use of com.checkmarx.sdk.dto.sca.report.Package in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class GoScanner method toPackage.
private static Package toPackage(SCAScanResult scaResult) {
Package pkg = new Package();
pkg.setId(scaResult.getPackageId());
pkg.setVersion(scaResult.getFixResolutionText());
pkg.setName(scaResult.getPackageId());
return pkg;
}
use of com.checkmarx.sdk.dto.sca.report.Package in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class GoScanner method getReportContentByScanId.
@Override
public ScanResults getReportContentByScanId(Integer scanId, FilterConfiguration filter) throws CheckmarxException {
ScanResults.ScanResultsBuilder results = ScanResults.builder();
Scan scan = getScanDetails(scanId);
Integer projectId = scan.getProjectId();
Integer buId = scan.getBusinessUnitId();
Integer appId = scan.getApplicationId();
GoScanResults resultFromAllEngines = getScanResults(scanId);
List<ScanResults.XIssue> xIssues = new ArrayList<>();
// SAST
List<SASTScanResult> mainResultInfos = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSast).orElse(null);
if (mainResultInfos != null) {
Map<String, OdScanResultItem> additionalResultInfos = getScanResultsPage(projectId, scanId);
Map<String, Integer> issuesBySeverity = new HashMap<>();
log.debug("SAST finding count before filtering: {}", mainResultInfos.size());
log.info("Processing SAST results");
mainResultInfos.stream().filter(applySastFilter(additionalResultInfos, filter)).forEach(mainResultInfo -> handleSastIssue(xIssues, mainResultInfo, additionalResultInfos, projectId, scanId, issuesBySeverity));
CxScanSummary scanSummary = getCxScanSummary(scan);
Map<String, Object> flowSummary = new HashMap<>();
flowSummary.put(Constants.SUMMARY_KEY, issuesBySeverity);
flowSummary.put(Constants.SCAN_ID_KEY, scanId);
results.additionalDetails(flowSummary);
results.scanSummary(scanSummary);
}
// SCA
List<SCAScanResult> rawScanResults = Optional.ofNullable(resultFromAllEngines).map(GoScanResults::getSca).orElse(null);
if (rawScanResults != null) {
logRawScaScanResults(rawScanResults);
List<Finding> findings = new ArrayList<>();
List<Package> packages = new ArrayList<>();
log.info("Processing SCA results");
rawScanResults.stream().filter(rawScanResult -> !rawScanResult.isIgnored()).filter(applyScaFilter(filter)).forEach(rawScanResult -> handleScaIssue(xIssues, findings, packages, rawScanResult));
logFindings(findings);
logPackages(packages);
SCAResults scaResults = new SCAResults();
scaResults.setFindings(findings);
scaResults.setPackages(packages);
if (!rawScanResults.isEmpty()) {
scaResults.setScanId(rawScanResults.get(0).getScanId().toString());
}
Summary summary = getScaScanSummary(scan);
scaResults.setSummary(summary);
String urlTemplate = cxGoProperties.getPortalUrl().concat(SCA_DEEP_LINK);
String scaDeepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
scaResults.setWebReportLink(scaDeepLink);
results.scaResults(scaResults);
}
results.xIssues(xIssues);
results.projectId(projectId.toString());
String urlTemplate = cxGoProperties.getPortalUrl().concat(DEEP_LINK);
String deepLink = String.format(urlTemplate, buId, appId, projectId, scanId);
results.link(deepLink);
return results.build();
}
use of com.checkmarx.sdk.dto.sca.report.Package in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class GoScanner method handleScaIssue.
/**
* Creates and adds a new item to each of the input lists based on scaResult properties.
*/
private void handleScaIssue(List<ScanResults.XIssue> xIssues, List<Finding> findings, List<Package> packages, SCAScanResult scaResult) {
Finding finding = toFinding(scaResult);
findings.add(finding);
Package pkg = toPackage(scaResult);
packages.add(pkg);
ScanResults.ScaDetails scaDetail = ScanResults.ScaDetails.builder().finding(finding).vulnerabilityLink("N/A").vulnerabilityPackage(pkg).build();
List<ScanResults.ScaDetails> scaDetails = Collections.singletonList(scaDetail);
xIssues.add(ScanResults.XIssue.builder().similarityId(finding.getSimilarityId()).severity(finding.getSeverity().toString()).description(finding.getDescription()).scaDetails(scaDetails).build());
}
use of com.checkmarx.sdk.dto.sca.report.Package in project cx-flow by checkmarx-ltd.
the class SonarQubeIssueTracker method generateScaResults.
private void generateScaResults(ScanResults results, List<Issue> sonarIssues) {
// Sonar Report for Sca Result
Map<String, List<Finding>> findingsMap = results.getScaResults().getFindings().stream().collect(Collectors.groupingBy(Finding::getPackageId));
List<Package> packages = new ArrayList<>(results.getScaResults().getPackages());
Map<String, Package> map = new HashMap<>();
for (Package p : packages) map.put(p.getId(), p);
for (Map.Entry<String, List<Finding>> entry : findingsMap.entrySet()) {
String key = entry.getKey();
Package vulnerablePackage = map.get(key);
StringBuilder messageBuilder = new StringBuilder();
List<Finding> val = entry.getValue();
List<String> tags = new ArrayList<>();
val.forEach(v -> {
vulnerablePackage.getLocations().forEach(k -> {
messageBuilder.append("Package:").append(v.getPackageId()).append(",").append("Description:").append(v.getDescription()).append(",").append("Score:").append(v.getScore());
sonarIssues.add(Issue.builder().engineId(properties.getScaScannerName()).ruleId(v.getId()).severity(properties.getSeverityMap().get(v.getSeverity()) != null ? properties.getSeverityMap().get(v.getSeverity()) : DEFAULT_LEVEL).type("VULNERABILITY").primaryLocation(ILocation.builder().filePath(k).message(messageBuilder.toString()).textRange(TextRange.builder().startLine(1).endLine(1).build()).build()).build());
});
});
}
}
use of com.checkmarx.sdk.dto.sca.report.Package in project cx-flow by checkmarx-ltd.
the class ScanUtils method getScaSummaryIssueKey.
/**
* @param request The scanRequest object
* @param issue The scanResults issue
* @param extraTags Extra tags array. Jira issue prefix/postfix are on the [0], [1] positions
* @return Issue key according to the bug type parameter
*/
public static String getScaSummaryIssueKey(ScanRequest request, ScanResults.XIssue issue, String... extraTags) {
ScanResults.ScaDetails scaDetails = issue.getScaDetails().get(0);
String bugType = request.getBugTracker().getType().getType();
switch(bugType) {
case "JIRA":
String issuePrefix = extraTags[0];
String issuePostfix = extraTags[1];
Finding detailsFindings = scaDetails.getFinding();
Package vulnerabilityPackage = scaDetails.getVulnerabilityPackage();
return anyEmpty(request.getNamespace(), request.getRepoName(), request.getBranch()) ? getJiraScaSummaryIssueKeyWithoutBranch(request, issuePrefix, issuePostfix, detailsFindings, vulnerabilityPackage) : getJiraScaSummaryIssueKey(request, issuePrefix, issuePostfix, detailsFindings, vulnerabilityPackage);
case "CUSTOM":
return anyEmpty(request.getBranch(), request.getNamespace(), request.getRepoName()) ? getCustomScaSummaryIssueKeyWithoutBranch(request, scaDetails) : getCustomScaSummaryIssueKey(request, scaDetails);
default:
throw new NotImplementedException("Summary issue key wasn't implemented yet for bug type: {}", bugType);
}
}
Aggregations