[ASA 9675] DAST rescan

src/main/java/com/hcl/appscan/sdk/CoreConstants.java

@@ -72,7 +72,7 @@ public interface CoreConstants {
 	String API_PRESENCES_ID				= API_ENV_LATEST + "/Presences/%s";						//$NON-NLS-1$
 	String API_PRESENCES_NEW_KEY		= API_ENV_LATEST + "/Presences/%s/NewKey";				//$NON-NLS-1$
 	String API_BASIC_DETAILS			= API_ENV_LATEST + "/Scans";							//$NON-NLS-1$
-	String API_SCANNER_DETAILS			= API_ENV + "/Scans/&s/&s";								//$NON-NLS-1$
+	String API_SCANNER_DETAILS			= API_ENV_LATEST + "/Scans/%s/%s";								//$NON-NLS-1$
 	String API_FILE_UPLOAD				= API_ENV_LATEST + "/FileUpload";						//$NON-NLS-1$
 	String API_SCAN						= API_ENV + "/%s";										//$NON-NLS-1$
 	String API_SCANNER					= API_ENV_LATEST + "/Scans/%s";							//$NON-NLS-1$
@@ -91,6 +91,7 @@ public interface CoreConstants {
 	String API_IS_VALID_URL				= API_ENV_LATEST + "/Scans/IsValidUrl";					//$NON-NLS-1$
 	String API_AUTHENTICATION			= API_ENV_LATEST + "/Account/IsAuthenticated";			//$NON-NLS-1$
 	String API_TENANT_INFO				= API_ENV_LATEST + "/Account/TenantInfo";				//$NON-NLS-1$
+	String API_EXECUTION_DETAILS		        = API_ENV_LATEST + "/Scans/%s/Executions";				    //$NON-NLS-1$
 
 	String DEFAULT_RESULT_NAME			= "asoc_results";										//$NON-NLS-1$
 	String SACLIENT_INSTALL_DIR			= "SAClientInstall";									//$NON-NLS-1$
@@ -144,10 +145,10 @@ public interface CoreConstants {
 	String ERROR_SUBMITTING_SCAN		= "error.submit.scan";									//$NON-NLS-1$
 	String ERROR_UPLOADING_FILE			= "error.upload.file";									//$NON-NLS-1$
 	String ERROR_GETTING_INFO			= "error.getting.info";									//$NON-NLS-1$
-    String ERROR_URL_VALIDATION			= "error.url.validation";								//$NON-NLS-1$
-    String FORMAT_PARAMS				= "FormatParams";								        //$NON-NLS-1$
+	String ERROR_URL_VALIDATION			= "error.url.validation";								//$NON-NLS-1$
+	String FORMAT_PARAMS				= "FormatParams";								        //$NON-NLS-1$
 	String ERROR_GETTING_SCANLOG		= "error.getting.scanlog";								//$NON-NLS-1$
-
+	String ERROR_CANCEL_RESCAN  		= "error.cancel.rescan";								//$NON-NLS-1$
 	// ASE Status Messages
 	String CREATING_JOB                 = "message.creating.job";                               //$NON-NLS-1$
 	String CREATE_JOB_SUCCESS			= "message.created.job";								//$NON-NLS-1$

src/main/java/com/hcl/appscan/sdk/messages.properties

@@ -57,6 +57,7 @@ error.getting.info=An error occurred getting information for {0} with id {1}.
 error.getting.scanlog=An error occurred retrieving the scan log.
 error.url.validation = An error occurred while validating the Starting URL: {0}.
 message.update.job = Updated the scan job parameters.
+error.cancel.rescan = Rescan ID {0} not found. It may have been canceled or deleted. Verify the scan status on the AppScan server and retry.
 
 #Presence
 error.getting.presence.details=An error occurred retrieving details for Presence with id {0}.

src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java

@@ -58,8 +58,18 @@ protected void loadResults() {
                     return;
                 }
 
+                if (m_executionId != null && !m_executionId.isEmpty()) {
+                    String executionId = obj.getString(ID);
+                    if (executionId.equals(m_executionId)) {
+                        m_status = obj.getString(STATUS);
+                    } else {
+                        m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(ERROR_CANCEL_RESCAN, m_executionId)));
+                        m_status = FAILED;
+                    }
+                } else {
+                    m_status = obj.getString(STATUS);
+                }
 
-                m_status = obj.getString(STATUS);
                 if (FAILED.equalsIgnoreCase(m_status) && obj.has(USER_MESSAGE)) {
                     m_progress.setStatus(new Message(Message.ERROR, obj.getString(USER_MESSAGE)));
                     m_message = obj.getString(USER_MESSAGE);

src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java

@@ -419,6 +419,11 @@ public void setProgress(IProgress progress) {
         m_progress = progress;
     }
 
+    @Override
+    public JSONArray getBaseScanDetails(String scanId) {
+        return null;
+    }
+
     private String getReportPackId(String jobId) {
         return String.valueOf(Integer.parseInt(jobId)+1);
         // Uncomment the below code when you figure out how to parse the reponse.

src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java

@@ -18,6 +18,7 @@
 
 import javax.net.ssl.HttpsURLConnection;
 
+import com.hcl.appscan.sdk.logging.DefaultProgress;
 import com.hcl.appscan.sdk.scanners.dynamic.DASTConstants;
 import com.hcl.appscan.sdk.utils.FileUtil;
 import com.hcl.appscan.sdk.utils.ServiceUtil;
@@ -50,6 +51,10 @@ public CloudScanServiceProvider(IProgress progress, IAuthenticationProvider auth
 		m_progress = progress;
 		m_authProvider = authProvider;
 	}
+
+	public CloudScanServiceProvider(IAuthenticationProvider authProvider) {
+		this(new DefaultProgress(), authProvider);
+	}
 
     @Override
     public String createAndExecuteScan(String type, Map<String, String> params) {
@@ -67,7 +72,7 @@ public String rescan(String scanId, Map<String, String> params) {
         updateParams.put("Name", params.remove(CoreConstants.SCAN_NAME));
         updateParams.put("EnableMailNotifications", params.remove(CoreConstants.EMAIL_NOTIFICATION));
         updateParams.put("FullyAutomatic", params.remove("FullyAutomatic"));
-        ServiceUtil.updateScanData(updateParams, scanId, m_authProvider, m_progress);
+        updateScanData(updateParams, scanId);
 
         String progressMessage = Messages.getMessage(RESCAN_SUCCESS);
         String overviewMessage = Messages.getMessage(RESCAN_OVERVIEW);
@@ -197,6 +202,30 @@ public JSONObject getScanDetails(String scanId) throws IOException, JSONExceptio
 
 		return null;
 	}
+
+	public JSONObject getScanDetails(String type, String scanId) {
+		if (loginExpired()) {
+			return null;
+		}
+
+		String request_url = m_authProvider.getServer() + String.format(API_SCANNER_DETAILS, ServiceUtil.scanTypeShortForm(type), scanId);
+		Map<String, String> request_headers = m_authProvider.getAuthorizationHeader(true);
+		request_headers.put("accept", "application/json");
+		request_headers.put("Content-Type", "application/json");
+
+		HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts());
+		try {
+			HttpResponse response = client.get(request_url, request_headers, null);
+
+			if (response.isSuccess()) {
+				return (JSONObject) response.getResponseBodyAsJSON();
+			}
+		} catch (IOException | JSONException e) {
+			// Ignore and move on.
+		}
+
+		return null;
+	}
 
 	@Override
 	public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONException {
@@ -269,4 +298,51 @@ private boolean verifyApplication(String appId) {
 	public void setProgress(IProgress progress) {
 		m_progress = progress;
 	}
+
+	@Override
+	public JSONArray getBaseScanDetails(String scanId) {
+		if (loginExpired()) {
+			return null;
+		}
+
+		String request_url = m_authProvider.getServer() + String.format(API_EXECUTION_DETAILS, scanId);
+		request_url += "?$filter=IsValidForIncremental%20eq%20true&%24select=Id%2C%20CreatedAt%2C%20IsValidForIncremental&%24orderby=CreatedAt%20desc";
+		Map<String, String> request_headers = m_authProvider.getAuthorizationHeader(true);
+		request_headers.put("accept", "application/json");
+		request_headers.put("Content-Type", "application/json");
+
+		HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts());
+		try {
+			HttpResponse response = client.get(request_url, request_headers, null);
+
+			if (response.isSuccess()) {
+				return (JSONArray) response.getResponseBodyAsJSON();
+			}
+		} catch (IOException | JSONException e) {
+			// Ignore and move on.
+		}
+
+		return null;
+	}
+
+	public void updateScanData(Map<String, String> params, String scanId) {
+		if (loginExpired()) {
+			return;
+		}
+
+		String request_url = m_authProvider.getServer() + String.format(API_SCANNER,scanId);
+		Map<String, String> request_headers = m_authProvider.getAuthorizationHeader(true);
+		request_headers.put("accept", "application/json");
+		request_headers.put("Content-Type", "application/json");
+
+		HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts());
+		try {
+			HttpResponse response = client.put(request_url, request_headers, params);
+			if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) {
+				m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(UPDATE_JOB)));
+			}
+		} catch (IOException | JSONException e) {
+			m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage())));
+		}
+	}
 }

src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java

@@ -92,4 +92,12 @@ public interface IScanServiceProvider {
 	 * @param progress The {@link IProgress}.
 	 */
 	public void setProgress(IProgress progress);
+
+	/**
+	 * Fetch the details of all the executions of a scan.
+	 *
+	 * @param scanId The scanId to test
+	 * @return JSONArray.
+	 */
+	public JSONArray getBaseScanDetails(String scanId);
 }

src/main/java/com/hcl/appscan/sdk/scanners/dynamic/DASTScan.java

@@ -94,13 +94,19 @@ public void run() throws ScannerException, InvalidTargetException {
 
         try {
             JSONObject propertiesJSON = createJSONForProperties(params);
-            setScanId(getServiceProvider().createAndExecuteScan(type, propertiesJSON));
+            if (getRescan()) {
+                setScanId(params.get(CoreConstants.SCAN_ID));
+                setExecutionId(getServiceProvider().rescan(getScanId(), propertiesJSON));
+                if(getExecutionId() == null)
+                    throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
+            } else {
+                setScanId(getServiceProvider().createAndExecuteScan(type, propertiesJSON));
+                if(getScanId() == null)
+                    throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
+            }
         } catch (JSONException e) {
             throw new ScannerException(Messages.getMessage(ERROR_RUNNING_SCAN, e.getLocalizedMessage()));
         }
-
-		if(getScanId() == null)
-			throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
 	}
 
     private JSONObject createJSONForProperties(Map<String, String> params) throws JSONException {

src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java

@@ -122,12 +122,14 @@ protected void analyzeIR() throws IOException, ScannerException {
                     setScanId(params.get(CoreConstants.SCAN_ID));
                     params.put(CoreConstants.FILE_ID, fileId);
                     submitRescan();
+                    if(getExecutionId() == null)
+                        throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
                 } else {
                     params.put(FILE_ID, fileId);
                     submitScan();
+                    if(getScanId() == null)
+                        throw new ScannerException(Messages.getMessage(ERROR_CREATING_SCAN));
                 }
-		if(getScanId() == null)
-			throw new ScannerException(Messages.getMessage(ERROR_SUBMITTING_IRX));
 	}
 
     	protected void submitScan() {

src/main/java/com/hcl/appscan/sdk/utils/ArchiveUtil.java

@@ -123,9 +123,6 @@ public static void zipFileOrFolder(File fileToZip, File zipFile) throws IOExcept
     }
 
     private static void zipFile(File fileToZip, String fileName, ZipOutputStream zipOut) throws IOException {
-        if (fileToZip.getName().startsWith(".")) {
-            return;
-        }
         if (fileToZip.isDirectory()) {
             File[] children = fileToZip.listFiles();
             for (File childFile : children) {

src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java

@@ -223,47 +223,6 @@ private static boolean hasEntitlement(String scanType, IAuthenticationProvider p
 		return false;
 	}
 
-    /**
-     * Checks if the given scanId is valid for scanning.
-     *
-     * @param scanId The scanId to test.
-     * @param applicationId The applicationId to verify.
-     * @param type The scanType to verify.
-     * @param provider The IAuthenticationProvider for authentication.
-     * @return True if the scanId is valid. False is returned if the scanId is not valid, the request fails, or an exception occurs.
-     */
-    public static boolean isScanId(String scanId, String applicationId, String type, IAuthenticationProvider provider) {
-        if (provider.isTokenExpired()) {
-            return true;
-        }
-
-        String request_url = provider.getServer() + API_BASIC_DETAILS;
-        request_url += "?$filter=Id%20eq%20" + scanId + "&%24select=AppId%2C%20Technology";
-        Map<String, String> request_headers = provider.getAuthorizationHeader(true);
-
-        HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts());
-        try {
-            HttpResponse response = client.get(request_url, request_headers, null);
-
-            if (response.isSuccess()) {
-                JSONObject obj = (JSONObject) response.getResponseBodyAsJSON();
-                JSONArray array = (JSONArray) obj.get(ITEMS);
-                if (array.isEmpty()) {
-                    return false;
-                } else {
-                    JSONObject body = (JSONObject) array.getJSONObject(0);
-                    String appId = body.getString(CoreConstants.APP_ID);
-                    String technologyName = body.getString("Technology");
-                    return appId.equals(applicationId) && technologyName.equals(updatedScanType(type));
-                }
-            }
-        } catch (IOException | JSONException e) {
-            // Ignore and return false.
-        }
-
-        return false;
-    }
-
     public static String updatedScanType(String type) {
         switch (type) {
             case "Static Analyzer":
@@ -276,24 +235,36 @@ public static String updatedScanType(String type) {
         return type;
     }
 
-    public static void updateScanData(Map<String, String> params, String scanId, IAuthenticationProvider provider, IProgress progress) {
-        if (provider.isTokenExpired()) {
-            return;
+    public static String scanTypeShortForm(String type) {
+        switch (type) {
+            case "Static Analyzer":
+                return "Sast";
+            case "Dynamic Analyzer":
+                return "Dast";
+            case CoreConstants.SOFTWARE_COMPOSITION_ANALYZER:
+                return "Sca";
         }
+        return type;
+    }
 
-        String request_url = provider.getServer() + String.format(API_SCANNER,scanId);
-        Map<String, String> request_headers = provider.getAuthorizationHeader(true);
-        request_headers.put("accept", "application/json");
-        request_headers.put("Content-Type", "application/json");
-
+    /**
+     * Fetch the build version of the A360 server.
+     *
+     * @param provider The IAuthenticationProvider for authentication.
+     * @return The build server of the server.
+     */
+    public static String getServiceVersion(IAuthenticationProvider provider) {
+        String request_url = provider.getServer() + "/assets/versions.json";
         HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts());
         try {
-            HttpResponse response = client.put(request_url, request_headers, params);
-            if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) {
-                progress.setStatus(new Message(Message.INFO, Messages.getMessage(UPDATE_JOB)));
+            HttpResponse response = client.get(request_url, null, null);
+            if (response.isSuccess()) {
+                JSONObject body = (JSONObject) response.getResponseBodyAsJSON();
+                return body.getString("MainVersion");
             }
         } catch (IOException | JSONException e) {
-            progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage())));
+            return "0"; //$NON-NLS-1$
         }
+        return null;
     }
 }