Examples with ScanResults com.checkmarx.sdk.dto.ScanResults used on opensource projects

Example 26 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class PostRequestData method scanPostback.

@PostMapping(value = "/postbackAction/{scanID}")
public ResponseEntity<EventResponse> scanPostback(@RequestBody String postBackData, @PathVariable(value = "scanID") String scanID) {
    log.debug("Handling post-back from SAST");
    int maxNumberOfTokens = 100;
    PostRequestData prd = new PostRequestData();
    String token = " ";
    String bugTracker = properties.getBugTracker();
    // 
    // / Decode the scan details.
    // 
    StringTokenizer postData = new StringTokenizer(postBackData, "&");
    int iteration = 0;
    while (postData.hasMoreTokens() && iteration < maxNumberOfTokens) {
        String strToken = postData.nextToken();
        if (strToken.length() > 6 && strToken.startsWith("token=")) {
            token = strToken.substring(6);
        }
        if (strToken.length() > 13 && strToken.startsWith("scancomments=")) {
            String scanDetails = strToken.substring(13);
            try {
                String postRequest = URLDecoder.decode(scanDetails, "UTF-8");
                decodePostBackReq(postRequest, prd);
            } catch (Exception e) {
                log.error("Error decoding scan details");
            }
        }
        iteration++;
    }
    validateToken(token);
    try {
        String product = "CX";
        ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
        ScanRequest scanRequest = ScanRequest.builder().namespace(prd.namespace).repoName(prd.repoName).project(prd.project).team(prd.team).repoType(ScanRequest.Repository.GITHUB).product(p).branch(prd.branch).build();
        // There won't be a scan ID on the post-back, so we need to fake it in the
        // event shard support is turned on (very likely if using post-back support).
        String uid = helperService.getShortUid();
        MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
        ScanRequestConverter src = sastScanner.getScanRequestConverter();
        src.setShardPropertiesIfExists(scanRequest, prd.team);
        // Now go ahead and process the scan as normal.
        ScanResults scanResults = cxService.getReportContentByScanId(Integer.parseInt(scanID), scanRequest.getFilter());
        scanRequest.putAdditionalMetadata("statuses_url", prd.pullRequestURL);
        scanRequest.setMergeNoteUri(prd.mergeNoteUri);
        BugTracker bt = ScanUtils.getBugTracker(null, prd.bugType, jiraProperties, bugTracker);
        scanRequest.setBugTracker(bt);
        scanResults.setSastScanId(Integer.parseInt(scanID));
        resultsService.publishCombinedResults(scanRequest, scanResults);
    } catch (Exception e) {
        log.error("Error posting SAST scan results", e);
    }
    return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("Scan Results Successfully Processed").success(true).build());
}

Example 27 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractASTScanner method scan.

@Override
public ScanResults scan(ScanRequest scanRequest) {
    ScanResults result = null;
    log.info("--------------------- Initiating new {} scan ---------------------", scanType);
    ScanParams sdkScanParams = toSdkScanParams(scanRequest);
    AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
    try {
        bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
        internalResults = client.scan(sdkScanParams);
        logRequest(scanRequest, internalResults, OperationResult.successful());
        result = toScanResults(internalResults);
    } catch (Exception e) {
        treatError(scanRequest, internalResults, e);
    }
    return result;
}

Example 28 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractASTScanner method scan.

public ScanResults scan(ScanRequest scanRequest, String path) throws ExitThrowable {
    BugTracker.Type bugTrackerType = bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
    ScanResults result = null;
    if (bugTrackerType.equals(BugTracker.Type.NONE)) {
        log.info("Not waiting for scan completion as Bug Tracker type is NONE");
        ScanParams sdkScanParams = toSdkScanParams(scanRequest, path);
        client.scanWithNoWaitingToResults(sdkScanParams);
    } else {
        result = actualScan(scanRequest, path);
    }
    return result;
}

Example 29 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractASTScanner method actualScan.

private ScanResults actualScan(ScanRequest scanRequest, String path) {
    ScanResults result = null;
    log.info("--------------------- Initiating new {} scan ---------------------", scanType);
    AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
    try {
        ScanParams sdkScanParams = toSdkScanParams(scanRequest, path);
        internalResults = client.scan(sdkScanParams);
        logRequest(scanRequest, internalResults, OperationResult.successful());
        result = toScanResults(internalResults);
    } catch (Exception e) {
        treatError(scanRequest, internalResults, e);
    }
    return result;
}

Example 30 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method getEmptyScanResults.

private ScanResults getEmptyScanResults() {
    ScanResults scanResults;
    scanResults = new ScanResults();
    scanResults.setProjectId(UNKNOWN);
    scanResults.setProject(UNKNOWN);
    scanResults.setScanType(SCAN_TYPE);
    return scanResults;
}