Search in sources :

Example 1 with Scan

use of com.checkmarx.flow.dto.iast.manager.dto.Scan in project cx-flow by checkmarx-ltd.

the class IastService method stopScanAndCreateIssue.

public void stopScanAndCreateIssue(ScanRequest request, String scanTag) throws IOException, JiraClientException {
    log.debug("start stopScanAndCreateIssueFromIastSummary with scanTag:" + scanTag);
    validateScanTag(scanTag);
    checkRequiredParameters();
    if (request == null) {
        log.error("ScanRequest is null. Something went wrong.");
        throw new IastScanRequestMustProvideException("ScanRequest is null. Something went wrong. Please contact with IAST support.");
    }
    if (request.getBugTracker() == null) {
        log.error("BugTracker is not provide. Please provide a bug tracker");
    }
    Scan scan = finishScan(scanTag);
    createIssue(request, scan);
}
Also used : Scan(com.checkmarx.flow.dto.iast.manager.dto.Scan)

Example 2 with Scan

use of com.checkmarx.flow.dto.iast.manager.dto.Scan in project cx-flow by checkmarx-ltd.

the class IastService method createIssue.

private void createIssue(ScanRequest request, Scan scan) throws IOException {
    try {
        final ScanVulnerabilities scanVulnerabilities = iastServiceRequests.apiScanVulnerabilities(scan.getScanId());
        List<VulnerabilityInfo> vulnerabilities = scanVulnerabilities.getVulnerabilities();
        for (VulnerabilityInfo vulnerability : vulnerabilities) {
            if (vulnerability.getNewCount() != 0) {
                final List<ResultInfo> scansResultsQuery = iastServiceRequests.apiScanResults(scan.getScanId(), vulnerability.getId());
                final List<ResultInfo> scansResultQueryList = scansResultsQuery.stream().filter(scansResultQuery -> scansResultQuery.isNewResult() && filterSeverity(scansResultQuery)).collect(Collectors.toList());
                for (ResultInfo scansResultQuery : scansResultQueryList) {
                    createIssue(scanVulnerabilities, request, scansResultQuery, vulnerability, scan);
                }
            }
        }
        thresholdsSeverity(scanVulnerabilities);
    } catch (NotImplementedException e) {
        throw new NotImplementedException(request.getBugTracker().getType().getType() + ". That bug tracker not implemented.");
    } catch (IOException e) {
        throw new IOException("Can't send api request", e);
    }
}
Also used : ADOProperties(com.checkmarx.flow.config.ADOProperties) Issue(com.checkmarx.flow.dto.Issue) ScanRequest(com.checkmarx.flow.dto.ScanRequest) NotImplementedException(org.apache.commons.lang3.NotImplementedException) ScanResults(com.checkmarx.sdk.dto.ScanResults) LocalDateTime(java.time.LocalDateTime) Autowired(org.springframework.beans.factory.annotation.Autowired) HashMap(java.util.HashMap) IssueTracker(com.checkmarx.flow.custom.IssueTracker) IastProperties(com.checkmarx.flow.config.IastProperties) VulnerabilityInfo(com.checkmarx.flow.dto.iast.manager.dto.VulnerabilityInfo) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) Service(org.springframework.stereotype.Service) Map(java.util.Map) VulnerabilityDescription(com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription) ScanVulnerabilities(com.checkmarx.flow.dto.iast.manager.dto.ScanVulnerabilities) com.checkmarx.flow.exception(com.checkmarx.flow.exception) IOException(java.io.IOException) ResultInfo(com.checkmarx.flow.dto.iast.manager.dto.ResultInfo) Scan(com.checkmarx.flow.dto.iast.manager.dto.Scan) Collectors(java.util.stream.Collectors) FileNotFoundException(java.io.FileNotFoundException) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) Constants(com.checkmarx.sdk.config.Constants) GitHubIssueTracker(com.checkmarx.flow.custom.GitHubIssueTracker) ScanUtils(com.checkmarx.flow.utils.ScanUtils) GitLabIssueTracker(com.checkmarx.flow.custom.GitLabIssueTracker) Pattern(java.util.regex.Pattern) Severity(com.checkmarx.flow.dto.iast.ql.utils.Severity) ADOIssueTracker(com.checkmarx.flow.custom.ADOIssueTracker) ScanVulnerabilities(com.checkmarx.flow.dto.iast.manager.dto.ScanVulnerabilities) NotImplementedException(org.apache.commons.lang3.NotImplementedException) IOException(java.io.IOException) ResultInfo(com.checkmarx.flow.dto.iast.manager.dto.ResultInfo) VulnerabilityInfo(com.checkmarx.flow.dto.iast.manager.dto.VulnerabilityInfo)

Aggregations

Scan (com.checkmarx.flow.dto.iast.manager.dto.Scan)2 ADOProperties (com.checkmarx.flow.config.ADOProperties)1 IastProperties (com.checkmarx.flow.config.IastProperties)1 ADOIssueTracker (com.checkmarx.flow.custom.ADOIssueTracker)1 GitHubIssueTracker (com.checkmarx.flow.custom.GitHubIssueTracker)1 GitLabIssueTracker (com.checkmarx.flow.custom.GitLabIssueTracker)1 IssueTracker (com.checkmarx.flow.custom.IssueTracker)1 Issue (com.checkmarx.flow.dto.Issue)1 ScanRequest (com.checkmarx.flow.dto.ScanRequest)1 ResultInfo (com.checkmarx.flow.dto.iast.manager.dto.ResultInfo)1 ScanVulnerabilities (com.checkmarx.flow.dto.iast.manager.dto.ScanVulnerabilities)1 VulnerabilityInfo (com.checkmarx.flow.dto.iast.manager.dto.VulnerabilityInfo)1 VulnerabilityDescription (com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription)1 Severity (com.checkmarx.flow.dto.iast.ql.utils.Severity)1 com.checkmarx.flow.exception (com.checkmarx.flow.exception)1 ScanUtils (com.checkmarx.flow.utils.ScanUtils)1 Constants (com.checkmarx.sdk.config.Constants)1 ScanResults (com.checkmarx.sdk.dto.ScanResults)1 FileNotFoundException (java.io.FileNotFoundException)1 IOException (java.io.IOException)1