From 52871ca73f9e16cbb2185a2cfe33a69754f59b0e Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Wed, 15 Jun 2022 14:17:55 +0530 Subject: [PATCH 01/10] Added SpotBugs maven plugin. --- pom.xml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4fdc68ad..7aef0a28 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ jar Checkmarx AST Client - Checkmarx AST ClI SDK + Checkmarx AST CLI SDK https://www.checkmarx.com @@ -60,6 +60,24 @@ + + com.github.spotbugs + spotbugs-maven-plugin + 4.7.0.0 + + Max + High + true + false + + + + + check + + + + org.apache.maven.plugins maven-surefire-plugin From d2adbd77ce388f4c2b4f6fedfb2b1ed304e6efc5 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Wed, 15 Jun 2022 14:20:11 +0530 Subject: [PATCH 02/10] Fixed few violations identified by SpotBugs --- .../checkmarx/ast/results/result/Node.java | 21 +++++++++++-------- .../com/checkmarx/ast/wrapper/CxWrapper.java | 3 +-- .../com/checkmarx/ast/wrapper/Execution.java | 9 ++++---- 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/src/main/java/com/checkmarx/ast/results/result/Node.java b/src/main/java/com/checkmarx/ast/results/result/Node.java index d79fdc32..dd6fc121 100644 --- a/src/main/java/com/checkmarx/ast/results/result/Node.java +++ b/src/main/java/com/checkmarx/ast/results/result/Node.java @@ -9,7 +9,6 @@ import com.fasterxml.jackson.databind.type.TypeFactory; import lombok.Value; import org.apache.commons.lang3.StringUtils; - import java.io.IOException; import java.util.List; import java.util.Objects; @@ -103,14 +102,18 @@ public boolean equals(Object obj) { } Node node = (Node) obj; return line == node.line && - column == node.column && - length == node.length && - Objects.equals(name, node.name) && - Objects.equals(method, node.method) && - Objects.equals(domType, node.domType) && - Objects.equals(fileName, node.fileName) && - Objects.equals(fullName, node.fullName) && - Objects.equals(methodLine, node.methodLine); + column == node.column && + length == node.length && + Objects.equals(name, node.name) && + Objects.equals(method, node.method) && + Objects.equals(domType, node.domType) && + Objects.equals(fileName, node.fileName) && + Objects.equals(fullName, node.fullName) && + Objects.equals(methodLine, node.methodLine); } + @Override + public int hashCode() { + return id.hashCode(); + } } diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java index 14646281..383c4bfa 100644 --- a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java +++ b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java @@ -15,7 +15,6 @@ import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - import java.io.IOException; import java.nio.file.Files; import java.util.ArrayList; @@ -35,7 +34,7 @@ public class CxWrapper { @NonNull private final String executable; - public CxWrapper(@NonNull CxConfig cxConfig) + public CxWrapper(CxConfig cxConfig) throws CxConfig.InvalidCLIConfigException, IOException { this(cxConfig, LoggerFactory.getLogger(CxWrapper.class)); } diff --git a/src/main/java/com/checkmarx/ast/wrapper/Execution.java b/src/main/java/com/checkmarx/ast/wrapper/Execution.java index d0824eb6..abbd7a5b 100644 --- a/src/main/java/com/checkmarx/ast/wrapper/Execution.java +++ b/src/main/java/com/checkmarx/ast/wrapper/Execution.java @@ -1,7 +1,6 @@ package com.checkmarx.ast.wrapper; import org.slf4j.Logger; - import java.io.*; import java.net.URL; import java.nio.charset.StandardCharsets; @@ -83,7 +82,7 @@ static String executeCommand(List arguments, File outputFile = new File(directory, file); return new String(Files.readAllBytes(Paths.get(outputFile.getAbsolutePath())), - StandardCharsets.UTF_8); + StandardCharsets.UTF_8); } static String getTempBinary() throws IOException { @@ -98,7 +97,7 @@ static String getTempBinary() throws IOException { } File tempExecutable = new File(TEMP_DIR, fileName); if (!tempExecutable.exists() || !compareChecksum(resource.openStream(), - new FileInputStream(tempExecutable))) { + new FileInputStream(tempExecutable))) { copyURLToFile(resource, tempExecutable); } if (!tempExecutable.canExecute() && !tempExecutable.setExecutable(true)) { @@ -111,7 +110,7 @@ static String getTempBinary() throws IOException { private static BufferedReader getReader(Process process) { InputStream is = process.getInputStream(); - InputStreamReader isr = new InputStreamReader(is); + InputStreamReader isr = new InputStreamReader(is, StandardCharsets.UTF_8); return new BufferedReader(isr); } @@ -167,7 +166,7 @@ private static String md5(InputStream a) { while ((i = a.read(buf)) != -1) { md.update(buf, 0, i); } - md5 = new String(md.digest()); + md5 = new String(md.digest(), StandardCharsets.UTF_8); } catch (NoSuchAlgorithmException | IOException e) { // ignore } From 44c09d99e05a73abd29d733b48d944bb2163a2e1 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Wed, 15 Jun 2022 14:20:46 +0530 Subject: [PATCH 03/10] Added github action for running SpotBugs analysis. --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 237b2c2f..50544360 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,3 +32,8 @@ jobs: CX_SCAN_ID: ${{ secrets.CX_SCAN_ID }} CX_APIKEY: ${{ secrets.CX_APIKEY }} run: mvn -B test --file pom.xml + + - name: Run SpotBugs Analysis + uses: jwgmeligmeyling/spotbugs-github-action@master + with: + path: '**/spotbugsXml.xml' From 0239f6f656c40d5f3014dc839bb4340c66db4b2f Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Wed, 15 Jun 2022 22:52:41 +0530 Subject: [PATCH 04/10] Added mvn verify step to support SpotBugs --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 50544360..66ca9546 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,6 +33,9 @@ jobs: CX_APIKEY: ${{ secrets.CX_APIKEY }} run: mvn -B test --file pom.xml + - name: Build with Maven + run: mvn -B verify + - name: Run SpotBugs Analysis uses: jwgmeligmeyling/spotbugs-github-action@master with: From 3b64b7e6d48fc44c3fea2d8fdcb77f99c3fbea62 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Fri, 17 Jun 2022 18:15:09 +0530 Subject: [PATCH 05/10] Skipping the tests while running SpotBugs analysis. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 66ca9546..05788ffd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,7 +34,7 @@ jobs: run: mvn -B test --file pom.xml - name: Build with Maven - run: mvn -B verify + run: mvn -B verify -DskipTests - name: Run SpotBugs Analysis uses: jwgmeligmeyling/spotbugs-github-action@master From 735d010409398e29648c3df9d9adb96af8a4a680 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Mon, 20 Jun 2022 12:18:10 +0530 Subject: [PATCH 06/10] Added gpg credentials in the step to avoid gpg error. --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 05788ffd..db7ae235 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,8 @@ jobs: with: distribution: 'temurin' java-version: 8 + gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - name: Cache local Maven repository uses: actions/cache@v3 From 97059185323491fca0090aaff6d5d539b0dbe625 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Mon, 20 Jun 2022 12:26:09 +0530 Subject: [PATCH 07/10] Using java 11, keeping it consistent with other jobs. --- .github/workflows/ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index db7ae235..55146217 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,10 @@ jobs: uses: actions/setup-java@v3.3.0 with: distribution: 'temurin' - java-version: 8 + java-version: '11' + server-id: ossrh + server-username: ${{ secrets.OSSRH_USERNAME }} + server-password: ${{ secrets.OSSRH_TOKEN }} gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} From 0d54f7b6cf1231204327bc79a5fade83662c0cef Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Mon, 20 Jun 2022 12:38:48 +0530 Subject: [PATCH 08/10] Change the sequence of steps. --- .github/workflows/ci.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 55146217..41ae0804 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,15 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Set up JDK 8 + - name: Cache local Maven repository + uses: actions/cache@v3 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + + - name: Set up JDK 11 uses: actions/setup-java@v3.3.0 with: distribution: 'temurin' @@ -20,14 +28,6 @@ jobs: gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - - name: Cache local Maven repository - uses: actions/cache@v3 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Run tests with Maven env: CX_CLIENT_ID: ${{ secrets.CX_CLIENT_ID}} From 94474bd6e1fd4408252c89c695733cba7d8ab871 Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Mon, 20 Jun 2022 13:43:33 +0530 Subject: [PATCH 09/10] Specifying pom.xml in the build step --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 41ae0804..b349ff6a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,7 @@ jobs: run: mvn -B test --file pom.xml - name: Build with Maven - run: mvn -B verify -DskipTests + run: mvn -B verify -DskipTests --file pom.xml - name: Run SpotBugs Analysis uses: jwgmeligmeyling/spotbugs-github-action@master From e8a0b7b77fcba77318528e39a46c0cbbd308685e Mon Sep 17 00:00:00 2001 From: Mithilesh Pawar Date: Mon, 20 Jun 2022 14:04:35 +0530 Subject: [PATCH 10/10] Minor changes to github action config. --- .github/workflows/ci.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b349ff6a..8e4f825d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 + with: + token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - name: Cache local Maven repository uses: actions/cache@v3 @@ -23,12 +25,13 @@ jobs: distribution: 'temurin' java-version: '11' server-id: ossrh - server-username: ${{ secrets.OSSRH_USERNAME }} - server-password: ${{ secrets.OSSRH_TOKEN }} + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} - gpg-passphrase: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE - name: Run tests with Maven + run: mvn -B test --file pom.xml env: CX_CLIENT_ID: ${{ secrets.CX_CLIENT_ID}} CX_CLIENT_SECRET: ${{ secrets.CX_CLIENT_SECRET}} @@ -36,10 +39,14 @@ jobs: CX_TENANT: ${{ secrets.CX_TENANT }} CX_SCAN_ID: ${{ secrets.CX_SCAN_ID }} CX_APIKEY: ${{ secrets.CX_APIKEY }} - run: mvn -B test --file pom.xml + - name: Build with Maven run: mvn -B verify -DskipTests --file pom.xml + env: + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - name: Run SpotBugs Analysis uses: jwgmeligmeyling/spotbugs-github-action@master