diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index 595ead23..b9a93187 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -128,7 +128,8 @@ public interface CoreConstants { String ERROR_SUBMITTING_SCAN = "error.submit.scan"; //$NON-NLS-1$ String ERROR_UPLOADING_FILE = "error.upload.file"; //$NON-NLS-1$ String ERROR_GETTING_INFO = "error.getting.info"; //$NON-NLS-1$ - String FORMAT_PARAMS = "FormatParams"; //$NON-NLS-1$ + String ERROR_URL_VALIDATION = "error.url.validation"; //$NON-NLS-1$ + String FORMAT_PARAMS = "FormatParams"; //$NON-NLS-1$ // ASE Status Messages String CREATING_JOB = "message.creating.job"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties index 248f0eea..a637bbce 100644 --- a/src/main/java/com/hcl/appscan/sdk/messages.properties +++ b/src/main/java/com/hcl/appscan/sdk/messages.properties @@ -50,6 +50,7 @@ error.dom.state=Bad DOM state. error.http=Response Code: {0}\nReason: {1} error.login.type.deprectated=The specified login type is deprecated. Please use API key and secret. error.getting.info=An error occurred getting information for {0} with id {1}. +error.url.validation = An error occurred while validating the URL. #Presence error.getting.presence.details=An error occurred retrieving details for Presence with id {0}. diff --git a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java index 10382936..b8c10897 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java @@ -108,6 +108,8 @@ private Map getcreateJobParams(Map properties) { apiParams.put("applicationId",properties.get("application")); apiParams.put("name", properties.get("ScanName")); apiParams.put("templateId", properties.get("templateId")); + apiParams.put("description", properties.get("description")); + apiParams.put("contact", properties.get("contact")); return apiParams; } @@ -244,9 +246,13 @@ private Boolean updateTrafficJob(File file, String jobId, String action) { HttpResponse response = client.postMultipart(request_url, request_headers, parts); int status = response.getResponseCode(); if (status != HttpsURLConnection.HTTP_OK) { - return false; + JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); + if(json != null && json.has("errorMessage")){ + m_progress.setStatus(new Message(Message.ERROR, json.getString("errorMessage"))); + } + return false; } - } catch(IOException e) { + } catch(IOException | JSONException e) { m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage()))); return false; } @@ -495,4 +501,4 @@ private JSONObject getResultJson(HttpResponse response) { } return null; } -} \ No newline at end of file +} diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java index 393d19ea..2ae76361 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java @@ -10,6 +10,7 @@ import java.io.IOException; import java.util.Map; +import com.hcl.appscan.sdk.CoreConstants; import com.hcl.appscan.sdk.Messages; import com.hcl.appscan.sdk.error.InvalidTargetException; import com.hcl.appscan.sdk.error.ScannerException; @@ -17,6 +18,7 @@ import com.hcl.appscan.sdk.logging.IProgress; import com.hcl.appscan.sdk.scan.IScanServiceProvider; import com.hcl.appscan.sdk.scanners.ASoCScan; +import com.hcl.appscan.sdk.utils.ServiceUtil; public class DASTScan extends ASoCScan implements DASTConstants { @@ -42,6 +44,10 @@ public void run() throws ScannerException, InvalidTargetException { Map params = getProperties(); params.put(STARTING_URL, target); + if(!ServiceUtil.isValidUrl(params.get(STARTING_URL),getServiceProvider().getAuthenticationProvider())) { + throw new ScannerException(Messages.getMessage(CoreConstants.ERROR_URL_VALIDATION)); + } + String scanLoginType = null; if (params.get(LOGIN_TYPE) != null) { scanLoginType = params.get(LOGIN_TYPE); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java index f35f678d..ed617111 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java @@ -24,6 +24,7 @@ import com.hcl.appscan.sdk.logging.IProgress; import com.hcl.appscan.sdk.logging.Message; import com.hcl.appscan.sdk.utils.ArchiveUtil; +import com.hcl.appscan.sdk.utils.FileUtil; import com.hcl.appscan.sdk.utils.ServiceUtil; import com.hcl.appscan.sdk.utils.SystemUtil; @@ -305,7 +306,7 @@ private List getClientArgs(Map properties) { if(properties.containsKey(CoreConstants.SCAN_NAME)) { args.add(OPT_NAME); - args.add(properties.get(CoreConstants.SCAN_NAME)); + args.add(FileUtil.getValidFilename(properties.get(CoreConstants.SCAN_NAME))); } if(properties.containsKey(LOG_LOCATION)) { args.add(OPT_LOG_LOCATION); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java index 75c97624..563081b8 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java @@ -89,7 +89,7 @@ private void generateIR() throws IOException, ScannerException { Proxy proxy = getServiceProvider() == null ? Proxy.NO_PROXY : getServiceProvider().getAuthenticationProvider().getProxy(); new SAClient(getProgress(), proxy).run(targetDir, getProperties()); String irxDir = getProperties().containsKey(SAVE_LOCATION) ? getProperties().get(SAVE_LOCATION) : targetDir; - m_irx = new File(irxDir, getName() + IRX_EXTENSION); + m_irx = new File(irxDir, FileUtil.getValidFilename(getName()) + IRX_EXTENSION); if(!m_irx.isFile()) throw new ScannerException(Messages.getMessage(ERROR_GENERATING_IRX, getScanLogs().getAbsolutePath())); } diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index a0acb838..6fc940ab 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -143,7 +143,9 @@ public static boolean isValidUrl(String url, IAuthenticationProvider provider, P body.put(URL, url); HttpClient client = new HttpClient(proxy); - HttpResponse response = client.post(request_url, provider.getAuthorizationHeader(false), body.toString()); + Map requestHeaders= provider.getAuthorizationHeader(false); + requestHeaders.put("Content-Type", "application/json"); + HttpResponse response = client.post(request_url, requestHeaders, body.toString()); if (response.isSuccess()) { JSONArtifact responseContent = response.getResponseBodyAsJSON();