From 671016a5d69c4b1399ced4ca142c50da3f0f5eb0 Mon Sep 17 00:00:00 2001 From: Eli Miller Date: Mon, 25 Mar 2024 10:28:36 +0200 Subject: [PATCH] Defect #2318019: [Fortify on Demand] Vulnerabilities are not injected in Octane --- .../vulnerabilities/fod/FODServiceImpl.java | 2 +- .../vulnerabilities/fod/dto/FODConfig.java | 23 +++++++++++-------- .../vulnerabilities/fod/dto/FODConnector.java | 2 +- .../fod/dto/FodConnectionFactory.java | 2 ++ .../vulnerabilities/fod/dto/SecurityTool.java | 8 ++++++- 5 files changed, 25 insertions(+), 12 deletions(-) diff --git a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/FODServiceImpl.java b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/FODServiceImpl.java index e545a43f..e6c10c61 100644 --- a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/FODServiceImpl.java +++ b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/FODServiceImpl.java @@ -147,7 +147,7 @@ private PplnRunStatus fodScanIsStillInProgress(VulnerabilitiesQueueItem queueIte return new PplnRunStatus(false, true); } } - if (getFailedTries(queueItem) > 10) { + if (getFailedTries(queueItem) > 100) { logger.error( "scan Id was not found, validate that the release in the pipeline configuration is the same as the release in the Jenkins job."); return new PplnRunStatus(false, false); diff --git a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FODConfig.java b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FODConfig.java index 5d2a34df..8025f30c 100644 --- a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FODConfig.java +++ b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FODConfig.java @@ -36,18 +36,23 @@ public abstract class FODConfig { public final String authURL; + public final String authURLApi; public final String entitiesURL; public abstract String getAuthBody(); - protected FODConfig(String baseURL){ + protected FODConfig(String baseURL, String authURLApi){ + String normalizeURLApi = authURLApi; + if(!normalizeURLApi.endsWith("/")){ + normalizeURLApi = normalizeURLApi + "/"; + } + this.authURLApi = normalizeURLApi + "oauth/token"; String normanlizedURL = baseURL; if(!normanlizedURL.endsWith("/")){ normanlizedURL = normanlizedURL + "/"; } this.authURL = normanlizedURL + "oauth/token"; - this.entitiesURL = normanlizedURL + "api/v3"; - + this.entitiesURL = normalizeURLApi + "api/v3"; } @@ -57,11 +62,11 @@ public static class PasswordFODConfig extends FODConfig{ String password; String tenant; - static final String authPWDBodyFormat ="grant_type=password&scope=https://hpfod.com/tenant&username=%s\\%s&password=%s"; + static final String authPWDBodyFormat ="grant_type=client_credentials&scope=api-tenant&client_id=%s&client_secret=%s"; - public PasswordFODConfig(String baseUrl, String username, String password,String tenant) { + public PasswordFODConfig(String baseUrl, String authURLApi, String username, String password,String tenant) { - super(baseUrl); + super(baseUrl, authURLApi); this.password = password; this.username = username; this.tenant = tenant; @@ -74,12 +79,12 @@ public String getAuthBody(){ public static class CredentialsFODConfig extends FODConfig{ - static final String authBodyFormat ="grant_type=client_credentials&scope=https://hpfod.com/tenant&client_id=%s&client_secret=%s"; + static final String authBodyFormat ="grant_type=client_credentials&scope=api-tenant&client_id=%s&client_secret=%s"; String client_id; String secret; - public CredentialsFODConfig(String baseUrl, String clientID, String secret){ + public CredentialsFODConfig(String baseUrl,String authURLApi, String clientID, String secret){ - super(baseUrl); + super(baseUrl, authURLApi); this.client_id = clientID; this.secret = secret; } diff --git a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FODConnector.java b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FODConnector.java index 46bef512..4c6b5b34 100644 --- a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FODConnector.java +++ b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FODConnector.java @@ -215,7 +215,7 @@ private String getUpdatedAccessToken() { private void getAccessToken() { - HttpPost post = new HttpPost(fodConfig.authURL); + HttpPost post = new HttpPost(fodConfig.authURLApi); HttpEntity content = new StringEntity(fodConfig.getAuthBody(), ContentType.APPLICATION_FORM_URLENCODED); post.setEntity(content); diff --git a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FodConnectionFactory.java b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FodConnectionFactory.java index 0633fa70..c181ce36 100644 --- a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FodConnectionFactory.java +++ b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/FodConnectionFactory.java @@ -75,6 +75,7 @@ public static SecurityTool getFODSecTool() { FodServerConfiguration fodProjectConfiguration = configurer.pluginServices.getFodServerConfiguration(); return new SecurityTool(fodProjectConfiguration.getBaseUrl(), + fodProjectConfiguration.getApiUrl(), fodProjectConfiguration.getClientId(), fodProjectConfiguration.getClientSecret()); } @@ -86,6 +87,7 @@ private static FODSource createFodConnector(SecurityTool securityToolEntity) { return new FodMockSource(); }else { FODConnector instance = new FODConnector(new FODConfig.CredentialsFODConfig(securityToolEntity.getToolUrl(), + securityToolEntity.getToolUrlApi(), securityToolEntity.getApiKey(), securityToolEntity.getSecret())); instance.initConnection(configurer); diff --git a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/SecurityTool.java b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/SecurityTool.java index 42c988ba..8c64cf2d 100644 --- a/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/SecurityTool.java +++ b/integrations-sdk/src/main/java/com/hp/octane/integrations/services/vulnerabilities/fod/dto/SecurityTool.java @@ -34,11 +34,13 @@ public class SecurityTool { private String toolUrl; + private String toolUrlApi; private String apiKey; private String secret; - public SecurityTool(String toolUrl, String apiKey, String secret) { + public SecurityTool(String toolUrl,String toolUrlApi, String apiKey, String secret) { this.toolUrl = toolUrl; + this.toolUrlApi = toolUrlApi; this.apiKey = apiKey; this.secret = secret; } @@ -47,6 +49,10 @@ public String getToolUrl() { return toolUrl; } + public String getToolUrlApi() { + return toolUrlApi; + } + public String getApiKey() { return apiKey; }