Example 1 with ASTResults
use of com.checkmarx.sdk.dto.ast.ASTResults in project cx-flow by checkmarx-ltd.
the class Github2AdoSteps method createAstFindings.
private void createAstFindings(ScanResults result) {
result.setAstResults(new ASTResults());
result.getAstResults().setScanId("111");
result.getAstResults().setWebReportLink(WEB_REPORT_LINK);
LinkedList<Finding> findings = new LinkedList();
findings.add(createAstFinding(1));
findings.add(createAstFinding(2));
result.getAstResults().setFindings(findings);
result.setScanSummary(new CxScanSummary());
result.getAstResults().setSummary(new AstSummaryResults());
}
Also used :
AstSummaryResults(com.checkmarx.sdk.dto.ast.report.AstSummaryResults)
Finding(com.checkmarx.sdk.dto.ast.report.Finding)
ASTResults(com.checkmarx.sdk.dto.ast.ASTResults)
CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary)
Example 2 with ASTResults
use of com.checkmarx.sdk.dto.ast.ASTResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class ScaClientHelper method getReportContent.
@Override
public ScanResults getReportContent(File file, FilterConfiguration filter) throws CheckmarxException {
SCAResults scaResult = new SCAResults();
ScanResults result = null;
if (file == null) {
throw new CheckmarxException("File not provided for processing of results");
}
try {
/* protect against XXE */
JAXBContext jc = JAXBContext.newInstance(SCARiskReportType.class);
XMLInputFactory xif = XMLInputFactory.newInstance();
xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
xif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, false);
Unmarshaller unmarshaller = jc.createUnmarshaller();
List<ScanResults.XIssue> issueList = new ArrayList<>();
JAXBElement<SCARiskReportType> event = (JAXBElement<SCARiskReportType>) unmarshaller.unmarshal(file);
SCARiskReportType scaResults = event.getValue();
ScanResults.ScanResultsBuilder scaScanBuilder = ScanResults.builder();
RiskReportSummaryType iskReportSummaryType = scaResults.getRiskReportSummary();
PackagesType packagesType = scaResults.getPackages();
VulnerabilitiesType vulnerabilitiesType = scaResults.getVulnerabilities();
LicensesType licensesType = scaResults.getLicenses();
PoliciesType policiesType = scaResults.getPolicies();
this.scanId = iskReportSummaryType.getRiskReportId();
this.projectId = iskReportSummaryType.getProjectId();
scaResult = getLatestScaResults(iskReportSummaryType, packagesType, vulnerabilitiesType, licensesType, policiesType);
scaResult.setScanId(scanId);
AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
result = toScanResults(scaResult);
return result;
} catch (JAXBException e) {
log.error(ERROR_WITH_XML_REPORT);
log.error(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
} catch (NullPointerException e) {
log.info("Null error");
log.error(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
}
}
Also used :
CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)
JAXBException(javax.xml.bind.JAXBException)
ASTResults(com.checkmarx.sdk.dto.ast.ASTResults)
JAXBContext(javax.xml.bind.JAXBContext)
JAXBElement(javax.xml.bind.JAXBElement)
Unmarshaller(javax.xml.bind.Unmarshaller)
XMLInputFactory(javax.xml.stream.XMLInputFactory)
Example 3 with ASTResults
use of com.checkmarx.sdk.dto.ast.ASTResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class AstTest method validateSummary.
private void validateSummary(ASTResults ASTResults) {
AstSummaryResults summary = ASTResults.getSummary();
Assert.assertNotNull("Summary is null.", summary);
Assert.assertTrue("No medium-severity vulnerabilities.", summary.getMediumVulnerabilityCount() > 0);
Assert.assertNotNull("Status counter list is null.", summary.getStatusCounters());
Assert.assertFalse("No status counters.", summary.getStatusCounters().isEmpty());
Assert.assertTrue("Expected total counter to be a positive value.", summary.getTotalCounter() > 0);
int actualFindingCount = ASTResults.getFindings().size();
Assert.assertEquals("Total finding count from summary doesn't correspond to the actual count.", actualFindingCount, summary.getTotalCounter());
long actualFindingCountExceptInfo = ASTResults.getFindings().stream().filter(finding -> !StringUtils.equalsIgnoreCase(finding.getSeverity(), "info")).count();
int countFromSummaryExceptInfo = summary.getHighVulnerabilityCount() + summary.getMediumVulnerabilityCount() + summary.getLowVulnerabilityCount();
Assert.assertEquals("Finding count from summary (excluding 'info') doesn't correspond to the actual count.", actualFindingCountExceptInfo, countFromSummaryExceptInfo);
}
Also used :
AstScanner(com.checkmarx.sdk.service.scanner.AstScanner)
java.util(java.util)
CxProperties(com.checkmarx.sdk.config.CxProperties)
SourceLocationType(com.checkmarx.sdk.dto.SourceLocationType)
URL(java.net.URL)
RunWith(org.junit.runner.RunWith)
Autowired(org.springframework.beans.factory.annotation.Autowired)
ScanParams(com.checkmarx.sdk.dto.ast.ScanParams)
StringUtils(org.apache.commons.lang3.StringUtils)
Finding(com.checkmarx.sdk.dto.ast.report.Finding)
RemoteRepositoryInfo(com.checkmarx.sdk.dto.RemoteRepositoryInfo)
SpringRunner(org.springframework.test.context.junit4.SpringRunner)
MalformedURLException(java.net.MalformedURLException)
AstSummaryResults(com.checkmarx.sdk.dto.ast.report.AstSummaryResults)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Import(org.springframework.context.annotation.Import)
GithubProperties(com.checkmarx.sdk.GithubProperties)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
Test(org.junit.Test)
CommonClientTest(com.checkmarx.sdk.service.CommonClientTest)
Slf4j(lombok.extern.slf4j.Slf4j)
SpringConfiguration(com.checkmarx.sdk.config.SpringConfiguration)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
AstScaResults(com.checkmarx.sdk.dto.AstScaResults)
ASTResults(com.checkmarx.sdk.dto.ast.ASTResults)
AstConfig(com.checkmarx.sdk.config.AstConfig)
FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration)
Assert(org.junit.Assert)
AstProperties(com.checkmarx.sdk.config.AstProperties)
RestClientConfig(com.checkmarx.sdk.config.RestClientConfig)
AstSummaryResults(com.checkmarx.sdk.dto.ast.report.AstSummaryResults)
Example 4 with ASTResults
use of com.checkmarx.sdk.dto.ast.ASTResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class AstTest method validateFinalResults.
private void validateFinalResults(AstScaResults finalResults) {
Assert.assertNotNull("Final scan results are null.", finalResults);
ASTResults ASTResults = finalResults.getAstResults();
Assert.assertNotNull("AST-SAST results are null.", ASTResults);
Assert.assertTrue("Scan ID is missing.", StringUtils.isNotEmpty(ASTResults.getScanId()));
Assert.assertTrue("Web report link is missing.", StringUtils.isNotEmpty(ASTResults.getWebReportLink()));
validateFindings(ASTResults);
validateSummary(ASTResults);
}
Also used :
ASTResults(com.checkmarx.sdk.dto.ast.ASTResults)
Example 5 with ASTResults
use of com.checkmarx.sdk.dto.ast.ASTResults in project cx-flow by checkmarx-ltd.
the class AbstractASTScanner method scan.
@Override
public ScanResults scan(ScanRequest scanRequest) {
ScanResults result = null;
log.info("--------------------- Initiating new {} scan ---------------------", scanType);
ScanParams sdkScanParams = toSdkScanParams(scanRequest);
AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
try {
bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
internalResults = client.scan(sdkScanParams);
logRequest(scanRequest, internalResults, OperationResult.successful());
result = toScanResults(internalResults);
} catch (Exception e) {
treatError(scanRequest, internalResults, e);
}
return result;
}
Also used :
ScanResults(com.checkmarx.sdk.dto.ScanResults)
ScanParams(com.checkmarx.sdk.dto.ast.ScanParams)
AstScaResults(com.checkmarx.sdk.dto.AstScaResults)
ASTResults(com.checkmarx.sdk.dto.ast.ASTResults)
SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)
MalformedURLException(java.net.MalformedURLException)
MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException)
Aggregations
ASTResults (com.checkmarx.sdk.dto.ast.ASTResults)7
AstScaResults (com.checkmarx.sdk.dto.AstScaResults)3
ScanParams (com.checkmarx.sdk.dto.ast.ScanParams)3
SCAResults (com.checkmarx.sdk.dto.sca.SCAResults)3
MalformedURLException (java.net.MalformedURLException)3
MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)2
ScanResults (com.checkmarx.sdk.dto.ScanResults)2
AstSummaryResults (com.checkmarx.sdk.dto.ast.report.AstSummaryResults)2
Finding (com.checkmarx.sdk.dto.ast.report.Finding)2
GithubProperties (com.checkmarx.sdk.GithubProperties)1
AstConfig (com.checkmarx.sdk.config.AstConfig)1
AstProperties (com.checkmarx.sdk.config.AstProperties)1
CxProperties (com.checkmarx.sdk.config.CxProperties)1
RestClientConfig (com.checkmarx.sdk.config.RestClientConfig)1
SpringConfiguration (com.checkmarx.sdk.config.SpringConfiguration)1
RemoteRepositoryInfo (com.checkmarx.sdk.dto.RemoteRepositoryInfo)1
SourceLocationType (com.checkmarx.sdk.dto.SourceLocationType)1
CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)1
FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)1
CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)1
