Search in sources :

Example 1 with ASTResults

use of com.checkmarx.sdk.dto.ast.ASTResults in project cx-flow by checkmarx-ltd.

the class Github2AdoSteps method createAstFindings.

private void createAstFindings(ScanResults result) {
    result.setAstResults(new ASTResults());
    result.getAstResults().setScanId("111");
    result.getAstResults().setWebReportLink(WEB_REPORT_LINK);
    LinkedList<Finding> findings = new LinkedList();
    findings.add(createAstFinding(1));
    findings.add(createAstFinding(2));
    result.getAstResults().setFindings(findings);
    result.setScanSummary(new CxScanSummary());
    result.getAstResults().setSummary(new AstSummaryResults());
}
Also used : AstSummaryResults(com.checkmarx.sdk.dto.ast.report.AstSummaryResults) Finding(com.checkmarx.sdk.dto.ast.report.Finding) ASTResults(com.checkmarx.sdk.dto.ast.ASTResults) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary)

Example 2 with ASTResults

use of com.checkmarx.sdk.dto.ast.ASTResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaClientHelper method getReportContent.

@Override
public ScanResults getReportContent(File file, FilterConfiguration filter) throws CheckmarxException {
    SCAResults scaResult = new SCAResults();
    ScanResults result = null;
    if (file == null) {
        throw new CheckmarxException("File not provided for processing of results");
    }
    try {
        /* protect against XXE */
        JAXBContext jc = JAXBContext.newInstance(SCARiskReportType.class);
        XMLInputFactory xif = XMLInputFactory.newInstance();
        xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
        xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
        xif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, false);
        Unmarshaller unmarshaller = jc.createUnmarshaller();
        List<ScanResults.XIssue> issueList = new ArrayList<>();
        JAXBElement<SCARiskReportType> event = (JAXBElement<SCARiskReportType>) unmarshaller.unmarshal(file);
        SCARiskReportType scaResults = event.getValue();
        ScanResults.ScanResultsBuilder scaScanBuilder = ScanResults.builder();
        RiskReportSummaryType iskReportSummaryType = scaResults.getRiskReportSummary();
        PackagesType packagesType = scaResults.getPackages();
        VulnerabilitiesType vulnerabilitiesType = scaResults.getVulnerabilities();
        LicensesType licensesType = scaResults.getLicenses();
        PoliciesType policiesType = scaResults.getPolicies();
        this.scanId = iskReportSummaryType.getRiskReportId();
        this.projectId = iskReportSummaryType.getProjectId();
        scaResult = getLatestScaResults(iskReportSummaryType, packagesType, vulnerabilitiesType, licensesType, policiesType);
        scaResult.setScanId(scanId);
        AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
        result = toScanResults(scaResult);
        return result;
    } catch (JAXBException e) {
        log.error(ERROR_WITH_XML_REPORT);
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
    } catch (NullPointerException e) {
        log.info("Null error");
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
    }
}
Also used : CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) JAXBException(javax.xml.bind.JAXBException) ASTResults(com.checkmarx.sdk.dto.ast.ASTResults) JAXBContext(javax.xml.bind.JAXBContext) JAXBElement(javax.xml.bind.JAXBElement) Unmarshaller(javax.xml.bind.Unmarshaller) XMLInputFactory(javax.xml.stream.XMLInputFactory)

Example 3 with ASTResults

use of com.checkmarx.sdk.dto.ast.ASTResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class AstTest method validateSummary.

private void validateSummary(ASTResults ASTResults) {
    AstSummaryResults summary = ASTResults.getSummary();
    Assert.assertNotNull("Summary is null.", summary);
    Assert.assertTrue("No medium-severity vulnerabilities.", summary.getMediumVulnerabilityCount() > 0);
    Assert.assertNotNull("Status counter list is null.", summary.getStatusCounters());
    Assert.assertFalse("No status counters.", summary.getStatusCounters().isEmpty());
    Assert.assertTrue("Expected total counter to be a positive value.", summary.getTotalCounter() > 0);
    int actualFindingCount = ASTResults.getFindings().size();
    Assert.assertEquals("Total finding count from summary doesn't correspond to the actual count.", actualFindingCount, summary.getTotalCounter());
    long actualFindingCountExceptInfo = ASTResults.getFindings().stream().filter(finding -> !StringUtils.equalsIgnoreCase(finding.getSeverity(), "info")).count();
    int countFromSummaryExceptInfo = summary.getHighVulnerabilityCount() + summary.getMediumVulnerabilityCount() + summary.getLowVulnerabilityCount();
    Assert.assertEquals("Finding count from summary (excluding 'info') doesn't correspond to the actual count.", actualFindingCountExceptInfo, countFromSummaryExceptInfo);
}
Also used : AstScanner(com.checkmarx.sdk.service.scanner.AstScanner) java.util(java.util) CxProperties(com.checkmarx.sdk.config.CxProperties) SourceLocationType(com.checkmarx.sdk.dto.SourceLocationType) URL(java.net.URL) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) ScanParams(com.checkmarx.sdk.dto.ast.ScanParams) StringUtils(org.apache.commons.lang3.StringUtils) Finding(com.checkmarx.sdk.dto.ast.report.Finding) RemoteRepositoryInfo(com.checkmarx.sdk.dto.RemoteRepositoryInfo) SpringRunner(org.springframework.test.context.junit4.SpringRunner) MalformedURLException(java.net.MalformedURLException) AstSummaryResults(com.checkmarx.sdk.dto.ast.report.AstSummaryResults) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Import(org.springframework.context.annotation.Import) GithubProperties(com.checkmarx.sdk.GithubProperties) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) Test(org.junit.Test) CommonClientTest(com.checkmarx.sdk.service.CommonClientTest) Slf4j(lombok.extern.slf4j.Slf4j) SpringConfiguration(com.checkmarx.sdk.config.SpringConfiguration) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) AstScaResults(com.checkmarx.sdk.dto.AstScaResults) ASTResults(com.checkmarx.sdk.dto.ast.ASTResults) AstConfig(com.checkmarx.sdk.config.AstConfig) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) Assert(org.junit.Assert) AstProperties(com.checkmarx.sdk.config.AstProperties) RestClientConfig(com.checkmarx.sdk.config.RestClientConfig) AstSummaryResults(com.checkmarx.sdk.dto.ast.report.AstSummaryResults)

Example 4 with ASTResults

use of com.checkmarx.sdk.dto.ast.ASTResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class AstTest method validateFinalResults.

private void validateFinalResults(AstScaResults finalResults) {
    Assert.assertNotNull("Final scan results are null.", finalResults);
    ASTResults ASTResults = finalResults.getAstResults();
    Assert.assertNotNull("AST-SAST results are null.", ASTResults);
    Assert.assertTrue("Scan ID is missing.", StringUtils.isNotEmpty(ASTResults.getScanId()));
    Assert.assertTrue("Web report link is missing.", StringUtils.isNotEmpty(ASTResults.getWebReportLink()));
    validateFindings(ASTResults);
    validateSummary(ASTResults);
}
Also used : ASTResults(com.checkmarx.sdk.dto.ast.ASTResults)

Example 5 with ASTResults

use of com.checkmarx.sdk.dto.ast.ASTResults in project cx-flow by checkmarx-ltd.

the class AbstractASTScanner method scan.

@Override
public ScanResults scan(ScanRequest scanRequest) {
    ScanResults result = null;
    log.info("--------------------- Initiating new {} scan ---------------------", scanType);
    ScanParams sdkScanParams = toSdkScanParams(scanRequest);
    AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
    try {
        bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
        internalResults = client.scan(sdkScanParams);
        logRequest(scanRequest, internalResults, OperationResult.successful());
        result = toScanResults(internalResults);
    } catch (Exception e) {
        treatError(scanRequest, internalResults, e);
    }
    return result;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) ScanParams(com.checkmarx.sdk.dto.ast.ScanParams) AstScaResults(com.checkmarx.sdk.dto.AstScaResults) ASTResults(com.checkmarx.sdk.dto.ast.ASTResults) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) MalformedURLException(java.net.MalformedURLException) MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException)

Aggregations

ASTResults (com.checkmarx.sdk.dto.ast.ASTResults)7 AstScaResults (com.checkmarx.sdk.dto.AstScaResults)3 ScanParams (com.checkmarx.sdk.dto.ast.ScanParams)3 SCAResults (com.checkmarx.sdk.dto.sca.SCAResults)3 MalformedURLException (java.net.MalformedURLException)3 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)2 ScanResults (com.checkmarx.sdk.dto.ScanResults)2 AstSummaryResults (com.checkmarx.sdk.dto.ast.report.AstSummaryResults)2 Finding (com.checkmarx.sdk.dto.ast.report.Finding)2 GithubProperties (com.checkmarx.sdk.GithubProperties)1 AstConfig (com.checkmarx.sdk.config.AstConfig)1 AstProperties (com.checkmarx.sdk.config.AstProperties)1 CxProperties (com.checkmarx.sdk.config.CxProperties)1 RestClientConfig (com.checkmarx.sdk.config.RestClientConfig)1 SpringConfiguration (com.checkmarx.sdk.config.SpringConfiguration)1 RemoteRepositoryInfo (com.checkmarx.sdk.dto.RemoteRepositoryInfo)1 SourceLocationType (com.checkmarx.sdk.dto.SourceLocationType)1 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)1 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)1 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)1