search

Guardsquare / appsweep-gradle

This Gradle plugin can be used to continuously integrate app scanning using AppSweep into your Android app build process
http://guardsquare.com/appsweep-mobile-application-security-testing
Apache License 2.0
47 stars 3 forks source link

Additional Sample Using Kotlin DSL #9

Closed ArcherEmiya05 closed 7 months ago

ArcherEmiya05 commented 7 months ago

What is the correct way to use this plugin for Gradle build files that is using Kotlin DSL? This is working before the Kotlin migration from Groovy.

The sample in README is something like this.

appsweep {
    apiKey "API_KEY"
}

But as far I can tell, the Kotlin DSL syntax is always using = for assignment of value, so we assume we could do something like this?

appsweep {
    apiKey = project.property("APPSWEEP_API_KEY") as String
}

Running ./gradlew :app:uploadToAppSweepDebug will result to this error

Welcome to Gradle 8.2!

Here are the highlights of this release:

 - Kotlin DSL: new reference documentation, assignment syntax by default

 - Kotlin DSL is now the default with Gradle init

 - Improved suggestions to resolve errors in console output

For more details see https://docs.gradle.org/8.2/release-notes.html

Starting a Gradle Daemon (subsequent builds will be faster)

FAILURE: Build failed with an exception.

* What went wrong:

Could not determine the dependencies of task ':app:uploadToAppSweepDebug'.

> Could not resolve all task dependencies for configuration ':app:debugRuntimeClasspath'.

 > The consumer was configured to find a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.1.3', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm'. However we cannot choose between the following variants of project :app:libs:AndroidCommon:

       - Configuration ':app:libs:AndroidCommon:debugRuntimeElements' variant android-aar-metadata declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.1.3', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':

 > The consumer was configured to find a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.1.3', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm'. However we cannot choose between the following variants of project :app:libs:AndroidAdMob:

       - Configuration ':app:libs:AndroidAdMob:debugRuntimeElements' variant android-aar-metadata declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.1.3', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':

 > The consumer was configured to find a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.1.3', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm'. However we cannot choose between the following variants of project :app:libs:AndroidMaterial:

       - Configuration ':app:libs:AndroidMaterial:debugRuntimeElements' variant android-aar-metadata declares a component for use during runtime, preferably optimized for Android, as well as attribute 'com.android.build.api.attributes.AgpVersionAttr' with value '8.1.3', attribute 'com.android.build.api.attributes.BuildTypeAttr' with value 'debug', attribute 'org.jetbrains.kotlin.platform.type' with value 'androidJvm':
foadjn commented 7 months ago

Hi @ArcherEmiya05,

I'm thrilled to see that you are utilizing AppSweep to scan your app for security vulnerabilities. However, I'm sorry to hear that you're experiencing issues with our Gradle plugin. Let me clarify that our samples are designed for Groovy, while in Kotlin DSL, you'll need to use the = symbol to assign values.

I'd like to assure you that the problem you're facing isn't due to migrating from Groovy to Kotlin. We recently released a new version of AppSweep Gradle plugin, and it caused this problem. However, our team is already investigating and working on a solution to fix this issue, which is similar to the one reported in #8 . We'll release a new version as soon as possible to address the issue.

Thank you for your patience and understanding.

Duplicate of #8.