Feature/output txt (#496)

* fix data-races when running analysis (#477) * fix possible wrong path concat on windows * enable data race detection on make test * fix data-races when running analysis Previously when we start an analysis of language/tool we controlled the state of execution using the monitor package, but many objects use the same instance of monitor doing updates and reads concurrent resulting in possible data races. This commit drops the monitor package and replace to use the `sync.WaitGroup` to control the state of go routines. An improvement was also made to control the timeout of analysis using `time.After` function to receive the channel when timeout occurred or close the `done` channel when analysis finish. An mutex was added on Service to avoid data races when adding errors on Analysis. * improvement on Swift rules description (#479) * feature/dependency-check (#478) * Adding owasp dependency check formatter * Adding tests and fixing lint * Adding flag to enable owasp dependency check * Fixing pipeline errors * Fixing some errors * Updating devkit version * Feature/dotnet cli (#480) * Adding dotnet cli dependency check * Fixing lint errors * Adding lisence header * Improving security code scan * Adding validation to not found solution in scs, adding license headers * Adding code in security code scan * Updating csharp example with vulnerable dependencies, adding validation to failed build in security code scan * Fixing some errors * Adding code, line and filepath in dotnet cli. Fixing some errors * Updating horusec json * Fixing commit authors issues * Fixing some issues found during tests * Adding validation to dotnetcli output * Fixing lint error * Fixing lint errors * Fixing lint error * Updating horusec config json * Updating go modules and adding missing unity test * Fixing error to remove .horusec * [skip ci] Update versioning file * avoid time.Sleep to log analysis timeout status (#482) Previously, to warn the user that the analysis is still running, we used time.Sleep to print how much time is left for the timeout, however, if the analysis has already been completed, we still need to wait for the end of time.Sleep to finish the analysis. This change removes time.Sleep and uses time.Tick to print the message, so, if the analysis is finished before the next retry, we do not lock the analysis with time.Sleep. * Feature/nancy (#483) * Adding nancy dependency check for go * Adding nancy unity tests * Adding vulnerable dependencies in go example project * Fixing errors found during tests * Fixing unity tests and pipeline errors * Updating devkit version * Fixing pipeline errors * Updating go dockerfile to use nancy binary from github * Fixing go sum * Updating config json * Adding option to txt output * Adding option to txt output Signed-off-by: nathanmartinszup <nathan.martins@zup.com.br> Co-authored-by: matheusalcantarazup <84723211+matheusalcantarazup@users.noreply.github.com> Co-authored-by: wilian <wilian.silva@zup.com.br> Co-authored-by: Nathan Tavares Nascimento <nathan.nascimento@zup.com.br>
ZupIT · Aug 2, 2021 · d81780d · d81780d
1 parent f24f90b
commit d81780d
Show file tree

Hide file tree

Showing 9 changed files with 54 additions and 34 deletions.
diff --git a/config/config.go b/config/config.go
@@ -231,7 +231,7 @@ func (c *Config) SetRepositoryAuthorization(repositoryAuthorization string) {
 }
 
 func (c *Config) GetPrintOutputType() string {
-	return valueordefault.GetStringValueOrDefault(c.printOutputType, "text")
+	return valueordefault.GetStringValueOrDefault(c.printOutputType, "")
 }
 
 func (c *Config) SetPrintOutputType(printOutputType string) {

diff --git a/config/config_test.go b/config/config_test.go
@@ -46,7 +46,7 @@ func TestNewHorusecConfig(t *testing.T) {
 		assert.Equal(t, int64(600), configs.GetTimeoutInSecondsAnalysis())
 		assert.Equal(t, int64(15), configs.GetMonitorRetryInSeconds())
 		assert.Equal(t, uuid.Nil.String(), configs.GetRepositoryAuthorization())
-		assert.Equal(t, "text", configs.GetPrintOutputType())
+		assert.Equal(t, "", configs.GetPrintOutputType())
 		assert.Equal(t, "", configs.GetJSONOutputFilePath())
 		assert.Equal(t, 1, len(configs.GetSeveritiesToIgnore()))
 		assert.Equal(t, 2, len(configs.GetFilesOrPathsToIgnore()))

diff --git a/horusec-config.json b/horusec-config.json
@@ -22,7 +22,6 @@
   "horusecCliEnableGitHistoryAnalysis": false,
   "horusecCliEnableInformationSeverity": false,
   "horusecCliFalsePositiveHashes": [
-    "37fa0cfe47519c1b2b6a8e29538571b81fd8787ca4217825ae6d8dcf86d70de8",
     "85492fbc829b64336a4f858022fbe52f05e27ee18d7a8fbdf5ffd23991ebd7a9",
     "06f6ce2402e20f1e885e5d59f66db4dde44dfdd2eaf821d86b1d066a707c9fff",
     "362a89c4517db256b648e9b1d21ddb0d99018e7c7b9f9b45d200ede54a49363d",
@@ -31,10 +30,10 @@
     "9c205ee4b31bea1254f4e8031958995912312a524105469cb49e757d59558496",
     "b176f4967e7b0e54faabb9688d1d9ff6f10959d4a34280b9e035bfd63c4f352e",
     "2eab7620998c54bcbdb1da9ad96f54c3b6ac7b5e0babbff8f502ec10594479ad",
-    "85d4e95cd519dda872c8da0bc50b742ef067bb9f1e5b9fea42924eb21c5e688e",
     "b9f0d3772a885673b4a968d21eb9c350d25aae332b7c1a9bf113b5af24704ff9",
     "e8c6a9744859f048a44a4eb160ce0e22df524507a288cfbfcbfcdc26d2533c63",
-    "c25edc56029ba81e69515d3bca44fa5545af63cf841d8f219ac57fcd7cb95265"
+    "c25edc56029ba81e69515d3bca44fa5545af63cf841d8f219ac57fcd7cb95265",
+    "36f41965e929e9763260c61451ce0a5ca572f8a1a8979390b7c694e54e3dce29"
   ],
   "horusecCliFilesOrPathsToIgnore": [
     "**/e2e/**",
@@ -44,13 +43,15 @@
     "**/*_mock.go",
     "**/*README.md",
     "**/cmd/app/start/analysis/**",
+    "**/tmp/**",
+    "**/bin/**",
     "**/internal/services/engines/**"
   ],
   "horusecCliHeaders": {},
   "horusecCliHorusecApiUri": "http://0.0.0.0:8000",
   "horusecCliJsonOutputFilepath": "",
   "horusecCliMonitorRetryInSeconds": 10,
-  "horusecCliPrintOutputType": "text",
+  "horusecCliPrintOutputType": "",
   "horusecCliProjectPath": "./",
   "horusecCliRepositoryAuthorization": "00000000-0000-0000-0000-000000000000",
   "horusecCliRepositoryName": "",

diff --git a/internal/controllers/printresults/print_results.go b/internal/controllers/printresults/print_results.go
@@ -22,16 +22,17 @@ import (
 	"path/filepath"
 	"strings"
 
-	enumsVulnerability "github.com/ZupIT/horusec-devkit/pkg/enums/vulnerability"
-
 	"github.com/ZupIT/horusec-devkit/pkg/entities/analysis"
 	"github.com/ZupIT/horusec-devkit/pkg/entities/vulnerability"
 	"github.com/ZupIT/horusec-devkit/pkg/enums/severities"
+	enumsVulnerability "github.com/ZupIT/horusec-devkit/pkg/enums/vulnerability"
 	"github.com/ZupIT/horusec-devkit/pkg/utils/logger"
+
 	"github.com/ZupIT/horusec/config"
 	"github.com/ZupIT/horusec/internal/enums/outputtype"
 	"github.com/ZupIT/horusec/internal/helpers/messages"
 	"github.com/ZupIT/horusec/internal/services/sonarqube"
+	"github.com/ZupIT/horusec/internal/utils/file"
 )
 
 var (
@@ -48,6 +49,7 @@ type PrintResults struct {
 	configs          config.IConfig
 	totalVulns       int
 	sonarqubeService sonarqube.Interface
+	textOutput       string
 }
 
 type Interface interface {
@@ -85,9 +87,9 @@ func (pr *PrintResults) StartPrintResults() (totalVulns int, err error) {
 
 func (pr *PrintResults) factoryPrintByType() error {
 	switch {
-	case pr.configs.GetPrintOutputType() == string(outputtype.JSON):
+	case pr.configs.GetPrintOutputType() == outputtype.JSON:
 		return pr.runPrintResultsJSON()
-	case pr.configs.GetPrintOutputType() == string(outputtype.SonarQube):
+	case pr.configs.GetPrintOutputType() == outputtype.SonarQube:
 		return pr.runPrintResultsSonarQube()
 	default:
 		return pr.runPrintResultsText()
@@ -107,7 +109,8 @@ func (pr *PrintResults) runPrintResultsText() error {
 	pr.logSeparator(true)
 
 	pr.printTextOutputVulnerability()
-	return nil
+
+	return pr.createTxtOutputFile()
 }
 
 func (pr *PrintResults) runPrintResultsJSON() error {
@@ -216,16 +219,13 @@ func (pr *PrintResults) printTextOutputVulnerability() {
 	}
 
 	pr.printTotalVulnerabilities()
-
-	pr.logSeparator(len(pr.analysis.AnalysisVulnerabilities) > 0)
 }
 
 func (pr *PrintResults) printTotalVulnerabilities() {
 	totalVulnerabilities := pr.analysis.GetTotalVulnerabilities()
 	if totalVulnerabilities > 0 {
 		pr.printLNF("In this analysis, a total of %v possible vulnerabilities "+
 			"were found and we classified them into:", totalVulnerabilities)
-		fmt.Println("")
 	}
 	totalVulnerabilitiesBySeverity := pr.GetTotalVulnsBySeverity()
 	for vulnType, countBySeverity := range totalVulnerabilitiesBySeverity {
@@ -283,8 +283,6 @@ func (pr *PrintResults) printTextOutputVulnerabilityData(vulnerability *vulnerab
 
 	pr.printLNF("ReferenceHash: %s", vulnerability.VulnHash)
 
-	fmt.Print("\n")
-
 	pr.logSeparator(true)
 }
 
@@ -368,5 +366,17 @@ func (pr *PrintResults) getProjectPath(path string) string {
 }
 
 func (pr *PrintResults) printLNF(text string, args ...interface{}) {
+	if pr.configs.GetPrintOutputType() == outputtype.Text {
+		pr.textOutput += fmt.Sprintln(fmt.Sprintf(text, args...))
+	}
+
 	fmt.Println(fmt.Sprintf(text, args...))
 }
+
+func (pr *PrintResults) createTxtOutputFile() error {
+	if pr.configs.GetPrintOutputType() != outputtype.Text {
+		return nil
+	}
+
+	return file.CreateAndWriteFile(pr.textOutput, pr.configs.GetJSONOutputFilePath())
+}
diff --git a/internal/enums/outputtype/output_type.go b/internal/enums/outputtype/output_type.go
@@ -14,14 +14,8 @@
 
 package outputtype
 
-type OutputType string
-
 const (
-	Text      OutputType = "text"
-	JSON      OutputType = "json"
-	SonarQube OutputType = "sonarqube"
+	Text      = "text"
+	JSON      = "json"
+	SonarQube = "sonarqube"
 )
-
-func (o OutputType) ToString() string {
-	return string(o)
-}
diff --git a/internal/enums/outputtype/output_type_test.go b/internal/enums/outputtype/output_type_test.go
@@ -22,6 +22,6 @@ import (
 
 func TestToString(t *testing.T) {
 	t.Run("Should success parse to string", func(t *testing.T) {
-		assert.Equal(t, "json", JSON.ToString())
+		assert.Equal(t, "json", JSON)
 	})
 }
diff --git a/internal/usecases/cli/cli.go b/internal/usecases/cli/cli.go
@@ -73,7 +73,7 @@ func (au *UseCases) ValidateConfigs(config cliConfig.IConfig) error {
 		validation.Field(&c.timeoutInSecondsAnalysis, validation.Required, validation.Min(10)),
 		validation.Field(&c.monitorRetryInSeconds, validation.Required, validation.Min(10)),
 		validation.Field(&c.repositoryAuthorization, validation.Required, is.UUID),
-		validation.Field(&c.printOutputType, validation.Required, au.validationOutputTypes()),
+		validation.Field(&c.printOutputType, au.validationOutputTypes()),
 		validation.Field(&c.jSONOutputFilePath, validation.By(au.checkAndValidateJSONOutputFilePath(config))),
 		validation.Field(&c.severitiesToIgnore, validation.By(au.validationSeverities(config))),
 		validation.Field(&c.filesOrPathsToIgnore),
@@ -139,8 +139,8 @@ func (au *UseCases) checkIfExistsDuplicatedRiskAcceptHashes(config cliConfig.ICo
 
 func (au *UseCases) checkAndValidateJSONOutputFilePath(config cliConfig.IConfig) func(value interface{}) error {
 	return func(value interface{}) error {
-		if config.GetPrintOutputType() == outputtype.JSON.ToString() ||
-			config.GetPrintOutputType() == outputtype.SonarQube.ToString() {
+		if config.GetPrintOutputType() == outputtype.JSON ||
+			config.GetPrintOutputType() == outputtype.SonarQube {
 			if err := au.validateJSONOutputFilePath(config); err != nil {
 				return err
 			}
@@ -168,9 +168,9 @@ func (au *UseCases) validateJSONOutputFilePath(config cliConfig.IConfig) error {
 
 func (au *UseCases) validationOutputTypes() validation.InRule {
 	return validation.In(
-		outputtype.JSON.ToString(),
-		outputtype.SonarQube.ToString(),
-		outputtype.Text.ToString(),
+		outputtype.JSON,
+		outputtype.SonarQube,
+		outputtype.Text,
 	)
 }
 

diff --git a/internal/usecases/cli/cli_test.go b/internal/usecases/cli/cli_test.go
@@ -74,7 +74,7 @@ func TestValidateConfigs(t *testing.T) {
 		config := &cliConfig.Config{}
 		config.SetWorkDir(&workdir.WorkDir{})
 		config.NewConfigsFromEnvironments()
-		config.SetPrintOutputType(outputtype.JSON.ToString())
+		config.SetPrintOutputType(outputtype.JSON)
 		config.SetJSONOutputFilePath("")
 
 		err := useCases.ValidateConfigs(config)
@@ -87,7 +87,7 @@ func TestValidateConfigs(t *testing.T) {
 		config := &cliConfig.Config{}
 		config.SetWorkDir(&workdir.WorkDir{})
 		config.NewConfigsFromEnvironments()
-		config.SetPrintOutputType(outputtype.JSON.ToString())
+		config.SetPrintOutputType(outputtype.JSON)
 		config.SetJSONOutputFilePath("test.test")
 
 		err := useCases.ValidateConfigs(config)

diff --git a/internal/utils/file/file.go b/internal/utils/file/file.go
@@ -219,3 +219,18 @@ func getDependencyInfo(paths []string, dependency string) (code, filepath, _ str
 
 	return "", "", ""
 }
+
+func CreateAndWriteFile(output, filepath string) error {
+	path, err := filepathLib.Abs(filepath)
+	if err != nil {
+		return err
+	}
+
+	file, err := os.Create(path)
+	if err != nil {
+		return err
+	}
+
+	_, err = file.Write([]byte(output))
+	return err
+}