Merge pull request #5 from quantum-sec/fix/EN-744

EN-744: Add error handling fix to all tools (fix)
quantum-sec · Dec 16, 2021 · b1bd00e · b1bd00e
2 parents 14d423f + 18ea8e8
commit b1bd00e
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 3 deletions.
diff --git a/src/lib/checkov/checkov-collector.spec.ts b/src/lib/checkov/checkov-collector.spec.ts
@@ -46,6 +46,14 @@ describe('CheckovCollector', () => {
       expect(collector.parseResults).toHaveBeenCalledTimes(1);
       expect(collector.parseResults).toHaveBeenCalledWith('TEST_OUTPUT');
     });
+    it('should error when arguments fail', async () => {
+      (collector.spawn as any).and.returnValue(new Promise((resolve, reject) => {
+        reject('TEST_OUTPUT');
+      }));
+
+      await expectAsync(collector.getResults({}))
+        .toBeRejectedWith(new Error('Error executing Checkov: TEST_OUTPUT'));
+    });
   });
 
   describe('parseResults()', () => {

diff --git a/src/lib/checkov/checkov-collector.ts b/src/lib/checkov/checkov-collector.ts
@@ -17,7 +17,13 @@ export class CheckovCollector extends AnalysisCollectorBase {
   public override async getResults(options: any): Promise<IResult[]> {
     // Once we develop custom checks, they should be specified using the --external-checks-git argument.
     const args = ['--directory', '.', '--output', 'json', '--no-guide', '--soft-fail'];
-    const output = await this.spawn('checkov', args, options);
+    let output;
+    try {
+      output = await this.spawn('checkov', args, options);
+    }
+    catch (e: unknown) {
+      throw new Error(`Error executing Checkov: ${e as string}`);
+    }
 
     this.logger.debug(JSON.stringify(output, null, 2));
 

diff --git a/src/lib/sonarqube/sonarqube-collector.spec.ts b/src/lib/sonarqube/sonarqube-collector.spec.ts
@@ -73,6 +73,24 @@ describe('SonarqubeCollector', () => {
 
       expect(collector.parseResults).toHaveBeenCalledTimes(1);
       expect(collector.parseResults).toHaveBeenCalledWith('"TEST_OUTPUT"');
+
+    });
+
+    it('should error when arguments fail', async () => {
+      collector._argv = {
+        'proj-dir': 'TEST_PROJECT_DIR',
+      } as any;
+      process.env.SQ_KEY = 'TEST_PROJECT_KEY';
+      process.env.SQ_LOGIN = 'TEST_SQ_LOGIN';
+      process.env.SQ_USERNAME = 'TEST_SQ_USERNAME';
+      process.env.SQ_PASSWORD = 'TEST_SQ_PASSWORD';
+
+      (collector.spawn as any).and.returnValue(new Promise((resolve, reject) => {
+        reject('TEST_OUTPUT');
+      }));
+
+      await expectAsync(collector.getResults({}))
+        .toBeRejectedWith(new Error('Error executing Sonarqube: TEST_OUTPUT'));
     });
 
     it('should error when authentication token is not specified', async () => {

diff --git a/src/lib/sonarqube/sonarqube-collector.ts b/src/lib/sonarqube/sonarqube-collector.ts
@@ -47,7 +47,12 @@ export class SonarqubeCollector extends AnalysisCollectorBase {
       `-Dsonar.projectKey=${dsonarProjectKey}`,
       `-Dsonar.projectBaseDir=${dsonarProjectBaseDir}`,
     ];
-    await this.spawn('sonar-scanner', args, options);
+    try {
+      await this.spawn('sonar-scanner', args, options);
+    }
+    catch (e: unknown) {
+      throw new Error(`Error executing Sonarqube: ${e as string}`);
+    }
 
     const response = await this.http.get(`http://${process.env.SQ_HOST}/api/issues/search?componentKeys=${dsonarProjectKey}`, {
       withCredentials: true,

diff --git a/src/lib/zap/zap-collector.spec.ts b/src/lib/zap/zap-collector.spec.ts
@@ -60,6 +60,17 @@ describe('ZapCollector', () => {
       await expectAsync(collector.getResults({}))
         .toBeRejectedWith(new Error('You must specify an --target-name argument.'));
     });
+    it('should error when target name cannot be found', async () => {
+      collector._argv = {
+        'target-name': 'TEST_TARGET',
+      } as any;
+      (collector.spawn as any).and.returnValue(new Promise((resolve, reject) => {
+        reject('TEST_OUTPUT');
+      }));
+
+      await expectAsync(collector.getResults({}))
+        .toBeRejectedWith(new Error('Error executing Zap: TEST_OUTPUT'));
+    });
 
   });
 

diff --git a/src/lib/zap/zap-collector.ts b/src/lib/zap/zap-collector.ts
@@ -23,7 +23,13 @@ export class ZapCollector extends AnalysisCollectorBase {
     }
 
     const args = ['-t', targetName, '-J zapreport.json', '-s'];
-    const output = await this.spawn('zap-full-scan.py', args, options);
+    let output;
+    try {
+      output = await this.spawn('zap-full-scan.py', args, options);
+    }
+    catch (e: unknown) {
+      throw new Error(`Error executing Zap: ${e as string}`);
+    }
 
 
     const jsonFileContents: string = this.fs.readFileSync('zapreport.json', 'utf8');