feat: Check for snippet matching when upload source is specified. #52
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Black Duck Security ReportMerging #52 into master will not change security risk. |
ekerwin
approved these changes
Jul 15, 2019
| @@ -169,9 +171,23 @@ public BlackDuckSignatureScannerOptions createBlackDuckSignatureScannerOptions() | |||
|
|
|||
| final String userProvidedScannerInstallUrl = detectConfiguration.getProperty(DetectProperty.DETECT_BLACKDUCK_SIGNATURE_SCANNER_HOST_URL, PropertyAuthority.None); | |||
|
|
|||
| String snippetMatchingString = detectConfiguration.getProperty(DetectProperty.DETECT_BLACKDUCK_SIGNATURE_SCANNER_SNIPPET_MATCHING, PropertyAuthority.None).trim().toUpperCase(); | |||
There was a problem hiding this comment.
Sigh. This is fine but extremely unfortunate that the library doesn't do a better job of supporting this. I think what we'd want is something that validates the scanner configuration in the library so that detect could make use of that. Can you create a ticket to build that feature?
There was a problem hiding this comment.
I created a PR for doing the validation check on upload source and snippet matching.
blackducksoftware/blackduck-common#264
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Addresses IDETECT-1522 which complains that detect silently suppresses upload source if the snippet matching enum is not set. Now we throw an user friendly configuration error if snippet matching is not set but upload source is.