jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-12 10:55:20 +02:00
Code Issues Releases Activity

fix(codeqlExecuteScan): checkForComplaince flag refactoring (#4344)

Browse Source
This commit is contained in:
sumeet patil 2023-05-03 12:29:04 +02:00 committed by GitHub
parent 70b09d6868
commit 70ed56b22d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
cmd/codeqlExecuteScan.go
View File

@ -280,30 +280,27 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
return reports, err
}
codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(config.GithubAPIURL, repoInfo.owner, repoInfo.repo, token, []string{})
scanResults, err := codeqlScanAuditInstance.GetVulnerabilities(repoInfo.ref)
if err != nil {
return reports, errors.Wrap(err, "failed to get scan results")
}
unaudited := (scanResults.Total - scanResults.Audited)
if unaudited > config.VulnerabilityThresholdTotal {
msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.ref, unaudited, config.VulnerabilityThresholdTotal)
if config.CheckForCompliance {
if config.CheckForCompliance {
codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(config.GithubAPIURL, repoInfo.owner, repoInfo.repo, token, []string{})
scanResults, err := codeqlScanAuditInstance.GetVulnerabilities(repoInfo.ref)
if err != nil {
return reports, errors.Wrap(err, "failed to get scan results")
}
unaudited := (scanResults.Total - scanResults.Audited)
if unaudited > config.VulnerabilityThresholdTotal {
msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.ref, unaudited, config.VulnerabilityThresholdTotal)
return reports, errors.Errorf(msg)
}
log.Entry().Warning(msg)
}
codeqlAudit := codeql.CodeqlAudit{ToolName: "codeql", RepositoryUrl: repoUrl, CodeScanningLink: repoCodeqlScanUrl, RepositoryReferenceUrl: repoReference, ScanResults: scanResults}
paths, err := codeql.WriteJSONReport(codeqlAudit, config.ModulePath)
if err != nil {
return reports, errors.Wrap(err, "failed to write json compliance report")
}
codeqlAudit := codeql.CodeqlAudit{ToolName: "codeql", RepositoryUrl: repoUrl, CodeScanningLink: repoCodeqlScanUrl, RepositoryReferenceUrl: repoReference, ScanResults: scanResults}
paths, err := codeql.WriteJSONReport(codeqlAudit, config.ModulePath)
if err != nil {
return reports, errors.Wrap(err, "failed to write json compliance report")
reports = append(reports, paths...)
}
reports = append(reports, paths...)
}
toolRecordFileName, err := createAndPersistToolRecord(utils, repoInfo, repoReference, repoUrl, repoCodeqlScanUrl)

4
cmd/codeqlExecuteScan_test.go
View File

@ -42,8 +42,8 @@ func TestRunCodeqlExecuteScan(t *testing.T) {
assert.Error(t, err)
})
t.Run("Upload results fails as repository not specified", func(t *testing.T) {
config := codeqlExecuteScanOptions{BuildTool: "maven", ModulePath: "./", UploadResults: true, GithubToken: "test"}
t.Run("Check for compliace fails as repository not specified", func(t *testing.T) {
config := codeqlExecuteScanOptions{BuildTool: "maven", ModulePath: "./", UploadResults: true, GithubToken: "test", CheckForCompliance: true}
_, err := runCodeqlExecuteScan(&config, nil, newCodeqlExecuteScanTestsUtils())
assert.Error(t, err)
})