From 0540fa997cfdb1f342c1d82ea1986793efa20c9a Mon Sep 17 00:00:00 2001 From: Dhruv Singhal Date: Wed, 19 Jun 2024 11:30:35 +0530 Subject: [PATCH] accepting password as secret and multi aarch support --- .../ast/TraceableASTGenerateReportAction.java | 7 ++++--- .../TraceableASTInitAndRunStepBuilder.java | 9 +++++---- .../ast/TraceableASTInitStepBuilder.java | 9 +++++---- .../ast/TraceableASTResultStepBuilder.java | 7 ++++--- .../ast/TraceableASTRunStepBuilder.java | 2 +- .../download_traceable_cli_binary.sh | 20 +++++++++++++------ 6 files changed, 33 insertions(+), 21 deletions(-) diff --git a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTGenerateReportAction.java b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTGenerateReportAction.java index b789704..b8de560 100644 --- a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTGenerateReportAction.java +++ b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTGenerateReportAction.java @@ -5,6 +5,7 @@ import com.google.common.io.Files; import hudson.model.Result; import hudson.model.Run; +import hudson.util.Secret; import java.io.*; import java.nio.charset.StandardCharsets; import java.nio.file.Path; @@ -24,7 +25,7 @@ public class TraceableASTGenerateReportAction implements RunAction2 { private transient Run run; private String traceableCliBinaryLocation; private String scanId; - private String clientToken; + private Secret clientToken; private String traceableRootCaFileName; private String traceableCliCertFileName; private String traceableCliKeyFileName; @@ -32,7 +33,7 @@ public class TraceableASTGenerateReportAction implements RunAction2 { public TraceableASTGenerateReportAction( String traceableCliBinaryLocation, String scanId, - String clientToken, + Secret clientToken, String traceableRootCaFileName, String traceableCliCertFileName, String traceableCliKeyFileName) { @@ -52,7 +53,7 @@ public void onAttached(Run r) { args = new String[] { traceableCliBinaryLocation, scanId, - clientToken, + clientToken.getPlainText(), traceableRootCaFileName, traceableCliCertFileName, traceableCliKeyFileName diff --git a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTInitAndRunStepBuilder.java b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTInitAndRunStepBuilder.java index 51b3aa5..10197e8 100644 --- a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTInitAndRunStepBuilder.java +++ b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTInitAndRunStepBuilder.java @@ -11,6 +11,7 @@ import hudson.model.TaskListener; import hudson.tasks.BuildStepDescriptor; import hudson.tasks.Builder; +import hudson.util.Secret; import io.jenkins.plugins.traceable.ast.scan.helper.Assets; import io.jenkins.plugins.traceable.ast.scan.helper.TrafficType; import java.io.*; @@ -27,7 +28,7 @@ public class TraceableASTInitAndRunStepBuilder extends Builder implements Simple private String scanName; private String testEnvironment; - private static String clientToken; + private static Secret clientToken; private String attackPolicy; private String openApiSpecIds; private String openApiSpecFiles; @@ -87,7 +88,7 @@ public String getTestEnvironment() { return testEnvironment; } - public static String getClientToken() { + public static Secret getClientToken() { return clientToken; } @@ -216,7 +217,7 @@ public void setTestEnvironment(String testEnvironment) { } @DataBoundSetter - public static void setClientToken(String clientToken) { + public static void setClientToken(Secret clientToken) { TraceableASTInitAndRunStepBuilder.clientToken = clientToken; } @@ -434,7 +435,7 @@ private void runAndInitScan(TaskListener listener, Run run) { traceableCliKeyFileName, scanName, testEnvironment, - clientToken, + clientToken.getPlainText(), attackPolicy, pluginsToInclude, includeUrlRegex, diff --git a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTInitStepBuilder.java b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTInitStepBuilder.java index ee09807..ca40023 100644 --- a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTInitStepBuilder.java +++ b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTInitStepBuilder.java @@ -11,6 +11,7 @@ import hudson.model.TaskListener; import hudson.tasks.BuildStepDescriptor; import hudson.tasks.Builder; +import hudson.util.Secret; import io.jenkins.plugins.traceable.ast.scan.helper.Assets; import io.jenkins.plugins.traceable.ast.scan.helper.TrafficType; import java.io.*; @@ -27,7 +28,7 @@ public class TraceableASTInitStepBuilder extends Builder implements SimpleBuildS private String scanName; private String testEnvironment; - private static String clientToken; + private static Secret clientToken; private String attackPolicy; private String openApiSpecIds; private String openApiSpecFiles; @@ -84,7 +85,7 @@ public String getTestEnvironment() { return testEnvironment; } - public static String getClientToken() { + public static Secret getClientToken() { return clientToken; } @@ -263,7 +264,7 @@ public void setTestEnvironment(String testEnvironment) { } @DataBoundSetter - public static void setClientToken(String clientToken) { + public static void setClientToken(Secret clientToken) { TraceableASTInitStepBuilder.clientToken = clientToken; } @@ -404,7 +405,7 @@ private void initScan(TaskListener listener, Run run) { traceableCliKeyFileName, scanName, testEnvironment, - clientToken, + clientToken.getPlainText(), attackPolicy, pluginsToInclude, includeUrlRegex, diff --git a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTResultStepBuilder.java b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTResultStepBuilder.java index 37a7bf8..ab922d3 100644 --- a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTResultStepBuilder.java +++ b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTResultStepBuilder.java @@ -9,23 +9,24 @@ import hudson.model.TaskListener; import hudson.tasks.BuildStepDescriptor; import hudson.tasks.Builder; +import hudson.util.Secret; import java.io.IOException; import jenkins.tasks.SimpleBuildStep; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.DataBoundSetter; public class TraceableASTResultStepBuilder extends Builder implements SimpleBuildStep { - private static String clientToken; + private static Secret clientToken; @DataBoundConstructor public TraceableASTResultStepBuilder() {} - public static String getClientToken() { + public static Secret getClientToken() { return clientToken; } @DataBoundSetter - public static void setClientToken(String clientToken) { + public static void setClientToken(Secret clientToken) { TraceableASTResultStepBuilder.clientToken = clientToken; } diff --git a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTRunStepBuilder.java b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTRunStepBuilder.java index c8920f6..a1f0918 100644 --- a/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTRunStepBuilder.java +++ b/src/main/java/io/jenkins/plugins/traceable/ast/TraceableASTRunStepBuilder.java @@ -70,7 +70,7 @@ private void runScan(TaskListener listener, Run run) { String scriptPath = "shell_scripts/run_ast_scan.sh"; String[] args = new String[] { TraceableASTInitStepBuilder.getTraceableCliBinaryLocation(), - TraceableASTInitStepBuilder.getClientToken(), + TraceableASTInitStepBuilder.getClientToken().getPlainText(), idleTimeout, maxRetries, TraceableASTInitStepBuilder.getTraceableRootCaFileName(), diff --git a/src/main/resources/io/jenkins/plugins/traceable/ast/shell_scripts/download_traceable_cli_binary.sh b/src/main/resources/io/jenkins/plugins/traceable/ast/shell_scripts/download_traceable_cli_binary.sh index e5640fb..cf4f287 100755 --- a/src/main/resources/io/jenkins/plugins/traceable/ast/shell_scripts/download_traceable_cli_binary.sh +++ b/src/main/resources/io/jenkins/plugins/traceable/ast/shell_scripts/download_traceable_cli_binary.sh @@ -6,15 +6,23 @@ export LANG=en_US.utf-8 cd ${1} version=${2} +os_name=$(uname -s) +if [[ "$os_name" == "Darwin" ]]; +then + arch="macosx-x86_64.tar.gz" +else + arch="linux-x86_64.tar.gz" +fi + if [[ "$version" = *"-rc."* ]] then - curl -OL https://downloads.traceable.ai/cli/rc/"${version}"/traceable-cli-"${version}"-linux-x86_64.tar.gz - tar -xvf ./traceable-cli-"${version}"-linux-x86_64.tar.gz + curl -OL https://downloads.traceable.ai/cli/rc/"${version}"/traceable-cli-"${version}"-"${arch}" + tar -xvf ./traceable-cli-"${version}"-"${arch}" elif [ "$version" = "latest" ] || [ -z "$version" ] || [ "$version" = "''" ] then - curl -OL https://downloads.traceable.ai/cli/release/latest/traceable-cli-latest-linux-x86_64.tar.gz - tar -xvf ./traceable-cli-latest-linux-x86_64.tar.gz + curl -OL https://downloads.traceable.ai/cli/release/latest/traceable-cli-latest-"${arch}" + tar -xvf ./traceable-cli-latest-"${arch}" else - curl -OL https://downloads.traceable.ai/cli/release/"${version}"/traceable-cli-"${version}"-linux-x86_64.tar.gz - tar -xvf ./traceable-cli-"${version}"-linux-x86_64.tar.gz + curl -OL https://downloads.traceable.ai/cli/release/"${version}"/traceable-cli-"${version}"-"${arch}" + tar -xvf ./traceable-cli-"${version}"-"${arch}" fi