Skip to content

Commit

Permalink
feat: pass oauth token to sast, if available
Browse files Browse the repository at this point in the history 
This allows SNYK_OAUTH_TOKEN support instead of just API Key.

Also passes proper authn scheme (token or bearer), as only sending
the API key is deprecated.

The Snyk Code backend has already been modified to accept the new
authn material.
  • Loading branch information
@DarrellMozingo
DarrellMozingo committed Jan 10, 2023
1 parent 61d8599 commit e966732
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 3 deletions.
4 changes: 2 additions & 2 deletions src/lib/plugins/sast/analysis.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import {
} from '@snyk/code-client';
import { ReportingDescriptor, Result } from 'sarif';
import { SEVERITY } from '../../snyk-test/legacy';
import { api } from '../../api-token';
import { getAuthHeader } from '../../api-token';
import config from '../../config';
import { spinner } from '../../spinner';
import { Options } from '../../types';
Expand Down Expand Up @@ -76,7 +76,7 @@ async function getCodeAnalysis(
});
}

const sessionToken = api() || '';
const sessionToken = getAuthHeader();

const severity = options.severityThreshold
? severityToAnalysisSeverity(options.severityThreshold)
Expand Down
28 changes: 27 additions & 1 deletion test/jest/unit/snyk-code/snyk-code-test.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ describe('Test snyk code', () => {
});

afterEach(() => {
delete process.env.SNYK_OAUTH_TOKEN;
jest.resetAllMocks();
});

Expand All @@ -87,6 +88,31 @@ describe('Test snyk code', () => {
);
});

it('should use oauth token for auth if provided', async () => {
const oauthToken = 'oauth-token'
process.env.SNYK_OAUTH_TOKEN = oauthToken;

const sastSettings = {
sastEnabled: true,
localCodeEngine: { url: '', allowCloudUpload: true, enabled: false },
};

const analyzeFoldersSpy = analyzeFoldersMock.mockResolvedValue(
sampleAnalyzeFoldersResponse,
);
await getCodeAnalysisAndParseResults(
'.',
{
path: '',
code: true,
},
sastSettings,
'test-id',
);

expect(analyzeFoldersSpy.mock.calls[0][0].connection.sessionToken).toEqual(`Bearer ${oauthToken}`);
});

it('should fail - when we do not support files', async () => {
const options: Options & TestOptions = {
path: '',
Expand Down Expand Up @@ -671,7 +697,7 @@ describe('Test snyk code', () => {

it('analyzeFolders should be called with the right arguments', async () => {
const baseURL = expect.any(String);
const sessionToken = expect.any(String);
const sessionToken = `token ${fakeApiKey}`;
const source = expect.any(String);
const severity = AnalysisSeverity.info;
const paths: string[] = ['.'];
Expand Down

0 comments on commit e966732

Please sign in to comment.