// Code generated by piper's step-generator. DO NOT EDIT. package cmd import ( "fmt" "os" "reflect" "strings" "time" "github.com/SAP/jenkins-library/pkg/config" "github.com/SAP/jenkins-library/pkg/gcs" "github.com/SAP/jenkins-library/pkg/log" "github.com/SAP/jenkins-library/pkg/splunk" "github.com/SAP/jenkins-library/pkg/telemetry" "github.com/SAP/jenkins-library/pkg/validation" "github.com/bmatcuk/doublestar" "github.com/spf13/cobra" ) type malwareExecuteScanOptions struct { BuildTool string `json:"buildTool,omitempty"` DockerConfigJSON string `json:"dockerConfigJSON,omitempty"` ContainerRegistryPassword string `json:"containerRegistryPassword,omitempty"` ContainerRegistryUser string `json:"containerRegistryUser,omitempty"` Host string `json:"host,omitempty"` Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` ScanImage string `json:"scanImage,omitempty"` ScanImageRegistryURL string `json:"scanImageRegistryUrl,omitempty"` ScanFile string `json:"scanFile,omitempty"` Timeout string `json:"timeout,omitempty"` ReportFileName string `json:"reportFileName,omitempty"` } type malwareExecuteScanReports struct { } func (p *malwareExecuteScanReports) persist(stepConfig malwareExecuteScanOptions, gcpJsonKeyFilePath string, gcsBucketId string, gcsFolderPath string, gcsSubFolder string) { if gcsBucketId == "" { log.Entry().Info("persisting reports to GCS is disabled, because gcsBucketId is empty") return } log.Entry().Info("Uploading reports to Google Cloud Storage...") content := []gcs.ReportOutputParam{ {FilePattern: "**/toolrun_malwarescan_*.json", ParamRef: "", StepResultType: "malwarescan"}, {FilePattern: "", ParamRef: "reportFileName", StepResultType: "malwarescan"}, } envVars := []gcs.EnvVar{ {Name: "GOOGLE_APPLICATION_CREDENTIALS", Value: gcpJsonKeyFilePath, Modified: false}, } gcsClient, err := gcs.NewClient(gcs.WithEnvVars(envVars)) if err != nil { log.Entry().Errorf("creation of GCS client failed: %v", err) return } defer gcsClient.Close() structVal := reflect.ValueOf(&stepConfig).Elem() inputParameters := map[string]string{} for i := 0; i < structVal.NumField(); i++ { field := structVal.Type().Field(i) if field.Type.String() == "string" { paramName := strings.Split(field.Tag.Get("json"), ",") paramValue, _ := structVal.Field(i).Interface().(string) inputParameters[paramName[0]] = paramValue } } if err := gcs.PersistReportsToGCS(gcsClient, content, inputParameters, gcsFolderPath, gcsBucketId, gcsSubFolder, doublestar.Glob, os.Stat); err != nil { log.Entry().Errorf("failed to persist reports: %v", err) } } // MalwareExecuteScanCommand Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html). func MalwareExecuteScanCommand() *cobra.Command { const STEP_NAME = "malwareExecuteScan" metadata := malwareExecuteScanMetadata() var stepConfig malwareExecuteScanOptions var startTime time.Time var reports malwareExecuteScanReports var logCollector *log.CollectorHook var splunkClient *splunk.Splunk telemetryClient := &telemetry.Telemetry{} var createMalwareExecuteScanCmd = &cobra.Command{ Use: STEP_NAME, Short: "Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).", Long: `Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).`, PreRunE: func(cmd *cobra.Command, _ []string) error { startTime = time.Now() log.SetStepName(STEP_NAME) log.SetVerbose(GeneralConfig.Verbose) GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens) path, _ := os.Getwd() fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path} log.RegisterHook(fatalHook) err := PrepareConfig(cmd, &metadata, STEP_NAME, &stepConfig, config.OpenPiperFile) if err != nil { log.SetErrorCategory(log.ErrorConfiguration) return err } log.RegisterSecret(stepConfig.DockerConfigJSON) log.RegisterSecret(stepConfig.ContainerRegistryPassword) log.RegisterSecret(stepConfig.ContainerRegistryUser) log.RegisterSecret(stepConfig.Username) log.RegisterSecret(stepConfig.Password) if len(GeneralConfig.HookConfig.SentryConfig.Dsn) > 0 { sentryHook := log.NewSentryHook(GeneralConfig.HookConfig.SentryConfig.Dsn, GeneralConfig.CorrelationID) log.RegisterHook(&sentryHook) } if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { splunkClient = &splunk.Splunk{} logCollector = &log.CollectorHook{CorrelationID: GeneralConfig.CorrelationID} log.RegisterHook(logCollector) } if err = log.RegisterANSHookIfConfigured(GeneralConfig.CorrelationID); err != nil { log.Entry().WithError(err).Warn("failed to set up SAP Alert Notification Service log hook") } validation, err := validation.New(validation.WithJSONNamesForStructFields(), validation.WithPredefinedErrorMessages()) if err != nil { return err } if err = validation.ValidateStruct(stepConfig); err != nil { log.SetErrorCategory(log.ErrorConfiguration) return err } return nil }, Run: func(_ *cobra.Command, _ []string) { stepTelemetryData := telemetry.CustomData{} stepTelemetryData.ErrorCode = "1" handler := func() { reports.persist(stepConfig, GeneralConfig.GCPJsonKeyFilePath, GeneralConfig.GCSBucketId, GeneralConfig.GCSFolderPath, GeneralConfig.GCSSubFolder) config.RemoveVaultSecretFiles() stepTelemetryData.Duration = fmt.Sprintf("%v", time.Since(startTime).Milliseconds()) stepTelemetryData.ErrorCategory = log.GetErrorCategory().String() stepTelemetryData.PiperCommitHash = GitCommit telemetryClient.SetData(&stepTelemetryData) telemetryClient.Send() if len(GeneralConfig.HookConfig.SplunkConfig.Dsn) > 0 { splunkClient.Initialize(GeneralConfig.CorrelationID, GeneralConfig.HookConfig.SplunkConfig.Dsn, GeneralConfig.HookConfig.SplunkConfig.Token, GeneralConfig.HookConfig.SplunkConfig.Index, GeneralConfig.HookConfig.SplunkConfig.SendLogs) splunkClient.Send(telemetryClient.GetData(), logCollector) } if len(GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint) > 0 { splunkClient.Initialize(GeneralConfig.CorrelationID, GeneralConfig.HookConfig.SplunkConfig.ProdCriblEndpoint, GeneralConfig.HookConfig.SplunkConfig.ProdCriblToken, GeneralConfig.HookConfig.SplunkConfig.ProdCriblIndex, GeneralConfig.HookConfig.SplunkConfig.SendLogs) splunkClient.Send(telemetryClient.GetData(), logCollector) } } log.DeferExitHandler(handler) defer handler() telemetryClient.Initialize(GeneralConfig.NoTelemetry, STEP_NAME) malwareExecuteScan(stepConfig, &stepTelemetryData) stepTelemetryData.ErrorCode = "0" log.Entry().Info("SUCCESS") }, } addMalwareExecuteScanFlags(createMalwareExecuteScanCmd, &stepConfig) return createMalwareExecuteScanCmd } func addMalwareExecuteScanFlags(cmd *cobra.Command, stepConfig *malwareExecuteScanOptions) { cmd.Flags().StringVar(&stepConfig.BuildTool, "buildTool", os.Getenv("PIPER_buildTool"), "Defines the tool which is used for building the artifact.") cmd.Flags().StringVar(&stepConfig.DockerConfigJSON, "dockerConfigJSON", os.Getenv("PIPER_dockerConfigJSON"), "Path to the file `.docker/config.json` - this is typically provided by your CI/CD system. You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).") cmd.Flags().StringVar(&stepConfig.ContainerRegistryPassword, "containerRegistryPassword", os.Getenv("PIPER_containerRegistryPassword"), "For `buildTool: docker`: Password for container registry access - typically provided by the CI/CD environment.") cmd.Flags().StringVar(&stepConfig.ContainerRegistryUser, "containerRegistryUser", os.Getenv("PIPER_containerRegistryUser"), "For `buildTool: docker`: Username for container registry access - typically provided by the CI/CD environment.") cmd.Flags().StringVar(&stepConfig.Host, "host", os.Getenv("PIPER_host"), "malware scanning host.") cmd.Flags().StringVar(&stepConfig.Username, "username", os.Getenv("PIPER_username"), "User") cmd.Flags().StringVar(&stepConfig.Password, "password", os.Getenv("PIPER_password"), "Password") cmd.Flags().StringVar(&stepConfig.ScanImage, "scanImage", os.Getenv("PIPER_scanImage"), "For `buildTool: docker`: Defines the docker image which should be scanned.") cmd.Flags().StringVar(&stepConfig.ScanImageRegistryURL, "scanImageRegistryUrl", os.Getenv("PIPER_scanImageRegistryUrl"), "For `buildTool: docker`: Defines the registry where the scanImage is located.") cmd.Flags().StringVar(&stepConfig.ScanFile, "scanFile", os.Getenv("PIPER_scanFile"), "The file which is scanned for malware") cmd.Flags().StringVar(&stepConfig.Timeout, "timeout", `600`, "timeout for http layer in seconds") cmd.Flags().StringVar(&stepConfig.ReportFileName, "reportFileName", `malwarescan_report.json`, "The file name of the report to be created") cmd.MarkFlagRequired("buildTool") cmd.MarkFlagRequired("host") cmd.MarkFlagRequired("username") cmd.MarkFlagRequired("password") } // retrieve step metadata func malwareExecuteScanMetadata() config.StepData { var theMetaData = config.StepData{ Metadata: config.StepMetadata{ Name: "malwareExecuteScan", Aliases: []config.Alias{}, Description: "Performs a malware scan using the [SAP Malware Scanning Service](https://help.sap.com/viewer/b416237f818c4e2e827f6118640079f8/LATEST/en-US/b7c9b86fe724458086a502df3160f380.html).", }, Spec: config.StepSpec{ Inputs: config.StepInputs{ Secrets: []config.StepSecrets{ {Name: "malwareScanCredentialsId", Description: "Jenkins 'Username with password' credentials ID containing the technical user/password credential used to communicate with the malwarescanning service.", Type: "jenkins"}, }, Parameters: []config.StepParameters{ { Name: "buildTool", ResourceRef: []config.ResourceReference{ { Name: "commonPipelineEnvironment", Param: "buildTool", }, }, Scope: []string{"GENERAL", "PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: true, Aliases: []config.Alias{}, Default: os.Getenv("PIPER_buildTool"), }, { Name: "dockerConfigJSON", ResourceRef: []config.ResourceReference{ { Name: "commonPipelineEnvironment", Param: "custom/dockerConfigJSON", }, { Name: "dockerConfigJsonCredentialsId", Type: "secret", }, { Name: "dockerConfigFileVaultSecretName", Type: "vaultSecretFile", Default: "docker-config", }, }, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: false, Aliases: []config.Alias{}, Default: os.Getenv("PIPER_dockerConfigJSON"), }, { Name: "containerRegistryPassword", ResourceRef: []config.ResourceReference{ { Name: "commonPipelineEnvironment", Param: "container/repositoryPassword", }, { Name: "commonPipelineEnvironment", Param: "custom/repositoryPassword", }, }, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: false, Aliases: []config.Alias{}, Default: os.Getenv("PIPER_containerRegistryPassword"), }, { Name: "containerRegistryUser", ResourceRef: []config.ResourceReference{ { Name: "commonPipelineEnvironment", Param: "container/repositoryUsername", }, { Name: "commonPipelineEnvironment", Param: "custom/repositoryUsername", }, }, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: false, Aliases: []config.Alias{}, Default: os.Getenv("PIPER_containerRegistryUser"), }, { Name: "host", ResourceRef: []config.ResourceReference{}, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: true, Aliases: []config.Alias{}, Default: os.Getenv("PIPER_host"), }, { Name: "username", ResourceRef: []config.ResourceReference{ { Name: "malwareScanCredentialsId", Param: "username", Type: "secret", }, { Name: "malwareScanUsernameVaultSecretName", Type: "vaultSecret", Default: "malware-scan", }, }, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: true, Aliases: []config.Alias{}, Default: os.Getenv("PIPER_username"), }, { Name: "password", ResourceRef: []config.ResourceReference{ { Name: "malwareScanCredentialsId", Param: "password", Type: "secret", }, { Name: "malwareScanPasswordVaultSecretName", Type: "vaultSecret", Default: "malware-scan", }, }, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: true, Aliases: []config.Alias{}, Default: os.Getenv("PIPER_password"), }, { Name: "scanImage", ResourceRef: []config.ResourceReference{ { Name: "commonPipelineEnvironment", Param: "container/imageNameTag", }, }, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: false, Aliases: []config.Alias{}, Default: os.Getenv("PIPER_scanImage"), }, { Name: "scanImageRegistryUrl", ResourceRef: []config.ResourceReference{ { Name: "commonPipelineEnvironment", Param: "container/registryUrl", }, }, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: false, Aliases: []config.Alias{}, Default: os.Getenv("PIPER_scanImageRegistryUrl"), }, { Name: "scanFile", ResourceRef: []config.ResourceReference{}, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: false, Aliases: []config.Alias{{Name: "file", Deprecated: true}}, Default: os.Getenv("PIPER_scanFile"), }, { Name: "timeout", ResourceRef: []config.ResourceReference{}, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: false, Aliases: []config.Alias{}, Default: `600`, }, { Name: "reportFileName", ResourceRef: []config.ResourceReference{}, Scope: []string{"PARAMETERS", "STAGES", "STEPS"}, Type: "string", Mandatory: false, Aliases: []config.Alias{}, Default: `malwarescan_report.json`, }, }, }, Outputs: config.StepOutputs{ Resources: []config.StepResources{ { Name: "reports", Type: "reports", Parameters: []map[string]interface{}{ {"filePattern": "**/toolrun_malwarescan_*.json", "type": "malwarescan"}, {"type": "malwarescan"}, }, }, }, }, }, } return theMetaData }