Merge branch 'HCL-TECH-SOFTWARE:master' into SAST-SCA-separation

src/main/java/com/hcl/appscan/sdk/CoreConstants.java

@@ -128,7 +128,8 @@ public interface CoreConstants {
 	String ERROR_SUBMITTING_SCAN		= "error.submit.scan";									//$NON-NLS-1$
 	String ERROR_UPLOADING_FILE			= "error.upload.file";									//$NON-NLS-1$
 	String ERROR_GETTING_INFO			= "error.getting.info";									//$NON-NLS-1$
-	String FORMAT_PARAMS			        = "FormatParams";								        //$NON-NLS-1$
+    String ERROR_URL_VALIDATION			= "error.url.validation";								//$NON-NLS-1$
+    String FORMAT_PARAMS			        = "FormatParams";								        //$NON-NLS-1$
 
 	// ASE Status Messages
 	String CREATING_JOB                 = "message.creating.job";                               //$NON-NLS-1$

src/main/java/com/hcl/appscan/sdk/messages.properties

@@ -50,6 +50,7 @@ error.dom.state=Bad DOM state.
 error.http=Response Code: {0}\nReason: {1}
 error.login.type.deprectated=The specified login type is deprecated. Please use API key and secret.
 error.getting.info=An error occurred getting information for {0} with id {1}.
+error.url.validation = An error occurred while validating the URL.
 
 #Presence
 error.getting.presence.details=An error occurred retrieving details for Presence with id {0}.

src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java

@@ -108,6 +108,8 @@ private Map<String,String> getcreateJobParams(Map<String,String> properties) {
         apiParams.put("applicationId",properties.get("application"));
         apiParams.put("name", properties.get("ScanName"));
         apiParams.put("templateId", properties.get("templateId"));
+        apiParams.put("description", properties.get("description"));
+        apiParams.put("contact", properties.get("contact"));
         return apiParams;
     }
 
@@ -244,9 +246,13 @@ private Boolean updateTrafficJob(File file, String jobId, String action) {
 			HttpResponse response = client.postMultipart(request_url, request_headers, parts);
 			int status = response.getResponseCode();
 			if (status != HttpsURLConnection.HTTP_OK) {
-				return false;
+                		JSONObject json = (JSONObject) response.getResponseBodyAsJSON();
+                		if(json != null && json.has("errorMessage")){
+                    			m_progress.setStatus(new Message(Message.ERROR, json.getString("errorMessage")));
+                	}
+                		return false;
 			}
-		} catch(IOException e) {
+		} catch(IOException | JSONException e) {
 			m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage())));
 			return false;
 		}
@@ -495,4 +501,4 @@ private JSONObject getResultJson(HttpResponse response) {
         }
         return null;
     }
-}
+}

src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java

@@ -10,13 +10,15 @@
 import java.io.IOException;
 import java.util.Map;
 
+import com.hcl.appscan.sdk.CoreConstants;
 import com.hcl.appscan.sdk.Messages;
 import com.hcl.appscan.sdk.error.InvalidTargetException;
 import com.hcl.appscan.sdk.error.ScannerException;
 import com.hcl.appscan.sdk.logging.DefaultProgress;
 import com.hcl.appscan.sdk.logging.IProgress;
 import com.hcl.appscan.sdk.scan.IScanServiceProvider;
 import com.hcl.appscan.sdk.scanners.ASoCScan;
+import com.hcl.appscan.sdk.utils.ServiceUtil;
 
 public class DASTScan extends ASoCScan implements DASTConstants {
 
@@ -42,6 +44,10 @@ public void run() throws ScannerException, InvalidTargetException {
 		Map<String, String> params = getProperties();
 		params.put(STARTING_URL, target);
 
+        	if(!ServiceUtil.isValidUrl(params.get(STARTING_URL),getServiceProvider().getAuthenticationProvider())) {
+            		throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION));
+        	}
+
 		String scanLoginType = null;
 		if (params.get(LOGIN_TYPE) != null) {
 			scanLoginType = params.get(LOGIN_TYPE);

src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java

@@ -24,6 +24,7 @@
 import com.hcl.appscan.sdk.logging.IProgress;
 import com.hcl.appscan.sdk.logging.Message;
 import com.hcl.appscan.sdk.utils.ArchiveUtil;
+import com.hcl.appscan.sdk.utils.FileUtil;
 import com.hcl.appscan.sdk.utils.ServiceUtil;
 import com.hcl.appscan.sdk.utils.SystemUtil;
 
@@ -305,7 +306,7 @@ private List<String> getClientArgs(Map<String, String> properties) {
 
 		if(properties.containsKey(CoreConstants.SCAN_NAME)) {
 			args.add(OPT_NAME);
-			args.add(properties.get(CoreConstants.SCAN_NAME));
+			args.add(FileUtil.getValidFilename(properties.get(CoreConstants.SCAN_NAME)));
 		}
 		if(properties.containsKey(LOG_LOCATION)) {
 			args.add(OPT_LOG_LOCATION);

src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java

@@ -89,7 +89,7 @@ private void generateIR() throws IOException, ScannerException {
 		Proxy proxy = getServiceProvider() == null ? Proxy.NO_PROXY : getServiceProvider().getAuthenticationProvider().getProxy();		
 		new SAClient(getProgress(), proxy).run(targetDir, getProperties());
 		String irxDir = getProperties().containsKey(SAVE_LOCATION) ? getProperties().get(SAVE_LOCATION) : targetDir;
-		m_irx = new File(irxDir, getName() + IRX_EXTENSION);
+		m_irx = new File(irxDir, FileUtil.getValidFilename(getName()) + IRX_EXTENSION);
 		if(!m_irx.isFile())
 			throw new ScannerException(Messages.getMessage(ERROR_GENERATING_IRX, getScanLogs().getAbsolutePath()));
 	}

src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java

@@ -143,7 +143,9 @@ public static boolean isValidUrl(String url, IAuthenticationProvider provider, P
 			body.put(URL, url);
 
 			HttpClient client = new HttpClient(proxy);
-			HttpResponse response = client.post(request_url, provider.getAuthorizationHeader(false), body.toString());
+            		Map<String,String> requestHeaders= provider.getAuthorizationHeader(false);
+            		requestHeaders.put("Content-Type", "application/json");
+			HttpResponse response = client.post(request_url, requestHeaders, body.toString());
 
 			if (response.isSuccess()) {
 				JSONArtifact responseContent = response.getResponseBodyAsJSON();