Search in sources :

Example 31 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class AbstractVulnerabilityScanner method scanRemoteRepo.

private ScanResults scanRemoteRepo(ScanRequest request) throws ExitThrowable {
    ScanResults results = null;
    try {
        String effectiveProjectName = projectNameGenerator.determineProjectName(request);
        request.setProject(effectiveProjectName);
        ScanDetails details = executeCxScan(request, null);
        results = getScanResults(request, details.getProjectId(), details.getScanId());
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred", e);
        exit(3);
    }
    return results;
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)

Example 32 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class GitHubService method startBlockMerge.

public void startBlockMerge(ScanRequest request, String url) {
    if (properties.isBlockMerge()) {
        final String PULL_REQUEST_STATUS = "pending";
        // When Shard Manager is enabled overide the PULL url to link to the correct shard.
        if (cxProperties.getEnableShardManager()) {
            ShardSession shard = sessionTracker.getShardSession();
            try {
                String teamId = cxService.getTeamId(request.getTeam());
                List<CxProject> projects = cxService.getProjects(teamId);
                String projectID = "0";
                // String projName = request.getRepoName() + "-" + request.getBranch();
                for (CxProject project : projects) {
                    if (project.getName().equals(request.getProject())) {
                        projectID = project.getId().toString();
                    }
                }
                url = shard.getUrl() + "/cxwebclient/portal#/projectState/" + projectID + "/Summary";
            } catch (CheckmarxException e) {
                log.error(URL_INVALID);
            }
        }
        HttpEntity<?> httpEntity = new HttpEntity<>(getJSONStatus(PULL_REQUEST_STATUS, url, "Checkmarx Scan Initiated").toString(), createAuthHeaders(request));
        String statusApiUrl = request.getAdditionalMetadata(STATUSES_URL_KEY);
        if (ScanUtils.empty(statusApiUrl)) {
            log.error(STATUSES_URL_NOT_PROVIDED);
            return;
        }
        log.debug("Setting pull request status to '{}': {}", PULL_REQUEST_STATUS, statusApiUrl);
        String logErrorMessage = String.format("failed to set pull request status to %s", PULL_REQUEST_STATUS);
        statusExchange(request, httpEntity, statusApiUrl, logErrorMessage);
    }
}
Also used : HttpEntity(org.springframework.http.HttpEntity) ShardSession(com.checkmarx.sdk.ShardManager.ShardSession) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Example 33 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class SCAScanner method setScannerSpecificProperties.

@Override
protected void setScannerSpecificProperties(ScanRequest scanRequest, ScanParams scanParams) {
    try {
        // report in xml format
        if (!ScanUtils.empty(scanRequest.getBugTracker().getCustomBean()) && scanRequest.getBugTracker().getCustomBean().equalsIgnoreCase("CxXml")) {
            scaProperties.setPreserveXml(true);
        }
        if (scaProperties.isEnabledZipScan()) {
            log.info("CxAST-SCA zip scan is enabled");
            String scaClonedFolderPath = cxRepoFileHelper.getScaClonedRepoFolderPath(scanRequest.getRepoUrlWithAuth(), scanRequest.getExcludeFiles(), scanRequest.getBranch());
            scanParams.setSourceDir(scaClonedFolderPath);
        }
        if (scanRequest.getExcludeFiles() != null) {
            scanParams.getScaConfig().setExcludeFiles(scanRequest.getExcludeFiles());
        } else if (scaProperties.getExcludeFiles() != null) {
            List<String> excludeFiles = new ArrayList<String>(Arrays.asList(scaProperties.getExcludeFiles().split(",")));
            log.debug("Exclude Files list contains : {}", excludeFiles);
            scanParams.getScaConfig().setExcludeFiles(excludeFiles);
        }
    } catch (CheckmarxException e) {
        log.error("Error occurred while setting scanner properties", e);
        throw new MachinaRuntimeException(e.getMessage());
    }
}
Also used : MachinaRuntimeException(com.checkmarx.flow.exception.MachinaRuntimeException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) ArrayList(java.util.ArrayList) List(java.util.List)

Example 34 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class SastScanner method cxParseResults.

public void cxParseResults(ScanRequest request, File file) throws ExitThrowable {
    try {
        ScanResults results = cxService.getReportContent(file, request.getFilter());
        resultsService.processResults(request, results, scanDetails);
        if (flowProperties.isBreakBuild() && results != null && results.getXIssues() != null && !results.getXIssues().isEmpty()) {
            log.error(ERROR_BREAK_MSG);
            exit(ExitCode.BUILD_INTERRUPTED);
        }
    } catch (MachinaException | CheckmarxException e) {
        log.error("Error occurred while processing results file", e);
        exit(3);
    }
}
Also used : ScanResults(com.checkmarx.sdk.dto.ScanResults) MachinaException(com.checkmarx.flow.exception.MachinaException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)

Example 35 with CheckmarxException

use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.

the class SastScanner method cxBatch.

/**
 * Process Projects in batch mode - JIRA ONLY
 */
public void cxBatch(ScanRequest originalRequest) throws ExitThrowable {
    try {
        List<CxProject> projects;
        List<CompletableFuture<ScanResults>> processes = new ArrayList<>();
        // Get all projects
        if (ScanUtils.empty(originalRequest.getTeam())) {
            projects = cxService.getProjects();
        } else {
            // Get projects for the provided team
            String team = originalRequest.getTeam();
            if (!team.startsWith(cxProperties.getTeamPathSeparator())) {
                team = cxProperties.getTeamPathSeparator().concat(team);
            }
            String teamId = cxService.getTeamId(team);
            projects = cxService.getProjects(teamId);
        }
        for (CxProject project : projects) {
            ScanRequest request = new ScanRequest(originalRequest);
            String name = project.getName().replaceAll("[^a-zA-Z0-9-_]+", "_");
            // TODO set team when entire instance batch mode
            // update new request object with a unique id for thread log monitoring
            projectNameGenerator.getHelperService().getShortUid(request);
            request.setProject(name);
            request.setApplication(name);
            processes.add(getLatestScanResultsAsync(request, project));
        }
        log.info("Waiting for processing to complete");
        processes.forEach(CompletableFuture::join);
    } catch (CheckmarxException e) {
        log.error("Error occurred while processing projects in batch mode", e);
        exit(3);
    }
}
Also used : ScanRequest(com.checkmarx.flow.dto.ScanRequest) CompletableFuture(java.util.concurrent.CompletableFuture) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) ArrayList(java.util.ArrayList) CxProject(com.checkmarx.sdk.dto.cx.CxProject)

Aggregations

CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)62 HttpStatusCodeException (org.springframework.web.client.HttpStatusCodeException)23 ScanResults (com.checkmarx.sdk.dto.ScanResults)11 HttpEntity (org.springframework.http.HttpEntity)10 MachinaException (com.checkmarx.flow.exception.MachinaException)8 Test (org.junit.Test)7 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)7 File (java.io.File)6 JSONObject (org.json.JSONObject)6 CxProject (com.checkmarx.sdk.dto.cx.CxProject)5 CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)4 IOException (java.io.IOException)4 JAXBContext (javax.xml.bind.JAXBContext)4 JAXBException (javax.xml.bind.JAXBException)4 Unmarshaller (javax.xml.bind.Unmarshaller)4 XMLInputFactory (javax.xml.stream.XMLInputFactory)3 GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)3 LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)3 SoapActionCallback (org.springframework.ws.soap.client.core.SoapActionCallback)3 ScanReport (com.checkmarx.flow.dto.report.ScanReport)2