1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-12 10:55:20 +02:00
sap-jenkins-library/cmd/detectExecuteScan.go
Giridhar Shenoy 6805654cdb
detectExecuteScan : Default to scanOnChanges to true, reduce load on the server (#2733)
* changes to detectExec before master merge

* changes for detectExecuteScan

* self generated code added

* fix syntax errors and update docu

* added unit tests for fail and Group

* fix failOn bug

* add Groups as string array

* add Groups as string array

* tests and validation for groups, failOn

* Updated docs and added more tests

* documentation md files should not be changed

* Handle merge conflicts from PR 1845

* fix merge errors

* remove duplicate groups, merge error

* adding buildCode and buildTool as params

* switching build options

* building maven modules

* parameter correction

* parameter correction

* gnerate with new build parameter

* adding comments

* removing piper lib master and modifying goUtils to download 1.5.7 release

* first cleaning then installing

* multi module maven built

* multi module maven built removing unwanted code

* multi module maven built moving inside switch

* testing

* modifying the default use case to also call maven build

* modifying the default use case to also call maven build wih --

* corrected maven build command

* corrected maven build command with %v

* skipping test runs

* testing for MTA project with single pom

* adding absolute path to m2 path

* clean up

* adding switch for mta and maven and removing env from containers

* commiting changes for new detect step

* correting log message

* code clean up

* unit tests changes to detectExecute

* basic tests for new change

* restoring piperGoUtils to download correct piper binary

* code clean up

* code clean up

* clean detect code version

* Changes for detect codelocation

* remove unmap from scanProperties

* fix/add unit tests for remove unmap

* handle spaces in scanProperties

* update default scanproperties to remove deprecations

* Set default scanonchange to true

* handle multiple unmap true params

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-03-31 10:53:49 +02:00

223 lines
7.2 KiB
Go

package cmd
import (
"fmt"
"io"
"net/http"
"os"
"strings"
piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/maven"
"github.com/SAP/jenkins-library/pkg/command"
"github.com/SAP/jenkins-library/pkg/log"
"github.com/SAP/jenkins-library/pkg/piperutils"
"github.com/SAP/jenkins-library/pkg/telemetry"
"github.com/SAP/jenkins-library/pkg/versioning"
)
type detectUtils interface {
Abs(path string) (string, error)
FileExists(filename string) (bool, error)
FileRemove(filename string) error
Copy(src, dest string) (int64, error)
FileRead(path string) ([]byte, error)
FileWrite(path string, content []byte, perm os.FileMode) error
MkdirAll(path string, perm os.FileMode) error
Chmod(path string, mode os.FileMode) error
Glob(pattern string) (matches []string, err error)
Stdout(out io.Writer)
Stderr(err io.Writer)
SetDir(dir string)
SetEnv(env []string)
RunExecutable(e string, p ...string) error
RunShell(shell, script string) error
DownloadFile(url, filename string, header http.Header, cookies []*http.Cookie) error
}
type detectUtilsBundle struct {
*command.Command
*piperutils.Files
*piperhttp.Client
}
func newDetectUtils() detectUtils {
utils := detectUtilsBundle{
Command: &command.Command{
ErrorCategoryMapping: map[string][]string{
log.ErrorCompliance.String(): {
"FAILURE_POLICY_VIOLATION - Detect found policy violations.",
},
log.ErrorConfiguration.String(): {
"FAILURE_CONFIGURATION - Detect was unable to start due to issues with it's configuration.",
},
},
},
Files: &piperutils.Files{},
Client: &piperhttp.Client{},
}
utils.Stdout(log.Writer())
utils.Stderr(log.Writer())
return &utils
}
func detectExecuteScan(config detectExecuteScanOptions, _ *telemetry.CustomData) {
utils := newDetectUtils()
err := runDetect(config, utils)
if err != nil {
log.Entry().
WithError(err).
Fatal("failed to execute detect scan")
}
}
func runDetect(config detectExecuteScanOptions, utils detectUtils) error {
// detect execution details, see https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/88440888/Sample+Synopsys+Detect+Scan+Configuration+Scenarios+for+Black+Duck
err := getDetectScript(config, utils)
if err != nil {
return fmt.Errorf("failed to download 'detect.sh' script: %w", err)
}
defer func() {
err := utils.FileRemove("detect.sh")
if err != nil {
log.Entry().Warnf("failed to delete 'detect.sh' script: %v", err)
}
}()
err = utils.Chmod("detect.sh", 0700)
if err != nil {
return err
}
if config.InstallArtifacts {
err := maven.InstallMavenArtifacts(&maven.EvaluateOptions{
M2Path: config.M2Path,
ProjectSettingsFile: config.ProjectSettingsFile,
GlobalSettingsFile: config.GlobalSettingsFile,
}, utils)
if err != nil {
return err
}
}
args := []string{"./detect.sh"}
args, err = addDetectArgs(args, config, utils)
if err != nil {
return err
}
script := strings.Join(args, " ")
envs := []string{"BLACKDUCK_SKIP_PHONE_HOME=true"}
utils.SetDir(".")
utils.SetEnv(envs)
return utils.RunShell("/bin/bash", script)
}
func getDetectScript(config detectExecuteScanOptions, utils detectUtils) error {
if config.ScanOnChanges {
return utils.DownloadFile("https://raw.githubusercontent.com/blackducksoftware/detect_rescan/master/detect_rescan.sh", "detect.sh", nil, nil)
}
return utils.DownloadFile("https://detect.synopsys.com/detect.sh", "detect.sh", nil, nil)
}
func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectUtils) ([]string, error) {
coordinates := versioning.Coordinates{
Version: config.Version,
}
_, detectVersionName := versioning.DetermineProjectCoordinates("", config.VersioningModel, coordinates)
//Split on spaces, the scanPropeties, so that each property is available as a single string
//instead of all properties being part of a single string
config.ScanProperties = piperutils.SplitAndTrim(config.ScanProperties, " ")
if config.ScanOnChanges {
args = append(args, "--report")
config.Unmap = false
}
if config.Unmap {
if !piperutils.ContainsString(config.ScanProperties, "--detect.project.codelocation.unmap=true") {
args = append(args, fmt.Sprintf("--detect.project.codelocation.unmap=true"))
}
config.ScanProperties, _ = piperutils.RemoveAll(config.ScanProperties, "--detect.project.codelocation.unmap=false")
} else {
//When unmap is set to false, any occurances of unmap=true from scanProperties must be removed
config.ScanProperties, _ = piperutils.RemoveAll(config.ScanProperties, "--detect.project.codelocation.unmap=true")
}
args = append(args, config.ScanProperties...)
args = append(args, fmt.Sprintf("--blackduck.url=%v", config.ServerURL))
args = append(args, fmt.Sprintf("--blackduck.api.token=%v", config.Token))
// ProjectNames, VersionName, GroupName etc can contain spaces and need to be escaped using double quotes in CLI
// Hence the string need to be surrounded by \"
args = append(args, fmt.Sprintf("\"--detect.project.name='%v'\"", config.ProjectName))
args = append(args, fmt.Sprintf("\"--detect.project.version.name='%v'\"", detectVersionName))
// Groups parameter is added only when there is atleast one non-empty groupname provided
if len(config.Groups) > 0 && len(config.Groups[0]) > 0 {
args = append(args, fmt.Sprintf("\"--detect.project.user.groups='%v'\"", strings.Join(config.Groups, ",")))
}
// Atleast 1, non-empty category to fail on must be provided
if len(config.FailOn) > 0 && len(config.FailOn[0]) > 0 {
args = append(args, fmt.Sprintf("--detect.policy.check.fail.on.severities=%v", strings.Join(config.FailOn, ",")))
}
if len(config.CodeLocation) > 0 {
args = append(args, fmt.Sprintf("\"--detect.code.location.name='%v'\"", config.CodeLocation))
}
if len(config.ScanPaths) > 0 && len(config.ScanPaths[0]) > 0 {
args = append(args, fmt.Sprintf("--detect.blackduck.signature.scanner.paths=%v", strings.Join(config.ScanPaths, ",")))
}
if len(config.DependencyPath) > 0 {
args = append(args, fmt.Sprintf("--detect.source.path=%v", config.DependencyPath))
} else {
args = append(args, fmt.Sprintf("--detect.source.path='.'"))
}
if len(config.IncludedPackageManagers) > 0 {
args = append(args, fmt.Sprintf("--detect.included.detector.types=%v", strings.ToUpper(strings.Join(config.IncludedPackageManagers, ","))))
}
if len(config.ExcludedPackageManagers) > 0 {
args = append(args, fmt.Sprintf("--detect.excluded.detector.types=%v", strings.ToUpper(strings.Join(config.ExcludedPackageManagers, ","))))
}
if len(config.MavenExcludedScopes) > 0 {
args = append(args, fmt.Sprintf("--detect.maven.excluded.scopes=%v", strings.ToLower(strings.Join(config.MavenExcludedScopes, ","))))
}
if len(config.DetectTools) > 0 {
args = append(args, fmt.Sprintf("--detect.tools=%v", strings.Join(config.DetectTools, ",")))
}
mavenArgs, err := maven.DownloadAndGetMavenParameters(config.GlobalSettingsFile, config.ProjectSettingsFile, utils)
if err != nil {
return nil, err
}
if len(config.M2Path) > 0 {
absolutePath, err := utils.Abs(config.M2Path)
if err != nil {
return nil, err
}
mavenArgs = append(mavenArgs, fmt.Sprintf("-Dmaven.repo.local=%v", absolutePath))
}
if len(mavenArgs) > 0 {
args = append(args, fmt.Sprintf("\"--detect.maven.build.command='%v'\"", strings.Join(mavenArgs, " ")))
}
return args, nil
}