mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-14 11:03:09 +02:00
bc8d5efe46
* Initial in progress * compiling but not yet functional * Missed file * updated checkmarxone step * Working up to fetching a project then breaks * Missed file * Breaks when retrieving projects+proxy set * Create project & run scan working, now polling * Fixed polling * added back the zipfile remove command * Fixed polling again * Generates and downloads PDF report * Updated and working, prep for refactor * Added compliance steps * Cleanup, reporting, added groovy connector * fixed groovy file * checkmarxone to checkmarxOne * checkmarxone to checkmarxOne * split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix * Fixed filenames & yaml * missed the metadata_generated.go * added json to sarif conversion * fix:type in new checkmarxone package * fix:type in new checkmarxone package * removed test logs, added temp error log for creds * extra debugging to fix crash * improved auth logging, fixed query parse issue * fixed bug with group fetch when using oauth user * CWE can be -1 if not defined, can't be uint * Query also had CweID * Disabled predicates-fetch in sarif generation * Removing leftover info log message * Better error handling * fixed default preset configuration * removing .bat files - sorry * Cleanup per initial review * refactoring per Gist, fixed project find, add apps * small fix - sorry for commit noise while testing * Fixing issues with incremental scans. * removing maxretries * Updated per PR feedback, further changes todo toda * JSON Report changes and reporting cleanup * removing .bat (again?) * adding docs, groovy unit test, linter fixes * Started adding tests maybe 15% covered * fix(checkmarxOne): test cases for pkg and reporting * fix(checkmarxOne):fix formatting * feat(checkmarxone): update interface with missing method * feat(checkmarxone):change runStep signature to be able to inject dependency * feat(checkmarxone): add tests for step (wip) * Adding a bit more coverage * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix integration test PR * adding scan-summary bug workaround, reportgen fail * enforceThresholds fix when no results passed in * fixed gap when preset empty in yaml & project conf * fixed another gap in preset selection * fix 0-result panic * fail when no preset is set anywhere * removed comment * initial project-under-app support * fixing sarif reportgen * some cleanup of error messages * post-merge test fixes * revert previous upstream merge * fix:formatting * fix(checkmarxOne):yamllint too many blank lines * fix(checkmarxOne):unit test * fix(checkmarxOne):generated code --------- Co-authored-by: thtri <trinhthanhhai@gmail.com> Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
323 lines
11 KiB
Go
323 lines
11 KiB
Go
package cmd
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
checkmarxOne "github.com/SAP/jenkins-library/pkg/checkmarxone"
|
|
"github.com/SAP/jenkins-library/pkg/piperutils"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
type checkmarxOneSystemMock struct {
|
|
response interface{}
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) DownloadReport(reportID string) ([]byte, error) {
|
|
return nil, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetReportStatus(reportID string) (checkmarxOne.ReportStatus, error) {
|
|
return checkmarxOne.ReportStatus{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) RequestNewReport(scanID, projectID, branch, reportType string) (string, error) {
|
|
return "", nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) CreateApplication(appname string) (checkmarxOne.Application, error) {
|
|
return checkmarxOne.Application{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetApplicationByName(appname string) (checkmarxOne.Application, error) {
|
|
return checkmarxOne.Application{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetApplicationByID(appname string) (checkmarxOne.Application, error) {
|
|
return checkmarxOne.Application{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) UpdateApplication(app *checkmarxOne.Application) error {
|
|
return nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetScan(scanID string) (checkmarxOne.Scan, error) {
|
|
return checkmarxOne.Scan{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetScanMetadata(scanID string) (checkmarxOne.ScanMetadata, error) {
|
|
return checkmarxOne.ScanMetadata{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetScanResults(scanID string, limit uint64) ([]checkmarxOne.ScanResult, error) {
|
|
return []checkmarxOne.ScanResult{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetScanSummary(scanID string) (checkmarxOne.ScanSummary, error) {
|
|
return checkmarxOne.ScanSummary{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetResultsPredicates(SimilarityID int64, ProjectID string) ([]checkmarxOne.ResultsPredicates, error) {
|
|
return []checkmarxOne.ResultsPredicates{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetScanWorkflow(scanID string) ([]checkmarxOne.WorkflowLog, error) {
|
|
return []checkmarxOne.WorkflowLog{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetLastScans(projectID string, limit int) ([]checkmarxOne.Scan, error) {
|
|
return []checkmarxOne.Scan{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetLastScansByStatus(projectID string, limit int, status []string) ([]checkmarxOne.Scan, error) {
|
|
return []checkmarxOne.Scan{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) ScanProject(projectID, sourceUrl, branch, scanType string, settings []checkmarxOne.ScanConfiguration) (checkmarxOne.Scan, error) {
|
|
return checkmarxOne.Scan{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) ScanProjectZip(projectID, sourceUrl, branch string, settings []checkmarxOne.ScanConfiguration) (checkmarxOne.Scan, error) {
|
|
return checkmarxOne.Scan{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) ScanProjectGit(projectID, repoUrl, branch string, settings []checkmarxOne.ScanConfiguration) (checkmarxOne.Scan, error) {
|
|
return checkmarxOne.Scan{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) UploadProjectSourceCode(projectID string, zipFile string) (string, error) {
|
|
return "", nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) CreateProject(projectName string, groupIDs []string) (checkmarxOne.Project, error) {
|
|
return checkmarxOne.Project{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) CreateProjectInApplication(projectName, applicationId string, groupIDs []string) (checkmarxOne.Project, error) {
|
|
return checkmarxOne.Project{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetPresets() ([]checkmarxOne.Preset, error) {
|
|
return []checkmarxOne.Preset{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetProjectByID(projectID string) (checkmarxOne.Project, error) {
|
|
return checkmarxOne.Project{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetProjectsByName(projectName string) ([]checkmarxOne.Project, error) {
|
|
str := `[
|
|
{
|
|
"id": "3cb99ae5-5245-4cf7-83aa-9b517b8c1c57",
|
|
"name": "ssba-github",
|
|
"createdAt": "2023-03-21T16:48:33.224554Z",
|
|
"updatedAt": "2023-03-21T16:48:33.224554Z",
|
|
"groups": [
|
|
"af361bd1-e478-40f6-a4fb-d479828d5998"
|
|
],
|
|
"tags": {},
|
|
"repoUrl": "",
|
|
"mainBranch": "",
|
|
"criticality": 3
|
|
},
|
|
{
|
|
"id": "3cb99ae5-5245-4cf7-83aa-9b517b8c1c58",
|
|
"name": "ssba-local",
|
|
"createdAt": "2023-03-21T16:48:33.224554Z",
|
|
"updatedAt": "2023-03-21T16:48:33.224554Z",
|
|
"groups": [
|
|
"af361bd1-e478-40f6-a4fb-d479828d5998"
|
|
],
|
|
"tags": {},
|
|
"repoUrl": "",
|
|
"mainBranch": "",
|
|
"criticality": 3
|
|
},
|
|
{
|
|
"id": "3cb99ae5-5245-4cf7-83aa-9b517b8c1c59",
|
|
"name": "ssba-zip",
|
|
"createdAt": "2023-03-21T16:48:33.224554Z",
|
|
"updatedAt": "2023-03-21T16:48:33.224554Z",
|
|
"groups": [
|
|
"af361bd1-e478-40f6-a4fb-d479828d5998"
|
|
],
|
|
"tags": {},
|
|
"repoUrl": "",
|
|
"mainBranch": "",
|
|
"criticality": 3
|
|
}
|
|
]`
|
|
projects := []checkmarxOne.Project{}
|
|
_ = json.Unmarshal([]byte(str), &projects)
|
|
|
|
return projects, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetProjectsByNameAndGroup(projectName, groupID string) ([]checkmarxOne.Project, error) {
|
|
return []checkmarxOne.Project{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetProjects() ([]checkmarxOne.Project, error) {
|
|
return []checkmarxOne.Project{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetQueries() ([]checkmarxOne.Query, error) {
|
|
return []checkmarxOne.Query{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetGroups() ([]checkmarxOne.Group, error) {
|
|
str := `
|
|
[
|
|
{
|
|
"id": "d857c923-cf53-48bc-bfe4-163f66ed7b39",
|
|
"name": "Group1"
|
|
},
|
|
{
|
|
"id": "a8009bce-c24f-4edc-a931-06eb91ace2f5",
|
|
"name": "Group2"
|
|
},
|
|
{
|
|
"id": "a9ef684c-a61b-4647-9c49-363efc3879d7",
|
|
"name": "01100035870000224721"
|
|
},
|
|
{
|
|
"id": "3078680e-d796-4607-8e96-0d658eff799a",
|
|
"name": "Group3"
|
|
}
|
|
]
|
|
`
|
|
groups := []checkmarxOne.Group{}
|
|
_ = json.Unmarshal([]byte(str), &groups)
|
|
|
|
return groups, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetGroupByName(groupName string) (checkmarxOne.Group, error) {
|
|
groups, err := sys.GetGroups()
|
|
var group checkmarxOne.Group
|
|
if err != nil {
|
|
return group, err
|
|
}
|
|
|
|
for _, g := range groups {
|
|
if g.Name == groupName {
|
|
return g, nil
|
|
}
|
|
}
|
|
|
|
return group, errors.New(fmt.Sprintf("No group matching %v", groupName))
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetGroupByID(groupID string) (checkmarxOne.Group, error) {
|
|
return checkmarxOne.Group{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) SetProjectBranch(projectID, branch string, allowOverride bool) error {
|
|
return nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) SetProjectPreset(projectID, presetName string, allowOverride bool) error {
|
|
return nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) SetProjectLanguageMode(projectID, languageMode string, allowOverride bool) error {
|
|
return nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) SetProjectFileFilter(projectID, filter string, allowOverride bool) error {
|
|
return nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) GetProjectConfiguration(projectID string) ([]checkmarxOne.ProjectConfigurationSetting, error) {
|
|
return []checkmarxOne.ProjectConfigurationSetting{}, nil
|
|
}
|
|
|
|
func (sys *checkmarxOneSystemMock) UpdateProjectConfiguration(projectID string, settings []checkmarxOne.ProjectConfigurationSetting) error {
|
|
return nil
|
|
}
|
|
|
|
type checkmarxOneExecuteScanHelperMock struct {
|
|
ctx context.Context
|
|
config checkmarxOneExecuteScanOptions
|
|
sys *checkmarxOne.SystemInstance
|
|
influx *checkmarxOneExecuteScanInflux
|
|
utils checkmarxOneExecuteScanUtils
|
|
Project *checkmarxOne.Project
|
|
Group *checkmarxOne.Group
|
|
App *checkmarxOne.Application
|
|
reports []piperutils.Path
|
|
}
|
|
|
|
func TestGetProjectByName(t *testing.T) {
|
|
t.Parallel()
|
|
sys := &checkmarxOneSystemMock{}
|
|
t.Run("project name not found", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
options := checkmarxOneExecuteScanOptions{ProjectName: "ssba_notexist", VulnerabilityThresholdUnit: "absolute", FullScanCycle: "2", Incremental: true, FullScansScheduled: true, Preset: "CheckmarxDefault", GroupName: "TestGroup", VulnerabilityThresholdEnabled: true, GeneratePdfReport: true, APIKey: "testAPIKey", ServerURL: "testURL", IamURL: "testIamURL", Tenant: "testTenant"}
|
|
|
|
cx1sh := checkmarxOneExecuteScanHelper{nil, options, sys, nil, nil, nil, nil, nil, nil}
|
|
|
|
_, err := cx1sh.GetProjectByName()
|
|
|
|
assert.Contains(t, fmt.Sprint(err), "project not found")
|
|
})
|
|
t.Run("project name exists", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
options := checkmarxOneExecuteScanOptions{ProjectName: "ssba-github", VulnerabilityThresholdUnit: "absolute", FullScanCycle: "2", Incremental: true, FullScansScheduled: true, Preset: "CheckmarxDefault", GroupName: "TestGroup", VulnerabilityThresholdEnabled: true, GeneratePdfReport: true, APIKey: "testAPIKey", ServerURL: "testURL", IamURL: "testIamURL", Tenant: "testTenant"}
|
|
|
|
cx1sh := checkmarxOneExecuteScanHelper{nil, options, sys, nil, nil, nil, nil, nil, nil}
|
|
|
|
project, err := cx1sh.GetProjectByName()
|
|
assert.NoError(t, err, "Error occurred but none expected")
|
|
assert.Equal(t, project.ProjectID, "3cb99ae5-5245-4cf7-83aa-9b517b8c1c57")
|
|
assert.Equal(t, project.Name, "ssba-github")
|
|
assert.Equal(t, project.Groups[0], "af361bd1-e478-40f6-a4fb-d479828d5998")
|
|
})
|
|
}
|
|
|
|
func TestGetGroup(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
sys := &checkmarxOneSystemMock{}
|
|
|
|
t.Run("group ID and group name is not provided", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
options := checkmarxOneExecuteScanOptions{ProjectName: "ssba", VulnerabilityThresholdUnit: "absolute", FullScanCycle: "2", Incremental: true, FullScansScheduled: true, Preset: "CheckmarxDefault" /*GroupName: "NotProvided",*/, VulnerabilityThresholdEnabled: true, GeneratePdfReport: true, APIKey: "testAPIKey", ServerURL: "testURL", IamURL: "testIamURL", Tenant: "testTenant"}
|
|
|
|
cx1sh := checkmarxOneExecuteScanHelper{nil, options, sys, nil, nil, nil, nil, nil, nil}
|
|
_, err := cx1sh.GetGroup()
|
|
assert.Contains(t, fmt.Sprint(err), "No group name specified in configuration")
|
|
})
|
|
|
|
t.Run("group name not found", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
options := checkmarxOneExecuteScanOptions{ProjectName: "ssba", VulnerabilityThresholdUnit: "absolute", FullScanCycle: "2", Incremental: true, FullScansScheduled: true, Preset: "CheckmarxDefault", GroupName: "GroupNotExist", VulnerabilityThresholdEnabled: true, GeneratePdfReport: true, APIKey: "testAPIKey", ServerURL: "testURL", IamURL: "testIamURL", Tenant: "testTenant"}
|
|
|
|
cx1sh := checkmarxOneExecuteScanHelper{nil, options, sys, nil, nil, nil, nil, nil, nil}
|
|
|
|
_, err := cx1sh.GetGroup()
|
|
assert.Contains(t, fmt.Sprint(err), "Failed to get Checkmarx One group by Name GroupNotExist: No group matching GroupNotExist")
|
|
})
|
|
|
|
t.Run("group name exists", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
options := checkmarxOneExecuteScanOptions{ProjectName: "ssba-github", VulnerabilityThresholdUnit: "absolute", FullScanCycle: "2", Incremental: true, FullScansScheduled: true, Preset: "CheckmarxDefault", GroupName: "Group2", VulnerabilityThresholdEnabled: true, GeneratePdfReport: true, APIKey: "testAPIKey", ServerURL: "testURL", IamURL: "testIamURL", Tenant: "testTenant"}
|
|
|
|
cx1sh := checkmarxOneExecuteScanHelper{nil, options, sys, nil, nil, nil, nil, nil, nil}
|
|
|
|
group, err := cx1sh.GetGroup()
|
|
assert.NoError(t, err, "Error occurred but none expected")
|
|
assert.Equal(t, group.GroupID, "a8009bce-c24f-4edc-a931-06eb91ace2f5")
|
|
assert.Equal(t, group.Name, "Group2")
|
|
})
|
|
}
|