ASA 8404 (#158) (#159)

* ASA 8404 (#158) * include SCA implementation * copyright changes * white space handling
HCL-TECH-SOFTWARE · Jun 24, 2024 · 590c60a · 590c60a
1 parent db7b2bd
commit 590c60a
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 16 deletions.
diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java
@@ -27,7 +27,8 @@ public interface CoreConstants {
 	String SCANNER_TYPE					= "type";												//$NON-NLS-1$
 	String STATUS						= "Status";												//$NON-NLS-1$
 	String TARGET						= "target";												//$NON-NLS-1$
-	String OPEN_SOURCE_ONLY             = "openSourceOnly";                                     //$NON-NLS-1$
+	String OPEN_SOURCE_ONLY					= "openSourceOnly";												//$NON-NLS-1$
+	String INCLUDE_SCA					= "includeSCA";												//$NON-NLS-1$
 	String VERSION_NUMBER				= "VersionNumber";										//$NON-NLS-1$
 	String USER_MESSAGE					= "UserMessage";										//$NON-NLS-1$
 	String IS_VALID						= "IsValid";											//$NON-NLS-1$

diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties
@@ -1,6 +1,6 @@
 #
 # \u00c2\u00a9 Copyright IBM Corporation 2016.
-# \u00c2\u00a9 Copyright HCL Technologies Ltd. 2017, 2020.
+# \u00c2\u00a9 Copyright HCL Technologies Ltd. 2017, 2020, 2024.
 # LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
 #
 # NLS_MESSAGEFORMAT_VAR
@@ -9,7 +9,7 @@
 transfer.progress={0}% transferred
 
 message.created.scan=Successfully submitted scan for analysis.
-message.running.scan=Creating and executing scan...
+message.running.scan=Creating and executing {0} scan...
 message.uploading.file=Uploading {0} to the analysis service...
 message.done=Done.
 message.downloading.client=Downloading the latest SAClientUtil package...

diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java
@@ -55,20 +55,15 @@ public String createAndExecuteScan(String type, Map<String, String> params) {
             return null;
         }
 
-        m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(EXECUTING_SCAN)));
+        m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(EXECUTING_SCAN, params.get(CoreConstants.SCANNER_TYPE))));
         Map<String, String> request_headers = m_authProvider.getAuthorizationHeader(true);
         HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts());
 
         try {
             HttpResponse response;
                 request_headers.put("Content-Type", "application/json");
                 request_headers.put("accept", "application/json");
-                String request_url;
-                if(type.equals(SASTConstants.STATIC_ANALYZER) && !params.containsKey(UPLOAD_DIRECT) && params.containsKey(OPEN_SOURCE_ONLY)) {
-                    request_url = m_authProvider.getServer() + String.format(API_SCANNER, SCA);
-                } else {
-                    request_url = m_authProvider.getServer() + String.format(API_SCANNER, type);
-                }
+                String request_url = m_authProvider.getServer() + String.format(API_SCANNER, type);
                 response = client.post(request_url,request_headers,params);
 
             int status = response.getResponseCode();

diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java
@@ -329,13 +329,19 @@ private List<String> getClientArgs(Map<String, String> properties) {
 		if(properties.containsKey(THIRD_PARTY) || System.getProperty(THIRD_PARTY) != null) {
 			args.add(OPT_THIRD_PARTY);
 		}
-		if (properties.containsKey(OPEN_SOURCE_ONLY) || System.getProperty(OPEN_SOURCE_ONLY) != null || properties.getOrDefault(CoreConstants.SCANNER_TYPE, "").equals(CoreConstants.SOFTWARE_COMPOSITION_ANALYZER)) {
+		if (properties.containsKey(OPEN_SOURCE_ONLY) || System.getProperty(OPEN_SOURCE_ONLY) != null) {
 			args.add(OPT_OPEN_SOURCE_ONLY);
 		}
 		if (properties.containsKey(SOURCE_CODE_ONLY) || System.getProperty(SOURCE_CODE_ONLY) != null) {
 			args.add(OPT_SOURCE_CODE_ONLY);
 		}
-		if(properties.containsKey(SCAN_SPEED)) {
+		if (!properties.containsKey(CoreConstants.INCLUDE_SCA) && properties.get(CoreConstants.SCANNER_TYPE).equals(SAST)) {
+			args.add(OPT_STATIC_ANALYSIS_ONLY);
+		}
+		if (properties.get(CoreConstants.SCANNER_TYPE).equals(CoreConstants.SOFTWARE_COMPOSITION_ANALYZER)) {
+			args.add(OPT_OPEN_SOURCE_ONLY);
+		}
+		 if(properties.containsKey(SCAN_SPEED)){
 			args.add(OPT_SCAN_SPEED);
 			if(properties.get(SCAN_SPEED).equals(NORMAL)){
 				args.add(THOROUGH);

diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java
@@ -53,7 +53,8 @@ public interface SASTConstants {
 	String OPT_VERBOSE					= "-v";								//$NON-NLS-1$
 	String OPT_DEBUG					= "-X";								//$NON-NLS-1$
         String OPT_OPEN_SOURCE_ONLY                             = "-oso";                                                       //$NON-NLS-1$
-		String OPT_SOURCE_CODE_ONLY                             = "-sco"; 												   //$NON-NLS-1$
+        String OPT_SOURCE_CODE_ONLY                             = "-sco";                                                       //$NON-NLS-1$
+        String OPT_STATIC_ANALYSIS_ONLY                         = "-sao";                                                       //$NON-NLS-1$
 	String OPT_SECRETS_ENABLED                              = "-es";                                                       //$NON-NLS-1$
 	String OPT_SECRETS_ONLY                                 = "-so";                                                       //$NON-NLS-1$
 

diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java
@@ -1,5 +1,5 @@
 /**
- * © Copyright HCL Technologies Ltd. 2023.
+ * © Copyright HCL Technologies Ltd. 2023, 2024.
  * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
  */
 
@@ -34,8 +34,12 @@ public void run() throws ScannerException, InvalidTargetException {
             throw new InvalidTargetException(Messages.getMessage(TARGET_INVALID, target));
 
         try {
-            generateIR();
-            analyzeIR();
+            if(getProperties().containsKey("ApplicationFileId")) {
+                submitScan();
+            } else {
+                generateIR();
+                analyzeIR();
+            }
         } catch(IOException e) {
             throw new ScannerException(Messages.getMessage(SCAN_FAILED, e.getLocalizedMessage()));
         }