Skip to content

Commit

Permalink
OTWO-6954 api for create scan project
Browse files Browse the repository at this point in the history
  • Loading branch information
Niharika1117 committed Mar 21, 2023
1 parent 79a16d4 commit b515410
Show file tree
Hide file tree
Showing 12 changed files with 387 additions and 1 deletion.
2 changes: 2 additions & 0 deletions .env.test
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ JWT_SECRET_API_KEY='116016cca2a9f3eed660a65a78ba88091a73b330'

SUPPRESS_JASMINE_DEPRECATION = 1

COVERITY_SCAN_URL = 'http://vcrlocalhost.org:5008'

KB_API_AUTH_KEY = 'test'
KB_AUTH_API = 'https://vcrlocalhost/auth'
BDSA_VULNERABILITY_API = 'https://vcrlocalhost/bdsa/BDSA_ID'
Expand Down
18 changes: 18 additions & 0 deletions app/controllers/api/v1/projects_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ class Api::V1::ProjectsController < ApplicationController

skip_before_action :verify_authenticity_token
before_action :authenticate_jwt
before_action :set_project_or_fail, only: [:create_scan_project]

def create
@project = build_project
Expand All @@ -18,6 +19,14 @@ def create
end
end

def create_scan_project
response = get_scan_api_data(params[:url], 'api/projects')
return unless response && response['scan_project_id']

CodeLocationScan.where(code_location_id: @project.enlistments.first.code_location_id,
scan_project_id: response['scan_project_id']).first_or_create
end

private

def project_params
Expand Down Expand Up @@ -63,4 +72,13 @@ def code_location_branch(url)
out, _err, _status = Open3.capture3("git ls-remote --symref #{url} HEAD | head -1 | awk '{print $2}'")
out.strip.sub(/refs\/heads\//, '')
end

def get_scan_api_data(url, path)
return unless @project

language = @project&.best_analysis&.main_language&.nice_name
data = { name: @project&.name, repo_url: url, user_id: params[:user_id],
language: scan_oh_language_mapping(language), vanity_url: @project.vanity_url }
ScanCoverityApi.save(path, data)
end
end
10 changes: 10 additions & 0 deletions app/helpers/projects_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -127,5 +127,15 @@ def project_activity_level(project)
def project_description_size_breached?(project)
project.description && project.description.size > 800
end

def scan_oh_language_mapping(language)
case language
when 'C++', 'C/C++', 'C' then 'CXX'
when 'Java' then 'JAVA'
when 'C#' then 'CSHARP'
when 'JavaScript' then 'JAVASCRIPT'
when 'Ruby', 'Python', 'PHP' then 'OTHER'
end
end
end
# rubocop: enable Metrics/ModuleLength
59 changes: 59 additions & 0 deletions app/lib/scan_coverity/scan_coverity_api.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# frozen_string_literal: true

class ScanCoverityApi
URL = ENV['COVERITY_SCAN_URL']

class << self
def resource_uri(path = nil, _query = {})
URI("#{URL}/#{path}.json")
end

def get_response(path = nil, query = {})
uri = resource_uri(path, query)
response = Net::HTTP.get_response(uri)
handle_errors(response) { JSON.parse(response.body) }
end

def save(path = nil, query = {})
uri = resource_uri(path, query)
response = Net::HTTP.post_form(uri, query)
handle_errors(response) do
hsh = JSON.parse(response.body)
set_attributes_or_errors(response, hsh)
end
rescue JSON::ParserError
response.body
end

private

def handle_errors(response)
case response
when Net::HTTPServerError
raise ScanCoverityApiError, "#{response.message} => #{response.body}"
else
yield
end
end

def save_success?(response)
response.is_a?(Net::HTTPSuccess)
end

def set_errors(hsh)
@errors = hsh.key?('error') ? hsh['error'].with_indifferent_access : hsh
false
end

def set_attributes(hsh)
@attributes = hsh
hsh.each do |key, value|
instance_variable_set("@#{key}", value)
end
end

def set_attributes_or_errors(response, hsh)
save_success?(response) ? set_attributes(hsh) : set_errors(hsh)
end
end
end
4 changes: 4 additions & 0 deletions app/lib/scan_coverity/scan_coverity_api_error.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# frozen_string_literal: true

class ScanCoverityApiError < StandardError
end
6 changes: 5 additions & 1 deletion config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,11 @@
post 'enlist'
end
resources :jwt, only: [:create]
resources :projects, only: [:create]
resources :projects, only: [:create] do
member do
post :create_scan_project
end
end
end
end

Expand Down
55 changes: 55 additions & 0 deletions fixtures/vcr_cassettes/CreateProjectFromMatchURL_record_none.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

116 changes: 116 additions & 0 deletions fixtures/vcr_cassettes/scan_projects.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
---
http_interactions:
- request:
method: post
uri: http://vcrlocalhost.org:5008/api/projects.json
body:
encoding: US-ASCII
string: name=Dummytestdata&repo_url=https%3A%2F%2Fgithub.com%2Frails%2Frails&user_id=e1dc08285095f4ff99199c3436532768&language=JAVA
headers:
Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept:
- "*/*"
User-Agent:
- Ruby
Host:
- vcrlocalhost.org:5008
Content-Type:
- application/x-www-form-urlencoded
response:
status:
code: 201
message: success
headers:
Date:
- Tue, 14 Mar 2023 11:09:01 GMT
Content-Type:
- text/plain
Transfer-Encoding:
- chunked
Connection:
- keep-alive
X-Request-Id:
- 83ba289fe76f4ed9a882a2a823be6d87
X-Runtime:
- '0.006584'
X-Powered-By:
- Phusion Passenger 5.0.30
Status:
- 201
Strict-Transport-Security:
- max-age=15724800; includeSubDomains
Set-Cookie:
- incap_ses_1559_941207=QCvHB5yXehqCVRkBiK6iFc1VEGQAAAAA7G/+9TvEcxaAWzmLbgQZBg==;
path=/; Domain=.coverity.com
- nlbi_941207=bJ7MAhEsdhG1ODi7vBlnAwAAAAA3GPUJcWfVnLBF6Cb2d22Z; path=/; Domain=.coverity.com
- visid_incap_941207=QJfhtfo9QgiltzVrch2GzcxVEGQAAAAAQUIPAAAAAAD7Vbp21tN9wMYyJIC789MH;
expires=Tue, 12 Mar 2024 15:15:25 GMT; HttpOnly; path=/; Domain=.coverity.com
X-Cdn:
- Imperva
X-Iinfo:
- 12-49168636-49168647 NNYN CT(229 230 0) RT(1678792140667 100) q(0 0 5 5) r(7
7) U24
body:
encoding: ASCII-8BIT
string: '{"scan_project_id": 1 }'
recorded_at: Tue, 14 Mar 2023 11:09:02 GMT
---
http_interactions:
- request:
method: post
uri: http://vcrlocalhost.org:5008/api/projects.json
body:
encoding: US-ASCII
string: name=&repo_url=https%3A%2F%2Fgithub.com%2Frails%2Frails&user_id=d1224324214
headers:
Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept:
- "*/*"
User-Agent:
- Ruby
Host:
- vcrlocalhost.org:5008
Content-Type:
- application/x-www-form-urlencoded
response:
status:
code: 401
message: unauthorized
headers:
Date:
- Tue, 14 Mar 2023 11:09:01 GMT
Content-Type:
- text/plain
Transfer-Encoding:
- chunked
Connection:
- keep-alive
X-Request-Id:
- 83ba289fe76f4ed9a882a2a823be6d87
X-Runtime:
- '0.006584'
X-Powered-By:
- Phusion Passenger 5.0.30
Status:
- 401
Strict-Transport-Security:
- max-age=15724800; includeSubDomains
Set-Cookie:
- incap_ses_1559_941207=QCvHB5yXehqCVRkBiK6iFc1VEGQAAAAA7G/+9TvEcxaAWzmLbgQZBg==;
path=/; Domain=.coverity.com
- nlbi_941207=bJ7MAhEsdhG1ODi7vBlnAwAAAAA3GPUJcWfVnLBF6Cb2d22Z; path=/; Domain=.coverity.com
- visid_incap_941207=QJfhtfo9QgiltzVrch2GzcxVEGQAAAAAQUIPAAAAAAD7Vbp21tN9wMYyJIC789MH;
expires=Tue, 12 Mar 2024 15:15:25 GMT; HttpOnly; path=/; Domain=.coverity.com
X-Cdn:
- Imperva
X-Iinfo:
- 12-49168636-49168647 NNYN CT(229 230 0) RT(1678792140667 100) q(0 0 5 5) r(7
7) U24
body:
encoding: ASCII-8BIT
string: '{"message": "unauthorized"}'
recorded_at: Tue, 14 Mar 2023 11:09:02 GMT
recorded_with: VCR 6.0.0

59 changes: 59 additions & 0 deletions fixtures/vcr_cassettes/scan_projects_error.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
http_interactions:
- request:
method: post
uri: http://vcrlocalhost.org:5008/api/projects.json
body:
encoding: US-ASCII
string: name=&repo_url=https%3A%2F%2Fgithub.com%2Frails%2Frails&user_id=d1224324214
headers:
Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept:
- "*/*"
User-Agent:
- Ruby
Host:
- vcrlocalhost.org:5008
Content-Type:
- application/x-www-form-urlencoded
response:
status:
code: 400
message: bad_request
headers:
Date:
- Tue, 14 Mar 2023 11:09:01 GMT
Content-Type:
- text/plain
Transfer-Encoding:
- chunked
Connection:
- keep-alive
X-Request-Id:
- 83ba289fe76f4ed9a882a2a823be6d87
X-Runtime:
- '0.006584'
X-Powered-By:
- Phusion Passenger 5.0.30
Status:
- 400
Strict-Transport-Security:
- max-age=15724800; includeSubDomains
Set-Cookie:
- incap_ses_1559_941207=QCvHB5yXehqCVRkBiK6iFc1VEGQAAAAA7G/+9TvEcxaAWzmLbgQZBg==;
path=/; Domain=.coverity.com
- nlbi_941207=bJ7MAhEsdhG1ODi7vBlnAwAAAAA3GPUJcWfVnLBF6Cb2d22Z; path=/; Domain=.coverity.com
- visid_incap_941207=QJfhtfo9QgiltzVrch2GzcxVEGQAAAAAQUIPAAAAAAD7Vbp21tN9wMYyJIC789MH;
expires=Tue, 12 Mar 2024 15:15:25 GMT; HttpOnly; path=/; Domain=.coverity.com
X-Cdn:
- Imperva
X-Iinfo:
- 12-49168636-49168647 NNYN CT(229 230 0) RT(1678792140667 100) q(0 0 5 5) r(7
7) U24
body:
encoding: ASCII-8BIT
string: '{"message": "Language cant be blank"}'
recorded_at: Tue, 14 Mar 2023 11:09:02 GMT
recorded_with: VCR 6.0.0

13 changes: 13 additions & 0 deletions test/controllers/api_v1_projects_controller_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -87,4 +87,17 @@ class Api::V1::ProjectsControllerTest < ActionController::TestCase
end
end
end

describe 'create_scan_project' do
it 'it create a scan project if not found' do
VCR.use_cassette('CreateProjectFromMatchURL, :record => :none') do
url = 'https://github.com/rails/rails'
project = create(:project, name: 'rails', description: 'Ruby on Rails', vanity_url: 'rails')
create(:enlistment, project: project, code_location_id: 1)
params = { id: project.vanity_url, JWT: @jwt, url: url, user_id: 'e1dc08285095f4ff99199c3436532768' }
get :create_scan_project, params: params, format: :json
assert_response 204
end
end
end
end
Loading

0 comments on commit b515410

Please sign in to comment.