Search in sources :

Example 1 with IssueTracker

use of com.checkmarx.flow.custom.IssueTracker in project cx-flow by checkmarx-ltd.

the class IssueService method process.

public void process(ScanResults results, ScanRequest request) throws MachinaException {
    Map<String, ScanResults.XIssue> xMap;
    Map<String, Issue> iMap;
    List<String> newIssues = new ArrayList<>();
    List<String> updatedIssues = new ArrayList<>();
    List<String> closedIssues = new ArrayList<>();
    BugTracker bugTracker = request.getBugTracker();
    String customBean = bugTracker.getCustomBean();
    if (!bugTracker.getType().equals(BugTracker.Type.CUSTOM) && !ScanUtils.empty(customBean)) {
        throw new MachinaException("A valid custom bean must be used here.");
    }
    try {
        IssueTracker tracker = (IssueTracker) context.getBean(customBean);
        tracker.init(request, results);
        String fpLabel = tracker.getFalsePositiveLabel();
        codeBashingService.createLessonsMap();
        log.info("Processing Issues with custom bean {}", customBean);
        List<Issue> issues = tracker.getIssues(request);
        if (issues == null) {
            issues = Collections.emptyList();
        }
        xMap = this.getXIssueMap(tracker, results, request);
        iMap = this.getIssueMap(tracker, issues, request);
        for (Map.Entry<String, ScanResults.XIssue> xIssue : xMap.entrySet()) {
            try {
                String fileUrl;
                ScanResults.XIssue currentIssue = xIssue.getValue();
                codeBashingService.addCodebashingUrlToIssue(currentIssue);
                /*Issue already exists -> update and comment*/
                if (iMap.containsKey(xIssue.getKey())) {
                    Issue i = iMap.get(xIssue.getKey());
                    if (xIssue.getValue().isAllFalsePositive()) {
                        // All issues are false positive, so issue should be closed
                        Issue fpIssue;
                        log.debug("All issues are false positives");
                        if (properties.isListFalsePositives()) {
                            // Update the ticket if flag is set
                            log.debug("Issue is being updated to reflect false positive references.  Updating issue with key {}", xIssue.getKey());
                            tracker.updateIssue(i, currentIssue, request);
                        }
                        if (tracker.isIssueOpened(i, request)) {
                            /*Close the issue if in an open state*/
                            log.info("Closing issue with key {}", i.getId());
                            tracker.closeIssue(i, request);
                            closedIssues.add(i.getId());
                        }
                    } else if (!i.getLabels().contains(fpLabel)) {
                        /*Ignore any with label indicating false positive*/
                        log.info("Issue still exists.  Updating issue with key {}", xIssue.getKey());
                        fileUrl = ScanUtils.getFileUrl(request, currentIssue.getFilename());
                        currentIssue.setGitUrl(fileUrl);
                        Issue updatedIssue = tracker.updateIssue(i, currentIssue, request);
                        if (updatedIssue != null) {
                            updatedIssues.add(updatedIssue.getId());
                            log.debug("Update completed for issue #{}", updatedIssue.getId());
                        }
                    } else {
                        log.info("Skipping issue marked as false positive with key {}", xIssue.getKey());
                    }
                } else {
                    /*Create the new issue*/
                    if (!xIssue.getValue().isAllFalsePositive()) {
                        fileUrl = ScanUtils.getFileUrl(request, currentIssue.getFilename());
                        xIssue.getValue().setGitUrl(fileUrl);
                        log.info("Creating new issue with key {}", xIssue.getKey());
                        Issue newIssue = tracker.createIssue(xIssue.getValue(), request);
                        if (newIssue != null) {
                            newIssues.add(newIssue.getId());
                            log.info("New issue created. #{}", newIssue.getId());
                        }
                    }
                }
            } catch (HttpClientErrorException e) {
                log.error("Error occurred while processing issue with key {}", xIssue.getKey(), e);
            }
        }
        /*Check if an issue exists in GitLab but not within results and close if not*/
        for (Map.Entry<String, Issue> issueMap : iMap.entrySet()) {
            String key = issueMap.getKey();
            Issue issue = issueMap.getValue();
            try {
                if (!xMap.containsKey(key) && tracker.isIssueOpened(issue, request)) {
                    /*Close the issue*/
                    tracker.closeIssue(issue, request);
                    closedIssues.add(issue.getId());
                    log.info("Closing issue #{} with key {}", issue.getId(), key);
                }
            } catch (HttpClientErrorException e) {
                log.error("Error occurred while processing issue with key {}", key, e);
            }
        }
        Map<String, List<String>> issuesMap = new HashMap<>();
        issuesMap.put("new", newIssues);
        issuesMap.put("updated", updatedIssues);
        issuesMap.put("closed", closedIssues);
        tracker.complete(request, results);
    } catch (BeansException e) {
        log.error("Specified bug tracker bean was not found or properly loaded.", e);
        throw new MachinaRuntimeException();
    } catch (ClassCastException e) {
        log.error("Bean must implement the IssueTracker Interface", e);
        throw new MachinaRuntimeException();
    }
}
Also used : Issue(com.checkmarx.flow.dto.Issue) HttpClientErrorException(org.springframework.web.client.HttpClientErrorException) IssueTracker(com.checkmarx.flow.custom.IssueTracker) ScanResults(com.checkmarx.sdk.dto.ScanResults) BugTracker(com.checkmarx.flow.dto.BugTracker) MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException) MachinaException(com.checkmarx.flow.exception.MachinaException) BeansException(org.springframework.beans.BeansException)

Example 2 with IssueTracker

use of com.checkmarx.flow.custom.IssueTracker in project cx-flow by checkmarx-ltd.

the class IastService method createIssue.

private void createIssue(ScanVulnerabilities scanVulnerabilities, ScanRequest request, ResultInfo scansResultQuery, VulnerabilityInfo vulnerability, Scan scan) {
    try {
        Issue issue;
        IssueTracker issueTracker;
        boolean htmlDescription = false;
        switch(request.getBugTracker().getType()) {
            case JIRA:
                String jiraIssue = postIssueToJira(scanVulnerabilities, request, scansResultQuery, vulnerability, scan);
                if (jiraService.getJiraProperties() != null) {
                    log.info("Create jira issue: " + jiraService.getJiraProperties().getUrl() + "/browse/" + jiraIssue);
                }
                // jiraService is not an instance of IssueTracker, because of that the "return" here is a shortcut to stop the execution
                return;
            case GITHUBCOMMIT:
                issueTracker = gitHubIssueTracker;
                break;
            case GITLABCOMMIT:
                issueTracker = gitLabIssueTracker;
                break;
            case adopull:
            case ADOPULL:
                issueTracker = azureIssueTracker;
                htmlDescription = true;
                request.putAdditionalMetadata(Constants.ADO_ISSUE_BODY_KEY, "Description");
                request.putAdditionalMetadata(Constants.ADO_ISSUE_KEY, adoProperties.getIssueType());
                break;
            default:
                throw new NotImplementedException(request.getBugTracker().getType().getType() + ". That bug tracker not implemented.");
        }
        issue = postIssueToTracker(scanVulnerabilities, request, scansResultQuery, vulnerability, scan, issueTracker, htmlDescription);
        log.info("Create {} issue: {}", request.getBugTracker().getType().getType(), issue.getUrl());
    } catch (MachinaException e) {
        log.error("Problem with creating issue.", e);
    } catch (RuntimeException e) {
        throw new IastBugTrackerClientException("Can't create issue", e);
    }
}
Also used : Issue(com.checkmarx.flow.dto.Issue) IssueTracker(com.checkmarx.flow.custom.IssueTracker) GitHubIssueTracker(com.checkmarx.flow.custom.GitHubIssueTracker) GitLabIssueTracker(com.checkmarx.flow.custom.GitLabIssueTracker) ADOIssueTracker(com.checkmarx.flow.custom.ADOIssueTracker) NotImplementedException(org.apache.commons.lang3.NotImplementedException)

Example 3 with IssueTracker

use of com.checkmarx.flow.custom.IssueTracker in project cx-flow by checkmarx-ltd.

the class IastCliSteps method checkHowManyCreateIssue.

@SneakyThrows
@Then("check how many create issue {} {}")
public void checkHowManyCreateIssue(String createIssue, String bugTracker) {
    int createdIssues = Integer.parseInt(removeQuotes(createIssue));
    IssueTracker issueTracker = null;
    switch(bugTracker) {
        case "jira":
            verify(jiraService, times(createdIssues)).createIssue(any(), any());
            return;
        case "github":
            issueTracker = gitHubIssueTracker;
            break;
        case "gitlab":
            issueTracker = gitLabIssueTracker;
            break;
        case "ado":
            issueTracker = adoIssueTracker;
            break;
    }
    if (issueTracker != null) {
        verify(issueTracker, times(createdIssues)).createIssue(any(), any());
    }
}
Also used : IssueTracker(com.checkmarx.flow.custom.IssueTracker) GitHubIssueTracker(com.checkmarx.flow.custom.GitHubIssueTracker) ADOIssueTracker(com.checkmarx.flow.custom.ADOIssueTracker) GitLabIssueTracker(com.checkmarx.flow.custom.GitLabIssueTracker) SneakyThrows(lombok.SneakyThrows) Then(io.cucumber.java.en.Then)

Aggregations

IssueTracker (com.checkmarx.flow.custom.IssueTracker)3 ADOIssueTracker (com.checkmarx.flow.custom.ADOIssueTracker)2 GitHubIssueTracker (com.checkmarx.flow.custom.GitHubIssueTracker)2 GitLabIssueTracker (com.checkmarx.flow.custom.GitLabIssueTracker)2 Issue (com.checkmarx.flow.dto.Issue)2 BugTracker (com.checkmarx.flow.dto.BugTracker)1 MachinaException (com.checkmarx.flow.exception.MachinaException)1 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)1 ScanResults (com.checkmarx.sdk.dto.ScanResults)1 Then (io.cucumber.java.en.Then)1 SneakyThrows (lombok.SneakyThrows)1 NotImplementedException (org.apache.commons.lang3.NotImplementedException)1 BeansException (org.springframework.beans.BeansException)1 HttpClientErrorException (org.springframework.web.client.HttpClientErrorException)1