Plugin can not find FORTIFY_HOME & PATH due to java.io.File.isFile not returning true when expected

[udb7l]

Jenkins and plugins versions report

Environment

Jenkins: 2.361.1
OS: Linux - 4.18.0-305.62.1.el8_4.x86_64
---
ace-editor:1.1
active-directory:2.26
antisamy-markup-formatter:2.7
apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61
authentication-tokens:1.4
bootstrap5-api:5.2.1-3
bouncycastle-api:2.26
branch-api:2.1046.v0ca_37783ecc5
build-user-vars-plugin:1.9
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:1.7.5
cloudbees-disk-usage-simple:178.v1a_4d2f6359a_8
cloudbees-folder:6.758.vfd75d09eea_a_1
command-launcher:90.v669d7ccb_7c31
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.9-19.v8df45c678366
configuration-as-code:1512.vb_79d418d5fc8
credentials:1189.vf61b_a_5e2f62e
credentials-binding:523.vd859a_4b_122e6
cucumber-reports:5.7.3
display-url-api:2.3.6
docker-commons:1.21
docker-workflow:521.v1a_a_dd2073b_2e
durable-task:500.v8927d9fd99d8
echarts-api:5.4.0-1
extended-read-permission:3.2
font-awesome-api:6.2.0-3
fortify:22.1.38
git:4.12.1
git-client:3.12.1
git-server:99.va_0826a_b_cdfa_d
google-oauth-plugin:1.0.7
gradle:1.40
handlebars:3.0.8
htmlpublisher:1.31
http_request:1.16
instance-identity:116.vf8f487400980
ionicons-api:28.va_f3a_84439e5f
jackson2-api:2.13.3-285.vc03c0256d517
jakarta-activation-api:2.0.1-2
jakarta-mail-api:2.0.1-2
javax-activation-api:1.2.0-5
javax-mail-api:1.6.2-8
jaxb:2.3.6-2
jdk-tool:55.v1b_32b_6ca_f9ca
jquery-detached:1.2.1
jquery3-api:3.6.1-2
jsch:0.1.55.61.va_e9ee26616e7
junit:1150.v5c2848328b_60
kubernetes:3718.ve44878b_12184
kubernetes-client-api:5.12.2-193.v26a_6078f65a_9
kubernetes-credentials:0.9.0
kubernetes-credentials-provider:1.199.v4a_1d1f5d074f
lockable-resources:2.18
mailer:438.v02c7f0a_12fa_4
matrix-auth:3.1.5
matrix-project:785.v06b_7f47b_c631
metrics:4.2.10-389.v93143621b_050
mina-sshd-api-common:2.9.1-44.v476733c11f82
mina-sshd-api-core:2.9.1-44.v476733c11f82
momentjs:1.1.1
oauth-credentials:0.5
openshift-client:1.0.37
parameterized-trigger:2.45
pipeline-build-step:2.18
pipeline-graph-analysis:195.v5812d95a_a_2f9
pipeline-groovy-lib:612.v84da_9c54906d
pipeline-input-step:451.vf1a_a_4f405289
pipeline-milestone-step:101.vd572fef9d926
pipeline-model-api:2.2114.v2654ca_721309
pipeline-model-definition:2.2114.v2654ca_721309
pipeline-model-extensions:2.2114.v2654ca_721309
pipeline-rest-api:2.24
pipeline-stage-step:296.v5f6908f017a_5
pipeline-stage-tags-metadata:2.2114.v2654ca_721309
pipeline-stage-view:2.24
pipeline-utility-steps:2.13.0
plain-credentials:139.ved2b_9cf7587b
plugin-util-api:2.18.0
popper2-api:2.11.6-2
prometheus:2.0.11
promoted-builds:892.vd6219fc0a_efb
rebuild:1.34
role-strategy:562.v44e9a_e828d0e
scm-api:621.vda_a_b_055e58f7
script-security:1183.v774b_0b_0a_a_451
snakeyaml-api:1.32-86.ve3f030a_75631
ssh-credentials:305.v8f4381501156
sshd:3.249.v2dc2ea_416e33
structs:324.va_f5d6774f3a_d
token-macro:308.v4f2b_ed62b_b_16
trilead-api:2.72.v2a_3236754f73
variant:59.vf075fe829ccb
windows-slaves:1.8.1
workflow-aggregator:590.v6a_d052e5a_a_b_5
workflow-api:1192.v2d0deb_19d212
workflow-basic-steps:994.vd57e3ca_46d24
workflow-cps:2802.v5ea_628154b_c2
workflow-cps-global-lib:588.v576c103a_ff86
workflow-durable-task-step:1199.v02b_9244f8064
workflow-job:1239.v71b_b_a_124a_725
workflow-multibranch:716.vc692a_e52371b_
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:838.va_3a_087b_4055b

What Operating System are you using (both controller, and any agents involved in the problem)?

Red Hat's ubi8 image

Reproduction steps

FORTIFY_HOME is set to /opt/Fortify/bin
withEnv(['PATH+FORTIFY=/opt/Fortify/bin']) {
fortifyClean buildID: fortify_project
}

Expected Results

step is executed

Actual Results

Running FortifyClean step
Fortify Jenkins plugin v 22.1.38
Launching Fortify SCA clean command
......
java.io.FileNotFoundException: ERROR: executable not found: sourceanalyzer; make sure that either FORTIFY_HOME environment variable is set or sourceanalyzer is on the PATH or in workspace
	at com.fortify.plugin.jenkins.steps.FortifyStep.findExecutablePath(FortifyStep.java:104)
	at com.fortify.plugin.jenkins.steps.FortifyStep.getExecutable(FortifyStep.java:93)
	at com.fortify.plugin.jenkins.steps.FortifySCAStep.getSourceAnalyzerExecutable(FortifySCAStep.java:94)
	at com.fortify.plugin.jenkins.steps.FortifyClean.perform(FortifyClean.java:67)
	at com.fortify.plugin.jenkins.steps.FortifyClean$Execution.run(FortifyClean.java:149)
	at com.fortify.plugin.jenkins.steps.FortifyClean$Execution.run(FortifyClean.java:134)
	at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)

Anything else?

This is similar to issue #49. I can only get this to work if I copy the files to the workspace. It does not respect the FORTIFY_HOME or PATH settings.

The access to the bin directory is:

drwxrwxrwx.  2 1001 1001    4096 Oct 14 07:48 bin

The access to the files in the bin directory:

-rwxrwxrwx. 1 1001 1001  237985 May 13 23:50 sourceanalyzer
-rwxrwxrwx. 1 1001 1001    2304 May 13 23:50 SCAState
-rwxrwxrwx. 1 1001 1001       0 May 13 23:50 update.ini
-rwxrwxrwx. 1 1001 1001    1492 May 13 23:50 scapostinstall
-rwxrwxrwx. 1 1001 1001    1834 May 13 23:50 iidmigrator
-rwxrwxrwx. 1 1001 1001    1774 May 13 23:50 fortifyupdate
-rwxrwxrwx. 1 1001 1001    1758 May 13 23:50 fortifyclient
-rwxrwxrwx. 1 1001 1001 7589347 May 13 23:50 autoupdate-linux.run
-rwxrwxrwx. 1 1001 1001 9135950 May 13 23:50 autoupdate-linux-x64.run
-rwxrwxrwx. 1 1001 1001    1459 May 13 23:50 auditworkbench
-rwxrwxrwx. 1 1001 1001    1812 May 13 23:50 ScanWizard
-rwxrwxrwx. 1 1001 1001    2159 May 13 23:50 ReportGenerator
-rwxrwxrwx. 1 1001 1001    2209 May 13 23:50 FPRUtility
-rwxrwxrwx. 1 1001 1001    1466 May 13 23:50 CustomRulesEditor
-rwxrwxrwx. 1 1001 1001    2427 May 13 23:50 BIRTReportGenerator
-rwxrwxrwx. 1 1001 1001    2369 May 13 23:58 scancentral
-rwxrwxrwx. 1 1001 1001    2629 May 13 23:58 pwtool
-rwxrwxrwx. 1 1001 1001    2212 May 13 23:58 packagescanner

By calling java.io.File.isFile in a pipeline script to /opt/Fortify/bin/sourceanalyzer it returns false. Which seems to be related to unix environment

I know sourceanalyzer is accessible as I can call it directly with sh '/opt/Fortify/bin/sourceanalyzer' and it executes.

I have narrowed it down to File.isFile() in FindExecutableRemoteService.invoke and PathUtils.locateFileInPath not returning the expected result of true. I have seen forums regarding an issue in the jdk, it would appear that there is a workaround of changing it to !file.isDirectory() which will resolve the issue. I tested calling !File.isDirectory in pipeline script in my environment.

[jtkiesel]

I am having the same issue. Copying the scripts to the workspace was the only way to get the plugin to find them. My current workaround for this issue is executing these shell commands prior to executing the plugin step:

cp --recursive ${FORTIFY_HOME}/bin/* .
ln -s ${FORTIFY_HOME}/Core ../Core

This is obviously quite ugly, but it works.

[akaryakina]

Well, the .isFile() is not equivalent to !.isDirectory(). Basically, if !.exists(), then the .isFile() fails, but !.isDirectory() passes. I think there must be something wrong with checking for existing or, actually, for read permissions on the file.

[akaryakina]

Seems to work for me now. Steps to reproduce:

1. I made sure that there was no SCA available in system's PATH, i.e. I ran sourceanalyzer -version and it failed with unknown command. I also made sure that there was an SCA installed on the machine (but at a different location).
2. I created the following pipeline:

pipeline {
    agent { label 'ubuntu' }
    stages {
        stage('try_finding_sca') {
            steps {
                sh 'printenv'
                fortifyClean addJVMOptions: '', buildID: 'testpipe1', logFile: '', maxHeap: ''
            }
        }
    }
}

3. I ran the build making sure that it was failing
4. I made sure SCA was available at /fortify/Fortify/Fortify_SCA_and_Apps_22.1.0/bin and modified the pipeline to be

pipeline {
    agent { label 'ubuntu' }
    stages {
        stage('try_finding_sca') {
            steps {
                withEnv(['PATH+FORTIFY=/fortify/Fortify/Fortify_SCA_and_Apps_22.1.0/bin']) {
                    sh 'printenv'
                    fortifyClean addJVMOptions: '', buildID: 'testpipe1', logFile: '', maxHeap: ''
                }
            }
        }
    }
}

5. I ran the build and made sure that it succeeded