Merge branch 'add-checkmarx-iast-framework' into main

Signed-off-by: Ben Hale <[email protected]>

Author: nebhale

.idea/codeStyles/Project.xml

@@ -80,6 +80,7 @@ The buildpack supports extension through the use of Git repository forking. The
 * Standard Frameworks
   * [AppDynamics Agent](docs/framework-app_dynamics_agent.md) ([Configuration](docs/framework-app_dynamics_agent.md#configuration))
   * [AspectJ Weaver Agent](docs/framework-aspectj_weaver_agent.md) ([Configuration](docs/framework-aspectj_weaver_agent.md#configuration))
+  * [Checkmarx IAST Agent](docs/framework-checkmarx_iast_agent.md) ([Configuration](docs/framework-checkmarx_iast_agent.md#configuration))
   * [Client Certificate Mapper](docs/framework-client_certificate_mapper.md) ([Configuration](docs/framework-client_certificate_mapper.md#configuration))
   * [Container Customizer](docs/framework-container_customizer.md) ([Configuration](docs/framework-container_customizer.md#configuration))
   * [Container Security Provider](docs/framework-container_security_provider.md) ([Configuration](docs/framework-container_security_provider.md#configuration))
@@ -111,7 +112,6 @@ The buildpack supports extension through the use of Git repository forking. The
   * [SkyWalking Agent](docs/framework-sky_walking_agent.md) ([Configuration](docs/framework-sky_walking_agent.md#configuration))
   * [Takipi Agent](docs/framework-takipi_agent.md) ([Configuration](docs/framework-takipi_agent.md#configuration))
   * [YourKit Profiler](docs/framework-your_kit_profiler.md) ([Configuration](docs/framework-your_kit_profiler.md#configuration))
-  * [Checkmarx IAST Agent](docs/framework-checkmarx_iast_agent.md) ([Configuration](docs/framework-checkmarx_iast_agent.md#configuration))
 * Standard JREs
   * [Azul Zulu](docs/jre-zulu_jre.md) ([Configuration](docs/jre-zulu_jre.md#configuration))
   * [GraalVM](docs/jre-graal_vm_jre.md) ([Configuration](docs/jre-graal_vm_jre.md#configuration))

README.md

@@ -44,6 +44,7 @@ frameworks:
   - "JavaBuildpack::Framework::AppDynamicsAgent"
   - "JavaBuildpack::Framework::AspectjWeaverAgent"
   - "JavaBuildpack::Framework::AzureApplicationInsightsAgent"
+  - "JavaBuildpack::Framework::CheckmarxIastAgent"
   - "JavaBuildpack::Framework::ClientCertificateMapper"
   - "JavaBuildpack::Framework::ContainerCustomizer"
   - "JavaBuildpack::Framework::ContainerSecurityProvider"
@@ -74,5 +75,4 @@ frameworks:
   - "JavaBuildpack::Framework::YourKitProfiler"
   - "JavaBuildpack::Framework::TakipiAgent"
   - "JavaBuildpack::Framework::JavaSecurity"
-  - "JavaBuildpack::Framework::CheckmarxIastAgent"
   - "JavaBuildpack::Framework::JavaOpts"

config/components.yml

@@ -15,44 +15,46 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'java_buildpack/component/versioned_dependency_component'
 require 'java_buildpack/framework'
 
 module JavaBuildpack
   module Framework
 
     # Encapsulates the functionality for running with Checkmarx IAST Agent
-    class CheckmarxIastAgent < JavaBuildpack::Component::BaseComponent
+    class CheckmarxIastAgent < JavaBuildpack::Component::VersionedDependencyComponent
       include JavaBuildpack::Util
 
       # Creates an instance.  In addition to the functionality inherited from +BaseComponent+, +@version+ and +@uri+
       # instance variables are exposed.
       #
       # @param [Hash] context a collection of utilities used by components
       def initialize(context)
-        super(context)
-
-        # Save the IAST server URL in server, if found
-        service = @application.services.find_service(FILTER, 'server')
-        @server = service['credentials']['server'].chomp '/' if service
-      end
+        @application = context[:application]
+        @component_name = self.class.to_s.space_case
+        @configuration = context[:configuration]
+        @droplet = context[:droplet]
+
+        if supports?
+          @version = ''
+          @uri = @application.services.find_service(FILTER, 'server')['credentials']['server'].chomp +
+                 '/iast/compilation/download/JAVA'
+        end
 
-      # (see JavaBuildpack::Component::BaseComponent#detect)
-      def detect
-        @server
+        @logger = JavaBuildpack::Logging::LoggerFactory.instance.get_logger DynatraceOneAgent
       end
 
       # (see JavaBuildpack::Component::BaseComponent#compile)
       def compile
-        # Download and extract the agent from the IAST server
-        FileUtils.mkdir_p @droplet.sandbox
-        # curl --insecure: most IAST servers will use self-signed SSL
-        shell 'curl --fail --insecure --silent --show-error ' \
-              "#{@server}/iast/compilation/download/JAVA -o #{@droplet.sandbox}/cx-agent.zip"
-        shell "unzip #{@droplet.sandbox}/cx-agent.zip -d #{@droplet.sandbox}"
+        JavaBuildpack::Util::Cache::InternetAvailability.instance.available(
+          true, 'The Checkmarx IAST download location is always accessible'
+        ) do
+          download_zip(false)
+        end
 
         # Disable cache (no point, when running in a container)
-        File.open("#{@droplet.sandbox}/#{OVERRIDE_CONFIG}", 'a') do |file|
-          file.write("\nenableWeavedClassCache=false\n")
+        File.open(@droplet.sandbox + 'cx_agent.override.properties', 'a') do |f|
+          f.write("\nenableWeavedClassCache=false\n")
         end
       end
 
@@ -63,25 +65,27 @@ def release
         # Default team to CxServer if not set as env var
         team = ENV['cxTeam'] || 'CxServer'
 
-        javaagent = "-javaagent:#{qualify_path(@droplet.sandbox + JAVA_AGENT_JAR, @droplet.root)}"
         @droplet.java_opts
-                .add_preformatted_options(javaagent)
-                .add_preformatted_options('-Xverify:none')
-                .add_system_property('cx.logToConsole', 'true')
-                .add_system_property('cx.appName', application_name)
-                .add_system_property('cxAppTag', app_tag)
-                .add_system_property('cxTeam', team)
+          .add_javaagent(@droplet.sandbox + 'cx-launcher.jar')
+          .add_preformatted_options('-Xverify:none')
+          .add_system_property('cx.logToConsole', 'true')
+          .add_system_property('cx.appName', application_name)
+          .add_system_property('cxAppTag', app_tag)
+          .add_system_property('cxTeam', team)
       end
 
-      private
+      protected
 
-      JAVA_AGENT_JAR = 'cx-launcher.jar'
+      # (see JavaBuildpack::Component::VersionedDependencyComponent#supports?)
+      def supports?
+        @application.services.find_service(FILTER, 'server')
+      end
 
-      OVERRIDE_CONFIG = 'cx_agent.override.properties'
+      private
 
       FILTER = /^checkmarx-iast$/.freeze
 
-      private_constant :JAVA_AGENT_JAR, :FILTER, :OVERRIDE_CONFIG
+      private_constant :FILTER
 
       def application_name
         @application.details['application_name'] || 'ROOT'

lib/java_buildpack/framework/checkmarx_iast_agent.rb

@@ -30,17 +30,39 @@
 
     before do
       allow(services).to receive(:one_service?).with(/^checkmarx-iast$/, 'server').and_return(true)
-      allow(services).to receive(:find_service).and_return('credentials' => { 'server' => 'http://iast-server:8080/' })
+      allow(services).to receive(:find_service).and_return('credentials' => { 'server' => 'test-server' })
+
+      allow(application_cache).to receive(:get)
+                                    .with('test-server/iast/compilation/download/JAVA')
+                                    .and_yield(Pathname.new('spec/fixtures/stub-checkmarx-agent.zip').open, false)
     end
 
     it 'detects with checkmarx-iast service' do
-      expect(component.detect).to eq('http://iast-server:8080')
+      expect(component.detect).to eq('checkmarx-iast-agent=')
+    end
+
+    it 'downloads agent',
+       cache_fixture: 'stub-checkmarx-agent.zip' do
+
+      component.compile
+
+      expect(sandbox + 'cx-launcher.jar').to exist
+    end
+
+    it 'appends override configuration',
+       cache_fixture: 'stub-checkmarx-agent.zip' do
+
+      component.compile
+
+      expect(File.read(sandbox + 'cx_agent.override.properties')).to eq('test-data
+
+enableWeavedClassCache=false
+')
     end
 
     it 'updates JAVA_OPTS' do
       component.release
 
-      puts java_opts
       expect(java_opts).to include('-javaagent:$PWD/.java-buildpack/checkmarx_iast_agent/cx-launcher.jar')
       expect(java_opts).to include('-Dcx.logToConsole=true')
       expect(java_opts).to include('-Dcx.appName=test-application-name')