Spotbug issuefix 1

CHANGELOG.md

@@ -7,7 +7,8 @@
 
 **Important**: 
 The DAST Automated asssessment task is a technology preview. The following are known limitations:
-- Fortify on Demand Jenkins Plugin 8.0 supports up to Jenkins 2.346.1. Some UI components, including application and release fields, do not load in versions greater than 2.346.1.
+- Fortify on Demand Jenkins Plugin 8.0 supports up to Jenkins 2.401.x. Some UI components, including application and release fields, do not load in versions greater than 2.401.x.
+- (API scan) For some supported Jenkins versions, file and URL fields do not load.
 - (Website scan) Selection of **Enable redundant page detection** is not retained.
 - (Website scan) Excluded URLs are not applied in pipelines.
 

README.md

@@ -18,7 +18,8 @@ Usage instructions: https://www.microfocus.com/documentation/fortify-on-demand-j
 
 **Limitations**
 - The DAST Automated asssessment task is a technology preview. The following are known limitations:
-	- Fortify on Demand Jenkins Plugin 8.0 supports up to Jenkins 2.346.1. Some UI components, including application and release fields, do not load in versions greater than 2.346.1.
+	- Fortify on Demand Jenkins Plugin 8.0 supports up to Jenkins 2.401.x. Some UI components, including application and release fields, do not load in versions greater than 2.401.x.
+	- (API scan) For some supported Jenkins versions, file and URL fields do not load.
 	- (Website scan) Selection of **Enable redundant page detection** is not retained.
 	- (Website scan) Excluded URLs are not applied in pipelines.
-- The 2.0.9 (Obsolete) plugin version is slow to populate the pull down menu's in Redhat 7 machines.  Please wait a minute or two and the first field should populate.
+- The 2.0.9 (Obsolete) plugin version is slow to populate the pull down menu's in Redhat 7 machines.  Please wait a minute or two and the first field should populate.

pom.xml

@@ -1,12 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>plugin</artifactId>
         <version>4.46</version>
-        <relativePath />
+        <relativePath/>
     </parent>
 
     <artifactId>fortify-on-demand-uploader</artifactId>
@@ -213,6 +214,17 @@
                     </loggers>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>4.8.3.1</version>
+                <configuration>
+                    <effort>Max</effort>
+                    <threshold>Low</threshold>
+                    <failOnError>false</failOnError>
+                    <maxHeap>1024</maxHeap>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
 </project>

src/main/java/org/jenkinsci/plugins/fodupload/DastScanSharedBuildStep.java

@@ -30,6 +30,7 @@
 
 import static org.jenkinsci.plugins.fodupload.Utils.*;
 
+@SuppressFBWarnings({"EI_EXPOSE_REP", "UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"})
 public class DastScanSharedBuildStep {
     private final DastScanJobModel model;
     private final AuthenticationModel authModel;
@@ -122,7 +123,7 @@ public FodApiConnection getFodApiConnection() throws Exception {
         return this._fodApiConnection;
     }
 
-    public void SetFodApiConnection
+    public void setFodApiConnection
             (FodApiConnection apiConnection) {
         this._fodApiConnection = apiConnection;
     }
@@ -143,7 +144,7 @@ public AuthenticationModel getAuthModel() {
         return authModel;
     }
 
-    public List<String> ValidateAuthModel(boolean overrideGlobalAuth, String username, String tenantId, String personalAccessToken) throws FormValidation {
+    public List<String> validateAuthModel(boolean overrideGlobalAuth, String username, String tenantId, String personalAccessToken) throws FormValidation {
         List<String> errors = new ArrayList<>();
 
         if (overrideGlobalAuth && (Utils.isNullOrEmpty(username) || Utils.isNullOrEmpty(tenantId) || Utils.isNullOrEmpty(personalAccessToken))) {
@@ -153,7 +154,7 @@ public List<String> ValidateAuthModel(boolean overrideGlobalAuth, String usernam
         return errors;
     }
 
-    public List<String> ValidateForAutoProv() {
+    public List<String> validateForAutoProv() {
         List<String> errors = new ArrayList<>();
         //Check for mandate fields based on scan type.
         if (Utils.isNullOrEmpty(this.model.getSelectedScanType())) {
@@ -263,7 +264,7 @@ && isNullOrEmpty(this.model.getSelectedGraphQlUrl())) {
         return errors;
     }
 
-    public List<String> ValidateModel() {
+    public List<String> validateModel() {
 
         List<String> errors = new ArrayList<>();
 
@@ -382,7 +383,7 @@ && isNullOrEmpty(this.model.getSelectedGraphQlUrl())) {
         return errors;
     }
 
-    public void SaveReleaseSettingsForWebSiteScan(String userSelectedRelease, String assessmentTypeID,
+    public void saveReleaseSettingsForWebSiteScan(String userSelectedRelease, String assessmentTypeID,
                                                   String entitlementId, String entitlementFreq, String loginMacroId,
                                                   String timeZone, String scanPolicy, String webSiteAssessmentUrl,
                                                   boolean scanScope,
@@ -472,7 +473,7 @@ public void SaveReleaseSettingsForWebSiteScan(String userSelectedRelease, String
                 }
                 dynamicScanSetupReqModel.setExclusionsList(exclusionsLists);
             }
-            PutDastScanSetupResponse response = dynamicController.SaveDastWebSiteScanSettings(Integer.parseInt(userSelectedRelease),
+            PutDastScanSetupResponse response = dynamicController.saveDastWebSiteScanSettings(Integer.parseInt(userSelectedRelease),
                     dynamicScanSetupReqModel);
             if (response.isSuccess && response.errors == null) {
                 Utils.logger(_printStream, "Successfully saved settings for release id = " + userSelectedRelease);
@@ -491,7 +492,7 @@ public void SaveReleaseSettingsForWebSiteScan(String userSelectedRelease, String
     }
 
 
-    public void SaveReleaseSettingsForWorkflowDrivenScan(String userSelectedRelease, String assessmentTypeID,
+    public void saveReleaseSettingsForWorkflowDrivenScan(String userSelectedRelease, String assessmentTypeID,
                                                          String entitlementId, String entitlementFreq, String workflowMacroId,
                                                          String workflowMacroHosts,
                                                          String timeZone, String scanPolicy,
@@ -545,7 +546,7 @@ public void SaveReleaseSettingsForWorkflowDrivenScan(String userSelectedRelease,
                 dastWorkflowScanSetupReqModel.setNetworkAuthenticationSettings(networkAuthentication);
             }
 
-            PutDastScanSetupResponse response = dynamicController.SaveDastWorkflowDrivenScanSettings(Integer.parseInt(userSelectedRelease),
+            PutDastScanSetupResponse response = dynamicController.saveDastWorkflowDrivenScanSettings(Integer.parseInt(userSelectedRelease),
                     dastWorkflowScanSetupReqModel);
 
             if (response.isSuccess && response.errors == null) {
@@ -561,7 +562,7 @@ public void SaveReleaseSettingsForWorkflowDrivenScan(String userSelectedRelease,
         }
     }
 
-    public PatchDastFileUploadResponse DastManifestFileUpload(String fileContent, String fileType, String filename) throws Exception {
+    public PatchDastFileUploadResponse dastManifestFileUpload(String fileContent, String fileType, String filename) throws Exception {
 
         DastScanController dastScanController = new DastScanController(getFodApiConnection(), null, Utils.createCorrelationId()
         );
@@ -593,11 +594,11 @@ public PatchDastFileUploadResponse DastManifestFileUpload(String fileContent, St
                 throw new IllegalArgumentException("Manifest upload file type is not set for the release: " + getModel().get_releaseId());
         }
         patchDastScanFileUploadReq.Content = fileContent.getBytes(CharEncoding.UTF_8);
-        return dastScanController.DastFileUpload(patchDastScanFileUploadReq);
+        return dastScanController.dastFileUpload(patchDastScanFileUploadReq);
     }
 
 
-    public PatchDastFileUploadResponse DastManifestFileUpload(FilePath workspace, String payLoadPath, PrintStream logger,
+    public PatchDastFileUploadResponse dastManifestFileUpload(FilePath workspace, String payLoadPath, PrintStream logger,
                                                               FodEnums.DastScanFileTypes fileType, FodApiConnection apiConnection) throws Exception {
 
         FilePath dastPayload = new FilePath(workspace, payLoadPath);
@@ -609,7 +610,7 @@ public PatchDastFileUploadResponse DastManifestFileUpload(FilePath workspace, St
         PatchDastScanFileUploadReq patchDastScanFileUploadReq = new PatchDastScanFileUploadReq();
         patchDastScanFileUploadReq.releaseId = getModel().get_releaseId();
         patchDastScanFileUploadReq.dastFileType = fileType;
-        return dastScanController.DastFileUpload(dastPayload, logger, patchDastScanFileUploadReq);
+        return dastScanController.dastFileUpload(dastPayload, logger, patchDastScanFileUploadReq);
     }
 
     public void saveReleaseSettingsForOpenApiScan(String userSelectedRelease, String assessmentTypeID,
@@ -678,7 +679,7 @@ public void saveReleaseSettingsForOpenApiScan(String userSelectedRelease, String
         }
     }
 
-    public void SaveReleaseSettingsForGraphQlScan(String userSelectedRelease, String assessmentTypeID,
+    public void saveReleaseSettingsForGraphQlScan(String userSelectedRelease, String assessmentTypeID,
                                                   String entitlementId, String entitlementFreq,
                                                   String timeZone,
                                                   boolean allowSameHostRedirect,
@@ -738,7 +739,7 @@ public void SaveReleaseSettingsForGraphQlScan(String userSelectedRelease, String
         }
     }
 
-    public void SaveReleaseSettingsForGrpcScan(String userSelectedRelease, String assessmentTypeID,
+    public void saveReleaseSettingsForGrpcScan(String userSelectedRelease, String assessmentTypeID,
                                                String entitlementId, String entitlementFreq,
                                                String timeZone,
                                                String scanEnvironment,
@@ -805,7 +806,7 @@ public void SaveReleaseSettingsForGrpcScan(String userSelectedRelease, String as
         }
     }
 
-    public void SaveReleaseSettingsForPostmanScan(String userSelectedRelease, String assessmentTypeID,
+    public void saveReleaseSettingsForPostmanScan(String userSelectedRelease, String assessmentTypeID,
                                                   String entitlementId, String entitlementFreq,
                                                   String timeZone,
                                                   String scanEnvironment,
@@ -841,7 +842,7 @@ public void SaveReleaseSettingsForPostmanScan(String userSelectedRelease, String
                 throw new IllegalArgumentException(String.format("Postman Scan - one of the id is  not set for release Id={%s}"
                         , userSelectedRelease));
             } else {
-                dastPostmanScanSetupReqModel.setCollectionFileIds(ConvertStringToIntArr(postmanIdCollection));
+                dastPostmanScanSetupReqModel.setCollectionFileIds(convertStringToIntArr(postmanIdCollection));
             }
             if (!Utils.isNullOrEmpty(scanTimeBox))
                 dastPostmanScanSetupReqModel.setTimeBoxInHours(Integer.parseInt(scanTimeBox));
@@ -864,7 +865,7 @@ public void SaveReleaseSettingsForPostmanScan(String userSelectedRelease, String
     }
 
 
-    public int[] ConvertStringToIntArr(String fileIds) {
+    public int[] convertStringToIntArr(String fileIds) {
 
         String[] postmanIds = fileIds.split(",");
 
@@ -926,8 +927,8 @@ public void perform(Run<?, ?> build,
             if (apiConnection != null) {
 
                 DastScanController dynamicController = new DastScanController(apiConnection, logger, Utils.createCorrelationId());
-                PostDastStartScanResponse response = dynamicController.StartDastScan(releaseId);
-                if (response.errors == null && response.scanId > 0) {
+                PostDastStartScanResponse response = dynamicController.startDastScan(releaseId);
+                if (response.errors == null && response.scanId != null && response.scanId > 0) {
                     build.setResult(Result.SUCCESS);
                     Utils.logger(logger, String.format("Dynamic scan successfully triggered for scan Id %d ", response.scanId));
                     this.scanId = response.scanId;

src/main/java/org/jenkinsci/plugins/fodupload/FodApi/DastScanPayloadUpload.java

@@ -70,6 +70,7 @@ static PatchDastFileUploadResponse performUpload(FilePath payload, String releas
         }
         return patchDastFileUploadResponse;
     }
+
     private static String getLogTimestamp(DateTimeFormatter dateFormat) {
         return dateFormat.format(LocalDateTime.now());
     }
@@ -101,7 +102,7 @@ public PatchDastFileUploadResponse performUpload() throws IOException {
 }
 
 class DastScanPayloadUploadRemote extends MasterToSlaveCallable<PatchDastFileUploadResponse, IOException> implements DastScanPayloadUpload {
-
+    private static final long serialVersionUID = 1L;
     private final String _releaseId;
     private final String _correlationId;
     private final String _bearerToken;

src/main/java/org/jenkinsci/plugins/fodupload/FodApi/FodApiConnection.java

@@ -3,6 +3,7 @@
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.FilePath;
 import hudson.Launcher;
 import hudson.ProxyConfiguration;
@@ -48,6 +49,7 @@ public class FodApiConnection {
      * @param secret  apiConnection secret
      * @param baseUrl apiConnection baseUrl
      */
+    @SuppressFBWarnings("EI_EXPOSE_REP")
     public FodApiConnection(final String id, final String secret, final String baseUrl, final String apiUrl, final GrantType grantType, final String scope, boolean executeOnRemoteAgent, Launcher launcher, PrintStream logger) {
         this.id = id;
         this.secret = secret;

src/main/java/org/jenkinsci/plugins/fodupload/FodApi/HttpRequest.java

@@ -1,8 +1,11 @@
 package org.jenkinsci.plugins.fodupload.FodApi;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+
 import java.io.Serializable;
 import java.util.*;
 
+@SuppressFBWarnings("EI_EXPOSE_REP")
 public abstract class HttpRequest implements Serializable {
     private static final long serialVersionUID = 1L;
     private final String _url;