Example 1 with VulnerabilityInfo
use of com.checkmarx.flow.dto.iast.manager.dto.VulnerabilityInfo in project cx-flow by checkmarx-ltd.
the class IastService method thresholdsSeverity.
/**
* create an exception if the severity thresholds are exceeded
*/
private void thresholdsSeverity(ScanVulnerabilities scanVulnerabilities) {
Map<Severity, AtomicInteger> thresholdsSeverity = new HashMap<>(7);
for (Severity severity : Severity.values()) {
thresholdsSeverity.put(severity, new AtomicInteger(0));
}
boolean throwThresholdsSeverity = false;
for (int i = 0; i < scanVulnerabilities.getVulnerabilities().size(); i++) {
VulnerabilityInfo vulnerabilityInfo = scanVulnerabilities.getVulnerabilities().get(i);
int countSeverityVulnerabilities = thresholdsSeverity.get(vulnerabilityInfo.getHighestSeverity()).incrementAndGet();
Integer countPossibleVulnerability = iastProperties.getThresholdsSeverity().get(vulnerabilityInfo.getHighestSeverity());
if (countPossibleVulnerability != -1 && countSeverityVulnerabilities >= countPossibleVulnerability) {
throwThresholdsSeverity = true;
}
}
if (throwThresholdsSeverity) {
log.warn("\nThresholds severity are exceeded. " + "\n High: " + thresholdsSeverity.get(Severity.HIGH).incrementAndGet() + " / " + iastProperties.getThresholdsSeverity().get(Severity.HIGH) + "\n Medium: " + thresholdsSeverity.get(Severity.MEDIUM).incrementAndGet() + " / " + iastProperties.getThresholdsSeverity().get(Severity.MEDIUM) + "\n Low: " + thresholdsSeverity.get(Severity.LOW).incrementAndGet() + " / " + iastProperties.getThresholdsSeverity().get(Severity.LOW) + "\n Info: " + thresholdsSeverity.get(Severity.INFO).incrementAndGet() + " / " + iastProperties.getThresholdsSeverity().get(Severity.INFO));
throw new IastThresholdsSeverityException();
}
}
Also used :
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
HashMap(java.util.HashMap)
Severity(com.checkmarx.flow.dto.iast.ql.utils.Severity)
VulnerabilityInfo(com.checkmarx.flow.dto.iast.manager.dto.VulnerabilityInfo)
Example 2 with VulnerabilityInfo
use of com.checkmarx.flow.dto.iast.manager.dto.VulnerabilityInfo in project cx-flow by checkmarx-ltd.
the class IastService method createIssue.
private void createIssue(ScanRequest request, Scan scan) throws IOException {
try {
final ScanVulnerabilities scanVulnerabilities = iastServiceRequests.apiScanVulnerabilities(scan.getScanId());
List<VulnerabilityInfo> vulnerabilities = scanVulnerabilities.getVulnerabilities();
for (VulnerabilityInfo vulnerability : vulnerabilities) {
if (vulnerability.getNewCount() != 0) {
final List<ResultInfo> scansResultsQuery = iastServiceRequests.apiScanResults(scan.getScanId(), vulnerability.getId());
final List<ResultInfo> scansResultQueryList = scansResultsQuery.stream().filter(scansResultQuery -> scansResultQuery.isNewResult() && filterSeverity(scansResultQuery)).collect(Collectors.toList());
for (ResultInfo scansResultQuery : scansResultQueryList) {
createIssue(scanVulnerabilities, request, scansResultQuery, vulnerability, scan);
}
}
}
thresholdsSeverity(scanVulnerabilities);
} catch (NotImplementedException e) {
throw new NotImplementedException(request.getBugTracker().getType().getType() + ". That bug tracker not implemented.");
} catch (IOException e) {
throw new IOException("Can't send api request", e);
}
}
Also used :
ADOProperties(com.checkmarx.flow.config.ADOProperties)
Issue(com.checkmarx.flow.dto.Issue)
ScanRequest(com.checkmarx.flow.dto.ScanRequest)
NotImplementedException(org.apache.commons.lang3.NotImplementedException)
ScanResults(com.checkmarx.sdk.dto.ScanResults)
LocalDateTime(java.time.LocalDateTime)
Autowired(org.springframework.beans.factory.annotation.Autowired)
HashMap(java.util.HashMap)
IssueTracker(com.checkmarx.flow.custom.IssueTracker)
IastProperties(com.checkmarx.flow.config.IastProperties)
VulnerabilityInfo(com.checkmarx.flow.dto.iast.manager.dto.VulnerabilityInfo)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
Service(org.springframework.stereotype.Service)
Map(java.util.Map)
VulnerabilityDescription(com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription)
ScanVulnerabilities(com.checkmarx.flow.dto.iast.manager.dto.ScanVulnerabilities)
com.checkmarx.flow.exception(com.checkmarx.flow.exception)
IOException(java.io.IOException)
ResultInfo(com.checkmarx.flow.dto.iast.manager.dto.ResultInfo)
Scan(com.checkmarx.flow.dto.iast.manager.dto.Scan)
Collectors(java.util.stream.Collectors)
FileNotFoundException(java.io.FileNotFoundException)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
Constants(com.checkmarx.sdk.config.Constants)
GitHubIssueTracker(com.checkmarx.flow.custom.GitHubIssueTracker)
ScanUtils(com.checkmarx.flow.utils.ScanUtils)
GitLabIssueTracker(com.checkmarx.flow.custom.GitLabIssueTracker)
Pattern(java.util.regex.Pattern)
Severity(com.checkmarx.flow.dto.iast.ql.utils.Severity)
ADOIssueTracker(com.checkmarx.flow.custom.ADOIssueTracker)
ScanVulnerabilities(com.checkmarx.flow.dto.iast.manager.dto.ScanVulnerabilities)
NotImplementedException(org.apache.commons.lang3.NotImplementedException)
IOException(java.io.IOException)
ResultInfo(com.checkmarx.flow.dto.iast.manager.dto.ResultInfo)
VulnerabilityInfo(com.checkmarx.flow.dto.iast.manager.dto.VulnerabilityInfo)
Aggregations
VulnerabilityInfo (com.checkmarx.flow.dto.iast.manager.dto.VulnerabilityInfo)2
Severity (com.checkmarx.flow.dto.iast.ql.utils.Severity)2
HashMap (java.util.HashMap)2
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)2
ADOProperties (com.checkmarx.flow.config.ADOProperties)1
IastProperties (com.checkmarx.flow.config.IastProperties)1
ADOIssueTracker (com.checkmarx.flow.custom.ADOIssueTracker)1
GitHubIssueTracker (com.checkmarx.flow.custom.GitHubIssueTracker)1
GitLabIssueTracker (com.checkmarx.flow.custom.GitLabIssueTracker)1
IssueTracker (com.checkmarx.flow.custom.IssueTracker)1
Issue (com.checkmarx.flow.dto.Issue)1
ScanRequest (com.checkmarx.flow.dto.ScanRequest)1
ResultInfo (com.checkmarx.flow.dto.iast.manager.dto.ResultInfo)1
Scan (com.checkmarx.flow.dto.iast.manager.dto.Scan)1
ScanVulnerabilities (com.checkmarx.flow.dto.iast.manager.dto.ScanVulnerabilities)1
VulnerabilityDescription (com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription)1
com.checkmarx.flow.exception (com.checkmarx.flow.exception)1
ScanUtils (com.checkmarx.flow.utils.ScanUtils)1
Constants (com.checkmarx.sdk.config.Constants)1
ScanResults (com.checkmarx.sdk.dto.ScanResults)1
