Search in sources :

Example 26 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxService method updateProjectCustomFields.

/**
 * Update a project's custom fields
 *
 * @param cxProject the Checkmarx project
 * @throws CheckmarxException
 */
public void updateProjectCustomFields(CxProject cxProject) throws CheckmarxException {
    StringBuilder sb = new StringBuilder();
    String strJSON = "{'name':'%s','owningTeam':%d,'customFields':[";
    strJSON = String.format(strJSON, cxProject.getName(), Integer.parseInt(cxProject.getTeamId()));
    sb.append(strJSON);
    boolean first = true;
    for (CxProject.CustomField customField : cxProject.customFields) {
        if (first) {
            first = false;
        } else {
            sb.append(',');
        }
        String fieldJSON = "{'id':%d,'value':'%s'}";
        fieldJSON = String.format(fieldJSON, customField.id, customField.value);
        sb.append(fieldJSON);
    }
    sb.append("]}");
    String body = sb.toString();
    log.debug("updateProjectCustomFields: request body: {}", body);
    HttpEntity requestEntity = new HttpEntity<>(body, authClient.createAuthHeaders());
    try {
        log.info("Updating custom fields for project {} with id {}", cxProject.getName(), cxProject.getId());
        restTemplate.exchange(cxProperties.getUrl().concat(PROJECT), HttpMethod.PUT, requestEntity, String.class, cxProject.getId());
    } catch (HttpStatusCodeException e) {
        log.debug(ExceptionUtils.getStackTrace(e));
        log.error("Error occurred while updating custom fields for project {}.", cxProject.getName());
        throw new CheckmarxException("Error occurred while updating custom fields for project: " + e.getLocalizedMessage());
    }
}
Also used : CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException)

Example 27 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxService method getLdapTeamMapId.

@Override
public Integer getLdapTeamMapId(Integer ldapServerId, String teamId, String ldapGroupDn) throws CheckmarxException {
    if (cxProperties.getVersion() < 9.0) {
        throw new CheckmarxException(ONLY_SUPPORTED_IN_90_PLUS);
    }
    try {
        HttpEntity requestEntity = new HttpEntity<>(authClient.createAuthHeaders());
        ResponseEntity<String> response = restTemplate.exchange(cxProperties.getUrl().concat(TEAM_LDAP_MAPPINGS), HttpMethod.GET, requestEntity, String.class, ldapServerId);
        JSONArray objs = new JSONArray(response.getBody());
        for (int i = 0; i < objs.length(); i++) {
            JSONObject obj = objs.getJSONObject(i);
            String cn = obj.getString("ldapGroupDn");
            if (teamId.equals(obj.getString("teamId")) && cn.equals(ldapGroupDn)) {
                return obj.getInt("id");
            }
        }
        log.info("No mapping found for {} with Server id {}", ldapGroupDn, ldapServerId);
    } catch (HttpStatusCodeException e) {
        log.error("Error occurred while retrieving ldap server mappings, http error {}", e.getStatusCode());
        log.error(ExceptionUtils.getStackTrace(e));
    }
    return UNKNOWN_INT;
}
Also used : JSONObject(org.json.JSONObject) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) JSONArray(org.json.JSONArray) HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException)

Example 28 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method scan.

@Override
public ScanResults scan(ScanRequest scanRequest) {
    log.info("--------------------- Initiating new {} scan ---------------------", SCAN_TYPE);
    setRequestParamsByProperties(scanRequest);
    checkScanSubmitEmailDelivery(scanRequest);
    try {
        Integer scanId;
        CxScanParams cxScanParams = getScanRequestConverter().toScanParams(scanRequest);
        Integer projectId = cxScanParams.getProjectId();
        log.info("Checking if there is any existing scan for Project: {}", projectId);
        Integer existingScanId = getScannerClient().getScanIdOfExistingScanIfExists(projectId);
        String scanComment = getScanComment(scanRequest);
        if (existingScanId != UNKNOWN_INT) {
            if (!getCxPropertiesBase().getScanQueuing()) {
                Boolean scanResubmit = false;
                if (scanRequest.getScanResubmit() != null) {
                    scanResubmit = Boolean.parseBoolean(scanRequest.getScanResubmit());
                } else if (flowProperties.getScanResubmit()) {
                    scanResubmit = flowProperties.getScanResubmit();
                }
                if (scanResubmit) {
                    log.info("Existing ongoing scan with id {} found for Project : {}", existingScanId, projectId);
                    log.info("Aborting the ongoing scan with id {} for Project: {}", existingScanId, projectId);
                    getScannerClient().cancelScan(existingScanId);
                    log.info("Resubmitting the scan for Project: {}", projectId);
                    scanId = getScannerClient().createScan(cxScanParams, scanComment);
                } else {
                    log.warn("Property scan-resubmit set to {} : New scan not submitted, due to existing ongoing scan for the same Project id {}", flowProperties.getScanResubmit(), projectId);
                    bugTrackers.getBugTrackerEventTrigger().triggerScanNotSubmittedBugTrackerEvent(scanRequest, getEmptyScanResults());
                    throw new CheckmarxException(String.format("Active Scan with Id %d already exists for Project: %d", existingScanId, projectId));
                }
            } else {
                scanId = getScannerClient().createScan(cxScanParams, scanComment);
            }
        } else {
            scanId = getScannerClient().createScan(cxScanParams, scanComment);
        }
        return getScanResults(scanRequest, projectId, scanId);
    } catch (GitHubRepoUnavailableException e) {
        // an error stack trace in the log
        return getEmptyScanResults();
    } catch (Exception e) {
        log.error("SAST scan failed", e);
        OperationResult scanCreationFailure = new OperationResult(OperationStatus.FAILURE, e.getMessage());
        ScanReport report = new ScanReport(-1, scanRequest, scanRequest.getRepoUrl(), scanCreationFailure);
        report.log();
        return getEmptyScanResults();
    }
}
Also used : CxScanParams(com.checkmarx.sdk.dto.cx.CxScanParams) ScanReport(com.checkmarx.flow.dto.report.ScanReport) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) GitHubRepoUnavailableException(com.checkmarx.flow.exception.GitHubRepoUnavailableException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) GitAPIException(org.eclipse.jgit.api.errors.GitAPIException) GitHubRepoUnavailableException(com.checkmarx.flow.exception.GitHubRepoUnavailableException) IOException(java.io.IOException) MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException) MachinaException(com.checkmarx.flow.exception.MachinaException)

Example 29 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method getLatestScanResultsAsync.

public CompletableFuture<ScanResults> getLatestScanResultsAsync(ScanRequest request, CxProject cxProject) {
    try {
        CxProject project;
        if (cxProject == null) {
            Integer projectId = getProjectId(request);
            if (projectId.equals(UNKNOWN_INT)) {
                log.warn("No project found for {}", request.getProject());
                return CompletableFuture.completedFuture(null);
            }
            project = getScannerClient().getProject(projectId);
        } else {
            project = cxProject;
        }
        Integer scanId = getScannerClient().getLastScanId(project.getId());
        if (scanId.equals(UNKNOWN_INT)) {
            log.warn("No Scan Results to process for project {}", project.getName());
            CompletableFuture<ScanResults> x = new CompletableFuture<>();
            x.complete(null);
            return x;
        }
        setCxFields(project, request);
        // null is passed for osaScanId as it is not applicable here and will be ignored
        return resultsService.processScanResultsAsync(request, project.getId(), scanId, null, request.getFilter());
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred while processing results for {}{}", request.getTeam(), request.getProject(), e);
        CompletableFuture<ScanResults> x = new CompletableFuture<>();
        x.completeExceptionally(e);
        return x;
    }
}
Also used : CompletableFuture(java.util.concurrent.CompletableFuture) ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Example 30 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method scanLocalPath.

private ScanResults scanLocalPath(ScanRequest request, String path) throws ExitThrowable {
    ScanResults results = null;
    try {
        String effectiveProjectName = projectNameGenerator.determineProjectName(request);
        request.setProject(effectiveProjectName);
        overrideScanPreset(request);
        File zipFile = ZipUtils.zipToTempFile(path, flowProperties.getZipExclude());
        ScanDetails details = executeCxScan(request, zipFile);
        results = getScanResults(request, details.getProjectId(), details.getScanId());
        log.debug("Deleting temp file {}", zipFile.getPath());
        Files.deleteIfExists(zipFile.toPath());
    } catch (IOException e) {
        log.error("Error occurred while attempting to zip path {}", path, e);
        exit(3);
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred", e);
        exit(3);
    }
    return results;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) IOException(java.io.IOException) File(java.io.File)

Aggregations

CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)62 HttpStatusCodeException (org.springframework.web.client.HttpStatusCodeException)23 ScanResults (com.checkmarx.sdk.dto.ScanResults)11 HttpEntity (org.springframework.http.HttpEntity)10 MachinaException (com.checkmarx.flow.exception.MachinaException)8 Test (org.junit.Test)7 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)7 File (java.io.File)6 JSONObject (org.json.JSONObject)6 CxProject (com.checkmarx.sdk.dto.cx.CxProject)5 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)4 IOException (java.io.IOException)4 JAXBContext (javax.xml.bind.JAXBContext)4 JAXBException (javax.xml.bind.JAXBException)4 Unmarshaller (javax.xml.bind.Unmarshaller)4 XMLInputFactory (javax.xml.stream.XMLInputFactory)3 GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)3 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)3 SoapActionCallback (org.springframework.ws.soap.client.core.SoapActionCallback)3 ScanReport (com.checkmarx.flow.dto.report.ScanReport)2