Search in sources :

Example 1 with FlowOverride

use of com.checkmarx.flow.dto.FlowOverride in project cx-flow by checkmarx-ltd.

the class ConfigurationOverrider method overrideScanRequestProperties.

/**
 * Override scan request details as per file/blob (MachinaOverride)
 */
public ScanRequest overrideScanRequestProperties(FlowOverride override, ScanRequest request) {
    scaConfigOverrider.initScaConfig(request);
    if (override == null) {
        return request;
    }
    BugTracker bt = request.getBugTracker();
    /*Override only applicable to Simple JIRA bug*/
    if (request.getBugTracker().getType().equals(BugTracker.Type.JIRA) && override.getJira() != null) {
        overrideJiraBugProperties(override, bt);
    }
    request.setBugTracker(bt);
    if (!ScanUtils.empty(override.getApplication())) {
        request.setApplication(override.getApplication());
    }
    if (!ScanUtils.empty(override.getBranches())) {
        request.setActiveBranches(override.getBranches());
    }
    List<String> emails = override.getEmails();
    if (emails != null) {
        if (emails.isEmpty()) {
            request.setEmail(null);
        } else {
            request.setEmail(emails);
        }
    }
    FlowOverride.Filters filtersObj = override.getFilters();
    if (filtersObj != null) {
        FilterFactory filterFactory = new FilterFactory();
        ControllerRequest controllerRequest = new ControllerRequest(filtersObj.getSeverity(), filtersObj.getCwe(), filtersObj.getCategory(), filtersObj.getStatus(), filtersObj.getState());
        FilterConfiguration filter = filterFactory.getFilter(controllerRequest, null);
        request.setFilter(filter);
    }
    return request;
}
Also used : EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) BugTracker(com.checkmarx.flow.dto.BugTracker) ControllerRequest(com.checkmarx.flow.dto.ControllerRequest) FlowOverride(com.checkmarx.flow.dto.FlowOverride)

Example 2 with FlowOverride

use of com.checkmarx.flow.dto.FlowOverride in project cx-flow by checkmarx-ltd.

the class PostRequestData method latestScanResults.

@GetMapping(value = "/scanresults", produces = "application/json")
public ScanResults latestScanResults(// Mandatory parameters
@RequestParam(value = "project") String project, @RequestHeader(value = TOKEN_HEADER) String token, // Optional parameters
@RequestParam(value = "team", required = false) String team, @RequestParam(value = "application", required = false) String application, @RequestParam(value = "severity", required = false) List<String> severity, @RequestParam(value = "cwe", required = false) List<String> cwe, @RequestParam(value = "category", required = false) List<String> category, @RequestParam(value = "status", required = false) List<String> status, @RequestParam(value = "assignee", required = false) String assignee, @RequestParam(value = "override", required = false) String override, @RequestParam(value = "bug", required = false) String bug) {
    String uid = helperService.getShortUid();
    MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
    // Validate shared API token from header
    validateToken(token);
    // This primes the shard when Shard Manager is turned on
    if (cxProperties.getEnableShardManager()) {
        ShardSession shard = sessionTracker.getShardSession();
        // ensures this gets fixed like this: /CxServer/CHECKMARX
        if (team.charAt(0) != '/') {
            team = ("/" + team);
        }
        shard.setTeam(team);
        shard.setProject(project);
    }
    // Create bug tracker
    BugTracker bugTracker = getBugTracker(assignee, bug);
    // Create filters if available
    ControllerRequest request = new ControllerRequest(severity, cwe, category, status, null);
    FilterConfiguration filter = filterFactory.getFilter(request, properties);
    // Create the scan request
    ScanRequest scanRequest = ScanRequest.builder().application(ScanUtils.empty(application) ? project : application).product(// Default product: CX
    ScanRequest.Product.CX).project(project).team(team).bugTracker(bugTracker).filter(filter).build();
    scanRequest.setId(uid);
    // If an override blob/file is provided, substitute these values
    if (!ScanUtils.empty(override)) {
        FlowOverride ovr = ScanUtils.getMachinaOverride(override);
        scanRequest = configOverrider.overrideScanRequestProperties(ovr, scanRequest);
    }
    // Fetch the Checkmarx Scan Results based on given ScanRequest.
    // The cxProject parameter is null because the required project metadata
    // is already contained in the scanRequest parameter.
    ScanResults scanResults = CxScannerService.getScanner(cxgoScanner, sastScanner).getLatestScanResults(scanRequest);
    log.debug("ScanResults {}", scanResults);
    return scanResults;
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ShardSession(com.checkmarx.sdk.ShardManager.ShardSession) ScanResults(com.checkmarx.sdk.dto.ScanResults) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) BugTracker(com.checkmarx.flow.dto.BugTracker) ControllerRequest(com.checkmarx.flow.dto.ControllerRequest) FlowOverride(com.checkmarx.flow.dto.FlowOverride)

Example 3 with FlowOverride

use of com.checkmarx.flow.dto.FlowOverride in project cx-flow by checkmarx-ltd.

the class ScanUtils method getMachinaOverride.

public static FlowOverride getMachinaOverride(@RequestParam(value = "override", required = false) String override) {
    FlowOverride o = null;
    try {
        ObjectMapper mapper = new ObjectMapper();
        // if override is provided, check if chars are more than 20 in length, implying base64 encoded json
        if (!ScanUtils.empty(override)) {
            if (override.length() > 20) {
                String oJson = new String(Base64.getDecoder().decode(override));
                o = mapper.readValue(oJson, FlowOverride.class);
                log.info("Overriding attributes with Base64 encoded String");
            } else {
            // TODO download file
            }
        }
    } catch (IOException e) {
        log.error("Error occurred", e);
        throw new MachinaRuntimeException();
    }
    return o;
}
Also used : MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException) IOException(java.io.IOException) FlowOverride(com.checkmarx.flow.dto.FlowOverride) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Aggregations

FlowOverride (com.checkmarx.flow.dto.FlowOverride)3 BugTracker (com.checkmarx.flow.dto.BugTracker)2 ControllerRequest (com.checkmarx.flow.dto.ControllerRequest)2 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)2 ScanRequest (com.checkmarx.flow.dto.ScanRequest)1 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)1 ShardSession (com.checkmarx.sdk.ShardManager.ShardSession)1 ScanResults (com.checkmarx.sdk.dto.ScanResults)1 EngineFilterConfiguration (com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 IOException (java.io.IOException)1