due to missing quoting, command injection was possible via
pipeline configuration.
This is now fixed using a quoting and escaping utility.
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* add some logging to Vault login
* allign groovy part of the sonar step
* Revert "add some logging to Vault login"
This reverts commit d1738c124d2c1fbfb5becaad2a28dafcef4574fc.
* detect script v9 as default and detect script v8 as optional for blackduck
* unit test fix
---------
Co-authored-by: Dmitrii Pavlukhin <dmitrii.pavlukhin@sap.com>
* not allowing batch token revoke
* chaging values to hold variable name
* error message when identifying service token
* refactor
---------
Co-authored-by: Googlom <alimovgb@gmail.com>
* move to old package
* go mod
* remove old
* refactor done
* Update pkg/vault/oidc.go
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* commit suggestions
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* commit suggestions
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* commit suggestions
---------
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* fix too long CPE string written to git/commitMessage
* Add debug log
* Fix debug log
* Truncate long git commit message title
* Add tests for truncateString
* Fix test
* Fix tests
* Fix tests
---------
Co-authored-by: Ivan Nikiforov <ivan.nikiforov@sap.com>
* Add -ws=false -iwr to npm config get registry
* Add -ws=false -iwr to npm config set registry
* Fix test
* Fix test
---------
Co-authored-by: Manjunath <manjunath.mandya.surendrakumar@sap.com>
As we use tags for the unit test files, they don't run if one does not provide the tags=unit flag to the test execution command. This change adds the description of how one is to do this when running the tests in a shell, as well as how to add it to the VS Code extension.
Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
* trust engine config and handelling for vault
* add function for resolving trust engine reference
* refactor
* add basic test
* adapt to new trust engine response format
* remove accidental cyclic dependency
* move trust engine hook config
* refactor by separating code from vault
* move trust engine files to own pkg
* adapt to changes of previous commit
* log full error response of trust engine API
* enable getting multiple tokens from trustengine
* remove comment
* incorporate review comments
* go generate
* update unit tests
* apply suggested changes from code review
* fix unit tests
* add unit tests for config pkg
* make changes based on review comments
* make trust engine token available in GeneralConfig and minor fixes
* fix error logic when reading trust engine hook
* make getResponse more flexible and update logging
* update resource reference format
* improve URL handling
* improve logging
* use errors.Wrap() instead of errors.Join()
* update log messages based on suggestions
* remove trustengine resource ref from Sonar step
---------
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: jliempt <>
* Added pagination logic for retrieving projects from Black Duck server
* fixed unit tests for getProject in blackduck
* fixed unit tests for getProject in blackduck
* fixed unit tests for getProject in blackduck
