From ff530b6fd2de0654a439dc5d7b3c70e438ef9f6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 22:08:43 +0000 Subject: [PATCH 1/3] Bump actions/setup-java from 4.0.0 to 4.2.1 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.0.0 to 4.2.1. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v4.0.0...v4.2.1) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/cd.yml | 2 +- .github/workflows/ci.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 9479fe7..eb9f78b 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -76,7 +76,7 @@ jobs: with: fetch-depth: 0 - name: Set up JDK 8 - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@v4.2.1 with: distribution: temurin java-version: 11 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8f36cc9..15a711b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v4 - name: Set up JDK 11 - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@v4.2.1 with: java-version: 11 distribution: 'temurin' From 0deb59acdddec6a1cc251f40d21e02eb04f19a76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 22:36:32 +0000 Subject: [PATCH 2/3] Bump dependabot/fetch-metadata from 1.6.0 to 2.2.0 Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.6.0 to 2.2.0. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/c9c4182bf1b97f5224aee3906fd373f6b61b4526...dbb049abf0d677abbd7f7eee0375145b417fdd34) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dependabot-auto-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 379dbcd..d6c4e30 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526 #v1.6.0 + uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 #v2.2.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Enable auto-merge for Dependabot PRs From 1620a71885c71f2c553421681c6115de5d4b480e Mon Sep 17 00:00:00 2001 From: tamarleviCm <110327792+tamarleviCm@users.noreply.github.com> Date: Tue, 6 Aug 2024 14:50:53 +0300 Subject: [PATCH 3/3] AST-62770 Read the scan results summary from the s3 file (#304) * AST-41922 fix the installer to get the envVars from the global Jenkins object to support running from a jenkins slave * trigger checks * decrease jenkins version (revert changes) * catch Exception --- .../jenkins/CheckmarxScanResultsAction.java | 26 ++++++++++++++----- .../com/checkmarx/jenkins/PluginUtils.java | 12 +++++++++ .../jenkins/tools/CheckmarxInstaller.java | 21 ++++----------- .../jenkins/CheckmarxScanPipelineTest.java | 25 ++++++++++++++++++ 4 files changed, 62 insertions(+), 22 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CheckmarxScanResultsAction.java b/src/main/java/com/checkmarx/jenkins/CheckmarxScanResultsAction.java index 632de46..5777c85 100644 --- a/src/main/java/com/checkmarx/jenkins/CheckmarxScanResultsAction.java +++ b/src/main/java/com/checkmarx/jenkins/CheckmarxScanResultsAction.java @@ -1,14 +1,21 @@ package com.checkmarx.jenkins; import com.checkmarx.ast.results.ResultsSummary; +import com.checkmarx.jenkins.exception.CheckmarxException; +import com.checkmarx.jenkins.tools.ProxyHttpClient; import com.fasterxml.jackson.databind.ObjectMapper; import hudson.model.Run; +import jenkins.model.Jenkins; import jenkins.model.RunAction2; +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.Response; +import okhttp3.ResponseBody; +import org.apache.commons.io.IOUtils; import java.io.IOException; -import java.nio.charset.Charset; -import java.nio.file.Files; -import java.nio.file.Paths; +import java.io.InputStream; +import java.net.URISyntaxException; public class CheckmarxScanResultsAction implements RunAction2 { @@ -47,11 +54,18 @@ public ResultsSummary getResultsSummary() { for (Object artifact : run.getArtifacts()) { if (artifact instanceof Run.Artifact && ((Run.Artifact) artifact).getFileName().contains(PluginUtils.CHECKMARX_AST_RESULTS_JSON)) { try { - byte[] encoded = Files.readAllBytes(Paths.get(((Run.Artifact) artifact).getFile().getCanonicalPath())); - String json = new String(encoded, Charset.defaultCharset()); + String artifactHref = ((Run.Artifact) artifact).getHref(); + String serverUrl = Jenkins.get().getRootUrl(); + String fullUrl = serverUrl + run.getUrl() + "artifact/" + artifactHref; + OkHttpClient client = new ProxyHttpClient().getHttpClient(PluginUtils.getProxy(), 10000, 10000); + Request request = new Request.Builder().url(fullUrl).build(); + Response response = client.newCall(request).execute(); + ResponseBody responseBody = response.body(); + InputStream stream = responseBody.byteStream(); + String json = IOUtils.toString(stream); ObjectMapper objectMapper = new ObjectMapper(); return objectMapper.readValue(json, ResultsSummary.class); - } catch (IOException e) { + } catch (Exception e) { e.printStackTrace(); } } diff --git a/src/main/java/com/checkmarx/jenkins/PluginUtils.java b/src/main/java/com/checkmarx/jenkins/PluginUtils.java index 73a04a4..2640ea1 100644 --- a/src/main/java/com/checkmarx/jenkins/PluginUtils.java +++ b/src/main/java/com/checkmarx/jenkins/PluginUtils.java @@ -8,6 +8,7 @@ import com.checkmarx.jenkins.model.ScanConfig; import com.checkmarx.jenkins.tools.CheckmarxInstallation; import hudson.EnvVars; +import hudson.slaves.EnvironmentVariablesNodeProperty; import jenkins.model.Jenkins; import java.io.IOException; @@ -26,6 +27,7 @@ public class PluginUtils { private static final String JENKINS = "Jenkins"; static final String CX_CLIENT_ID_ENV_KEY = "CX_CLIENT_ID"; static final String CX_CLIENT_SECRET_ENV_KEY = "CX_CLIENT_SECRET"; + public static final String HTTP_PROXY = "HTTP_PROXY"; public static CheckmarxInstallation findCheckmarxInstallation(final String checkmarxInstallation) { final CheckmarxScanBuilder.CheckmarxScanBuilderDescriptor descriptor = Jenkins.get().getDescriptorByType(CheckmarxScanBuilder.CheckmarxScanBuilderDescriptor.class); @@ -102,5 +104,15 @@ public static void insertSecretsAsEnvVars(ScanConfig scanConfig, EnvVars envVars envVars.put(CX_CLIENT_ID_ENV_KEY,scanConfig.getCheckmarxToken().getClientId()); envVars.put(CX_CLIENT_SECRET_ENV_KEY, scanConfig.getCheckmarxToken().getToken().getPlainText()); } + public static String getProxy() { + EnvVars envVars = getEnvVars(); + String httpProxyStr = envVars.get(HTTP_PROXY); + return httpProxyStr; + } + private static EnvVars getEnvVars() { + EnvironmentVariablesNodeProperty environmentVariablesNodeProperty = + Jenkins.get().getGlobalNodeProperties().get(EnvironmentVariablesNodeProperty.class); + return environmentVariablesNodeProperty != null ? environmentVariablesNodeProperty.getEnvVars() : new EnvVars(); + } } diff --git a/src/main/java/com/checkmarx/jenkins/tools/CheckmarxInstaller.java b/src/main/java/com/checkmarx/jenkins/tools/CheckmarxInstaller.java index 636d1c8..0901cdb 100644 --- a/src/main/java/com/checkmarx/jenkins/tools/CheckmarxInstaller.java +++ b/src/main/java/com/checkmarx/jenkins/tools/CheckmarxInstaller.java @@ -1,6 +1,7 @@ package com.checkmarx.jenkins.tools; import com.checkmarx.jenkins.CxLoggerAdapter; +import com.checkmarx.jenkins.PluginUtils; import com.checkmarx.jenkins.exception.CheckmarxException; import com.checkmarx.jenkins.tools.internal.DownloadService; import hudson.EnvVars; @@ -50,7 +51,6 @@ public class CheckmarxInstaller extends ToolInstaller { private static final String INSTALLED_FROM = ".installedFrom"; private static final String TIMESTAMP_FILE = ".timestamp"; - public static final String HTTP_PROXY = "HTTP_PROXY"; private final String version; private final Long updatePolicyIntervalHours; private CxLoggerAdapter log; @@ -111,7 +111,10 @@ private FilePath installCheckmarxCliAsSingleBinary(FilePath expected, Node node, Platform platform = nodeChannel.call(new GetPlatform(node.getDisplayName())); try { - String proxyStr = getProxy(); + String proxyStr = PluginUtils.getProxy(); + if (StringUtils.isNotEmpty(proxyStr)) { + log.getLogger().println("Installer using proxy: " + proxyStr); + } URL checkmarxDownloadUrl = DownloadService.getDownloadUrlForCli(version, platform); expected.mkdirs(); @@ -130,20 +133,6 @@ private FilePath installCheckmarxCliAsSingleBinary(FilePath expected, Node node, return expected; } - private String getProxy() { - EnvVars envVars = getEnvVars(); - String httpProxyStr = envVars.get(HTTP_PROXY); - if (StringUtils.isNotEmpty(httpProxyStr)) { - log.info("Installer using proxy: " + httpProxyStr); - } - return httpProxyStr; - } - - private static EnvVars getEnvVars() { - EnvironmentVariablesNodeProperty environmentVariablesNodeProperty = - Jenkins.get().getGlobalNodeProperties().get(EnvironmentVariablesNodeProperty.class); - return environmentVariablesNodeProperty != null ? environmentVariablesNodeProperty.getEnvVars() : new EnvVars(); - } public String getVersion() { return version; diff --git a/src/test/java/com/checkmarx/jenkins/CheckmarxScanPipelineTest.java b/src/test/java/com/checkmarx/jenkins/CheckmarxScanPipelineTest.java index 0577d07..5221313 100644 --- a/src/test/java/com/checkmarx/jenkins/CheckmarxScanPipelineTest.java +++ b/src/test/java/com/checkmarx/jenkins/CheckmarxScanPipelineTest.java @@ -1,5 +1,6 @@ package com.checkmarx.jenkins; +import com.checkmarx.ast.results.ResultsSummary; import hudson.model.Result; import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition; import org.jenkinsci.plugins.workflow.job.WorkflowJob; @@ -8,6 +9,8 @@ import java.util.logging.Logger; +import static org.junit.Assert.assertNotNull; + public class CheckmarxScanPipelineTest extends CheckmarxTestBase { private static final Logger log = Logger.getLogger(CheckmarxScanBuilderTest.class.getName()); @@ -44,4 +47,26 @@ public void doFailWhenUseOwnServerCredentialButNotConfigured() throws Exception jenkins.assertBuildStatus(Result.FAILURE, workflowRun); jenkins.assertLogContains("Please setup the server url in the global settings.", workflowRun); } + + @Test + public void checkResultsSummary() throws Exception { + log.info("checkResultsSummary"); + + WorkflowJob project = jenkins.createProject(WorkflowJob.class); + project.setDefinition(new CpsFlowDefinition("" + + "node {" + + " writeFile file: 'source.py', text: 'overwrite me' \n" + + " checkmarxASTScanner additionalOptions: '--scan-types api-security', branchName: 'main', useOwnAdditionalOptions: true, useOwnServerCredentials: true, checkmarxInstallation: '" + CheckmarxTestBase.JT_LATEST + "', credentialsId: '" + CheckmarxTestBase.JENKINS_CREDENTIALS_TOKEN_ID + "', projectName: 'checkResultsSummary', serverUrl: '" + this.astServerUrl + "', tenantName: '" + this.astTenantName + + "'}", true)); + + WorkflowRun workflowRun = project.scheduleBuild2(0).waitForStart(); + jenkins.waitForCompletion(workflowRun); + jenkins.assertBuildStatus(Result.SUCCESS, workflowRun); + + CheckmarxScanResultsAction action = workflowRun.getAction(CheckmarxScanResultsAction.class); + assertNotNull(action); + + ResultsSummary resultsSummary = action.getResultsSummary(); + assertNotNull(resultsSummary); + } }