[ASA 9675] DAST rescan

src/main/java/com/hcl/appscan/sdk/CoreConstants.java

@@ -72,7 +72,7 @@ public interface CoreConstants {
 	String API_PRESENCES_ID				= API_ENV_LATEST + "/Presences/%s";						//$NON-NLS-1$
 	String API_PRESENCES_NEW_KEY		= API_ENV_LATEST + "/Presences/%s/NewKey";				//$NON-NLS-1$
 	String API_BASIC_DETAILS			= API_ENV_LATEST + "/Scans";							//$NON-NLS-1$
-	String API_SCANNER_DETAILS			= API_ENV + "/Scans/&s/&s";								//$NON-NLS-1$
+	String API_SCANNER_DETAILS			= API_ENV_LATEST + "/Scans/%s/%s";								//$NON-NLS-1$
 	String API_FILE_UPLOAD				= API_ENV_LATEST + "/FileUpload";						//$NON-NLS-1$
 	String API_SCAN						= API_ENV + "/%s";										//$NON-NLS-1$
 	String API_SCANNER					= API_ENV_LATEST + "/Scans/%s";							//$NON-NLS-1$
@@ -91,6 +91,8 @@ public interface CoreConstants {
 	String API_IS_VALID_URL				= API_ENV_LATEST + "/Scans/IsValidUrl";					//$NON-NLS-1$
 	String API_AUTHENTICATION			= API_ENV_LATEST + "/Account/IsAuthenticated";			//$NON-NLS-1$
 	String API_TENANT_INFO				= API_ENV_LATEST + "/Account/TenantInfo";				//$NON-NLS-1$
+	String API_SAST_DETAILS				= API_ENV_LATEST + "/Sast/%s";				            //$NON-NLS-1$
+	String API_EXECUTION_DETAILS		        = API_ENV_LATEST + "/Scans/%s/Executions";				    //$NON-NLS-1$
 
 	String DEFAULT_RESULT_NAME			= "asoc_results";										//$NON-NLS-1$
 	String SACLIENT_INSTALL_DIR			= "SAClientInstall";									//$NON-NLS-1$
@@ -146,8 +148,8 @@ public interface CoreConstants {
 	String ERROR_GETTING_INFO			= "error.getting.info";									//$NON-NLS-1$
     String ERROR_URL_VALIDATION			= "error.url.validation";								//$NON-NLS-1$
     String FORMAT_PARAMS				= "FormatParams";								        //$NON-NLS-1$
-	String ERROR_GETTING_SCANLOG		= "error.getting.scanlog";								//$NON-NLS-1$
-	
+    String ERROR_GETTING_SCANLOG		= "error.getting.scanlog";								//$NON-NLS-1$
+    String ERROR_CANCEL_RESCAN  		= "error.cancel.rescan";								//$NON-NLS-1$
 	// ASE Status Messages
 	String CREATING_JOB                 = "message.creating.job";                               //$NON-NLS-1$
 	String CREATE_JOB_SUCCESS			= "message.created.job";								//$NON-NLS-1$

src/main/java/com/hcl/appscan/sdk/messages.properties

@@ -57,6 +57,7 @@ error.getting.info=An error occurred getting information for {0} with id {1}.
 error.getting.scanlog=An error occurred retrieving the scan log.
 error.url.validation = An error occurred while validating the Starting URL: {0}.
 message.update.job = Updated the scan job parameters.
+error.cancel.rescan = The rescan may have been cancelled due to an issue. Please check the scan status on the AppScan server.
 
 #Presence
 error.getting.presence.details=An error occurred retrieving details for Presence with id {0}.

src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java

@@ -58,8 +58,16 @@ protected void loadResults() {
                     return;
                 }
 
+                if (m_executionId != null && !m_executionId.isEmpty()) {
+                    String executionId = obj.getString(ID);
+                    if (executionId.equals(m_executionId)) {
+                        m_status = obj.getString(STATUS);
+                    } else {
+                        m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(ERROR_CANCEL_RESCAN)));
+                        m_status = FAILED;
+                    }
+                }
 
-                m_status = obj.getString(STATUS);
                 if (FAILED.equalsIgnoreCase(m_status) && obj.has(USER_MESSAGE)) {
                     m_progress.setStatus(new Message(Message.ERROR, obj.getString(USER_MESSAGE)));
                     m_message = obj.getString(USER_MESSAGE);

src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java

@@ -94,13 +94,19 @@ public void run() throws ScannerException, InvalidTargetException {
 
         try {
             JSONObject propertiesJSON = createJSONForProperties(params);
-            setScanId(getServiceProvider().createAndExecuteScan(type, propertiesJSON));
+            if (getRescan()) {
+                setScanId(params.get(CoreConstants.SCAN_ID));
+                setExecutionId(getServiceProvider().rescan(getScanId(), propertiesJSON));
+                if(getExecutionId() == null)
+                    throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
+            } else {
+                setScanId(getServiceProvider().createAndExecuteScan(type, propertiesJSON));
+                if(getScanId() == null)
+                    throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
+            }
         } catch (JSONException e) {
             throw new ScannerException(Messages.getMessage(ERROR_RUNNING_SCAN, e.getLocalizedMessage()));
         }
-
-		if(getScanId() == null)
-			throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
 	}
 
     private JSONObject createJSONForProperties(Map<String, String> params) throws JSONException {

src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java

@@ -122,12 +122,14 @@ protected void analyzeIR() throws IOException, ScannerException {
                     setScanId(params.get(CoreConstants.SCAN_ID));
                     params.put(CoreConstants.FILE_ID, fileId);
                     submitRescan();
+                    if(getExecutionId() == null)
+                        throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
                 } else {
                     params.put(FILE_ID, fileId);
                     submitScan();
+                    if(getScanId() == null)
+                        throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
                 }
-		if(getScanId() == null)
-			throw new ScannerException(Messages.getMessage(ERROR_SUBMITTING_IRX));
 	}
 
     	protected void submitScan() {

src/main/java/com/hcl/appscan/sdk/utils/ArchiveUtil.java

@@ -123,9 +123,6 @@ public static void zipFileOrFolder(File fileToZip, File zipFile) throws IOExcept
     }
 
     private static void zipFile(File fileToZip, String fileName, ZipOutputStream zipOut) throws IOException {
-        if (fileToZip.getName().startsWith(".")) {
-            return;
-        }
         if (fileToZip.isDirectory()) {
             File[] children = fileToZip.listFiles();
             for (File childFile : children) {

src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java

@@ -223,77 +223,141 @@ private static boolean hasEntitlement(String scanType, IAuthenticationProvider p
 		return false;
 	}
 
+    public static String updatedScanType(String type) {
+        switch (type) {
+            case "Static Analyzer":
+                return STATIC_TECH;
+            case "Dynamic Analyzer":
+                return DYNAMIC_TECH;
+            case CoreConstants.SOFTWARE_COMPOSITION_ANALYZER:
+                return SCA_TECH;
+        }
+        return type;
+    }
+
     /**
-     * Checks if the given scanId is valid for scanning.
+     * Update the scan data.
      *
-     * @param scanId The scanId to test.
-     * @param applicationId The applicationId to verify.
-     * @param type The scanType to verify.
+     * @param scanId The scanId of the scan whose configuration has to update.
+     * @param params The map of properties which has to update .
      * @param provider The IAuthenticationProvider for authentication.
-     * @return True if the scanId is valid. False is returned if the scanId is not valid, the request fails, or an exception occurs.
+     * @param progress The IProgress for setting the status messages.
      */
-    public static boolean isScanId(String scanId, String applicationId, String type, IAuthenticationProvider provider) {
+    public static void updateScanData(Map<String, String> params, String scanId, IAuthenticationProvider provider, IProgress progress) {
         if (provider.isTokenExpired()) {
-            return true;
+            return;
         }
 
-        String request_url = provider.getServer() + API_BASIC_DETAILS;
-        request_url += "?$filter=Id%20eq%20" + scanId + "&%24select=AppId%2C%20Technology";
+        String request_url = provider.getServer() + String.format(API_SCANNER,scanId);
         Map<String, String> request_headers = provider.getAuthorizationHeader(true);
+        request_headers.put("accept", "application/json");
+        request_headers.put("Content-Type", "application/json");
 
         HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts());
         try {
-            HttpResponse response = client.get(request_url, request_headers, null);
-
-            if (response.isSuccess()) {
-                JSONObject obj = (JSONObject) response.getResponseBodyAsJSON();
-                JSONArray array = (JSONArray) obj.get(ITEMS);
-                if (array.isEmpty()) {
-                    return false;
-                } else {
-                    JSONObject body = (JSONObject) array.getJSONObject(0);
-                    String appId = body.getString(CoreConstants.APP_ID);
-                    String technologyName = body.getString("Technology");
-                    return appId.equals(applicationId) && technologyName.equals(updatedScanType(type));
-                }
+            HttpResponse response = client.put(request_url, request_headers, params);
+            if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) {
+                progress.setStatus(new Message(Message.INFO, Messages.getMessage(UPDATE_JOB)));
             }
         } catch (IOException | JSONException e) {
-            // Ignore and return false.
+            progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage())));
         }
-
-        return false;
     }
 
-    public static String updatedScanType(String type) {
+    public static String scanTypeShortForm(String type) {
         switch (type) {
             case "Static Analyzer":
-                return STATIC_TECH;
+                return "Sast";
             case "Dynamic Analyzer":
-                return DYNAMIC_TECH;
+                return "Dast";
             case CoreConstants.SOFTWARE_COMPOSITION_ANALYZER:
-                return SCA_TECH;
+                return "Sca";
         }
         return type;
     }
 
-    public static void updateScanData(Map<String, String> params, String scanId, IAuthenticationProvider provider, IProgress progress) {
+    /**
+     * Fetch the detailed description of a scan.
+     *
+     * @param type The selected scan type
+     * @param scanId The scanId to test
+     * @param provider The IAuthenticationProvider for authentication.
+     * @return JSONObject.
+     */
+    public static JSONObject getScanDetails(String type, String scanId, IAuthenticationProvider provider) {
         if (provider.isTokenExpired()) {
-            return;
+            return null;
         }
 
-        String request_url = provider.getServer() + String.format(API_SCANNER,scanId);
+        String request_url = provider.getServer() + String.format(API_SCANNER_DETAILS, scanTypeShortForm(type), scanId);
         Map<String, String> request_headers = provider.getAuthorizationHeader(true);
         request_headers.put("accept", "application/json");
         request_headers.put("Content-Type", "application/json");
 
         HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts());
         try {
-            HttpResponse response = client.put(request_url, request_headers, params);
-            if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) {
-                progress.setStatus(new Message(Message.INFO, Messages.getMessage(UPDATE_JOB)));
+            HttpResponse response = client.get(request_url, request_headers, null);
+
+            if (response.isSuccess()) {
+                return (JSONObject) response.getResponseBodyAsJSON();
             }
         } catch (IOException | JSONException e) {
-            progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage())));
+            // Ignore and return false.
+        }
+
+        return null;
+    }
+
+    /**
+     * Fetch the details of all the executions of a scan.
+     *
+     * @param scanId The scanId to test
+     * @param provider The IAuthenticationProvider for authentication.
+     * @return JSONArray.
+     */
+    public static JSONArray getBaseScanDetails(String scanId, IAuthenticationProvider provider) {
+        if (provider.isTokenExpired()) {
+            return null;
+        }
+
+        String request_url = provider.getServer() + String.format(API_EXECUTION_DETAILS, scanId);
+        request_url += "?$filter=IsValidForIncremental%20eq%20true&%24select=Id%2C%20CreatedAt%2C%20IsValidForIncremental&%24orderby=CreatedAt%20desc";
+        Map<String, String> request_headers = provider.getAuthorizationHeader(true);
+        request_headers.put("accept", "application/json");
+        request_headers.put("Content-Type", "application/json");
+
+        HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts());
+        try {
+            HttpResponse response = client.get(request_url, request_headers, null);
+
+            if (response.isSuccess()) {
+                return (JSONArray) response.getResponseBodyAsJSON();
+            }
+        } catch (IOException | JSONException e) {
+            // Ignore and move on.
+        }
+
+        return null;
+    }
+
+    /**
+     * Fetch the build version of the A360 server.
+     *
+     * @param provider The IAuthenticationProvider for authentication.
+     * @return The build server of the server.
+     */
+    public static String getServiceVersion(IAuthenticationProvider provider) {
+        String request_url = provider.getServer() + "/assets/versions.json";
+        HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts());
+        try {
+            HttpResponse response = client.get(request_url, null, null);
+            if (response.isSuccess()) {
+                JSONObject body = (JSONObject) response.getResponseBodyAsJSON();
+                return body.getString("MainVersion");
+            }
+        } catch (IOException | JSONException e) {
+            return "0"; //$NON-NLS-1$
         }
+        return null;
     }
 }