ASA 8392 (#215) (#216)

* ASA 8392 (#215)
* DAST-A360
* Copyright updates

src/main/java/com/hcl/appscan/jenkins/plugin/auth/ASoCCredentials.java

@@ -88,8 +88,8 @@ public FormValidation doCheckPassword(@QueryParameter String password) {
 			return FormValidation.validateRequired(password);
 		}
 
-                public FormValidation doCheckAcceptInvalidCerts(@QueryParameter Boolean acceptInvalidCerts,@QueryParameter String url){
-            		if((url.isEmpty() || url.contains("appscan.com")) && acceptInvalidCerts) {
+                public FormValidation doCheckAcceptInvalidCerts(@QueryParameter Boolean acceptInvalidCerts,@QueryParameter String username){
+            		if((!username.trim().startsWith("local")) && acceptInvalidCerts) {
                 		return FormValidation.error(Messages.error_asoc_certificates_ui());
             		}
             		return FormValidation.ok();

src/main/java/com/hcl/appscan/jenkins/plugin/auth/JenkinsAuthenticationProvider.java

@@ -1,6 +1,6 @@
 /**
  * @ Copyright IBM Corporation 2016.
- * @ Copyright HCL Technologies Ltd. 2017, 2019, 2022, 2023.
+ * @ Copyright HCL Technologies Ltd. 2017, 2024.
  * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
  */
 
@@ -103,8 +103,8 @@ private String getToken() {
 	}
 
 	public boolean isAppScan360(){
-		String url = m_credentials.getUrl();
-        	return  url != null && !url.isEmpty() && !url.contains("appscan.com");
+		String keyId = m_credentials.getUsername();
+		return  keyId.trim().startsWith("local");
 	}
 
 	public void configureCredentials(String id, ItemGroup<?> context) {

src/main/java/com/hcl/appscan/jenkins/plugin/builders/AppScanBuildStep.java

@@ -1,6 +1,6 @@
 /**
  * @ Copyright IBM Corporation 2016.
- * @ Copyright HCL Technologies Ltd. 2017, 2020, 2021, 2022, 2023.
+ * @ Copyright HCL Technologies Ltd. 2017, 2020, 2021, 2022, 2024.
  * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
  */
 
@@ -21,6 +21,7 @@
 import javax.annotation.Nonnull;
 
 import com.hcl.appscan.sdk.scanners.ScanConstants;
+import com.hcl.appscan.sdk.utils.ServiceUtil;
 import org.jenkinsci.Symbol;
 import org.jenkinsci.remoting.RoleChecker;
 import org.kohsuke.stapler.AncestorInPath;
@@ -309,11 +310,12 @@ private void perform(Run<?,?> build, Launcher launcher, TaskListener listener) t
     	final IProgress progress = new ScanProgress(listener);
     	final boolean suspend = m_wait;
         Map<String, String> properties = getScanProperties(build,listener);
-    	final IScan scan = ScanFactory.createScan(properties, progress, m_authProvider);
+        String target = properties.get(CoreConstants.TARGET);
+        final IScan scan = ScanFactory.createScan(properties, progress, m_authProvider);
         boolean isAppScan360 = ((JenkinsAuthenticationProvider) m_authProvider).isAppScan360();
         if(isAppScan360) {
-            if (m_type.equals("Dynamic Analyzer")) {
-                throw new AbortException(Messages.error_dynamic_analyzer_AppScan360());
+            if (m_type.equals("Dynamic Analyzer") && properties.containsKey(Scanner.PRESENCE_ID)) {
+                throw new AbortException(Messages.error_presence_AppScan360());
             } if (m_type.equals(CoreConstants.SOFTWARE_COMPOSITION_ANALYZER)) {
                 throw new AbortException(Messages.error_sca_AppScan360());
             } if (m_intervention) {
@@ -329,6 +331,10 @@ private void perform(Run<?,?> build, Launcher launcher, TaskListener listener) t
             progress.setStatus(new Message(Message.WARNING, Messages.warning_sca()));
         }
 
+        if(m_type.equals("Dynamic Analyzer") && !properties.containsKey(Scanner.PRESENCE_ID) && !ServiceUtil.isValidUrl(target, m_authProvider, m_authProvider.getProxy())) {
+            throw new AbortException(Messages.error_url_validation(target));
+        }
+
 
     	IResultsProvider provider = launcher.getChannel().call(new Callable<IResultsProvider, AbortException>() {
 			private static final long serialVersionUID = 1L;

src/main/java/com/hcl/appscan/jenkins/plugin/scanners/DynamicAnalyzer.java

@@ -1,6 +1,6 @@
 /**
  * @ Copyright IBM Corporation 2016.
- * @ Copyright HCL Technologies Ltd. 2017, 2022, 2023.
+ * @ Copyright HCL Technologies Ltd. 2017, 2022, 2024.
  * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
  */
 
@@ -327,15 +327,20 @@ public FormValidation doCheckScanFile(@QueryParameter String scanFile) {
 
 		public FormValidation doCheckTarget(@QueryParameter String target,@RelativePath("..") @QueryParameter String credentials, @AncestorInPath ItemGroup<?> context, @QueryParameter String presenceId) {
 			JenkinsAuthenticationProvider authProvider = new JenkinsAuthenticationProvider(credentials,context);
-			if(authProvider.isAppScan360()){
-				return FormValidation.error(Messages.error_dynamic_AppScan360());
-			}
-            		if(presenceId.equals(EMPTY) && !target.equals(EMPTY) && !ServiceUtil.isValidUrl(target, authProvider, authProvider.getProxy())) {
+            		if(presenceId != null && presenceId.equals(EMPTY) && !target.equals(EMPTY) && !ServiceUtil.isValidUrl(target, authProvider, authProvider.getProxy())) {
                 		return FormValidation.error(Messages.error_url_validation_ui());
             		}
 			return FormValidation.validateRequired(target);
 		}
 
+		public FormValidation doCheckPresenceId(@RelativePath("..") @QueryParameter String credentials, @AncestorInPath ItemGroup<?> context, @QueryParameter String presenceId) {
+			JenkinsAuthenticationProvider authProvider = new JenkinsAuthenticationProvider(credentials,context);
+			if(authProvider.isAppScan360()){
+				return FormValidation.error(Messages.error_presence_AppScan360());
+			}
+			return FormValidation.ok();
+		}
+
 		public FormValidation doCheckLoginUser(@QueryParameter String loginUser) {
 			return FormValidation.validateRequired(loginUser);
 		}

src/main/resources/com/hcl/appscan/jenkins/plugin/Messages.properties

@@ -22,20 +22,20 @@ error.threshold.invalid=Invalid entry. Enter an integer value.
 error.malformed.url=Malformed URL {0}.
 error.server.unavailable=AppScan plugin encountered an unexpected error while connecting to AppScan on Cloud.
 error.mobile.analyzer=Incorrect user input. The legacy Mobile Analyzer technology is no longer supported, we recommend using our Static Analyzer scanning for Mobile Applications.
-error.dynamic.AppScan360= Dynamic Analysis is available for AppScan on Cloud only.
-error.dynamic.analyzer.AppScan360= HCL AppScan task failed: Dynamic analysis (DAST) is available in AppScan on Cloud only.
+error.presence.AppScan360= Presence is available in AppScan on Cloud only.
 warning.allow.intervention.AppScan360= Incorrect scan settings: Intervention is available in AppScan on Cloud only.
 error.sca.AppScan360= HCL AppScan task failed: Software Composition Analysis (SCA) is available in AppScan on Cloud only. 
-error.sca.ui= Software Composition Analysis is available for AppScan on Cloud only.
-error.allow.intervention.ui = Scan intervention is available for AppScan on Cloud only.
+error.sca.ui= Software Composition Analysis is available in AppScan on Cloud only.
+error.allow.intervention.ui = Scan intervention is available in AppScan on Cloud only.
 error.asoc.certificates.ui = Allowing Untrusted Connections does not apply to AppScan on Cloud.
 warning.asoc.certificates = Allowing Untrusted Connections is not applied to this service connection.
 error.application.empty.ui = Application list is empty. Please check the credentials for service connection. 
 error.url.validation.ui = Unless this is a private network, please verify your domain.
 error.url.validation = An error occurred while validating the Starting URL: {0}.
-error.sca.AppScan360.ui= Software Composition Analysis is available for AppScan on Cloud only.
+error.sca.AppScan360.ui= Software Composition Analysis is available in AppScan on Cloud only.
 warning.sca.ui= To scan open-source files, use the Software Composition Analysis (SCA) scan type.
 warning.sca= Note: AppScan on Cloud (ASoC) now performs SAST and SCA analysis as separate scans. To execute an open-source only scan, use the Software Composition Analysis (SCA) scan type. The open-source only option will be removed from SAST scans in a future release.
+error.url.dynamic.unsupported= Either your A360 instance does not support dynamic scans or the starting URL is invalid: {0}.
 
 
 analysis.running=Running security analysis...

src/main/resources/com/hcl/appscan/jenkins/plugin/builders/AppScanBuildStep/help-scanner_en.properties

@@ -1,5 +1,5 @@
 #NLS_MESSAGEFORMAT_ALL 
 #NLS_ENCODING=UTF8 
 
-description.test.type=The type of test to run. <br/> <br/> <b>\u2022 Dynamic Analysis (DAST):</b> Scan web applications or web APIs. <br/> <b>\u2022 Software Composition Analysis (SCA):</b> Scan for open-source libraries. <br/> <b>\u2022 Static Analysis (SAST):</b> Scan your application source code. <br/>&nbsp &nbsp<b>Note:</b> SCA & DAST are available in AppScan on Cloud only.
+description.test.type=The type of test to run. <br/> <br/> <b>\u2022 Dynamic Analysis (DAST):</b> Scan web applications or web APIs. <br/> <b>\u2022 Software Composition Analysis (SCA):</b> Scan for open-source libraries. <br/> <b>\u2022 Static Analysis (SAST):</b> Scan your application source code. <br/>&nbsp &nbsp<b>Note:</b> SCA is available in AppScan on Cloud only.
 

src/main/resources/com/hcl/appscan/jenkins/plugin/scanners/DynamicAnalyzer/help-presenceId_en.properties

@@ -1,5 +1,5 @@
 #NLS_MESSAGEFORMAT_ALL 
 #NLS_ENCODING=UTF8 
 
-description.presence.id=For sites not available on the internet, provide the ID of the AppScan Presence that can be used for the scan.
+description.presence.id=For sites not available on the internet, provide the ID of the AppScan Presence that can be used for the scan.<br/><b>Note:</b> Presence is applicable for AppScan on Cloud only.