Merge pull request diffblue#589 from diffblue/cleanup/gitlab-script

Cleanup and complete Gitlab script

Author: NathanJPhillips

gitlab-integration/gitlab-wrapper.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-npm start --prefix "$( dirname "${BASH_SOURCE[0]}" )"
+npm start --silent --prefix "$( dirname "${BASH_SOURCE[0]}" )"

gitlab-integration/src/analyse-project.ts

@@ -21,7 +21,7 @@ async function securityAnalysis() {
 
   const log = new TwoColumnLogger("Diffblue Gitlab Integration");
   try {
-    const projectName = `gitlab-${Date.now()}`;
+    const projectName = `${process.env.CI_PROJECT_NAMESPACE}-${process.env.CI_PROJECT_NAME}-${process.env.CI_JOB_ID}`;
     let localMachine: models.Instance = {
       name: "local-executor",
       ip: "localhost",
@@ -40,51 +40,47 @@ async function securityAnalysis() {
       zoneIndex: 0,
       diskImg: { name: "nodiskimgname", link: "nodiskimglink" },
       username: "diffblue",
+      password: "password123",
       duration: { start: "nodurationstart" },
     };
 
+    console.log(`Running against commit with title: ${process.env.CI_COMMIT_TITLE}`);
+    console.log("Initialising Diffblue platform");
     const startTime = Date.now();
-
     localMachine = await platform.createProject(localMachine);
     localMachine = await platform.initialiseProject(localMachine);
     localMachine = await platform.startAnalysis(localMachine);
+    console.log("Analysis started");
 
-    do {
+    let complete = 0;
+    while (true) {
       localMachine = await platform.getAnalysisProgress(localMachine);
-      if (localMachine.analysisStatus === "RUNNING" || localMachine.analysisStatus === "WAITING") {
-        const elapsed = (Date.now() - startTime) / 1000;
-        const nextWait = Math.ceil(elapsed / 10);   // Wait for 10% of time elapsed so far
-        log.debug(`Waiting ${nextWait} seconds before checking again whether Diffblue platform is ready`);
-        await wait(nextWait);
+      if (localMachine.analysisProgress !== undefined && localMachine.analysisProgress !== complete) {
+        complete = localMachine.analysisProgress;
+        console.log(`Analysis ${complete.toFixed(2)}% complete`);
       }
-    } while (localMachine.analysisStatus === "RUNNING" || localMachine.analysisStatus === "WAITING");
+      if (localMachine.analysisStatus !== "RUNNING" && localMachine.analysisStatus !== "WAITING")
+        break;
+      const elapsed = (Date.now() - startTime) / 1000;
+      const nextWait = Math.ceil(elapsed / 10);   // Wait for 10% of time elapsed so far
+      log.debug(`Waiting ${nextWait} seconds before checking again whether Diffblue platform is ready`);
+      await wait(nextWait);
+    }
 
     const issues = await platform.getIssues(localMachine);
+    const issueLogLines = issues.map((issue: any) => `* ${issue.testName}\n  Trace: ${getIssueUri(localMachine, issue.id)}`);
+    console.log(`Identified ${issues.length} issues:\n${issueLogLines.join("\n")}`);
 
-    log.debug(`Identified ${issues.length} issues`);
-    log.debug(JSON.stringify(issues));
-
-    const report = issues.map(
-      function (issue: any) {
-
-        // TODO: query the platform's public-facing URL
-        const testUrl = `http://localhost/${projectName}/${localMachine.analysisNum}/tests/${issue.id}/trace`;
-
-        return {
-          file: `${issue.testClassDir}/${issue.testClass}`,
-          message: issue.testName,
-          priority: "High",
-          tool: "Diffblue-security",
-          url: testUrl,
-          cve: `Click here ${testUrl}`,
-          // cve: testUrl // Mandatory key
-        };
-      }
-    );
-
-    const reportFileName = path.join(process.env.INIT_CWD, "gl-sast-report.json");
-    log.debug(`Writing issue report to ${reportFileName}`);
-    await fs.writeFile(reportFileName, JSON.stringify(report));
+    const report = issues.map((issue: any) => ({
+      file: `${issue.testClassDir}/${issue.testClass}`,
+      message: issue.testName,
+      priority: "High",
+      tool: "Diffblue security analyser",
+      // TODO: query the platform's public-facing URL
+      url: getIssueUri(localMachine, issue.id),
+      cve: "N/A", // Mandatory key when provide URL
+    }));
+    await fs.writeFile(path.join(process.env.INIT_CWD, "gl-sast-report.json"), JSON.stringify(report));
   } catch (err) {
     if (err.message) {
       log.debug(err.message);
@@ -97,4 +93,9 @@ async function securityAnalysis() {
   }
 }
 
+function getIssueUri(localMachine: models.Instance, issueId: any): string {
+  return `http://localhost/${localMachine.project.name}/${localMachine.analysisNum}/tests/${issueId}/trace`;
+}
+
+// Run async entry point
 securityAnalysis();

gitlab-integration/src/api.ts

@@ -134,7 +134,7 @@ export async function createUser(vm: models.Instance, secsToWait = 30, secsWaiti
   let response;
   try {
     response = await fetch(`http://${vm.ip}/api/users`, {
-      method: "POST", body: JSON.stringify({ username: vm.username, password: vm.project.name }), headers: { "Content-Type": "application/json" },
+      method: "POST", body: JSON.stringify({ username: vm.username, password: vm.password }), headers: { "Content-Type": "application/json" },
     });
     if (response.status !== HttpStatus.OK && response.status !== HttpStatus.BadRequest)
       throw new Error(`received ${response.status} (${response.statusText}) response`);
@@ -161,7 +161,7 @@ async function signIn(vm: models.Instance, secsToWait = 30, secsWaiting = 0): Pr
   let response;
   try {
     response = await fetch(`http://${vm.ip}/api/session`, {
-      method: "POST", body: JSON.stringify({ userName: vm.username, password: "password123" }), headers: { "Content-Type": "application/json" },
+      method: "POST", body: JSON.stringify({ userName: vm.username, password: vm.password }), headers: { "Content-Type": "application/json" },
     });
     if (response.status !== HttpStatus.OK && response.status !== HttpStatus.Unauthorized)
       throw new Error(`received ${response.status} (${response.statusText}) response`);
@@ -191,7 +191,7 @@ async function signInToken(vm: models.Instance, secsToWait = 30, secsWaiting = 0
   let response;
   try {
     response = await fetch(`http://${vm.ip}/api/signin`, {
-      method: "POST", body: JSON.stringify({ userName: vm.username, password: vm.project.name }), headers: { "Content-Type": "application/json" },
+      method: "POST", body: JSON.stringify({ userName: vm.username, password: vm.password }), headers: { "Content-Type": "application/json" },
     });
     if (response.status !== HttpStatus.OK && response.status !== HttpStatus.Unauthorized)
       throw new Error(`received ${response.status} (${response.statusText}) response`);

gitlab-integration/src/models.ts

@@ -93,6 +93,7 @@ export interface Instance {
   project: Project;
   ssh?: any;
   username: string;
+  password: string;
 }
 
 export interface Project {