From 79fcff574f043f45073e42ecc16913b0e9ccac54 Mon Sep 17 00:00:00 2001 From: Assaf Attias <49212512+attiasas@users.noreply.github.com> Date: Mon, 20 May 2024 17:07:53 +0300 Subject: [PATCH] Add Custom rules to SAST scan (#474) --- .github/workflows/frogbot-scan-and-fix.yml | 2 +- .../workflows/frogbot-scan-pull-request.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 4 ++-- package.json | 5 +++++ src/main/scanLogic/scanRunners/sastScan.ts | 3 +++ src/main/utils/configuration.ts | 21 ++++++++++++++++++- 7 files changed, 33 insertions(+), 6 deletions(-) diff --git a/.github/workflows/frogbot-scan-and-fix.yml b/.github/workflows/frogbot-scan-and-fix.yml index acbc95218..076423170 100644 --- a/.github/workflows/frogbot-scan-and-fix.yml +++ b/.github/workflows/frogbot-scan-and-fix.yml @@ -21,7 +21,7 @@ jobs: # Install prerequisites - name: Setup NodeJS - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: "16.x" diff --git a/.github/workflows/frogbot-scan-pull-request.yml b/.github/workflows/frogbot-scan-pull-request.yml index d2de15718..253b11976 100644 --- a/.github/workflows/frogbot-scan-pull-request.yml +++ b/.github/workflows/frogbot-scan-pull-request.yml @@ -18,7 +18,7 @@ jobs: # Install prerequisites - name: Setup NodeJS - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: "16.x" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3acde14da..11569c93b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: git config --global user.name "jfrog-ecosystem" git config --global user.email "eco-system@jfrog.com" - name: Setup NodeJS - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: "16" check-latest: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 56f7dfdfa..6776dcfd2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: with: python-version: "3.x" - name: Setup NodeJS - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: "16" check-latest: true @@ -58,7 +58,7 @@ jobs: run: curl -fL https://install-cli.jfrog.io | sh && jf -v - name: Setup NodeJS for tests - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node }} check-latest: true diff --git a/package.json b/package.json index 5d9f44fce..02bd2f435 100644 --- a/package.json +++ b/package.json @@ -85,6 +85,11 @@ "pattern": "^$|^\\d+\\.\\d+\\.\\d+$", "markdownDescription": "Specifies the JFrog Scanners version to use. (format X.X.X). By default the latest scanners version is used." }, + "jfrog.customRulesPath": { + "type": "string", + "scope": "resource", + "markdownDescription": "Absolute Path to a local custom rules file. The file should be in JSON format and contain the additional custom rules to be applied during the scan." + }, "jfrog.xray.exclusions": { "type": "string", "default": "**/*{.git,test,venv,node_modules,target}*", diff --git a/src/main/scanLogic/scanRunners/sastScan.ts b/src/main/scanLogic/scanRunners/sastScan.ts index f1ba6bc43..50c9c65c2 100644 --- a/src/main/scanLogic/scanRunners/sastScan.ts +++ b/src/main/scanLogic/scanRunners/sastScan.ts @@ -5,6 +5,7 @@ import { AnalyzerUtils } from '../../treeDataProviders/utils/analyzerUtils'; import { StepProgress } from '../../treeDataProviders/utils/stepProgress'; import { Severity } from '../../types/severity'; import { ScanResults } from '../../types/workspaceIssuesDetails'; +import { Configuration } from '../../utils/configuration'; import { AppsConfigModule } from '../../utils/jfrogAppsConfig/jfrogAppsConfig'; import { Translators } from '../../utils/translators'; import { AnalyzerManager } from './analyzerManager'; @@ -26,6 +27,7 @@ import { BinaryEnvParams, JasRunner, RunArgs } from './jasRunner'; */ export interface SastScanRequest extends AnalyzeScanRequest { language: LanguageType; + user_rules: string; exclude_patterns: string[]; excluded_rules: string[]; } @@ -92,6 +94,7 @@ export class SastRunner extends JasRunner { type: this._scanType, roots: this._config.GetSourceRoots(this._scanType), language: this._config.GetScanLanguage(), + user_rules: Configuration.getSastCustomRulesPath(this._logManager), excluded_rules: this._config.getExcludeRules(), exclude_patterns: this._config.GetExcludePatterns(this._scanType) } as SastScanRequest; diff --git a/src/main/utils/configuration.ts b/src/main/utils/configuration.ts index 2970c2f98..8db8dfc00 100644 --- a/src/main/utils/configuration.ts +++ b/src/main/utils/configuration.ts @@ -1,5 +1,6 @@ import * as vscode from 'vscode'; -import { LogLevel } from '../log/logManager'; +import * as fs from 'fs'; +import { LogLevel, LogManager } from '../log/logManager'; export class Configuration { public static jfrogSectionConfigurationKey: string = 'jfrog'; public static readonly JFROG_IDE_RELEASES_REPO_ENV: string = 'JFROG_IDE_RELEASES_REPO'; @@ -73,6 +74,24 @@ export class Configuration { return version; } + public static getSastCustomRulesPath(logManager?: LogManager): string { + let customRulesPath: string = vscode.workspace.getConfiguration(this.jfrogSectionConfigurationKey).get('customRulesPath', ''); + if (customRulesPath === '') { + return ''; + } + let fileExists: boolean = fs.existsSync(customRulesPath); + if (!fileExists) { + if (logManager) { + logManager.logMessage('Custom rules file not found: ' + customRulesPath, 'WARN'); + } + return ''; + } + if (logManager) { + logManager.logMessage('Using custom rules from: ' + customRulesPath, 'DEBUG'); + } + return customRulesPath; + } + /** * @returns the log level */