JAVA-3738 add InstallAgent task to download and install agent

Contrast-Security-OSS · Dec 17, 2024 · c33547a · c33547a
1 parent e47365f
commit c33547a
Show file tree

Hide file tree

Showing 13 changed files with 620 additions and 89 deletions.
diff --git a/README.md b/README.md
@@ -9,5 +9,6 @@ Each sub-project is a standalone build, with their own maven/gradle builds.
 
 [Maven Plugin](maven-plugin/README.md)
 
+[Gradle Plugin](gradle-plugin/README.md)
 
 
diff --git a/gradle-plugin/README.md b/gradle-plugin/README.md
@@ -0,0 +1,73 @@
+# Contrast Gradle Plugin
+
+Gradle plugin for including the Contrast Security analysis in Java web applications 
+
+Requires gradle version 8.3+
+
+## Building
+
+Use `./gradlew build` to build the plugin
+
+
+```shell
+./gradlew publishToMavenLocal
+```
+
+
+## Tasks
+The `installAgent` task takes in your configuration as defined by the `contrastConfiguration` block and attaches the java agent to all Test tasks for your project.
+If no Agent is provided, the plugin will attempt to download the current Java Agent available on TeamServer, at the endpoint provided in the configuration.
+
+
+## Configuration 
+This plugin is configured via the `contrastConfiguration` block in your projects `gradle.build` script
+```shell
+contrastConfiguration{
+  username = '<username>'
+  apiKey = '<apiKey>'
+  serviceKey = '<serviceKey>'
+  apiUrl = '<apiUrl>'
+  orgUuid = '<orgUuid>'
+  appName = '<appName>'
+  serverName = '<serverName>'
+  appVersion = '<appVersion>'
+  jarPath = "<path.to.local.agent.jar>"
+}
+```
+
+### AppName
+If no app name is configured the plugin will use the gradle project's name instead
+
+### AppVersion
+TODO: If no version is provided, the plugin will generate one based on the current Travis build number
+
+Attaching the Java agent with this plugin relies on your API credentials being set in the following env variables:
+
+### Running with your tests
+The plugin will add jvm arguments for your run tests, but only if `installAgent` is run as a dependency for the test task.
+To have your tests run with the agent add the following configuration to your project's `build.gradle` file
+```shell
+tasks.named("test").configure {
+  dependsOn("installAgent")
+}
+```
+TODO auto attach to tests
+
+## Developement
+### Publishing to MavenLocal
+To publish this plugin to your mavenLocal apply the `maven-publish` plugin to this project's `build.gradle` file and run:
+In order to run the plugin's end-to-end tests, you must configure these variables in your environment
+
+
+### End to End testing
+```shell
+export CONTRAST__API__URL=https://app.contrastsecurity.com/Contrast ##Use your standard endpoint for the org, the plugin will apply `/api` for the restapi functionality
+export CONTRAST__API__USER_NAME=<your-user-name>
+export CONTRAST__API__API_KEY=<your-api-key>
+export CONTRAST__API__SERVICE_KEY=<your-service-key>
+export CONTRAST__API__ORGANIZATION_ID=<your-organization-id>
+```
+To enable end-to-end testing, these variables must be present and you must use the property `e2e`
+```shell
+./gradkew test -Pe2e
+```
diff --git a/gradle-plugin/build.gradle b/gradle-plugin/build.gradle
@@ -2,6 +2,7 @@ plugins {
     id 'java'
     id 'java-gradle-plugin'
     id 'com.diffplug.spotless' version("6.10.0")
+    id 'maven-publish'
 }
 
 version = '0.1'
@@ -48,10 +49,23 @@ spotless{
 }
 
 dependencies {
+    implementation("com.contrastsecurity:contrast-sdk-java:3.4.2")
     testImplementation platform('org.junit:junit-bom:5.9.1')
     testImplementation 'org.junit.jupiter:junit-jupiter'
 }
 
+var e2eTests = "com/contrastsecurity/gradle/plugin/e2e/EndToEndTests.*"
+
+
 test {
+    if(!project.hasProperty("e2e")){
+        exclude(e2eTests)
+    }
+
     useJUnitPlatform()
+    environment = ["CONTRAST__API__USER_NAME"      : System.getenv("CONTRAST__API__USER_NAME"),
+        "CONTRAST__API__URL"            : System.getenv("CONTRAST__API__URL"),
+        "CONTRAST__API__SERVICE_KEY"    : System.getenv("CONTRAST__API__SERVICE_KEY"),
+        "CONTRAST__API__API_KEY"        : System.getenv("CONTRAST__API__API_KEY"),
+        "CONTRAST__API__ORGANIZATION_ID": System.getenv("CONTRAST__API__ORGANIZATION_ID")]
 }
diff --git a/...ugin/src/main/java/com/contrastsecurity/gradle/plugin/ContrastConfigurationExtension.java b/...ugin/src/main/java/com/contrastsecurity/gradle/plugin/ContrastConfigurationExtension.java
@@ -0,0 +1,95 @@
+package com.contrastsecurity.gradle.plugin;
+
+/** Extension for configuring TeamServer API Credentials for downloading agent */
+public class ContrastConfigurationExtension {
+  private String username;
+  private String apiKey;
+  private String serviceKey;
+  private String apiUrl;
+  private String orgUuid;
+  private String appName;
+  private String serverName;
+  private String jarPath;
+  private String appVersion;
+  private boolean attachToTests;
+
+  public void setUsername(final String username) {
+    this.username = username;
+  }
+
+  public void setApiKey(final String apiKey) {
+    this.apiKey = apiKey;
+  }
+
+  public void setServiceKey(final String serviceKey) {
+    this.serviceKey = serviceKey;
+  }
+
+  public void setApiUrl(final String apiUrl) {
+    this.apiUrl = apiUrl;
+  }
+
+  public void setOrgUuid(final String orgUuid) {
+    this.orgUuid = orgUuid;
+  }
+
+  public void setAppName(final String appName) {
+    this.appName = appName;
+  }
+
+  public void setServerName(final String serverName) {
+    this.serverName = serverName;
+  }
+
+  public void setJarPath(final String jarPath) {
+    this.jarPath = jarPath;
+  }
+
+  public void setAppVersion(final String appVersion) {
+    this.appVersion = appVersion;
+  }
+
+  public void setAttachToTests(final boolean attachToTests) {
+    this.attachToTests = attachToTests;
+  }
+
+  public String getUsername() {
+    return username;
+  }
+
+  public String getApiKey() {
+    return apiKey;
+  }
+
+  public String getServiceKey() {
+    return serviceKey;
+  }
+
+  public String getApiUrl() {
+    return apiUrl;
+  }
+
+  public String getOrgUuid() {
+    return orgUuid;
+  }
+
+  public String getAppName() {
+    return appName;
+  }
+
+  public String getServerName() {
+    return serverName;
+  }
+
+  public String getJarPath() {
+    return jarPath;
+  }
+
+  public String getAppVersion() {
+    return appVersion;
+  }
+
+  public boolean getAttachToTests() {
+    return attachToTests;
+  }
+}
diff --git a/gradle-plugin/src/main/java/com/contrastsecurity/gradle/plugin/ContrastGradlePlugin.java b/gradle-plugin/src/main/java/com/contrastsecurity/gradle/plugin/ContrastGradlePlugin.java
@@ -8,11 +8,14 @@
  * href=https://contrast.atlassian.net/browse/JAVA-8252>JAVA-8252</a>
  */
 public class ContrastGradlePlugin implements Plugin<Project> {
+
   public void apply(final Project target) {
-    target
-        .getTasks()
-        .register("hello", task -> task.doLast(s -> System.out.println("HelloWorld!")));
 
-    target.getTasks().register("empty", EmptyTask.class);
+    ContrastConfigurationExtension extension =
+        target.getExtensions().create(EXTENSION_NAME, ContrastConfigurationExtension.class);
+
+    target.getTasks().register("installAgent", InstallAgentTask.class);
   }
+
+  public static final String EXTENSION_NAME = "contrastConfiguration";
 }
diff --git a/gradle-plugin/src/main/java/com/contrastsecurity/gradle/plugin/EmptyTask.java b/gradle-plugin/src/main/java/com/contrastsecurity/gradle/plugin/EmptyTask.java
Original file line number	Diff line number	Diff line change
Expand Up		@@ -9,5 +9,6 @@ Each sub-project is a standalone build, with their own maven/gradle builds.

		[Maven Plugin](maven-plugin/README.md)

		[Gradle Plugin](gradle-plugin/README.md)