Example 16 with BugTracker
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class PostRequestData method getBugTracker.
/**
* Creates a {@link BugTracker} from given values. If values are not provided,
* a default tracker of type {@link BugTracker.Type#NONE} will be returned.
*
* @param assignee assignee for bug tracking
* @param bug bug tracker type to use
* @return a {@link BugTracker}
*/
protected BugTracker getBugTracker(String assignee, String bug) {
// Default bug tracker type : NONE
BugTracker bugTracker = BugTracker.builder().type(BugTracker.Type.NONE).build();
// If a bug tracker is explicitly provided, override the default
if (!ScanUtils.empty(bug)) {
BugTracker.Type bugTypeEnum = ScanUtils.getBugTypeEnum(bug, properties.getBugTrackerImpl());
bugTracker = ScanUtils.getBugTracker(assignee, bugTypeEnum, jiraProperties, bug);
}
return bugTracker;
}
Also used :
BugTracker(com.checkmarx.flow.dto.BugTracker)
Example 17 with BugTracker
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class GitLabController method mergeRequest.
/**
* Merge Request event webhook submitted.
*/
@PostMapping(value = { "/{product}", "/" }, headers = MERGE)
public ResponseEntity<EventResponse> mergeRequest(@RequestBody MergeEvent body, @RequestHeader(value = TOKEN_HEADER) String token, @PathVariable(value = "product", required = false) String product, ControllerRequest controllerRequest) {
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
log.info("Processing GitLab MERGE request");
controllerRequest = ensureNotNull(controllerRequest);
validateGitLabRequest(token, controllerRequest);
try {
ObjectAttributes objectAttributes = body.getObjectAttributes();
if (!objectAttributes.getState().equalsIgnoreCase("opened") || isWIP(body)) {
log.info("Merge requested not processed. Status was not opened , or was WIP ({})", objectAttributes.getState());
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("No processing occurred for updates to Merge Request").success(true).build());
}
String app = body.getRepository().getName();
if (StringUtils.isNotEmpty(controllerRequest.getApplication())) {
app = controllerRequest.getApplication();
}
BugTracker.Type bugType = BugTracker.Type.GITLABMERGE;
if (StringUtils.isNotEmpty(controllerRequest.getBug())) {
bugType = ScanUtils.getBugTypeEnum(controllerRequest.getBug(), flowProperties.getBugTrackerImpl());
}
if (controllerRequest.getAppOnly() != null) {
flowProperties.setTrackApplicationOnly(controllerRequest.getAppOnly());
}
if (ScanUtils.empty(product)) {
product = ScanRequest.Product.CX.getProduct();
}
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
String currentBranch = objectAttributes.getSourceBranch();
String targetBranch = objectAttributes.getTargetBranch();
String defaultBranch = objectAttributes.getTarget().getDefaultBranch();
List<String> branches = getBranches(controllerRequest, flowProperties);
BugTracker bt = ScanUtils.getBugTracker(controllerRequest.getAssignee(), bugType, jiraProperties, controllerRequest.getBug());
FilterConfiguration filter = filterFactory.getFilter(controllerRequest, flowProperties);
Project proj = body.getProject();
String gitUrl = proj.getGitHttpUrl();
log.info("Using url: {}", gitUrl);
String configToken = scmConfigOverrider.determineConfigToken(properties, controllerRequest.getScmInstance());
String gitAuthUrl = gitAuthUrlGenerator.addCredToUrl(ScanRequest.Repository.GITLAB, gitUrl, configToken);
ScanRequest request = ScanRequest.builder().id(String.valueOf(proj.getId())).application(app).product(p).project(controllerRequest.getProject()).team(controllerRequest.getTeam()).namespace(proj.getNamespace().replace(" ", "_")).repoName(proj.getName()).repoUrl(proj.getGitHttpUrl()).repoUrlWithAuth(gitAuthUrl).repoType(ScanRequest.Repository.GITLAB).branch(currentBranch).defaultBranch(defaultBranch).mergeTargetBranch(targetBranch).refs(Constants.CX_BRANCH_PREFIX.concat(currentBranch)).email(null).incremental(controllerRequest.getIncremental()).scanPreset(controllerRequest.getPreset()).excludeFolders(controllerRequest.getExcludeFolders()).excludeFiles(controllerRequest.getExcludeFiles()).bugTracker(bt).filter(filter).organizationId(getOrganizationId(proj)).gitUrl(gitUrl).hash(objectAttributes.getLastCommit().getId()).build();
setMergeEndPointUri(objectAttributes, proj, request);
setScmInstance(controllerRequest, request);
if (proj.getId() != null) {
request.setRepoProjectId(proj.getId());
}
/*Check for Config as code (cx.config) and override*/
CxConfig cxConfig = gitLabService.getCxConfigOverride(request);
request = configOverrider.overrideScanRequestProperties(cxConfig, request);
request.putAdditionalMetadata(HTMLHelper.WEB_HOOK_PAYLOAD, body.toString());
request.putAdditionalMetadata(FlowConstants.MERGE_ID, objectAttributes.getIid().toString());
request.putAdditionalMetadata(FlowConstants.MERGE_TITLE, objectAttributes.getTitle());
request.setId(uid);
if (helperService.isBranch2Scan(request, branches)) {
flowService.initiateAutomation(request);
}
} catch (IllegalArgumentException e) {
return getBadRequestMessage(e, controllerRequest, product);
}
return getSuccessMessage();
}
Also used :
ScanRequest(com.checkmarx.flow.dto.ScanRequest)
FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration)
CxConfig(com.checkmarx.sdk.dto.sast.CxConfig)
BugTracker(com.checkmarx.flow.dto.BugTracker)
Example 18 with BugTracker
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class GitLabController method pushRequest.
/**
* Push Request event webhook submitted.
*/
@PostMapping(value = { "/{product}", "/" }, headers = PUSH)
public ResponseEntity<EventResponse> pushRequest(@RequestBody PushEvent body, @RequestHeader(value = TOKEN_HEADER) String token, @PathVariable(value = "product", required = false) String product, ControllerRequest controllerRequest) {
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
controllerRequest = ensureNotNull(controllerRequest);
validateGitLabRequest(token, controllerRequest);
try {
String app;
if (body != null && body.getRepository() != null) {
app = body.getRepository().getName();
} else {
throw new IllegalArgumentException("Request body or request repository cannot be null");
}
if (StringUtils.isNotEmpty(controllerRequest.getApplication())) {
app = controllerRequest.getApplication();
}
// set the default bug tracker as per yml
setBugTracker(flowProperties, controllerRequest);
BugTracker.Type bugType = ScanUtils.getBugTypeEnum(controllerRequest.getBug(), flowProperties.getBugTrackerImpl());
if (controllerRequest.getAppOnly() != null) {
flowProperties.setTrackApplicationOnly(controllerRequest.getAppOnly());
}
if (ScanUtils.empty(product)) {
product = ScanRequest.Product.CX.getProduct();
}
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
// extract branch from ref (refs/heads/master -> master)
String currentBranch = ScanUtils.getBranchFromRef(body.getRef());
List<String> branches = getBranches(controllerRequest, flowProperties);
BugTracker bt = ScanUtils.getBugTracker(controllerRequest.getAssignee(), bugType, jiraProperties, controllerRequest.getBug());
FilterConfiguration filter = filterFactory.getFilter(controllerRequest, flowProperties);
Project proj = body.getProject();
String gitUrl = proj.getGitHttpUrl();
log.debug("Using url: {}", gitUrl);
String configToken = scmConfigOverrider.determineConfigToken(properties, controllerRequest.getScmInstance());
String gitAuthUrl = gitAuthUrlGenerator.addCredToUrl(ScanRequest.Repository.GITLAB, gitUrl, configToken);
ScanRequest request = ScanRequest.builder().id(String.valueOf(body.getProjectId())).application(app).product(p).project(controllerRequest.getProject()).team(controllerRequest.getTeam()).namespace(proj.getNamespace().replace(" ", "_")).repoName(proj.getName()).repoUrl(proj.getGitHttpUrl()).repoUrlWithAuth(gitAuthUrl).repoType(ScanRequest.Repository.GITLAB).branch(currentBranch).refs(body.getRef()).incremental(controllerRequest.getIncremental()).scanPreset(controllerRequest.getPreset()).excludeFolders(controllerRequest.getExcludeFolders()).excludeFiles(controllerRequest.getExcludeFiles()).bugTracker(bt).filter(filter).organizationId(getOrganizationId(proj)).gitUrl(gitUrl).hash(body.getAfter()).build();
/*Determine emails*/
List<String> emails = new ArrayList<>();
String commitEndpoint = null;
commitEndpoint = setUserEmail(body, bugType, proj, request, emails, commitEndpoint);
request.setMergeNoteUri(commitEndpoint);
request.setEmail(emails);
setScmInstance(controllerRequest, request);
if (StringUtils.isNotEmpty(controllerRequest.getPreset())) {
request.setScanPreset(controllerRequest.getPreset());
request.setScanPresetOverride(true);
}
if (proj.getId() != null) {
request.setRepoProjectId(proj.getId());
}
/*Check for Config as code (cx.config) and override*/
CxConfig cxConfig = gitLabService.getCxConfigOverride(request);
request = configOverrider.overrideScanRequestProperties(cxConfig, request);
request.putAdditionalMetadata(HTMLHelper.WEB_HOOK_PAYLOAD, body.toString());
request.setId(uid);
if (helperService.isBranch2Scan(request, branches)) {
flowService.initiateAutomation(request);
}
} catch (IllegalArgumentException e) {
return getBadRequestMessage(e, controllerRequest, product);
}
return getSuccessMessage();
}
Also used :
ScanRequest(com.checkmarx.flow.dto.ScanRequest)
FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration)
ArrayList(java.util.ArrayList)
CxConfig(com.checkmarx.sdk.dto.sast.CxConfig)
BugTracker(com.checkmarx.flow.dto.BugTracker)
Example 19 with BugTracker
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class IastController method getRepoScanRequest.
private ScanRequest getRepoScanRequest(CreateIssue body, BugTracker.Type tracker) {
checksForGitHub(body, tracker);
checksForGitLab(body, tracker);
checksForAzure(body, tracker);
String assignee = body.getAssignee();
BugTracker bt;
if (BugTracker.Type.JIRA == tracker) {
bt = cxFlowRunner.jiraPropertiesToBugTracker().type(BugTracker.Type.JIRA).assignee(assignee).build();
} else {
bt = BugTracker.builder().type(tracker).assignee(assignee).build();
}
String altFields = null;
if (tracker == BugTracker.Type.ADOPULL || tracker == BugTracker.Type.adopull) {
if (!Strings.isEmpty(assignee)) {
altFields = "System.AssignedTo:" + assignee;
}
}
return ScanRequest.builder().bugTracker(bt).altProject(body.getBugTrackerProject()).repoName(body.getRepoName()).altFields(altFields).namespace(body.getNamespace()).repoProjectId(body.getProjectId()).product(ScanRequest.Product.CX).build();
}
Also used :
BugTracker(com.checkmarx.flow.dto.BugTracker)
Example 20 with BugTracker
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class ADOController method pullRequest.
/**
* Pull Request event submitted (JSON)
*/
@PostMapping(value = { "/{product}/ado/pull", "/ado/pull" })
public ResponseEntity<EventResponse> pullRequest(@RequestBody PullEvent body, @RequestHeader(value = AUTHORIZATION) String auth, @PathVariable(value = "product", required = false) String product, ControllerRequest controllerRequest, AdoDetailsRequest adoDetailsRequest) {
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
log.info("Processing Azure PULL request");
Action action = Action.PULL;
controllerRequest = ensureNotNull(controllerRequest);
validateBasicAuth(auth, controllerRequest);
adoDetailsRequest = ensureDetailsNotNull(adoDetailsRequest);
ResourceContainers resourceContainers = body.getResourceContainers();
if (!PULL_EVENT.contains(body.getEventType()) || !body.getResource().getStatus().equals("active")) {
log.info("Pull requested not processed. Event was not opened ({})", body.getEventType());
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("No processing occurred for updates to Pull Request").success(true).build());
}
try {
Resource resource = body.getResource();
Repository repository = resource.getRepository();
String pullUrl = resource.getUrl();
String app = repository.getName();
if (repository.getName().startsWith(properties.getTestRepository())) {
log.info("Handling ADO Test Event");
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("Test Event").success(true).build());
}
if (StringUtils.isNotEmpty(controllerRequest.getApplication())) {
app = controllerRequest.getApplication();
}
BugTracker.Type bugType = BugTracker.Type.ADOPULL;
if (StringUtils.isNotEmpty(controllerRequest.getBug())) {
bugType = ScanUtils.getBugTypeEnum(controllerRequest.getBug(), flowProperties.getBugTrackerImpl());
}
if (controllerRequest.getAppOnly() != null) {
flowProperties.setTrackApplicationOnly(controllerRequest.getAppOnly());
}
initAdoSpecificParams(adoDetailsRequest);
if (StringUtils.isEmpty(product)) {
product = ScanRequest.Product.CX.getProduct();
}
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
String ref = resource.getSourceRefName();
String currentBranch = ScanUtils.getBranchFromRef(ref);
String targetBranch = ScanUtils.getBranchFromRef(resource.getTargetRefName());
List<String> branches = getBranches(controllerRequest, flowProperties);
BugTracker bt = ScanUtils.getBugTracker(controllerRequest.getAssignee(), bugType, jiraProperties, controllerRequest.getBug());
FilterConfiguration filter = filterFactory.getFilter(controllerRequest, flowProperties);
Map<FindingSeverity, Integer> thresholdMap = getThresholds(controllerRequest);
// build request object
String gitUrl = repository.getWebUrl();
String token = scmConfigOverrider.determineConfigToken(properties, controllerRequest.getScmInstance());
log.info("Using url: {}", gitUrl);
String gitAuthUrl = gitAuthUrlGenerator.addCredToUrl(ScanRequest.Repository.ADO, gitUrl, token);
ScanRequest request = ScanRequest.builder().application(app).product(p).project(controllerRequest.getProject()).team(controllerRequest.getTeam()).namespace(determineNamespace(resourceContainers)).repoName(repository.getName()).repoUrl(gitUrl).repoUrlWithAuth(gitAuthUrl).repoType(ScanRequest.Repository.ADO).branch(currentBranch).refs(ref).mergeNoteUri(pullUrl.concat("/threads")).mergeTargetBranch(targetBranch).email(null).scanPreset(controllerRequest.getPreset()).incremental(controllerRequest.getIncremental()).excludeFolders(controllerRequest.getExcludeFolders()).excludeFiles(controllerRequest.getExcludeFiles()).bugTracker(bt).filter(filter).thresholds(thresholdMap).organizationId(determineNamespace(resourceContainers)).gitUrl(gitUrl).build();
setScmInstance(controllerRequest, request);
request.putAdditionalMetadata(ADOService.PROJECT_SELF_URL, getTheProjectURL(body.getResourceContainers()));
fillRequestWithAdditionalData(request, repository, body.toString());
checkForConfigAsCode(request, getConfigBranch(request, resource, action));
request.putAdditionalMetadata("statuses_url", pullUrl.concat("/statuses"));
addMetadataToScanRequest(adoDetailsRequest, request);
request.setId(uid);
// only initiate scan/automation if target branch is applicable
if (helperService.isBranch2Scan(request, branches)) {
flowService.initiateAutomation(request);
}
} catch (IllegalArgumentException e) {
return getBadRequestMessage(e, controllerRequest, product);
}
return getSuccessMessage();
}
Also used :
FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration)
BugTracker(com.checkmarx.flow.dto.BugTracker)
ScanRequest(com.checkmarx.flow.dto.ScanRequest)
Aggregations
BugTracker (com.checkmarx.flow.dto.BugTracker)32
ScanRequest (com.checkmarx.flow.dto.ScanRequest)23
FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)13
CxConfig (com.checkmarx.sdk.dto.sast.CxConfig)6
MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)5
ScanResults (com.checkmarx.sdk.dto.ScanResults)5
JiraClientException (com.checkmarx.flow.exception.JiraClientException)4
IssueInputBuilder (com.atlassian.jira.rest.client.api.domain.input.IssueInputBuilder)3
ComplexIssueInputFieldValue (com.atlassian.jira.rest.client.api.domain.input.ComplexIssueInputFieldValue)2
FieldInput (com.atlassian.jira.rest.client.api.domain.input.FieldInput)2
ControllerRequest (com.checkmarx.flow.dto.ControllerRequest)2
FlowOverride (com.checkmarx.flow.dto.FlowOverride)2
Repository (com.checkmarx.flow.dto.bitbucket.Repository)2
InvalidTokenException (com.checkmarx.flow.exception.InvalidTokenException)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
IOException (java.io.IOException)2
HttpClientErrorException (org.springframework.web.client.HttpClientErrorException)2
com.atlassian.jira.rest.client.api (com.atlassian.jira.rest.client.api)1
com.atlassian.jira.rest.client.api.domain (com.atlassian.jira.rest.client.api.domain)1
TransitionInput (com.atlassian.jira.rest.client.api.domain.input.TransitionInput)1
