Included comments refactored docu generation

documentation/bin/createDocu.groovy

@@ -93,7 +93,7 @@ class Helper {
         new GroovyClassLoader(classLoader, compilerConfig, true)
             .parseClass(new File(projectRoot, 'src/com/sap/piper/ConfigurationHelper.groovy'))
             .newInstance(script, [:]).loadStepDefaults()
-        }
+    }
 
     static getPrepareDefaultValuesStep(def gse) {
 
@@ -123,6 +123,7 @@ class Helper {
 
             def prepareDefaultValues() {
                 _prepareDefaultValuesStep()
+
             }
 
             def run() {
@@ -197,9 +198,10 @@ class Helper {
         boolean docu = false,
                 value = false,
                 mandatory = false,
+                parentObject = false,
                 docuEnd = false
 
-        def docuLines = [], valueLines = [], mandatoryLines = []
+        def docuLines = [], valueLines = [], mandatoryLines = [], parentObjectLines = []
 
         f.eachLine  {
             line ->
@@ -220,13 +222,17 @@ class Helper {
                         throw new RuntimeException('Cannot retrieve parameter for a comment')
                     }
 
+                    def _docu = [], _value = [], _mandatory = [], _parentObject = []
+                    docuLines.each { _docu << it  }
+                    valueLines.each { _value << it }
+                    mandatoryLines.each { _mandatory << it }
+                    parentObjectLines.each { _parentObject << it }
+                    _parentObject << param
+                    param = _parentObject*.trim().join('/').trim()
+
                     if(step.parameters[param].docu || step.parameters[param].value)
                         System.err << "[WARNING] There is already some documentation for parameter '${param}. Is this parameter documented twice?'\n"
 
-                    def _docu = [], _value = [], _mandatory = []
-                    docuLines.each { _docu << it  }
-                    valueLines.each { _value << it}
-                    mandatoryLines.each { _mandatory << it}
                     step.parameters[param].docu = _docu*.trim().join(' ').trim()
                     step.parameters[param].value = _value*.trim().join(' ').trim()
                     step.parameters[param].mandatory = _mandatory*.trim().join(' ').trim()
@@ -234,6 +240,7 @@ class Helper {
                 docuLines.clear()
                 valueLines.clear()
                 mandatoryLines.clear()
+                parentObjectLines.clear()
             }
 
             if( line.trim()  ==~ /^\/\*\*.*/ ) {
@@ -250,11 +257,19 @@ class Helper {
                 if(_line ==~ /.*@possibleValues.*/) {
                     mandatory = false // should be something like reset attributes
                     value = true
+                    parentObject = false
                 }
                 // some remark for mandatory e.g. some parameters are only mandatory under certain conditions
                 if(_line ==~ /.*@mandatory.*/) {
                     value = false // should be something like reset attributes ...
                     mandatory = true
+                    parentObject = false
+                }
+                // grouping config properties within a parent object for easier readability
+                if(_line ==~ /.*@parentConfigKey.*/) {
+                    value = false // should be something like reset attributes ...
+                    mandatory = false
+                    parentObject = true
                 }
 
                 if(value) {
@@ -271,7 +286,14 @@ class Helper {
                     }
                 }
 
-                if(! value && ! mandatory) {
+                if(parentObject) {
+                    if(_line) {
+                        _line = (_line =~ /.*@parentConfigKey\s*?(.*)/)[0][1]
+                        parentObjectLines << _line
+                    }
+                }
+
+                if(!value && !mandatory && !parentObject) {
                     docuLines << _line
                 }
             }
@@ -280,6 +302,7 @@ class Helper {
                 docu = false
                 value = false
                 mandatory = false
+                parentObject = false
                 docuEnd = true
             }
         }
@@ -312,14 +335,33 @@ class Helper {
         def params = [] as Set
         f.eachLine  {
             line ->
-            if( line ==~ /.*withMandatoryProperty.*/ ) {
+                if (line ==~ /.*withMandatoryProperty.*/) {
-                def param = (line =~ /.*withMandatoryProperty\('(.*)'/)[0][1]
+                    def param = (line =~ /.*withMandatoryProperty\('(.*)'/)[0][1]
-                params << param
+                    params << param
-            }
+                }
         }
         return params
     }
 
+    static getParentObjectMappings(File f) {
+        def mappings = [:]
+        def parentObjectKey = ''
+        f.eachLine  {
+            line ->
+                if (line ==~ /.*parentConfigKey.*/ && !parentObjectKey) {
+                    def param = (line =~ /.*parentConfigKey\s*?(.*)/)[0][1]
+                    parentObjectKey = param.trim()
+                } else if (line ==~ /\s*?(.*)[,]{0,1}/ && parentObjectKey) {
+                    def pName = retrieveParameterName(line)
+                    if(pName) {
+                        mappings.put(pName, parentObjectKey)
+                        parentObjectKey = ''
+                    }
+                }
+        }
+        return mappings
+    }
+
     static getValue(Map config, def pPath) {
         def p =config[pPath.head()]
         if(pPath.size() == 1) return p // there is no tail
@@ -530,6 +572,20 @@ def handleStep(stepName, prepareDefaultValuesStep, gse) {
 
     params.addAll(requiredParameters)
 
+    // translate parameter names according to compatibility annotations
+    def parentObjectMappings = Helper.getParentObjectMappings(theStep)
+    def compatibleParams = [] as Set
+    if(parentObjectMappings) {
+        params.each {
+                if (parentObjectMappings[it])
+                    compatibleParams.add(parentObjectMappings[it] + '/' + it)
+                else
+                    compatibleParams.add(it)
+        }
+        if (compatibleParams)
+            params = compatibleParams
+    }
+
     def step = [parameters:[:]]
 
     //
@@ -562,14 +618,14 @@ def handleStep(stepName, prepareDefaultValuesStep, gse) {
                                             required: requiredParameters.contains((it as String)) && defaultValue == null
                                         ]
 
-        step.parameters.put(it, parameterProperties)
+            step.parameters.put(it, parameterProperties)
 
-        // The scope is only defined for the first level of a hierarchical configuration.
+            // The scope is only defined for the first level of a hierarchical configuration.
-        // If the first part is found, all nested parameters are allowed with that scope.
+            // If the first part is found, all nested parameters are allowed with that scope.
-        def firstPart = it.split('/').head()
+            def firstPart = it.split('/').head()
-        scopedParameters.each { key, val ->
+            scopedParameters.each { key, val ->
-            parameterProperties.put(key, val.contains(firstPart))
+                parameterProperties.put(key, val.contains(firstPart))
-        }
+            }
     }
 
     Helper.scanDocu(theStep, step)

documentation/docs/steps/whitesourceExecuteScan.md

@@ -23,5 +23,5 @@ None
 ## Examples
 
 ```groovy
-whitesourceExecuteScan script: this, scanType: 'pip', whitesource: [ productName: 'My Whitesource Product', userTokenCredentialsId: 'companyAdminToken', orgAdminUserTokenCredentialsId: 'orgAdmiToken', orgToken: 'myWhitesourceOrganizationToken' ]
+whitesourceExecuteScan script: this, scanType: 'pip', productName: 'My Whitesource Product', userTokenCredentialsId: 'companyAdminToken', orgAdminUserTokenCredentialsId: 'orgAdmiToken', orgToken: 'myWhitesourceOrganizationToken'
 ```

resources/default_pipeline_environment.yml

@@ -304,6 +304,13 @@ steps:
       stashContent:
         - 'buildDescriptor'
         - 'opensourceConfiguration'
+    golang:
+      buildDescriptorFile: './setup.py'
+      dockerImage: 'golang:1.12.1-stretch'
+      dockerWorkspace: '/home/golang'
+      stashContent:
+        - 'buildDescriptor'
+        - 'opensourceConfiguration'
     sbt:
       buildDescriptorFile: './build.sbt'
       dockerImage: 'hseeberger/scala-sbt:8u181_2.12.8_1.2.8'

src/com/sap/piper/JsonUtils.groovy

@@ -1,20 +1,13 @@
 package com.sap.piper
 
 import com.cloudbees.groovy.cps.NonCPS
-import groovy.json.JsonBuilder
-import groovy.json.JsonSlurperClassic
 
 @NonCPS
-def jsonToString(content) {
+String groovyObjectToPrettyJsonString(object) {
-    return new JsonBuilder(content).toPrettyString()
-}
-
-@NonCPS
-String getPrettyJsonString(object) {
     return groovy.json.JsonOutput.prettyPrint(groovy.json.JsonOutput.toJson(object))
 }
 
 @NonCPS
-def parseJsonSerializable(text) {
+def jsonStringToGroovyObject(text) {
-    return new JsonSlurperClassic().parseText(text)
+    return new groovy.json.JsonSlurperClassic().parseText(text)
 }

src/com/sap/piper/WhitesourceConfigurationHelper.groovy

@@ -16,7 +16,7 @@ class WhitesourceConfigurationHelper implements Serializable {
                 [name: 'checkPolicies', value: false, force: true],
                 [name: 'forceCheckAllDependencies', value: false, force: true]
             ]
-        } else if(config.whitesource.productName.startsWith('SHC - ')) {
+        } else {
             mapping += [
                 [name: 'checkPolicies', value: true, force: true],
                 [name: 'forceCheckAllDependencies', value: true, force: true]
@@ -39,7 +39,7 @@ class WhitesourceConfigurationHelper implements Serializable {
             [name: 'resolveAllDependencies', value: false, force: true]
         ]
         if(!['pip', 'golang'].contains(config.scanType))
-            script.echo "[Whitesource] Configuration for scanType: '${config.scanType}' is not yet hardened, please do a quality assessment of your scan results."
+            script.echo "[Warning][Whitesource] Configuration for scanType: '${config.scanType}' is not yet hardened, please do a quality assessment of your scan results."
         switch (config.scanType) {
             case 'npm':
                 mapping += [

src/com/sap/piper/integration/WhitesourceOrgAdminRepository.groovy

@@ -71,7 +71,7 @@ class WhitesourceOrgAdminRepository implements Serializable {
 
     def issueHttpRequest(requestBody) {
         def response = internalWhitesource ? internalWhitesource.httpWhitesource(requestBody) : httpWhitesource(requestBody)
-        def parsedResponse = new JsonUtils().parseJsonSerializable(response.content)
+        def parsedResponse = new JsonUtils().jsonStringToGroovyObject(response.content)
         if(parsedResponse?.errorCode){
             script.error "[WhiteSource] Request failed with error message '${parsedResponse.errorMessage}' (${parsedResponse.errorCode})."
         }
@@ -81,7 +81,7 @@ class WhitesourceOrgAdminRepository implements Serializable {
     @NonCPS
     protected def httpWhitesource(requestBody) {
         requestBody["userKey"] = config.whitesource.orgAdminUserKey
-        def serializedBody = new JsonUtils().jsonToString(requestBody)
+        def serializedBody = new JsonUtils().groovyObjectToPrettyJsonString(requestBody)
         def params = [
             url        : config.whitesource.serviceUrl,
             httpMode   : 'POST',

src/com/sap/piper/integration/WhitesourceRepository.groovy

@@ -49,7 +49,7 @@ class WhitesourceRepository implements Serializable {
 
     protected def fetchWhitesourceResource(Map requestBody) {
         final def response = httpWhitesource(requestBody)
-        def parsedResponse = new JsonUtils().parseJsonSerializable(response.content)
+        def parsedResponse = new JsonUtils().jsonStringToGroovyObject(response.content)
 
         if(parsedResponse?.errorCode){
             script.error "[WhiteSource] Request failed with error message '${parsedResponse.errorMessage}' (${parsedResponse.errorCode})."
@@ -173,7 +173,7 @@ class WhitesourceRepository implements Serializable {
     @NonCPS
     protected def httpWhitesource(requestBody) {
         handleAdditionalRequestParameters(requestBody)
-        def serializedBody = new JsonUtils().getPrettyJsonString(requestBody)
+        def serializedBody = new JsonUtils().groovyObjectToPrettyJsonString(requestBody)
         def params = [
             url        : config.whitesource.serviceUrl,
             httpMode   : 'POST',
@@ -201,7 +201,7 @@ class WhitesourceRepository implements Serializable {
     @NonCPS
     protected void fetchFileFromWhiteSource(String fileName, Map params) {
         handleAdditionalRequestParameters(params)
-        def serializedContent = new JsonUtils().jsonToString(params)
+        def serializedContent = new JsonUtils().groovyObjectToPrettyJsonString(params)
 
         if(config.verbose)
             script.echo "Sending curl request with parameters ${params}"

test/groovy/WhitesourceExecuteScanTest.groovy

@@ -112,23 +112,23 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
         LibraryLoadingTestExecutionListener.prepareObjectInterceptors(whitesourceStub)
 
         helper.registerAllowedMethod("fetchProductMetaInfo", [], {
-            return new JsonUtils().parseJsonSerializable("{ \"productVitals\": [{ \"id\": 59639, \"name\": \"SHC - Piper\", \"token\": \"e30132d8e8f04a4c8be6332c75a0ff0580ab326fa7534540ad326e97a74d945b\", \"creationDate\": \"2017-09-20 09:22:46 +0000\", \"lastUpdatedDate\": \"2018-09-19 09:44:40 +0000\" }]}")
+            return new JsonUtils().jsonStringToGroovyObject("{ \"productVitals\": [{ \"id\": 59639, \"name\": \"SHC - Piper\", \"token\": \"e30132d8e8f04a4c8be6332c75a0ff0580ab326fa7534540ad326e97a74d945b\", \"creationDate\": \"2017-09-20 09:22:46 +0000\", \"lastUpdatedDate\": \"2018-09-19 09:44:40 +0000\" }]}")
         })
         helper.registerAllowedMethod("fetchProjectsMetaInfo", [], {
-            return new JsonUtils().parseJsonSerializable("{ \"projectVitals\": [{ \"id\": 261964, \"name\": \"piper-demo - 0.0.1\", \"token\": \"a2a62e5d7beb4170ad4dccfa3316b5a4cd3fadefc56c49f88fbf9400a09f7d94\", \"creationDate\": \"2017-09-21 00:28:06 +0000\", \"lastUpdatedDate\": \"2017-10-12 01:03:05 +0000\" }]}").projectVitals
+            return new JsonUtils().jsonStringToGroovyObject("{ \"projectVitals\": [{ \"id\": 261964, \"name\": \"piper-demo - 0.0.1\", \"token\": \"a2a62e5d7beb4170ad4dccfa3316b5a4cd3fadefc56c49f88fbf9400a09f7d94\", \"creationDate\": \"2017-09-21 00:28:06 +0000\", \"lastUpdatedDate\": \"2017-10-12 01:03:05 +0000\" }]}").projectVitals
         })
         helper.registerAllowedMethod("fetchReportForProduct", [String], { })
         helper.registerAllowedMethod( "fetchProjectLicenseAlerts", [Object.class], {
-            return new JsonUtils().parseJsonSerializable("{ \"alerts\": [] }").alerts
+            return new JsonUtils().jsonStringToGroovyObject("{ \"alerts\": [] }").alerts
         })
         helper.registerAllowedMethod( "fetchProductLicenseAlerts", [], {
-            return new JsonUtils().parseJsonSerializable("{ \"alerts\": [] }").alerts
+            return new JsonUtils().jsonStringToGroovyObject("{ \"alerts\": [] }").alerts
         })
         helper.registerAllowedMethod( "fetchVulnerabilities", [List], {
-            return new JsonUtils().parseJsonSerializable("{ \"alerts\": [] }").alerts
+            return new JsonUtils().jsonStringToGroovyObject("{ \"alerts\": [] }").alerts
         })
         helper.registerAllowedMethod( "createProduct", [], {
-            return new JsonUtils().parseJsonSerializable("{ \"productToken\": \"e30132d8e8f04a4c8be6332c75a0ff0580ab326fa7534540ad326e97a74d945b\" }")
+            return new JsonUtils().jsonStringToGroovyObject("{ \"productToken\": \"e30132d8e8f04a4c8be6332c75a0ff0580ab326fa7534540ad326e97a74d945b\" }")
         })
         helper.registerAllowedMethod( "publishHTML", [Map], {})
 
@@ -800,7 +800,7 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
             return result
         })
         helper.registerAllowedMethod("fetchVulnerabilities", [List], {
-            return new JsonUtils().parseJsonSerializable("{ \"alerts\": [ { \"vulnerability\": { \"name\": \"CVE-2017-15095\", \"type\": \"CVE\", \"severity\": \"high\", \"score\": 7.5, \"cvss3_severity\": \"high\", \"cvss3_score\": 9.8, \"scoreMetadataVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"publishDate\": \"2018-02-06\", \"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095\", \"description\": \"A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.\", \"topFix\": { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/60d459ce\"," +
+            return new JsonUtils().jsonStringToGroovyObject("{ \"alerts\": [ { \"vulnerability\": { \"name\": \"CVE-2017-15095\", \"type\": \"CVE\", \"severity\": \"high\", \"score\": 7.5, \"cvss3_severity\": \"high\", \"cvss3_score\": 9.8, \"scoreMetadataVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"publishDate\": \"2018-02-06\", \"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095\", \"description\": \"A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.\", \"topFix\": { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/60d459ce\"," +
                 "\"fixResolution\": \"src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java,release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-04-13\", \"message\": \"Fix #1599 for 2.8.9\\n\\nMerge branch '2.7' into 2.8\", \"extraData\": \"key=60d459c&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" }, \"allFixes\": [ { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/60d459ce\", \"fixResolution\": \"src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java,release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-04-13\", \"message\": \"Fix #1599 for 2.8.9\\n\\nMerge branch '2.7' into 2.8\"," +
                 "\"extraData\": \"key=60d459c&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" }, { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b#diff-98084d808198119d550a9211e128a16f\", \"fixResolution\": \"src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java,release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-12-12\", \"message\": \"Fix #1737 (#1857)\", \"extraData\": \"key=e865a7a&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" }, { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/e8f043d1\"," +
                 "\"fixResolution\": \"release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-06-30\", \"message\": \"Fix #1680\", \"extraData\": \"key=e8f043d&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" } ], \"fixResolutionText\": \"Replace or update the following files: IllegalTypesCheckTest.java, VERSION, BeanDeserializerFactory.java\", \"references\": [] }, \"type\": \"SECURITY_VULNERABILITY\", \"level\": \"MAJOR\", \"library\": { \"keyUuid\": \"13f7802e-8aa1-4303-a5db-1d0c85e871a9\", \"keyId\": 23410061, \"filename\": \"jackson-databind-2.8.8.jar\", \"name\": \"jackson-databind\", \"groupId\": \"com.fasterxml.jackson.core\", \"artifactId\": \"jackson-databind\", \"version\": \"2.8.8\", \"sha1\": \"bf88c7b27e95cbadce4e7c316a56c3efffda8026\", \"type\": \"Java\", \"references\": { \"url\": \"http://github.com/FasterXML/jackson\", \"issueUrl\": \"https://github.com/FasterXML/jackson-databind/issues\"," +
@@ -882,7 +882,7 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
             return result
         })
         helper.registerAllowedMethod("fetchVulnerabilities", [List], {
-            return new JsonUtils().parseJsonSerializable("{ \"alerts\": [ { \"vulnerability\": { \"name\": \"CVE-2017-15095\", \"type\": \"CVE\", \"severity\": \"high\", \"score\": 2.1, \"cvss3_severity\": \"high\", \"cvss3_score\": 5.3, \"scoreMetadataVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"publishDate\": \"2018-02-06\", \"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095\", \"description\": \"A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.\", \"topFix\": { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/60d459ce\"," +
+            return new JsonUtils().jsonStringToGroovyObject("{ \"alerts\": [ { \"vulnerability\": { \"name\": \"CVE-2017-15095\", \"type\": \"CVE\", \"severity\": \"high\", \"score\": 2.1, \"cvss3_severity\": \"high\", \"cvss3_score\": 5.3, \"scoreMetadataVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"publishDate\": \"2018-02-06\", \"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095\", \"description\": \"A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.\", \"topFix\": { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/60d459ce\"," +
                 "\"fixResolution\": \"src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java,release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-04-13\", \"message\": \"Fix #1599 for 2.8.9\\n\\nMerge branch '2.7' into 2.8\", \"extraData\": \"key=60d459c&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" }, \"allFixes\": [ { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/60d459ce\", \"fixResolution\": \"src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java,release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-04-13\", \"message\": \"Fix #1599 for 2.8.9\\n\\nMerge branch '2.7' into 2.8\"," +
                 "\"extraData\": \"key=60d459c&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" }, { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b#diff-98084d808198119d550a9211e128a16f\", \"fixResolution\": \"src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java,release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-12-12\", \"message\": \"Fix #1737 (#1857)\", \"extraData\": \"key=e865a7a&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" }, { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\"," +
                 "\"url\": \"https://github.com/FasterXML/jackson-databind/commit/e8f043d1\", \"fixResolution\": \"release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-06-30\", \"message\": \"Fix #1680\", \"extraData\": \"key=e8f043d&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" } ], \"fixResolutionText\": \"Replace or update the following files: IllegalTypesCheckTest.java, VERSION, BeanDeserializerFactory.java\", \"references\": [] }, \"type\": \"SECURITY_VULNERABILITY\", \"level\": \"MAJOR\", \"library\": { \"keyUuid\": \"13f7802e-8aa1-4303-a5db-1d0c85e871a9\", \"keyId\": 23410061, \"filename\": \"jackson-databind-2.8.8.jar\", \"name\": \"jackson-databind\", \"groupId\": \"com.fasterxml.jackson.core\", \"artifactId\": \"jackson-databind\", \"version\": \"2.8.8\", \"sha1\": \"bf88c7b27e95cbadce4e7c316a56c3efffda8026\"," +
@@ -921,7 +921,7 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
             return result
         })
         helper.registerAllowedMethod("fetchVulnerabilities", [List], {
-            return new JsonUtils().parseJsonSerializable("{ \"alerts\": [ { \"vulnerability\": { \"name\": \"CVE-2017-15095\", \"type\": \"CVE\", \"severity\": \"high\", \"score\": 2.1, \"cvss3_severity\": \"high\", \"cvss3_score\": 5.3, \"scoreMetadataVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"publishDate\": \"2018-02-06\", \"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095\", \"description\": \"A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.\", \"topFix\": { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/60d459ce\"," +
+            return new JsonUtils().jsonStringToGroovyObject("{ \"alerts\": [ { \"vulnerability\": { \"name\": \"CVE-2017-15095\", \"type\": \"CVE\", \"severity\": \"high\", \"score\": 2.1, \"cvss3_severity\": \"high\", \"cvss3_score\": 5.3, \"scoreMetadataVector\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"publishDate\": \"2018-02-06\", \"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095\", \"description\": \"A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.\", \"topFix\": { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/60d459ce\"," +
                 "\"fixResolution\": \"src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java,release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-04-13\", \"message\": \"Fix #1599 for 2.8.9\\n\\nMerge branch '2.7' into 2.8\", \"extraData\": \"key=60d459c&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" }, \"allFixes\": [ { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/60d459ce\", \"fixResolution\": \"src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java,release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-04-13\", \"message\": \"Fix #1599 for 2.8.9\\n\\nMerge branch '2.7' into 2.8\"," +
                 "\"extraData\": \"key=60d459c&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" }, { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\", \"url\": \"https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b#diff-98084d808198119d550a9211e128a16f\", \"fixResolution\": \"src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java,release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-12-12\", \"message\": \"Fix #1737 (#1857)\", \"extraData\": \"key=e865a7a&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" }, { \"vulnerability\": \"CVE-2017-15095\", \"type\": \"CHANGE_FILES\", \"origin\": \"GITHUB_COMMIT\"," +
                 "\"url\": \"https://github.com/FasterXML/jackson-databind/commit/e8f043d1\", \"fixResolution\": \"release-notes/VERSION,src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java\", \"date\": \"2017-06-30\", \"message\": \"Fix #1680\", \"extraData\": \"key=e8f043d&committerName=cowtowncoder&committerUrl=https://github.com/cowtowncoder&committerAvatar=https://avatars0.githubusercontent.com/u/55065?v=4\" } ], \"fixResolutionText\": \"Replace or update the following files: IllegalTypesCheckTest.java, VERSION, BeanDeserializerFactory.java\", \"references\": [] }, \"type\": \"SECURITY_VULNERABILITY\", \"level\": \"MAJOR\", \"library\": { \"keyUuid\": \"13f7802e-8aa1-4303-a5db-1d0c85e871a9\", \"keyId\": 23410061, \"filename\": \"jackson-databind-2.8.8.jar\", \"name\": \"jackson-databind\", \"groupId\": \"com.fasterxml.jackson.core\", \"artifactId\": \"jackson-databind\", \"version\": \"2.8.8\", \"sha1\": \"bf88c7b27e95cbadce4e7c316a56c3efffda8026\"," +
@@ -962,7 +962,7 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
             return result
         })
         helper.registerAllowedMethod("fetchVulnerabilities", [Object.class], {
-            return new JsonUtils().parseJsonSerializable("{ \"alerts\": [] }").alerts
+            return new JsonUtils().jsonStringToGroovyObject("{ \"alerts\": [] }").alerts
         })
 
         stepRule.step.whitesourceExecuteScan([

test/groovy/com/sap/piper/DescriptorUtilsTest.groovy

@@ -12,7 +12,6 @@ import util.JenkinsLoggingRule
 import util.JenkinsSetupRule
 import util.LibraryLoadingTestExecutionListener
 
-import static org.assertj.core.api.Assertions.assertThat
 import static org.hamcrest.Matchers.is
 import static org.junit.Assert.assertEquals
 import static org.junit.Assert.assertThat
@@ -50,7 +49,7 @@ class DescriptorUtilsTest extends BasePiperTest {
         helper.registerAllowedMethod("readJSON", [Map.class], {
             searchConfig ->
                 def packageJsonFile = new File("test/resources/DescriptorUtils/npm/${searchConfig.file}")
-                return new JsonUtils().parseJsonSerializable(packageJsonFile.text)
+                return new JsonUtils().jsonStringToGroovyObject(packageJsonFile.text)
         })
 
         def gav = descriptorUtils.getNpmGAV('package2.json')
@@ -66,7 +65,7 @@ class DescriptorUtilsTest extends BasePiperTest {
         helper.registerAllowedMethod("readJSON", [Map.class], {
             searchConfig ->
                 def packageJsonFile = new File("test/resources/DescriptorUtils/npm/${searchConfig.file}")
-                return new JsonUtils().parseJsonSerializable(packageJsonFile.text)
+                return new JsonUtils().jsonStringToGroovyObject(packageJsonFile.text)
         })
 
         def gav = descriptorUtils.getNpmGAV('package.json')
@@ -82,7 +81,7 @@ class DescriptorUtilsTest extends BasePiperTest {
         helper.registerAllowedMethod("readJSON", [Map.class], {
             searchConfig ->
                 def packageJsonFile = new File("test/resources/DescriptorUtils/npm/${searchConfig.file}")
-                return new JsonUtils().parseJsonSerializable(packageJsonFile.text)
+                return new JsonUtils().jsonStringToGroovyObject(packageJsonFile.text)
         })
 
         def errorCaught = false
@@ -102,7 +101,7 @@ class DescriptorUtilsTest extends BasePiperTest {
         helper.registerAllowedMethod("readJSON", [Map.class], {
             searchConfig ->
                 def packageJsonFile = new File("test/resources/DescriptorUtils/sbt/${searchConfig.file}")
-                return new JsonUtils().parseJsonSerializable(packageJsonFile.text)
+                return new JsonUtils().jsonStringToGroovyObject(packageJsonFile.text)
         })
 
         def gav = descriptorUtils.getSbtGAV('sbtDescriptor.json')
@@ -119,7 +118,7 @@ class DescriptorUtilsTest extends BasePiperTest {
         helper.registerAllowedMethod("readJSON", [Map.class], {
             searchConfig ->
                 def packageJsonFile = new File("test/resources/DescriptorUtils/dlang/${searchConfig.file}")
-                return new JsonUtils().parseJsonSerializable(packageJsonFile.text)
+                return new JsonUtils().jsonStringToGroovyObject(packageJsonFile.text)
         })
 
         def gav = descriptorUtils.getDlangGAV('dub.json')

vars/influxWriteData.groovy

@@ -106,9 +106,9 @@ private void writeToInflux(config, script){
 
     //write results into json file for archiving - also benefitial when no InfluxDB is available yet
     def jsonUtils = new JsonUtils()
-    writeFile file: 'jenkins_data.json', text: jsonUtils.getPrettyJsonString(config.customData)
+    writeFile file: 'jenkins_data.json', text: jsonUtils.groovyObjectToPrettyJsonString(config.customData)
-    writeFile file: 'influx_data.json', text: jsonUtils.getPrettyJsonString(config.customDataMap)
+    writeFile file: 'influx_data.json', text: jsonUtils.groovyObjectToPrettyJsonString(config.customDataMap)
-    writeFile file: 'jenkins_data_tags.json', text: jsonUtils.getPrettyJsonString(config.customDataTags)
+    writeFile file: 'jenkins_data_tags.json', text: jsonUtils.groovyObjectToPrettyJsonString(config.customDataTags)
-    writeFile file: 'influx_data_tags.json', text: jsonUtils.getPrettyJsonString(config.customDataMapTags)
+    writeFile file: 'influx_data_tags.json', text: jsonUtils.groovyObjectToPrettyJsonString(config.customDataMapTags)
     archiveArtifacts artifacts: '*data.json', allowEmptyArchive: true
 }

vars/whitesourceExecuteScan.groovy

@@ -15,47 +15,57 @@ import static com.sap.piper.Prerequisites.checkScript
 
 @Field String STEP_NAME = getClass().getName()
 @Field Set GENERAL_CONFIG_KEYS = [
-    /**
-     * Wrapper object to bundle any of the other configuration settings on general and stage level.
-     */
     'whitesource',
     /**
      * Jenkins credentials ID referring to the organization admin's token.
+     * @parentConfigKey whitesource
      */
     'orgAdminUserTokenCredentialsId',
     /**
      * WhiteSource token identifying your organization.
+     * @parentConfigKey whitesource
      */
     'orgToken',
     /**
      * Name of the WhiteSource product to be created and used for results aggregation.
+     * @parentConfigKey whitesource
      */
     'productName',
     /**
      * Version of the WhiteSource product to be created and used for results aggregation, usually determined automatically.
+     * @parentConfigKey whitesource
      */
     'productVersion',
     /**
      * Token of the WhiteSource product to be created and used for results aggregation, usually determined automatically.
+     * @parentConfigKey whitesource
      */
     'productToken',
     /**
      * List of WhiteSource projects to be included in the assessment part of the step, usually determined automatically.
+     * @parentConfigKey whitesource
      */
     'projectNames',
+    /**
+     * URL used for downloading the Java Runtime Environment (JRE) required to run the WhiteSource Unified Agent.
+     * @parentConfigKey whitesource
+     */
+    'jreDownloadUrl',
+    /**
+     * URL to the WhiteSource server API used for communication, defaults to `https://saas.whitesourcesoftware.com/api`.
+     * @parentConfigKey whitesource
+     */
+    'serviceUrl',
+    /**
+     * Jenkins credentials ID referring to the product admin's token.
+     * @parentConfigKey whitesource
+     */
+    'userTokenCredentialsId',
     /**
      * Type of development stack used to implement the solution.
      * @possibleValues `maven`, `mta`, `npm`, `pip`, `sbt`
      */
     'scanType',
-    /**
-     * URL to the WhiteSource server API used for communication, defaults to `https://saas.whitesourcesoftware.com/api`.
-     */
-    'serviceUrl',
-    /**
-     * Jenkins credentials ID referring to the product admin's token.
-     */
-    'userTokenCredentialsId',
     /**
      * Whether verbose output should be produced.
      * @possibleValues `true`, `false`
@@ -103,10 +113,6 @@ import static com.sap.piper.Prerequisites.checkScript
      * Docker workspace to be used for scanning.
      */
     'dockerWorkspace',
-    /**
-     * URL used for downloading the Java Runtime Environment (JRE) required to run the WhiteSource Unified Agent.
-     */
-    'jreDownloadUrl',
     /**
      * Whether license compliance is considered and reported as part of the assessment.
      * @possibleValues `true`, `false`
@@ -353,7 +359,11 @@ private def triggerWhitesourceScanWithUserKey(script, config, utils, descriptorU
                         config.whitesource.productVersion = gav.version
                         break
                 }
-                config.whitesource['projectNames'].add("${config.whitesource.projectName} - ${config.whitesource.productVersion}".toString())
+
+                def projectName = "${config.whitesource.projectName} - ${config.whitesource.productVersion}".toString()
+                if(!config.whitesource['projectNames'].contains(projectName))
+                    config.whitesource['projectNames'].add(projectName)
+
                 WhitesourceConfigurationHelper.extendUAConfigurationFile(script, utils, config, path)
                 dockerExecute(script: script, dockerImage: config.dockerImage, dockerWorkspace: config.dockerWorkspace, stashContent: config.stashContent) {
                     if (config.whitesource.agentDownloadUrl) {
@@ -447,7 +457,7 @@ int checkSecurityViolations(Map config, WhitesourceRepository repository) {
                 severeVulnerabilities++
     }
 
-    writeFile(file: "${config.vulnerabilityReportFileName}.json", text: new JsonUtils().getPrettyJsonString(vulnerabilities))
+    writeFile(file: "${config.vulnerabilityReportFileName}.json", text: new JsonUtils().groovyObjectToPrettyJsonString(vulnerabilities))
     writeFile(file: "${config.vulnerabilityReportFileName}.html", text: getReportHtml(config, vulnerabilities, severeVulnerabilities))
     archiveArtifacts(artifacts: "${config.vulnerabilityReportFileName}.*")