ast cli #422
ast cli #422
Conversation
|
|
||
|
|
||
| Scenario Outline: Testing break-build functionality | ||
| When running a AST scan with break-build on <issue-type> |
There was a problem hiding this comment.
Can be expanded a little:
running a AST scan with break-build enabled and command line arguments
|
|
||
| Examples: | ||
| | issue-type | exit-code-number | | ||
| #| success | 0 | |
There was a problem hiding this comment.
Why is success commented out?
| if (expectedIssueCount == AT_LEAST_ONE) { | ||
| Assert.assertTrue("Expected at least one issue in bug tracker.", actualIssueCount > 0); |
There was a problem hiding this comment.
The AT_LEAST_ONE case is not relevant for astCliScan.feature.
|
|
||
| @Then("bug tracker contains {} issues") | ||
| public void validateBugTrackerIssues(int countIssues) { | ||
| int expectedIssueCount = countIssues; |
There was a problem hiding this comment.
countIssues argument can be renamed into expectedIssueCount, so we won't need an additional variable here.
|
|
||
| private static Path getTempDir() { | ||
| String systemTempDir = FileUtils.getTempDirectoryPath(); | ||
| String subdir = String.format("sca-cli-test-%s", UUID.randomUUID()); |
There was a problem hiding this comment.
Should be 'ast-cli-test-%s'
| Examples: | ||
| | scanner | issueNumber | | ||
| #| SCA | 5 | | ||
| | AST | 32 | |
There was a problem hiding this comment.
Please be aware that tests with fixed issue counts may be fragile. I.e. issue count may change due to changes on the backend. I've already encountered it with SCA in astScanProcessing.feature.
There was a problem hiding this comment.
I will remove the SCA here
There was a problem hiding this comment.
use a description of what is the meaning of the number instead of the actual number
| And no exception is thrown | ||
| Examples: | ||
| | scanner | issueNumber | | ||
| #| SCA | 5 | |
There was a problem hiding this comment.
I guess the examples should either be ("AST", "AST,SCA") or just ("AST").
If the SCA line is not needed, please remove it.
| public void setScanInitiator(String initiatorList) { | ||
| String[] intiators ; | ||
|
|
||
| if(!initiatorList.contains(SEPARATOR)){ |
There was a problem hiding this comment.
isn't this hole if is equal to "intiators = initiatorList.split(SEPARATOR);"
There was a problem hiding this comment.
when there's no separators, it will not work
There was a problem hiding this comment.
if the separator is not found it returns an array of size 1 containing the original value
There was a problem hiding this comment.
fixed by "intiators = initiatorList.split(SEPARATOR);"
| intiators = initiatorList.split(SEPARATOR); | ||
| } | ||
|
|
||
| List<String> scanners = new LinkedList<>(); |
There was a problem hiding this comment.
List scanners = Arrays.stream(initiatorList.split(SEPARATOR))
.flatMap(intiators ->
Stream.of(ScaProperties.CONFIG_PREFIX , AstProperties.CONFIG_PREFIX)
.filter(intiators::equalsIgnoreCase))
.collect(Collectors.toList());
flowProperties.setEnabledVulnerabilityScanners(scanners);
There was a problem hiding this comment.
or we can overload the flowProperties.setEnabledVulnerabilityScanners to get an ellipse of scanners, simplify the uses allover the code.
There was a problem hiding this comment.
Ofer pls don't make me change everything to Java 8
There was a problem hiding this comment.
then use retainAll (from List)
List x1 = new ArrayList(List.of("a","b","c"));
List x2 = List.of("a","b");
x1.retainAll(x2); //result is: x1 = ["a","b"]
| } catch (Throwable e) { | ||
| exception = e; | ||
| } | ||
| cxFlowExecutionException = exception; |
There was a problem hiding this comment.
why do we need the "exception" variable?
There was a problem hiding this comment.
because there's another step which is checking the exception class. In validateExitCode()
There was a problem hiding this comment.
cxFlowExecutionException is all you need, the temporary "exception" lives for just 6 lines of code.
just use the cxFlowExecutionException in its place
olgakil
force-pushed
the
pr-orly-ast-cli
branch
from
96188a2
to
9080317
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
Support AST scan in command line of CxFlow