diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go index b2bdf6582..35d02d7e9 100644 --- a/cmd/detectExecuteScan.go +++ b/cmd/detectExecuteScan.go @@ -443,19 +443,18 @@ func exitCodeMapping(exitCodeKey int) string { func getDetectScript(config detectExecuteScanOptions, utils detectUtils) error { if config.ScanOnChanges { - log.Entry().Infof("The scanOnChanges option is deprecated") + log.Entry().Info("The scanOnChanges option is deprecated") } log.Entry().Infof("Downloading Detect Script") downloadScript := func() error { if config.UseDetect8 { - return utils.DownloadFile("https://detect.blackduck.com/detect8.sh", "detect.sh", nil, nil) + log.Entry().Warn("The useDetect8 option is deprecated") } else if config.UseDetect9 { return utils.DownloadFile("https://detect.blackduck.com/detect9.sh", "detect.sh", nil, nil) } return utils.DownloadFile("https://detect.blackduck.com/detect10.sh", "detect.sh", nil, nil) - } if err := downloadScript(); err != nil { diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go index 357f3a410..b88624b7c 100644 --- a/cmd/detectExecuteScan_generated.go +++ b/cmd/detectExecuteScan_generated.go @@ -355,7 +355,7 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan cmd.Flags().StringVar(&stepConfig.RegistryURL, "registryUrl", os.Getenv("PIPER_registryUrl"), "Used accessing for the images to be scanned (typically filled by CPE)") cmd.Flags().StringVar(&stepConfig.RepositoryUsername, "repositoryUsername", os.Getenv("PIPER_repositoryUsername"), "Used accessing for the images to be scanned (typically filled by CPE)") cmd.Flags().StringVar(&stepConfig.RepositoryPassword, "repositoryPassword", os.Getenv("PIPER_repositoryPassword"), "Used accessing for the images to be scanned (typically filled by CPE)") - cmd.Flags().BoolVar(&stepConfig.UseDetect8, "useDetect8", false, "This flag enables the use of the supported version 8 of the Detect script instead of default version 10") + cmd.Flags().BoolVar(&stepConfig.UseDetect8, "useDetect8", false, "DEPRECATED: This flag enables the use of the supported version 8 of the Detect script instead of default version 10") cmd.Flags().BoolVar(&stepConfig.UseDetect9, "useDetect9", false, "This flag enables the use of the supported version 9 of the Detect script instead of default version 10") cmd.Flags().BoolVar(&stepConfig.ContainerScan, "containerScan", false, "When set to true, Container Scanning will be used instead of Docker Inspector as the Detect tool for scanning images, and all other detect tools will be ignored in the scan") @@ -946,7 +946,7 @@ func detectExecuteScanMetadata() config.StepData { Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "bool", Mandatory: false, - Aliases: []config.Alias{{Name: "detect/useDetect8"}}, + Aliases: []config.Alias{{Name: "detect/useDetect8", Deprecated: true}}, Default: false, }, { diff --git a/pkg/events/events.go b/pkg/events/events.go index ed95f1026..71fcc5068 100644 --- a/pkg/events/events.go +++ b/pkg/events/events.go @@ -1,6 +1,7 @@ package events import ( + "bytes" "encoding/json" "time" @@ -78,6 +79,16 @@ func (e Event) ToBytes() ([]byte, error) { return data, nil } +func (e *Event) ToBytesWithoutEscapeHTML() ([]byte, error) { + var buf bytes.Buffer + encoder := json.NewEncoder(&buf) + encoder.SetEscapeHTML(false) // disable escaping + if err := encoder.Encode(e.cloudEvent); err != nil { + return nil, err + } + return buf.Bytes(), nil +} + func (e *Event) AddToCloudEventData(additionalDataString string) error { if additionalDataString == "" { return nil diff --git a/pkg/events/events_test.go b/pkg/events/events_test.go index 4ab9a40bb..9e7b68d8d 100644 --- a/pkg/events/events_test.go +++ b/pkg/events/events_test.go @@ -5,6 +5,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" + + cloudevents "github.com/cloudevents/sdk-go/v2" ) func TestEventCreation(t *testing.T) { @@ -36,7 +38,11 @@ func TestEventCreation(t *testing.T) { event.AddToCloudEventData(additionalData) // asserts assert.NoError(t, err) - assert.Equal(t, string(event.cloudEvent.Data()), `{"additionalKey":"additionalValue","testKey":"testValue"}`) + assert.Equal( + t, + string(event.cloudEvent.Data()), + `{"additionalKey":"additionalValue","testKey":"testValue"}`, + ) }) } @@ -52,5 +58,40 @@ func TestGetUUID(t *testing.T) { if uuid != uuid2 { t.Fatalf("expected the same UUID but got different ones") } - +} + +func TestSkipEscapeForHTML(t *testing.T) { + event := cloudevents.NewEvent() + event.SetSource("test/source") + event.SetType("test.type") + event.SetID("fixed-id-1234") + + event.SetData(cloudevents.ApplicationJSON, map[string]string{ + "message": "Hello & welcome", + }) + + eventWrapper := Event{ + cloudEvent: event, + } + result, err := eventWrapper.ToBytesWithoutEscapeHTML() + + got := string(result) + + expected := `{ + "specversion": "1.0", + "type": "test.type", + "source": "test/source", + "id": "fixed-id-1234", + "datacontenttype": "application/json", + "data": { + "message": "Hello & welcome" + } + } + ` + assert.NoError(t, err) + assert.JSONEq( + t, + expected, + got, + ) } diff --git a/resources/metadata/detectExecuteScan.yaml b/resources/metadata/detectExecuteScan.yaml index 6c0ac8270..b7ae6df2a 100644 --- a/resources/metadata/detectExecuteScan.yaml +++ b/resources/metadata/detectExecuteScan.yaml @@ -644,15 +644,17 @@ spec: param: container/repositoryPassword - name: useDetect8 description: - "This flag enables the use of the supported version 8 of the Detect script instead of default version 10" + "DEPRECATED: This flag enables the use of the supported version 8 of the Detect script instead of default version 10" aliases: - name: detect/useDetect8 + deprecated: true type: bool scope: - PARAMETERS - STAGES - STEPS default: false + deprecated: true - name: useDetect9 description: "This flag enables the use of the supported version 9 of the Detect script instead of default version 10"