Search in sources :

Example 11 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.

the class ScaThresholdsSteps method getFakeSCAResults.

private SCAResults getFakeSCAResults(String findingsName) {
    SCAResults scaResults = new SCAResults();
    scaResults.setScanId("1");
    Summary summary = new Summary();
    Map<Filter.Severity, Integer> summaryMap = new EnumMap<>(Filter.Severity.class);
    List<Finding> findings = new LinkedList<>();
    Map<String, String> specMap = findingsDefs.stream().filter(findingsDef -> findingsDef.get("name").equals(findingsName)).findAny().get();
    EnumSet.allOf(Severity.class).forEach(severity -> {
        String spec = specMap.get(severity.name().toLowerCase());
        log.info("{}-spec: {}", severity, spec);
        /* create findings */
        Integer count = Arrays.stream(spec.split("-than-")).mapToInt(v -> "more".equals(v) ? 3 : "less".equals(v) ? -3 : Integer.parseInt(v)).reduce(0, Integer::sum);
        log.info("going to generate {} issues with {} severity", count, severity);
        summaryMap.put(Filter.Severity.valueOf(severity.name()), count);
        populateFindings(findings, severity, count);
    });
    summary.setFindingCounts(summaryMap);
    scaResults.setFindings(findings);
    scaResults.setSummary(summary);
    return scaResults;
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestUtils(com.checkmarx.flow.cucumber.common.utils.TestUtils) java.util(java.util) Then(io.cucumber.java.en.Then) ScanResults(com.checkmarx.sdk.dto.ScanResults) FlowProperties(com.checkmarx.flow.config.FlowProperties) Function(java.util.function.Function) ThresholdValidator(com.checkmarx.flow.service.ThresholdValidator) And(io.cucumber.java.en.And) BugTracker(com.checkmarx.flow.dto.BugTracker) CxFlowApplication(com.checkmarx.flow.CxFlowApplication) Given(io.cucumber.java.en.Given) PullRequestReport(com.checkmarx.flow.dto.report.PullRequestReport) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) ScaScanner(com.checkmarx.sdk.service.scanner.ScaScanner) ThresholdValidatorImpl(com.checkmarx.flow.service.ThresholdValidatorImpl) RepoProperties(com.checkmarx.flow.config.RepoProperties) Filter(com.checkmarx.sdk.dto.sast.Filter) When(io.cucumber.java.en.When) ScaProperties(com.checkmarx.sdk.config.ScaProperties) CxFlowMocksConfig(com.checkmarx.test.flow.config.CxFlowMocksConfig) Mockito.when(org.mockito.Mockito.when) IntegrationTestContext(com.checkmarx.flow.cucumber.integration.cli.IntegrationTestContext) Summary(com.checkmarx.sdk.dto.sca.Summary) Collectors(java.util.stream.Collectors) InvocationTargetException(java.lang.reflect.InvocationTargetException) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) Slf4j(lombok.extern.slf4j.Slf4j) Stream(java.util.stream.Stream) ExitThrowable(com.checkmarx.flow.exception.ExitThrowable) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Severity(com.checkmarx.sdk.dto.scansummary.Severity) Finding(com.checkmarx.sdk.dto.sca.report.Finding) Before(io.cucumber.java.Before) AstScaResults(com.checkmarx.sdk.dto.AstScaResults) Assert(org.junit.Assert) Severity(com.checkmarx.sdk.dto.scansummary.Severity) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults) Filter(com.checkmarx.sdk.dto.sast.Filter) Finding(com.checkmarx.sdk.dto.sca.report.Finding) Summary(com.checkmarx.sdk.dto.sca.Summary)

Example 12 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.

the class ScanUtils method getScaSummaryIssueKey.

/**
 * @param request   The scanRequest object
 * @param issue     The scanResults issue
 * @param extraTags Extra tags array. Jira issue prefix/postfix are on the [0], [1] positions
 * @return  Issue key according to the bug type parameter
 */
public static String getScaSummaryIssueKey(ScanRequest request, ScanResults.XIssue issue, String... extraTags) {
    ScanResults.ScaDetails scaDetails = issue.getScaDetails().get(0);
    String bugType = request.getBugTracker().getType().getType();
    switch(bugType) {
        case "JIRA":
            String issuePrefix = extraTags[0];
            String issuePostfix = extraTags[1];
            Finding detailsFindings = scaDetails.getFinding();
            Package vulnerabilityPackage = scaDetails.getVulnerabilityPackage();
            return anyEmpty(request.getNamespace(), request.getRepoName(), request.getBranch()) ? getJiraScaSummaryIssueKeyWithoutBranch(request, issuePrefix, issuePostfix, detailsFindings, vulnerabilityPackage) : getJiraScaSummaryIssueKey(request, issuePrefix, issuePostfix, detailsFindings, vulnerabilityPackage);
        case "CUSTOM":
            return anyEmpty(request.getBranch(), request.getNamespace(), request.getRepoName()) ? getCustomScaSummaryIssueKeyWithoutBranch(request, scaDetails) : getCustomScaSummaryIssueKey(request, scaDetails);
        default:
            throw new NotImplementedException("Summary issue key wasn't implemented yet for bug type: {}", bugType);
    }
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) Finding(com.checkmarx.sdk.dto.sca.report.Finding) NotImplementedException(org.apache.commons.lang3.NotImplementedException) Package(com.checkmarx.sdk.dto.sca.report.Package)

Example 13 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.

the class GetResultsAnalyticsTestSteps method createFakeSCAScanResults.

private static ScanResults createFakeSCAScanResults(int high, int medium, int low) {
    Map<Filter.Severity, Integer> findingCounts = new HashMap<Filter.Severity, Integer>();
    SCAResults scaResults = new SCAResults();
    scaResults.setScanId("" + SCAN_ID);
    List<Finding> findings = new LinkedList<>();
    addFinding(high, findingCounts, findings, Severity.HIGH, Filter.Severity.HIGH);
    addFinding(medium, findingCounts, findings, Severity.MEDIUM, Filter.Severity.MEDIUM);
    addFinding(low, findingCounts, findings, Severity.LOW, Filter.Severity.LOW);
    Summary summary = new Summary();
    summary.setFindingCounts(findingCounts);
    scaResults.setFindings(findings);
    scaResults.setSummary(summary);
    scaResults.setPackages(new LinkedList<>());
    return ScanResults.builder().scaResults(scaResults).xIssues(new ArrayList<>()).build();
}
Also used : Filter(com.checkmarx.sdk.dto.sast.Filter) Finding(com.checkmarx.sdk.dto.sca.report.Finding) Summary(com.checkmarx.sdk.dto.sca.Summary) CxScanSummary(com.checkmarx.sdk.dto.cx.CxScanSummary) FindingSeverity(com.checkmarx.flow.config.FindingSeverity) Severity(com.checkmarx.sdk.dto.scansummary.Severity) SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)

Example 14 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project cx-flow by checkmarx-ltd.

the class AnalyticsSteps method addFinding.

private static void addFinding(Integer countFindingsPerSeverity, Map<Filter.Severity, Integer> findingCounts, List<Finding> findings, Severity severity, Filter.Severity filterSeverity) {
    for (int i = 0; i < countFindingsPerSeverity; i++) {
        Finding fnd = new Finding();
        fnd.setSeverity(severity);
        fnd.setPackageId("");
        findings.add(fnd);
    }
    findingCounts.put(filterSeverity, countFindingsPerSeverity);
}
Also used : Finding(com.checkmarx.sdk.dto.sca.report.Finding)

Example 15 with Finding

use of com.checkmarx.sdk.dto.sca.report.Finding in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class GoScanner method toFinding.

private static Finding toFinding(SCAScanResult scaResult) {
    Finding finding = new Finding();
    finding.setCveName(scaResult.getCveName());
    finding.setDescription(scaResult.getDescription());
    finding.setId(scaResult.getId());
    finding.setIgnored(scaResult.isIgnored());
    finding.setPackageId(scaResult.getPackageId());
    finding.setFixResolutionText(scaResult.getFixResolutionText());
    finding.setPublishDate(scaResult.getPublishedAt());
    finding.setScore(scaResult.getScore());
    finding.setSimilarityId(scaResult.getSimilarityId());
    finding.setSeverity(Severity.valueOf(scaResult.getSeverity().getSeverity().toUpperCase()));
    finding.setSeverity(Severity.valueOf(scaResult.getSeverity().getSeverity().toUpperCase()));
    return finding;
}
Also used : Finding(com.checkmarx.sdk.dto.sca.report.Finding)

Aggregations

Finding (com.checkmarx.sdk.dto.sca.report.Finding)15 Package (com.checkmarx.sdk.dto.sca.report.Package)6 ScanResults (com.checkmarx.sdk.dto.ScanResults)5 SCAResults (com.checkmarx.sdk.dto.sca.SCAResults)5 Summary (com.checkmarx.sdk.dto.sca.Summary)5 Severity (com.checkmarx.sdk.dto.scansummary.Severity)4 CxScanSummary (com.checkmarx.sdk.dto.cx.CxScanSummary)3 Filter (com.checkmarx.sdk.dto.sast.Filter)3 CxFlowApplication (com.checkmarx.flow.CxFlowApplication)2 FindingSeverity (com.checkmarx.flow.config.FindingSeverity)2 FlowProperties (com.checkmarx.flow.config.FlowProperties)2 RepoProperties (com.checkmarx.flow.config.RepoProperties)2 TestUtils (com.checkmarx.flow.cucumber.common.utils.TestUtils)2 IntegrationTestContext (com.checkmarx.flow.cucumber.integration.cli.IntegrationTestContext)2 BugTracker (com.checkmarx.flow.dto.BugTracker)2 PullRequestReport (com.checkmarx.flow.dto.report.PullRequestReport)2 ExitThrowable (com.checkmarx.flow.exception.ExitThrowable)2 ThresholdValidator (com.checkmarx.flow.service.ThresholdValidator)2 ThresholdValidatorImpl (com.checkmarx.flow.service.ThresholdValidatorImpl)2 ScaProperties (com.checkmarx.sdk.config.ScaProperties)2