Handle binaries and sourcecode data section parts at PDS and SecHub side

apply-headers.sh

@@ -79,6 +79,8 @@ echo -e "  --------------------------------------------"
 ##########################################################
 # Apply SPDX license headers:
 applySPDXonFirstLine "adoc" "// $SPDX_TEXT"
+applySPDXonFirstLine "puml" "' $SPDX_TEXT"
+applySPDXonFirstLine "plantuml" "' $SPDX_TEXT"
 applySPDXonFirstLine "bat" ":: $SPDX_TEXT"
 applySPDXonFirstLine "c" "// $SPDX_TEXT"
 applySPDXonFirstLine "dockerfile" "# $SPDX_TEXT"

build.gradle

@@ -1,8 +1,8 @@
 // SPDX-License-Identifier: MIT
 buildscript{
 
-	apply from: "${rootProject.projectDir}/libraries.gradle"
-	apply from: "${rootProject.projectDir}/projects.gradle"
+	apply from: "${rootProject.projectDir}/gradle/libraries.gradle"
+	apply from: "${rootProject.projectDir}/gradle/projects.gradle"
 
     def customMavenRepoURL4plugins = System.getenv('CUST_MVN_URL_PLUGINS')
     if (customMavenRepoURL4plugins!=null){
@@ -120,9 +120,9 @@ spotless {
 	}
 }
 
-apply from: "${rootProject.projectDir}/build-versioning.gradle"
-apply from: "${rootProject.projectDir}/build-java.gradle"
-apply from: "${rootProject.projectDir}/build-spring.gradle"
-apply from: "${rootProject.projectDir}/build-maven.gradle"
-apply from: "${rootProject.projectDir}/build-eclipse.gradle"
-apply from: "${rootProject.projectDir}/build-report.gradle"
+apply from: "${rootProject.projectDir}/gradle/build-versioning.gradle"
+apply from: "${rootProject.projectDir}/gradle/build-java.gradle"
+apply from: "${rootProject.projectDir}/gradle/build-spring.gradle"
+apply from: "${rootProject.projectDir}/gradle/build-maven.gradle"
+apply from: "${rootProject.projectDir}/gradle/build-eclipse.gradle"
+apply from: "${rootProject.projectDir}/gradle/build-report.gradle"

libraries.gradle → gradle/libraries.gradle

@@ -49,6 +49,7 @@ ext {
       apache_commons_io:                       "2.11.0",
       apache_commons_validator:                "1.7",
       apache_commons_fileupload:               "1.4",
+      apache_commons_compress:                 "1.21",
 
       /* testing */                            
       junit4:                                  "4.13.2",
@@ -69,7 +70,6 @@ ext {
       owaspzap_client_api:                     "1.10.0",
       jcommander:                              "1.82",
 
-
    ]    
 
    library = [
@@ -115,6 +115,8 @@ ext {
         apache_commons_io:                     "commons-io:commons-io:${libraryVersion.apache_commons_io}",
         apache_commons_cli:                    "commons-cli:commons-cli:${libraryVersion.apache_commons_cli}",
         apache_commons_fileupload:             "commons-fileupload:commons-fileupload:${libraryVersion.apache_commons_fileupload}",
+        apache_commons_compress:               "org.apache.commons:commons-compress:${libraryVersion.apache_commons_compress}",
+
         // JDK 10 build problems handling
         // https://stackoverflow.com/questions/43574426/how-to-resolve-java-langnoclassdeffounderror-javax-xml-bind-jaxbexception-in-j
         jdk_missing_jaxb_api:                  "javax.xml.bind:jaxb-api:${libraryVersion.jaxb_api}",

projects.gradle → gradle/projects.gradle

@@ -14,6 +14,7 @@ projectType = [
                project(':sechub-commons-model'),
                project(':sechub-commons-model-testframework'),
                project(':sechub-commons-pds'),
+               project(':sechub-commons-archive'),
                project(':sechub-storage-core'),
                project(':sechub-wrapper-owasp-zap'),
 

sechub-adapter-pds/src/main/java/com/mercedesbenz/sechub/adapter/pds/DelegatingMockablePDSAdapterV1.java

@@ -13,6 +13,7 @@
 import com.mercedesbenz.sechub.adapter.AdapterRuntimeContext;
 import com.mercedesbenz.sechub.adapter.mock.MockedAdapter;
 import com.mercedesbenz.sechub.adapter.mock.MockedAdapterSetupService;
+import com.mercedesbenz.sechub.commons.pds.PDSDefaultParameterKeyConstants;
 
 /**
  * Special adapter which is per default mocked, but can be defined to use real
@@ -26,8 +27,6 @@
 public class DelegatingMockablePDSAdapterV1 extends AbstractAdapter<PDSAdapterContext, PDSAdapterConfig>
         implements MockedAdapter<PDSAdapterConfig>, PDSAdapter {
 
-    public static final String JOB_PARAMETER_KEY__PDS_MOCKING_DISABLED = "pds.mocking.disabled";
-
     private static final Logger LOG = LoggerFactory.getLogger(DelegatingMockablePDSAdapterV1.class);
 
     MockedPDSAdapterV1 mockedPdsAdapterV1;
@@ -51,7 +50,9 @@ public int getAdapterVersion() {
 
     @Override
     protected String execute(PDSAdapterConfig config, AdapterRuntimeContext runtimeContext) throws AdapterException {
-        String mockingDisabled = config.getJobParameters().get(JOB_PARAMETER_KEY__PDS_MOCKING_DISABLED);
+        PDSAdapterConfigData data = config.getPDSAdapterConfigData();
+        String mockingDisabled = data.getJobParameters().get(PDSDefaultParameterKeyConstants.PARAM_KEY_PDS_MOCKING_DISABLED);
+
         boolean useMock = !Boolean.parseBoolean(mockingDisabled);
 
         LOG.info("execution starting, using mocked adapter={}", useMock);

sechub-adapter-pds/src/main/java/com/mercedesbenz/sechub/adapter/pds/PDSAdapterConfig.java

@@ -1,17 +1,8 @@
 // SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.adapter.pds;
 
-import java.util.Map;
-import java.util.UUID;
-
 import com.mercedesbenz.sechub.adapter.AdapterConfig;
 
-public interface PDSAdapterConfig extends AdapterConfig {
-
-    Map<String, String> getJobParameters();
-
-    UUID getSecHubJobUUID();
-
-    String getPdsProductIdentifier();
+public interface PDSAdapterConfig extends AdapterConfig, PDSAdapterConfigDataProvider {
 
 }

sechub-adapter-pds/src/main/java/com/mercedesbenz/sechub/adapter/pds/PDSAdapterConfigBuilder.java

@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: MIT
+package com.mercedesbenz.sechub.adapter.pds;
+
+import com.mercedesbenz.sechub.adapter.AdapterConfigBuilder;
+
+public interface PDSAdapterConfigBuilder extends AdapterConfigBuilder, PDSAdapterConfiguratorProvider {
+
+}

sechub-adapter-pds/src/main/java/com/mercedesbenz/sechub/adapter/pds/PDSAdapterConfigData.java

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: MIT
+package com.mercedesbenz.sechub.adapter.pds;
+
+import java.io.InputStream;
+import java.util.Map;
+import java.util.UUID;
+
+import com.mercedesbenz.sechub.commons.model.ScanType;
+import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModel;
+
+public interface PDSAdapterConfigData {
+
+    /**
+     * @return an unmodifiable map with job parameters
+     */
+    Map<String, String> getJobParameters();
+
+    UUID getSecHubJobUUID();
+
+    String getPdsProductIdentifier();
+
+    InputStream getSourceCodeZipFileInputStreamOrNull();
+
+    String getSourceCodeZipFileChecksumOrNull();
+
+    InputStream getBinaryTarFileInputStreamOrNull();
+
+    String getBinariesTarFileChecksumOrNull();
+
+    boolean isReusingSecHubStorage();
+
+    boolean isSourceCodeZipFileRequired();
+
+    boolean isBinaryTarFileRequired();
+
+    SecHubConfigurationModel getSecHubConfigurationModel();
+
+    ScanType getScanType();
+
+}

sechub-adapter-pds/src/main/java/com/mercedesbenz/sechub/adapter/pds/PDSAdapterConfigDataProvider.java

@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: MIT
+package com.mercedesbenz.sechub.adapter.pds;
+
+public interface PDSAdapterConfigDataProvider {
+
+    PDSAdapterConfigData getPDSAdapterConfigData();
+}

sechub-adapter-pds/src/main/java/com/mercedesbenz/sechub/adapter/pds/PDSAdapterConfigurator.java

@@ -0,0 +1,61 @@
+// SPDX-License-Identifier: MIT
+package com.mercedesbenz.sechub.adapter.pds;
+
+import java.io.InputStream;
+import java.util.Map;
+import java.util.UUID;
+
+import com.mercedesbenz.sechub.commons.model.ScanType;
+import com.mercedesbenz.sechub.commons.model.SecHubConfigurationModel;
+
+public interface PDSAdapterConfigurator {
+
+    void setPdsProductIdentifier(String pdsProductIdentifier);
+
+    void setSourceCodeZipFileInputStreamOrNull(InputStream sourceCodeZipFileInputStreamOrNull);
+
+    void setSourceCodeZipFileChecksumOrNull(String sourceCodeZipFileChecksumOrNull);
+
+    void setBinaryTarFileInputStreamOrNull(InputStream binaryTarFileInputStreamOrNull);
+
+    void setBinariesTarFileChecksumOrNull(String binaryTarFileChecksum);
+
+    void setSecHubJobUUID(UUID secHubJobUUID);
+
+    void setJobParameters(Map<String, String> jobParameters);
+
+    void setSecHubConfigurationModel(SecHubConfigurationModel secHubConfigurationModel);
+
+    void setReusingSecHubStorage(boolean reusingSecHubStorage);
+
+    void setSourceCodeZipFileRequired(boolean sourceCodeZipFileRequired);
+
+    void setBinaryTarFileRequired(boolean binaryTarFileRequired);
+
+    void setScanType(ScanType scanType);
+
+    /**
+     * Will be automatically called by {@link #configure()}. and validates defined
+     * parts only
+     */
+    void validateNonCalculatedParts();
+
+    /**
+     * Will be automatically called by {@link #configure()}. If the calculated parts
+     * needs a validation as well, this must be done also here. The
+     * {@link #validateNonCalculatedParts()} method does only check the non
+     * calculated parts.
+     */
+    void calculate();
+
+    /**
+     * First {@link #validateNonCalculatedParts()} will be called by this method.
+     * Then the {@link #calculate()} method is called. The default implementation
+     * does this already and should not be changed.
+     */
+    public default void configure() {
+        validateNonCalculatedParts();
+        calculate();
+    }
+
+}

sechub-adapter-pds/src/main/java/com/mercedesbenz/sechub/adapter/pds/PDSAdapterConfiguratorProvider.java

@@ -0,0 +1,7 @@
+// SPDX-License-Identifier: MIT
+package com.mercedesbenz.sechub.adapter.pds;
+
+public interface PDSAdapterConfiguratorProvider {
+
+    PDSAdapterConfigurator getPDSAdapterConfigurator();
+}