Search in sources :

Example 1 with FlowProperties

use of com.checkmarx.flow.config.FlowProperties in project cx-flow by checkmarx-ltd.

the class TfsController method pullPushRequest.

@PostMapping(value = { "/{product}/tfs/pull", "/tfs/pull", "/{product}/tfs/push", "/tfs/push" })
public ResponseEntity<EventResponse> pullPushRequest(HttpServletRequest httpRequest, @RequestBody PullEvent body, @RequestHeader(value = AUTHORIZATION) String auth, @PathVariable(value = "product", required = false) String product, ControllerRequest controllerRequest, AdoDetailsRequest adoDetailsRequest) {
    String action = getAction(httpRequest);
    String uid = helperService.getShortUid();
    MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
    if (log.isInfoEnabled()) {
        log.info(String.format("Processing TFS %s request", action));
    }
    validateBasicAuth(auth);
    Resource resource = body.getResource();
    controllerRequest = ensureNotNull(controllerRequest);
    adoDetailsRequest = ensureDetailsNotNull(adoDetailsRequest);
    if (ACTION_PULL.equals(action) && !body.getEventType().equals(PULL_EVENT)) {
        log.info("Pull requested not processed.  Event was not 'opened' ({})", body.getEventType());
        return ResponseEntity.accepted().body(EventResponse.builder().message("No processing occurred for updates to Pull Request").success(true).build());
    }
    FlowOverride o = ScanUtils.getMachinaOverride(Optional.ofNullable(controllerRequest.getOverride()).orElse(null));
    Repository repository = resource.getRepository();
    String app = repository.getName();
    if (app.startsWith(properties.getTestRepository())) {
        log.info("Handling TFS Test Event");
        return ResponseEntity.ok(EventResponse.builder().message("Test Event").success(true).build());
    }
    Optional.ofNullable(controllerRequest.getAppOnly()).ifPresent(flowProperties::setTrackApplicationOnly);
    FilterConfiguration filter = filterFactory.getFilter(controllerRequest, flowProperties);
    ScanRequestBuilder requestBuilder = ScanRequest.builder().application(Optional.ofNullable(controllerRequest.getApplication()).orElse(app)).product(getProductForName(product)).project(Optional.ofNullable(controllerRequest.getProject()).orElse(null)).team(Optional.ofNullable(controllerRequest.getTeam()).orElse(null)).namespace(repository.getProject().getName().replace(" ", "_")).repoName(repository.getName()).repoType(ScanRequest.Repository.ADO).scanPreset(controllerRequest.getPreset()).incremental(controllerRequest.getIncremental()).excludeFolders(controllerRequest.getExcludeFolders()).excludeFiles(controllerRequest.getExcludeFiles()).filter(filter);
    if (ACTION_PULL.equals(action)) {
        BugTracker.Type bugType = Optional.ofNullable(controllerRequest.getBug()).map(theBug -> ScanUtils.getBugTypeEnum(theBug, flowProperties.getBugTrackerImpl())).orElse(BugTracker.Type.ADOPULL);
        Optional.ofNullable(controllerRequest.getAppOnly()).ifPresent(flowProperties::setTrackApplicationOnly);
        BugTracker bugTracker = ScanUtils.getBugTracker(Optional.ofNullable(controllerRequest.getAssignee()).orElse(null), bugType, jiraProperties, Optional.ofNullable(controllerRequest.getBug()).orElse(null));
        requestBuilder.refs(resource.getSourceRefName()).repoUrl(repository.getWebUrl()).repoUrlWithAuth(addTokenToUrl(repository.getWebUrl(), properties.getToken())).mergeNoteUri(resource.getUrl().concat("/threads")).branch(ScanUtils.getBranchFromRef(resource.getSourceRefName())).mergeTargetBranch(ScanUtils.getBranchFromRef(resource.getTargetRefName())).email(null).bugTracker(bugTracker);
    } else if (ACTION_PUSH.equals(action)) {
        String bug = Optional.ofNullable(controllerRequest.getBug()).orElse(flowProperties.getBugTracker());
        BugTracker.Type bugType = ScanUtils.getBugTypeEnum(bug, flowProperties.getBugTrackerImpl());
        BugTracker bugTracker = ScanUtils.getBugTracker(Optional.ofNullable(controllerRequest.getAssignee()).orElse(null), bugType, jiraProperties, Optional.ofNullable(controllerRequest.getBug()).orElse(null));
        requestBuilder.refs(resource.getRefUpdates().get(0).getName()).repoUrl(repository.getRemoteUrl()).repoUrlWithAuth(addTokenToUrl(repository.getRemoteUrl(), properties.getToken())).branch(ScanUtils.getBranchFromRef(resource.getRefUpdates().get(0).getName())).defaultBranch(repository.getDefaultBranch()).email(determineEmails(resource)).bugTracker(bugTracker);
    }
    ScanRequest request = requestBuilder.build();
    request = configOverrider.overrideScanRequestProperties(o, request);
    if (ACTION_PULL.equals(action)) {
        request.putAdditionalMetadata("statuses_url", resource.getUrl().concat("/statuses"));
    }
    addMetadataToScanRequest(adoDetailsRequest, request);
    request.putAdditionalMetadata(HTMLHelper.WEB_HOOK_PAYLOAD, body.toString());
    request.setId(uid);
    // only initiate scan/automation if target branch is applicable
    List<String> branches = new ArrayList<>();
    Optional<List<String>> branch = Optional.ofNullable(controllerRequest.getBranch());
    if (branch.isPresent()) {
        branches.addAll(branch.get());
    } else if (CollectionUtils.isNotEmpty(flowProperties.getBranches())) {
        branches.addAll(flowProperties.getBranches());
    }
    if (helperService.isBranch2Scan(request, branches)) {
        flowService.initiateAutomation(request);
    }
    return ResponseEntity.accepted().body(EventResponse.builder().message("Scan Request Successfully Submitted").success(true).build());
}
Also used : ADOProperties(com.checkmarx.flow.config.ADOProperties) java.util(java.util) ConfigurationOverrider(com.checkmarx.flow.service.ConfigurationOverrider) RequiredArgsConstructor(lombok.RequiredArgsConstructor) FlowProperties(com.checkmarx.flow.config.FlowProperties) StringUtils(org.apache.commons.lang3.StringUtils) CollectionUtils(org.apache.commons.collections4.CollectionUtils) HTMLHelper(com.checkmarx.flow.utils.HTMLHelper) Repository(com.checkmarx.flow.dto.azure.Repository) Product(com.checkmarx.flow.dto.ScanRequest.Product) AdoDetailsRequest(com.checkmarx.flow.dto.azure.AdoDetailsRequest) InvalidTokenException(com.checkmarx.flow.exception.InvalidTokenException) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterFactory(com.checkmarx.flow.service.FilterFactory) com.checkmarx.flow.dto(com.checkmarx.flow.dto) FlowService(com.checkmarx.flow.service.FlowService) Resource(com.checkmarx.flow.dto.azure.Resource) Collectors(java.util.stream.Collectors) JiraProperties(com.checkmarx.flow.config.JiraProperties) HelperService(com.checkmarx.flow.service.HelperService) PullEvent(com.checkmarx.flow.dto.azure.PullEvent) Slf4j(lombok.extern.slf4j.Slf4j) MDC(org.slf4j.MDC) ScanUtils(com.checkmarx.flow.utils.ScanUtils) FlowConstants(com.checkmarx.flow.constants.FlowConstants) org.springframework.web.bind.annotation(org.springframework.web.bind.annotation) ResponseEntity(org.springframework.http.ResponseEntity) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) ScanRequestBuilder(com.checkmarx.flow.dto.ScanRequest.ScanRequestBuilder) Resource(com.checkmarx.flow.dto.azure.Resource) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) Repository(com.checkmarx.flow.dto.azure.Repository) ScanRequestBuilder(com.checkmarx.flow.dto.ScanRequest.ScanRequestBuilder)

Example 2 with FlowProperties

use of com.checkmarx.flow.config.FlowProperties in project cx-flow by checkmarx-ltd.

the class HelperServiceTest method testGetPresetFromSources.

@Test
public void testGetPresetFromSources() {
    FlowProperties properties = new FlowProperties();
    CxProperties cxProperties = new CxProperties();
    JiraProperties jiraProperties = new JiraProperties();
    cxProperties.setScanPreset(Constants.CX_DEFAULT_PRESET);
    CxScannerService cxScannerService = new CxScannerService(cxProperties, null, null, null, null);
    HelperService helperService = new HelperService(properties, cxScannerService, jiraProperties, null);
    Sources sources = new Sources();
    Sources.Source src1 = new Sources.Source();
    src1.setFile("abc.java");
    src1.setPath("abc.java");
    Sources.Source src2 = new Sources.Source();
    src2.setFile("abc.html");
    src2.setPath("abc.html");
    Sources.Source src3 = new Sources.Source();
    src3.setFile("abc.css");
    src3.setPath("abc.css");
    Sources.Source src4 = new Sources.Source();
    src4.setFile("buildspec.yml");
    src4.setPath("buildspec.yml");
    Map<String, Integer> sourceWeight = new HashMap<>();
    sourceWeight.put("Java", 65);
    sourceWeight.put("CSS", 15);
    sourceWeight.put("HTML", 20);
    sources.setLanguageStats(sourceWeight);
    sources.setSources(Arrays.asList(src1, src2, src3, src4));
    ObjectMapper mapper = new ObjectMapper();
    System.out.println(HelperService.class.getResource(".").getPath());
    File file = new File(getClass().getClassLoader().getResource("CxProfile.json").getFile());
    try {
        CxProfile[] cxProfiles = mapper.readValue(file, CxProfile[].class);
        helperService.setProfiles(Arrays.asList(cxProfiles));
        String preset = helperService.getPresetFromSources(sources);
        assertEquals(preset, "Checkmarx Express");
    } catch (IOException e) {
        fail("Unexpected IO Exception");
    }
}
Also used : FlowProperties(com.checkmarx.flow.config.FlowProperties) HashMap(java.util.HashMap) CxProfile(com.checkmarx.flow.dto.CxProfile) IOException(java.io.IOException) Sources(com.checkmarx.flow.dto.Sources) CxProperties(com.checkmarx.sdk.config.CxProperties) JiraProperties(com.checkmarx.flow.config.JiraProperties) File(java.io.File) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 3 with FlowProperties

use of com.checkmarx.flow.config.FlowProperties in project cx-flow by checkmarx-ltd.

the class ScanUtilsTest method setup.

@Before
public void setup() {
    flowProperties = new FlowProperties();
    flowProperties.setBugTrackerImpl(Arrays.asList("JIRA", "GitHub", "GitLab"));
    configOverrider = new ConfigurationOverrider(flowProperties, cxIntegrationsProperties, scaScanner, sastScanner, cxgoScanner, scaConfigOverrider, reposManagerService, gitAuthUrlGenerator);
}
Also used : FlowProperties(com.checkmarx.flow.config.FlowProperties) Before(org.junit.Before)

Aggregations

FlowProperties (com.checkmarx.flow.config.FlowProperties)3 JiraProperties (com.checkmarx.flow.config.JiraProperties)2 ADOProperties (com.checkmarx.flow.config.ADOProperties)1 FlowConstants (com.checkmarx.flow.constants.FlowConstants)1 com.checkmarx.flow.dto (com.checkmarx.flow.dto)1 CxProfile (com.checkmarx.flow.dto.CxProfile)1 Product (com.checkmarx.flow.dto.ScanRequest.Product)1 ScanRequestBuilder (com.checkmarx.flow.dto.ScanRequest.ScanRequestBuilder)1 Sources (com.checkmarx.flow.dto.Sources)1 AdoDetailsRequest (com.checkmarx.flow.dto.azure.AdoDetailsRequest)1 PullEvent (com.checkmarx.flow.dto.azure.PullEvent)1 Repository (com.checkmarx.flow.dto.azure.Repository)1 Resource (com.checkmarx.flow.dto.azure.Resource)1 InvalidTokenException (com.checkmarx.flow.exception.InvalidTokenException)1 ConfigurationOverrider (com.checkmarx.flow.service.ConfigurationOverrider)1 FilterFactory (com.checkmarx.flow.service.FilterFactory)1 FlowService (com.checkmarx.flow.service.FlowService)1 HelperService (com.checkmarx.flow.service.HelperService)1 HTMLHelper (com.checkmarx.flow.utils.HTMLHelper)1 ScanUtils (com.checkmarx.flow.utils.ScanUtils)1