Search in sources :

Example 26 with BugTracker

use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.

the class JiraService method updateIssue.

private Issue updateIssue(String bugId, ScanResults.XIssue issue, ScanRequest request) throws JiraClientException {
    BugTracker bugTracker = request.getBugTracker();
    String severity = issue.getSeverity();
    Issue jiraIssue = this.getIssue(bugId);
    if (bugTracker.getClosedStatus().contains(jiraIssue.getStatus().getName())) {
        this.transitionIssue(bugId, bugTracker.getOpenTransition());
    }
    IssueInputBuilder issueBuilder = new IssueInputBuilder();
    String fileUrl = ScanUtils.getFileUrl(request, issue.getFilename());
    issueBuilder.setDescription(this.getBody(issue, request, fileUrl));
    List<ScanResults.ScaDetails> scaDetails = issue.getScaDetails();
    String scannerTypeSeverity = getScannerTypeSeverity(issue, severity, scaDetails);
    if (bugTracker.getPriorities() != null && bugTracker.getPriorities().containsKey(scannerTypeSeverity)) {
        log.debug("Updating JIRA issue #{} priority is {}, of type {}.", bugId, scannerTypeSeverity, PRIORITY_FIELD_TYPE);
        issueBuilder.setFieldValue(PRIORITY_FIELD_TYPE, ComplexIssueInputFieldValue.with("name", bugTracker.getPriorities().get(scannerTypeSeverity)));
    } else {
        log.debug("JIRA issue #{} priority is {}, of type {} and it's NOT being updated.", bugId, scannerTypeSeverity, PRIORITY_FIELD_TYPE);
    }
    log.info("Updating JIRA issue #{}", bugId);
    mapCustomFields(request, issue, issueBuilder, true);
    log.debug("Updating JIRA issue");
    try {
        this.issueClient.updateIssue(bugId, issueBuilder.build()).claim();
    } catch (RestClientException e) {
        log.error("Error occurred", e);
        throw new JiraClientException();
    }
    return this.getIssue(bugId);
}
Also used : JiraClientException(com.checkmarx.flow.exception.JiraClientException) IssueInputBuilder(com.atlassian.jira.rest.client.api.domain.input.IssueInputBuilder) BugTracker(com.checkmarx.flow.dto.BugTracker)

Example 27 with BugTracker

use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.

the class JiraService method createIssue.

public String createIssue(ScanResults.XIssue issue, ScanRequest request) throws JiraClientException {
    log.debug("Retrieving issuetype object for project {}, type {}", request.getBugTracker().getProjectKey(), request.getBugTracker().getIssueType());
    try {
        BugTracker bugTracker = request.getBugTracker();
        String assignee = bugTracker.getAssignee();
        String projectKey = bugTracker.getProjectKey();
        String application = request.getApplication();
        String namespace = request.getNamespace();
        String repoName = request.getRepoName();
        String branch = request.getBranch();
        String filename = issue.getFilename();
        String vulnerability = issue.getVulnerability();
        String severity = issue.getSeverity();
        IssueType issueType = this.getIssueType(projectKey, bugTracker.getIssueType());
        IssueInputBuilder issueBuilder = new IssueInputBuilder(projectKey, issueType.getId());
        String issuePrefix = jiraProperties.getIssuePrefix();
        String issuePostfix = jiraProperties.getIssuePostfix();
        if (issuePrefix == null) {
            issuePrefix = "";
        }
        if (issuePostfix == null) {
            issuePostfix = "";
        }
        String summary;
        boolean useBranch = isUseBranch(request);
        List<ScanResults.ScaDetails> scaDetails = issue.getScaDetails();
        if (scaDetails != null) {
            summary = ScanUtils.getScaSummaryIssueKey(request, issue, issuePrefix, issuePostfix);
        } else {
            if (useBranch) {
                summary = formatSastIssueSummary(jiraProperties.getSastIssueSummaryBranchFormat(), issue, request);
            } else {
                summary = formatSastIssueSummary(jiraProperties.getSastIssueSummaryFormat(), issue, request);
            }
        }
        String fileUrl = ScanUtils.getFileUrl(request, issue.getFilename());
        summary = checkSummaryLength(summary);
        issueBuilder.setSummary(HTMLHelper.getScanRequestIssueKeyWithDefaultProductValue(request, summary, jiraProperties.getLabelPrefix()));
        issueBuilder.setDescription(this.getBody(issue, request, fileUrl));
        if (assignee != null && !assignee.isEmpty()) {
            ComplexIssueInputFieldValue jiraAssignee = getAssignee(assignee, projectKey);
            if (jiraAssignee != null) {
                issueBuilder.setFieldInput(new FieldInput(IssueFieldId.ASSIGNEE_FIELD, jiraAssignee));
            }
        }
        String scannerTypeSeverity = getScannerTypeSeverity(issue, severity, scaDetails);
        if (bugTracker.getPriorities() != null && bugTracker.getPriorities().containsKey(scannerTypeSeverity)) {
            issueBuilder.setFieldValue(PRIORITY_FIELD_TYPE, ComplexIssueInputFieldValue.with("name", bugTracker.getPriorities().get(scannerTypeSeverity)));
        }
        /*Add labels for tracking existing issues*/
        List<String> labels = new ArrayList<>();
        if (useBranch) {
            labels.add(request.getProduct().getProduct());
            labels.add(jiraProperties.getOwnerLabelPrefix().concat(":").concat(namespace));
            labels.add(jiraProperties.getRepoLabelPrefix().concat(":").concat(repoName));
            labels.add(jiraProperties.getBranchLabelPrefix().concat(":").concat(branch));
        } else if (!ScanUtils.anyEmpty(application, repoName)) {
            labels.add(request.getProduct().getProduct());
            labels.add(jiraProperties.getAppLabelPrefix().concat(":").concat(application));
            labels.add(jiraProperties.getRepoLabelPrefix().concat(":").concat(repoName));
        } else if (!ScanUtils.empty(application)) {
            labels.add(request.getProduct().getProduct());
            labels.add(jiraProperties.getAppLabelPrefix().concat(":").concat(application));
        }
        if (null != scaDetails) {
            labels.add(JIRA_ISSUE_LABEL_SCA);
        } else {
            labels.add(JIRA_ISSUE_LABEL_SAST);
        }
        log.debug("Adding tracker labels: {} - {}", jiraProperties.getLabelTracker(), labels);
        if (!jiraProperties.getLabelTracker().equals(LABEL_FIELD_TYPE)) {
            String customField = getCustomFieldByName(projectKey, bugTracker.getIssueType(), jiraProperties.getLabelTracker());
            issueBuilder.setFieldValue(customField, labels);
        } else {
            issueBuilder.setFieldValue(LABEL_FIELD_TYPE, labels);
        }
        log.debug("Creating JIRA issue");
        mapCustomFields(request, issue, issueBuilder, false);
        log.debug("Creating JIRA issue");
        BasicIssue basicIssue = this.issueClient.createIssue(issueBuilder.build()).claim();
        log.debug("JIRA issue {} created", basicIssue.getKey());
        return basicIssue.getKey();
    } catch (RestClientException e) {
        log.error("Error occurred while creating JIRA issue.", e);
        throw new JiraClientException();
    }
}
Also used : JiraClientException(com.checkmarx.flow.exception.JiraClientException) FieldInput(com.atlassian.jira.rest.client.api.domain.input.FieldInput) BugTracker(com.checkmarx.flow.dto.BugTracker) ComplexIssueInputFieldValue(com.atlassian.jira.rest.client.api.domain.input.ComplexIssueInputFieldValue) IssueInputBuilder(com.atlassian.jira.rest.client.api.domain.input.IssueInputBuilder)

Example 28 with BugTracker

use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.

the class JiraService method process.

Map<String, List<String>> process(ScanResults results, ScanRequest request, ScanDetails scanDetails) throws JiraClientException {
    Map<String, ScanResults.XIssue> map;
    Map<String, Issue> jiraMap;
    List<Issue> issuesParent;
    List<Issue> issuesGrandParent;
    List<String> newIssues = new ArrayList<>();
    List<String> updatedIssues = new ArrayList<>();
    List<String> closedIssues = new ArrayList<>();
    String filterScanner = "";
    if (CliMode.SCAN.equals(request.getCliMode())) {
        if (null != results.getScaResults()) {
            filterScanner = JIRA_ISSUE_LABEL_SCA;
        }
        if (null != results.getXIssues()) {
            if (filterScanner.isEmpty()) {
                filterScanner = JIRA_ISSUE_LABEL_SAST;
            } else {
                filterScanner = filterScanner + "," + JIRA_ISSUE_LABEL_SAST;
            }
        }
    }
    codeBashingService.createLessonsMap();
    getAndModifyRequestApplication(request);
    String jiraProjectKey = determineJiraProjectKey(request);
    request.getBugTracker().setProjectKey(jiraProjectKey);
    loadCustomFields(request.getBugTracker().getProjectKey(), request.getBugTracker().getIssueType());
    if (this.jiraProperties.isChild()) {
        ScanRequest parent = new ScanRequest(request);
        ScanRequest grandparent = new ScanRequest(request);
        BugTracker bugTracker;
        bugTracker = parent.getBugTracker();
        bugTracker.setProjectKey(parentUrl);
        parent.setBugTracker(bugTracker);
        issuesParent = this.getIssues(parent, filterScanner);
        if (grandParentUrl.length() == 0) {
            log.info("Grandparent field is empty");
            issuesGrandParent = null;
        } else {
            BugTracker bugTrackerGrandParenet;
            bugTrackerGrandParenet = grandparent.getBugTracker();
            bugTrackerGrandParenet.setProjectKey(grandParentUrl);
            grandparent.setBugTracker(bugTrackerGrandParenet);
            issuesGrandParent = this.getIssues(grandparent, filterScanner);
        }
    } else {
        issuesParent = null;
        issuesGrandParent = null;
    }
    log.info("Processing Results and publishing findings to Jira");
    map = this.getIssueMap(results, request);
    setMapWithScanResults(map, nonPublishedScanResultsMap);
    jiraMap = this.getJiraIssueMap(this.getIssues(request, filterScanner));
    for (Map.Entry<String, ScanResults.XIssue> xIssue : map.entrySet()) {
        String issueCurrentKey = xIssue.getKey();
        try {
            ScanResults.XIssue currentIssue = xIssue.getValue();
            codeBashingService.addCodebashingUrlToIssue(currentIssue);
            /*Issue already exists -> update and comment*/
            if (jiraMap.containsKey(issueCurrentKey)) {
                Issue issue = jiraMap.get(issueCurrentKey);
                if (xIssue.getValue().isAllFalsePositive()) {
                    // All issues are false positive, so issue should be closed
                    log.debug("All issues are false positives");
                    Issue fpIssue;
                    fpIssue = checkForFalsePositiveIssuesInList(request, xIssue, currentIssue, issue);
                    closeIssueInCaseOfIssueIsInOpenState(request, closedIssues, fpIssue);
                } else /*Ignore any with label indicating false positive*/
                if (!issue.getLabels().contains(jiraProperties.getFalsePositiveLabel())) {
                    updateIssueAndAddToNewIssuesList(request, updatedIssues, xIssue, currentIssue, issue);
                } else {
                    log.info("Skipping issue marked as false-positive or has False Positive state with key {}", issueCurrentKey);
                }
            } else {
                /*Create the new issue*/
                if (!currentIssue.isAllFalsePositive() && (!jiraProperties.isChild() || (!parentCheck(issueCurrentKey, issuesParent) && !grandparentCheck(issueCurrentKey, issuesGrandParent)))) {
                    if (jiraProperties.isChild()) {
                        log.info("Issue not found in parent creating issue for child");
                    }
                    createIssueAndAddToNewIssuesList(request, newIssues, xIssue, currentIssue);
                }
            }
        } catch (RestClientException e) {
            log.error("Error occurred while processing issue with key {}", issueCurrentKey, e);
            throw new JiraClientException();
        }
        log.debug("Issue: {} successfully updated. Removing it from dynamic scan results map", xIssue.getValue());
        nonPublishedScanResultsMap.remove(issueCurrentKey);
    }
    /*Check if an issue exists in Jira but not within results and close if not*/
    closeIssueInCaseNotWithinResults(request, map, jiraMap, closedIssues);
    ImmutableMap<String, List<String>> ticketsMap = ImmutableMap.of(JiraConstants.NEW_TICKET, newIssues, JiraConstants.UPDATED_TICKET, updatedIssues, JiraConstants.CLOSED_TICKET, closedIssues);
    logJiraTickets(request, scanDetails, ticketsMap);
    setCurrentNewIssuesList(newIssues);
    setCurrentUpdatedIssuesList(updatedIssues);
    setCurrentClosedIssuesList(closedIssues);
    return ticketsMap;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) JiraClientException(com.checkmarx.flow.exception.JiraClientException) BugTracker(com.checkmarx.flow.dto.BugTracker) ScanRequest(com.checkmarx.flow.dto.ScanRequest) ImmutableMap(com.google.common.collect.ImmutableMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)

Example 29 with BugTracker

use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.

the class ConfigurationOverrider method applyFlowOverride.

private void applyFlowOverride(FlowOverride override, ScanRequest request, Map<String, String> overrideReport) {
    BugTracker bt = getBugTracker(override, request, overrideReport);
    /*Override only applicable to Simple JIRA bug*/
    if (BugTracker.Type.JIRA.equals(bt.getType()) && override.getJira() != null) {
        overrideJiraBugProperties(override, bt);
    }
    if (!StringUtils.isEmpty(override.getSshKeyIdentifier())) {
        request.setSshKeyIdentifier(override.getSshKeyIdentifier());
    }
    request.setBugTracker(bt);
    Optional.ofNullable(override.getApplication()).filter(StringUtils::isNotBlank).ifPresent(a -> {
        request.setApplication(a);
        overrideReport.put("application", a);
    });
    Optional.ofNullable(override.getBranches()).filter(CollectionUtils::isNotEmpty).ifPresent(br -> {
        request.setActiveBranches(br);
        overrideReport.put("active branches", Arrays.toString(br.toArray()));
    });
    Optional.ofNullable(override.getEmails()).ifPresent(e -> request.setEmail(e.isEmpty() ? null : e));
    overrideFilters(override, request, overrideReport);
    overrideThresholds(override, overrideReport, request);
    overrideEnabledVulnerabilityScanners(override, request, overrideReport);
}
Also used : BugTracker(com.checkmarx.flow.dto.BugTracker)

Example 30 with BugTracker

use of com.checkmarx.flow.dto.BugTracker in project cx-flow by checkmarx-ltd.

the class ConfigurationOverrider method getBugTracker.

private BugTracker getBugTracker(FlowOverride override, ScanRequest request, Map<String, String> overridingReport) {
    BugTracker result;
    if (request.getBugTracker() == null) {
        result = BugTracker.builder().type(BugTracker.Type.NONE).build();
        log.debug("Bug tracker is not specified in scan request. Setting bug tracker type to '{}'.", result.getType());
    } else {
        result = request.getBugTracker();
    }
    if (canOverrideBugTracker(result, override)) {
        String bugTrackerNameOverride = override.getBugTracker();
        log.debug("Overriding '{}' bug tracker with '{}'.", result.getType(), bugTrackerNameOverride);
        BugTracker.Type bugTrackerTypeOverride = ScanUtils.getBugTypeEnum(bugTrackerNameOverride, flowProperties.getBugTrackerImpl());
        BugTracker.BugTrackerBuilder builder = BugTracker.builder().type(bugTrackerTypeOverride);
        if (bugTrackerTypeOverride.equals(BugTracker.Type.CUSTOM)) {
            builder.customBean(bugTrackerNameOverride);
        }
        result = builder.build();
        overridingReport.put("bug tracker", bugTrackerNameOverride);
    }
    return result;
}
Also used : BugTracker(com.checkmarx.flow.dto.BugTracker)

Aggregations

BugTracker (com.checkmarx.flow.dto.BugTracker)32 ScanRequest (com.checkmarx.flow.dto.ScanRequest)23 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)13 CxConfig (com.checkmarx.sdk.dto.sast.CxConfig)6 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)5 ScanResults (com.checkmarx.sdk.dto.ScanResults)5 JiraClientException (com.checkmarx.flow.exception.JiraClientException)4 IssueInputBuilder (com.atlassian.jira.rest.client.api.domain.input.IssueInputBuilder)3 ComplexIssueInputFieldValue (com.atlassian.jira.rest.client.api.domain.input.ComplexIssueInputFieldValue)2 FieldInput (com.atlassian.jira.rest.client.api.domain.input.FieldInput)2 ControllerRequest (com.checkmarx.flow.dto.ControllerRequest)2 FlowOverride (com.checkmarx.flow.dto.FlowOverride)2 Repository (com.checkmarx.flow.dto.bitbucket.Repository)2 InvalidTokenException (com.checkmarx.flow.exception.InvalidTokenException)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 IOException (java.io.IOException)2 HttpClientErrorException (org.springframework.web.client.HttpClientErrorException)2 com.atlassian.jira.rest.client.api (com.atlassian.jira.rest.client.api)1 com.atlassian.jira.rest.client.api.domain (com.atlassian.jira.rest.client.api.domain)1 TransitionInput (com.atlassian.jira.rest.client.api.domain.input.TransitionInput)1