Adding command and args options (#221)

* Adding command and args to hawkscan action * Run rescan on a test that will find vulnies * Run against javaspringvulny * Cleanup and docs
stackhawk · Aug 14, 2023 · 5bfd754 · 5bfd754
1 parent 654e1d3
commit 5bfd754
Show file tree

Hide file tree

Showing 7 changed files with 89 additions and 7 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -37,6 +37,7 @@ jobs:
         run: echo "The last scan id was ${{ steps.run-scan.outputs.scanId }}"
 
 
+
   # Run a HawkScan with verbose and debug logging
   verbose-debug-test:
     name: Verbose and Debug Logging Test
@@ -109,6 +110,17 @@ jobs:
           debug: true
         env:
           APPLICATION_ID: 4030d674-88b7-4e07-8065-7761f9c63788
+      - name: Run ReScan
+        uses: ./
+        with:
+          apiKey: ${{ secrets.HAWK_API_KEY }}
+          workspace: ${{ github.workspace }}/__tests__/integration-tests/configs/javaspringvulny/
+          configurationFiles: stackhawk-jsv-json-token.yml
+          command: rescan
+          args: |
+            --scan-id ${{ steps.run-hawkscan.outputs.scanId }}
+        env:
+          APPLICATION_ID: 4030d674-88b7-4e07-8065-7761f9c63788
 
   # If there is a new version according to the .bumpversion.cfg file in the main branch, tag and release
   release-new-version:

diff --git a/README.md b/README.md
@@ -33,6 +33,39 @@ jobs:
         apiKey: ${{ secrets.HAWK_API_KEY }}
 ```
 
+### `args`
+
+**Optional** If you wish to supply additional arguments as a multi line input use the `args` option.
+
+For example:
+```yaml
+jobs:
+  stackhawk-hawkscan:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: stackhawk/hawkscan-action@v2.0.3
+      with:
+        args: |
+          --hawk-mem 1g
+```
+
+### `command`
+
+**Optional** If you want to run a command other than `scan`, it can be supplied in the command option.
+
+For example:
+```yaml
+jobs:
+  stackhawk-hawkscan:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: stackhawk/hawkscan-action@v2.0.3
+      with:
+        command: rescan
+```
+
 ### `dryRun`
 
 **Optional** If set to `true`, shows HawkScan commands, but don't run them. 

diff --git a/__tests__/index.js b/__tests__/index.js
@@ -27,11 +27,15 @@ beforeEach(() => {
   delete process.env.INPUT_SOURCEURL;
   delete process.env.INPUT_VERBOSE;
   delete process.env.INPUT_DEBUG;
+  delete process.env.INPUT_COMMAND;
+  delete process.env.INPUT_ARGS;
 });
 
 test('gather minimal inputs', () => {
   expect(utilities.gatherInputs()).toEqual({
     apiKey: '',
+    args: [],
+    command: 'scan',
     githubToken: "",
     configurationFiles: ['stackhawk.yml'],
     version: 'latest',
@@ -41,13 +45,15 @@ test('gather minimal inputs', () => {
     workspace : workspace,
     sourceURL : 'https://download.stackhawk.com/hawk/cli',
     verbose: 'false',
-    debug: 'false'
+    debug: 'false',
   });
 });
 
 test('gather max inputs', () => {
   buildInput({
     apiKey: 'testkey',
+    args: '--scan-id XXxxXXXX-xXXX-xxXX-XXxX-xXXxxXXXXxXX',
+    command: 'rescan',
     githubToken: "gh.xXx.XxX",
     configurationFiles: "one.yml two.yml, three.yml\nfour.yml  five.yaml,,six.yml,\n\n seven.yml, ",
     version: 'latest',
@@ -62,6 +68,8 @@ test('gather max inputs', () => {
   expect(utilities.gatherInputs()).toEqual({
     workspace: workspace,
     apiKey: 'testkey',
+    args: ['--scan-id XXxxXXXX-xXXX-xxXX-XXxX-xXXxxXXXXxXX'],
+    command: 'rescan',
     githubToken: "gh.xXx.XxX",
     configurationFiles: ['one.yml', 'two.yml', 'three.yml', 'four.yml', 'five.yaml', 'six.yml', 'seven.yml'],
     version: 'latest',
@@ -78,14 +86,28 @@ test('cli dry-run', () => {
   buildInput({
     dryRun: 'true',
     apiKey: 'hawk.xxxxXXXXxxXXxxxXXxXX.xxxXXxxxXXxxXXxxxXXX',
-    version: '2.1.0'
+    version: '2.1.0',
   });
   const inputs = utilities.gatherInputs();
   const cliCommand = utilities.buildCLICommand(inputs);
   expect(cliCommand)
       .toEqual(`hawk --api-key=hawk.xxxxXXXXxxXXxxxXXxXX.xxxXXxxxXXxxXXxxxXXX scan --repo-dir ${workspace} --cicd-platform github-action stackhawk.yml`);
 });
 
+test('cli dry-run args', () => {
+  buildInput({
+    dryRun: 'true',
+    apiKey: 'hawk.xxxxXXXXxxXXxxxXXxXX.xxxXXxxxXXxxXXxxxXXX',
+    version: '2.1.0',
+    command: 'rescan',
+    args: '--scan-id XXxxXXXX-xXXX-xxXX-XXxX-xXXxxXXXXxXX\n--debug true'
+  });
+  const inputs = utilities.gatherInputs();
+  const cliCommand = utilities.buildCLICommand(inputs);
+  expect(cliCommand)
+      .toEqual(`hawk --api-key=hawk.xxxxXXXXxxXXxxxXXxXX.xxxXXxxxXXxxXXxxxXXX rescan --repo-dir ${workspace} --cicd-platform github-action --scan-id XXxxXXXX-xXXX-xxXX-XXxX-xXXxxXXXXxXX --debug true stackhawk.yml`);
+});
+
 test('get download object', () => {
   const downloadObject = getDownloadObject('2.1.0', 'https://download.stackhawk.com/hawk/cli');
   expect(downloadObject.url).toEqual('https://download.stackhawk.com/hawk/cli/hawk-2.1.0.zip');

diff --git a/action.yml b/action.yml
@@ -6,6 +6,13 @@ inputs:
   apiKey:
     description: StackHawk API key
     required: true
+  args:
+    description: Arguments to be passed to the scan as a multi line option
+    required: false
+  command:
+    description: Command to be passed to HawkScan
+    default: scan
+    required: false
   dryRun:
     description: If set to `true`, show HawkScan commands, but don't run them
     required: false

diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/utilities.js b/src/utilities.js
@@ -58,19 +58,23 @@ module.exports.gatherInputs = function gatherInputs() {
     installCLIOnly : core.getInput('installCLIOnly') || 'false',
     sourceURL : core.getInput('sourceURL') || 'https://download.stackhawk.com/hawk/cli',
     verbose: core.getInput('verbose').toLowerCase() || 'false',
-    debug: core.getInput('debug').toLowerCase() || 'false'
+    debug: core.getInput('debug').toLowerCase() || 'false',
+    command: core.getInput('command').toLowerCase() || 'scan',
+    args: core.getMultilineInput('args', { required: false }),
   }
 }
 
 module.exports.buildCLICommand = function buildCLICommand(inputs) {
   const configurationFiles = stringifyArguments(inputs.configurationFiles);
+
   const cliCommand = (`hawk ` +
       `--api-key=${inputs.apiKey} ` +
-      `scan ` +
+      `${inputs.command} ` +
       `${(inputs.verbose === 'true') ? "--verbose " : ""}` +
       `${(inputs.debug === 'true') ? "--debug " : ""}` +
       `--repo-dir ${inputs.workspace} ` +
       `--cicd-platform github-action ` +
+      `${inputs.args.join(' ')} ` +
       `${configurationFiles}`);
   const cleanCliClean = cliCommand.replace(/  +/g, ' ')
   if (inputs.dryRun === 'true') {