Search in sources :

Example 1 with ShardSession

use of com.checkmarx.sdk.ShardManager.ShardSession in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxAuthService method getAuthToken.

/**
 * Get Auth Token
 */
@Override
public String getAuthToken(String username, String password, String clientId, String clientSecret, String scope) {
    HttpHeaders headers = new HttpHeaders();
    headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
    MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
    map.add("username", username);
    map.add("password", password);
    map.add("grant_type", "password");
    map.add("scope", cxProperties.getScope());
    map.add("client_id", clientId);
    if (!ScanUtils.empty(cxProperties.getClientSecret())) {
        map.add("client_secret", clientSecret);
    }
    HttpEntity<MultiValueMap<String, String>> requestEntity = new HttpEntity<>(map, headers);
    try {
        // get the access token
        log.info("Logging into Checkmarx {}", cxProperties.getUrl().concat(LOGIN));
        CxAuthResponse response = restTemplate.postForObject(cxProperties.getUrl().concat(LOGIN), requestEntity, CxAuthResponse.class);
        if (response == null) {
            throw new InvalidCredentialsException();
        }
        token = response.getAccessToken();
        // expire 500 seconds early
        tokenExpires = LocalDateTime.now().plusSeconds(response.getExpiresIn() - 500);
        if (cxProperties.getEnableShardManager()) {
            ShardSession shard = sessionTracker.getShardSession();
            shard.setAccessToken(token);
            shard.setTokenExpires(tokenExpires);
        }
    } catch (NullPointerException | HttpStatusCodeException e) {
        log.error("Error occurred white obtaining Access Token.  Possibly incorrect credentials");
        log.error(ExceptionUtils.getStackTrace(e));
        throw new InvalidCredentialsException();
    }
    return token;
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) CxAuthResponse(com.checkmarx.sdk.dto.cx.CxAuthResponse) HttpEntity(org.springframework.http.HttpEntity) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException) InvalidCredentialsException(com.checkmarx.sdk.exception.InvalidCredentialsException) ShardSession(com.checkmarx.sdk.ShardManager.ShardSession) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)

Example 2 with ShardSession

use of com.checkmarx.sdk.ShardManager.ShardSession in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxAuthService method isSoapTokenExpired.

private boolean isSoapTokenExpired() {
    LocalDateTime curTokenExpires = soapTokenExpires;
    if (cxProperties.getEnableShardManager()) {
        ShardSession shard = sessionTracker.getShardSession();
        curTokenExpires = shard.getSoapTokenExpires();
    }
    if (curTokenExpires == null) {
        return true;
    }
    return LocalDateTime.now().isAfter(curTokenExpires);
}
Also used : LocalDateTime(java.time.LocalDateTime) ShardSession(com.checkmarx.sdk.ShardManager.ShardSession)

Example 3 with ShardSession

use of com.checkmarx.sdk.ShardManager.ShardSession in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxLegacyService method getDescription.

String getDescription(String session, Long scanId, Long pathId) {
    GetResultDescription request = new GetResultDescription(session);
    request.setPathID(pathId);
    request.setScanID(scanId);
    log.debug("Retrieving description for {} / {} ", scanId, pathId);
    WebServiceTemplate wsInstance = ws;
    String shardURI = wsInstance.getDefaultUri();
    // If shards are enabled then fetch the current shard info for override.
    if (properties.getEnableShardManager()) {
        ShardSession shard = sessionTracker.getShardSession();
        wsInstance = shard.getShardWs();
        shardURI = shard.getUrl() + "/cxwebinterface/Portal/CxWebService.asmx";
    }
    GetResultDescriptionResponse response = (GetResultDescriptionResponse) wsInstance.marshalSendAndReceive(shardURI, request, getWSCallback(CX_WS_DESCRIPTION_URI, session));
    try {
        if (!response.getGetResultDescriptionResult().isIsSuccesfull()) {
            log.error(response.getGetResultDescriptionResult().getErrorMessage());
            return "";
        } else {
            String description = response.getGetResultDescriptionResult().getResultDescription();
            description = description.replace(properties.getHtmlStrip(), "");
            description = description.replaceAll("\\<.*?>", "");
            /*Strip tag elements*/
            return description;
        }
    } catch (NullPointerException e) {
        log.warn("Error occurred getting description for {} / {}", scanId, pathId);
        return "";
    }
}
Also used : ShardSession(com.checkmarx.sdk.ShardManager.ShardSession) WebServiceTemplate(org.springframework.ws.client.core.WebServiceTemplate)

Example 4 with ShardSession

use of com.checkmarx.sdk.ShardManager.ShardSession in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxLegacyService method login.

/**
 * Login to Cx using legacy SOAP WS
 * @param username
 * @param password
 * @return
 * @throws CheckmarxLegacyException
 */
public String login(String username, String password) throws CheckmarxLegacyException {
    LoginV2 request = new LoginV2();
    WebServiceTemplate wsInstance = ws;
    // If shards are enabled then fetch the current shard info for override.
    if (properties.getEnableShardManager()) {
        ShardSession shard = sessionTracker.getShardSession();
        wsInstance = shard.getShardWs();
        username = shard.getUsername();
        password = shard.getPassword();
    }
    request.setApplicationCredentials(new Credentials(username, password));
    if (properties.getVersion() >= 9.0) {
        return "-1";
    }
    LoginV2Response response = (LoginV2Response) wsInstance.marshalSendAndReceive(wsInstance.getDefaultUri(), request, new SoapActionCallback(CX_WS_LOGIN_URI));
    try {
        if (!response.getLoginV2Result().isIsSuccesfull())
            throw new CheckmarxLegacyException("Authentication Error");
        if (properties.getEnableShardManager()) {
            ShardSession shard = sessionTracker.getShardSession();
            shard.setSoapToken(response.getLoginV2Result().getSessionId());
        }
        return response.getLoginV2Result().getSessionId();
    } catch (NullPointerException e) {
        log.error("Authentication Error while logging into CX using SOAP WS");
        throw new CheckmarxLegacyException("Authentication Error");
    }
}
Also used : SoapActionCallback(org.springframework.ws.soap.client.core.SoapActionCallback) ShardSession(com.checkmarx.sdk.ShardManager.ShardSession) WebServiceTemplate(org.springframework.ws.client.core.WebServiceTemplate) CheckmarxLegacyException(com.checkmarx.sdk.exception.CheckmarxLegacyException)

Example 5 with ShardSession

use of com.checkmarx.sdk.ShardManager.ShardSession in project cx-flow by checkmarx-ltd.

the class PostRequestData method latestScanResults.

@GetMapping(value = "/scanresults", produces = "application/json")
public ScanResults latestScanResults(// Mandatory parameters
@RequestParam(value = "project") String project, @RequestHeader(value = TOKEN_HEADER) String token, // Optional parameters
@RequestParam(value = "team", required = false) String team, @RequestParam(value = "application", required = false) String application, @RequestParam(value = "severity", required = false) List<String> severity, @RequestParam(value = "cwe", required = false) List<String> cwe, @RequestParam(value = "category", required = false) List<String> category, @RequestParam(value = "status", required = false) List<String> status, @RequestParam(value = "assignee", required = false) String assignee, @RequestParam(value = "override", required = false) String override, @RequestParam(value = "bug", required = false) String bug) {
    String uid = helperService.getShortUid();
    MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
    // Validate shared API token from header
    validateToken(token);
    // This primes the shard when Shard Manager is turned on
    if (cxProperties.getEnableShardManager()) {
        ShardSession shard = sessionTracker.getShardSession();
        // ensures this gets fixed like this: /CxServer/CHECKMARX
        if (team.charAt(0) != '/') {
            team = ("/" + team);
        }
        shard.setTeam(team);
        shard.setProject(project);
    }
    // Create bug tracker
    BugTracker bugTracker = getBugTracker(assignee, bug);
    // Create filters if available
    ControllerRequest request = new ControllerRequest(severity, cwe, category, status, null);
    FilterConfiguration filter = filterFactory.getFilter(request, properties);
    // Create the scan request
    ScanRequest scanRequest = ScanRequest.builder().application(ScanUtils.empty(application) ? project : application).product(// Default product: CX
    ScanRequest.Product.CX).project(project).team(team).bugTracker(bugTracker).filter(filter).build();
    scanRequest.setId(uid);
    // If an override blob/file is provided, substitute these values
    if (!ScanUtils.empty(override)) {
        FlowOverride ovr = ScanUtils.getMachinaOverride(override);
        scanRequest = configOverrider.overrideScanRequestProperties(ovr, scanRequest);
    }
    // Fetch the Checkmarx Scan Results based on given ScanRequest.
    // The cxProject parameter is null because the required project metadata
    // is already contained in the scanRequest parameter.
    ScanResults scanResults = CxScannerService.getScanner(cxgoScanner, sastScanner).getLatestScanResults(scanRequest);
    log.debug("ScanResults {}", scanResults);
    return scanResults;
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ShardSession(com.checkmarx.sdk.ShardManager.ShardSession) ScanResults(com.checkmarx.sdk.dto.ScanResults) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) BugTracker(com.checkmarx.flow.dto.BugTracker) ControllerRequest(com.checkmarx.flow.dto.ControllerRequest) FlowOverride(com.checkmarx.flow.dto.FlowOverride)

Aggregations

ShardSession (com.checkmarx.sdk.ShardManager.ShardSession)12 WebServiceTemplate (org.springframework.ws.client.core.WebServiceTemplate)4 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)3 HttpEntity (org.springframework.http.HttpEntity)3 HttpHeaders (org.springframework.http.HttpHeaders)3 SoapActionCallback (org.springframework.ws.soap.client.core.SoapActionCallback)3 CxAuthResponse (com.checkmarx.sdk.dto.cx.CxAuthResponse)2 CheckmarxLegacyException (com.checkmarx.sdk.exception.CheckmarxLegacyException)2 InvalidCredentialsException (com.checkmarx.sdk.exception.InvalidCredentialsException)2 LocalDateTime (java.time.LocalDateTime)2 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)2 MultiValueMap (org.springframework.util.MultiValueMap)2 HttpStatusCodeException (org.springframework.web.client.HttpStatusCodeException)2 checkmarx.wsdl.portal (checkmarx.wsdl.portal)1 BugTracker (com.checkmarx.flow.dto.BugTracker)1 ControllerRequest (com.checkmarx.flow.dto.ControllerRequest)1 FlowOverride (com.checkmarx.flow.dto.FlowOverride)1 ScanRequest (com.checkmarx.flow.dto.ScanRequest)1 ShardSessionTracker (com.checkmarx.sdk.ShardManager.ShardSessionTracker)1 CxProperties (com.checkmarx.sdk.config.CxProperties)1