From db1a29a9a62f783211a5745bd42c0ff1f01be606 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Mon, 21 Aug 2023 12:27:25 +0530 Subject: [PATCH 01/10] SCA support --- .../sdk/scan/CloudScanServiceProvider.java | 8 +- .../hcl/appscan/sdk/scanners/sca/SCAScan.java | 101 ++++++++++++++++++ .../sdk/scanners/sca/SCAScanFactory.java | 25 +++++ .../com.hcl.appscan.sdk.scan.IScanFactory | 1 + 4 files changed, 133 insertions(+), 2 deletions(-) create mode 100644 src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java create mode 100644 src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScanFactory.java diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 0e4438e2..bd6c319f 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -55,8 +55,12 @@ public String createAndExecuteScan(String type, Map params) { return null; m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(EXECUTING_SCAN))); - - String request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); + String request_url; + if(type.equals("Software Composition Analysis")){ + request_url = m_authProvider.getServer() + "/api/v4/Scans/Sca"; + } else { + request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); + } Map request_headers = m_authProvider.getAuthorizationHeader(true); HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java new file mode 100644 index 00000000..9c613946 --- /dev/null +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java @@ -0,0 +1,101 @@ +package com.hcl.appscan.sdk.scanners.sca; + +import com.hcl.appscan.sdk.Messages; +import com.hcl.appscan.sdk.error.InvalidTargetException; +import com.hcl.appscan.sdk.error.ScannerException; +import com.hcl.appscan.sdk.logging.IProgress; +import com.hcl.appscan.sdk.scan.IScanServiceProvider; +import com.hcl.appscan.sdk.scanners.ASoCScan; +import com.hcl.appscan.sdk.scanners.sast.SAClient; +import com.hcl.appscan.sdk.scanners.sast.SASTConstants; + +import java.io.File; +import java.io.IOException; +import java.net.Proxy; +import java.util.Map; + +public class SCAScan extends ASoCScan implements SASTConstants { + private static final long serialVersionUID = 1L; + private static final String REPORT_FORMAT = "html"; //$NON-NLS-1$ + private File m_irx; + + public SCAScan(Map properties, IProgress progress, IScanServiceProvider provider) { + super(properties, progress, provider); + } + + @Override + public void run() throws ScannerException, InvalidTargetException { + String target = getTarget(); + + if(target == null || !(new File(target).exists())) + throw new InvalidTargetException(Messages.getMessage(TARGET_INVALID, target)); + + try { + generateIR(); + analyzeIR(); + } catch(IOException e) { + throw new ScannerException(Messages.getMessage(SCAN_FAILED, e.getLocalizedMessage())); + } + } + + @Override + public String getType() { + return "Software Composition Analysis"; + } + + @Override + public String getReportFormat() { + return REPORT_FORMAT; + } + + public File getIrx() { + return m_irx; + } + + private void generateIR() throws IOException, ScannerException { + File targetFile = new File(getTarget()); + + //If we were given an irx file, don't generate a new one + if(targetFile.getName().endsWith(".irx") && targetFile.isFile()) { + m_irx = targetFile; + return; + } + + //Get the target directory + String targetDir = targetFile.isDirectory() ? targetFile.getAbsolutePath() : targetFile.getParent(); + + //Create and run the process + Proxy proxy = getServiceProvider() == null ? Proxy.NO_PROXY : getServiceProvider().getAuthenticationProvider().getProxy(); + new SAClient(getProgress(), proxy).run(targetDir, getProperties()); + String irxDir = getProperties().containsKey(SAVE_LOCATION) ? getProperties().get(SAVE_LOCATION) : targetDir; + m_irx = new File(irxDir, getName() + IRX_EXTENSION); + if(!m_irx.isFile()) + throw new ScannerException(Messages.getMessage(ERROR_GENERATING_IRX, getScanLogs().getAbsolutePath())); + } + + private void analyzeIR() throws IOException, ScannerException { + if(getProperties().containsKey(PREPARE_ONLY)) + return; + + String fileId = getServiceProvider().submitFile(m_irx); + if(fileId == null) + throw new ScannerException(Messages.getMessage(ERROR_FILE_UPLOAD, m_irx.getName())); + + Map params = getProperties(); + params.put(ARSA_FILE_ID, fileId); + + setScanId(getServiceProvider().createAndExecuteScan("Software Composition Analysis", params)); + if(getScanId() == null) + throw new ScannerException(Messages.getMessage(ERROR_SUBMITTING_IRX)); + } + + private File getScanLogs() { + if(m_irx == null) { + return new File("logs"); //$NON-NLS-1$ + } + String logsFile = m_irx.getName(); + logsFile = logsFile.substring(0, logsFile.lastIndexOf(".")); //$NON-NLS-1$ + logsFile += "_logs.zip"; //$NON-NLS-1$ + return new File(m_irx.getParentFile(), logsFile); + } +} diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScanFactory.java b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScanFactory.java new file mode 100644 index 00000000..e55ac444 --- /dev/null +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScanFactory.java @@ -0,0 +1,25 @@ +package com.hcl.appscan.sdk.scanners.sca; + +import com.hcl.appscan.sdk.auth.IAuthenticationProvider; +import com.hcl.appscan.sdk.logging.IProgress; +import com.hcl.appscan.sdk.scan.CloudScanServiceProvider; +import com.hcl.appscan.sdk.scan.IScan; +import com.hcl.appscan.sdk.scan.IScanFactory; +import com.hcl.appscan.sdk.scan.IScanServiceProvider; +import com.hcl.appscan.sdk.scanners.sast.SASTScan; + +import java.util.Map; + +public class SCAScanFactory implements IScanFactory { + + @Override + public IScan create(Map properties, IProgress progress, IAuthenticationProvider authProvider) { + IScanServiceProvider serviceProvider = new CloudScanServiceProvider(progress, authProvider); + return new SCAScan(properties, progress, serviceProvider); + } + + @Override + public String getType() { + return "Software Composition Analysis"; + } +} diff --git a/src/main/resources/META-INF/services/com.hcl.appscan.sdk.scan.IScanFactory b/src/main/resources/META-INF/services/com.hcl.appscan.sdk.scan.IScanFactory index 787212cc..73000193 100644 --- a/src/main/resources/META-INF/services/com.hcl.appscan.sdk.scan.IScanFactory +++ b/src/main/resources/META-INF/services/com.hcl.appscan.sdk.scan.IScanFactory @@ -1,3 +1,4 @@ com.hcl.appscan.sdk.scanners.sast.SASTScanFactory com.hcl.appscan.sdk.scanners.dynamic.DASTScanFactory com.hcl.appscan.sdk.scanners.ase.ASEScanFactory +com.hcl.appscan.sdk.scanners.sca.SCAScanFactory From 01a615153e52224af57ebcc1d40c95c881456574 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Thu, 14 Sep 2023 16:07:39 +0530 Subject: [PATCH 02/10] SAST-SCA separation Able to execute an SCA scan --- .../com/hcl/appscan/sdk/CoreConstants.java | 2 ++ .../com/hcl/appscan/sdk/http/HttpClient.java | 11 ++++++++ .../sdk/scan/CloudScanServiceProvider.java | 25 +++++++++++++------ .../sdk/scanners/sast/SASTConstants.java | 3 ++- .../hcl/appscan/sdk/scanners/sca/SCAScan.java | 4 +-- .../sdk/scanners/sca/SCAScanFactory.java | 2 +- 6 files changed, 35 insertions(+), 12 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index f78f4462..bb0f158e 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -50,6 +50,7 @@ public interface CoreConstants { String CLIENT_TYPE = "ClientType"; //$NON-NLS-1$ String API_ENV = "/api/v2"; //$NON-NLS-1$ + String API_ENV_V4 = "api/v4"; //$NON-NLS-1$ String API_BLUEMIX = "Bluemix"; //$NON-NLS-1$ String API_BLUEMIX_LOGIN = API_ENV + "/Account/BluemixLogin"; //$NON-NLS-1$ String API_KEY_LOGIN = API_ENV + "/Account/ApiKeyLogin"; //$NON-NLS-1$ @@ -63,6 +64,7 @@ public interface CoreConstants { String API_FILE_UPLOAD = API_ENV + "/FileUpload"; //$NON-NLS-1$ String API_SCAN = API_ENV + "/%s"; //$NON-NLS-1$ String API_SCANNER = API_ENV + "/Scans/%s"; //$NON-NLS-1$ + String API_SCANNER_V4 = API_ENV_V4 + "/Scans/%s"; //$NON-NLS-1$ String API_SCANS = API_ENV + "/Scans"; //$NON-NLS-1$ String API_NONCOMPLIANT_ISSUES = API_ENV + "/Scans/%s/NonCompliantIssues"; //$NON-NLS-1$ String API_SCANS_REPORT = API_ENV + "/Scans/%s/Report/%s"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java index 8db16a6e..a943513d 100644 --- a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java +++ b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java @@ -6,6 +6,9 @@ package com.hcl.appscan.sdk.http; +import org.apache.wink.json4j.JSON; +import org.apache.wink.json4j.JSONObject; + import java.io.DataOutputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; @@ -167,6 +170,14 @@ public HttpResponse postForm(String url, return post(url, headerProperties, body); } + public HttpResponse postFormNew(String url, Map headerProperties, Map params) + throws IOException { + JSONObject json = new JSONObject(params); + String body = json.toString(); + return post(url, headerProperties, body); + + } + /** * Submit a form with parameters using the put request. * diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index bd6c319f..1eb8aff2 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -55,27 +55,36 @@ public String createAndExecuteScan(String type, Map params) { return null; m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(EXECUTING_SCAN))); + Map request_headers = m_authProvider.getAuthorizationHeader(true); String request_url; - if(type.equals("Software Composition Analysis")){ - request_url = m_authProvider.getServer() + "/api/v4/Scans/Sca"; + if(type.equals("Sca")) { + request_url = m_authProvider.getServer() + String.format(API_SCANNER_V4, "Sca"); + params.remove("EnableMailNotification"); + params.remove("FullyAutomatic"); + params.remove("acceptInvalidCerts"); + request_headers.put("Content-Type", "application/json"); + request_headers.put("accept", "application/json"); } else { request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); } - Map request_headers = m_authProvider.getAuthorizationHeader(true); - + HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); try { - HttpResponse response = client.postForm(request_url, request_headers, params); + HttpResponse response; + if (type.equals("Sca")) { + response = client.postFormNew(request_url,request_headers,params); + } else { + response = client.postForm(request_url, request_headers, params); + } int status = response.getResponseCode(); JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); - if (status == HttpsURLConnection.HTTP_CREATED) { + if (status == HttpsURLConnection.HTTP_CREATED || status == 200) { m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(CREATE_SCAN_SUCCESS))); return json.getString(ID); - } - else if (json != null && json.has(MESSAGE)) { + } else if (json != null && json.has(MESSAGE)) { String errorResponse = json.getString(MESSAGE); if(json.has(FORMAT_PARAMS)) { JSONArray jsonArray = json.getJSONArray(FORMAT_PARAMS); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java index d0d81789..a0d4854f 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java @@ -14,7 +14,8 @@ public interface SASTConstants { String APPSCAN_CLIENT_VERSION = "APPSCAN_CLIENT_VERSION"; //$NON-NLS-1$ String IRGEN_CLIENT_PLUGIN_VERSION = "IRGEN_CLIENT_PLUGIN_VERSION"; //$NON-NLS-1$ String ARSA_FILE_ID = "ARSAFileId"; //$NON-NLS-1$ - String WIN_SCRIPT = "appscan.bat"; //$NON-NLS-1$ + String FILE_ID = "ApplicationFileId"; //$NON-NLS-1$ + String WIN_SCRIPT = "appscan.bat"; //$NON-NLS-1$ String UNIX_SCRIPT = "appscan.sh"; //$NON-NLS-1$ String IRX_EXTENSION = ".irx"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java index 9c613946..77fe024b 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScan.java @@ -82,9 +82,9 @@ private void analyzeIR() throws IOException, ScannerException { throw new ScannerException(Messages.getMessage(ERROR_FILE_UPLOAD, m_irx.getName())); Map params = getProperties(); - params.put(ARSA_FILE_ID, fileId); + params.put(FILE_ID, fileId); - setScanId(getServiceProvider().createAndExecuteScan("Software Composition Analysis", params)); + setScanId(getServiceProvider().createAndExecuteScan("Sca", params)); if(getScanId() == null) throw new ScannerException(Messages.getMessage(ERROR_SUBMITTING_IRX)); } diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScanFactory.java b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScanFactory.java index e55ac444..0153bcd6 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScanFactory.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sca/SCAScanFactory.java @@ -20,6 +20,6 @@ public IScan create(Map properties, IProgress progress, IAuthent @Override public String getType() { - return "Software Composition Analysis"; + return "Sca"; } } From 4cb2af2b9f31340a11a23a1b8bf15b4d59cb3b21 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Wed, 27 Sep 2023 16:41:02 +0530 Subject: [PATCH 03/10] Update SAClient.java --- src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java index bc5e80e8..f35f678d 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java @@ -325,7 +325,7 @@ private List getClientArgs(Map properties) { args.add(OPT_VERBOSE); if(properties.containsKey(THIRD_PARTY) || System.getProperty(THIRD_PARTY) != null) args.add(OPT_THIRD_PARTY); - if (properties.containsKey(OPEN_SOURCE_ONLY) || System.getProperty(OPEN_SOURCE_ONLY) != null) + if (properties.containsKey(OPEN_SOURCE_ONLY) || System.getProperty(OPEN_SOURCE_ONLY) != null || properties.get(CoreConstants.SCANNER_TYPE).equals("Sca")) args.add(OPT_OPEN_SOURCE_ONLY); if (properties.containsKey(SOURCE_CODE_ONLY) || System.getProperty(SOURCE_CODE_ONLY) != null) args.add(OPT_SOURCE_CODE_ONLY); From a5f7a4e7e221edd5f7b61df9698ffc62d175cb8e Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Fri, 3 Nov 2023 18:12:06 +0530 Subject: [PATCH 04/10] Update CoreConstants.java SAST-SCA --- src/main/java/com/hcl/appscan/sdk/CoreConstants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index bb0f158e..595ead23 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -50,7 +50,7 @@ public interface CoreConstants { String CLIENT_TYPE = "ClientType"; //$NON-NLS-1$ String API_ENV = "/api/v2"; //$NON-NLS-1$ - String API_ENV_V4 = "api/v4"; //$NON-NLS-1$ + String API_ENV_V4 = "/api/v4"; //$NON-NLS-1$ String API_BLUEMIX = "Bluemix"; //$NON-NLS-1$ String API_BLUEMIX_LOGIN = API_ENV + "/Account/BluemixLogin"; //$NON-NLS-1$ String API_KEY_LOGIN = API_ENV + "/Account/ApiKeyLogin"; //$NON-NLS-1$ From aaed4eac034073e3167f47d0e5bbe0300ee6e84a Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Thu, 9 Nov 2023 17:50:41 +0530 Subject: [PATCH 05/10] Handled the boolean parameter issue --- .../com/hcl/appscan/sdk/CoreConstants.java | 1 + .../com/hcl/appscan/sdk/http/HttpClient.java | 32 +++++++++++++++++-- .../com/hcl/appscan/sdk/messages.properties | 1 + .../sdk/scan/CloudScanServiceProvider.java | 6 ++-- .../appscan/sdk/scanners/sast/SASTScan.java | 5 +++ 5 files changed, 38 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index b9a93187..2b5ab15b 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -129,6 +129,7 @@ public interface CoreConstants { String ERROR_UPLOADING_FILE = "error.upload.file"; //$NON-NLS-1$ String ERROR_GETTING_INFO = "error.getting.info"; //$NON-NLS-1$ String ERROR_URL_VALIDATION = "error.url.validation"; //$NON-NLS-1$ + String WARNING_SCA = "warning.sca"; //$NON-NLS-1$ String FORMAT_PARAMS = "FormatParams"; //$NON-NLS-1$ // ASE Status Messages diff --git a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java index a943513d..632a1447 100644 --- a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java +++ b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java @@ -19,6 +19,7 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; +import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; @@ -170,12 +171,37 @@ public HttpResponse postForm(String url, return post(url, headerProperties, body); } - public HttpResponse postFormNew(String url, Map headerProperties, Map params) + /** + * Submit a form with parameters using the post request, mainly for v4 APIs. + * + * @param url The URL string. + * @param headerProperties An optional Map of header properties. + * @param params An optional Map of parameters. + * @return The response as a byte array. + * @throws IOException If an error occurs. + */ + public HttpResponse postFormV4(String url, Map headerProperties, Map params) throws IOException { - JSONObject json = new JSONObject(params); + Map objectMap = new HashMap<>(); + for (String key : params.keySet()) { + String value = params.get(key); + if (value != null) { + if (value.equalsIgnoreCase("true")) { + objectMap.put(key, true); + } else if (value.equalsIgnoreCase("false")) { + objectMap.put(key, false); + } else { + // If the string is not "true" or "false," keep it as is + objectMap.put(key, value); + } + } else { + // If the value is not a string, keep it as is + objectMap.put(key, value); + } + } + JSONObject json = new JSONObject(objectMap); String body = json.toString(); return post(url, headerProperties, body); - } /** diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties index a637bbce..82e0fa16 100644 --- a/src/main/java/com/hcl/appscan/sdk/messages.properties +++ b/src/main/java/com/hcl/appscan/sdk/messages.properties @@ -51,6 +51,7 @@ error.http=Response Code: {0}\nReason: {1} error.login.type.deprectated=The specified login type is deprecated. Please use API key and secret. error.getting.info=An error occurred getting information for {0} with id {1}. error.url.validation = An error occurred while validating the URL. +warning.sca = Note: To scan open-source files, use the Software Composition Analysis (SCA) scan type. AppScan on Cloud is phasing out open source-only scanning with static analysis scans. #Presence error.getting.presence.details=An error occurred retrieving details for Presence with id {0}. diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 1eb8aff2..53332c75 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -58,10 +58,8 @@ public String createAndExecuteScan(String type, Map params) { Map request_headers = m_authProvider.getAuthorizationHeader(true); String request_url; if(type.equals("Sca")) { + // To execute the SCA scan we are using the V4 APIs. request_url = m_authProvider.getServer() + String.format(API_SCANNER_V4, "Sca"); - params.remove("EnableMailNotification"); - params.remove("FullyAutomatic"); - params.remove("acceptInvalidCerts"); request_headers.put("Content-Type", "application/json"); request_headers.put("accept", "application/json"); } else { @@ -73,7 +71,7 @@ public String createAndExecuteScan(String type, Map params) { try { HttpResponse response; if (type.equals("Sca")) { - response = client.postFormNew(request_url,request_headers,params); + response = client.postFormV4(request_url,request_headers,params); } else { response = client.postForm(request_url, request_headers, params); } diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java index 563081b8..31dbe13c 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java @@ -17,6 +17,7 @@ import com.hcl.appscan.sdk.error.ScannerException; import com.hcl.appscan.sdk.logging.DefaultProgress; import com.hcl.appscan.sdk.logging.IProgress; +import com.hcl.appscan.sdk.logging.Message; import com.hcl.appscan.sdk.scan.IScanServiceProvider; import com.hcl.appscan.sdk.scanners.ASoCScan; import com.hcl.appscan.sdk.utils.ArchiveUtil; @@ -47,6 +48,10 @@ public void run() throws ScannerException, InvalidTargetException { if(target == null || !(new File(target).exists())) throw new InvalidTargetException(Messages.getMessage(TARGET_INVALID, target)); + if (getProperties().containsKey(OPEN_SOURCE_ONLY)){ + getProgress().setStatus(new Message(Message.WARNING, Messages.getMessage(CoreConstants.WARNING_SCA))); + } + try { if(getProperties().containsKey(CoreConstants.UPLOAD_DIRECT)){ generateZip(); From 1e690a4f2f9454b45a40f1dcd6598c3cb674cc02 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Thu, 9 Nov 2023 18:00:41 +0530 Subject: [PATCH 06/10] Update CloudScanServiceProvider.java --- .../sdk/scan/CloudScanServiceProvider.java | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 53332c75..5905a590 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -55,26 +55,26 @@ public String createAndExecuteScan(String type, Map params) { return null; m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(EXECUTING_SCAN))); - Map request_headers = m_authProvider.getAuthorizationHeader(true); - String request_url; - if(type.equals("Sca")) { - // To execute the SCA scan we are using the V4 APIs. - request_url = m_authProvider.getServer() + String.format(API_SCANNER_V4, "Sca"); - request_headers.put("Content-Type", "application/json"); - request_headers.put("accept", "application/json"); - } else { - request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); - } + Map request_headers = m_authProvider.getAuthorizationHeader(true); + String request_url; + if(type.equals("Sca")) { + // To execute the SCA scan we are using the V4 APIs. + request_url = m_authProvider.getServer() + String.format(API_SCANNER_V4, "Sca"); + request_headers.put("Content-Type", "application/json"); + request_headers.put("accept", "application/json"); + } else { + request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); + } HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); try { HttpResponse response; - if (type.equals("Sca")) { - response = client.postFormV4(request_url,request_headers,params); - } else { - response = client.postForm(request_url, request_headers, params); - } + if (type.equals("Sca")) { + response = client.postFormV4(request_url,request_headers,params); + } else { + response = client.postForm(request_url, request_headers, params); + } int status = response.getResponseCode(); JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); From 92f62255a0edbac71251a4e5357ca5295550c046 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary <102226698+vishalhcl-5960@users.noreply.github.com> Date: Thu, 9 Nov 2023 18:02:14 +0530 Subject: [PATCH 07/10] Update SASTConstants.java --- .../java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java index a0d4854f..ff65cc0b 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java @@ -14,7 +14,7 @@ public interface SASTConstants { String APPSCAN_CLIENT_VERSION = "APPSCAN_CLIENT_VERSION"; //$NON-NLS-1$ String IRGEN_CLIENT_PLUGIN_VERSION = "IRGEN_CLIENT_PLUGIN_VERSION"; //$NON-NLS-1$ String ARSA_FILE_ID = "ARSAFileId"; //$NON-NLS-1$ - String FILE_ID = "ApplicationFileId"; //$NON-NLS-1$ + String FILE_ID = "ApplicationFileId"; //$NON-NLS-1$ String WIN_SCRIPT = "appscan.bat"; //$NON-NLS-1$ String UNIX_SCRIPT = "appscan.sh"; //$NON-NLS-1$ From 0e89d21cf34df1fbb578ef53cbb27d9d14af4b73 Mon Sep 17 00:00:00 2001 From: kripajoym <36063366+kripajoym@users.noreply.github.com> Date: Thu, 9 Nov 2023 18:14:37 +0530 Subject: [PATCH 08/10] Update SASTConstants.java --- .../java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java index ff65cc0b..2251e6b8 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java @@ -15,7 +15,7 @@ public interface SASTConstants { String IRGEN_CLIENT_PLUGIN_VERSION = "IRGEN_CLIENT_PLUGIN_VERSION"; //$NON-NLS-1$ String ARSA_FILE_ID = "ARSAFileId"; //$NON-NLS-1$ String FILE_ID = "ApplicationFileId"; //$NON-NLS-1$ - String WIN_SCRIPT = "appscan.bat"; //$NON-NLS-1$ + String WIN_SCRIPT = "appscan.bat"; //$NON-NLS-1$ String UNIX_SCRIPT = "appscan.sh"; //$NON-NLS-1$ String IRX_EXTENSION = ".irx"; //$NON-NLS-1$ From 88c3c4e7f0f8c234c01c57052ac3e08aba1adce6 Mon Sep 17 00:00:00 2001 From: kripajoym <36063366+kripajoym@users.noreply.github.com> Date: Thu, 9 Nov 2023 18:21:56 +0530 Subject: [PATCH 09/10] Update CloudScanServiceProvider.java --- .../appscan/sdk/scan/CloudScanServiceProvider.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 5905a590..06961ee0 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -70,11 +70,11 @@ public String createAndExecuteScan(String type, Map params) { try { HttpResponse response; - if (type.equals("Sca")) { - response = client.postFormV4(request_url,request_headers,params); - } else { - response = client.postForm(request_url, request_headers, params); - } + if (type.equals("Sca")) { + response = client.postFormV4(request_url,request_headers,params); + } else { + response = client.postForm(request_url, request_headers, params); + } int status = response.getResponseCode(); JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); @@ -93,7 +93,7 @@ public String createAndExecuteScan(String type, Map params) { } errorResponse = MessageFormat.format(errorResponse, (Object[]) messageParams); } - } + } m_progress.setStatus(new Message(Message.ERROR, errorResponse)); } else From 32b896c51fa79c03d77a2483415a2da3ff72fe6e Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Thu, 9 Nov 2023 18:27:56 +0530 Subject: [PATCH 10/10] Update CloudScanServiceProvider.java --- .../java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 5905a590..f95514c6 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -79,7 +79,7 @@ public String createAndExecuteScan(String type, Map params) { JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); - if (status == HttpsURLConnection.HTTP_CREATED || status == 200) { + if (status == HttpsURLConnection.HTTP_CREATED || status == HttpsURLConnection.HTTP_OK) { m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(CREATE_SCAN_SUCCESS))); return json.getString(ID); } else if (json != null && json.has(MESSAGE)) {