aosapps · bmfp · Feb 8, 2021
diff --git a/main.go b/main.go
@@ -2,8 +2,9 @@ package main
 
 import (
 	"fmt"
-	"github.com/codegangsta/cli"
 	"os"
+
+	"github.com/codegangsta/cli"
 )
 
 var build = "1" // build number set at compile time
@@ -15,112 +16,123 @@ func main() {
 	app.Action = run
 	app.Version = fmt.Sprintf("1.0.%s", build)
 	app.Flags = []cli.Flag{
-
-		cli.StringFlag{
-			Name:   "key",
-			Usage:  "project key",
-			EnvVar: "DRONE_REPO",
-		},
-		cli.StringFlag{
-			Name:   "name",
-			Usage:  "project name",
-			EnvVar: "DRONE_REPO",
-		},
-		cli.StringFlag{
-			Name:   "host",
-			Usage:  "SonarQube host",
-			EnvVar: "PLUGIN_SONAR_HOST",
-		},
-		cli.StringFlag{
-			Name:   "token",
-			Usage:  "SonarQube token",
-			EnvVar: "PLUGIN_SONAR_TOKEN",
+		&cli.StringFlag{
+			Name:    "key",
+			Usage:   "project key",
+			EnvVars: []string{"DRONE_REPO"},
+		},
+		&cli.StringFlag{
+			Name:    "name",
+			Usage:   "project name",
+			EnvVars: []string{"DRONE_REPO"},
+		},
+		&cli.StringFlag{
+			Name:    "host",
+			Usage:   "SonarQube host",
+			EnvVars: []string{"PLUGIN_SONAR_HOST"},
+		},
+		&cli.StringFlag{
+			Name:    "token",
+			Usage:   "SonarQube token",
+			EnvVars: []string{"PLUGIN_SONAR_TOKEN"},
 		},
 
 		// advanced parameters
-		cli.StringFlag{
-			Name:   "ver",
-			Usage:  "Project version",
-			EnvVar: "DRONE_BUILD_NUMBER",
-		},
-		cli.StringFlag{
-			Name:   "branch",
-			Usage:  "Project branch",
-			EnvVar: "DRONE_BRANCH",
-		},
-		cli.StringFlag{
-			Name:   "timeout",
-			Usage:  "Web request timeout",
-			Value:  "60",
-			EnvVar: "PLUGIN_TIMEOUT",
-		},
-		cli.StringFlag{
-			Name:   "sources",
-			Usage:  "analysis sources",
-			Value:  ".",
-			EnvVar: "PLUGIN_SOURCES",
-		},
-		cli.StringFlag{
-			Name:   "inclusions",
-			Usage:  "code inclusions",
-			EnvVar: "PLUGIN_INCLUSIONS",
-		},
-		cli.StringFlag{
-			Name:   "exclusions",
-			Usage:  "code exclusions",
-			EnvVar: "PLUGIN_EXCLUSIONS",
-		},
-		cli.StringFlag{
-			Name:   "level",
-			Usage:  "log level",
-			Value:  "INFO",
-			EnvVar: "PLUGIN_LEVEL",
-		},
-		cli.StringFlag{
-			Name:   "showProfiling",
-			Usage:  "showProfiling during analysis",
-			Value:  "false",
-			EnvVar: "PLUGIN_SHOWPROFILING",
-		},
-		cli.BoolFlag{
-			Name:   "branchAnalysis",
-			Usage:  "execute branchAnalysis",
-			EnvVar: "PLUGIN_BRANCHANALYSIS",
-		},
-		cli.BoolFlag{
-			Name:   "usingProperties",
-			Usage:  "using sonar-project.properties",
-			EnvVar: "PLUGIN_USINGPROPERTIES",
+		&cli.StringFlag{
+			Name:    "ver",
+			Usage:   "Project version",
+			EnvVars: []string{"DRONE_BUILD_NUMBER"},
+		},
+		&cli.StringFlag{
+			Name:    "branch",
+			Usage:   "Project branch",
+			EnvVars: []string{"DRONE_BRANCH"},
+		},
+		&cli.StringFlag{
+			Name:    "timeout",
+			Usage:   "Web request timeout",
+			Value:   "60",
+			EnvVars: []string{"PLUGIN_TIMEOUT"},
+		},
+		&cli.StringFlag{
+			Name:    "sources",
+			Usage:   "analysis sources",
+			Value:   ".",
+			EnvVars: []string{"PLUGIN_SOURCES"},
+		},
+		&cli.StringFlag{
+			Name:    "inclusions",
+			Usage:   "code inclusions",
+			EnvVars: []string{"PLUGIN_INCLUSIONS"},
+		},
+		&cli.StringFlag{
+			Name:    "exclusions",
+			Usage:   "code exclusions",
+			EnvVars: []string{"PLUGIN_EXCLUSIONS"},
+		},
+		&cli.StringFlag{
+			Name:    "level",
+			Usage:   "log level",
+			Value:   "INFO",
+			EnvVars: []string{"PLUGIN_LEVEL"},
+		},
+		&cli.StringFlag{
+			Name:    "showProfiling",
+			Usage:   "showProfiling during analysis",
+			Value:   "false",
+			EnvVars: []string{"PLUGIN_SHOWPROFILING"},
+		},
+		&cli.BoolFlag{
+			Name:    "branchAnalysis",
+			Usage:   "execute branchAnalysis",
+			EnvVars: []string{"PLUGIN_BRANCHANALYSIS"},
+		},
+		&cli.BoolFlag{
+			Name:    "usingProperties",
+			Usage:   "using sonar-project.properties",
+			EnvVars: []string{"PLUGIN_USINGPROPERTIES"},
+		},
+		&cli.BoolFlag{
+			Name:    "trustServerCert",
+			Usage:   "trust sonar server certificate",
+			EnvVars: []string{"PLUGIN_TRUSTSERVERCERT"},
 		},
 	}
 
 	app.Run(os.Args)
 }
 
-func run(c *cli.Context) {
+func run(c *cli.Context) error {
 	plugin := Plugin{
 		Config: Config{
 			Key:   c.String("key"),
 			Name:  c.String("name"),
 			Host:  c.String("host"),
 			Token: c.String("token"),
 
-			Version:        c.String("ver"),
-			Branch:         c.String("branch"),
-			Timeout:        c.String("timeout"),
-			Sources:        c.String("sources"),
-			Inclusions:     c.String("inclusions"),
-			Exclusions:     c.String("exclusions"),
-			Level:          c.String("level"),
-			ShowProfiling:  c.String("showProfiling"),
-			BranchAnalysis: c.Bool("branchAnalysis"),
+			Version:         c.String("ver"),
+			Branch:          c.String("branch"),
+			Timeout:         c.String("timeout"),
+			Sources:         c.String("sources"),
+			Inclusions:      c.String("inclusions"),
+			Exclusions:      c.String("exclusions"),
+			Level:           c.String("level"),
+			ShowProfiling:   c.String("showProfiling"),
+			BranchAnalysis:  c.Bool("branchAnalysis"),
 			UsingProperties: c.Bool("usingProperties"),
-
+			TrustServerCert: c.Bool("trustServerCert"),
 		},
 	}
 
+	if plugin.Config.TrustServerCert {
+		if err := plugin.TrustServerCert(); err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+	}
 	if err := plugin.Exec(); err != nil {
 		fmt.Println(err)
 		os.Exit(1)
 	}
+	return nil
 }
diff --git a/plugin.go b/plugin.go
@@ -1,35 +1,129 @@
 package main
 
 import (
+	"bytes"
+	"crypto/tls"
+	"encoding/pem"
 	"fmt"
+	"io/ioutil"
 	"os"
 	"os/exec"
+	"regexp"
 	"strings"
 )
 
 type (
+	// Config struct
 	Config struct {
 		Key   string
 		Name  string
 		Host  string
 		Token string
 
-		Version        string
-		Branch         string
-		Sources        string
-		Timeout        string
-		Inclusions     string
-		Exclusions     string
-		Level          string
-		ShowProfiling  string
-		BranchAnalysis bool
+		Version         string
+		Branch          string
+		Sources         string
+		Timeout         string
+		Inclusions      string
+		Exclusions      string
+		Level           string
+		ShowProfiling   string
+		BranchAnalysis  bool
 		UsingProperties bool
+		TrustServerCert bool
 	}
+	// Plugin struct
 	Plugin struct {
 		Config Config
 	}
 )
 
+// TrustServerCert : inject remote sonar server certificate in $JAVA_HOME/lib/security/cacerts
+func (p Plugin) TrustServerCert() error {
+	var f *os.File
+	URIRegex := regexp.MustCompile(`^((?:ht|f)tp(?:s?)\:\/\/|~/|/)?([\w]+:\w+@)?([a-zA-Z]{1}([\w\-]+\.)+([\w]{2,5}))(:[\d]{1,5})?((/?\w+/)+|/?)(\w+\.[\w]{3,4})?((\?\w+=\w+)?(&\w+=\w+)*)?`)
+	javaHome := os.Getenv("JAVA_HOME")
+	tlsConf := &tls.Config{
+		InsecureSkipVerify: true,
+	}
+
+	// get sonar host from provided URI
+	host := URIRegex.FindStringSubmatch(p.Config.Host)[3]
+
+	// connect to host and retrieve certificate chain
+	fmt.Printf("\n/!\\ Trying to trust certificate for: %s\n\n", host)
+	conn, err := tls.Dial("tcp", fmt.Sprintf("%s:%d", host, 443), tlsConf)
+	if err != nil {
+		fmt.Printf("Error connecting to %s: %v\n", host, err)
+		return err
+	}
+	defer conn.Close()
+	certs := conn.ConnectionState().PeerCertificates
+
+	// iter over chain to inject sonar cert into cacerts
+	for _, cert := range certs {
+		var namesToCheck []string
+		hostFound := false
+		namesToCheck = append(namesToCheck, cert.Subject.CommonName)
+		for _, dnsname := range cert.DNSNames {
+			namesToCheck = append(namesToCheck, dnsname)
+		}
+		for _, ipAddr := range cert.IPAddresses {
+			namesToCheck = append(namesToCheck, fmt.Sprintf("%v", ipAddr))
+		}
+		for _, name := range namesToCheck {
+			if name == host {
+				hostFound = true
+			}
+		}
+		if hostFound == false {
+			continue
+		}
+
+		buf := bytes.NewBuffer([]byte{})
+		err := pem.Encode(buf, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
+		if err != nil {
+			fmt.Printf("Error parsing certificate: %v", err)
+			return err
+		}
+
+		f, err = ioutil.TempFile("", "cert")
+		if err != nil {
+			fmt.Printf("Error opening temp file: %v", err)
+			return err
+		}
+
+		defer os.Remove(f.Name())
+		_, err = f.WriteString(fmt.Sprintf("%v", buf))
+		if err != nil {
+			fmt.Printf("Error writing temp file: %v", err)
+			return err
+		}
+	}
+
+	args := []string{
+		"-importcert",
+		"-alias",
+		host,
+		"-file",
+		f.Name(),
+		"-noprompt",
+		"-keystore",
+		fmt.Sprintf("%s/lib/security/cacerts", javaHome),
+		"-storepass",
+		"changeit",
+	}
+	cmd := exec.Command("keytool", args...)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err = cmd.Run()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Exec : launch sonar analysis
 func (p Plugin) Exec() error {
 	args := []string{
 		"-Dsonar.host.url=" + p.Config.Host,
@@ -52,9 +146,8 @@ func (p Plugin) Exec() error {
 		args = append(args, argsParameter...)
 	}
 
-
 	if p.Config.BranchAnalysis {
-		args = append(args, "-Dsonar.branch.name=" + p.Config.Branch)
+		args = append(args, "-Dsonar.branch.name="+p.Config.Branch)
 	}
 
 	cmd := exec.Command("sonar-scanner", args...)

diff --git a/vendor/github.com/codegangsta/cli/LICENSE b/vendor/github.com/codegangsta/cli/LICENSE