Skip to content

Commit f789b0f

Browse files
rohitcoderrohitcoder
committed
Added pr-branch support
1 parent 55c8cd8 commit f789b0f

File tree

6 files changed

+265
-251
lines changed

6 files changed

+265
-251
lines changed

src/main.rs

Lines changed: 33 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,8 @@ use utils::pipeline;
1010
async fn execute_scan(
1111
scan_type: &str,
1212
path: &str,
13-
commit_id: Option<&str>,
14-
branch: Option<&str>,
13+
base_branch: Option<&str>,
14+
pr_branch: Option<&str>,
1515
no_install: bool,
1616
root_only: bool,
1717
build_args: String,
@@ -30,8 +30,8 @@ async fn execute_scan(
3030
.execute_scan(
3131
scan_type,
3232
path,
33-
commit_id,
34-
branch,
33+
base_branch,
34+
pr_branch,
3535
no_install,
3636
root_only,
3737
build_args,
@@ -41,6 +41,7 @@ async fn execute_scan(
4141
)
4242
.await;
4343
}
44+
4445
#[tokio::main]
4546
async fn main() {
4647
// Parse command-line arguments
@@ -53,12 +54,12 @@ async fn main() {
5354
let mut verbose = false;
5455
let mut path = String::new();
5556
let mut rule_path = String::new();
56-
let mut commit_id = String::new();
57+
let mut base_branch = String::new();
58+
let mut pr_branch = String::new();
5759
let mut defectdojo_url = String::new();
5860
let mut defectdojo_token = String::new();
5961
let mut product_name = String::new();
6062
let mut engagement_name = String::new();
61-
let mut branch = String::new();
6263
let mut policy_url = String::new();
6364
let mut build_args = String::new();
6465
let mut manifests = String::new();
@@ -82,15 +83,15 @@ async fn main() {
8283
Store,
8384
"Pass the path of the rules to use (Local Path or HTTP Git URL)",
8485
);
85-
ap.refer(&mut commit_id).add_option(
86-
&["-i", "--commit-id"],
86+
ap.refer(&mut base_branch).add_option(
87+
&["--branch"],
8788
Store,
88-
"Pass the commit ID to scan (Optional)",
89+
"Specify the base branch to scan or compare",
8990
);
90-
ap.refer(&mut branch).add_option(
91-
&["-b", "--branch"],
91+
ap.refer(&mut pr_branch).add_option(
92+
&["--pr-branch"],
9293
Store,
93-
"Pass the branch name to scan (Optional)",
94+
"Specify the PR branch to compare with the base branch (optional)",
9495
);
9596
ap.refer(&mut is_sast)
9697
.add_option(&["-s", "--sast"], StoreTrue, "Run SAST scan");
@@ -148,8 +149,11 @@ async fn main() {
148149
Store,
149150
"Pass the build context args to scan",
150151
);
151-
ap.refer(&mut manifests)
152-
.add_option(&["-m", "--manifests"], Store, "Pass the manifests pom.xml, requirements.txt etc to scan and we will look for only that kind of manifests");
152+
ap.refer(&mut manifests).add_option(
153+
&["-m", "--manifests"],
154+
Store,
155+
"Specify manifest files to scan",
156+
);
153157
ap.refer(&mut slack_url).add_option(
154158
&["-k", "--slack-url"],
155159
Store,
@@ -174,20 +178,19 @@ async fn main() {
174178
if mongo_uri != "" {
175179
println!("[+] Found DbConnection, we will be using it for filtering out the results");
176180
}
181+
182+
let pr_branch_option = if pr_branch.is_empty() {
183+
None
184+
} else {
185+
Some(pr_branch.as_str())
186+
};
187+
177188
if is_sast {
178189
execute_scan(
179190
"sast",
180191
&path,
181-
if commit_id.is_empty() {
182-
None
183-
} else {
184-
Some(&commit_id)
185-
},
186-
if branch.is_empty() {
187-
None
188-
} else {
189-
Some(&branch)
190-
},
192+
Some(&base_branch),
193+
pr_branch_option,
191194
no_install,
192195
root_only,
193196
build_args.clone(),
@@ -202,16 +205,8 @@ async fn main() {
202205
execute_scan(
203206
"sca",
204207
&path,
205-
if commit_id.is_empty() {
206-
None
207-
} else {
208-
Some(&commit_id)
209-
},
210-
if branch.is_empty() {
211-
None
212-
} else {
213-
Some(&branch)
214-
},
208+
Some(&base_branch),
209+
pr_branch_option,
215210
no_install,
216211
root_only,
217212
build_args.clone(),
@@ -226,16 +221,8 @@ async fn main() {
226221
execute_scan(
227222
"secret",
228223
&path,
229-
if commit_id.is_empty() {
230-
None
231-
} else {
232-
Some(&commit_id)
233-
},
234-
if branch.is_empty() {
235-
None
236-
} else {
237-
Some(&branch)
238-
},
224+
Some(&base_branch),
225+
pr_branch_option,
239226
no_install,
240227
root_only,
241228
build_args.clone(),
@@ -250,16 +237,8 @@ async fn main() {
250237
execute_scan(
251238
"license-compliance",
252239
&path,
253-
if commit_id.is_empty() {
254-
None
255-
} else {
256-
Some(&commit_id)
257-
},
258-
if branch.is_empty() {
259-
None
260-
} else {
261-
Some(&branch)
262-
},
240+
Some(&base_branch),
241+
pr_branch_option,
263242
no_install,
264243
root_only,
265244
build_args.clone(),
@@ -288,7 +267,6 @@ async fn main() {
288267
is_license_compliance,
289268
policy_url,
290269
slack_url,
291-
commit_id,
292270
job_id,
293271
mongo_uri,
294272
defectdojo_url,

src/scans/scanner.rs

Lines changed: 45 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
1-
use crate::scans::tools::{sast_tool::SastTool, sca_tool::ScaTool, secret_tool::SecretTool, license_tool::LicenseTool};
1+
use crate::scans::tools::{
2+
license_tool::LicenseTool, sast_tool::SastTool, sca_tool::ScaTool, secret_tool::SecretTool,
3+
};
24

35
pub struct ScanRunner {
46
sast_tool: SastTool,
@@ -8,7 +10,12 @@ pub struct ScanRunner {
810
}
911

1012
impl ScanRunner {
11-
pub fn new(sast_tool: SastTool, sca_tool: ScaTool, secret_tool: SecretTool, license_tool: LicenseTool) -> Self {
13+
pub fn new(
14+
sast_tool: SastTool,
15+
sca_tool: ScaTool,
16+
secret_tool: SecretTool,
17+
license_tool: LicenseTool,
18+
) -> Self {
1219
ScanRunner {
1320
sast_tool,
1421
sca_tool,
@@ -17,20 +24,43 @@ impl ScanRunner {
1724
}
1825
}
1926

20-
pub async fn execute_scan(&self, scan_type: &str, path: &str, commit_id: Option<&str>, branch: Option<&str>, no_install: bool, root_only:bool, build_args:String, manifests: String, rule_path: String, verbose: bool) {
21-
if verbose {
22-
23-
if let Some(commit_id) = commit_id {
24-
println!("Commit ID: {}", commit_id);
25-
}else {
26-
println!("Commit ID: None");
27-
}
28-
}
27+
pub async fn execute_scan(
28+
&self,
29+
scan_type: &str,
30+
path: &str,
31+
branch: Option<&str>,
32+
pr_branch: Option<&str>,
33+
no_install: bool,
34+
root_only: bool,
35+
build_args: String,
36+
manifests: String,
37+
rule_path: String,
38+
verbose: bool,
39+
) {
2940
match scan_type {
30-
"sast" => self.sast_tool.run_scan(path, commit_id, branch, rule_path, verbose).await,
31-
"sca" => self.sca_tool.run_scan(path, commit_id, branch, no_install, root_only, build_args, manifests, verbose).await,
32-
"secret" => self.secret_tool.run_scan(path, commit_id, branch, verbose).await,
33-
"license-compliance" => self.license_tool.run_scan(path, commit_id, branch, verbose).await,
41+
"sast" => {
42+
self.sast_tool
43+
.run_scan(path, branch, pr_branch, rule_path, verbose)
44+
.await
45+
}
46+
"sca" => {
47+
self.sca_tool
48+
.run_scan(
49+
path, branch, pr_branch, no_install, root_only, build_args, manifests,
50+
verbose,
51+
)
52+
.await
53+
}
54+
"secret" => {
55+
self.secret_tool
56+
.run_scan(path, branch, pr_branch, verbose)
57+
.await
58+
}
59+
"license-compliance" => {
60+
self.license_tool
61+
.run_scan(path, branch, pr_branch, verbose)
62+
.await
63+
}
3464
_ => println!("Invalid scan type: {}", scan_type),
3565
}
3666
}

src/scans/tools/sca_tool.rs

Lines changed: 4 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -204,8 +204,8 @@ impl ScaTool {
204204
pub async fn run_scan(
205205
&self,
206206
_path: &str,
207-
_commit_id: Option<&str>,
208207
_branch: Option<&str>,
208+
pr_branch: Option<&str>,
209209
no_install: bool,
210210
root_only: bool,
211211
build_args: String,
@@ -215,8 +215,6 @@ impl ScaTool {
215215
let start_time = Instant::now();
216216
if verbose {
217217
println!("[+] Running SCA scan on path: {}", _path);
218-
println!("[+] Commit ID: {}", _commit_id.unwrap_or("None"));
219-
println!("[+] Branch: {}", _branch.unwrap_or("None"));
220218
println!("[+] Build args: {}", build_args.clone());
221219
println!("[+] Manifests: {}", manfiests.clone());
222220
}
@@ -245,25 +243,9 @@ impl ScaTool {
245243
if verbose {
246244
println!("[+] Cloning git repo...");
247245
}
248-
if let Some(_branch) = _branch {
249-
if _commit_id.is_some() {
250-
let branch = Some(_branch);
251-
let out = checkout(_path, "/tmp/app", _commit_id, branch);
252-
if out.is_err() {
253-
println!("Error while cloning: {}", out.err().unwrap());
254-
}
255-
} else {
256-
let branch = Some(_branch);
257-
let out = checkout(_path, "/tmp/app", None, branch);
258-
if out.is_err() {
259-
println!("Error while cloning: {}", out.err().unwrap());
260-
}
261-
}
262-
} else {
263-
let out = checkout(_path, "/tmp/app", None, None);
264-
if out.is_err() {
265-
println!("Error while cloning: {}", out.err().unwrap());
266-
}
246+
let out = checkout(_path, "/tmp/app", _branch, pr_branch);
247+
if out.is_err() {
248+
println!("Error while cloning: {}", out.err().unwrap());
267249
}
268250
} else {
269251
if verbose {

src/scans/tools/secret_tool.rs

Lines changed: 4 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@ impl SecretTool {
1414
pub async fn run_scan(
1515
&self,
1616
_path: &str,
17-
_commit_id: Option<&str>,
1817
_branch: Option<&str>,
18+
pr_branch: Option<&str>,
1919
verbose: bool,
2020
) {
2121
let start_time = Instant::now();
@@ -24,25 +24,9 @@ impl SecretTool {
2424
if verbose {
2525
println!("[+] Cloning git repo...");
2626
}
27-
if let Some(_branch) = _branch {
28-
if _commit_id.is_some() {
29-
let branch = Some(_branch);
30-
let out = checkout(_path, "/tmp/app", _commit_id, branch);
31-
if out.is_err() {
32-
println!("Error while cloning: {}", out.err().unwrap());
33-
}
34-
} else {
35-
let branch = Some(_branch);
36-
let out = checkout(_path, "/tmp/app", None, branch);
37-
if out.is_err() {
38-
println!("Error while cloning: {}", out.err().unwrap());
39-
}
40-
}
41-
} else {
42-
let out = checkout(_path, "/tmp/app", None, None);
43-
if out.is_err() {
44-
println!("Error while cloning: {}", out.err().unwrap());
45-
}
27+
let out = checkout(_path, "/tmp/app", _branch, pr_branch);
28+
if out.is_err() {
29+
println!("Error while cloning: {}", out.err().unwrap());
4630
}
4731
} else {
4832
if verbose {

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy