diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index e59f60ed..e49940f8 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -72,7 +72,7 @@ public interface CoreConstants { String API_PRESENCES_ID = API_ENV_LATEST + "/Presences/%s"; //$NON-NLS-1$ String API_PRESENCES_NEW_KEY = API_ENV_LATEST + "/Presences/%s/NewKey"; //$NON-NLS-1$ String API_BASIC_DETAILS = API_ENV_LATEST + "/Scans"; //$NON-NLS-1$ - String API_SCANNER_DETAILS = API_ENV + "/Scans/&s/&s"; //$NON-NLS-1$ + String API_SCANNER_DETAILS = API_ENV_LATEST + "/Scans/%s/%s"; //$NON-NLS-1$ String API_FILE_UPLOAD = API_ENV_LATEST + "/FileUpload"; //$NON-NLS-1$ String API_SCAN = API_ENV + "/%s"; //$NON-NLS-1$ String API_SCANNER = API_ENV_LATEST + "/Scans/%s"; //$NON-NLS-1$ @@ -91,6 +91,7 @@ public interface CoreConstants { String API_IS_VALID_URL = API_ENV_LATEST + "/Scans/IsValidUrl"; //$NON-NLS-1$ String API_AUTHENTICATION = API_ENV_LATEST + "/Account/IsAuthenticated"; //$NON-NLS-1$ String API_TENANT_INFO = API_ENV_LATEST + "/Account/TenantInfo"; //$NON-NLS-1$ + String API_EXECUTION_DETAILS = API_ENV_LATEST + "/Scans/%s/Executions"; //$NON-NLS-1$ String DEFAULT_RESULT_NAME = "asoc_results"; //$NON-NLS-1$ String SACLIENT_INSTALL_DIR = "SAClientInstall"; //$NON-NLS-1$ @@ -144,10 +145,10 @@ public interface CoreConstants { String ERROR_SUBMITTING_SCAN = "error.submit.scan"; //$NON-NLS-1$ String ERROR_UPLOADING_FILE = "error.upload.file"; //$NON-NLS-1$ String ERROR_GETTING_INFO = "error.getting.info"; //$NON-NLS-1$ - String ERROR_URL_VALIDATION = "error.url.validation"; //$NON-NLS-1$ - String FORMAT_PARAMS = "FormatParams"; //$NON-NLS-1$ + String ERROR_URL_VALIDATION = "error.url.validation"; //$NON-NLS-1$ + String FORMAT_PARAMS = "FormatParams"; //$NON-NLS-1$ String ERROR_GETTING_SCANLOG = "error.getting.scanlog"; //$NON-NLS-1$ - + String ERROR_CANCEL_RESCAN = "error.cancel.rescan"; //$NON-NLS-1$ // ASE Status Messages String CREATING_JOB = "message.creating.job"; //$NON-NLS-1$ String CREATE_JOB_SUCCESS = "message.created.job"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties index eb348dbc..3fff6e5f 100644 --- a/src/main/java/com/hcl/appscan/sdk/messages.properties +++ b/src/main/java/com/hcl/appscan/sdk/messages.properties @@ -57,6 +57,7 @@ error.getting.info=An error occurred getting information for {0} with id {1}. error.getting.scanlog=An error occurred retrieving the scan log. error.url.validation = An error occurred while validating the Starting URL: {0}. message.update.job = Updated the scan job parameters. +error.cancel.rescan = Rescan ID {0} not found. It may have been canceled or deleted. Verify the scan status on the AppScan server and retry. #Presence error.getting.presence.details=An error occurred retrieving details for Presence with id {0}. diff --git a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java index 400286c4..af1cc025 100644 --- a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java @@ -58,8 +58,18 @@ protected void loadResults() { return; } + if (m_executionId != null && !m_executionId.isEmpty()) { + String executionId = obj.getString(ID); + if (executionId.equals(m_executionId)) { + m_status = obj.getString(STATUS); + } else { + m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(ERROR_CANCEL_RESCAN, m_executionId))); + m_status = FAILED; + } + } else { + m_status = obj.getString(STATUS); + } - m_status = obj.getString(STATUS); if (FAILED.equalsIgnoreCase(m_status) && obj.has(USER_MESSAGE)) { m_progress.setStatus(new Message(Message.ERROR, obj.getString(USER_MESSAGE))); m_message = obj.getString(USER_MESSAGE); diff --git a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java index be50c587..79208bb0 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java @@ -419,6 +419,11 @@ public void setProgress(IProgress progress) { m_progress = progress; } + @Override + public JSONArray getBaseScanDetails(String scanId) { + return null; + } + private String getReportPackId(String jobId) { return String.valueOf(Integer.parseInt(jobId)+1); // Uncomment the below code when you figure out how to parse the reponse. diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 152d5a55..bc9dfbfa 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -18,6 +18,7 @@ import javax.net.ssl.HttpsURLConnection; +import com.hcl.appscan.sdk.logging.DefaultProgress; import com.hcl.appscan.sdk.scanners.dynamic.DASTConstants; import com.hcl.appscan.sdk.utils.FileUtil; import com.hcl.appscan.sdk.utils.ServiceUtil; @@ -50,6 +51,10 @@ public CloudScanServiceProvider(IProgress progress, IAuthenticationProvider auth m_progress = progress; m_authProvider = authProvider; } + + public CloudScanServiceProvider(IAuthenticationProvider authProvider) { + this(new DefaultProgress(), authProvider); + } @Override public String createAndExecuteScan(String type, Map params) { @@ -67,7 +72,7 @@ public String rescan(String scanId, Map params) { updateParams.put("Name", params.remove(CoreConstants.SCAN_NAME)); updateParams.put("EnableMailNotifications", params.remove(CoreConstants.EMAIL_NOTIFICATION)); updateParams.put("FullyAutomatic", params.remove("FullyAutomatic")); - ServiceUtil.updateScanData(updateParams, scanId, m_authProvider, m_progress); + updateScanData(updateParams, scanId); String progressMessage = Messages.getMessage(RESCAN_SUCCESS); String overviewMessage = Messages.getMessage(RESCAN_OVERVIEW); @@ -197,6 +202,30 @@ public JSONObject getScanDetails(String scanId) throws IOException, JSONExceptio return null; } + + public JSONObject getScanDetails(String type, String scanId) { + if (loginExpired()) { + return null; + } + + String request_url = m_authProvider.getServer() + String.format(API_SCANNER_DETAILS, ServiceUtil.scanTypeShortForm(type), scanId); + Map request_headers = m_authProvider.getAuthorizationHeader(true); + request_headers.put("accept", "application/json"); + request_headers.put("Content-Type", "application/json"); + + HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); + try { + HttpResponse response = client.get(request_url, request_headers, null); + + if (response.isSuccess()) { + return (JSONObject) response.getResponseBodyAsJSON(); + } + } catch (IOException | JSONException e) { + // Ignore and move on. + } + + return null; + } @Override public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONException { @@ -269,4 +298,51 @@ private boolean verifyApplication(String appId) { public void setProgress(IProgress progress) { m_progress = progress; } + + @Override + public JSONArray getBaseScanDetails(String scanId) { + if (loginExpired()) { + return null; + } + + String request_url = m_authProvider.getServer() + String.format(API_EXECUTION_DETAILS, scanId); + request_url += "?$filter=IsValidForIncremental%20eq%20true&%24select=Id%2C%20CreatedAt%2C%20IsValidForIncremental&%24orderby=CreatedAt%20desc"; + Map request_headers = m_authProvider.getAuthorizationHeader(true); + request_headers.put("accept", "application/json"); + request_headers.put("Content-Type", "application/json"); + + HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); + try { + HttpResponse response = client.get(request_url, request_headers, null); + + if (response.isSuccess()) { + return (JSONArray) response.getResponseBodyAsJSON(); + } + } catch (IOException | JSONException e) { + // Ignore and move on. + } + + return null; + } + + public void updateScanData(Map params, String scanId) { + if (loginExpired()) { + return; + } + + String request_url = m_authProvider.getServer() + String.format(API_SCANNER,scanId); + Map request_headers = m_authProvider.getAuthorizationHeader(true); + request_headers.put("accept", "application/json"); + request_headers.put("Content-Type", "application/json"); + + HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); + try { + HttpResponse response = client.put(request_url, request_headers, params); + if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) { + m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(UPDATE_JOB))); + } + } catch (IOException | JSONException e) { + m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage()))); + } + } } diff --git a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java index 41e858ce..2bd8dbc6 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java @@ -92,4 +92,12 @@ public interface IScanServiceProvider { * @param progress The {@link IProgress}. */ public void setProgress(IProgress progress); + + /** + * Fetch the details of all the executions of a scan. + * + * @param scanId The scanId to test + * @return JSONArray. + */ + public JSONArray getBaseScanDetails(String scanId); } diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java index 6d357c01..3ea42c2c 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java @@ -94,13 +94,19 @@ public void run() throws ScannerException, InvalidTargetException { try { JSONObject propertiesJSON = createJSONForProperties(params); - setScanId(getServiceProvider().createAndExecuteScan(type, propertiesJSON)); + if (getRescan()) { + setScanId(params.get(CoreConstants.SCAN_ID)); + setExecutionId(getServiceProvider().rescan(getScanId(), propertiesJSON)); + if(getExecutionId() == null) + throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN)); + } else { + setScanId(getServiceProvider().createAndExecuteScan(type, propertiesJSON)); + if(getScanId() == null) + throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN)); + } } catch (JSONException e) { throw new ScannerException(Messages.getMessage(ERROR_RUNNING_SCAN, e.getLocalizedMessage())); } - - if(getScanId() == null) - throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN)); } private JSONObject createJSONForProperties(Map params) throws JSONException { diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java index 7052096b..77776b9c 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java @@ -122,12 +122,14 @@ protected void analyzeIR() throws IOException, ScannerException { setScanId(params.get(CoreConstants.SCAN_ID)); params.put(CoreConstants.FILE_ID, fileId); submitRescan(); + if(getExecutionId() == null) + throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN)); } else { params.put(FILE_ID, fileId); submitScan(); + if(getScanId() == null) + throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN)); } - if(getScanId() == null) - throw new ScannerException(Messages.getMessage(ERROR_SUBMITTING_IRX)); } protected void submitScan() { diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ArchiveUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ArchiveUtil.java index aad9f8c0..5034eea0 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ArchiveUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ArchiveUtil.java @@ -123,9 +123,6 @@ public static void zipFileOrFolder(File fileToZip, File zipFile) throws IOExcept } private static void zipFile(File fileToZip, String fileName, ZipOutputStream zipOut) throws IOException { - if (fileToZip.getName().startsWith(".")) { - return; - } if (fileToZip.isDirectory()) { File[] children = fileToZip.listFiles(); for (File childFile : children) { diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index 2eb3186f..3f58b308 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -223,47 +223,6 @@ private static boolean hasEntitlement(String scanType, IAuthenticationProvider p return false; } - /** - * Checks if the given scanId is valid for scanning. - * - * @param scanId The scanId to test. - * @param applicationId The applicationId to verify. - * @param type The scanType to verify. - * @param provider The IAuthenticationProvider for authentication. - * @return True if the scanId is valid. False is returned if the scanId is not valid, the request fails, or an exception occurs. - */ - public static boolean isScanId(String scanId, String applicationId, String type, IAuthenticationProvider provider) { - if (provider.isTokenExpired()) { - return true; - } - - String request_url = provider.getServer() + API_BASIC_DETAILS; - request_url += "?$filter=Id%20eq%20" + scanId + "&%24select=AppId%2C%20Technology"; - Map request_headers = provider.getAuthorizationHeader(true); - - HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts()); - try { - HttpResponse response = client.get(request_url, request_headers, null); - - if (response.isSuccess()) { - JSONObject obj = (JSONObject) response.getResponseBodyAsJSON(); - JSONArray array = (JSONArray) obj.get(ITEMS); - if (array.isEmpty()) { - return false; - } else { - JSONObject body = (JSONObject) array.getJSONObject(0); - String appId = body.getString(CoreConstants.APP_ID); - String technologyName = body.getString("Technology"); - return appId.equals(applicationId) && technologyName.equals(updatedScanType(type)); - } - } - } catch (IOException | JSONException e) { - // Ignore and return false. - } - - return false; - } - public static String updatedScanType(String type) { switch (type) { case "Static Analyzer": @@ -276,24 +235,36 @@ public static String updatedScanType(String type) { return type; } - public static void updateScanData(Map params, String scanId, IAuthenticationProvider provider, IProgress progress) { - if (provider.isTokenExpired()) { - return; + public static String scanTypeShortForm(String type) { + switch (type) { + case "Static Analyzer": + return "Sast"; + case "Dynamic Analyzer": + return "Dast"; + case CoreConstants.SOFTWARE_COMPOSITION_ANALYZER: + return "Sca"; } + return type; + } - String request_url = provider.getServer() + String.format(API_SCANNER,scanId); - Map request_headers = provider.getAuthorizationHeader(true); - request_headers.put("accept", "application/json"); - request_headers.put("Content-Type", "application/json"); - + /** + * Fetch the build version of the A360 server. + * + * @param provider The IAuthenticationProvider for authentication. + * @return The build server of the server. + */ + public static String getServiceVersion(IAuthenticationProvider provider) { + String request_url = provider.getServer() + "/assets/versions.json"; HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts()); try { - HttpResponse response = client.put(request_url, request_headers, params); - if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) { - progress.setStatus(new Message(Message.INFO, Messages.getMessage(UPDATE_JOB))); + HttpResponse response = client.get(request_url, null, null); + if (response.isSuccess()) { + JSONObject body = (JSONObject) response.getResponseBodyAsJSON(); + return body.getString("MainVersion"); } } catch (IOException | JSONException e) { - progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage()))); + return "0"; //$NON-NLS-1$ } + return null; } }