From b4ba8e21cdc8ca1d2cd71f22ef019d92f8db0799 Mon Sep 17 00:00:00 2001 From: Dawid Malinowski Date: Sat, 2 May 2015 19:22:46 +0200 Subject: Add support for OWASP Dependency-Check Plugin Supports publisher for Dependency-Check utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin Change-Id: I3dc1ab923c392aac00189c3f852a1138c1f0ab36 --- jenkins_jobs/modules/helpers.py | 17 ++--- jenkins_jobs/modules/publishers.py | 76 ++++++++++++++++++++++ tests/publishers/fixtures/checkstyle001.xml | 1 + tests/publishers/fixtures/checkstyle002.xml | 1 + tests/publishers/fixtures/checkstyle003.xml | 1 + tests/publishers/fixtures/checkstyle004.xml | 1 + tests/publishers/fixtures/checkstyle005.xml | 1 + tests/publishers/fixtures/checkstyle006.xml | 1 + tests/publishers/fixtures/dependency-check001.xml | 30 +++++++++ tests/publishers/fixtures/dependency-check001.yaml | 4 ++ tests/publishers/fixtures/dry001.xml | 1 + tests/publishers/fixtures/dry002.xml | 1 + tests/publishers/fixtures/dry003.xml | 1 + tests/publishers/fixtures/dry004.xml | 1 + tests/publishers/fixtures/findbugs01.xml | 2 +- tests/publishers/fixtures/pmd001.xml | 1 + tests/publishers/fixtures/pmd002.xml | 1 + tests/publishers/fixtures/pmd003.xml | 1 + tests/reporters/fixtures/findbugs-minimal.xml | 2 +- tests/reporters/fixtures/findbugs01.xml | 2 +- 20 files changed, 133 insertions(+), 13 deletions(-) create mode 100644 tests/publishers/fixtures/dependency-check001.xml create mode 100644 tests/publishers/fixtures/dependency-check001.yaml diff --git a/jenkins_jobs/modules/helpers.py b/jenkins_jobs/modules/helpers.py index aa3aeac2..f585dbb3 100644 --- a/jenkins_jobs/modules/helpers.py +++ b/jenkins_jobs/modules/helpers.py @@ -60,6 +60,8 @@ def build_trends_publisher(plugin_name, xml_element, data): ('default-encoding', 'defaultEncoding', ''), ('can-run-on-failed', 'canRunOnFailed', False), ('use-stable-build-as-reference', 'useStableBuildAsReference', False), + ('use-previous-build-as-reference', + 'usePreviousBuildAsReference', False), ('use-delta-values', 'useDeltaValues', False), ('thresholds', 'thresholds', {}), ('should-detect-modules', 'shouldDetectModules', False), @@ -132,9 +134,8 @@ def config_file_provider_settings(xml_parent, data): # For cfp versions <2.10.0 we are able to detect cfp via the config # settings name. - if settings_file.startswith( - 'org.jenkinsci.plugins.configfiles.maven.' - 'MavenSettingsConfig'): + text = 'org.jenkinsci.plugins.configfiles.maven.MavenSettingsConfig' + if settings_file.startswith(text): settings_type = 'cfp' if settings_type == 'file': @@ -161,9 +162,9 @@ def config_file_provider_settings(xml_parent, data): # For cfp versions <2.10.0 we are able to detect cfp via the config # settings name. - if global_settings_file.startswith( - 'org.jenkinsci.plugins.configfiles.maven.' - 'GlobalMavenSettingsConfig'): + text = ('org.jenkinsci.plugins.configfiles.maven.' + 'GlobalMavenSettingsConfig') + if global_settings_file.startswith(text): global_settings_type = 'cfp' if global_settings_type == 'file': @@ -242,10 +243,6 @@ def findbugs_settings(xml_parent, data): XML.SubElement(xml_parent, 'includePattern').text = include_files exclude_files = data.get('exclude-files', '') XML.SubElement(xml_parent, 'excludePattern').text = exclude_files - use_previous_build = str(data.get('use-previous-build-as-reference', - False)).lower() - XML.SubElement(xml_parent, - 'usePreviousBuildAsReference').text = use_previous_build def get_value_from_yaml_or_config_file(key, section, data, parser): diff --git a/jenkins_jobs/modules/publishers.py b/jenkins_jobs/modules/publishers.py index 1ecb461b..f79db8e7 100644 --- a/jenkins_jobs/modules/publishers.py +++ b/jenkins_jobs/modules/publishers.py @@ -1489,6 +1489,8 @@ def checkstyle(parser, xml_parent, data): :arg bool do-not-resolve-relative-paths: (default false) :arg bool dont-compute-new: If set to false, computes new warnings based on the reference build (default true) + :arg bool use-previous-build-as-reference: determines whether to always + use the previous build as the reference build (Default false) :arg bool use-stable-build-as-reference: The number of new warnings will be calculated based on the last stable build, allowing reverts of unstable builds where the number of warnings was decreased. (default false) @@ -3919,6 +3921,76 @@ def stash(parser, xml_parent, data): data.get('include-build-number', False)).lower() +def dependency_check(parser, xml_parent, data): + """yaml: dependency-check + Dependency-Check is an open source utility that identifies project + dependencies and checks if there are any known, publicly disclosed, + vulnerabilities. + + Requires the Jenkins :jenkins-wiki:`OWASP Dependency-Check Plugin + `. + + :arg str pattern: Report filename pattern (optional) + :arg bool can-run-on-failed: Also runs for failed builds, instead of just + stable or unstable builds (default false) + :arg bool should-detect-modules: Determines if Ant or Maven modules should + be detected for all files that contain warnings (default false) + :arg int healthy: Sunny threshold (optional) + :arg int unhealthy: Stormy threshold (optional) + :arg str health-threshold: Threshold priority for health status + ('low', 'normal' or 'high', defaulted to 'low') + :arg dict thresholds: Mark build as failed or unstable if the number of + errors exceeds a threshold. (optional) + + :thresholds: + * **unstable** (`dict`) + :unstable: * **total-all** (`int`) + * **total-high** (`int`) + * **total-normal** (`int`) + * **total-low** (`int`) + * **new-all** (`int`) + * **new-high** (`int`) + * **new-normal** (`int`) + * **new-low** (`int`) + + * **failed** (`dict`) + :failed: * **total-all** (`int`) + * **total-high** (`int`) + * **total-normal** (`int`) + * **total-low** (`int`) + * **new-all** (`int`) + * **new-high** (`int`) + * **new-normal** (`int`) + * **new-low** (`int`) + :arg str default-encoding: Encoding for parsing or showing files (optional) + :arg bool do-not-resolve-relative-paths: (default false) + :arg bool dont-compute-new: If set to false, computes new warnings based on + the reference build (default true) + :arg bool use-previous-build-as-reference: determines whether to always + use the previous build as the reference build (Default false) + :arg bool use-stable-build-as-reference: The number of new warnings will be + calculated based on the last stable build, allowing reverts of unstable + builds where the number of warnings was decreased. (default false) + :arg bool use-delta-values: If set then the number of new warnings is + calculated by subtracting the total number of warnings of the current + build from the reference build. + (default false) + + Example: + + .. literalinclude:: + /../../tests/publishers/fixtures/dependency-check001.yaml + :language: yaml + """ + + dependency_check = XML.SubElement( + xml_parent, + 'org.jenkinsci.plugins.DependencyCheck.DependencyCheckPublisher') + + # trends + build_trends_publisher('[DEPENDENCYCHECK] ', dependency_check, data) + + def description_setter(parser, xml_parent, data): """yaml: description-setter This plugin sets the description for each build, @@ -4375,6 +4447,8 @@ def pmd(parser, xml_parent, data): :arg bool do-not-resolve-relative-paths: (default false) :arg bool dont-compute-new: If set to false, computes new warnings based on the reference build (default true) + :arg bool use-previous-build-as-reference: determines whether to always + use the previous build as the reference build (Default false) :arg bool use-stable-build-as-reference: The number of new warnings will be calculated based on the last stable build, allowing reverts of unstable builds where the number of warnings was decreased. (default false) @@ -4483,6 +4557,8 @@ def dry(parser, xml_parent, data): :arg bool do-not-resolve-relative-paths: (default false) :arg bool dont-compute-new: If set to false, computes new warnings based on the reference build (default true) + :arg bool use-previous-build-as-reference: determines whether to always + use the previous build as the reference build (Default false) :arg bool use-stable-build-as-reference: The number of new warnings will be calculated based on the last stable build, allowing reverts of unstable builds where the number of warnings was decreased. (default false) diff --git a/tests/publishers/fixtures/checkstyle001.xml b/tests/publishers/fixtures/checkstyle001.xml index 06b52cf1..4c9a5f31 100644 --- a/tests/publishers/fixtures/checkstyle001.xml +++ b/tests/publishers/fixtures/checkstyle001.xml @@ -9,6 +9,7 @@ false false + false false diff --git a/tests/publishers/fixtures/checkstyle002.xml b/tests/publishers/fixtures/checkstyle002.xml index 190a0a11..7e944ece 100644 --- a/tests/publishers/fixtures/checkstyle002.xml +++ b/tests/publishers/fixtures/checkstyle002.xml @@ -9,6 +9,7 @@ utf-8 true false + false false 90 diff --git a/tests/publishers/fixtures/checkstyle003.xml b/tests/publishers/fixtures/checkstyle003.xml index df211bb8..d3248b3c 100644 --- a/tests/publishers/fixtures/checkstyle003.xml +++ b/tests/publishers/fixtures/checkstyle003.xml @@ -9,6 +9,7 @@ false false + false false diff --git a/tests/publishers/fixtures/checkstyle004.xml b/tests/publishers/fixtures/checkstyle004.xml index 06b52cf1..4c9a5f31 100644 --- a/tests/publishers/fixtures/checkstyle004.xml +++ b/tests/publishers/fixtures/checkstyle004.xml @@ -9,6 +9,7 @@ false false + false false diff --git a/tests/publishers/fixtures/checkstyle005.xml b/tests/publishers/fixtures/checkstyle005.xml index 190a0a11..7e944ece 100644 --- a/tests/publishers/fixtures/checkstyle005.xml +++ b/tests/publishers/fixtures/checkstyle005.xml @@ -9,6 +9,7 @@ utf-8 true false + false false 90 diff --git a/tests/publishers/fixtures/checkstyle006.xml b/tests/publishers/fixtures/checkstyle006.xml index 4cbd9639..5ead1f99 100644 --- a/tests/publishers/fixtures/checkstyle006.xml +++ b/tests/publishers/fixtures/checkstyle006.xml @@ -9,6 +9,7 @@ utf-8 true true + false true 90 diff --git a/tests/publishers/fixtures/dependency-check001.xml b/tests/publishers/fixtures/dependency-check001.xml new file mode 100644 index 00000000..49d2fb1a --- /dev/null +++ b/tests/publishers/fixtures/dependency-check001.xml @@ -0,0 +1,30 @@ + + + + + + + low + [DEPENDENCYCHECK] + + false + true + false + false + + + + + + + + + + + false + true + false + **/dependency-check-report.xml + + + diff --git a/tests/publishers/fixtures/dependency-check001.yaml b/tests/publishers/fixtures/dependency-check001.yaml new file mode 100644 index 00000000..9276392a --- /dev/null +++ b/tests/publishers/fixtures/dependency-check001.yaml @@ -0,0 +1,4 @@ +publishers: + - dependency-check: + pattern: '**/dependency-check-report.xml' + use-stable-build-as-reference: true diff --git a/tests/publishers/fixtures/dry001.xml b/tests/publishers/fixtures/dry001.xml index 0a5c60b7..85f10bd2 100644 --- a/tests/publishers/fixtures/dry001.xml +++ b/tests/publishers/fixtures/dry001.xml @@ -9,6 +9,7 @@ false false + false false diff --git a/tests/publishers/fixtures/dry002.xml b/tests/publishers/fixtures/dry002.xml index 66aa1232..45cbb65d 100644 --- a/tests/publishers/fixtures/dry002.xml +++ b/tests/publishers/fixtures/dry002.xml @@ -9,6 +9,7 @@ utf-8 true false + false false 90 diff --git a/tests/publishers/fixtures/dry003.xml b/tests/publishers/fixtures/dry003.xml index ee09bfcb..b03b864e 100644 --- a/tests/publishers/fixtures/dry003.xml +++ b/tests/publishers/fixtures/dry003.xml @@ -9,6 +9,7 @@ false false + false false diff --git a/tests/publishers/fixtures/dry004.xml b/tests/publishers/fixtures/dry004.xml index c15d7047..3ab575cf 100644 --- a/tests/publishers/fixtures/dry004.xml +++ b/tests/publishers/fixtures/dry004.xml @@ -9,6 +9,7 @@ utf-8 true true + false true 90 diff --git a/tests/publishers/fixtures/findbugs01.xml b/tests/publishers/fixtures/findbugs01.xml index d2f7bc68..ff2c3255 100644 --- a/tests/publishers/fixtures/findbugs01.xml +++ b/tests/publishers/fixtures/findbugs01.xml @@ -5,7 +5,6 @@ true f,d,e,.* a,c,d,.* - true 80 10 high @@ -13,6 +12,7 @@ true true + true true 90 diff --git a/tests/publishers/fixtures/pmd001.xml b/tests/publishers/fixtures/pmd001.xml index 8d046aa6..f7d2a3b7 100644 --- a/tests/publishers/fixtures/pmd001.xml +++ b/tests/publishers/fixtures/pmd001.xml @@ -9,6 +9,7 @@ false false + false false diff --git a/tests/publishers/fixtures/pmd002.xml b/tests/publishers/fixtures/pmd002.xml index 044911a5..a2ca3167 100644 --- a/tests/publishers/fixtures/pmd002.xml +++ b/tests/publishers/fixtures/pmd002.xml @@ -9,6 +9,7 @@ utf-8 true false + false false 90 diff --git a/tests/publishers/fixtures/pmd003.xml b/tests/publishers/fixtures/pmd003.xml index 9f0320dc..79e74531 100644 --- a/tests/publishers/fixtures/pmd003.xml +++ b/tests/publishers/fixtures/pmd003.xml @@ -9,6 +9,7 @@ false false + false false diff --git a/tests/reporters/fixtures/findbugs-minimal.xml b/tests/reporters/fixtures/findbugs-minimal.xml index 21fa9e03..d00778fa 100644 --- a/tests/reporters/fixtures/findbugs-minimal.xml +++ b/tests/reporters/fixtures/findbugs-minimal.xml @@ -5,7 +5,6 @@ false - false low @@ -13,6 +12,7 @@ false false + false false diff --git a/tests/reporters/fixtures/findbugs01.xml b/tests/reporters/fixtures/findbugs01.xml index 2d895973..da8f457b 100644 --- a/tests/reporters/fixtures/findbugs01.xml +++ b/tests/reporters/fixtures/findbugs01.xml @@ -5,7 +5,6 @@ true f,d,e,.* a,c,d,.* - true 80 10 high @@ -13,6 +12,7 @@ true true + true true 90 -- cgit