ACS-9044 Use temporary directory and allow any war file

.github/workflows/ci.yml

@@ -84,13 +84,15 @@ jobs:
           bash ./scripts/ci/init.sh
           bash ./scripts/ci/build.sh
       - name: "Remove excluded files"
-        run: bash ./scripts/ci/remove-sast-exclusions.sh
+        run: |
+          bash mkdir temp-dir-for-sast
+          bash ./scripts/ci/remove-sast-exclusions.sh ./distribution/target/alfresco-reduced.war ./temp-dir-for-sast/reduced.war
       - name: "Run SAST Scan"
         uses: veracode/[email protected]
         with:
           vid: '${{ secrets.VERACODE_API_ID }}'
           vkey: '${{ secrets.VERACODE_API_KEY }}'
-          file: "distribution/target/alfresco-reduced.war"
+          file: "temp-dir-for-sast/reduced.war"
           fail_build: true
           project_name: acs-packaging-acs
           issue_details: true
@@ -108,6 +110,8 @@ jobs:
         with:
           name: Veracode Pipeline-Scan Results - ACS (Human Readable)
           path: readable_output.zip
+      - name: "Remove temporary directory"
+        run: bash rm -rfv temp-dir-for-sast
       - name: "Clean Maven cache"
         run: bash ./scripts/ci/cleanup_cache.sh
 

scripts/ci/remove-sast-exclusions.sh

@@ -3,8 +3,8 @@ echo "=========================== Excluding Files from Veracode SAST ===========
 set -ex
 pushd "$(dirname "${BASH_SOURCE[0]}")/../../"
 
-# Copy alfresco.war file
-/bin/cp -f ./distribution/target/alfresco.war ./distribution/target/alfresco-reduced.war
+# Copy war file to temporary directory
+/bin/cp -f "$1" ./temp-dir-for-sast/reduced.war
 
 # Remove files to be excluded from Veracode SAST
 exclusions="./scripts/ci/SAST-exclusion-list.txt"
@@ -13,7 +13,7 @@ then
     while read -r line
     do
       echo "Removing WEB-INF/lib/$line"
-      zip -d ./packaging/war/target/alfresco-reduced.war "WEB-INF/lib/$line" || true
+      zip -d ./temp-dir-for-sast/reduced.war "WEB-INF/lib/$line" || true
     done < "$exclusions"
 else
     echo "No files to be excluded from SAST"