Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ASA-9201: Enable Secrets Scanning #174

Merged
merged 10 commits into from
Nov 14, 2024
3 changes: 3 additions & 0 deletions src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java
Original file line number Diff line number Diff line change
Expand Up @@ -352,6 +352,9 @@ private List<String> getClientArgs(Map<String, String> properties) {
args.add(properties.get(SCAN_SPEED));
}
}
if(properties.containsKey(SECRETS_DISABLED) || System.getProperty(SECRETS_DISABLED) != null) {
args.add(OPT_SECRETS_DISABLED);
}
if(properties.containsKey(SECRETS_ENABLED) || System.getProperty(SECRETS_ENABLED) != null) {
args.add(OPT_SECRETS_ENABLED);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ public interface SASTConstants {
String OPEN_SOURCE_ONLY = "openSourceOnly"; //$NON-NLS-1$
String SOURCE_CODE_ONLY = "sourceCodeOnly"; //$NON-NLS-1$
String SECRETS_ENABLED = "enableSecrets"; //$NON-NLS-1$
String SECRETS_DISABLED = "disableSecrets"; //$NON-NLS-1$
String SECRETS_ONLY = "secretsOnly"; //$NON-NLS-1$
String SCAN_SPEED = "scanSpeed"; //$NON-NLS-1$
String OPT_SCAN_SPEED = "-s"; //$NON-NLS-1$
Expand All @@ -56,6 +57,7 @@ public interface SASTConstants {
String OPT_SOURCE_CODE_ONLY = "-sco"; //$NON-NLS-1$
String OPT_STATIC_ANALYSIS_ONLY = "-sao"; //$NON-NLS-1$
String OPT_SECRETS_ENABLED = "-es"; //$NON-NLS-1$
String OPT_SECRETS_DISABLED = "-ds"; //$NON-NLS-1$
String OPT_SECRETS_ONLY = "-so"; //$NON-NLS-1$
String OPT_ACCEPTS_SSL = "-acceptssl"; //$NON-NLS-1$

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,8 @@ public class SASTScanManager implements IScanManager{
private boolean m_isOpenSourceOnlyEnabled = false;
private boolean m_isSourceCodeOnlyEnabled = false;
private boolean m_isStaticAnalysisOnlyEnabled = false;
private boolean m_isSecretsScanningEnabled = false;
private boolean m_isSecretsScanningDisabled = false;
private boolean m_isSecretsScanningEnabled = true;
private boolean m_isSecretsScanningOnlyEnabled = false;

public SASTScanManager(String workingDir) {
Expand Down Expand Up @@ -111,12 +112,22 @@ public void setIsThirdPartyScanningEnabled(boolean isThirdPartyScanningEnabled)
m_isThirdPartyScanningEnabled = isThirdPartyScanningEnabled;
}

/**
* Disables scanning for secrets.
* @param isSecretsScanningDisabled - True to skip scanning for secrets vulnerabilities.
*/
public void setIsSecretsScanningDisabled(boolean isSecretsScanningDisabled) {
m_isSecretsScanningDisabled = isSecretsScanningDisabled;
m_isSecretsScanningEnabled = !isSecretsScanningDisabled;
}

/**
* Enables scanning for secrets.
* @param isSecretsScanningEnabled - True to scan for secrets vulnerabilities.
*/
public void setIsSecretsScanningEnabled(boolean isSecretsScanningEnabled) {
m_isSecretsScanningEnabled = isSecretsScanningEnabled;
m_isSecretsScanningDisabled = !isSecretsScanningEnabled;
m_isSecretsScanningEnabled = isSecretsScanningEnabled;
}

/**
Expand Down Expand Up @@ -161,7 +172,7 @@ public void createConfig(boolean useRelativeTargetPaths) throws AppScanException
try {
ModelWriter writer = new XmlWriter(useRelativeTargetPaths);
writer.initWriters(new File(m_workingDirectory));
writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningEnabled, m_isSecretsScanningOnlyEnabled);
writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningDisabled, m_isSecretsScanningEnabled, m_isSecretsScanningOnlyEnabled);
writer.write();
} catch (IOException | TransformerException e) {
throw new AppScanException(e.getLocalizedMessage(), e);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ public interface IModelXMLConstants {
String A_SOURCE_CODE_ONLY = "sourceCodeOnly"; //$NON-NLS-1$
String A_STATIC_ANALYSIS_ONLY = "staticAnalysisOnly"; //$NON-NLS-1$
String A_SECRETS_ENABLED = "enableSecrets"; //$NON-NLS-1$
String A_SECRETS_DISABLED = "disableSecrets"; //$NON-NLS-1$
String A_SECRETS_ONLY = "secretsOnly"; //$NON-NLS-1$

//Java
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -120,5 +120,5 @@ private void initDocumentBuilder() throws ParserConfigurationException {

public abstract String getOutputLocation();

public abstract void visit(List<ISASTTarget> targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled);
public abstract void visit(List<ISASTTarget> targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled);
}
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ public void initWriters(File directory) throws IOException {

@Override
public void visit(List<ISASTTarget> targets, boolean isThirdPartyScanningEnabled,
boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled) {
boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled) {
m_config.beginElement(E_CONFIGURATION);

if (isThirdPartyScanningEnabled) {
Expand All @@ -70,7 +70,10 @@ public void visit(List<ISASTTarget> targets, boolean isThirdPartyScanningEnabled
if (isStaticAnalysisOnlyEnabled) {
m_config.setAttribute(A_STATIC_ANALYSIS_ONLY, "true");
}


if (isSecretsScanningDisabled) {
m_config.setAttribute(A_SECRETS_DISABLED, "true");
}
if (isSecretsScanningEnabled) {
m_config.setAttribute(A_SECRETS_ENABLED, "true");
}
Expand Down Expand Up @@ -122,6 +125,7 @@ public void write() throws TransformerException {
m_config.write(m_transformer);
}


/**
* Returns the location of the generated configuration file.
* @return The location of the generated configuration file.
Expand Down
Loading