Example 1 with FilterInput
use of com.checkmarx.sdk.dto.filtering.FilterInput in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class FilterValidatorTest method verifyScriptResult.
private static void verifyScriptResult(Script script, String severity, String status, String state, String name, String cweId, boolean expectedResult) {
ResultType finding = createFinding(status, state);
QueryType findingGroup = createFindingGroup(severity, name, cweId);
EngineFilterConfiguration filterConfiguration = createFilterConfiguration(script);
FilterValidator validator = new FilterValidator();
FilterInputFactory filterInputFactory = new FilterInputFactory(new CxProperties());
FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(findingGroup, finding);
boolean actualResult = validator.passesFilter(filterInput, filterConfiguration);
assertEquals(expectedResult, actualResult, "Unexpected script filtering result.");
}
Also used :
FilterInput(com.checkmarx.sdk.dto.filtering.FilterInput)
FilterInputFactory(com.checkmarx.sdk.service.FilterInputFactory)
CxProperties(com.checkmarx.sdk.config.CxProperties)
ResultType(com.checkmarx.sdk.dto.cx.xml.ResultType)
EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)
QueryType(com.checkmarx.sdk.dto.cx.xml.QueryType)
FilterValidator(com.checkmarx.sdk.service.FilterValidator)
Example 2 with FilterInput
use of com.checkmarx.sdk.dto.filtering.FilterInput in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class FilterValidatorTest method validateExpectedError.
private void validateExpectedError(String scriptWithUnknownObject) {
Script script = parse(scriptWithUnknownObject);
QueryType findingGroup = createFindingGroup(SEVERITY_LOW, NAME1, CWE1);
ResultType finding = createFinding(STATUS_NEW, STATE_URGENT_ID);
EngineFilterConfiguration filterConfiguration = createFilterConfiguration(script);
FilterValidator validator = new FilterValidator();
try {
FilterInputFactory filterInputFactory = new FilterInputFactory(new CxProperties());
FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(findingGroup, finding);
validator.passesFilter(filterInput, filterConfiguration);
} catch (Exception e) {
assertTrue(e instanceof CheckmarxRuntimeException, String.format("Expected %s to be thrown.", CheckmarxRuntimeException.class));
assertTrue(e.getCause() instanceof GroovyRuntimeException, String.format("Expected exception cause to be %s", GroovyRuntimeException.class));
}
}
Also used :
Script(groovy.lang.Script)
FilterInput(com.checkmarx.sdk.dto.filtering.FilterInput)
FilterInputFactory(com.checkmarx.sdk.service.FilterInputFactory)
GroovyRuntimeException(groovy.lang.GroovyRuntimeException)
CxProperties(com.checkmarx.sdk.config.CxProperties)
CheckmarxRuntimeException(com.checkmarx.sdk.exception.CheckmarxRuntimeException)
ResultType(com.checkmarx.sdk.dto.cx.xml.ResultType)
EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)
QueryType(com.checkmarx.sdk.dto.cx.xml.QueryType)
FilterValidator(com.checkmarx.sdk.service.FilterValidator)
GroovyRuntimeException(groovy.lang.GroovyRuntimeException)
CheckmarxRuntimeException(com.checkmarx.sdk.exception.CheckmarxRuntimeException)
Example 3 with FilterInput
use of com.checkmarx.sdk.dto.filtering.FilterInput in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class CxService method getIssues.
/**
* @param filter determines which SAST findings will be mapped into XIssue-s.
* @param cxIssueList list that will be populated during this method execution.
* @param cxResults SAST-specific scan results based on SAST XML report.
*/
private Map<String, Integer> getIssues(FilterConfiguration filter, String session, List<ScanResults.XIssue> cxIssueList, CxXMLResultsType cxResults) {
Map<String, Integer> summary = new HashMap<>();
EngineFilterConfiguration sastFilters = Optional.ofNullable(filter).map(FilterConfiguration::getSastFilters).orElse(null);
for (QueryType result : cxResults.getQuery()) {
ScanResults.XIssue.XIssueBuilder xIssueBuilder = ScanResults.XIssue.builder();
/*Top node of each issue*/
for (ResultType resultType : result.getResult()) {
FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(result, resultType);
if (filterValidator.passesFilter(filterInput, sastFilters)) {
boolean falsePositive = false;
if (!resultType.getFalsePositive().equalsIgnoreCase("FALSE")) {
falsePositive = true;
}
/*Map issue details*/
xIssueBuilder.cwe(result.getCweId());
xIssueBuilder.language(result.getLanguage());
xIssueBuilder.severity(result.getSeverity());
xIssueBuilder.vulnerability(result.getName());
xIssueBuilder.file(resultType.getFileName());
xIssueBuilder.severity(resultType.getSeverity());
xIssueBuilder.link(resultType.getDeepLink());
xIssueBuilder.vulnerabilityStatus(cxProperties.getStateFullName(resultType.getState()));
xIssueBuilder.queryId(result.getId());
xIssueBuilder.groupBySeverity(cxProperties.getGroupBySeverity());
// Add additional details
Map<String, Object> additionalDetails = getAdditionalIssueDetails(result, resultType);
xIssueBuilder.additionalDetails(additionalDetails);
Map<Integer, ScanResults.IssueDetails> details = new HashMap<>();
try {
/* Call the CX SOAP Service to get Issue Description*/
if (session != null) {
try {
xIssueBuilder.description(this.getIssueDescription(session, Long.parseLong(cxResults.getScanId()), Long.parseLong(resultType.getPath().getPathId())));
} catch (HttpStatusCodeException e) {
xIssueBuilder.description("");
}
} else {
xIssueBuilder.description("");
}
String snippet = resultType.getPath().getPathNode().get(0).getSnippet().getLine().getCode();
snippet = StringUtils.truncate(snippet, cxProperties.getCodeSnippetLength());
ScanResults.IssueDetails issueDetails = new ScanResults.IssueDetails().codeSnippet(snippet).comment(resultType.getRemark()).falsePositive(falsePositive);
details.put(Integer.parseInt(resultType.getPath().getPathNode().get(0).getLine()), issueDetails);
xIssueBuilder.similarityId(resultType.getPath().getSimilarityId());
} catch (NullPointerException e) {
log.warn("Problem grabbing snippet. Snippet may not exist for finding for Node ID");
/*Defaulting to initial line number with no snippet*/
ScanResults.IssueDetails issueDetails = new ScanResults.IssueDetails().codeSnippet(null).comment(resultType.getRemark()).falsePositive(falsePositive);
details.put(Integer.parseInt(resultType.getLine()), issueDetails);
}
xIssueBuilder.details(details);
ScanResults.XIssue issue = xIssueBuilder.build();
prepareIssuesRemoveDuplicates(cxIssueList, resultType, details, falsePositive, issue, summary);
}
}
}
return summary;
}
Also used :
ScanResults(com.checkmarx.sdk.dto.ScanResults)
HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException)
FilterInput(com.checkmarx.sdk.dto.filtering.FilterInput)
JSONObject(org.json.JSONObject)
EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)
Example 4 with FilterInput
use of com.checkmarx.sdk.dto.filtering.FilterInput in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class FilterValidatorTest method verifySimpleFilterResult.
private static void verifySimpleFilterResult(List<Filter> filters, String severity, String status, String state, String name, String cweId, boolean expectedResult) {
ResultType finding = createFinding(status, state);
QueryType findingGroup = createFindingGroup(severity, name, cweId);
FilterValidator filterValidator = new FilterValidator();
EngineFilterConfiguration filterConfiguration = EngineFilterConfiguration.builder().simpleFilters(filters).build();
FilterInputFactory filterInputFactory = new FilterInputFactory(new CxProperties());
FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(findingGroup, finding);
boolean passes = filterValidator.passesFilter(filterInput, filterConfiguration);
assertEquals(expectedResult, passes, "Unexpected simple filtering result.");
}
Also used :
FilterInput(com.checkmarx.sdk.dto.filtering.FilterInput)
FilterInputFactory(com.checkmarx.sdk.service.FilterInputFactory)
CxProperties(com.checkmarx.sdk.config.CxProperties)
ResultType(com.checkmarx.sdk.dto.cx.xml.ResultType)
EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)
QueryType(com.checkmarx.sdk.dto.cx.xml.QueryType)
FilterValidator(com.checkmarx.sdk.service.FilterValidator)
Aggregations
EngineFilterConfiguration (com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)4
FilterInput (com.checkmarx.sdk.dto.filtering.FilterInput)4
CxProperties (com.checkmarx.sdk.config.CxProperties)3
QueryType (com.checkmarx.sdk.dto.cx.xml.QueryType)3
ResultType (com.checkmarx.sdk.dto.cx.xml.ResultType)3
FilterInputFactory (com.checkmarx.sdk.service.FilterInputFactory)3
FilterValidator (com.checkmarx.sdk.service.FilterValidator)3
ScanResults (com.checkmarx.sdk.dto.ScanResults)1
CheckmarxRuntimeException (com.checkmarx.sdk.exception.CheckmarxRuntimeException)1
GroovyRuntimeException (groovy.lang.GroovyRuntimeException)1
Script (groovy.lang.Script)1
JSONObject (org.json.JSONObject)1
HttpStatusCodeException (org.springframework.web.client.HttpStatusCodeException)1
