Search in sources :

Example 1 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method executeCxScan.

public ScanDetails executeCxScan(ScanRequest request, File cxFile) throws MachinaException {
    String osaScanId;
    Integer scanId = null;
    Integer projectId;
    try {
        /*Check if team is provided*/
        String ownerId = getScanRequestConverter().determineTeamAndOwnerID(request);
        log.debug("Auto profiling is enabled");
        projectId = getScanRequestConverter().determinePresetAndProjectId(request, ownerId);
        CxScanParams params = getScanRequestConverter().prepareScanParamsObject(request, cxFile, ownerId, projectId);
        scanId = getScannerClient().createScan(params, getComment(request));
        osaScanId = createOsaScan(request, projectId);
        if (osaScanId != null) {
            logRequest(request, osaScanId, cxFile, OperationResult.successful());
        }
    } catch (GitHubRepoUnavailableException e) {
        // an error stack trace in the log.
        return new ScanDetails(UNKNOWN_INT, UNKNOWN_INT, new CompletableFuture<>(), false);
    } catch (CheckmarxException | GitAPIException e) {
        String extendedMessage = treatFailure(request, cxFile, scanId, e);
        throw new MachinaException("Checkmarx Error Occurred: " + extendedMessage);
    }
    logRequest(request, scanId, cxFile, OperationResult.successful());
    this.scanDetails = new ScanDetails(projectId, scanId, osaScanId);
    return scanDetails;
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams) GitAPIException(org.eclipse.jgit.api.errors.GitAPIException) CompletableFuture(java.util.concurrent.CompletableFuture) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) GitHubRepoUnavailableException(com.checkmarx.flow.exception.GitHubRepoUnavailableException)

Example 2 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class ScanSteps method verifyJsonLoggerAndScanStatus.

@And("output json logger will have Scan request {string} and scan status will be {string}")
public void verifyJsonLoggerAndScanStatus(String repoUrl, String scanStatus) {
    JsonLoggerTestUtils testUtils = new JsonLoggerTestUtils();
    JsonNode node;
    try {
        // AnalyticsReport report = testUtils.getReportNode(ScanReport.OPERATION, ScanReport.class);
        node = testUtils.getReportNode(ScanReport.OPERATION);
        if (this.repoType.equals(ScanRequest.Repository.GITHUB)) {
            assertEquals((ScanRequest.Repository.GITHUB.toString()), node.get("repoType").textValue());
            assertEquals(this.branch, node.get("branch").textValue());
            assertEquals(repoUrl, AesEncryptionUtils.decrypt(node.get("repoUrl").textValue().trim()));
        } else {
            assertEquals("NA", node.get("repoType").textValue());
            if (!errorExpected) {
                assertEquals(fileRepo.getPath(), AesEncryptionUtils.decrypt(node.get("repoUrl").textValue().trim()));
            }
        }
        assertTrue(node.get("scanStatus").get("message").textValue().startsWith(scanStatus));
        assertEquals(cxProperties.getIncremental() ? "Inc" : "Full", node.get("scanType").textValue());
        if (!errorExpected) {
            assertNotEquals("NA", node.get("scanId").textValue());
        }
    } catch (IOException | CheckmarxException e) {
        fail(e.getMessage());
    } finally {
        try {
            testUtils.clearLogContents();
            errorExpected = false;
        } catch (Exception e) {
            fail(e.getMessage());
        }
    }
}
Also used : CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) JsonNode(com.fasterxml.jackson.databind.JsonNode) JsonLoggerTestUtils(com.checkmarx.flow.cucumber.common.JsonLoggerTestUtils) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) And(io.cucumber.java.en.And)

Example 3 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class SCAScanner method cxParseResults.

@Override
protected void cxParseResults(ScanRequest scanRequest, File file) throws ExitThrowable {
    RestClientConfig restClientConfig;
    IScanClientHelper iScanClientHelper;
    try {
        ScanParams sdkScanParams = ScanParams.builder().projectName(scanRequest.getProject()).scaConfig(scanRequest.getScaConfig()).filterConfiguration(scanRequest.getFilter()).build();
        restClientConfig = scaScannerClient.getScanConfig(sdkScanParams);
        iScanClientHelper = new ScaClientHelper(restClientConfig, log, scaProperties);
        ScanResults results = iScanClientHelper.getReportContent(file, scanRequest.getFilter());
        resultsService.processResults(scanRequest, results, scanDetails);
        if (flowProperties.isBreakBuild() && results != null && results.getXIssues() != null && !results.getXIssues().isEmpty()) {
            log.error(ERROR_BREAK_MSG);
            exit(ExitCode.BUILD_INTERRUPTED);
        }
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred while processing results file", e);
        exit(3);
    }
}
Also used : ScaClientHelper(com.checkmarx.sdk.utils.scanner.client.ScaClientHelper) ScanParams(com.checkmarx.sdk.dto.ast.ScanParams) ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) IScanClientHelper(com.checkmarx.sdk.utils.scanner.client.IScanClientHelper) RestClientConfig(com.checkmarx.sdk.config.RestClientConfig)

Example 4 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class JsonLoggerTestUtils method main.

public static void main(String[] args) {
    JsonLoggerTestUtils utils;
    AnalyticsReport reportObject = null;
    if (args != null && args.length > 0) {
        utils = new JsonLoggerTestUtils(args[0]);
    } else {
        utils = new JsonLoggerTestUtils();
    }
    try {
        String lastLine = utils.getLastLine();
        ObjectMapper objectMapper = new ObjectMapper();
        JsonNode jsonNode;
        jsonNode = objectMapper.readTree(lastLine).get(JiraTicketsReport.OPERATION);
        if (jsonNode != null) {
            reportObject = utils.getAnalyticsReport(JiraTicketsReport.class, objectMapper, jsonNode);
        }
        if (reportObject == null) {
            jsonNode = objectMapper.readTree(lastLine).get(ScanReport.OPERATION);
            if (jsonNode != null) {
                reportObject = utils.getAnalyticsReport(ScanReport.class, objectMapper, jsonNode);
            }
        }
        if (reportObject == null) {
            jsonNode = objectMapper.readTree(lastLine).get(ScanResultsReport.OPERATION);
            if (jsonNode != null) {
                reportObject = utils.getAnalyticsReport(ScanResultsReport.class, objectMapper, jsonNode);
            }
        }
        if (reportObject == null) {
            jsonNode = objectMapper.readTree(lastLine).get(PullRequestReport.OPERATION);
            if (jsonNode != null) {
                reportObject = utils.getAnalyticsReport(PullRequestReport.class, objectMapper, jsonNode);
            }
        }
        System.out.println(reportObject);
    } catch (CheckmarxException | JsonProcessingException e) {
        e.printStackTrace();
    }
}
Also used : CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) JsonNode(com.fasterxml.jackson.databind.JsonNode) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Example 5 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class JsonLoggerTestUtils method getLastLine.

public String getLastLine() throws CheckmarxException {
    try (FileInputStream inputStream = new FileInputStream(logAbsolutePath);
        BufferedReader streamReader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) {
        boolean moreLines = true;
        String lastLine = streamReader.readLine();
        String nextScanRequest;
        while (moreLines) {
            nextScanRequest = streamReader.readLine();
            if (nextScanRequest != null) {
                lastLine = nextScanRequest;
            } else {
                moreLines = false;
            }
        }
        return lastLine;
    } catch (IOException e) {
        throw new CheckmarxException(e.getMessage());
    }
}
Also used : CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)

Aggregations

CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)62 HttpStatusCodeException (org.springframework.web.client.HttpStatusCodeException)23 ScanResults (com.checkmarx.sdk.dto.ScanResults)11 HttpEntity (org.springframework.http.HttpEntity)10 MachinaException (com.checkmarx.flow.exception.MachinaException)8 Test (org.junit.Test)7 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)7 File (java.io.File)6 JSONObject (org.json.JSONObject)6 CxProject (com.checkmarx.sdk.dto.cx.CxProject)5 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)4 IOException (java.io.IOException)4 JAXBContext (javax.xml.bind.JAXBContext)4 JAXBException (javax.xml.bind.JAXBException)4 Unmarshaller (javax.xml.bind.Unmarshaller)4 XMLInputFactory (javax.xml.stream.XMLInputFactory)3 GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)3 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)3 SoapActionCallback (org.springframework.ws.soap.client.core.SoapActionCallback)3 ScanReport (com.checkmarx.flow.dto.report.ScanReport)2