Skip to content

Commit

Permalink
Added validation for buildTool and buildDescriptorFile (#5193)
Browse files Browse the repository at this point in the history
* Added validation for buildTool and buildDescriptorFile on whitesourceExecuteScan step

* fix pull request's comment

---------

Co-authored-by: Dmitrii Pavlukhin <[email protected]>
  • Loading branch information
akram8008 and dimaste authored Dec 12, 2024
1 parent 055a413 commit e927605
Show file tree
Hide file tree
Showing 2 changed files with 117 additions and 0 deletions.
49 changes: 49 additions & 0 deletions cmd/whitesourceExecuteScan.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,13 +76,62 @@ func (w *whitesourceUtilsBundle) FileOpen(name string, flag int, perm os.FileMod
}

func (w *whitesourceUtilsBundle) GetArtifactCoordinates(buildTool, buildDescriptorFile string, options *versioning.Options) (versioning.Coordinates, error) {
if err := validationBuildDescriptorFile(buildTool, buildDescriptorFile); err != nil {
return versioning.Coordinates{}, err
}
artifact, err := versioning.GetArtifact(buildTool, buildDescriptorFile, options, w)
if err != nil {
return versioning.Coordinates{}, err
}
return artifact.GetCoordinates()
}

func validationBuildDescriptorFile(buildTool, buildDescriptorFile string) error {
if buildDescriptorFile == "" {
return nil
}
switch buildTool {
case "dub":
if filepath.Ext(buildDescriptorFile) != ".json" {
return errors.New("extension of buildDescriptorFile must be in '*.json'")
}
case "gradle":
if filepath.Ext(buildDescriptorFile) != ".properties" {
return errors.New("extension of buildDescriptorFile must be in '*.properties'")
}
case "golang":
if !strings.HasSuffix(buildDescriptorFile, "go.mod") &&
!strings.HasSuffix(buildDescriptorFile, "VERSION") &&
!strings.HasSuffix(buildDescriptorFile, "version.txt") {
return errors.New("buildDescriptorFile must be one of [\"go.mod\",\"VERSION\", \"version.txt\"]")
}
case "maven":
if filepath.Ext(buildDescriptorFile) != ".xml" {
return errors.New("extension of buildDescriptorFile must be in '*.xml'")
}
case "mta":
if filepath.Ext(buildDescriptorFile) != ".yaml" {
return errors.New("extension of buildDescriptorFile must be in '*.yaml'")
}
case "npm", "yarn":
if filepath.Ext(buildDescriptorFile) != ".json" {
return errors.New("extension of buildDescriptorFile must be in '*.json'")
}
case "pip":
if !strings.HasSuffix(buildDescriptorFile, "setup.py") &&
!strings.HasSuffix(buildDescriptorFile, "version.txt") &&
!strings.HasSuffix(buildDescriptorFile, "VERSION") {
return errors.New("buildDescriptorFile must be one of [\"setup.py\",\"version.txt\", \"VERSION\"]")
}
case "sbt":
if !strings.HasSuffix(buildDescriptorFile, "sbtDescriptor.json") &&
!strings.HasSuffix(buildDescriptorFile, "build.sbt") {
return errors.New("extension of buildDescriptorFile must be in '*.json' or '*sbt'")
}
}
return nil
}

func (w *whitesourceUtilsBundle) getNpmExecutor(config *ws.ScanOptions) npm.Executor {
if w.npmExecutor == nil {
w.npmExecutor = npm.NewExecutor(npm.ExecutorOptions{DefaultNpmRegistry: config.DefaultNpmRegistry})
Expand Down
68 changes: 68 additions & 0 deletions cmd/whitesourceExecuteScan_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -871,3 +871,71 @@ func TestPersistScannedProjects(t *testing.T) {
assert.Equal(t, []string{"project - 1"}, cpe.custom.whitesourceProjectNames)
})
}

func TestBuildToolFiles(t *testing.T) {
t.Parallel()
t.Run("buildTool = dub", func(t *testing.T) {
err := validationBuildDescriptorFile("dub", "/home/mta.yaml")
assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.json'")
err = validationBuildDescriptorFile("dub", "/home/dub.json")
assert.NoError(t, err)
})
t.Run("buildTool = gradle", func(t *testing.T) {
err := validationBuildDescriptorFile("gradle", "/home/go.mod")
assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.properties'")
err = validationBuildDescriptorFile("gradle", "/home/gradle.properties")
assert.NoError(t, err)
})
t.Run("buildTool = golang", func(t *testing.T) {
err := validationBuildDescriptorFile("golang", "/home/go.json")
assert.ErrorContains(t, err, "buildDescriptorFile must be one of [\"go.mod\",\"VERSION\", \"version.txt\"]")
err = validationBuildDescriptorFile("golang", "/home/go.mod")
assert.NoError(t, err)
err = validationBuildDescriptorFile("golang", "/home/VERSION")
assert.NoError(t, err)
err = validationBuildDescriptorFile("golang", "/home/version.txt")
assert.NoError(t, err)
})
t.Run("buildTool = maven", func(t *testing.T) {
err := validationBuildDescriptorFile("maven", "/home/go.mod")
assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.xml'")
err = validationBuildDescriptorFile("maven", "/home/pom.xml")
assert.NoError(t, err)
})
t.Run("buildTool = mta", func(t *testing.T) {
err := validationBuildDescriptorFile("mta", "/home/go.mod")
assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.yaml'")
err = validationBuildDescriptorFile("mta", "/home/mta.yaml")
assert.NoError(t, err)
})
t.Run("buildTool = npm", func(t *testing.T) {
err := validationBuildDescriptorFile("npm", "/home/go.mod")
assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.json'")
err = validationBuildDescriptorFile("npm", "/home/package.json")
assert.NoError(t, err)
})
t.Run("buildTool = yarn", func(t *testing.T) {
err := validationBuildDescriptorFile("yarn", "/home/go.mod")
assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.json'")
err = validationBuildDescriptorFile("yarn", "/home/package.json")
assert.NoError(t, err)
})
t.Run("buildTool = pip", func(t *testing.T) {
err := validationBuildDescriptorFile("pip", "/home/go.mod")
assert.ErrorContains(t, err, "buildDescriptorFile must be one of [\"setup.py\",\"version.txt\", \"VERSION\"]")
err = validationBuildDescriptorFile("pip", "/home/setup.py")
assert.NoError(t, err)
err = validationBuildDescriptorFile("pip", "/home/version.txt")
assert.NoError(t, err)
err = validationBuildDescriptorFile("pip", "/home/VERSION")
assert.NoError(t, err)
})
t.Run("buildTool = sbt", func(t *testing.T) {
err := validationBuildDescriptorFile("sbt", "/home/go.mod")
assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.json'")
err = validationBuildDescriptorFile("sbt", "/home/sbtDescriptor.json")
assert.NoError(t, err)
err = validationBuildDescriptorFile("sbt", "/home/build.sbt")
assert.NoError(t, err)
})
}

0 comments on commit e927605

Please sign in to comment.