From 837e6d5175a829f55c276018e472f6cf5e86597d Mon Sep 17 00:00:00 2001
From: Miguel Freitas <13312380+miguelfreitas93@users.noreply.github.com>
Date: Tue, 16 Jun 2020 16:28:52 +0100
Subject: [PATCH] add default exclusions to OSA Scans, improve gitignore, start
 to support OSA Github issues

---
 .gitignore                              |  3 ++-
 src/cli/osa.js                          |  9 ++++++++-
 src/github/github.js                    | 18 +++++++++---------
 src/index.js                            | 22 ++++++++++++----------
 src/report/osareport.js                 |  0
 src/report/{report.js => sastreport.js} |  0
 6 files changed, 31 insertions(+), 21 deletions(-)
 create mode 100644 src/report/osareport.js
 rename src/report/{report.js => sastreport.js} (100%)

diff --git a/.gitignore b/.gitignore
index 87c1adb0..040b9c15 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,5 @@ cxcli.zip
 log.log
 report.xml
 report.json
-OSADependencies.json
\ No newline at end of file
+OSADependencies.json
+OsaReports
\ No newline at end of file
diff --git a/src/cli/osa.js b/src/cli/osa.js
index 6da60abd..66326051 100644
--- a/src/cli/osa.js
+++ b/src/cli/osa.js
@@ -2,8 +2,10 @@ const core = require('@actions/core')
 const path = require('path')
 const utils = require('../utils/utils.js')
 const inputs = require('../github/inputs.js')
+const cxexclusions = require('../utils/exclusions.js')
 const envs = process.env
 const GITHUB_WORKSPACE = envs.GITHUB_WORKSPACE
+const DEFAULT_FOLDER_EXCLUSIONS = cxexclusions.getOsaFolderExclusions()
 
 function getOsaCmd(server, action, skipIfFail) {
     if (utils.isValidUrl(server) && utils.isValidAction(action)) {
@@ -25,6 +27,11 @@ function getOsaCmd(server, action, skipIfFail) {
         let osaFilesInclude = inputs.getString(inputs.CX_OSA_FILES_INCLUDE, false)
         let osaFilesExclude = inputs.getString(inputs.CX_OSA_FILES_EXCLUDE, false)
         let osaPathExclude = inputs.getString(inputs.CX_OSA_PATH_EXCLUDE, false)
+        if (osaPathExclude != DEFAULT_FOLDER_EXCLUSIONS && osaPathExclude.length > 0) {
+            osaPathExclude = DEFAULT_FOLDER_EXCLUSIONS + "," + osaPathExclude.trim()
+        } else {
+            osaPathExclude = DEFAULT_FOLDER_EXCLUSIONS
+        }
         let osaReportHtml = inputs.getString(inputs.CX_OSA_REPORT_HTML, false)
         let osaReportPDF = inputs.getString(inputs.CX_OSA_REPORT_PDF, false)
         let osaDepth = inputs.getInt(inputs.CX_OSA_DEPTH, false)
@@ -36,7 +43,7 @@ function getOsaCmd(server, action, skipIfFail) {
             core.info(inputs.CX_GITHUB_ISSUES + ' : ' + cxGithubIssues)
             if (cxGithubIssues && cxGithubIssues != "false") {
                 if (!utils.isValidString(osaJson)) {
-                    osaJson = GITHUB_WORKSPACE + path.sep + "report.json"
+                    osaJson = GITHUB_WORKSPACE + path.sep + "OsaReports"
                     core.info(inputs.CX_OSA_JSON + ' will be the default: ' + osaJson)
                 } else {
                     core.info(inputs.CX_OSA_JSON + ' : ' + osaJson)
diff --git a/src/github/github.js b/src/github/github.js
index 22f00239..d1f4ab93 100644
--- a/src/github/github.js
+++ b/src/github/github.js
@@ -1,6 +1,7 @@
 const core = require('@actions/core')
 const github = require('@actions/github')
-const report = require('../report/report')
+const sastreport = require('../report/sastreport')
+const osareport = require('../report/osareport')
 const inputs = require("./inputs")
 const utils = require('../utils/utils')
 const envs = process.env
@@ -11,7 +12,6 @@ const GITHUB_STATE_CLOSED = "closed"
 const GITHUB_EVENT_PUSH = "push"
 const GITHUB_EVENT_PULL_REQUEST = "pull_request"
 
-
 function getToken() {
     let token = ""
     let createGithubIssues = inputs.getBoolean(inputs.CX_GITHUB_ISSUES, false)
@@ -51,8 +51,8 @@ async function createIssues(cxAction) {
         const octokit = github.getOctokit(token)
         if (octokit) {
             if (cxAction == utils.SCAN) {
-                let xmlPath = report.getXmlReportPath(workspace)
-                let issues = report.getIssuesFromXml(xmlPath, repository, commitSha)
+                let xmlPath = sastreport.getXmlReportPath(workspace)
+                let issues = sastreport.getIssuesFromXml(xmlPath, repository, commitSha)
                 if (issues) {
                     let repositoryIssues = await getIssues(owner, repo, octokit)
                     let resolvedIssues = 0
@@ -62,13 +62,13 @@ async function createIssues(cxAction) {
                     for (let i = 0; i < issues.length; i++) {
                         let issue = issues[i]
 
-                        const title = report.getTitle(issue)
-                        const body = report.getBody(issue)
-                        let issueGithubLabels = report.getLabels(githubLabels, issue)
+                        const title = sastreport.getTitle(issue)
+                        const body = sastreport.getBody(issue)
+                        let issueGithubLabels = sastreport.getLabels(githubLabels, issue)
 
 
                         let state = GITHUB_STATE_OPEN
-                        if (issue.resultState == report.NOT_EXPLOITABLE) {
+                        if (issue.resultState == sastreport.NOT_EXPLOITABLE) {
                             state = GITHUB_STATE_CLOSED
                         }
 
@@ -106,7 +106,7 @@ async function createIssues(cxAction) {
                         }
                     }
 
-                    let summary = report.getSummary(issues, newIssues, recurrentIssues, resolvedIssues, reopenedIssues)
+                    let summary = sastreport.getSummary(issues, newIssues, recurrentIssues, resolvedIssues, reopenedIssues)
                     await createCommitComment(owner, repo, octokit, commitSha, summary, null, null)
                     if (event == GITHUB_EVENT_PULL_REQUEST) {
                         const pull_number = parseInt(envs.GITHUB_REF.replace("/merge", "").replace("refs/pull/", ""))
diff --git a/src/index.js b/src/index.js
index f3999a20..0bd2d933 100644
--- a/src/index.js
+++ b/src/index.js
@@ -75,7 +75,7 @@ async function run() {
             core.info("No " + inputs.CX_VERSION + " valid input provided : " + version + " version will be used instead of " + cxVersion.toString())
         }
 
-        if(action == utils.SCA_SCAN || action == utils.ASYNC_SCA_SCAN){
+        if (action == utils.SCA_SCAN || action == utils.ASYNC_SCA_SCAN) {
             //Force version for SCA
             version = "2020"
         }
@@ -173,15 +173,17 @@ async function run() {
 
         core.info("[END] Read Inputs...\n")
 
-        try {
-            await cxcli.downloadCli(version, skipIfFail)
-        } catch (e) {
-            return inputs.coreError(e.message, skipIfFail)
-        }
-        try {
-            let output = await cxcli.executeCommand(command, skipIfFail)
-        } catch (e) {
-            return inputs.coreError(e.message, skipIfFail)
+        if (envs.TEST) {
+            try {
+                await cxcli.downloadCli(version, skipIfFail)
+            } catch (e) {
+                return inputs.coreError(e.message, skipIfFail)
+            }
+            try {
+                let output = await cxcli.executeCommand(command, skipIfFail)
+            } catch (e) {
+                return inputs.coreError(e.message, skipIfFail)
+            }
         }
         if (cxAction == utils.SCAN || cxAction == utils.OSA_SCAN) {
             await cxgithub.createIssues(cxAction)
diff --git a/src/report/osareport.js b/src/report/osareport.js
new file mode 100644
index 00000000..e69de29b
diff --git a/src/report/report.js b/src/report/sastreport.js
similarity index 100%
rename from src/report/report.js
rename to src/report/sastreport.js