mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-14 11:03:09 +02:00
feat(fortify): Added a check for fortify binary in $PATH (#3925)
* added check for fortifyupdate and sourceanalyzer bin Co-authored-by: sumeet patil <sumeet.patil@sap.com>
This commit is contained in:
parent
73f7d61743
commit
aa41641d41
@ -7,6 +7,7 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"math"
|
"math"
|
||||||
"os"
|
"os"
|
||||||
|
"os/exec"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"regexp"
|
"regexp"
|
||||||
"runtime"
|
"runtime"
|
||||||
@ -107,6 +108,8 @@ const (
|
|||||||
classpathFileName = "fortify-execute-scan-cp.txt"
|
classpathFileName = "fortify-execute-scan-cp.txt"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var execInPath = exec.LookPath
|
||||||
|
|
||||||
func fortifyExecuteScan(config fortifyExecuteScanOptions, telemetryData *telemetry.CustomData, influx *fortifyExecuteScanInflux) {
|
func fortifyExecuteScan(config fortifyExecuteScanOptions, telemetryData *telemetry.CustomData, influx *fortifyExecuteScanInflux) {
|
||||||
// TODO provide parameter for trusted certs
|
// TODO provide parameter for trusted certs
|
||||||
ctx, client, err := piperGithub.NewClient(config.GithubToken, config.GithubAPIURL, "", []string{})
|
ctx, client, err := piperGithub.NewClient(config.GithubToken, config.GithubAPIURL, "", []string{})
|
||||||
@ -145,6 +148,13 @@ func determineArtifact(config fortifyExecuteScanOptions, utils fortifyUtils) (ve
|
|||||||
func runFortifyScan(ctx context.Context, config fortifyExecuteScanOptions, sys fortify.System, utils fortifyUtils, telemetryData *telemetry.CustomData, influx *fortifyExecuteScanInflux, auditStatus map[string]string) ([]piperutils.Path, error) {
|
func runFortifyScan(ctx context.Context, config fortifyExecuteScanOptions, sys fortify.System, utils fortifyUtils, telemetryData *telemetry.CustomData, influx *fortifyExecuteScanInflux, auditStatus map[string]string) ([]piperutils.Path, error) {
|
||||||
var reports []piperutils.Path
|
var reports []piperutils.Path
|
||||||
log.Entry().Debugf("Running Fortify scan against SSC at %v", config.ServerURL)
|
log.Entry().Debugf("Running Fortify scan against SSC at %v", config.ServerURL)
|
||||||
|
executable_list := []string{"fortifyupdate", "sourceanalyzer"}
|
||||||
|
for _, exec := range executable_list {
|
||||||
|
_, err := execInPath(exec)
|
||||||
|
if err != nil {
|
||||||
|
return reports, fmt.Errorf("ERROR , command not found: %v. Please configure a supported docker image or install Fortify SCA on the system.", exec)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if config.BuildTool == "maven" && config.InstallArtifacts {
|
if config.BuildTool == "maven" && config.InstallArtifacts {
|
||||||
err := maven.InstallMavenArtifacts(&maven.EvaluateOptions{
|
err := maven.InstallMavenArtifacts(&maven.EvaluateOptions{
|
||||||
|
@ -62,6 +62,31 @@ func newFortifyTestUtilsBundle() fortifyTestUtilsBundle {
|
|||||||
}
|
}
|
||||||
return utilsBundle
|
return utilsBundle
|
||||||
}
|
}
|
||||||
|
func mockExecinPath(exec string) (string, error) {
|
||||||
|
executable_list := []string{"fortifyupdate", "sourceanalyzer"}
|
||||||
|
for _, exec := range executable_list {
|
||||||
|
if exec == "fortifyupdate" || exec == "sourceanalyzer" {
|
||||||
|
return "/" + exec, nil
|
||||||
|
} else {
|
||||||
|
err_string := fmt.Sprintf("ERROR , command not found: %s. Please configure a supported docker image or install Fortify SCA on the system.", exec)
|
||||||
|
return "", errors.New(err_string)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return "", nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func failMockExecinPathfortifyupdate(exec string) (string, error) {
|
||||||
|
if exec == "fortifyupdate" {
|
||||||
|
return "", errors.New("ERROR , command not found: fortifyupdate. Please configure a supported docker image or install Fortify SCA on the system.")
|
||||||
|
}
|
||||||
|
return "/fortifyupdate", nil
|
||||||
|
}
|
||||||
|
func failMockExecinPathsourceanalyzer(exec string) (string, error) {
|
||||||
|
if exec == "sourceanalyzer" {
|
||||||
|
return "", errors.New("ERROR , command not found: sourceanalyzer. Please configure a supported docker image or install Fortify SCA on the system.")
|
||||||
|
}
|
||||||
|
return "/sourceanalyzer", nil
|
||||||
|
}
|
||||||
|
|
||||||
type artifactMock struct {
|
type artifactMock struct {
|
||||||
Coordinates versioning.Coordinates
|
Coordinates versioning.Coordinates
|
||||||
@ -429,6 +454,33 @@ func TestDetermineArtifact(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestFailFortifyexecinPath(t *testing.T) {
|
||||||
|
t.Run("Testing if fortifyupdate in $PATH or not", func(t *testing.T) {
|
||||||
|
ff := fortifyMock{}
|
||||||
|
ctx := context.Background()
|
||||||
|
utils := newFortifyTestUtilsBundle()
|
||||||
|
influx := fortifyExecuteScanInflux{}
|
||||||
|
auditStatus := map[string]string{}
|
||||||
|
execInPath = failMockExecinPathfortifyupdate
|
||||||
|
config := fortifyExecuteScanOptions{SpotCheckMinimum: 4, MustAuditIssueGroups: "Audit All, Corporate Security Requirements", SpotAuditIssueGroups: "Spot Checks of Each Category"}
|
||||||
|
_, err := runFortifyScan(ctx, config, &ff, &utils, nil, &influx, auditStatus)
|
||||||
|
assert.EqualError(t, err, "ERROR , command not found: fortifyupdate. Please configure a supported docker image or install Fortify SCA on the system.")
|
||||||
|
|
||||||
|
})
|
||||||
|
t.Run("Testing if sourceanalyzer in $PATH or not", func(t *testing.T) {
|
||||||
|
ff := fortifyMock{}
|
||||||
|
ctx := context.Background()
|
||||||
|
utils := newFortifyTestUtilsBundle()
|
||||||
|
influx := fortifyExecuteScanInflux{}
|
||||||
|
auditStatus := map[string]string{}
|
||||||
|
execInPath = failMockExecinPathsourceanalyzer
|
||||||
|
config := fortifyExecuteScanOptions{SpotCheckMinimum: 4, MustAuditIssueGroups: "Audit All, Corporate Security Requirements", SpotAuditIssueGroups: "Spot Checks of Each Category"}
|
||||||
|
_, err := runFortifyScan(ctx, config, &ff, &utils, nil, &influx, auditStatus)
|
||||||
|
assert.EqualError(t, err, "ERROR , command not found: sourceanalyzer. Please configure a supported docker image or install Fortify SCA on the system.")
|
||||||
|
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func TestExecutions(t *testing.T) {
|
func TestExecutions(t *testing.T) {
|
||||||
type parameterTestData struct {
|
type parameterTestData struct {
|
||||||
nameOfRun string
|
nameOfRun string
|
||||||
@ -464,6 +516,7 @@ func TestExecutions(t *testing.T) {
|
|||||||
utils := newFortifyTestUtilsBundle()
|
utils := newFortifyTestUtilsBundle()
|
||||||
influx := fortifyExecuteScanInflux{}
|
influx := fortifyExecuteScanInflux{}
|
||||||
auditStatus := map[string]string{}
|
auditStatus := map[string]string{}
|
||||||
|
execInPath = mockExecinPath
|
||||||
reports, _ := runFortifyScan(ctx, data.config, &ff, &utils, nil, &influx, auditStatus)
|
reports, _ := runFortifyScan(ctx, data.config, &ff, &utils, nil, &influx, auditStatus)
|
||||||
if len(data.expectedReports) != data.expectedReportsLength {
|
if len(data.expectedReports) != data.expectedReportsLength {
|
||||||
assert.Fail(t, fmt.Sprintf("Wrong number of reports detected, expected %v, actual %v", data.expectedReportsLength, len(data.expectedReports)))
|
assert.Fail(t, fmt.Sprintf("Wrong number of reports detected, expected %v, actual %v", data.expectedReportsLength, len(data.expectedReports)))
|
||||||
|
Loading…
Reference in New Issue
Block a user