Search in sources :

Example 31 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method getScanResults.

private ScanResults getScanResults(ScanRequest scanRequest, Integer projectId, Integer scanId) throws CheckmarxException {
    ScanResults scanResults = null;
    BugTracker.Type bugTrackerType = bugTrackers.getBugTrackerEventTrigger().triggerScanStartedEvent(scanRequest);
    if (!getCxPropertiesBase().getEnablePostActionMonitor()) {
        if (bugTrackerType.equals(BugTracker.Type.NONE)) {
            scanDetails = handleNoneBugTrackerCase(scanRequest, null, scanId, projectId);
        } else {
            getScannerClient().waitForScanCompletion(scanId);
            logRequest(scanRequest, scanId, null, OperationResult.successful());
            scanResults = getScannerClient().getReportContentByScanId(scanId, scanRequest.getFilter());
            scanResults.setSastScanId(scanId);
        }
    } else {
        scanResults = getEmptyScanResults();
        scanResults.setSastScanId(scanId);
    }
    return scanResults;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults)

Example 32 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method getLatestScanResultsAsync.

public CompletableFuture<ScanResults> getLatestScanResultsAsync(ScanRequest request, CxProject cxProject) {
    try {
        CxProject project;
        if (cxProject == null) {
            Integer projectId = getProjectId(request);
            if (projectId.equals(UNKNOWN_INT)) {
                log.warn("No project found for {}", request.getProject());
                return CompletableFuture.completedFuture(null);
            }
            project = getScannerClient().getProject(projectId);
        } else {
            project = cxProject;
        }
        Integer scanId = getScannerClient().getLastScanId(project.getId());
        if (scanId.equals(UNKNOWN_INT)) {
            log.warn("No Scan Results to process for project {}", project.getName());
            CompletableFuture<ScanResults> x = new CompletableFuture<>();
            x.complete(null);
            return x;
        }
        setCxFields(project, request);
        // null is passed for osaScanId as it is not applicable here and will be ignored
        return resultsService.processScanResultsAsync(request, project.getId(), scanId, null, request.getFilter());
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred while processing results for {}{}", request.getTeam(), request.getProject(), e);
        CompletableFuture<ScanResults> x = new CompletableFuture<>();
        x.completeExceptionally(e);
        return x;
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Example 33 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method scanLocalPath.

private ScanResults scanLocalPath(ScanRequest request, String path) throws ExitThrowable {
    ScanResults results = null;
    try {
        String effectiveProjectName = projectNameGenerator.determineProjectName(request);
        request.setProject(effectiveProjectName);
        overrideScanPreset(request);
        File zipFile = ZipUtils.zipToTempFile(path, flowProperties.getZipExclude());
        ScanDetails details = executeCxScan(request, zipFile);
        results = getScanResults(request, details.getProjectId(), details.getScanId());
        log.debug("Deleting temp file {}", zipFile.getPath());
        Files.deleteIfExists(zipFile.toPath());
    } catch (IOException e) {
        log.error("Error occurred while attempting to zip path {}", path, e);
        exit(3);
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred", e);
        exit(3);
    }
    return results;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) IOException(java.io.IOException) File(java.io.File)

Example 34 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method scanRemoteRepo.

private ScanResults scanRemoteRepo(ScanRequest request) throws ExitThrowable {
    ScanResults results = null;
    try {
        String effectiveProjectName = projectNameGenerator.determineProjectName(request);
        request.setProject(effectiveProjectName);
        ScanDetails details = executeCxScan(request, null);
        results = getScanResults(request, details.getProjectId(), details.getScanId());
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred", e);
        exit(3);
    }
    return results;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)

Example 35 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class JiraService method process.

Map<String, List<String>> process(ScanResults results, ScanRequest request, ScanDetails scanDetails) throws JiraClientException {
    Map<String, ScanResults.XIssue> map;
    Map<String, Issue> jiraMap;
    List<Issue> issuesParent;
    List<Issue> issuesGrandParent;
    List<String> newIssues = new ArrayList<>();
    List<String> updatedIssues = new ArrayList<>();
    List<String> closedIssues = new ArrayList<>();
    String filterScanner = "";
    if (CliMode.SCAN.equals(request.getCliMode())) {
        if (null != results.getScaResults()) {
            filterScanner = JIRA_ISSUE_LABEL_SCA;
        }
        if (null != results.getXIssues()) {
            if (filterScanner.isEmpty()) {
                filterScanner = JIRA_ISSUE_LABEL_SAST;
            } else {
                filterScanner = filterScanner + "," + JIRA_ISSUE_LABEL_SAST;
            }
        }
    }
    codeBashingService.createLessonsMap();
    getAndModifyRequestApplication(request);
    String jiraProjectKey = determineJiraProjectKey(request);
    request.getBugTracker().setProjectKey(jiraProjectKey);
    loadCustomFields(request.getBugTracker().getProjectKey(), request.getBugTracker().getIssueType());
    if (this.jiraProperties.isChild()) {
        ScanRequest parent = new ScanRequest(request);
        ScanRequest grandparent = new ScanRequest(request);
        BugTracker bugTracker;
        bugTracker = parent.getBugTracker();
        bugTracker.setProjectKey(parentUrl);
        parent.setBugTracker(bugTracker);
        issuesParent = this.getIssues(parent, filterScanner);
        if (grandParentUrl.length() == 0) {
            log.info("Grandparent field is empty");
            issuesGrandParent = null;
        } else {
            BugTracker bugTrackerGrandParenet;
            bugTrackerGrandParenet = grandparent.getBugTracker();
            bugTrackerGrandParenet.setProjectKey(grandParentUrl);
            grandparent.setBugTracker(bugTrackerGrandParenet);
            issuesGrandParent = this.getIssues(grandparent, filterScanner);
        }
    } else {
        issuesParent = null;
        issuesGrandParent = null;
    }
    log.info("Processing Results and publishing findings to Jira");
    map = this.getIssueMap(results, request);
    setMapWithScanResults(map, nonPublishedScanResultsMap);
    jiraMap = this.getJiraIssueMap(this.getIssues(request, filterScanner));
    for (Map.Entry<String, ScanResults.XIssue> xIssue : map.entrySet()) {
        String issueCurrentKey = xIssue.getKey();
        try {
            ScanResults.XIssue currentIssue = xIssue.getValue();
            codeBashingService.addCodebashingUrlToIssue(currentIssue);
            /*Issue already exists -> update and comment*/
            if (jiraMap.containsKey(issueCurrentKey)) {
                Issue issue = jiraMap.get(issueCurrentKey);
                if (xIssue.getValue().isAllFalsePositive()) {
                    // All issues are false positive, so issue should be closed
                    log.debug("All issues are false positives");
                    Issue fpIssue;
                    fpIssue = checkForFalsePositiveIssuesInList(request, xIssue, currentIssue, issue);
                    closeIssueInCaseOfIssueIsInOpenState(request, closedIssues, fpIssue);
                } else /*Ignore any with label indicating false positive*/
                if (!issue.getLabels().contains(jiraProperties.getFalsePositiveLabel())) {
                    updateIssueAndAddToNewIssuesList(request, updatedIssues, xIssue, currentIssue, issue);
                } else {
                    log.info("Skipping issue marked as false-positive or has False Positive state with key {}", issueCurrentKey);
                }
            } else {
                /*Create the new issue*/
                if (!currentIssue.isAllFalsePositive() && (!jiraProperties.isChild() || (!parentCheck(issueCurrentKey, issuesParent) && !grandparentCheck(issueCurrentKey, issuesGrandParent)))) {
                    if (jiraProperties.isChild()) {
                        log.info("Issue not found in parent creating issue for child");
                    }
                    createIssueAndAddToNewIssuesList(request, newIssues, xIssue, currentIssue);
                }
            }
        } catch (RestClientException e) {
            log.error("Error occurred while processing issue with key {}", issueCurrentKey, e);
            throw new JiraClientException();
        }
        log.debug("Issue: {} successfully updated. Removing it from dynamic scan results map", xIssue.getValue());
        nonPublishedScanResultsMap.remove(issueCurrentKey);
    }
    /*Check if an issue exists in Jira but not within results and close if not*/
    closeIssueInCaseNotWithinResults(request, map, jiraMap, closedIssues);
    ImmutableMap<String, List<String>> ticketsMap = ImmutableMap.of(JiraConstants.NEW_TICKET, newIssues, JiraConstants.UPDATED_TICKET, updatedIssues, JiraConstants.CLOSED_TICKET, closedIssues);
    logJiraTickets(request, scanDetails, ticketsMap);
    setCurrentNewIssuesList(newIssues);
    setCurrentUpdatedIssuesList(updatedIssues);
    setCurrentClosedIssuesList(closedIssues);
    return ticketsMap;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) JiraClientException(com.checkmarx.flow.exception.JiraClientException) BugTracker(com.checkmarx.flow.dto.BugTracker) ScanRequest(com.checkmarx.flow.dto.ScanRequest) ImmutableMap(com.google.common.collect.ImmutableMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)

Aggregations

ScanResults (com.checkmarx.sdk.dto.ScanResults)58 MachinaException (com.checkmarx.flow.exception.MachinaException)17 ScanRequest (com.checkmarx.flow.dto.ScanRequest)16 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)14 When (io.cucumber.java.en.When)9 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)6 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)6 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)6 ExecutionException (java.util.concurrent.ExecutionException)5 TimeoutException (java.util.concurrent.TimeoutException)5 BugTracker (com.checkmarx.flow.dto.BugTracker)4 ScanParams (com.checkmarx.sdk.dto.ast.ScanParams)4 Filter (com.checkmarx.sdk.dto.sast.Filter)4 Test (org.junit.Test)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 JiraClientException (com.checkmarx.flow.exception.JiraClientException)3 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)3 Finding (com.checkmarx.sdk.dto.sca.report.Finding)3 Package (com.checkmarx.sdk.dto.sca.report.Package)3 IOException (java.io.IOException)3