OTWO-6954 api for create scan project

.env.test

@@ -38,6 +38,8 @@ JWT_SECRET_API_KEY='116016cca2a9f3eed660a65a78ba88091a73b330'
 
 SUPPRESS_JASMINE_DEPRECATION = 1
 
+COVERITY_SCAN_URL = 'http://vcrlocalhost.org:5008'
+
 KB_API_AUTH_KEY = 'test'
 KB_AUTH_API = 'https://vcrlocalhost/auth'
 BDSA_VULNERABILITY_API = 'https://vcrlocalhost/bdsa/BDSA_ID'

app/controllers/api/v1/projects_controller.rb

@@ -6,6 +6,7 @@ class Api::V1::ProjectsController < ApplicationController
 
   skip_before_action :verify_authenticity_token
   before_action :authenticate_jwt
+  before_action :set_project_or_fail, only: [:create_scan_project]
 
   def create
     @project = build_project
@@ -18,6 +19,14 @@ def create
     end
   end
 
+  def create_scan_project
+    response = get_scan_api_data(params[:url], 'api/projects')
+    return unless response && response['scan_project_id']
+
+    CodeLocationScan.where(code_location_id: @project.enlistments.first.code_location_id,
+                           scan_project_id: response['scan_project_id']).first_or_create
+  end
+
   private
 
   def project_params
@@ -63,4 +72,13 @@ def code_location_branch(url)
     out, _err, _status = Open3.capture3("git ls-remote --symref #{url} HEAD | head -1 | awk '{print $2}'")
     out.strip.sub(/refs\/heads\//, '')
   end
+
+  def get_scan_api_data(url, path)
+    return unless @project
+
+    language = @project&.best_analysis&.main_language&.nice_name
+    data = { name: @project&.name, repo_url: url, user_id: params[:user_id],
+             language: scan_oh_language_mapping(language), vanity_url: @project.vanity_url }
+    ScanCoverityApi.save(path, data)
+  end
 end

app/helpers/projects_helper.rb

@@ -127,5 +127,15 @@ def project_activity_level(project)
   def project_description_size_breached?(project)
     project.description && project.description.size > 800
   end
+
+  def scan_oh_language_mapping(language)
+    case language
+    when 'C++', 'C/C++', 'C' then 'CXX'
+    when 'Java' then 'JAVA'
+    when 'C#' then 'CSHARP'
+    when 'JavaScript' then 'JAVASCRIPT'
+    when 'Ruby', 'Python', 'PHP' then 'OTHER'
+    end
+  end
 end
 # rubocop: enable Metrics/ModuleLength

app/lib/scan_coverity/scan_coverity_api.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+class ScanCoverityApi
+  URL = ENV['COVERITY_SCAN_URL']
+
+  class << self
+    def resource_uri(path = nil, _query = {})
+      URI("#{URL}/#{path}.json")
+    end
+
+    def get_response(path = nil, query = {})
+      uri = resource_uri(path, query)
+      response = Net::HTTP.get_response(uri)
+      handle_errors(response) { JSON.parse(response.body) }
+    end
+
+    def save(path = nil, query = {})
+      uri = resource_uri(path, query)
+      response = Net::HTTP.post_form(uri, query)
+      handle_errors(response) do
+        hsh = JSON.parse(response.body)
+        set_attributes_or_errors(response, hsh)
+      end
+    rescue JSON::ParserError
+      response.body
+    end
+
+    private
+
+    def handle_errors(response)
+      case response
+      when Net::HTTPServerError
+        raise ScanCoverityApiError, "#{response.message} => #{response.body}"
+      else
+        yield
+      end
+    end
+
+    def save_success?(response)
+      response.is_a?(Net::HTTPSuccess)
+    end
+
+    def set_errors(hsh)
+      @errors = hsh.key?('error') ? hsh['error'].with_indifferent_access : hsh
+      false
+    end
+
+    def set_attributes(hsh)
+      @attributes = hsh
+      hsh.each do |key, value|
+        instance_variable_set("@#{key}", value)
+      end
+    end
+
+    def set_attributes_or_errors(response, hsh)
+      save_success?(response) ? set_attributes(hsh) : set_errors(hsh)
+    end
+  end
+end

app/lib/scan_coverity/scan_coverity_api_error.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class ScanCoverityApiError < StandardError
+end

config/routes.rb

@@ -493,7 +493,11 @@
         post 'enlist'
       end
       resources :jwt, only: [:create]
-      resources :projects, only: [:create]
+      resources :projects, only: [:create] do
+        member do
+          post :create_scan_project
+        end
+      end
     end
   end
 

fixtures/vcr_cassettes/scan_projects.yml

@@ -0,0 +1,116 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://vcrlocalhost.org:5008/api/projects.json
+    body:
+      encoding: US-ASCII
+      string: name=Dummytestdata&repo_url=https%3A%2F%2Fgit.luolix.top%2Frails%2Frails&user_id=e1dc08285095f4ff99199c3436532768&language=JAVA
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Host:
+      - vcrlocalhost.org:5008
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 201
+      message: success
+    headers:
+      Date:
+      - Tue, 14 Mar 2023 11:09:01 GMT
+      Content-Type:
+      - text/plain
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      X-Request-Id:
+      - 83ba289fe76f4ed9a882a2a823be6d87
+      X-Runtime:
+      - '0.006584'
+      X-Powered-By:
+      - Phusion Passenger 5.0.30
+      Status:
+      - 201
+      Strict-Transport-Security:
+      - max-age=15724800; includeSubDomains
+      Set-Cookie:
+      - incap_ses_1559_941207=QCvHB5yXehqCVRkBiK6iFc1VEGQAAAAA7G/+9TvEcxaAWzmLbgQZBg==;
+        path=/; Domain=.coverity.com
+      - nlbi_941207=bJ7MAhEsdhG1ODi7vBlnAwAAAAA3GPUJcWfVnLBF6Cb2d22Z; path=/; Domain=.coverity.com
+      - visid_incap_941207=QJfhtfo9QgiltzVrch2GzcxVEGQAAAAAQUIPAAAAAAD7Vbp21tN9wMYyJIC789MH;
+        expires=Tue, 12 Mar 2024 15:15:25 GMT; HttpOnly; path=/; Domain=.coverity.com
+      X-Cdn:
+      - Imperva
+      X-Iinfo:
+      - 12-49168636-49168647 NNYN CT(229 230 0) RT(1678792140667 100) q(0 0 5 5) r(7
+        7) U24
+    body:
+      encoding: ASCII-8BIT
+      string: '{"scan_project_id": 1 }'
+  recorded_at: Tue, 14 Mar 2023 11:09:02 GMT
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://vcrlocalhost.org:5008/api/projects.json
+    body:
+      encoding: US-ASCII
+      string: name=&repo_url=https%3A%2F%2Fgit.luolix.top%2Frails%2Frails&user_id=d1224324214
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Host:
+      - vcrlocalhost.org:5008
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 401
+      message: unauthorized
+    headers:
+      Date:
+      - Tue, 14 Mar 2023 11:09:01 GMT
+      Content-Type:
+      - text/plain
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      X-Request-Id:
+      - 83ba289fe76f4ed9a882a2a823be6d87
+      X-Runtime:
+      - '0.006584'
+      X-Powered-By:
+      - Phusion Passenger 5.0.30
+      Status:
+      - 401
+      Strict-Transport-Security:
+      - max-age=15724800; includeSubDomains
+      Set-Cookie:
+      - incap_ses_1559_941207=QCvHB5yXehqCVRkBiK6iFc1VEGQAAAAA7G/+9TvEcxaAWzmLbgQZBg==;
+        path=/; Domain=.coverity.com
+      - nlbi_941207=bJ7MAhEsdhG1ODi7vBlnAwAAAAA3GPUJcWfVnLBF6Cb2d22Z; path=/; Domain=.coverity.com
+      - visid_incap_941207=QJfhtfo9QgiltzVrch2GzcxVEGQAAAAAQUIPAAAAAAD7Vbp21tN9wMYyJIC789MH;
+        expires=Tue, 12 Mar 2024 15:15:25 GMT; HttpOnly; path=/; Domain=.coverity.com
+      X-Cdn:
+      - Imperva
+      X-Iinfo:
+      - 12-49168636-49168647 NNYN CT(229 230 0) RT(1678792140667 100) q(0 0 5 5) r(7
+        7) U24
+    body:
+      encoding: ASCII-8BIT
+      string: '{"message": "unauthorized"}'
+  recorded_at: Tue, 14 Mar 2023 11:09:02 GMT
+recorded_with: VCR 6.0.0
+

fixtures/vcr_cassettes/scan_projects_error.yml

@@ -0,0 +1,59 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://vcrlocalhost.org:5008/api/projects.json
+    body:
+      encoding: US-ASCII
+      string: name=&repo_url=https%3A%2F%2Fgit.luolix.top%2Frails%2Frails&user_id=d1224324214
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Host:
+      - vcrlocalhost.org:5008
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 400
+      message: bad_request
+    headers:
+      Date:
+      - Tue, 14 Mar 2023 11:09:01 GMT
+      Content-Type:
+      - text/plain
+      Transfer-Encoding:
+      - chunked
+      Connection:
+      - keep-alive
+      X-Request-Id:
+      - 83ba289fe76f4ed9a882a2a823be6d87
+      X-Runtime:
+      - '0.006584'
+      X-Powered-By:
+      - Phusion Passenger 5.0.30
+      Status:
+      - 400
+      Strict-Transport-Security:
+      - max-age=15724800; includeSubDomains
+      Set-Cookie:
+      - incap_ses_1559_941207=QCvHB5yXehqCVRkBiK6iFc1VEGQAAAAA7G/+9TvEcxaAWzmLbgQZBg==;
+        path=/; Domain=.coverity.com
+      - nlbi_941207=bJ7MAhEsdhG1ODi7vBlnAwAAAAA3GPUJcWfVnLBF6Cb2d22Z; path=/; Domain=.coverity.com
+      - visid_incap_941207=QJfhtfo9QgiltzVrch2GzcxVEGQAAAAAQUIPAAAAAAD7Vbp21tN9wMYyJIC789MH;
+        expires=Tue, 12 Mar 2024 15:15:25 GMT; HttpOnly; path=/; Domain=.coverity.com
+      X-Cdn:
+      - Imperva
+      X-Iinfo:
+      - 12-49168636-49168647 NNYN CT(229 230 0) RT(1678792140667 100) q(0 0 5 5) r(7
+        7) U24
+    body:
+      encoding: ASCII-8BIT
+      string: '{"message": "Language cant be blank"}'
+  recorded_at: Tue, 14 Mar 2023 11:09:02 GMT
+recorded_with: VCR 6.0.0
+

test/controllers/api_v1_projects_controller_test.rb

@@ -87,4 +87,17 @@ class Api::V1::ProjectsControllerTest < ActionController::TestCase
       end
     end
   end
+
+  describe 'create_scan_project' do
+    it 'it create a scan project if not found' do
+      VCR.use_cassette('CreateProjectFromMatchURL, :record => :none') do
+        url = 'https://github.com/rails/rails'
+        project = create(:project, name: 'rails', description: 'Ruby on Rails', vanity_url: 'rails')
+        create(:enlistment, project: project, code_location_id: 1)
+        params = { id: project.vanity_url, JWT: @jwt, url: url, user_id: 'e1dc08285095f4ff99199c3436532768' }
+        post :create_scan_project, params: params, format: :json
+        assert_response 204
+      end
+    end
+  end
 end