Search in sources :

Example 1 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class GitHubService method loadConfigAsCode.

private CxConfig loadConfigAsCode(String filename, ScanRequest request) {
    CxConfig result = null;
    String effectiveBranch = determineConfigAsCodeBranch(request);
    String fileContent = downloadFileContent(filename, request, effectiveBranch);
    if (fileContent == null) {
        log.warn(HTTP_BODY_IS_NULL);
    } else {
        JSONObject json = new JSONObject(fileContent);
        String content = json.getString("content");
        if (ScanUtils.empty(content)) {
            log.warn(CONTENT_NOT_FOUND_IN_RESPONSE);
        } else {
            String decodedContent = new String(Base64.decodeBase64(content.trim()));
            result = com.checkmarx.sdk.utils.ScanUtils.getConfigAsCode(decodedContent);
        }
    }
    return result;
}
Also used : JSONObject(org.json.JSONObject) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig)

Example 2 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class ADOService method loadCxConfigFromADO.

private CxConfig loadCxConfigFromADO(ScanRequest request, String branch) {
    CxConfig cxConfig;
    HttpHeaders headers = ADOUtils.createAuthHeaders(scmConfigOverrider.determineConfigToken(properties, request.getScmInstance()));
    String repoSelfUrl = request.getAdditionalMetadata(REPO_SELF_URL);
    String url = repoSelfUrl.concat(GET_FILE_CONTENT);
    log.info("Trying to load config-as-code from '{}' branch", branch);
    ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.GET, new HttpEntity<>(headers), String.class, properties.getConfigAsCode(), branch, properties.getApiVersion());
    if (response.getBody() == null) {
        log.warn(HTTP_RESPONSE_BODY_IS_NULL);
        cxConfig = null;
    } else {
        JSONObject jsonResponse = new JSONObject(response.getBody());
        if (ScanUtils.empty(jsonResponse.toString())) {
            log.warn(NO_CONTENT_FOUND_IN_RESPONSE);
            cxConfig = null;
        } else {
            cxConfig = com.checkmarx.sdk.utils.ScanUtils.getConfigAsCode(jsonResponse.toString());
        }
    }
    return cxConfig;
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) JSONObject(org.json.JSONObject) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig)

Example 3 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class BitbucketServerEventHandler method checkForConfigAsCode.

protected void checkForConfigAsCode(ScanRequest request) {
    CxConfig cxConfig = configProvider.getBitbucketService().getCxConfigOverride(request);
    configProvider.getConfigOverrider().overrideScanRequestProperties(cxConfig, request);
}
Also used : CxConfig(com.checkmarx.sdk.dto.sast.CxConfig)

Example 4 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class ScanUtilsTest method testCxConfigBugOverride.

@Test
public void testCxConfigBugOverride() {
    BugTracker bt = BugTracker.builder().type(BugTracker.Type.CUSTOM).customBean("GitHub").build();
    ScanRequest request = ScanRequest.builder().application("abc").product(ScanRequest.Product.CX).project("test").team("\\CxServer\\SP\\Checkmarx").namespace("Custodela").repoName("Riches").repoUrl("https://github.com/Custodela/Riches.git").repoType(ScanRequest.Repository.GITHUB).branch("master").refs(Constants.CX_BRANCH_PREFIX.concat("master")).email(null).incremental(true).scanPreset(Constants.CX_DEFAULT_PRESET).bugTracker(bt).build();
    File file = new File(getClass().getClassLoader().getResource("CxConfig-bug.json").getFile());
    CxConfig cxConfig = ScanUtils.getConfigAsCode(file);
    assertNotNull(cxConfig);
    configOverrider.overrideScanRequestProperties(cxConfig, request);
    assertEquals("JIRA", request.getBugTracker().getType().toString());
    assertEquals("APPSEC", request.getBugTracker().getProjectKey());
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig) BugTracker(com.checkmarx.flow.dto.BugTracker) File(java.io.File) Test(org.junit.Test)

Example 5 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class ScanUtilsTest method testCxConfigFlowOverride.

@Test
public void testCxConfigFlowOverride() {
    ScanRequest request = ScanRequest.builder().application("abc").product(ScanRequest.Product.CX).project("test").team("\\CxServer\\SP\\Checkmarx").namespace("Custodela").repoName("Riches").repoUrl("https://github.com/Custodela/Riches.git").repoType(ScanRequest.Repository.GITHUB).branch("master").refs(Constants.CX_BRANCH_PREFIX.concat("master")).email(null).incremental(true).scanPreset(Constants.CX_DEFAULT_PRESET).build();
    File file = new File(getClass().getClassLoader().getResource("CxConfig-flow.json").getFile());
    CxConfig cxConfig = ScanUtils.getConfigAsCode(file);
    assertNotNull(cxConfig);
    configOverrider.overrideScanRequestProperties(cxConfig, request);
    assertEquals("/a/b/c", request.getTeam());
    assertEquals("XYZ-Riches-master", request.getProject());
    assertEquals("test app", request.getApplication());
    assertEquals(2, request.getActiveBranches().size());
    assertNotNull(request.getFilter());
    assertNotNull(request.getFilter().getSastFilters().getSimpleFilters());
    assertFalse(request.getFilter().getSastFilters().getSimpleFilters().isEmpty());
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig) File(java.io.File) Test(org.junit.Test)

Aggregations

CxConfig (com.checkmarx.sdk.dto.sast.CxConfig)22 ScanRequest (com.checkmarx.flow.dto.ScanRequest)11 BugTracker (com.checkmarx.flow.dto.BugTracker)6 File (java.io.File)6 Test (org.junit.Test)6 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)4 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4 IOException (java.io.IOException)4 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)3 JSONObject (org.json.JSONObject)3 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2 IfProfileValue (org.springframework.test.annotation.IfProfileValue)2 CxProperties (com.checkmarx.sdk.config.CxProperties)1 ScanResults (com.checkmarx.sdk.dto.ScanResults)1 When (io.cucumber.java.en.When)1 ArrayList (java.util.ArrayList)1 HttpHeaders (org.springframework.http.HttpHeaders)1