Merge branch 'master' into codegen-updates

Author: lpatino10

.travis.yml

@@ -1,8 +1,8 @@
 language: java
 sudo: required
-dist: precise
+dist: trusty
 jdk:
-  - oraclejdk7
+  - openjdk7
   - oraclejdk8
 
 branches:
@@ -26,9 +26,23 @@ env:
 
 before_install:
   - sed -i.bak -e 's|https://nexus.codehaus.org/snapshots/|https://oss.sonatype.org/content/repositories/codehaus-snapshots/|g' ~/.m2/settings.xml
+  # Work around missing crypto in openjdk7
+  - |
+    if [ "$TRAVIS_JDK_VERSION" == "openjdk7" ]; then
+      sudo wget "https://bouncycastle.org/download/bcprov-ext-jdk15on-158.jar" -O "${JAVA_HOME}/jre/lib/ext/bcprov-ext-jdk15on-158.jar"
+      sudo perl -pi.bak -e 's/^(security\.provider\.)([0-9]+)/$1.($2+1)/ge' /etc/java-7-openjdk/security/java.security
+      echo "security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider" | sudo tee -a /etc/java-7-openjdk/security/java.security
+    fi
+
+install:
+  - 'if [ "${TRAVIS_TAG}" = "${TRAVIS_BRANCH}" ]; then cd appscan; make asoc-tool; cd ../; fi'
+
+before_script:
+  - 'if [ "${TRAVIS_TAG}" = "${TRAVIS_BRANCH}" ]; then chmod a+x ./appscan/ASOC.sh; fi'
 
 script:
   - '[ "${TRAVIS_PULL_REQUEST}" = "false" ] && openssl aes-256-cbc -K $encrypted_b248e84a4806_key -iv $encrypted_b248e84a4806_iv -in config.properties.enc -out core/src/test/resources/config.properties -d || true'
+  - 'if [ "${TRAVIS_TAG}" = "${TRAVIS_BRANCH}" ]; then ./appscan/ASOC.sh; fi'
   - ./gradlew install -x check
   - ./gradlew checkstyleMain
   - ./gradlew checkstyleTest

appscan/ASOC.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+cd appscan
+make generate-irx
+make upload-file
+make run-scan
+cd ../

appscan/Configfile

@@ -0,0 +1,19 @@
+# URLs to the CISO APIs
+LOGIN_URL ?= 'https://appscan.ibmcloud.com/api/V2/Account/ApiKeyLogin'
+UPLOAD_URL ?= 'https://appscan.ibmcloud.com/api/v2/FileUpload'
+GET_APP_URL ?= 'https://appscan.ibmcloud.com/api/V2/Apps?$$$$filter=Name%20eq%20'
+STATIC_SCAN_URL ?= 'https://appscan.ibmcloud.com/api/v2/Scans/StaticAnalyzer'
+CREATE_APP_URL ?= 'https://appscan.ibmcloud.com/api/V2/Apps'
+GET_ASSET_GROUP_URL ?= 'https://appscan.ibmcloud.com/api/V2/AssetGroups'
+
+APPSCAN_CLIENT_URL ?= https://appscan.ibmcloud.com/api/SCX/StaticAnalyzer/SAClientUtil?os=
+OS ?= linux
+APPSCAN_TOOL := $(APPSCAN_CLIENT_URL)$(OS)
+
+GIT_REPO ?= [email protected]:watson-developer-cloud/java-sdk.git
+
+PROJECT_NAME ?= java-sdk
+
+# Headers added to curl command
+CONTENT_HEADER_JSON := --header 'Content-Type: application/json'
+ACCEPT_HEADER_JSON := --header 'Accept: application/json'

appscan/Makefile

@@ -0,0 +1,69 @@
+include Configfile
+
+# This will configure a 32-bit architecture on top of a 64-bit linux machine
+config-arch:
+	sudo dpkg --add-architecture i386
+	sudo apt-get update
+	sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386
+
+# Gets the ASoC Client Tool and configures it
+asoc-tool: config-arch
+	$(eval DIR := $(shell pwd))
+	curl -o $(HOME)/client.zip $(APPSCAN_TOOL)
+	mkdir $(HOME)/client ; mkdir $(HOME)/tool
+	unzip -qq $(HOME)/client.zip -d $(HOME)/client
+	cd $(HOME)/client ; ls | xargs -I {} sh -c "cp -r {}/* $(HOME)/tool"
+	rm -rf client
+
+# Clone repo
+clone-repo:
+	git clone $(GIT_REPO)
+
+# Generates the irx file for icp-cert-manager
+generate-irx:
+	cd $(TRAVIS_BUILD_DIR)
+	$(HOME)/tool/bin/appscan.sh prepare -oso
+
+# Login to the AppScan API
+api-login:
+	curl -o $(HOME)/token.json -X POST $(CONTENT_HEADER_JSON) $(ACCEPT_HEADER_JSON) -d '{"KeyId":"$(ASOC_APIKEY)", "KeySecret":"$(ASOC_SECRET)"}' $(LOGIN_URL)
+
+# Uploads the irx file to the AppScan API
+upload-file: api-login
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+	$(eval FILE := fileToUpload=@$(shell pwd)/$(notdir $(shell find $(pwd) -maxdepth 2 -name '*.irx' -print)))
+	
+	curl -o $(HOME)/file.json -X POST --header 'Content-Type: multipart/form-data' $(ACCEPT_HEADER_JSON) $(AUTH) -F $(FILE) $(UPLOAD_URL)
+
+# Checks to see if Cert-Manager-Application already exists.
+# TODO: Error with the url, will come back to this later.
+get-app:
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+	$(eval URL := $(GET_APP_URL)'$(APP_NAME)''')
+
+	curl -X GET $(ACCEPT_HEADER_JSON) $(AUTH) $(URL)
+
+# Assume we have an existing application, then we'll simply run the static scan
+run-scan:
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+	$(eval FILE_ID := "$(shell python getJson.py $(HOME)/file.json "FileId")")
+	$(eval APP_ID := "$(shell python getJson.py app.json "Id")")
+
+	curl -X POST $(CONTENT_HEADER_JSON) $(ACCEPT_HEADER_JSON) $(AUTH) -d '{"ARSAFileId": $(FILE_ID), "ApplicationFileId": $(FILE_ID), "ScanName": "$(TRAVIS_TAG):$(TRAVIS_JOB_NUMBER):$(TRAVIS_COMMIT)", "EnableMailNotification": false, "Locale": "en-US", "AppId": $(APP_ID), "Execute": true, "Personal": false}' $(STATIC_SCAN_URL)
+
+get-asset-group:
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+
+	curl -o asset.json -X GET $(ACCEPT_HEADER_JSON) $(AUTH) $(GET_ASSET_GROUP_URL)
+
+# Create the application only if the application doesn't already exist.
+create-app: get-asset-group
+	$(eval ASSET_GROUP_ID := "$(shell python getJson.py asset.json "Id")")
+	$(eval TOKE := $(shell python getJson.py $(HOME)/token.json "Token"))
+	$(eval AUTH := --header 'Authorization: Bearer $(TOKE)')
+
+	curl -o app.json -X POST $(CONTENT_HEADER_JSON) $(ACCEPT_HEADER_JSON) $(AUTH) -d '{"Name": $(APP_NAME), "AssetGroupId": $(ASSET_GROUP_ID), "BusinessImpact": "Unspecified"}' $(CREATE_APP_URL)

appscan/app.json

@@ -0,0 +1,42 @@
+{
+    "Id": "de18eee4-bb7e-4326-80dd-e0fd3f1de0bc",
+    "AssetGroupName": "IBM Watson and Cloud Platform",
+    "DateCreated": null,
+    "LastUpdated": null,
+    "LastComment": null,
+    "RiskRating": "Unknown",
+    "CreatedBy": null,
+    "CriticalIssues": 0,
+    "HighIssues": 0,
+    "MediumIssues": 0,
+    "LowIssues": 0,
+    "IssuesInProgress": 0,
+    "MaxSeverity": "Undetermined",
+    "RR_MaxSeverity": 0,
+    "NewIssues": 0,
+    "OpenIssues": 0,
+    "TotalIssues": 0,
+    "OverallCompliance": null,
+    "ComplianceStatuses": [],
+    "CanBeDeleted": true,
+    "LockedToSubscription": false,
+    "Name": "Watson Java SDK",
+    "AssetGroupId": null,
+    "BusinessImpact": "Unspecified",
+    "Url": null,
+    "Description": null,
+    "BusinessUnit": null,
+    "Type": null,
+    "Technology": null,
+    "TestingStatus": "NotStarted",
+    "Hosts": null,
+    "CollateralDamagePotential": "NotDefined",
+    "TargetDistribution": "NotDefined",
+    "ConfidentialityRequirement": "NotDefined",
+    "IntegrityRequirement": "NotDefined",
+    "AvailabilityRequirement": "NotDefined",
+    "Tester": null,
+    "BusinessOwner": null,
+    "DevelopmentContact": null,
+    "PreferredOfferingType": "None"
+  }

appscan/getJson.py

@@ -0,0 +1,22 @@
+import json
+import sys
+
+def main():
+    data = load_data()
+    printFields(data)
+
+def load_data():
+    data = ""
+    filename = sys.argv[1]
+    with open(filename, "r") as read:
+        data = json.load(read)
+    if isinstance(data, list):
+        data = data[0]
+    return data
+
+def printFields(data):
+    fields = sys.argv[2:]
+    for i in fields:
+        print(data[i])
+
+main()