From 2eff13d99816a45efb24d0953c4407aa9412b794 Mon Sep 17 00:00:00 2001 From: tlenaic Date: Thu, 13 Apr 2017 17:38:47 +0200 Subject: [PATCH 1/8] help Manage Threshold --- .../plugins/zap/ZAPDriver/help-buildThresholds.html | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 src/main/resources/org/jenkinsci/plugins/zap/ZAPDriver/help-buildThresholds.html diff --git a/src/main/resources/org/jenkinsci/plugins/zap/ZAPDriver/help-buildThresholds.html b/src/main/resources/org/jenkinsci/plugins/zap/ZAPDriver/help-buildThresholds.html new file mode 100644 index 0000000..b2fd2da --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/zap/ZAPDriver/help-buildThresholds.html @@ -0,0 +1,6 @@ +Post Build Management Threshold, allows zap to define if a build is flagged as passed, failed or unstable.

+Threshold value stand for the weight of each alert severity

+Soft value is threshold of each alert severity

+Cumulative value is the threshold of the build

+The build goes unstable when we are under the soft or cumulative value

+The build goes failed when we are under the soft and cumulative value


From bd3628fd837fde5e5ffa61f5cbc66086f9e82293 Mon Sep 17 00:00:00 2001 From: tlenaic Date: Thu, 13 Apr 2017 17:41:59 +0200 Subject: [PATCH 2/8] new UI Manage Threshold --- .../plugins/zap/ZAPDriver/config.jelly | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/src/main/resources/org/jenkinsci/plugins/zap/ZAPDriver/config.jelly b/src/main/resources/org/jenkinsci/plugins/zap/ZAPDriver/config.jelly index eb4cc09..c828592 100644 --- a/src/main/resources/org/jenkinsci/plugins/zap/ZAPDriver/config.jelly +++ b/src/main/resources/org/jenkinsci/plugins/zap/ZAPDriver/config.jelly @@ -326,4 +326,43 @@ SOFTWARE. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
${%Threshold Value}${%Soft Threshold }
High
Medium
Low
Info
+ + + + + +
Cumulative Threshold
+ + + From e9a782a29ec4c5afdc405a891922ecb5b86695fb Mon Sep 17 00:00:00 2001 From: tlenaic Date: Thu, 13 Apr 2017 17:44:10 +0200 Subject: [PATCH 3/8] Create ZAPBuilder.java --- .../java/org/jenkinsci/plugins/zap/ZAPBuilder.java | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/zap/ZAPBuilder.java b/src/main/java/org/jenkinsci/plugins/zap/ZAPBuilder.java index ba7bb35..396f97f 100644 --- a/src/main/java/org/jenkinsci/plugins/zap/ZAPBuilder.java +++ b/src/main/java/org/jenkinsci/plugins/zap/ZAPBuilder.java @@ -53,6 +53,7 @@ import hudson.model.BuildListener; import hudson.model.Computer; import hudson.model.Node; +import hudson.model.Result; import hudson.remoting.VirtualChannel; import hudson.slaves.SlaveComputer; import hudson.tasks.BuildStepDescriptor; @@ -61,7 +62,8 @@ /** * The main class of the plugin. This class adds a build step in a Jenkins job that allows you to launch the ZAP security tool and generate reports based on the alerts. - * + * + * @author Lenaic Tchokogoue * @author Goran Sarenkapa * @author Mostafa AbdelMoez * @author Tanguy de Lignières @@ -282,7 +284,7 @@ public boolean perform(AbstractBuild build, Launcher launcher, BuildListen return false; } - boolean res; + Result res; try { if (startZAPFirst){ Utils.lineBreak(listener); @@ -290,6 +292,7 @@ public boolean perform(AbstractBuild build, Launcher launcher, BuildListen } res = build.getWorkspace().act(new ZAPDriverCallable(listener, this.zaproxy)); + build.setResult(res); proc.joinWithTimeout(60L, TimeUnit.MINUTES, listener); Utils.lineBreak(listener); Utils.lineBreak(listener); @@ -334,7 +337,7 @@ public boolean perform(AbstractBuild build, Launcher launcher, BuildListen listener.error(ExceptionUtils.getStackTrace(e)); return false; } - return res; + return res.completeBuild; } /** @@ -433,7 +436,7 @@ public boolean configure(StaplerRequest req, JSONObject formData) throws FormExc /** * Used to execute ZAP remotely. */ - private static class ZAPDriverCallable implements FileCallable { + private static class ZAPDriverCallable implements FileCallable { private static final long serialVersionUID = 1L; private BuildListener listener; @@ -445,7 +448,7 @@ public ZAPDriverCallable(BuildListener listener, ZAPDriver zaproxy) { } @Override - public Boolean invoke(File f, VirtualChannel channel) { return zaproxy.executeZAP(listener, new FilePath(f)); } + public Result invoke(File f, VirtualChannel channel) { return zaproxy.executeZAP(listener, new FilePath(f)); } @Override public void checkRoles(RoleChecker checker) throws SecurityException { /* N/A */ } From e0a033e9a32195b9599c03d818e730bb5d14500f Mon Sep 17 00:00:00 2001 From: tlenaic Date: Thu, 13 Apr 2017 17:59:15 +0200 Subject: [PATCH 4/8] new Manage threshold --- .../org/jenkinsci/plugins/zap/ZAPDriver.java | 176 +++++++++++++++++- 1 file changed, 174 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java index 8d6fd31..5c4531d 100644 --- a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java +++ b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java @@ -86,6 +86,7 @@ import hudson.model.EnvironmentSpecific; import hudson.model.JDK; import hudson.model.Node; +import hudson.model.Result; import hudson.remoting.VirtualChannel; import hudson.slaves.NodeSpecific; import hudson.slaves.SlaveComputer; @@ -178,6 +179,7 @@ public ZAPDriver(boolean autoInstall, String toolUsed, String zapHome, String jd boolean exportreportAlertHigh, boolean exportreportAlertMedium, boolean exportreportAlertLow, boolean exportreportAlertInformational, boolean exportreportCWEID, boolean exportreportWASCID, boolean exportreportDescription, boolean exportreportOtherInfo, boolean exportreportSolution, boolean exportreportReference, boolean exportreportRequestHeader, boolean exportreportResponseHeader, boolean exportreportRequestBody, boolean exportreportResponseBody, boolean jiraCreate, String jiraProjectKey, String jiraAssignee, boolean jiraAlertHigh, boolean jiraAlertMedium, boolean jiraAlertLow, boolean jiraFilterIssuesByResourceType, + boolean buildThresholds, int hThresholdValue, int hSoftValue, int mThresholdValue, int mSoftValue, int lThresholdValue, int lSoftValue, int iThresholdValue, int iSoftValue, int cumulValue, List cmdLinesZAP) { /* Startup */ @@ -283,6 +285,18 @@ public ZAPDriver(boolean autoInstall, String toolUsed, String zapHome, String jd this.jiraAlertMedium = jiraAlertMedium; this.jiraAlertLow = jiraAlertLow; this.jiraFilterIssuesByResourceType = jiraFilterIssuesByResourceType; + + /* Post Build Step*/ + this.buildThresholds=buildThresholds; + this.hThresholdValue= hThresholdValue; + this.hSoftValue = hSoftValue; + this.mThresholdValue = mThresholdValue; + this.mSoftValue = mSoftValue; + this.lThresholdValue = lThresholdValue; + this.lSoftValue = lSoftValue; + this.iThresholdValue = iThresholdValue; + this.iSoftValue = iSoftValue; + this.cumulValue = cumulValue; /* Other */ this.cmdLinesZAP = cmdLinesZAP != null ? new ArrayList(cmdLinesZAP) : new ArrayList(); @@ -411,6 +425,19 @@ public String toString() { s += "jiraAlertMedium [" + jiraAlertMedium + "]\n"; s += "jiraAlertLow [" + jiraAlertLow + "]\n"; s += "jiraFilterIssuesByResourceType[" + jiraFilterIssuesByResourceType + "]\n"; + s += "\n"; + s += " Post build \n"; + s += "-------------------------------------------------------\n"; + s += "buildThresholds [" + buildThresholds + "]\n"; + s += "hThresholdValue [" + hThresholdValue + "]\n"; + s += "hSoftValue [" + hSoftValue + "]\n"; + s += "mThresholdValue [" + mThresholdValue + "]\n"; + s += "mSoftValue [" + mSoftValue + "]\n"; + s += "lThresholdValue [" + lThresholdValue + "]\n"; + s += "lSoftValue [" + lSoftValue + "]\n"; + s += "iThresholdValue [" + iThresholdValue + "]\n"; + s += "iSoftValue [" + iSoftValue + "]\n"; + s += "cumulValue [" + cumulValue + "]\n"; return s; } @@ -1084,8 +1111,9 @@ private boolean deleteExternalSites (BuildListener listener, ClientApi clientApi * of type FilePath: a {@link FilePath} representing the build's workspace. * @return of type: boolean DESC: true if no exception is caught, false otherwise. */ - public boolean executeZAP(BuildListener listener, FilePath workspace) { + public Result executeZAP(BuildListener listener, FilePath workspace) { boolean buildSuccess = true; + Result buildStatus=Result.SUCCESS; /* Check to make sure that plugin's are installed with ZAP if they are selected in the UI. */ if (((this.generateReports) && this.selectedReportMethod.equals(EXPORT_REPORT)) || (this.jiraCreate)) { @@ -1229,11 +1257,18 @@ else if (this.selectedReportMethod.equals(EXPORT_REPORT)) { Utils.loggerMessage(listener, 1, "ALERTS COUNT [ {1} ]", Utils.ZAP, numberOfAlerts); String numberOfMessages = ((ApiResponseElement) clientApi.core.numberOfMessages("")).getValue(); Utils.loggerMessage(listener, 1, "MESSAGES COUNT [ {1} ]", Utils.ZAP, numberOfMessages); + + /* POST BUILD STEP */ + Utils.lineBreak(listener); + Utils.loggerMessage(listener, 0, "[{0}] MANAGE POST-BUILD THRESHOLD(S) ENABLED [ {1} ]", Utils.ZAP, String.valueOf(this.buildThresholds).toUpperCase()); + if(this.buildThresholds) buildStatus = ManageThreshold(listener, clientApi, this.hThresholdValue, this.hSoftValue, this.mThresholdValue, this.mSoftValue, this.lThresholdValue, this.lSoftValue, this.iThresholdValue, this.iSoftValue, this.cumulValue); + } } catch (Exception e) { listener.error(ExceptionUtils.getStackTrace(e)); buildSuccess = false; + buildStatus = Result.ABORTED; } finally { try { @@ -1242,10 +1277,11 @@ else if (this.selectedReportMethod.equals(EXPORT_REPORT)) { catch (ClientApiException e) { listener.error(ExceptionUtils.getStackTrace(e)); buildSuccess = false; + buildStatus = Result.ABORTED; } } Utils.lineBreak(listener); - return buildSuccess; + return buildStatus; } /** @@ -2103,6 +2139,110 @@ else if (authMode) { else Utils.loggerMessage(listener, 1, "SKIP ACTIVE SCAN FOR THE SITE [ {0} ]", targetURL); } + /** + * ManageThreshold define build value failed, pass , unstable. + * + * @param listener + * of type BuildListener: the display log listener during the Jenkins job execution. + * @param clientApi + * of type ClientApi: the ZAP client API to call method. + * @param hThresholdValue + * of type int: the Weight of the alert severity high. + * @param hSoftValue + * of type int: the threshold of the alert severity high. + * @param mThresholdValue + * of type int: the Weight of the alert severity meduim. + * @param mSoftValue + * of type int: the threshold of the alert severity meduim. + * @param lThresholdValue + * of type int: the Weight of the alert severity low. + * @param lSoftValue + * of type int: the threshold of the alert severity low. + * @param iThresholdValue + * of type int: the Weight of the alert severity informational. + * @param iSoftValue + * of type int: the threshold of the alert severity informational. + * @param cumulValue + * of type int: the cumulative threshold of the alerts. + * + */ + + private Result ManageThreshold(BuildListener listener,ClientApi clientApi, int hThresholdValue, int hSoftValue, int mThresholdValue, int mSoftValue, int lThresholdValue, int lSoftValue, int iThresholdValue, int iSoftValue, int cumulValue) throws ClientApiException, IOException { + + Utils.lineBreak(listener); + Utils.loggerMessage(listener, 0, "START : COMPUTE THRESHOLD", Utils.ZAP); + Result buildStatus = Result.SUCCESS; + + Utils.lineBreak(listener); + int nbAlertHigh = countAlertbySeverity(clientApi, "High"); + Utils.loggerMessage(listener, 1, "ALERTS High COUNT [ {1} ]", Utils.ZAP, Integer.toString(nbAlertHigh)); + + int nbAlertMedium = countAlertbySeverity(clientApi, "Medium"); + Utils.loggerMessage(listener, 1, "ALERTS Medium COUNT [ {1} ]", Utils.ZAP, Integer.toString(nbAlertMedium)); + + int nbAlertLow = countAlertbySeverity(clientApi, "Low"); + Utils.loggerMessage(listener, 1, "ALERTS Low COUNT [ {1} ]", Utils.ZAP, Integer.toString(nbAlertLow)); + + int nbAlertInfo =countAlertbySeverity(clientApi, "Informational"); + Utils.loggerMessage(listener, 1, "ALERTS Informational COUNT [ {1} ]", Utils.ZAP, Integer.toString(nbAlertInfo)); + int count = 0; + + int hScale = computeProduct(hThresholdValue,nbAlertHigh); + int mScale = computeProduct(mThresholdValue,nbAlertMedium); + int lScale = computeProduct(lThresholdValue,nbAlertLow); + int iScale = computeProduct(iThresholdValue,nbAlertInfo); + + if((hScale > hSoftValue) || (mScale > mSoftValue) || (lScale > lSoftValue ) || (iScale > iSoftValue)){count++;} + if((hScale+mScale+lScale+iScale)> cumulValue){count++;} + + if(count==1){buildStatus = Result.UNSTABLE;} + if(count==2){buildStatus = Result.FAILURE;} + + Utils.loggerMessage(listener, 0, "END : COMPUTING THRESHOLD", Utils.ZAP); + + return buildStatus; + + } + + /** + * computeProduct do the product of two Integer. + * + * @param a + * of type Integer. + * @param b + * of type Integer. + */ + public int computeProduct(int a, int b){ + int res; + res = a * b; + return res; + } + + /** + * countAlertbySeverity count the number of alert by severity. + * + * @param clientApi + * of type ClientApi: the ZAP client API to call method. + * @param risk + * of type string : it's the alert severity. + */ + public int countAlertbySeverity(ClientApi clientApi,String risk)throws ClientApiException{ + int nbAlert = 0; + List tempid = new ArrayList(); + tempid.add("begin"); + + List allAlerts1 = ((ApiResponseList) clientApi.core.alerts("","","")).getItems(); + for(int i=0;i> Manage Threshold */ + + private final boolean buildThresholds; + public boolean isbuildThresholds() {return buildThresholds;} + + private final int hThresholdValue; + public int gethThresholdValue() {return hThresholdValue;} + + private final int hSoftValue; + public int gethSoftValue() {return hSoftValue;} + + private final int mThresholdValue; + public int getmThresholdValue() {return mThresholdValue;} + + private final int mSoftValue; + public int getmSoftValue() {return mSoftValue;} + + private final int lThresholdValue; + public int getlThresholdValue() {return lThresholdValue;} + + private final int lSoftValue; + public int getlSoftValue() {return lSoftValue;} + + private final int iThresholdValue; + public int getiThresholdValue() {return iThresholdValue;} + + private final int iSoftValue; + public int getiSoftValue() {return iSoftValue;} + + private final int cumulValue; + public int getcumulValue() {return cumulValue;} /*****************************/ } From 9d1469330289014c17f485ec6466c9892ec256a0 Mon Sep 17 00:00:00 2001 From: tlenaic Date: Thu, 10 Aug 2017 17:17:04 +0200 Subject: [PATCH 5/8] change how status is tag as failed or unstable --- .../java/org/jenkinsci/plugins/zap/ZAPDriver.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java index 5c4531d..c434a41 100644 --- a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java +++ b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java @@ -1261,7 +1261,8 @@ else if (this.selectedReportMethod.equals(EXPORT_REPORT)) { /* POST BUILD STEP */ Utils.lineBreak(listener); Utils.loggerMessage(listener, 0, "[{0}] MANAGE POST-BUILD THRESHOLD(S) ENABLED [ {1} ]", Utils.ZAP, String.valueOf(this.buildThresholds).toUpperCase()); - if(this.buildThresholds) buildStatus = ManageThreshold(listener, clientApi, this.hThresholdValue, this.hSoftValue, this.mThresholdValue, this.mSoftValue, this.lThresholdValue, this.lSoftValue, this.iThresholdValue, this.iSoftValue, this.cumulValue); + if(this.buildThresholds) buildStatus = + (listener, clientApi, this.hThresholdValue, this.hSoftValue, this.mThresholdValue, this.mSoftValue, this.lThresholdValue, this.lSoftValue, this.iThresholdValue, this.iSoftValue, this.cumulValue); } } @@ -2185,18 +2186,16 @@ private Result ManageThreshold(BuildListener listener,ClientApi clientApi, int h int nbAlertInfo =countAlertbySeverity(clientApi, "Informational"); Utils.loggerMessage(listener, 1, "ALERTS Informational COUNT [ {1} ]", Utils.ZAP, Integer.toString(nbAlertInfo)); - int count = 0; int hScale = computeProduct(hThresholdValue,nbAlertHigh); int mScale = computeProduct(mThresholdValue,nbAlertMedium); int lScale = computeProduct(lThresholdValue,nbAlertLow); int iScale = computeProduct(iThresholdValue,nbAlertInfo); - if((hScale > hSoftValue) || (mScale > mSoftValue) || (lScale > lSoftValue ) || (iScale > iSoftValue)){count++;} - if((hScale+mScale+lScale+iScale)> cumulValue){count++;} - - if(count==1){buildStatus = Result.UNSTABLE;} - if(count==2){buildStatus = Result.FAILURE;} + if((mScale > mSoftValue) || (lScale > lSoftValue ) || (iScale > iSoftValue)){ + buildStatus = Result.UNSTABLE; + if((hScale > hSoftValue) || (hScale+mScale+lScale+iScale)> cumulValue){buildStatus = Result.FAILURE;} + } Utils.loggerMessage(listener, 0, "END : COMPUTING THRESHOLD", Utils.ZAP); From 7303a9bf6763701a551be7e8d084e73500e0e2ba Mon Sep 17 00:00:00 2001 From: tlenaic Date: Fri, 11 Aug 2017 12:10:24 +0200 Subject: [PATCH 6/8] add missing ")" to managethreshold --- src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java index c434a41..ee39615 100644 --- a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java +++ b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java @@ -2192,11 +2192,10 @@ private Result ManageThreshold(BuildListener listener,ClientApi clientApi, int h int lScale = computeProduct(lThresholdValue,nbAlertLow); int iScale = computeProduct(iThresholdValue,nbAlertInfo); - if((mScale > mSoftValue) || (lScale > lSoftValue ) || (iScale > iSoftValue)){ - buildStatus = Result.UNSTABLE; - if((hScale > hSoftValue) || (hScale+mScale+lScale+iScale)> cumulValue){buildStatus = Result.FAILURE;} - } - + if((mScale > mSoftValue) || (lScale > lSoftValue ) || (iScale > iSoftValue)){buildStatus = Result.UNSTABLE;} + + if((hScale > hSoftValue) || (hScale+mScale+lScale+iScale)> cumulValue)){buildStatus = Result.FAILURE;} + Utils.loggerMessage(listener, 0, "END : COMPUTING THRESHOLD", Utils.ZAP); return buildStatus; From 273b56aaa69f4eb05c80e3135bb5f85152c4fafd Mon Sep 17 00:00:00 2001 From: tlenaic Date: Mon, 14 Aug 2017 07:33:24 +0200 Subject: [PATCH 7/8] missing "(" managethreshold --- src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java index ee39615..b944472 100644 --- a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java +++ b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java @@ -2194,7 +2194,7 @@ private Result ManageThreshold(BuildListener listener,ClientApi clientApi, int h if((mScale > mSoftValue) || (lScale > lSoftValue ) || (iScale > iSoftValue)){buildStatus = Result.UNSTABLE;} - if((hScale > hSoftValue) || (hScale+mScale+lScale+iScale)> cumulValue)){buildStatus = Result.FAILURE;} + if((hScale > hSoftValue) || ((hScale+mScale+lScale+iScale)> cumulValue)){buildStatus = Result.FAILURE;} Utils.loggerMessage(listener, 0, "END : COMPUTING THRESHOLD", Utils.ZAP); From 2cb14316cb2b4fb8347a7f228e6a236bf99a1022 Mon Sep 17 00:00:00 2001 From: tfl421 Date: Mon, 14 Aug 2017 11:59:32 +0200 Subject: [PATCH 8/8] method manageThreshold delete(#error) --- src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java index b944472..4de4001 100644 --- a/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java +++ b/src/main/java/org/jenkinsci/plugins/zap/ZAPDriver.java @@ -1261,8 +1261,7 @@ else if (this.selectedReportMethod.equals(EXPORT_REPORT)) { /* POST BUILD STEP */ Utils.lineBreak(listener); Utils.loggerMessage(listener, 0, "[{0}] MANAGE POST-BUILD THRESHOLD(S) ENABLED [ {1} ]", Utils.ZAP, String.valueOf(this.buildThresholds).toUpperCase()); - if(this.buildThresholds) buildStatus = - (listener, clientApi, this.hThresholdValue, this.hSoftValue, this.mThresholdValue, this.mSoftValue, this.lThresholdValue, this.lSoftValue, this.iThresholdValue, this.iSoftValue, this.cumulValue); + if(this.buildThresholds) buildStatus = ManageThreshold(listener, clientApi, this.hThresholdValue, this.hSoftValue, this.mThresholdValue, this.mSoftValue, this.lThresholdValue, this.lSoftValue, this.iThresholdValue, this.iSoftValue, this.cumulValue); } }