Example 1 with ScanRequestConverter
use of com.checkmarx.flow.sastscanning.ScanRequestConverter in project cx-flow by checkmarx-ltd.
the class DeleteBranchSteps method initServices.
private void initServices() {
CxScannerService cxScannerService = new CxScannerService(cxProperties, null, flowProperties, cxClientMock, null);
ProjectNameGenerator projectNameGeneratorSpy = spy(new ProjectNameGenerator(helperService, cxScannerService, flowProperties));
initProjectNameGeneratorSpy(projectNameGeneratorSpy);
ScanRequestConverter scanRequestConverter = new ScanRequestConverter(helperService, flowProperties, gitHubService, null, null, null, null, cxClientMock, cxProperties);
SastScanner sastScanner = new SastScanner(null, cxProperties, flowProperties, null, projectNameGeneratorSpy, cxClientMock, new BugTrackersDto(emailService, bugTrackerEventTrigger, gitHubService, null, null, null, null));
List<VulnerabilityScanner> scanners = new LinkedList<>();
scanners.add(sastScanner);
FlowService flowServiceSpy = spy(new FlowService(scanners, projectNameGeneratorSpy, resultsServiceMock));
// gitHubControllerSpy is a spy which will run real methods.
// It will connect to a real github repository to read a real cx.config file
// And thus it will work with real gitHubService
this.gitHubControllerSpy = spy(new GitHubController(gitHubProperties, flowProperties, null, flowServiceSpy, helperService, gitHubService, gitHubAppAuthService, filterFactory, configOverrider, null, gitAuthUrlGenerator));
this.adoControllerSpy = spy(new ADOController(adoProperties, flowProperties, null, flowServiceSpy, helperService, filterFactory, configOverrider, adoServiceMock, scmConfigOverrider, gitAuthUrlGenerator));
}
Also used :
BugTrackersDto(com.checkmarx.flow.dto.BugTrackersDto)
ScanRequestConverter(com.checkmarx.flow.sastscanning.ScanRequestConverter)
ADOController(com.checkmarx.flow.controller.ADOController)
Example 2 with ScanRequestConverter
use of com.checkmarx.flow.sastscanning.ScanRequestConverter in project cx-flow by checkmarx-ltd.
the class PostRequestData method scanPostback.
@PostMapping(value = "/postbackAction/{scanID}")
public ResponseEntity<EventResponse> scanPostback(@RequestBody String postBackData, @PathVariable(value = "scanID") String scanID) {
log.debug("Handling post-back from SAST");
int maxNumberOfTokens = 100;
PostRequestData prd = new PostRequestData();
String token = " ";
String bugTracker = properties.getBugTracker();
//
// / Decode the scan details.
//
StringTokenizer postData = new StringTokenizer(postBackData, "&");
int iteration = 0;
while (postData.hasMoreTokens() && iteration < maxNumberOfTokens) {
String strToken = postData.nextToken();
if (strToken.length() > 6 && strToken.startsWith("token=")) {
token = strToken.substring(6);
}
if (strToken.length() > 13 && strToken.startsWith("scancomments=")) {
String scanDetails = strToken.substring(13);
try {
String postRequest = URLDecoder.decode(scanDetails, "UTF-8");
decodePostBackReq(postRequest, prd);
} catch (Exception e) {
log.error("Error decoding scan details");
}
}
iteration++;
}
validateToken(token);
try {
String product = "CX";
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
ScanRequest scanRequest = ScanRequest.builder().namespace(prd.namespace).repoName(prd.repoName).project(prd.project).team(prd.team).repoType(ScanRequest.Repository.GITHUB).product(p).branch(prd.branch).build();
// There won't be a scan ID on the post-back, so we need to fake it in the
// event shard support is turned on (very likely if using post-back support).
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
ScanRequestConverter src = sastScanner.getScanRequestConverter();
src.setShardPropertiesIfExists(scanRequest, prd.team);
// Now go ahead and process the scan as normal.
ScanResults scanResults = cxService.getReportContentByScanId(Integer.parseInt(scanID), scanRequest.getFilter());
scanRequest.putAdditionalMetadata("statuses_url", prd.pullRequestURL);
scanRequest.setMergeNoteUri(prd.mergeNoteUri);
BugTracker bt = ScanUtils.getBugTracker(null, prd.bugType, jiraProperties, bugTracker);
scanRequest.setBugTracker(bt);
scanResults.setSastScanId(Integer.parseInt(scanID));
resultsService.publishCombinedResults(scanRequest, scanResults);
} catch (Exception e) {
log.error("Error posting SAST scan results", e);
}
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("Scan Results Successfully Processed").success(true).build());
}
Also used :
ScanRequest(com.checkmarx.flow.dto.ScanRequest)
ScanResults(com.checkmarx.sdk.dto.ScanResults)
ScanRequestConverter(com.checkmarx.flow.sastscanning.ScanRequestConverter)
BugTracker(com.checkmarx.flow.dto.BugTracker)
InvalidTokenException(com.checkmarx.flow.exception.InvalidTokenException)
Aggregations
ScanRequestConverter (com.checkmarx.flow.sastscanning.ScanRequestConverter)2
ADOController (com.checkmarx.flow.controller.ADOController)1
BugTracker (com.checkmarx.flow.dto.BugTracker)1
BugTrackersDto (com.checkmarx.flow.dto.BugTrackersDto)1
ScanRequest (com.checkmarx.flow.dto.ScanRequest)1
InvalidTokenException (com.checkmarx.flow.exception.InvalidTokenException)1
ScanResults (com.checkmarx.sdk.dto.ScanResults)1
