use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.
the class PostRequestData method scanPostback.
@PostMapping(value = "/postbackAction/{scanID}")
public ResponseEntity<EventResponse> scanPostback(@RequestBody String postBackData, @PathVariable(value = "scanID") String scanID) {
log.debug("Handling post-back from SAST");
int maxNumberOfTokens = 100;
PostRequestData prd = new PostRequestData();
String token = " ";
String bugTracker = properties.getBugTracker();
//
// / Decode the scan details.
//
StringTokenizer postData = new StringTokenizer(postBackData, "&");
int iteration = 0;
while (postData.hasMoreTokens() && iteration < maxNumberOfTokens) {
String strToken = postData.nextToken();
if (strToken.length() > 6 && strToken.startsWith("token=")) {
token = strToken.substring(6);
}
if (strToken.length() > 13 && strToken.startsWith("scancomments=")) {
String scanDetails = strToken.substring(13);
try {
String postRequest = URLDecoder.decode(scanDetails, "UTF-8");
decodePostBackReq(postRequest, prd);
} catch (Exception e) {
log.error("Error decoding scan details");
}
}
iteration++;
}
validateToken(token);
try {
String product = "CX";
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
ScanRequest scanRequest = ScanRequest.builder().namespace(prd.namespace).repoName(prd.repoName).project(prd.project).team(prd.team).repoType(ScanRequest.Repository.GITHUB).product(p).branch(prd.branch).build();
// There won't be a scan ID on the post-back, so we need to fake it in the
// event shard support is turned on (very likely if using post-back support).
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
ScanRequestConverter src = sastScanner.getScanRequestConverter();
src.setShardPropertiesIfExists(scanRequest, prd.team);
// Now go ahead and process the scan as normal.
ScanResults scanResults = cxService.getReportContentByScanId(Integer.parseInt(scanID), scanRequest.getFilter());
scanRequest.putAdditionalMetadata("statuses_url", prd.pullRequestURL);
scanRequest.setMergeNoteUri(prd.mergeNoteUri);
BugTracker bt = ScanUtils.getBugTracker(null, prd.bugType, jiraProperties, bugTracker);
scanRequest.setBugTracker(bt);
scanResults.setSastScanId(Integer.parseInt(scanID));
resultsService.publishCombinedResults(scanRequest, scanResults);
} catch (Exception e) {
log.error("Error posting SAST scan results", e);
}
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("Scan Results Successfully Processed").success(true).build());
}
use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.
the class AbstractASTScanner method scan.
@Override
public ScanResults scan(ScanRequest scanRequest) {
ScanResults result = null;
log.info("--------------------- Initiating new {} scan ---------------------", scanType);
ScanParams sdkScanParams = toSdkScanParams(scanRequest);
AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
try {
bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
internalResults = client.scan(sdkScanParams);
logRequest(scanRequest, internalResults, OperationResult.successful());
result = toScanResults(internalResults);
} catch (Exception e) {
treatError(scanRequest, internalResults, e);
}
return result;
}
use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.
the class AbstractASTScanner method scan.
public ScanResults scan(ScanRequest scanRequest, String path) throws ExitThrowable {
BugTracker.Type bugTrackerType = bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
ScanResults result = null;
if (bugTrackerType.equals(BugTracker.Type.NONE)) {
log.info("Not waiting for scan completion as Bug Tracker type is NONE");
ScanParams sdkScanParams = toSdkScanParams(scanRequest, path);
client.scanWithNoWaitingToResults(sdkScanParams);
} else {
result = actualScan(scanRequest, path);
}
return result;
}
use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.
the class AbstractASTScanner method actualScan.
private ScanResults actualScan(ScanRequest scanRequest, String path) {
ScanResults result = null;
log.info("--------------------- Initiating new {} scan ---------------------", scanType);
AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
try {
ScanParams sdkScanParams = toSdkScanParams(scanRequest, path);
internalResults = client.scan(sdkScanParams);
logRequest(scanRequest, internalResults, OperationResult.successful());
result = toScanResults(internalResults);
} catch (Exception e) {
treatError(scanRequest, internalResults, e);
}
return result;
}
use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.
the class AbstractVulnerabilityScanner method getEmptyScanResults.
private ScanResults getEmptyScanResults() {
ScanResults scanResults;
scanResults = new ScanResults();
scanResults.setProjectId(UNKNOWN);
scanResults.setProject(UNKNOWN);
scanResults.setScanType(SCAN_TYPE);
return scanResults;
}
Aggregations