Search in sources :

Example 1 with CxProject

use of com.checkmarx.sdk.dto.cx.CxProject in project cx-flow by checkmarx-ltd.

the class ResultsService method getCxFields.

private void getCxFields(ScanRequest request, ScanResults results) throws MachinaException {
    try {
        /*Are cx fields required?*/
        if (!requiresCxCustomFields(request.getBugTracker().getFields())) {
            return;
        }
        /*if so, then get them and add them to the request object*/
        if (!ScanUtils.empty(results.getProjectId()) && !results.getProjectId().equals(Constants.UNKNOWN)) {
            CxProject project = cxScannerService.getScannerClient().getProject(Integer.parseInt(results.getProjectId()));
            Map<String, String> fields = new HashMap<>();
            for (CxProject.CustomField field : project.getCustomFields()) {
                if (!ScanUtils.empty(field.getName()) && !ScanUtils.empty(field.getValue())) {
                    fields.put(field.getName(), field.getValue());
                }
            }
            if (!fields.isEmpty()) {
                request.setCxFields(fields);
                if (!ScanUtils.empty(cxScannerService.getProperties().getJiraProjectField())) {
                    String jiraProject = fields.get(cxScannerService.getProperties().getJiraProjectField());
                    if (!ScanUtils.empty(jiraProject)) {
                        request.getBugTracker().setProjectKey(jiraProject);
                    }
                }
                if (!ScanUtils.empty(cxScannerService.getProperties().getJiraIssuetypeField())) {
                    String jiraIssuetype = fields.get(cxScannerService.getProperties().getJiraIssuetypeField());
                    if (!ScanUtils.empty(jiraIssuetype)) {
                        request.getBugTracker().setIssueType(jiraIssuetype);
                    }
                }
            }
        }
    } catch (InvalidCredentialsException e) {
        log.warn("Error retrieving Checkmarx Project details for {}, no custom fields will be available", results.getProjectId(), e);
        throw new MachinaException("Error logging into Checkmarx");
    }
}
Also used : HashMap(java.util.HashMap) InvalidCredentialsException(com.checkmarx.flow.exception.InvalidCredentialsException) MachinaException(com.checkmarx.flow.exception.MachinaException) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Example 2 with CxProject

use of com.checkmarx.sdk.dto.cx.CxProject in project cx-flow by checkmarx-ltd.

the class ThresholdsSteps method initMock.

private void initMock(CxClient cxClientMock) {
    try {
        CxProject cxProject = CxProject.builder().id(1).name("testproject").isPublic(false).customFields(Collections.EMPTY_LIST).build();
        ScanResultsAnswerer answerer = new ScanResultsAnswerer();
        when(cxClientMock.getReportContentByScanId(anyInt(), any())).thenAnswer(answerer);
        when(cxClientMock.getProject(anyInt())).thenReturn(cxProject);
        when(cxClientMock.getTeamId(anyString())).thenReturn("1");
    } catch (CheckmarxException e) {
        Assert.fail("Error initializing mock." + e);
    }
}
Also used : CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Example 3 with CxProject

use of com.checkmarx.sdk.dto.cx.CxProject in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method getLatestScanResultsAsync.

public CompletableFuture<ScanResults> getLatestScanResultsAsync(ScanRequest request, CxProject cxProject) {
    try {
        CxProject project;
        if (cxProject == null) {
            Integer projectId = getProjectId(request);
            if (projectId.equals(UNKNOWN_INT)) {
                log.warn("No project found for {}", request.getProject());
                return CompletableFuture.completedFuture(null);
            }
            project = getScannerClient().getProject(projectId);
        } else {
            project = cxProject;
        }
        Integer scanId = getScannerClient().getLastScanId(project.getId());
        if (scanId.equals(UNKNOWN_INT)) {
            log.warn("No Scan Results to process for project {}", project.getName());
            CompletableFuture<ScanResults> x = new CompletableFuture<>();
            x.complete(null);
            return x;
        }
        setCxFields(project, request);
        // null is passed for osaScanId as it is not applicable here and will be ignored
        return resultsService.processScanResultsAsync(request, project.getId(), scanId, null, request.getFilter());
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred while processing results for {}{}", request.getTeam(), request.getProject(), e);
        CompletableFuture<ScanResults> x = new CompletableFuture<>();
        x.completeExceptionally(e);
        return x;
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Example 4 with CxProject

use of com.checkmarx.sdk.dto.cx.CxProject in project cx-flow by checkmarx-ltd.

the class GitHubService method startBlockMerge.

public void startBlockMerge(ScanRequest request, String url) {
    if (properties.isBlockMerge()) {
        final String PULL_REQUEST_STATUS = "pending";
        // When Shard Manager is enabled overide the PULL url to link to the correct shard.
        if (cxProperties.getEnableShardManager()) {
            ShardSession shard = sessionTracker.getShardSession();
            try {
                String teamId = cxService.getTeamId(request.getTeam());
                List<CxProject> projects = cxService.getProjects(teamId);
                String projectID = "0";
                // String projName = request.getRepoName() + "-" + request.getBranch();
                for (CxProject project : projects) {
                    if (project.getName().equals(request.getProject())) {
                        projectID = project.getId().toString();
                    }
                }
                url = shard.getUrl() + "/cxwebclient/portal#/projectState/" + projectID + "/Summary";
            } catch (CheckmarxException e) {
                log.error(URL_INVALID);
            }
        }
        HttpEntity<?> httpEntity = new HttpEntity<>(getJSONStatus(PULL_REQUEST_STATUS, url, "Checkmarx Scan Initiated").toString(), createAuthHeaders(request));
        String statusApiUrl = request.getAdditionalMetadata(STATUSES_URL_KEY);
        if (ScanUtils.empty(statusApiUrl)) {
            log.error(STATUSES_URL_NOT_PROVIDED);
            return;
        }
        log.debug("Setting pull request status to '{}': {}", PULL_REQUEST_STATUS, statusApiUrl);
        String logErrorMessage = String.format("failed to set pull request status to %s", PULL_REQUEST_STATUS);
        statusExchange(request, httpEntity, statusApiUrl, logErrorMessage);
    }
}
Also used : HttpEntity(org.springframework.http.HttpEntity) ShardSession(com.checkmarx.sdk.ShardManager.ShardSession) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Example 5 with CxProject

use of com.checkmarx.sdk.dto.cx.CxProject in project cx-flow by checkmarx-ltd.

the class SastScanner method cxBatch.

/**
 * Process Projects in batch mode - JIRA ONLY
 */
public void cxBatch(ScanRequest originalRequest) throws ExitThrowable {
    try {
        List<CxProject> projects;
        List<CompletableFuture<ScanResults>> processes = new ArrayList<>();
        // Get all projects
        if (ScanUtils.empty(originalRequest.getTeam())) {
            projects = cxService.getProjects();
        } else {
            // Get projects for the provided team
            String team = originalRequest.getTeam();
            if (!team.startsWith(cxProperties.getTeamPathSeparator())) {
                team = cxProperties.getTeamPathSeparator().concat(team);
            }
            String teamId = cxService.getTeamId(team);
            projects = cxService.getProjects(teamId);
        }
        for (CxProject project : projects) {
            ScanRequest request = new ScanRequest(originalRequest);
            String name = project.getName().replaceAll("[^a-zA-Z0-9-_]+", "_");
            // TODO set team when entire instance batch mode
            // update new request object with a unique id for thread log monitoring
            projectNameGenerator.getHelperService().getShortUid(request);
            request.setProject(name);
            request.setApplication(name);
            processes.add(getLatestScanResultsAsync(request, project));
        }
        log.info("Waiting for processing to complete");
        processes.forEach(CompletableFuture::join);
    } catch (CheckmarxException e) {
        log.error("Error occurred while processing projects in batch mode", e);
        exit(3);
    }
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) CompletableFuture(java.util.concurrent.CompletableFuture) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) ArrayList(java.util.ArrayList) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Aggregations

CxProject (com.checkmarx.sdk.dto.cx.CxProject)6 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)5 MachinaException (com.checkmarx.flow.exception.MachinaException)2 CompletableFuture (java.util.concurrent.CompletableFuture)2 ScanRequest (com.checkmarx.flow.dto.ScanRequest)1 InvalidCredentialsException (com.checkmarx.flow.exception.InvalidCredentialsException)1 ShardSession (com.checkmarx.sdk.ShardManager.ShardSession)1 ScanResults (com.checkmarx.sdk.dto.ScanResults)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Test (org.junit.Test)1 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)1 HttpEntity (org.springframework.http.HttpEntity)1