Search in sources :

Example 1 with Summary

use of com.checkmarx.sdk.dto.sca.Summary in project cx-flow by checkmarx-ltd.

the class AnalyticsSteps method createFakeSCAScanResults.

private static ScanResults createFakeSCAScanResults(Map<FindingSeverity, Integer> findingsPerSeverity, int scanId) {
    Map<Filter.Severity, Integer> findingCounts = new HashMap<>();
    SCAResults scaResults = new SCAResults();
    scaResults.setScanId("" + scanId);
    List<Finding> findings = new LinkedList<>();
    addFinding(findingsPerSeverity.get(FindingSeverity.HIGH), findingCounts, findings, Severity.HIGH, Filter.Severity.HIGH);
    addFinding(findingsPerSeverity.get(FindingSeverity.MEDIUM), findingCounts, findings, Severity.MEDIUM, Filter.Severity.MEDIUM);
    addFinding(findingsPerSeverity.get(FindingSeverity.LOW), findingCounts, findings, Severity.LOW, Filter.Severity.LOW);
    Summary summary = new Summary();
    summary.setFindingCounts(findingCounts);
    scaResults.setFindings(findings);
    scaResults.setSummary(summary);
    scaResults.setPackages(new LinkedList<>());
    return ScanResults.builder().scaResults(scaResults).xIssues(new ArrayList<>()).build();
}
Also used : Finding(com.checkmarx.sdk.dto.sca.report.Finding) Summary(com.checkmarx.sdk.dto.sca.Summary) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) FindingSeverity(com.checkmarx.flow.config.FindingSeverity) Severity(com.checkmarx.sdk.dto.scansummary.Severity) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)

Example 2 with Summary

use of com.checkmarx.sdk.dto.sca.Summary in project cx-flow by checkmarx-ltd.

the class GitHubCommentsASTSteps method createFakeSCAScanResults.

private static ScanResults createFakeSCAScanResults(int high, int medium, int low) {
    Map<Filter.Severity, Integer> findingCounts = new HashMap<>();
    SCAResults scaResults = new SCAResults();
    scaResults.setScanId("" + SCAN_ID);
    List<com.checkmarx.sdk.dto.sca.report.Finding> findings = new LinkedList<>();
    addFinding(high, findingCounts, findings, Severity.HIGH, Filter.Severity.HIGH);
    addFinding(medium, findingCounts, findings, Severity.MEDIUM, Filter.Severity.MEDIUM);
    addFinding(low, findingCounts, findings, Severity.LOW, Filter.Severity.LOW);
    Summary summary = new Summary();
    summary.setFindingCounts(findingCounts);
    scaResults.setFindings(findings);
    scaResults.setSummary(summary);
    scaResults.setPackages(new LinkedList<>());
    return ScanResults.builder().scaResults(scaResults).xIssues(new ArrayList<>()).build();
}
Also used : FindingSeverity(com.checkmarx.flow.config.FindingSeverity) Severity(com.checkmarx.sdk.dto.scansummary.Severity) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) Finding(com.checkmarx.sdk.dto.ast.report.Finding) Summary(com.checkmarx.sdk.dto.sca.Summary)

Example 3 with Summary

use of com.checkmarx.sdk.dto.sca.Summary in project cx-flow by checkmarx-ltd.

the class ScaThresholdsSteps method max_findings_score_threshold_score.

@When("max findings score is {word} threshold-score")
public void max_findings_score_threshold_score(String scoreType) {
    Double findingsScore = generateScoreThresholds(scoreType);
    scaResults = new SCAResults();
    scaResults.setScanId("2");
    Summary summary = new Summary();
    summary.setRiskScore(findingsScore);
    List<Finding> findings = new ArrayList<>();
    Stream<com.checkmarx.sdk.dto.sast.Filter.Severity> severityStream = Arrays.stream(Filter.Severity.values());
    Arrays.stream(Severity.values()).forEach(severity -> populateFindings(findings, severity, 10));
    scaResults.setFindings(findings);
    Map<Filter.Severity, Integer> findingCounts = severityStream.collect(Collectors.toMap(Function.identity(), v -> 10));
    summary.setFindingCounts(findingCounts);
    scaResults.setSummary(summary);
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestUtils(com.checkmarx.flow.cucumber.common.utils.TestUtils) java.util(java.util) Then(io.cucumber.java.en.Then) ScanResults(com.checkmarx.sdk.dto.ScanResults) FlowProperties(com.checkmarx.flow.config.FlowProperties) Function(java.util.function.Function) ThresholdValidator(com.checkmarx.flow.service.ThresholdValidator) And(io.cucumber.java.en.And) BugTracker(com.checkmarx.flow.dto.BugTracker) CxFlowApplication(com.checkmarx.flow.CxFlowApplication) Given(io.cucumber.java.en.Given) PullRequestReport(com.checkmarx.flow.dto.report.PullRequestReport) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) ScaScanner(com.checkmarx.sdk.service.scanner.ScaScanner) ThresholdValidatorImpl(com.checkmarx.flow.service.ThresholdValidatorImpl) RepoProperties(com.checkmarx.flow.config.RepoProperties) Filter(com.checkmarx.sdk.dto.sast.Filter) When(io.cucumber.java.en.When) ScaProperties(com.checkmarx.sdk.config.ScaProperties) CxFlowMocksConfig(com.checkmarx.test.flow.config.CxFlowMocksConfig) Mockito.when(org.mockito.Mockito.when) IntegrationTestContext(com.checkmarx.flow.cucumber.integration.cli.IntegrationTestContext) Summary(com.checkmarx.sdk.dto.sca.Summary) Collectors(java.util.stream.Collectors) InvocationTargetException(java.lang.reflect.InvocationTargetException) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) Slf4j(lombok.extern.slf4j.Slf4j) Stream(java.util.stream.Stream) ExitThrowable(com.checkmarx.flow.exception.ExitThrowable) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Severity(com.checkmarx.sdk.dto.scansummary.Severity) Finding(com.checkmarx.sdk.dto.sca.report.Finding) Before(io.cucumber.java.Before) AstScaResults(com.checkmarx.sdk.dto.AstScaResults) Assert(org.junit.Assert) Severity(com.checkmarx.sdk.dto.scansummary.Severity) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) Finding(com.checkmarx.sdk.dto.sca.report.Finding) Summary(com.checkmarx.sdk.dto.sca.Summary) When(io.cucumber.java.en.When)

Example 4 with Summary

use of com.checkmarx.sdk.dto.sca.Summary in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class GoScanner method getReportContentByScanId.

@Override
public ScanResults getReportContentByScanId(Integer scanId, FilterConfiguration filter) throws CheckmarxException {
    ScanResults.ScanResultsBuilder results = ScanResults.builder();
    Scan scan = getScanDetails(scanId);
    Integer projectId = scan.getProjectId();
    Integer buId = scan.getBusinessUnitId();
    Integer appId = scan.getApplicationId();
    GoScanResults resultFromAllEngines = getScanResults(scanId);
    List<ScanResults.XIssue> xIssues = new ArrayList<>();
    // SAST
    List<SASTScanResult> mainResultInfos = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSast).orElse(null);
    if (mainResultInfos != null) {
        Map<String, OdScanResultItem> additionalResultInfos = getScanResultsPage(projectId, scanId);
        Map<String, Integer> issuesBySeverity = new HashMap<>();
        log.debug("SAST finding count before filtering: {}", mainResultInfos.size());
        log.info("Processing SAST results");
        mainResultInfos.stream().filter(applySastFilter(additionalResultInfos, filter)).forEach(mainResultInfo -> handleSastIssue(xIssues, mainResultInfo, additionalResultInfos, projectId, scanId, issuesBySeverity));
        CxScanSummary scanSummary = getCxScanSummary(scan);
        Map<String, Object> flowSummary = new HashMap<>();
        flowSummary.put(Constants.SUMMARY_KEY, issuesBySeverity);
        flowSummary.put(Constants.SCAN_ID_KEY, scanId);
        results.additionalDetails(flowSummary);
        results.scanSummary(scanSummary);
    }
    // SCA
    List<SCAScanResult> rawScanResults = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSca).orElse(null);
    if (rawScanResults != null) {
        logRawScaScanResults(rawScanResults);
        List<Finding> findings = new ArrayList<>();
        List<Package> packages = new ArrayList<>();
        log.info("Processing SCA results");
        rawScanResults.stream().filter(rawScanResult -> !rawScanResult.isIgnored()).filter(applyScaFilter(filter)).forEach(rawScanResult -> handleScaIssue(xIssues, findings, packages, rawScanResult));
        logFindings(findings);
        logPackages(packages);
        SCAResults scaResults = new SCAResults();
        scaResults.setFindings(findings);
        scaResults.setPackages(packages);
        if (!rawScanResults.isEmpty()) {
            scaResults.setScanId(rawScanResults.get(0).getScanId().toString());
        }
        Summary summary = getScaScanSummary(scan);
        scaResults.setSummary(summary);
        String urlTemplate = cxGoProperties.getPortalUrl().concat(SCA_DEEP_LINK);
        String scaDeepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
        scaResults.setWebReportLink(scaDeepLink);
        results.scaResults(scaResults);
    }
    results.xIssues(xIssues);
    results.projectId(projectId.toString());
    String urlTemplate = cxGoProperties.getPortalUrl().concat(DEEP_LINK);
    String deepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
    results.link(deepLink);
    return results.build();
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) Finding(com.checkmarx.sdk.dto.sca.report.Finding) Summary(com.checkmarx.sdk.dto.sca.Summary) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) JSONObject(org.json.JSONObject) Package(com.checkmarx.sdk.dto.sca.report.Package)

Example 5 with Summary

use of com.checkmarx.sdk.dto.sca.Summary in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class GoScanner method getScaScanSummary.

private static Summary getScaScanSummary(Scan scanDetails) {
    Map<String, Object> scaScanDetails = (Map<String, Object>) scanDetails.getEngines().get("sca");
    Summary summary = new Summary();
    Map<Filter.Severity, Integer> severityMap = new EnumMap<>(Filter.Severity.class);
    if (scaScanDetails != null) {
        int high = (int) scaScanDetails.get("high_severities_count");
        int med = (int) scaScanDetails.get("medium_severities_count");
        int low = (int) scaScanDetails.get("low_severities_count");
        severityMap.put(Filter.Severity.HIGH, high);
        severityMap.put(Filter.Severity.MEDIUM, med);
        severityMap.put(Filter.Severity.LOW, low);
        severityMap.put(Filter.Severity.INFO, 0);
    }
    summary.setFindingCounts(severityMap);
    return summary;
}
Also used : Filter(com.checkmarx.sdk.dto.sast.Filter) Summary(com.checkmarx.sdk.dto.sca.Summary) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) JSONObject(org.json.JSONObject) Severity(com.checkmarx.sdk.dto.scansummary.Severity) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap)

Aggregations

Summary (com.checkmarx.sdk.dto.sca.Summary)7 SCAResults (com.checkmarx.sdk.dto.sca.SCAResults)6 Severity (com.checkmarx.sdk.dto.scansummary.Severity)6 Finding (com.checkmarx.sdk.dto.sca.report.Finding)5 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)4 Filter (com.checkmarx.sdk.dto.sast.Filter)4 FindingSeverity (com.checkmarx.flow.config.FindingSeverity)3 ScanResults (com.checkmarx.sdk.dto.ScanResults)3 CxFlowApplication (com.checkmarx.flow.CxFlowApplication)2 FlowProperties (com.checkmarx.flow.config.FlowProperties)2 RepoProperties (com.checkmarx.flow.config.RepoProperties)2 TestUtils (com.checkmarx.flow.cucumber.common.utils.TestUtils)2 IntegrationTestContext (com.checkmarx.flow.cucumber.integration.cli.IntegrationTestContext)2 BugTracker (com.checkmarx.flow.dto.BugTracker)2 PullRequestReport (com.checkmarx.flow.dto.report.PullRequestReport)2 ExitThrowable (com.checkmarx.flow.exception.ExitThrowable)2 ThresholdValidator (com.checkmarx.flow.service.ThresholdValidator)2 ThresholdValidatorImpl (com.checkmarx.flow.service.ThresholdValidatorImpl)2 ScaProperties (com.checkmarx.sdk.config.ScaProperties)2 AstScaResults (com.checkmarx.sdk.dto.AstScaResults)2