Search in sources :

Example 1 with InvalidTokenException

use of com.checkmarx.flow.exception.InvalidTokenException in project cx-flow by checkmarx-ltd.

the class PostWebhookController method validateCredentials.

private void validateCredentials(String authHeader, String tokenParam) {
    if (authHeader == null && tokenParam == null)
        throw new InvalidTokenException("Basic authorization header OR token parameter is required.");
    if (tokenParam != null && tokenParam.compareTo(bitBucketProperties.getWebhookToken()) == 0)
        return;
    if (authHeader != null) {
        if (!authHeader.matches("^Basic.*"))
            throw new InvalidTokenException("Authorization method not supported.");
        String[] headerComponents = authHeader.split(" ");
        String creds = new String(Base64.getDecoder().decode(headerComponents[CREDS_INDEX]));
        String[] credComponents = creds.split(":");
        if (credComponents[PASSWORD_INDEX].compareTo(bitBucketProperties.getWebhookToken()) != 0)
            throw new InvalidTokenException();
    }
}
Also used : InvalidTokenException(com.checkmarx.flow.exception.InvalidTokenException)

Example 2 with InvalidTokenException

use of com.checkmarx.flow.exception.InvalidTokenException in project cx-flow by checkmarx-ltd.

the class IastController method stopScanAndCreateIssue.

@PostMapping(value = { "/stop-scan-and-create-{tracker}-issue/{scanTag}" })
public ResponseEntity<EventResponse> stopScanAndCreateIssue(@PathVariable(value = "scanTag", required = false) String scanTag, @PathVariable(value = "tracker", required = false) String bugTrackerName, @RequestHeader(value = TOKEN_HEADER) String token, @RequestBody @Valid CreateIssue body) {
    HttpStatus httpStatusReturn = HttpStatus.OK;
    String returnMessage = "OK";
    try {
        // Validate shared API token from header
        tokenUtils.validateToken(token);
        if (Strings.isBlank(bugTrackerName.trim())) {
            throw new InvalidParameterException("tracker parameter cannot be empty.");
        }
        if (Strings.isBlank(scanTag)) {
            throw new InvalidParameterException("scanTag parameter cannot be empty.");
        }
        ScanRequest request;
        BugTracker.Type bugTrackerType;
        switch(bugTrackerName.toLowerCase()) {
            case "jira":
                bugTrackerType = BugTracker.Type.JIRA;
                break;
            case "github":
                bugTrackerType = BugTracker.Type.GITHUBCOMMIT;
                break;
            case "gitlab":
                bugTrackerType = BugTracker.Type.GITLABCOMMIT;
                break;
            case "ado":
            case "azure":
                bugTrackerType = BugTracker.Type.ADOPULL;
                break;
            default:
                throw new NotImplementedException(bugTrackerName + ". That bug tracker not implemented.");
        }
        request = getRepoScanRequest(body, bugTrackerType);
        iastService.stopScanAndCreateIssue(request, scanTag);
    } catch (InvalidTokenException e) {
        log.error(e.getMessage(), e);
        returnMessage = e.getMessage();
        httpStatusReturn = HttpStatus.FORBIDDEN;
    } catch (InvalidParameterException | NotImplementedException e) {
        log.error(e.getMessage(), e);
        returnMessage = e.getMessage();
        httpStatusReturn = HttpStatus.BAD_REQUEST;
    } catch (IOException | JiraClientException | RuntimeException e) {
        log.error(e.getMessage(), e);
        returnMessage = e.getMessage();
        httpStatusReturn = HttpStatus.INTERNAL_SERVER_ERROR;
    }
    return ResponseEntity.status(httpStatusReturn).body(EventResponse.builder().message(returnMessage).success(httpStatusReturn == HttpStatus.OK).build());
}
Also used : InvalidTokenException(com.checkmarx.flow.exception.InvalidTokenException) HttpStatus(org.springframework.http.HttpStatus) NotImplementedException(org.apache.commons.lang3.NotImplementedException) JiraClientException(com.checkmarx.flow.exception.JiraClientException) IOException(java.io.IOException) BugTracker(com.checkmarx.flow.dto.BugTracker) InvalidParameterException(java.security.InvalidParameterException) ScanRequest(com.checkmarx.flow.dto.ScanRequest)

Aggregations

InvalidTokenException (com.checkmarx.flow.exception.InvalidTokenException)2 BugTracker (com.checkmarx.flow.dto.BugTracker)1 ScanRequest (com.checkmarx.flow.dto.ScanRequest)1 JiraClientException (com.checkmarx.flow.exception.JiraClientException)1 IOException (java.io.IOException)1 InvalidParameterException (java.security.InvalidParameterException)1 NotImplementedException (org.apache.commons.lang3.NotImplementedException)1 HttpStatus (org.springframework.http.HttpStatus)1