Report on scan size

veracode · Sep 19, 2023 · 918495e · 918495e
1 parent 985434d
commit 918495e
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 22 deletions.
diff --git a/checks/analysis_size.go b/checks/analysis_size.go
diff --git a/checks/perform_checks.go b/checks/perform_checks.go
@@ -45,7 +45,7 @@ func PerformChecks(r *report.Report) {
 	previousScan(r)
 	minifiedJavaScript(r)
 	releaseBuild(r)
-	analysisSize(r)
+	sizes(r)
 	moduleCount(r)
 	regularScans(r)
 

diff --git a/checks/sizes.go b/checks/sizes.go
@@ -0,0 +1,40 @@
+package checks
+
+import (
+	"fmt"
+	"github.com/antfie/scan_health/v2/report"
+	"github.com/antfie/scan_health/v2/utils"
+)
+
+func sizes(r *report.Report) {
+	totalModuleSize(r)
+	analysisSize(r)
+}
+
+func totalModuleSize(r *report.Report) {
+	var totalSize = 0
+
+	for _, module := range r.Modules {
+		for _, instance := range module.Instances {
+			totalSize += instance.SizeBytes
+		}
+	}
+
+	if totalSize <= utils.MaximumTotalModuleSizeBytesThreshold {
+		return
+	}
+
+	r.ReportIssue(fmt.Sprintf("The total size of all the modules was %s. This is a very large size and will likely take a long time to upload and scan.", utils.FormatBytes(uint64(totalSize))), report.IssueSeverityMedium)
+	r.MakeRecommendation("Ensure you are not uploading more files than can be analysed by Veracode SAST.")
+	r.MakeRecommendation("Follow the packaging guidance for each supported technology present within the application, as documented here: https://docs.veracode.com/r/compilation_packaging. Note there is also a useful cheat sheet which provides bespoke recommendations based off some questions about the application: https://docs.veracode.com/cheatsheet/.")
+}
+
+func analysisSize(r *report.Report) {
+	if r.Scan.AnalysisSize <= utils.MaximumAnalysisSizeBytesThreshold {
+		return
+	}
+
+	r.ReportIssue(fmt.Sprintf("The analysis size of the scan was %s. This is a very large size and will likely take a long time to upload and scan. Check that you are not selecting too many components for analysis.", utils.FormatBytes(r.Scan.AnalysisSize)), report.IssueSeverityMedium)
+	r.MakeRecommendation("Ensure the correct modules have been selected for analysis and that the packaging guidance has been followed.")
+	r.MakeRecommendation("Follow the packaging guidance for each supported technology present within the application, as documented here: https://docs.veracode.com/r/compilation_packaging. Note there is also a useful cheat sheet which provides bespoke recommendations based off some questions about the application: https://docs.veracode.com/cheatsheet/.")
+}
diff --git a/data/prescan_module_list.go b/data/prescan_module_list.go
@@ -92,13 +92,13 @@ func (api API) getPrescanModuleList(r *report.Report) {
 				Id:             module.Id,
 				Status:         html.UnescapeString(module.Status),
 				Platform:       html.UnescapeString(module.Platform),
-				Size:           module.Size,
+				Size:           html.UnescapeString(module.Size),
 				MD5:            module.MD5,
 				HasFatalErrors: module.HasFatalErrors,
 				IsDependency:   module.IsDependency,
 				Issues:         issues,
 				Source:         "prescan_module_list",
-				//SizeBytes:      calculateModuleSize(module.Size),
+				SizeBytes:      calculateModuleSize(module.Size),
 			},
 		)
 	}
@@ -125,5 +125,4 @@ func convertSize(size, measurement string, multiplier int) int {
 	}
 
 	return sizeInt * multiplier
-
 }
diff --git a/report/report_to_console.go b/report/report_to_console.go
@@ -42,6 +42,7 @@ func renderScanSummaryToConsole(report *Report) {
 	fmt.Printf("Triage flaws URL:        %s\n", report.Scan.TriageFlawsUrl)
 	fmt.Printf("Files uploaded:          %d\n", len(report.UploadedFiles))
 	fmt.Printf("Total modules:           %d\n", len(report.Modules))
+	fmt.Printf("Analysis size:           %s\n", utils.FormatBytes(report.Scan.AnalysisSize))
 	fmt.Printf("Modules selected:        %d\n", len(report.GetSelectedModules()))
 	fmt.Printf("Engine version:          %s (Release notes: https://docs.veracode.com/updates/r/c_all_static)\n", report.Scan.EngineVersion)
 	fmt.Printf("Submitted:               %s (%s ago)\n", report.Scan.SubmittedDate, utils.FormatDuration(time.Since(report.Scan.SubmittedDate)))

diff --git a/utils/constants.go b/utils/constants.go
@@ -4,5 +4,6 @@ const MaximumUploadedFileCountThreshold = 10000
 const MaximumModuleCountThreshold = 500
 const MaximumModuleSelectedCountThreshold = 100
 const MaximumFlawCountThreshold = 2500
-const MaximumAnalysisSieBytesThreshold = 1000000000 // 1GB
+const MaximumTotalModuleSizeBytesThreshold = 1000000000 // 1GB
+const MaximumAnalysisSizeBytesThreshold = 500000000     // 500MB
 const NotUsingAutomationIfScanOlderThanDays = 30
diff --git a/utils/utils.go b/utils/utils.go
@@ -3,6 +3,7 @@ package utils
 import (
 	"flag"
 	"fmt"
+	"github.com/dustin/go-humanize"
 	"os"
 	"sort"
 	"strconv"
@@ -138,3 +139,7 @@ func ErrorAndExitWithUsage(message string) {
 	flag.PrintDefaults()
 	os.Exit(1)
 }
+
+func FormatBytes(size uint64) string {
+	return strings.Replace(humanize.Bytes(size), " ", "", 1)
+}