Merge branch 'master' into updateDefaults

SAP · Jun 10, 2024 · 6d83f74 · 6d83f74
2 parents 1ee3513 + 67ed27f
commit 6d83f74
Show file tree

Hide file tree

Showing 61 changed files with 2,474 additions and 243 deletions.
diff --git a/.mockery.yaml → .mockery.yml b/.mockery.yaml → .mockery.yml
@@ -1,8 +1,28 @@
-quiet: false
 mockname: "{{.InterfaceName}}"
 filename: "{{.InterfaceName}}.go"
+dir: "{{.InterfaceDir}}/mocks"
 outpkg: mocks
+quiet: false
 packages:
+  github.com/SAP/jenkins-library/cmd:
+    interfaces:
+      GithubRepoClient:
+      HadolintPiperFileUtils:
+      HadolintClient:
+  github.com/SAP/jenkins-library/pkg/config:
+    interfaces:
+      VaultClient:
+  github.com/SAP/jenkins-library/pkg/jenkins:
+    interfaces:
+      Artifact:
+      Build:
+      CredentialsManager:
+      Jenkins:
+      Job:
+      Task:
+  github.com/SAP/jenkins-library/pkg/kubernetes:
+    interfaces:
+      HelmExecutor:
   github.com/influxdata/influxdb-client-go/v2:
     config:
       dir: pkg/influx/mocks
@@ -13,8 +33,3 @@ packages:
       dir: pkg/influx/mocks
     interfaces:
       WriteAPIBlocking:
-  github.com/SAP/jenkins-library/pkg/config:
-    config:
-      dir: pkg/config/mocks
-    interfaces:
-      VaultClient:
diff --git a/cmd/checkmarxOneExecuteScan.go b/cmd/checkmarxOneExecuteScan.go
@@ -3,8 +3,10 @@ package cmd
 import (
 	"archive/zip"
 	"context"
+	"encoding/json"
 	"fmt"
 	"io"
+	"maps"
 	"math"
 	"os"
 	"path/filepath"
@@ -78,9 +80,11 @@ func runStep(config checkmarxOneExecuteScanOptions, influx *checkmarxOneExecuteS
 		return fmt.Errorf("failed to get project: %s", err)
 	}
 
-	cx1sh.Group, err = cx1sh.GetGroup() // used when creating a project and when generating a SARIF report
-	if err != nil {
-		log.Entry().WithError(err).Warnf("failed to get group")
+	if len(config.GroupName) > 0 {
+		cx1sh.Group, err = cx1sh.GetGroup() // used when creating a project and when generating a SARIF report
+		if err != nil {
+			log.Entry().WithError(err).Warnf("failed to get group")
+		}
 	}
 
 	if cx1sh.Project == nil {
@@ -112,6 +116,14 @@ func runStep(config checkmarxOneExecuteScanOptions, influx *checkmarxOneExecuteS
 		return fmt.Errorf("failed to set preset: %s", err)
 	}
 
+	// update project's tags
+	if (len(config.ProjectTags)) > 0 {
+		err = cx1sh.UpdateProjectTags()
+		if err != nil {
+			log.Entry().WithError(err).Warnf("failed to tags the project: %s", err)
+		}
+	}
+
 	scans, err := cx1sh.GetLastScans(10)
 	if err != nil {
 		log.Entry().WithError(err).Warnf("failed to get last 10 scans")
@@ -298,6 +310,23 @@ func (c *checkmarxOneExecuteScanHelper) CreateProject() (*checkmarxOne.Project,
 	return &project, nil
 }
 
+func (c *checkmarxOneExecuteScanHelper) UpdateProjectTags() error {
+	if len(c.config.ProjectTags) > 0 {
+		tags := make(map[string]string, 0)
+		err := json.Unmarshal([]byte(c.config.ProjectTags), &tags)
+		if err != nil {
+			log.Entry().Infof("Failed to parse the project tags: %v", c.config.ProjectTags)
+			return err
+		}
+		// merge new tags to the existing ones
+		maps.Copy(c.Project.Tags, tags)
+
+		return c.sys.UpdateProject(c.Project)
+	}
+
+	return nil
+}
+
 func (c *checkmarxOneExecuteScanHelper) SetProjectPreset() error {
 	projectConf, err := c.sys.GetProjectConfiguration(c.Project.ProjectID)
 
@@ -431,9 +460,18 @@ func (c *checkmarxOneExecuteScanHelper) CreateScanRequest(incremental bool, uplo
 	log.Entry().Infof("Will run a scan with the following configuration: %v", sastConfigString)
 
 	configs := []checkmarxOne.ScanConfiguration{sastConfig}
-	// add more engines
 
-	scan, err := c.sys.ScanProjectZip(c.Project.ProjectID, uploadLink, branch, configs)
+	// add scan's tags
+	tags := make(map[string]string, 0)
+	if len(c.config.ScanTags) > 0 {
+		err := json.Unmarshal([]byte(c.config.ScanTags), &tags)
+		if err != nil {
+			log.Entry().WithError(err).Warnf("Failed to parse the scan tags: %v", c.config.ScanTags)
+		}
+	}
+
+	// add more engines
+	scan, err := c.sys.ScanProjectZip(c.Project.ProjectID, uploadLink, branch, configs, tags)
 
 	if err != nil {
 		return nil, fmt.Errorf("Failed to run scan on project %v: %s", c.Project.Name, err)

diff --git a/cmd/checkmarxOneExecuteScan_generated.go b/cmd/checkmarxOneExecuteScan_generated.go
diff --git a/cmd/checkmarxOneExecuteScan_test.go b/cmd/checkmarxOneExecuteScan_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"maps"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -77,15 +78,15 @@ func (sys *checkmarxOneSystemMock) GetLastScansByStatus(projectID string, limit
 	return []checkmarxOne.Scan{}, nil
 }
 
-func (sys *checkmarxOneSystemMock) ScanProject(projectID, sourceUrl, branch, scanType string, settings []checkmarxOne.ScanConfiguration) (checkmarxOne.Scan, error) {
+func (sys *checkmarxOneSystemMock) ScanProject(projectID, sourceUrl, branch, scanType string, settings []checkmarxOne.ScanConfiguration, tags map[string]string) (checkmarxOne.Scan, error) {
 	return checkmarxOne.Scan{}, nil
 }
 
-func (sys *checkmarxOneSystemMock) ScanProjectZip(projectID, sourceUrl, branch string, settings []checkmarxOne.ScanConfiguration) (checkmarxOne.Scan, error) {
+func (sys *checkmarxOneSystemMock) ScanProjectZip(projectID, sourceUrl, branch string, settings []checkmarxOne.ScanConfiguration, tags map[string]string) (checkmarxOne.Scan, error) {
 	return checkmarxOne.Scan{}, nil
 }
 
-func (sys *checkmarxOneSystemMock) ScanProjectGit(projectID, repoUrl, branch string, settings []checkmarxOne.ScanConfiguration) (checkmarxOne.Scan, error) {
+func (sys *checkmarxOneSystemMock) ScanProjectGit(projectID, repoUrl, branch string, settings []checkmarxOne.ScanConfiguration, tags map[string]string) (checkmarxOne.Scan, error) {
 	return checkmarxOne.Scan{}, nil
 }
 
@@ -240,6 +241,10 @@ func (sys *checkmarxOneSystemMock) UpdateProjectConfiguration(projectID string,
 	return nil
 }
 
+func (sys *checkmarxOneSystemMock) UpdateProject(project *checkmarxOne.Project) error {
+	return nil
+}
+
 func (sys *checkmarxOneSystemMock) GetVersion() (checkmarxOne.VersionInfo, error) {
 	return checkmarxOne.VersionInfo{}, nil
 }
@@ -324,3 +329,61 @@ func TestGetGroup(t *testing.T) {
 		assert.Equal(t, group.Name, "Group2")
 	})
 }
+
+func TestUpdateProjectTags(t *testing.T) {
+	t.Parallel()
+
+	sys := &checkmarxOneSystemMock{}
+
+	t.Run("project tags are not provided", func(t *testing.T) {
+		t.Parallel()
+
+		options := checkmarxOneExecuteScanOptions{ProjectName: "ssba", VulnerabilityThresholdUnit: "absolute", FullScanCycle: "2", Incremental: true, FullScansScheduled: true, Preset: "CheckmarxDefault" /*GroupName: "NotProvided",*/, VulnerabilityThresholdEnabled: true, GeneratePdfReport: true, APIKey: "testAPIKey", ServerURL: "testURL", IamURL: "testIamURL", Tenant: "testTenant"}
+
+		cx1sh := checkmarxOneExecuteScanHelper{nil, options, sys, nil, nil, nil, nil, nil, nil}
+		err := cx1sh.UpdateProjectTags()
+		assert.NoError(t, err, "Error occurred but none expected")
+	})
+
+	t.Run("project tags are provided correctly", func(t *testing.T) {
+		t.Parallel()
+
+		projectJson := `{ "id": "702ba12b-ae61-48c0-9b6a-09b17666be32",
+			"name": "test-apr24-piper",
+			"tags": {
+				"key1": "value1",
+				"key2": "value2", 
+				"keywithoutvalue1": ""
+			},
+			"groups": [],
+			"criticality": 3,
+			"mainBranch": "",
+			"privatePackage": false
+		}`
+		var project checkmarxOne.Project
+		_ = json.Unmarshal([]byte(projectJson), &project)
+
+		options := checkmarxOneExecuteScanOptions{ProjectName: "ssba", VulnerabilityThresholdUnit: "absolute", FullScanCycle: "2", Incremental: true, FullScansScheduled: true, Preset: "CheckmarxDefault" /*GroupName: "NotProvided",*/, VulnerabilityThresholdEnabled: true, GeneratePdfReport: true, APIKey: "testAPIKey", ServerURL: "testURL", IamURL: "testIamURL", Tenant: "testTenant", ProjectTags: `{"key3":"value3", "key2":"value5", "keywithoutvalue2":""}`}
+
+		cx1sh := checkmarxOneExecuteScanHelper{nil, options, sys, nil, nil, &project, nil, nil, nil}
+		err := cx1sh.UpdateProjectTags()
+		assert.NoError(t, err, "Error occurred but none expected")
+
+		oldTagsJson := `{
+			"key1": "value1",
+			"key2": "value2", 
+			"keywithoutvalue1": ""
+		}`
+		oldTags := make(map[string]string, 0)
+		_ = json.Unmarshal([]byte(oldTagsJson), &oldTags)
+
+		newTagsJson := `{"key3":"value3", "key2":"value5", "keywithoutvalue2":""}`
+		newTags := make(map[string]string, 0)
+		_ = json.Unmarshal([]byte(newTagsJson), &newTags)
+
+		// merge new tags to the existing ones
+		maps.Copy(oldTags, newTags)
+
+		assert.Equal(t, project.Tags, oldTags) // project's tags must be merged
+	})
+}
diff --git a/cmd/cnbBuild.go b/cmd/cnbBuild.go
@@ -346,7 +346,15 @@ func callCnbBuild(config *cnbBuildOptions, telemetryData *telemetry.CustomData,
 	buildSummary.Print()
 
 	if config.CreateBOM {
-		err = syft.GenerateSBOM(config.SyftDownloadURL, filepath.Dir(config.DockerConfigJSON), utils, utils, httpClient, commonPipelineEnvironment.container.registryURL, commonPipelineEnvironment.container.imageNameTags)
+		log.Entry().Debugf("Creating sbom for %d images\n", len(commonPipelineEnvironment.container.imageNameTags))
+		syftScanner, err := syft.CreateSyftScanner(config.SyftDownloadURL, utils, httpClient)
+		if err != nil {
+			log.SetErrorCategory(log.ErrorCompliance)
+			return errors.Wrap(err, "failed to create syft scanner file")
+		}
+		// images produces with cnb have sboms
+		syftScanner.AddArgument("--override-default-catalogers=sbom-cataloger")
+		err = syftScanner.ScanImages(filepath.Dir(config.DockerConfigJSON), utils, commonPipelineEnvironment.container.registryURL, commonPipelineEnvironment.container.imageNameTags)
 		if err != nil {
 			log.SetErrorCategory(log.ErrorCompliance)
 			return errors.Wrap(err, "failed to create BOM file")

diff --git a/cmd/cnbBuild_generated.go b/cmd/cnbBuild_generated.go