jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-03-03 15:02:35 +02:00
Code Issues Releases Activity

refactor(codeqlExecuteScan): refactor codeql reporting (#4682)

Browse Source 
Co-authored-by: sumeet patil <sumeet.patil@sap.com>
This commit is contained in:
Daria Kuznetsova 2023-11-20 14:21:04 +01:00 committed by GitHub
parent a838f485d7
commit ca633186f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 315 additions and 291 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
cmd/codeqlExecuteScan.go
View File

@ -15,7 +15,6 @@ import (
"github.com/SAP/jenkins-library/pkg/orchestrator" "github.com/SAP/jenkins-library/pkg/orchestrator"
"github.com/SAP/jenkins-library/pkg/piperutils" "github.com/SAP/jenkins-library/pkg/piperutils"
"github.com/SAP/jenkins-library/pkg/telemetry" "github.com/SAP/jenkins-library/pkg/telemetry"
"github.com/SAP/jenkins-library/pkg/toolrecord"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@ -25,14 +24,6 @@ type codeqlExecuteScanUtils interface {
piperutils.FileUtils piperutils.FileUtils
} }
type RepoInfo struct {
serverUrl string
repo string
commitId string
ref string
owner string
}
type codeqlExecuteScanUtilsBundle struct { type codeqlExecuteScanUtilsBundle struct {
*command.Command *command.Command
*piperutils.Files *piperutils.Files
@ -97,7 +88,7 @@ func getLangFromBuildTool(buildTool string) string {
} }
} }
func getGitRepoInfo(repoUri string, repoInfo *RepoInfo) error { func getGitRepoInfo(repoUri string, repoInfo *codeql.RepoInfo) error {
if repoUri == "" { if repoUri == "" {
return errors.New("repository param is not set or it cannot be auto populated") return errors.New("repository param is not set or it cannot be auto populated")
} }
@ -106,43 +97,43 @@ func getGitRepoInfo(repoUri string, repoInfo *RepoInfo) error {
matches := pat.FindAllStringSubmatch(repoUri, -1) matches := pat.FindAllStringSubmatch(repoUri, -1)
if len(matches) > 0 { if len(matches) > 0 {
match := matches[0] match := matches[0]
repoInfo.serverUrl = "https://" + match[3] repoInfo.ServerUrl = "https://" + match[3]
repoData := strings.Split(strings.TrimSuffix(match[4], ".git"), "/") repoData := strings.Split(strings.TrimSuffix(match[4], ".git"), "/")
if len(repoData) != 2 { if len(repoData) != 2 {
return fmt.Errorf("Invalid repository %s", repoUri) return fmt.Errorf("Invalid repository %s", repoUri)
} }
repoInfo.owner = repoData[0] repoInfo.Owner = repoData[0]
repoInfo.repo = repoData[1] repoInfo.Repo = repoData[1]
return nil return nil
} }
return fmt.Errorf("Invalid repository %s", repoUri) return fmt.Errorf("Invalid repository %s", repoUri)
} }
func initGitInfo(config *codeqlExecuteScanOptions) (RepoInfo, error) { func initGitInfo(config *codeqlExecuteScanOptions) (codeql.RepoInfo, error) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo(config.Repository, &repoInfo) err := getGitRepoInfo(config.Repository, &repoInfo)
if err != nil { if err != nil {
log.Entry().Error(err) log.Entry().Error(err)
} }
repoInfo.ref = config.AnalyzedRef repoInfo.Ref = config.AnalyzedRef
repoInfo.commitId = config.CommitID repoInfo.CommitId = config.CommitID
provider, err := orchestrator.NewOrchestratorSpecificConfigProvider() provider, err := orchestrator.NewOrchestratorSpecificConfigProvider()
if err != nil { if err != nil {
log.Entry().Warn("No orchestrator found. We assume piper is running locally.") log.Entry().Warn("No orchestrator found. We assume piper is running locally.")
} else { } else {
if repoInfo.ref == "" { if repoInfo.Ref == "" {
repoInfo.ref = provider.GetReference() repoInfo.Ref = provider.GetReference()
} }
if repoInfo.commitId == "" || repoInfo.commitId == "NA" { if repoInfo.CommitId == "" || repoInfo.CommitId == "NA" {
repoInfo.commitId = provider.GetCommit() repoInfo.CommitId = provider.GetCommit()
} }
if repoInfo.serverUrl == "" { if repoInfo.ServerUrl == "" {
err = getGitRepoInfo(provider.GetRepoURL(), &repoInfo) err = getGitRepoInfo(provider.GetRepoURL(), &repoInfo)
if err != nil { if err != nil {
log.Entry().Error(err) log.Entry().Error(err)
@ -150,7 +141,7 @@ func initGitInfo(config *codeqlExecuteScanOptions) (RepoInfo, error) {
} }
} }
if len(config.TargetGithubRepoURL) > 0 { if len(config.TargetGithubRepoURL) > 0 {
if strings.Contains(repoInfo.serverUrl, "github") { if strings.Contains(repoInfo.ServerUrl, "github") {
log.Entry().Errorf("TargetGithubRepoURL should not be set as the source repo is on github.") log.Entry().Errorf("TargetGithubRepoURL should not be set as the source repo is on github.")
return repoInfo, errors.New("TargetGithubRepoURL should not be set as the source repo is on github.") return repoInfo, errors.New("TargetGithubRepoURL should not be set as the source repo is on github.")
} }
@ -160,9 +151,9 @@ func initGitInfo(config *codeqlExecuteScanOptions) (RepoInfo, error) {
return repoInfo, err return repoInfo, err
} }
if len(config.TargetGithubBranchName) > 0 { if len(config.TargetGithubBranchName) > 0 {
repoInfo.ref = config.TargetGithubBranchName repoInfo.Ref = config.TargetGithubBranchName
if len(strings.Split(config.TargetGithubBranchName, "/")) < 3 { if len(strings.Split(config.TargetGithubBranchName, "/")) < 3 {
repoInfo.ref = "refs/heads/" + config.TargetGithubBranchName repoInfo.Ref = "refs/heads/" + config.TargetGithubBranchName
} }
} }
} }
@ -183,27 +174,27 @@ func getToken(config *codeqlExecuteScanOptions) (bool, string) {
return false, "" return false, ""
} }
func uploadResults(config *codeqlExecuteScanOptions, repoInfo RepoInfo, token string, utils codeqlExecuteScanUtils) (string, error) { func uploadResults(config *codeqlExecuteScanOptions, repoInfo codeql.RepoInfo, token string, utils codeqlExecuteScanUtils) (string, error) {
cmd := []string{"github", "upload-results", "--sarif=" + filepath.Join(config.ModulePath, "target", "codeqlReport.sarif")} cmd := []string{"github", "upload-results", "--sarif=" + filepath.Join(config.ModulePath, "target", "codeqlReport.sarif")}
if config.GithubToken != "" { if config.GithubToken != "" {
cmd = append(cmd, "-a="+token) cmd = append(cmd, "-a="+token)
} }
if repoInfo.commitId != "" { if repoInfo.CommitId != "" {
cmd = append(cmd, "--commit="+repoInfo.commitId) cmd = append(cmd, "--commit="+repoInfo.CommitId)
} }
if repoInfo.serverUrl != "" { if repoInfo.ServerUrl != "" {
cmd = append(cmd, "--github-url="+repoInfo.serverUrl) cmd = append(cmd, "--github-url="+repoInfo.ServerUrl)
} }
if repoInfo.repo != "" { if repoInfo.Repo != "" {
cmd = append(cmd, "--repository="+(repoInfo.owner+"/"+repoInfo.repo)) cmd = append(cmd, "--repository="+(repoInfo.Owner+"/"+repoInfo.Repo))
} }
if repoInfo.ref != "" { if repoInfo.Ref != "" {
cmd = append(cmd, "--ref="+repoInfo.ref) cmd = append(cmd, "--ref="+repoInfo.Ref)
} }
//if no git params are passed(commitId, reference, serverUrl, repository), then codeql tries to auto populate it based on git information of the checkout repository. //if no git params are passed(commitId, reference, serverUrl, repository), then codeql tries to auto populate it based on git information of the checkout repository.
@ -333,9 +324,9 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
if err != nil { if err != nil {
return reports, err return reports, err
} }
repoUrl := fmt.Sprintf("%s/%s/%s", repoInfo.serverUrl, repoInfo.owner, repoInfo.repo) repoUrl := fmt.Sprintf("%s/%s/%s", repoInfo.ServerUrl, repoInfo.Owner, repoInfo.Repo)
repoReference, err := buildRepoReference(repoUrl, repoInfo.ref) repoReference, err := codeql.BuildRepoReference(repoUrl, repoInfo.Ref)
repoCodeqlScanUrl := fmt.Sprintf("%s/security/code-scanning?query=is:open+ref:%s", repoUrl, repoInfo.ref) repoCodeqlScanUrl := fmt.Sprintf("%s/security/code-scanning?query=is:open+ref:%s", repoUrl, repoInfo.Ref)
if len(config.TargetGithubRepoURL) > 0 { if len(config.TargetGithubRepoURL) > 0 {
hasToken, token := getToken(config) hasToken, token := getToken(config)
@ -344,9 +335,9 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
} }
repoUploader, err := codeql.NewGitUploaderInstance( repoUploader, err := codeql.NewGitUploaderInstance(
token, token,
repoInfo.ref, repoInfo.Ref,
config.Database, config.Database,
repoInfo.commitId, repoInfo.CommitId,
config.Repository, config.Repository,
config.TargetGithubRepoURL, config.TargetGithubRepoURL,
) )
@ -357,7 +348,7 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
if err != nil { if err != nil {
return reports, errors.Wrap(err, "failed uploading db sources from non-GitHub SCM to GitHub") return reports, errors.Wrap(err, "failed uploading db sources from non-GitHub SCM to GitHub")
} }
repoInfo.commitId = targetCommitId repoInfo.CommitId = targetCommitId
} }
if !config.UploadResults { if !config.UploadResults {
@ -378,8 +369,8 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
return reports, errors.Wrap(err, "failed to upload sarif") return reports, errors.Wrap(err, "failed to upload sarif")
} }
codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(repoInfo.serverUrl, repoInfo.owner, repoInfo.repo, token, []string{}) codeqlScanAuditInstance := codeql.NewCodeqlScanAuditInstance(repoInfo.ServerUrl, repoInfo.Owner, repoInfo.Repo, token, []string{})
scanResults, err := codeqlScanAuditInstance.GetVulnerabilities(repoInfo.ref) scanResults, err := codeqlScanAuditInstance.GetVulnerabilities(repoInfo.Ref)
if err != nil { if err != nil {
return reports, errors.Wrap(err, "failed to get scan results") return reports, errors.Wrap(err, "failed to get scan results")
} }
@ -395,14 +386,14 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
for _, scanResult := range scanResults { for _, scanResult := range scanResults {
unaudited := scanResult.Total - scanResult.Audited unaudited := scanResult.Total - scanResult.Audited
if unaudited > config.VulnerabilityThresholdTotal { if unaudited > config.VulnerabilityThresholdTotal {
msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.ref, unaudited, config.VulnerabilityThresholdTotal) msg := fmt.Sprintf("Your repository %v with ref %v is not compliant. Total unaudited issues are %v which is greater than the VulnerabilityThresholdTotal count %v", repoUrl, repoInfo.Ref, unaudited, config.VulnerabilityThresholdTotal)
return reports, errors.Errorf(msg) return reports, errors.Errorf(msg)
} }
} }
} }
} }
toolRecordFileName, err := createAndPersistToolRecord(utils, repoInfo, repoReference, repoUrl, repoCodeqlScanUrl) toolRecordFileName, err := codeql.CreateAndPersistToolRecord(utils, repoInfo, repoReference, repoUrl, config.ModulePath)
if err != nil { if err != nil {
log.Entry().Warning("TR_CODEQL: Failed to create toolrecord file ...", err) log.Entry().Warning("TR_CODEQL: Failed to create toolrecord file ...", err)
} else { } else {
@ -412,87 +403,6 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
return reports, nil return reports, nil
} }
func createAndPersistToolRecord(utils codeqlExecuteScanUtils, repoInfo RepoInfo, repoReference string, repoUrl string, repoCodeqlScanUrl string) (string, error) {
toolRecord, err := createToolRecordCodeql(utils, repoInfo, repoReference, repoUrl, repoCodeqlScanUrl)
if err != nil {
return "", err
}
toolRecordFileName, err := persistToolRecord(toolRecord)
if err != nil {
return "", err
}
return toolRecordFileName, nil
}
func createToolRecordCodeql(utils codeqlExecuteScanUtils, repoInfo RepoInfo, repoUrl string, repoReference string, repoCodeqlScanUrl string) (*toolrecord.Toolrecord, error) {
record := toolrecord.New(utils, "./", "codeql", repoInfo.serverUrl)
if repoInfo.serverUrl == "" {
return record, errors.New("Repository not set")
}
if repoInfo.commitId == "" || repoInfo.commitId == "NA" {
return record, errors.New("CommitId not set")
}
if repoInfo.ref == "" {
return record, errors.New("Analyzed Reference not set")
}
record.DisplayName = fmt.Sprintf("%s %s - %s %s", repoInfo.owner, repoInfo.repo, repoInfo.ref, repoInfo.commitId)
record.DisplayURL = fmt.Sprintf("%s/security/code-scanning?query=is:open+ref:%s", repoUrl, repoInfo.ref)
err := record.AddKeyData("repository",
fmt.Sprintf("%s/%s", repoInfo.owner, repoInfo.repo),
fmt.Sprintf("%s %s", repoInfo.owner, repoInfo.repo),
repoUrl)
if err != nil {
return record, err
}
err = record.AddKeyData("repositoryReference",
repoInfo.ref,
fmt.Sprintf("%s - %s", repoInfo.repo, repoInfo.ref),
repoReference)
if err != nil {
return record, err
}
err = record.AddKeyData("scanResult",
fmt.Sprintf("%s/%s", repoInfo.ref, repoInfo.commitId),
fmt.Sprintf("%s %s - %s %s", repoInfo.owner, repoInfo.repo, repoInfo.ref, repoInfo.commitId),
fmt.Sprintf("%s/security/code-scanning?query=is:open+ref:%s", repoUrl, repoInfo.ref))
if err != nil {
return record, err
}
return record, nil
}
func buildRepoReference(repository, analyzedRef string) (string, error) {
ref := strings.Split(analyzedRef, "/")
if len(ref) < 3 {
return "", errors.New(fmt.Sprintf("Wrong analyzedRef format: %s", analyzedRef))
}
if strings.Contains(analyzedRef, "pull") {
if len(ref) < 4 {
return "", errors.New(fmt.Sprintf("Wrong analyzedRef format: %s", analyzedRef))
}
return fmt.Sprintf("%s/pull/%s", repository, ref[2]), nil
}
return fmt.Sprintf("%s/tree/%s", repository, ref[2]), nil
}
func persistToolRecord(toolRecord *toolrecord.Toolrecord) (string, error) {
err := toolRecord.Persist()
if err != nil {
return "", err
}
return toolRecord.GetFileName(), nil
}
func getRamAndThreadsFromConfig(config *codeqlExecuteScanOptions) []string { func getRamAndThreadsFromConfig(config *codeqlExecuteScanOptions) []string {
params := make([]string, 0, 2) params := make([]string, 0, 2)
if len(config.Threads) > 0 { if len(config.Threads) > 0 {

246
cmd/codeqlExecuteScan_test.go
View File

@ -4,7 +4,6 @@
package cmd package cmd
import ( import (
"fmt"
"testing" "testing"
"time" "time"
@ -75,104 +74,104 @@ func TestRunCodeqlExecuteScan(t *testing.T) {
func TestGetGitRepoInfo(t *testing.T) { func TestGetGitRepoInfo(t *testing.T) {
t.Run("Valid https URL1", func(t *testing.T) { t.Run("Valid https URL1", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("https://github.hello.test/Testing/fortify.git", &repoInfo) err := getGitRepoInfo("https://github.hello.test/Testing/fortify.git", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "fortify", repoInfo.repo) assert.Equal(t, "fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Valid https URL2", func(t *testing.T) { t.Run("Valid https URL2", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("https://github.hello.test/Testing/fortify", &repoInfo) err := getGitRepoInfo("https://github.hello.test/Testing/fortify", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "fortify", repoInfo.repo) assert.Equal(t, "fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Valid https URL1 with dots", func(t *testing.T) { t.Run("Valid https URL1 with dots", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("https://github.hello.test/Testing/com.sap.fortify.git", &repoInfo) err := getGitRepoInfo("https://github.hello.test/Testing/com.sap.fortify.git", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "com.sap.fortify", repoInfo.repo) assert.Equal(t, "com.sap.fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Valid https URL2 with dots", func(t *testing.T) { t.Run("Valid https URL2 with dots", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("https://github.hello.test/Testing/com.sap.fortify", &repoInfo) err := getGitRepoInfo("https://github.hello.test/Testing/com.sap.fortify", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "com.sap.fortify", repoInfo.repo) assert.Equal(t, "com.sap.fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Valid https URL1 with username and token", func(t *testing.T) { t.Run("Valid https URL1 with username and token", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("https://username:token@github.hello.test/Testing/fortify.git", &repoInfo) err := getGitRepoInfo("https://username:token@github.hello.test/Testing/fortify.git", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "fortify", repoInfo.repo) assert.Equal(t, "fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Valid https URL2 with username and token", func(t *testing.T) { t.Run("Valid https URL2 with username and token", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("https://username:token@github.hello.test/Testing/fortify", &repoInfo) err := getGitRepoInfo("https://username:token@github.hello.test/Testing/fortify", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "fortify", repoInfo.repo) assert.Equal(t, "fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Invalid https URL as no org/owner passed", func(t *testing.T) { t.Run("Invalid https URL as no org/Owner passed", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
assert.Error(t, getGitRepoInfo("https://github.com/fortify", &repoInfo)) assert.Error(t, getGitRepoInfo("https://github.com/fortify", &repoInfo))
}) })
t.Run("Invalid URL as no protocol passed", func(t *testing.T) { t.Run("Invalid URL as no protocol passed", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
assert.Error(t, getGitRepoInfo("github.hello.test/Testing/fortify", &repoInfo)) assert.Error(t, getGitRepoInfo("github.hello.test/Testing/fortify", &repoInfo))
}) })
t.Run("Valid ssh URL1", func(t *testing.T) { t.Run("Valid ssh URL1", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("git@github.hello.test/Testing/fortify.git", &repoInfo) err := getGitRepoInfo("git@github.hello.test/Testing/fortify.git", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "fortify", repoInfo.repo) assert.Equal(t, "fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Valid ssh URL2", func(t *testing.T) { t.Run("Valid ssh URL2", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("git@github.hello.test/Testing/fortify", &repoInfo) err := getGitRepoInfo("git@github.hello.test/Testing/fortify", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "fortify", repoInfo.repo) assert.Equal(t, "fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Valid ssh URL1 with dots", func(t *testing.T) { t.Run("Valid ssh URL1 with dots", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("git@github.hello.test/Testing/com.sap.fortify.git", &repoInfo) err := getGitRepoInfo("git@github.hello.test/Testing/com.sap.fortify.git", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "com.sap.fortify", repoInfo.repo) assert.Equal(t, "com.sap.fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Valid ssh URL2 with dots", func(t *testing.T) { t.Run("Valid ssh URL2 with dots", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
err := getGitRepoInfo("git@github.hello.test/Testing/com.sap.fortify", &repoInfo) err := getGitRepoInfo("git@github.hello.test/Testing/com.sap.fortify", &repoInfo)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
assert.Equal(t, "com.sap.fortify", repoInfo.repo) assert.Equal(t, "com.sap.fortify", repoInfo.Repo)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
}) })
t.Run("Invalid ssh URL as no org/owner passed", func(t *testing.T) { t.Run("Invalid ssh URL as no org/Owner passed", func(t *testing.T) {
var repoInfo RepoInfo var repoInfo codeql.RepoInfo
assert.Error(t, getGitRepoInfo("git@github.com/fortify", &repoInfo)) assert.Error(t, getGitRepoInfo("git@github.com/fortify", &repoInfo))
}) })
} }
@ -182,66 +181,66 @@ func TestInitGitInfo(t *testing.T) {
config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/codeql.git", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"} config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/codeql.git", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
repoInfo, err := initGitInfo(&config) repoInfo, err := initGitInfo(&config)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "abcd1234", repoInfo.commitId) assert.Equal(t, "abcd1234", repoInfo.CommitId)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
assert.Equal(t, "codeql", repoInfo.repo) assert.Equal(t, "codeql", repoInfo.Repo)
assert.Equal(t, "refs/head/branch", repoInfo.ref) assert.Equal(t, "refs/head/branch", repoInfo.Ref)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
}) })
t.Run("Valid URL2", func(t *testing.T) { t.Run("Valid URL2", func(t *testing.T) {
config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/codeql", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"} config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/codeql", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
repoInfo, err := initGitInfo(&config) repoInfo, err := initGitInfo(&config)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "abcd1234", repoInfo.commitId) assert.Equal(t, "abcd1234", repoInfo.CommitId)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
assert.Equal(t, "codeql", repoInfo.repo) assert.Equal(t, "codeql", repoInfo.Repo)
assert.Equal(t, "refs/head/branch", repoInfo.ref) assert.Equal(t, "refs/head/branch", repoInfo.Ref)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
}) })
t.Run("Valid url with dots URL1", func(t *testing.T) { t.Run("Valid url with dots URL1", func(t *testing.T) {
config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/com.sap.codeql.git", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"} config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/com.sap.codeql.git", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
repoInfo, err := initGitInfo(&config) repoInfo, err := initGitInfo(&config)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "abcd1234", repoInfo.commitId) assert.Equal(t, "abcd1234", repoInfo.CommitId)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
assert.Equal(t, "com.sap.codeql", repoInfo.repo) assert.Equal(t, "com.sap.codeql", repoInfo.Repo)
assert.Equal(t, "refs/head/branch", repoInfo.ref) assert.Equal(t, "refs/head/branch", repoInfo.Ref)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
}) })
t.Run("Valid url with dots URL2", func(t *testing.T) { t.Run("Valid url with dots URL2", func(t *testing.T) {
config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/com.sap.codeql", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"} config := codeqlExecuteScanOptions{Repository: "https://github.hello.test/Testing/com.sap.codeql", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
repoInfo, err := initGitInfo(&config) repoInfo, err := initGitInfo(&config)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "abcd1234", repoInfo.commitId) assert.Equal(t, "abcd1234", repoInfo.CommitId)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
assert.Equal(t, "com.sap.codeql", repoInfo.repo) assert.Equal(t, "com.sap.codeql", repoInfo.Repo)
assert.Equal(t, "refs/head/branch", repoInfo.ref) assert.Equal(t, "refs/head/branch", repoInfo.Ref)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
}) })
t.Run("Valid url with username and token URL1", func(t *testing.T) { t.Run("Valid url with username and token URL1", func(t *testing.T) {
config := codeqlExecuteScanOptions{Repository: "https://username:token@github.hello.test/Testing/codeql.git", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"} config := codeqlExecuteScanOptions{Repository: "https://username:token@github.hello.test/Testing/codeql.git", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
repoInfo, err := initGitInfo(&config) repoInfo, err := initGitInfo(&config)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "abcd1234", repoInfo.commitId) assert.Equal(t, "abcd1234", repoInfo.CommitId)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
assert.Equal(t, "codeql", repoInfo.repo) assert.Equal(t, "codeql", repoInfo.Repo)
assert.Equal(t, "refs/head/branch", repoInfo.ref) assert.Equal(t, "refs/head/branch", repoInfo.Ref)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
}) })
t.Run("Valid url with username and token URL2", func(t *testing.T) { t.Run("Valid url with username and token URL2", func(t *testing.T) {
config := codeqlExecuteScanOptions{Repository: "https://username:token@github.hello.test/Testing/codeql", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"} config := codeqlExecuteScanOptions{Repository: "https://username:token@github.hello.test/Testing/codeql", AnalyzedRef: "refs/head/branch", CommitID: "abcd1234"}
repoInfo, err := initGitInfo(&config) repoInfo, err := initGitInfo(&config)
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, "abcd1234", repoInfo.commitId) assert.Equal(t, "abcd1234", repoInfo.CommitId)
assert.Equal(t, "Testing", repoInfo.owner) assert.Equal(t, "Testing", repoInfo.Owner)
assert.Equal(t, "codeql", repoInfo.repo) assert.Equal(t, "codeql", repoInfo.Repo)
assert.Equal(t, "refs/head/branch", repoInfo.ref) assert.Equal(t, "refs/head/branch", repoInfo.Ref)
assert.Equal(t, "https://github.hello.test", repoInfo.serverUrl) assert.Equal(t, "https://github.hello.test", repoInfo.ServerUrl)
}) })
t.Run("Invalid URL with no org/reponame", func(t *testing.T) { t.Run("Invalid URL with no org/reponame", func(t *testing.T) {
@ -249,101 +248,16 @@ func TestInitGitInfo(t *testing.T) {
repoInfo, err := initGitInfo(&config) repoInfo, err := initGitInfo(&config)
assert.NoError(t, err) assert.NoError(t, err)
_, err = orchestrator.NewOrchestratorSpecificConfigProvider() _, err = orchestrator.NewOrchestratorSpecificConfigProvider()
assert.Equal(t, "abcd1234", repoInfo.commitId) assert.Equal(t, "abcd1234", repoInfo.CommitId)
assert.Equal(t, "refs/head/branch", repoInfo.ref) assert.Equal(t, "refs/head/branch", repoInfo.Ref)
if err != nil { if err != nil {
assert.Equal(t, "", repoInfo.owner) assert.Equal(t, "", repoInfo.Owner)
assert.Equal(t, "", repoInfo.repo) assert.Equal(t, "", repoInfo.Repo)
assert.Equal(t, "", repoInfo.serverUrl) assert.Equal(t, "", repoInfo.ServerUrl)
} }
}) })
} }
func TestBuildRepoReference(t *testing.T) {
t.Run("Valid ref with branch", func(t *testing.T) {
repository := "https://github.hello.test/Testing/fortify"
analyzedRef := "refs/head/branch"
ref, err := buildRepoReference(repository, analyzedRef)
assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test/Testing/fortify/tree/branch", ref)
})
t.Run("Valid ref with PR", func(t *testing.T) {
repository := "https://github.hello.test/Testing/fortify"
analyzedRef := "refs/pull/1/merge"
ref, err := buildRepoReference(repository, analyzedRef)
assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test/Testing/fortify/pull/1", ref)
})
t.Run("Invalid ref without branch name", func(t *testing.T) {
repository := "https://github.hello.test/Testing/fortify"
analyzedRef := "refs/head"
ref, err := buildRepoReference(repository, analyzedRef)
assert.Error(t, err)
assert.ErrorContains(t, err, "Wrong analyzedRef format")
assert.Equal(t, "", ref)
})
t.Run("Invalid ref without PR id", func(t *testing.T) {
repository := "https://github.hello.test/Testing/fortify"
analyzedRef := "refs/pull/merge"
ref, err := buildRepoReference(repository, analyzedRef)
assert.Error(t, err)
assert.ErrorContains(t, err, "Wrong analyzedRef format")
assert.Equal(t, "", ref)
})
}
func getRepoReferences(repoInfo RepoInfo) (string, string, string) {
repoUrl := fmt.Sprintf("%s/%s/%s", repoInfo.serverUrl, repoInfo.owner, repoInfo.repo)
repoReference, _ := buildRepoReference(repoUrl, repoInfo.ref)
repoCodeqlScanUrl := fmt.Sprintf("%s/security/code-scanning?query=is:open+ref:%s", repoUrl, repoInfo.ref)
return repoUrl, repoReference, repoCodeqlScanUrl
}
func TestCreateToolRecordCodeql(t *testing.T) {
t.Run("Valid toolrun file", func(t *testing.T) {
repoInfo := RepoInfo{serverUrl: "https://github.hello.test", commitId: "test", ref: "refs/head/branch", owner: "Testing", repo: "fortify"}
repoUrl, repoReference, repoCodeqlScanUrl := getRepoReferences(repoInfo)
toolRecord, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, repoCodeqlScanUrl)
assert.NoError(t, err)
assert.Equal(t, toolRecord.ToolName, "codeql")
assert.Equal(t, toolRecord.ToolInstance, "https://github.hello.test")
assert.Equal(t, toolRecord.DisplayName, "Testing fortify - refs/head/branch test")
assert.Equal(t, toolRecord.DisplayURL, "https://github.hello.test/Testing/fortify/security/code-scanning?query=is:open+ref:refs/head/branch")
})
t.Run("Empty repository URL", func(t *testing.T) {
repoInfo := RepoInfo{serverUrl: "", commitId: "test", ref: "refs/head/branch", owner: "Testing", repo: "fortify"}
repoUrl, repoReference, repoCodeqlScanUrl := getRepoReferences(repoInfo)
_, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, repoCodeqlScanUrl)
assert.Error(t, err)
assert.ErrorContains(t, err, "Repository not set")
})
t.Run("Empty analyzedRef", func(t *testing.T) {
repoInfo := RepoInfo{serverUrl: "https://github.hello.test", commitId: "test", ref: "", owner: "Testing", repo: "fortify"}
repoUrl, repoReference, repoCodeqlScanUrl := getRepoReferences(repoInfo)
_, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, repoCodeqlScanUrl)
assert.Error(t, err)
assert.ErrorContains(t, err, "Analyzed Reference not set")
})
t.Run("Empty CommitId", func(t *testing.T) {
repoInfo := RepoInfo{serverUrl: "https://github.hello.test", commitId: "", ref: "refs/head/branch", owner: "Testing", repo: "fortify"}
repoUrl, repoReference, repoCodeqlScanUrl := getRepoReferences(repoInfo)
_, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, repoCodeqlScanUrl)
assert.Error(t, err)
assert.ErrorContains(t, err, "CommitId not set")
})
t.Run("Invalid analyzedRef", func(t *testing.T) {
repoInfo := RepoInfo{serverUrl: "https://github.hello.test", commitId: "", ref: "refs/branch", owner: "Testing", repo: "fortify"}
repoUrl, repoReference, repoCodeqlScanUrl := getRepoReferences(repoInfo)
_, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, repoCodeqlScanUrl)
assert.Error(t, err)
})
}
func TestWaitSarifUploaded(t *testing.T) { func TestWaitSarifUploaded(t *testing.T) {
t.Parallel() t.Parallel()
config := codeqlExecuteScanOptions{SarifCheckRetryInterval: 1, SarifCheckMaxRetries: 5} config := codeqlExecuteScanOptions{SarifCheckRetryInterval: 1, SarifCheckMaxRetries: 5}

92
pkg/codeql/reporting.go
View File

@ -2,10 +2,13 @@ package codeql
import ( import (
"encoding/json" "encoding/json"
"fmt"
"path/filepath" "path/filepath"
"strings"
"github.com/SAP/jenkins-library/pkg/log" "github.com/SAP/jenkins-library/pkg/log"
"github.com/SAP/jenkins-library/pkg/piperutils" "github.com/SAP/jenkins-library/pkg/piperutils"
"github.com/SAP/jenkins-library/pkg/toolrecord"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@ -24,6 +27,14 @@ type CodeqlFindings struct {
Audited int `json:"audited"` Audited int `json:"audited"`
} }
type RepoInfo struct {
ServerUrl string
Repo string
CommitId string
Ref string
Owner string
}
func WriteJSONReport(jsonReport CodeqlAudit, modulePath string) ([]piperutils.Path, error) { func WriteJSONReport(jsonReport CodeqlAudit, modulePath string) ([]piperutils.Path, error) {
utils := piperutils.Files{} utils := piperutils.Files{}
reportPaths := []piperutils.Path{} reportPaths := []piperutils.Path{}
@ -44,3 +55,84 @@ func WriteJSONReport(jsonReport CodeqlAudit, modulePath string) ([]piperutils.Pa
return reportPaths, nil return reportPaths, nil
} }
func BuildRepoReference(repository, analyzedRef string) (string, error) {
ref := strings.Split(analyzedRef, "/")
if len(ref) < 3 {
return "", errors.New(fmt.Sprintf("Wrong analyzedRef format: %s", analyzedRef))
}
if strings.Contains(analyzedRef, "pull") {
if len(ref) < 4 {
return "", errors.New(fmt.Sprintf("Wrong analyzedRef format: %s", analyzedRef))
}
return fmt.Sprintf("%s/pull/%s", repository, ref[2]), nil
}
return fmt.Sprintf("%s/tree/%s", repository, ref[2]), nil
}
func CreateAndPersistToolRecord(utils piperutils.FileUtils, repoInfo RepoInfo, repoReference, repoUrl, modulePath string) (string, error) {
toolRecord, err := createToolRecordCodeql(utils, repoInfo, repoReference, repoUrl, modulePath)
if err != nil {
return "", err
}
toolRecordFileName, err := persistToolRecord(toolRecord)
if err != nil {
return "", err
}
return toolRecordFileName, nil
}
func createToolRecordCodeql(utils piperutils.FileUtils, repoInfo RepoInfo, repoUrl, repoReference, modulePath string) (*toolrecord.Toolrecord, error) {
record := toolrecord.New(utils, modulePath, "codeql", repoInfo.ServerUrl)
if repoInfo.ServerUrl == "" {
return record, errors.New("Repository not set")
}
if repoInfo.CommitId == "" || repoInfo.CommitId == "NA" {
return record, errors.New("CommitId not set")
}
if repoInfo.Ref == "" {
return record, errors.New("Analyzed Reference not set")
}
record.DisplayName = fmt.Sprintf("%s %s - %s %s", repoInfo.Owner, repoInfo.Repo, repoInfo.Ref, repoInfo.CommitId)
record.DisplayURL = fmt.Sprintf("%s/security/code-scanning?query=is:open+ref:%s", repoUrl, repoInfo.Ref)
err := record.AddKeyData("repository",
fmt.Sprintf("%s/%s", repoInfo.Owner, repoInfo.Repo),
fmt.Sprintf("%s %s", repoInfo.Owner, repoInfo.Repo),
repoUrl)
if err != nil {
return record, err
}
err = record.AddKeyData("repositoryReference",
repoInfo.Ref,
fmt.Sprintf("%s - %s", repoInfo.Repo, repoInfo.Ref),
repoReference)
if err != nil {
return record, err
}
err = record.AddKeyData("scanResult",
fmt.Sprintf("%s/%s", repoInfo.Ref, repoInfo.CommitId),
fmt.Sprintf("%s %s - %s %s", repoInfo.Owner, repoInfo.Repo, repoInfo.Ref, repoInfo.CommitId),
fmt.Sprintf("%s/security/code-scanning?query=is:open+ref:%s", repoUrl, repoInfo.Ref))
if err != nil {
return record, err
}
return record, nil
}
func persistToolRecord(toolRecord *toolrecord.Toolrecord) (string, error) {
err := toolRecord.Persist()
if err != nil {
return "", err
}
return toolRecord.GetFileName(), nil
}

108
pkg/codeql/reporting_test.go Normal file
View File

@ -0,0 +1,108 @@
package codeql
import (
"fmt"
"testing"
"github.com/SAP/jenkins-library/pkg/mock"
"github.com/stretchr/testify/assert"
)
type codeqlExecuteScanMockUtils struct {
*mock.ExecMockRunner
*mock.FilesMock
}
func newCodeqlExecuteScanTestsUtils() codeqlExecuteScanMockUtils {
utils := codeqlExecuteScanMockUtils{
ExecMockRunner: &mock.ExecMockRunner{},
FilesMock: &mock.FilesMock{},
}
return utils
}
func TestBuildRepoReference(t *testing.T) {
t.Run("Valid Ref with branch", func(t *testing.T) {
repository := "https://github.hello.test/Testing/fortify"
analyzedRef := "refs/head/branch"
ref, err := BuildRepoReference(repository, analyzedRef)
assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test/Testing/fortify/tree/branch", ref)
})
t.Run("Valid Ref with PR", func(t *testing.T) {
repository := "https://github.hello.test/Testing/fortify"
analyzedRef := "refs/pull/1/merge"
ref, err := BuildRepoReference(repository, analyzedRef)
assert.NoError(t, err)
assert.Equal(t, "https://github.hello.test/Testing/fortify/pull/1", ref)
})
t.Run("Invalid Ref without branch name", func(t *testing.T) {
repository := "https://github.hello.test/Testing/fortify"
analyzedRef := "refs/head"
ref, err := BuildRepoReference(repository, analyzedRef)
assert.Error(t, err)
assert.ErrorContains(t, err, "Wrong analyzedRef format")
assert.Equal(t, "", ref)
})
t.Run("Invalid Ref without PR id", func(t *testing.T) {
repository := "https://github.hello.test/Testing/fortify"
analyzedRef := "refs/pull/merge"
ref, err := BuildRepoReference(repository, analyzedRef)
assert.Error(t, err)
assert.ErrorContains(t, err, "Wrong analyzedRef format")
assert.Equal(t, "", ref)
})
}
func getRepoReferences(repoInfo RepoInfo) (string, string) {
repoUrl := fmt.Sprintf("%s/%s/%s", repoInfo.ServerUrl, repoInfo.Owner, repoInfo.Repo)
repoReference, _ := BuildRepoReference(repoUrl, repoInfo.Ref)
return repoUrl, repoReference
}
func TestCreateToolRecordCodeql(t *testing.T) {
modulePath := "./"
t.Run("Valid toolrun file", func(t *testing.T) {
repoInfo := RepoInfo{ServerUrl: "https://github.hello.test", CommitId: "test", Ref: "refs/head/branch", Owner: "Testing", Repo: "fortify"}
repoUrl, repoReference := getRepoReferences(repoInfo)
toolRecord, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, modulePath)
assert.NoError(t, err)
assert.Equal(t, toolRecord.ToolName, "codeql")
assert.Equal(t, toolRecord.ToolInstance, "https://github.hello.test")
assert.Equal(t, toolRecord.DisplayName, "Testing fortify - refs/head/branch test")
assert.Equal(t, toolRecord.DisplayURL, "https://github.hello.test/Testing/fortify/security/code-scanning?query=is:open+ref:refs/head/branch")
})
t.Run("Empty repository URL", func(t *testing.T) {
repoInfo := RepoInfo{ServerUrl: "", CommitId: "test", Ref: "refs/head/branch", Owner: "Testing", Repo: "fortify"}
repoUrl, repoReference := getRepoReferences(repoInfo)
_, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, modulePath)
assert.Error(t, err)
assert.ErrorContains(t, err, "Repository not set")
})
t.Run("Empty analyzedRef", func(t *testing.T) {
repoInfo := RepoInfo{ServerUrl: "https://github.hello.test", CommitId: "test", Ref: "", Owner: "Testing", Repo: "fortify"}
repoUrl, repoReference := getRepoReferences(repoInfo)
_, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, modulePath)
assert.Error(t, err)
assert.ErrorContains(t, err, "Analyzed Reference not set")
})
t.Run("Empty CommitId", func(t *testing.T) {
repoInfo := RepoInfo{ServerUrl: "https://github.hello.test", CommitId: "", Ref: "refs/head/branch", Owner: "Testing", Repo: "fortify"}
repoUrl, repoReference := getRepoReferences(repoInfo)
_, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, modulePath)
assert.Error(t, err)
assert.ErrorContains(t, err, "CommitId not set")
})
t.Run("Invalid analyzedRef", func(t *testing.T) {
repoInfo := RepoInfo{ServerUrl: "https://github.hello.test", CommitId: "", Ref: "refs/branch", Owner: "Testing", Repo: "fortify"}
repoUrl, repoReference := getRepoReferences(repoInfo)
_, err := createToolRecordCodeql(newCodeqlExecuteScanTestsUtils(), repoInfo, repoUrl, repoReference, modulePath)
assert.Error(t, err)
})
}