use of com.checkmarx.sdk.dto.scansummary.Severity in project cx-flow by checkmarx-ltd.
the class ThresholdValidatorImpl method isAllowedSca.
private boolean isAllowedSca(ScanResults scanResults, ScanRequest request) {
log.debug("Checking if CxSCA pull request merge is allowed.");
Map<Severity, Integer> scaThresholdsSeverity = getScaEffectiveThresholdsSeverity(request);
Double scaThresholdsScore = getScaEffectiveThresholdsScore(request);
boolean isAllowedSca;
// isPolicyViolated flag gets the top priority whether to the break build or not
SCAResults scaResults = scanResults.getScaResults();
if (scaResults.isPolicyViolated()) {
printViolatedPoliciesNames(scaResults.getViolatedPolicies());
isAllowedSca = false;
} else {
writeMapToLog(scaThresholdsSeverity, "Using CxSCA thresholds severity");
writeMapToLog(scaThresholdsScore, "Using CxSCA thresholds score");
isAllowedSca = !isAnyScaThresholdsExceeded(scanResults, scaThresholdsSeverity, scaThresholdsScore);
logIsAllowed(isAllowedSca);
}
return isAllowedSca;
}
use of com.checkmarx.sdk.dto.scansummary.Severity in project cx-flow by checkmarx-ltd.
the class ThresholdValidatorImpl method isAnyScaThresholdsExceeded.
private static boolean isAnyScaThresholdsExceeded(ScanResults scanResults, Map<Severity, Integer> scaThresholds, Double scaThresholdsScore) {
boolean isExceeded = isExceedsScaThresholdsScore(scanResults, scaThresholdsScore);
Map<Severity, Integer> scaFindingsCountsPerSeverity = getScaFindingsCountsPerSeverity(scanResults);
for (Map.Entry<Severity, Integer> entry : scaFindingsCountsPerSeverity.entrySet()) {
Severity severity = entry.getKey();
Integer thresholdCount = scaThresholds.get(severity);
if (thresholdCount == null) {
continue;
}
Integer findingsCount = entry.getValue();
if (findingsCount > thresholdCount) {
isExceeded = true;
logScaThresholdExceedsCounts(true, severity, thresholdCount, findingsCount);
// Don't break here, because we want to log validation for all the thresholds.
} else {
logScaThresholdExceedsCounts(false, severity, thresholdCount, findingsCount);
}
}
return isExceeded;
}
use of com.checkmarx.sdk.dto.scansummary.Severity in project cx-flow by checkmarx-ltd.
the class ScaThresholdsSteps method max_findings_score_threshold_score.
@When("max findings score is {word} threshold-score")
public void max_findings_score_threshold_score(String scoreType) {
Double findingsScore = generateScoreThresholds(scoreType);
scaResults = new SCAResults();
scaResults.setScanId("2");
Summary summary = new Summary();
summary.setRiskScore(findingsScore);
List<Finding> findings = new ArrayList<>();
Stream<com.checkmarx.sdk.dto.sast.Filter.Severity> severityStream = Arrays.stream(Filter.Severity.values());
Arrays.stream(Severity.values()).forEach(severity -> populateFindings(findings, severity, 10));
scaResults.setFindings(findings);
Map<Filter.Severity, Integer> findingCounts = severityStream.collect(Collectors.toMap(Function.identity(), v -> 10));
summary.setFindingCounts(findingCounts);
scaResults.setSummary(summary);
}
use of com.checkmarx.sdk.dto.scansummary.Severity in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class ScaClientHelper method getScaFindings.
private List<Finding> getScaFindings(VulnerabilitiesType vulnerabilitiesType) {
Finding finding = new Finding();
List<Finding> findingList = new ArrayList<>();
List<String> references = new ArrayList<>();
List<String> reference = new ArrayList<>();
for (int count = 0; count < vulnerabilitiesType.getVulnerability().size(); count++) {
finding.setId(vulnerabilitiesType.getVulnerability().get(count).getId());
finding.setCveName(vulnerabilitiesType.getVulnerability().get(count).getCveName());
finding.setScore(vulnerabilitiesType.getVulnerability().get(count).getScore());
references = vulnerabilitiesType.getVulnerability().get(count).getReferences().getReference();
reference = new ArrayList<>();
for (int referenceCount = 0; referenceCount < references.size(); referenceCount++) {
reference.add(references.get(referenceCount));
finding.setReferences(reference);
}
Severity severity = scaToScanResultSeverity(vulnerabilitiesType.getVulnerability().get(count).getSeverity());
finding.setSeverity(severity);
finding.setPublishDate(vulnerabilitiesType.getVulnerability().get(count).getPublishDate().toString());
finding.setCveName(vulnerabilitiesType.getVulnerability().get(count).getCveName());
finding.setDescription(vulnerabilitiesType.getVulnerability().get(count).getDescription());
finding.setRecommendations(vulnerabilitiesType.getVulnerability().get(count).getRecommendations());
finding.setPackageId(vulnerabilitiesType.getVulnerability().get(count).getPackageId());
finding.setIgnored(Boolean.parseBoolean(vulnerabilitiesType.getVulnerability().get(count).getIsIgnored()));
finding.setViolatingPolicy(Boolean.parseBoolean(vulnerabilitiesType.getVulnerability().get(count).getIsViolatingPolicy()));
finding.setFixResolutionText(String.valueOf(vulnerabilitiesType.getVulnerability().get(count).getFixResolutionText()));
findingList.add(finding);
finding = new Finding();
}
return findingList;
}
use of com.checkmarx.sdk.dto.scansummary.Severity in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class AstClientHelper method setFindingCountsPerSeverity.
private static void setFindingCountsPerSeverity(List<SeverityCounter> nativeCounters, AstSummaryResults target) {
if (nativeCounters == null) {
return;
}
for (SeverityCounter counter : nativeCounters) {
Severity parsedSeverity = EnumUtils.getEnum(Severity.class, counter.getSeverity());
int value = counter.getCounter();
if (parsedSeverity != null) {
if (parsedSeverity == Severity.HIGH) {
target.setHighVulnerabilityCount(value);
} else if (parsedSeverity == Severity.MEDIUM) {
target.setMediumVulnerabilityCount(value);
} else if (parsedSeverity == Severity.LOW) {
target.setLowVulnerabilityCount(value);
}
}
}
}
Aggregations