DetectExecuteScan : Codelocations autodetermined by detect script (#2704)

* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code version

* Changes for detect codelocation

* remove unmap from scanProperties

* fix/add unit tests for remove unmap

* handle spaces in scanProperties

* update default scanproperties to remove deprecations

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>

cmd/detectExecuteScan.go

@@ -133,8 +133,21 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
 
 	_, detectVersionName := versioning.DetermineProjectCoordinates("", config.VersioningModel, coordinates)
 
+	//Split on spaces, the scanPropeties, so that each property is available as a single string
+	//instead of all properties being part of a single string
+	config.ScanProperties = piperutils.SplitAndTrim(config.ScanProperties, " ")
+
 	if config.ScanOnChanges {
 		args = append(args, "--report")
+		config.Unmap = false
+	}
+
+	if config.Unmap {
+		args = append(args, fmt.Sprintf("--detect.project.codelocation.unmap=true"))
+		config.ScanProperties, _ = piperutils.RemoveAll(config.ScanProperties, "--detect.project.codelocation.unmap=false")
+	} else {
+		//When unmap is set to false, any occurances of unmap=true from scanProperties must be removed
+		config.ScanProperties, _ = piperutils.RemoveAll(config.ScanProperties, "--detect.project.codelocation.unmap=true")
 	}
 
 	args = append(args, config.ScanProperties...)
@@ -156,11 +169,9 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
 		args = append(args, fmt.Sprintf("--detect.policy.check.fail.on.severities=%v", strings.Join(config.FailOn, ",")))
 	}
 
-	codeLocation := config.CodeLocation
-	if len(codeLocation) == 0 && len(config.ProjectName) > 0 {
-		codeLocation = fmt.Sprintf("%v/%v", config.ProjectName, detectVersionName)
+	if len(config.CodeLocation) > 0 {
+		args = append(args, fmt.Sprintf("\"--detect.code.location.name='%v'\"", config.CodeLocation))
 	}
-	args = append(args, fmt.Sprintf("\"--detect.code.location.name='%v'\"", codeLocation))
 
 	if len(config.ScanPaths) > 0 && len(config.ScanPaths[0]) > 0 {
 		args = append(args, fmt.Sprintf("--detect.blackduck.signature.scanner.paths=%v", strings.Join(config.ScanPaths, ",")))
@@ -172,10 +183,6 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
 		args = append(args, fmt.Sprintf("--detect.source.path='.'"))
 	}
 
-	if config.Unmap {
-		args = append(args, fmt.Sprintf("--detect.project.codelocation.unmap=true"))
-	}
-
 	if len(config.IncludedPackageManagers) > 0 {
 		args = append(args, fmt.Sprintf("--detect.included.detector.types=%v", strings.ToUpper(strings.Join(config.IncludedPackageManagers, ","))))
 	}

cmd/detectExecuteScan_generated.go

@@ -104,8 +104,8 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan
 	cmd.Flags().StringSliceVar(&stepConfig.Scanners, "scanners", []string{`signature`}, "List of scanners to be used for Synopsis Detect (formerly BlackDuck) scan.")
 	cmd.Flags().StringSliceVar(&stepConfig.ScanPaths, "scanPaths", []string{`.`}, "List of paths which should be scanned by the Synopsis Detect (formerly BlackDuck) scan.")
 	cmd.Flags().StringVar(&stepConfig.DependencyPath, "dependencyPath", `.`, "Absolute Path of the dependency management file of the project. This path represents the folder which contains the pom file, package.json etc. If the project contains multiple pom files, provide the path to the parent pom file or the base folder of the project")
-	cmd.Flags().BoolVar(&stepConfig.Unmap, "unmap", false, "Unmap flag will unmap all previous code locations and keep only the current scan results in the specified project version. Set this parameter to true, when the project version needs to store only the latest scan results.")
-	cmd.Flags().StringSliceVar(&stepConfig.ScanProperties, "scanProperties", []string{`--blackduck.signature.scanner.memory=4096`, `--blackduck.timeout=6000`, `--blackduck.trust.cert=true`, `--detect.report.timeout=4800`, `--logging.level.com.synopsys.integration=DEBUG`, `--detect.maven.excluded.scopes=test`}, "Properties passed to the Synopsis Detect (formerly BlackDuck) scan. You can find details in the [Synopsis Detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622846/Using+Synopsys+Detect+Properties)")
+	cmd.Flags().BoolVar(&stepConfig.Unmap, "unmap", true, "Unmap flag will unmap all previous code locations and keep only the current scan results in the specified project version. Set this parameter to true, when the project version needs to store only the latest scan results.")
+	cmd.Flags().StringSliceVar(&stepConfig.ScanProperties, "scanProperties", []string{`--blackduck.signature.scanner.memory=4096`, `--detect.timeout=6000`, `--blackduck.trust.cert=true`, `--logging.level.com.synopsys.integration=DEBUG`, `--detect.maven.excluded.scopes=test`}, "Properties passed to the Synopsis Detect (formerly BlackDuck) scan. You can find details in the [Synopsis Detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622846/Using+Synopsys+Detect+Properties)")
 	cmd.Flags().StringVar(&stepConfig.ServerURL, "serverUrl", os.Getenv("PIPER_serverUrl"), "Server URL to the Synopsis Detect (formerly BlackDuck) Server.")
 	cmd.Flags().StringSliceVar(&stepConfig.Groups, "groups", []string{}, "Users groups to be assigned for the Project")
 	cmd.Flags().StringSliceVar(&stepConfig.FailOn, "failOn", []string{`BLOCKER`}, "Mark the current build as fail based on the policy categories applied.")

cmd/detectExecuteScan_test.go

@@ -62,14 +62,14 @@ func TestRunDetect(t *testing.T) {
 		assert.NoError(t, err)
 		assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
 		assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
-		expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" \"--detect.code.location.name=''\" --detect.source.path='.'"
+		expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" --detect.source.path='.'"
 		assert.Equal(t, expectedScript, utilsMock.Calls[0])
 	})
 
 	t.Run("failure case", func(t *testing.T) {
 		t.Parallel()
 		utilsMock := newDetectTestUtilsBundle()
-		utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" \"--detect.code.location.name=''\" --detect.source.path='.'": fmt.Errorf("Test Error")}
+		utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" --detect.source.path='.'": fmt.Errorf("Test Error")}
 		utilsMock.AddFile("detect.sh", []byte(""))
 		err := runDetect(detectExecuteScanOptions{}, utilsMock)
 		assert.EqualError(t, err, "Test Error")
@@ -125,7 +125,6 @@ func TestAddDetectArgs(t *testing.T) {
 				"--blackduck.api.token=apiToken",
 				"\"--detect.project.name='testName'\"",
 				"\"--detect.project.version.name='1.0'\"",
-				"\"--detect.code.location.name='testName/1.0'\"",
 				"--detect.blackduck.signature.scanner.paths=path1,path2",
 				"--detect.source.path='.'",
 			},
@@ -230,6 +229,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.project.codelocation.unmap=true",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
 				"\"--detect.project.name='testName'\"",
@@ -239,7 +239,6 @@ func TestAddDetectArgs(t *testing.T) {
 				"\"--detect.code.location.name='testLocation'\"",
 				"--detect.blackduck.signature.scanner.paths=path1,path2",
 				"--detect.source.path=pathx",
-				"--detect.project.codelocation.unmap=true",
 			},
 		},
 		{
@@ -264,6 +263,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.project.codelocation.unmap=true",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
 				"\"--detect.project.name='testName'\"",
@@ -273,7 +273,6 @@ func TestAddDetectArgs(t *testing.T) {
 				"\"--detect.code.location.name='testLocation'\"",
 				"--detect.blackduck.signature.scanner.paths=path1,path2",
 				"--detect.source.path=pathx",
-				"--detect.project.codelocation.unmap=true",
 				"--detect.included.detector.types=MAVEN,GRADLE",
 				"--detect.excluded.detector.types=NPM,NUGET",
 				"--detect.maven.excluded.scopes=test,compile",
@@ -313,7 +312,6 @@ func TestAddDetectArgs(t *testing.T) {
 				"\"--detect.code.location.name='testLocation'\"",
 				"--detect.blackduck.signature.scanner.paths=path1,path2",
 				"--detect.source.path=pathx",
-				"--detect.project.codelocation.unmap=true",
 				"--detect.included.detector.types=MAVEN,GRADLE",
 				"--detect.excluded.detector.types=NPM,NUGET",
 				"--detect.maven.excluded.scopes=test,compile",
@@ -353,7 +351,47 @@ func TestAddDetectArgs(t *testing.T) {
 				"\"--detect.code.location.name='testLocation'\"",
 				"--detect.blackduck.signature.scanner.paths=path1,path2",
 				"--detect.source.path=pathx",
-				"--detect.project.codelocation.unmap=true",
+				"--detect.included.detector.types=MAVEN,GRADLE",
+				"--detect.excluded.detector.types=NPM,NUGET",
+				"--detect.maven.excluded.scopes=test,compile",
+				"--detect.tools=DETECTOR",
+			},
+		},
+		{
+			args: []string{"--testProp1=1"},
+			options: detectExecuteScanOptions{
+				ScanProperties:          []string{"--scan=1", "--detect.project.codelocation.unmap=true"},
+				ServerURL:               "https://server.url",
+				Token:                   "apiToken",
+				ProjectName:             "testName",
+				CodeLocation:            "testLocation",
+				FailOn:                  []string{"BLOCKER", "MAJOR"},
+				Scanners:                []string{"source"},
+				ScanPaths:               []string{"path1", "path2"},
+				Groups:                  []string{"testGroup", "testGroup2"},
+				Version:                 "1.0",
+				VersioningModel:         "major-minor",
+				DependencyPath:          "pathx",
+				Unmap:                   true,
+				IncludedPackageManagers: []string{"maven", "GRADLE"},
+				ExcludedPackageManagers: []string{"npm", "NUGET"},
+				MavenExcludedScopes:     []string{"TEST", "compile"},
+				DetectTools:             []string{"DETECTOR"},
+				ScanOnChanges:           true,
+			},
+			expected: []string{
+				"--testProp1=1",
+				"--report",
+				"--scan=1",
+				"--blackduck.url=https://server.url",
+				"--blackduck.api.token=apiToken",
+				"\"--detect.project.name='testName'\"",
+				"\"--detect.project.version.name='1.0'\"",
+				"\"--detect.project.user.groups='testGroup,testGroup2'\"",
+				"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
+				"\"--detect.code.location.name='testLocation'\"",
+				"--detect.blackduck.signature.scanner.paths=path1,path2",
+				"--detect.source.path=pathx",
 				"--detect.included.detector.types=MAVEN,GRADLE",
 				"--detect.excluded.detector.types=NPM,NUGET",
 				"--detect.maven.excluded.scopes=test,compile",

resources/metadata/detect.yaml

@@ -100,7 +100,7 @@ spec:
         aliases:
           - name: detect/unmap
         type: bool
-        default: false
+        default: true
         scope:
           - PARAMETERS
           - STAGES
@@ -112,9 +112,8 @@ spec:
         type: "[]string"
         default:
           - --blackduck.signature.scanner.memory=4096
-          - --blackduck.timeout=6000
+          - --detect.timeout=6000
           - --blackduck.trust.cert=true
-          - --detect.report.timeout=4800
           - --logging.level.com.synopsys.integration=DEBUG
           - --detect.maven.excluded.scopes=test
         scope: