Search in sources :

Example 1 with JobStorage

use of com.mercedesbenz.sechub.storage.core.JobStorage in project sechub by mercedes-benz.

the class PDSCodeScanProductExecutor method executeWithAdapter.

@Override
protected List<ProductResult> executeWithAdapter(SecHubExecutionContext context, ProductExecutorContext executorContext, PDSInstallSetup setup, TargetRegistryInfo info) throws Exception {
    LOG.debug("Trigger PDS adapter execution");
    PDSExecutorConfigSuppport configSupport = PDSExecutorConfigSuppport.createSupportAndAssertConfigValid(executorContext.getExecutorConfig(), systemEnvironment);
    if (configSupport.isTargetTypeForbidden(info.getTargetType())) {
        LOG.info("pds adapter does not accept target type:{} so cancel execution");
        return Collections.emptyList();
    }
    UUID jobUUID = context.getSechubJobUUID();
    String projectId = context.getConfiguration().getProjectId();
    JobStorage storage = storageService.getJobStorage(projectId, jobUUID);
    ProductResult result = resilientActionExecutor.executeResilient(() -> {
        AdapterMetaData metaDataOrNull = executorContext.getCurrentMetaDataOrNull();
        /* we reuse existing file upload checksum done by sechub */
        String sourceZipFileChecksum = fetchFileUploadChecksumIfNecessary(storage, metaDataOrNull);
        try (InputStream sourceCodeZipFileInputStream = fetchInputStreamIfNecessary(storage, metaDataOrNull)) {
            /* @formatter:off */
            Map<String, String> jobParams = configSupport.createJobParametersToSendToPDS(context.getConfiguration());
            PDSCodeScanConfig pdsCodeScanConfig = PDSCodeScanConfigImpl.builder().setPDSProductIdentifier(configSupport.getPDSProductIdentifier()).setTrustAllCertificates(configSupport.isTrustAllCertificatesEnabled()).setProductBaseUrl(configSupport.getProductBaseURL()).setSecHubJobUUID(context.getSechubJobUUID()).setSecHubConfigModel(context.getConfiguration()).configure(createAdapterOptionsStrategy(context)).setTimeToWaitForNextCheckOperationInMilliseconds(configSupport.getTimeToWaitForNextCheckOperationInMilliseconds(setup)).setTimeOutInMinutes(configSupport.getTimeoutInMinutes(setup)).setFileSystemSourceFolders(info.getCodeUploadFileSystemFolders()).setSourceCodeZipFileInputStream(sourceCodeZipFileInputStream).setSourceZipFileChecksum(sourceZipFileChecksum).setUser(configSupport.getUser()).setPasswordOrAPIToken(configSupport.getPasswordOrAPIToken()).setProjectId(projectId).setTraceID(context.getTraceLogIdAsString()).setJobParameters(jobParams).build();
            /* @formatter:on */
            /* inspect */
            MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.PDS_CODESCAN.name());
            inspection.notice(MetaDataInspection.TRACE_ID, pdsCodeScanConfig.getTraceID());
            /* execute PDS by adapter and update product result */
            String pdsResult = pdsAdapter.start(pdsCodeScanConfig, executorContext.getCallback());
            // product result is set by callback
            ProductResult productResult = executorContext.getCurrentProductResult();
            productResult.setResult(pdsResult);
            return productResult;
        }
    });
    return Collections.singletonList(result);
}
Also used : MetaDataInspection(com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection) ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) InputStream(java.io.InputStream) PDSCodeScanConfig(com.mercedesbenz.sechub.adapter.pds.PDSCodeScanConfig) UUID(java.util.UUID) JobStorage(com.mercedesbenz.sechub.storage.core.JobStorage) AdapterMetaData(com.mercedesbenz.sechub.adapter.AdapterMetaData)

Example 2 with JobStorage

use of com.mercedesbenz.sechub.storage.core.JobStorage in project sechub by mercedes-benz.

the class CheckmarxProductExecutor method executeWithAdapter.

@Override
protected List<ProductResult> executeWithAdapter(SecHubExecutionContext context, ProductExecutorContext executorContext, CheckmarxInstallSetup setup, TargetRegistryInfo data) throws Exception {
    LOG.debug("Trigger checkmarx adapter execution");
    UUID jobUUID = context.getSechubJobUUID();
    String projectId = context.getConfiguration().getProjectId();
    JobStorage storage = storageService.getJobStorage(projectId, jobUUID);
    CheckmarxExecutorConfigSuppport configSupport = CheckmarxExecutorConfigSuppport.createSupportAndAssertConfigValid(executorContext.getExecutorConfig(), systemEnvironment);
    CheckmarxResilienceCallback callback = new CheckmarxResilienceCallback(configSupport, executorContext);
    /* start resilient */
    ProductResult result = resilientActionExecutor.executeResilient(() -> {
        AdapterMetaData metaDataOrNull = executorContext.getCurrentMetaDataOrNull();
        try (InputStream sourceCodeZipFileInputStream = fetchInputStreamIfNecessary(storage, metaDataOrNull)) {
            /* @formatter:off */
            CheckmarxAdapterConfig checkMarxConfig = CheckmarxConfig.builder().configure(createAdapterOptionsStrategy(context)).setTrustAllCertificates(setup.isHavingUntrustedCertificate()).setUser(configSupport.getUser()).setPasswordOrAPIToken(configSupport.getPasswordOrAPIToken()).setProductBaseUrl(configSupport.getProductBaseURL()).setAlwaysFullScan(callback.isAlwaysFullScanEnabled()).setTimeToWaitForNextCheckOperationInMinutes(scanResultCheckPeriodInMinutes).setTimeOutInMinutes(scanResultCheckTimeOutInMinutes).setFileSystemSourceFolders(data.getCodeUploadFileSystemFolders()).setSourceCodeZipFileInputStream(sourceCodeZipFileInputStream).setTeamIdForNewProjects(configSupport.getTeamIdForNewProjects(projectId)).setClientSecret(configSupport.getClientSecret()).setEngineConfigurationName(configSupport.getEngineConfigurationName()).setPresetIdForNewProjects(configSupport.getPresetIdForNewProjects(projectId)).setProjectId(projectId).setTraceID(context.getTraceLogIdAsString()).build();
            /* @formatter:on */
            /* inspect */
            MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.CHECKMARX.name());
            inspection.notice(MetaDataInspection.TRACE_ID, checkMarxConfig.getTraceID());
            inspection.notice("presetid", checkMarxConfig.getPresetIdForNewProjectsOrNull());
            inspection.notice("engineconfigurationname", checkMarxConfig.getEngineConfigurationName());
            inspection.notice("teamid", checkMarxConfig.getTeamIdForNewProjects());
            inspection.notice("alwaysFullScanEnabled", checkMarxConfig.isAlwaysFullScanEnabled());
            /* execute checkmarx by adapter and update product result */
            String xml = checkmarxAdapter.start(checkMarxConfig, executorContext.getCallback());
            // product result is set by callback
            ProductResult productResult = executorContext.getCurrentProductResult();
            productResult.setResult(xml);
            return productResult;
        }
    }, callback);
    return Collections.singletonList(result);
}
Also used : MetaDataInspection(com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection) ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) InputStream(java.io.InputStream) CheckmarxAdapterConfig(com.mercedesbenz.sechub.adapter.checkmarx.CheckmarxAdapterConfig) UUID(java.util.UUID) JobStorage(com.mercedesbenz.sechub.storage.core.JobStorage) AdapterMetaData(com.mercedesbenz.sechub.adapter.AdapterMetaData)

Example 3 with JobStorage

use of com.mercedesbenz.sechub.storage.core.JobStorage in project sechub by mercedes-benz.

the class S3RealLiveStorageTestMain method main.

public static void main(String[] args) throws IOException {
    /* setup */
    SharedVolumeSetup setup = createFakeSharedVolumeNotValid();
    S3Setup s3Setup = createS3SetupByEnvironmentVariables();
    MultiStorageService service = new MultiStorageService(setup, s3Setup);
    UUID jobUUID = UUID.randomUUID();
    JobStorage jobStorage = service.getJobStorage("test-only", jobUUID);
    /* check preconditions */
    boolean existsBefore = jobStorage.isExisting(S3_OBJECT_NAME);
    String testDataAsString = "This is some test data as a simple string\nJust another line...";
    /* store */
    jobStorage.store(S3_OBJECT_NAME, new StringInputStream(testDataAsString));
    boolean existsAfterStore = jobStorage.isExisting(S3_OBJECT_NAME);
    /* fetch */
    InputStream inputStream = jobStorage.fetch(S3_OBJECT_NAME);
    InputStreamReader reader = new InputStreamReader(inputStream);
    BufferedReader br = new BufferedReader(reader);
    String result = br.readLine();
    br.close();
    /* delete all */
    jobStorage.deleteAll();
    /* check delete done */
    boolean existsAfterDelete = jobStorage.isExisting(S3_OBJECT_NAME);
    System.out.println("exists before storage:" + existsBefore);
    System.out.println("exists after storage:" + existsAfterStore);
    System.out.println("fetched string from object store:" + result);
    System.out.println("exists after delete:" + existsAfterDelete);
    if (existsBefore) {
        System.err.println("existed before!");
        System.exit(1);
    }
    if (!existsAfterStore) {
        System.err.println("was not stored!");
        System.exit(1);
    }
    if (!testDataAsString.equals(result)) {
        System.err.println("result was not as expected:" + result);
        System.exit(1);
    }
    if (existsAfterDelete) {
        System.err.println("data was not as expected:" + result);
        System.exit(1);
    }
}
Also used : S3Setup(com.mercedesbenz.sechub.storage.core.S3Setup) MultiStorageService(com.mercedesbenz.sechub.sharedkernel.storage.MultiStorageService) StringInputStream(com.amazonaws.util.StringInputStream) InputStreamReader(java.io.InputStreamReader) SharedVolumeSetup(com.mercedesbenz.sechub.storage.core.SharedVolumeSetup) StringInputStream(com.amazonaws.util.StringInputStream) InputStream(java.io.InputStream) BufferedReader(java.io.BufferedReader) UUID(java.util.UUID) JobStorage(com.mercedesbenz.sechub.storage.core.JobStorage)

Example 4 with JobStorage

use of com.mercedesbenz.sechub.storage.core.JobStorage in project sechub by mercedes-benz.

the class CheckmarxProductExecutorMockTest method before.

@Before
public void before() throws Exception {
    JobStorage storage = Mockito.mock(JobStorage.class);
    when(storage.fetch(any())).thenReturn(new StringInputStream("something as a code..."));
    when(storageService.getJobStorage(any(), any())).thenReturn(storage);
}
Also used : StringInputStream(com.amazonaws.util.StringInputStream) JobStorage(com.mercedesbenz.sechub.storage.core.JobStorage) Before(org.junit.Before)

Example 5 with JobStorage

use of com.mercedesbenz.sechub.storage.core.JobStorage in project sechub by mercedes-benz.

the class CheckmarxProductExecutor method executeByAdapter.

@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
    LOG.debug("Trigger checkmarx adapter execution");
    UUID jobUUID = data.getSechubExecutionContext().getSechubJobUUID();
    String projectId = data.getSechubExecutionContext().getConfiguration().getProjectId();
    JobStorage storage = storageService.getJobStorage(projectId, jobUUID);
    CheckmarxExecutorConfigSuppport configSupport = CheckmarxExecutorConfigSuppport.createSupportAndAssertConfigValid(data.getProductExecutorContext().getExecutorConfig(), systemEnvironment);
    CheckmarxResilienceCallback callback = new CheckmarxResilienceCallback(configSupport, data.getProductExecutorContext());
    /* start resilient */
    ProductResult result = resilientActionExecutor.executeResilient(() -> {
        AdapterMetaData metaDataOrNull = data.getProductExecutorContext().getCurrentMetaDataOrNull();
        try (InputStream sourceCodeZipFileInputStream = fetchInputStreamIfNecessary(storage, metaDataOrNull)) {
            /* @formatter:off */
            @SuppressWarnings("deprecation") CheckmarxAdapterConfig checkMarxConfig = CheckmarxConfig.builder().configure(new SecHubAdapterOptionsBuilderStrategy(data, getScanType())).setTrustAllCertificates(installSetup.isHavingUntrustedCertificate()).setUser(configSupport.getUser()).setPasswordOrAPIToken(configSupport.getPasswordOrAPIToken()).setProductBaseUrl(configSupport.getProductBaseURL()).setAlwaysFullScan(callback.isAlwaysFullScanEnabled()).setTimeToWaitForNextCheckOperationInMinutes(scanResultCheckPeriodInMinutes).setTimeOutInMinutes(scanResultCheckTimeOutInMinutes).setFileSystemSourceFolders(// to support mocked Checkmarx adapters we MUST use still the deprecated method!
            data.getCodeUploadFileSystemFolders()).setSourceCodeZipFileInputStream(sourceCodeZipFileInputStream).setTeamIdForNewProjects(configSupport.getTeamIdForNewProjects(projectId)).setClientSecret(configSupport.getClientSecret()).setEngineConfigurationName(configSupport.getEngineConfigurationName()).setPresetIdForNewProjects(configSupport.getPresetIdForNewProjects(projectId)).setProjectId(projectId).setTraceID(data.getSechubExecutionContext().getTraceLogIdAsString()).build();
            /* @formatter:on */
            /* inspect */
            MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.CHECKMARX.name());
            inspection.notice(MetaDataInspection.TRACE_ID, checkMarxConfig.getTraceID());
            inspection.notice("presetid", checkMarxConfig.getPresetIdForNewProjectsOrNull());
            inspection.notice("engineconfigurationname", checkMarxConfig.getEngineConfigurationName());
            inspection.notice("teamid", checkMarxConfig.getTeamIdForNewProjects());
            inspection.notice("alwaysFullScanEnabled", checkMarxConfig.isAlwaysFullScanEnabled());
            /* execute checkmarx by adapter and update product result */
            String xml = checkmarxAdapter.start(checkMarxConfig, data.getProductExecutorContext().getCallback());
            // product result is set by callback
            ProductResult productResult = data.getProductExecutorContext().getCurrentProductResult();
            productResult.setResult(xml);
            return productResult;
        }
    }, callback);
    return Collections.singletonList(result);
}
Also used : MetaDataInspection(com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection) SecHubAdapterOptionsBuilderStrategy(com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy) ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) InputStream(java.io.InputStream) CheckmarxAdapterConfig(com.mercedesbenz.sechub.adapter.checkmarx.CheckmarxAdapterConfig) UUID(java.util.UUID) JobStorage(com.mercedesbenz.sechub.storage.core.JobStorage) AdapterMetaData(com.mercedesbenz.sechub.adapter.AdapterMetaData)

Aggregations

JobStorage (com.mercedesbenz.sechub.storage.core.JobStorage)19 InputStream (java.io.InputStream)11 StringInputStream (com.amazonaws.util.StringInputStream)8 UUID (java.util.UUID)8 IOException (java.io.IOException)5 AdapterMetaData (com.mercedesbenz.sechub.adapter.AdapterMetaData)3 ProductResult (com.mercedesbenz.sechub.domain.scan.product.ProductResult)3 MetaDataInspection (com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection)3 CheckmarxAdapterConfig (com.mercedesbenz.sechub.adapter.checkmarx.CheckmarxAdapterConfig)2 SecHubRuntimeException (com.mercedesbenz.sechub.commons.model.SecHubRuntimeException)2 SecHubConfiguration (com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration)2 MultiStorageService (com.mercedesbenz.sechub.sharedkernel.storage.MultiStorageService)2 S3Setup (com.mercedesbenz.sechub.storage.core.S3Setup)2 SharedVolumeSetup (com.mercedesbenz.sechub.storage.core.SharedVolumeSetup)2 BufferedReader (java.io.BufferedReader)2 InputStreamReader (java.io.InputStreamReader)2 MessageDigest (java.security.MessageDigest)2 FileItemIterator (org.apache.commons.fileupload.FileItemIterator)2 FileItemStream (org.apache.commons.fileupload.FileItemStream)2 ServletFileUpload (org.apache.commons.fileupload.servlet.ServletFileUpload)2