use of com.checkmarx.flow.exception.InvalidTokenException in project cx-flow by checkmarx-ltd.
the class PostWebhookController method validateCredentials.
private void validateCredentials(String authHeader, String tokenParam) {
if (authHeader == null && tokenParam == null)
throw new InvalidTokenException("Basic authorization header OR token parameter is required.");
if (tokenParam != null && tokenParam.compareTo(bitBucketProperties.getWebhookToken()) == 0)
return;
if (authHeader != null) {
if (!authHeader.matches("^Basic.*"))
throw new InvalidTokenException("Authorization method not supported.");
String[] headerComponents = authHeader.split(" ");
String creds = new String(Base64.getDecoder().decode(headerComponents[CREDS_INDEX]));
String[] credComponents = creds.split(":");
if (credComponents[PASSWORD_INDEX].compareTo(bitBucketProperties.getWebhookToken()) != 0)
throw new InvalidTokenException();
}
}
use of com.checkmarx.flow.exception.InvalidTokenException in project cx-flow by checkmarx-ltd.
the class IastController method stopScanAndCreateIssue.
@PostMapping(value = { "/stop-scan-and-create-{tracker}-issue/{scanTag}" })
public ResponseEntity<EventResponse> stopScanAndCreateIssue(@PathVariable(value = "scanTag", required = false) String scanTag, @PathVariable(value = "tracker", required = false) String bugTrackerName, @RequestHeader(value = TOKEN_HEADER) String token, @RequestBody @Valid CreateIssue body) {
HttpStatus httpStatusReturn = HttpStatus.OK;
String returnMessage = "OK";
try {
// Validate shared API token from header
tokenUtils.validateToken(token);
if (Strings.isBlank(bugTrackerName.trim())) {
throw new InvalidParameterException("tracker parameter cannot be empty.");
}
if (Strings.isBlank(scanTag)) {
throw new InvalidParameterException("scanTag parameter cannot be empty.");
}
ScanRequest request;
BugTracker.Type bugTrackerType;
switch(bugTrackerName.toLowerCase()) {
case "jira":
bugTrackerType = BugTracker.Type.JIRA;
break;
case "github":
bugTrackerType = BugTracker.Type.GITHUBCOMMIT;
break;
case "gitlab":
bugTrackerType = BugTracker.Type.GITLABCOMMIT;
break;
case "ado":
case "azure":
bugTrackerType = BugTracker.Type.ADOPULL;
break;
default:
throw new NotImplementedException(bugTrackerName + ". That bug tracker not implemented.");
}
request = getRepoScanRequest(body, bugTrackerType);
iastService.stopScanAndCreateIssue(request, scanTag);
} catch (InvalidTokenException e) {
log.error(e.getMessage(), e);
returnMessage = e.getMessage();
httpStatusReturn = HttpStatus.FORBIDDEN;
} catch (InvalidParameterException | NotImplementedException e) {
log.error(e.getMessage(), e);
returnMessage = e.getMessage();
httpStatusReturn = HttpStatus.BAD_REQUEST;
} catch (IOException | JiraClientException | RuntimeException e) {
log.error(e.getMessage(), e);
returnMessage = e.getMessage();
httpStatusReturn = HttpStatus.INTERNAL_SERVER_ERROR;
}
return ResponseEntity.status(httpStatusReturn).body(EventResponse.builder().message(returnMessage).success(httpStatusReturn == HttpStatus.OK).build());
}
Aggregations