UNPKG

veracode-ci

Version:

Veracode client for triggering scans in Continuous Integration

github.com/tveal/veracode-ci

tveal/veracode-ci

143 lines (107 loc) 4.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.default = void 0; var _os = _interopRequireDefault(require("os")); var _path = _interopRequireDefault(require("path")); var _veracodeClient = _interopRequireDefault(require("@jupiterone/veracode-client")); var _log = _interopRequireDefault(require("./log")); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } class Connector { constructor(options = {}) { const defaults = { robotId: process.env.VERA_ID, robotKey: process.env.VERA_KEY, appId: process.env.VERA_APP_ID, appName: process.env.VERA_APP_NAME, appVersion: process.env.npm_package_version, sandboxName: process.env.npm_package_name, excludes: ['node_modules/**/*'], scanAllNonfatalTopLevelModules: false, autoScan: true }; this.robotId = options.robotId || defaults.robotId; this.robotKey = options.robotKey || defaults.robotKey; this.appId = options.appId || defaults.appId; this.appName = options.appName || defaults.appName; this.appVersion = options.appVersion || defaults.appVersion; this.sandboxName = options.sandboxName || defaults.sandboxName; this.excludes = options.excludes || defaults.excludes; this.scanAllNonfatalTopLevelModules = typeof options.scanAllNonfatalTopLevelModules === 'boolean' ? options.scanAllNonfatalTopLevelModules : defaults.scanAllNonfatalTopLevelModules; this.autoScan = typeof options.autoScan === 'boolean' ? options.autoScan : defaults.autoScan; // console.log('robotId:', this.robotId); // console.log('robotKey:', this.robotKey); console.log('-----'); console.log('PROPS'); console.log('-----'); console.log('appId:', this.appId); console.log('appName:', this.appName); console.log('appVersion:', this.appVersion); console.log('sandboxName:', this.sandboxName); console.log('excludes:', this.excludes); console.log('scanAllNonfatalTopLevelModules:', this.scanAllNonfatalTopLevelModules); console.log('autoScan:', this.autoScan); console.log('-----'); this._validatePropSet('robotId'); this._validatePropSet('robotKey'); this.client = new _veracodeClient.default(this.robotId, this.robotKey); } async scanInSandbox() { this._validatePropSet('appVersion'); this._validatePropSet('sandboxName'); await this._initAppId(); this._validatePropSet('appId'); _log.default.info(`Using appId: ${this.appId}`); const appInfo = { appId: this.appId, appVersion: this.appVersion, autoScan: this.autoScan, scanAllNonfatalTopLevelModules: this.scanAllNonfatalTopLevelModules }; const hasSandbox = (await this.client.getSandboxList(appInfo)).some(sb => { const isMatch = sb._attributes.sandbox_name === this.sandboxName; if (isMatch) { appInfo.sandboxId = sb._attributes.sandbox_id; } return isMatch; }); if (!hasSandbox) { _log.default.info(`Need to setup new sandbox for ${this.sandboxName}`); appInfo.sandboxName = this.sandboxName; appInfo.sandboxId = (await this.client.createSandbox(appInfo)).sandbox._attributes.sandbox_id; _log.default.info(`New sandbox created, id: ${appInfo.sandboxId}`); } _log.default.info(`Setting up new scan for ${this.sandboxName}, sandbox_id: ${appInfo.sandboxId}`); try { const buildId = (await this.client.createBuild(appInfo)).build._attributes.build_id; _log.default.info(`New Build ID: ${buildId}`); } catch (err) { _log.default.warn(`Failed to create a new release-versioned scan for ${this.sandboxName}; ${err}`); _log.default.warn('> Will try to scan as an auto-versioned scan...'); } appInfo.file = _path.default.join(_os.default.tmpdir(), `${this.sandboxName.replace(/\W/g, '')}.zip`); await this.client.createZipArchive(`${process.cwd()}`, appInfo.file, this.excludes); const fileId = (await this.client.uploadFile(appInfo)).file._attributes.file_id; _log.default.info(`New File ID: ${fileId}`); const scanVersion = (await this.client.beginPrescan(appInfo)).build._attributes.version; _log.default.info(`New Scan Version: ${scanVersion}`); } _validatePropSet(propName) { if (!this[propName]) { throw new Error(`Property ${propName} was not set. Cannot continue.`); } } async _initAppId() { if (!this.appId && this.appName) { (await this.client.getAppList()).some(app => { const isMatch = app._attributes.app_name === this.appName; if (isMatch) { this.appId = app._attributes.app_id; } return isMatch; }); } } } var _default = Connector; exports.default = _default;