Search in sources :

Example 6 with SCAResults

use of com.checkmarx.sdk.dto.sca.SCAResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaTestsBase method verifyScanResults.

protected void verifyScanResults(AstScaResults results) {
    assertNotNull("Scan results are null.", results);
    SCAResults scaResults = results.getScaResults();
    assertNotNull("SCA results are null", scaResults);
    log.info("scanID " + scaResults.getScanId());
    assertTrue("Scan ID is empty", StringUtils.isNotEmpty(scaResults.getScanId()));
    assertTrue("Web report link is empty", StringUtils.isNotEmpty(scaResults.getWebReportLink()));
    verifySummary(scaResults.getSummary());
    verifyPackages(scaResults);
    verifyFindings(scaResults);
}
Also used : SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)

Example 7 with SCAResults

use of com.checkmarx.sdk.dto.sca.SCAResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class GoScanner method getReportContentByScanId.

@Override
public ScanResults getReportContentByScanId(Integer scanId, FilterConfiguration filter) throws CheckmarxException {
    ScanResults.ScanResultsBuilder results = ScanResults.builder();
    Scan scan = getScanDetails(scanId);
    Integer projectId = scan.getProjectId();
    Integer buId = scan.getBusinessUnitId();
    Integer appId = scan.getApplicationId();
    GoScanResults resultFromAllEngines = getScanResults(scanId);
    List<ScanResults.XIssue> xIssues = new ArrayList<>();
    // SAST
    List<SASTScanResult> mainResultInfos = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSast).orElse(null);
    if (mainResultInfos != null) {
        Map<String, OdScanResultItem> additionalResultInfos = getScanResultsPage(projectId, scanId);
        Map<String, Integer> issuesBySeverity = new HashMap<>();
        log.debug("SAST finding count before filtering: {}", mainResultInfos.size());
        log.info("Processing SAST results");
        mainResultInfos.stream().filter(applySastFilter(additionalResultInfos, filter)).forEach(mainResultInfo -> handleSastIssue(xIssues, mainResultInfo, additionalResultInfos, projectId, scanId, issuesBySeverity));
        CxScanSummary scanSummary = getCxScanSummary(scan);
        Map<String, Object> flowSummary = new HashMap<>();
        flowSummary.put(Constants.SUMMARY_KEY, issuesBySeverity);
        flowSummary.put(Constants.SCAN_ID_KEY, scanId);
        results.additionalDetails(flowSummary);
        results.scanSummary(scanSummary);
    }
    // SCA
    List<SCAScanResult> rawScanResults = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSca).orElse(null);
    if (rawScanResults != null) {
        logRawScaScanResults(rawScanResults);
        List<Finding> findings = new ArrayList<>();
        List<Package> packages = new ArrayList<>();
        log.info("Processing SCA results");
        rawScanResults.stream().filter(rawScanResult -> !rawScanResult.isIgnored()).filter(applyScaFilter(filter)).forEach(rawScanResult -> handleScaIssue(xIssues, findings, packages, rawScanResult));
        logFindings(findings);
        logPackages(packages);
        SCAResults scaResults = new SCAResults();
        scaResults.setFindings(findings);
        scaResults.setPackages(packages);
        if (!rawScanResults.isEmpty()) {
            scaResults.setScanId(rawScanResults.get(0).getScanId().toString());
        }
        Summary summary = getScaScanSummary(scan);
        scaResults.setSummary(summary);
        String urlTemplate = cxGoProperties.getPortalUrl().concat(SCA_DEEP_LINK);
        String scaDeepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
        scaResults.setWebReportLink(scaDeepLink);
        results.scaResults(scaResults);
    }
    results.xIssues(xIssues);
    results.projectId(projectId.toString());
    String urlTemplate = cxGoProperties.getPortalUrl().concat(DEEP_LINK);
    String deepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
    results.link(deepLink);
    return results.build();
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) Finding(com.checkmarx.sdk.dto.sca.report.Finding) Summary(com.checkmarx.sdk.dto.sca.Summary) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) JSONObject(org.json.JSONObject) Package(com.checkmarx.sdk.dto.sca.report.Package)

Example 8 with SCAResults

use of com.checkmarx.sdk.dto.sca.SCAResults in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaScanner method toResults.

/**
 * Convert Common Client representation of SCA results into an object from this SDK.
 */
@Override
protected AstScaResults toResults(ResultsBase scanResults) {
    SCAResults scaResults = (SCAResults) scanResults;
    validateNotNull(scaResults);
    AstScaResults results = new AstScaResults();
    results.setScaResults(scaResults);
    return results;
}
Also used : SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)

Example 9 with SCAResults

use of com.checkmarx.sdk.dto.sca.SCAResults in project cx-flow by checkmarx-ltd.

the class AbstractASTScanner method scan.

@Override
public ScanResults scan(ScanRequest scanRequest) {
    ScanResults result = null;
    log.info("--------------------- Initiating new {} scan ---------------------", scanType);
    ScanParams sdkScanParams = toSdkScanParams(scanRequest);
    AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
    try {
        bugTrackerEventTrigger.triggerScanStartedEvent(scanRequest);
        internalResults = client.scan(sdkScanParams);
        logRequest(scanRequest, internalResults, OperationResult.successful());
        result = toScanResults(internalResults);
    } catch (Exception e) {
        treatError(scanRequest, internalResults, e);
    }
    return result;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) ScanParams(com.checkmarx.sdk.dto.ast.ScanParams) AstScaResults(com.checkmarx.sdk.dto.AstScaResults) ASTResults(com.checkmarx.sdk.dto.ast.ASTResults) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) MalformedURLException(java.net.MalformedURLException) MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException)

Example 10 with SCAResults

use of com.checkmarx.sdk.dto.sca.SCAResults in project cx-flow by checkmarx-ltd.

the class AbstractASTScanner method actualScan.

private ScanResults actualScan(ScanRequest scanRequest, String path) {
    ScanResults result = null;
    log.info("--------------------- Initiating new {} scan ---------------------", scanType);
    AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
    try {
        ScanParams sdkScanParams = toSdkScanParams(scanRequest, path);
        internalResults = client.scan(sdkScanParams);
        logRequest(scanRequest, internalResults, OperationResult.successful());
        result = toScanResults(internalResults);
    } catch (Exception e) {
        treatError(scanRequest, internalResults, e);
    }
    return result;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) ScanParams(com.checkmarx.sdk.dto.ast.ScanParams) AstScaResults(com.checkmarx.sdk.dto.AstScaResults) ASTResults(com.checkmarx.sdk.dto.ast.ASTResults) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) MalformedURLException(java.net.MalformedURLException) MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException)

Aggregations

SCAResults (com.checkmarx.sdk.dto.sca.SCAResults)14 Summary (com.checkmarx.sdk.dto.sca.Summary)6 Severity (com.checkmarx.sdk.dto.scansummary.Severity)6 AstScaResults (com.checkmarx.sdk.dto.AstScaResults)5 ScanResults (com.checkmarx.sdk.dto.ScanResults)5 Finding (com.checkmarx.sdk.dto.sca.report.Finding)5 FindingSeverity (com.checkmarx.flow.config.FindingSeverity)4 ASTResults (com.checkmarx.sdk.dto.ast.ASTResults)3 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)3 Filter (com.checkmarx.sdk.dto.sast.Filter)3 CxFlowApplication (com.checkmarx.flow.CxFlowApplication)2 FlowProperties (com.checkmarx.flow.config.FlowProperties)2 RepoProperties (com.checkmarx.flow.config.RepoProperties)2 TestUtils (com.checkmarx.flow.cucumber.common.utils.TestUtils)2 IntegrationTestContext (com.checkmarx.flow.cucumber.integration.cli.IntegrationTestContext)2 BugTracker (com.checkmarx.flow.dto.BugTracker)2 PullRequestReport (com.checkmarx.flow.dto.report.PullRequestReport)2 ExitThrowable (com.checkmarx.flow.exception.ExitThrowable)2 MachinaRuntimeException (com.checkmarx.flow.exception.MachinaRuntimeException)2 ThresholdValidator (com.checkmarx.flow.service.ThresholdValidator)2