Search in sources :

Example 1 with PullRequestReport

use of com.checkmarx.flow.dto.report.PullRequestReport in project cx-flow by checkmarx-ltd.

the class GitHubService method logPullRequestWithScaResults.

private void logPullRequestWithScaResults(ScanRequest request, ScanResults results) {
    if (results.getScaResults() != null) {
        PullRequestReport report = new PullRequestReport(results.getScaResults().getScanId(), request, AnalyticsReport.SCA);
        report.setFindingsPerSeveritySca(results);
        report.setPullRequestResult(OperationResult.successful());
        report.log();
    }
}
Also used : PullRequestReport(com.checkmarx.flow.dto.report.PullRequestReport)

Example 2 with PullRequestReport

use of com.checkmarx.flow.dto.report.PullRequestReport in project cx-flow by checkmarx-ltd.

the class GitHubService method endBlockMerge.

void endBlockMerge(ScanRequest request, ScanResults results, ScanDetails scanDetails) {
    logPullRequestWithScaResults(request, results);
    if (properties.isBlockMerge()) {
        String statusApiUrl = request.getAdditionalMetadata(STATUSES_URL_KEY);
        if (ScanUtils.empty(statusApiUrl)) {
            log.error(STATUSES_URL_NOT_PROVIDED);
            return;
        }
        PullRequestReport report = new PullRequestReport(scanDetails, request);
        HttpEntity<String> httpEntity = getStatusRequestEntity(results, report, request);
        logPullRequestWithSastOsa(results, report);
        log.debug("Updating pull request status: {}", statusApiUrl);
        statusExchange(request, httpEntity, statusApiUrl, "failed to update merge status for completed scan");
    } else {
        log.debug("Pull request blocking is disabled in configuration, no need to unblock.");
        logPullRequestWithSastOsa(request, results, scanDetails);
    }
}
Also used : PullRequestReport(com.checkmarx.flow.dto.report.PullRequestReport)

Example 3 with PullRequestReport

use of com.checkmarx.flow.dto.report.PullRequestReport in project cx-flow by checkmarx-ltd.

the class ADOService method endBlockMerge.

void endBlockMerge(ScanRequest request, ScanResults results, ScanDetails scanDetails) {
    if (properties.isBlockMerge()) {
        Integer projectId = Integer.parseInt(results.getProjectId());
        String url = request.getAdditionalMetadata("statuses_url");
        String statusId = request.getAdditionalMetadata("status_id");
        String threadUrl = null;
        if (request.getAdditionalMetadata("ado_thread_id") != null) {
            threadUrl = request.getMergeNoteUri().concat("/").concat(request.getAdditionalMetadata("ado_thread_id"));
        }
        if (statusId == null) {
            log.warn("No status Id found, skipping status update");
            return;
        }
        CreateWorkItemAttr item = new CreateWorkItemAttr();
        item.setOp("remove");
        item.setPath("/".concat(statusId));
        List<CreateWorkItemAttr> list = new ArrayList<>();
        list.add(item);
        HttpEntity<List<CreateWorkItemAttr>> httpEntity = new HttpEntity<>(list, ADOUtils.createPatchAuthHeaders(scmConfigOverrider.determineConfigToken(properties, request.getScmInstance())));
        if (ScanUtils.empty(url)) {
            log.error("statuses_url was not provided within the request object, which is required for blocking / unblocking pull requests");
            return;
        }
        // TODO remove preview once applicable
        log.info("Removing pending status from pull {}", url);
        restTemplate.exchange(getFullAdoApiUrl(url).concat("-preview"), HttpMethod.PATCH, httpEntity, Void.class);
        /*
                if the SAST server fails to scan a project it generates a result with ProjectId = -1
                This if statement adds a status of failed to the ADO PR, and sets the status of thread to
                CLOSED.
             */
        if (projectId == -1) {
            log.debug("SAST scan could not be processed due to some error. Creating status of failed to {}", url);
            createStatus("failed", "Checkmarx Scan could not be processed.", url, results.getLink(), request);
            if (threadUrl != null) {
                createThreadStatus(CLOSED, threadUrl, request);
            }
            return;
        }
        boolean isMergeAllowed = thresholdValidator.isMergeAllowed(results, properties, new PullRequestReport(scanDetails, request));
        if (!isMergeAllowed) {
            log.debug("Creating status of failed to {}", url);
            createStatus("failed", "Checkmarx Scan Completed", url, results.getLink(), request);
            if (threadUrl != null) {
                createThreadStatus(CLOSED, threadUrl, request);
            }
        } else {
            log.debug("Creating status of succeeded to {}", url);
            createStatus("succeeded", "Checkmarx Scan Completed", url, results.getLink(), request);
            if (threadUrl != null) {
                createThreadStatus(RESOLVED, threadUrl, request);
            }
        }
    }
}
Also used : PullRequestReport(com.checkmarx.flow.dto.report.PullRequestReport) HttpEntity(org.springframework.http.HttpEntity) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) CreateWorkItemAttr(com.checkmarx.flow.dto.azure.CreateWorkItemAttr)

Example 4 with PullRequestReport

use of com.checkmarx.flow.dto.report.PullRequestReport in project cx-flow by checkmarx-ltd.

the class ScaThresholdsSteps method pull_request_should_fail.

@Then("pull request should {word}")
public void pull_request_should_fail(String expected) {
    RepoProperties repoProperties = new RepoProperties();
    repoProperties.setErrorMerge(true);
    ScanResults scanResults = new ScanResults();
    scanResults.setScaResults(scaResults);
    PullRequestReport pullRequestReport = new PullRequestReport();
    boolean actual = thresholdValidatorImpl.isMergeAllowed(scanResults, repoProperties, pullRequestReport);
    log.info("is merged allowed = {} (expecting: {})", actual, expected);
    assertEquals(expected.equals("pass"), actual, "is merged allowed = " + actual + ", but was expecting: " + expected);
}
Also used : PullRequestReport(com.checkmarx.flow.dto.report.PullRequestReport) ScanResults(com.checkmarx.sdk.dto.ScanResults) RepoProperties(com.checkmarx.flow.config.RepoProperties) Then(io.cucumber.java.en.Then)

Example 5 with PullRequestReport

use of com.checkmarx.flow.dto.report.PullRequestReport in project cx-flow by checkmarx-ltd.

the class GitHubService method logPullRequestWithSastOsa.

private void logPullRequestWithSastOsa(ScanRequest request, ScanResults results, ScanDetails scanDetails) {
    // Otherwise it would be only SCA
    if (hasSastOsaScan(results)) {
        PullRequestReport report = new PullRequestReport(scanDetails, request);
        Map<FindingSeverity, Integer> findings = ThresholdValidatorImpl.getSastFindingCountPerSeverity(results);
        report.setFindingsPerSeverity(findings);
        report.setPullRequestResult(OperationResult.successful());
        report.log();
    }
}
Also used : PullRequestReport(com.checkmarx.flow.dto.report.PullRequestReport) FindingSeverity(com.checkmarx.flow.config.FindingSeverity)

Aggregations

PullRequestReport (com.checkmarx.flow.dto.report.PullRequestReport)7 FindingSeverity (com.checkmarx.flow.config.FindingSeverity)1 RepoProperties (com.checkmarx.flow.config.RepoProperties)1 CreateWorkItemAttr (com.checkmarx.flow.dto.azure.CreateWorkItemAttr)1 BitBucketClientException (com.checkmarx.flow.exception.BitBucketClientException)1 ScanResults (com.checkmarx.sdk.dto.ScanResults)1 Then (io.cucumber.java.en.Then)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 JSONObject (org.json.JSONObject)1 HttpEntity (org.springframework.http.HttpEntity)1 HttpClientErrorException (org.springframework.web.client.HttpClientErrorException)1