Example 1 with Severity
use of com.checkmarx.sdk.dto.scansummary.Severity in project cx-flow by checkmarx-ltd.
the class ThresholdValidatorImpl method isAllowedSca.
private boolean isAllowedSca(ScanResults scanResults, ScanRequest request) {
log.debug("Checking if CxSCA pull request merge is allowed.");
Map<Severity, Integer> scaThresholdsSeverity = getScaEffectiveThresholdsSeverity(request);
Double scaThresholdsScore = getScaEffectiveThresholdsScore(request);
boolean isAllowedSca;
// isPolicyViolated flag gets the top priority whether to the break build or not
SCAResults scaResults = scanResults.getScaResults();
if (scaResults.isPolicyViolated()) {
printViolatedPoliciesNames(scaResults.getViolatedPolicies());
isAllowedSca = false;
} else {
writeMapToLog(scaThresholdsSeverity, "Using CxSCA thresholds severity");
writeMapToLog(scaThresholdsScore, "Using CxSCA thresholds score");
isAllowedSca = !isAnyScaThresholdsExceeded(scanResults, scaThresholdsSeverity, scaThresholdsScore);
logIsAllowed(isAllowedSca);
}
return isAllowedSca;
}
Also used :
FindingSeverity(com.checkmarx.flow.config.FindingSeverity)
Severity(com.checkmarx.sdk.dto.scansummary.Severity)
SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)
Example 2 with Severity
use of com.checkmarx.sdk.dto.scansummary.Severity in project cx-flow by checkmarx-ltd.
the class ThresholdValidatorImpl method isAnyScaThresholdsExceeded.
private static boolean isAnyScaThresholdsExceeded(ScanResults scanResults, Map<Severity, Integer> scaThresholds, Double scaThresholdsScore) {
boolean isExceeded = isExceedsScaThresholdsScore(scanResults, scaThresholdsScore);
Map<Severity, Integer> scaFindingsCountsPerSeverity = getScaFindingsCountsPerSeverity(scanResults);
for (Map.Entry<Severity, Integer> entry : scaFindingsCountsPerSeverity.entrySet()) {
Severity severity = entry.getKey();
Integer thresholdCount = scaThresholds.get(severity);
if (thresholdCount == null) {
continue;
}
Integer findingsCount = entry.getValue();
if (findingsCount > thresholdCount) {
isExceeded = true;
logScaThresholdExceedsCounts(true, severity, thresholdCount, findingsCount);
// Don't break here, because we want to log validation for all the thresholds.
} else {
logScaThresholdExceedsCounts(false, severity, thresholdCount, findingsCount);
}
}
return isExceeded;
}
Also used :
FindingSeverity(com.checkmarx.flow.config.FindingSeverity)
Severity(com.checkmarx.sdk.dto.scansummary.Severity)
Example 3 with Severity
use of com.checkmarx.sdk.dto.scansummary.Severity in project cx-flow by checkmarx-ltd.
the class ScaThresholdsSteps method max_findings_score_threshold_score.
@When("max findings score is {word} threshold-score")
public void max_findings_score_threshold_score(String scoreType) {
Double findingsScore = generateScoreThresholds(scoreType);
scaResults = new SCAResults();
scaResults.setScanId("2");
Summary summary = new Summary();
summary.setRiskScore(findingsScore);
List<Finding> findings = new ArrayList<>();
Stream<com.checkmarx.sdk.dto.sast.Filter.Severity> severityStream = Arrays.stream(Filter.Severity.values());
Arrays.stream(Severity.values()).forEach(severity -> populateFindings(findings, severity, 10));
scaResults.setFindings(findings);
Map<Filter.Severity, Integer> findingCounts = severityStream.collect(Collectors.toMap(Function.identity(), v -> 10));
summary.setFindingCounts(findingCounts);
scaResults.setSummary(summary);
}
Also used :
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
TestUtils(com.checkmarx.flow.cucumber.common.utils.TestUtils)
java.util(java.util)
Then(io.cucumber.java.en.Then)
ScanResults(com.checkmarx.sdk.dto.ScanResults)
FlowProperties(com.checkmarx.flow.config.FlowProperties)
Function(java.util.function.Function)
ThresholdValidator(com.checkmarx.flow.service.ThresholdValidator)
And(io.cucumber.java.en.And)
BugTracker(com.checkmarx.flow.dto.BugTracker)
CxFlowApplication(com.checkmarx.flow.CxFlowApplication)
Given(io.cucumber.java.en.Given)
PullRequestReport(com.checkmarx.flow.dto.report.PullRequestReport)
Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals)
ScaScanner(com.checkmarx.sdk.service.scanner.ScaScanner)
ThresholdValidatorImpl(com.checkmarx.flow.service.ThresholdValidatorImpl)
RepoProperties(com.checkmarx.flow.config.RepoProperties)
Filter(com.checkmarx.sdk.dto.sast.Filter)
When(io.cucumber.java.en.When)
ScaProperties(com.checkmarx.sdk.config.ScaProperties)
CxFlowMocksConfig(com.checkmarx.test.flow.config.CxFlowMocksConfig)
Mockito.when(org.mockito.Mockito.when)
IntegrationTestContext(com.checkmarx.flow.cucumber.integration.cli.IntegrationTestContext)
Summary(com.checkmarx.sdk.dto.sca.Summary)
Collectors(java.util.stream.Collectors)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)
Slf4j(lombok.extern.slf4j.Slf4j)
Stream(java.util.stream.Stream)
ExitThrowable(com.checkmarx.flow.exception.ExitThrowable)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Severity(com.checkmarx.sdk.dto.scansummary.Severity)
Finding(com.checkmarx.sdk.dto.sca.report.Finding)
Before(io.cucumber.java.Before)
AstScaResults(com.checkmarx.sdk.dto.AstScaResults)
Assert(org.junit.Assert)
Severity(com.checkmarx.sdk.dto.scansummary.Severity)
SCAResults(com.checkmarx.sdk.dto.sca.SCAResults)
Finding(com.checkmarx.sdk.dto.sca.report.Finding)
Summary(com.checkmarx.sdk.dto.sca.Summary)
When(io.cucumber.java.en.When)
Example 4 with Severity
use of com.checkmarx.sdk.dto.scansummary.Severity in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class ScaClientHelper method getScaFindings.
private List<Finding> getScaFindings(VulnerabilitiesType vulnerabilitiesType) {
Finding finding = new Finding();
List<Finding> findingList = new ArrayList<>();
List<String> references = new ArrayList<>();
List<String> reference = new ArrayList<>();
for (int count = 0; count < vulnerabilitiesType.getVulnerability().size(); count++) {
finding.setId(vulnerabilitiesType.getVulnerability().get(count).getId());
finding.setCveName(vulnerabilitiesType.getVulnerability().get(count).getCveName());
finding.setScore(vulnerabilitiesType.getVulnerability().get(count).getScore());
references = vulnerabilitiesType.getVulnerability().get(count).getReferences().getReference();
reference = new ArrayList<>();
for (int referenceCount = 0; referenceCount < references.size(); referenceCount++) {
reference.add(references.get(referenceCount));
finding.setReferences(reference);
}
Severity severity = scaToScanResultSeverity(vulnerabilitiesType.getVulnerability().get(count).getSeverity());
finding.setSeverity(severity);
finding.setPublishDate(vulnerabilitiesType.getVulnerability().get(count).getPublishDate().toString());
finding.setCveName(vulnerabilitiesType.getVulnerability().get(count).getCveName());
finding.setDescription(vulnerabilitiesType.getVulnerability().get(count).getDescription());
finding.setRecommendations(vulnerabilitiesType.getVulnerability().get(count).getRecommendations());
finding.setPackageId(vulnerabilitiesType.getVulnerability().get(count).getPackageId());
finding.setIgnored(Boolean.parseBoolean(vulnerabilitiesType.getVulnerability().get(count).getIsIgnored()));
finding.setViolatingPolicy(Boolean.parseBoolean(vulnerabilitiesType.getVulnerability().get(count).getIsViolatingPolicy()));
finding.setFixResolutionText(String.valueOf(vulnerabilitiesType.getVulnerability().get(count).getFixResolutionText()));
findingList.add(finding);
finding = new Finding();
}
return findingList;
}
Also used :
Severity(com.checkmarx.sdk.dto.scansummary.Severity)
Example 5 with Severity
use of com.checkmarx.sdk.dto.scansummary.Severity in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class AstClientHelper method setFindingCountsPerSeverity.
private static void setFindingCountsPerSeverity(List<SeverityCounter> nativeCounters, AstSummaryResults target) {
if (nativeCounters == null) {
return;
}
for (SeverityCounter counter : nativeCounters) {
Severity parsedSeverity = EnumUtils.getEnum(Severity.class, counter.getSeverity());
int value = counter.getCounter();
if (parsedSeverity != null) {
if (parsedSeverity == Severity.HIGH) {
target.setHighVulnerabilityCount(value);
} else if (parsedSeverity == Severity.MEDIUM) {
target.setMediumVulnerabilityCount(value);
} else if (parsedSeverity == Severity.LOW) {
target.setLowVulnerabilityCount(value);
}
}
}
}
Also used :
Severity(com.checkmarx.sdk.dto.scansummary.Severity)
Aggregations
Severity (com.checkmarx.sdk.dto.scansummary.Severity)6
SCAResults (com.checkmarx.sdk.dto.sca.SCAResults)3
CxFlowApplication (com.checkmarx.flow.CxFlowApplication)2
FindingSeverity (com.checkmarx.flow.config.FindingSeverity)2
FlowProperties (com.checkmarx.flow.config.FlowProperties)2
RepoProperties (com.checkmarx.flow.config.RepoProperties)2
TestUtils (com.checkmarx.flow.cucumber.common.utils.TestUtils)2
IntegrationTestContext (com.checkmarx.flow.cucumber.integration.cli.IntegrationTestContext)2
BugTracker (com.checkmarx.flow.dto.BugTracker)2
PullRequestReport (com.checkmarx.flow.dto.report.PullRequestReport)2
ExitThrowable (com.checkmarx.flow.exception.ExitThrowable)2
ThresholdValidator (com.checkmarx.flow.service.ThresholdValidator)2
ThresholdValidatorImpl (com.checkmarx.flow.service.ThresholdValidatorImpl)2
ScaProperties (com.checkmarx.sdk.config.ScaProperties)2
AstScaResults (com.checkmarx.sdk.dto.AstScaResults)2
ScanResults (com.checkmarx.sdk.dto.ScanResults)2
Filter (com.checkmarx.sdk.dto.sast.Filter)2
Summary (com.checkmarx.sdk.dto.sca.Summary)2
Finding (com.checkmarx.sdk.dto.sca.report.Finding)2
ScaScanner (com.checkmarx.sdk.service.scanner.ScaScanner)2
