Integration: PLUG 619 622 297 (#204)

* Scan with specific errors can be suppressed so that pipelines will continue with next steps.

* Fixed: Sonarqube code smells

* Fetch team by id from SCA access control

* Preset ID resolution and handling for special preset zero (Project Default)

Co-authored-by: AMKiranKumar <[email protected]>
Co-authored-by: Carlos Acosta <[email protected]>
Co-authored-by: umeshwaghode <[email protected]>

.gitignore

@@ -20,3 +20,4 @@ bin/
 #Jenkins specific out
 *.hpi
 classes/
+*.dummy

pom.xml

@@ -207,7 +207,6 @@
                 </exclusion>
 
                 <!--causing vulnerabilities in the osa scan of the project, excluded and newer dependencies imported instead -->
-                <!-- TODO: remove these excludes once its solved in the fsa-->
                 <exclusion>
                     <groupId>com.beust</groupId>
                     <artifactId>jcommander</artifactId>

src/main/java/com/cx/restclient/CxSASTClient.java

@@ -107,6 +107,7 @@ public class CxSASTClient extends LegacyClient implements Scanner {
     private static final String SWAGGER_LOCATION = "help/swagger/docs/v1.1";
     private static final String ZIPPED_SOURCE = "zippedSource";
     private static final String SAST_SCAN= "SAST scan status";
+    private static final String MSG_AVOID_DUPLICATE_PROJECT_SCANS= "\nAvoid duplicate project scans in queue\n";
 
     private String language = "en-US";
 
@@ -273,7 +274,7 @@ private void createSASTScan(long projectId) {
             log.info("-----------------------------------Create CxSAST Scan:------------------------------------");
             if (config.isAvoidDuplicateProjectScans() != null && config.isAvoidDuplicateProjectScans() && projectHasQueuedScans(projectId)) {
             	dupScanFound = true;
-                throw new CxClientException("\nAvoid duplicate project scans in queue\n");
+                throw new CxClientException(MSG_AVOID_DUPLICATE_PROJECT_SCANS);
             }
             if (config.getRemoteType() == null) { //scan is local
                 scanId = createLocalSASTScan(projectId);
@@ -282,11 +283,12 @@ private void createSASTScan(long projectId) {
             }
             sastResults.setSastLanguage(language);
             sastResults.setScanId(scanId);
-            log.info("SAST scan created successfully: Scan ID is " + scanId);
+            log.info("SAST scan created successfully: Scan ID is {}", scanId);
             sastResults.setSastScanLink(config.getUrl(), scanId, projectId);
         } catch (Exception e) {
             log.error(e.getMessage());
             setState(State.FAILED);
+            errorToBeSuppressed(e);
             if(!config.getContinueBuild() && (!dupScanFound)) {
             sastResults.setException(new CxClientException(e));
             }
@@ -392,6 +394,34 @@ private void configureScanSettings(long projectId) throws IOException {
         defineScanSetting(scanSettingRequest);
     }
 
+	private boolean errorToBeSuppressed(Exception error) {
+
+		if (error instanceof ConditionTimeoutException && config.getContinueBuild()) {
+			sastResults = getLatestScanResults();
+			if (super.isIsNewProject() && sastResults.getSastScanLink() == null) {
+				String message = String
+						.format("Continue with timed out option is enabled. The project %s is a new project. "
+								+ "Hence there is no last scan report to be shown.", config.getProjectName());
+				log.info(message);
+				setState(State.SUCCESS);
+				return true;
+			}
+		} else if (error.getMessage().contains("source folder is empty,") || (sastResults.getException() != null && sastResults.getException().getMessage().contains("No files to zip"))) {
+			sastResults.setException(null);
+			setState(State.SUCCESS);
+			return true;
+		} else if (error.getMessage().contains("No files to zip")) { 
+			sastResults = new SASTResults();
+			sastResults.setException(new CxClientException(error));
+			setState(State.SUCCESS);
+		} else if (error.getMessage().equalsIgnoreCase(MSG_AVOID_DUPLICATE_PROJECT_SCANS)) {
+			setState(State.SUCCESS);
+			return true;
+
+		}
+		return false;
+	}
+
 
     //GET SAST results + reports
     @Override
@@ -401,24 +431,19 @@ public Results waitForScanResults() {
             //wait for SAST scan to finish
             log.info("Waiting for CxSAST scan to finish.");
             try {
-            	 
+
 				sastWaiter.waitForTaskToFinish(Long.toString(scanId), config.getSastScanTimeoutInMinutes() * 60, log);
 				log.info("Retrieving SAST scan results");
 				//retrieve SAST scan results
 				sastResults = retrieveSASTResults(scanId, projectId);
 			} catch (ConditionTimeoutException e) {
-				if (config.getContinueBuild()) {
-					sastResults = getLatestScanResults();
-					if (super.isIsNewProject() && sastResults.getSastScanLink() == null) {
-						String message = String
-								.format("Continue with timed out option is enabled. The project %s is a new project. "
-										+ "Hence there is no last scan report to be shown.", config.getProjectName());
-						log.info(message);
-					}
-				} else {
+				errorToBeSuppressed(e);
+				if (!config.getContinueBuild()) {
 					// throw the exception so that caught by outer catch
 					throw new Exception(e.getMessage());
 				}
+			} catch (CxClientException | IOException  e) {
+				errorToBeSuppressed(e);
 			}
             if (config.getEnablePolicyViolations()) {
                 resolveSASTViolation(sastResults, projectId);
@@ -455,6 +480,7 @@ else if (!config.getReports().isEmpty()) {
             }
         } catch (Exception e) {
             log.error(e.getMessage());
+            errorToBeSuppressed(e);
             sastResults.setException(new CxClientException(e));
         }