From a93345b3492dea0154c2f21a77912ce10a29f29d Mon Sep 17 00:00:00 2001
From: Faiz Hasan <fhasan@seek.com.au>
Date: Thu, 31 Oct 2019 09:59:41 +1100
Subject: [PATCH] Artifactory credentials passed in directly as environment
 variables (#28)

* provide artifactory url to snyk

* log out artifactory url

* just use env vars for artifactory

* extract out artifactory env variables for safe usage
---
 hooks/command | 32 +++++++++++---------------------
 plugin.yml    |  6 +-----
 snyk.py       | 46 ++++++++++++++++++++++++++--------------------
 3 files changed, 38 insertions(+), 46 deletions(-)

diff --git a/hooks/command b/hooks/command
index dc08438..831cb2d 100755
--- a/hooks/command
+++ b/hooks/command
@@ -22,46 +22,46 @@ then
   export ALLSUBPROJECTS=$BUILDKITE_PLUGIN_SNYK_ALLSUBPROJECTS
 fi
 
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_LANGUAGE" ]]; 
+if [[ -n "$BUILDKITE_PLUGIN_SNYK_LANGUAGE" ]];
 then
   echo "Language: $BUILDKITE_PLUGIN_SNYK_LANGUAGE"
   export LANGUAGE=$BUILDKITE_PLUGIN_SNYK_LANGUAGE
 fi
 
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_SCANDEVDEPS" ]]; 
+if [[ -n "$BUILDKITE_PLUGIN_SNYK_SCANDEVDEPS" ]];
 then
   export SCAN_DEV_DEPS=$BUILDKITE_PLUGIN_SNYK_SCANDEVDEPS
 fi
 
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_ORG" ]]; 
+if [[ -n "$BUILDKITE_PLUGIN_SNYK_ORG" ]];
 then
   echo "Org: $BUILDKITE_PLUGIN_SNYK_ORG"
   export ORG=$BUILDKITE_PLUGIN_SNYK_ORG
 fi
 
 # path to dependency file
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_PATH" ]]; 
+if [[ -n "$BUILDKITE_PLUGIN_SNYK_PATH" ]];
 then
   echo "Path: $BUILDKITE_PLUGIN_SNYK_PATH"
   export DEPENDENCY_PATH=$BUILDKITE_PLUGIN_SNYK_PATH
 fi
 
 # extract repository name
-if [[ -n "$BUILDKITE_REPO" ]]; 
+if [[ -n "$BUILDKITE_REPO" ]];
 then
   echo "Repository: $BUILDKITE_REPO"
   export REPOSITORY=$(echo $BUILDKITE_REPO | sed 's/.*:// ; s/.git//')
 fi
 
 # extract repository slug
-if [[ -n "$BUILDKITE_PIPELINE_SLUG" ]]; 
+if [[ -n "$BUILDKITE_PIPELINE_SLUG" ]];
 then
   echo "Pipeline slug: $BUILDKITE_PIPELINE_SLUG"
   export REPOSITORY_SLUG=$BUILDKITE_PIPELINE_SLUG
 fi
 
 # setting severity
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_SEVERITY" ]]; 
+if [[ -n "$BUILDKITE_PLUGIN_SNYK_SEVERITY" ]];
 then
   echo "Severity: $BUILDKITE_PLUGIN_SNYK_SEVERITY"
   export SEVERITY=$BUILDKITE_PLUGIN_SNYK_SEVERITY
@@ -70,29 +70,18 @@ else
 fi
 
 # npm token
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_NPMTOKEN" ]]; 
+if [[ -n "$BUILDKITE_PLUGIN_SNYK_NPMTOKEN" ]];
 then
   export NPM_TOKEN=$(printenv $BUILDKITE_PLUGIN_SNYK_NPMTOKEN)
 fi
 
-# artifactory credentials
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_ARTIFACTORYUSERNAME" ]]; 
-then
-  export ARTIFACTORY_USERNAME=$BUILDKITE_PLUGIN_SNYK_ARTIFACTORYUSERNAME
-fi
-
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_ARTIFACTORYPASSWORD" ]]; 
-then
-  export ARTIFACTORY_PASSWORD=$(printenv $BUILDKITE_PLUGIN_SNYK_ARTIFACTORYPASSWORD)
-fi
-
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_SUBDIRECTORY" ]]; 
+if [[ -n "$BUILDKITE_PLUGIN_SNYK_SUBDIRECTORY" ]];
 then
   export SUB_DIRECTORY=$BUILDKITE_PLUGIN_SNYK_SUBDIRECTORY
 fi
 
 # package manager experimental flag
-if [[ -n "$BUILDKITE_PLUGIN_SNYK_PACKAGEMANAGER" ]]; 
+if [[ -n "$BUILDKITE_PLUGIN_SNYK_PACKAGEMANAGER" ]];
 then
   export PACKAGE_MANAGER=$BUILDKITE_PLUGIN_SNYK_PACKAGEMANAGER
 fi
@@ -116,6 +105,7 @@ docker run \
   -e BLOCK \
   -e SEVERITY \
   -e NPM_TOKEN \
+  -e ARTIFACTORY_URL \
   -e ARTIFACTORY_USERNAME \
   -e ARTIFACTORY_PASSWORD \
   -e ALLSUBPROJECTS \
diff --git a/plugin.yml b/plugin.yml
index 0753984..ed30124 100644
--- a/plugin.yml
+++ b/plugin.yml
@@ -16,10 +16,6 @@ configuration:
       type: string
     severity:
       type: string
-    artifactoryUsername:
-      type: string
-    artifactoryPassword:
-      type: string
     org:
       type: string
     scanDevDeps:
@@ -32,4 +28,4 @@ configuration:
       type: boolean
   required:
     - org
-    - language
\ No newline at end of file
+    - language
diff --git a/snyk.py b/snyk.py
index efc0ea2..eb108af 100644
--- a/snyk.py
+++ b/snyk.py
@@ -26,9 +26,12 @@
     VERSION = os.environ['VERSION']
     PLUGIN_NAME = os.environ['PLUGIN_NAME']
     METRICS_TOPIC_ARN = os.environ['METRICS_TOPIC_ARN']
-    REPOSITORY_SLUG = os.environ['REPOSITORY_SLUG'] 
+    REPOSITORY_SLUG = os.environ['REPOSITORY_SLUG']
     ORG = os.environ['ORG']
-    NPM_TOKEN = os.environ['NPM_TOKEN'] if 'NPM_TOKEN' in os.environ else ''    
+    ARTIFACTORY_URL = os.environ['ARTIFACTORY_URL'] if 'ARTIFACTORY_URL' in os.environ else ''
+    ARTIFACTORY_USERNAME = os.environ['ARTIFACTORY_USERNAME'] if 'ARTIFACTORY_USERNAME' in os.environ else ''
+    ARTIFACTORY_PASSWORD = os.environ['ARTIFACTORY_PASSWORD'] if 'ARTIFACTORY_PASSWORD' in os.environ else ''
+    NPM_TOKEN = os.environ['NPM_TOKEN'] if 'NPM_TOKEN' in os.environ else ''
     SUB_DIRECTORY = os.environ['SUB_DIRECTORY'] if 'SUB_DIRECTORY' in os.environ else ''
     PACKAGE_MANAGER = os.environ['PACKAGE_MANAGER'] if 'PACKAGE_MANAGER' in os.environ else ''
     BLOCK = False if 'BLOCK' in os.environ and 'false' in os.environ['BLOCK'] else True
@@ -72,8 +75,8 @@ def configure_node():
     if SUB_DIRECTORY:
         print(f'Moving into sub directory: {SUB_DIRECTORY}')
         os.chdir(SUB_DIRECTORY)
-    
-    if NPM_TOKEN: 
+
+    if NPM_TOKEN:
         with open('.npmrc', 'a') as f:
             f.write('//registry.npmjs.org/:_authToken={}'.format(NPM_TOKEN))
     if 'package-lock.json' in PATH or 'yarn.lock' in PATH:
@@ -83,9 +86,9 @@ def configure_node():
         subprocess.run(['npm', 'install', '-s'])
 
 def configure_scala():
-    print('Configuring scala!\n')
-    if 'ARTIFACTORY_USERNAME' in os.environ and 'ARTIFACTORY_PASSWORD' in os.environ:
-        print('Configuring artifactory username and password')
+    print('Configuring scala.\n')
+    if ARTIFACTORY_URL and ARTIFACTORY_USERNAME and ARTIFACTORY_PASSWORD:
+        print('Configuring artifactory endpoint and credentials')
         if os.path.isdir(REPOSITORY):
             print(f'Moving into directory: {REPOSITORY}')
             os.chdir(REPOSITORY)
@@ -96,19 +99,22 @@ def configure_scala():
             print('Cannot determine directory for Snyk testing - exiting')
             exit(0)
 
-        gradle_properties='gradle.properties'
-        if os.path.isfile(gradle_properties):
-            print('gradle.properties exists in current directory!')
-        else:
-            print('gradle.properties will be created!')
+        if os.path.isfile('build.gradle'):
+            gradle_properties='gradle.properties'
+
+            if os.path.isfile(gradle_properties):
+                print('gradle.properties exists in current directory.')
+            else:
+                print('gradle.properties will be created.')
+
+            with open(gradle_properties, 'a') as f:
+                f.write('\n')
+                f.write('artifactoryUrl={}\n'.format(ARTIFACTORY_URL))
+                f.write('artifactoryUsername={}\n'.format(ARTIFACTORY_USERNAME))
+                f.write('artifactoryPassword={}\n'.format(ARTIFACTORY_PASSWORD))
 
-        with open(gradle_properties, 'a') as f:
-            f.write('\n')
-            f.write('artifactoryUsername={}\n'.format(os.environ['ARTIFACTORY_USERNAME']))
-            f.write('artifactoryPassword={}\n'.format(os.environ['ARTIFACTORY_PASSWORD']))
-            
     else:
-        print('Artifactory username/password not specified!')
+        print('Artifactory endpoint/credentials are not specified!')
         os.chdir(REPOSITORY)
 
 def check_for_snyk_test_error(result):
@@ -238,10 +244,10 @@ def snyk_monitor():
     if PACKAGE_MANAGER:
         command.append(f'--packageManager={PACKAGE_MANAGER}')
 
-    
+
     response = subprocess.run(command, stdout=subprocess.PIPE)
     results = json.loads(response.stdout.decode())
-    
+
     global MONITOR_SUCCESS
     MONITOR_SUCCESS = True