use of com.checkmarx.sdk.dto.ast.report.Finding in project cx-flow by checkmarx-ltd.
the class GitHubCommentsASTSteps method createFakeASTScanResults.
private ScanResults createFakeASTScanResults(int highCount, int mediumCount, int lowCount) {
ScanResults result = new ScanResults();
ASTResults astResults = new ASTResults();
List<Finding> findings = new LinkedList<>();
astResults.setScanId("" + SCAN_ID);
boolean addNodes = false;
if (highCount + mediumCount + lowCount > 0) {
addNodes = true;
}
List<StatusCounter> findingCounts = new LinkedList<>();
addFinding(highCount, findingCounts, findings, Severity.HIGH.name(), addNodes, "SQL_INJECTION");
addFinding(mediumCount, findingCounts, findings, Severity.MEDIUM.name(), addNodes, "Hardcoded_password_in_Connection_String");
addFinding(lowCount, findingCounts, findings, Severity.LOW.name(), addNodes, "Open_Redirect");
astResults.setFindings(findings);
result.setAstResults(astResults);
AstSummaryResults summary = new AstSummaryResults();
summary.setStatusCounters(findingCounts);
summary.setHighVulnerabilityCount(highCount);
summary.setMediumVulnerabilityCount(mediumCount);
summary.setLowVulnerabilityCount(lowCount);
astResults.setWebReportLink(AST_WEB_REPORT_LINK);
astResults.setSummary(summary);
Map<String, Object> details = new HashMap<>();
details.put(Constants.SUMMARY_KEY, new HashMap<>());
result.setAdditionalDetails(details);
return result;
}
use of com.checkmarx.sdk.dto.ast.report.Finding in project cx-flow by checkmarx-ltd.
the class Github2AdoSteps method createAstFindings.
private void createAstFindings(ScanResults result) {
result.setAstResults(new ASTResults());
result.getAstResults().setScanId("111");
result.getAstResults().setWebReportLink(WEB_REPORT_LINK);
LinkedList<Finding> findings = new LinkedList();
findings.add(createAstFinding(1));
findings.add(createAstFinding(2));
result.getAstResults().setFindings(findings);
result.setScanSummary(new CxScanSummary());
result.getAstResults().setSummary(new AstSummaryResults());
}
use of com.checkmarx.sdk.dto.ast.report.Finding in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class AstTest method validateSummary.
private void validateSummary(ASTResults ASTResults) {
AstSummaryResults summary = ASTResults.getSummary();
Assert.assertNotNull("Summary is null.", summary);
Assert.assertTrue("No medium-severity vulnerabilities.", summary.getMediumVulnerabilityCount() > 0);
Assert.assertNotNull("Status counter list is null.", summary.getStatusCounters());
Assert.assertFalse("No status counters.", summary.getStatusCounters().isEmpty());
Assert.assertTrue("Expected total counter to be a positive value.", summary.getTotalCounter() > 0);
int actualFindingCount = ASTResults.getFindings().size();
Assert.assertEquals("Total finding count from summary doesn't correspond to the actual count.", actualFindingCount, summary.getTotalCounter());
long actualFindingCountExceptInfo = ASTResults.getFindings().stream().filter(finding -> !StringUtils.equalsIgnoreCase(finding.getSeverity(), "info")).count();
int countFromSummaryExceptInfo = summary.getHighVulnerabilityCount() + summary.getMediumVulnerabilityCount() + summary.getLowVulnerabilityCount();
Assert.assertEquals("Finding count from summary (excluding 'info') doesn't correspond to the actual count.", actualFindingCountExceptInfo, countFromSummaryExceptInfo);
}
use of com.checkmarx.sdk.dto.ast.report.Finding in project cx-flow by checkmarx-ltd.
the class GitHubCommentsASTSteps method addFinding.
private void addFinding(Integer countFindingsPerSeverity, List<StatusCounter> findingCounts, List<Finding> findings, String severity, boolean addNodes, String queryName) {
for (int i = 0; i < countFindingsPerSeverity; i++) {
Finding fnd = new Finding();
fnd.setSeverity(severity);
fnd.setQueryName(queryName + "-" + i);
if (addNodes) {
addNodes(fnd);
}
findings.add(fnd);
}
StatusCounter statusCounter = new StatusCounter();
statusCounter.setStatus(severity);
statusCounter.setCounter(countFindingsPerSeverity);
findingCounts.add(statusCounter);
}
use of com.checkmarx.sdk.dto.ast.report.Finding in project cx-flow by checkmarx-ltd.
the class Github2AdoSteps method createAstFinding.
private Finding createAstFinding(int index) {
Finding f1 = new Finding();
f1.setDescription(DESCRIPTION_AST + index);
f1.setState(TO_VERIFY);
f1.setQueryName("Query Name " + index);
f1.setSeverity("HIGH");
f1.setCweID(index);
f1.setSimilarityID(index);
f1.setUniqueID(index);
f1.setNodes(Arrays.asList(new FindingNode()));
f1.getNodes().get(0).setFileName(index + "file.java");
return f1;
}
Aggregations