sap-jenkins-library/pkg/whitesource/scanMaven.go

package whitesource

import (
	"fmt"
	"path/filepath"
	"strings"

	"github.com/SAP/jenkins-library/pkg/log"
	"github.com/SAP/jenkins-library/pkg/maven"
)

// ExecuteMavenScan constructs maven parameters from the given configuration, and executes the maven goal
// "org.whitesource:whitesource-maven-plugin:19.5.1:update".
func (s *Scan) ExecuteMavenScan(config *ScanOptions, utils Utils) error {
	s.AgentName = "WhiteSource Maven Plugin"
	s.AgentVersion = "unknown"
	log.Entry().Infof("Using Whitesource scan for Maven project")
	pomPath := config.PomPath
	if pomPath == "" {
		pomPath = "pom.xml"
	}
	return s.ExecuteMavenScanForPomFile(config, utils, pomPath)
}

// ExecuteMavenScanForPomFile constructs maven parameters from the given configuration, and executes the maven goal
// "org.whitesource:whitesource-maven-plugin:19.5.1:update" for the given pom file.
func (s *Scan) ExecuteMavenScanForPomFile(config *ScanOptions, utils Utils, pomPath string) error {
	pomExists, _ := utils.FileExists(pomPath)
	if !pomExists {
		return fmt.Errorf("for scanning with type '%s', the file '%s' must exist in the project root",
			config.ScanType, pomPath)
	}

	if config.InstallArtifacts {
		err := maven.InstallMavenArtifacts(&maven.EvaluateOptions{
			M2Path:              config.M2Path,
			ProjectSettingsFile: config.ProjectSettingsFile,
			GlobalSettingsFile:  config.GlobalSettingsFile,
			PomPath:             pomPath,
		}, utils)
		if err != nil {
			return err
		}
	}

	defines := s.generateMavenWhitesourceDefines(config)
	flags, excludes := generateMavenWhitesourceFlags(config, utils)
	err := s.appendModulesThatWillBeScanned(utils, excludes)
	if err != nil {
		return fmt.Errorf("failed to determine maven modules which will be scanned: %w", err)
	}

	_, err = maven.Execute(&maven.ExecuteOptions{
		PomPath:             pomPath,
		M2Path:              config.M2Path,
		GlobalSettingsFile:  config.GlobalSettingsFile,
		ProjectSettingsFile: config.ProjectSettingsFile,
		Defines:             defines,
		Flags:               flags,
		Goals:               []string{"org.whitesource:whitesource-maven-plugin:19.5.1:update"},
	}, utils)

	return err
}

func (s *Scan) generateMavenWhitesourceDefines(config *ScanOptions) []string {
	defines := []string{
		"-Dorg.whitesource.orgToken=" + config.OrgToken,
		"-Dorg.whitesource.product=" + config.ProductName,
		"-Dorg.whitesource.checkPolicies=true",
		"-Dorg.whitesource.failOnError=true",
		"-Dorg.whitesource.forceUpdate=true",
	}

	// Aggregate all modules into one WhiteSource project, if user specified the 'projectName' parameter.
	if config.ProjectName != "" {
		defines = append(defines, "-Dorg.whitesource.aggregateProjectName="+config.ProjectName)
		defines = append(defines, "-Dorg.whitesource.aggregateModules=true")
	}

	if config.UserToken != "" {
		defines = append(defines, "-Dorg.whitesource.userKey="+config.UserToken)
	}

	if s.ProductVersion != "" {
		defines = append(defines, "-Dorg.whitesource.productVersion="+s.ProductVersion)
	}

	return defines
}

func generateMavenWhitesourceFlags(config *ScanOptions, utils Utils) (flags []string, excludes []string) {
	excludes = config.BuildDescriptorExcludeList
	// From the documentation, these are file paths to a module's pom.xml.
	// For MTA projects, we want to support mixing paths to package.json files and pom.xml files.
	for _, exclude := range excludes {
		if !strings.HasSuffix(exclude, "pom.xml") {
			continue
		}
		exists, _ := utils.FileExists(exclude)
		if !exists {
			continue
		}
		moduleName := filepath.Dir(exclude)
		if moduleName != "" {
			flags = append(flags, "-pl", "!"+moduleName)
		}
	}
	return flags, excludes
}

func (s *Scan) appendModulesThatWillBeScanned(utils Utils, excludes []string) error {
	return maven.VisitAllMavenModules(".", utils, excludes, func(info maven.ModuleInfo) error {
		project := info.Project
		if project.Packaging != "pom" {
			if project.ArtifactID == "" {
				return fmt.Errorf("artifactId missing from '%s'", info.PomXMLPath)
			}

			err := s.AppendScannedProject(project.ArtifactID)
			if err != nil {
				return err
			}
		}
		return nil
	})
}
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207) 2020-10-20 09:49:26 +02:00			`package whitesource`

			`import (`
			`"fmt"`
			`"path/filepath"`
			`"strings"`
feat(whitesourceExecuteScan): GitHub issue creation + SARIF (#3535) * Add GH issue creation + SARIF * Code cleanup * Fix fmt, add debug * Code enhancements * Fix * Added debug info * Rework UA log scan * Fix code * read UA version * Fix nil reference * Extraction * Credentials * Issue creation * Error handling * Fix issue creation * query escape * Query escape 2 * Revert * Test avoid update * HTTP client * Add support for custom TLS certs * Fix code * Fix code 2 * Fix code 3 * Disable cert check * Fix auth * Remove implicit trust * Skip verification * Fix * Fix client * Fix HTTP auth * Fix trusted certs * Trim version * Code * Add token * Added token handling to client * Fix token * Cleanup * Fix token * Token rework * Fix code * Kick out oauth client * Kick out oauth client * Transport wrapping * Token * Simplification * Refactor * Variation * Check * Fix * Debug * Switch client * Variation * Debug * Switch to cert check * Add debug * Parse self * Cleanup * Update resources/metadata/whitesourceExecuteScan.yaml * Add debug * Expose subjects * Patch * Debug * Debug2 * Debug3 * Fix logging response body * Cleanup * Cleanup * Fix request body logging * Cleanup import * Fix import cycle * Cleanup * Fix fmt * Fix NopCloser reference * Regenerate * Reintroduce * Fix test * Fix tests * Correction * Fix error * Code fix * Fix tests * Add tests * Fix code climate issues * Code climate * Code climate again * Code climate again * Fix fmt * Fix fmt 2 Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2022-02-23 10:30:19 +02:00
			`"github.com/SAP/jenkins-library/pkg/log"`
			`"github.com/SAP/jenkins-library/pkg/maven"`
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207) 2020-10-20 09:49:26 +02:00			`)`

			`// ExecuteMavenScan constructs maven parameters from the given configuration, and executes the maven goal`
			`// "org.whitesource:whitesource-maven-plugin:19.5.1:update".`
			`func (s Scan) ExecuteMavenScan(config ScanOptions, utils Utils) error {`
feat(whitesourceExecuteScan): GitHub issue creation + SARIF (#3535) * Add GH issue creation + SARIF * Code cleanup * Fix fmt, add debug * Code enhancements * Fix * Added debug info * Rework UA log scan * Fix code * read UA version * Fix nil reference * Extraction * Credentials * Issue creation * Error handling * Fix issue creation * query escape * Query escape 2 * Revert * Test avoid update * HTTP client * Add support for custom TLS certs * Fix code * Fix code 2 * Fix code 3 * Disable cert check * Fix auth * Remove implicit trust * Skip verification * Fix * Fix client * Fix HTTP auth * Fix trusted certs * Trim version * Code * Add token * Added token handling to client * Fix token * Cleanup * Fix token * Token rework * Fix code * Kick out oauth client * Kick out oauth client * Transport wrapping * Token * Simplification * Refactor * Variation * Check * Fix * Debug * Switch client * Variation * Debug * Switch to cert check * Add debug * Parse self * Cleanup * Update resources/metadata/whitesourceExecuteScan.yaml * Add debug * Expose subjects * Patch * Debug * Debug2 * Debug3 * Fix logging response body * Cleanup * Cleanup * Fix request body logging * Cleanup import * Fix import cycle * Cleanup * Fix fmt * Fix NopCloser reference * Regenerate * Reintroduce * Fix test * Fix tests * Correction * Fix error * Code fix * Fix tests * Add tests * Fix code climate issues * Code climate * Code climate again * Code climate again * Fix fmt * Fix fmt 2 Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2022-02-23 10:30:19 +02:00			`s.AgentName = "WhiteSource Maven Plugin"`
			`s.AgentVersion = "unknown"`
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207) 2020-10-20 09:49:26 +02:00			`log.Entry().Infof("Using Whitesource scan for Maven project")`
			`pomPath := config.PomPath`
			`if pomPath == "" {`
			`pomPath = "pom.xml"`
			`}`
			`return s.ExecuteMavenScanForPomFile(config, utils, pomPath)`
			`}`

			`// ExecuteMavenScanForPomFile constructs maven parameters from the given configuration, and executes the maven goal`
			`// "org.whitesource:whitesource-maven-plugin:19.5.1:update" for the given pom file.`
			`func (s Scan) ExecuteMavenScanForPomFile(config ScanOptions, utils Utils, pomPath string) error {`
			`pomExists, _ := utils.FileExists(pomPath)`
			`if !pomExists {`
			`return fmt.Errorf("for scanning with type '%s', the file '%s' must exist in the project root",`
			`config.ScanType, pomPath)`
			`}`

Install artifacts before whitesource scan (#2280) 2020-10-30 16:05:14 +02:00			`if config.InstallArtifacts {`
Refactor maven utils and add tests for install artifacts (#2318) Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> 2020-11-10 18:14:55 +02:00			`err := maven.InstallMavenArtifacts(&maven.EvaluateOptions{`
Install artifacts before whitesource scan (#2280) 2020-10-30 16:05:14 +02:00			`M2Path: config.M2Path,`
			`ProjectSettingsFile: config.ProjectSettingsFile,`
			`GlobalSettingsFile: config.GlobalSettingsFile,`
			`PomPath: pomPath,`
Refactor maven utils and add tests for install artifacts (#2318) Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com> 2020-11-10 18:14:55 +02:00			`}, utils)`
Install artifacts before whitesource scan (#2280) 2020-10-30 16:05:14 +02:00			`if err != nil {`
			`return err`
			`}`
			`}`

whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207) 2020-10-20 09:49:26 +02:00			`defines := s.generateMavenWhitesourceDefines(config)`
			`flags, excludes := generateMavenWhitesourceFlags(config, utils)`
			`err := s.appendModulesThatWillBeScanned(utils, excludes)`
			`if err != nil {`
			`return fmt.Errorf("failed to determine maven modules which will be scanned: %w", err)`
			`}`

			`_, err = maven.Execute(&maven.ExecuteOptions{`
			`PomPath: pomPath,`
			`M2Path: config.M2Path,`
			`GlobalSettingsFile: config.GlobalSettingsFile,`
			`ProjectSettingsFile: config.ProjectSettingsFile,`
			`Defines: defines,`
			`Flags: flags,`
			`Goals: []string{"org.whitesource:whitesource-maven-plugin:19.5.1:update"},`
			`}, utils)`

			`return err`
			`}`

			`func (s Scan) generateMavenWhitesourceDefines(config ScanOptions) []string {`
			`defines := []string{`
			`"-Dorg.whitesource.orgToken=" + config.OrgToken,`
			`"-Dorg.whitesource.product=" + config.ProductName,`
			`"-Dorg.whitesource.checkPolicies=true",`
			`"-Dorg.whitesource.failOnError=true",`
Force WS Project update for mvn plugin (#2575) In case of policy violations, the scan is failed and default behavior is to not update the project in the WS system. See docs at https://whitesource.atlassian.net/wiki/spaces/WD/pages/33914890/Maven+Plugin. Since this is inconvenient and we also changed the behavior already for NPM, we force the update. 2021-02-04 10:17:48 +02:00			`"-Dorg.whitesource.forceUpdate=true",`
whitesourceExecuteScan: Re-organize code between step and whitesource package (#2207) 2020-10-20 09:49:26 +02:00			`}`

			`// Aggregate all modules into one WhiteSource project, if user specified the 'projectName' parameter.`
			`if config.ProjectName != "" {`
			`defines = append(defines, "-Dorg.whitesource.aggregateProjectName="+config.ProjectName)`
			`defines = append(defines, "-Dorg.whitesource.aggregateModules=true")`
			`}`

			`if config.UserToken != "" {`
			`defines = append(defines, "-Dorg.whitesource.userKey="+config.UserToken)`
			`}`

			`if s.ProductVersion != "" {`
			`defines = append(defines, "-Dorg.whitesource.productVersion="+s.ProductVersion)`
			`}`

			`return defines`
			`}`

			`func generateMavenWhitesourceFlags(config *ScanOptions, utils Utils) (flags []string, excludes []string) {`
			`excludes = config.BuildDescriptorExcludeList`
			`// From the documentation, these are file paths to a module's pom.xml.`
			`// For MTA projects, we want to support mixing paths to package.json files and pom.xml files.`
			`for _, exclude := range excludes {`
			`if !strings.HasSuffix(exclude, "pom.xml") {`
			`continue`
			`}`
			`exists, _ := utils.FileExists(exclude)`
			`if !exists {`
			`continue`
			`}`
			`moduleName := filepath.Dir(exclude)`
			`if moduleName != "" {`
			`flags = append(flags, "-pl", "!"+moduleName)`
			`}`
			`}`
			`return flags, excludes`
			`}`

			`func (s *Scan) appendModulesThatWillBeScanned(utils Utils, excludes []string) error {`
			`return maven.VisitAllMavenModules(".", utils, excludes, func(info maven.ModuleInfo) error {`
			`project := info.Project`
			`if project.Packaging != "pom" {`
			`if project.ArtifactID == "" {`
			`return fmt.Errorf("artifactId missing from '%s'", info.PomXMLPath)`
			`}`

			`err := s.AppendScannedProject(project.ArtifactID)`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`})`
			`}`