feat(codeqlExecuteScan) : auto fill api url (#4369)

2024-12-12 10:55:20 +02:00 · 2023-05-22 19:59:43 +05:30 · 2023-05-22 19:59:43 +05:30 · 1c018dbff7
commit 1c018dbff7
parent b4e678333b
5 changed files with 24 additions and 25 deletions
--- a/cmd/codeqlExecuteScan.go
+++ b/cmd/codeqlExecuteScan.go
@ -281,7 +281,7 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
 		}

 		if config.CheckForCompliance {
-			codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(config.GithubAPIURL, repoInfo.owner, repoInfo.repo, token, []string{})
+			codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(repoInfo.serverUrl, repoInfo.owner, repoInfo.repo, token, []string{})
 			scanResults, err := codeqlScanAuditInstance.GetVulnerabilities(repoInfo.ref)
 			if err != nil {
 				return reports, errors.Wrap(err, "failed to get scan results")
--- a/cmd/codeqlExecuteScan_generated.go
+++ b/cmd/codeqlExecuteScan_generated.go
@ -21,7 +21,6 @@ import (

 type codeqlExecuteScanOptions struct {
 	GithubToken                 string `json:"githubToken,omitempty"`
-	GithubAPIURL                string `json:"githubApiUrl,omitempty"`
 	BuildTool                   string `json:"buildTool,omitempty" validate:"possible-values=custom maven golang npm pip yarn"`
 	BuildCommand                string `json:"buildCommand,omitempty"`
 	Language                    string `json:"language,omitempty"`
@ -176,7 +175,6 @@ and Java plus Maven.`,

 func addCodeqlExecuteScanFlags(cmd *cobra.Command, stepConfig *codeqlExecuteScanOptions) {
 	cmd.Flags().StringVar(&stepConfig.GithubToken, "githubToken", os.Getenv("PIPER_githubToken"), "GitHub personal access token in plain text. NEVER set this parameter in a file commited to a source code repository. This parameter is intended to be used from the command line or set securely via the environment variable listed below. In most pipeline use-cases, you should instead either store the token in Vault (where it can be automatically retrieved by the step from one of the paths listed below) or store it as a Jenkins secret and configure the secret's id via the `githubTokenCredentialsId` parameter.")
-	cmd.Flags().StringVar(&stepConfig.GithubAPIURL, "githubApiUrl", `https://api.github.com`, "Set the GitHub API URL.")
 	cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", `maven`, "Defines the build tool which is used for building the project.")
 	cmd.Flags().StringVar(&stepConfig.BuildCommand, "buildCommand", os.Getenv("PIPER_buildCommand"), "Command to build the project")
 	cmd.Flags().StringVar(&stepConfig.Language, "language", os.Getenv("PIPER_language"), "The programming language used to analyze.")
@ -234,15 +232,6 @@ func codeqlExecuteScanMetadata() config.StepData {
 						Aliases:   []config.Alias{{Name: "access_token"}},
 						Default:   os.Getenv("PIPER_githubToken"),
 					},
-					{
-						Name:        "githubApiUrl",
-						ResourceRef: []config.ResourceReference{},
-						Scope:       []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"},
-						Type:        "string",
-						Mandatory:   false,
-						Aliases:     []config.Alias{},
-						Default:     `https://api.github.com`,
-					},
 					{
 						Name:        "buildTool",
 						ResourceRef: []config.ResourceReference{},
--- a/pkg/codeql/codeql.go
+++ b/pkg/codeql/codeql.go
@ -17,12 +17,12 @@ type githubCodeqlScanningService interface {

 const auditStateOpen = "open"

-func NewCodeqlScanAuditInstance(apiURL, owner, repository, token string, trustedCerts []string) CodeqlScanAuditInstance {
-	return CodeqlScanAuditInstance{apiURL: apiURL, owner: owner, repository: repository, token: token, trustedCerts: trustedCerts}
+func NewCodeqlScanAuditInstance(serverUrl, owner, repository, token string, trustedCerts []string) CodeqlScanAuditInstance {
+	return CodeqlScanAuditInstance{serverUrl: serverUrl, owner: owner, repository: repository, token: token, trustedCerts: trustedCerts}
 }

 type CodeqlScanAuditInstance struct {
-	apiURL           string
+	serverUrl        string
 	owner            string
 	repository       string
 	token            string
@ -31,7 +31,8 @@ type CodeqlScanAuditInstance struct {
 }

 func (codeqlScanAudit *CodeqlScanAuditInstance) GetVulnerabilities(analyzedRef string) (CodeqlScanning, error) {
-	ctx, client, err := sapgithub.NewClient(codeqlScanAudit.token, codeqlScanAudit.apiURL, "", codeqlScanAudit.trustedCerts)
+	apiUrl := getApiUrl(codeqlScanAudit.serverUrl)
+	ctx, client, err := sapgithub.NewClient(codeqlScanAudit.token, apiUrl, "", codeqlScanAudit.trustedCerts)
 	if err != nil {
 		return CodeqlScanning{}, err
 	}
@ -63,3 +64,11 @@ func getVulnerabilitiesFromClient(ctx context.Context, codeScanning githubCodeql
 	codeqlScanning.Audited = (codeqlScanning.Total - openStateCount)
 	return codeqlScanning, nil
 }
+
+func getApiUrl(serverUrl string) string {
+	if serverUrl == "https://github.com" {
+		return "https://api.github.com"
+	}
+
+	return (serverUrl + "/api/v3")
+}
--- a/pkg/codeql/codeql_test.go
+++ b/pkg/codeql/codeql_test.go
@ -48,3 +48,13 @@ func TestGetVulnerabilitiesFromClient(t *testing.T) {
 		assert.Error(t, err)
 	})
 }
+
+func TestGetApiUrl(t *testing.T) {
+	t.Run("public url", func(t *testing.T) {
+		assert.Equal(t, "https://api.github.com", getApiUrl("https://github.com"))
+	})
+
+	t.Run("enterprise github url", func(t *testing.T) {
+		assert.Equal(t, "https://github.test.org/api/v3", getApiUrl("https://github.test.org"))
+	})
+}
--- a/resources/metadata/codeqlExecuteScan.yaml
+++ b/resources/metadata/codeqlExecuteScan.yaml
@ -39,15 +39,6 @@ spec:
          - type: vaultSecret
            default: github
            name: githubVaultSecretName
-      - name: githubApiUrl
-        description: "Set the GitHub API URL."
-        scope:
-          - GENERAL
-          - PARAMETERS
-          - STAGES
-          - STEPS
-        type: string
-        default: "https://api.github.com"
      - name: buildTool
        type: string
        description: Defines the build tool which is used for building the project.