detectExecuteScan : Changes to include user group and handle build fa…

…ils (SAP#1775) * changes to detectExec before master merge * changes for detectExecuteScan * self generated code added * fix syntax errors and update docu * added unit tests for fail and Group * fix failOn bug * add Groups as string array * add Groups as string array * tests and validation for groups, failOn * Updated docs and added more tests * documentation md files should not be changed * Handle merge conflicts from PR 1845 * fix merge errors Co-authored-by: Oliver Nocon <[email protected]>
rosemarieB · Jul 28, 2020 · 0fc131a · 0fc131a
1 parent 60796cd
commit 0fc131a
Show file tree

Hide file tree

Showing 4 changed files with 116 additions and 19 deletions.
diff --git a/cmd/detectExecuteScan.go b/cmd/detectExecuteScan.go
@@ -52,14 +52,26 @@ func addDetectArgs(args []string, config detectExecuteScanOptions) []string {
 
 	args = append(args, fmt.Sprintf("--blackduck.url=%v", config.ServerURL))
 	args = append(args, fmt.Sprintf("--blackduck.api.token=%v", config.APIToken))
+	// ProjectNames, VersionName, GroupName etc can contain spaces and need to be escaped using double quotes in CLI
+	// Hence the string need to be surrounded by \"
+	args = append(args, fmt.Sprintf("--detect.project.name=\\\"%v\\\"", config.ProjectName))
+	args = append(args, fmt.Sprintf("--detect.project.version.name=\\\"%v\\\"", detectVersionName))
+
+	// Groups parameter is added only when there is atleast one non-empty groupname provided
+	if len(config.Groups) > 0 && len(config.Groups[0]) > 0 {
+		args = append(args, fmt.Sprintf("--detect.project.user.groups=\\\"%v\\\"", strings.Join(config.Groups, "\\\",\\\"")))
+	}
+
+	// Atleast 1, non-empty category to fail on must be provided
+	if len(config.FailOn) > 0 && len(config.FailOn[0]) > 0 {
+		args = append(args, fmt.Sprintf("--detect.policy.check.fail.on.severities=%v", strings.Join(config.FailOn, ",")))
+	}
 
-	args = append(args, fmt.Sprintf("--detect.project.name=%v", config.ProjectName))
-	args = append(args, fmt.Sprintf("--detect.project.version.name=%v", detectVersionName))
 	codeLocation := config.CodeLocation
 	if len(codeLocation) == 0 && len(config.ProjectName) > 0 {
 		codeLocation = fmt.Sprintf("%v/%v", config.ProjectName, detectVersionName)
 	}
-	args = append(args, fmt.Sprintf("--detect.code.location.name=%v", codeLocation))
+	args = append(args, fmt.Sprintf("--detect.code.location.name=\\\"%v\\\"", codeLocation))
 
 	if sliceUtils.ContainsString(config.Scanners, "signature") {
 		args = append(args, fmt.Sprintf("--detect.blackduck.signature.scanner.paths=%v", strings.Join(config.ScanPaths, ",")))

diff --git a/cmd/detectExecuteScan_generated.go b/cmd/detectExecuteScan_generated.go
diff --git a/cmd/detectExecuteScan_test.go b/cmd/detectExecuteScan_test.go
@@ -18,15 +18,15 @@ func TestRunDetect(t *testing.T) {
 
 		assert.Equal(t, ".", s.Dir, "Wrong execution directory used")
 		assert.Equal(t, "/bin/bash", s.Shell[0], "Bash shell expected")
-		expectedScript := "bash <(curl -s https://detect.synopsys.com/detect.sh) --blackduck.url= --blackduck.api.token= --detect.project.name= --detect.project.version.name= --detect.code.location.name="
+		expectedScript := "bash <(curl -s https://detect.synopsys.com/detect.sh) --blackduck.url= --blackduck.api.token= --detect.project.name=\\\"\\\" --detect.project.version.name=\\\"\\\" --detect.code.location.name=\\\"\\\""
 		assert.Equal(t, expectedScript, s.Calls[0])
 	})
 
 	t.Run("failure case", func(t *testing.T) {
 		var hasFailed bool
 		log.Entry().Logger.ExitFunc = func(int) { hasFailed = true }
 
-		s := mock.ShellMockRunner{ShouldFailOnCommand: map[string]error{"bash <(curl -s https://detect.synopsys.com/detect.sh) --blackduck.url= --blackduck.api.token= --detect.project.name= --detect.project.version.name= --detect.code.location.name=": fmt.Errorf("Test Error")}}
+		s := mock.ShellMockRunner{ShouldFailOnCommand: map[string]error{"bash <(curl -s https://detect.synopsys.com/detect.sh) --blackduck.url= --blackduck.api.token= --detect.project.name=\\\"\\\" --detect.project.version.name=\\\"\\\" --detect.code.location.name=\\\"\\\"": fmt.Errorf("Test Error")}}
 		runDetect(detectExecuteScanOptions{}, &s)
 		assert.True(t, hasFailed, "expected command to exit with fatal")
 	})
@@ -57,9 +57,9 @@ func TestAddDetectArgs(t *testing.T) {
 				"--scan2=2",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
-				"--detect.project.name=testName",
-				"--detect.project.version.name=1.0",
-				"--detect.code.location.name=testName/1.0",
+				"--detect.project.name=\\\"testName\\\"",
+				"--detect.project.version.name=\\\"1.0\\\"",
+				"--detect.code.location.name=\\\"testName/1.0\\\"",
 				"--detect.blackduck.signature.scanner.paths=path1,path2",
 			},
 		},
@@ -72,16 +72,46 @@ func TestAddDetectArgs(t *testing.T) {
 				Version:         "1.0",
 				VersioningModel: "major-minor",
 				CodeLocation:    "testLocation",
+				FailOn:          []string{"BLOCKER", "MAJOR"},
 				Scanners:        []string{"source"},
 				ScanPaths:       []string{"path1", "path2"},
+				Groups:          []string{"testGroup"},
 			},
 			expected: []string{
 				"--testProp1=1",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
-				"--detect.project.name=testName",
-				"--detect.project.version.name=1.0",
-				"--detect.code.location.name=testLocation",
+				"--detect.project.name=\\\"testName\\\"",
+				"--detect.project.version.name=\\\"1.0\\\"",
+				"--detect.project.user.groups=\\\"testGroup\\\"",
+				"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
+				"--detect.code.location.name=\\\"testLocation\\\"",
+				"--detect.source.path=path1",
+			},
+		},
+		{
+			args: []string{"--testProp1=1"},
+			options: detectExecuteScanOptions{
+				ServerURL:       "https://server.url",
+				APIToken:        "apiToken",
+				ProjectName:     "testName",
+				CodeLocation:    "testLocation",
+				FailOn:          []string{"BLOCKER", "MAJOR"},
+				Scanners:        []string{"source"},
+				ScanPaths:       []string{"path1", "path2"},
+				Groups:          []string{"testGroup", "testGroup2"},
+				Version:         "1.0",
+				VersioningModel: "major-minor",
+			},
+			expected: []string{
+				"--testProp1=1",
+				"--blackduck.url=https://server.url",
+				"--blackduck.api.token=apiToken",
+				"--detect.project.name=\\\"testName\\\"",
+				"--detect.project.version.name=\\\"1.0\\\"",
+				"--detect.project.user.groups=\\\"testGroup\\\",\\\"testGroup2\\\"",
+				"--detect.policy.check.fail.on.severities=BLOCKER,MAJOR",
+				"--detect.code.location.name=\\\"testLocation\\\"",
 				"--detect.source.path=path1",
 			},
 		},

diff --git a/resources/metadata/detect.yaml b/resources/metadata/detect.yaml
@@ -1,8 +1,10 @@
 metadata:
   name: detectExecuteScan
-  description: Executes Synopsis Detect scan
-  longDescription: |-
-    This step executes [Synopsis Detect](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect) scans.
+  description: Executes Synopsys Detect scan
+  longDescription: |
+    This step executes [Synopsys Detect](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect) scans.
+    Synopsys Detect command line utlity can be used to run various scans including BlackDuck and Polaris scans. This step allows users to run BlackDuck scans by default.
+    Please configure your BlackDuck server Url using the serverUrl parameter and the API token of your user using the apiToken parameter for this step.
 spec:
   inputs:
     resources:
@@ -86,7 +88,6 @@ spec:
         - --blackduck.signature.scanner.memory=4096
         - --blackduck.timeout=6000
         - --blackduck.trust.cert=true
-        - --detect.policy.check.fail.on.severities=BLOCKER,CRITICAL,MAJOR
         - --detect.report.timeout=4800
         - --logging.level.com.synopsys.integration=DEBUG
         scope:
@@ -103,6 +104,38 @@ spec:
         - PARAMETERS
         - STAGES
         - STEPS
+      - name: groups
+        description: Users groups to be assigned for the Project
+        aliases:
+          - name: detect/groups
+        type: '[]string'
+        mandatory: false
+        scope:
+        - PARAMETERS
+        - STAGES
+        - STEPS
+      - name: failOn
+        description: Mark the current build as fail based on the policy categories applied.
+        longDescription: |
+          A list of policies can be provided which will be applied after the scan is completed. These policies if violated will mark the build/scan result as failed.
+          The list of accepted valed can be found at https://blackducksoftware.github.io/synopsys-detect/latest/properties/configuration/project/#fail-on-policy-violation-severities
+        aliases:
+          - name: detect/failOn
+        type: '[]string'
+        mandatory: false
+        default:
+        - BLOCKER
+        possibleValues:
+        - ALL
+        - BLOCKER
+        - CRITICAL
+        - MAJOR
+        - MINOR
+        - NONE
+        scope:
+        - PARAMETERS
+        - STAGES
+        - STEPS
       - name: version
         aliases:
           - name: projectVersion