Example 36 with CheckmarxException
use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.
the class OsaScannerService method cxOsaParseResults.
public void cxOsaParseResults(ScanRequest request, File file, File libs) throws ExitThrowable {
try {
List<Filter> simpleFilters = Optional.ofNullable(request).map(ScanRequest::getFilter).map(FilterConfiguration::getSastFilters).map(EngineFilterConfiguration::getSimpleFilters).orElse(null);
ScanResults results = cxService.getOsaReportContent(file, libs, simpleFilters);
resultsService.processResults(request, results, scanDetails);
if (flowProperties.isBreakBuild() && results != null && results.getXIssues() != null && !results.getXIssues().isEmpty()) {
log.error(ERROR_BREAK_MSG);
exit(ExitCode.BUILD_INTERRUPTED);
}
} catch (MachinaException | CheckmarxException e) {
log.error("Error occurred while processing results file(s)", e);
exit(3);
}
}
Also used :
Filter(com.checkmarx.sdk.dto.sast.Filter)
ScanResults(com.checkmarx.sdk.dto.ScanResults)
MachinaException(com.checkmarx.flow.exception.MachinaException)
CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)
EngineFilterConfiguration(com.checkmarx.sdk.dto.filtering.EngineFilterConfiguration)
FilterConfiguration(com.checkmarx.sdk.dto.filtering.FilterConfiguration)
Example 37 with CheckmarxException
use of com.checkmarx.sdk.exception.CheckmarxException in project cx-flow by checkmarx-ltd.
the class SCARemoteRepoScanSteps method validateLogger.
@And("SCA scan report entry is created in Json Logger")
public void validateLogger() {
try {
ScanReport report = getReportObject();
assertEquals(AnalyticsReport.SCA, report.getScanInitiator());
assertEquals(scaResults.getScanId(), report.getScanId());
assertEquals(OperationStatus.SUCCESS, report.getScanResult().getStatus());
} catch (CheckmarxException | JsonProcessingException e) {
fail(e.getMessage());
}
}
Also used :
ScanReport(com.checkmarx.flow.dto.report.ScanReport)
CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
And(io.cucumber.java.en.And)
Example 38 with CheckmarxException
use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class CxService method getRoles.
@Override
public List<CxRole> getRoles() throws CheckmarxException {
if (cxProperties.getVersion() < 9.0) {
throw new CheckmarxException(ONLY_SUPPORTED_IN_90_PLUS);
}
HttpEntity httpEntity = new HttpEntity<>(authClient.createAuthHeaders());
try {
log.info("Retrieving Cx Roles");
ResponseEntity<CxRole[]> response = restTemplate.exchange(cxProperties.getUrl().concat(ROLE), HttpMethod.GET, httpEntity, CxRole[].class);
CxRole[] roles = response.getBody();
if (roles == null) {
throw new CheckmarxException("Error retrieving roles");
}
return Arrays.asList(roles);
} catch (HttpStatusCodeException e) {
log.error("Error occurred while retrieving Roles");
log.error(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException("Error occurred while retrieving teams");
}
}
Also used :
CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)
HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException)
Example 39 with CheckmarxException
use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class CxService method getProjects.
/**
* Gets all CxSAST projects
*/
public List<CxProject> getProjects(String teamId) throws CheckmarxException {
HttpEntity httpEntity = new HttpEntity<>(authClient.createAuthHeaders());
List<CxProject> teamProjects = new ArrayList<>();
try {
ResponseEntity<CxProject[]> projects = restTemplate.exchange(cxProperties.getUrl().concat(PROJECTS), HttpMethod.GET, httpEntity, CxProject[].class);
if (projects.getBody() != null) {
for (CxProject p : projects.getBody()) {
if (p.getTeamId().equals(teamId)) {
teamProjects.add(p);
}
}
}
return teamProjects;
} catch (HttpStatusCodeException e) {
log.warn("Error occurred while retrieving projects, http error {}", e.getStatusCode());
log.debug(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException("Error retrieving Projects");
}
}
Also used :
CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)
HttpStatusCodeException(org.springframework.web.client.HttpStatusCodeException)
Example 40 with CheckmarxException
use of com.checkmarx.sdk.exception.CheckmarxException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.
the class CxService method getOsaReportContent.
public ScanResults getOsaReportContent(File vulnsFile, File libsFile, List<Filter> filter) throws CheckmarxException {
if (vulnsFile == null || libsFile == null) {
throw new CheckmarxException("Files not provided for processing of OSA results");
}
try {
List<ScanResults.XIssue> issueList = new ArrayList<>();
// convert json string to object
List<CxOsa> osaVulns = objectMapper.readValue(vulnsFile, new TypeReference<List<CxOsa>>() {
});
List<CxOsaLib> osaLibs = objectMapper.readValue(libsFile, new TypeReference<List<CxOsaLib>>() {
});
Map<String, CxOsaLib> libsMap = getOsaLibsMap(osaLibs);
Map<String, Integer> severityMap = ImmutableMap.of("LOW", 1, "MEDIUM", 2, "HIGH", 3);
for (CxOsa o : osaVulns) {
if (filterOsa(filter, o) && libsMap.containsKey(o.getLibraryId())) {
CxOsaLib lib = libsMap.get(o.getLibraryId());
String filename = lib.getName();
ScanResults.XIssue issue = ScanResults.XIssue.builder().file(filename).vulnerability(OSA_VULN).severity(o.getSeverity().getName()).cve(o.getCveName()).build();
ScanResults.OsaDetails details = ScanResults.OsaDetails.builder().severity(o.getSeverity().getName()).cve(o.getCveName()).description(o.getDescription()).recommendation(o.getRecommendations()).url(o.getUrl()).version(lib.getVersion()).build();
// update
if (issueList.contains(issue)) {
issue = issueList.get(issueList.indexOf(issue));
// bump up the severity if required
if (severityMap.get(issue.getSeverity().toUpperCase(Locale.ROOT)) < severityMap.get(o.getSeverity().getName().toUpperCase(Locale.ROOT))) {
issue.setSeverity(o.getSeverity().getName());
}
issue.setCve(issue.getCve().concat(",").concat(o.getCveName()));
issue.getOsaDetails().add(details);
} else {
// new
List<ScanResults.OsaDetails> dList = new ArrayList<>();
dList.add(details);
issue.setOsaDetails(dList);
issueList.add(issue);
}
}
}
return ScanResults.builder().osa(true).xIssues(issueList).build();
} catch (IOException e) {
log.error("Error parsing JSON OSA report");
log.error(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
} catch (NullPointerException e) {
log.info("Null error");
log.error(ExceptionUtils.getStackTrace(e));
throw new CheckmarxException(ERROR_PROCESSING_SCAN_RESULTS);
}
}
Also used :
ScanResults(com.checkmarx.sdk.dto.ScanResults)
CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException)
IOException(java.io.IOException)
Aggregations
CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)62
HttpStatusCodeException (org.springframework.web.client.HttpStatusCodeException)23
ScanResults (com.checkmarx.sdk.dto.ScanResults)11
HttpEntity (org.springframework.http.HttpEntity)10
MachinaException (com.checkmarx.flow.exception.MachinaException)8
Test (org.junit.Test)7
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)7
File (java.io.File)6
JSONObject (org.json.JSONObject)6
CxProject (com.checkmarx.sdk.dto.cx.CxProject)5
CxScanParams (com.checkmarx.sdk.dto.cx.CxScanParams)4
IOException (java.io.IOException)4
JAXBContext (javax.xml.bind.JAXBContext)4
JAXBException (javax.xml.bind.JAXBException)4
Unmarshaller (javax.xml.bind.Unmarshaller)4
XMLInputFactory (javax.xml.stream.XMLInputFactory)3
GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)3
LinkedMultiValueMap (org.springframework.util.LinkedMultiValueMap)3
SoapActionCallback (org.springframework.ws.soap.client.core.SoapActionCallback)3
ScanReport (com.checkmarx.flow.dto.report.ScanReport)2
