Search in sources :

Example 1 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method executeCxScan.

public ScanDetails executeCxScan(ScanRequest request, File cxFile) throws MachinaException {
    String osaScanId;
    Integer scanId = null;
    Integer projectId;
    try {
        /*Check if team is provided*/
        String ownerId = getScanRequestConverter().determineTeamAndOwnerID(request);
        log.debug("Auto profiling is enabled");
        projectId = getScanRequestConverter().determinePresetAndProjectId(request, ownerId);
        CxScanParams params = getScanRequestConverter().prepareScanParamsObject(request, cxFile, ownerId, projectId);
        scanId = getScannerClient().createScan(params, getComment(request));
        osaScanId = createOsaScan(request, projectId);
        if (osaScanId != null) {
            logRequest(request, osaScanId, cxFile, OperationResult.successful());
        }
    } catch (GitHubRepoUnavailableException e) {
        // an error stack trace in the log.
        return new ScanDetails(UNKNOWN_INT, UNKNOWN_INT, new CompletableFuture<>(), false);
    } catch (CheckmarxException | GitAPIException e) {
        String extendedMessage = treatFailure(request, cxFile, scanId, e);
        throw new MachinaException("Checkmarx Error Occurred: " + extendedMessage);
    }
    logRequest(request, scanId, cxFile, OperationResult.successful());
    this.scanDetails = new ScanDetails(projectId, scanId, osaScanId);
    return scanDetails;
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams) GitAPIException(org.eclipse.jgit.api.errors.GitAPIException) CompletableFuture(java.util.concurrent.CompletableFuture) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) GitHubRepoUnavailableException(com.checkmarx.flow.exception.GitHubRepoUnavailableException)

Example 2 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class GoScanner method getProjectId.

public Integer getProjectId(String ownerId, String name) {
    log.debug("Retrieving OD Project List");
    OdProjectList appList = getProjectPage(ownerId);
    for (OdProjectListDataItem item : appList.getData().getItems()) {
        if (item.getName().equals(name)) {
            CxScanParams csp = getScanProbeByTeam(ownerId);
            csp.setProjectId(item.getId());
            return item.getId();
        }
    }
    return UNKNOWN_INT;
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams)

Example 3 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxGoServiceIT method gitClone.

@Test
// works only on Windows
@Ignore
public void gitClone() throws CheckmarxException {
    login();
    CxScanParams params = new CxScanParams();
    params.setProjectName("CircleCI");
    params.setTeamId("1");
    params.setGitUrl("https://github.com/Custodela/Riches.git");
    params.setBranch("refs/heads/master");
    params.setSourceType(CxScanParams.Type.GIT);
    String zipFilePath = repoFileService.prepareRepoFile(params);
    assertTrue("Zip file path is empty.", StringUtils.isNotEmpty(zipFilePath));
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams) Ignore(org.junit.Ignore) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 4 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxGoServiceIT method completeScanFlow.

@Test
// works only on Windows
@Ignore
public void completeScanFlow() throws CheckmarxException {
    login();
    if (StringUtils.isNotEmpty(properties.getClientSecret())) {
        String teamId = service.getTeamId(properties.getTeam());
        Integer projectId = service.getProjectId(teamId, GO_PROJECT_NAME);
        CxScanParams params = new CxScanParams();
        params.setProjectName(GO_PROJECT_NAME);
        params.setTeamId(teamId);
        params.setProjectId(projectId);
        params.setGitUrl("https://github.com/Custodela/Riches.git");
        params.setBranch("refs/heads/master");
        params.setSourceType(CxScanParams.Type.GIT);
        // run the scan and wait for it to finish
        Integer x = service.createScan(params, "CxFlow Scan");
        service.waitForScanCompletion(x);
        FilterConfiguration filterConfiguration = FilterConfiguration.fromSimpleFilters(Collections.singletonList(new Filter(Filter.Type.SEVERITY, "High")));
        // generate the results
        ScanResults results = service.getReportContentByScanId(x, filterConfiguration);
        assertNotNull(results);
    }
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams) Filter(com.checkmarx.sdk.dto.sast.Filter) ScanResults(com.checkmarx.sdk.dto.ScanResults) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) Ignore(org.junit.Ignore) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 5 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxServiceIT method completeScanFlow.

@Test
@Ignore("Stable environment required")
public void completeScanFlow() throws CheckmarxException {
    final String PROJECT_NAME = "my-project-name";
    final String GIT_REPO_URL = "https://github.com/my-organization/my-repo.git";
    final String BRANCH_NAME = "refs/heads/develop";
    String teamId = service.getTeamId(properties.getTeam());
    Integer projectId = service.getProjectId(teamId, PROJECT_NAME);
    CxScanParams params = new CxScanParams();
    params.setProjectName(PROJECT_NAME);
    params.setTeamId(teamId);
    params.setProjectId(projectId);
    params.setGitUrl(GIT_REPO_URL);
    params.setBranch(BRANCH_NAME);
    params.setSourceType(CxScanParams.Type.GIT);
    // run the scan and wait for it to finish
    Integer x = service.createScan(params, "CxSDK Scan");
    service.waitForScanCompletion(x);
    List<Filter> highSeverityOnly = Collections.singletonList(new Filter(Filter.Type.SEVERITY, "High"));
    FilterConfiguration filterConfiguration = FilterConfiguration.fromSimpleFilters(highSeverityOnly);
    // generate the results
    ScanResults results = service.getReportContentByScanId(x, filterConfiguration);
    assertNotNull(results);
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams) Filter(com.checkmarx.sdk.dto.sast.Filter) ScanResults(com.checkmarx.sdk.dto.ScanResults) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) Ignore(org.junit.Ignore) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)14 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)4 Test (org.junit.Test)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 ScanResults (com.checkmarx.sdk.dto.ScanResults)3 GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)3 Ignore (org.junit.Ignore)3 GitHubRepoUnavailableException (com.checkmarx.flow.exception.GitHubRepoUnavailableException)2 MachinaException (com.checkmarx.flow.exception.MachinaException)2 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)2 Filter (com.checkmarx.sdk.dto.sast.Filter)2 JSONObject (org.json.JSONObject)2 ScanReport (com.checkmarx.flow.dto.report.ScanReport)1 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)1 Before (io.cucumber.java.Before)1 File (java.io.File)1 IOException (java.io.IOException)1 URISyntaxException (java.net.URISyntaxException)1 CompletableFuture (java.util.concurrent.CompletableFuture)1