Example 6 with SCAResults
use of com.checkmarx.sdk.dto.sca.SCAResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class ScaTestsBase method verifyScanResults.
protected void verifyScanResults(AstScaResults results) {
assertNotNull("Scan results are null.", results);
SCAResults scaResults = results.getScaResults();
assertNotNull("SCA results are null", scaResults);
log.info("scanID " + scaResults.getScanId());
assertTrue("Scan ID is empty", StringUtils.isNotEmpty(scaResults.getScanId()));
assertTrue("Web report link is empty", StringUtils.isNotEmpty(scaResults.getWebReportLink()));
verifySummary(scaResults.getSummary());
verifyPackages(scaResults);
verifyFindings(scaResults);
}
Also used :
SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)
Example 7 with SCAResults
use of com.checkmarx.sdk.dto.sca.SCAResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class GoScanner method getReportContentByScanId.
@Override
public ScanResults getReportContentByScanId(Integer scanId, FilterConfiguration filter) throws CheckmarxException {
ScanResults.ScanResultsBuilder results = ScanResults.builder();
Scan scan = getScanDetails(scanId);
Integer projectId = scan.getProjectId();
Integer buId = scan.getBusinessUnitId();
Integer appId = scan.getApplicationId();
GoScanResults resultFromAllEngines = getScanResults(scanId);
List<ScanResults.XIssue> xIssues = new ArrayList<>();
// SAST
List<SASTScanResult> mainResultInfos = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSast).orElse(null);
if (mainResultInfos != null) {
Map<String, OdScanResultItem> additionalResultInfos = getScanResultsPage(projectId, scanId);
Map<String, Integer> issuesBySeverity = new HashMap<>();
log.debug("SAST finding count before filtering: {}", mainResultInfos.size());
log.info("Processing SAST results");
mainResultInfos.stream().filter(applySastFilter(additionalResultInfos, filter)).forEach(mainResultInfo -> handleSastIssue(xIssues, mainResultInfo, additionalResultInfos, projectId, scanId, issuesBySeverity));
CxScanSummary scanSummary = getCxScanSummary(scan);
Map<String, Object> flowSummary = new HashMap<>();
flowSummary.put(Constants.SUMMARY_KEY, issuesBySeverity);
flowSummary.put(Constants.SCAN_ID_KEY, scanId);
results.additionalDetails(flowSummary);
results.scanSummary(scanSummary);
}
// SCA
List<SCAScanResult> rawScanResults = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSca).orElse(null);
if (rawScanResults != null) {
logRawScaScanResults(rawScanResults);
List<Finding> findings = new ArrayList<>();
List<Package> packages = new ArrayList<>();
log.info("Processing SCA results");
rawScanResults.stream().filter(rawScanResult -> !rawScanResult.isIgnored()).filter(applyScaFilter(filter)).forEach(rawScanResult -> handleScaIssue(xIssues, findings, packages, rawScanResult));
logFindings(findings);
logPackages(packages);
SCAResults scaResults = new SCAResults();
scaResults.setFindings(findings);
scaResults.setPackages(packages);
if (!rawScanResults.isEmpty()) {
scaResults.setScanId(rawScanResults.get(0).getScanId().toString());
}
Summary summary = getScaScanSummary(scan);
scaResults.setSummary(summary);
String urlTemplate = cxGoProperties.getPortalUrl().concat(SCA_DEEP_LINK);
String scaDeepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
scaResults.setWebReportLink(scaDeepLink);
results.scaResults(scaResults);
}
results.xIssues(xIssues);
results.projectId(projectId.toString());
String urlTemplate = cxGoProperties.getPortalUrl().concat(DEEP_LINK);
String deepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
results.link(deepLink);
return results.build();
}
Also used :
ScanResults(com.checkmarx.sdk.dto.ScanResults)
SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)
CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary)
Finding(com.checkmarx.sdk.dto.sca.report.Finding)
Summary(com.checkmarx.sdk.dto.sca.Summary)
CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary)
JSONObject(org.json.JSONObject)
Package(com.checkmarx.sdk.dto.sca.report.Package)
Example 8 with SCAResults
use of com.checkmarx.sdk.dto.sca.SCAResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class ScaScanner method toResults.
/**
* Convert Common Client representation of SCA results into an object from this SDK.
*/
@Override
protected AstScaResults toResults(ResultsBase scanResults) {
SCAResults scaResults = (SCAResults) scanResults;
validateNotNull(scaResults);
AstScaResults results = new AstScaResults();
results.setScaResults(scaResults);
return results;
}
Also used :
SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)
Example 9 with SCAResults
use of com.checkmarx.sdk.dto.sca.SCAResults in project cx-flow by checkmarx-ltd.
the class AbstractASTScanner method scan.
@Override
public ScanResults scan(ScanRequest scanRequest) {
ScanResults result = null;
log.info("--------------------- Initiating new {} scan ---------------------", scanType);
ScanParams sdkScanParams = toSdkScanParams(scanRequest);
AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
try {
bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
internalResults = client.scan(sdkScanParams);
logRequest(scanRequest, internalResults, OperationResult.successful());
result = toScanResults(internalResults);
} catch (Exception e) {
treatError(scanRequest, internalResults, e);
}
return result;
}
Also used :
ScanResults(com.checkmarx.sdk.dto.ScanResults)
ScanParams(com.checkmarx.sdk.dto.ast.ScanParams)
AstScaResults(com.checkmarx.sdk.dto.AstScaResults)
ASTResults(com.checkmarx.sdk.dto.ast.ASTResults)
SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)
MalformedURLException(java.net.MalformedURLException)
MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException)
Example 10 with SCAResults
use of com.checkmarx.sdk.dto.sca.SCAResults in project cx-flow by checkmarx-ltd.
the class AbstractASTScanner method actualScan.
private ScanResults actualScan(ScanRequest scanRequest, String path) {
ScanResults result = null;
log.info("--------------------- Initiating new {} scan ---------------------", scanType);
AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
try {
ScanParams sdkScanParams = toSdkScanParams(scanRequest, path);
internalResults = client.scan(sdkScanParams);
logRequest(scanRequest, internalResults, OperationResult.successful());
result = toScanResults(internalResults);
} catch (Exception e) {
treatError(scanRequest, internalResults, e);
}
return result;
}
Also used :
ScanResults(com.checkmarx.sdk.dto.ScanResults)
ScanParams(com.checkmarx.sdk.dto.ast.ScanParams)
AstScaResults(com.checkmarx.sdk.dto.AstScaResults)
ASTResults(com.checkmarx.sdk.dto.ast.ASTResults)
SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)
MalformedURLException(java.net.MalformedURLException)
MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException)
Aggregations
SCAResults (com.checkmarx.sdk.dto.sca.SCAResults)14
Summary (com.checkmarx.sdk.dto.sca.Summary)6
Severity (com.checkmarx.sdk.dto.scansummary.Severity)6
AstScaResults (com.checkmarx.sdk.dto.AstScaResults)5
ScanResults (com.checkmarx.sdk.dto.ScanResults)5
Finding (com.checkmarx.sdk.dto.sca.report.Finding)5
FindingSeverity (com.checkmarx.flow.config.FindingSeverity)4
ASTResults (com.checkmarx.sdk.dto.ast.ASTResults)3
CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)3
Filter (com.checkmarx.sdk.dto.sast.Filter)3
CxFlowApplication (com.checkmarx.flow.CxFlowApplication)2
FlowProperties (com.checkmarx.flow.config.FlowProperties)2
RepoProperties (com.checkmarx.flow.config.RepoProperties)2
TestUtils (com.checkmarx.flow.cucumber.common.utils.TestUtils)2
IntegrationTestContext (com.checkmarx.flow.cucumber.integration.cli.IntegrationTestContext)2
BugTracker (com.checkmarx.flow.dto.BugTracker)2
PullRequestReport (com.checkmarx.flow.dto.report.PullRequestReport)2
ExitThrowable (com.checkmarx.flow.exception.ExitThrowable)2
MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)2
ThresholdValidator (com.checkmarx.flow.service.ThresholdValidator)2
