Search in sources :

Example 16 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class ADOController method checkForConfigAsCode.

private void checkForConfigAsCode(ScanRequest request, String branch) {
    CxConfig cxConfig = adoService.getCxConfigOverride(request, branch);
    configOverrider.overrideScanRequestProperties(cxConfig, request);
}
Also used : CxConfig(com.checkmarx.sdk.dto.sast.CxConfig)

Example 17 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class BitBucketService method loadCxConfigFromBitbucket.

private CxConfig loadCxConfigFromBitbucket(ScanRequest request) {
    CxConfig cxConfig;
    HttpHeaders headers = createAuthHeaders(request.getScmInstance());
    String repoSelfUrl = request.getAdditionalMetadata(REPO_SELF_URL);
    String urlTemplate;
    if (request.getRepoType().equals(ScanRequest.Repository.BITBUCKETSERVER)) {
        urlTemplate = repoSelfUrl.concat(FILE_CONTENT_FOR_BB_SERVER);
    } else {
        urlTemplate = repoSelfUrl.concat(FILE_CONTENT_FOR_BB_CLOUD);
    }
    Map<String, String> uriVariables = new HashMap<>();
    uriVariables.put("hash", request.getHash());
    uriVariables.put("config", properties.getConfigAsCode());
    ResponseEntity<String> response = restTemplate.exchange(urlTemplate, HttpMethod.GET, new HttpEntity<>(headers), String.class, uriVariables);
    if (response.getBody() == null) {
        log.warn(HTTP_BODY_IS_NULL);
        cxConfig = null;
    } else {
        JSONObject json = new JSONObject(response.getBody());
        if (ScanUtils.empty(json.toString())) {
            log.warn(CONTENT_NOT_FOUND_IN_RESPONSE);
            cxConfig = null;
        } else {
            cxConfig = com.checkmarx.sdk.utils.ScanUtils.getConfigAsCode(json.toString());
        }
    }
    return cxConfig;
}
Also used : JSONObject(org.json.JSONObject) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig)

Example 18 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class AstRemoteRepoScanSteps method startScan.

public void startScan(List<VulnerabilityScanner> scanners, String branch, String repo, boolean isPublicRepo, String projectName) {
    CxProperties cxProperties = new CxProperties();
    ExternalScriptService scriptService = new ExternalScriptService();
    CxScannerService cxScannerService = new CxScannerService(cxProperties, null, null, null, null);
    HelperService helperService = new HelperService(flowProperties, cxScannerService, jiraProperties, scriptService);
    ProjectNameGenerator projectNameGenerator = new ProjectNameGenerator(helperService, cxScannerService, flowProperties);
    FlowService flowService = new FlowService(new ArrayList<>(), projectNameGenerator, resultsServiceMock);
    ScanRequest scanRequest = getBasicScanRequest(branch, repo, isPublicRepo, projectName);
    scanRequest = configOverrider.overrideScanRequestProperties(new CxConfig(), scanRequest);
    scanRequest.setVulnerabilityScanners(scanners);
    BugTracker bt = BugTracker.builder().type(BugTracker.Type.JIRA).customBean("JIRA").build();
    scanRequest.setBugTracker(bt);
    flowService.initiateAutomation(scanRequest);
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) CxProperties(com.checkmarx.sdk.config.CxProperties) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig) BugTracker(com.checkmarx.flow.dto.BugTracker)

Example 19 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class ScanUtilsTest method testCxConfigOverride.

@Test
public void testCxConfigOverride() {
    ScanRequest request = ScanRequest.builder().application("abc").product(ScanRequest.Product.CX).project("test").team("\\CxServer\\SP\\Checkmarx").namespace("Custodela").repoName("Riches").repoUrl("https://github.com/Custodela/Riches.git").repoType(ScanRequest.Repository.GITHUB).branch("master").refs(Constants.CX_BRANCH_PREFIX.concat("master")).email(null).incremental(true).scanPreset(Constants.CX_DEFAULT_PRESET).build();
    File file = new File(getClass().getClassLoader().getResource("CxConfig.json").getFile());
    CxConfig cxConfig = ScanUtils.getConfigAsCode(file);
    assertNotNull(cxConfig);
    configOverrider.overrideScanRequestProperties(cxConfig, request);
    assertEquals("/a/b/c", request.getTeam());
    assertEquals("XYZ-Riches-master", request.getProject());
    assertFalse(request.isIncremental());
    assertEquals("All", request.getScanPreset());
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig) File(java.io.File) Test(org.junit.Test)

Example 20 with CxConfig

use of com.checkmarx.sdk.dto.sast.CxConfig in project cx-flow by checkmarx-ltd.

the class GitHubServiceTest method getCxConfig.

@IfProfileValue(name = "testprofile", value = "integration")
@Test
public void getCxConfig() {
    ScanRequest request = ScanRequest.builder().namespace("Custodela").repoName("Riches").branch("master").build();
    CxConfig cxConfig = service.getCxConfigOverride(request);
    assertNotNull(cxConfig);
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) CxConfig(com.checkmarx.sdk.dto.sast.CxConfig) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test) IfProfileValue(org.springframework.test.annotation.IfProfileValue)

Aggregations

CxConfig (com.checkmarx.sdk.dto.sast.CxConfig)22 ScanRequest (com.checkmarx.flow.dto.ScanRequest)11 BugTracker (com.checkmarx.flow.dto.BugTracker)6 File (java.io.File)6 Test (org.junit.Test)6 FilterConfiguration (com.checkmarx.sdk.dto.filtering.FilterConfiguration)4 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4 IOException (java.io.IOException)4 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)3 JSONObject (org.json.JSONObject)3 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2 IfProfileValue (org.springframework.test.annotation.IfProfileValue)2 CxProperties (com.checkmarx.sdk.config.CxProperties)1 ScanResults (com.checkmarx.sdk.dto.ScanResults)1 When (io.cucumber.java.en.When)1 ArrayList (java.util.ArrayList)1 HttpHeaders (org.springframework.http.HttpHeaders)1