use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.
the class SarifIssueTrackerTest method completeWithParameters.
@Test
public void completeWithParameters() {
SarifIssueTracker issueTracker = getInstance();
try {
ScanRequest request = getRequest();
ScanResults results = getResults();
request.setFilename("./sarif-result.json");
issueTracker.complete(request, results);
assert true;
} catch (MachinaException e) {
assert false;
}
}
use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.
the class SarifIssueTrackerTest method getResults.
private ScanResults getResults() {
Map<String, String> sourceMap = Maps.newHashMap();
sourceMap.put("file", "src/main/webapp/vulnerability/DisplayMessage.jsp");
sourceMap.put("column", "123");
sourceMap.put("line", "3");
Map<String, String> sinkMap = Maps.newHashMap();
sinkMap.put("file", "src/main/webapp/vulnerability/DisplayMessage.jsp");
Map<String, Object> addDetResMap = Maps.newHashMap();
addDetResMap.put("sink", sinkMap);
addDetResMap.put("source", sourceMap);
Map<String, Object> addDetails = Maps.newHashMap();
addDetails.put("results", addDetResMap);
addDetails.put("recommendedFix", "https://ast.dev.checkmarx-ts.com/CxWebClient/ScanQueryDescription.aspx?");
addDetails.put("categories", "PCI DSS v3.2;PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Sit");
Map<Integer, ScanResults.IssueDetails> issueDetails = Maps.newHashMap();
issueDetails.put(22, new ScanResults.IssueDetails());
XIssue i1 = XIssue.builder().vulnerability("Stored_XSS").additionalDetails(addDetails).details(issueDetails).severity("High").cwe("79").description("Method rs=stmt.executeQuery at line 22 of src\\\\main\\\\webapp").link("https://ast.dev.checkmarx-ts.com/CxWebClient/ViewerMain.aspx?scanid=1000194&projec").build();
XIssue i2 = XIssue.builder().vulnerability("SQL_Injection").additionalDetails(addDetails).details(issueDetails).severity("Medium").cwe("89").description("Method rs=stmt.executeQuery at line 22 of src\\\\main\\\\webapp").link("https://ast.dev.checkmarx-ts.com/CxWebClient/ViewerMain.aspx?scanid=1000194&projec").build();
List<XIssue> issues = Lists.newArrayList();
issues.add(i1);
issues.add(i2);
ScanResults results = new ScanResults();
results.setXIssues(issues);
return results;
}
use of com.checkmarx.sdk.dto.ScanResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class CxService method getOsaReportContent.
public ScanResults getOsaReportContent(File vulnsFile, File libsFile, List<Filter> filter) throws CheckmarxException {
if (vulnsFile == null || libsFile == null) {
throw new CheckmarxException("Files not provided for processing of OSA results");
}
try {
List<ScanResults.XIssue> issueList = new ArrayList<>();
// convert json string to object
List<CxOsa> osaVulns = objectMapper.readValue(vulnsFile, new TypeReference<List<CxOsa>>() {
});
List<CxOsaLib> osaLibs = objectMapper.readValue(libsFile, new TypeReference<List<CxOsaLib>>() {
});
Map<String, CxOsaLib> libsMap = getOsaLibsMap(osaLibs);
Map<String, Integer> severityMap = ImmutableMap.of("LOW", 1, "MEDIUM", 2, "HIGH", 3);
for (CxOsa o : osaVulns) {
if (filterOsa(filter, o) && libsMap.containsKey(o.getLibraryId())) {
CxOsaLib lib = libsMap.get(o.getLibraryId());
String filename = lib.getName();
ScanResults.XIssue issue = ScanResults.XIssue.builder().file(filename).vulnerability(OSA_VULN).severity(o.getSeverity().getName()).cve(o.getCveName()).build();
ScanResults.OsaDetails details = ScanResults.OsaDetails.builder().severity(o.getSeverity().getName()).cve(o.getCveName()).description(o.getDescription()).recommendation(o.getRecommendations()).url(o.getUrl()).version(lib.getVersion()).build();
// update
if (issueList.contains(issue)) {
issue = issueList.get(issueList.indexOf(issue));
// bump up the severity if required
if (severityMap.get(issue.getSeverity().toUpperCase(Locale.ROOT)) < severityMap.get(o.getSeverity().getName().toUpperCase(Locale.ROOT))) {
issue.setSeverity(o.getSeverity().getName());
}
issue.setCve(issue.getCve().concat(",").concat(o.getCveName()));
issue.getOsaDetails().add(details);
} else {
// new
List<ScanResults.OsaDetails> dList = new ArrayList<>();
dList.add(details);
issue.setOsaDetails(dList);
issueList.add(issue);
}
}
}
return ScanResults.builder().osa(true).xIssues(issueList).build();
} catch (IOException e) {
log.error("Error parsing JSON OSA report");
log.error(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
} catch (NullPointerException e) {
log.info("Null error");
log.error(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
}
}
Aggregations