Search in sources :

Example 6 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.

the class ScaThresholdsSteps method populateFindings.

private void populateFindings(List<Finding> findings, Severity severity, Integer count) {
    for (int i = 0; i < count; i++) {
        Finding fnd = new Finding();
        fnd.setSeverity(severity);
        fnd.setPackageId("");
        findings.add(fnd);
    }
}
Also used : Finding(com.checkmarx.sdk.dto.sca.report.Finding)

Example 7 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class GoScanner method getReportContentByScanId.

@Override
public ScanResults getReportContentByScanId(Integer scanId, FilterConfiguration filter) throws CheckmarxException {
    ScanResults.ScanResultsBuilder results = ScanResults.builder();
    Scan scan = getScanDetails(scanId);
    Integer projectId = scan.getProjectId();
    Integer buId = scan.getBusinessUnitId();
    Integer appId = scan.getApplicationId();
    GoScanResults resultFromAllEngines = getScanResults(scanId);
    List<ScanResults.XIssue> xIssues = new ArrayList<>();
    // SAST
    List<SASTScanResult> mainResultInfos = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSast).orElse(null);
    if (mainResultInfos != null) {
        Map<String, OdScanResultItem> additionalResultInfos = getScanResultsPage(projectId, scanId);
        Map<String, Integer> issuesBySeverity = new HashMap<>();
        log.debug("SAST finding count before filtering: {}", mainResultInfos.size());
        log.info("Processing SAST results");
        mainResultInfos.stream().filter(applySastFilter(additionalResultInfos, filter)).forEach(mainResultInfo -> handleSastIssue(xIssues, mainResultInfo, additionalResultInfos, projectId, scanId, issuesBySeverity));
        CxScanSummary scanSummary = getCxScanSummary(scan);
        Map<String, Object> flowSummary = new HashMap<>();
        flowSummary.put(Constants.SUMMARY_KEY, issuesBySeverity);
        flowSummary.put(Constants.SCAN_ID_KEY, scanId);
        results.additionalDetails(flowSummary);
        results.scanSummary(scanSummary);
    }
    // SCA
    List<SCAScanResult> rawScanResults = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSca).orElse(null);
    if (rawScanResults != null) {
        logRawScaScanResults(rawScanResults);
        List<Finding> findings = new ArrayList<>();
        List<Package> packages = new ArrayList<>();
        log.info("Processing SCA results");
        rawScanResults.stream().filter(rawScanResult -> !rawScanResult.isIgnored()).filter(applyScaFilter(filter)).forEach(rawScanResult -> handleScaIssue(xIssues, findings, packages, rawScanResult));
        logFindings(findings);
        logPackages(packages);
        SCAResults scaResults = new SCAResults();
        scaResults.setFindings(findings);
        scaResults.setPackages(packages);
        if (!rawScanResults.isEmpty()) {
            scaResults.setScanId(rawScanResults.get(0).getScanId().toString());
        }
        Summary summary = getScaScanSummary(scan);
        scaResults.setSummary(summary);
        String urlTemplate = cxGoProperties.getPortalUrl().concat(SCA_DEEP_LINK);
        String scaDeepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
        scaResults.setWebReportLink(scaDeepLink);
        results.scaResults(scaResults);
    }
    results.xIssues(xIssues);
    results.projectId(projectId.toString());
    String urlTemplate = cxGoProperties.getPortalUrl().concat(DEEP_LINK);
    String deepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
    results.link(deepLink);
    return results.build();
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) Finding(com.checkmarx.sdk.dto.sca.report.Finding) Summary(com.checkmarx.sdk.dto.sca.Summary) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) JSONObject(org.json.JSONObject) Package(com.checkmarx.sdk.dto.sca.report.Package)

Example 8 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class GoScanner method handleScaIssue.

/**
 * Creates and adds a new item to each of the input lists based on scaResult properties.
 */
private void handleScaIssue(List<ScanResults.XIssue> xIssues, List<Finding> findings, List<Package> packages, SCAScanResult scaResult) {
    Finding finding = toFinding(scaResult);
    findings.add(finding);
    Package pkg = toPackage(scaResult);
    packages.add(pkg);
    ScanResults.ScaDetails scaDetail = ScanResults.ScaDetails.builder().finding(finding).vulnerabilityLink("N/A").vulnerabilityPackage(pkg).build();
    List<ScanResults.ScaDetails> scaDetails = Collections.singletonList(scaDetail);
    xIssues.add(ScanResults.XIssue.builder().similarityId(finding.getSimilarityId()).severity(finding.getSeverity().toString()).description(finding.getDescription()).scaDetails(scaDetails).build());
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) Finding(com.checkmarx.sdk.dto.sca.report.Finding) Package(com.checkmarx.sdk.dto.sca.report.Package)

Example 9 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaScanner method applyFilterToResults.

@Override
protected void applyFilterToResults(AstScaResults combinedResults, ScanParams scanParams) {
    EngineFilterConfiguration filterConfig = extractFilterConfigFrom(scanParams);
    List<Finding> findingsToRetain = new ArrayList<>();
    combinedResults.getScaResults().getFindings().forEach(finding -> {
        if (passesFilter(finding, filterConfig)) {
            findingsToRetain.add(finding);
        }
    });
    combinedResults.getScaResults().setFindings(findingsToRetain);
}
Also used : Finding(com.checkmarx.sdk.dto.sca.report.Finding) ArrayList(java.util.ArrayList) EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)

Example 10 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.

the class SonarQubeIssueTracker method generateScaResults.

private void generateScaResults(ScanResults results, List<Issue> sonarIssues) {
    // Sonar Report for Sca Result
    Map<String, List<Finding>> findingsMap = results.getScaResults().getFindings().stream().collect(Collectors.groupingBy(Finding::getPackageId));
    List<Package> packages = new ArrayList<>(results.getScaResults().getPackages());
    Map<String, Package> map = new HashMap<>();
    for (Package p : packages) map.put(p.getId(), p);
    for (Map.Entry<String, List<Finding>> entry : findingsMap.entrySet()) {
        String key = entry.getKey();
        Package vulnerablePackage = map.get(key);
        StringBuilder messageBuilder = new StringBuilder();
        List<Finding> val = entry.getValue();
        List<String> tags = new ArrayList<>();
        val.forEach(v -> {
            vulnerablePackage.getLocations().forEach(k -> {
                messageBuilder.append("Package:").append(v.getPackageId()).append(",").append("Description:").append(v.getDescription()).append(",").append("Score:").append(v.getScore());
                sonarIssues.add(Issue.builder().engineId(properties.getScaScannerName()).ruleId(v.getId()).severity(properties.getSeverityMap().get(v.getSeverity()) != null ? properties.getSeverityMap().get(v.getSeverity()) : DEFAULT_LEVEL).type("VULNERABILITY").primaryLocation(ILocation.builder().filePath(k).message(messageBuilder.toString()).textRange(TextRange.builder().startLine(1).endLine(1).build()).build()).build());
            });
        });
    }
}
Also used : Finding(com.checkmarx.sdk.dto.sca.report.Finding) Package(com.checkmarx.sdk.dto.sca.report.Package)

Aggregations

Finding (com.checkmarx.sdk.dto.sca.report.Finding)15 Package (com.checkmarx.sdk.dto.sca.report.Package)6 ScanResults (com.checkmarx.sdk.dto.ScanResults)5 SCAResults (com.checkmarx.sdk.dto.sca.SCAResults)5 Summary (com.checkmarx.sdk.dto.sca.Summary)5 Severity (com.checkmarx.sdk.dto.scansummary.Severity)4 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)3 Filter (com.checkmarx.sdk.dto.sast.Filter)3 CxFlowApplication (com.checkmarx.flow.CxFlowApplication)2 FindingSeverity (com.checkmarx.flow.config.FindingSeverity)2 FlowProperties (com.checkmarx.flow.config.FlowProperties)2 RepoProperties (com.checkmarx.flow.config.RepoProperties)2 TestUtils (com.checkmarx.flow.cucumber.common.utils.TestUtils)2 IntegrationTestContext (com.checkmarx.flow.cucumber.integration.cli.IntegrationTestContext)2 BugTracker (com.checkmarx.flow.dto.BugTracker)2 PullRequestReport (com.checkmarx.flow.dto.report.PullRequestReport)2 ExitThrowable (com.checkmarx.flow.exception.ExitThrowable)2 ThresholdValidator (com.checkmarx.flow.service.ThresholdValidator)2 ThresholdValidatorImpl (com.checkmarx.flow.service.ThresholdValidatorImpl)2 ScaProperties (com.checkmarx.sdk.config.ScaProperties)2