Search in sources :

Example 6 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class ThresholdsSteps method initMock.

private void initMock(CxClient cxClientMock) {
    try {
        CxProject cxProject = CxProject.builder().id(1).name("testproject").isPublic(false).customFields(Collections.EMPTY_LIST).build();
        ScanResultsAnswerer answerer = new ScanResultsAnswerer();
        when(cxClientMock.getReportContentByScanId(anyInt(), any())).thenAnswer(answerer);
        when(cxClientMock.getProject(anyInt())).thenReturn(cxProject);
        when(cxClientMock.getTeamId(anyString())).thenReturn("1");
    } catch (CheckmarxException e) {
        Assert.fail("Error initializing mock." + e);
    }
}
Also used : CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Example 7 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxServiceTest method getReportContent.

@Test
public void getReportContent() {
    properties.setOffline(true);
    File file = new File(getClass().getClassLoader().getResource("ScanReport.xml").getFile());
    try {
        ScanResults results = service.getReportContent(file, null);
        assertNotNull(results);
        List<ScanResults.XIssue> issues = results.getXIssues().stream().filter(x -> x.getFalsePositiveCount() > 0).collect(Collectors.toList());
        assertEquals(2, issues.size());
        assertEquals("Command_Injection", issues.get(0).getVulnerability());
        List<ScanResults.XIssue> sqlIssues = results.getXIssues().stream().filter(x -> x.getVulnerability().equalsIgnoreCase("SQL_INJECTION") && x.getSeverity().equalsIgnoreCase("HIGH")).collect(Collectors.toList());
        assertEquals(3, sqlIssues.size());
    } catch (CheckmarxException e) {
        fail("Unexpected Exception");
    }
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) CxProperties(com.checkmarx.sdk.config.CxProperties) ScanResults(com.checkmarx.sdk.dto.ScanResults) RunWith(org.junit.runner.RunWith) Autowired(org.springframework.beans.factory.annotation.Autowired) Import(org.springframework.context.annotation.Import) Test(org.junit.Test) Mockito.when(org.mockito.Mockito.when) Collectors(java.util.stream.Collectors) File(java.io.File) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) HttpStatus(org.springframework.http.HttpStatus) HttpClientErrorException(org.springframework.web.client.HttpClientErrorException) List(java.util.List) SpringConfiguration(com.checkmarx.sdk.config.SpringConfiguration) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) CxAuthService(com.checkmarx.sdk.service.CxAuthService) CxService(com.checkmarx.sdk.service.CxService) Qualifier(org.springframework.beans.factory.annotation.Qualifier) CxLegacyService(com.checkmarx.sdk.service.CxLegacyService) SpringRunner(org.springframework.test.context.junit4.SpringRunner) Assert(org.junit.Assert) RestTemplate(org.springframework.web.client.RestTemplate) MockBean(org.springframework.boot.test.mock.mockito.MockBean) ScanResults(com.checkmarx.sdk.dto.ScanResults) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) File(java.io.File) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 8 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxLegacyService method deleteTeam.

void deleteTeam(String sessionId, String teamId) throws CheckmarxException {
    DeleteTeam request = new DeleteTeam();
    request.setSessionID(sessionId);
    request.setTeamID(teamId);
    log.info("Deleting team id {}", teamId);
    try {
        DeleteTeamResponse response = (DeleteTeamResponse) ws.marshalSendAndReceive(ws.getDefaultUri(), request, new SoapActionCallback(CX_WS_DELETE_TEAM_URI));
        if (!response.getDeleteTeamResult().isIsSuccesfull()) {
            log.error("Error occurred while deleting Team id {}", teamId);
            throw new CheckmarxException("Error occurred during team deletion");
        }
    } catch (NullPointerException e) {
        log.error("Error occurred while deleting Team id {}", teamId);
        throw new CheckmarxException("Error occurred during team deletion");
    }
}
Also used : SoapActionCallback(org.springframework.ws.soap.client.core.SoapActionCallback) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)

Example 9 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaClientHelper method getReportContent.

@Override
public ScanResults getReportContent(File file, FilterConfiguration filter) throws CheckmarxException {
    SCAResults scaResult = new SCAResults();
    ScanResults result = null;
    if (file == null) {
        throw new CheckmarxException("File not provided for processing of results");
    }
    try {
        /* protect against XXE */
        JAXBContext jc = JAXBContext.newInstance(SCARiskReportType.class);
        XMLInputFactory xif = XMLInputFactory.newInstance();
        xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
        xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
        xif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, false);
        Unmarshaller unmarshaller = jc.createUnmarshaller();
        List<ScanResults.XIssue> issueList = new ArrayList<>();
        JAXBElement<SCARiskReportType> event = (JAXBElement<SCARiskReportType>) unmarshaller.unmarshal(file);
        SCARiskReportType scaResults = event.getValue();
        ScanResults.ScanResultsBuilder scaScanBuilder = ScanResults.builder();
        RiskReportSummaryType iskReportSummaryType = scaResults.getRiskReportSummary();
        PackagesType packagesType = scaResults.getPackages();
        VulnerabilitiesType vulnerabilitiesType = scaResults.getVulnerabilities();
        LicensesType licensesType = scaResults.getLicenses();
        PoliciesType policiesType = scaResults.getPolicies();
        this.scanId = iskReportSummaryType.getRiskReportId();
        this.projectId = iskReportSummaryType.getProjectId();
        scaResult = getLatestScaResults(iskReportSummaryType, packagesType, vulnerabilitiesType, licensesType, policiesType);
        scaResult.setScanId(scanId);
        AstScaResults internalResults = new AstScaResults(new SCAResults(), new ASTResults());
        result = toScanResults(scaResult);
        return result;
    } catch (JAXBException e) {
        log.error(ERROR_WITH_XML_REPORT);
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
    } catch (NullPointerException e) {
        log.info("Null error");
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
    }
}
Also used : CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) JAXBException(javax.xml.bind.JAXBException) ASTResults(com.checkmarx.sdk.dto.ast.ASTResults) JAXBContext(javax.xml.bind.JAXBContext) JAXBElement(javax.xml.bind.JAXBElement) Unmarshaller(javax.xml.bind.Unmarshaller) XMLInputFactory(javax.xml.stream.XMLInputFactory)

Example 10 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScanSettingsClientImpl method getEngineConfigurationId.

@Override
public int getEngineConfigurationId(String configurationName) throws CheckmarxException {
    HttpEntity<Void> httpEntity = new HttpEntity<>(authClient.createAuthHeaders());
    int defaultConfigId = Constants.UNKNOWN_INT;
    try {
        log.info("Retrieving Cx engineConfigurations");
        ResponseEntity<CxScanEngine[]> response = restTemplate.exchange(cxProperties.getUrl().concat(ENGINE_CONFIGURATIONS), HttpMethod.GET, httpEntity, CxScanEngine[].class);
        CxScanEngine[] engines = response.getBody();
        if (engines == null) {
            throw new CheckmarxException("Error obtaining Scan configurations");
        }
        log.debug("Engine configurations found: {}.", engines.length);
        for (CxScanEngine engine : engines) {
            String engineName = engine.getName();
            int engineId = engine.getId();
            if (engineName.equalsIgnoreCase(configurationName)) {
                log.info("Found xml/engine configuration {} with ID {}", configurationName, engineId);
                return engineId;
            }
        }
        log.warn("No scan configuration found for {}", configurationName);
        log.warn("Scan Configuration {} with ID {} will be used instead", Constants.CX_DEFAULT_CONFIGURATION, defaultConfigId);
        return defaultConfigId;
    } catch (HttpStatusCodeException e) {
        log.error("Error occurred while retrieving engine configurations");
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException("Error obtaining Configuration Id");
    }
}
Also used : CxScanEngine(com.checkmarx.sdk.dto.cx.CxScanEngine) HttpEntity(org.springframework.http.HttpEntity) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException)

Aggregations

CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)62 HttpStatusCodeException (org.springframework.web.client.HttpStatusCodeException)23 ScanResults (com.checkmarx.sdk.dto.ScanResults)11 HttpEntity (org.springframework.http.HttpEntity)10 MachinaException (com.checkmarx.flow.exception.MachinaException)8 Test (org.junit.Test)7 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)7 File (java.io.File)6 JSONObject (org.json.JSONObject)6 CxProject (com.checkmarx.sdk.dto.cx.CxProject)5 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)4 IOException (java.io.IOException)4 JAXBContext (javax.xml.bind.JAXBContext)4 JAXBException (javax.xml.bind.JAXBException)4 Unmarshaller (javax.xml.bind.Unmarshaller)4 XMLInputFactory (javax.xml.stream.XMLInputFactory)3 GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)3 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)3 SoapActionCallback (org.springframework.ws.soap.client.core.SoapActionCallback)3 ScanReport (com.checkmarx.flow.dto.report.ScanReport)2