diff --git a/cmd/codeqlExecuteScan.go b/cmd/codeqlExecuteScan.go index 59b390ec0..7c645f99c 100644 --- a/cmd/codeqlExecuteScan.go +++ b/cmd/codeqlExecuteScan.go @@ -281,7 +281,7 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem } if config.CheckForCompliance { - codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(config.GithubAPIURL, repoInfo.owner, repoInfo.repo, token, []string{}) + codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(repoInfo.serverUrl, repoInfo.owner, repoInfo.repo, token, []string{}) scanResults, err := codeqlScanAuditInstance.GetVulnerabilities(repoInfo.ref) if err != nil { return reports, errors.Wrap(err, "failed to get scan results") diff --git a/cmd/codeqlExecuteScan_generated.go b/cmd/codeqlExecuteScan_generated.go index 8c551a088..2487c6088 100644 --- a/cmd/codeqlExecuteScan_generated.go +++ b/cmd/codeqlExecuteScan_generated.go @@ -21,7 +21,6 @@ import ( type codeqlExecuteScanOptions struct { GithubToken string `json:"githubToken,omitempty"` - GithubAPIURL string `json:"githubApiUrl,omitempty"` BuildTool string `json:"buildTool,omitempty" validate:"possible-values=custom maven golang npm pip yarn"` BuildCommand string `json:"buildCommand,omitempty"` Language string `json:"language,omitempty"` @@ -176,7 +175,6 @@ and Java plus Maven.`, func addCodeqlExecuteScanFlags(cmd *cobra.Command, stepConfig *codeqlExecuteScanOptions) { cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token in plain text. NEVER set this parameter in a file commited to a source code repository. This parameter is intended to be used from the command line or set securely via the environment variable listed below. In most pipeline use-cases, you should instead either store the token in Vault (where it can be automatically retrieved by the step from one of the paths listed below) or store it as a Jenkins secret and configure the secret's id via the `githubTokenCredentialsId` parameter.") - cmd.Flags().StringVar(&stepConfig.GithubAPIURL, "githubApiUrl", `https://api.github.com`, "Set the GitHub API URL.") cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", `maven`, "Defines the build tool which is used for building the project.") cmd.Flags().StringVar(&stepConfig.BuildCommand, "buildCommand", os.Getenv("PIPER_buildCommand"), "Command to build the project") cmd.Flags().StringVar(&stepConfig.Language, "language", os.Getenv("PIPER_language"), "The programming language used to analyze.") @@ -234,15 +232,6 @@ func codeqlExecuteScanMetadata() config.StepData { Aliases: []config.Alias{{Name: "access_token"}}, Default: os.Getenv("PIPER_githubToken"), }, - { - Name: "githubApiUrl", - ResourceRef: []config.ResourceReference{}, - Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, - Type: "string", - Mandatory: false, - Aliases: []config.Alias{}, - Default: `https://api.github.com`, - }, { Name: "buildTool", ResourceRef: []config.ResourceReference{}, diff --git a/pkg/codeql/codeql.go b/pkg/codeql/codeql.go index 7e7f82c99..3fe877513 100644 --- a/pkg/codeql/codeql.go +++ b/pkg/codeql/codeql.go @@ -17,12 +17,12 @@ type githubCodeqlScanningService interface { const auditStateOpen = "open" -func NewCodeqlScanAuditInstance(apiURL, owner, repository, token string, trustedCerts []string) CodeqlScanAuditInstance { - return CodeqlScanAuditInstance{apiURL: apiURL, owner: owner, repository: repository, token: token, trustedCerts: trustedCerts} +func NewCodeqlScanAuditInstance(serverUrl, owner, repository, token string, trustedCerts []string) CodeqlScanAuditInstance { + return CodeqlScanAuditInstance{serverUrl: serverUrl, owner: owner, repository: repository, token: token, trustedCerts: trustedCerts} } type CodeqlScanAuditInstance struct { - apiURL string + serverUrl string owner string repository string token string @@ -31,7 +31,8 @@ type CodeqlScanAuditInstance struct { } func (codeqlScanAudit *CodeqlScanAuditInstance) GetVulnerabilities(analyzedRef string) (CodeqlScanning, error) { - ctx, client, err := sapgithub.NewClient(codeqlScanAudit.token, codeqlScanAudit.apiURL, "", codeqlScanAudit.trustedCerts) + apiUrl := getApiUrl(codeqlScanAudit.serverUrl) + ctx, client, err := sapgithub.NewClient(codeqlScanAudit.token, apiUrl, "", codeqlScanAudit.trustedCerts) if err != nil { return CodeqlScanning{}, err } @@ -63,3 +64,11 @@ func getVulnerabilitiesFromClient(ctx context.Context, codeScanning githubCodeql codeqlScanning.Audited = (codeqlScanning.Total - openStateCount) return codeqlScanning, nil } + +func getApiUrl(serverUrl string) string { + if serverUrl == "https://github.com" { + return "https://api.github.com" + } + + return (serverUrl + "/api/v3") +} diff --git a/pkg/codeql/codeql_test.go b/pkg/codeql/codeql_test.go index 47456c179..9d2798c24 100644 --- a/pkg/codeql/codeql_test.go +++ b/pkg/codeql/codeql_test.go @@ -48,3 +48,13 @@ func TestGetVulnerabilitiesFromClient(t *testing.T) { assert.Error(t, err) }) } + +func TestGetApiUrl(t *testing.T) { + t.Run("public url", func(t *testing.T) { + assert.Equal(t, "https://api.github.com", getApiUrl("https://github.com")) + }) + + t.Run("enterprise github url", func(t *testing.T) { + assert.Equal(t, "https://github.test.org/api/v3", getApiUrl("https://github.test.org")) + }) +} diff --git a/resources/metadata/codeqlExecuteScan.yaml b/resources/metadata/codeqlExecuteScan.yaml index 42e9280cd..6d0efc34c 100644 --- a/resources/metadata/codeqlExecuteScan.yaml +++ b/resources/metadata/codeqlExecuteScan.yaml @@ -39,15 +39,6 @@ spec: - type: vaultSecret default: github name: githubVaultSecretName - - name: githubApiUrl - description: "Set the GitHub API URL." - scope: - - GENERAL - - PARAMETERS - - STAGES - - STEPS - type: string - default: "https://api.github.com" - name: buildTool type: string description: Defines the build tool which is used for building the project.