add "check" functionality

gr-markin · gr-markin · commit 4218bbc5ab2b · 2019-02-18T00:15:34.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -11,6 +11,7 @@
 ### Gradle template
 .gradle
 build/
+out/
 
 # Ignore Gradle GUI config
 gradle-app.setting
diff --git a/build.gradle b/build.gradle
@@ -8,13 +8,13 @@
 
 
 group 'de.eacg'
-version '0.1.4'
+version '0.2.0'
 
 buildscript {
     dependencies {
         classpath 'io.codearte.gradle.nexus:gradle-nexus-staging-plugin:0.5.3'
         classpath "com.gradle.publish:plugin-publish-plugin:0.9.4"
-//        classpath "de.eacg:ecs-gradle-plugin:0.1.3"               // uncomment to scan this compoment
+//        classpath "de.eacg:ecs-gradle-plugin:0.2.0"               // uncomment to scan this compoment
     }
     repositories {
         mavenLocal()
@@ -30,7 +30,7 @@ apply plugin: 'maven'
 apply plugin: 'signing'
 apply plugin: 'io.codearte.nexus-staging'
 apply plugin: 'com.gradle.plugin-publish'
-// apply plugin: 'de.eacg.ecsPlugin'                               // uncomment to scan this compoment
+//apply plugin: 'de.eacg.ecsPlugin'                               // uncomment to scan this compoment
 
 
 sourceCompatibility = JavaVersion.VERSION_1_7
@@ -52,15 +52,15 @@ nexusStaging {
 
 /*
 ecsPlugin {                                                       // uncomment to scan this compoment
-    credentials = '~/.ecsrc.json'
-    verbose = true
+    credentials = '../ecs-test-settings.json'
+    verbose = false
 }
 */
 
 dependencies {
     compile gradleApi()
     compile localGroovy()
-    compile 'de.eacg:ecs-java-client:0.2.1'
+    compile 'de.eacg:ecs-java-client:0.2.2'
     testCompile 'junit:junit:4.12'
 }
 
@@ -83,8 +83,9 @@ artifacts {
 }
 
 signing {
-    required { gradle.taskGraph.hasTask("uploadArchives") }
     sign configurations.archives
+    useGpgCmd()
+    required { gradle.taskGraph.hasTask("uploadArchives") }
 }
 
 archivesBaseName = 'ecs-gradle-plugin'
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
-#Fri Apr 15 16:31:47 CEST 2016
+#Sun Oct 28 19:23:29 CET 2018
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-2.12-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-2.12-all.zip
diff --git a/src/main/groovy/de/eacg/ecs/gradle/plugin/CheckTask.groovy b/src/main/groovy/de/eacg/ecs/gradle/plugin/CheckTask.groovy
@@ -0,0 +1,156 @@
+package de.eacg.ecs.gradle.plugin
+
+import de.eacg.ecs.client.CheckResults
+import de.eacg.ecs.client.JsonProperties
+import de.eacg.ecs.client.RestClient
+import de.eacg.ecs.client.Scan
+import org.gradle.api.GradleException
+import org.gradle.api.artifacts.Configuration
+import org.gradle.api.artifacts.result.ResolutionResult
+import org.gradle.api.artifacts.result.ResolvedComponentResult
+import org.gradle.api.tasks.StopActionException
+import org.gradle.api.tasks.TaskAction
+
+class CheckTask extends ScanTask{
+
+    @TaskAction
+    def scan() {
+        def scanExt = project.ecsPlugin
+        def projProps = new ProjectProperties()
+
+        def userAgent = "${projProps.getName()}/${projProps.getVersion()}"
+        this.verbose = scanExt.verbose
+        this.prefixString = 'ecsCheck =>'
+
+        JsonProperties apiClientConfig = readAndCheckCredentials(scanExt);
+
+        if (scanExt.skip) {
+            println "${prefixString} Skipping execution"
+            return
+        }
+
+
+        /**
+         *  TODO: allow more than one configurations????
+         */
+
+        Configuration configuration = getConfiguration(scanExt);
+
+        ResolutionResult result = configuration.getIncoming().getResolutionResult()
+        ResolvedComponentResult root = result.getRoot();
+
+        Configuration pomsConfig = project.configurations.detachedConfiguration()
+
+        setupPomConfig(root, pomsConfig)
+        populateMetaInfCache(pomsConfig)
+
+        def ecsRootDependency = mapDependencies(root)
+        if (verbose) {
+            printDependencies(ecsRootDependency, 0)
+        }
+
+        CheckResults results = null
+
+        RestClient restClient = new RestClient(apiClientConfig, userAgent);
+        Scan scan = new Scan(scanExt.projectName, scanExt.moduleName, scanExt.moduleId, ecsRootDependency);
+
+        try {
+            results = restClient.checkScan(scan);
+        } catch (RestClient.RestClientException e) {
+            println "WARNING: ${e.getMessage()}"
+        }
+
+        if (restClient.getResponseStatus() == 200 && results != null ) {
+            evaluateResults(results);
+        }
+    }
+
+    private void evaluateResults(CheckResults results) throws GradleException {
+        def scanExt = project.ecsPlugin
+
+        for (CheckResults.Warning w : results.getWarnings()) {
+            String cStr = w.getComponent()
+            String vStr = w.getVersion()
+
+            String msg = String.format("Component \"%s %s\"", cStr != null ? cStr : "", vStr != null ? vStr : "")
+
+            if (w.isComponentNotFound()) {
+                println "WARNING: ${msg} not found"
+            }
+
+            if (w.isVersionNotFound()) {
+                println "WARNING: ${msg} version not found"
+            }
+
+            if (w.isLicenseNotFound()) {
+                println "WARNING: ${msg} license not found"
+            }
+        }
+
+        if (!scanExt.allowBreakBuild) {
+            return
+        }
+
+        if (scanExt.breakOnLegalIssues) {
+            int violations = 0
+            int warnings = 0
+
+            for (CheckResults.Result result : results.getData()) {
+                String msg = result.getComponent().getName() + " " + result.getComponent().getVersion()
+                List<CheckResults.Violation> legalViolations
+                if (scanExt.assumeComponentsModified) {
+                    legalViolations = result.getChanged().getViolations()
+                } else {
+                    legalViolations = result.getNot_changed().getViolations()
+                }
+
+                for (CheckResults.Violation v : legalViolations) {
+                    if (v.isViolation()) {
+                        println "${msg} : ${v.getMessage()}"
+                        violations++
+                    } else if (v.isWarning()) {
+                        println "${msg} : ${v.getMessage()}"
+                        warnings++
+                    }
+                }
+            }
+
+            if (scanExt.breakOnViolationsAndWarnings && (warnings > 0 || violations > 0)) {
+                throw new GradleException("Found legal violations")
+            }
+
+            if (scanExt.breakOnViolationsOnly && (violations > 0)) {
+                throw new GradleException("Found legal violations")
+            }
+
+        }
+
+        if (scanExt.breakOnVulnerabilities) {
+            int violations = 0
+            int warnings = 0
+
+            for (CheckResults.Result result : results.getData()) {
+                String componentStr = result.getComponent().getName() + " " + result.getComponent().getVersion()
+                for (CheckResults.Vulnerabilities v : result.getVulnerabilities()) {
+                    String msg = componentStr + ": [" + v.getName() + "] " + v.getDescription()
+                    if (v.isViolation()) {
+                        println msg
+                        violations++
+                    } else if (v.isWarning()) {
+                        println msg
+                        warnings++
+                    }
+                }
+            }
+
+            if (scanExt.breakOnViolationsAndWarnings && (warnings > 0 || violations > 0)) {
+                throw new StopActionException("Found vulnerabilities")
+            }
+
+            if (scanExt.breakOnViolationsOnly && (violations > 0)) {
+                throw new StopActionException("Found vulnerabilities")
+            }
+
+        }
+    }
+}
diff --git a/src/main/groovy/de/eacg/ecs/gradle/plugin/EcsPlugin.groovy b/src/main/groovy/de/eacg/ecs/gradle/plugin/EcsPlugin.groovy
@@ -14,11 +14,16 @@ import org.gradle.api.Project
 class EcsPlugin implements Plugin<Project> {
     void apply(Project project) {
         project.extensions.create('ecsPlugin', EcsPluginExtension)
+
         project.ecsPlugin.projectName = project.name
         project.ecsPlugin.moduleName = project.name
         project.ecsPlugin.moduleId = project.group + ':' + project.name
+
         project.task('dependency-scan', type: ScanTask)
         project.task('ecsScan', type: ScanTask)   // alias
+
+        project.task('dependency-check', type: CheckTask)
+        project.task('ecsCheck', type: CheckTask)   // alias
     }
 }
 
diff --git a/src/main/groovy/de/eacg/ecs/gradle/plugin/EcsPluginExtension.groovy b/src/main/groovy/de/eacg/ecs/gradle/plugin/EcsPluginExtension.groovy
@@ -29,6 +29,23 @@ class EcsPluginExtension {
     Boolean skipTransfer = false
     Boolean verbose = false
 
+    String proxyUrl
+    String proxyPort
+
+    String proxyUser
+    String proxyPass
+
+
+    Boolean allowBreakBuild;
+    Boolean breakOnLegalIssues;
+
+    Boolean breakOnVulnerabilities;
+    Boolean breakOnViolationsOnly;
+
+    Boolean breakOnViolationsAndWarnings;
+    Boolean assumeComponentsModified;
+
+
     void configuration(String... confs) {
         for (String s in confs) {
             configurations << s
diff --git a/src/main/groovy/de/eacg/ecs/gradle/plugin/ScanTask.groovy b/src/main/groovy/de/eacg/ecs/gradle/plugin/ScanTask.groovy
@@ -147,7 +147,7 @@ class ScanTask extends DefaultTask {
         }
     }
 
-    private Configuration getConfiguration(def scanExt) {
+    protected Configuration getConfiguration(def scanExt) {
         def firstConfig = scanExt.configurations.first()
         println "${prefixString} Scanning with '${firstConfig}' configuration"
         try {
@@ -158,7 +158,7 @@ class ScanTask extends DefaultTask {
         }
     }
 
-    private void populateMetaInfCache(Configuration pomsConfig) {
+    protected void populateMetaInfCache(Configuration pomsConfig) {
         try {
             def resolvedPomsConfig = pomsConfig.resolvedConfiguration.lenientConfiguration
             resolvedPomsConfig.getArtifacts(new Spec<org.gradle.api.artifacts.Dependency>(){
@@ -181,7 +181,7 @@ class ScanTask extends DefaultTask {
         }
     }
 
-    private JsonProperties readAndCheckCredentials(def scanExt) {
+    protected JsonProperties readAndCheckCredentials(def scanExt) {
         JsonProperties properties
 
         try {
@@ -195,6 +195,11 @@ class ScanTask extends DefaultTask {
         properties.setBaseUrl(scanExt.baseUrl)
         properties.setApiPath(scanExt.apiPath)
 
+        properties.setProxyUrl(scanExt.proxyUrl);
+        properties.setProxyPort(scanExt.proxyPort);
+        properties.setProxyUser(scanExt.proxyUser);
+        properties.setProxyPass(scanExt.proxyPass);
+
         def missingKeys = properties.validate()
         if(missingKeys.isEmpty() == false) {
             String err = "The mandatory parameter(s) '${missingKeys}' for plugin 'ecs-gradle-plugin' is/are missing or invalid"

Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,7 @@ class ScanTask extends DefaultTask {`
`147`	`147`	`}`
`148`	`148`	`}`
`149`	`149`
`150`		`- private Configuration getConfiguration(def scanExt) {`
	`150`	`+ protected Configuration getConfiguration(def scanExt) {`
`151`	`151`	`def firstConfig = scanExt.configurations.first()`
`152`	`152`	`println "${prefixString} Scanning with '${firstConfig}' configuration"`
`153`	`153`	`try {`
`@@ -158,7 +158,7 @@ class ScanTask extends DefaultTask {`
`158`	`158`	`}`
`159`	`159`	`}`
`160`	`160`
`161`		`- private void populateMetaInfCache(Configuration pomsConfig) {`
	`161`	`+ protected void populateMetaInfCache(Configuration pomsConfig) {`
`162`	`162`	`try {`
`163`	`163`	`def resolvedPomsConfig = pomsConfig.resolvedConfiguration.lenientConfiguration`
`164`	`164`	`resolvedPomsConfig.getArtifacts(new Spec<org.gradle.api.artifacts.Dependency>(){`
`@@ -181,7 +181,7 @@ class ScanTask extends DefaultTask {`
`181`	`181`	`}`
`182`	`182`	`}`
`183`	`183`
`184`		`- private JsonProperties readAndCheckCredentials(def scanExt) {`
	`184`	`+ protected JsonProperties readAndCheckCredentials(def scanExt) {`
`185`	`185`	`JsonProperties properties`
`186`	`186`
`187`	`187`	`try {`
`@@ -195,6 +195,11 @@ class ScanTask extends DefaultTask {`
`195`	`195`	`properties.setBaseUrl(scanExt.baseUrl)`
`196`	`196`	`properties.setApiPath(scanExt.apiPath)`
`197`	`197`
	`198`	`+ properties.setProxyUrl(scanExt.proxyUrl);`
	`199`	`+ properties.setProxyPort(scanExt.proxyPort);`
	`200`	`+ properties.setProxyUser(scanExt.proxyUser);`
	`201`	`+ properties.setProxyPass(scanExt.proxyPass);`
	`202`	`+`
`198`	`203`	`def missingKeys = properties.validate()`
`199`	`204`	`if(missingKeys.isEmpty() == false) {`
`200`	`205`	`String err = "The mandatory parameter(s) '${missingKeys}' for plugin 'ecs-gradle-plugin' is/are missing or invalid"`