Excluded directory '.pipeline' for detectExecuteScan step (#4955)

* Excluded directory './pipeline' for detectExecuteScan step

* fixed unit-tests

* changed config path from "pipeline/*" to ".pipeline/*"

* Refactor exclude handling

---------

Co-authored-by: Vijayan T <[email protected]>

Author: akram8008

cmd/detectExecuteScan.go

@@ -142,6 +142,8 @@ func newBlackduckSystem(config detectExecuteScanOptions) *blackduckSystem {
 	return &sys
 }
 
+const configPath = ".pipeline/*"
+
 func detectExecuteScan(config detectExecuteScanOptions, _ *telemetry.CustomData, influx *detectExecuteScanInflux) {
 	influx.step_data.fields.detect = false
 
@@ -454,9 +456,8 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
 
 	}
 
-	if len(config.ExcludedDirectories) != 0 && !checkIfArgumentIsInScanProperties(config, "detect.excluded.directories") {
-		args = append(args, fmt.Sprintf("--detect.excluded.directories=%s", strings.Join(config.ExcludedDirectories, ",")))
-	}
+	// Handle excluded directories
+	handleExcludedDirectories(&args, &config)
 
 	if config.Unmap {
 		if !piperutils.ContainsString(config.ScanProperties, "--detect.project.codelocation.unmap=true") {
@@ -1121,3 +1122,33 @@ func logConfigInVerboseMode(config detectExecuteScanOptions) {
 	debugLog, _ := json.Marshal(config)
 	log.Entry().Debugf("Detect configuration: %v", string(debugLog))
 }
+
+func handleExcludedDirectories(args *[]string, config *detectExecuteScanOptions) {
+	index := findItemInStringSlice(config.ScanProperties, "detect.excluded.directories")
+	if index != -1 && !strings.Contains(config.ScanProperties[index], configPath) {
+		config.ScanProperties[index] += "," + configPath
+	} else {
+		config.ExcludedDirectories = excludeConfigDirectory(config.ExcludedDirectories)
+		*args = append(*args, fmt.Sprintf("--detect.excluded.directories=%s", strings.Join(config.ExcludedDirectories, ",")))
+	}
+}
+
+func excludeConfigDirectory(directories []string) []string {
+	configDirectory := configPath
+	for i := range directories {
+		if directories[i] == configDirectory {
+			return directories
+		}
+	}
+	directories = append(directories, configDirectory)
+	return directories
+}
+
+func findItemInStringSlice(slice []string, item string) int {
+	for i := range slice {
+		if strings.Contains(slice[i], item) {
+			return i
+		}
+	}
+	return -1
+}

cmd/detectExecuteScan_test.go

@@ -315,15 +315,15 @@ func TestRunDetect(t *testing.T) {
 		assert.NoError(t, err)
 		assert.Equal(t, ".", utilsMock.Dir, "Wrong execution directory used")
 		assert.Equal(t, "/bin/bash", utilsMock.Shell[0], "Bash shell expected")
-		expectedScript := "./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'"
+		expectedScript := "./detect.sh --detect.excluded.directories=.pipeline/* --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'"
 		assert.Equal(t, expectedScript, utilsMock.Calls[0])
 	})
 
 	t.Run("failure case", func(t *testing.T) {
 		t.Parallel()
 		ctx := context.Background()
 		utilsMock := newDetectTestUtilsBundle(false)
-		utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'": fmt.Errorf("")}
+		utilsMock.ShouldFailOnCommand = map[string]error{"./detect.sh --detect.excluded.directories=.pipeline/* --blackduck.url= --blackduck.api.token= \"--detect.project.name=\" \"--detect.project.version.name=\" \"--detect.code.location.name=\" \"--detect.force.success.on.skip=true\" --detect.source.path='.'": fmt.Errorf("")}
 		utilsMock.ExitCode = 3
 		utilsMock.AddFile("detect.sh", []byte(""))
 		err := runDetect(ctx, detectExecuteScanOptions{FailOnSevereVulnerabilities: true}, utilsMock, &detectExecuteScanInflux{})
@@ -405,7 +405,7 @@ func TestAddDetectArgs(t *testing.T) {
 				"--testProp1=1",
 				"--detect.detector.search.depth=100",
 				"--detect.detector.search.continue=true",
-				"--detect.excluded.directories=dir1,dir2",
+				"--detect.excluded.directories=dir1,dir2,.pipeline/*",
 				"--scan1=1",
 				"--scan2=2",
 				"--blackduck.url=https://server.url",
@@ -434,6 +434,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
 				"\"--detect.project.name=testName\"",
@@ -462,6 +463,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
 				"\"--detect.project.name=testName\"",
@@ -491,6 +493,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
 				"\"--detect.project.name=testName\"",
@@ -521,6 +524,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--detect.project.codelocation.unmap=true",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
@@ -556,6 +560,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--detect.project.codelocation.unmap=true",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
@@ -595,6 +600,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--detect.project.codelocation.unmap=true",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
@@ -634,6 +640,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--detect.project.codelocation.unmap=true",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
@@ -674,6 +681,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--scan=1",
 				"--detect.project.codelocation.unmap=true",
 				"--blackduck.url=https://server.url",
@@ -705,6 +713,7 @@ func TestAddDetectArgs(t *testing.T) {
 			},
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
 				"\"--detect.project.name=testName\"",
@@ -730,6 +739,7 @@ func TestAddDetectArgs(t *testing.T) {
 			isPullRequest: true,
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
 				"\"--detect.project.name=Rapid_scan_on_PRs\"",
@@ -768,7 +778,7 @@ func TestAddDetectArgs(t *testing.T) {
 				"--testProp1=1",
 				"--detect.detector.search.depth=5",
 				"--detect.detector.search.continue=false",
-				"--detect.excluded.directories=dir1,dir2",
+				"--detect.excluded.directories=dir1,dir2,.pipeline/*",
 				"--blackduck.url=https://server.url",
 				"--blackduck.api.token=apiToken",
 				"\"--detect.project.name=Rapid_scan_on_PRs\"",
@@ -803,6 +813,7 @@ func TestAddDetectArgs(t *testing.T) {
 			isPullRequest: true,
 			expected: []string{
 				"--testProp1=1",
+				"--detect.excluded.directories=.pipeline/*",
 				"--detect.maven.build.command=",
 				"--settings",
 				".pipeline/settings.xml",