Merge branch 'master' into ScanManager_Update

Author: mattmurp

README.md

@@ -0,0 +1,6 @@
+# appscan-sdk
+SDK for interacting with Application Security on Cloud
+
+# License
+
+All files found in this project are licensed under the [Apache License 2.0](LICENSE).

pom.xml

@@ -12,27 +12,33 @@
   </licenses>
 
   <build>
-    <resources>
-      <resource>
-        <directory>src/main/java</directory>
-		<includes>
-			<include>**/*.properties</include>
-		</includes>
-        <excludes>
-          <exclude>**/*.java</exclude>
-        </excludes>
-      </resource>
-    </resources>
-    <plugins>
-      <plugin>
-        <artifactId>maven-compiler-plugin</artifactId>
-       	<version>3.5.1</version>
-        <configuration>
-        	<source>1.7</source>
-        	<target>1.7</target>
-        </configuration>
-      </plugin>
-    </plugins>
+  	<resources>
+  		<resource>
+  			<directory>src/main/java</directory>
+			<includes>
+				<include>**/*.properties</include>
+			</includes>
+        		<excludes>
+          			<exclude>**/*.java</exclude>
+  			</excludes>
+  		</resource>
+  		<resource>
+        		<directory>src/main/resources</directory>
+        		<includes>
+        			<include>META-INF/**</include>
+        		</includes>
+        	</resource>
+ 	</resources>
+ 	<plugins>
+  		<plugin>
+        		<artifactId>maven-compiler-plugin</artifactId>
+       			<version>3.5.1</version>
+        		<configuration>
+        			<source>1.7</source>
+        			<target>1.7</target>
+        		</configuration>
+      		</plugin>
+ 	</plugins>
   </build>
 
   <dependencies>

src/main/java/com/hcl/appscan/sdk/auth/AuthenticationHandler.java

@@ -16,6 +16,8 @@
 import org.apache.wink.json4j.JSONObject;
 
 import com.hcl.appscan.sdk.CoreConstants;
+import com.hcl.appscan.sdk.Messages;
+import com.hcl.appscan.sdk.error.HttpException;
 import com.hcl.appscan.sdk.http.HttpClient;
 import com.hcl.appscan.sdk.http.HttpResponse;
 
@@ -86,7 +88,10 @@ else if(type == LoginType.ASoC) {
 			}
 			return true;
 		}
-		return false;
+		else {
+			String reason = response.getResponseBodyAsString() == null ? Messages.getMessage("message.unknown") : response.getResponseBodyAsString(); //$NON-NLS-1$
+			throw new HttpException(response.getResponseCode(), reason);
+		}
 	}
 
 	public boolean isTokenExpired() {

src/main/java/com/hcl/appscan/sdk/error/HttpException.java

@@ -0,0 +1,18 @@
+package com.hcl.appscan.sdk.error;
+
+import java.io.IOException;
+
+import com.hcl.appscan.sdk.Messages;
+
+public class HttpException extends IOException {
+
+	private static final long serialVersionUID = 1L;
+
+	public HttpException(int responseCode, String message) {
+		super(Messages.getMessage("error.http",  responseCode, message)); //$NON-NLS-1$
+	}
+
+	public HttpException(String message, Throwable throwable) {
+		super(message, throwable);
+	}
+}

src/main/java/com/hcl/appscan/sdk/messages.properties

@@ -1,6 +1,6 @@
 #
-# © Copyright IBM Corporation 2016.
-# © Copyright HCL Technologies Ltd. 2017.
+# © Copyright IBM Corporation 2016.
+# © Copyright HCL Technologies Ltd. 2017.
 # LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0
 #
 # NLS_MESSAGEFORMAT_VAR
@@ -18,6 +18,7 @@ message.download.complete=Download complete.
 message.preparing.irx=Preparing the IRX file using SAClientUtil version {0}...
 message.saclient.old=A newer version of the SAClientUtil package is available:\nCurrent Version: {0}\nAvailable Version: {1}
 message.results.unavailable=Scan results are not available.
+message.unknown=Unknown
 
 error.authenticating=An error occurred authenticating with the service.
 error.download.client=An error occurred downloading the SAClientUtil package. {0}
@@ -42,6 +43,7 @@ error.target.invalid=The scan target {0} is invalid.
 error.creating.scan=An error occurred initiating the scan.
 error.delete=Failed to delete {0}.
 error.dom.state=Bad DOM state.
+error.http=Response Code: {0}\nReason: {1}
 
 #Presence
 error.getting.presence.details=An error occurred retrieving details for Presence with id {0}.

src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java

@@ -150,7 +150,8 @@ private void loadResults() {
 				m_hasResults = true;
 			}
 		} catch (IOException | JSONException | NullPointerException e) {
-			m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_DETAILS)), e);
+			m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_DETAILS, e.getMessage())), e);
+			m_status = FAILED;
 		}
 	}
 

src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java

@@ -79,7 +79,8 @@ protected IScanServiceProvider getServiceProvider() {
 	protected Map<String, String> getProperties() {
 		if(!m_properties.containsKey(CoreConstants.LOCALE))
 			m_properties.put(CoreConstants.LOCALE, SystemUtil.getLocale());
-		if(!m_properties.containsKey(CoreConstants.EMAIL_NOTIFICATION))
+		if(!m_properties.containsKey(CoreConstants.EMAIL_NOTIFICATION) ||
+				!Boolean.parseBoolean(m_properties.get(CoreConstants.EMAIL_NOTIFICATION)))
 			m_properties.put(CoreConstants.EMAIL_NOTIFICATION, Boolean.toString(false));
 		return m_properties;
 	}

src/main/java/com/hcl/appscan/sdk/scanners/sast/SAClient.java

@@ -72,6 +72,7 @@ private int runClient(String workingDir, List<String> args) throws IOException,
 		arguments.addAll(args);
 		m_builder = new ProcessBuilder(arguments);
 		m_builder.directory(new File(workingDir));
+		m_builder.redirectErrorStream(true);
 
 		m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(PREPARING_IRX, getLocalClientVersion())));
 		final Process proc = m_builder.start();
@@ -107,7 +108,14 @@ public void run() {
 		return proc.exitValue();
 	}
 
-	private String getClientScript() throws IOException, ScannerException {
+	/**
+	 * Gets the absolute path to the "appscan" script for running the IRGen process, downloading the package if it's
+	 * not found or if the current version is out of date.
+	 * @return The absolute path to the "appscan" script.
+	 * @throws IOException
+	 * @throws ScannerException
+	 */
+	public String getClientScript() throws IOException, ScannerException {
 		//See if we already have the client package.
 		String scriptPath = "bin" + File.separator + getScriptName(); //$NON-NLS-1$
 		File install = findClientInstall();

src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java

@@ -106,7 +106,7 @@ private File getScanLogs() {
 			return new File("logs"); //$NON-NLS-1$
 		}
 		String logsFile = m_irx.getName();
-		logsFile = logsFile.substring(0, logsFile.lastIndexOf(".") - 1); //$NON-NLS-1$
+		logsFile = logsFile.substring(0, logsFile.lastIndexOf(".")); //$NON-NLS-1$
 		logsFile += "_logs.zip"; //$NON-NLS-1$
 		return new File(m_irx.getParentFile(), logsFile);
 	}

src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScanManager.java

@@ -83,13 +83,14 @@ private  void run(IProgress progress,Map<String, String> properties, IScanServic
 		}
 	}
 
-	private String createConfig() throws AppScanException  {
+	private void createConfig() throws AppScanException  {
+		if(m_targets.isEmpty())
+			return;
 		try {
 			ModelWriter writer = new XmlWriter();
 			writer.initWriters(new File(m_workingDirectory));		
 			writer.visit(m_targets);
 			writer.write();
-			return writer.getOutputLocation();
 		} catch (IOException | TransformerException  e) {
 			throw new AppScanException(e.getLocalizedMessage(), e);
 		}