17:16:34 +02:00
} {
2020-02-07 15:12:40 +02:00
{ valType : config . InfluxField , measurement : "protecode_data" , name : "historical_vulnerabilities" , value : i . protecode_data . fields . historical_vulnerabilities } ,
{ valType : config . InfluxField , measurement : "protecode_data" , name : "triaged_vulnerabilities" , value : i . protecode_data . fields . triaged_vulnerabilities } ,
{ valType : config . InfluxField , measurement : "protecode_data" , name : "excluded_vulnerabilities" , value : i . protecode_data . fields . excluded_vulnerabilities } ,
{ valType : config . InfluxField , measurement : "protecode_data" , name : "minor_vulnerabilities" , value : i . protecode_data . fields . minor_vulnerabilities } ,
{ valType : config . InfluxField , measurement : "protecode_data" , name : "major_vulnerabilities" , value : i . protecode_data . fields . major_vulnerabilities } ,
{ valType : config . InfluxField , measurement : "protecode_data" , name : "vulnerabilities" , value : i . protecode_data . fields . vulnerabilities } ,
2020-02-06 17:16:34 +02:00
}
errCount := 0
for _ , metric := range measurementContent {
err := piperenv . SetResourceParameter ( path , resourceName , filepath . Join ( metric . measurement , fmt . Sprintf ( "%vs" , metric . valType ) , metric . name ) , metric . value )
if err != nil {
log . Entry ( ) . WithError ( err ) . Error ( "Error persisting influx environment." )
errCount ++
}
}
if errCount > 0 {
2020-04-20 16:52:57 +02:00
log . Entry ( ) . Fatal ( "failed to persist Influx environment" )
2020-02-06 17:16:34 +02:00
}
}
2020-02-12 16:57:39 +02:00
// ProtecodeExecuteScanCommand Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family.
2020-02-06 17:16:34 +02:00
func ProtecodeExecuteScanCommand ( ) * cobra . Command {
2020-04-28 07:42:02 +02:00
const STEP_NAME = "protecodeExecuteScan"
2020-02-06 17:16:34 +02:00
metadata := protecodeExecuteScanMetadata ( )
var stepConfig protecodeExecuteScanOptions
var startTime time . Time
var influx protecodeExecuteScanInflux
var createProtecodeExecuteScanCmd = & cobra . Command {
2020-04-28 07:42:02 +02:00
Use : STEP_NAME ,
2020-02-12 16:57:39 +02:00
Short : "Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family." ,
Long : ` Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries . It can be used to scan docker images but is supports many other programming languages especially those of the C family .
2020-02-06 17:16:34 +02:00
! ! ! hint "Auditing findings (Triaging)"
Triaging is now supported by the Protecode backend and also Piper does consider this information during the analysis of the scan results though product versions are not supported by Protecode . Therefore please make sure that the ` + " ` " + `fileName` + " ` " + ` you are providing does either contain a stable version or that it does not contain one at all . By ensuring that you are able to triage CVEs globally on the upload file ' s name without affecting any other artifacts scanned in the same Protecode group and as such triaged vulnerabilities will be considered during the next scan and will not fail the build anymore . ` ,
2020-06-23 18:05:21 +02:00
PreRunE : func ( cmd * cobra . Command , _ [ ] string ) error {
2020-02-06 17:16:34 +02:00
startTime = time . Now ( )
2020-04-28 07:42:02 +02:00
log . SetStepName ( STEP_NAME )
2020-02-06 17:16:34 +02:00
log . SetVerbose ( GeneralConfig . Verbose )
2020-04-28 07:42:02 +02:00
path , _ := os . Getwd ( )
fatalHook := & log . FatalHook { CorrelationID : GeneralConfig . CorrelationID , Path : path }
log . RegisterHook ( fatalHook )
err := PrepareConfig ( cmd , & metadata , STEP_NAME , & stepConfig , config . OpenPiperFile )
2020-04-16 14:37:45 +02:00
if err != nil {
2020-06-24 10:04:05 +02:00
log . SetErrorCategory ( log . ErrorConfiguration )
2020-04-16 14:37:45 +02:00
return err
}
2020-08-12 14:57:11 +02:00
log . RegisterSecret ( stepConfig . DockerConfigJSON )
2020-04-20 16:44:01 +02:00
log . RegisterSecret ( stepConfig . Username )
2020-04-16 14:37:45 +02:00
log . RegisterSecret ( stepConfig . Password )
2020-05-05 08:36:24 +02:00
if len ( GeneralConfig . HookConfig . SentryConfig . Dsn ) > 0 {
sentryHook := log . NewSentryHook ( GeneralConfig . HookConfig . SentryConfig . Dsn , GeneralConfig . CorrelationID )
log . RegisterHook ( & sentryHook )
}
2020-04-16 14:37:45 +02:00
return nil
2020-02-06 17:16:34 +02:00
} ,
2020-06-23 18:05:21 +02:00
Run : func ( _ * cobra . Command , _ [ ] string ) {
2020-02-06 17:16:34 +02:00
telemetryData := telemetry . CustomData { }
telemetryData . ErrorCode = "1"
handler := func ( ) {
2020-10-26 15:20:04 +02:00
config . RemoveVaultSecretFiles ( )
2020-02-06 17:16:34 +02:00
influx . persist ( GeneralConfig . EnvRootPath , "influx" )
telemetryData . Duration = fmt . Sprintf ( "%v" , time . Since ( startTime ) . Milliseconds ( ) )
2020-09-29 13:49:40 +02:00
telemetryData . ErrorCategory = log . GetErrorCategory ( ) . String ( )
2020-02-06 17:16:34 +02:00
telemetry . Send ( & telemetryData )
}
log . DeferExitHandler ( handler )
defer handler ( )
2020-04-28 07:42:02 +02:00
telemetry . Initialize ( GeneralConfig . NoTelemetry , STEP_NAME )
2020-02-06 17:16:34 +02:00
protecodeExecuteScan ( stepConfig , & telemetryData , & influx )
telemetryData . ErrorCode = "0"
2020-05-18 21:52:54 +02:00
log . Entry ( ) . Info ( "SUCCESS" )
2020-02-06 17:16:34 +02:00
} ,
}
addProtecodeExecuteScanFlags ( createProtecodeExecuteScanCmd , & stepConfig )
return createProtecodeExecuteScanCmd
}
func addProtecodeExecuteScanFlags ( cmd * cobra . Command , stepConfig * protecodeExecuteScanOptions ) {
2020-09-17 21:05:03 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . ExcludeCVEs , "excludeCVEs" , ` ` , "DEPRECATED: Do use triaging within the Protecode UI instead" )
2020-02-06 17:16:34 +02:00
cmd . Flags ( ) . BoolVar ( & stepConfig . FailOnSevereVulnerabilities , "failOnSevereVulnerabilities" , true , "Whether to fail the job on severe vulnerabilties or not" )
cmd . Flags ( ) . StringVar ( & stepConfig . ScanImage , "scanImage" , os . Getenv ( "PIPER_scanImage" ) , "The reference to the docker image to scan with Protecode" )
cmd . Flags ( ) . StringVar ( & stepConfig . DockerRegistryURL , "dockerRegistryUrl" , os . Getenv ( "PIPER_dockerRegistryUrl" ) , "The reference to the docker registry to scan with Protecode" )
2020-08-12 14:57:11 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . DockerConfigJSON , "dockerConfigJSON" , os . Getenv ( "PIPER_dockerConfigJSON" ) , "Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/)." )
2020-05-25 19:48:59 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . CleanupMode , "cleanupMode" , ` binary ` , "Decides which parts are removed from the Protecode backend after the scan" )
2020-02-06 17:16:34 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . FilePath , "filePath" , os . Getenv ( "PIPER_filePath" ) , "The path to the file from local workspace to scan with Protecode" )
cmd . Flags ( ) . BoolVar ( & stepConfig . IncludeLayers , "includeLayers" , false , "Flag if the docker layers should be included" )
2020-05-25 19:48:59 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . TimeoutMinutes , "timeoutMinutes" , ` 60 ` , "The timeout to wait for the scan to finish" )
2020-02-06 17:16:34 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . ServerURL , "serverUrl" , os . Getenv ( "PIPER_serverUrl" ) , "The URL to the Protecode backend" )
2020-05-25 19:48:59 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . ReportFileName , "reportFileName" , ` protecode_report.pdf ` , "The file name of the report to be created" )
2020-02-06 17:16:34 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . FetchURL , "fetchUrl" , os . Getenv ( "PIPER_fetchUrl" ) , "The URL to fetch the file to scan with Protecode which must be accessible via public HTTP GET request" )
cmd . Flags ( ) . StringVar ( & stepConfig . Group , "group" , os . Getenv ( "PIPER_group" ) , "The Protecode group ID of your team" )
cmd . Flags ( ) . BoolVar ( & stepConfig . ReuseExisting , "reuseExisting" , false , "Whether to reuse an existing product instead of creating a new one" )
2020-04-20 16:44:01 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . Username , "username" , os . Getenv ( "PIPER_username" ) , "User which is used for the protecode scan" )
2020-02-06 17:16:34 +02:00
cmd . Flags ( ) . StringVar ( & stepConfig . Password , "password" , os . Getenv ( "PIPER_password" ) , "Password which is used for the user" )
cmd . Flags ( ) . StringVar ( & stepConfig . ArtifactVersion , "artifactVersion" , os . Getenv ( "PIPER_artifactVersion" ) , "The version of the artifact to allow identification in protecode backend" )
cmd . Flags ( ) . StringVar ( & stepConfig . PullRequestName , "pullRequestName" , os . Getenv ( "PIPER_pullRequestName" ) , "The name of the pull request" )
cmd . MarkFlagRequired ( "serverUrl" )
cmd . MarkFlagRequired ( "group" )
2020-04-20 16:44:01 +02:00
cmd . MarkFlagRequired ( "username" )
2020-02-06 17:16:34 +02:00
cmd . MarkFlagRequired ( "password" )
}
// retrieve step metadata
func protecodeExecuteScanMetadata ( ) config . StepData {
var theMetaData = config . StepData {
2020-03-19 18:24:35 +02:00
Metadata : config . StepMetadata {
2020-11-20 09:13:59 +02:00
Name : "protecodeExecuteScan" ,
Aliases : [ ] config . Alias { } ,
Description : "Protecode is an Open Source Vulnerability Scanner that is capable of scanning binaries. It can be used to scan docker images but is supports many other programming languages especially those of the C family." ,
2020-03-19 18:24:35 +02:00
} ,
2020-02-06 17:16:34 +02:00
Spec : config . StepSpec {
Inputs : config . StepInputs {
Parameters : [ ] config . StepParameters {
{
Name : "excludeCVEs" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { { Name : "protecodeExcludeCVEs" } } ,
} ,
{
Name : "failOnSevereVulnerabilities" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "bool" ,
Mandatory : false ,
Aliases : [ ] config . Alias { { Name : "protecodeFailOnSevereVulnerabilities" } } ,
} ,
{
2020-09-16 14:50:09 +02:00
Name : "scanImage" ,
ResourceRef : [ ] config . ResourceReference {
{
Name : "commonPipelineEnvironment" ,
Param : "container/imageNameTag" ,
} ,
} ,
Scope : [ ] string { "GENERAL" , "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { { Name : "dockerImage" } } ,
2020-02-06 17:16:34 +02:00
} ,
{
2020-09-16 14:50:09 +02:00
Name : "dockerRegistryUrl" ,
ResourceRef : [ ] config . ResourceReference {
{
Name : "commonPipelineEnvironment" ,
Param : "container/registryUrl" ,
} ,
} ,
Scope : [ ] string { "GENERAL" , "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
2020-02-06 17:16:34 +02:00
} ,
2020-08-12 14:57:11 +02:00
{
2020-09-16 14:50:09 +02:00
Name : "dockerConfigJSON" ,
ResourceRef : [ ] config . ResourceReference {
{
Name : "dockerConfigJsonCredentialsId" ,
Type : "secret" ,
} ,
2020-11-06 19:06:19 +02:00
{
Name : "" ,
Paths : [ ] string { "$(vaultPath)/docker-config" , "$(vaultBasePath)/$(vaultPipelineName)/docker-config" , "$(vaultBasePath)/GROUP-SECRETS/docker-config" } ,
Type : "vaultSecretFile" ,
} ,
2020-09-16 14:50:09 +02:00
} ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
2020-08-12 14:57:11 +02:00
} ,
2020-02-06 17:16:34 +02:00
{
Name : "cleanupMode" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
} ,
{
Name : "filePath" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
} ,
{
Name : "includeLayers" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "bool" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
} ,
{
Name : "timeoutMinutes" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { { Name : "protecodeTimeoutMinutes" } } ,
} ,
{
Name : "serverUrl" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "GENERAL" , "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : true ,
Aliases : [ ] config . Alias { { Name : "protecodeServerUrl" } } ,
} ,
{
Name : "reportFileName" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
} ,
{
Name : "fetchUrl" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
} ,
{
Name : "group" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : true ,
Aliases : [ ] config . Alias { { Name : "protecodeGroup" } } ,
} ,
{
Name : "reuseExisting" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "bool" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
} ,
{
2020-09-16 14:50:09 +02:00
Name : "username" ,
ResourceRef : [ ] config . ResourceReference {
{
Name : "protecodeCredentialsId" ,
Param : "username" ,
Type : "secret" ,
} ,
2020-12-22 18:43:57 +02:00
{
Name : "" ,
Paths : [ ] string { "$(vaultPath)/protecode" , "$(vaultBasePath)/$(vaultPipelineName)/protecode" , "$(vaultBasePath)/GROUP-SECRETS/protecode" } ,
Type : "vaultSecret" ,
} ,
2020-09-16 14:50:09 +02:00
} ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : true ,
Aliases : [ ] config . Alias { { Name : "user" } } ,
2020-02-06 17:16:34 +02:00
} ,
{
2020-09-16 14:50:09 +02:00
Name : "password" ,
ResourceRef : [ ] config . ResourceReference {
{
Name : "protecodeCredentialsId" ,
Param : "password" ,
Type : "secret" ,
} ,
2020-12-22 18:43:57 +02:00
{
Name : "" ,
Paths : [ ] string { "$(vaultPath)/protecode" , "$(vaultBasePath)/$(vaultPipelineName)/protecode" , "$(vaultBasePath)/GROUP-SECRETS/protecode" } ,
Type : "vaultSecret" ,
} ,
2020-09-16 14:50:09 +02:00
} ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : true ,
Aliases : [ ] config . Alias { } ,
2020-02-06 17:16:34 +02:00
} ,
{
2020-09-16 14:50:09 +02:00
Name : "artifactVersion" ,
ResourceRef : [ ] config . ResourceReference {
{
Name : "commonPipelineEnvironment" ,
Param : "artifactVersion" ,
} ,
} ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
2020-02-06 17:16:34 +02:00
} ,
{
Name : "pullRequestName" ,
ResourceRef : [ ] config . ResourceReference { } ,
Scope : [ ] string { "PARAMETERS" , "STAGES" , "STEPS" } ,
Type : "string" ,
Mandatory : false ,
Aliases : [ ] config . Alias { } ,
} ,
} ,
} ,
2020-11-20 09:13:59 +02:00
Outputs : config . StepOutputs {
Resources : [ ] config . StepResources {
{
Name : "influx" ,
Type : "influx" ,
Parameters : [ ] map [ string ] interface { } {
{ "Name" : "protecode_data" } , { "fields" : [ ] map [ string ] string { { "name" : "historical_vulnerabilities" } , { "name" : "triaged_vulnerabilities" } , { "name" : "excluded_vulnerabilities" } , { "name" : "minor_vulnerabilities" } , { "name" : "major_vulnerabilities" } , { "name" : "vulnerabilities" } } } ,
} ,
} ,
} ,
} ,
2020-02-06 17:16:34 +02:00
} ,
}
return theMetaData
}
