Merge branch 'main' into dependabot/maven/com.fasterxml.jackson.core-…

…jackson-databind-2.17.2
jenkinsci · Aug 8, 2024 · da7f854 · da7f854
2 parents ec481cf + e594ff4
commit da7f854
Show file tree

Hide file tree

Showing 7 changed files with 65 additions and 25 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -76,7 +76,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up JDK 8
-        uses: actions/setup-java@v4.0.0
+        uses: actions/setup-java@v4.2.1
         with:
           distribution: temurin
           java-version: 11

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -19,7 +19,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up JDK 11
-        uses: actions/setup-java@v4.0.0
+        uses: actions/setup-java@v4.2.1
         with:
           java-version: 11
           distribution: 'temurin'

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526   #v1.6.0
+        uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34   #v2.2.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs

diff --git a/src/main/java/com/checkmarx/jenkins/CheckmarxScanResultsAction.java b/src/main/java/com/checkmarx/jenkins/CheckmarxScanResultsAction.java
@@ -1,14 +1,21 @@
 package com.checkmarx.jenkins;
 
 import com.checkmarx.ast.results.ResultsSummary;
+import com.checkmarx.jenkins.exception.CheckmarxException;
+import com.checkmarx.jenkins.tools.ProxyHttpClient;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import hudson.model.Run;
+import jenkins.model.Jenkins;
 import jenkins.model.RunAction2;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.Response;
+import okhttp3.ResponseBody;
+import org.apache.commons.io.IOUtils;
 
 import java.io.IOException;
-import java.nio.charset.Charset;
-import java.nio.file.Files;
-import java.nio.file.Paths;
+import java.io.InputStream;
+import java.net.URISyntaxException;
 
 public class CheckmarxScanResultsAction implements RunAction2 {
 
@@ -47,11 +54,18 @@ public ResultsSummary getResultsSummary() {
         for (Object artifact : run.getArtifacts()) {
             if (artifact instanceof Run.Artifact && ((Run.Artifact) artifact).getFileName().contains(PluginUtils.CHECKMARX_AST_RESULTS_JSON)) {
                 try {
-                    byte[] encoded = Files.readAllBytes(Paths.get(((Run.Artifact) artifact).getFile().getCanonicalPath()));
-                    String json = new String(encoded, Charset.defaultCharset());
+                    String artifactHref = ((Run.Artifact) artifact).getHref();
+                    String serverUrl = Jenkins.get().getRootUrl();
+                    String fullUrl = serverUrl + run.getUrl() + "artifact/" + artifactHref;
+                    OkHttpClient client = new ProxyHttpClient().getHttpClient(PluginUtils.getProxy(), 10000, 10000);
+                    Request request = new Request.Builder().url(fullUrl).build();
+                    Response response = client.newCall(request).execute();
+                    ResponseBody responseBody = response.body();
+                    InputStream stream = responseBody.byteStream();
+                    String json = IOUtils.toString(stream);
                     ObjectMapper objectMapper = new ObjectMapper();
                     return objectMapper.readValue(json, ResultsSummary.class);
-                } catch (IOException e) {
+                } catch (Exception e) {
                     e.printStackTrace();
                 }
             }

diff --git a/src/main/java/com/checkmarx/jenkins/PluginUtils.java b/src/main/java/com/checkmarx/jenkins/PluginUtils.java
@@ -8,6 +8,7 @@
 import com.checkmarx.jenkins.model.ScanConfig;
 import com.checkmarx.jenkins.tools.CheckmarxInstallation;
 import hudson.EnvVars;
+import hudson.slaves.EnvironmentVariablesNodeProperty;
 import jenkins.model.Jenkins;
 
 import java.io.IOException;
@@ -26,6 +27,7 @@ public class PluginUtils {
     private static final String JENKINS = "Jenkins";
     static final String CX_CLIENT_ID_ENV_KEY = "CX_CLIENT_ID";
     static final String CX_CLIENT_SECRET_ENV_KEY = "CX_CLIENT_SECRET";
+    public static final String HTTP_PROXY = "HTTP_PROXY";
 
     public static CheckmarxInstallation findCheckmarxInstallation(final String checkmarxInstallation) {
         final CheckmarxScanBuilder.CheckmarxScanBuilderDescriptor descriptor = Jenkins.get().getDescriptorByType(CheckmarxScanBuilder.CheckmarxScanBuilderDescriptor.class);
@@ -102,5 +104,15 @@ public static void insertSecretsAsEnvVars(ScanConfig scanConfig, EnvVars envVars
         envVars.put(CX_CLIENT_ID_ENV_KEY,scanConfig.getCheckmarxToken().getClientId());
         envVars.put(CX_CLIENT_SECRET_ENV_KEY, scanConfig.getCheckmarxToken().getToken().getPlainText());
     }
+    public static String getProxy() {
+        EnvVars envVars = getEnvVars();
+        String httpProxyStr = envVars.get(HTTP_PROXY);
+        return httpProxyStr;
+    }
 
+    private static EnvVars getEnvVars() {
+        EnvironmentVariablesNodeProperty environmentVariablesNodeProperty =
+                Jenkins.get().getGlobalNodeProperties().get(EnvironmentVariablesNodeProperty.class);
+        return environmentVariablesNodeProperty != null ? environmentVariablesNodeProperty.getEnvVars() : new EnvVars();
+    }
 }
diff --git a/src/main/java/com/checkmarx/jenkins/tools/CheckmarxInstaller.java b/src/main/java/com/checkmarx/jenkins/tools/CheckmarxInstaller.java
@@ -1,6 +1,7 @@
 package com.checkmarx.jenkins.tools;
 
 import com.checkmarx.jenkins.CxLoggerAdapter;
+import com.checkmarx.jenkins.PluginUtils;
 import com.checkmarx.jenkins.exception.CheckmarxException;
 import com.checkmarx.jenkins.tools.internal.DownloadService;
 import hudson.EnvVars;
@@ -50,7 +51,6 @@ public class CheckmarxInstaller extends ToolInstaller {
 
     private static final String INSTALLED_FROM = ".installedFrom";
     private static final String TIMESTAMP_FILE = ".timestamp";
-    public static final String HTTP_PROXY = "HTTP_PROXY";
     private final String version;
     private final Long updatePolicyIntervalHours;
     private CxLoggerAdapter log;
@@ -111,7 +111,10 @@ private FilePath installCheckmarxCliAsSingleBinary(FilePath expected, Node node,
         Platform platform = nodeChannel.call(new GetPlatform(node.getDisplayName()));
 
         try {
-            String proxyStr = getProxy();
+            String proxyStr = PluginUtils.getProxy();
+            if (StringUtils.isNotEmpty(proxyStr)) {
+                log.getLogger().println("Installer using proxy: " + proxyStr);
+            }
             URL checkmarxDownloadUrl = DownloadService.getDownloadUrlForCli(version, platform);
 
             expected.mkdirs();
@@ -130,20 +133,6 @@ private FilePath installCheckmarxCliAsSingleBinary(FilePath expected, Node node,
         return expected;
     }
 
-    private String getProxy() {
-        EnvVars envVars = getEnvVars();
-        String httpProxyStr = envVars.get(HTTP_PROXY);
-        if (StringUtils.isNotEmpty(httpProxyStr)) {
-            log.info("Installer using proxy: " + httpProxyStr);
-        }
-        return httpProxyStr;
-    }
-
-    private static EnvVars getEnvVars() {
-        EnvironmentVariablesNodeProperty environmentVariablesNodeProperty =
-                Jenkins.get().getGlobalNodeProperties().get(EnvironmentVariablesNodeProperty.class);
-        return environmentVariablesNodeProperty != null ? environmentVariablesNodeProperty.getEnvVars() : new EnvVars();
-    }
 
     public String getVersion() {
         return version;

diff --git a/src/test/java/com/checkmarx/jenkins/CheckmarxScanPipelineTest.java b/src/test/java/com/checkmarx/jenkins/CheckmarxScanPipelineTest.java
@@ -1,5 +1,6 @@
 package com.checkmarx.jenkins;
 
+import com.checkmarx.ast.results.ResultsSummary;
 import hudson.model.Result;
 import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
 import org.jenkinsci.plugins.workflow.job.WorkflowJob;
@@ -8,6 +9,8 @@
 
 import java.util.logging.Logger;
 
+import static org.junit.Assert.assertNotNull;
+
 public class CheckmarxScanPipelineTest extends CheckmarxTestBase {
 
     private static final Logger log = Logger.getLogger(CheckmarxScanBuilderTest.class.getName());
@@ -44,4 +47,26 @@ public void doFailWhenUseOwnServerCredentialButNotConfigured() throws Exception
         jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
         jenkins.assertLogContains("Please setup the server url in the global settings.", workflowRun);
     }
+
+    @Test
+    public void checkResultsSummary() throws Exception {
+        log.info("checkResultsSummary");
+
+        WorkflowJob project = jenkins.createProject(WorkflowJob.class);
+        project.setDefinition(new CpsFlowDefinition("" +
+                "node {" +
+                "  writeFile file: 'source.py', text: 'overwrite me' \n" +
+                "  checkmarxASTScanner additionalOptions: '--scan-types api-security', branchName: 'main', useOwnAdditionalOptions: true, useOwnServerCredentials: true, checkmarxInstallation: '" + CheckmarxTestBase.JT_LATEST + "', credentialsId: '" + CheckmarxTestBase.JENKINS_CREDENTIALS_TOKEN_ID + "', projectName: 'checkResultsSummary', serverUrl: '" + this.astServerUrl + "', tenantName: '" + this.astTenantName +
+                "'}", true));
+
+        WorkflowRun workflowRun = project.scheduleBuild2(0).waitForStart();
+        jenkins.waitForCompletion(workflowRun);
+        jenkins.assertBuildStatus(Result.SUCCESS, workflowRun);
+
+        CheckmarxScanResultsAction action = workflowRun.getAction(CheckmarxScanResultsAction.class);
+        assertNotNull(action);
+
+        ResultsSummary resultsSummary = action.getResultsSummary();
+        assertNotNull(resultsSummary);
+    }
 }