Search in sources :

Example 16 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxLegacyService method moveTeam.

void moveTeam(String sessionId, String teamId, String newParentId) throws CheckmarxException {
    MoveTeam request = new MoveTeam();
    request.setSessionID(sessionId);
    request.setSourceID(teamId);
    request.setDestenationID(newParentId);
    log.info("Moving team {} to under {}", teamId, newParentId);
    try {
        MoveTeamResponse response = (MoveTeamResponse) ws.marshalSendAndReceive(ws.getDefaultUri(), request, new SoapActionCallback(CX_WS_MOVE_TEAM_URI));
        if (!response.getMoveTeamResult().isIsSuccesfull()) {
            log.error("Error occurred while moving team {} under parentId {}", teamId, newParentId);
            throw new CheckmarxException("Error occurred during team move");
        }
    } catch (NullPointerException e) {
        log.error("Error occurred while moving team {} under parentId {}", teamId, newParentId);
        throw new CheckmarxException("Error occurred during team move");
    }
}
Also used : SoapActionCallback(org.springframework.ws.soap.client.core.SoapActionCallback) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)

Example 17 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxService method deleteTeam.

@Override
public void deleteTeam(String teamId) throws CheckmarxException {
    if (cxProperties.getVersion() < 9.0) {
        deleteTeamWS(teamId);
    } else {
        HttpEntity httpEntity = new HttpEntity<>(authClient.createAuthHeaders());
        log.debug("Deleting team with id {}", teamId);
        try {
            ResponseEntity<String> projects = restTemplate.exchange(cxProperties.getUrl().concat(TEAM), HttpMethod.DELETE, httpEntity, String.class, teamId);
        } catch (HttpStatusCodeException e) {
            log.error("HTTP Status Code of {} while deleting team Id {}", e.getStatusCode(), teamId);
            log.error(ExceptionUtils.getStackTrace(e));
            throw new CheckmarxException("Error occurred deleting team with id ".concat(teamId));
        }
    }
}
Also used : CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException)

Example 18 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxService method getReportStatus.

/**
 * Get the status of a report being generated by reportId
 */
@Override
public Integer getReportStatus(Integer reportId) throws CheckmarxException {
    HttpEntity<HttpHeaders> httpEntity = new HttpEntity<>(authClient.createAuthHeaders());
    log.info("Retrieving report status of report Id {}", reportId);
    try {
        ResponseEntity<String> projects = restTemplate.exchange(cxProperties.getUrl().concat(REPORT_STATUS), HttpMethod.GET, httpEntity, String.class, reportId);
        JSONObject obj = new JSONObject(projects.getBody());
        JSONObject status = obj.getJSONObject("status");
        log.debug("Report status is {} - {} for report Id {}", status.getInt("id"), status.getString("value"), reportId);
        return status.getInt("id");
    } catch (HttpStatusCodeException e) {
        log.error("HTTP Status Code of {} while getting report status for report Id {}", e.getStatusCode(), reportId);
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException("HTTP Error ".concat(ExceptionUtils.getRootCauseMessage(e)));
    } catch (JSONException e) {
        log.error("Error processing JSON Response");
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException("JSON Parse Error ".concat(ExceptionUtils.getRootCauseMessage(e)));
    }
}
Also used : JSONObject(org.json.JSONObject) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) JSONException(org.json.JSONException) HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException)

Example 19 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxService method getReportContent.

/**
 * Retrieve the report by reportId, mapped to ScanResults DTO, applying filtering as requested
 */
@Override
public ScanResults getReportContent(Integer reportId, FilterConfiguration filter) throws CheckmarxException {
    HttpHeaders headers = authClient.createAuthHeaders();
    headers.setContentType(MediaType.APPLICATION_XML);
    HttpEntity httpEntity = new HttpEntity<>(headers);
    String session = null;
    try {
        /* login to legacy SOAP CX Client to retrieve description */
        session = authClient.getLegacySession();
    } catch (InvalidCredentialsException e) {
        log.error("Error occurring while logging into Legacy SOAP based WebService - issue description will remain blank");
    }
    log.info("Retrieving report contents of report Id {} in XML format", reportId);
    try {
        ResponseEntity<String> resultsXML = restTemplate.exchange(cxProperties.getUrl().concat(REPORT_DOWNLOAD), HttpMethod.GET, httpEntity, String.class, reportId);
        String xml = resultsXML.getBody();
        log.debug(REPORT_LENGTH_MESSAGE, xml.length());
        log.debug("Headers: {}", resultsXML.getHeaders().toSingleValueMap());
        log.info("Report downloaded for report Id {}", reportId);
        /*Remove any chars before the start xml tag*/
        xml = xml.trim().replaceFirst("^([\\W]+)<", "<");
        log.debug(REPORT_LENGTH_MESSAGE, xml.length());
        String xml2 = ScanUtils.cleanStringUTF8_2(xml);
        log.trace("XML2: {}", xml2);
        InputStream xmlStream = new ByteArrayInputStream(Objects.requireNonNull(xml2.getBytes()));
        /* protect against XXE */
        JAXBContext jc = JAXBContext.newInstance(CxXMLResultsType.class);
        XMLInputFactory xif = XMLInputFactory.newInstance();
        xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
        xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
        xif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, false);
        List<ScanResults.XIssue> xIssueList = new ArrayList<>();
        CxXMLResultsType cxResults;
        try {
            XMLStreamReader xsr = xif.createXMLStreamReader(xmlStream);
            Unmarshaller unmarshaller = jc.createUnmarshaller();
            cxResults = (CxXMLResultsType) unmarshaller.unmarshal(xsr);
        } catch (UnmarshalException e) {
            log.warn("Issue occurred performing unmashall step - trying again {}", ExceptionUtils.getMessage(e));
            if (resultsXML.getBody() != null) {
                log.error("Writing raw response from CX to {}", "CX_".concat(String.valueOf(reportId)));
                ScanUtils.writeByte("CX_".concat(String.valueOf(reportId)), resultsXML.getBody().getBytes());
                xml2 = ScanUtils.cleanStringUTF8(xml);
                xmlStream = new ByteArrayInputStream(Objects.requireNonNull(xml2.getBytes()));
                XMLStreamReader xsr = xif.createXMLStreamReader(xmlStream);
                Unmarshaller unmarshaller = jc.createUnmarshaller();
                cxResults = (CxXMLResultsType) unmarshaller.unmarshal(xsr);
            } else {
                log.error("CX Response for report {} was null", reportId);
                throw new CheckmarxException("CX report was empty (null)");
            }
        }
        ScanResults.ScanResultsBuilder cxScanBuilder = ScanResults.builder();
        cxScanBuilder.projectId(cxResults.getProjectId());
        cxScanBuilder.team(cxResults.getTeam());
        cxScanBuilder.project(cxResults.getProjectName());
        cxScanBuilder.link(cxResults.getDeepLink());
        cxScanBuilder.files(cxResults.getFilesScanned());
        cxScanBuilder.loc(cxResults.getLinesOfCodeScanned());
        cxScanBuilder.scanType(cxResults.getScanType());
        Map<String, Integer> summary = getIssues(filter, session, xIssueList, cxResults);
        cxScanBuilder.xIssues(xIssueList);
        cxScanBuilder.additionalDetails(getAdditionalScanDetails(cxResults));
        CxScanSummary scanSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId()));
        cxScanBuilder.scanSummary(scanSummary);
        ScanResults results = cxScanBuilder.build();
        // Add the summary map (severity, count)
        results.getAdditionalDetails().put(Constants.SUMMARY_KEY, summary);
        if (cxProperties.getPreserveXml()) {
            results.setOutput(xml);
        }
        return results;
    } catch (HttpStatusCodeException e) {
        log.error("HTTP Status Code of {} while getting downloading report contents of report Id {}", e.getStatusCode(), reportId);
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException("Error while processing scan results for report Id {}".concat(reportId.toString()));
    } catch (XMLStreamException | JAXBException e) {
        log.error(ERROR_WITH_XML_REPORT);
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_RESULTS.concat(reportId.toString()));
    } catch (NullPointerException e) {
        log.info("Null Error");
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_RESULTS.concat(reportId.toString()));
    }
}
Also used : XMLStreamReader(javax.xml.stream.XMLStreamReader) ScanResults(com.checkmarx.sdk.dto.ScanResults) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) JAXBContext(javax.xml.bind.JAXBContext) HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException) UnmarshalException(javax.xml.bind.UnmarshalException) Unmarshaller(javax.xml.bind.Unmarshaller) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) JAXBException(javax.xml.bind.JAXBException) XMLStreamException(javax.xml.stream.XMLStreamException) InvalidCredentialsException(com.checkmarx.sdk.exception.InvalidCredentialsException) ByteArrayInputStream(java.io.ByteArrayInputStream) XMLInputFactory(javax.xml.stream.XMLInputFactory)

Example 20 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxService method getReportContent.

/**
 * Parse CX report file, mapped to ScanResults DTO, applying filtering as requested
 */
public ScanResults getReportContent(File file, FilterConfiguration filter) throws CheckmarxException {
    if (file == null) {
        throw new CheckmarxException("File not provided for processing of results");
    }
    String session = null;
    try {
        if (!cxProperties.getOffline()) {
            session = authClient.getLegacySession();
        }
    } catch (InvalidCredentialsException e) {
        log.error("Error occurring while logging into Legacy SOAP based WebService - issue description will remain blank");
    }
    try {
        /* protect against XXE */
        JAXBContext jc = JAXBContext.newInstance(CxXMLResultsType.class);
        XMLInputFactory xif = XMLInputFactory.newInstance();
        xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
        xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
        xif.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, false);
        Unmarshaller unmarshaller = jc.createUnmarshaller();
        List<ScanResults.XIssue> issueList = new ArrayList<>();
        CxXMLResultsType cxResults = (CxXMLResultsType) unmarshaller.unmarshal(file);
        ScanResults.ScanResultsBuilder cxScanBuilder = ScanResults.builder();
        cxScanBuilder.projectId(cxResults.getProjectId());
        cxScanBuilder.team(cxResults.getTeam());
        cxScanBuilder.project(cxResults.getProjectName());
        cxScanBuilder.link(cxResults.getDeepLink());
        cxScanBuilder.files(cxResults.getFilesScanned());
        cxScanBuilder.loc(cxResults.getLinesOfCodeScanned());
        cxScanBuilder.scanType(cxResults.getScanType());
        Map<String, Integer> summary = getIssues(filter, session, issueList, cxResults);
        cxScanBuilder.xIssues(issueList);
        cxScanBuilder.additionalDetails(getAdditionalScanDetails(cxResults));
        ScanResults results = cxScanBuilder.build();
        if (!cxProperties.getOffline() && !ScanUtils.empty(cxResults.getScanId())) {
            CxScanSummary scanSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId()));
            results.setScanSummary(scanSummary);
        }
        results.getAdditionalDetails().put(Constants.SUMMARY_KEY, summary);
        return results;
    } catch (JAXBException e) {
        log.error(ERROR_WITH_XML_REPORT);
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
    } catch (NullPointerException e) {
        log.info("Null error");
        log.error(ExceptionUtils.getStackTrace(e));
        throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
    }
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) JAXBException(javax.xml.bind.JAXBException) JAXBContext(javax.xml.bind.JAXBContext) InvalidCredentialsException(com.checkmarx.sdk.exception.InvalidCredentialsException) Unmarshaller(javax.xml.bind.Unmarshaller) XMLInputFactory(javax.xml.stream.XMLInputFactory)

Aggregations

CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)62 HttpStatusCodeException (org.springframework.web.client.HttpStatusCodeException)23 ScanResults (com.checkmarx.sdk.dto.ScanResults)11 HttpEntity (org.springframework.http.HttpEntity)10 MachinaException (com.checkmarx.flow.exception.MachinaException)8 Test (org.junit.Test)7 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)7 File (java.io.File)6 JSONObject (org.json.JSONObject)6 CxProject (com.checkmarx.sdk.dto.cx.CxProject)5 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)4 IOException (java.io.IOException)4 JAXBContext (javax.xml.bind.JAXBContext)4 JAXBException (javax.xml.bind.JAXBException)4 Unmarshaller (javax.xml.bind.Unmarshaller)4 XMLInputFactory (javax.xml.stream.XMLInputFactory)3 GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)3 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)3 SoapActionCallback (org.springframework.ws.soap.client.core.SoapActionCallback)3 ScanReport (com.checkmarx.flow.dto.report.ScanReport)2