Search in sources :

Example 21 with FilterConfiguration

use of com.checkmarx.sdk.dto.filtering.FilterConfiguration in project cx-flow by checkmarx-ltd.

the class BitbucketServerMergeHandler method execute.

@Override
public ResponseEntity<EventResponse> execute(String uid) {
    try {
        BugTracker.Type bugType = BugTracker.Type.BITBUCKETSERVERPULL;
        if (!ScanUtils.empty(controllerRequest.getBug())) {
            bugType = ScanUtils.getBugTypeEnum(controllerRequest.getBug(), configProvider.getFlowProperties().getBugTrackerImpl());
        }
        Optional.ofNullable(controllerRequest.getAppOnly()).ifPresent(configProvider.getFlowProperties()::setTrackApplicationOnly);
        ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
        List<String> branches = webhookUtils.getBranches(controllerRequest, configProvider.getFlowProperties());
        BugTracker bt = ScanUtils.getBugTracker(controllerRequest.getAssignee(), bugType, configProvider.getJiraProperties(), controllerRequest.getBug());
        FilterConfiguration filter = configProvider.getFilterFactory().getFilter(controllerRequest, configProvider.getFlowProperties());
        String gitUrl = getGitUrl();
        String gitAuthUrl = getGitAuthUrl(gitUrl);
        String repoSelfUrl = getRepoSelfUrl(toProjectKey, toSlug);
        String mergeEndpoint = repoSelfUrl.concat(MERGE_COMMENT);
        mergeEndpoint = mergeEndpoint.replace("{id}", pullRequestId);
        String buildStatusEndpoint = configProvider.getBitBucketProperties().getUrl().concat(BUILD_STATUS);
        buildStatusEndpoint = buildStatusEndpoint.replace("{commit}", fromRefLatestCommit);
        String blockerCommentUrl = repoSelfUrl.concat(BLOCKER_COMMENT);
        blockerCommentUrl = blockerCommentUrl.replace("{id}", pullRequestId);
        ScanRequest request = ScanRequest.builder().application(application).product(p).project(controllerRequest.getProject()).team(controllerRequest.getTeam()).namespace(getNamespace()).repoName(repositoryName).repoUrl(gitUrl).repoUrlWithAuth(gitAuthUrl).repoType(ScanRequest.Repository.BITBUCKETSERVER).branch(currentBranch).mergeTargetBranch(targetBranch).mergeNoteUri(mergeEndpoint).refs(refId).email(null).incremental(controllerRequest.getIncremental()).scanPreset(controllerRequest.getPreset()).excludeFolders(controllerRequest.getExcludeFolders()).excludeFiles(controllerRequest.getExcludeFiles()).bugTracker(bt).filter(filter).hash(fromRefLatestCommit).build();
        webhookUtils.setScmInstance(controllerRequest, request);
        setBrowseUrl(request);
        fillRequestWithCommonAdditionalData(request, toProjectKey, toSlug, webhookPayload);
        checkForConfigAsCode(request);
        request.putAdditionalMetadata("buildStatusUrl", buildStatusEndpoint);
        request.putAdditionalMetadata("cxBaseUrl", configProvider.getCxScannerService().getProperties().getBaseUrl());
        request.putAdditionalMetadata("blocker-comment-url", blockerCommentUrl);
        request.setId(uid);
        // only initiate scan/automation if target branch is applicable
        if (configProvider.getHelperService().isBranch2Scan(request, branches)) {
            configProvider.getFlowService().initiateAutomation(request);
        }
    } catch (IllegalArgumentException e) {
        log.debug("Error occurred while processing the request " + e);
        return webhookUtils.getBadRequestMessage(e, controllerRequest, product);
    }
    return webhookUtils.getSuccessMessage();
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) BugTracker(com.checkmarx.flow.dto.BugTracker)

Example 22 with FilterConfiguration

use of com.checkmarx.sdk.dto.filtering.FilterConfiguration in project cx-flow by checkmarx-ltd.

the class ScaFilterFactory method setScaFilters.

private static void setScaFilters(List<Filter> filters, ScanRequest target) {
    FilterConfiguration existingOrNewConfig = Optional.ofNullable(target.getFilter()).orElseGet(() -> FilterConfiguration.builder().build());
    existingOrNewConfig.setScaFilters(EngineFilterConfiguration.builder().simpleFilters(filters).build());
    target.setFilter(existingOrNewConfig);
}
Also used : EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration)

Example 23 with FilterConfiguration

use of com.checkmarx.sdk.dto.filtering.FilterConfiguration in project cx-flow by checkmarx-ltd.

the class OsaScannerService method cxOsaParseResults.

public void cxOsaParseResults(ScanRequest request, File file, File libs) throws ExitThrowable {
    try {
        List<Filter> simpleFilters = Optional.ofNullable(request).map(ScanRequest::getFilter).map(FilterConfiguration::getSastFilters).map(EngineFilterConfiguration::getSimpleFilters).orElse(null);
        ScanResults results = cxService.getOsaReportContent(file, libs, simpleFilters);
        resultsService.processResults(request, results, scanDetails);
        if (flowProperties.isBreakBuild() && results != null && results.getXIssues() != null && !results.getXIssues().isEmpty()) {
            log.error(ERROR_BREAK_MSG);
            exit(ExitCode.BUILD_INTERRUPTED);
        }
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred while processing results file(s)", e);
        exit(3);
    }
}
Also used : Filter(com.checkmarx.sdk.dto.sast.Filter) ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration)

Example 24 with FilterConfiguration

use of com.checkmarx.sdk.dto.filtering.FilterConfiguration in project cx-flow by checkmarx-ltd.

the class FilterFactory method getFilter.

public FilterConfiguration getFilter(ControllerRequest request, @Nullable FlowProperties flowProperties) {
    FilterConfiguration result;
    request = Optional.ofNullable(request).orElse(ControllerRequest.builder().build());
    if (hasRequiredProperties(request)) {
        result = getFilterFromLists(request.getSeverity(), request.getCwe(), request.getCategory(), request.getStatus(), request.getState(), null);
    } else if (flowProperties != null) {
        result = getFilterFromProperties(flowProperties);
    } else {
        result = FilterConfiguration.builder().build();
    }
    return result;
}
Also used : EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration)

Example 25 with FilterConfiguration

use of com.checkmarx.sdk.dto.filtering.FilterConfiguration in project cx-flow by checkmarx-ltd.

the class FilterScriptSteps method generateIssues.

private void generateIssues(CxClient cxClientSpy) {
    // Avoid additional API calls that we don't care about.
    cxProperties.setOffline(true);
    try {
        FilterConfiguration filter = getFilterConfiguration();
        ScanResults report = cxClientSpy.getReportContent(333333, filter);
        findingNumbersAfterFiltering = report.getXIssues().stream().map(xIssue -> findingFilenameToNumber.get(xIssue.getFilename())).collect(Collectors.toSet());
    } catch (Exception e) {
        reportGenerationException = e;
    }
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) IOException(java.io.IOException) CheckmarxRuntimeException(com.checkmarx.sdk.exception.CheckmarxRuntimeException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) SAXException(org.xml.sax.SAXException)

Aggregations

FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)26 BugTracker (com.checkmarx.flow.dto.BugTracker)13 ScanRequest (com.checkmarx.flow.dto.ScanRequest)12 ScanResults (com.checkmarx.sdk.dto.ScanResults)6 Filter (com.checkmarx.sdk.dto.sast.Filter)6 EngineFilterConfiguration (com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)5 CxConfig (com.checkmarx.sdk.dto.sast.CxConfig)4 IOException (java.io.IOException)4 ControllerRequest (com.checkmarx.flow.dto.ControllerRequest)3 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)3 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3 ArrayList (java.util.ArrayList)3 Test (org.junit.Test)3 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)3 FlowOverride (com.checkmarx.flow.dto.FlowOverride)2 Repository (com.checkmarx.flow.dto.bitbucket.Repository)2 InvalidTokenException (com.checkmarx.flow.exception.InvalidTokenException)2 MachinaException (com.checkmarx.flow.exception.MachinaException)2 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)2