use of com.checkmarx.sdk.dto.ast.ASTResults in project cx-flow by checkmarx-ltd.
the class Github2AdoSteps method createAstFindings.
private void createAstFindings(ScanResults result) {
result.setAstResults(new ASTResults());
result.getAstResults().setScanId("111");
result.getAstResults().setWebReportLink(WEB_REPORT_LINK);
LinkedList<Finding> findings = new LinkedList();
findings.add(createAstFinding(1));
findings.add(createAstFinding(2));
result.getAstResults().setFindings(findings);
result.setScanSummary(new CxScanSummary());
result.getAstResults().setSummary(new AstSummaryResults());
}
use of com.checkmarx.sdk.dto.ast.ASTResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class ScaClientHelper method getReportContent.
@Override
public ScanResults getReportContent(File file, FilterConfiguration filter) throws CheckmarxException {
SCAResults scaResult = new SCAResults();
ScanResults result = null;
if (file == null) {
throw new CheckmarxException("File not provided for processing of results");
}
try {
/* protect against XXE */
JAXBContext jc = JAXBContext.newInstance(SCARiskReportType.class);
XMLInputFactory xif = XMLInputFactory.newInstance();
xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
xif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, false);
Unmarshaller unmarshaller = jc.createUnmarshaller();
List<ScanResults.XIssue> issueList = new ArrayList<>();
JAXBElement<SCARiskReportType> event = (JAXBElement<SCARiskReportType>) unmarshaller.unmarshal(file);
SCARiskReportType scaResults = event.getValue();
ScanResults.ScanResultsBuilder scaScanBuilder = ScanResults.builder();
RiskReportSummaryType iskReportSummaryType = scaResults.getRiskReportSummary();
PackagesType packagesType = scaResults.getPackages();
VulnerabilitiesType vulnerabilitiesType = scaResults.getVulnerabilities();
LicensesType licensesType = scaResults.getLicenses();
PoliciesType policiesType = scaResults.getPolicies();
this.scanId = iskReportSummaryType.getRiskReportId();
this.projectId = iskReportSummaryType.getProjectId();
scaResult = getLatestScaResults(iskReportSummaryType, packagesType, vulnerabilitiesType, licensesType, policiesType);
scaResult.setScanId(scanId);
AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
result = toScanResults(scaResult);
return result;
} catch (JAXBException e) {
log.error(ERROR_WITH_XML_REPORT);
log.error(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
} catch (NullPointerException e) {
log.info("Null error");
log.error(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
}
}
use of com.checkmarx.sdk.dto.ast.ASTResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class AstTest method validateSummary.
private void validateSummary(ASTResults ASTResults) {
AstSummaryResults summary = ASTResults.getSummary();
Assert.assertNotNull("Summary is null.", summary);
Assert.assertTrue("No medium-severity vulnerabilities.", summary.getMediumVulnerabilityCount() > 0);
Assert.assertNotNull("Status counter list is null.", summary.getStatusCounters());
Assert.assertFalse("No status counters.", summary.getStatusCounters().isEmpty());
Assert.assertTrue("Expected total counter to be a positive value.", summary.getTotalCounter() > 0);
int actualFindingCount = ASTResults.getFindings().size();
Assert.assertEquals("Total finding count from summary doesn't correspond to the actual count.", actualFindingCount, summary.getTotalCounter());
long actualFindingCountExceptInfo = ASTResults.getFindings().stream().filter(finding -> !StringUtils.equalsIgnoreCase(finding.getSeverity(), "info")).count();
int countFromSummaryExceptInfo = summary.getHighVulnerabilityCount() + summary.getMediumVulnerabilityCount() + summary.getLowVulnerabilityCount();
Assert.assertEquals("Finding count from summary (excluding 'info') doesn't correspond to the actual count.", actualFindingCountExceptInfo, countFromSummaryExceptInfo);
}
use of com.checkmarx.sdk.dto.ast.ASTResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class AstTest method validateFinalResults.
private void validateFinalResults(AstScaResults finalResults) {
Assert.assertNotNull("Final scan results are null.", finalResults);
ASTResults ASTResults = finalResults.getAstResults();
Assert.assertNotNull("AST-SAST results are null.", ASTResults);
Assert.assertTrue("Scan ID is missing.", StringUtils.isNotEmpty(ASTResults.getScanId()));
Assert.assertTrue("Web report link is missing.", StringUtils.isNotEmpty(ASTResults.getWebReportLink()));
validateFindings(ASTResults);
validateSummary(ASTResults);
}
use of com.checkmarx.sdk.dto.ast.ASTResults in project cx-flow by checkmarx-ltd.
the class AbstractASTScanner method scan.
@Override
public ScanResults scan(ScanRequest scanRequest) {
ScanResults result = null;
log.info("--------------------- Initiating new {} scan ---------------------", scanType);
ScanParams sdkScanParams = toSdkScanParams(scanRequest);
AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
try {
bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
internalResults = client.scan(sdkScanParams);
logRequest(scanRequest, internalResults, OperationResult.successful());
result = toScanResults(internalResults);
} catch (Exception e) {
treatError(scanRequest, internalResults, e);
}
return result;
}
Aggregations