use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.
the class ScaThresholdsSteps method getFakeSCAResults.
private SCAResults getFakeSCAResults(String findingsName) {
SCAResults scaResults = new SCAResults();
scaResults.setScanId("1");
Summary summary = new Summary();
Map<Filter.Severity, Integer> summaryMap = new EnumMap<>(Filter.Severity.class);
List<Finding> findings = new LinkedList<>();
Map<String, String> specMap = findingsDefs.stream().filter(findingsDef -> findingsDef.get("name").equals(findingsName)).findAny().get();
EnumSet.allOf(Severity.class).forEach(severity -> {
String spec = specMap.get(severity.name().toLowerCase());
log.info("{}-spec: {}", severity, spec);
/* create findings */
Integer count = Arrays.stream(spec.split("-than-")).mapToInt(v -> "more".equals(v) ? 3 : "less".equals(v) ? -3 : Integer.parseInt(v)).reduce(0, Integer::sum);
log.info("going to generate {} issues with {} severity", count, severity);
summaryMap.put(Filter.Severity.valueOf(severity.name()), count);
populateFindings(findings, severity, count);
});
summary.setFindingCounts(summaryMap);
scaResults.setFindings(findings);
scaResults.setSummary(summary);
return scaResults;
}
use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.
the class ScanUtils method getScaSummaryIssueKey.
/**
* @param request The scanRequest object
* @param issue The scanResults issue
* @param extraTags Extra tags array. Jira issue prefix/postfix are on the [0], [1] positions
* @return Issue key according to the bug type parameter
*/
public static String getScaSummaryIssueKey(ScanRequest request, ScanResults.XIssue issue, String... extraTags) {
ScanResults.ScaDetails scaDetails = issue.getScaDetails().get(0);
String bugType = request.getBugTracker().getType().getType();
switch(bugType) {
case "JIRA":
String issuePrefix = extraTags[0];
String issuePostfix = extraTags[1];
Finding detailsFindings = scaDetails.getFinding();
Package vulnerabilityPackage = scaDetails.getVulnerabilityPackage();
return anyEmpty(request.getNamespace(), request.getRepoName(), request.getBranch()) ? getJiraScaSummaryIssueKeyWithoutBranch(request, issuePrefix, issuePostfix, detailsFindings, vulnerabilityPackage) : getJiraScaSummaryIssueKey(request, issuePrefix, issuePostfix, detailsFindings, vulnerabilityPackage);
case "CUSTOM":
return anyEmpty(request.getBranch(), request.getNamespace(), request.getRepoName()) ? getCustomScaSummaryIssueKeyWithoutBranch(request, scaDetails) : getCustomScaSummaryIssueKey(request, scaDetails);
default:
throw new NotImplementedException("Summary issue key wasn't implemented yet for bug type: {}", bugType);
}
}
use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.
the class GetResultsAnalyticsTestSteps method createFakeSCAScanResults.
private static ScanResults createFakeSCAScanResults(int high, int medium, int low) {
Map<Filter.Severity, Integer> findingCounts = new HashMap<Filter.Severity, Integer>();
SCAResults scaResults = new SCAResults();
scaResults.setScanId("" + SCAN_ID);
List<Finding> findings = new LinkedList<>();
addFinding(high, findingCounts, findings, Severity.HIGH, Filter.Severity.HIGH);
addFinding(medium, findingCounts, findings, Severity.MEDIUM, Filter.Severity.MEDIUM);
addFinding(low, findingCounts, findings, Severity.LOW, Filter.Severity.LOW);
Summary summary = new Summary();
summary.setFindingCounts(findingCounts);
scaResults.setFindings(findings);
scaResults.setSummary(summary);
scaResults.setPackages(new LinkedList<>());
return ScanResults.builder().scaResults(scaResults).xIssues(new ArrayList<>()).build();
}
use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.
the class AnalyticsSteps method addFinding.
private static void addFinding(Integer countFindingsPerSeverity, Map<Filter.Severity, Integer> findingCounts, List<Finding> findings, Severity severity, Filter.Severity filterSeverity) {
for (int i = 0; i < countFindingsPerSeverity; i++) {
Finding fnd = new Finding();
fnd.setSeverity(severity);
fnd.setPackageId("");
findings.add(fnd);
}
findingCounts.put(filterSeverity, countFindingsPerSeverity);
}
use of com.checkmarx.sdk.dto.sca.report.Finding in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class GoScanner method toFinding.
private static Finding toFinding(SCAScanResult scaResult) {
Finding finding = new Finding();
finding.setCveName(scaResult.getCveName());
finding.setDescription(scaResult.getDescription());
finding.setId(scaResult.getId());
finding.setIgnored(scaResult.isIgnored());
finding.setPackageId(scaResult.getPackageId());
finding.setFixResolutionText(scaResult.getFixResolutionText());
finding.setPublishDate(scaResult.getPublishedAt());
finding.setScore(scaResult.getScore());
finding.setSimilarityId(scaResult.getSimilarityId());
finding.setSeverity(Severity.valueOf(scaResult.getSeverity().getSeverity().toUpperCase()));
finding.setSeverity(Severity.valueOf(scaResult.getSeverity().getSeverity().toUpperCase()));
return finding;
}
Aggregations