use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class ADOController method pushRequest.
/**
* Push Request event submitted (JSON), along with the Product (cx for example)
*/
@PostMapping(value = { "/{product}/ado/push", "/ado/push" })
public ResponseEntity<EventResponse> pushRequest(@RequestBody PushEvent body, @RequestHeader(value = AUTHORIZATION) String auth, @PathVariable(value = "product", required = false) String product, ControllerRequest controllerRequest, AdoDetailsRequest adoDetailsRequest) {
// TODO handle different state (Active/Closed)
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
log.info("Processing Azure Push request");
Action action = Action.PUSH;
controllerRequest = ensureNotNull(controllerRequest);
validateBasicAuth(auth, controllerRequest);
adoDetailsRequest = ensureDetailsNotNull(adoDetailsRequest);
ResourceContainers resourceContainers = body.getResourceContainers();
try {
Resource resource = body.getResource();
Repository repository = resource.getRepository();
String app = repository.getName();
if (repository.getName().startsWith(properties.getTestRepository())) {
log.info("Handling ADO Test Event");
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("Test Event").success(true).build());
}
if (StringUtils.isNotEmpty(controllerRequest.getApplication())) {
app = controllerRequest.getApplication();
}
// set the default bug tracker as per yml
setBugTracker(flowProperties, controllerRequest);
BugTracker.Type bugType = ScanUtils.getBugTypeEnum(controllerRequest.getBug(), flowProperties.getBugTrackerImpl());
initAdoSpecificParams(adoDetailsRequest);
if (controllerRequest.getAppOnly() != null) {
flowProperties.setTrackApplicationOnly(controllerRequest.getAppOnly());
}
if (StringUtils.isEmpty(product)) {
product = ScanRequest.Product.CX.getProduct();
}
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
// determine branch (without refs)
String ref = resource.getRefUpdates().get(0).getName();
String currentBranch = ScanUtils.getBranchFromRef(ref);
List<String> branches = getBranches(controllerRequest, flowProperties);
BugTracker bt = ScanUtils.getBugTracker(controllerRequest.getAssignee(), bugType, jiraProperties, controllerRequest.getBug());
FilterConfiguration filter = filterFactory.getFilter(controllerRequest, flowProperties);
Map<FindingSeverity, Integer> thresholdMap = getThresholds(controllerRequest);
List<String> emails = determineEmails(resource);
// build request object
String gitUrl = repository.getRemoteUrl();
log.debug("Using url: {}", gitUrl);
String configToken = scmConfigOverrider.determineConfigToken(properties, controllerRequest.getScmInstance());
String gitAuthUrl = gitAuthUrlGenerator.addCredToUrl(ScanRequest.Repository.ADO, gitUrl, configToken);
String defaultBranch = ScanUtils.getBranchFromRef(Optional.ofNullable(repository.getDefaultBranch()).orElse(ref));
ScanRequest request = ScanRequest.builder().application(app).product(p).project(controllerRequest.getProject()).team(controllerRequest.getTeam()).namespace(determineNamespace(resourceContainers)).altProject(determineAzureProject(repository)).repoName(repository.getName()).repoUrl(gitUrl).repoUrlWithAuth(gitAuthUrl).repoType(ScanRequest.Repository.ADO).branch(currentBranch).defaultBranch(defaultBranch).refs(ref).email(emails).scanPreset(controllerRequest.getPreset()).incremental(controllerRequest.getIncremental()).excludeFolders(controllerRequest.getExcludeFolders()).excludeFiles(controllerRequest.getExcludeFiles()).bugTracker(bt).filter(filter).thresholds(thresholdMap).organizationId(determineNamespace(resourceContainers)).gitUrl(gitUrl).build();
setScmInstance(controllerRequest, request);
request.putAdditionalMetadata(ADOService.PROJECT_SELF_URL, getTheProjectURL(body.getResourceContainers()));
addMetadataToScanRequest(adoDetailsRequest, request);
fillRequestWithAdditionalData(request, repository, body.toString());
// if an override blob/file is provided, substitute these values
checkForConfigAsCode(request, getConfigBranch(request, resource, action));
request.setId(uid);
// only initiate scan/automation if target branch is applicable
if (helperService.isBranch2Scan(request, branches)) {
flowService.initiateAutomation(request);
} else if (isDeleteBranchEvent(resource) && properties.getDeleteCxProject()) {
flowService.deleteProject(request);
}
} catch (IllegalArgumentException e) {
return getBadRequestMessage(e, controllerRequest, product);
}
return getSuccessMessage();
}
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class PostRequestData method latestScanResults.
@GetMapping(value = "/scanresults", produces = "application/json")
public ScanResults latestScanResults(// Mandatory parameters
@RequestParam(value = "project") String project, @RequestHeader(value = TOKEN_HEADER) String token, // Optional parameters
@RequestParam(value = "team", required = false) String team, @RequestParam(value = "application", required = false) String application, @RequestParam(value = "severity", required = false) List<String> severity, @RequestParam(value = "cwe", required = false) List<String> cwe, @RequestParam(value = "category", required = false) List<String> category, @RequestParam(value = "status", required = false) List<String> status, @RequestParam(value = "assignee", required = false) String assignee, @RequestParam(value = "override", required = false) String override, @RequestParam(value = "bug", required = false) String bug) {
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
// Validate shared API token from header
validateToken(token);
// This primes the shard when Shard Manager is turned on
if (cxProperties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
// ensures this gets fixed like this: /CxServer/CHECKMARX
if (team.charAt(0) != '/') {
team = ("/" + team);
}
shard.setTeam(team);
shard.setProject(project);
}
// Create bug tracker
BugTracker bugTracker = getBugTracker(assignee, bug);
// Create filters if available
ControllerRequest request = new ControllerRequest(severity, cwe, category, status, null);
FilterConfiguration filter = filterFactory.getFilter(request, properties);
// Create the scan request
ScanRequest scanRequest = ScanRequest.builder().application(ScanUtils.empty(application) ? project : application).product(// Default product: CX
ScanRequest.Product.CX).project(project).team(team).bugTracker(bugTracker).filter(filter).build();
scanRequest.setId(uid);
// If an override blob/file is provided, substitute these values
if (!ScanUtils.empty(override)) {
FlowOverride ovr = ScanUtils.getMachinaOverride(override);
scanRequest = configOverrider.overrideScanRequestProperties(ovr, scanRequest);
}
// Fetch the Checkmarx Scan Results based on given ScanRequest.
// The cxProject parameter is null because the required project metadata
// is already contained in the scanRequest parameter.
ScanResults scanResults = CxScannerService.getScanner(cxgoScanner, sastScanner).getLatestScanResults(scanRequest);
log.debug("ScanResults {}", scanResults);
return scanResults;
}
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class PostRequestData method scanPostback.
@PostMapping(value = "/postbackAction/{scanID}")
public ResponseEntity<EventResponse> scanPostback(@RequestBody String postBackData, @PathVariable(value = "scanID") String scanID) {
log.debug("Handling post-back from SAST");
int maxNumberOfTokens = 100;
PostRequestData prd = new PostRequestData();
String token = " ";
String bugTracker = properties.getBugTracker();
//
// / Decode the scan details.
//
StringTokenizer postData = new StringTokenizer(postBackData, "&");
int iteration = 0;
while (postData.hasMoreTokens() && iteration < maxNumberOfTokens) {
String strToken = postData.nextToken();
if (strToken.length() > 6 && strToken.startsWith("token=")) {
token = strToken.substring(6);
}
if (strToken.length() > 13 && strToken.startsWith("scancomments=")) {
String scanDetails = strToken.substring(13);
try {
String postRequest = URLDecoder.decode(scanDetails, "UTF-8");
decodePostBackReq(postRequest, prd);
} catch (Exception e) {
log.error("Error decoding scan details");
}
}
iteration++;
}
validateToken(token);
try {
String product = "CX";
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
ScanRequest scanRequest = ScanRequest.builder().namespace(prd.namespace).repoName(prd.repoName).project(prd.project).team(prd.team).repoType(ScanRequest.Repository.GITHUB).product(p).branch(prd.branch).build();
// There won't be a scan ID on the post-back, so we need to fake it in the
// event shard support is turned on (very likely if using post-back support).
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
ScanRequestConverter src = sastScanner.getScanRequestConverter();
src.setShardPropertiesIfExists(scanRequest, prd.team);
// Now go ahead and process the scan as normal.
ScanResults scanResults = cxService.getReportContentByScanId(Integer.parseInt(scanID), scanRequest.getFilter());
scanRequest.putAdditionalMetadata("statuses_url", prd.pullRequestURL);
scanRequest.setMergeNoteUri(prd.mergeNoteUri);
BugTracker bt = ScanUtils.getBugTracker(null, prd.bugType, jiraProperties, bugTracker);
scanRequest.setBugTracker(bt);
scanResults.setSastScanId(Integer.parseInt(scanID));
resultsService.publishCombinedResults(scanRequest, scanResults);
} catch (Exception e) {
log.error("Error posting SAST scan results", e);
}
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("Scan Results Successfully Processed").success(true).build());
}
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class BitbucketServerMergeHandler method execute.
@Override
public ResponseEntity<EventResponse> execute(String uid) {
try {
BugTracker.Type bugType = BugTracker.Type.BITBUCKETSERVERPULL;
if (!ScanUtils.empty(controllerRequest.getBug())) {
bugType = ScanUtils.getBugTypeEnum(controllerRequest.getBug(), configProvider.getFlowProperties().getBugTrackerImpl());
}
Optional.ofNullable(controllerRequest.getAppOnly()).ifPresent(configProvider.getFlowProperties()::setTrackApplicationOnly);
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
List<String> branches = webhookUtils.getBranches(controllerRequest, configProvider.getFlowProperties());
BugTracker bt = ScanUtils.getBugTracker(controllerRequest.getAssignee(), bugType, configProvider.getJiraProperties(), controllerRequest.getBug());
FilterConfiguration filter = configProvider.getFilterFactory().getFilter(controllerRequest, configProvider.getFlowProperties());
String gitUrl = getGitUrl();
String gitAuthUrl = getGitAuthUrl(gitUrl);
String repoSelfUrl = getRepoSelfUrl(toProjectKey, toSlug);
String mergeEndpoint = repoSelfUrl.concat(MERGE_COMMENT);
mergeEndpoint = mergeEndpoint.replace("{id}", pullRequestId);
String buildStatusEndpoint = configProvider.getBitBucketProperties().getUrl().concat(BUILD_STATUS);
buildStatusEndpoint = buildStatusEndpoint.replace("{commit}", fromRefLatestCommit);
String blockerCommentUrl = repoSelfUrl.concat(BLOCKER_COMMENT);
blockerCommentUrl = blockerCommentUrl.replace("{id}", pullRequestId);
ScanRequest request = ScanRequest.builder().application(application).product(p).project(controllerRequest.getProject()).team(controllerRequest.getTeam()).namespace(getNamespace()).repoName(repositoryName).repoUrl(gitUrl).repoUrlWithAuth(gitAuthUrl).repoType(ScanRequest.Repository.BITBUCKETSERVER).branch(currentBranch).mergeTargetBranch(targetBranch).mergeNoteUri(mergeEndpoint).refs(refId).email(null).incremental(controllerRequest.getIncremental()).scanPreset(controllerRequest.getPreset()).excludeFolders(controllerRequest.getExcludeFolders()).excludeFiles(controllerRequest.getExcludeFiles()).bugTracker(bt).filter(filter).hash(fromRefLatestCommit).build();
webhookUtils.setScmInstance(controllerRequest, request);
setBrowseUrl(request);
fillRequestWithCommonAdditionalData(request, toProjectKey, toSlug, webhookPayload);
checkForConfigAsCode(request);
request.putAdditionalMetadata("buildStatusUrl", buildStatusEndpoint);
request.putAdditionalMetadata("cxBaseUrl", configProvider.getCxScannerService().getProperties().getBaseUrl());
request.putAdditionalMetadata("blocker-comment-url", blockerCommentUrl);
request.setId(uid);
// only initiate scan/automation if target branch is applicable
if (configProvider.getHelperService().isBranch2Scan(request, branches)) {
configProvider.getFlowService().initiateAutomation(request);
}
} catch (IllegalArgumentException e) {
log.debug("Error occurred while processing the request " + e);
return webhookUtils.getBadRequestMessage(e, controllerRequest, product);
}
return webhookUtils.getSuccessMessage();
}
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class JiraService method getIssues.
private List<Issue> getIssues(ScanRequest request, String scannerFilter) {
log.info("Executing getIssues API call");
List<Issue> issues = new ArrayList<>();
String jql;
BugTracker bugTracker = request.getBugTracker();
/*Namespace/Repo/Branch provided*/
if (!flowProperties.isTrackApplicationOnly() && !flowProperties.isApplicationRepoOnly() && !ScanUtils.empty(request.getNamespace()) && !ScanUtils.empty(request.getRepoName()) && !ScanUtils.empty(request.getBranch())) {
jql = String.format("project = %s and issueType = \"%s\" and (\"%s\" = \"%s\" and \"%s\" = \"%s:%s\" and \"%s\" = \"%s:%s\" and \"%s\" = \"%s:%s\")", bugTracker.getProjectKey(), bugTracker.getIssueType(), jiraProperties.getLabelTracker(), request.getProduct().getProduct(), jiraProperties.getLabelTracker(), jiraProperties.getOwnerLabelPrefix(), request.getNamespace(), jiraProperties.getLabelTracker(), jiraProperties.getRepoLabelPrefix(), request.getRepoName(), jiraProperties.getLabelTracker(), jiraProperties.getBranchLabelPrefix(), request.getBranch());
} else /*Only application and repo provided */
if (!ScanUtils.empty(request.getApplication()) && !ScanUtils.empty(request.getRepoName())) {
jql = String.format("project = %s and issueType = \"%s\" and (\"%s\" = \"%s\" and \"%s\" = \"%s:%s\" and \"%s\" = \"%s:%s\")", bugTracker.getProjectKey(), bugTracker.getIssueType(), jiraProperties.getLabelTracker(), request.getProduct().getProduct(), jiraProperties.getLabelTracker(), jiraProperties.getAppLabelPrefix(), request.getApplication(), jiraProperties.getLabelTracker(), jiraProperties.getRepoLabelPrefix(), request.getRepoName());
} else /*Only application provided*/
if (!ScanUtils.empty(request.getApplication())) {
jql = String.format("project = %s and issueType = \"%s\" and (\"%s\" = \"%s\" and \"%s\" = \"%s:%s\")", bugTracker.getProjectKey(), bugTracker.getIssueType(), jiraProperties.getLabelTracker(), request.getProduct().getProduct(), jiraProperties.getLabelTracker(), jiraProperties.getAppLabelPrefix(), request.getApplication());
} else {
log.error("Namespace/Repo/Branch or App must be provided in order to properly track ");
throw new MachinaRuntimeException();
}
if (!StringUtils.isEmpty(scannerFilter)) {
jql = jql.concat(String.format(" and \"%s\" in (%s)", jiraProperties.getLabelTracker(), scannerFilter));
}
log.debug("jql query: {}", jql);
HashSet<String> fields = new HashSet<>();
Collections.addAll(fields, "key", "project", "issuetype", "summary", LABEL_FIELD_TYPE, "created", "updated", "status");
SearchResult searchResults;
int totalResultsCount = MAX_RESULTS_ALLOWED;
SearchRestClient searchClient = this.client.getSearchClient();
// Retrieve JQL results through pagination (jira.max-jql-results per page -> default 50), don't allow less than 10.
int maxJqlResultsPerPage = Integer.max(10, jiraProperties.getMaxJqlResults());
for (int startAt = 0; startAt < totalResultsCount; startAt += maxJqlResultsPerPage) {
searchResults = searchClient.searchJql(jql, maxJqlResultsPerPage, startAt, fields).claim();
searchResults.getIssues().forEach(issues::add);
totalResultsCount = Integer.min(searchResults.getTotal(), MAX_RESULTS_ALLOWED);
}
return issues;
}
Aggregations