Search in sources :

Example 26 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class PostRequestData method scanPostback.

@PostMapping(value = "/postbackAction/{scanID}")
public ResponseEntity<EventResponse> scanPostback(@RequestBody String postBackData, @PathVariable(value = "scanID") String scanID) {
    log.debug("Handling post-back from SAST");
    int maxNumberOfTokens = 100;
    PostRequestData prd = new PostRequestData();
    String token = " ";
    String bugTracker = properties.getBugTracker();
    // 
    // / Decode the scan details.
    // 
    StringTokenizer postData = new StringTokenizer(postBackData, "&");
    int iteration = 0;
    while (postData.hasMoreTokens() && iteration < maxNumberOfTokens) {
        String strToken = postData.nextToken();
        if (strToken.length() > 6 && strToken.startsWith("token=")) {
            token = strToken.substring(6);
        }
        if (strToken.length() > 13 && strToken.startsWith("scancomments=")) {
            String scanDetails = strToken.substring(13);
            try {
                String postRequest = URLDecoder.decode(scanDetails, "UTF-8");
                decodePostBackReq(postRequest, prd);
            } catch (Exception e) {
                log.error("Error decoding scan details");
            }
        }
        iteration++;
    }
    validateToken(token);
    try {
        String product = "CX";
        ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
        ScanRequest scanRequest = ScanRequest.builder().namespace(prd.namespace).repoName(prd.repoName).project(prd.project).team(prd.team).repoType(ScanRequest.Repository.GITHUB).product(p).branch(prd.branch).build();
        // There won't be a scan ID on the post-back, so we need to fake it in the
        // event shard support is turned on (very likely if using post-back support).
        String uid = helperService.getShortUid();
        MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
        ScanRequestConverter src = sastScanner.getScanRequestConverter();
        src.setShardPropertiesIfExists(scanRequest, prd.team);
        // Now go ahead and process the scan as normal.
        ScanResults scanResults = cxService.getReportContentByScanId(Integer.parseInt(scanID), scanRequest.getFilter());
        scanRequest.putAdditionalMetadata("statuses_url", prd.pullRequestURL);
        scanRequest.setMergeNoteUri(prd.mergeNoteUri);
        BugTracker bt = ScanUtils.getBugTracker(null, prd.bugType, jiraProperties, bugTracker);
        scanRequest.setBugTracker(bt);
        scanResults.setSastScanId(Integer.parseInt(scanID));
        resultsService.publishCombinedResults(scanRequest, scanResults);
    } catch (Exception e) {
        log.error("Error posting SAST scan results", e);
    }
    return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("Scan Results Successfully Processed").success(true).build());
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ScanResults(com.checkmarx.sdk.dto.ScanResults) ScanRequestConverter(com.checkmarx.flow.sastscanning.ScanRequestConverter) BugTracker(com.checkmarx.flow.dto.BugTracker) InvalidTokenException(com.checkmarx.flow.exception.InvalidTokenException)

Example 27 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractASTScanner method scan.

@Override
public ScanResults scan(ScanRequest scanRequest) {
    ScanResults result = null;
    log.info("--------------------- Initiating new {} scan ---------------------", scanType);
    ScanParams sdkScanParams = toSdkScanParams(scanRequest);
    AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
    try {
        bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
        internalResults = client.scan(sdkScanParams);
        logRequest(scanRequest, internalResults, OperationResult.successful());
        result = toScanResults(internalResults);
    } catch (Exception e) {
        treatError(scanRequest, internalResults, e);
    }
    return result;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) ScanParams(com.checkmarx.sdk.dto.ast.ScanParams) AstScaResults(com.checkmarx.sdk.dto.AstScaResults) ASTResults(com.checkmarx.sdk.dto.ast.ASTResults) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) MalformedURLException(java.net.MalformedURLException) MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException)

Example 28 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractASTScanner method scan.

public ScanResults scan(ScanRequest scanRequest, String path) throws ExitThrowable {
    BugTracker.Type bugTrackerType = bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
    ScanResults result = null;
    if (bugTrackerType.equals(BugTracker.Type.NONE)) {
        log.info("Not waiting for scan completion as Bug Tracker type is NONE");
        ScanParams sdkScanParams = toSdkScanParams(scanRequest, path);
        client.scanWithNoWaitingToResults(sdkScanParams);
    } else {
        result = actualScan(scanRequest, path);
    }
    return result;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) ScanParams(com.checkmarx.sdk.dto.ast.ScanParams)

Example 29 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractASTScanner method actualScan.

private ScanResults actualScan(ScanRequest scanRequest, String path) {
    ScanResults result = null;
    log.info("--------------------- Initiating new {} scan ---------------------", scanType);
    AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
    try {
        ScanParams sdkScanParams = toSdkScanParams(scanRequest, path);
        internalResults = client.scan(sdkScanParams);
        logRequest(scanRequest, internalResults, OperationResult.successful());
        result = toScanResults(internalResults);
    } catch (Exception e) {
        treatError(scanRequest, internalResults, e);
    }
    return result;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) ScanParams(com.checkmarx.sdk.dto.ast.ScanParams) AstScaResults(com.checkmarx.sdk.dto.AstScaResults) ASTResults(com.checkmarx.sdk.dto.ast.ASTResults) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) MalformedURLException(java.net.MalformedURLException) MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException)

Example 30 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method getEmptyScanResults.

private ScanResults getEmptyScanResults() {
    ScanResults scanResults;
    scanResults = new ScanResults();
    scanResults.setProjectId(UNKNOWN);
    scanResults.setProject(UNKNOWN);
    scanResults.setScanType(SCAN_TYPE);
    return scanResults;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults)

Aggregations

ScanResults (com.checkmarx.sdk.dto.ScanResults)58 MachinaException (com.checkmarx.flow.exception.MachinaException)17 ScanRequest (com.checkmarx.flow.dto.ScanRequest)16 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)14 When (io.cucumber.java.en.When)9 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)6 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)6 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)6 ExecutionException (java.util.concurrent.ExecutionException)5 TimeoutException (java.util.concurrent.TimeoutException)5 BugTracker (com.checkmarx.flow.dto.BugTracker)4 ScanParams (com.checkmarx.sdk.dto.ast.ScanParams)4 Filter (com.checkmarx.sdk.dto.sast.Filter)4 Test (org.junit.Test)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 JiraClientException (com.checkmarx.flow.exception.JiraClientException)3 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)3 Finding (com.checkmarx.sdk.dto.sca.report.Finding)3 Package (com.checkmarx.sdk.dto.sca.report.Package)3 IOException (java.io.IOException)3