1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00

feat(fortify): Added a check for fortify binary in $PATH (#3925)

* added check for fortifyupdate and sourceanalyzer bin

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
This commit is contained in:
Vinayak S 2022-08-04 17:34:54 +05:30 committed by GitHub
parent 73f7d61743
commit aa41641d41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 63 additions and 0 deletions

View File

@ -7,6 +7,7 @@ import (
"io/ioutil" "io/ioutil"
"math" "math"
"os" "os"
"os/exec"
"path/filepath" "path/filepath"
"regexp" "regexp"
"runtime" "runtime"
@ -107,6 +108,8 @@ const (
classpathFileName = "fortify-execute-scan-cp.txt" classpathFileName = "fortify-execute-scan-cp.txt"
) )
var execInPath = exec.LookPath
func fortifyExecuteScan(config fortifyExecuteScanOptions, telemetryData *telemetry.CustomData, influx *fortifyExecuteScanInflux) { func fortifyExecuteScan(config fortifyExecuteScanOptions, telemetryData *telemetry.CustomData, influx *fortifyExecuteScanInflux) {
// TODO provide parameter for trusted certs // TODO provide parameter for trusted certs
ctx, client, err := piperGithub.NewClient(config.GithubToken, config.GithubAPIURL, "", []string{}) ctx, client, err := piperGithub.NewClient(config.GithubToken, config.GithubAPIURL, "", []string{})
@ -145,6 +148,13 @@ func determineArtifact(config fortifyExecuteScanOptions, utils fortifyUtils) (ve
func runFortifyScan(ctx context.Context, config fortifyExecuteScanOptions, sys fortify.System, utils fortifyUtils, telemetryData *telemetry.CustomData, influx *fortifyExecuteScanInflux, auditStatus map[string]string) ([]piperutils.Path, error) { func runFortifyScan(ctx context.Context, config fortifyExecuteScanOptions, sys fortify.System, utils fortifyUtils, telemetryData *telemetry.CustomData, influx *fortifyExecuteScanInflux, auditStatus map[string]string) ([]piperutils.Path, error) {
var reports []piperutils.Path var reports []piperutils.Path
log.Entry().Debugf("Running Fortify scan against SSC at %v", config.ServerURL) log.Entry().Debugf("Running Fortify scan against SSC at %v", config.ServerURL)
executable_list := []string{"fortifyupdate", "sourceanalyzer"}
for _, exec := range executable_list {
_, err := execInPath(exec)
if err != nil {
return reports, fmt.Errorf("ERROR , command not found: %v. Please configure a supported docker image or install Fortify SCA on the system.", exec)
}
}
if config.BuildTool == "maven" && config.InstallArtifacts { if config.BuildTool == "maven" && config.InstallArtifacts {
err := maven.InstallMavenArtifacts(&maven.EvaluateOptions{ err := maven.InstallMavenArtifacts(&maven.EvaluateOptions{

View File

@ -62,6 +62,31 @@ func newFortifyTestUtilsBundle() fortifyTestUtilsBundle {
} }
return utilsBundle return utilsBundle
} }
func mockExecinPath(exec string) (string, error) {
executable_list := []string{"fortifyupdate", "sourceanalyzer"}
for _, exec := range executable_list {
if exec == "fortifyupdate" || exec == "sourceanalyzer" {
return "/" + exec, nil
} else {
err_string := fmt.Sprintf("ERROR , command not found: %s. Please configure a supported docker image or install Fortify SCA on the system.", exec)
return "", errors.New(err_string)
}
}
return "", nil
}
func failMockExecinPathfortifyupdate(exec string) (string, error) {
if exec == "fortifyupdate" {
return "", errors.New("ERROR , command not found: fortifyupdate. Please configure a supported docker image or install Fortify SCA on the system.")
}
return "/fortifyupdate", nil
}
func failMockExecinPathsourceanalyzer(exec string) (string, error) {
if exec == "sourceanalyzer" {
return "", errors.New("ERROR , command not found: sourceanalyzer. Please configure a supported docker image or install Fortify SCA on the system.")
}
return "/sourceanalyzer", nil
}
type artifactMock struct { type artifactMock struct {
Coordinates versioning.Coordinates Coordinates versioning.Coordinates
@ -429,6 +454,33 @@ func TestDetermineArtifact(t *testing.T) {
}) })
} }
func TestFailFortifyexecinPath(t *testing.T) {
t.Run("Testing if fortifyupdate in $PATH or not", func(t *testing.T) {
ff := fortifyMock{}
ctx := context.Background()
utils := newFortifyTestUtilsBundle()
influx := fortifyExecuteScanInflux{}
auditStatus := map[string]string{}
execInPath = failMockExecinPathfortifyupdate
config := fortifyExecuteScanOptions{SpotCheckMinimum: 4, MustAuditIssueGroups: "Audit All, Corporate Security Requirements", SpotAuditIssueGroups: "Spot Checks of Each Category"}
_, err := runFortifyScan(ctx, config, &ff, &utils, nil, &influx, auditStatus)
assert.EqualError(t, err, "ERROR , command not found: fortifyupdate. Please configure a supported docker image or install Fortify SCA on the system.")
})
t.Run("Testing if sourceanalyzer in $PATH or not", func(t *testing.T) {
ff := fortifyMock{}
ctx := context.Background()
utils := newFortifyTestUtilsBundle()
influx := fortifyExecuteScanInflux{}
auditStatus := map[string]string{}
execInPath = failMockExecinPathsourceanalyzer
config := fortifyExecuteScanOptions{SpotCheckMinimum: 4, MustAuditIssueGroups: "Audit All, Corporate Security Requirements", SpotAuditIssueGroups: "Spot Checks of Each Category"}
_, err := runFortifyScan(ctx, config, &ff, &utils, nil, &influx, auditStatus)
assert.EqualError(t, err, "ERROR , command not found: sourceanalyzer. Please configure a supported docker image or install Fortify SCA on the system.")
})
}
func TestExecutions(t *testing.T) { func TestExecutions(t *testing.T) {
type parameterTestData struct { type parameterTestData struct {
nameOfRun string nameOfRun string
@ -464,6 +516,7 @@ func TestExecutions(t *testing.T) {
utils := newFortifyTestUtilsBundle() utils := newFortifyTestUtilsBundle()
influx := fortifyExecuteScanInflux{} influx := fortifyExecuteScanInflux{}
auditStatus := map[string]string{} auditStatus := map[string]string{}
execInPath = mockExecinPath
reports, _ := runFortifyScan(ctx, data.config, &ff, &utils, nil, &influx, auditStatus) reports, _ := runFortifyScan(ctx, data.config, &ff, &utils, nil, &influx, auditStatus)
if len(data.expectedReports) != data.expectedReportsLength { if len(data.expectedReports) != data.expectedReportsLength {
assert.Fail(t, fmt.Sprintf("Wrong number of reports detected, expected %v, actual %v", data.expectedReportsLength, len(data.expectedReports))) assert.Fail(t, fmt.Sprintf("Wrong number of reports detected, expected %v, actual %v", data.expectedReportsLength, len(data.expectedReports)))