use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.
the class BitbucketCloudController method checkForConfigAsCode.
private void checkForConfigAsCode(ScanRequest request) {
CxConfig cxConfig = bitbucketService.getCxConfigOverride(request);
configOverrider.overrideScanRequestProperties(cxConfig, request);
}
use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.
the class GitHubController method pullRequest.
/**
* Pull Request event submitted (JSON)
*/
@PostMapping(value = { "/{product}", "/" }, headers = PULL)
public ResponseEntity<EventResponse> pullRequest(@RequestBody String body, @RequestHeader(value = SIGNATURE) String signature, @PathVariable(value = "product", required = false) String product, ControllerRequest controllerRequest) {
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
log.info("Processing GitHub PULL request");
PullEvent event;
ObjectMapper mapper = new ObjectMapper();
Integer installationId = null;
controllerRequest = ensureNotNull(controllerRequest);
try {
event = mapper.readValue(body, PullEvent.class);
} catch (IOException e) {
throw new MachinaRuntimeException(e);
}
gitHubService.initConfigProviderOnPullEvent(uid, event);
// verify message signature
verifyHmacSignature(body, signature, controllerRequest);
try {
String action = event.getAction();
// synchronize - happens when user pushes code into a branch for which a pull request exists
if (!action.equalsIgnoreCase("opened") && !action.equalsIgnoreCase("reopened") && !action.equalsIgnoreCase("synchronize")) {
log.info("Pull requested not processed. Status was not opened ({})", action);
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("No processing occurred for updates to Pull Request").success(true).build());
}
Repository repository = event.getRepository();
String app = repository.getName();
if (!ScanUtils.empty(controllerRequest.getApplication())) {
app = controllerRequest.getApplication();
}
// By default, when a pull request is opened, use the current source control provider as a bug tracker
// (GitHub in this case). Bug tracker from the config is not used, because we only want to notify the user
// that their code has some issues. I.e. we don't want to open real issues in the "official" bug tracker yet.
BugTracker.Type bugType = BugTracker.Type.GITHUBPULL;
// However, if the bug tracker is overridden in the query string, use the override value.
if (!ScanUtils.empty(controllerRequest.getBug())) {
bugType = ScanUtils.getBugTypeEnum(controllerRequest.getBug(), flowProperties.getBugTrackerImpl());
}
if (controllerRequest.getAppOnly() != null) {
flowProperties.setTrackApplicationOnly(controllerRequest.getAppOnly());
}
if (ScanUtils.empty(product)) {
product = ScanRequest.Product.CX.getProduct();
}
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
PullRequest pullRequest = event.getPullRequest();
String currentBranch = pullRequest.getHead().getRef();
String targetBranch = pullRequest.getBase().getRef();
List<String> branches = getBranches(controllerRequest, flowProperties);
BugTracker bt = ScanUtils.getBugTracker(controllerRequest.getAssignee(), bugType, jiraProperties, controllerRequest.getBug());
FilterConfiguration filter = filterFactory.getFilter(controllerRequest, flowProperties);
Map<FindingSeverity, Integer> thresholdMap = getThresholds(controllerRequest);
// build request object
String gitUrl = Optional.ofNullable(pullRequest.getHead().getRepo()).map(Repo::getCloneUrl).orElse(repository.getCloneUrl());
String token;
String gitAuthUrl;
log.info("Using url: {}", gitUrl);
if (event.getInstallation() != null && event.getInstallation().getId() != null) {
installationId = event.getInstallation().getId();
token = gitHubAppAuthService.getInstallationToken(installationId);
token = FlowConstants.GITHUB_APP_CLONE_USER.concat(":").concat(token);
} else {
token = scmConfigOverrider.determineConfigToken(properties, controllerRequest.getScmInstance());
}
gitAuthUrl = gitAuthUrlGenerator.addCredToUrl(ScanRequest.Repository.GITHUB, gitUrl, token);
ScanRequest request = ScanRequest.builder().application(app).product(p).project(controllerRequest.getProject()).team(controllerRequest.getTeam()).namespace(pullRequest.getHead().getRepo().getOwner().getLogin().replace(" ", "_")).repoName(repository.getName()).repoUrl(repository.getCloneUrl()).repoUrlWithAuth(gitAuthUrl).repoType(ScanRequest.Repository.GITHUB).branch(currentBranch).defaultBranch(repository.getDefaultBranch()).refs(Constants.CX_BRANCH_PREFIX.concat(currentBranch)).mergeNoteUri(pullRequest.getIssueUrl().concat("/comments")).mergeTargetBranch(targetBranch).email(null).scanPreset(controllerRequest.getPreset()).incremental(controllerRequest.getIncremental()).excludeFolders(controllerRequest.getExcludeFolders()).excludeFiles(controllerRequest.getExcludeFiles()).bugTracker(bt).filter(filter).thresholds(thresholdMap).organizationId(getOrganizationid(repository)).gitUrl(gitUrl).hash(pullRequest.getHead().getSha()).build();
setScmInstance(controllerRequest, request);
// Check if an installation Id is provided and store it for later use
if (installationId != null) {
request.putAdditionalMetadata(FlowConstants.GITHUB_APP_INSTALLATION_ID, installationId.toString());
}
/*Check for Config as code (cx.config) and override*/
CxConfig cxConfig = gitHubService.getCxConfigOverride(request);
request = configOverrider.overrideScanRequestProperties(cxConfig, request);
request.putAdditionalMetadata(HTMLHelper.WEB_HOOK_PAYLOAD, body);
request.putAdditionalMetadata("statuses_url", pullRequest.getStatusesUrl());
request.setId(uid);
// only initiate scan/automation if target branch is applicable
if (helperService.isBranch2Scan(request, branches)) {
flowService.initiateAutomation(request);
}
} catch (IllegalArgumentException e) {
return getBadRequestMessage(e, controllerRequest, product);
}
return getSuccessMessage();
}
use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.
the class GitHubController method deleteBranchRequest.
/**
* Delete Request event submitted (JSON), along with the Product (cx for example)
*/
@PostMapping(value = { "/{product}", "/" }, headers = DELETE)
public ResponseEntity<EventResponse> deleteBranchRequest(@RequestBody String body, @RequestHeader(value = SIGNATURE) String signature, @PathVariable(value = "product", required = false) String product, @RequestParam(value = "application", required = false) String application, @RequestParam(value = "project", required = false) String project, @RequestParam(value = "team", required = false) String team) {
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
log.info("Processing GitHub DELETE Branch request");
DeleteEvent event;
ObjectMapper mapper = new ObjectMapper();
try {
event = mapper.readValue(body, DeleteEvent.class);
} catch (NullPointerException | IOException | IllegalArgumentException e) {
throw new MachinaRuntimeException(e);
}
if (flowProperties == null) {
log.error("Properties have null values");
throw new MachinaRuntimeException();
}
// verify message signature
verifyHmacSignature(body, signature, null);
if (!event.getRefType().equalsIgnoreCase("branch")) {
log.error("Nothing to do for delete tag");
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message("Nothing to do for delete tag").success(true).build());
}
String app = event.getRepository().getName();
if (!ScanUtils.empty(application)) {
app = application;
}
if (ScanUtils.empty(product)) {
product = ScanRequest.Product.CX.getProduct();
}
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
String currentBranch = ScanUtils.getBranchFromRef(event.getRef());
Repository repository = event.getRepository();
String namespace;
if (StringUtils.isBlank(repository.getOwner().getName())) {
namespace = repository.getOwner().getLogin();
} else {
namespace = repository.getOwner().getName().replace(" ", "_");
}
ScanRequest request = ScanRequest.builder().application(app).product(p).project(project).team(team).namespace(namespace).repoName(repository.getName()).repoUrl(repository.getCloneUrl()).repoType(ScanRequest.Repository.NA).branch(currentBranch).defaultBranch(repository.getDefaultBranch()).refs(event.getRef()).build();
request.setScanPresetOverride(false);
CxConfig cxConfig = gitHubService.getCxConfigOverride(request);
request = configOverrider.overrideScanRequestProperties(cxConfig, request);
// Check if an installation Id is provided and store it for later use
if (event.getInstallation() != null && event.getInstallation().getId() != null) {
request.putAdditionalMetadata(FlowConstants.GITHUB_APP_INSTALLATION_ID, event.getInstallation().getId().toString());
}
// deletes a project which is not in the middle of a scan, otherwise it will not be deleted
flowService.deleteProject(request);
final String MESSAGE = "Branch deletion event was handled successfully.";
log.info(MESSAGE);
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder().message(MESSAGE).success(true).build());
}
use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.
the class GitHubController method pushRequest.
/**
* Push Request event submitted (JSON), along with the Product (cx for example)
*/
@PostMapping(value = { "/{product}", "/" }, headers = PUSH)
public ResponseEntity<EventResponse> pushRequest(@RequestBody String body, @RequestHeader(value = SIGNATURE) String signature, @PathVariable(value = "product", required = false) String product, ControllerRequest controllerRequest) {
String uid = helperService.getShortUid();
MDC.put(FlowConstants.MAIN_MDC_ENTRY, uid);
log.info("Processing GitHub PUSH request");
PushEvent event;
Integer installationId = null;
ObjectMapper mapper = new ObjectMapper();
controllerRequest = ensureNotNull(controllerRequest);
try {
event = mapper.readValue(body, PushEvent.class);
} catch (NullPointerException | IOException | IllegalArgumentException e) {
throw new MachinaRuntimeException(e);
}
// Delete event is triggering a push event that needs to be ignored
if (event.getDeleted() != null && event.getDeleted()) {
log.info("Push event is associated with a Delete branch event...ignoring request");
return getSuccessMessage();
}
gitHubService.initConfigProviderOnPushEvent(uid, event);
if (flowProperties == null) {
log.error("Properties have null values");
throw new MachinaRuntimeException();
}
// verify message signature
verifyHmacSignature(body, signature, controllerRequest);
try {
String app = event.getRepository().getName();
if (!ScanUtils.empty(controllerRequest.getApplication())) {
app = controllerRequest.getApplication();
}
// If user has pushed their changes into an important branch (e.g. master) and the code has some issues,
// use the bug tracker from the config. As a result, "real" issues will be opened in the bug tracker and
// not just notifications for the user. The "push" case also includes merging a pull request.
// See the comment for the pullRequest method for further details.
// However, if the bug tracker is overridden in the query string, use the override value.
setBugTracker(flowProperties, controllerRequest);
BugTracker.Type bugType = ScanUtils.getBugTypeEnum(controllerRequest.getBug(), flowProperties.getBugTrackerImpl());
if (controllerRequest.getAppOnly() != null) {
flowProperties.setTrackApplicationOnly(controllerRequest.getAppOnly());
}
if (ScanUtils.empty(product)) {
product = ScanRequest.Product.CX.getProduct();
}
ScanRequest.Product p = ScanRequest.Product.valueOf(product.toUpperCase(Locale.ROOT));
// determine branch (without refs)
String currentBranch = ScanUtils.getBranchFromRef(event.getRef());
List<String> branches = getBranches(controllerRequest, flowProperties);
BugTracker bt = ScanUtils.getBugTracker(controllerRequest.getAssignee(), bugType, jiraProperties, controllerRequest.getBug());
FilterConfiguration filter = filterFactory.getFilter(controllerRequest, flowProperties);
Map<FindingSeverity, Integer> thresholdMap = getThresholds(controllerRequest);
// build request object
Repository repository = event.getRepository();
String gitUrl = repository.getCloneUrl();
String token;
String gitAuthUrl;
log.info("Using url: {}", gitUrl);
if (event.getInstallation() != null && event.getInstallation().getId() != null) {
installationId = event.getInstallation().getId();
token = gitHubAppAuthService.getInstallationToken(installationId);
token = FlowConstants.GITHUB_APP_CLONE_USER.concat(":").concat(token);
} else {
token = scmConfigOverrider.determineConfigToken(properties, controllerRequest.getScmInstance());
if (ScanUtils.empty(token)) {
log.error("No token was provided for Github");
throw new MachinaRuntimeException();
}
}
gitAuthUrl = gitAuthUrlGenerator.addCredToUrl(ScanRequest.Repository.GITHUB, gitUrl, token);
ScanRequest request = ScanRequest.builder().application(app).product(p).project(controllerRequest.getProject()).team(controllerRequest.getTeam()).namespace(repository.getOwner().getName().replace(" ", "_")).repoName(repository.getName()).repoUrl(repository.getCloneUrl()).repoUrlWithAuth(gitAuthUrl).repoType(ScanRequest.Repository.GITHUB).branch(currentBranch).defaultBranch(repository.getDefaultBranch()).refs(event.getRef()).email(determineEmails(event)).scanPreset(controllerRequest.getPreset()).incremental(controllerRequest.getIncremental()).excludeFolders(controllerRequest.getExcludeFolders()).excludeFiles(controllerRequest.getExcludeFiles()).bugTracker(bt).filter(filter).thresholds(thresholdMap).organizationId(getOrganizationid(repository)).gitUrl(gitUrl).hash(event.getAfter()).build();
setScmInstance(controllerRequest, request);
// Check if an installation Id is provided and store it for later use
if (installationId != null) {
request.putAdditionalMetadata(FlowConstants.GITHUB_APP_INSTALLATION_ID, installationId.toString());
}
/*Check for Config as code (cx.config) and override*/
CxConfig cxConfig = gitHubService.getCxConfigOverride(request);
request = configOverrider.overrideScanRequestProperties(cxConfig, request);
request.putAdditionalMetadata(HTMLHelper.WEB_HOOK_PAYLOAD, body);
request.setId(uid);
// only initiate scan/automation if branch is applicable
if (helperService.isBranch2Scan(request, branches)) {
flowService.initiateAutomation(request);
}
} catch (IllegalArgumentException e) {
return getBadRequestMessage(e, controllerRequest, product);
}
return getSuccessMessage();
}
use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.
the class CxFlowRunner method getCxConfigOverride.
/**
* Load a config-as-code file from the specified directory.
*
* @param path the path of the directory containing the config-as-code file
* @param name the name of the config-as-code file
* @return the config-as-code configuration
*/
private CxConfig getCxConfigOverride(String path, String name) {
log.debug("getCxConfigOverride: path: {}", path);
CxConfig config = null;
File file = FileSystems.getDefault().getPath(path, name).toFile();
if (file.exists()) {
log.debug("Loading config-as-code from {}", file);
config = com.checkmarx.sdk.utils.ScanUtils.getConfigAsCode(file);
}
return config;
}
Aggregations