Search in sources :

Example 1 with ScanRequestConverter

use of com.checkmarx.flow.sastscanning.ScanRequestConverter in project cx-flow by checkmarx-ltd.

the class DeleteBranchSteps method initServices.

private void initServices() {
    CxScannerService cxScannerService = new CxScannerService(cxProperties, null, flowProperties, cxClientMock, null);
    ProjectNameGenerator projectNameGeneratorSpy = spy(new ProjectNameGenerator(helperService, cxScannerService, flowProperties));
    initProjectNameGeneratorSpy(projectNameGeneratorSpy);
    ScanRequestConverter scanRequestConverter = new ScanRequestConverter(helperService, flowProperties, gitHubService, null, null, null, null, cxClientMock, cxProperties);
    SastScanner sastScanner = new SastScanner(null, cxProperties, flowProperties, null, projectNameGeneratorSpy, cxClientMock, new BugTrackersDto(emailService, bugTrackerEventTrigger, gitHubService, null, null, null, null));
    List<VulnerabilityScanner> scanners = new LinkedList<>();
    scanners.add(sastScanner);
    FlowService flowServiceSpy = spy(new FlowService(scanners, projectNameGeneratorSpy, resultsServiceMock));
    // gitHubControllerSpy is a spy which will run real methods.
    // It will connect to a real github repository to read a real cx.config file
    // And thus it will work with real gitHubService
    this.gitHubControllerSpy = spy(new GitHubController(gitHubProperties, flowProperties, null, flowServiceSpy, helperService, gitHubService, gitHubAppAuthService, filterFactory, configOverrider, null, gitAuthUrlGenerator));
    this.adoControllerSpy = spy(new ADOController(adoProperties, flowProperties, null, flowServiceSpy, helperService, filterFactory, configOverrider, adoServiceMock, scmConfigOverrider, gitAuthUrlGenerator));
}
Also used : BugTrackersDto(com.checkmarx.flow.dto.BugTrackersDto) ScanRequestConverter(com.checkmarx.flow.sastscanning.ScanRequestConverter) ADOController(com.checkmarx.flow.controller.ADOController)

Example 2 with ScanRequestConverter

use of com.checkmarx.flow.sastscanning.ScanRequestConverter in project cx-flow by checkmarx-ltd.

the class PostRequestData method scanPostback.

@PostMapping(value = "/postbackAction/{scanID}")
public ResponseEntity<EventResponse> scanPostback(@RequestBody String postBackData, @PathVariable(value = "scanID") String scanID) {
    log.debug("Handling post-back from SAST");
    int maxNumberOfTokens = 100;
    PostRequestData prd = new PostRequestData();
    String token = " ";
    String bugTracker = properties.getBugTracker();
    // 
    // / Decode the scan details.
    // 
    StringTokenizer postData = new StringTokenizer(postBackData, "&");
    int iteration = 0;
    while (postData.hasMoreTokens() && iteration < maxNumberOfTokens) {
        String strToken = postData.nextToken();
        if (strToken.length() > 6 && strToken.startsWith("token=")) {
            token = strToken.substring(6);
        }
        if (strToken.length() > 13 && strToken.startsWith("scancomments=")) {
            String scanDetails = strToken.substring(13);
            try {
                String postRequest = URLDecoder.decode(scanDetails, "UTF-8");
                decodePostBackReq(postRequest, prd);
            } catch (Exception e) {
                log.error("Error decoding scan details");
            }
        }
        iteration++;
    }
    validateToken(token);
    try {
        String product = "CX";
        ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
        ScanRequest scanRequest = ScanRequest.builder().namespace(prd.namespace).repoName(prd.repoName).project(prd.project).team(prd.team).repoType(ScanRequest.Repository.GITHUB).product(p).branch(prd.branch).build();
        // There won't be a scan ID on the post-back, so we need to fake it in the
        // event shard support is turned on (very likely if using post-back support).
        String uid = helperService.getShortUid();
        MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
        ScanRequestConverter src = sastScanner.getScanRequestConverter();
        src.setShardPropertiesIfExists(scanRequest, prd.team);
        // Now go ahead and process the scan as normal.
        ScanResults scanResults = cxService.getReportContentByScanId(Integer.parseInt(scanID), scanRequest.getFilter());
        scanRequest.putAdditionalMetadata("statuses_url", prd.pullRequestURL);
        scanRequest.setMergeNoteUri(prd.mergeNoteUri);
        BugTracker bt = ScanUtils.getBugTracker(null, prd.bugType, jiraProperties, bugTracker);
        scanRequest.setBugTracker(bt);
        scanResults.setSastScanId(Integer.parseInt(scanID));
        resultsService.publishCombinedResults(scanRequest, scanResults);
    } catch (Exception e) {
        log.error("Error posting SAST scan results", e);
    }
    return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("Scan Results Successfully Processed").success(true).build());
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ScanResults(com.checkmarx.sdk.dto.ScanResults) ScanRequestConverter(com.checkmarx.flow.sastscanning.ScanRequestConverter) BugTracker(com.checkmarx.flow.dto.BugTracker) InvalidTokenException(com.checkmarx.flow.exception.InvalidTokenException)

Aggregations

ScanRequestConverter (com.checkmarx.flow.sastscanning.ScanRequestConverter)2 ADOController (com.checkmarx.flow.controller.ADOController)1 BugTracker (com.checkmarx.flow.dto.BugTracker)1 BugTrackersDto (com.checkmarx.flow.dto.BugTrackersDto)1 ScanRequest (com.checkmarx.flow.dto.ScanRequest)1 InvalidTokenException (com.checkmarx.flow.exception.InvalidTokenException)1 ScanResults (com.checkmarx.sdk.dto.ScanResults)1