Support for downloading scan resources from an external repository (#433

)

* Added the possibility to download scan resources from an external repository in Artifactory, instead of JFrog's repository.

.github/workflows/integration-tests.yml

@@ -46,4 +46,5 @@ jobs:
         env:
           JFROG_IDE_PLATFORM_URL: ${{ secrets.PLATFORM_URL }}
           JFROG_IDE_ACCESS_TOKEN: ${{ secrets.PLATFORM_ADMIN_TOKEN }}
+          JFROG_IDE_TEST_EXTERNAL_RESOURCES_REPO: "releases-remote"
         run: ./gradlew${{ matrix.gradlew_suffix }} clean integrationTests

CONTRIBUTING.md

@@ -13,8 +13,9 @@ To build the plugin sources, please follow these steps:
     ./gradlew clean build
     ```
 
-After the build finishes, you'll find the zip file in the *build/distributions* directory, located under the *jfrog-idea-plugin* directory.
-The zip file can be loaded into IntelliJ
+After the build finishes, you'll find the zip file in the *build/distributions* directory, located under the
+*jfrog-idea-plugin* directory.
+The zip file can be loaded into IntelliJ.
 
 ## Additional Tests Suits
 
@@ -25,10 +26,14 @@ The zip file can be loaded into IntelliJ
     ```
 
 2. In order to run the integration tests:
-   - Make sure you have JFrog platform Instance with JAS enabled.
-   - If you are using JFrog CLI, just make sure the current configured server is the one you want to use.
-    Alternatively, Set the JFROG_IDE_PLATFORM_URL, JFROG_IDE_ACCESS_TOKEN environment variables with your JFrog platform URL, and access token.
-    Run the following command:
+    - Make sure you have JFrog platform Instance with JAS enabled.
+    - If you are using JFrog CLI, just make sure the current configured server is the one you want to use.
+      Alternatively, you can set JFROG_IDE_PLATFORM_URL and JFROG_IDE_ACCESS_TOKEN environment variables with your JFrog
+      Platform URL and access token, respectively.
+    - Set the JFROG_IDE_TEST_EXTERNAL_RESOURCES_REPO environment variable to the name of a remote repository in your
+      Artifactory instance that proxies https://releases.jfrog.io/.
+
+   Run the following command:
 
      ```bash
      ./gradlew integrationTests

build.gradle

@@ -49,7 +49,7 @@ repositories {
 }
 
 def buildInfoVersion = '2.41.6'
-def idePluginsCommonVersion = '2.3.0'
+def idePluginsCommonVersion = '2.3.1'
 
 dependencies {
     implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.15.2'

src/main/java/com/jfrog/ide/idea/configuration/GlobalSettings.java

@@ -28,6 +28,7 @@
 import com.jfrog.ide.idea.events.ApplicationEvents;
 import com.jfrog.ide.idea.log.Logger;
 import lombok.Getter;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.jetbrains.annotations.NotNull;
 
@@ -66,6 +67,7 @@ public GlobalSettings getState() {
         serverConfig.setWatches(this.serverConfig.getWatches());
         serverConfig.setConnectionRetries(this.serverConfig.getConnectionRetries());
         serverConfig.setConnectionTimeout(this.serverConfig.getConnectionTimeout());
+        serverConfig.setExternalResourcesRepo(this.serverConfig.getExternalResourcesRepo());
 
         GlobalSettings settings = new GlobalSettings();
         settings.serverConfig = serverConfig;
@@ -80,11 +82,12 @@ public GlobalSettings getState() {
     @Override
     public void loadState(@NotNull GlobalSettings state) {
         XmlSerializerUtil.copyBean(state, this);
+        serverConfig.readMissingConfFromEnv();
     }
 
     @Override
     public void noStateLoaded() {
-        reloadXrayCredentials();
+        reloadMissingConfiguration();
     }
 
     /**
@@ -130,17 +133,19 @@ private void setAdvancedSettings(ServerConfigImpl serverConfig) {
         this.serverConfig.setExcludedPaths(serverConfig.getExcludedPaths());
         this.serverConfig.setConnectionRetries(serverConfig.getConnectionRetries());
         this.serverConfig.setConnectionTimeout(serverConfig.getConnectionTimeout());
+        this.serverConfig.setExternalResourcesRepo(serverConfig.getExternalResourcesRepo());
         this.serverConfig.setPolicyType(serverConfig.getPolicyType());
         this.serverConfig.setProject(serverConfig.getProject());
         this.serverConfig.setWatches(serverConfig.getWatches());
     }
 
     /**
-     * Reloads Xray credentials.
+     * Reloads missing configuration from the plugin settings, environment variables or JFrog CLI configuration.
      *
      * @return true if credentials exist and Xray is configured, false otherwise.
      */
-    public boolean reloadXrayCredentials() {
+    public boolean reloadMissingConfiguration() {
+        serverConfig.readMissingConfFromEnv();
         if (serverConfig.isXrayConfigured()) {
             return true;
         }

src/main/java/com/jfrog/ide/idea/configuration/ServerConfigImpl.java

@@ -62,14 +62,15 @@ public enum ConnectionType {
     }
 
     private static final String JFROG_SETTINGS_CREDENTIALS_KEY = "credentials";
-    static final String ARTIFACTORY_URL_ENV = "JFROG_IDE_ARTIFACTORY_URL";
     public static final String JFROG_SETTINGS_KEY = "com.jfrog.idea";
     static final String PLATFORM_URL_ENV = "JFROG_IDE_PLATFORM_URL";
+    static final String ARTIFACTORY_URL_ENV = "JFROG_IDE_ARTIFACTORY_URL";
     static final String XRAY_URL_ENV = "JFROG_IDE_XRAY_URL";
     static final String USERNAME_ENV = "JFROG_IDE_USERNAME";
     static final String PASSWORD_ENV = "JFROG_IDE_PASSWORD";
     static final String ACCESS_TOKEN_ENV = "JFROG_IDE_ACCESS_TOKEN";
     static final String PROJECT_ENV = "JFROG_IDE_PROJECT";
+    public static final String EXTERNAL_RESOURCES_REPO_ENV = "JFROG_IDE_RELEASES_REPO";
 
     @OptionTag
     private ConnectionType connectionType;
@@ -100,6 +101,8 @@ public enum ConnectionType {
     private Integer connectionRetries;
     @Tag
     private Integer connectionTimeout;
+    @Tag
+    private String externalResourcesRepo;
     // The subsystem key of the plugin configuration in the PasswordSafe
     @Transient
     private String jfrogSettingsCredentialsKey = JFROG_SETTINGS_KEY;
@@ -121,6 +124,7 @@ public enum ConnectionType {
         this.excludedPaths = builder.excludedPaths;
         this.connectionRetries = builder.connectionRetries;
         this.connectionTimeout = builder.connectionTimeout;
+        this.externalResourcesRepo = builder.externalResourcesRepo;
         this.jfrogSettingsCredentialsKey = builder.jfrogSettingsCredentialsKey;
     }
 
@@ -155,13 +159,14 @@ public boolean equals(Object o) {
                 Objects.equals(getWatches(), other.getWatches()) &&
                 Objects.equals(getExcludedPaths(), other.getExcludedPaths()) &&
                 getConnectionRetries() == other.getConnectionRetries() &&
-                getConnectionTimeout() == other.getConnectionTimeout();
+                getConnectionTimeout() == other.getConnectionTimeout() &&
+                getExternalResourcesRepo() == other.getExternalResourcesRepo();
     }
 
     @Override
     public int hashCode() {
         return Objects.hash(getConnectionType(), getUrl(), getXrayUrl(), getArtifactoryUrl(), getPassword(), getAccessToken(),
-                getUsername(), getProject(), getExcludedPaths(), getConnectionRetries(), getConnectionTimeout());
+                getUsername(), getProject(), getExcludedPaths(), getConnectionRetries(), getConnectionTimeout(), getExternalResourcesRepo());
     }
 
     @Override
@@ -257,6 +262,11 @@ public int getConnectionTimeout() {
         return defaultIfNull(this.connectionTimeout, ConnectionTimeoutSpinner.RANGE.initial);
     }
 
+    @Override
+    public String getExternalResourcesRepo() {
+        return this.externalResourcesRepo;
+    }
+
     public String getJFrogSettingsCredentialsKey() {
         return this.jfrogSettingsCredentialsKey;
     }
@@ -402,6 +412,10 @@ void setConnectionTimeout(int connectionTimeout) {
         this.connectionTimeout = connectionTimeout;
     }
 
+    void setExternalResourcesRepo(String externalResourcesRepo) {
+        this.externalResourcesRepo = externalResourcesRepo;
+    }
+
     public void setJFrogSettingsCredentialsKey(String jfrogSettingsCredentialsKey) {
         this.jfrogSettingsCredentialsKey = jfrogSettingsCredentialsKey;
     }
@@ -451,6 +465,15 @@ public void readConnectionDetailsFromEnv() {
         }
     }
 
+    /**
+     * Read missing configuration from environment variables.
+     */
+    public void readMissingConfFromEnv() {
+        if (isBlank(getExternalResourcesRepo())) {
+            setExternalResourcesRepo(EnvironmentUtil.getValue(EXTERNAL_RESOURCES_REPO_ENV));
+        }
+    }
+
     /**
      * Read the connection details from JFrog CLI's config. The configuration is read by executing JFrog CLI.
      * If no JFrog CLI server configuration was found or the config
@@ -505,6 +528,7 @@ public static class Builder {
         private String watches;
         private int connectionRetries;
         private int connectionTimeout;
+        private String externalResourcesRepo;
 
         public ServerConfigImpl build() {
             return new ServerConfigImpl(this);
@@ -577,6 +601,11 @@ public Builder setConnectionTimeout(int connectionTimeout) {
             return this;
         }
 
+        public Builder setExternalResourcesRepo(String externalResourcesRepo) {
+            this.externalResourcesRepo = externalResourcesRepo;
+            return this;
+        }
+
         public Builder setJFrogSettingsCredentialsKey(String jfrogSettingsCredentialsKey) {
             this.jfrogSettingsCredentialsKey = jfrogSettingsCredentialsKey;
             return this;

src/main/java/com/jfrog/ide/idea/scan/ApplicabilityScannerExecutor.java

@@ -25,13 +25,8 @@ public class ApplicabilityScannerExecutor extends ScanBinaryExecutor {
     private static final List<String> SCANNER_ARGS = List.of("ca");
     private static final List<PackageManagerType> SUPPORTED_PACKAGE_TYPES = List.of(PackageManagerType.PYPI, PackageManagerType.NPM, PackageManagerType.YARN, PackageManagerType.GRADLE, PackageManagerType.MAVEN);
 
-
-    public ApplicabilityScannerExecutor(Log log, ServerConfig serverConfig) {
-        this(log, serverConfig, "", true);
-    }
-
-    public ApplicabilityScannerExecutor(Log log, ServerConfig serverConfig, String binaryDownloadUrl, boolean useJFrogReleases) {
-        super(SourceCodeScanType.CONTEXTUAL, binaryDownloadUrl, log, serverConfig, useJFrogReleases);
+    public ApplicabilityScannerExecutor(Log log) {
+        super(SourceCodeScanType.CONTEXTUAL, log);
         supportedPackageTypes = SUPPORTED_PACKAGE_TYPES;
     }
 

src/main/java/com/jfrog/ide/idea/scan/IACScannerExecutor.java

@@ -22,12 +22,8 @@ public class IACScannerExecutor extends ScanBinaryExecutor {
     private static final List<String> SCANNER_ARGS = List.of("iac");
     private static final String ISSUE_TITLE = "Infrastructure as Code Vulnerability";
 
-    public IACScannerExecutor(Log log, ServerConfig serverConfig) {
-        this(log, serverConfig, null, true);
-    }
-
-    public IACScannerExecutor(Log log, ServerConfig serverConfig, String binaryDownloadUrl, boolean useJFrogReleases) {
-        super(SourceCodeScanType.IAC, binaryDownloadUrl, log, serverConfig, useJFrogReleases);
+    public IACScannerExecutor(Log log) {
+        super(SourceCodeScanType.IAC, log);
     }
 
     public List<JFrogSecurityWarning> execute(ScanConfig.Builder inputFileBuilder, Runnable checkCanceled) throws IOException, InterruptedException {

src/main/java/com/jfrog/ide/idea/scan/SastScannerExecutor.java

@@ -27,12 +27,8 @@ public class SastScannerExecutor extends ScanBinaryExecutor {
     private static final boolean RUN_WITH_NEW_CONFIG_FILE = true;
     private static final List<PackageManagerType> SUPPORTED_PACKAGE_TYPES = List.of(PackageManagerType.PYPI, PackageManagerType.NPM, PackageManagerType.YARN, PackageManagerType.GRADLE, PackageManagerType.MAVEN);
 
-    public SastScannerExecutor(Log log, ServerConfig serverConfig) {
-        this(log, serverConfig, null, true);
-    }
-
-    public SastScannerExecutor(Log log, ServerConfig serverConfig, String binaryDownloadUrl, boolean useJFrogReleases) {
-        super(SourceCodeScanType.SAST, binaryDownloadUrl, log, serverConfig, useJFrogReleases);
+    public SastScannerExecutor(Log log) {
+        super(SourceCodeScanType.SAST, log);
     }
 
     public List<JFrogSecurityWarning> execute(ScanConfig.Builder inputFileBuilder, Runnable checkCanceled) throws IOException, InterruptedException {