Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rescan #169

Merged
merged 21 commits into from
Sep 25, 2024
Merged

Rescan #169

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
e91bc1b
Rescan
Aug 19, 2024
5a9ce92
Params
Aug 19, 2024
b8842db
Java Doc
Aug 20, 2024
e08614d
scanId validation method
vishalhcl-5960 Aug 21, 2024
a3b336b
Rewrite console-logs for rescan
vishalhcl-5960 Aug 23, 2024
1fd4d89
scan details with execution ID
vishalhcl-5960 Aug 23, 2024
5eed66a
Update ServiceUtil.java
vishalhcl-5960 Aug 24, 2024
433f83e
Update NonCompliantIssuesResultProvider.java
vishalhcl-5960 Aug 27, 2024
587b030
As per the comments
Sep 7, 2024
c09f338
removed the "new" status from query
vishalhcl-5960 Sep 9, 2024
3686da4
Merge branch 'Rescan' of https://github.com/HCL-TECH-SOFTWARE/appscan…
vishalhcl-5960 Sep 9, 2024
4b2f2bb
Addressed the PR comments
vishalhcl-5960 Sep 11, 2024
fd46f4e
addressing comments
vishalhcl-5960 Sep 12, 2024
45994bb
Merge branch 'master' into Rescan
vishalhcl-5960 Sep 12, 2024
052f5c9
ASA-9456
vishalhcl-5960 Sep 12, 2024
c02ad47
ASA-9480 & ASA-9479
vishalhcl-5960 Sep 19, 2024
6628196
As per comments
vishalhcl-5960 Sep 19, 2024
02aedd7
ASA-9475
vishalhcl-5960 Sep 20, 2024
c8062fd
Created a common constant for a status statement
vishalhcl-5960 Sep 20, 2024
396cd08
As per comments
vishalhcl-5960 Sep 20, 2024
d1649b8
Update HttpClient.java
vishalhcl-5960 Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/main/java/com/hcl/appscan/sdk/CoreConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ public interface CoreConstants {
String FILE_TO_UPLOAD = "fileToUpload"; //$NON-NLS-1$
String UPLOADED_FILE = "uploadedFile"; //$NON-NLS-1$
String ID = "Id"; //$NON-NLS-1$
String SCAN_ID = "ScanId"; //$NON-NLS-1$
String KEY = "Key"; //$NON-NLS-1$
String LATEST_EXECUTION = "LatestExecution"; //$NON-NLS-1$
String LOCALE = "Locale"; //$NON-NLS-1$
Expand Down Expand Up @@ -75,6 +76,7 @@ public interface CoreConstants {
String API_FILE_UPLOAD = API_ENV_LATEST + "/FileUpload"; //$NON-NLS-1$
String API_SCAN = API_ENV + "/%s"; //$NON-NLS-1$
String API_SCANNER = API_ENV_LATEST + "/Scans/%s"; //$NON-NLS-1$
String API_RESCAN = API_ENV_LATEST + "/Scans/%s/Executions"; //$NON-NLS-1$
String API_SCANS = API_ENV + "/Scans"; //$NON-NLS-1$
String API_NONCOMPLIANT_ISSUES = API_ENV + "/Scans/%s/NonCompliantIssues"; //$NON-NLS-1$
String API_SCANS_REPORT = API_ENV_LATEST + "/Scans/%s/Report/%s"; //$NON-NLS-1$
Expand Down Expand Up @@ -117,6 +119,8 @@ public interface CoreConstants {

String CREATE_SCAN_SUCCESS = "message.created.scan"; //$NON-NLS-1$
String SCAN_OVERVIEW = "message.scan.overview"; //$NON-NLS-1$
String RESCAN_SUCCESS = "message.rescan"; //$NON-NLS-1$
String RESCAN_OVERVIEW = "message.rescan.overview"; //$NON-NLS-1$
String DOWNLOADING_CLIENT = "message.downloading.client"; //$NON-NLS-1$
String EXECUTING_SCAN = "message.running.scan"; //$NON-NLS-1$
String UPLOADING_FILE = "message.uploading.file"; //$NON-NLS-1$
Expand Down Expand Up @@ -148,6 +152,7 @@ public interface CoreConstants {
String CREATING_JOB = "message.creating.job"; //$NON-NLS-1$
String CREATE_JOB_SUCCESS = "message.created.job"; //$NON-NLS-1$
String ERROR_CREATE_JOB = "error.create.job"; //$NON-NLS-1$
String UPDATE_JOB = "message.update.job"; //$NON-NLS-1$
String ERROR_UPDATE_JOB = "error.update.job"; //$NON-NLS-1$
String EXECUTING_JOB = "message.running.job"; //$NON-NLS-1$
String EXECUTE_JOB_SUCCESS = "message.executed.job"; //$NON-NLS-1$
Expand Down
29 changes: 29 additions & 0 deletions src/main/java/com/hcl/appscan/sdk/http/HttpClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,35 @@ public HttpResponse put(String url,
return makeRequest(Method.PUT, url, headerProperties, body);
}

/**
* Submit a put request.
*
* @param url The URL string.
* @param headerProperties An optional Map of header properties.
* @param parameters An optional Map of properties.
* @return The response as a byte array.
* @throws IOException If an error occurs.
*/
public HttpResponse put(String url, Map<String, String> headerProperties, Map<String, String> parameters)
throws IOException, JSONException {
JSONObject objectMap = new JSONObject();
for (String key : parameters.keySet()) {
if (parameters.get(key) != null){
String value = parameters.get(key);
if (value.equalsIgnoreCase("true")) {
objectMap.put(key, true);
} else if (value.equalsIgnoreCase("false")) {
objectMap.put(key, false);
} else {
// If the string is not "true" or "false," keep it as is
objectMap.put(key, value);
}
}
}
String body = objectMap.toString();
return put(url, headerProperties, body);
}

/**
* Submit a delete request.
*
Expand Down
7 changes: 5 additions & 2 deletions src/main/java/com/hcl/appscan/sdk/messages.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,10 @@

transfer.progress={0}% transferred

message.created.scan=Successfully submitted {0} scan for analysis. Scan ID: {1}
message.scan.overview={0} scan overview: {1}
message.created.scan=Successfully submitted {0} scan for analysis. Scan ID:
message.scan.overview={0} scan overview:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reason for removing the {1} at the end of each of these strings? It looks like the calls that use them still provide information for the 2nd parameter.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are assigning the 2nd value in a common method ("executeScan") used for createAndExecuteScan() & rescan(). So, for new scan the 2nd value will be scanId while for the rescanning it would be executionId.

message.rescan= Successfully submitted rescan for analysis. Execution ID:
message.rescan.overview= Rescan overview:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are message.rescan and message.rescan.overview used anywhere? I don't see them referenced in this PR.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, We are using them in the rescan() method.
https://github.com/HCL-TECH-SOFTWARE/appscan-sdk/blob/Rescan/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java#L72
https://github.com/HCL-TECH-SOFTWARE/appscan-sdk/blob/Rescan/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java#L73

message.running.scan=Creating and executing {0} scan...
message.uploading.file=Uploading {0} to the analysis service...
message.done=Done.
Expand Down Expand Up @@ -54,6 +56,7 @@ error.login.type.deprectated=The specified login type is deprecated. Please use
error.getting.info=An error occurred getting information for {0} with id {1}.
error.getting.scanlog=An error occurred retrieving the scan log.
error.url.validation = An error occurred while validating the Starting URL: {0}.
message.update.job = Updated the scan job parameters.

#Presence
error.getting.presence.details=An error occurred retrieving details for Presence with id {0}.
Expand Down
6 changes: 6 additions & 0 deletions src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,16 @@ public class CloudResultsProvider implements IResultsProvider, Serializable, Cor
protected int m_mediumFindings;
protected int m_lowFindings;
protected int m_infoFindings;
protected String m_executionId;

public CloudResultsProvider(String scanId, String type, IScanServiceProvider provider, IProgress progress) {
this(scanId, null, type, provider, progress);
}

public CloudResultsProvider(String scanId, String executionId, String type, IScanServiceProvider provider, IProgress progress) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To limit duplication of code, it would be good to have the original constructor that does not take an executionId call this one directly. E.g.:
this(scanId, null, type, provider, progress);

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, sure.

m_type = type;
m_scanId = scanId;
m_executionId = executionId;
m_hasResults = false;
m_scanProvider = provider;
m_progress = progress;
Expand Down
82 changes: 51 additions & 31 deletions src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,15 @@
*/
package com.hcl.appscan.sdk.results;

import com.hcl.appscan.sdk.CoreConstants;
import com.hcl.appscan.sdk.Messages;
import com.hcl.appscan.sdk.auth.IAuthenticationProvider;
import com.hcl.appscan.sdk.http.HttpClient;
import com.hcl.appscan.sdk.http.HttpResponse;
import com.hcl.appscan.sdk.logging.IProgress;
import com.hcl.appscan.sdk.logging.Message;
import com.hcl.appscan.sdk.scan.IScanServiceProvider;
import com.hcl.appscan.sdk.scanners.ASoCScan;
import com.hcl.appscan.sdk.utils.SystemUtil;
import java.io.File;
import java.io.IOException;
Expand All @@ -33,6 +35,10 @@ public NonCompliantIssuesResultProvider(String scanId, String type, IScanService
super(scanId, type, provider, progress);
}

public NonCompliantIssuesResultProvider(String scanId, String executionId, String type, IScanServiceProvider provider, IProgress progress) {
super(scanId, executionId, type, provider, progress);
}

@Override
protected void loadResults() {
try {
Expand Down Expand Up @@ -61,38 +67,47 @@ protected void loadResults() {
m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(SUSPEND_JOB_BYUSER, "Scan Id: " + m_scanId)));
m_message = Messages.getMessage(SUSPEND_JOB_BYUSER, "Scan Id: " + m_scanId);
} else if (m_status != null && !(m_status.equalsIgnoreCase(INQUEUE) || m_status.equalsIgnoreCase(RUNNING) || m_status.equalsIgnoreCase(PAUSING))) {
JSONArray array = m_scanProvider.getNonCompliantIssues(m_scanId);
JSONArray array;
if(m_executionId != null && !m_executionId.isEmpty()) {
array = m_scanProvider.getNonCompliantIssuesUsingExecutionId(m_executionId);
} else {
array = m_scanProvider.getNonCompliantIssues(m_scanId);
}
m_totalFindings = 0;

for (int i = 0; i < array.length(); i++) {
JSONObject jobj = array.getJSONObject(i);
String sev = jobj.getString("Severity");
int count = jobj.getInt("N");

switch (sev.toLowerCase()) {
case "critical":
m_criticalFindings += count;
m_totalFindings += count;
break;
case "high":
m_highFindings += count;
m_totalFindings += count;
break;
case "medium":
m_mediumFindings += count;
m_totalFindings += count;
break;
case "low":
m_lowFindings += count;
m_totalFindings += count;
break;
case "informational":
m_infoFindings += count;
m_totalFindings += count;
break;
default:
m_totalFindings += count;
break;
if(array == null) {
m_status = FAILED;
} else {
for (int i = 0; i < array.length(); i++) {
JSONObject jobj = array.getJSONObject(i);
String sev = jobj.getString("Severity");
int count = jobj.getInt("N");

switch (sev.toLowerCase()) {
case "critical":
m_criticalFindings += count;
m_totalFindings += count;
break;
case "high":
m_highFindings += count;
m_totalFindings += count;
break;
case "medium":
m_mediumFindings += count;
m_totalFindings += count;
break;
case "low":
m_lowFindings += count;
m_totalFindings += count;
break;
case "informational":
m_infoFindings += count;
m_totalFindings += count;
break;
default:
m_totalFindings += count;
break;
}
}
}
setHasResult(true);
Expand Down Expand Up @@ -179,7 +194,12 @@ private String createNonCompliantIssuesReport(String scanId, String format) thro
return null;
}

String request_url = authProvider.getServer() + String.format(API_REPORT_SELECTED_ISSUES, SCOPE, scanId);
String request_url;
if(m_executionId != null && !m_executionId.isEmpty()) {
request_url = authProvider.getServer() + String.format(API_REPORT_SELECTED_ISSUES, "ScanExecution", m_executionId);
} else {
request_url = authProvider.getServer() + String.format(API_REPORT_SELECTED_ISSUES, SCOPE, scanId);
}
Map<String, String> request_headers = authProvider.getAuthorizationHeader(true);
request_headers.put("Content-Type", "application/json; charset=UTF-8");
request_headers.put("Accept", "application/json");
Expand Down
10 changes: 10 additions & 0 deletions src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,16 @@ public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONEx
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}

@Override
public JSONArray getNonCompliantIssuesUsingExecutionId(String executionId) throws IOException, JSONException {
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}

@Override
public String rescan(String scanId, Map<String, String> params) {
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}

@Override
public IAuthenticationProvider getAuthenticationProvider() {
return m_authProvider;
Expand Down
Loading
Loading