-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3127 from mercedes-benz/feature-3028-prepare-modu…
…le-skopeo Added prepare module Skopeo for preparing docker images
- Loading branch information
Showing
34 changed files
with
1,699 additions
and
638 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
133 changes: 133 additions & 0 deletions
133
...src/main/java/com/mercedesbenz/sechub/wrapper/prepare/modules/AbstractInputValidator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
package com.mercedesbenz.sechub.wrapper.prepare.modules; | ||
|
||
import static com.mercedesbenz.sechub.wrapper.prepare.modules.InputValidatorExitcode.*; | ||
|
||
import java.util.Arrays; | ||
import java.util.Collections; | ||
import java.util.List; | ||
import java.util.regex.Pattern; | ||
|
||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
import com.mercedesbenz.sechub.commons.model.*; | ||
import com.mercedesbenz.sechub.wrapper.prepare.prepare.PrepareWrapperContext; | ||
|
||
public class AbstractInputValidator implements InputValidator { | ||
|
||
private static final Logger LOG = LoggerFactory.getLogger(AbstractInputValidator.class); | ||
private final String TYPE; | ||
private final Pattern LOCATION_PATTERN; | ||
private final Pattern USERNAME_PATTERN; | ||
private final Pattern PASSWORD_PATTERN; | ||
private final List<String> forbiddenCharacters = Collections | ||
.unmodifiableList(Arrays.asList(">", "<", "!", "?", "*", "'", "\"", ";", "&", "|", "`", "$", "{", "}")); | ||
|
||
public AbstractInputValidator(String type, Pattern locationPattern, Pattern usernamePattern, Pattern passwordPattern) { | ||
assertPatternNotNull(locationPattern); | ||
assertPatternNotNull(usernamePattern); | ||
assertPatternNotNull(passwordPattern); | ||
if (isTypeNullOrEmpty(type)) { | ||
throw new IllegalArgumentException("Type must not be null or empty."); | ||
} | ||
|
||
this.TYPE = type; | ||
this.LOCATION_PATTERN = locationPattern; | ||
this.USERNAME_PATTERN = usernamePattern; | ||
this.PASSWORD_PATTERN = passwordPattern; | ||
} | ||
|
||
public void validate(PrepareWrapperContext context) throws PrepareWrapperInputValidatorException { | ||
validateModule(context); | ||
validateCredentials(context); | ||
} | ||
|
||
private void validateModule(PrepareWrapperContext context) throws PrepareWrapperInputValidatorException { | ||
SecHubRemoteDataConfiguration secHubRemoteDataConfiguration = context.getRemoteDataConfiguration(); | ||
String location = secHubRemoteDataConfiguration.getLocation(); | ||
String type = secHubRemoteDataConfiguration.getType(); | ||
|
||
if (isTypeNullOrEmpty(type)) { | ||
LOG.debug("No type defined. Location is: {}", location); | ||
validateLocation(location); | ||
return; | ||
} else if (isMatchingType(type)) { | ||
LOG.debug("Type is matching type {}. Location is: {}", TYPE, location); | ||
validateLocation(location); | ||
return; | ||
} | ||
throw new PrepareWrapperInputValidatorException("Defined type " + type + " was not modules type " + TYPE + ".", TYPE_NOT_MATCHING_PATTERN); | ||
} | ||
|
||
private void validateCredentials(PrepareWrapperContext context) throws PrepareWrapperInputValidatorException { | ||
SecHubRemoteDataConfiguration secHubRemoteDataConfiguration = context.getRemoteDataConfiguration(); | ||
|
||
if (secHubRemoteDataConfiguration.getCredentials().isPresent()) { | ||
SecHubRemoteCredentialConfiguration remoteCredentialConfiguration = secHubRemoteDataConfiguration.getCredentials().get(); | ||
if (remoteCredentialConfiguration.getUser().isPresent()) { | ||
SecHubRemoteCredentialUserData user = remoteCredentialConfiguration.getUser().get(); | ||
validateUsername(user.getName()); | ||
validatePassword(user.getPassword()); | ||
return; | ||
} | ||
// credentials object was empty | ||
throw new IllegalStateException("Defined credentials must contain credential user and can not be empty."); | ||
} | ||
} | ||
|
||
public void validateUsername(String username) throws PrepareWrapperInputValidatorException { | ||
if (username == null || username.isBlank()) { | ||
throw new IllegalStateException("Defined username must not be null or empty. Username is required for login."); | ||
} | ||
|
||
if (!USERNAME_PATTERN.matcher(username).matches()) { | ||
throw new PrepareWrapperInputValidatorException("Defined username must match the " + TYPE + " pattern.", CREDENTIALS_USERNAME_NOT_MATCHING_PATTERN); | ||
} | ||
} | ||
|
||
public void validatePassword(String password) throws PrepareWrapperInputValidatorException { | ||
if (password == null || password.isBlank()) { | ||
throw new IllegalStateException("Defined password must not be null or empty. Password is required for login."); | ||
} | ||
|
||
if (!PASSWORD_PATTERN.matcher(password).matches()) { | ||
throw new PrepareWrapperInputValidatorException("Defined password must match the " + TYPE + " Api token pattern.", | ||
CREDENTIALS_PASSWORD_NOT_MATCHING_PATTERN); | ||
} | ||
} | ||
|
||
public void validateLocation(String location) throws PrepareWrapperInputValidatorException { | ||
if (location == null || location.isBlank()) { | ||
throw new IllegalStateException("Defined location must not be null or empty. Location is required for download remote data."); | ||
} | ||
validateLocationCharacters(location); | ||
if (!LOCATION_PATTERN.matcher(location).matches()) { | ||
throw new PrepareWrapperInputValidatorException("Defined location must match the " + TYPE + " pattern.", LOCATION_NOT_MATCHING_PATTERN); | ||
} | ||
} | ||
|
||
private boolean isTypeNullOrEmpty(String type) { | ||
return type == null || type.isEmpty(); | ||
} | ||
|
||
private boolean isMatchingType(String type) { | ||
return TYPE.equalsIgnoreCase(type); | ||
} | ||
|
||
private void validateLocationCharacters(String url) { | ||
if (url.contains(" ")) { | ||
throw new IllegalArgumentException("Defined location URL must not contain whitespaces."); | ||
} | ||
for (String forbiddenCharacter : forbiddenCharacters) { | ||
if (url.contains(forbiddenCharacter)) { | ||
throw new IllegalArgumentException("Defined location URL must not contain forbidden characters: " + forbiddenCharacter); | ||
} | ||
} | ||
} | ||
|
||
private void assertPatternNotNull(Pattern pattern) { | ||
if (pattern == null) { | ||
throw new IllegalArgumentException("Pattern must not be null."); | ||
} | ||
} | ||
} |
62 changes: 0 additions & 62 deletions
62
...pare/src/main/java/com/mercedesbenz/sechub/wrapper/prepare/modules/GitInputValidator.java
This file was deleted.
Oops, something went wrong.
12 changes: 2 additions & 10 deletions
12
...prepare/src/main/java/com/mercedesbenz/sechub/wrapper/prepare/modules/InputValidator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,7 @@ | ||
package com.mercedesbenz.sechub.wrapper.prepare.modules; | ||
|
||
import java.util.List; | ||
import com.mercedesbenz.sechub.wrapper.prepare.prepare.PrepareWrapperContext; | ||
|
||
public interface InputValidator { | ||
|
||
boolean validateLocation(String location); | ||
|
||
void validateUsername(String username); | ||
|
||
void validatePassword(String password); | ||
|
||
void validateLocationCharacters(String url, List<String> forbiddenCharacters); | ||
|
||
void validate(PrepareWrapperContext context) throws PrepareWrapperInputValidatorException; | ||
} |
22 changes: 22 additions & 0 deletions
22
...src/main/java/com/mercedesbenz/sechub/wrapper/prepare/modules/InputValidatorExitcode.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
package com.mercedesbenz.sechub.wrapper.prepare.modules; | ||
|
||
public enum InputValidatorExitcode { | ||
|
||
LOCATION_NOT_MATCHING_PATTERN(1), | ||
|
||
CREDENTIALS_USERNAME_NOT_MATCHING_PATTERN(2), | ||
|
||
CREDENTIALS_PASSWORD_NOT_MATCHING_PATTERN(3), | ||
|
||
TYPE_NOT_MATCHING_PATTERN(4); | ||
|
||
private int exitCode; | ||
|
||
private InputValidatorExitcode(int exitCode) { | ||
this.exitCode = exitCode; | ||
} | ||
|
||
public int getExitCode() { | ||
return exitCode; | ||
} | ||
} |
20 changes: 20 additions & 0 deletions
20
...om/mercedesbenz/sechub/wrapper/prepare/modules/PrepareWrapperInputValidatorException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package com.mercedesbenz.sechub.wrapper.prepare.modules; | ||
|
||
public class PrepareWrapperInputValidatorException extends Exception { | ||
private static final long serialVersionUID = 1L; | ||
|
||
private InputValidatorExitcode exitCode; | ||
|
||
public PrepareWrapperInputValidatorException(String message, InputValidatorExitcode exitCode) { | ||
this(message, null, exitCode); | ||
} | ||
|
||
public PrepareWrapperInputValidatorException(String message, Exception e, InputValidatorExitcode exitCode) { | ||
super(message, e); | ||
this.exitCode = exitCode; | ||
} | ||
|
||
public InputValidatorExitcode getExitCode() { | ||
return exitCode; | ||
} | ||
} |
18 changes: 15 additions & 3 deletions
18
...e/src/main/java/com/mercedesbenz/sechub/wrapper/prepare/modules/PrepareWrapperModule.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,29 @@ | ||
// SPDX-License-Identifier: MIT | ||
package com.mercedesbenz.sechub.wrapper.prepare.modules; | ||
|
||
import static com.mercedesbenz.sechub.wrapper.prepare.cli.PrepareWrapperEnvironmentVariables.PDS_PREPARE_CREDENTIAL_PASSWORD; | ||
import static com.mercedesbenz.sechub.wrapper.prepare.cli.PrepareWrapperEnvironmentVariables.PDS_PREPARE_CREDENTIAL_USERNAME; | ||
|
||
import java.io.IOException; | ||
import java.util.HashMap; | ||
|
||
import javax.crypto.SealedObject; | ||
|
||
import org.springframework.stereotype.Service; | ||
|
||
import com.mercedesbenz.sechub.commons.core.security.CryptoAccess; | ||
import com.mercedesbenz.sechub.commons.model.SecHubRemoteCredentialUserData; | ||
import com.mercedesbenz.sechub.wrapper.prepare.prepare.PrepareWrapperContext; | ||
|
||
@Service | ||
public interface PrepareWrapperModule { | ||
|
||
boolean isAbleToPrepare(PrepareWrapperContext context); | ||
|
||
void prepare(PrepareWrapperContext context) throws IOException; | ||
boolean prepare(PrepareWrapperContext context) throws IOException; | ||
|
||
default void addSealedUserCredentials(SecHubRemoteCredentialUserData user, HashMap<String, SealedObject> credentialMap) { | ||
SealedObject sealedUsername = CryptoAccess.CRYPTO_STRING.seal(user.getName()); | ||
SealedObject sealedPassword = CryptoAccess.CRYPTO_STRING.seal(user.getPassword()); | ||
credentialMap.put(PDS_PREPARE_CREDENTIAL_USERNAME, sealedUsername); | ||
credentialMap.put(PDS_PREPARE_CREDENTIAL_PASSWORD, sealedPassword); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 3 additions & 1 deletion
4
...b/wrapper/prepare/modules/GitContext.java → ...apper/prepare/modules/git/GitContext.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.