Search in sources :

Example 6 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxHttpClient method getTrustAllSSLSocketFactory.

private static SSLConnectionSocketFactory getTrustAllSSLSocketFactory() {
    TrustStrategy acceptingTrustStrategy = new TrustAllStrategy();
    SSLContext sslContext;
    try {
        sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
    } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
        throw new ScannerRuntimeException("Fail to set trust all certificate, 'SSLConnectionSocketFactory'", e);
    }
    return new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
}
Also used : TrustStrategy(org.apache.http.ssl.TrustStrategy) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) TrustAllStrategy(org.apache.http.conn.ssl.TrustAllStrategy) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) KeyManagementException(java.security.KeyManagementException)

Example 7 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class CxHttpClient method generateToken.

public TokenLoginResponse generateToken(LoginSettings settings) throws IOException {
    UrlEncodedFormEntity requestEntity = getAuthRequest(settings);
    HttpPost post = new HttpPost(settings.getAccessControlBaseUrl());
    try {
        return request(post, ContentType.APPLICATION_FORM_URLENCODED.toString(), requestEntity, TokenLoginResponse.class, HttpStatus.SC_OK, AUTH_MESSAGE, false, false);
    } catch (ScannerRuntimeException e) {
        if (!e.getMessage().contains("invalid_scope")) {
            throw new ScannerRuntimeException(String.format("Failed to generate access token, failure error was: %s", e.getMessage()), e);
        }
        ClientType.RESOURCE_OWNER.setScopes("sast_rest_api");
        settings.setClientTypeForPasswordAuth(ClientType.RESOURCE_OWNER);
        requestEntity = getAuthRequest(settings);
        return request(post, ContentType.APPLICATION_FORM_URLENCODED.toString(), requestEntity, TokenLoginResponse.class, HttpStatus.SC_OK, AUTH_MESSAGE, false, false);
    }
}
Also used : TokenLoginResponse(com.checkmarx.sdk.dto.TokenLoginResponse) UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException)

Example 8 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class AstClientHelper method getScanStartHandler.

/**
 * @param repoInfo may represent an actual git repo or a presigned URL of an uploaded archive.
 * @param sourceLocation
 */
protected AstScanStartHandler getScanStartHandler(RemoteRepositoryInfo repoInfo, SourceLocationType sourceLocation) {
    log.debug("Creating the handler object.");
    try {
        HandlerRef ref = getBranchToScan(repoInfo);
        URL effectiveUrl = repoInfo.getUrl();
        String username = "";
        GitCredentials credentials = calculateGitCredentials(repoInfo, sourceLocation);
        if (sourceLocation.REMOTE_REPOSITORY.equals(sourceLocation)) {
            effectiveUrl = sanitize(repoInfo.getUrl());
        }
        // The ref/username/credentials properties are mandatory even if not specified in repoInfo.
        return AstScanStartHandler.builder().ref(ref).username(username).credentials(credentials).repoUrl(effectiveUrl.toString()).build();
    } catch (MalformedURLException e) {
        throw new ScannerRuntimeException(e.getMessage());
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) URL(java.net.URL)

Example 9 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class AstClientHelper method prepareURL.

private String prepareURL(Set<String> ids, Set<String> processedIds) {
    try {
        int lengthOtherParams = new URIBuilder().setPath(DESCRIPTIONS_PATH).setParameter(SCAN_ID_PARAM_NAME, scanId).build().toString().length();
        URIBuilder uriBuilder = new URIBuilder();
        uriBuilder.setPath(DESCRIPTIONS_PATH);
        int idsAllowedLength = URL_MAX_CHAR_SIZE - lengthOtherParams;
        List<NameValuePair> nameValues = new LinkedList<>();
        for (String id : ids) {
            idsAllowedLength = idsAllowedLength - ID_PARAM_NAME.length() - 2 - id.length();
            if (idsAllowedLength > 0) {
                processedIds.add(id);
                nameValues.add(new BasicNameValuePair(ID_PARAM_NAME, id));
            }
        }
        uriBuilder.setParameters(nameValues);
        String result = uriBuilder.setParameter(SCAN_ID_PARAM_NAME, scanId).build().toString();
        log.debug(String.format("Getting descriptions from %s", result));
        return result;
    } catch (URISyntaxException e) {
        throw new ScannerRuntimeException(URL_PARSING_EXCEPTION, e);
    }
}
Also used : BasicNameValuePair(org.apache.http.message.BasicNameValuePair) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) URISyntaxException(java.net.URISyntaxException) ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException) URIBuilder(org.apache.http.client.utils.URIBuilder)

Example 10 with ScannerRuntimeException

use of com.checkmarx.sdk.exception.ScannerRuntimeException in project checkmarx-spring-boot-java-sdk by checkmarx-ltd.

the class ClientTypeResolver method getScopesForAuth.

private Set<String> getScopesForAuth(Set<String> supportedScopes) {
    Set<String> result;
    if (supportedScopes.containsAll(scopesForCloudAuth)) {
        result = scopesForCloudAuth;
    } else if (supportedScopes.containsAll(scopesForOnPremAuth)) {
        result = scopesForOnPremAuth;
    } else {
        String message = String.format("Access control server doesn't support the necessary scopes (either %s or %s)." + " It only supports the following scopes: %s.", scopesForCloudAuth, scopesForOnPremAuth, supportedScopes);
        throw new ScannerRuntimeException(message);
    }
    log.debug(String.format("Using scopes: %s", result));
    return result;
}
Also used : ScannerRuntimeException(com.checkmarx.sdk.exception.ScannerRuntimeException)

Aggregations

ScannerRuntimeException (com.checkmarx.sdk.exception.ScannerRuntimeException)22 IOException (java.io.IOException)6 UnsupportedEncodingException (java.io.UnsupportedEncodingException)5 CheckmarxException (com.checkmarx.sdk.exception.CheckmarxException)4 CxHTTPClientException (com.checkmarx.sdk.exception.CxHTTPClientException)4 MalformedURLException (java.net.MalformedURLException)3 URL (java.net.URL)3 JAXBException (javax.xml.bind.JAXBException)3 UrlEncodedFormEntity (org.apache.http.client.entity.UrlEncodedFormEntity)3 RestClientConfig (com.checkmarx.sdk.config.RestClientConfig)2 Package (com.checkmarx.sdk.dto.sca.report.Package)2 Severity (com.checkmarx.sdk.dto.scansummary.Severity)2 URISyntaxException (java.net.URISyntaxException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 URIBuilder (org.apache.http.client.utils.URIBuilder)2 ModelMapper (org.modelmapper.ModelMapper)2 AstConfig (com.checkmarx.sdk.config.AstConfig)1 TokenLoginResponse (com.checkmarx.sdk.dto.TokenLoginResponse)1 Finding (com.checkmarx.sdk.dto.ast.report.Finding)1 ScaUploadUrlRequest (com.checkmarx.sdk.dto.sca.ScaUploadUrlRequest)1