Merge branch 'mercedes-benz:develop' into feature-345-summary-in-reports

.github/workflows/build+publish-all-pds-solutions.yml

@@ -20,10 +20,10 @@ jobs:
       pds-solution: checkmarx
       pds-version: ${{ inputs.pds-version }}
 
-  call_build_pds-cloc:
+  call_build_pds-loc:
     uses: mercedes-benz/sechub/.github/workflows/_build+publish-pds-solution.yml@develop
     with:
-      pds-solution: cloc
+      pds-solution: loc
       pds-version: ${{ inputs.pds-version }}
 
   # 2023-06-12: findsecuritybugs deactivated due to upstream fix is not yet released

gradle/projects.gradle

@@ -111,6 +111,8 @@ projectType = [
                     project(':sechub-doc'),
                     project(':sechub-other'),
                     project(':sechub-pds-solutions'),
+					project(':sechub-solution'),
+					project(':sechub-solutions-shared'),
             ],
 
             asciiDoctorProjects: [

sechub-integrationtest/build.gradle

@@ -96,13 +96,13 @@ task stopOldIntegrationTestPDS(dependsOn: configureIntegrationTestPDS){
 
 }
 
-/** Starts integraitontestserver
+/** Starts integrationtestserver
  *  If another integration test server runs, the script will terminate the other server automatically - will kill zombies.
  */
 task startIntegrationTestServer(dependsOn: stopOldIntegrationTestServer){
     group 'sechub'
 
-    description 'Starts an integration test server - if already a server is running we will wait until timout (10 minutes). ' +
+    description 'Starts an integration test server - if already a server is running we will wait until timeout (10 minutes). ' +
                 'When timeout build fails but "zombie server" will be stopped too!'
     doLast{
         def pathString = tempDirPath.toString();
@@ -111,7 +111,7 @@ task startIntegrationTestServer(dependsOn: stopOldIntegrationTestServer){
 
 }
 
-/** Starts integraitontestserver
+/** Starts integrationtestserver
  *  If another integration test server runs, the script will terminate the other server automatically - will kill zombies.
  */
 task startIntegrationTestPDS(dependsOn: stopOldIntegrationTestPDS){
@@ -213,11 +213,11 @@ class IntegrationTestScriptAccess extends CmdExecutor{
             executeScript("stop",workingDir,null,60,port,"")
        }
 
-       public void start(File workingDir, String useVersion,String port,String sharedVolumeBaseDir) throws Exception{
+       public void start(File workingDir, String useVersion, String port, String sharedVolumeBaseDir) throws Exception{
             executeScript("start",workingDir,useVersion,300,port, sharedVolumeBaseDir); /* max 5 minutes */
        }
 
-       private void executeScript(String command, File workingDir, String useVersion, int timeOutInSeconds,String port, String sharedVolumeBaseDir) throws Exception{
+       private void executeScript(String command, File workingDir, String useVersion, int timeOutInSeconds, String port, String sharedVolumeBaseDir) throws Exception{
           CmdExecutor exec = new CmdExecutor();
           exec.setTimeOutInSeconds(timeOutInSeconds);
 

sechub-integrationtest/integrationtest-pds.sh

@@ -165,21 +165,21 @@ function startServer(){
     export PDS_STORAGE_SHAREDVOLUME_UPLOAD_DIR="$SHARED_VOLUME_BASEDIR"
 
     pathToJar="../sechub-pds/build/libs/sechub-pds-$PDS_VERSION.jar"
-    if [ ! -f $pathToJar ]; then
+    if [ ! -f "$pathToJar" ]; then
         log ">> FAILURE: version not build:$PDS_VERSION, looked into $pathToJar"
         log ">> Found content inside library folder:"
         ls -al "../sechub-pds/build/libs/"
         exit 1
     fi
     pathToLog="$currentDir/integrationtest-pds.log"
-    if [ -f $pathToLog ]; then
+    if [ -f "$pathToLog" ]; then
         log ">> INFO: removing old logfile: $pathToLog"
-        rm $pathToLog
+        rm "$pathToLog"
     fi
     # Unset proxy so e.g. S3 access will be done without proxy
     export http_proxy=""
     export https_proxy=""
-    java -jar $pathToJar > $pathToLog 2>&1 &
+    java -jar "$pathToJar" > "$pathToLog" 2>&1 &
     log ">> INFO: Integration test PDS has been started"
     log "         logfiles can be found at: $pathToLog"
     log "         ... waiting for PDS to be up and running ..."

sechub-integrationtest/integrationtest-server.sh

@@ -170,21 +170,21 @@ function startServer(){
     export SECHUB_STORAGE_SHAREDVOLUME_UPLOAD_DIR="$SHARED_VOLUME_BASEDIR"
 
     pathToJar="../sechub-server/build/libs/sechub-server-$SERVER_VERSION.jar"
-    if [ ! -f $pathToJar ]; then
+    if [ ! -f "$pathToJar" ]; then
         log ">> FAILURE: version not build:$SERVER_VERSION, looked into $pathToJar"
         log ">> Found content inside library folder:"
         ls -al "../sechub-server/build/libs/"
         exit 1
     fi
     pathToLog="$currentDir/integrationtest-server.log"
-    if [ -f $pathToLog ]; then
+    if [ -f "$pathToLog" ]; then
         log ">> INFO: removing old logfile: $pathToLog"
-        rm $pathToLog
+        rm "$pathToLog"
     fi
     # Unset proxy so e.g. S3 access will be done without proxy
     export http_proxy=""
     export https_proxy=""
-    java -jar $pathToJar > $pathToLog 2>&1 &
+    java -jar "$pathToJar" > "$pathToLog" 2>&1 &
     log ">> INFO: Integration test server has been started"
     log "         logfiles can be found at: $pathToLog"
     log "         ... waiting for server to be up and running ..."

sechub-integrationtest/pds/product-scripts/integrationtest-analytics.sh

@@ -30,5 +30,5 @@ if [[ "$PDS_JOB_HAS_EXTRACTED_SOURCES" = "false" ]]; then
 fi
 
 ## Return a CLOC file as a result
-cp "./../sechub-integrationtest/src/test/resources/pds/analytics/cloc-output-1.json" $PDS_JOB_RESULT_FILE
+cp "./../sechub-integrationtest/src/test/resources/pds/analytics/cloc-output-1.json" "$PDS_JOB_RESULT_FILE"
 

sechub-integrationtest/pds/product-scripts/integrationtest-checkmarx.sh

@@ -40,7 +40,7 @@ source ./../sechub-pds-solutions/checkmarx/docker/scripts/checkmarx.sh
 # To check the re-compression works as expected, we can inspect the recompressed parts here after
 # the normal checkmarx.sh script has been called.
 TEST_RECOMPRESSED_ZIP_FILE_PATH="$PDS_JOB_EXTRACTED_SOURCES_FOLDER/../recompressed"
-cd $TEST_RECOMPRESSED_ZIP_FILE_PATH
+cd "$TEST_RECOMPRESSED_ZIP_FILE_PATH"
 unzip sourcecode.zip
 
 # There must be a data.txt file inside - we create a sha256 for this file now

sechub-integrationtest/pds/product-scripts/integrationtest-codescan-sarif.sh

@@ -23,4 +23,4 @@ echo "PDS SARIF integrationt test script starting..."
 
 dumpPDSVariables
 
-cp "$PDS_JOB_EXTRACTED_SOURCES_FOLDER/returned_sarif_result.json" $PDS_JOB_RESULT_FILE
+cp "$PDS_JOB_EXTRACTED_SOURCES_FOLDER/returned_sarif_result.json" "$PDS_JOB_RESULT_FILE"

sechub-integrationtest/pds/product-scripts/integrationtest-codescan.sh

@@ -54,22 +54,22 @@ fi
 # Handle extreaction
 #
 if [[ "$PDS_JOB_HAS_EXTRACTED_SOURCES" = "true" ]]; then
-   mergeFolderFilesRecursivelyIntoResultFile "sources", $PDS_JOB_EXTRACTED_SOURCES_FOLDER ${PDS_JOB_RESULT_FILE} $PDS_DEBUG_ENABLED
+   mergeFolderFilesRecursivelyIntoResultFile "sources", "$PDS_JOB_EXTRACTED_SOURCES_FOLDER" "${PDS_JOB_RESULT_FILE}" "$PDS_DEBUG_ENABLED"
 fi
 
 if [[ "$PDS_JOB_HAS_EXTRACTED_BINARIES" = "true" ]]; then
-   mergeFolderFilesRecursivelyIntoResultFile "binaries" $PDS_JOB_EXTRACTED_BINARIES_FOLDER ${PDS_JOB_RESULT_FILE} $PDS_DEBUG_ENABLED
+   mergeFolderFilesRecursivelyIntoResultFile "binaries" "$PDS_JOB_EXTRACTED_BINARIES_FOLDER" "${PDS_JOB_RESULT_FILE}" "$PDS_DEBUG_ENABLED"
 fi
 
 # Now we add a "header" so identifyable by importer + synthetic info object to check params
 if [[ ! -f "${PDS_JOB_RESULT_FILE}" ]]; then
-    touch ${PDS_JOB_RESULT_FILE}
+    touch "${PDS_JOB_RESULT_FILE}"
     echo "${PDS_JOB_RESULT_FILE} was missing - created empty file"
 fi
 
 echo "#PDS_INTTEST_PRODUCT_CODESCAN
 info:pds.test.key.variantname as PDS_TEST_KEY_VARIANTNAME=$PDS_TEST_KEY_VARIANTNAME,product1.level as PRODUCT1_LEVEL=$PRODUCT1_LEVEL
-$(cat ${PDS_JOB_RESULT_FILE})" > ${PDS_JOB_RESULT_FILE}
+$(cat ${PDS_JOB_RESULT_FILE})" > "${PDS_JOB_RESULT_FILE}"
 
 
 if [[ "$PDS_TEST_KEY_VARIANTNAME" = "f" ]]; then
@@ -127,11 +127,11 @@ if [[ "$PDS_TEST_KEY_VARIANTNAME" = "" ]]; then
 
     echo "After messages were created, I found this inside messages folder:"
     echo "----------------------------------------------------------------------------"
-    ls $PDS_JOB_USER_MESSAGES_FOLDER 
+    ls "$PDS_JOB_USER_MESSAGES_FOLDER" 
     echo "----------------------------------------------------------------------------"
 
     # For direct pds tests, we create a simple metadata.txt when executed:
-    echo "generated meta data for PDS job:$PDS_JOB_UUID" > $PDS_JOB_METADATA_FILE
+    echo "generated meta data for PDS job:$PDS_JOB_UUID" > "$PDS_JOB_METADATA_FILE"
     echo "> Meta data was written..."
     echo "> PDS_JOB_METADATA_FILE=$PDS_JOB_METADATA_FILE"
 

sechub-integrationtest/pds/product-scripts/integrationtest-licensescan.sh

@@ -7,4 +7,4 @@ echo "PDS License Scan integration test script starting..."
 
 dumpPDSVariables
 
-cp "$PDS_JOB_EXTRACTED_SOURCES_FOLDER/sample_spdx.json" $PDS_JOB_RESULT_FILE
+cp "$PDS_JOB_EXTRACTED_SOURCES_FOLDER/sample_spdx.json" "$PDS_JOB_RESULT_FILE"

sechub-integrationtest/pds/product-scripts/integrationtest-secretscan.sh

@@ -8,4 +8,4 @@ ls "$PDS_JOB_EXTRACTED_SOURCES_FOLDER/"
 
 dumpPDSVariables
 
-cp "$PDS_JOB_EXTRACTED_SOURCES_FOLDER/gitleaks_sample_sarif.json" $PDS_JOB_RESULT_FILE
+cp "$PDS_JOB_EXTRACTED_SOURCES_FOLDER/gitleaks_sample_sarif.json" "$PDS_JOB_RESULT_FILE"

sechub-integrationtest/pds/product-scripts/integrationtest-webscan-sarif.sh

@@ -17,7 +17,7 @@ echo "- current working directory: $(pwd)"
 
 if [[ "$PDS_TEST_KEY_VARIANTNAME" = "b" ]]; then
     # variant b is used in test executor profile 8
-    cp ./../sechub-integrationtest/src/test/resources/pds/webscan/webscan-result-variant-b.sarif.json $PDS_JOB_RESULT_FILE
+    cp ./../sechub-integrationtest/src/test/resources/pds/webscan/webscan-result-variant-b.sarif.json "$PDS_JOB_RESULT_FILE"
 else
   	errEcho "Unsupported variant: '$PDS_TEST_KEY_VARIANTNAME'. Must be implemented! Will exit now with failure."
   	exit 1

sechub-integrationtest/pds/product-scripts/integrationtest-webscan.sh

@@ -11,7 +11,7 @@ echo "PDS Web scan starting with variant: '$PDS_TEST_KEY_VARIANTNAME'"
 echo "#PDS_INTTEST_PRODUCT_WEBSCAN
 info:PDS_SCAN_TARGET_URL=$PDS_SCAN_TARGET_URL,PDS_TEST_KEY_VARIANTNAME=$PDS_TEST_KEY_VARIANTNAME,PRODUCT2_LEVEL=$PRODUCT2_LEVEL
 info:PDS_SCAN_CONFIGURATION=$PDS_SCAN_CONFIGURATION
-" > ${PDS_JOB_RESULT_FILE}
+" > "${PDS_JOB_RESULT_FILE}"
 
 dumpPDSVariables
 

sechub-integrationtest/pds/product-scripts/shared-functions.sh

@@ -2,15 +2,15 @@
 # SPDX-License-Identifier: MIT
 set -e
 SHARED_FUNCTIONS_DIR=$(dirname -- "$0");
-SHARED_DIR=$SHARED_FUNCTIONS_DIR/shared
+SHARED_DIR="$SHARED_FUNCTIONS_DIR/shared"
 
-source $SHARED_DIR/shared-constants.sh
-source $SHARED_DIR/shared-logging.sh
-source $SHARED_DIR/shared-events.sh
-source $SHARED_DIR/shared-test-variables.sh
-source $SHARED_DIR/shared-merging.sh
+source "$SHARED_DIR/shared-constants.sh"
+source "$SHARED_DIR/shared-logging.sh"
+source "$SHARED_DIR/shared-events.sh"
+source "$SHARED_DIR/shared-test-variables.sh"
+source "$SHARED_DIR/shared-merging.sh"
 
-source $SHARED_DIR/shared-messaging-referenced-in-documentation-as-example.sh
+source "$SHARED_DIR/shared-messaging-referenced-in-documentation-as-example.sh"
 # Usage:
 # 
 # ----

sechub-integrationtest/pds/product-scripts/test_integrationtest-checkmarx.sh

@@ -19,12 +19,12 @@ echo "\\-------------------------------------------------/"
 cd ..
 cd ..
 TEST_WORKING_DIR=$(pwd)
-TEST_WORKSPACE=$TEST_WORKING_DIR/build/sechub/test_integrationtest-checkmarx
+TEST_WORKSPACE="$TEST_WORKING_DIR/build/sechub/test_integrationtest-checkmarx"
 echo "- changed to work space:"
 echo "  $TEST_WORKSPACE"
 echo ""
 echo "- clean work space"
-rm $TEST_WORKSPACE -rf
+rm "$TEST_WORKSPACE" -rf
 echo ""
 echo "- start simulation of PDS call from SecHub by setting environment variables"
 # ---------------
@@ -33,11 +33,11 @@ echo "- start simulation of PDS call from SecHub by setting environment variable
 export SECHUB_JOB_UUID=665dc4e8-d2de-4d2f-a3a3-2b447630b229
 
 export PDS_JOB_UUID=125dc4e8-d2de-4d2f-a3a3-4c447630b228
-export PDS_JOB_USER_MESSAGES_FOLDER=$TEST_WORKSPACE/messages
-export PDS_JOB_RESULT_FILE=$TEST_WORKSPACE/output/result.txt
-export PDS_JOB_EXTRACTED_SOURCES_FOLDER=$TEST_WORKSPACE/extracted/sources
+export PDS_JOB_USER_MESSAGES_FOLDER="$TEST_WORKSPACE/messages"
+export PDS_JOB_RESULT_FILE="$TEST_WORKSPACE/output/result.txt"
+export PDS_JOB_EXTRACTED_SOURCES_FOLDER="$TEST_WORKSPACE/extracted/sources"
 export PDS_SCAN_CONFIGURATION="{\"projectId\" : \"project1\"}"
-export PDS_JOB_METADATA_FILE=$TEST_WORKSPACE/metadata.txt
+export PDS_JOB_METADATA_FILE="$TEST_WORKSPACE/metadata.txt"
 
 # ------------------------------
 # checkmarx specific
@@ -62,14 +62,14 @@ export SECHUB_ADAPTER_MOCK_SANITYCHECK_ENABLED=true
 echo "  Exported variables - DONE"
 echo ""
 echo "- simulate source upload inside $PDS_JOB_EXTRACTED_SOURCES_FOLDER by creating folder"
-mkdir $PDS_JOB_EXTRACTED_SOURCES_FOLDER -p
-touch $PDS_JOB_EXTRACTED_SOURCES_FOLDER/at-least-one-file.txt
+mkdir "$PDS_JOB_EXTRACTED_SOURCES_FOLDER" -p
+touch "$PDS_JOB_EXTRACTED_SOURCES_FOLDER/at-least-one-file.txt"
 echo ""
 echo "- start sourcing the integration test script"
 echo ""
 
 ## Simulate same situation as in PDS integration test:
-cd $TEST_WORKING_DIR
+cd "$TEST_WORKING_DIR"
 # Next line is same start path as done in integrationtest pds config file:
 ./../sechub-integrationtest/pds/product-scripts/integrationtest-checkmarx.sh
 

sechub-integrationtest/pds/product-scripts/test_integrationtest-codescan.sh

@@ -19,12 +19,12 @@ echo "\\-------------------------------------------------/"
 cd ..
 cd ..
 TEST_WORKING_DIR=$(pwd)
-TEST_WORKSPACE=$TEST_WORKING_DIR/build/sechub/test_integrationtest-codescan
+TEST_WORKSPACE="$TEST_WORKING_DIR/build/sechub/test_integrationtest-codescan"
 echo "- changed to working directory:"
 echo "  $TEST_WORKING_DIR"
 echo ""
 echo "- clean working directory"
-rm $TEST_WORKSPACE -rf
+rm "$TEST_WORKSPACE" -rf
 echo ""
 echo "- start simulation of PDS call from SecHub by setting environment variables"
 # ---------------
@@ -33,43 +33,43 @@ echo "- start simulation of PDS call from SecHub by setting environment variable
 export SECHUB_JOB_UUID=665dc4e8-d2de-4d2f-a3a3-2b447630b229
 
 export PDS_JOB_UUID=125dc4e8-d2de-4d2f-a3a3-4c447630b228
-export PDS_JOB_USER_MESSAGES_FOLDER=$TEST_WORKSPACE/messages
-export PDS_JOB_RESULT_FILE=$TEST_WORKSPACE/output/result.txt
-export PDS_JOB_EXTRACTED_SOURCES_FOLDER=$TEST_WORKSPACE/extracted/sources
+export PDS_JOB_USER_MESSAGES_FOLDER="$TEST_WORKSPACE/messages"
+export PDS_JOB_RESULT_FILE="$TEST_WORKSPACE/output/result.txt"
+export PDS_JOB_EXTRACTED_SOURCES_FOLDER="$TEST_WORKSPACE/extracted/sources"
 export PDS_SCAN_CONFIGURATION="{\"projectId\" : \"project1\"}"
-export PDS_JOB_METADATA_FILE=$TEST_WORKSPACE/metadata.txt
+export PDS_JOB_METADATA_FILE="$TEST_WORKSPACE/metadata.txt"
 export PDS_TEST_KEY_VARIANTNAME=k
-export PDS_JOB_EVENTS_FOLDER=$TEST_WORKSPACE/events
+export PDS_JOB_EVENTS_FOLDER="$TEST_WORKSPACE/events"
 
 SIMULATE_CANCELREQUEST=false
 
 echo "  Exported variables - DONE"
 echo ""
 echo "  Create missing directories and files"
 echo "- create workspace output folder"
-mkdir $TEST_WORKSPACE/output/ -p
+mkdir "$TEST_WORKSPACE/output/" -p
 
 echo "- create workspace messages folder"
-mkdir $PDS_JOB_USER_MESSAGES_FOLDER -p
+mkdir "$PDS_JOB_USER_MESSAGES_FOLDER" -p
 
 echo "- create workspace events folder"
-mkdir $PDS_JOB_EVENTS_FOLDER -p
+mkdir "$PDS_JOB_EVENTS_FOLDER" -p
 
 
 if [[ "$SIMULATE_CANCELREQUEST" = "true" ]]; then
-	touch $PDS_JOB_EVENTS_FOLDER/cancel_requested.json
+	touch "$PDS_JOB_EVENTS_FOLDER/cancel_requested.json"
   	echo "- YES cancel event was simulated"
 else
   	echo "- NO cancel event was simulated"
 fi
 
 echo "- simulate source upload inside $PDS_JOB_EXTRACTED_SOURCES_FOLDER by creating folder"
-mkdir $PDS_JOB_EXTRACTED_SOURCES_FOLDER -p
-touch $PDS_JOB_EXTRACTED_SOURCES_FOLDER/at-least-one-file.txt
+mkdir "$PDS_JOB_EXTRACTED_SOURCES_FOLDER" -p
+touch "$PDS_JOB_EXTRACTED_SOURCES_FOLDER/at-least-one-file.txt"
 echo ""
 echo "- start sourcing the integration test script"
 echo ""
-cd $TEST_WORKING_DIR/
+cd "$TEST_WORKING_DIR/"
 echo "no inside directory: $(pwd)" 
 ./pds/product-scripts/integrationtest-codescan.sh