Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OTWO-6954 api for create scan project #1716

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .env.test
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ JWT_SECRET_API_KEY='116016cca2a9f3eed660a65a78ba88091a73b330'

SUPPRESS_JASMINE_DEPRECATION = 1

COVERITY_SCAN_URL = 'http://vcrlocalhost.org:5008'

KB_API_AUTH_KEY = 'test'
KB_AUTH_API = 'https://vcrlocalhost/auth'
BDSA_VULNERABILITY_API = 'https://vcrlocalhost/bdsa/BDSA_ID'
Expand Down
18 changes: 18 additions & 0 deletions app/controllers/api/v1/projects_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ class Api::V1::ProjectsController < ApplicationController

skip_before_action :verify_authenticity_token
before_action :authenticate_jwt
before_action :set_project_or_fail, only: [:create_scan_project]

def create
@project = build_project
Expand All @@ -18,6 +19,14 @@ def create
end
end

def create_scan_project
response = get_scan_api_data(params[:url], 'api/projects')
return unless response && response['scan_project_id']

CodeLocationScan.where(code_location_id: @project.enlistments.first.code_location_id,
scan_project_id: response['scan_project_id']).first_or_create
end

private

def project_params
Expand Down Expand Up @@ -63,4 +72,13 @@ def code_location_branch(url)
out, _err, _status = Open3.capture3("git ls-remote --symref #{url} HEAD | head -1 | awk '{print $2}'")
out.strip.sub(/refs\/heads\//, '')
end

def get_scan_api_data(url, path)
return unless @project

language = @project&.best_analysis&.main_language&.nice_name
data = { name: @project&.name, repo_url: url, user_id: params[:user_id],
language: scan_oh_language_mapping(language), vanity_url: @project.vanity_url }
ScanCoverityApi.save(path, data)
end
end
10 changes: 10 additions & 0 deletions app/helpers/projects_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -127,5 +127,15 @@ def project_activity_level(project)
def project_description_size_breached?(project)
project.description && project.description.size > 800
end

def scan_oh_language_mapping(language)
case language
when 'C++', 'C/C++', 'C' then 'CXX'
when 'Java' then 'JAVA'
when 'C#' then 'CSHARP'
when 'JavaScript' then 'JAVASCRIPT'
when 'Ruby', 'Python', 'PHP' then 'OTHER'
end
end
end
# rubocop: enable Metrics/ModuleLength
59 changes: 59 additions & 0 deletions app/lib/scan_coverity/scan_coverity_api.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# frozen_string_literal: true

class ScanCoverityApi
URL = ENV['COVERITY_SCAN_URL']

class << self
def resource_uri(path = nil, _query = {})
URI("#{URL}/#{path}.json")
end

def get_response(path = nil, query = {})
uri = resource_uri(path, query)
response = Net::HTTP.get_response(uri)
handle_errors(response) { JSON.parse(response.body) }
end

def save(path = nil, query = {})
uri = resource_uri(path, query)
response = Net::HTTP.post_form(uri, query)
handle_errors(response) do
hsh = JSON.parse(response.body)
set_attributes_or_errors(response, hsh)
end
rescue JSON::ParserError
response.body
end

private

def handle_errors(response)
case response
when Net::HTTPServerError
raise ScanCoverityApiError, "#{response.message} => #{response.body}"
else
yield
end
end

def save_success?(response)
response.is_a?(Net::HTTPSuccess)
end

def set_errors(hsh)
@errors = hsh.key?('error') ? hsh['error'].with_indifferent_access : hsh
false
end

def set_attributes(hsh)
@attributes = hsh
hsh.each do |key, value|
instance_variable_set("@#{key}", value)
end
end

def set_attributes_or_errors(response, hsh)
save_success?(response) ? set_attributes(hsh) : set_errors(hsh)
end
end
end
4 changes: 4 additions & 0 deletions app/lib/scan_coverity/scan_coverity_api_error.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# frozen_string_literal: true

class ScanCoverityApiError < StandardError
end
6 changes: 5 additions & 1 deletion config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,11 @@
post 'enlist'
end
resources :jwt, only: [:create]
resources :projects, only: [:create]
resources :projects, only: [:create] do
member do
post :create_scan_project
end
end
end
end

Expand Down
55 changes: 55 additions & 0 deletions fixtures/vcr_cassettes/CreateProjectFromMatchURL_record_none.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

116 changes: 116 additions & 0 deletions fixtures/vcr_cassettes/scan_projects.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
---
http_interactions:
- request:
method: post
uri: http://vcrlocalhost.org:5008/api/projects.json
body:
encoding: US-ASCII
string: name=Dummytestdata&repo_url=https%3A%2F%2Fgithub.com%2Frails%2Frails&user_id=e1dc08285095f4ff99199c3436532768&language=JAVA
headers:
Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept:
- "*/*"
User-Agent:
- Ruby
Host:
- vcrlocalhost.org:5008
Content-Type:
- application/x-www-form-urlencoded
response:
status:
code: 201
message: success
headers:
Date:
- Tue, 14 Mar 2023 11:09:01 GMT
Content-Type:
- text/plain
Transfer-Encoding:
- chunked
Connection:
- keep-alive
X-Request-Id:
- 83ba289fe76f4ed9a882a2a823be6d87
X-Runtime:
- '0.006584'
X-Powered-By:
- Phusion Passenger 5.0.30
Status:
- 201
Strict-Transport-Security:
- max-age=15724800; includeSubDomains
Set-Cookie:
- incap_ses_1559_941207=QCvHB5yXehqCVRkBiK6iFc1VEGQAAAAA7G/+9TvEcxaAWzmLbgQZBg==;
path=/; Domain=.coverity.com
- nlbi_941207=bJ7MAhEsdhG1ODi7vBlnAwAAAAA3GPUJcWfVnLBF6Cb2d22Z; path=/; Domain=.coverity.com
- visid_incap_941207=QJfhtfo9QgiltzVrch2GzcxVEGQAAAAAQUIPAAAAAAD7Vbp21tN9wMYyJIC789MH;
expires=Tue, 12 Mar 2024 15:15:25 GMT; HttpOnly; path=/; Domain=.coverity.com
X-Cdn:
- Imperva
X-Iinfo:
- 12-49168636-49168647 NNYN CT(229 230 0) RT(1678792140667 100) q(0 0 5 5) r(7
7) U24
body:
encoding: ASCII-8BIT
string: '{"scan_project_id": 1 }'
recorded_at: Tue, 14 Mar 2023 11:09:02 GMT
---
http_interactions:
- request:
method: post
uri: http://vcrlocalhost.org:5008/api/projects.json
body:
encoding: US-ASCII
string: name=&repo_url=https%3A%2F%2Fgithub.com%2Frails%2Frails&user_id=d1224324214
headers:
Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept:
- "*/*"
User-Agent:
- Ruby
Host:
- vcrlocalhost.org:5008
Content-Type:
- application/x-www-form-urlencoded
response:
status:
code: 401
message: unauthorized
headers:
Date:
- Tue, 14 Mar 2023 11:09:01 GMT
Content-Type:
- text/plain
Transfer-Encoding:
- chunked
Connection:
- keep-alive
X-Request-Id:
- 83ba289fe76f4ed9a882a2a823be6d87
X-Runtime:
- '0.006584'
X-Powered-By:
- Phusion Passenger 5.0.30
Status:
- 401
Strict-Transport-Security:
- max-age=15724800; includeSubDomains
Set-Cookie:
- incap_ses_1559_941207=QCvHB5yXehqCVRkBiK6iFc1VEGQAAAAA7G/+9TvEcxaAWzmLbgQZBg==;
path=/; Domain=.coverity.com
- nlbi_941207=bJ7MAhEsdhG1ODi7vBlnAwAAAAA3GPUJcWfVnLBF6Cb2d22Z; path=/; Domain=.coverity.com
- visid_incap_941207=QJfhtfo9QgiltzVrch2GzcxVEGQAAAAAQUIPAAAAAAD7Vbp21tN9wMYyJIC789MH;
expires=Tue, 12 Mar 2024 15:15:25 GMT; HttpOnly; path=/; Domain=.coverity.com
X-Cdn:
- Imperva
X-Iinfo:
- 12-49168636-49168647 NNYN CT(229 230 0) RT(1678792140667 100) q(0 0 5 5) r(7
7) U24
body:
encoding: ASCII-8BIT
string: '{"message": "unauthorized"}'
recorded_at: Tue, 14 Mar 2023 11:09:02 GMT
recorded_with: VCR 6.0.0

59 changes: 59 additions & 0 deletions fixtures/vcr_cassettes/scan_projects_error.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
http_interactions:
- request:
method: post
uri: http://vcrlocalhost.org:5008/api/projects.json
body:
encoding: US-ASCII
string: name=&repo_url=https%3A%2F%2Fgithub.com%2Frails%2Frails&user_id=d1224324214
headers:
Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept:
- "*/*"
User-Agent:
- Ruby
Host:
- vcrlocalhost.org:5008
Content-Type:
- application/x-www-form-urlencoded
response:
status:
code: 400
message: bad_request
headers:
Date:
- Tue, 14 Mar 2023 11:09:01 GMT
Content-Type:
- text/plain
Transfer-Encoding:
- chunked
Connection:
- keep-alive
X-Request-Id:
- 83ba289fe76f4ed9a882a2a823be6d87
X-Runtime:
- '0.006584'
X-Powered-By:
- Phusion Passenger 5.0.30
Status:
- 400
Strict-Transport-Security:
- max-age=15724800; includeSubDomains
Set-Cookie:
- incap_ses_1559_941207=QCvHB5yXehqCVRkBiK6iFc1VEGQAAAAA7G/+9TvEcxaAWzmLbgQZBg==;
path=/; Domain=.coverity.com
- nlbi_941207=bJ7MAhEsdhG1ODi7vBlnAwAAAAA3GPUJcWfVnLBF6Cb2d22Z; path=/; Domain=.coverity.com
- visid_incap_941207=QJfhtfo9QgiltzVrch2GzcxVEGQAAAAAQUIPAAAAAAD7Vbp21tN9wMYyJIC789MH;
expires=Tue, 12 Mar 2024 15:15:25 GMT; HttpOnly; path=/; Domain=.coverity.com
X-Cdn:
- Imperva
X-Iinfo:
- 12-49168636-49168647 NNYN CT(229 230 0) RT(1678792140667 100) q(0 0 5 5) r(7
7) U24
body:
encoding: ASCII-8BIT
string: '{"message": "Language cant be blank"}'
recorded_at: Tue, 14 Mar 2023 11:09:02 GMT
recorded_with: VCR 6.0.0

Loading