Search in sources :

Example 21 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxServiceIT method getReportContent.

@Test
public void getReportContent() {
    try {
        List<Filter> filters = new ArrayList<>();
        filters.add(new Filter(Filter.Type.SEVERITY, "High"));
        FilterConfiguration filterConfiguration = FilterConfiguration.fromSimpleFilters(filters);
        ScanResults results = service.getLatestScanResults(properties.getTeam(), "Riches", filterConfiguration);
        assertNotNull(results);
    } catch (CheckmarxException e) {
        fail("Unexpected CheckmarxException");
    }
}
Also used : Filter(com.checkmarx.sdk.dto.sast.Filter) ScanResults(com.checkmarx.sdk.dto.ScanResults) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) ArrayList(java.util.ArrayList) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 22 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxServiceIT method completeScanFlow.

@Test
@Ignore("Stable environment required")
public void completeScanFlow() throws CheckmarxException {
    final String PROJECT_NAME = "my-project-name";
    final String GIT_REPO_URL = "https://github.com/my-organization/my-repo.git";
    final String BRANCH_NAME = "refs/heads/develop";
    String teamId = service.getTeamId(properties.getTeam());
    Integer projectId = service.getProjectId(teamId, PROJECT_NAME);
    CxScanParams params = new CxScanParams();
    params.setProjectName(PROJECT_NAME);
    params.setTeamId(teamId);
    params.setProjectId(projectId);
    params.setGitUrl(GIT_REPO_URL);
    params.setBranch(BRANCH_NAME);
    params.setSourceType(CxScanParams.Type.GIT);
    // run the scan and wait for it to finish
    Integer x = service.createScan(params, "CxSDK Scan");
    service.waitForScanCompletion(x);
    List<Filter> highSeverityOnly = Collections.singletonList(new Filter(Filter.Type.SEVERITY, "High"));
    FilterConfiguration filterConfiguration = FilterConfiguration.fromSimpleFilters(highSeverityOnly);
    // generate the results
    ScanResults results = service.getReportContentByScanId(x, filterConfiguration);
    assertNotNull(results);
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams) Filter(com.checkmarx.sdk.dto.sast.Filter) ScanResults(com.checkmarx.sdk.dto.ScanResults) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) Ignore(org.junit.Ignore) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 23 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class CxFlowRunner method scanRemoteRepo.

private void scanRemoteRepo(ScanRequest request, String gitUrl, String gitAuthUrl, String branch, ScanRequest.Repository repoType, ApplicationArguments args) throws ExitThrowable {
    log.info("Initiating scan using Checkmarx git clone");
    request.setRepoType(repoType);
    log.info("Git url: {}", gitUrl);
    request.setBranch(branch);
    request.setRepoUrl(gitUrl);
    request.setRepoUrlWithAuth(gitAuthUrl);
    request.setRefs(Constants.CX_BRANCH_PREFIX.concat(branch));
    if (!args.containsOption(IAST_OPTION)) {
        ScanResults scanResults = runOnActiveScanners(scanner -> scanner.scanCli(request, "Scan-git-clone"));
        processResults(request, scanResults);
    }
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults)

Example 24 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class CxFlowRunner method scanLocalPath.

private void scanLocalPath(ScanRequest request, String path) throws ExitThrowable {
    if (ScanUtils.empty(request.getProject())) {
        log.error("Please provide --cx-project to define the project in Checkmarx");
        exit(ExitCode.ARGUMENT_NOT_PROVIDED);
    }
    CxConfig cxConfig = getCxConfigOverride(path, "cx.config");
    request = configOverrider.overrideScanRequestProperties(cxConfig, request);
    // A lambda rquires a final or effectively final parameter
    ScanRequest finalRequest = request;
    ScanResults scanResults = runOnActiveScanners(scanner -> scanner.scanCli(finalRequest, "cxFullScan", new File(path)));
    processResults(request, scanResults);
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig) File(java.io.File)

Example 25 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class PostRequestData method latestScanResults.

@GetMapping(value = "/scanresults", produces = "application/json")
public ScanResults latestScanResults(// Mandatory parameters
@RequestParam(value = "project") String project, @RequestHeader(value = TOKEN_HEADER) String token, // Optional parameters
@RequestParam(value = "team", required = false) String team, @RequestParam(value = "application", required = false) String application, @RequestParam(value = "severity", required = false) List<String> severity, @RequestParam(value = "cwe", required = false) List<String> cwe, @RequestParam(value = "category", required = false) List<String> category, @RequestParam(value = "status", required = false) List<String> status, @RequestParam(value = "assignee", required = false) String assignee, @RequestParam(value = "override", required = false) String override, @RequestParam(value = "bug", required = false) String bug) {
    String uid = helperService.getShortUid();
    MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
    // Validate shared API token from header
    validateToken(token);
    // This primes the shard when Shard Manager is turned on
    if (cxProperties.getEnableShardManager()) {
        ShardSession shard = sessionTracker.getShardSession();
        // ensures this gets fixed like this: /CxServer/CHECKMARX
        if (team.charAt(0) != '/') {
            team = ("/" + team);
        }
        shard.setTeam(team);
        shard.setProject(project);
    }
    // Create bug tracker
    BugTracker bugTracker = getBugTracker(assignee, bug);
    // Create filters if available
    ControllerRequest request = new ControllerRequest(severity, cwe, category, status, null);
    FilterConfiguration filter = filterFactory.getFilter(request, properties);
    // Create the scan request
    ScanRequest scanRequest = ScanRequest.builder().application(ScanUtils.empty(application) ? project : application).product(// Default product: CX
    ScanRequest.Product.CX).project(project).team(team).bugTracker(bugTracker).filter(filter).build();
    scanRequest.setId(uid);
    // If an override blob/file is provided, substitute these values
    if (!ScanUtils.empty(override)) {
        FlowOverride ovr = ScanUtils.getMachinaOverride(override);
        scanRequest = configOverrider.overrideScanRequestProperties(ovr, scanRequest);
    }
    // Fetch the Checkmarx Scan Results based on given ScanRequest.
    // The cxProject parameter is null because the required project metadata
    // is already contained in the scanRequest parameter.
    ScanResults scanResults = CxScannerService.getScanner(cxgoScanner, sastScanner).getLatestScanResults(scanRequest);
    log.debug("ScanResults {}", scanResults);
    return scanResults;
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ShardSession(com.checkmarx.sdk.ShardManager.ShardSession) ScanResults(com.checkmarx.sdk.dto.ScanResults) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) BugTracker(com.checkmarx.flow.dto.BugTracker) ControllerRequest(com.checkmarx.flow.dto.ControllerRequest) FlowOverride(com.checkmarx.flow.dto.FlowOverride)

Aggregations

ScanResults (com.checkmarx.sdk.dto.ScanResults)58 MachinaException (com.checkmarx.flow.exception.MachinaException)17 ScanRequest (com.checkmarx.flow.dto.ScanRequest)16 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)14 When (io.cucumber.java.en.When)9 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)6 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)6 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)6 ExecutionException (java.util.concurrent.ExecutionException)5 TimeoutException (java.util.concurrent.TimeoutException)5 BugTracker (com.checkmarx.flow.dto.BugTracker)4 ScanParams (com.checkmarx.sdk.dto.ast.ScanParams)4 Filter (com.checkmarx.sdk.dto.sast.Filter)4 Test (org.junit.Test)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 JiraClientException (com.checkmarx.flow.exception.JiraClientException)3 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)3 Finding (com.checkmarx.sdk.dto.sca.report.Finding)3 Package (com.checkmarx.sdk.dto.sca.report.Package)3 IOException (java.io.IOException)3