Search in sources :

Example 1 with EngineFilterConfiguration

use of com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration in project cx-flow by checkmarx-ltd.

the class ConfigurationOverrider method overrideFilters.

private void overrideFilters(FlowOverride flowOverride, ScanRequest request, Map<String, String> overrideReport) {
    Optional.ofNullable(flowOverride.getFilters()).ifPresent(override -> {
        FilterFactory filterFactory = new FilterFactory();
        ControllerRequest controllerRequest = new ControllerRequest(override.getSeverity(), override.getCwe(), override.getCategory(), override.getStatus(), override.getState());
        FilterConfiguration filterConfig = filterFactory.getFilter(controllerRequest, null);
        request.setFilter(filterConfig);
        String filterDescr;
        List<Filter> simpleFilters = Optional.ofNullable(filterConfig).map(FilterConfiguration::getSastFilters).map(EngineFilterConfiguration::getSimpleFilters).orElse(null);
        if (CollectionUtils.isNotEmpty(simpleFilters)) {
            filterDescr = simpleFilters.stream().map(Object::toString).collect(Collectors.joining(","));
        } else {
            filterDescr = "EMPTY";
        }
        overrideReport.put("filters", filterDescr);
    });
}
Also used : Filter(com.checkmarx.sdk.dto.sast.Filter) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) ControllerRequest(com.checkmarx.flow.dto.ControllerRequest)

Example 2 with EngineFilterConfiguration

use of com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration in project cx-flow by checkmarx-ltd.

the class FilterFactory method getFilterFromComponents.

public FilterConfiguration getFilterFromComponents(String filterScript, List<Filter> simpleFilters) {
    Script parsedScript = parseScriptText(filterScript);
    EngineFilterConfiguration sastFilterConfig = EngineFilterConfiguration.builder().simpleFilters(simpleFilters).scriptedFilter(ScriptedFilter.builder().script(parsedScript).build()).build();
    return FilterConfiguration.builder().sastFilters(sastFilterConfig).build();
}
Also used : Script(groovy.lang.Script) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)

Example 3 with EngineFilterConfiguration

use of com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class FilterValidatorTest method verifyScriptResult.

private static void verifyScriptResult(Script script, String severity, String status, String state, String name, String cweId, boolean expectedResult) {
    ResultType finding = createFinding(status, state);
    QueryType findingGroup = createFindingGroup(severity, name, cweId);
    EngineFilterConfiguration filterConfiguration = createFilterConfiguration(script);
    FilterValidator validator = new FilterValidator();
    FilterInputFactory filterInputFactory = new FilterInputFactory(new CxProperties());
    FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(findingGroup, finding);
    boolean actualResult = validator.passesFilter(filterInput, filterConfiguration);
    assertEquals(expectedResult, actualResult, "Unexpected script filtering result.");
}
Also used : FilterInput(com.checkmarx.sdk.dto.filtering.FilterInput) FilterInputFactory(com.checkmarx.sdk.service.FilterInputFactory) CxProperties(com.checkmarx.sdk.config.CxProperties) ResultType(com.checkmarx.sdk.dto.cx.xml.ResultType) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) QueryType(com.checkmarx.sdk.dto.cx.xml.QueryType) FilterValidator(com.checkmarx.sdk.service.FilterValidator)

Example 4 with EngineFilterConfiguration

use of com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class FilterValidatorTest method validateExpectedError.

private void validateExpectedError(String scriptWithUnknownObject) {
    Script script = parse(scriptWithUnknownObject);
    QueryType findingGroup = createFindingGroup(SEVERITY_LOW, NAME1, CWE1);
    ResultType finding = createFinding(STATUS_NEW, STATE_URGENT_ID);
    EngineFilterConfiguration filterConfiguration = createFilterConfiguration(script);
    FilterValidator validator = new FilterValidator();
    try {
        FilterInputFactory filterInputFactory = new FilterInputFactory(new CxProperties());
        FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(findingGroup, finding);
        validator.passesFilter(filterInput, filterConfiguration);
    } catch (Exception e) {
        assertTrue(e instanceof CheckmarxRuntimeException, String.format("Expected %s to be thrown.", CheckmarxRuntimeException.class));
        assertTrue(e.getCause() instanceof GroovyRuntimeException, String.format("Expected exception cause to be %s", GroovyRuntimeException.class));
    }
}
Also used : Script(groovy.lang.Script) FilterInput(com.checkmarx.sdk.dto.filtering.FilterInput) FilterInputFactory(com.checkmarx.sdk.service.FilterInputFactory) GroovyRuntimeException(groovy.lang.GroovyRuntimeException) CxProperties(com.checkmarx.sdk.config.CxProperties) CheckmarxRuntimeException(com.checkmarx.sdk.exception.CheckmarxRuntimeException) ResultType(com.checkmarx.sdk.dto.cx.xml.ResultType) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) QueryType(com.checkmarx.sdk.dto.cx.xml.QueryType) FilterValidator(com.checkmarx.sdk.service.FilterValidator) GroovyRuntimeException(groovy.lang.GroovyRuntimeException) CheckmarxRuntimeException(com.checkmarx.sdk.exception.CheckmarxRuntimeException)

Example 5 with EngineFilterConfiguration

use of com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaScanner method applyFilterToResults.

@Override
protected void applyFilterToResults(AstScaResults combinedResults, ScanParams scanParams) {
    EngineFilterConfiguration filterConfig = extractFilterConfigFrom(scanParams);
    List<Finding> findingsToRetain = new ArrayList<>();
    combinedResults.getScaResults().getFindings().forEach(finding -> {
        if (passesFilter(finding, filterConfig)) {
            findingsToRetain.add(finding);
        }
    });
    combinedResults.getScaResults().setFindings(findingsToRetain);
}
Also used : Finding(com.checkmarx.sdk.dto.sca.report.Finding) ArrayList(java.util.ArrayList) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)

Aggregations

EngineFilterConfiguration (com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)9 FilterInput (com.checkmarx.sdk.dto.filtering.FilterInput)4 CxProperties (com.checkmarx.sdk.config.CxProperties)3 QueryType (com.checkmarx.sdk.dto.cx.xml.QueryType)3 ResultType (com.checkmarx.sdk.dto.cx.xml.ResultType)3 FilterInputFactory (com.checkmarx.sdk.service.FilterInputFactory)3 FilterValidator (com.checkmarx.sdk.service.FilterValidator)3 ScanResults (com.checkmarx.sdk.dto.ScanResults)2 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)2 Filter (com.checkmarx.sdk.dto.sast.Filter)2 Script (groovy.lang.Script)2 ControllerRequest (com.checkmarx.flow.dto.ControllerRequest)1 MachinaException (com.checkmarx.flow.exception.MachinaException)1 ScanParams (com.checkmarx.sdk.dto.ast.ScanParams)1 Finding (com.checkmarx.sdk.dto.sca.report.Finding)1 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)1 CheckmarxRuntimeException (com.checkmarx.sdk.exception.CheckmarxRuntimeException)1 GroovyRuntimeException (groovy.lang.GroovyRuntimeException)1 ArrayList (java.util.ArrayList)1 JSONObject (org.json.JSONObject)1