Merge branch 'master' into phgermanov/handle-invalid-json-chars

2025-09-16 09:26:22 +02:00 · 2025-08-12 14:54:10 +03:00
parent a1d64c456f 48180028e9
commit 2a35d06d8d
5 changed files with 61 additions and 8 deletions
--- a/cmd/detectExecuteScan.go
+++ b/cmd/detectExecuteScan.go
@@ -443,19 +443,18 @@ func exitCodeMapping(exitCodeKey int) string {

 func getDetectScript(config detectExecuteScanOptions, utils detectUtils) error {
 	if config.ScanOnChanges {
-		log.Entry().Infof("The scanOnChanges option is deprecated")
+		log.Entry().Info("The scanOnChanges option is deprecated")
 	}

 	log.Entry().Infof("Downloading Detect Script")

 	downloadScript := func() error {
 		if config.UseDetect8 {
-			return utils.DownloadFile("https://detect.blackduck.com/detect8.sh", "detect.sh", nil, nil)
+			log.Entry().Warn("The useDetect8 option is deprecated")
 		} else if config.UseDetect9 {
 			return utils.DownloadFile("https://detect.blackduck.com/detect9.sh", "detect.sh", nil, nil)
 		}
 		return utils.DownloadFile("https://detect.blackduck.com/detect10.sh", "detect.sh", nil, nil)
-
 	}

 	if err := downloadScript(); err != nil {
--- a/cmd/detectExecuteScan_generated.go
+++ b/cmd/detectExecuteScan_generated.go
@@ -355,7 +355,7 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan
 	cmd.Flags().StringVar(&stepConfig.RegistryURL, "registryUrl", os.Getenv("PIPER_registryUrl"), "Used accessing for the images to be scanned (typically filled by CPE)")
 	cmd.Flags().StringVar(&stepConfig.RepositoryUsername, "repositoryUsername", os.Getenv("PIPER_repositoryUsername"), "Used accessing for the images to be scanned (typically filled by CPE)")
 	cmd.Flags().StringVar(&stepConfig.RepositoryPassword, "repositoryPassword", os.Getenv("PIPER_repositoryPassword"), "Used accessing for the images to be scanned (typically filled by CPE)")
-	cmd.Flags().BoolVar(&stepConfig.UseDetect8, "useDetect8", false, "This flag enables the use of the supported version 8 of the Detect script instead of default version 10")
+	cmd.Flags().BoolVar(&stepConfig.UseDetect8, "useDetect8", false, "DEPRECATED: This flag enables the use of the supported version 8 of the Detect script instead of default version 10")
 	cmd.Flags().BoolVar(&stepConfig.UseDetect9, "useDetect9", false, "This flag enables the use of the supported version 9 of the Detect script instead of default version 10")
 	cmd.Flags().BoolVar(&stepConfig.ContainerScan, "containerScan", false, "When set to true, Container Scanning will be used instead of Docker Inspector as the Detect tool for scanning images, and all other detect tools will be ignored in the scan")

@@ -946,7 +946,7 @@ func detectExecuteScanMetadata() config.StepData {
 						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
 						Type:        "bool",
 						Mandatory:   false,
-						Aliases:     []config.Alias{{Name: "detect/useDetect8"}},
+						Aliases:     []config.Alias{{Name: "detect/useDetect8", Deprecated: true}},
 						Default:     false,
 					},
 					{
--- a/pkg/events/events.go
+++ b/pkg/events/events.go
@@ -1,6 +1,7 @@
 package events

 import (
+	"bytes"
 	"encoding/json"
 	"time"

@@ -78,6 +79,16 @@ func (e Event) ToBytes() ([]byte, error) {
 	return data, nil
 }

+func (e *Event) ToBytesWithoutEscapeHTML() ([]byte, error) {
+	var buf bytes.Buffer
+	encoder := json.NewEncoder(&buf)
+	encoder.SetEscapeHTML(false) // disable escaping
+	if err := encoder.Encode(e.cloudEvent); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
 func (e *Event) AddToCloudEventData(additionalDataString string) error {
 	if additionalDataString == "" {
 		return nil
--- a/pkg/events/events_test.go
+++ b/pkg/events/events_test.go
@@ -5,6 +5,8 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
+
+	cloudevents "github.com/cloudevents/sdk-go/v2"
 )

 func TestEventCreation(t *testing.T) {
@@ -36,7 +38,11 @@ func TestEventCreation(t *testing.T) {
 		event.AddToCloudEventData(additionalData)
 		// asserts
 		assert.NoError(t, err)
-		assert.Equal(t, string(event.cloudEvent.Data()), `{"additionalKey":"additionalValue","testKey":"testValue"}`)
+		assert.Equal(
+			t,
+			string(event.cloudEvent.Data()),
+			`{"additionalKey":"additionalValue","testKey":"testValue"}`,
+		)
 	})
 }

@@ -52,5 +58,40 @@ func TestGetUUID(t *testing.T) {
 	if uuid != uuid2 {
 		t.Fatalf("expected the same UUID but got different ones")
 	}
-
+}
+
+func TestSkipEscapeForHTML(t *testing.T) {
+	event := cloudevents.NewEvent()
+	event.SetSource("test/source")
+	event.SetType("test.type")
+	event.SetID("fixed-id-1234")
+
+	event.SetData(cloudevents.ApplicationJSON, map[string]string{
+		"message": "Hello & welcome",
+	})
+
+	eventWrapper := Event{
+		cloudEvent: event,
+	}
+	result, err := eventWrapper.ToBytesWithoutEscapeHTML()
+
+	got := string(result)
+
+	expected := `{
+	  "specversion": "1.0",
+	"type": "test.type",
+	"source": "test/source",
+	"id": "fixed-id-1234",
+	"datacontenttype": "application/json",
+	"data": {
+			"message": "Hello & welcome"
+		}
+	}
+	`
+	assert.NoError(t, err)
+	assert.JSONEq(
+		t,
+		expected,
+		got,
+	)
 }
--- a/resources/metadata/detectExecuteScan.yaml
+++ b/resources/metadata/detectExecuteScan.yaml
@@ -644,15 +644,17 @@ spec:
            param: container/repositoryPassword
      - name: useDetect8
        description:
-          "This flag enables the use of the supported version 8 of the Detect script instead of default version 10"
+          "DEPRECATED: This flag enables the use of the supported version 8 of the Detect script instead of default version 10"
        aliases:
          - name: detect/useDetect8
+            deprecated: true
        type: bool
        scope:
          - PARAMETERS
          - STAGES
          - STEPS
        default: false
+        deprecated: true
      - name: useDetect9
        description:
          "This flag enables the use of the supported version 9 of the Detect script instead of default version 10"