detectExecuteScan : support for detect 7 (#3453)

* enable detect 7 script

* unit test uses detect7 as default

* add detect6 test case

* add check for OSEnv detect version

* add test for OSEnv detect version

* update customEnvironmentVariables docu

* fix linting

Co-authored-by: ffeldmann <f.feldmann@sap.com>

cmd/detectExecuteScan.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"regexp"
 	"sort"
 	"strconv"
 	"strings"
@@ -39,6 +40,7 @@ type detectUtils interface {
 	Glob(pattern string) (matches []string, err error)
 
 	GetExitCode() int
+	GetOsEnv() []string
 	Stdout(out io.Writer)
 	Stderr(err io.Writer)
 	SetDir(dir string)
@@ -253,9 +255,27 @@ func exitCodeMapping(exitCodeKey int) string {
 
 func getDetectScript(config detectExecuteScanOptions, utils detectUtils) error {
 	if config.ScanOnChanges {
+		log.Entry().Infof("Using Detect Rescan script")
 		return utils.DownloadFile("https://raw.githubusercontent.com/blackducksoftware/detect_rescan/master/detect_rescan.sh", "detect.sh", nil, nil)
 	}
-	return utils.DownloadFile("https://detect.synopsys.com/detect.sh", "detect.sh", nil, nil)
+	env := utils.GetOsEnv()
+	env = append(env, config.CustomEnvironmentVariables...)
+	if piperutils.ContainsStringPart(env, "DETECT_LATEST_RELEASE_VERSION") {
+		releaseVersion := ""
+		for _, i := range env {
+			if strings.Contains(i, "DETECT_LATEST_RELEASE_VERSION") {
+				releaseVersion = strings.Split(i, "=")[1]
+			}
+		}
+		log.Entry().Infof("Using detect script Version %v ", releaseVersion)
+		detect6, _ := regexp.MatchString("6\\.\\d\\.\\d", releaseVersion)
+		if detect6 {
+			log.Entry().Infof("Downloading Detect 6.x")
+			return utils.DownloadFile("https://detect.synopsys.com/detect.sh", "detect.sh", nil, nil)
+		}
+	}
+	log.Entry().Infof("Downloading Detect7")
+	return utils.DownloadFile("https://detect.synopsys.com/detect7.sh", "detect.sh", nil, nil)
 }
 
 func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectUtils) ([]string, error) {

cmd/detectExecuteScan_generated.go

@@ -210,7 +210,7 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan
 	cmd.Flags().StringSliceVar(&stepConfig.MavenExcludedScopes, "mavenExcludedScopes", []string{}, "The maven scopes that need to be excluded from the scan. For example, setting the value 'test' will exclude all components which are defined with a test scope in maven")
 	cmd.Flags().StringSliceVar(&stepConfig.DetectTools, "detectTools", []string{}, "The type of BlackDuck scanners to include while running the BlackDuck scan. By default All scanners are included. For the complete list of possible values, Please refer [Synopsys detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/631407160/Configuring+Detect+General+Properties#Detect-tools-included)")
 	cmd.Flags().BoolVar(&stepConfig.ScanOnChanges, "scanOnChanges", false, "This flag determines if the scan is submitted to the server. If set to true, then the scan request is submitted to the server only when changes are detected in the Open Source Bill of Materials If the flag is set to false, then the scan request is submitted to server regardless of any changes. For more details please refer to the [documentation](https://github.com/blackducksoftware/detect_rescan/blob/master/README.md)")
-	cmd.Flags().StringSliceVar(&stepConfig.CustomEnvironmentVariables, "customEnvironmentVariables", []string{}, "A list of environment variables which can be set to prepare the environment to run a BlackDuck scan.")
+	cmd.Flags().StringSliceVar(&stepConfig.CustomEnvironmentVariables, "customEnvironmentVariables", []string{}, "A list of environment variables which can be set to prepare the environment to run a BlackDuck scan. This includes a list of environment variables defined by Synopsys. The full list can be found [here](https://synopsys.atlassian.net/wiki/spaces/IA/pages/1562214619/Shell+Script+Reference+6.9.0) This list affects the detect script downloaded while running the scan. By default detect7.sh will be used. To continue using detect6, please use DETECT_LATEST_RELEASE_VERSION and set it to a valid value defined [here](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=releasenotes.html&_LANG=enus)")
 
 	cmd.MarkFlagRequired("token")
 	cmd.MarkFlagRequired("projectName")

cmd/detectExecuteScan_test.go

@@ -22,6 +22,7 @@ type detectTestUtilsBundle struct {
 	downloadedFiles map[string]string // src, dest
 	*mock.ShellMockRunner
 	*mock.FilesMock
+	customEnv []string
 }
 
 type httpMockClient struct {
@@ -165,6 +166,10 @@ func (c *detectTestUtilsBundle) SetOptions(piperhttp.ClientOptions) {
 
 }
 
+func (c *detectTestUtilsBundle) GetOsEnv() []string {
+	return c.customEnv
+}
+
 func (c *detectTestUtilsBundle) DownloadFile(url, filename string, _ http.Header, _ []*http.Cookie) error {
 
 	if c.expectedError != nil {
@@ -194,6 +199,24 @@ func TestRunDetect(t *testing.T) {
 		utilsMock.AddFile("detect.sh", []byte(""))
 		err := runDetect(detectExecuteScanOptions{}, utilsMock, &detectExecuteScanInflux{})
 
+		assert.Equal(t, utilsMock.downloadedFiles["https://detect.synopsys.com/detect7.sh"], "detect.sh")
+		assert.True(t, utilsMock.HasRemovedFile("detect.sh"))
+		assert.NoError(t, err)
+		assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
+		assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
+		expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" \"--detect.code.location.name=''\" --detect.source.path='.'"
+		assert.Equal(t, expectedScript, utilsMock.Calls[0])
+	})
+
+	t.Run("success case detect 6", func(t *testing.T) {
+		t.Parallel()
+		utilsMock := newDetectTestUtilsBundle()
+		utilsMock.AddFile("detect.sh", []byte(""))
+		options := detectExecuteScanOptions{
+			CustomEnvironmentVariables: []string{"DETECT_LATEST_RELEASE_VERSION=6.8.0"},
+		}
+		err := runDetect(options, utilsMock, &detectExecuteScanInflux{})
+
 		assert.Equal(t, utilsMock.downloadedFiles["https://detect.synopsys.com/detect.sh"], "detect.sh")
 		assert.True(t, utilsMock.HasRemovedFile("detect.sh"))
 		assert.NoError(t, err)
@@ -202,28 +225,23 @@ func TestRunDetect(t *testing.T) {
 		expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" \"--detect.code.location.name=''\" --detect.source.path='.'"
 		assert.Equal(t, expectedScript, utilsMock.Calls[0])
 	})
-	//Creation of report is covered in the test case for postScanChecks
-	/*
-		t.Run("success case - with report", func(t *testing.T) {
-			t.Parallel()
-			utilsMock := newDetectTestUtilsBundle()
-			utilsMock.AddFile("detect.sh", []byte(""))
-			utilsMock.AddFile("my_BlackDuck_RiskReport.pdf", []byte(""))
-			err := runDetect(detectExecuteScanOptions{FailOn: []string{"BLOCKER"}}, utilsMock, &detectExecuteScanInflux{})
 
-			assert.Equal(t, utilsMock.downloadedFiles["https://detect.synopsys.com/detect.sh"], "detect.sh")
-			assert.True(t, utilsMock.HasRemovedFile("detect.sh"))
-			assert.NoError(t, err)
-			assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
-			assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
-			expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" --detect.policy.check.fail.on.severities=BLOCKER \"--detect.code.location.name=''\" --detect.source.path='.'"
-			assert.Equal(t, expectedScript, utilsMock.Calls[0])
+	t.Run("success case detect 6 from OS env", func(t *testing.T) {
+		t.Parallel()
+		utilsMock := newDetectTestUtilsBundle()
+		utilsMock.AddFile("detect.sh", []byte(""))
+		utilsMock.customEnv = []string{"DETECT_LATEST_RELEASE_VERSION=6.8.0"}
+		err := runDetect(detectExecuteScanOptions{}, utilsMock, &detectExecuteScanInflux{})
+
+		assert.Equal(t, utilsMock.downloadedFiles["https://detect.synopsys.com/detect.sh"], "detect.sh")
+		assert.True(t, utilsMock.HasRemovedFile("detect.sh"))
+		assert.NoError(t, err)
+		assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
+		assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
+		expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" \"--detect.code.location.name=''\" --detect.source.path='.'"
+		assert.Equal(t, expectedScript, utilsMock.Calls[0])
+	})
 
-			content, err := utilsMock.FileRead("blackduck-ip.json")
-			assert.NoError(t, err)
-			assert.Contains(t, string(content), `"policyViolations":0`)
-		})
-	*/
 	t.Run("failure case", func(t *testing.T) {
 		t.Parallel()
 		utilsMock := newDetectTestUtilsBundle()

pkg/command/command.go

@@ -65,6 +65,10 @@ func (c *Command) AppendEnv(env []string) {
 	c.env = append(c.env, env...)
 }
 
+func (c *Command) GetOsEnv() []string {
+	return os.Environ()
+}
+
 // Stdin ..
 func (c *Command) Stdin(stdin io.Reader) {
 	c.stdin = stdin

resources/metadata/detectExecuteScan.yaml

@@ -295,7 +295,10 @@ spec:
           - STEPS
       - name: customEnvironmentVariables
         description:
-          "A list of environment variables which can be set to prepare the environment to run a BlackDuck scan."
+          "A list of environment variables which can be set to prepare the environment to run a BlackDuck scan. This includes a list of environment variables defined by
+          Synopsys. The full list can be found [here](https://synopsys.atlassian.net/wiki/spaces/IA/pages/1562214619/Shell+Script+Reference+6.9.0)
+          This list affects the detect script downloaded while running the scan. By default detect7.sh will be used. To continue using detect6, please use DETECT_LATEST_RELEASE_VERSION and set it to a valid value
+          defined [here](https://community.synopsys.com/s/document-item?bundleId=integrations-detect&topicId=releasenotes.html&_LANG=enus)"
         type: "[]string"
         scope:
           - PARAMETERS