use of com.checkmarx.sdk.ShardManager.ShardSession in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class CxAuthService method getAuthToken.
/**
* Get Auth Token
*/
@Override
public String getAuthToken(String username, String password, String clientId, String clientSecret, String scope) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
map.add("username", username);
map.add("password", password);
map.add("grant_type", "password");
map.add("scope", cxProperties.getScope());
map.add("client_id", clientId);
if (!ScanUtils.empty(cxProperties.getClientSecret())) {
map.add("client_secret", clientSecret);
}
HttpEntity<MultiValueMap<String, String>> requestEntity = new HttpEntity<>(map, headers);
try {
// get the access token
log.info("Logging into Checkmarx {}", cxProperties.getUrl().concat(LOGIN));
CxAuthResponse response = restTemplate.postForObject(cxProperties.getUrl().concat(LOGIN), requestEntity, CxAuthResponse.class);
if (response == null) {
throw new InvalidCredentialsException();
}
token = response.getAccessToken();
// expire 500 seconds early
tokenExpires = LocalDateTime.now().plusSeconds(response.getExpiresIn() - 500);
if (cxProperties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
shard.setAccessToken(token);
shard.setTokenExpires(tokenExpires);
}
} catch (NullPointerException | HttpStatusCodeException e) {
log.error("Error occurred white obtaining Access Token. Possibly incorrect credentials");
log.error(ExceptionUtils.getStackTrace(e));
throw new InvalidCredentialsException();
}
return token;
}
use of com.checkmarx.sdk.ShardManager.ShardSession in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class CxAuthService method isSoapTokenExpired.
private boolean isSoapTokenExpired() {
LocalDateTime curTokenExpires = soapTokenExpires;
if (cxProperties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
curTokenExpires = shard.getSoapTokenExpires();
}
if (curTokenExpires == null) {
return true;
}
return LocalDateTime.now().isAfter(curTokenExpires);
}
use of com.checkmarx.sdk.ShardManager.ShardSession in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class CxLegacyService method getDescription.
String getDescription(String session, Long scanId, Long pathId) {
GetResultDescription request = new GetResultDescription(session);
request.setPathID(pathId);
request.setScanID(scanId);
log.debug("Retrieving description for {} / {} ", scanId, pathId);
WebServiceTemplate wsInstance = ws;
String shardURI = wsInstance.getDefaultUri();
// If shards are enabled then fetch the current shard info for override.
if (properties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
wsInstance = shard.getShardWs();
shardURI = shard.getUrl() + "/cxwebinterface/Portal/CxWebService.asmx";
}
GetResultDescriptionResponse response = (GetResultDescriptionResponse) wsInstance.marshalSendAndReceive(shardURI, request, getWSCallback(CX_WS_DESCRIPTION_URI, session));
try {
if (!response.getGetResultDescriptionResult().isIsSuccesfull()) {
log.error(response.getGetResultDescriptionResult().getErrorMessage());
return "";
} else {
String description = response.getGetResultDescriptionResult().getResultDescription();
description = description.replace(properties.getHtmlStrip(), "");
description = description.replaceAll("\\<.*?>", "");
/*Strip tag elements*/
return description;
}
} catch (NullPointerException e) {
log.warn("Error occurred getting description for {} / {}", scanId, pathId);
return "";
}
}
use of com.checkmarx.sdk.ShardManager.ShardSession in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class CxLegacyService method login.
/**
* Login to Cx using legacy SOAP WS
* @param username
* @param password
* @return
* @throws CheckmarxLegacyException
*/
public String login(String username, String password) throws CheckmarxLegacyException {
LoginV2 request = new LoginV2();
WebServiceTemplate wsInstance = ws;
// If shards are enabled then fetch the current shard info for override.
if (properties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
wsInstance = shard.getShardWs();
username = shard.getUsername();
password = shard.getPassword();
}
request.setApplicationCredentials(new Credentials(username, password));
if (properties.getVersion() >= 9.0) {
return "-1";
}
LoginV2Response response = (LoginV2Response) wsInstance.marshalSendAndReceive(wsInstance.getDefaultUri(), request, new SoapActionCallback(CX_WS_LOGIN_URI));
try {
if (!response.getLoginV2Result().isIsSuccesfull())
throw new CheckmarxLegacyException("Authentication Error");
if (properties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
shard.setSoapToken(response.getLoginV2Result().getSessionId());
}
return response.getLoginV2Result().getSessionId();
} catch (NullPointerException e) {
log.error("Authentication Error while logging into CX using SOAP WS");
throw new CheckmarxLegacyException("Authentication Error");
}
}
use of com.checkmarx.sdk.ShardManager.ShardSession in project cx-flow by checkmarx-ltd.
the class PostRequestData method latestScanResults.
@GetMapping(value = "/scanresults", produces = "application/json")
public ScanResults latestScanResults(// Mandatory parameters
@RequestParam(value = "project") String project, @RequestHeader(value = TOKEN_HEADER) String token, // Optional parameters
@RequestParam(value = "team", required = false) String team, @RequestParam(value = "application", required = false) String application, @RequestParam(value = "severity", required = false) List<String> severity, @RequestParam(value = "cwe", required = false) List<String> cwe, @RequestParam(value = "category", required = false) List<String> category, @RequestParam(value = "status", required = false) List<String> status, @RequestParam(value = "assignee", required = false) String assignee, @RequestParam(value = "override", required = false) String override, @RequestParam(value = "bug", required = false) String bug) {
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
// Validate shared API token from header
validateToken(token);
// This primes the shard when Shard Manager is turned on
if (cxProperties.getEnableShardManager()) {
ShardSession shard = sessionTracker.getShardSession();
// ensures this gets fixed like this: /CxServer/CHECKMARX
if (team.charAt(0) != '/') {
team = ("/" + team);
}
shard.setTeam(team);
shard.setProject(project);
}
// Create bug tracker
BugTracker bugTracker = getBugTracker(assignee, bug);
// Create filters if available
ControllerRequest request = new ControllerRequest(severity, cwe, category, status, null);
FilterConfiguration filter = filterFactory.getFilter(request, properties);
// Create the scan request
ScanRequest scanRequest = ScanRequest.builder().application(ScanUtils.empty(application) ? project : application).product(// Default product: CX
ScanRequest.Product.CX).project(project).team(team).bugTracker(bugTracker).filter(filter).build();
scanRequest.setId(uid);
// If an override blob/file is provided, substitute these values
if (!ScanUtils.empty(override)) {
FlowOverride ovr = ScanUtils.getMachinaOverride(override);
scanRequest = configOverrider.overrideScanRequestProperties(ovr, scanRequest);
}
// Fetch the Checkmarx Scan Results based on given ScanRequest.
// The cxProject parameter is null because the required project metadata
// is already contained in the scanRequest parameter.
ScanResults scanResults = CxScannerService.getScanner(cxgoScanner, sastScanner).getLatestScanResults(scanRequest);
log.debug("ScanResults {}", scanResults);
return scanResults;
}
Aggregations