From 5277524d8e88f2737ef3397255cec5837fb98c91 Mon Sep 17 00:00:00 2001 From: David Gamba Date: Wed, 21 Feb 2018 16:16:23 -0700 Subject: [PATCH 1/4] rmd-23648 Add method to get latest build id --- .../gradle/VeracodeBuildList.groovy | 4 ++ .../gradle/VeracodeBuildListTest.groovy | 42 +++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 src/test/groovy/com/calgaryscientific/gradle/VeracodeBuildListTest.groovy diff --git a/src/main/groovy/com/calgaryscientific/gradle/VeracodeBuildList.groovy b/src/main/groovy/com/calgaryscientific/gradle/VeracodeBuildList.groovy index 8f50506..c2f1787 100644 --- a/src/main/groovy/com/calgaryscientific/gradle/VeracodeBuildList.groovy +++ b/src/main/groovy/com/calgaryscientific/gradle/VeracodeBuildList.groovy @@ -50,4 +50,8 @@ class VeracodeBuildList { XMLIO.getNodeAttributes(build, 'build_id', 'policy_updated_date', 'version') } } + + static String getLatestBuildID(Node xml) { + XMLIO.getNodeList(xml, 'build').last().attribute('build_id') + } } diff --git a/src/test/groovy/com/calgaryscientific/gradle/VeracodeBuildListTest.groovy b/src/test/groovy/com/calgaryscientific/gradle/VeracodeBuildListTest.groovy new file mode 100644 index 0000000..52906e2 --- /dev/null +++ b/src/test/groovy/com/calgaryscientific/gradle/VeracodeBuildListTest.groovy @@ -0,0 +1,42 @@ +/******************************************************************************* + * MIT License + * + * Copyright (c) 2017-2018 Calgary Scientific Incorporated + * + * Copyright (c) 2013-2014 kctang + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + ******************************************************************************/ + +package com.calgaryscientific.gradle + +class VeracodeBuildListTest extends TestCommonSetup { + File buildlistFile = getResource('buildlist-1.3.xml') + + def 'Test veracodeGetBuildList Task'() { + given: + Node xml = XMLIO.parse(buildlistFile) + + when: + String buildID = VeracodeBuildList.getLatestBuildID(xml) + + then: + assert buildID == '125' + } +} From 2a3663e5468a558956f183f7a668d90bddc885b6 Mon Sep 17 00:00:00 2001 From: David Gamba Date: Wed, 21 Feb 2018 16:26:29 -0700 Subject: [PATCH 2/4] rmd-23648 Add methods to get New flaw information --- .../gradle/VeracodeDetailedReport.groovy | 29 +++++++++++++++++++ .../VeracodeDetailedReportDOTest.groovy | 28 ++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/src/main/groovy/com/calgaryscientific/gradle/VeracodeDetailedReport.groovy b/src/main/groovy/com/calgaryscientific/gradle/VeracodeDetailedReport.groovy index bac0655..b428427 100644 --- a/src/main/groovy/com/calgaryscientific/gradle/VeracodeDetailedReport.groovy +++ b/src/main/groovy/com/calgaryscientific/gradle/VeracodeDetailedReport.groovy @@ -134,6 +134,16 @@ class VeracodeDetailedReport { return filterOpenFlaws(getAllFlawsFromDetailedReportXML(xml)) } + /** + * Extracts the New flaw Nodes from the detailed XML report + * + * @param xml + * @return flaws + */ + static List getNewFlawsFromDetailedReportXML(Node xml) { + return filterNewFlaws(getAllFlawsFromDetailedReportXML(xml)) + } + /** * Extract Open flaws from a list of flaws. * @param flaws @@ -146,6 +156,25 @@ class VeracodeDetailedReport { } } + /** + * Extract New flaws from a list of flaws. + * @param flaws + * @return flaws + */ + static List filterNewFlaws(List flaws) { + flaws.findAll { flaw -> + String status = flaw.attribute('remediation_status') + (status == "New") + } + } + + static void printFlawSummary(List flaws) { + flaws.each { flaw -> + printf "issueid: %s, severity: %s, cweid: %s, categoryname: %s, module: %s, date_first_occurrence: %s", + XMLIO.getNodeAttributes(flaw, 'issueid', 'severity', 'cweid', 'categoryname', 'module', 'date_first_occurrence') + } + } + /** * Extracts the flaws information of the detailed XML report and return a list of rows with it * diff --git a/src/test/groovy/com/calgaryscientific/gradle/VeracodeDetailedReportDOTest.groovy b/src/test/groovy/com/calgaryscientific/gradle/VeracodeDetailedReportDOTest.groovy index 0e7dd25..0db763f 100644 --- a/src/test/groovy/com/calgaryscientific/gradle/VeracodeDetailedReportDOTest.groovy +++ b/src/test/groovy/com/calgaryscientific/gradle/VeracodeDetailedReportDOTest.groovy @@ -113,4 +113,32 @@ class VeracodeDetailedReportDOTest extends TestCommonSetup { assert lines[0] == "issueid, remediation_status, mitigation_status, module, sourcefilepath, sourcefile, line, type" assert lines[1] == "123, New, proposed, lib1.dll, path1, chunk.c, 305, vsprintf" } + + def 'Test getting new flaws'() { + given: + Node xml = XMLIO.parse(detailedReportFile) + + when: + List newFlaws = VeracodeDetailedReport.getNewFlawsFromDetailedReportXML(xml) + + then: + assert newFlaws.size() == 1 + assert newFlaws[0].attribute('issueid') as String == '123' + } + + def 'Test printing flaw summary'() { + given: + Node xml = XMLIO.parse(detailedReportFile) + def os = mockSystemOut() + + when: + VeracodeDetailedReport.printFlawSummary(VeracodeDetailedReport.getNewFlawsFromDetailedReportXML(xml)) + def is = getSystemOut(os) + restoreStdout() + List lines = is.readLines() + + then: + assert lines.size() == 1 + assert lines[0] == "issueid: 123, severity: 5, cweid: 121, categoryname: Stack-based Buffer Overflow, module: lib1.dll, date_first_occurrence: 2017-06-18 16:22:39 UTC" + } } From 6e0d4e75038b51f5417a6063f4b1da60269fa473 Mon Sep 17 00:00:00 2001 From: David Gamba Date: Wed, 21 Feb 2018 22:37:33 -0700 Subject: [PATCH 3/4] rmd-23648 Add New flaw reports to workflow tasks The workflow tasks can optionally fail if there are new flaws. --- .../gradle/VeracodeDetailedReport.groovy | 2 +- .../gradle/VeracodeSetup.groovy | 3 + .../gradle/VeracodeWorkflow.groovy | 63 ++++++++++++++++++- .../gradle/VeracodeWorkflowSandboxTask.groovy | 4 +- .../gradle/VeracodeWorkflowTask.groovy | 4 +- .../gradle/VeracodeWorkflowDOTest.groovy | 42 +++++++++++-- .../gradle/VeracodeWorkflowSandboxTest.groovy | 12 ++++ .../gradle/VeracodeWorkflowTest.groovy | 11 ++++ 8 files changed, 132 insertions(+), 9 deletions(-) diff --git a/src/main/groovy/com/calgaryscientific/gradle/VeracodeDetailedReport.groovy b/src/main/groovy/com/calgaryscientific/gradle/VeracodeDetailedReport.groovy index b428427..622b4f1 100644 --- a/src/main/groovy/com/calgaryscientific/gradle/VeracodeDetailedReport.groovy +++ b/src/main/groovy/com/calgaryscientific/gradle/VeracodeDetailedReport.groovy @@ -170,7 +170,7 @@ class VeracodeDetailedReport { static void printFlawSummary(List flaws) { flaws.each { flaw -> - printf "issueid: %s, severity: %s, cweid: %s, categoryname: %s, module: %s, date_first_occurrence: %s", + printf "issueid: %s, severity: %s, cweid: %s, categoryname: %s, module: %s, date_first_occurrence: %s\n", XMLIO.getNodeAttributes(flaw, 'issueid', 'severity', 'cweid', 'categoryname', 'module', 'date_first_occurrence') } } diff --git a/src/main/groovy/com/calgaryscientific/gradle/VeracodeSetup.groovy b/src/main/groovy/com/calgaryscientific/gradle/VeracodeSetup.groovy index 1e8bcc5..2f31649 100644 --- a/src/main/groovy/com/calgaryscientific/gradle/VeracodeSetup.groovy +++ b/src/main/groovy/com/calgaryscientific/gradle/VeracodeSetup.groovy @@ -67,4 +67,7 @@ class VeracodeSetup { // Error Management Boolean ignoreFailure = false + + // Workflow reports + Boolean failWorkflowTasksOnNewFlaws = false } diff --git a/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflow.groovy b/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflow.groovy index ff6246c..e06cd03 100644 --- a/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflow.groovy +++ b/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflow.groovy @@ -27,6 +27,7 @@ package com.calgaryscientific.gradle import groovy.transform.CompileStatic +import org.gradle.api.GradleException import org.slf4j.Logger import org.slf4j.LoggerFactory @@ -42,7 +43,8 @@ class VeracodeWorkflow { Set moduleWhitelist, Integer maxTries, Integer waitTime, - Boolean delete + Boolean delete, + Boolean failOnNewFlaws ) { // Work on the latest build String build_id = null @@ -50,6 +52,7 @@ class VeracodeWorkflow { Node buildInfo String emptyAppRegex = "Could not find a build for application=\\S+" String buildStatus + Boolean newFlaws = false // This call to writeXmlWithErrorCheck might throw an error since Veracode errors out for empty Apps try { @@ -65,6 +68,18 @@ class VeracodeWorkflow { log.info("buildStatus: " + buildStatus) + // Previous Scan is complete + if (buildStatus == "Results Ready") { + log.info("Retrieving build list to obtain latest build_id") + Node buildList = XMLIO.writeXmlWithErrorCheck(VeracodeBuildList.getFile(outputDir, app_id), veracodeAPI.getBuildList()) + // Get the last build ID + build_id = VeracodeBuildList.getLatestBuildID(buildList) + log.info("Latest build_id: " + build_id) + newFlaws = printReportSummaryAndCheckForNewFlaws(veracodeAPI, outputDir, build_id) + // Reset to work on the latest build + build_id = null + } + // Previous Scan is complete (results are ready) or this is an newly created App that has no existing builds if (buildStatus == "Results Ready" || buildStatus =~ emptyAppRegex) { log.info("createBuild: " + build_version) @@ -94,6 +109,10 @@ class VeracodeWorkflow { buildStatus = VeracodeBuildInfo.getBuildStatus(buildInfo) log.info("buildStatus: " + buildStatus) } + + if (failOnNewFlaws && newFlaws) { + throw new GradleException('New Veracode flaws introduced in latest build results') + } } static void sandboxWorkflow(VeracodeAPI veracodeAPI, @@ -105,7 +124,8 @@ class VeracodeWorkflow { Set moduleWhitelist, Integer maxTries, Integer waitTime, - Boolean delete + Boolean delete, + Boolean failOnNewFlaws ) { // Work on the latest build String build_id = null @@ -113,6 +133,7 @@ class VeracodeWorkflow { Node buildInfo String emptySandboxRegex = "Could not find a build for application=\\S+ and sandbox=\\S+" String buildStatus + Boolean newFlaws = false // This call to writeXmlWithErrorCheck might throw an error since Veracode errors out for empty Sandboxes try { @@ -128,6 +149,18 @@ class VeracodeWorkflow { log.info("buildStatus: " + buildStatus) + // Previous Scan is complete + if (buildStatus == "Results Ready") { + log.info("Retrieving build list to obtain latest build_id") + Node buildList = XMLIO.writeXmlWithErrorCheck(VeracodeBuildList.getSandboxFile(outputDir, app_id, sandbox_id), veracodeAPI.getBuildListSandbox()) + // Get the last build ID + build_id = VeracodeBuildList.getLatestBuildID(buildList) + log.info("Latest build_id: " + build_id) + newFlaws = printReportSummaryAndCheckForNewFlaws(veracodeAPI, outputDir, build_id) + // Reset to work on the latest build + build_id = null + } + // Previous Scan is complete (results are ready) or this is an newly created Sandbox that has no existing builds if (buildStatus == "Results Ready" || buildStatus =~ emptySandboxRegex) { log.info("createBuild: " + build_version) @@ -157,5 +190,31 @@ class VeracodeWorkflow { buildStatus = VeracodeBuildInfo.getBuildStatus(buildInfo) log.info("buildStatus: " + buildStatus) } + + if (failOnNewFlaws && newFlaws) { + throw new GradleException('New Veracode flaws introduced in latest build results') + } + } + + /** + * Prints a report summary for the given build_id and returns true or false depending of if there are new flaws. + * @param veracodeAPI + * @param outputDir + * @param build_id + * @return + */ + private static Boolean printReportSummaryAndCheckForNewFlaws(VeracodeAPI veracodeAPI, + String outputDir, + String build_id) { + log.info("Get DetailedReport for build_id: " + build_id) + File detailedReportFile = VeracodeDetailedReport.getFile(outputDir, build_id) + Node detailedReport = XMLIO.writeXmlWithErrorCheck(detailedReportFile, veracodeAPI.detailedReport(build_id)) + log.info("report file: " + detailedReportFile) + log.info("Overall flaw results:") + VeracodeDetailedReport.printFlawInformationByCWEID(detailedReport) + log.info("New flaw information:") + List newFlaws = VeracodeDetailedReport.getNewFlawsFromDetailedReportXML(detailedReport) + VeracodeDetailedReport.printFlawSummary(newFlaws) + return (newFlaws.size() > 0) } } diff --git a/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflowSandboxTask.groovy b/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflowSandboxTask.groovy index b76a494..9ce072f 100644 --- a/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflowSandboxTask.groovy +++ b/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflowSandboxTask.groovy @@ -59,7 +59,9 @@ class VeracodeWorkflowSandboxTask extends VeracodeTask { getModuleWhitelist(), veracodeSetup.maxUploadAttempts, veracodeSetup.waitTimeBetweenAttempts, - veracodeSetup.deleteUploadedArtifacts) + veracodeSetup.deleteUploadedArtifacts, + veracodeSetup.failWorkflowTasksOnNewFlaws + ) } catch (Exception e) { if (veracodeSetup.ignoreFailure) { println e.getMessage() diff --git a/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflowTask.groovy b/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflowTask.groovy index cf927a4..6a39a00 100644 --- a/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflowTask.groovy +++ b/src/main/groovy/com/calgaryscientific/gradle/VeracodeWorkflowTask.groovy @@ -56,7 +56,9 @@ class VeracodeWorkflowTask extends VeracodeTask { getModuleWhitelist(), veracodeSetup.maxUploadAttempts, veracodeSetup.waitTimeBetweenAttempts, - veracodeSetup.deleteUploadedArtifacts) + veracodeSetup.deleteUploadedArtifacts, + veracodeSetup.failWorkflowTasksOnNewFlaws + ) } catch (Exception e) { if (veracodeSetup.ignoreFailure) { println e.getMessage() diff --git a/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowDOTest.groovy b/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowDOTest.groovy index 1d3415d..cccb8a6 100644 --- a/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowDOTest.groovy +++ b/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowDOTest.groovy @@ -39,8 +39,10 @@ class VeracodeWorkflowDOTest extends TestCommonSetup { // Status after scan completed File buildInfoFileResultsReady = getResource('buildinfo-1.4-complete.xml') + File buildlistFile = getResource('buildlist-1.3.xml') File filelistFile = getResource('filelist-1.1.xml') File preScanResultsFile = getResource('prescanresults-1.4.xml') + File detailedReportFile = getResource('detailedreport-1.5.xml') def 'Test appWorkflow when previous build has results ready'() { given: @@ -52,6 +54,7 @@ class VeracodeWorkflowDOTest extends TestCommonSetup { Set fileSet = project.fileTree(dir: testProjectDir.root, include: '**/*').getFiles() Set moduleWhitelist = ['class1.jar', 'class2.jar', 'class3.jar'] Boolean delete = false + Boolean failOnNewFlaws = false VeracodeAPI veracodeAPIMock = Mock(VeracodeAPI, constructorArgs: [null, null, null]) when: @@ -63,13 +66,25 @@ class VeracodeWorkflowDOTest extends TestCommonSetup { moduleWhitelist, maxUploadAttempts, waitTimeBetweenAttempts, - delete) + delete, + failOnNewFlaws + ) then: 1 * veracodeAPIMock.getBuildInfo(null) >> { return new String(buildInfoFileResultsReady.readBytes()) } + then: + 1 * veracodeAPIMock.getBuildList() >> { + return new String(buildlistFile.readBytes()) + } + + then: + 1 * veracodeAPIMock.detailedReport(_) >> { + return new String(detailedReportFile.readBytes()) + } + then: 1 * veracodeAPIMock.createBuild(build_version) >> { return new String(buildInfoFileIncomplete.readBytes()) @@ -97,6 +112,7 @@ class VeracodeWorkflowDOTest extends TestCommonSetup { Set fileSet = project.fileTree(dir: testProjectDir.root, include: '**/*').getFiles() Set moduleWhitelist = ['class1.jar', 'class2.jar', 'class3.jar'] Boolean delete = false + Boolean failOnNewFlaws = false VeracodeAPI veracodeAPIMock = Mock(VeracodeAPI, constructorArgs: [null, null, null]) when: @@ -108,7 +124,9 @@ class VeracodeWorkflowDOTest extends TestCommonSetup { moduleWhitelist, maxUploadAttempts, waitTimeBetweenAttempts, - delete) + delete, + failOnNewFlaws + ) then: 1 * veracodeAPIMock.getBuildInfo(null) >> { @@ -137,6 +155,7 @@ class VeracodeWorkflowDOTest extends TestCommonSetup { Set fileSet = project.fileTree(dir: testProjectDir.root, include: '**/*').getFiles() Set moduleWhitelist = ['class1.jar', 'class2.jar', 'class3.jar'] Boolean delete = false + Boolean failOnNewFlaws = false VeracodeAPI veracodeAPIMock = Mock(VeracodeAPI, constructorArgs: [null, null, null]) when: @@ -149,13 +168,25 @@ class VeracodeWorkflowDOTest extends TestCommonSetup { moduleWhitelist, maxUploadAttempts, waitTimeBetweenAttempts, - delete) + delete, + failOnNewFlaws + ) then: 1 * veracodeAPIMock.getBuildInfoSandbox(null) >> { return new String(buildInfoFileResultsReady.readBytes()) } + then: + 1 * veracodeAPIMock.getBuildListSandbox() >> { + return new String(buildlistFile.readBytes()) + } + + then: + 1 * veracodeAPIMock.detailedReport(_) >> { + return new String(detailedReportFile.readBytes()) + } + then: 1 * veracodeAPIMock.createBuildSandbox(build_version) >> { return new String(buildInfoFileIncomplete.readBytes()) @@ -184,6 +215,7 @@ class VeracodeWorkflowDOTest extends TestCommonSetup { Set fileSet = project.fileTree(dir: testProjectDir.root, include: '**/*').getFiles() Set moduleWhitelist = ['class1.jar', 'class2.jar', 'class3.jar'] Boolean delete = false + Boolean failOnNewFlaws = false VeracodeAPI veracodeAPIMock = Mock(VeracodeAPI, constructorArgs: [null, null, null]) when: @@ -196,7 +228,9 @@ class VeracodeWorkflowDOTest extends TestCommonSetup { moduleWhitelist, maxUploadAttempts, waitTimeBetweenAttempts, - delete) + delete, + failOnNewFlaws + ) then: 1 * veracodeAPIMock.getBuildInfoSandbox(null) >> { diff --git a/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowSandboxTest.groovy b/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowSandboxTest.groovy index e57678b..f81e4ef 100644 --- a/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowSandboxTest.groovy +++ b/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowSandboxTest.groovy @@ -40,8 +40,10 @@ class VeracodeWorkflowSandboxTest extends TestCommonSetup { // Status after scan completed File buildInfoFileResultsReady = getResource('buildinfo-1.4-complete.xml') + File buildlistFile = getResource('buildlist-1.3.xml') File filelistFile = getResource('filelist-1.1.xml') File preScanResultsFile = getResource('prescanresults-1.4.xml') + File detailedReportFile = getResource('detailedreport-1.5.xml') String errorXMLResponse = ''' Veracode API Error @@ -69,6 +71,16 @@ class VeracodeWorkflowSandboxTest extends TestCommonSetup { return new String(buildInfoFileResultsReady.readBytes()) } + then: + 1 * task.veracodeAPI.getBuildListSandbox() >> { + return new String(buildlistFile.readBytes()) + } + + then: + 1 * task.veracodeAPI.detailedReport(_) >> { + return new String(detailedReportFile.readBytes()) + } + then: 1 * task.veracodeAPI.createBuildSandbox('new-build') >> { return new String(buildInfoFileIncomplete.readBytes()) diff --git a/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowTest.groovy b/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowTest.groovy index 77278aa..9d3aa97 100644 --- a/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowTest.groovy +++ b/src/test/groovy/com/calgaryscientific/gradle/VeracodeWorkflowTest.groovy @@ -40,8 +40,10 @@ class VeracodeWorkflowTest extends TestCommonSetup { // Status after scan completed File buildInfoFileResultsReady = getResource('buildinfo-1.4-complete.xml') + File buildlistFile = getResource('buildlist-1.3.xml') File filelistFile = getResource('filelist-1.1.xml') File preScanResultsFile = getResource('prescanresults-1.4.xml') + File detailedReportFile = getResource('detailedreport-1.5.xml') String errorXMLResponse = ''' Veracode API Error @@ -68,6 +70,15 @@ class VeracodeWorkflowTest extends TestCommonSetup { return new String(buildInfoFileResultsReady.readBytes()) } + then: + 1 * task.veracodeAPI.getBuildList() >> { + return new String(buildlistFile.readBytes()) + } + + then: + 1 * task.veracodeAPI.detailedReport(_) >> { + return new String(detailedReportFile.readBytes()) + } then: 1 * task.veracodeAPI.createBuild('new-build') >> { return new String(buildInfoFileIncomplete.readBytes()) From f5f0fe9981d6d6f0c9819c313ed1a9a7fa99b13b Mon Sep 17 00:00:00 2001 From: David Gamba Date: Wed, 21 Feb 2018 23:21:33 -0700 Subject: [PATCH 4/4] rmd-23648 Update README --- README.adoc | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.adoc b/README.adoc index e534136..35f9aa0 100644 --- a/README.adoc +++ b/README.adoc @@ -117,6 +117,9 @@ Set moduleWhitelist // Error Management Boolean ignoreFailure = false + +// Workflow reports +Boolean failWorkflowTasksOnNewFlaws = false ---- To pass these fields to the Plugin as properties, set the field on `veracodeSetup` to read the desired property, for example: @@ -143,9 +146,11 @@ A single task will do the following: * _Query the status_ of the latest build: ** If the latest build Scan is complete: + . Get latest build’s _Detailed Report_ and print flaw summary. . _Creates a new build_. . _Uploads the given files_ to the Veracode platform. . _Begins a Pre-Scan_ of the uploaded files. + . Optionally fail the build if there were new flaws from the _Detailed Report_ on step 1. ** If the latest build has a completed Pre-scan: *** _Begins the Scan_ of the application selecting the given white list modules. @@ -164,12 +169,15 @@ task veracodeBuildWorkflow(type: com.calgaryscientific.gradle.VeracodeWorkflowTa build_version = "build-name-if-creating-a-new-build" ignoreFailure = true <1> filesToUpload = fileTree(dir: "upload/", include: "*").getFiles() <2> + failWorkflowTasksOnNewFlaws = true <3> } } } ---- <1> Optionally ignore failures to avoid stopping the build process if there is a problem with the Veracode calls. <2> Setup `veracodeSetup` `filesToUpload` again to ensure it is evaluated after the `buildMyApplication` task. +<3> Optionally fail the task if there are new flaws introduced in the latest build. +The failure will be triggered after a new build creation, file upload and pre-scan submission. This task can be triggered by every commit and will only create a new build, upload files, begin pre-scans or begin scans when the Veracode platform is ready for it. @@ -184,6 +192,7 @@ task veracodeBuildWorkflow(type: com.calgaryscientific.gradle.VeracodeWorkflowSa build_version = "build-name-if-creating-a-new-sandbox-build" ignoreFailure = true sandboxFilesToUpload = fileTree(dir: "upload/", include: "*").getFiles() + failWorkflowTasksOnNewFlaws = true } } }