1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-01-04 04:07:16 +02:00
sap-jenkins-library/pkg/codeql/codeql.go
sumeet patil 6dad124367
feat(codeqlExecuteScan): CodeQL compliance report and check (#4335)
* CodeQL compliance report and check

* fix test cases

---------

Co-authored-by: Daria Kuznetsova <d.kuznetsova@sap.com>
2023-04-28 15:47:05 +02:00

66 lines
2.0 KiB
Go

package codeql
import (
"context"
sapgithub "github.com/SAP/jenkins-library/pkg/github"
"github.com/google/go-github/v45/github"
)
type CodeqlScanAudit interface {
GetVulnerabilities(analyzedRef string, state string) error
}
type githubCodeqlScanningService interface {
ListAlertsForRepo(ctx context.Context, owner, repo string, opts *github.AlertListOptions) ([]*github.Alert, *github.Response, error)
}
const auditStateOpen = "open"
func NewCodeqlScanAuditInstance(apiURL, owner, repository, token string, trustedCerts []string) CodeqlScanAuditInstance {
return CodeqlScanAuditInstance{apiURL: apiURL, owner: owner, repository: repository, token: token, trustedCerts: trustedCerts}
}
type CodeqlScanAuditInstance struct {
apiURL string
owner string
repository string
token string
trustedCerts []string
alertListoptions github.AlertListOptions
}
func (codeqlScanAudit *CodeqlScanAuditInstance) GetVulnerabilities(analyzedRef string) (CodeqlScanning, error) {
ctx, client, err := sapgithub.NewClient(codeqlScanAudit.token, codeqlScanAudit.apiURL, "", codeqlScanAudit.trustedCerts)
if err != nil {
return CodeqlScanning{}, err
}
return getVulnerabilitiesFromClient(ctx, client.CodeScanning, analyzedRef, codeqlScanAudit)
}
func getVulnerabilitiesFromClient(ctx context.Context, codeScanning githubCodeqlScanningService, analyzedRef string, codeqlScanAudit *CodeqlScanAuditInstance) (CodeqlScanning, error) {
alertOptions := github.AlertListOptions{
State: "",
Ref: analyzedRef,
ListOptions: github.ListOptions{},
}
alerts, _, err := codeScanning.ListAlertsForRepo(ctx, codeqlScanAudit.owner, codeqlScanAudit.repository, &alertOptions)
if err != nil {
return CodeqlScanning{}, err
}
openStateCount := 0
for _, alert := range alerts {
if *alert.State == auditStateOpen {
openStateCount = openStateCount + 1
}
}
codeqlScanning := CodeqlScanning{}
codeqlScanning.Total = len(alerts)
codeqlScanning.Audited = (codeqlScanning.Total - openStateCount)
return codeqlScanning, nil
}