Search in sources :

Example 1 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ClientTypeResolverTest method checkThatExceptionIsThrown.

private static void checkThatExceptionIsThrown(String url) {
    ClientTypeResolver resolver = new ClientTypeResolver(new RestClientConfig());
    try {
        resolver.determineClientType(url);
        Assert.fail("Expected exception, but didn't get any.");
    } catch (Exception e) {
        Assert.assertTrue("Unexpected exception type.", e instanceof ScannerRuntimeException);
        Assert.assertTrue("Exception message is empty.", StringUtils.isNotEmpty(e.getMessage()));
        log.info("Got an expected exception");
    }
}
Also used : ClientTypeResolver(com.checkmarx.sdk.utils.scanner.client.ClientTypeResolver) RestClientConfig(com.checkmarx.sdk.config.RestClientConfig) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException)

Example 2 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaTest method getRepoUrl.

private URL getRepoUrl() {
    URL parsedUrl;
    try {
        String token = githubProperties.getToken();
        String gitAuthUrl = githubProperties.getUrl().replace(Constants.HTTPS, Constants.HTTPS.concat(token).concat("@"));
        gitAuthUrl = gitAuthUrl.replace(Constants.HTTP, Constants.HTTP.concat(token).concat("@"));
        parsedUrl = new URL(gitAuthUrl);
    } catch (MalformedURLException e) {
        log.error("Failed to parse repository URL: '{}'", githubProperties.getUrl());
        failOnException(e);
        throw new ScannerRuntimeException("Invalid repository URL.");
    }
    return parsedUrl;
}
Also used : MalformedURLException(java.net.MalformedURLException) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) URL(java.net.URL)

Example 3 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaClientHelper method getScanResults.

private SCAResults getScanResults() {
    SCAResults result;
    log.debug("Getting results for scan ID {}", scanId);
    try {
        result = new SCAResults();
        result.setScanId(this.scanId);
        ScaSummaryBaseFormat summaryBaseFormat = getSummaryReport(scanId);
        printSummary(summaryBaseFormat, this.scanId);
        ModelMapper mapper = new ModelMapper();
        Summary summary = mapper.map(summaryBaseFormat, Summary.class);
        Map<Filter.Severity, Integer> findingCountsPerSeverity = getFindingCountMap(summaryBaseFormat);
        summary.setFindingCounts(findingCountsPerSeverity);
        result.setSummary(summary);
        List<Finding> findings = getFindings(scanId);
        result.setFindings(findings);
        List<Package> packages = getPackages(scanId);
        result.setPackages(packages);
        String reportLink = getWebReportLink(config.getScaConfig().getWebAppUrl());
        result.setWebReportLink(reportLink);
        printWebReportLink(result);
        result.setScaResultReady(true);
        String riskReportId = getRiskReportByProjectId(this.projectId);
        List<PolicyEvaluation> policyEvaluationsByReportId = getPolicyEvaluationByReportId(riskReportId);
        List<String> scanViolatedPolicies = getScanViolatedPolicies(policyEvaluationsByReportId);
        result.setPolicyViolated(!scanViolatedPolicies.isEmpty());
        result.setViolatedPolicies(scanViolatedPolicies);
        if (scaProperties.isPreserveXml()) {
            String path = String.format(REPORT_IN_XML_WITH_SCANID, URLEncoder.encode(scanId, ENCODING));
            String xml = httpClient.getRequest(path, ContentType.CONTENT_TYPE_APPLICATION_JSON, String.class, HttpStatus.SC_OK, "CxSCA findings", false);
            xml = xml.trim().replaceFirst("^([\\W]+)<", "<");
            String xml2 = ScanUtils.cleanStringUTF8_2(xml);
            result.setOutput(xml2);
        }
        log.info("Retrieved SCA results successfully.");
    } catch (IOException e) {
        throw new ScannerRuntimeException("Error retrieving CxSCA scan results.", e);
    }
    return result;
}
Also used : Severity(com.checkmarx.sdk.dto.scansummary.Severity) IOException(java.io.IOException) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) ModelMapper(org.modelmapper.ModelMapper) Package(com.checkmarx.sdk.dto.sca.report.Package)

Example 4 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaClientHelper method getEffectiveRepoUrl.

/**
 * Transforms the repo URL if credentials are specified in repoInfo.
 */
protected URL getEffectiveRepoUrl(RemoteRepositoryInfo repoInfo) {
    URL result;
    URL initialUrl = repoInfo.getUrl();
    // Otherwise we may get something like "https://mytoken:null@github.com".
    String username = StringUtils.defaultString(repoInfo.getUsername());
    String password = StringUtils.defaultString(repoInfo.getPassword());
    try {
        if (StringUtils.isNotEmpty(username) || StringUtils.isNotEmpty(password)) {
            log.info("Adding credentials as the userinfo part of the URL, because {} only supports this kind of authentication.", getScannerDisplayName());
            result = new URIBuilder(initialUrl.toURI()).setUserInfo(username, password).build().toURL();
        } else {
            result = repoInfo.getUrl();
        }
    } catch (Exception e) {
        throw new ScannerRuntimeException("Error getting effective repo URL.");
    }
    return result;
}
Also used : ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) URL(java.net.URL) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) JAXBException(javax.xml.bind.JAXBException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) CxHTTPClientException(com.checkmarx.sdk.exception.CxHTTPClientException) IOException(java.io.IOException) URIBuilder(org.apache.http.client.utils.URIBuilder)

Example 5 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ScaClientHelper method initiateScan.

@Override
public ResultsBase initiateScan() {
    log.info("----------------------------------- Initiating {} Scan:------------------------------------", getScannerDisplayName());
    SCAResults scaResults = new SCAResults();
    scanId = null;
    projectId = null;
    try {
        ScaConfig scaConfig = config.getScaConfig();
        SourceLocationType locationType = scaConfig.getSourceLocationType();
        HttpResponse response;
        projectId = resolveRiskManagementProject();
        boolean isManifestAndFingerprintsOnly = !config.getScaConfig().isIncludeSources();
        if (isManifestAndFingerprintsOnly) {
            this.resolvingConfiguration = getCxSCAResolvingConfigurationForProject(this.projectId);
            log.info("Got the following manifest patterns {}", this.resolvingConfiguration.getManifests());
            log.info("Got the following fingerprint patterns {}", this.resolvingConfiguration.getFingerprints());
        }
        if (locationType == SourceLocationType.REMOTE_REPOSITORY) {
            response = submitSourcesFromRemoteRepo(projectId, scaConfig);
        } else {
            if (scaConfig.isIncludeSources()) {
                response = submitAllSourcesFromLocalDir(projectId, scaConfig);
            } else {
                response = submitManifestsAndFingerprintsFromLocalDir(projectId, scaConfig);
            }
        }
        this.scanId = extractScanIdFrom(response);
        scaResults.setScanId(scanId);
    } catch (Exception e) {
        log.error(e.getMessage());
        setState(State.FAILED);
        scaResults.setException(new ScannerRuntimeException("Error creating scan.", e));
    } finally {
        if (config.isClonedRepo() && config.getZipFile() != null) {
            log.info("Deleting cloned repo zip file: {}", config.getZipFile());
            FileUtils.deleteQuietly(config.getZipFile());
        }
    }
    return scaResults;
}
Also used : HttpResponse(org.apache.http.HttpResponse) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) CheckmarxException(com.checkmarx.sdk.exception.CheckmarxException) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) JAXBException(javax.xml.bind.JAXBException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) CxHTTPClientException(com.checkmarx.sdk.exception.CxHTTPClientException) IOException(java.io.IOException)

Aggregations

ScannerRuntimeException (com.checkmarx.sdk.exception.ScannerRuntimeException)22 IOException (java.io.IOException)6 UnsupportedEncodingException (java.io.UnsupportedEncodingException)5 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)4 CxHTTPClientException (com.checkmarx.sdk.exception.CxHTTPClientException)4 MalformedURLException (java.net.MalformedURLException)3 URL (java.net.URL)3 JAXBException (javax.xml.bind.JAXBException)3 UrlEncodedFormEntity (org.apache.http.client.entity.UrlEncodedFormEntity)3 RestClientConfig (com.checkmarx.sdk.config.RestClientConfig)2 Package (com.checkmarx.sdk.dto.sca.report.Package)2 Severity (com.checkmarx.sdk.dto.scansummary.Severity)2 URISyntaxException (java.net.URISyntaxException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 URIBuilder (org.apache.http.client.utils.URIBuilder)2 ModelMapper (org.modelmapper.ModelMapper)2 AstConfig (com.checkmarx.sdk.config.AstConfig)1 TokenLoginResponse (com.checkmarx.sdk.dto.TokenLoginResponse)1 Finding (com.checkmarx.sdk.dto.ast.report.Finding)1 ScaUploadUrlRequest (com.checkmarx.sdk.dto.sca.ScaUploadUrlRequest)1