use of com.synopsys.integration.blackduck.codelocation.signaturescanner.SignatureScannerService in project blackduck-common by blackducksoftware.
the class ComprehensiveCookbookTestIT method testPolicyStatusFromSignatureScan.
@Test
public void testPolicyStatusFromSignatureScan() throws Exception {
String projectName = "scan-hub-artifactory-test";
String projectVersionName = "1.0.0_test";
String codeLocationName = "scan_artifactory_code_location";
String policyRuleName = "Test Rule for comprehensive policy status/scan";
String componentName = "Apache Ant";
String componentVersion = "1.9.7";
String groupId = "org.apache.ant";
String artifact = "ant";
CheckPolicyData checkPolicyData = new CheckPolicyData(projectName, projectVersionName, codeLocationName, policyRuleName, componentName, componentVersion, groupId, artifact);
BlackDuckServices blackDuckServices = new BlackDuckServices(intHttpClientTestHelper);
setupPolicyCheck(blackDuckServices, checkPolicyData);
UserView currentUser = blackDuckServices.userService.findCurrentUser();
Date userStartDate = blackDuckServices.notificationService.getLatestUserNotificationDate(currentUser);
Date systemStartDate = blackDuckServices.notificationService.getLatestNotificationDate();
File scanFile = intHttpClientTestHelper.getFile("hub-artifactory-1.0.1-RC.zip");
File parentDirectory = scanFile.getParentFile();
File installDirectory = new File(parentDirectory, "scanner_install");
File outputDirectory = new File(parentDirectory, "scanner_output");
// perform the scan
ScanBatchBuilder scanBatchBuilder = new ScanBatchBuilder();
scanBatchBuilder.fromBlackDuckServerConfig(blackDuckServices.blackDuckServerConfig);
scanBatchBuilder.outputDirectory(outputDirectory);
scanBatchBuilder.projectAndVersionNames(projectName, projectVersionName);
scanBatchBuilder.addTarget(ScanTarget.createBasicTarget(scanFile.getAbsolutePath(), codeLocationName));
ScanBatch scanBatch = scanBatchBuilder.build();
SignatureScannerService signatureScannerService = blackDuckServices.blackDuckServicesFactory.createSignatureScannerService(installDirectory);
ScanBatchOutput scanBatchOutput = signatureScannerService.performSignatureScanAndWait(scanBatch, 15 * 60);
for (ScanCommandOutput scanCommandOutput : scanBatchOutput) {
if (!Result.SUCCESS.equals(scanCommandOutput.getResult())) {
scanCommandOutput.getException().ifPresent(exception -> System.out.println(String.format("Scan exception: %s", exception.getMessage())));
scanCommandOutput.getErrorMessage().ifPresent(msg -> System.out.println(String.format("Scan error message: %s", msg)));
scanCommandOutput.getScanExitCode().ifPresent(exitCode -> System.out.println(String.format("Scan exit code: %s", exitCode)));
System.out.println("Scan command start");
System.out.println(scanCommandOutput.getExecutedScanCommand());
System.out.println("Scan command end");
}
assertEquals(Result.SUCCESS, scanCommandOutput.getResult());
assertNotNull(scanCommandOutput.getDryRunFile());
}
VerifyNotifications.verify(currentUser, blackDuckServices.blackDuckRegistrationService, blackDuckServices.notificationService, userStartDate, systemStartDate);
completePolicyCheck(blackDuckServices, checkPolicyData);
}
use of com.synopsys.integration.blackduck.codelocation.signaturescanner.SignatureScannerService in project blackduck-common by blackducksoftware.
the class InstallAndRunSignatureScannerTestIT method testInstallingAndRunningSignatureScanner.
@Test
void testInstallingAndRunningSignatureScanner() throws IOException, InterruptedException, IntegrationException {
// here, we do not want to automatically trust the server's certificate
BlackDuckServerConfigBuilder blackDuckServerConfigBuilder = intHttpClientTestHelper.getBlackDuckServerConfigBuilder();
blackDuckServerConfigBuilder.setTrustCert(false);
BlackDuckServerConfig blackDuckServerConfig = blackDuckServerConfigBuilder.build();
File installDirectory = new File(scannerDirectoryPath, "scanner_install");
File outputDirectory = new File(scannerDirectoryPath, "scanner_output");
ScanBatch scanBatch = createScanBatch(blackDuckServerConfig, outputDirectory);
BufferedIntLogger logger = new BufferedIntLogger();
BlackDuckServicesFactory blackDuckServicesFactory = blackDuckServerConfig.createBlackDuckServicesFactory(logger);
IntEnvironmentVariables environmentVariables = blackDuckServicesFactory.getEnvironmentVariables();
OperatingSystemType operatingSystemType = OperatingSystemType.determineFromSystem();
ExecutorService executorService = BlackDuckServicesFactory.NO_THREAD_EXECUTOR_SERVICE;
BlackDuckHttpClient blackDuckHttpClient = blackDuckServicesFactory.getBlackDuckHttpClient();
BlackDuckRegistrationService blackDuckRegistrationService = blackDuckServicesFactory.createBlackDuckRegistrationService();
CleanupZipExpander cleanupZipExpander = new CleanupZipExpander(logger);
HttpUrl blackDuckServerUrl = blackDuckHttpClient.getBlackDuckUrl();
ScanPathsUtility scanPathsUtility = new ScanPathsUtility(logger, environmentVariables, operatingSystemType);
ScanCommandRunner scanCommandRunner = new ScanCommandRunner(logger, environmentVariables, scanPathsUtility, executorService);
// first, run a scan with an install that will NOT update the embedded keystore, which should fail
KeyStoreHelper noOpKeyStoreHelper = new NoOpKeyStoreHelper();
ScannerZipInstaller installerWithoutKeyStoreManagement = new ScannerZipInstaller(logger, new SignatureScannerClient(blackDuckHttpClient), blackDuckRegistrationService, cleanupZipExpander, scanPathsUtility, noOpKeyStoreHelper, blackDuckServerUrl, operatingSystemType, installDirectory);
ScanBatchRunner scanBatchRunnerWithout = ScanBatchRunner.createComplete(environmentVariables, scanPathsUtility, scanCommandRunner, installerWithoutKeyStoreManagement);
SignatureScannerService signatureScannerServiceWithout = blackDuckServicesFactory.createSignatureScannerService(scanBatchRunnerWithout);
assertScanFailure(logger, blackDuckRegistrationService, signatureScannerServiceWithout, scanBatch);
// now, delete the failed installation
FileUtils.deleteDirectory(installDirectory);
// second, run a scan with an install that DOES update the embedded keystore, which should succeed
logger.resetAllLogs();
KeyStoreHelper keyStoreHelper = new KeyStoreHelper(logger);
ScannerZipInstaller installerWithKeyStoreManagement = new ScannerZipInstaller(logger, new SignatureScannerClient(blackDuckHttpClient), blackDuckRegistrationService, cleanupZipExpander, scanPathsUtility, keyStoreHelper, blackDuckServerUrl, operatingSystemType, installDirectory);
ScanBatchRunner scanBatchRunnerWith = ScanBatchRunner.createComplete(environmentVariables, scanPathsUtility, scanCommandRunner, installerWithKeyStoreManagement);
SignatureScannerService signatureScannerServiceWith = blackDuckServicesFactory.createSignatureScannerService(scanBatchRunnerWith);
assertScanSuccess(logger, signatureScannerServiceWith, scanBatch);
// finally, verify the code location exists and then delete it to clean up
CodeLocationService codeLocationService = blackDuckServicesFactory.createCodeLocationService();
BlackDuckApiClient blackDuckApiClient = blackDuckServicesFactory.getBlackDuckApiClient();
ResilientJobConfig jobConfig = new ResilientJobConfig(logger, 120, System.currentTimeMillis(), 10);
WaitJob.waitFor(jobConfig, () -> codeLocationService.getCodeLocationByName(CODE_LOCATION_NAME).isPresent(), "codeLocationTest");
Optional<CodeLocationView> codeLocationViewOptional = codeLocationService.getCodeLocationByName(CODE_LOCATION_NAME);
assertTrue(codeLocationViewOptional.isPresent());
blackDuckApiClient.delete(codeLocationViewOptional.get());
}
Aggregations