Search in sources :

Example 6 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class ScaPolicyManagementSteps method initNewScan.

@When("initiating a new scan")
public void initNewScan() {
    ScanRequest scanRequest = getBasicScanRequest(PROJECT_NAME, GIT_REPO_URL);
    ScanResults scanResults = scaScanner.scan(scanRequest);
    scaResults = Objects.requireNonNull(scanResults).getScaResults();
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ScanResults(com.checkmarx.sdk.dto.ScanResults) When(io.cucumber.java.en.When)

Example 7 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class GetResultsAnalyticsTestSteps method createFakeSASTScanResults.

private static ScanResults createFakeSASTScanResults() {
    ScanResults result = new ScanResults();
    CxScanSummary summary = new CxScanSummary();
    result.setScanSummary(summary);
    Map<String, Object> details = new HashMap<>();
    details.put(Constants.SUMMARY_KEY, new HashMap<>());
    result.setAdditionalDetails(details);
    result.setXIssues(new ArrayList<>());
    return result;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary)

Example 8 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class GitHubCommentsASTSteps method createFakeASTScanResults.

private ScanResults createFakeASTScanResults(int highCount, int mediumCount, int lowCount) {
    ScanResults result = new ScanResults();
    ASTResults astResults = new ASTResults();
    List<Finding> findings = new LinkedList<>();
    astResults.setScanId("" + SCAN_ID);
    boolean addNodes = false;
    if (highCount + mediumCount + lowCount > 0) {
        addNodes = true;
    }
    List<StatusCounter> findingCounts = new LinkedList<>();
    addFinding(highCount, findingCounts, findings, Severity.HIGH.name(), addNodes, "SQL_INJECTION");
    addFinding(mediumCount, findingCounts, findings, Severity.MEDIUM.name(), addNodes, "Hardcoded_password_in_Connection_String");
    addFinding(lowCount, findingCounts, findings, Severity.LOW.name(), addNodes, "Open_Redirect");
    astResults.setFindings(findings);
    result.setAstResults(astResults);
    AstSummaryResults summary = new AstSummaryResults();
    summary.setStatusCounters(findingCounts);
    summary.setHighVulnerabilityCount(highCount);
    summary.setMediumVulnerabilityCount(mediumCount);
    summary.setLowVulnerabilityCount(lowCount);
    astResults.setWebReportLink(AST_WEB_REPORT_LINK);
    astResults.setSummary(summary);
    Map<String, Object> details = new HashMap<>();
    details.put(Constants.SUMMARY_KEY, new HashMap<>());
    result.setAdditionalDetails(details);
    return result;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) StatusCounter(com.checkmarx.sdk.dto.ast.report.StatusCounter) AstSummaryResults(com.checkmarx.sdk.dto.ast.report.AstSummaryResults) Finding(com.checkmarx.sdk.dto.ast.report.Finding)

Example 9 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class SCAScanner method cxParseResults.

@Override
protected void cxParseResults(ScanRequest scanRequest, File file) throws ExitThrowable {
    RestClientConfig restClientConfig;
    IScanClientHelper iScanClientHelper;
    try {
        ScanParams sdkScanParams = ScanParams.builder().projectName(scanRequest.getProject()).scaConfig(scanRequest.getScaConfig()).filterConfiguration(scanRequest.getFilter()).build();
        restClientConfig = scaScannerClient.getScanConfig(sdkScanParams);
        iScanClientHelper = new ScaClientHelper(restClientConfig, log, scaProperties);
        ScanResults results = iScanClientHelper.getReportContent(file, scanRequest.getFilter());
        resultsService.processResults(scanRequest, results, scanDetails);
        if (flowProperties.isBreakBuild() && results != null && results.getXIssues() != null && !results.getXIssues().isEmpty()) {
            log.error(ERROR_BREAK_MSG);
            exit(ExitCode.BUILD_INTERRUPTED);
        }
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred while processing results file", e);
        exit(3);
    }
}
Also used : ScaClientHelper(com.checkmarx.sdk.utils.scanner.client.ScaClientHelper) ScanParams(com.checkmarx.sdk.dto.ast.ScanParams) ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) IScanClientHelper(com.checkmarx.sdk.utils.scanner.client.IScanClientHelper) RestClientConfig(com.checkmarx.sdk.config.RestClientConfig)

Example 10 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class ResultsService method processScanResultsAsync.

@Async("scanRequest")
public CompletableFuture<ScanResults> processScanResultsAsync(ScanRequest request, Integer projectId, Integer scanId, String osaScanId, FilterConfiguration filterConfiguration) throws MachinaException {
    try {
        CompletableFuture<ScanResults> future = new CompletableFuture<>();
        // TODO async these, and join and merge after
        ScanResults results = cxScannerService.getScannerClient().getReportContentByScanId(scanId, filterConfiguration);
        logGetResultsJsonLogger(request, scanId, results);
        results = getOSAScan(request, projectId, osaScanId, filterConfiguration, results);
        sendEmailNotification(request, results);
        processResults(request, results, new ScanDetails(projectId, scanId, osaScanId));
        logScanDetails(request, projectId, results);
        future.complete(results);
        return future;
    } catch (Exception e) {
        log.error("Error occurred while processing results.", e);
        CompletableFuture<ScanResults> x = new CompletableFuture<>();
        x.completeExceptionally(e);
        return x;
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) ScanResults(com.checkmarx.sdk.dto.ScanResults) ScanDetails(com.checkmarx.flow.dto.ScanDetails) InvalidCredentialsException(com.checkmarx.flow.exception.InvalidCredentialsException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) RestClientException(com.atlassian.jira.rest.client.api.RestClientException) JiraClientException(com.checkmarx.flow.exception.JiraClientException) JiraClientRunTimeException(com.checkmarx.flow.exception.JiraClientRunTimeException) HttpClientErrorException(org.springframework.web.client.HttpClientErrorException) MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException) MachinaException(com.checkmarx.flow.exception.MachinaException) Async(org.springframework.scheduling.annotation.Async)

Aggregations

ScanResults (com.checkmarx.sdk.dto.ScanResults)58 MachinaException (com.checkmarx.flow.exception.MachinaException)17 ScanRequest (com.checkmarx.flow.dto.ScanRequest)16 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)14 When (io.cucumber.java.en.When)9 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)6 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)6 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)6 ExecutionException (java.util.concurrent.ExecutionException)5 TimeoutException (java.util.concurrent.TimeoutException)5 BugTracker (com.checkmarx.flow.dto.BugTracker)4 ScanParams (com.checkmarx.sdk.dto.ast.ScanParams)4 Filter (com.checkmarx.sdk.dto.sast.Filter)4 Test (org.junit.Test)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 JiraClientException (com.checkmarx.flow.exception.JiraClientException)3 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)3 Finding (com.checkmarx.sdk.dto.sca.report.Finding)3 Package (com.checkmarx.sdk.dto.sca.report.Package)3 IOException (java.io.IOException)3