Skip to content

Feature/support folder credentials #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
marquestiago wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Feature/support folder credentials #111

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1d62db0
Support folder credentials
Nov 20, 2020
fc02eae
Add .DS_STORE to .gitignore
Nov 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ work/
.project
.classpath
.settings/

.DS_STORE
pom.xml.releaseBackup
release.properties
/.apt_generated/
Expand Down
5 changes: 5 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,11 @@
<artifactId>credentials</artifactId>
<version>2.3.0</version>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>cloudbees-folder</artifactId>
<version>6.12</version>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>structs</artifactId>
Expand Down
5 changes: 3 additions & 2 deletions src/main/java/org/jenkinsci/plugins/fodupload/ApiConnectionFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
*/
package org.jenkinsci.plugins.fodupload;

import hudson.model.Job;
import jenkins.model.GlobalConfiguration;
import org.jenkinsci.plugins.fodupload.FodApiConnection;
import org.jenkinsci.plugins.fodupload.models.AuthenticationModel;
Expand All @@ -36,7 +37,7 @@
public class ApiConnectionFactory {

@SuppressFBWarnings("NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE")
public static FodApiConnection createApiConnection(AuthenticationModel model) {
public static FodApiConnection createApiConnection(AuthenticationModel model, Job job) {
FodApiConnection apiConnection = null;
if (GlobalConfiguration.all() != null && GlobalConfiguration.all().get(FodGlobalDescriptor.class) != null) {
if (model.getOverrideGlobalConfig()) {
Expand All @@ -48,7 +49,7 @@ public static FodApiConnection createApiConnection(AuthenticationModel model) {
if (Utils.isNullOrEmpty(apiUrl))
throw new IllegalArgumentException("Api URL is null.");
apiConnection = new FodApiConnection(model.getTenantId() + "\\" + model.getUsername(),
Utils.retrieveSecretDecryptedValue(model.getPersonalAccessToken()),
Utils.retrieveSecretDecryptedValue(model.getPersonalAccessToken(), job.getParent()),
baseUrl,
apiUrl,
FodEnums.GrantType.PASSWORD,
Expand Down
20 changes: 10 additions & 10 deletions src/main/java/org/jenkinsci/plugins/fodupload/SharedPollingBuildStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
import java.io.PrintStream;
import java.net.URISyntaxException;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider;
import com.fortify.fod.parser.BsiToken;
import com.fortify.fod.parser.BsiTokenParser;

Expand All @@ -18,6 +18,7 @@
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.model.Job;
import hudson.model.Result;
import hudson.model.Run;
Expand Down Expand Up @@ -136,14 +137,14 @@ public static FormValidation doTestPersonalAccessTokenConnection(final String us
FodApiConnection testApi;
String baseUrl = GlobalConfiguration.all().get(FodGlobalDescriptor.class).getBaseUrl();
String apiUrl = GlobalConfiguration.all().get(FodGlobalDescriptor.class).getApiUrl();
String plainTextPersonalAccessToken = Utils.retrieveSecretDecryptedValue(personalAccessToken);
String plainTextPersonalAccessToken = Utils.retrieveSecretDecryptedValue(personalAccessToken, job.getParent());
if (Utils.isNullOrEmpty(baseUrl))
return FormValidation.error("Fortify on Demand URL is empty!");
if (Utils.isNullOrEmpty(apiUrl))
return FormValidation.error("Fortify on Demand API URL is empty!");
if (Utils.isNullOrEmpty(username))
return FormValidation.error("Username is empty!");
if (!Utils.isCredential(personalAccessToken))
if (!Utils.isCredential(personalAccessToken, job.getParent()))
return FormValidation.error("Personal Access Token is empty or needs to be resaved!");
if (Utils.isNullOrEmpty(tenantId))
return FormValidation.error("Tenant ID is null.");
Expand All @@ -164,14 +165,14 @@ public static ListBoxModel doFillPolicyFailureBuildResultPreferenceItems() {
@SuppressWarnings("unused")
public static ListBoxModel doFillStringCredentialsItems(@AncestorInPath Job job) {
job.checkPermission(Item.CONFIGURE);
ListBoxModel items = CredentialsProvider.listCredentials(
job.checkPermission(Item.CONFIGURE);
return FolderCredentialsProvider.listCredentials(
StringCredentials.class,
Jenkins.get(),
job.getParent(),
ACL.SYSTEM,
null,
null
);
return items;
);
}

@SuppressFBWarnings("NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE")
Expand All @@ -182,12 +183,11 @@ public void perform(Run<?, ?> run,

final PrintStream logger = taskListener.getLogger();


// check to see if sensitive fields are encrypte. If not halt scan and recommend encryption.
if(authModel != null)
{
if(authModel.getOverrideGlobalConfig() == true){
if(!Utils.isCredential(authModel.getPersonalAccessToken()))
if(!Utils.isCredential(authModel.getPersonalAccessToken(), run.getParent().getParent()))
{
run.setResult(Result.UNSTABLE);
logger.println("Credentials must be re-entered for security purposes. Please update on the global configuration and/or post-build actions and then save your updates");
Expand Down Expand Up @@ -239,7 +239,7 @@ public void perform(Run<?, ?> run,
return;
}

FodApiConnection apiConnection = ApiConnectionFactory.createApiConnection(getAuthModel());
FodApiConnection apiConnection = ApiConnectionFactory.createApiConnection(getAuthModel(), run.getParent());

try {

Expand Down
82 changes: 36 additions & 46 deletions src/main/java/org/jenkinsci/plugins/fodupload/SharedUploadBuildStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.text.Normalizer;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider;

import com.fortify.fod.parser.BsiToken;
import com.fortify.fod.parser.BsiTokenParser;

Expand All @@ -14,7 +14,6 @@
import org.jenkinsci.plugins.fodupload.models.FodEnums;
import org.jenkinsci.plugins.fodupload.models.JobModel;
import org.jenkinsci.plugins.fodupload.models.FodEnums.InProgressBuildResultType;
import org.jenkinsci.plugins.fodupload.models.FodEnums.InProgressScanActionType;
import org.jenkinsci.plugins.fodupload.models.response.StartScanResponse;
import org.jenkinsci.plugins.fodupload.models.response.StaticScanSetupResponse;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
Expand Down Expand Up @@ -86,8 +85,7 @@ public static FormValidation doCheckReleaseId(String releaseId, String bsiToken)
} catch (NumberFormatException ex) {
return FormValidation.error("Could not parse Release ID.");
}
}
else {
} else {
if (bsiToken != null && !bsiToken.isEmpty()) {
return FormValidation.ok();
}
Expand Down Expand Up @@ -128,14 +126,14 @@ public static FormValidation doTestPersonalAccessTokenConnection(final String us
FodApiConnection testApi;
String baseUrl = GlobalConfiguration.all().get(FodGlobalDescriptor.class).getBaseUrl();
String apiUrl = GlobalConfiguration.all().get(FodGlobalDescriptor.class).getApiUrl();
String plainTextPersonalAccessToken = Utils.retrieveSecretDecryptedValue(personalAccessToken);
String plainTextPersonalAccessToken = Utils.retrieveSecretDecryptedValue(personalAccessToken, job.getParent());
if (Utils.isNullOrEmpty(baseUrl))
return FormValidation.error("Fortify on Demand URL is empty!");
if (Utils.isNullOrEmpty(apiUrl))
return FormValidation.error("Fortify on Demand API URL is empty!");
if (Utils.isNullOrEmpty(username))
return FormValidation.error("Username is empty!");
if (!Utils.isCredential(personalAccessToken))
if (!Utils.isCredential(personalAccessToken, job.getParent()))
return FormValidation.error("Personal Access Token is empty!");
if (Utils.isNullOrEmpty(tenantId))
return FormValidation.error("Tenant ID is null.");
Expand Down Expand Up @@ -166,17 +164,16 @@ public static ListBoxModel doFillRemediationScanPreferenceTypeItems() {
@SuppressWarnings("unused")
public static ListBoxModel doFillStringCredentialsItems(@AncestorInPath Job job) {
job.checkPermission(Item.CONFIGURE);
ListBoxModel items = CredentialsProvider.listCredentials(
return FolderCredentialsProvider.listCredentials(
StringCredentials.class,
Jenkins.get(),
job.getParent(),
ACL.SYSTEM,
null,
null
);
);

return items;
}

@SuppressWarnings("unused")
public static ListBoxModel doFillInProgressScanActionTypeItems() {
ListBoxModel items = new ListBoxModel();
Expand All @@ -185,7 +182,7 @@ public static ListBoxModel doFillInProgressScanActionTypeItems() {
}
return items;
}

@SuppressWarnings("unused")
public static ListBoxModel doFillInProgressBuildResultTypeItems() {
ListBoxModel items = new ListBoxModel();
Expand Down Expand Up @@ -213,7 +210,7 @@ public boolean prebuild(AbstractBuild<?, ?> build, BuildListener listener) {
build.setResult(Result.FAILURE);
return false;
}

return true;
}

Expand All @@ -228,39 +225,30 @@ public void perform(Run<?, ?> build, FilePath workspace,
taskListener.set(listener);

// check to see if sensitive fields are encrypte. If not halt scan and recommend encryption.
if(authModel != null)
{
if(authModel.getOverrideGlobalConfig() == true){
if(!Utils.isCredential(authModel.getPersonalAccessToken()))
{
if (authModel != null) {
if (authModel.getOverrideGlobalConfig() == true) {
if (!Utils.isCredential(authModel.getPersonalAccessToken(), build.getParent().getParent())) {
build.setResult(Result.UNSTABLE);
logger.println("Credentials must be re-entered for security purposes. Please update on the global configuration and/or post-build actions and then save your updates.");
return ;
return;
}
}
else
{
if(GlobalConfiguration.all().get(FodGlobalDescriptor.class).getAuthTypeIsApiKey())
{
if(!Utils.isCredential(GlobalConfiguration.all().get(FodGlobalDescriptor.class).getOriginalClientSecret()))
{
} else {
if (GlobalConfiguration.all().get(FodGlobalDescriptor.class).getAuthTypeIsApiKey()) {
if (!Utils.isCredential(GlobalConfiguration.all().get(FodGlobalDescriptor.class).getOriginalClientSecret())) {
build.setResult(Result.UNSTABLE);
logger.println("Credentials must be re-entered for security purposes. Please update on the global configuration and/or post-build actions and then save your updates.");
return ;
return;
}
}
else
{
if(!Utils.isCredential(GlobalConfiguration.all().get(FodGlobalDescriptor.class).getOriginalPersonalAccessToken()) )
{
} else {
if (!Utils.isCredential(GlobalConfiguration.all().get(FodGlobalDescriptor.class).getOriginalPersonalAccessToken())) {
build.setResult(Result.UNSTABLE);
logger.println("Credentials must be re-entered for security purposes. Please update on the global configuration and/or post-build actions and then save your updates.");
return ;
}
return;
}
}
}
}

Result currentResult = build.getResult();
if (Result.FAILURE.equals(currentResult)
|| Result.ABORTED.equals(currentResult)
Expand All @@ -275,8 +263,8 @@ public void perform(Run<?, ?> build, FilePath workspace,
Integer releaseId = 0;
try {
releaseId = Integer.parseInt(model.getReleaseId());
} catch (NumberFormatException ex) {
}
catch (NumberFormatException ex) {}

if (releaseId == 0 && !model.loadBsiToken()) {
build.setResult(Result.FAILURE);
Expand All @@ -292,7 +280,7 @@ public void perform(Run<?, ?> build, FilePath workspace,
String technologyStack = null;
StaticScanSetupResponse staticScanSetup = null;

apiConnection = ApiConnectionFactory.createApiConnection(getAuthModel());
apiConnection = ApiConnectionFactory.createApiConnection(getAuthModel(), build.getParent());
if (apiConnection != null) {
apiConnection.authenticate();

Expand Down Expand Up @@ -354,11 +342,11 @@ public void perform(Run<?, ?> build, FilePath workspace,
* }
*/
if (scanResponse.isSuccessful()) {
if(scanResponse.isScanUploadAccepted()) {
if (scanResponse.isScanUploadAccepted()) {
logger.println("Scan Uploaded Successfully.");
setScanId(scanResponse.getScanId());
build.setResult(Result.SUCCESS);
if(!deleted) {
if (!deleted) {
logger.println("Unable to delete temporary zip file. Please manually delete file at location: " + payload.getAbsolutePath());
}
} else if (isWarningSettingEnabled) {
Expand Down Expand Up @@ -396,15 +384,17 @@ public void perform(Run<?, ?> build, FilePath workspace,

public AuthenticationModel getAuthModel() {
AuthenticationModel displayModel = new AuthenticationModel(authModel.getOverrideGlobalConfig(),
authModel.getUsername(),
authModel.getPersonalAccessToken(),
authModel.getTenantId() );
authModel.getUsername(),
authModel.getPersonalAccessToken(),
authModel.getTenantId());

return displayModel;
}

public JobModel setModel(JobModel newModel) { return model = newModel; }

public JobModel setModel(JobModel newModel) {
return model = newModel;
}

public AuthenticationModel setAuthModel(AuthenticationModel newAuthModel) {
return authModel = newAuthModel;
}
Expand Down
31 changes: 20 additions & 11 deletions src/main/java/org/jenkinsci/plugins/fodupload/Utils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package org.jenkinsci.plugins.fodupload;

import com.cloudbees.hudson.plugins.folder.properties.FolderCredentialsProvider;
import hudson.FilePath;
import hudson.model.ItemGroup;
import hudson.security.ACL;
import hudson.util.Secret;
import jenkins.model.Jenkins;
Expand All @@ -13,7 +15,6 @@
import java.util.regex.Pattern;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;

import org.jenkinsci.plugins.plaincredentials.StringCredentials;

Expand Down Expand Up @@ -146,26 +147,30 @@ public static boolean isEncrypted(String stringToEncrypt) {
}

public static boolean isCredential(String id) {
return isCredential(id, Jenkins.get());
}

public static boolean isCredential(String id, ItemGroup<?> group) {
StringCredentials s = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(
StringCredentials.class,
Jenkins.get(),
ACL.SYSTEM,
null,
null
FolderCredentialsProvider.lookupCredentials(
StringCredentials.class,
group,
ACL.SYSTEM,
null,
null
),
CredentialsMatchers.allOf(
CredentialsMatchers.withId(id)
CredentialsMatchers.withId(id)
)
);
return (s != null);
}

public static String retrieveSecretDecryptedValue(String id) {
public static String retrieveSecretDecryptedValue(String id, ItemGroup<?> group) {
StringCredentials s = CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(
FolderCredentialsProvider.lookupCredentials(
StringCredentials.class,
Jenkins.get(),
group,
ACL.SYSTEM,
null,
null
Expand All @@ -176,4 +181,8 @@ public static String retrieveSecretDecryptedValue(String id) {
);
return s != null ? decrypt(s.getSecret()) : id;
}

public static String retrieveSecretDecryptedValue(String id) {
return retrieveSecretDecryptedValue(id, Jenkins.get());
}
}