feat(fortifyExecuteScan): Fortify proxy parameter (#4543)

2025-01-20 05:19:40 +02:00 · 2023-08-31 17:18:18 +05:30 · 2023-08-31 17:18:18 +05:30 · f6e6d04408
commit f6e6d04408
parent 8507ca2c17
6 changed files with 69 additions and 6 deletions
--- a/cmd/fortifyExecuteScan.go
+++ b/cmd/fortifyExecuteScan.go
@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"math"
+	"net/url"
 	"os"
 	"os/exec"
 	"path/filepath"
@ -118,7 +119,7 @@ func fortifyExecuteScan(config fortifyExecuteScanOptions, telemetryData *telemet
 		log.Entry().WithError(err).Warning("Failed to get GitHub client")
 	}
 	auditStatus := map[string]string{}
-	sys := fortify.NewSystemInstance(config.ServerURL, config.APIEndpoint, config.AuthToken, time.Minute*15)
+	sys := fortify.NewSystemInstance(config.ServerURL, config.APIEndpoint, config.AuthToken, config.Proxy, time.Minute*15)
 	utils := newFortifyUtilsBundle(client)

 	influx.step_data.fields.fortify = false
@ -257,10 +258,18 @@ func runFortifyScan(ctx context.Context, config fortifyExecuteScanOptions, sys f
 	}

 	if config.UpdateRulePack {
-		err := utils.RunExecutable("fortifyupdate", "-acceptKey", "-acceptSSLCertificate", "-url", config.ServerURL)
+
+		fortifyUpdateParams := []string{"-acceptKey", "-acceptSSLCertificate", "-url", config.ServerURL}
+		proxyPort, proxyHost := getProxyParams(config.Proxy)
+		if proxyHost != "" && proxyPort != "" {
+			fortifyUpdateParams = append(fortifyUpdateParams, "-proxyhost", proxyHost, "-proxyport", proxyPort)
+		}
+
+		err := utils.RunExecutable("fortifyupdate", fortifyUpdateParams...)
 		if err != nil {
 			return reports, fmt.Errorf("failed to update rule pack, serverUrl: %v", config.ServerURL)
 		}
+
 		err = utils.RunExecutable("fortifyupdate", "-acceptKey", "-acceptSSLCertificate", "-showInstalledRules")
 		if err != nil {
 			return reports, fmt.Errorf("failed to fetch details of installed rule pack, serverUrl: %v", config.ServerURL)
@ -1261,3 +1270,16 @@ func createToolRecordFortify(utils fortifyUtils, workspace string, config fortif
 	}
 	return record.GetFileName(), nil
 }
+
+func getProxyParams(proxyUrl string) (string, string) {
+	if proxyUrl == "" {
+		return "", ""
+	}
+
+	urlParams, err := url.Parse(proxyUrl)
+	if err != nil {
+		log.Entry().Warningf("Failed to parse proxy url %s", proxyUrl)
+		return "", ""
+	}
+	return urlParams.Port(), urlParams.Hostname()
+}
--- a/cmd/fortifyExecuteScan_generated.go
+++ b/cmd/fortifyExecuteScan_generated.go
@ -77,6 +77,7 @@ type fortifyExecuteScanOptions struct {
 	PullRequestMessageRegex         string   `json:"pullRequestMessageRegex,omitempty"`
 	BuildTool                       string   `json:"buildTool,omitempty"`
 	ProjectSettingsFile             string   `json:"projectSettingsFile,omitempty"`
+	Proxy                           string   `json:"proxy,omitempty"`
 	GlobalSettingsFile              string   `json:"globalSettingsFile,omitempty"`
 	M2Path                          string   `json:"m2Path,omitempty"`
 	VerifyOnly                      bool     `json:"verifyOnly,omitempty"`
@ -365,6 +366,7 @@ func addFortifyExecuteScanFlags(cmd *cobra.Command, stepConfig *fortifyExecuteSc
 	cmd.Flags().StringVar(&stepConfig.PullRequestMessageRegex, "pullRequestMessageRegex", `.*Merge pull request #(\\d+) from.*`, "Regex used to identify the PR-XXX reference within the merge commit message")
 	cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", `maven`, "Scan type used for the step which can be `'maven'`, `'pip'` or `'gradle'`")
 	cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path to the mvn settings file that should be used as project settings file.")
+	cmd.Flags().StringVar(&stepConfig.Proxy, "proxy", os.Getenv("PIPER_proxy"), "Proxy URL to be used for communication with the Fortify instance.")
 	cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path to the mvn settings file that should be used as global settings file.")
 	cmd.Flags().StringVar(&stepConfig.M2Path, "m2Path", os.Getenv("PIPER_m2Path"), "Path to the location of the local repository that should be used.")
 	cmd.Flags().BoolVar(&stepConfig.VerifyOnly, "verifyOnly", false, "Whether the step shall only apply verification checks or whether it does a full scan and check cycle")
@ -962,6 +964,15 @@ func fortifyExecuteScanMetadata() config.StepData {
 						Aliases:     []config.Alias{{Name: "maven/projectSettingsFile"}},
 						Default:     os.Getenv("PIPER_projectSettingsFile"),
 					},
+					{
+						Name:        "proxy",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"STEPS", "STAGES", "PARAMETERS"},
+						Type:        "string",
+						Mandatory:   false,
+						Aliases:     []config.Alias{},
+						Default:     os.Getenv("PIPER_proxy"),
+					},
 					{
 						Name:        "globalSettingsFile",
 						ResourceRef: []config.ResourceReference{},
--- a/cmd/fortifyExecuteScan_test.go
+++ b/cmd/fortifyExecuteScan_test.go
@ -1120,3 +1120,17 @@ func TestRemoveDuplicates(t *testing.T) {
 func toFortifyTime(time time.Time) models.Iso8601MilliDateTime {
 	return models.Iso8601MilliDateTime(time.UTC())
 }
+
+func TestGetProxyParams(t *testing.T) {
+	t.Run("Valid Proxy URL", func(t *testing.T) {
+		proxyPort, proxyHost := getProxyParams("http://testproxy.com:8080")
+		assert.Equal(t, "8080", proxyPort)
+		assert.Equal(t, "testproxy.com", proxyHost)
+	})
+
+	t.Run("Invalid Proxy URL", func(t *testing.T) {
+		proxyPort, proxyHost := getProxyParams("testproxy.com:8080")
+		assert.Equal(t, "", proxyPort)
+		assert.Equal(t, "", proxyHost)
+	})
+}
--- a/pkg/fortify/fortify.go
+++ b/pkg/fortify/fortify.go
@ -83,7 +83,7 @@ type SystemInstance struct {
 }

 // NewSystemInstance - creates an returns a new SystemInstance
-func NewSystemInstance(serverURL, apiEndpoint, authToken string, timeout time.Duration) *SystemInstance {
+func NewSystemInstance(serverURL, apiEndpoint, authToken, proxyUrl string, timeout time.Duration) *SystemInstance {
 	// If serverURL ends in a trailing slash, UploadResultFile() will construct a URL with two or more
 	// consecutive slashes and actually fail with a 503. https://github.com/SAP/jenkins-library/issues/1826
 	// Also, since the step outputs a lot of URLs to the log, those will look nicer without redundant slashes.
@ -95,8 +95,17 @@ func NewSystemInstance(serverURL, apiEndpoint, authToken string, timeout time.Du
 	encodedAuthToken := base64EndodePlainToken(authToken)
 	httpClientInstance := &piperHttp.Client{}
 	httpClientOptions := piperHttp.ClientOptions{Token: "FortifyToken " + encodedAuthToken, TransportTimeout: timeout}
-	httpClientInstance.SetOptions(httpClientOptions)

+	if proxyUrl != "" {
+		transportProxy, err := url.Parse(proxyUrl)
+		if err != nil {
+			log.Entry().Warningf("Failed to parse proxy url %v", proxyUrl)
+		} else {
+			httpClientOptions.TransportProxy = transportProxy
+		}
+	}
+
+	httpClientInstance.SetOptions(httpClientOptions)
 	return NewSystemInstanceForClient(clientInstance, httpClientInstance, serverURL, encodedAuthToken, timeout)
 }

--- a/pkg/fortify/fortify_test.go
+++ b/pkg/fortify/fortify_test.go
@ -69,7 +69,7 @@ func TestCreateTransportConfig(t *testing.T) {

 func TestNewSystemInstance(t *testing.T) {
 	t.Run("fields are initialized", func(t *testing.T) {
-		sys := NewSystemInstance("https://some.fortify.host.com/ssc", "api/v1", "akjhskjhks", 10*time.Second)
+		sys := NewSystemInstance("https://some.fortify.host.com/ssc", "api/v1", "akjhskjhks", "", 10*time.Second)
 		assert.IsType(t, ff.Fortify{}, *sys.client, "Expected to get a Fortify client instance")
 		assert.IsType(t, piperHttp.Client{}, *sys.httpClient, "Expected to get a HTTP client instance")
 		assert.IsType(t, logrus.Entry{}, *sys.logger, "Expected to get a logrus entry instance")
@ -78,7 +78,7 @@ func TestNewSystemInstance(t *testing.T) {
 		assert.Equal(t, "https://some.fortify.host.com/ssc", sys.serverURL)
 	})
 	t.Run("SSC URL is trimmed", func(t *testing.T) {
-		sys := NewSystemInstance("https://some.fortify.host.com/ssc/", "api/v1", "akjhskjhks", 10*time.Second)
+		sys := NewSystemInstance("https://some.fortify.host.com/ssc/", "api/v1", "akjhskjhks", "", 10*time.Second)
 		assert.Equal(t, "https://some.fortify.host.com/ssc", sys.serverURL)
 	})
 }
--- a/resources/metadata/fortifyExecuteScan.yaml
+++ b/resources/metadata/fortifyExecuteScan.yaml
@ -626,6 +626,13 @@ spec:
          - PARAMETERS
        aliases:
          - name: maven/projectSettingsFile
+      - name: proxy
+        type: string
+        description: Proxy URL to be used for communication with the Fortify instance.
+        scope:
+          - STEPS
+          - STAGES
+          - PARAMETERS
      - name: globalSettingsFile
        type: string
        description: Path to the mvn settings file that should be used as global settings file.