Search in sources :

Example 56 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class SarifIssueTrackerTest method completeWithParameters.

@Test
public void completeWithParameters() {
    SarifIssueTracker issueTracker = getInstance();
    try {
        ScanRequest request = getRequest();
        ScanResults results = getResults();
        request.setFilename("./sarif-result.json");
        issueTracker.complete(request, results);
        assert true;
    } catch (MachinaException e) {
        assert false;
    }
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) Test(org.junit.Test)

Example 57 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class SarifIssueTrackerTest method getResults.

private ScanResults getResults() {
    Map<String, String> sourceMap = Maps.newHashMap();
    sourceMap.put("file", "src/main/webapp/vulnerability/DisplayMessage.jsp");
    sourceMap.put("column", "123");
    sourceMap.put("line", "3");
    Map<String, String> sinkMap = Maps.newHashMap();
    sinkMap.put("file", "src/main/webapp/vulnerability/DisplayMessage.jsp");
    Map<String, Object> addDetResMap = Maps.newHashMap();
    addDetResMap.put("sink", sinkMap);
    addDetResMap.put("source", sourceMap);
    Map<String, Object> addDetails = Maps.newHashMap();
    addDetails.put("results", addDetResMap);
    addDetails.put("recommendedFix", "https://ast.dev.checkmarx-ts.com/CxWebClient/ScanQueryDescription.aspx?");
    addDetails.put("categories", "PCI DSS v3.2;PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Sit");
    Map<Integer, ScanResults.IssueDetails> issueDetails = Maps.newHashMap();
    issueDetails.put(22, new ScanResults.IssueDetails());
    XIssue i1 = XIssue.builder().vulnerability("Stored_XSS").additionalDetails(addDetails).details(issueDetails).severity("High").cwe("79").description("Method rs=stmt.executeQuery at line 22 of src\\\\main\\\\webapp").link("https://ast.dev.checkmarx-ts.com/CxWebClient/ViewerMain.aspx?scanid=1000194&projec").build();
    XIssue i2 = XIssue.builder().vulnerability("SQL_Injection").additionalDetails(addDetails).details(issueDetails).severity("Medium").cwe("89").description("Method rs=stmt.executeQuery at line 22 of src\\\\main\\\\webapp").link("https://ast.dev.checkmarx-ts.com/CxWebClient/ViewerMain.aspx?scanid=1000194&projec").build();
    List<XIssue> issues = Lists.newArrayList();
    issues.add(i1);
    issues.add(i2);
    ScanResults results = new ScanResults();
    results.setXIssues(issues);
    return results;
}
Also used : XIssue(com.checkmarx.sdk.dto.ScanResults.XIssue) ScanResults(com.checkmarx.sdk.dto.ScanResults)

Example 58 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxService method getOsaReportContent.

public ScanResults getOsaReportContent(File vulnsFile, File libsFile, List<Filter> filter) throws CheckmarxException {
    if (vulnsFile == null || libsFile == null) {
        throw new CheckmarxException("Files not provided for processing of OSA results");
    }
    try {
        List<ScanResults.XIssue> issueList = new ArrayList<>();
        // convert json string to object
        List<CxOsa> osaVulns = objectMapper.readValue(vulnsFile, new TypeReference<List<CxOsa>>() {
        });
        List<CxOsaLib> osaLibs = objectMapper.readValue(libsFile, new TypeReference<List<CxOsaLib>>() {
        });
        Map<String, CxOsaLib> libsMap = getOsaLibsMap(osaLibs);
        Map<String, Integer> severityMap = ImmutableMap.of("LOW", 1, "MEDIUM", 2, "HIGH", 3);
        for (CxOsa o : osaVulns) {
            if (filterOsa(filter, o) && libsMap.containsKey(o.getLibraryId())) {
                CxOsaLib lib = libsMap.get(o.getLibraryId());
                String filename = lib.getName();
                ScanResults.XIssue issue = ScanResults.XIssue.builder().file(filename).vulnerability(OSA_VULN).severity(o.getSeverity().getName()).cve(o.getCveName()).build();
                ScanResults.OsaDetails details = ScanResults.OsaDetails.builder().severity(o.getSeverity().getName()).cve(o.getCveName()).description(o.getDescription()).recommendation(o.getRecommendations()).url(o.getUrl()).version(lib.getVersion()).build();
                // update
                if (issueList.contains(issue)) {
                    issue = issueList.get(issueList.indexOf(issue));
                    // bump up the severity if required
                    if (severityMap.get(issue.getSeverity().toUpperCase(Locale.ROOT)) < severityMap.get(o.getSeverity().getName().toUpperCase(Locale.ROOT))) {
                        issue.setSeverity(o.getSeverity().getName());
                    }
                    issue.setCve(issue.getCve().concat(",").concat(o.getCveName()));
                    issue.getOsaDetails().add(details);
                } else {
                    // new
                    List<ScanResults.OsaDetails> dList = new ArrayList<>();
                    dList.add(details);
                    issue.setOsaDetails(dList);
                    issueList.add(issue);
                }
            }
        }
        return ScanResults.builder().osa(true).xIssues(issueList).build();
    } catch (IOException e) {
        log.error("Error parsing JSON OSA report");
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
    } catch (NullPointerException e) {
        log.info("Null error");
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
    }
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) IOException(java.io.IOException)

Aggregations

ScanResults (com.checkmarx.sdk.dto.ScanResults)58 MachinaException (com.checkmarx.flow.exception.MachinaException)17 ScanRequest (com.checkmarx.flow.dto.ScanRequest)16 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)14 When (io.cucumber.java.en.When)9 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)6 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)6 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)6 ExecutionException (java.util.concurrent.ExecutionException)5 TimeoutException (java.util.concurrent.TimeoutException)5 BugTracker (com.checkmarx.flow.dto.BugTracker)4 ScanParams (com.checkmarx.sdk.dto.ast.ScanParams)4 Filter (com.checkmarx.sdk.dto.sast.Filter)4 Test (org.junit.Test)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 JiraClientException (com.checkmarx.flow.exception.JiraClientException)3 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)3 Finding (com.checkmarx.sdk.dto.sca.report.Finding)3 Package (com.checkmarx.sdk.dto.sca.report.Package)3 IOException (java.io.IOException)3