use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.
the class ScaThresholdsSteps method populateFindings.
private void populateFindings(List<Finding> findings, Severity severity, Integer count) {
for (int i = 0; i < count; i++) {
Finding fnd = new Finding();
fnd.setSeverity(severity);
fnd.setPackageId("");
findings.add(fnd);
}
}
use of com.checkmarx.sdk.dto.sca.report.Finding in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class GoScanner method getReportContentByScanId.
@Override
public ScanResults getReportContentByScanId(Integer scanId, FilterConfiguration filter) throws CheckmarxException {
ScanResults.ScanResultsBuilder results = ScanResults.builder();
Scan scan = getScanDetails(scanId);
Integer projectId = scan.getProjectId();
Integer buId = scan.getBusinessUnitId();
Integer appId = scan.getApplicationId();
GoScanResults resultFromAllEngines = getScanResults(scanId);
List<ScanResults.XIssue> xIssues = new ArrayList<>();
// SAST
List<SASTScanResult> mainResultInfos = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSast).orElse(null);
if (mainResultInfos != null) {
Map<String, OdScanResultItem> additionalResultInfos = getScanResultsPage(projectId, scanId);
Map<String, Integer> issuesBySeverity = new HashMap<>();
log.debug("SAST finding count before filtering: {}", mainResultInfos.size());
log.info("Processing SAST results");
mainResultInfos.stream().filter(applySastFilter(additionalResultInfos, filter)).forEach(mainResultInfo -> handleSastIssue(xIssues, mainResultInfo, additionalResultInfos, projectId, scanId, issuesBySeverity));
CxScanSummary scanSummary = getCxScanSummary(scan);
Map<String, Object> flowSummary = new HashMap<>();
flowSummary.put(Constants.SUMMARY_KEY, issuesBySeverity);
flowSummary.put(Constants.SCAN_ID_KEY, scanId);
results.additionalDetails(flowSummary);
results.scanSummary(scanSummary);
}
// SCA
List<SCAScanResult> rawScanResults = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSca).orElse(null);
if (rawScanResults != null) {
logRawScaScanResults(rawScanResults);
List<Finding> findings = new ArrayList<>();
List<Package> packages = new ArrayList<>();
log.info("Processing SCA results");
rawScanResults.stream().filter(rawScanResult -> !rawScanResult.isIgnored()).filter(applyScaFilter(filter)).forEach(rawScanResult -> handleScaIssue(xIssues, findings, packages, rawScanResult));
logFindings(findings);
logPackages(packages);
SCAResults scaResults = new SCAResults();
scaResults.setFindings(findings);
scaResults.setPackages(packages);
if (!rawScanResults.isEmpty()) {
scaResults.setScanId(rawScanResults.get(0).getScanId().toString());
}
Summary summary = getScaScanSummary(scan);
scaResults.setSummary(summary);
String urlTemplate = cxGoProperties.getPortalUrl().concat(SCA_DEEP_LINK);
String scaDeepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
scaResults.setWebReportLink(scaDeepLink);
results.scaResults(scaResults);
}
results.xIssues(xIssues);
results.projectId(projectId.toString());
String urlTemplate = cxGoProperties.getPortalUrl().concat(DEEP_LINK);
String deepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
results.link(deepLink);
return results.build();
}
use of com.checkmarx.sdk.dto.sca.report.Finding in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class GoScanner method handleScaIssue.
/**
* Creates and adds a new item to each of the input lists based on scaResult properties.
*/
private void handleScaIssue(List<ScanResults.XIssue> xIssues, List<Finding> findings, List<Package> packages, SCAScanResult scaResult) {
Finding finding = toFinding(scaResult);
findings.add(finding);
Package pkg = toPackage(scaResult);
packages.add(pkg);
ScanResults.ScaDetails scaDetail = ScanResults.ScaDetails.builder().finding(finding).vulnerabilityLink("N/A").vulnerabilityPackage(pkg).build();
List<ScanResults.ScaDetails> scaDetails = Collections.singletonList(scaDetail);
xIssues.add(ScanResults.XIssue.builder().similarityId(finding.getSimilarityId()).severity(finding.getSeverity().toString()).description(finding.getDescription()).scaDetails(scaDetails).build());
}
use of com.checkmarx.sdk.dto.sca.report.Finding in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class ScaScanner method applyFilterToResults.
@Override
protected void applyFilterToResults(AstScaResults combinedResults, ScanParams scanParams) {
EngineFilterConfiguration filterConfig = extractFilterConfigFrom(scanParams);
List<Finding> findingsToRetain = new ArrayList<>();
combinedResults.getScaResults().getFindings().forEach(finding -> {
if (passesFilter(finding, filterConfig)) {
findingsToRetain.add(finding);
}
});
combinedResults.getScaResults().setFindings(findingsToRetain);
}
use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.
the class SonarQubeIssueTracker method generateScaResults.
private void generateScaResults(ScanResults results, List<Issue> sonarIssues) {
// Sonar Report for Sca Result
Map<String, List<Finding>> findingsMap = results.getScaResults().getFindings().stream().collect(Collectors.groupingBy(Finding::getPackageId));
List<Package> packages = new ArrayList<>(results.getScaResults().getPackages());
Map<String, Package> map = new HashMap<>();
for (Package p : packages) map.put(p.getId(), p);
for (Map.Entry<String, List<Finding>> entry : findingsMap.entrySet()) {
String key = entry.getKey();
Package vulnerablePackage = map.get(key);
StringBuilder messageBuilder = new StringBuilder();
List<Finding> val = entry.getValue();
List<String> tags = new ArrayList<>();
val.forEach(v -> {
vulnerablePackage.getLocations().forEach(k -> {
messageBuilder.append("Package:").append(v.getPackageId()).append(",").append("Description:").append(v.getDescription()).append(",").append("Score:").append(v.getScore());
sonarIssues.add(Issue.builder().engineId(properties.getScaScannerName()).ruleId(v.getId()).severity(properties.getSeverityMap().get(v.getSeverity()) != null ? properties.getSeverityMap().get(v.getSeverity()) : DEFAULT_LEVEL).type("VULNERABILITY").primaryLocation(ILocation.builder().filePath(k).message(messageBuilder.toString()).textRange(TextRange.builder().startLine(1).endLine(1).build()).build()).build());
});
});
}
}
Aggregations