From aabbba717e317b49eb5b6a8c9e78d3a3822f3bb6 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Wed, 12 Jun 2024 19:13:37 +0530 Subject: [PATCH] ASA 8404 (#158) * include SCA implementation * copyright changes --- .../java/com/hcl/appscan/sdk/CoreConstants.java | 3 ++- .../java/com/hcl/appscan/sdk/messages.properties | 4 ++-- .../sdk/scan/CloudScanServiceProvider.java | 9 ++------- .../com/hcl/appscan/sdk/scanners/ASoCScan.java | 8 ++++++-- .../hcl/appscan/sdk/scanners/sast/SAClient.java | 15 ++++++++------- .../appscan/sdk/scanners/sast/SASTConstants.java | 3 ++- .../com/hcl/appscan/sdk/scanners/sca/SCAScan.java | 10 +++++++--- 7 files changed, 29 insertions(+), 23 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index 4adaa83c..7bf79f32 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -27,12 +27,13 @@ public interface CoreConstants { String SCANNER_TYPE = "type"; //$NON-NLS-1$ String STATUS = "Status"; //$NON-NLS-1$ String TARGET = "target"; //$NON-NLS-1$ - String OPEN_SOURCE_ONLY = "openSourceOnly"; //$NON-NLS-1$ + String INCLUDE_SCA = "includeSCA"; //$NON-NLS-1$ String VERSION_NUMBER = "VersionNumber"; //$NON-NLS-1$ String USER_MESSAGE = "UserMessage"; //$NON-NLS-1$ String IS_VALID = "IsValid"; //$NON-NLS-1$ String SOURCE_CODE_ONLY = "sourceCodeOnly"; //$NON-NLS-1$ String SOFTWARE_COMPOSITION_ANALYZER = "Software Composition Analyzer"; //$NON-NLS-1$ + String STATIC_ANALYZER = "Static Analyzer"; //$NON-NLS-1$ String SCA = "Sca"; //$NON-NLS-1$ String CREATE_IRX = "createIRX"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties index 28d71042..d1e80c2a 100644 --- a/src/main/java/com/hcl/appscan/sdk/messages.properties +++ b/src/main/java/com/hcl/appscan/sdk/messages.properties @@ -1,6 +1,6 @@ # # \u00c2\u00a9 Copyright IBM Corporation 2016. -# \u00c2\u00a9 Copyright HCL Technologies Ltd. 2017, 2020. +# \u00c2\u00a9 Copyright HCL Technologies Ltd. 2017, 2020, 2024. # LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0 # # NLS_MESSAGEFORMAT_VAR @@ -9,7 +9,7 @@ transfer.progress={0}% transferred message.created.scan=Successfully submitted scan for analysis. -message.running.scan=Creating and executing scan... +message.running.scan=Creating and executing {0} scan... message.uploading.file=Uploading {0} to the analysis service... message.done=Done. message.downloading.client=Downloading the latest SAClientUtil package... diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 8cef740c..5551f956 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -55,7 +55,7 @@ public String createAndExecuteScan(String type, Map params) { return null; } - m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(EXECUTING_SCAN))); + m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(EXECUTING_SCAN, params.get(CoreConstants.SCANNER_TYPE)))); Map request_headers = m_authProvider.getAuthorizationHeader(true); HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); @@ -63,12 +63,7 @@ public String createAndExecuteScan(String type, Map params) { HttpResponse response; request_headers.put("Content-Type", "application/json"); request_headers.put("accept", "application/json"); - String request_url; - if(type.equals(SASTConstants.STATIC_ANALYZER) && !params.containsKey(UPLOAD_DIRECT) && params.containsKey(OPEN_SOURCE_ONLY)) { - request_url = m_authProvider.getServer() + String.format(API_SCANNER, SCA); - } else { - request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); - } + String request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); response = client.post(request_url,request_headers,params); int status = response.getResponseCode(); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java index 92fe4dae..63565528 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java @@ -1,6 +1,6 @@ /** * © Copyright IBM Corporation 2016. - * © Copyright HCL Technologies Ltd. 2017. + * © Copyright HCL Technologies Ltd. 2017, 2024. * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0 */ @@ -33,7 +33,11 @@ public ASoCScan(Map properties, IScanServiceProvider provider) { } public ASoCScan(Map properties, IProgress progress, IScanServiceProvider provider) { - m_target = properties.remove(CoreConstants.TARGET); + if(properties.containsKey(CoreConstants.INCLUDE_SCA)) { + m_target = properties.get(CoreConstants.TARGET); + } else { + m_target = properties.remove(CoreConstants.TARGET); + } m_properties = properties; if(!m_properties.containsKey(CoreConstants.SCAN_NAME)) m_properties.put(CoreConstants.SCAN_NAME, getType() + SystemUtil.getTimeStamp()); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java index e341455d..4dc7cc3b 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java @@ -326,16 +326,17 @@ private List getClientArgs(Map properties) { if(properties.containsKey(VERBOSE)) { args.add(OPT_VERBOSE); } - if(properties.containsKey(THIRD_PARTY) || System.getProperty(THIRD_PARTY) != null) { + if(properties.containsKey(THIRD_PARTY) || System.getProperty(THIRD_PARTY) != null) args.add(OPT_THIRD_PARTY); - } - if (properties.containsKey(OPEN_SOURCE_ONLY) || System.getProperty(OPEN_SOURCE_ONLY) != null || properties.getOrDefault(CoreConstants.SCANNER_TYPE, "").equals(CoreConstants.SOFTWARE_COMPOSITION_ANALYZER)) { + if (properties.containsKey(OPEN_SOURCE_ONLY) || System.getProperty(OPEN_SOURCE_ONLY) != null) args.add(OPT_OPEN_SOURCE_ONLY); - } - if (properties.containsKey(SOURCE_CODE_ONLY) || System.getProperty(SOURCE_CODE_ONLY) != null) { + if (properties.containsKey(SOURCE_CODE_ONLY) || System.getProperty(SOURCE_CODE_ONLY) != null) args.add(OPT_SOURCE_CODE_ONLY); - } - if(properties.containsKey(SCAN_SPEED)) { + if (!properties.containsKey(CoreConstants.INCLUDE_SCA) && properties.get(CoreConstants.SCANNER_TYPE).equals(CoreConstants.STATIC_ANALYZER)) + args.add(OPT_STATIC_ANALYSIS_ONLY); + if (!properties.containsKey(CoreConstants.INCLUDE_SCA) && properties.get(CoreConstants.SCANNER_TYPE).equals(CoreConstants.SOFTWARE_COMPOSITION_ANALYZER)) + args.add(OPT_OPEN_SOURCE_ONLY); + if(properties.containsKey(SCAN_SPEED)){ args.add(OPT_SCAN_SPEED); if(properties.get(SCAN_SPEED).equals(NORMAL)){ args.add(THOROUGH); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java index f9b86334..7c737744 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java @@ -53,7 +53,8 @@ public interface SASTConstants { String OPT_VERBOSE = "-v"; //$NON-NLS-1$ String OPT_DEBUG = "-X"; //$NON-NLS-1$ String OPT_OPEN_SOURCE_ONLY = "-oso"; //$NON-NLS-1$ - String OPT_SOURCE_CODE_ONLY = "-sco"; //$NON-NLS-1$ + String OPT_SOURCE_CODE_ONLY = "-sco"; //$NON-NLS-1$ + String OPT_STATIC_ANALYSIS_ONLY = "-sao"; //$NON-NLS-1$ String OPT_SECRETS_ENABLED = "-es"; //$NON-NLS-1$ String OPT_SECRETS_ONLY = "-so"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java index fa779925..5588961e 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java @@ -1,5 +1,5 @@ /** - * © Copyright HCL Technologies Ltd. 2023. + * © Copyright HCL Technologies Ltd. 2023, 2024. * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0 */ @@ -34,8 +34,12 @@ public void run() throws ScannerException, InvalidTargetException { throw new InvalidTargetException(Messages.getMessage(TARGET_INVALID, target)); try { - generateIR(); - analyzeIR(); + if(getProperties().containsKey(CoreConstants.INCLUDE_SCA) && getProperties().containsKey("ApplicationFileId")) { + submitScan(); + } else { + generateIR(); + analyzeIR(); + } } catch(IOException e) { throw new ScannerException(Messages.getMessage(SCAN_FAILED, e.getLocalizedMessage())); }