From 2f43dd7c5f0d5237ec070bea5ad07860993b7a6f Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Thu, 22 Aug 2024 14:57:45 -0400 Subject: [PATCH 01/10] changes to default secret scanning to true --- .../com/hcl/appscan/sdk/scanners/sast/SAClient.java | 4 ++-- .../hcl/appscan/sdk/scanners/sast/SASTConstants.java | 2 ++ .../appscan/sdk/scanners/sast/SASTScanManager.java | 12 ++++++------ .../sdk/scanners/sast/xml/IModelXMLConstants.java | 1 + .../appscan/sdk/scanners/sast/xml/ModelWriter.java | 2 +- .../hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java | 6 +++--- 6 files changed, 15 insertions(+), 12 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java index 62b0b510..aeeca504 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java @@ -352,8 +352,8 @@ private List getClientArgs(Map properties) { args.add(properties.get(SCAN_SPEED)); } } - if(properties.containsKey(SECRETS_ENABLED) || System.getProperty(SECRETS_ENABLED) != null) { - args.add(OPT_SECRETS_ENABLED); + if(properties.containsKey(SECRETS_DISABLED) || System.getProperty(SECRETS_DISABLED) != null) { + args.add(OPT_SECRETS_DISABLED); } if(properties.containsKey(SECRETS_ONLY) || System.getProperty(SECRETS_ONLY) != null) { args.add(OPT_SECRETS_ONLY); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java index 92b0c76c..ee1f1e45 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java @@ -34,6 +34,7 @@ public interface SASTConstants { String OPEN_SOURCE_ONLY = "openSourceOnly"; //$NON-NLS-1$ String SOURCE_CODE_ONLY = "sourceCodeOnly"; //$NON-NLS-1$ String SECRETS_ENABLED = "enableSecrets"; //$NON-NLS-1$ + String SECRETS_DISABLED = "disableSecrets"; //$NON-NLS-1$ String SECRETS_ONLY = "secretsOnly"; //$NON-NLS-1$ String SCAN_SPEED = "scanSpeed"; //$NON-NLS-1$ String OPT_SCAN_SPEED = "-s"; //$NON-NLS-1$ @@ -56,6 +57,7 @@ public interface SASTConstants { String OPT_SOURCE_CODE_ONLY = "-sco"; //$NON-NLS-1$ String OPT_STATIC_ANALYSIS_ONLY = "-sao"; //$NON-NLS-1$ String OPT_SECRETS_ENABLED = "-es"; //$NON-NLS-1$ + String OPT_SECRETS_DISABLED = "-ds"; //$NON-NLS-1$ String OPT_SECRETS_ONLY = "-so"; //$NON-NLS-1$ String OPT_ACCEPTS_SSL = "-acceptssl"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java index 553e976f..49c387ec 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java @@ -39,7 +39,7 @@ public class SASTScanManager implements IScanManager{ private boolean m_isOpenSourceOnlyEnabled = false; private boolean m_isSourceCodeOnlyEnabled = false; private boolean m_isStaticAnalysisOnlyEnabled = false; - private boolean m_isSecretsScanningEnabled = false; + private boolean m_isSecretsScanningDisabled = false; private boolean m_isSecretsScanningOnlyEnabled = false; public SASTScanManager(String workingDir) { @@ -112,11 +112,11 @@ public void setIsThirdPartyScanningEnabled(boolean isThirdPartyScanningEnabled) } /** - * Enables scanning for secrets. - * @param isSecretsScanningEnabled - True to scan for secrets vulnerabilities. + * Disables scanning for secrets. + * @param isSecretsScanningDisabled - True to skip scanning for secrets vulnerabilities. */ - public void setIsSecretsScanningEnabled(boolean isSecretsScanningEnabled) { - m_isSecretsScanningEnabled = isSecretsScanningEnabled; + public void setIsSecretsScanningDisabled(boolean isSecretsScanningDisabled) { + m_isSecretsScanningDisabled = isSecretsScanningDisabled; } /** @@ -161,7 +161,7 @@ public void createConfig(boolean useRelativeTargetPaths) throws AppScanException try { ModelWriter writer = new XmlWriter(useRelativeTargetPaths); writer.initWriters(new File(m_workingDirectory)); - writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningEnabled, m_isSecretsScanningOnlyEnabled); + writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningDisabled, m_isSecretsScanningOnlyEnabled); writer.write(); } catch (IOException | TransformerException e) { throw new AppScanException(e.getLocalizedMessage(), e); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java index a7e86076..197aad1d 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java @@ -25,6 +25,7 @@ public interface IModelXMLConstants { String A_SOURCE_CODE_ONLY = "sourceCodeOnly"; //$NON-NLS-1$ String A_STATIC_ANALYSIS_ONLY = "staticAnalysisOnly"; //$NON-NLS-1$ String A_SECRETS_ENABLED = "enableSecrets"; //$NON-NLS-1$ + String A_SECRETS_DISABLED = "disableSecrets"; //$NON-NLS-1$ String A_SECRETS_ONLY = "secretsOnly"; //$NON-NLS-1$ //Java diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java index 8c658f99..e6e1a10d 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java @@ -120,5 +120,5 @@ private void initDocumentBuilder() throws ParserConfigurationException { public abstract String getOutputLocation(); - public abstract void visit(List targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled); + public abstract void visit(List targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningOnlyEnabled); } diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java index df3d02bb..8b7b16ac 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java @@ -52,7 +52,7 @@ public void initWriters(File directory) throws IOException { @Override public void visit(List targets, boolean isThirdPartyScanningEnabled, - boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled) { + boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningOnlyEnabled) { m_config.beginElement(E_CONFIGURATION); if (isThirdPartyScanningEnabled) { @@ -71,8 +71,8 @@ public void visit(List targets, boolean isThirdPartyScanningEnabled m_config.setAttribute(A_STATIC_ANALYSIS_ONLY, "true"); } - if (isSecretsScanningEnabled) { - m_config.setAttribute(A_SECRETS_ENABLED, "true"); + if (isSecretsScanningDisabled) { + m_config.setAttribute(A_SECRETS_DISABLED, "true"); } if (isSecretsScanningOnlyEnabled) { From bbe23100ef23377f0aa66b04c6ad6bf0f6de24ca Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Tue, 27 Aug 2024 11:00:38 -0400 Subject: [PATCH 02/10] add print line for debug --- .../java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java index 49c387ec..b7b3dc32 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java @@ -116,6 +116,7 @@ public void setIsThirdPartyScanningEnabled(boolean isThirdPartyScanningEnabled) * @param isSecretsScanningDisabled - True to skip scanning for secrets vulnerabilities. */ public void setIsSecretsScanningDisabled(boolean isSecretsScanningDisabled) { + System.out.println("inside sdk, setting to " + String.valueOf(isSecretsScanningDisabled)); m_isSecretsScanningDisabled = isSecretsScanningDisabled; } From 12d39524ee13caa1d1012bbf763e74c1886bbdca Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Fri, 13 Sep 2024 13:26:05 -0400 Subject: [PATCH 03/10] remove print debug statements --- .../java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java index b7b3dc32..49c387ec 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java @@ -116,7 +116,6 @@ public void setIsThirdPartyScanningEnabled(boolean isThirdPartyScanningEnabled) * @param isSecretsScanningDisabled - True to skip scanning for secrets vulnerabilities. */ public void setIsSecretsScanningDisabled(boolean isSecretsScanningDisabled) { - System.out.println("inside sdk, setting to " + String.valueOf(isSecretsScanningDisabled)); m_isSecretsScanningDisabled = isSecretsScanningDisabled; } From 441ca5fb4486772dbfc81b696c59d61920a76dbe Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Fri, 18 Oct 2024 17:33:44 -0400 Subject: [PATCH 04/10] updates to inlcude both secrets disable/enable flags --- src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java | 3 +++ .../java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java | 3 +++ 2 files changed, 6 insertions(+) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java index aeeca504..f66b73c4 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java @@ -355,6 +355,9 @@ private List getClientArgs(Map properties) { if(properties.containsKey(SECRETS_DISABLED) || System.getProperty(SECRETS_DISABLED) != null) { args.add(OPT_SECRETS_DISABLED); } + if(properties.containsKey(SECRETS_ENABLED) || System.getProperty(SECRETS_ENABLED) != null) { + args.add(OPT_SECRETS_ENABLED); + } if(properties.containsKey(SECRETS_ONLY) || System.getProperty(SECRETS_ONLY) != null) { args.add(OPT_SECRETS_ONLY); } diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java index 8b7b16ac..12a519ad 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java @@ -74,6 +74,9 @@ public void visit(List targets, boolean isThirdPartyScanningEnabled if (isSecretsScanningDisabled) { m_config.setAttribute(A_SECRETS_DISABLED, "true"); } + else { + m_config.setAttribute(A_SECRETS_ENABLED, "true"); + } if (isSecretsScanningOnlyEnabled) { m_config.setAttribute(A_SECRETS_ONLY, "true"); From e41eaab4cdc11589f6ba0eaded625b5815ddf0dc Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Fri, 8 Nov 2024 15:20:53 -0500 Subject: [PATCH 05/10] bug fixes to set BOTH enable disable secrets flags --- .../sdk/scanners/sast/SASTScanManager.java | 15 +++++++++++++-- .../appscan/sdk/scanners/sast/xml/XmlWriter.java | 13 ++++++------- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java index 49c387ec..1591764e 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java @@ -40,6 +40,7 @@ public class SASTScanManager implements IScanManager{ private boolean m_isSourceCodeOnlyEnabled = false; private boolean m_isStaticAnalysisOnlyEnabled = false; private boolean m_isSecretsScanningDisabled = false; + private boolean m_isSecretsScanningEnabled = true; private boolean m_isSecretsScanningOnlyEnabled = false; public SASTScanManager(String workingDir) { @@ -116,7 +117,17 @@ public void setIsThirdPartyScanningEnabled(boolean isThirdPartyScanningEnabled) * @param isSecretsScanningDisabled - True to skip scanning for secrets vulnerabilities. */ public void setIsSecretsScanningDisabled(boolean isSecretsScanningDisabled) { - m_isSecretsScanningDisabled = isSecretsScanningDisabled; + m_isSecretsScanningDisabled = isSecretsScanningDisabled; + m_isSecretsScanningEnabled = !isSecretsScanningDisabled; + } + + /** + * Enables scanning for secrets. + * @param isSecretsScanningEnabled - True to scan for secrets vulnerabilities. + */ + public void setIsSecretsScanningEnabled(boolean isSecretsScanningEnabled) { + m_isSecretsScanningDisabled = !isSecretsScanningEnabled; + m_isSecretsScanningEnabled = isSecretsScanningEnabled; } /** @@ -161,7 +172,7 @@ public void createConfig(boolean useRelativeTargetPaths) throws AppScanException try { ModelWriter writer = new XmlWriter(useRelativeTargetPaths); writer.initWriters(new File(m_workingDirectory)); - writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningDisabled, m_isSecretsScanningOnlyEnabled); + writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningDisabled, m_isSecretsScanningEnabled, m_isSecretsScanningOnlyEnabled); writer.write(); } catch (IOException | TransformerException e) { throw new AppScanException(e.getLocalizedMessage(), e); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java index 12a519ad..5fd3b829 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java @@ -52,7 +52,7 @@ public void initWriters(File directory) throws IOException { @Override public void visit(List targets, boolean isThirdPartyScanningEnabled, - boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningOnlyEnabled) { + boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled) { m_config.beginElement(E_CONFIGURATION); if (isThirdPartyScanningEnabled) { @@ -72,12 +72,11 @@ public void visit(List targets, boolean isThirdPartyScanningEnabled } if (isSecretsScanningDisabled) { - m_config.setAttribute(A_SECRETS_DISABLED, "true"); - } - else { - m_config.setAttribute(A_SECRETS_ENABLED, "true"); - } - + m_config.setAttribute(A_SECRETS_DISABLED, "true"); + } + if (isSecretsScanningEnabled) {{ + m_config.setAttribute(A_SECRETS_ENABLED, "true"); + } if (isSecretsScanningOnlyEnabled) { m_config.setAttribute(A_SECRETS_ONLY, "true"); } From 7536c8bf89df45a8492d6ae8fd659e91062dc3eb Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Fri, 8 Nov 2024 15:35:26 -0500 Subject: [PATCH 06/10] minor bug fix add param --- .../appscan/sdk/scanners/sast/xml/ModelWriter.java | 2 +- .../appscan/sdk/scanners/sast/xml/XmlWriter.java | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java index e6e1a10d..dc162c92 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java @@ -120,5 +120,5 @@ private void initDocumentBuilder() throws ParserConfigurationException { public abstract String getOutputLocation(); - public abstract void visit(List targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningOnlyEnabled); + public abstract void visit(List targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled); } diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java index 5fd3b829..3c639225 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java @@ -70,13 +70,14 @@ public void visit(List targets, boolean isThirdPartyScanningEnabled if (isStaticAnalysisOnlyEnabled) { m_config.setAttribute(A_STATIC_ANALYSIS_ONLY, "true"); } - + if (isSecretsScanningDisabled) { - m_config.setAttribute(A_SECRETS_DISABLED, "true"); - } - if (isSecretsScanningEnabled) {{ - m_config.setAttribute(A_SECRETS_ENABLED, "true"); - } + m_config.setAttribute(A_SECRETS_DISABLED, "true"); + } + if (isSecretsScanningEnabled) { + m_config.setAttribute(A_SECRETS_ENABLED, "true"); + } + if (isSecretsScanningOnlyEnabled) { m_config.setAttribute(A_SECRETS_ONLY, "true"); } @@ -124,6 +125,7 @@ public void write() throws TransformerException { m_config.write(m_transformer); } + /** * Returns the location of the generated configuration file. * @return The location of the generated configuration file. From b5ddc006fe208838ff4536fbfae0a02b7c399449 Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Wed, 13 Nov 2024 17:12:49 -0500 Subject: [PATCH 07/10] backwards compatibility for noSecrets flag --- .../hcl/appscan/sdk/scanners/sast/SASTScanManager.java | 10 +++++++++- .../sdk/scanners/sast/xml/IModelXMLConstants.java | 1 + .../hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java | 2 +- .../hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java | 8 ++++++-- 4 files changed, 17 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java index 1591764e..f2168f5e 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java @@ -42,6 +42,7 @@ public class SASTScanManager implements IScanManager{ private boolean m_isSecretsScanningDisabled = false; private boolean m_isSecretsScanningEnabled = true; private boolean m_isSecretsScanningOnlyEnabled = false; + private boolean m_isNoSecrets = false; public SASTScanManager(String workingDir) { m_workingDirectory = workingDir; @@ -130,6 +131,13 @@ public void setIsSecretsScanningEnabled(boolean isSecretsScanningEnabled) { m_isSecretsScanningEnabled = isSecretsScanningEnabled; } + /** + * For compatibility with older versions of SAClient being used with AppScan Go! + */ + public void setIsNoSecrets(boolean isNoSecrets) { + m_isNoSecrets = isNoSecrets; + } + /** * Only scan for secrets. * @param isSecretsScanningOnlyEnabled - True to only scan for secrets vulnerabilities. @@ -172,7 +180,7 @@ public void createConfig(boolean useRelativeTargetPaths) throws AppScanException try { ModelWriter writer = new XmlWriter(useRelativeTargetPaths); writer.initWriters(new File(m_workingDirectory)); - writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningDisabled, m_isSecretsScanningEnabled, m_isSecretsScanningOnlyEnabled); + writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningDisabled, m_isNoSecrets, m_isSecretsScanningEnabled, m_isSecretsScanningOnlyEnabled); writer.write(); } catch (IOException | TransformerException e) { throw new AppScanException(e.getLocalizedMessage(), e); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java index 197aad1d..958b55a9 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java @@ -26,6 +26,7 @@ public interface IModelXMLConstants { String A_STATIC_ANALYSIS_ONLY = "staticAnalysisOnly"; //$NON-NLS-1$ String A_SECRETS_ENABLED = "enableSecrets"; //$NON-NLS-1$ String A_SECRETS_DISABLED = "disableSecrets"; //$NON-NLS-1$ + String A_NO_SECRETS = "noSecrets"; //$NON-NLS-1$ String A_SECRETS_ONLY = "secretsOnly"; //$NON-NLS-1$ //Java diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java index dc162c92..378f1b76 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java @@ -120,5 +120,5 @@ private void initDocumentBuilder() throws ParserConfigurationException { public abstract String getOutputLocation(); - public abstract void visit(List targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled); + public abstract void visit(List targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isNoSecrets, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled); } diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java index 3c639225..cd617771 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java @@ -52,7 +52,7 @@ public void initWriters(File directory) throws IOException { @Override public void visit(List targets, boolean isThirdPartyScanningEnabled, - boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled) { + boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isNoSecrets, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled) { m_config.beginElement(E_CONFIGURATION); if (isThirdPartyScanningEnabled) { @@ -71,12 +71,16 @@ public void visit(List targets, boolean isThirdPartyScanningEnabled m_config.setAttribute(A_STATIC_ANALYSIS_ONLY, "true"); } - if (isSecretsScanningDisabled) { + if (isSecretsScanningDisabled && !isNoSecrets) { + // avoid duplicating flags when noSecrets option is used m_config.setAttribute(A_SECRETS_DISABLED, "true"); } if (isSecretsScanningEnabled) { m_config.setAttribute(A_SECRETS_ENABLED, "true"); } + if (isNoSecrets) { + m_config.setAttribute(A_NO_SECRETS, "true"); + } if (isSecretsScanningOnlyEnabled) { m_config.setAttribute(A_SECRETS_ONLY, "true"); From feaf92e784e123834973d614242e0bdb2a7b0aa0 Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Thu, 14 Nov 2024 11:00:56 -0500 Subject: [PATCH 08/10] remove duplicate disable secrets flag --- .../hcl/appscan/sdk/scanners/sast/SASTConstants.java | 4 ++-- .../hcl/appscan/sdk/scanners/sast/SASTScanManager.java | 10 +--------- .../sdk/scanners/sast/xml/IModelXMLConstants.java | 3 +-- .../hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java | 2 +- .../hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java | 9 ++------- 5 files changed, 7 insertions(+), 21 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java index ee1f1e45..4ce52e16 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java @@ -34,7 +34,7 @@ public interface SASTConstants { String OPEN_SOURCE_ONLY = "openSourceOnly"; //$NON-NLS-1$ String SOURCE_CODE_ONLY = "sourceCodeOnly"; //$NON-NLS-1$ String SECRETS_ENABLED = "enableSecrets"; //$NON-NLS-1$ - String SECRETS_DISABLED = "disableSecrets"; //$NON-NLS-1$ + String SECRETS_DISABLED = "noSecrets"; //$NON-NLS-1$ String SECRETS_ONLY = "secretsOnly"; //$NON-NLS-1$ String SCAN_SPEED = "scanSpeed"; //$NON-NLS-1$ String OPT_SCAN_SPEED = "-s"; //$NON-NLS-1$ @@ -57,7 +57,7 @@ public interface SASTConstants { String OPT_SOURCE_CODE_ONLY = "-sco"; //$NON-NLS-1$ String OPT_STATIC_ANALYSIS_ONLY = "-sao"; //$NON-NLS-1$ String OPT_SECRETS_ENABLED = "-es"; //$NON-NLS-1$ - String OPT_SECRETS_DISABLED = "-ds"; //$NON-NLS-1$ + String OPT_SECRETS_DISABLED = "-ns"; //$NON-NLS-1$ String OPT_SECRETS_ONLY = "-so"; //$NON-NLS-1$ String OPT_ACCEPTS_SSL = "-acceptssl"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java index f2168f5e..1591764e 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java @@ -42,7 +42,6 @@ public class SASTScanManager implements IScanManager{ private boolean m_isSecretsScanningDisabled = false; private boolean m_isSecretsScanningEnabled = true; private boolean m_isSecretsScanningOnlyEnabled = false; - private boolean m_isNoSecrets = false; public SASTScanManager(String workingDir) { m_workingDirectory = workingDir; @@ -131,13 +130,6 @@ public void setIsSecretsScanningEnabled(boolean isSecretsScanningEnabled) { m_isSecretsScanningEnabled = isSecretsScanningEnabled; } - /** - * For compatibility with older versions of SAClient being used with AppScan Go! - */ - public void setIsNoSecrets(boolean isNoSecrets) { - m_isNoSecrets = isNoSecrets; - } - /** * Only scan for secrets. * @param isSecretsScanningOnlyEnabled - True to only scan for secrets vulnerabilities. @@ -180,7 +172,7 @@ public void createConfig(boolean useRelativeTargetPaths) throws AppScanException try { ModelWriter writer = new XmlWriter(useRelativeTargetPaths); writer.initWriters(new File(m_workingDirectory)); - writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningDisabled, m_isNoSecrets, m_isSecretsScanningEnabled, m_isSecretsScanningOnlyEnabled); + writer.visit(m_targets, m_isThirdPartyScanningEnabled, m_isOpenSourceOnlyEnabled, m_isSourceCodeOnlyEnabled, m_isStaticAnalysisOnlyEnabled, m_isSecretsScanningDisabled, m_isSecretsScanningEnabled, m_isSecretsScanningOnlyEnabled); writer.write(); } catch (IOException | TransformerException e) { throw new AppScanException(e.getLocalizedMessage(), e); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java index 958b55a9..69f36aba 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/IModelXMLConstants.java @@ -25,8 +25,7 @@ public interface IModelXMLConstants { String A_SOURCE_CODE_ONLY = "sourceCodeOnly"; //$NON-NLS-1$ String A_STATIC_ANALYSIS_ONLY = "staticAnalysisOnly"; //$NON-NLS-1$ String A_SECRETS_ENABLED = "enableSecrets"; //$NON-NLS-1$ - String A_SECRETS_DISABLED = "disableSecrets"; //$NON-NLS-1$ - String A_NO_SECRETS = "noSecrets"; //$NON-NLS-1$ + String A_SECRETS_DISABLED = "noSecrets"; //$NON-NLS-1$ String A_SECRETS_ONLY = "secretsOnly"; //$NON-NLS-1$ //Java diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java index 378f1b76..dc162c92 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/ModelWriter.java @@ -120,5 +120,5 @@ private void initDocumentBuilder() throws ParserConfigurationException { public abstract String getOutputLocation(); - public abstract void visit(List targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isNoSecrets, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled); + public abstract void visit(List targets, boolean isThirdPartyScanningEnabled, boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled); } diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java index cd617771..805cf970 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/xml/XmlWriter.java @@ -52,7 +52,7 @@ public void initWriters(File directory) throws IOException { @Override public void visit(List targets, boolean isThirdPartyScanningEnabled, - boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isNoSecrets, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled) { + boolean isOpenSourceOnlyEnabled, boolean isSourceCodeOnlyEnabled, boolean isStaticAnalysisOnlyEnabled, boolean isSecretsScanningDisabled, boolean isSecretsScanningEnabled, boolean isSecretsScanningOnlyEnabled) { m_config.beginElement(E_CONFIGURATION); if (isThirdPartyScanningEnabled) { @@ -71,17 +71,12 @@ public void visit(List targets, boolean isThirdPartyScanningEnabled m_config.setAttribute(A_STATIC_ANALYSIS_ONLY, "true"); } - if (isSecretsScanningDisabled && !isNoSecrets) { - // avoid duplicating flags when noSecrets option is used + if (isSecretsScanningDisabled) { m_config.setAttribute(A_SECRETS_DISABLED, "true"); } if (isSecretsScanningEnabled) { m_config.setAttribute(A_SECRETS_ENABLED, "true"); } - if (isNoSecrets) { - m_config.setAttribute(A_NO_SECRETS, "true"); - } - if (isSecretsScanningOnlyEnabled) { m_config.setAttribute(A_SECRETS_ONLY, "true"); } From 21604b2498583fcee14358f534fc32c3a67f44ae Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Thu, 14 Nov 2024 11:12:34 -0500 Subject: [PATCH 09/10] revert to secretsDisabled in SASTConstants --- .../java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java index 4ce52e16..ee1f1e45 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTConstants.java @@ -34,7 +34,7 @@ public interface SASTConstants { String OPEN_SOURCE_ONLY = "openSourceOnly"; //$NON-NLS-1$ String SOURCE_CODE_ONLY = "sourceCodeOnly"; //$NON-NLS-1$ String SECRETS_ENABLED = "enableSecrets"; //$NON-NLS-1$ - String SECRETS_DISABLED = "noSecrets"; //$NON-NLS-1$ + String SECRETS_DISABLED = "disableSecrets"; //$NON-NLS-1$ String SECRETS_ONLY = "secretsOnly"; //$NON-NLS-1$ String SCAN_SPEED = "scanSpeed"; //$NON-NLS-1$ String OPT_SCAN_SPEED = "-s"; //$NON-NLS-1$ @@ -57,7 +57,7 @@ public interface SASTConstants { String OPT_SOURCE_CODE_ONLY = "-sco"; //$NON-NLS-1$ String OPT_STATIC_ANALYSIS_ONLY = "-sao"; //$NON-NLS-1$ String OPT_SECRETS_ENABLED = "-es"; //$NON-NLS-1$ - String OPT_SECRETS_DISABLED = "-ns"; //$NON-NLS-1$ + String OPT_SECRETS_DISABLED = "-ds"; //$NON-NLS-1$ String OPT_SECRETS_ONLY = "-so"; //$NON-NLS-1$ String OPT_ACCEPTS_SSL = "-acceptssl"; //$NON-NLS-1$ From 3fb11850133acfea78f1b8026eec9d406c2ec3df Mon Sep 17 00:00:00 2001 From: Michaela Perrotta Date: Thu, 14 Nov 2024 11:19:50 -0500 Subject: [PATCH 10/10] update m_isSecretsScanningEnabled to be false by default --- .../java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java index 1591764e..e4438117 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java @@ -40,7 +40,7 @@ public class SASTScanManager implements IScanManager{ private boolean m_isSourceCodeOnlyEnabled = false; private boolean m_isStaticAnalysisOnlyEnabled = false; private boolean m_isSecretsScanningDisabled = false; - private boolean m_isSecretsScanningEnabled = true; + private boolean m_isSecretsScanningEnabled = false; private boolean m_isSecretsScanningOnlyEnabled = false; public SASTScanManager(String workingDir) {