From e96673262a7c2b9a95cc6960b0c89ab964bfd840 Mon Sep 17 00:00:00 2001
From: Darrell Mozingo <darrell@mozingo.net>
Date: Mon, 7 Nov 2022 16:36:16 -0500
Subject: [PATCH] feat: pass oauth token to sast, if available

This allows SNYK_OAUTH_TOKEN support instead of just API Key.

Also passes proper authn scheme (token or bearer), as only sending
the API key is deprecated.

The Snyk Code backend has already been modified to accept the new
authn material.
---
 src/lib/plugins/sast/analysis.ts              |  4 +--
 .../unit/snyk-code/snyk-code-test.spec.ts     | 28 ++++++++++++++++++-
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/src/lib/plugins/sast/analysis.ts b/src/lib/plugins/sast/analysis.ts
index b623e671cbe..a1c169ed780 100644
--- a/src/lib/plugins/sast/analysis.ts
+++ b/src/lib/plugins/sast/analysis.ts
@@ -5,7 +5,7 @@ import {
 } from '@snyk/code-client';
 import { ReportingDescriptor, Result } from 'sarif';
 import { SEVERITY } from '../../snyk-test/legacy';
-import { api } from '../../api-token';
+import { getAuthHeader } from '../../api-token';
 import config from '../../config';
 import { spinner } from '../../spinner';
 import { Options } from '../../types';
@@ -76,7 +76,7 @@ async function getCodeAnalysis(
     });
   }
 
-  const sessionToken = api() || '';
+  const sessionToken = getAuthHeader();
 
   const severity = options.severityThreshold
     ? severityToAnalysisSeverity(options.severityThreshold)
diff --git a/test/jest/unit/snyk-code/snyk-code-test.spec.ts b/test/jest/unit/snyk-code/snyk-code-test.spec.ts
index e1ec50a15c7..1c3e8881d83 100644
--- a/test/jest/unit/snyk-code/snyk-code-test.spec.ts
+++ b/test/jest/unit/snyk-code/snyk-code-test.spec.ts
@@ -65,6 +65,7 @@ describe('Test snyk code', () => {
   });
 
   afterEach(() => {
+    delete process.env.SNYK_OAUTH_TOKEN;
     jest.resetAllMocks();
   });
 
@@ -87,6 +88,31 @@ describe('Test snyk code', () => {
     );
   });
 
+  it('should use oauth token for auth if provided', async () => {
+    const oauthToken = 'oauth-token'
+    process.env.SNYK_OAUTH_TOKEN = oauthToken;
+
+    const sastSettings = {
+      sastEnabled: true,
+      localCodeEngine: { url: '', allowCloudUpload: true, enabled: false },
+    };
+
+    const analyzeFoldersSpy = analyzeFoldersMock.mockResolvedValue(
+        sampleAnalyzeFoldersResponse,
+    );
+    await getCodeAnalysisAndParseResults(
+        '.',
+        {
+          path: '',
+          code: true,
+        },
+        sastSettings,
+        'test-id',
+    );
+
+    expect(analyzeFoldersSpy.mock.calls[0][0].connection.sessionToken).toEqual(`Bearer ${oauthToken}`);
+  });
+
   it('should fail - when we do not support files', async () => {
     const options: Options & TestOptions = {
       path: '',
@@ -671,7 +697,7 @@ describe('Test snyk code', () => {
 
   it('analyzeFolders should be called with the right arguments', async () => {
     const baseURL = expect.any(String);
-    const sessionToken = expect.any(String);
+    const sessionToken = `token ${fakeApiKey}`;
     const source = expect.any(String);
     const severity = AnalysisSeverity.info;
     const paths: string[] = ['.'];