-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathCodeArtifactClientImpl.java
170 lines (158 loc) · 6.18 KB
/
CodeArtifactClientImpl.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
package com.contrastsecurity.sdk.scan;
/*-
* #%L
* Contrast Java SDK
* %%
* Copyright (C) 2021 Contrast Security, Inc.
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import com.contrastsecurity.exceptions.HttpResponseException;
import com.contrastsecurity.exceptions.ServerResponseException;
import com.contrastsecurity.sdk.ContrastSDK;
import com.contrastsecurity.sdk.internal.URIBuilder;
import com.google.gson.Gson;
import com.google.gson.JsonParseException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.io.Reader;
import java.net.HttpURLConnection;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Objects;
import java.util.concurrent.ThreadLocalRandom;
/** Implementation of {@link CodeArtifactClient}. */
final class CodeArtifactClientImpl implements CodeArtifactClient {
private final ContrastSDK contrast;
private final Gson gson;
private final String organizationId;
CodeArtifactClientImpl(final ContrastSDK contrast, final Gson gson, final String organizationId) {
this.contrast = Objects.requireNonNull(contrast);
this.gson = Objects.requireNonNull(gson);
this.organizationId = Objects.requireNonNull(organizationId);
}
@Override
public CodeArtifactInner upload(final String projectId, final Path file) throws IOException {
return sendRequest(projectId, file, null);
}
@Override
public CodeArtifactInner upload(final String projectId, final Path file, final Path metadata)
throws IOException {
return sendRequest(projectId, file, Objects.requireNonNull(metadata));
}
private CodeArtifactInner sendRequest(
final String projectId, final Path file, final Path metadata) throws IOException {
final String uri =
contrast.getRestApiURL()
+ new URIBuilder()
.appendPathSegments(
"sast",
"organizations",
organizationId,
"projects",
projectId,
"code-artifacts")
.toURIString();
final String boundary = "ContrastFormBoundary" + ThreadLocalRandom.current().nextLong();
final String boundaryMarker = CRLF + "--" + boundary;
final String filenameSection =
boundaryMarker
+ CRLF
+ "Content-Disposition: form-data; name=\"filename\"; filename=\""
+ file.getFileName().toString()
+ '"'
+ CRLF
+ "Content-Type: "
+ determineMime(file)
+ CRLF
+ "Content-Transfer-Encoding: binary"
+ CRLF
+ CRLF;
final String metadataSection =
metadata != null
? boundaryMarker
+ CRLF
+ "Content-Disposition: form-data; name=\"metadata\"; filename=\""
+ metadata.getFileName().toString()
+ '"'
+ CRLF
+ "Content-Type: "
+ determineMime(metadata)
+ CRLF
+ "Content-Transfer-Encoding: binary"
+ CRLF
+ CRLF
: "";
final String footer = boundaryMarker + "--" + CRLF;
long contentLength = filenameSection.length() + Files.size(file);
if (metadata != null) {
contentLength += metadataSection.length() + Files.size(metadata);
}
contentLength += footer.length();
final HttpURLConnection connection = contrast.makeConnection(uri, "POST");
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestProperty("Content-Type", "multipart/form-data; boundary=" + boundary);
connection.setFixedLengthStreamingMode(contentLength);
try (OutputStream os = connection.getOutputStream();
PrintWriter writer =
new PrintWriter(new OutputStreamWriter(os, StandardCharsets.US_ASCII), true)) {
writer.append(filenameSection).flush();
Files.copy(file, os);
os.flush();
if (metadata != null) {
writer.append(metadataSection).flush();
Files.copy(metadata, os);
os.flush();
}
writer.append(footer).flush();
}
final int code = connection.getResponseCode();
if (code != 200 && code != 201) {
throw HttpResponseException.fromConnection(
connection, "Failed to upload code artifact to Contrast Scan");
}
try (Reader reader = new InputStreamReader(connection.getInputStream())) {
return gson.fromJson(reader, AutoValue_CodeArtifactInner.class);
} catch (JsonParseException e) {
throw new ServerResponseException("Failed to parse Contrast API response", e);
}
}
/**
* Guesses the mime type from the file extension. Returns the arbitrary "application/octet-stream"
* if no mime type can be inferred from the file extension.
*
* <p>Visible for testing
*/
static String determineMime(final Path file) throws IOException {
// trust the content type Java can determine
final String contentType = Files.probeContentType(file);
if (contentType != null) {
return contentType;
}
// special checks for Java archive types, because not all of these types are identified by
// Files.probeContentType(file) and we want to make sure we handle Java extensions correctly
// since users of this code will most likely be uploading Java artifacts
final String name = file.getFileName().toString();
if (name.endsWith(".jar") || name.endsWith(".war") || name.endsWith(".ear")) {
return "application/java-archive";
}
return "application/octet-stream";
}
private static final String CRLF = "\r\n";
}