Search in sources :

Example 1 with CxProperties

use of com.checkmarx.sdk.config.CxProperties in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class FilterValidatorTest method verifyScriptResult.

private static void verifyScriptResult(Script script, String severity, String status, String state, String name, String cweId, boolean expectedResult) {
    ResultType finding = createFinding(status, state);
    QueryType findingGroup = createFindingGroup(severity, name, cweId);
    EngineFilterConfiguration filterConfiguration = createFilterConfiguration(script);
    FilterValidator validator = new FilterValidator();
    FilterInputFactory filterInputFactory = new FilterInputFactory(new CxProperties());
    FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(findingGroup, finding);
    boolean actualResult = validator.passesFilter(filterInput, filterConfiguration);
    assertEquals(expectedResult, actualResult, "Unexpected script filtering result.");
}
Also used : FilterInput(com.checkmarx.sdk.dto.filtering.FilterInput) FilterInputFactory(com.checkmarx.sdk.service.FilterInputFactory) CxProperties(com.checkmarx.sdk.config.CxProperties) ResultType(com.checkmarx.sdk.dto.cx.xml.ResultType) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) QueryType(com.checkmarx.sdk.dto.cx.xml.QueryType) FilterValidator(com.checkmarx.sdk.service.FilterValidator)

Example 2 with CxProperties

use of com.checkmarx.sdk.config.CxProperties in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class FilterValidatorTest method validateExpectedError.

private void validateExpectedError(String scriptWithUnknownObject) {
    Script script = parse(scriptWithUnknownObject);
    QueryType findingGroup = createFindingGroup(SEVERITY_LOW, NAME1, CWE1);
    ResultType finding = createFinding(STATUS_NEW, STATE_URGENT_ID);
    EngineFilterConfiguration filterConfiguration = createFilterConfiguration(script);
    FilterValidator validator = new FilterValidator();
    try {
        FilterInputFactory filterInputFactory = new FilterInputFactory(new CxProperties());
        FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(findingGroup, finding);
        validator.passesFilter(filterInput, filterConfiguration);
    } catch (Exception e) {
        assertTrue(e instanceof CheckmarxRuntimeException, String.format("Expected %s to be thrown.", CheckmarxRuntimeException.class));
        assertTrue(e.getCause() instanceof GroovyRuntimeException, String.format("Expected exception cause to be %s", GroovyRuntimeException.class));
    }
}
Also used : Script(groovy.lang.Script) FilterInput(com.checkmarx.sdk.dto.filtering.FilterInput) FilterInputFactory(com.checkmarx.sdk.service.FilterInputFactory) GroovyRuntimeException(groovy.lang.GroovyRuntimeException) CxProperties(com.checkmarx.sdk.config.CxProperties) CheckmarxRuntimeException(com.checkmarx.sdk.exception.CheckmarxRuntimeException) ResultType(com.checkmarx.sdk.dto.cx.xml.ResultType) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) QueryType(com.checkmarx.sdk.dto.cx.xml.QueryType) FilterValidator(com.checkmarx.sdk.service.FilterValidator) GroovyRuntimeException(groovy.lang.GroovyRuntimeException) CheckmarxRuntimeException(com.checkmarx.sdk.exception.CheckmarxRuntimeException)

Example 3 with CxProperties

use of com.checkmarx.sdk.config.CxProperties in project cx-flow by checkmarx-ltd.

the class AstRemoteRepoScanSteps method startScan.

public void startScan(List<VulnerabilityScanner> scanners, String branch, String repo, boolean isPublicRepo, String projectName) {
    CxProperties cxProperties = new CxProperties();
    ExternalScriptService scriptService = new ExternalScriptService();
    CxScannerService cxScannerService = new CxScannerService(cxProperties, null, null, null, null);
    HelperService helperService = new HelperService(flowProperties, cxScannerService, jiraProperties, scriptService);
    ProjectNameGenerator projectNameGenerator = new ProjectNameGenerator(helperService, cxScannerService, flowProperties);
    FlowService flowService = new FlowService(new ArrayList<>(), projectNameGenerator, resultsServiceMock);
    ScanRequest scanRequest = getBasicScanRequest(branch, repo, isPublicRepo, projectName);
    scanRequest = configOverrider.overrideScanRequestProperties(new CxConfig(), scanRequest);
    scanRequest.setVulnerabilityScanners(scanners);
    BugTracker bt = BugTracker.builder().type(BugTracker.Type.JIRA).customBean("JIRA").build();
    scanRequest.setBugTracker(bt);
    flowService.initiateAutomation(scanRequest);
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) CxProperties(com.checkmarx.sdk.config.CxProperties) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig) BugTracker(com.checkmarx.flow.dto.BugTracker)

Example 4 with CxProperties

use of com.checkmarx.sdk.config.CxProperties in project cx-flow by checkmarx-ltd.

the class HelperServiceTest method testGetPresetFromSources.

@Test
public void testGetPresetFromSources() {
    FlowProperties properties = new FlowProperties();
    CxProperties cxProperties = new CxProperties();
    JiraProperties jiraProperties = new JiraProperties();
    cxProperties.setScanPreset(Constants.CX_DEFAULT_PRESET);
    CxScannerService cxScannerService = new CxScannerService(cxProperties, null, null, null, null);
    HelperService helperService = new HelperService(properties, cxScannerService, jiraProperties, null);
    Sources sources = new Sources();
    Sources.Source src1 = new Sources.Source();
    src1.setFile("abc.java");
    src1.setPath("abc.java");
    Sources.Source src2 = new Sources.Source();
    src2.setFile("abc.html");
    src2.setPath("abc.html");
    Sources.Source src3 = new Sources.Source();
    src3.setFile("abc.css");
    src3.setPath("abc.css");
    Sources.Source src4 = new Sources.Source();
    src4.setFile("buildspec.yml");
    src4.setPath("buildspec.yml");
    Map<String, Integer> sourceWeight = new HashMap<>();
    sourceWeight.put("Java", 65);
    sourceWeight.put("CSS", 15);
    sourceWeight.put("HTML", 20);
    sources.setLanguageStats(sourceWeight);
    sources.setSources(Arrays.asList(src1, src2, src3, src4));
    ObjectMapper mapper = new ObjectMapper();
    System.out.println(HelperService.class.getResource(".").getPath());
    File file = new File(getClass().getClassLoader().getResource("CxProfile.json").getFile());
    try {
        CxProfile[] cxProfiles = mapper.readValue(file, CxProfile[].class);
        helperService.setProfiles(Arrays.asList(cxProfiles));
        String preset = helperService.getPresetFromSources(sources);
        assertEquals(preset, "Checkmarx Express");
    } catch (IOException e) {
        fail("Unexpected IO Exception");
    }
}
Also used : FlowProperties(com.checkmarx.flow.config.FlowProperties) HashMap(java.util.HashMap) CxProfile(com.checkmarx.flow.dto.CxProfile) IOException(java.io.IOException) Sources(com.checkmarx.flow.dto.Sources) CxProperties(com.checkmarx.sdk.config.CxProperties) JiraProperties(com.checkmarx.flow.config.JiraProperties) File(java.io.File) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 5 with CxProperties

use of com.checkmarx.sdk.config.CxProperties in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class FilterValidatorTest method verifySimpleFilterResult.

private static void verifySimpleFilterResult(List<Filter> filters, String severity, String status, String state, String name, String cweId, boolean expectedResult) {
    ResultType finding = createFinding(status, state);
    QueryType findingGroup = createFindingGroup(severity, name, cweId);
    FilterValidator filterValidator = new FilterValidator();
    EngineFilterConfiguration filterConfiguration = EngineFilterConfiguration.builder().simpleFilters(filters).build();
    FilterInputFactory filterInputFactory = new FilterInputFactory(new CxProperties());
    FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(findingGroup, finding);
    boolean passes = filterValidator.passesFilter(filterInput, filterConfiguration);
    assertEquals(expectedResult, passes, "Unexpected simple filtering result.");
}
Also used : FilterInput(com.checkmarx.sdk.dto.filtering.FilterInput) FilterInputFactory(com.checkmarx.sdk.service.FilterInputFactory) CxProperties(com.checkmarx.sdk.config.CxProperties) ResultType(com.checkmarx.sdk.dto.cx.xml.ResultType) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) QueryType(com.checkmarx.sdk.dto.cx.xml.QueryType) FilterValidator(com.checkmarx.sdk.service.FilterValidator)

Aggregations

CxProperties (com.checkmarx.sdk.config.CxProperties)5 QueryType (com.checkmarx.sdk.dto.cx.xml.QueryType)3 ResultType (com.checkmarx.sdk.dto.cx.xml.ResultType)3 EngineFilterConfiguration (com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)3 FilterInput (com.checkmarx.sdk.dto.filtering.FilterInput)3 FilterInputFactory (com.checkmarx.sdk.service.FilterInputFactory)3 FilterValidator (com.checkmarx.sdk.service.FilterValidator)3 FlowProperties (com.checkmarx.flow.config.FlowProperties)1 JiraProperties (com.checkmarx.flow.config.JiraProperties)1 BugTracker (com.checkmarx.flow.dto.BugTracker)1 CxProfile (com.checkmarx.flow.dto.CxProfile)1 ScanRequest (com.checkmarx.flow.dto.ScanRequest)1 Sources (com.checkmarx.flow.dto.Sources)1 CxConfig (com.checkmarx.sdk.dto.sast.CxConfig)1 CheckmarxRuntimeException (com.checkmarx.sdk.exception.CheckmarxRuntimeException)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 GroovyRuntimeException (groovy.lang.GroovyRuntimeException)1 Script (groovy.lang.Script)1 File (java.io.File)1 IOException (java.io.IOException)1