Search in sources :

Example 41 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class FilterScriptSteps method generateIssues.

private void generateIssues(CxClient cxClientSpy) {
    // Avoid additional API calls that we don't care about.
    cxProperties.setOffline(true);
    try {
        FilterConfiguration filter = getFilterConfiguration();
        ScanResults report = cxClientSpy.getReportContent(333333, filter);
        findingNumbersAfterFiltering = report.getXIssues().stream().map(xIssue -> findingFilenameToNumber.get(xIssue.getFilename())).collect(Collectors.toSet());
    } catch (Exception e) {
        reportGenerationException = e;
    }
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) IOException(java.io.IOException) CheckmarxRuntimeException(com.checkmarx.sdk.exception.CheckmarxRuntimeException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) SAXException(org.xml.sax.SAXException)

Example 42 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class ScanUtils method getScaSummaryIssueKey.

/**
 * @param request   The scanRequest object
 * @param issue     The scanResults issue
 * @param extraTags Extra tags array. Jira issue prefix/postfix are on the [0], [1] positions
 * @return  Issue key according to the bug type parameter
 */
public static String getScaSummaryIssueKey(ScanRequest request, ScanResults.XIssue issue, String... extraTags) {
    ScanResults.ScaDetails scaDetails = issue.getScaDetails().get(0);
    String bugType = request.getBugTracker().getType().getType();
    switch(bugType) {
        case "JIRA":
            String issuePrefix = extraTags[0];
            String issuePostfix = extraTags[1];
            Finding detailsFindings = scaDetails.getFinding();
            Package vulnerabilityPackage = scaDetails.getVulnerabilityPackage();
            return anyEmpty(request.getNamespace(), request.getRepoName(), request.getBranch()) ? getJiraScaSummaryIssueKeyWithoutBranch(request, issuePrefix, issuePostfix, detailsFindings, vulnerabilityPackage) : getJiraScaSummaryIssueKey(request, issuePrefix, issuePostfix, detailsFindings, vulnerabilityPackage);
        case "CUSTOM":
            return anyEmpty(request.getBranch(), request.getNamespace(), request.getRepoName()) ? getCustomScaSummaryIssueKeyWithoutBranch(request, scaDetails) : getCustomScaSummaryIssueKey(request, scaDetails);
        default:
            throw new NotImplementedException("Summary issue key wasn't implemented yet for bug type: {}", bugType);
    }
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) Finding(com.checkmarx.sdk.dto.sca.report.Finding) NotImplementedException(org.apache.commons.lang3.NotImplementedException) Package(com.checkmarx.sdk.dto.sca.report.Package)

Example 43 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class FlowControllerTest method testSSuccessfulScanResult.

@ParameterizedTest
@MethodSource("generateDataForSuccessfulScanResults")
public void testSSuccessfulScanResult(String severity, String cwe, String category, String status, String assignee, String override, String bug) {
    ScanResults results = new ScanResults();
    CompletableFuture<ScanResults> cf = CompletableFuture.completedFuture(results);
    when(sastScanner.getLatestScanResultsAsync(any(ScanRequest.class), isNull())).thenReturn(cf);
    ArgumentCaptor<ScanRequest> captor = ArgumentCaptor.forClass(ScanRequest.class);
    List<String> severityFilters = TestsParseUtils.parseCsvToList(severity);
    List<String> cweFilters = TestsParseUtils.parseCsvToList(cwe);
    List<String> categoryFilters = TestsParseUtils.parseCsvToList(category);
    List<String> statusFilters = TestsParseUtils.parseCsvToList(status);
    ScanResults scanResults = flowController.latestScanResults(testProps.getProject(), flowProperties.getToken(), ScanFixture.TEAM_ID, testProps.getApplication(), severityFilters, cweFilters, categoryFilters, statusFilters, assignee, override, bug);
    verify(sastScanner, times(1)).getLatestScanResultsAsync(captor.capture(), isNull());
    ScanRequest actual = captor.getValue();
    assertScanResultsRequest(actual, testProps.getApplication(), ScanFixture.TEAM_ID, severityFilters, cweFilters, categoryFilters, statusFilters);
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ScanResults(com.checkmarx.sdk.dto.ScanResults) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) MethodSource(org.junit.jupiter.params.provider.MethodSource)

Example 44 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class GetResultsAnalyticsTestSteps method getSCAResults.

@When("doing get results operation on SCA scan with {int} {int} {int} results")
public void getSCAResults(int high, int medium, int low) throws InterruptedException {
    try {
        scanResultsToInject = createFakeSCAScanResults(high, medium, low);
        ScanRequest scanRequest = createScanRequest();
        // addAdditionalInfoToResults();
        // addFlowSummaryToResults(high, medium, low, info);
        CompletableFuture<ScanResults> task = resultsService.processScanResultsAsync(scanRequest, PROJECT_ID, SCAN_ID, null, null);
        task.get(1, TimeUnit.MINUTES);
    } catch (MachinaException | ExecutionException | TimeoutException e) {
        String message = "Error processing scan results.";
        log.error(message, e);
        Assert.fail(message);
    }
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) ExecutionException(java.util.concurrent.ExecutionException) TimeoutException(java.util.concurrent.TimeoutException) When(io.cucumber.java.en.When)

Example 45 with ScanResults

use of com.checkmarx.sdk.dto.ScanResults in project cx-flow by checkmarx-ltd.

the class GetResultsAnalyticsTestSteps method getSASTResults.

@When("doing get results operation on SAST scan with {int} {int} {int} {int} results")
public void getSASTResults(int high, int medium, int low, int info) throws InterruptedException {
    try {
        scanResultsToInject = createFakeSASTScanResults();
        ScanRequest scanRequest = createScanRequest();
        setFindingsSummary(high, medium, low, info);
        addAdditionalInfoToResults();
        addFlowSummaryToResults(high, medium, low, info);
        CompletableFuture<ScanResults> task = resultsService.processScanResultsAsync(scanRequest, PROJECT_ID, SCAN_ID, null, null);
        task.get(1, TimeUnit.MINUTES);
    } catch (MachinaException | ExecutionException | TimeoutException e) {
        String message = "Error processing scan results.";
        log.error(message, e);
        Assert.fail(message);
    }
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) ExecutionException(java.util.concurrent.ExecutionException) TimeoutException(java.util.concurrent.TimeoutException) When(io.cucumber.java.en.When)

Aggregations

ScanResults (com.checkmarx.sdk.dto.ScanResults)58 MachinaException (com.checkmarx.flow.exception.MachinaException)17 ScanRequest (com.checkmarx.flow.dto.ScanRequest)16 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)14 When (io.cucumber.java.en.When)9 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)6 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)6 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)6 ExecutionException (java.util.concurrent.ExecutionException)5 TimeoutException (java.util.concurrent.TimeoutException)5 BugTracker (com.checkmarx.flow.dto.BugTracker)4 ScanParams (com.checkmarx.sdk.dto.ast.ScanParams)4 Filter (com.checkmarx.sdk.dto.sast.Filter)4 Test (org.junit.Test)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 JiraClientException (com.checkmarx.flow.exception.JiraClientException)3 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)3 Finding (com.checkmarx.sdk.dto.sca.report.Finding)3 Package (com.checkmarx.sdk.dto.sca.report.Package)3 IOException (java.io.IOException)3