From e92760525484dce1a3e5d63860954abb3256224a Mon Sep 17 00:00:00 2001 From: Akramdzhon Azamov <900658008.akram@gmail.com> Date: Thu, 12 Dec 2024 18:24:03 +0500 Subject: [PATCH] Added validation for buildTool and buildDescriptorFile (#5193) * Added validation for buildTool and buildDescriptorFile on whitesourceExecuteScan step * fix pull request's comment --------- Co-authored-by: Dmitrii Pavlukhin --- cmd/whitesourceExecuteScan.go | 49 +++++++++++++++++++++ cmd/whitesourceExecuteScan_test.go | 68 ++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) diff --git a/cmd/whitesourceExecuteScan.go b/cmd/whitesourceExecuteScan.go index 14772ec8f6..16c9f09d2a 100644 --- a/cmd/whitesourceExecuteScan.go +++ b/cmd/whitesourceExecuteScan.go @@ -76,6 +76,9 @@ func (w *whitesourceUtilsBundle) FileOpen(name string, flag int, perm os.FileMod } func (w *whitesourceUtilsBundle) GetArtifactCoordinates(buildTool, buildDescriptorFile string, options *versioning.Options) (versioning.Coordinates, error) { + if err := validationBuildDescriptorFile(buildTool, buildDescriptorFile); err != nil { + return versioning.Coordinates{}, err + } artifact, err := versioning.GetArtifact(buildTool, buildDescriptorFile, options, w) if err != nil { return versioning.Coordinates{}, err @@ -83,6 +86,52 @@ func (w *whitesourceUtilsBundle) GetArtifactCoordinates(buildTool, buildDescript return artifact.GetCoordinates() } +func validationBuildDescriptorFile(buildTool, buildDescriptorFile string) error { + if buildDescriptorFile == "" { + return nil + } + switch buildTool { + case "dub": + if filepath.Ext(buildDescriptorFile) != ".json" { + return errors.New("extension of buildDescriptorFile must be in '*.json'") + } + case "gradle": + if filepath.Ext(buildDescriptorFile) != ".properties" { + return errors.New("extension of buildDescriptorFile must be in '*.properties'") + } + case "golang": + if !strings.HasSuffix(buildDescriptorFile, "go.mod") && + !strings.HasSuffix(buildDescriptorFile, "VERSION") && + !strings.HasSuffix(buildDescriptorFile, "version.txt") { + return errors.New("buildDescriptorFile must be one of [\"go.mod\",\"VERSION\", \"version.txt\"]") + } + case "maven": + if filepath.Ext(buildDescriptorFile) != ".xml" { + return errors.New("extension of buildDescriptorFile must be in '*.xml'") + } + case "mta": + if filepath.Ext(buildDescriptorFile) != ".yaml" { + return errors.New("extension of buildDescriptorFile must be in '*.yaml'") + } + case "npm", "yarn": + if filepath.Ext(buildDescriptorFile) != ".json" { + return errors.New("extension of buildDescriptorFile must be in '*.json'") + } + case "pip": + if !strings.HasSuffix(buildDescriptorFile, "setup.py") && + !strings.HasSuffix(buildDescriptorFile, "version.txt") && + !strings.HasSuffix(buildDescriptorFile, "VERSION") { + return errors.New("buildDescriptorFile must be one of [\"setup.py\",\"version.txt\", \"VERSION\"]") + } + case "sbt": + if !strings.HasSuffix(buildDescriptorFile, "sbtDescriptor.json") && + !strings.HasSuffix(buildDescriptorFile, "build.sbt") { + return errors.New("extension of buildDescriptorFile must be in '*.json' or '*sbt'") + } + } + return nil +} + func (w *whitesourceUtilsBundle) getNpmExecutor(config *ws.ScanOptions) npm.Executor { if w.npmExecutor == nil { w.npmExecutor = npm.NewExecutor(npm.ExecutorOptions{DefaultNpmRegistry: config.DefaultNpmRegistry}) diff --git a/cmd/whitesourceExecuteScan_test.go b/cmd/whitesourceExecuteScan_test.go index b9c7e22b59..d1383c17ae 100644 --- a/cmd/whitesourceExecuteScan_test.go +++ b/cmd/whitesourceExecuteScan_test.go @@ -871,3 +871,71 @@ func TestPersistScannedProjects(t *testing.T) { assert.Equal(t, []string{"project - 1"}, cpe.custom.whitesourceProjectNames) }) } + +func TestBuildToolFiles(t *testing.T) { + t.Parallel() + t.Run("buildTool = dub", func(t *testing.T) { + err := validationBuildDescriptorFile("dub", "/home/mta.yaml") + assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.json'") + err = validationBuildDescriptorFile("dub", "/home/dub.json") + assert.NoError(t, err) + }) + t.Run("buildTool = gradle", func(t *testing.T) { + err := validationBuildDescriptorFile("gradle", "/home/go.mod") + assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.properties'") + err = validationBuildDescriptorFile("gradle", "/home/gradle.properties") + assert.NoError(t, err) + }) + t.Run("buildTool = golang", func(t *testing.T) { + err := validationBuildDescriptorFile("golang", "/home/go.json") + assert.ErrorContains(t, err, "buildDescriptorFile must be one of [\"go.mod\",\"VERSION\", \"version.txt\"]") + err = validationBuildDescriptorFile("golang", "/home/go.mod") + assert.NoError(t, err) + err = validationBuildDescriptorFile("golang", "/home/VERSION") + assert.NoError(t, err) + err = validationBuildDescriptorFile("golang", "/home/version.txt") + assert.NoError(t, err) + }) + t.Run("buildTool = maven", func(t *testing.T) { + err := validationBuildDescriptorFile("maven", "/home/go.mod") + assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.xml'") + err = validationBuildDescriptorFile("maven", "/home/pom.xml") + assert.NoError(t, err) + }) + t.Run("buildTool = mta", func(t *testing.T) { + err := validationBuildDescriptorFile("mta", "/home/go.mod") + assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.yaml'") + err = validationBuildDescriptorFile("mta", "/home/mta.yaml") + assert.NoError(t, err) + }) + t.Run("buildTool = npm", func(t *testing.T) { + err := validationBuildDescriptorFile("npm", "/home/go.mod") + assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.json'") + err = validationBuildDescriptorFile("npm", "/home/package.json") + assert.NoError(t, err) + }) + t.Run("buildTool = yarn", func(t *testing.T) { + err := validationBuildDescriptorFile("yarn", "/home/go.mod") + assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.json'") + err = validationBuildDescriptorFile("yarn", "/home/package.json") + assert.NoError(t, err) + }) + t.Run("buildTool = pip", func(t *testing.T) { + err := validationBuildDescriptorFile("pip", "/home/go.mod") + assert.ErrorContains(t, err, "buildDescriptorFile must be one of [\"setup.py\",\"version.txt\", \"VERSION\"]") + err = validationBuildDescriptorFile("pip", "/home/setup.py") + assert.NoError(t, err) + err = validationBuildDescriptorFile("pip", "/home/version.txt") + assert.NoError(t, err) + err = validationBuildDescriptorFile("pip", "/home/VERSION") + assert.NoError(t, err) + }) + t.Run("buildTool = sbt", func(t *testing.T) { + err := validationBuildDescriptorFile("sbt", "/home/go.mod") + assert.ErrorContains(t, err, "extension of buildDescriptorFile must be in '*.json'") + err = validationBuildDescriptorFile("sbt", "/home/sbtDescriptor.json") + assert.NoError(t, err) + err = validationBuildDescriptorFile("sbt", "/home/build.sbt") + assert.NoError(t, err) + }) +}