From 07b90dc10b8c152f0d54f1e9901a047216ca2062 Mon Sep 17 00:00:00 2001 From: Sven Merk <33895725+nevskrem@users.noreply.github.com> Date: Wed, 16 Jun 2021 08:15:41 +0200 Subject: [PATCH] fix(fortifyExecuteScan): Throw error on classpath detection issues (#2876) * Update fortifyExecuteScan.go * Raise error to the top level * Update fortifyExecuteScan.go * Update fortifyExecuteScan.go * Fix code and test * Add tests * Fix test * Last attempt --- cmd/fortifyExecuteScan.go | 12 +++++++---- cmd/fortifyExecuteScan_test.go | 37 ++++++++++++++++++++++++++++++++-- 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/cmd/fortifyExecuteScan.go b/cmd/fortifyExecuteScan.go index e207e6061..222391eb3 100644 --- a/cmd/fortifyExecuteScan.go +++ b/cmd/fortifyExecuteScan.go @@ -621,7 +621,7 @@ func autoresolvePipClasspath(executable string, parameters []string, file string return readClasspathFile(file), nil } -func autoresolveMavenClasspath(config fortifyExecuteScanOptions, file string, utils fortifyUtils) string { +func autoresolveMavenClasspath(config fortifyExecuteScanOptions, file string, utils fortifyUtils) (string, error) { if filepath.IsAbs(file) { log.Entry().Warnf("Passing an absolute path for -Dmdep.outputFile results in the classpath only for the last module in multi-module maven projects.") } @@ -636,9 +636,10 @@ func autoresolveMavenClasspath(config fortifyExecuteScanOptions, file string, ut } _, err := maven.Execute(&executeOptions, utils) if err != nil { - log.Entry().WithError(err).Warn("failed to determine classpath using Maven") + log.Entry().WithError(err).Error("failed to determine classpath using Maven") + return "", err } - return readAllClasspathFiles(file) + return readAllClasspathFiles(file), nil } // readAllClasspathFiles tests whether the passed file is an absolute path. If not, it will glob for @@ -707,7 +708,10 @@ func triggerFortifyScan(config fortifyExecuteScanOptions, utils fortifyUtils, bu classpath := "" if config.BuildTool == "maven" { if config.AutodetectClasspath { - classpath = autoresolveMavenClasspath(config, classpathFileName, utils) + classpath, err = autoresolveMavenClasspath(config, classpathFileName, utils) + if err != nil { + return err + } } config.Translate, err = populateMavenTranslate(&config, classpath) if err != nil { diff --git a/cmd/fortifyExecuteScan_test.go b/cmd/fortifyExecuteScan_test.go index 4a38dea4b..f593300e8 100644 --- a/cmd/fortifyExecuteScan_test.go +++ b/cmd/fortifyExecuteScan_test.go @@ -336,7 +336,13 @@ func (er *execRunnerMock) RunExecutable(e string, p ...string) error { classpathPip := "/usr/lib/python35.zip;/usr/lib/python3.5;/usr/lib/python3.5/plat-x86_64-linux-gnu;/usr/lib/python3.5/lib-dynload;/home/piper/.local/lib/python3.5/site-packages;/usr/local/lib/python3.5/dist-packages;/usr/lib/python3/dist-packages;./lib" classpathMaven := "some.jar;someother.jar" if e == "python2" { - er.currentExecution().outWriter.Write([]byte(classpathPip)) + if p[1] == "invalid" { + return errors.New("Invalid command") + } + _, err := er.currentExecution().outWriter.Write([]byte(classpathPip)) + if err != nil { + return err + } } else if e == "mvn" { path := strings.ReplaceAll(p[2], "-Dmdep.outputFile=", "") err := ioutil.WriteFile(path, []byte(classpathMaven), 0644) @@ -820,6 +826,25 @@ func TestAutoresolveClasspath(t *testing.T) { assert.Equal(t, "/usr/lib/python35.zip;/usr/lib/python3.5;/usr/lib/python3.5/plat-x86_64-linux-gnu;/usr/lib/python3.5/lib-dynload;/home/piper/.local/lib/python3.5/site-packages;/usr/local/lib/python3.5/dist-packages;/usr/lib/python3/dist-packages;./lib", result, "Expected different result") }) + t.Run("error pip file", func(t *testing.T) { + utils := newFortifyTestUtilsBundle() + + _, err := autoresolvePipClasspath("python2", []string{"-c", "import sys;p=sys.path;p.remove('');print(';'.join(p))"}, "../.", &utils) + assert.Error(t, err) + }) + + t.Run("error pip command", func(t *testing.T) { + utils := newFortifyTestUtilsBundle() + dir, err := ioutil.TempDir("", "classpath") + assert.NoError(t, err, "Unexpected error detected") + defer os.RemoveAll(dir) + file := filepath.Join(dir, "cp.txt") + + _, err = autoresolvePipClasspath("python2", []string{"-c", "invalid"}, file, &utils) + assert.Error(t, err) + assert.Equal(t, "failed to run classpath autodetection command python2 with parameters [-c invalid]: Invalid command", err.Error()) + }) + t.Run("success maven", func(t *testing.T) { utils := newFortifyTestUtilsBundle() dir, err := ioutil.TempDir("", "classpath") @@ -827,11 +852,19 @@ func TestAutoresolveClasspath(t *testing.T) { defer os.RemoveAll(dir) file := filepath.Join(dir, "cp.txt") - result := autoresolveMavenClasspath(fortifyExecuteScanOptions{BuildDescriptorFile: "pom.xml"}, file, &utils) + result, err := autoresolveMavenClasspath(fortifyExecuteScanOptions{BuildDescriptorFile: "pom.xml"}, file, &utils) + assert.NoError(t, err) assert.Equal(t, "mvn", utils.executions[0].executable, "Expected different executable") assert.Equal(t, []string{"--file", "pom.xml", fmt.Sprintf("-Dmdep.outputFile=%v", file), "-DincludeScope=compile", "-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn", "--batch-mode", "dependency:build-classpath"}, utils.executions[0].parameters, "Expected different parameters") assert.Equal(t, "some.jar;someother.jar", result, "Expected different result") }) + + t.Run("error maven", func(t *testing.T) { + utils := newFortifyTestUtilsBundle() + + _, err := autoresolveMavenClasspath(fortifyExecuteScanOptions{BuildDescriptorFile: "pom.xml"}, "../.", &utils) + assert.Error(t, err) + }) } func TestPopulateMavenTranslate(t *testing.T) {