fix(codeqlExecuteScan): url checks for settings file (#4706)

SAP · Dec 4, 2023 · e6a7432 · e6a7432
1 parent 6efb21b
commit e6a7432
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 9 deletions.
diff --git a/cmd/codeqlExecuteScan.go b/cmd/codeqlExecuteScan.go
@@ -29,8 +29,10 @@ type codeqlExecuteScanUtilsBundle struct {
 	*piperutils.Files
 }
 
-const sarifUploadComplete = "complete"
-const sarifUploadFailed = "failed"
+const (
+	sarifUploadComplete = "complete"
+	sarifUploadFailed   = "failed"
+)
 
 func newCodeqlExecuteScanUtils() codeqlExecuteScanUtils {
 	utils := codeqlExecuteScanUtilsBundle{
@@ -280,15 +282,9 @@ func runCodeqlExecuteScan(config *codeqlExecuteScanOptions, telemetryData *telem
 
 	cmd = append(cmd, getRamAndThreadsFromConfig(config)...)
 
-	//codeql has an autobuilder which tries to build the project based on specified programming language
 	if len(config.BuildCommand) > 0 {
 		buildCmd := config.BuildCommand
-		if len(config.ProjectSettingsFile) > 0 && config.BuildTool == "maven" {
-			buildCmd = fmt.Sprintf("%s --settings=%s", buildCmd, config.ProjectSettingsFile)
-		}
-		if len(config.GlobalSettingsFile) > 0 && config.BuildTool == "maven" {
-			buildCmd = fmt.Sprintf("%s --global-settings=%s", buildCmd, config.GlobalSettingsFile)
-		}
+		buildCmd = buildCmd + getMavenSettings(config)
 		cmd = append(cmd, "--command="+buildCmd)
 	}
 
@@ -420,3 +416,24 @@ func getRamAndThreadsFromConfig(config *codeqlExecuteScanOptions) []string {
 	}
 	return params
 }
+
+func getMavenSettings(config *codeqlExecuteScanOptions) string {
+	params := ""
+	if len(config.BuildCommand) > 0 && config.BuildTool == "maven" && !strings.Contains(config.BuildCommand, "--global-settings") && !strings.Contains(config.BuildCommand, "--settings") {
+		if len(config.ProjectSettingsFile) > 0 {
+			if strings.Contains(config.ProjectSettingsFile, "http") {
+				log.Entry().Warn("codeqlExecuteScan's projectSettingsFile param still does not support http(s) urls. Please use a local file path")
+			} else {
+				params = " --settings=" + config.ProjectSettingsFile
+			}
+		}
+		if len(config.GlobalSettingsFile) > 0 {
+			if strings.Contains(config.ProjectSettingsFile, "http") {
+				log.Entry().Warn("codeqlExecuteScan's globalSettingsFile param still does not support http(s) urls. Please use a local file path")
+			} else {
+				params = params + " --global-settings=" + config.GlobalSettingsFile
+			}
+		}
+	}
+	return params
+}
diff --git a/cmd/codeqlExecuteScan_test.go b/cmd/codeqlExecuteScan_test.go
@@ -300,6 +300,57 @@ func TestWaitSarifUploaded(t *testing.T) {
 	})
 }
 
+func TestGetMavenSettings(t *testing.T) {
+	t.Parallel()
+	t.Run("No maven", func(t *testing.T) {
+		config := codeqlExecuteScanOptions{BuildTool: "npm"}
+		params := getMavenSettings(&config)
+		assert.Equal(t, "", params)
+	})
+
+	t.Run("No build command", func(t *testing.T) {
+		config := codeqlExecuteScanOptions{BuildTool: "maven"}
+		params := getMavenSettings(&config)
+		assert.Equal(t, "", params)
+	})
+
+	t.Run("Project Settings file", func(t *testing.T) {
+		config := codeqlExecuteScanOptions{BuildTool: "maven", BuildCommand: "mvn clean install", ProjectSettingsFile: "test.xml"}
+		params := getMavenSettings(&config)
+		assert.Equal(t, " --settings=test.xml", params)
+	})
+
+	t.Run("Skip Project Settings file incase already used", func(t *testing.T) {
+		config := codeqlExecuteScanOptions{BuildTool: "maven", BuildCommand: "mvn clean install --settings=project.xml", ProjectSettingsFile: "test.xml"}
+		params := getMavenSettings(&config)
+		assert.Equal(t, "", params)
+	})
+
+	t.Run("Global Settings file", func(t *testing.T) {
+		config := codeqlExecuteScanOptions{BuildTool: "maven", BuildCommand: "mvn clean install", GlobalSettingsFile: "gloabl.xml"}
+		params := getMavenSettings(&config)
+		assert.Equal(t, " --global-settings=gloabl.xml", params)
+	})
+
+	t.Run("Project and Global Settings file", func(t *testing.T) {
+		config := codeqlExecuteScanOptions{BuildTool: "maven", BuildCommand: "mvn clean install", ProjectSettingsFile: "test.xml", GlobalSettingsFile: "global.xml"}
+		params := getMavenSettings(&config)
+		assert.Equal(t, " --settings=test.xml --global-settings=global.xml", params)
+	})
+
+	t.Run("Skip incase of https url", func(t *testing.T) {
+		config := codeqlExecuteScanOptions{BuildTool: "maven", BuildCommand: "mvn clean install", ProjectSettingsFile: "https://jenkins-sap-test.com/test.xml"}
+		params := getMavenSettings(&config)
+		assert.Equal(t, "", params)
+	})
+
+	t.Run("Skip incase of http url", func(t *testing.T) {
+		config := codeqlExecuteScanOptions{BuildTool: "maven", BuildCommand: "mvn clean install", ProjectSettingsFile: "http://jenkins-sap-test.com/test.xml"}
+		params := getMavenSettings(&config)
+		assert.Equal(t, "", params)
+	})
+}
+
 type CodeqlSarifUploaderMock struct {
 	counter int
 }