jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-02-21 19:48:53 +02:00
Code Issues Releases Activity

Excluded directory '.pipeline' for detectExecuteScan step (#4955)

Browse Source 
* Excluded directory './pipeline' for detectExecuteScan step

* fixed unit-tests

* changed config path from "pipeline/*" to ".pipeline/*"

* Refactor exclude handling

---------

Co-authored-by: Vijayan T <vijayanjay@gmail.com>
This commit is contained in:
Akramdzhon Azamov 2024-07-01 18:18:53 +05:00 committed by GitHub
parent fe2e4e7757
commit e2f1c13b75
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 49 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
cmd/detectExecuteScan.go
View File

@ -142,6 +142,8 @@ func newBlackduckSystem(config detectExecuteScanOptions) *blackduckSystem {
return &sys
}
const configPath = ".pipeline/*"
func detectExecuteScan(config detectExecuteScanOptions, _ *telemetry.CustomData, influx *detectExecuteScanInflux) {
influx.step_data.fields.detect = false
@ -454,9 +456,8 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
}
if len(config.ExcludedDirectories) != 0 && !checkIfArgumentIsInScanProperties(config, "detect.excluded.directories") {
args = append(args, fmt.Sprintf("--detect.excluded.directories=%s", strings.Join(config.ExcludedDirectories, ",")))
}
// Handle excluded directories
handleExcludedDirectories(&args, &config)
if config.Unmap {
if !piperutils.ContainsString(config.ScanProperties, "--detect.project.codelocation.unmap=true") {
@ -1121,3 +1122,33 @@ func logConfigInVerboseMode(config detectExecuteScanOptions) {
debugLog, _ := json.Marshal(config)
log.Entry().Debugf("Detect configuration: %v", string(debugLog))
}
func handleExcludedDirectories(args *[]string, config *detectExecuteScanOptions) {
index := findItemInStringSlice(config.ScanProperties, "detect.excluded.directories")
if index != -1 && !strings.Contains(config.ScanProperties[index], configPath) {
config.ScanProperties[index] += "," + configPath
} else {
config.ExcludedDirectories = excludeConfigDirectory(config.ExcludedDirectories)
*args = append(*args, fmt.Sprintf("--detect.excluded.directories=%s", strings.Join(config.ExcludedDirectories, ",")))
}
}
func excludeConfigDirectory(directories []string) []string {
configDirectory := configPath
for i := range directories {
if directories[i] == configDirectory {
return directories
}
}
directories = append(directories, configDirectory)
return directories
}
func findItemInStringSlice(slice []string, item string) int {
for i := range slice {
if strings.Contains(slice[i], item) {
return i
}
}
return -1
}

19
cmd/detectExecuteScan_test.go
View File

@ -315,7 +315,7 @@ func TestRunDetect(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'"
expectedScript := "./detect.sh --detect.excluded.directories=.pipeline/* --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'"
assert.Equal(t, expectedScript, utilsMock.Calls[0])
})
@ -323,7 +323,7 @@ func TestRunDetect(t *testing.T) {
t.Parallel()
ctx := context.Background()
utilsMock := newDetectTestUtilsBundle(false)
utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'": fmt.Errorf("")}
utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --detect.excluded.directories=.pipeline/* --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'": fmt.Errorf("")}
utilsMock.ExitCode = 3
utilsMock.AddFile("detect.sh", []byte(""))
err := runDetect(ctx, detectExecuteScanOptions{FailOnSevereVulnerabilities: true}, utilsMock, &detectExecuteScanInflux{})
@ -405,7 +405,7 @@ func TestAddDetectArgs(t *testing.T) {
"--testProp1=1",
"--detect.detector.search.depth=100",
"--detect.detector.search.continue=true",
"--detect.excluded.directories=dir1,dir2",
"--detect.excluded.directories=dir1,dir2,.pipeline/*",
"--scan1=1",
"--scan2=2",
"--blackduck.url=https://server.url",
@ -434,6 +434,7 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name=testName\"",
@ -462,6 +463,7 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name=testName\"",
@ -491,6 +493,7 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name=testName\"",
@ -521,6 +524,7 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
@ -556,6 +560,7 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
@ -595,6 +600,7 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
@ -634,6 +640,7 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
@ -674,6 +681,7 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--scan=1",
"--detect.project.codelocation.unmap=true",
"--blackduck.url=https://server.url",
@ -705,6 +713,7 @@ func TestAddDetectArgs(t *testing.T) {
},
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name=testName\"",
@ -730,6 +739,7 @@ func TestAddDetectArgs(t *testing.T) {
isPullRequest: true,
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name=Rapid_scan_on_PRs\"",
@ -768,7 +778,7 @@ func TestAddDetectArgs(t *testing.T) {
"--testProp1=1",
"--detect.detector.search.depth=5",
"--detect.detector.search.continue=false",
"--detect.excluded.directories=dir1,dir2",
"--detect.excluded.directories=dir1,dir2,.pipeline/*",
"--blackduck.url=https://server.url",
"--blackduck.api.token=apiToken",
"\"--detect.project.name=Rapid_scan_on_PRs\"",
@ -803,6 +813,7 @@ func TestAddDetectArgs(t *testing.T) {
isPullRequest: true,
expected: []string{
"--testProp1=1",
"--detect.excluded.directories=.pipeline/*",
"--detect.maven.build.command=",
"--settings",
".pipeline/settings.xml",