use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class JiraService method updateIssue.
private Issue updateIssue(String bugId, ScanResults.XIssue issue, ScanRequest request) throws JiraClientException {
BugTracker bugTracker = request.getBugTracker();
String severity = issue.getSeverity();
Issue jiraIssue = this.getIssue(bugId);
if (bugTracker.getClosedStatus().contains(jiraIssue.getStatus().getName())) {
this.transitionIssue(bugId, bugTracker.getOpenTransition());
}
IssueInputBuilder issueBuilder = new IssueInputBuilder();
String fileUrl = ScanUtils.getFileUrl(request, issue.getFilename());
issueBuilder.setDescription(this.getBody(issue, request, fileUrl));
List<ScanResults.ScaDetails> scaDetails = issue.getScaDetails();
String scannerTypeSeverity = getScannerTypeSeverity(issue, severity, scaDetails);
if (bugTracker.getPriorities() != null && bugTracker.getPriorities().containsKey(scannerTypeSeverity)) {
log.debug("Updating JIRA issue #{} priority is {}, of type {}.", bugId, scannerTypeSeverity, PRIORITY_FIELD_TYPE);
issueBuilder.setFieldValue(PRIORITY_FIELD_TYPE, ComplexIssueInputFieldValue.with("name", bugTracker.getPriorities().get(scannerTypeSeverity)));
} else {
log.debug("JIRA issue #{} priority is {}, of type {} and it's NOT being updated.", bugId, scannerTypeSeverity, PRIORITY_FIELD_TYPE);
}
log.info("Updating JIRA issue #{}", bugId);
mapCustomFields(request, issue, issueBuilder, true);
log.debug("Updating JIRA issue");
try {
this.issueClient.updateIssue(bugId, issueBuilder.build()).claim();
} catch (RestClientException e) {
log.error("Error occurred", e);
throw new JiraClientException();
}
return this.getIssue(bugId);
}
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class JiraService method createIssue.
public String createIssue(ScanResults.XIssue issue, ScanRequest request) throws JiraClientException {
log.debug("Retrieving issuetype object for project {}, type {}", request.getBugTracker().getProjectKey(), request.getBugTracker().getIssueType());
try {
BugTracker bugTracker = request.getBugTracker();
String assignee = bugTracker.getAssignee();
String projectKey = bugTracker.getProjectKey();
String application = request.getApplication();
String namespace = request.getNamespace();
String repoName = request.getRepoName();
String branch = request.getBranch();
String filename = issue.getFilename();
String vulnerability = issue.getVulnerability();
String severity = issue.getSeverity();
IssueType issueType = this.getIssueType(projectKey, bugTracker.getIssueType());
IssueInputBuilder issueBuilder = new IssueInputBuilder(projectKey, issueType.getId());
String issuePrefix = jiraProperties.getIssuePrefix();
String issuePostfix = jiraProperties.getIssuePostfix();
if (issuePrefix == null) {
issuePrefix = "";
}
if (issuePostfix == null) {
issuePostfix = "";
}
String summary;
boolean useBranch = isUseBranch(request);
List<ScanResults.ScaDetails> scaDetails = issue.getScaDetails();
if (scaDetails != null) {
summary = ScanUtils.getScaSummaryIssueKey(request, issue, issuePrefix, issuePostfix);
} else {
if (useBranch) {
summary = formatSastIssueSummary(jiraProperties.getSastIssueSummaryBranchFormat(), issue, request);
} else {
summary = formatSastIssueSummary(jiraProperties.getSastIssueSummaryFormat(), issue, request);
}
}
String fileUrl = ScanUtils.getFileUrl(request, issue.getFilename());
summary = checkSummaryLength(summary);
issueBuilder.setSummary(HTMLHelper.getScanRequestIssueKeyWithDefaultProductValue(request, summary, jiraProperties.getLabelPrefix()));
issueBuilder.setDescription(this.getBody(issue, request, fileUrl));
if (assignee != null && !assignee.isEmpty()) {
ComplexIssueInputFieldValue jiraAssignee = getAssignee(assignee, projectKey);
if (jiraAssignee != null) {
issueBuilder.setFieldInput(new FieldInput(IssueFieldId.ASSIGNEE_FIELD, jiraAssignee));
}
}
String scannerTypeSeverity = getScannerTypeSeverity(issue, severity, scaDetails);
if (bugTracker.getPriorities() != null && bugTracker.getPriorities().containsKey(scannerTypeSeverity)) {
issueBuilder.setFieldValue(PRIORITY_FIELD_TYPE, ComplexIssueInputFieldValue.with("name", bugTracker.getPriorities().get(scannerTypeSeverity)));
}
/*Add labels for tracking existing issues*/
List<String> labels = new ArrayList<>();
if (useBranch) {
labels.add(request.getProduct().getProduct());
labels.add(jiraProperties.getOwnerLabelPrefix().concat(":").concat(namespace));
labels.add(jiraProperties.getRepoLabelPrefix().concat(":").concat(repoName));
labels.add(jiraProperties.getBranchLabelPrefix().concat(":").concat(branch));
} else if (!ScanUtils.anyEmpty(application, repoName)) {
labels.add(request.getProduct().getProduct());
labels.add(jiraProperties.getAppLabelPrefix().concat(":").concat(application));
labels.add(jiraProperties.getRepoLabelPrefix().concat(":").concat(repoName));
} else if (!ScanUtils.empty(application)) {
labels.add(request.getProduct().getProduct());
labels.add(jiraProperties.getAppLabelPrefix().concat(":").concat(application));
}
if (null != scaDetails) {
labels.add(JIRA_ISSUE_LABEL_SCA);
} else {
labels.add(JIRA_ISSUE_LABEL_SAST);
}
log.debug("Adding tracker labels: {} - {}", jiraProperties.getLabelTracker(), labels);
if (!jiraProperties.getLabelTracker().equals(LABEL_FIELD_TYPE)) {
String customField = getCustomFieldByName(projectKey, bugTracker.getIssueType(), jiraProperties.getLabelTracker());
issueBuilder.setFieldValue(customField, labels);
} else {
issueBuilder.setFieldValue(LABEL_FIELD_TYPE, labels);
}
log.debug("Creating JIRA issue");
mapCustomFields(request, issue, issueBuilder, false);
log.debug("Creating JIRA issue");
BasicIssue basicIssue = this.issueClient.createIssue(issueBuilder.build()).claim();
log.debug("JIRA issue {} created", basicIssue.getKey());
return basicIssue.getKey();
} catch (RestClientException e) {
log.error("Error occurred while creating JIRA issue.", e);
throw new JiraClientException();
}
}
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class JiraService method process.
Map<String, List<String>> process(ScanResults results, ScanRequest request, ScanDetails scanDetails) throws JiraClientException {
Map<String, ScanResults.XIssue> map;
Map<String, Issue> jiraMap;
List<Issue> issuesParent;
List<Issue> issuesGrandParent;
List<String> newIssues = new ArrayList<>();
List<String> updatedIssues = new ArrayList<>();
List<String> closedIssues = new ArrayList<>();
String filterScanner = "";
if (CliMode.SCAN.equals(request.getCliMode())) {
if (null != results.getScaResults()) {
filterScanner = JIRA_ISSUE_LABEL_SCA;
}
if (null != results.getXIssues()) {
if (filterScanner.isEmpty()) {
filterScanner = JIRA_ISSUE_LABEL_SAST;
} else {
filterScanner = filterScanner + "," + JIRA_ISSUE_LABEL_SAST;
}
}
}
codeBashingService.createLessonsMap();
getAndModifyRequestApplication(request);
String jiraProjectKey = determineJiraProjectKey(request);
request.getBugTracker().setProjectKey(jiraProjectKey);
loadCustomFields(request.getBugTracker().getProjectKey(), request.getBugTracker().getIssueType());
if (this.jiraProperties.isChild()) {
ScanRequest parent = new ScanRequest(request);
ScanRequest grandparent = new ScanRequest(request);
BugTracker bugTracker;
bugTracker = parent.getBugTracker();
bugTracker.setProjectKey(parentUrl);
parent.setBugTracker(bugTracker);
issuesParent = this.getIssues(parent, filterScanner);
if (grandParentUrl.length() == 0) {
log.info("Grandparent field is empty");
issuesGrandParent = null;
} else {
BugTracker bugTrackerGrandParenet;
bugTrackerGrandParenet = grandparent.getBugTracker();
bugTrackerGrandParenet.setProjectKey(grandParentUrl);
grandparent.setBugTracker(bugTrackerGrandParenet);
issuesGrandParent = this.getIssues(grandparent, filterScanner);
}
} else {
issuesParent = null;
issuesGrandParent = null;
}
log.info("Processing Results and publishing findings to Jira");
map = this.getIssueMap(results, request);
setMapWithScanResults(map, nonPublishedScanResultsMap);
jiraMap = this.getJiraIssueMap(this.getIssues(request, filterScanner));
for (Map.Entry<String, ScanResults.XIssue> xIssue : map.entrySet()) {
String issueCurrentKey = xIssue.getKey();
try {
ScanResults.XIssue currentIssue = xIssue.getValue();
codeBashingService.addCodebashingUrlToIssue(currentIssue);
/*Issue already exists -> update and comment*/
if (jiraMap.containsKey(issueCurrentKey)) {
Issue issue = jiraMap.get(issueCurrentKey);
if (xIssue.getValue().isAllFalsePositive()) {
// All issues are false positive, so issue should be closed
log.debug("All issues are false positives");
Issue fpIssue;
fpIssue = checkForFalsePositiveIssuesInList(request, xIssue, currentIssue, issue);
closeIssueInCaseOfIssueIsInOpenState(request, closedIssues, fpIssue);
} else /*Ignore any with label indicating false positive*/
if (!issue.getLabels().contains(jiraProperties.getFalsePositiveLabel())) {
updateIssueAndAddToNewIssuesList(request, updatedIssues, xIssue, currentIssue, issue);
} else {
log.info("Skipping issue marked as false-positive or has False Positive state with key {}", issueCurrentKey);
}
} else {
/*Create the new issue*/
if (!currentIssue.isAllFalsePositive() && (!jiraProperties.isChild() || (!parentCheck(issueCurrentKey, issuesParent) && !grandparentCheck(issueCurrentKey, issuesGrandParent)))) {
if (jiraProperties.isChild()) {
log.info("Issue not found in parent creating issue for child");
}
createIssueAndAddToNewIssuesList(request, newIssues, xIssue, currentIssue);
}
}
} catch (RestClientException e) {
log.error("Error occurred while processing issue with key {}", issueCurrentKey, e);
throw new JiraClientException();
}
log.debug("Issue: {} successfully updated. Removing it from dynamic scan results map", xIssue.getValue());
nonPublishedScanResultsMap.remove(issueCurrentKey);
}
/*Check if an issue exists in Jira but not within results and close if not*/
closeIssueInCaseNotWithinResults(request, map, jiraMap, closedIssues);
ImmutableMap<String, List<String>> ticketsMap = ImmutableMap.of(JiraConstants.NEW_TICKET, newIssues, JiraConstants.UPDATED_TICKET, updatedIssues, JiraConstants.CLOSED_TICKET, closedIssues);
logJiraTickets(request, scanDetails, ticketsMap);
setCurrentNewIssuesList(newIssues);
setCurrentUpdatedIssuesList(updatedIssues);
setCurrentClosedIssuesList(closedIssues);
return ticketsMap;
}
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class ConfigurationOverrider method applyFlowOverride.
private void applyFlowOverride(FlowOverride override, ScanRequest request, Map<String, String> overrideReport) {
BugTracker bt = getBugTracker(override, request, overrideReport);
/*Override only applicable to Simple JIRA bug*/
if (BugTracker.Type.JIRA.equals(bt.getType()) && override.getJira() != null) {
overrideJiraBugProperties(override, bt);
}
if (!StringUtils.isEmpty(override.getSshKeyIdentifier())) {
request.setSshKeyIdentifier(override.getSshKeyIdentifier());
}
request.setBugTracker(bt);
Optional.ofNullable(override.getApplication()).filter(StringUtils::isNotBlank).ifPresent(a -> {
request.setApplication(a);
overrideReport.put("application", a);
});
Optional.ofNullable(override.getBranches()).filter(CollectionUtils::isNotEmpty).ifPresent(br -> {
request.setActiveBranches(br);
overrideReport.put("active branches", Arrays.toString(br.toArray()));
});
Optional.ofNullable(override.getEmails()).ifPresent(e -> request.setEmail(e.isEmpty() ? null : e));
overrideFilters(override, request, overrideReport);
overrideThresholds(override, overrideReport, request);
overrideEnabledVulnerabilityScanners(override, request, overrideReport);
}
use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.
the class ConfigurationOverrider method getBugTracker.
private BugTracker getBugTracker(FlowOverride override, ScanRequest request, Map<String, String> overridingReport) {
BugTracker result;
if (request.getBugTracker() == null) {
result = BugTracker.builder().type(BugTracker.Type.NONE).build();
log.debug("Bug tracker is not specified in scan request. Setting bug tracker type to '{}'.", result.getType());
} else {
result = request.getBugTracker();
}
if (canOverrideBugTracker(result, override)) {
String bugTrackerNameOverride = override.getBugTracker();
log.debug("Overriding '{}' bug tracker with '{}'.", result.getType(), bugTrackerNameOverride);
BugTracker.Type bugTrackerTypeOverride = ScanUtils.getBugTypeEnum(bugTrackerNameOverride, flowProperties.getBugTrackerImpl());
BugTracker.BugTrackerBuilder builder = BugTracker.builder().type(bugTrackerTypeOverride);
if (bugTrackerTypeOverride.equals(BugTracker.Type.CUSTOM)) {
builder.customBean(bugTrackerNameOverride);
}
result = builder.build();
overridingReport.put("bug tracker", bugTrackerNameOverride);
}
return result;
}
Aggregations