Merge pull request #47 from CheckmarxDev/feature/AST-7569_triage_wrapper

triage show and update added

Author: AndreGCX

src/main/java/com/checkmarx/ast/predicate/Predicate.java

@@ -0,0 +1,83 @@
+package com.checkmarx.ast.predicate;
+
+import com.checkmarx.ast.project.Project;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.type.TypeFactory;
+import lombok.Value;
+import org.apache.commons.lang3.StringUtils;
+
+import java.io.IOException;
+import java.util.List;
+
+@Value
+@JsonDeserialize()
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class Predicate{
+
+    String ID;
+    String SimilarityID;
+    String ProjectID;
+    String State;
+    String Severity;
+    String Comment;
+    String CreatedAt;
+    String UpdatedAt;
+
+    @JsonCreator
+    public Predicate(@JsonProperty("ID") String id, @JsonProperty("SimilarityID") String similarityID,
+                     @JsonProperty("ProjectID") String projectID, @JsonProperty("State") String state,
+                     @JsonProperty("Severity") String severity, @JsonProperty("Comment") String comment,
+                     @JsonProperty("CreatedAt") String CreatedAt, @JsonProperty("UpdatedAt") String UpdatedAt) {
+        this.ID = id;
+        this.SimilarityID = similarityID;
+        this.ProjectID = projectID;
+        this.State = state;
+        this.Severity = severity;
+        this.Comment = comment;
+        this.CreatedAt = CreatedAt;
+        this.UpdatedAt = UpdatedAt;
+    }
+
+    public static <T> T fromLine(String line) {
+        return parse(line, TypeFactory.defaultInstance().constructType(Predicate.class));
+    }
+
+    public static <T> List<T> listFromLine(String line) {
+        return parse(line, TypeFactory.defaultInstance().constructCollectionType(List.class, Predicate.class));
+    }
+
+    protected static <T> T parse(String line, JavaType type) {
+        T result = null;
+        if (!StringUtils.isBlank(line) && isValidJSON(line)) {
+            try {
+                result = new ObjectMapper().readValue(line, type);
+            } catch (JsonProcessingException ignored) {
+
+            }
+        }
+        return result;
+    }
+
+    private static boolean isValidJSON(final String json) {
+        boolean valid = false;
+        try {
+            final JsonParser parser = new ObjectMapper().createParser(json);
+            //noinspection StatementWithEmptyBody
+            while (parser.nextToken() != null) {
+            }
+            valid = true;
+        } catch (IOException ignored) {
+        }
+        return valid;
+    }
+
+}

src/main/java/com/checkmarx/ast/wrapper/CxConfig.java

@@ -13,7 +13,7 @@
 
 @Data
 @Builder
-public class CxConfig {
+public class  CxConfig {
 
     private static final Pattern pattern = Pattern.compile("([^\"]\\S*|\".+?\")\\s*");
 

src/main/java/com/checkmarx/ast/wrapper/CxConstants.java

@@ -3,14 +3,15 @@
 public final class CxConstants {
 
     public static final String SOURCE = "-s";
-    public static final String VERBOSE = "-v";
     public static final String PROJECT_NAME = "--project-name";
+    public static final String SCAN_TYPE = "--scan-type";
     public static final String SCAN_TYPES = "--scan-types";
     public static final String SAST_PRESET_NAME = "--sast-preset-name";
     public static final String FILE_FILTER = "--file-filter";
-    public static final String AGENT = "--agent";
     public static final String BRANCH = "--branch";
 
+    public static final String SAST = "sast";
+
     static final String CLIENT_ID = "--client-id";
     static final String CLIENT_SECRET = "--client-secret";
     static final String API_KEY = "--apikey";
@@ -25,12 +26,18 @@ public final class CxConstants {
     static final String SUB_CMD_SHOW = "show";
     static final String SUB_CMD_LIST = "list";
     static final String SUB_CMD_CREATE = "create";
+    static final String CMD_TRIAGE = "triage";
+    static final String SUB_CMD_UPDATE = "update";
     static final String CMD_RESULT = "result";
     static final String FORMAT = "--format";
     static final String FORMAT_JSON = "json";
     static final String FILTER = "--filter";
     static final String SCAN_ID = "--scan-id";
     static final String PROJECT_ID = "--project-id";
+    static final String SIMILARITY_ID = "--similarity-id";
+    static final String STATE = "--state";
+    static final String COMMENT = "--comment";
+    static final String SEVERITY = "--severity";
     static final String REPORT_FORMAT = "--report-format";
     static final String OUTPUT_NAME = "--output-name";
     static final String OUTPUT_PATH = "--output-path";

src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java

@@ -1,5 +1,6 @@
 package com.checkmarx.ast.wrapper;
 
+import com.checkmarx.ast.predicate.Predicate;
 import com.checkmarx.ast.project.Project;
 import com.checkmarx.ast.results.ReportFormat;
 import com.checkmarx.ast.results.Results;
@@ -109,6 +110,46 @@ public Scan scanCreate(@NonNull Map<String, String> params, String additionalPar
         return Execution.executeCommand(withConfigArguments(arguments), logger, Scan::fromLine);
     }
 
+    public List<Predicate> triageShow(@NonNull UUID projectId, String similarityId, String scanType) throws IOException, InterruptedException, CxException {
+        this.logger.info("initialized triage for project with id: {}", projectId);
+
+        List<String> arguments = new ArrayList<>();
+        arguments.add(CxConstants.CMD_TRIAGE);
+        arguments.add(CxConstants.SUB_CMD_SHOW);
+        arguments.add(CxConstants.PROJECT_ID);
+        arguments.add(projectId.toString());
+        arguments.add(CxConstants.SIMILARITY_ID);
+        arguments.add(similarityId);
+        arguments.add(CxConstants.SCAN_TYPE);
+        arguments.add(scanType);
+
+        arguments.addAll(jsonArguments());
+
+        return Execution.executeCommand(withConfigArguments(arguments), logger, Predicate::listFromLine);
+    }
+
+    public void triageUpdate(@NonNull UUID projectId, String similarityId, String scanType, String state, String comment, String severity) throws IOException, InterruptedException, CxException {
+        this.logger.info("initialized triage update project with id: {}", projectId);
+
+        List<String> arguments = new ArrayList<>();
+        arguments.add(CxConstants.CMD_TRIAGE);
+        arguments.add(CxConstants.SUB_CMD_UPDATE);
+        arguments.add(CxConstants.PROJECT_ID);
+        arguments.add(projectId.toString());
+        arguments.add(CxConstants.SIMILARITY_ID);
+        arguments.add(similarityId);
+        arguments.add(CxConstants.SCAN_TYPE);
+        arguments.add(scanType);
+        arguments.add(CxConstants.STATE);
+        arguments.add(state);
+        arguments.add(CxConstants.COMMENT);
+        arguments.add(comment);
+        arguments.add(CxConstants.SEVERITY);
+        arguments.add(severity);
+
+        Execution.executeCommand(withConfigArguments(arguments), logger, (line) -> null);
+    }
+
     public Project projectShow(@NonNull UUID projectId) throws IOException, InterruptedException, CxException {
         this.logger.info("initialized project retrieval for id: {}", projectId);
 

src/test/java/com/checkmarx/ast/PredicateTest.java

@@ -0,0 +1,50 @@
+package com.checkmarx.ast;
+
+import com.checkmarx.ast.predicate.Predicate;
+import com.checkmarx.ast.project.Project;
+import com.checkmarx.ast.results.Results;
+import com.checkmarx.ast.results.result.Result;
+import com.checkmarx.ast.scan.Scan;
+import com.checkmarx.ast.wrapper.CxConstants;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.UUID;
+
+import static org.junit.Assert.fail;
+
+public class PredicateTest extends BaseTest {
+
+    @Test
+    public void testTriageShow() throws Exception {
+        List<Scan> scanList = wrapper.scanList(String.format("statuses=Completed"));
+        Scan scan = scanList.get(0);
+        Assert.assertTrue(scanList.size() > 0);
+        String scanId = scanList.get(0).getID();
+
+        Results results = wrapper.results(UUID.fromString(scanId));
+        Result result = results.getResults().stream().filter(res -> res.getType().equalsIgnoreCase(CxConstants.SAST)).findFirst().get();
+
+        List<Predicate> predicates = wrapper.triageShow(UUID.fromString(scan.getProjectID()), result.getSimilarityId(), result.getType());
+
+        Assert.assertNotNull(predicates);
+    }
+
+    @Test
+    public void testTriageUpdate() throws Exception {
+        List<Scan> scanList = wrapper.scanList(String.format("statuses=Completed"));
+        Scan scan = scanList.get(0);
+        Assert.assertTrue(scanList.size() > 0);
+        String scanId = scanList.get(0).getID();
+
+        Results results = wrapper.results(UUID.fromString(scanId));
+        Result result = results.getResults().stream().filter(res -> res.getType().equalsIgnoreCase(CxConstants.SAST)).findFirst().get();
+
+        try {
+            wrapper.triageUpdate(UUID.fromString(scan.getProjectID()), result.getSimilarityId(), result.getType(), "confirmed", "Edited via Java Wrapper", "high");
+        } catch (Exception e) {
+            fail("Triage update failed. Should not throw exception");
+        }
+    }
+}