EN-566: Prevent webhook post when API token is absent (fix)

quantum-sec · Jul 9, 2021 · b0912bb · b0912bb
1 parent 0bd7599
commit b0912bb
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 5 deletions.
diff --git a/src/lib/analysis-collector-base.spec.ts b/src/lib/analysis-collector-base.spec.ts
@@ -55,11 +55,18 @@ describe('AnalysisCollectorBase', () => {
       expect(collector.printResults).toHaveBeenCalledWith(['TEST_RESULT' as any]);
     });
 
-    it('should call postResults() with the generated results', async () => {
+    it('should call postResults() with the generated results when an API token is present', async () => {
+      collector.apiToken = 'TEST_API_TOKEN';
       await collector.exec({ cwd: '/test/' });
       expect(collector.postResults).toHaveBeenCalledTimes(1);
       expect(collector.postResults).toHaveBeenCalledWith(['TEST_RESULT' as any], jasmine.any(Object));
     });
+
+    it('should not call postResults() when an API token is not present', async () => {
+      collector.apiToken = null;
+      await collector.exec({ cwd: '/test/' });
+      expect(collector.postResults).not.toHaveBeenCalled();
+    });
   });
 
   describe('detectApiToken()', () => {

diff --git a/src/lib/analysis-collector-base.ts b/src/lib/analysis-collector-base.ts
@@ -10,8 +10,6 @@ export abstract class AnalysisCollectorBase {
 
   public apiToken: string;
 
-  public apiSecret: string;
-
   public toolVersion: string;
 
   public traceId: string;
@@ -43,12 +41,13 @@ export abstract class AnalysisCollectorBase {
 
     this.printResults(results);
 
-    await this.postResults(results, finalOptions);
+    if (this.apiToken) {
+      await this.postResults(results, finalOptions);
+    }
   }
 
   public detectApiToken(): void {
     this.apiToken = process.env.QS_API_TOKEN;
-    this.apiSecret = process.env.QS_API_SECRET;
 
     if (!this.apiToken) {
       this.logger.info('No Quantum API token detected on the environment.', true);
@@ -108,6 +107,7 @@ export abstract class AnalysisCollectorBase {
   }
 
   public async postResults(results: IResult[], options: any): Promise<void> {
+    this.logger.info('Submitting results to the Quantum Security platform...');
     const payload = JSON.stringify({
       traceId: this.traceId,
       timestamp: this.timestamp,
@@ -132,6 +132,8 @@ export abstract class AnalysisCollectorBase {
         'content-type': 'application/json',
       },
     });
+
+    this.logger.success('Results successfully submitted to the Quantum Security platform.');
   }
 
   public async getRepositoryUrl(options: any): Promise<string> {