jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-12 10:55:20 +02:00
Code Issues Releases Activity

fix(detect): Scanonchanges : bug fix for escaping spaces in parameters (#2561)

Browse Source 
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code

* add the the scanOnChanges parameter to detect

* fix codeclimate issue

* updated detect.yaml

* bug fix for parameters with quoting spaces

* add additional test case

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
This commit is contained in:
Giridhar Shenoy 2021-02-02 15:43:12 +01:00 committed by GitHub
parent b7754437b3
commit 2b56e8594e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 73 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/detectExecuteScan.go
View File

@ -145,12 +145,12 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
args = append(args, fmt.Sprintf("--blackduck.api.token=%v", config.Token))
// ProjectNames, VersionName, GroupName etc can contain spaces and need to be escaped using double quotes in CLI
// Hence the string need to be surrounded by \"
args = append(args, fmt.Sprintf("--detect.project.name=\\\"%v\\\"", config.ProjectName))
args = append(args, fmt.Sprintf("--detect.project.version.name=\\\"%v\\\"", detectVersionName))
args = append(args, fmt.Sprintf("\"--detect.project.name='%v'\"", config.ProjectName))
args = append(args, fmt.Sprintf("\"--detect.project.version.name='%v'\"", detectVersionName))
// Groups parameter is added only when there is atleast one non-empty groupname provided
if len(config.Groups) > 0 && len(config.Groups[0]) > 0 {
args = append(args, fmt.Sprintf("--detect.project.user.groups=\\\"%v\\\"", strings.Join(config.Groups, "\\\",\\\"")))
args = append(args, fmt.Sprintf("\"--detect.project.user.groups='%v'\"", strings.Join(config.Groups, ",")))
}
// Atleast 1, non-empty category to fail on must be provided
@ -162,7 +162,7 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
if len(codeLocation) == 0 && len(config.ProjectName) > 0 {
codeLocation = fmt.Sprintf("%v/%v", config.ProjectName, detectVersionName)
}
args = append(args, fmt.Sprintf("--detect.code.location.name=\\\"%v\\\"", codeLocation))
args = append(args, fmt.Sprintf("\"--detect.code.location.name='%v'\"", codeLocation))
if len(config.ScanPaths) > 0 && len(config.ScanPaths[0]) > 0 {
args = append(args, fmt.Sprintf("--detect.blackduck.signature.scanner.paths=%v", strings.Join(config.ScanPaths, ",")))

98
cmd/detectExecuteScan_test.go
View File

@ -62,14 +62,14 @@ func TestRunDetect(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= --detect.project.name=\\\"\\\" --detect.project.version.name=\\\"\\\" --detect.code.location.name=\\\"\\\" --detect.source.path='.'"
expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" \"--detect.code.location.name=''\" --detect.source.path='.'"
assert.Equal(t, expectedScript, utilsMock.Calls[0])
})
t.Run("failure case", func(t *testing.T) {
t.Parallel()
utilsMock := newDetectTestUtilsBundle()
utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --blackduck.url= --blackduck.api.token= --detect.project.name=\\\"\\\" --detect.project.version.name=\\\"\\\" --detect.code.location.name=\\\"\\\" --detect.source.path='.'": fmt.Errorf("Test Error")}
utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=''\" \"--detect.project.version.name=''\" \"--detect.code.location.name=''\" --detect.source.path='.'": fmt.Errorf("Test Error")}
utilsMock.AddFile("detect.sh", []byte(""))
err := runDetect(detectExecuteScanOptions{}, utilsMock)
assert.EqualError(t, err, "Test Error")
@ -123,9 +123,9 @@ func TestAddDetectArgs(t *testing.T) {
"--scan2=2",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"--detect.project.name=\\\"testName\\\"",
"--detect.project.version.name=\\\"1.0\\\"",
"--detect.code.location.name=\\\"testName/1.0\\\"",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.code.location.name='testName/1.0'\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
},
@ -148,11 +148,11 @@ func TestAddDetectArgs(t *testing.T) {
"--testProp1=1",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"--detect.project.name=\\\"testName\\\"",
"--detect.project.version.name=\\\"1.0\\\"",
"--detect.project.user.groups=\\\"testGroup\\\"",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup'\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"--detect.code.location.name=\\\"testLocation\\\"",
"\"--detect.code.location.name='testLocation'\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
},
@ -175,11 +175,11 @@ func TestAddDetectArgs(t *testing.T) {
"--testProp1=1",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"--detect.project.name=\\\"testName\\\"",
"--detect.project.version.name=\\\"1.0\\\"",
"--detect.project.user.groups=\\\"testGroup\\\",\\\"testGroup2\\\"",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"--detect.code.location.name=\\\"testLocation\\\"",
"\"--detect.code.location.name='testLocation'\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path='.'",
},
@ -203,11 +203,11 @@ func TestAddDetectArgs(t *testing.T) {
"--testProp1=1",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"--detect.project.name=\\\"testName\\\"",
"--detect.project.version.name=\\\"1.0\\\"",
"--detect.project.user.groups=\\\"testGroup\\\",\\\"testGroup2\\\"",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"--detect.code.location.name=\\\"testLocation\\\"",
"\"--detect.code.location.name='testLocation'\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
},
@ -232,11 +232,11 @@ func TestAddDetectArgs(t *testing.T) {
"--testProp1=1",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"--detect.project.name=\\\"testName\\\"",
"--detect.project.version.name=\\\"1.0\\\"",
"--detect.project.user.groups=\\\"testGroup\\\",\\\"testGroup2\\\"",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"--detect.code.location.name=\\\"testLocation\\\"",
"\"--detect.code.location.name='testLocation'\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
"--detect.project.codelocation.unmap=true",
@ -266,11 +266,11 @@ func TestAddDetectArgs(t *testing.T) {
"--testProp1=1",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"--detect.project.name=\\\"testName\\\"",
"--detect.project.version.name=\\\"1.0\\\"",
"--detect.project.user.groups=\\\"testGroup\\\",\\\"testGroup2\\\"",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"--detect.code.location.name=\\\"testLocation\\\"",
"\"--detect.code.location.name='testLocation'\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
"--detect.project.codelocation.unmap=true",
@ -306,11 +306,51 @@ func TestAddDetectArgs(t *testing.T) {
"--report",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"--detect.project.name=\\\"testName\\\"",
"--detect.project.version.name=\\\"1.0\\\"",
"--detect.project.user.groups=\\\"testGroup\\\",\\\"testGroup2\\\"",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"--detect.code.location.name=\\\"testLocation\\\"",
"\"--detect.code.location.name='testLocation'\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
"--detect.project.codelocation.unmap=true",
"--detect.included.detector.types=MAVEN,GRADLE",
"--detect.excluded.detector.types=NPM,NUGET",
"--detect.maven.excluded.scopes=test,compile",
"--detect.tools=DETECTOR",
},
},
{
args: []string{"--testProp1=1"},
options: detectExecuteScanOptions{
ServerURL: "https://server.url",
Token: "apiToken",
ProjectName: "testName",
CodeLocation: "testLocation",
FailOn: []string{"BLOCKER", "MAJOR"},
Scanners: []string{"source"},
ScanPaths: []string{"path1", "path2"},
Groups: []string{"testGroup", "testGroup2"},
Version: "1.0",
VersioningModel: "major-minor",
DependencyPath: "pathx",
Unmap: true,
IncludedPackageManagers: []string{"maven", "GRADLE"},
ExcludedPackageManagers: []string{"npm", "NUGET"},
MavenExcludedScopes: []string{"TEST", "compile"},
DetectTools: []string{"DETECTOR"},
ScanOnChanges: true,
},
expected: []string{
"--testProp1=1",
"--report",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name='testName'\"",
"\"--detect.project.version.name='1.0'\"",
"\"--detect.project.user.groups='testGroup,testGroup2'\"",
"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
"\"--detect.code.location.name='testLocation'\"",
"--detect.blackduck.signature.scanner.paths=path1,path2",
"--detect.source.path=pathx",
"--detect.project.codelocation.unmap=true",