From 590c60a514246b20e7886231ee3d4bc185c5415c Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Mon, 24 Jun 2024 17:37:25 +0530 Subject: [PATCH] ASA 8404 (#158) (#159) * ASA 8404 (#158) * include SCA implementation * copyright changes * white space handling --- src/main/java/com/hcl/appscan/sdk/CoreConstants.java | 3 ++- src/main/java/com/hcl/appscan/sdk/messages.properties | 4 ++-- .../hcl/appscan/sdk/scan/CloudScanServiceProvider.java | 9 ++------- .../com/hcl/appscan/sdk/scanners/sast/SAClient.java | 10 ++++++++-- .../hcl/appscan/sdk/scanners/sast/SASTConstants.java | 3 ++- .../java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java | 10 +++++++--- 6 files changed, 23 insertions(+), 16 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index 4adaa83c..552e7dbc 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -27,7 +27,8 @@ public interface CoreConstants { String SCANNER_TYPE = "type"; //$NON-NLS-1$ String STATUS = "Status"; //$NON-NLS-1$ String TARGET = "target"; //$NON-NLS-1$ - String OPEN_SOURCE_ONLY = "openSourceOnly"; //$NON-NLS-1$ + String OPEN_SOURCE_ONLY = "openSourceOnly"; //$NON-NLS-1$ + String INCLUDE_SCA = "includeSCA"; //$NON-NLS-1$ String VERSION_NUMBER = "VersionNumber"; //$NON-NLS-1$ String USER_MESSAGE = "UserMessage"; //$NON-NLS-1$ String IS_VALID = "IsValid"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties index 28d71042..d1e80c2a 100644 --- a/src/main/java/com/hcl/appscan/sdk/messages.properties +++ b/src/main/java/com/hcl/appscan/sdk/messages.properties @@ -1,6 +1,6 @@ # # \u00c2\u00a9 Copyright IBM Corporation 2016. -# \u00c2\u00a9 Copyright HCL Technologies Ltd. 2017, 2020. +# \u00c2\u00a9 Copyright HCL Technologies Ltd. 2017, 2020, 2024. # LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0 # # NLS_MESSAGEFORMAT_VAR @@ -9,7 +9,7 @@ transfer.progress={0}% transferred message.created.scan=Successfully submitted scan for analysis. -message.running.scan=Creating and executing scan... +message.running.scan=Creating and executing {0} scan... message.uploading.file=Uploading {0} to the analysis service... message.done=Done. message.downloading.client=Downloading the latest SAClientUtil package... diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 8cef740c..5551f956 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -55,7 +55,7 @@ public String createAndExecuteScan(String type, Map params) { return null; } - m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(EXECUTING_SCAN))); + m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(EXECUTING_SCAN, params.get(CoreConstants.SCANNER_TYPE)))); Map request_headers = m_authProvider.getAuthorizationHeader(true); HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); @@ -63,12 +63,7 @@ public String createAndExecuteScan(String type, Map params) { HttpResponse response; request_headers.put("Content-Type", "application/json"); request_headers.put("accept", "application/json"); - String request_url; - if(type.equals(SASTConstants.STATIC_ANALYZER) && !params.containsKey(UPLOAD_DIRECT) && params.containsKey(OPEN_SOURCE_ONLY)) { - request_url = m_authProvider.getServer() + String.format(API_SCANNER, SCA); - } else { - request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); - } + String request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); response = client.post(request_url,request_headers,params); int status = response.getResponseCode(); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java index e341455d..ef4d49dc 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java @@ -329,13 +329,19 @@ private List getClientArgs(Map properties) { if(properties.containsKey(THIRD_PARTY) || System.getProperty(THIRD_PARTY) != null) { args.add(OPT_THIRD_PARTY); } - if (properties.containsKey(OPEN_SOURCE_ONLY) || System.getProperty(OPEN_SOURCE_ONLY) != null || properties.getOrDefault(CoreConstants.SCANNER_TYPE, "").equals(CoreConstants.SOFTWARE_COMPOSITION_ANALYZER)) { + if (properties.containsKey(OPEN_SOURCE_ONLY) || System.getProperty(OPEN_SOURCE_ONLY) != null) { args.add(OPT_OPEN_SOURCE_ONLY); } if (properties.containsKey(SOURCE_CODE_ONLY) || System.getProperty(SOURCE_CODE_ONLY) != null) { args.add(OPT_SOURCE_CODE_ONLY); } - if(properties.containsKey(SCAN_SPEED)) { + if (!properties.containsKey(CoreConstants.INCLUDE_SCA) && properties.get(CoreConstants.SCANNER_TYPE).equals(SAST)) { + args.add(OPT_STATIC_ANALYSIS_ONLY); + } + if (properties.get(CoreConstants.SCANNER_TYPE).equals(CoreConstants.SOFTWARE_COMPOSITION_ANALYZER)) { + args.add(OPT_OPEN_SOURCE_ONLY); + } + if(properties.containsKey(SCAN_SPEED)){ args.add(OPT_SCAN_SPEED); if(properties.get(SCAN_SPEED).equals(NORMAL)){ args.add(THOROUGH); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java index f9b86334..7c737744 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java @@ -53,7 +53,8 @@ public interface SASTConstants { String OPT_VERBOSE = "-v"; //$NON-NLS-1$ String OPT_DEBUG = "-X"; //$NON-NLS-1$ String OPT_OPEN_SOURCE_ONLY = "-oso"; //$NON-NLS-1$ - String OPT_SOURCE_CODE_ONLY = "-sco"; //$NON-NLS-1$ + String OPT_SOURCE_CODE_ONLY = "-sco"; //$NON-NLS-1$ + String OPT_STATIC_ANALYSIS_ONLY = "-sao"; //$NON-NLS-1$ String OPT_SECRETS_ENABLED = "-es"; //$NON-NLS-1$ String OPT_SECRETS_ONLY = "-so"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java index fa779925..cfef8036 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java @@ -1,5 +1,5 @@ /** - * © Copyright HCL Technologies Ltd. 2023. + * © Copyright HCL Technologies Ltd. 2023, 2024. * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0 */ @@ -34,8 +34,12 @@ public void run() throws ScannerException, InvalidTargetException { throw new InvalidTargetException(Messages.getMessage(TARGET_INVALID, target)); try { - generateIR(); - analyzeIR(); + if(getProperties().containsKey("ApplicationFileId")) { + submitScan(); + } else { + generateIR(); + analyzeIR(); + } } catch(IOException e) { throw new ScannerException(Messages.getMessage(SCAN_FAILED, e.getLocalizedMessage())); }