feat: add remote scan

Author: sandor-trombitas

internal/analysis/analysis.go

@@ -53,12 +53,15 @@ type AnalysisOrchestrator interface {
 	RunIncrementalAnalysis(ctx context.Context, orgId string, rootPath string, workspaceId string, limitToFiles []string) (*sarif.SarifResponse, error)
 
 	RunTest(ctx context.Context, orgId string, b bundle.Bundle, target scan.Target, reportingOptions ReportingConfig) (*sarif.SarifResponse, error)
+	RunTestRemote(ctx context.Context, orgId string, interactionId string, reportingOptions ReportingConfig) (*sarif.SarifResponse, error)
 }
 
 type ReportingConfig struct {
 	Report      *bool
 	ProjectName *string
 	TargetName  *string
+	ProjectId   *uuid.UUID
+	CommitId    *string
 }
 type analysisOrchestrator struct {
 	httpClient     codeClientHTTP.HTTPClient
@@ -544,6 +547,84 @@ func (a *analysisOrchestrator) RunTest(ctx context.Context, orgId string, b bund
 	}
 }
 
+func (a *analysisOrchestrator) RunTestRemote(ctx context.Context, orgId string, interactionId string, cfg ReportingConfig) (*sarif.SarifResponse, error) {
+	tracker := a.trackerFactory.GenerateTracker()
+	tracker.Begin("Snyk Code analysis for remote project", "Retrieving results...")
+
+	orgUuid := uuid.MustParse(orgId)
+	host := a.host(true)
+
+	client, err := testApi.NewClient(host, testApi.WithHTTPClient(a.httpClient))
+	if err != nil {
+		return nil, err
+	}
+
+	params := testApi.CreateTestParams{Version: testApi.ApiVersion}
+	projectId := cfg.ProjectId
+	commitId := cfg.CommitId
+	fmt.Println("Creating test")
+	prettyBytes, err := json.MarshalIndent(cfg, "", "  ")
+	if err != nil {
+		return nil, err
+	}
+	fmt.Println(string(prettyBytes))
+
+	if projectId == nil || commitId == nil {
+		return nil, errors.New("projectId and commitId are required")
+	}
+	legacyScmProject := testApi.NewTestInputLegacyScmProject(*projectId, *commitId)
+	body := testApi.NewCreateTestApplicationBody(
+		testApi.WithInputLegacyScmProject(legacyScmProject),
+		testApi.WithReporting(cfg.Report),
+		testApi.WithScanType(a.testType),
+		testApi.WithProjectId(*projectId),
+
+	)
+	fmt.Println("Creating test")
+	prettyBytes, err = json.MarshalIndent(body, "", "  ")
+	if err != nil {
+		return nil, err
+	}
+	fmt.Println(string(prettyBytes))
+
+	// create test
+	bodyBytes, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := client.CreateTestWithBody(ctx, orgUuid, &params, "application/json", strings.NewReader(string(bodyBytes)))
+	if err != nil {
+		return nil, err
+	}
+
+	parsedResponse, err := testApi.ParseGetTestResultResponse(resp)
+	defer func() {
+		closeErr := resp.Body.Close()
+		if closeErr != nil {
+			a.logger.Err(closeErr).Msg("failed to close response body")
+		}
+	}()
+	if err != nil {
+		a.logger.Debug().Msg(err.Error())
+		return nil, err
+	}
+
+	switch parsedResponse.StatusCode() {
+	case http.StatusCreated:
+		// poll results
+		result, pollErr := a.pollTestForFindings(ctx, client, orgUuid, parsedResponse.ApplicationvndApiJSON200.Data.Id)
+		formattedResult, err := json.MarshalIndent(parsedResponse.ApplicationvndApiJSON200, "", "  ")
+		if err != nil {
+			return nil, err
+		}
+		fmt.Println(string(formattedResult))
+		tracker.End("Analysis complete.")
+		return result, pollErr
+	default:
+		return nil, fmt.Errorf("failed to analyze project: %s", parsedResponse.Status())
+	}
+}
+
 func (a *analysisOrchestrator) pollTestForFindings(ctx context.Context, client *testApi.Client, org uuid.UUID, testId openapi_types.UUID) (*sarif.SarifResponse, error) {
 	method := "analysis.pollTestForFindings"
 	logger := a.logger.With().Str("method", method).Logger()

internal/analysis/mocks/analysis.go

@@ -30,6 +30,12 @@ func WithInputBundle(id string, localFilePath string, repoUrl *string, limitTest
 	}
 }
 
+func WithInputLegacyScmProject(project v20241221.TestInputLegacyScmProject) CreateTestOption {
+	return func(body *CreateTestApplicationVndAPIPlusJSONRequestBody) {
+		body.Data.Attributes.Input.FromTestInputLegacyScmProject(project)
+	}
+}
+
 func WithScanType(t v20241221.Scan) CreateTestOption {
 	return func(body *CreateTestApplicationVndAPIPlusJSONRequestBody) {
 		body.Data.Attributes.Configuration.Scan = struct {
@@ -69,6 +75,13 @@ func WithProjectName(name *string) CreateTestOption {
 	}
 }
 
+func WithProjectId(id openapi_types.UUID) CreateTestOption {
+	return func(body *CreateTestApplicationVndAPIPlusJSONRequestBody) {
+		out := ensureOutput(body)
+		out.ProjectId = &id
+	}
+}
+
 func WithTargetName(name *string) CreateTestOption {
 	return func(body *CreateTestApplicationVndAPIPlusJSONRequestBody) {
 		if name == nil {
@@ -98,3 +111,11 @@ func NewCreateTestApplicationBody(options ...CreateTestOption) *CreateTestApplic
 
 	return result
 }
+
+func NewTestInputLegacyScmProject(projectId openapi_types.UUID, commitId string) v20241221.TestInputLegacyScmProject {
+	return v20241221.TestInputLegacyScmProject{
+		ProjectId: projectId,
+		CommitId:  commitId,
+		Type: 	v20241221.LegacyScmProject,
+	}
+}

internal/api/test/2024-12-21/helper.go

@@ -20,6 +20,7 @@ package codeclient
 import (
 	"context"
 
+	"github.com/google/uuid"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 
@@ -55,7 +56,7 @@ type CodeScanner interface {
 		target scan.Target,
 		files <-chan string,
 		changedFiles map[string]bool,
-		options ...UploadAndAnalyzeOption,
+		options ...ReportingOption,
 	) (*sarif.SarifResponse, string, error)
 }
 
@@ -110,12 +111,23 @@ func WithTargetName(targetName *string) OptionFunc {
 	}
 }
 
-type UploadAndAnalyzeOption func(*analysis.ReportingConfig)
+type ReportingOption func(*analysis.ReportingConfig)
 
-func WithReportingConfig(projectName *string, targetName *string) UploadAndAnalyzeOption {
+func WithReportingConfig(report bool, config map[string]interface{}) ReportingOption {
 	return func(c *analysis.ReportingConfig) {
-		c.ProjectName = projectName
-		c.TargetName = targetName
+		c.Report = &report
+		if projectName, ok := config["projectName"].(*string); ok {
+			c.ProjectName = projectName
+		}
+		if targetName, ok := config["targetName"].(*string); ok {
+			c.TargetName = targetName
+		}
+		if projectId, ok := config["projectId"].(*uuid.UUID); ok {
+			c.ProjectId = projectId
+		}
+		if commitId, ok := config["commitId"].(*string); ok {
+			c.CommitId = commitId
+		}
 	}
 }
 
@@ -193,7 +205,7 @@ func (c *codeScanner) UploadAndAnalyze(
 	target scan.Target,
 	files <-chan string,
 	changedFiles map[string]bool,
-	options ...UploadAndAnalyzeOption,
+	options ...ReportingOption,
 ) (*sarif.SarifResponse, string, error) {
 	cfg := analysis.ReportingConfig{}
 	for _, opt := range options {
@@ -248,3 +260,24 @@ func (c *codeScanner) UploadAndAnalyze(
 
 	return response, bundleHash, err
 }
+
+func (c *codeScanner) AnalyzeRemote(ctx context.Context, interactionId string, options ...ReportingOption) (*sarif.SarifResponse, error) {
+	cfg := analysis.ReportingConfig{}
+	for _, opt := range options {
+		opt(&cfg)
+	}
+
+	if ctx.Err() != nil {
+		c.logger.Info().Msg("Canceling Code scan - Code scanner received cancellation signal")
+		return nil, nil
+	}
+	response, err := c.analysisOrchestrator.RunTestRemote(ctx, c.config.Organization(), interactionId, cfg)
+
+
+	if ctx.Err() != nil {
+		c.logger.Info().Msg("Canceling Code scan - Code scanner received cancellation signal")
+		return nil, nil
+	}
+
+	return response, err
+}