From 7eabbacd1fb40570928db47253784ed834a890c8 Mon Sep 17 00:00:00 2001 From: Sara Aspery Date: Thu, 19 Dec 2024 09:03:48 +0000 Subject: [PATCH] ACS-9044 Use temporary directory and allow any war file --- .github/workflows/ci.yml | 8 ++++++-- scripts/ci/remove-sast-exclusions.sh | 6 +++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 194ff45af6..93ead13426 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -84,13 +84,15 @@ jobs: bash ./scripts/ci/init.sh bash ./scripts/ci/build.sh - name: "Remove excluded files" - run: bash ./scripts/ci/remove-sast-exclusions.sh + run: | + bash mkdir temp-dir-for-sast + bash ./scripts/ci/remove-sast-exclusions.sh ./distribution/target/alfresco-reduced.war ./temp-dir-for-sast/reduced.war - name: "Run SAST Scan" uses: veracode/Veracode-pipeline-scan-action@v1.0.16 with: vid: '${{ secrets.VERACODE_API_ID }}' vkey: '${{ secrets.VERACODE_API_KEY }}' - file: "distribution/target/alfresco-reduced.war" + file: "temp-dir-for-sast/reduced.war" fail_build: true project_name: acs-packaging-acs issue_details: true @@ -108,6 +110,8 @@ jobs: with: name: Veracode Pipeline-Scan Results - ACS (Human Readable) path: readable_output.zip + - name: "Remove temporary directory" + run: bash rm -rfv temp-dir-for-sast - name: "Clean Maven cache" run: bash ./scripts/ci/cleanup_cache.sh diff --git a/scripts/ci/remove-sast-exclusions.sh b/scripts/ci/remove-sast-exclusions.sh index efdd8a234b..348f7843c5 100755 --- a/scripts/ci/remove-sast-exclusions.sh +++ b/scripts/ci/remove-sast-exclusions.sh @@ -3,8 +3,8 @@ echo "=========================== Excluding Files from Veracode SAST =========== set -ex pushd "$(dirname "${BASH_SOURCE[0]}")/../../" -# Copy alfresco.war file -/bin/cp -f ./distribution/target/alfresco.war ./distribution/target/alfresco-reduced.war +# Copy war file to temporary directory +/bin/cp -f "$1" ./temp-dir-for-sast/reduced.war # Remove files to be excluded from Veracode SAST exclusions="./scripts/ci/SAST-exclusion-list.txt" @@ -13,7 +13,7 @@ then while read -r line do echo "Removing WEB-INF/lib/$line" - zip -d ./packaging/war/target/alfresco-reduced.war "WEB-INF/lib/$line" || true + zip -d ./temp-dir-for-sast/reduced.war "WEB-INF/lib/$line" || true done < "$exclusions" else echo "No files to be excluded from SAST"