integrated scanning abstraction

nleach999 · nleach999 · commit 88313e458778 · 2024-05-06T18:23:51.000-05:00
diff --git a/cxone_api/scanning.py b/cxone_api/scanning.py
@@ -2,14 +2,13 @@
 from . import CxOneClient
 from .util import json_on_ok
 from .exceptions import ScanException
+from requests import Response
 
 
 class ScanInvoker:
-
     @staticmethod
-    async def scan(cxone_client : CxOneClient, project_repo : ProjectRepoConfig, branch : str, engines : list = None , tags : dict = None, src_zip_path : str = None,
-                   clone_user : str = None, clone_cred_type : str = None, clone_cred_value : str = None) -> str:
-
+    async def scan_get_response(cxone_client : CxOneClient, project_repo : ProjectRepoConfig, branch : str, engines : list = None , tags : dict = None, src_zip_path : str = None,
+                   clone_user : str = None, clone_cred_type : str = None, clone_cred_value : str = None) -> Response:
         submit_payload = {}
 
         target_repo = await project_repo.repo_url
@@ -42,13 +41,7 @@ async def scan(cxone_client : CxOneClient, project_repo : ProjectRepoConfig, bra
             if target_repo is not None:
                 submit_payload["handler"]["repoUrl"] = target_repo
 
-            scan_submit_response = await cxone_client.execute_scan(submit_payload)
-
-            if not scan_submit_response.ok:
-                raise ScanException(f"Scan error for project {project_repo.project_id}: Status: {scan_submit_response.status_code} : {scan_submit_response.json()}")
-            
-            return json_on_ok(scan_submit_response)['id']
-
+            return  await cxone_client.execute_scan(submit_payload)
         else:
             submit_payload["repoOrigin"] = await project_repo.scm_type
             submit_payload["project"] = {
@@ -62,13 +55,21 @@ async def scan(cxone_client : CxOneClient, project_repo : ProjectRepoConfig, bra
 
             scm_org = await project_repo.scm_org
 
-            scan_submit_response = await cxone_client.execute_repo_scan(await project_repo.scm_id, project_repo.project_id, 
+            return await cxone_client.execute_repo_scan(await project_repo.scm_id, project_repo.project_id, 
                                                                         scm_org if scm_org is not None else "anyorg", submit_payload)
-            if not scan_submit_response.ok:
-                raise ScanException(f"Scan error for project {project_repo.project_id}: Status: {scan_submit_response.status_code} : {scan_submit_response.json()}")
-            
-            return None
-       
+
+    @staticmethod
+    async def scan_get_scanid(cxone_client : CxOneClient, project_repo : ProjectRepoConfig, branch : str, engines : list = None , tags : dict = None, src_zip_path : str = None,
+                   clone_user : str = None, clone_cred_type : str = None, clone_cred_value : str = None) -> str:
+        
+        response = await ScanInvoker.scan_get_response(cxone_client, project_repo, branch, engines, tags, src_zip_path, clone_user, clone_cred_type, clone_cred_value)
+        response_json = response.json()
+
+        if not response.ok:
+            raise ScanException(f"Scan error for project {project_repo.project_id}: Status: {response.status_code} : {response.json()}")
+        
+        return json_on_ok(response_json)['id'] if "id" in response_json.keys() else None
+
 
     @staticmethod
     async def __upload_zip(cxone_client : CxOneClient, zip_path : str) -> str:
diff --git a/scanner.py b/scanner.py
@@ -1,6 +1,9 @@
 #!/usr/bin/python3
 import logging, argparse, utils, asyncio
 from cxone_api import CxOneClient
+from cxone_api.scanning import ScanInvoker
+from cxone_api.projects import ProjectRepoConfig
+from cxone_api.util import json_on_ok
 from posix_ipc import Semaphore, BusyError, O_CREAT
 
 utils.configure_normal_logging()
@@ -15,6 +18,24 @@
 parser.add_argument('--branch', '-b', action='store', type=str, required=True, dest="branch", help="The code repository URL.")
 parser.add_argument('--schedule', '-s', action='store', type=str, required=False, default='unknown', dest="schedule", help="The schedule string assigned to the 'scheduled' scan tag.")
 
+
+async def should_scan(client : CxOneClient, project_repo : ProjectRepoConfig, branch : str) -> bool:
+    if not await project_repo.is_scm_imported:
+        running_scans = json_on_ok(await client.get_scans(tags_keys="scheduled", branch=branch, project_id=project_repo.project_id, statuses=['Queued', 'Running']))
+        if int(running_scans['filteredTotalCount']) == 0:
+            return True
+    else:
+        # It currently isn't possible to tag a scan created in a project that was import from SCM, so just look
+        # at the last scan in status Queued or Running.
+        potential_running_scan = json_on_ok(await client.get_projects_last_scan(branch=branch, limit=1, project_ids=[project_repo.project_id], scan_status="Running"))
+        potential_queued_scan = json_on_ok(await client.get_projects_last_scan(branch=branch, limit=1, project_ids=[project_repo.project_id], scan_status="Queued"))
+
+        if project_repo.project_id in potential_running_scan.keys() or project_repo.project_id in potential_queued_scan.keys():
+            return True
+
+    return False
+
+
 async def main():
     try:
         args = parser.parse_args()
@@ -51,31 +72,18 @@ async def main():
 
             try:
                 __log.debug(f"Semaphore acquired for {utils.make_safe_name(args.projectid, args.branch)}")
+                
+                project_repo = await ProjectRepoConfig.from_project_id(client, args.projectid)
 
                 # Do not submit a scheduled scan if a scheduled scan is already running.
-                scans = (await client.get_scans(tags_keys="scheduled", branch=args.branch, project_id=args.projectid, statuses=['Queued', 'Running'])).json()
-
-                if scans['filteredTotalCount'] == 0:
-                    scan_spec = {
-                        "type" : "git",
-                        "handler" : {
-                            "branch" : args.branch,
-                            "repoUrl" : args.repo
-                        },
-                        "project" : {
-                            "id" : args.projectid,
-                        },
-                        "config" : [{ "type" : x, "value" : {} } for x in args.engines],
-                        "tags" : tag
-                    }
-                   
-                    
-                    response = await client.execute_scan(scan_spec)
-                    if response.ok:
+                if await should_scan(client, project_repo, args.branch):
+
+                    scan_response = await ScanInvoker.scan_get_response(client, project_repo, args.branch, args.engines, tag)
+
+                    if scan_response.ok:
                         __log.info(f"Scanning project {args.projectid} branch {args.branch}")
                     else:
-                        __log.error(f"Failed to start scan for project {args.projectid} branch {args.branch}: {response.status_code}:{response.reason}")
-
+                        __log.error(f"Failed to start scan for project {args.projectid} branch {args.branch}: {scan_response.status_code}:{scan_response.json()}")
 
                 else:
                     __log.warning(f"Scheduled scan for project {args.projectid} branch {args.branch} is already running, skipping.")
