Fix runContrastCodeSec_OnSource.sh script. Add Snyk version to runSnyk

scripts. Delete all the .xml metadata files for each test case .java
file as they aren't needed. All that info is in the expectedresults.csv
file for the entire test suite.

.gitignore

@@ -6,12 +6,12 @@
 .settings/
 .idea/
 *.iml
+.scannerwork/
 
 data/out.csv
 owasp-benchmark/
 reports/
-.scannerwork/
-scripts/SonarQubeCredentials.sh
+src.zip
 src/main/resources/benchmark.properties
 target/
 testfiles/

scripts/runContrastCodeSec_OnSource.sh

@@ -5,9 +5,17 @@
 # brew tap contrastsecurity/tap
 # brew install contrast
 
+# To scan the source code you have to create a .zip of the src/ directory so src.zip exists in the project's root folder.
+
+if [ -f "./src.zip" ]; then
+
 # Note: you have to do 'contrast auth' first, and successfully authenticate before you can run this.
 benchmark_version=$(scripts/getBenchmarkVersion.sh)
 
-contrast scan -f src --save
+contrast scan -f src.zip --timeout=10000 --save
 mv results.sarif results/Benchmark_$benchmark_version-ContrastCodeSec_OnSrc.sarif
 
+else
+  echo "ERROR: You must create a .zip of the src directory first, before running this script."
+fi
+

scripts/runSnykSAST.sh

@@ -1,4 +1,6 @@
 # Install Snyk per: https://docs.snyk.io/snyk-cli/install-or-update-the-snyk-cli
 benchmark_version=$(scripts/getBenchmarkVersion.sh)
-snyk code test --sarif-file-output=results/Benchmark_$benchmark_version-snykCodeCli.sarif
+Snyk_version=$(snyk -v)
+
+snyk code --sarif-file-output=results/Benchmark_$benchmark_version-snykCodeCli-v$Snyk_version.sarif
 

scripts/runSnykSAST_OnWindows.sh

@@ -0,0 +1,6 @@
+# Install Snyk per: https://docs.snyk.io/snyk-cli/install-or-update-the-snyk-cli
+benchmark_version=$(scripts/getBenchmarkVersion.sh)
+Snyk_version=$(snyk-win -v)
+
+snyk-win code test --sarif-file-output=results/Benchmark_$benchmark_version-snykCodeCli-v$Snyk_version.sarif
+