Skip to content

Commit

Permalink
[ASA 9675] DAST rescan (#176)
Browse files Browse the repository at this point in the history
* dast-rescan
  • Loading branch information
vishalhcl-5960 authored Dec 16, 2024
1 parent b4dd310 commit 0a9d637
Show file tree
Hide file tree
Showing 10 changed files with 145 additions and 68 deletions.
9 changes: 5 additions & 4 deletions src/main/java/com/hcl/appscan/sdk/CoreConstants.java
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ public interface CoreConstants {
String API_PRESENCES_ID = API_ENV_LATEST + "/Presences/%s"; //$NON-NLS-1$
String API_PRESENCES_NEW_KEY = API_ENV_LATEST + "/Presences/%s/NewKey"; //$NON-NLS-1$
String API_BASIC_DETAILS = API_ENV_LATEST + "/Scans"; //$NON-NLS-1$
String API_SCANNER_DETAILS = API_ENV + "/Scans/&s/&s"; //$NON-NLS-1$
String API_SCANNER_DETAILS = API_ENV_LATEST + "/Scans/%s/%s"; //$NON-NLS-1$
String API_FILE_UPLOAD = API_ENV_LATEST + "/FileUpload"; //$NON-NLS-1$
String API_SCAN = API_ENV + "/%s"; //$NON-NLS-1$
String API_SCANNER = API_ENV_LATEST + "/Scans/%s"; //$NON-NLS-1$
Expand All @@ -91,6 +91,7 @@ public interface CoreConstants {
String API_IS_VALID_URL = API_ENV_LATEST + "/Scans/IsValidUrl"; //$NON-NLS-1$
String API_AUTHENTICATION = API_ENV_LATEST + "/Account/IsAuthenticated"; //$NON-NLS-1$
String API_TENANT_INFO = API_ENV_LATEST + "/Account/TenantInfo"; //$NON-NLS-1$
String API_EXECUTION_DETAILS = API_ENV_LATEST + "/Scans/%s/Executions"; //$NON-NLS-1$

String DEFAULT_RESULT_NAME = "asoc_results"; //$NON-NLS-1$
String SACLIENT_INSTALL_DIR = "SAClientInstall"; //$NON-NLS-1$
Expand Down Expand Up @@ -144,10 +145,10 @@ public interface CoreConstants {
String ERROR_SUBMITTING_SCAN = "error.submit.scan"; //$NON-NLS-1$
String ERROR_UPLOADING_FILE = "error.upload.file"; //$NON-NLS-1$
String ERROR_GETTING_INFO = "error.getting.info"; //$NON-NLS-1$
String ERROR_URL_VALIDATION = "error.url.validation"; //$NON-NLS-1$
String FORMAT_PARAMS = "FormatParams"; //$NON-NLS-1$
String ERROR_URL_VALIDATION = "error.url.validation"; //$NON-NLS-1$
String FORMAT_PARAMS = "FormatParams"; //$NON-NLS-1$
String ERROR_GETTING_SCANLOG = "error.getting.scanlog"; //$NON-NLS-1$

String ERROR_CANCEL_RESCAN = "error.cancel.rescan"; //$NON-NLS-1$
// ASE Status Messages
String CREATING_JOB = "message.creating.job"; //$NON-NLS-1$
String CREATE_JOB_SUCCESS = "message.created.job"; //$NON-NLS-1$
Expand Down
1 change: 1 addition & 0 deletions src/main/java/com/hcl/appscan/sdk/messages.properties
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ error.getting.info=An error occurred getting information for {0} with id {1}.
error.getting.scanlog=An error occurred retrieving the scan log.
error.url.validation = An error occurred while validating the Starting URL: {0}.
message.update.job = Updated the scan job parameters.
error.cancel.rescan = Rescan ID {0} not found. It may have been canceled or deleted. Verify the scan status on the AppScan server and retry.

#Presence
error.getting.presence.details=An error occurred retrieving details for Presence with id {0}.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,18 @@ protected void loadResults() {
return;
}

if (m_executionId != null && !m_executionId.isEmpty()) {
String executionId = obj.getString(ID);
if (executionId.equals(m_executionId)) {
m_status = obj.getString(STATUS);
} else {
m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(ERROR_CANCEL_RESCAN, m_executionId)));
m_status = FAILED;
}
} else {
m_status = obj.getString(STATUS);
}

m_status = obj.getString(STATUS);
if (FAILED.equalsIgnoreCase(m_status) && obj.has(USER_MESSAGE)) {
m_progress.setStatus(new Message(Message.ERROR, obj.getString(USER_MESSAGE)));
m_message = obj.getString(USER_MESSAGE);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -419,6 +419,11 @@ public void setProgress(IProgress progress) {
m_progress = progress;
}

@Override
public JSONArray getBaseScanDetails(String scanId) {
return null;
}

private String getReportPackId(String jobId) {
return String.valueOf(Integer.parseInt(jobId)+1);
// Uncomment the below code when you figure out how to parse the reponse.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import javax.net.ssl.HttpsURLConnection;

import com.hcl.appscan.sdk.logging.DefaultProgress;
import com.hcl.appscan.sdk.scanners.dynamic.DASTConstants;
import com.hcl.appscan.sdk.utils.FileUtil;
import com.hcl.appscan.sdk.utils.ServiceUtil;
Expand Down Expand Up @@ -50,6 +51,10 @@ public CloudScanServiceProvider(IProgress progress, IAuthenticationProvider auth
m_progress = progress;
m_authProvider = authProvider;
}

public CloudScanServiceProvider(IAuthenticationProvider authProvider) {
this(new DefaultProgress(), authProvider);
}

@Override
public String createAndExecuteScan(String type, Map<String, String> params) {
Expand All @@ -67,7 +72,7 @@ public String rescan(String scanId, Map<String, String> params) {
updateParams.put("Name", params.remove(CoreConstants.SCAN_NAME));
updateParams.put("EnableMailNotifications", params.remove(CoreConstants.EMAIL_NOTIFICATION));
updateParams.put("FullyAutomatic", params.remove("FullyAutomatic"));
ServiceUtil.updateScanData(updateParams, scanId, m_authProvider, m_progress);
updateScanData(updateParams, scanId);

String progressMessage = Messages.getMessage(RESCAN_SUCCESS);
String overviewMessage = Messages.getMessage(RESCAN_OVERVIEW);
Expand Down Expand Up @@ -197,6 +202,30 @@ public JSONObject getScanDetails(String scanId) throws IOException, JSONExceptio

return null;
}

public JSONObject getScanDetails(String type, String scanId) {
if (loginExpired()) {
return null;
}

String request_url = m_authProvider.getServer() + String.format(API_SCANNER_DETAILS, ServiceUtil.scanTypeShortForm(type), scanId);
Map<String, String> request_headers = m_authProvider.getAuthorizationHeader(true);
request_headers.put("accept", "application/json");
request_headers.put("Content-Type", "application/json");

HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts());
try {
HttpResponse response = client.get(request_url, request_headers, null);

if (response.isSuccess()) {
return (JSONObject) response.getResponseBodyAsJSON();
}
} catch (IOException | JSONException e) {
// Ignore and move on.
}

return null;
}

@Override
public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONException {
Expand Down Expand Up @@ -269,4 +298,51 @@ private boolean verifyApplication(String appId) {
public void setProgress(IProgress progress) {
m_progress = progress;
}

@Override
public JSONArray getBaseScanDetails(String scanId) {
if (loginExpired()) {
return null;
}

String request_url = m_authProvider.getServer() + String.format(API_EXECUTION_DETAILS, scanId);
request_url += "?$filter=IsValidForIncremental%20eq%20true&%24select=Id%2C%20CreatedAt%2C%20IsValidForIncremental&%24orderby=CreatedAt%20desc";
Map<String, String> request_headers = m_authProvider.getAuthorizationHeader(true);
request_headers.put("accept", "application/json");
request_headers.put("Content-Type", "application/json");

HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts());
try {
HttpResponse response = client.get(request_url, request_headers, null);

if (response.isSuccess()) {
return (JSONArray) response.getResponseBodyAsJSON();
}
} catch (IOException | JSONException e) {
// Ignore and move on.
}

return null;
}

public void updateScanData(Map<String, String> params, String scanId) {
if (loginExpired()) {
return;
}

String request_url = m_authProvider.getServer() + String.format(API_SCANNER,scanId);
Map<String, String> request_headers = m_authProvider.getAuthorizationHeader(true);
request_headers.put("accept", "application/json");
request_headers.put("Content-Type", "application/json");

HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts());
try {
HttpResponse response = client.put(request_url, request_headers, params);
if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) {
m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(UPDATE_JOB)));
}
} catch (IOException | JSONException e) {
m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage())));
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -92,4 +92,12 @@ public interface IScanServiceProvider {
* @param progress The {@link IProgress}.
*/
public void setProgress(IProgress progress);

/**
* Fetch the details of all the executions of a scan.
*
* @param scanId The scanId to test
* @return JSONArray.
*/
public JSONArray getBaseScanDetails(String scanId);
}
14 changes: 10 additions & 4 deletions src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java
Original file line number Diff line number Diff line change
Expand Up @@ -94,13 +94,19 @@ public void run() throws ScannerException, InvalidTargetException {

try {
JSONObject propertiesJSON = createJSONForProperties(params);
setScanId(getServiceProvider().createAndExecuteScan(type, propertiesJSON));
if (getRescan()) {
setScanId(params.get(CoreConstants.SCAN_ID));
setExecutionId(getServiceProvider().rescan(getScanId(), propertiesJSON));
if(getExecutionId() == null)
throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
} else {
setScanId(getServiceProvider().createAndExecuteScan(type, propertiesJSON));
if(getScanId() == null)
throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
}
} catch (JSONException e) {
throw new ScannerException(Messages.getMessage(ERROR_RUNNING_SCAN, e.getLocalizedMessage()));
}

if(getScanId() == null)
throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
}

private JSONObject createJSONForProperties(Map<String, String> params) throws JSONException {
Expand Down
6 changes: 4 additions & 2 deletions src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java
Original file line number Diff line number Diff line change
Expand Up @@ -122,12 +122,14 @@ protected void analyzeIR() throws IOException, ScannerException {
setScanId(params.get(CoreConstants.SCAN_ID));
params.put(CoreConstants.FILE_ID, fileId);
submitRescan();
if(getExecutionId() == null)
throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
} else {
params.put(FILE_ID, fileId);
submitScan();
if(getScanId() == null)
throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
}
if(getScanId() == null)
throw new ScannerException(Messages.getMessage(ERROR_SUBMITTING_IRX));
}

protected void submitScan() {
Expand Down
3 changes: 0 additions & 3 deletions src/main/java/com/hcl/appscan/sdk/utils/ArchiveUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -123,9 +123,6 @@ public static void zipFileOrFolder(File fileToZip, File zipFile) throws IOExcept
}

private static void zipFile(File fileToZip, String fileName, ZipOutputStream zipOut) throws IOException {
if (fileToZip.getName().startsWith(".")) {
return;
}
if (fileToZip.isDirectory()) {
File[] children = fileToZip.listFiles();
for (File childFile : children) {
Expand Down
77 changes: 24 additions & 53 deletions src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -223,47 +223,6 @@ private static boolean hasEntitlement(String scanType, IAuthenticationProvider p
return false;
}

/**
* Checks if the given scanId is valid for scanning.
*
* @param scanId The scanId to test.
* @param applicationId The applicationId to verify.
* @param type The scanType to verify.
* @param provider The IAuthenticationProvider for authentication.
* @return True if the scanId is valid. False is returned if the scanId is not valid, the request fails, or an exception occurs.
*/
public static boolean isScanId(String scanId, String applicationId, String type, IAuthenticationProvider provider) {
if (provider.isTokenExpired()) {
return true;
}

String request_url = provider.getServer() + API_BASIC_DETAILS;
request_url += "?$filter=Id%20eq%20" + scanId + "&%24select=AppId%2C%20Technology";
Map<String, String> request_headers = provider.getAuthorizationHeader(true);

HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts());
try {
HttpResponse response = client.get(request_url, request_headers, null);

if (response.isSuccess()) {
JSONObject obj = (JSONObject) response.getResponseBodyAsJSON();
JSONArray array = (JSONArray) obj.get(ITEMS);
if (array.isEmpty()) {
return false;
} else {
JSONObject body = (JSONObject) array.getJSONObject(0);
String appId = body.getString(CoreConstants.APP_ID);
String technologyName = body.getString("Technology");
return appId.equals(applicationId) && technologyName.equals(updatedScanType(type));
}
}
} catch (IOException | JSONException e) {
// Ignore and return false.
}

return false;
}

public static String updatedScanType(String type) {
switch (type) {
case "Static Analyzer":
Expand All @@ -276,24 +235,36 @@ public static String updatedScanType(String type) {
return type;
}

public static void updateScanData(Map<String, String> params, String scanId, IAuthenticationProvider provider, IProgress progress) {
if (provider.isTokenExpired()) {
return;
public static String scanTypeShortForm(String type) {
switch (type) {
case "Static Analyzer":
return "Sast";
case "Dynamic Analyzer":
return "Dast";
case CoreConstants.SOFTWARE_COMPOSITION_ANALYZER:
return "Sca";
}
return type;
}

String request_url = provider.getServer() + String.format(API_SCANNER,scanId);
Map<String, String> request_headers = provider.getAuthorizationHeader(true);
request_headers.put("accept", "application/json");
request_headers.put("Content-Type", "application/json");

/**
* Fetch the build version of the A360 server.
*
* @param provider The IAuthenticationProvider for authentication.
* @return The build server of the server.
*/
public static String getServiceVersion(IAuthenticationProvider provider) {
String request_url = provider.getServer() + "/assets/versions.json";
HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts());
try {
HttpResponse response = client.put(request_url, request_headers, params);
if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) {
progress.setStatus(new Message(Message.INFO, Messages.getMessage(UPDATE_JOB)));
HttpResponse response = client.get(request_url, null, null);
if (response.isSuccess()) {
JSONObject body = (JSONObject) response.getResponseBodyAsJSON();
return body.getString("MainVersion");
}
} catch (IOException | JSONException e) {
progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage())));
return "0"; //$NON-NLS-1$
}
return null;
}
}

0 comments on commit 0a9d637

Please sign in to comment.