Merge pull request #267 from checkmarx-ltd/pr-ScaResolver-projectName…

…-CodeAsConfig

Config as code for project name and Unique folder

src/main/java/com/checkmarx/sdk/config/ScaConfig.java

@@ -45,6 +45,9 @@ public class ScaConfig {
     @Optional
     private Integer scanTimeout;
 
+    @Optional
+    private String expPathSastProjectName;
+
     /**
      * This setter allows to avoid ConfigProvider error: Map<Severity,Integer> is not supported.
      */

src/main/java/com/checkmarx/sdk/dto/sca/Sca.java

@@ -38,5 +38,7 @@ public class Sca implements Serializable {
     protected boolean includeSources;
     @JsonProperty
     protected String team;
+    @JsonProperty
+    protected  String expPathSastProjectName;
 
 }

src/main/java/com/checkmarx/sdk/dto/sca/ScaConfig.java

@@ -30,4 +30,5 @@ public class ScaConfig extends ScanConfigBase implements Serializable {
     private String fingerprintFilePath;
     private String team;
     private Integer scanTimeout;
+    private String expPathSastProjectName;
 }

src/main/java/com/checkmarx/sdk/service/scanner/ScaScanner.java

@@ -143,6 +143,7 @@ private ScaConfig getScaSpecificConfig(ScanParams scanParams) {
             scaConfig.setManifestsIncludePattern(scaProperties.getManifestsIncludePattern());
             scaConfig.setTeam(sdkScaConfig.getTeam());
             scaConfig.setScanTimeout(sdkScaConfig.getScanTimeout());
+            scaConfig.setExpPathSastProjectName(sdkScaConfig.getExpPathSastProjectName());
             String zipPath = scanParams.getZipPath();
             if (StringUtils.isNotEmpty(zipPath)) {
                 scaConfig.setZipFilePath(zipPath);

src/main/java/com/checkmarx/sdk/utils/scaResolver/ScaResolverUtils.java

@@ -1,4 +1,5 @@
 package com.checkmarx.sdk.utils.scaResolver;
+import com.checkmarx.sdk.dto.sca.ScaConfig;
 import com.checkmarx.sdk.exception.CxHTTPClientException;
 import org.apache.commons.lang3.SystemUtils;
 import org.slf4j.Logger;
@@ -16,7 +17,7 @@ public class ScaResolverUtils {
     public static final String SCA_RESOLVER_FOR_LINUX = "/" + "ScaResolver";
     public static final String OFFLINE = "offline";
 
-    public static int runScaResolver(String pathToScaResolver,String mandatoryParameters ,String scaResolverAddParams, String pathToResultJSONFile, Logger log)
+    public static int runScaResolver(String pathToScaResolver, String mandatoryParameters , String scaResolverAddParams, String pathToResultJSONFile, Logger log, ScaConfig scaConfig)
             throws CxHTTPClientException {
         int exitCode = -100;
         String[] scaResolverCommand;
@@ -29,7 +30,11 @@ public static int runScaResolver(String pathToScaResolver,String mandatoryParame
         Matcher m1 = Pattern.compile("([^\"]\\S*|\".+?\")\\s*").matcher(scaResolverAddParams);
         while (m1.find())
                 arguments.add(m1.group(1));
-//
+
+        /*
+            As every time mandatoryParameters are getting added to start of the list looping from end till element.
+            Checks if mandatoryParameters are added in Additional parameter, if exists remove extra.
+         */
         for(int i=arguments.size()-1;i>=6;i=i-2)
         {
             if(arguments.get(i-1).equals("-s") ||arguments.get(i-1).equals("-r") || arguments.get(i-1).equals("-n") )
@@ -39,6 +44,25 @@ public static int runScaResolver(String pathToScaResolver,String mandatoryParame
                 arguments.remove(i-1);
             }
         }
+
+        //Code as Config Overriding
+        if(scaConfig.getExpPathSastProjectName()!=null)
+        {
+            for(int i=0;i<arguments.size();i++)
+            {
+                if(arguments.get(i).equals("--cxprojectname"))
+                {
+                    log.debug("Overriding SAST project name");
+                    if(arguments.size()-1==i)
+                    {
+                        arguments.add(scaConfig.getExpPathSastProjectName());
+                    }
+                    else {
+                        arguments.set(i+1,scaConfig.getExpPathSastProjectName());
+                    }
+                }
+            }
+        }
 		/*
 		 Convert path and parameters into a single CMD command
 		 */

src/main/java/com/checkmarx/sdk/utils/scanner/client/ScaClientHelper.java

@@ -58,6 +58,7 @@
 import java.net.URL;
 import java.net.URLEncoder;
 import java.nio.file.Files;
+import java.sql.Timestamp;
 import java.text.SimpleDateFormat;
 import java.util.*;
 import java.util.regex.Matcher;
@@ -313,30 +314,30 @@ private HttpResponse submitScaResolverEvidenceFile(ScaConfig scaConfig) throws I
         String sourceDir = file.getAbsolutePath();
         String projectName = config.getProjectName();
         String resultPath = cxRepoFileHelper.getGitClonePath();
-        String sastresultpath ="";
+        String additionalParameters = manageParameters(scaProperties.getScaResolverAddParameters());
+        String sastResultPath ="";
         ArrayList<File> resultToZip = new ArrayList<>();
 
         //file creation
-        while (resultPath.contains("\""))
-            resultPath = resultPath.replace("\"", "");
-        resultPath=resultPath + File.separator + SCA_RESOLVER_RESULT_FILE_NAME;
+        resultPath=resultPath+File.separator+ uniqueFolderName() + File.separator + SCA_RESOLVER_RESULT_FILE_NAME;
 
         String mandatoryFields = "-s "+sourceDir +" "+"-n "+projectName+" "+"-r "+resultPath;
         log.debug("mandatory {}",mandatoryFields);
         log.info("Executing SCA Resolver flow.");
         log.info("Path to Sca Resolver: {}", scaProperties.getPathToScaResolver());
         //log.info("Sca Resolver Additional Parameters: {}", scaProperties.getScaResolverAddParameters());
         File zipFile =null;
-        int exitCode = ScaResolverUtils.runScaResolver(scaProperties.getPathToScaResolver(),mandatoryFields,scaProperties.getScaResolverAddParameters(),resultPath,log);
+        int exitCode = ScaResolverUtils.runScaResolver(scaProperties.getPathToScaResolver(),mandatoryFields,additionalParameters,resultPath,log,scaConfig);
         if (exitCode == 0) {
             log.info("***************SCA resolution completed successfully.******************");
             File resultFilePath = new File(resultPath);
             resultToZip.add(resultFilePath);
-            //check for exploitable path
+
+            //check if sast-result-path is present, if exists add to zip.
             if(scaProperties.getScaResolverAddParameters().contains("--sast-result-path"))
             {
-                sastresultpath = getSastResultFilePathFromAdditionalParams(scaProperties.getScaResolverAddParameters());
-                File sastResultFile = new File(sastresultpath);
+                sastResultPath = getSastResultFilePathFromAdditionalParams(additionalParameters);
+                File sastResultFile = new File(sastResultPath);
                 resultToZip.add(sastResultFile);
             }
 
@@ -348,6 +349,38 @@ private HttpResponse submitScaResolverEvidenceFile(ScaConfig scaConfig) throws I
         return initiateScanForUpload(projectId, FileUtils.readFileToByteArray(zipFile), config.getScaConfig());
     }
 
+    private String manageParameters(String additionalParameters)
+    {
+        String newAdditionalParameters="";
+        if(additionalParameters.contains("--sast-result-path"))
+        {
+            String sastResultPath =getSastResultFilePathFromAdditionalParams(additionalParameters);
+            File sastResultFile = new File(sastResultPath);
+            if(sastResultFile.isDirectory())
+            {
+                sastResultPath = sastResultPath + File.separator + uniqueFolderName()+ File.separator + SAST_RESOLVER_RESULT_FILE_NAME;
+            }
+            else {
+                String parentName = sastResultFile.getParent();
+                sastResultPath = parentName + File.separator + uniqueFolderName()+ File.separator + SAST_RESOLVER_RESULT_FILE_NAME;
+            }
+            newAdditionalParameters = setSastResultFilePathFromAdditionalParams(additionalParameters,sastResultPath);
+        }
+        return newAdditionalParameters;
+    }
+
+    private String uniqueFolderName()
+    {
+        Date date = new Date();
+        Timestamp ts=new Timestamp(date.getTime());
+        SimpleDateFormat formatter = new SimpleDateFormat("yyyyMMddHHmmss");
+        String prefixFolderNameSCA=formatter.format(ts)+gen();
+        return prefixFolderNameSCA;
+    }
+    private int gen() {
+        Random r = new Random( System.currentTimeMillis() );
+        return 10000 + r.nextInt(20000);
+    }
     private  String getSastResultFilePathFromAdditionalParams(String scaResolverAddParams)
     {
         String pathToEvidenceDir ="";
@@ -363,6 +396,37 @@ private  String getSastResultFilePathFromAdditionalParams(String scaResolverAddP
         return pathToEvidenceDir ;
     }
 
+    private  String setSastResultFilePathFromAdditionalParams(String scaResolverAddParams,String valueToSet)
+    {
+        StringBuilder newAdditionalParams = new StringBuilder();
+        List<String> arguments = new ArrayList<String>();
+        Matcher m = Pattern.compile("([^\"]\\S*|\".+?\")\\s*").matcher(scaResolverAddParams);
+        while (m.find())
+            arguments.add(m.group(1));
+
+        for (int i = 0; i <  arguments.size() ; i++) {
+            if (arguments.get(i).equals("--sast-result-path") )
+            {
+                if(arguments.size()-1==i)
+                {
+                    arguments.add(valueToSet);
+                }
+                else {
+                    arguments.set(i+1,valueToSet);
+                }
+
+            }
+            if(arguments.size()-1==i)
+            {
+                newAdditionalParams.append(arguments.get(i));
+            }
+            else {
+                newAdditionalParams.append(arguments.get(i)).append(" ");
+            }
+
+        }
+        return newAdditionalParams.toString() ;
+    }
     private File zipEvidenceFile(ArrayList<File> filePath) throws IOException {
         File tempUploadFile = File.createTempFile(TEMP_FILE_NAME_TO_SCA_RESOLVER_RESULTS_ZIP, ".zip");
         log.info("Collecting files to zip archive: {}", tempUploadFile.getAbsolutePath());