Search in sources :

Example 6 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class GoScanner method searchTreeChildren.

private String searchTreeChildren(String teamPath, String[] buTokens, int i, ArrayList<Object> children) {
    String token = buTokens[i++];
    for (Object item : children) {
        LinkedHashMap<String, Object> node = (LinkedHashMap<String, Object>) item;
        Object o = node.get("id");
        Integer id = (Integer) o;
        o = node.get("title");
        String title = (String) o;
        title = title.trim();
        o = node.get("children");
        ArrayList<Object> nodeChildren = (ArrayList<Object>) o;
        if (title.equals(token)) {
            if (i == buTokens.length) {
                CxScanParams csp = getScanProbeByTeam(id.toString());
                csp.setTeamName(teamPath);
                return id.toString();
            } else {
                return searchTreeChildren(teamPath, buTokens, i, nodeChildren);
            }
        }
    }
    return UNKNOWN;
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams) JSONObject(org.json.JSONObject)

Example 7 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class GoScanner method getScanProbeByTeam.

/**
 * Examines the current scan scanProbeMap and returns the record matching the teamID
 * 'if' it exsits.
 *
 * @return the CxScanParams record
 */
private CxScanParams getScanProbeByTeam(String teamID) {
    // First check it if it exists
    for (CxScanParams csp : scanProbeMap) {
        if (csp.getTeamId().equals(teamID)) {
            return csp;
        }
    }
    // If it doesn't exist then create it
    CxScanParams csp = new CxScanParams();
    csp.setTeamId(teamID);
    scanProbeMap.add(csp);
    return csp;
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams)

Example 8 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxRepoFileHelper method prepareScanParamsToCloneRepo.

private CxScanParams prepareScanParamsToCloneRepo(String repoUrlWithAuth, List<String> excludeFiles, String branch) {
    CxScanParams cxScanParams = new CxScanParams();
    cxScanParams.withGitUrl(repoUrlWithAuth);
    cxScanParams.withFileExclude(excludeFiles);
    if (StringUtils.isNotEmpty(branch)) {
        cxScanParams.withBranch(Constants.CX_BRANCH_PREFIX.concat(branch));
    }
    return cxScanParams;
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams)

Example 9 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method scan.

@Override
public ScanResults scan(ScanRequest scanRequest) {
    log.info("--------------------- Initiating new {} scan ---------------------", SCAN_TYPE);
    setRequestParamsByProperties(scanRequest);
    checkScanSubmitEmailDelivery(scanRequest);
    try {
        Integer scanId;
        CxScanParams cxScanParams = getScanRequestConverter().toScanParams(scanRequest);
        Integer projectId = cxScanParams.getProjectId();
        log.info("Checking if there is any existing scan for Project: {}", projectId);
        Integer existingScanId = getScannerClient().getScanIdOfExistingScanIfExists(projectId);
        String scanComment = getScanComment(scanRequest);
        if (existingScanId != UNKNOWN_INT) {
            if (!getCxPropertiesBase().getScanQueuing()) {
                Boolean scanResubmit = false;
                if (scanRequest.getScanResubmit() != null) {
                    scanResubmit = Boolean.parseBoolean(scanRequest.getScanResubmit());
                } else if (flowProperties.getScanResubmit()) {
                    scanResubmit = flowProperties.getScanResubmit();
                }
                if (scanResubmit) {
                    log.info("Existing ongoing scan with id {} found for Project : {}", existingScanId, projectId);
                    log.info("Aborting the ongoing scan with id {} for Project: {}", existingScanId, projectId);
                    getScannerClient().cancelScan(existingScanId);
                    log.info("Resubmitting the scan for Project: {}", projectId);
                    scanId = getScannerClient().createScan(cxScanParams, scanComment);
                } else {
                    log.warn("Property scan-resubmit set to {} : New scan not submitted, due to existing ongoing scan for the same Project id {}", flowProperties.getScanResubmit(), projectId);
                    bugTrackers.getBugTrackerEventTrigger().triggerScanNotSubmittedBugTrackerEvent(scanRequest, getEmptyScanResults());
                    throw new CheckmarxException(String.format("Active Scan with Id %d already exists for Project: %d", existingScanId, projectId));
                }
            } else {
                scanId = getScannerClient().createScan(cxScanParams, scanComment);
            }
        } else {
            scanId = getScannerClient().createScan(cxScanParams, scanComment);
        }
        return getScanResults(scanRequest, projectId, scanId);
    } catch (GitHubRepoUnavailableException e) {
        // an error stack trace in the log
        return getEmptyScanResults();
    } catch (Exception e) {
        log.error("SAST scan failed", e);
        OperationResult scanCreationFailure = new OperationResult(OperationStatus.FAILURE, e.getMessage());
        ScanReport report = new ScanReport(-1, scanRequest, scanRequest.getRepoUrl(), scanCreationFailure);
        report.log();
        return getEmptyScanResults();
    }
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams) ScanReport(com.checkmarx.flow.dto.report.ScanReport) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) GitHubRepoUnavailableException(com.checkmarx.flow.exception.GitHubRepoUnavailableException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) GitAPIException(org.eclipse.jgit.api.errors.GitAPIException) GitHubRepoUnavailableException(com.checkmarx.flow.exception.GitHubRepoUnavailableException) IOException(java.io.IOException) MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException) MachinaException(com.checkmarx.flow.exception.MachinaException)

Example 10 with CxScanParams

use of com.checkmarx.sdk.dto.cx.CxScanParams in project cx-flow by checkmarx-ltd.

the class ScanRequestConverter method prepareScanParamsObject.

public CxScanParams prepareScanParamsObject(ScanRequest request, File cxFile, String ownerId, Integer projectId) {
    CxScanParams params = new CxScanParams().teamId(ownerId).withTeamName(request.getTeam()).projectId(projectId).withProjectName(request.getProject()).withScanPreset(request.getScanPreset()).withGitUrl(request.getRepoUrlWithAuth()).withIncremental(request.isIncremental()).withForceScan(request.isForceScan()).withFileExclude(request.getExcludeFiles()).withFolderExclude(request.getExcludeFolders()).withScanConfiguration(request.getScanConfiguration()).withSshKeyIdentifier(request.getSshKeyIdentifier()).withClientSecret(request.getScannerApiSec()).withCustomFields(request.getCxFields()).withScanCustomFields(request.getScanFields());
    if (StringUtils.isNotEmpty(request.getBranch())) {
        params.withBranch(Constants.CX_BRANCH_PREFIX.concat(request.getBranch()));
    }
    if (StringUtils.isEmpty(request.getBranch())) {
        params.withBranch(Constants.CX_BRANCH_PREFIX.concat(""));
    }
    if (StringUtils.isNotEmpty(request.getDefaultBranch())) {
        params.withDefaultBranch(Constants.CX_BRANCH_PREFIX.concat(request.getDefaultBranch()));
    }
    if (StringUtils.isEmpty(request.getDefaultBranch()) && StringUtils.isNotEmpty(request.getMergeTargetBranch())) {
        params.withDefaultBranch(Constants.CX_BRANCH_PREFIX.concat(request.getMergeTargetBranch()));
    }
    if (StringUtils.isEmpty(request.getDefaultBranch()) && StringUtils.isEmpty(request.getMergeTargetBranch())) {
        params.withDefaultBranch(Constants.CX_BRANCH_PREFIX.concat(""));
    }
    if (cxFile != null) {
        params.setSourceType(CxScanParams.Type.FILE);
        params.setFilePath(cxFile.getAbsolutePath());
    }
    return params;
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams)

Aggregations

CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)14 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)4 Test (org.junit.Test)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 ScanResults (com.checkmarx.sdk.dto.ScanResults)3 GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)3 Ignore (org.junit.Ignore)3 GitHubRepoUnavailableException (com.checkmarx.flow.exception.GitHubRepoUnavailableException)2 MachinaException (com.checkmarx.flow.exception.MachinaException)2 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)2 Filter (com.checkmarx.sdk.dto.sast.Filter)2 JSONObject (org.json.JSONObject)2 ScanReport (com.checkmarx.flow.dto.report.ScanReport)1 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)1 Before (io.cucumber.java.Before)1 File (java.io.File)1 IOException (java.io.IOException)1 URISyntaxException (java.net.URISyntaxException)1 CompletableFuture (java.util.concurrent.CompletableFuture)1