Merge branch 'main' into feature/AST-12643-sca-panel

Author: diogopcx

.github/workflows/ci.yml

@@ -20,7 +20,7 @@ jobs:
             ${{ runner.os }}-maven-
 
       - name: Set up JDK 11
-        uses: actions/[email protected].0
+        uses: actions/[email protected].1
         with:
           distribution: 'temurin'
           java-version: '11'

.github/workflows/dependabot-auto-merge.yml

@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/[email protected].1
+        uses: dependabot/[email protected].3
         with:
           github-token: "${{ secrets.PERSONAL_ACCESS_TOKEN  }}"
       - name: Enable auto-merge for Dependabot PRs

.github/workflows/pr-automation.yml

@@ -19,4 +19,4 @@ jobs:
           GH_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN  }}
           PRNUM: ${{ github.event.pull_request.number }}
           PRAUTHOR: ${{ github.event.pull_request.user.login }}
-        run: gh pr edit $PRNUM --add-reviewer Checkmarx/ast-galactica-team
+        run: gh pr edit $PRNUM --add-reviewer CheckmarxDev/AST-Plugins

.github/workflows/release.yml

@@ -26,7 +26,7 @@ jobs:
             ${{ runner.os }}-maven-
 
       - name: Set up Maven Central Repository
-        uses: actions/[email protected].0
+        uses: actions/[email protected].1
         with:
           java-version: '11'
           distribution: 'temurin'

checkmarx-ast-cli.version

@@ -1 +1 @@
-2.0.20
+2.0.22

pom.xml

@@ -48,7 +48,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-simple</artifactId>
-            <version>1.7.25</version>
+            <version>1.7.30</version>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>

src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java renamed to src/main/java/com/checkmarx/ast/kicsRealtimeResults/KicsRealtimeResults.java

@@ -21,22 +21,22 @@
 @JsonDeserialize()
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class kicsRealtimeResults {
+public class KicsRealtimeResults {
 
     int totalCount;
     String version;
     List<KicsResult> results;
     KicsSummary kicsSummary;
 
     @JsonCreator
-    public kicsRealtimeResults(@JsonProperty("total_counter") int totalCount, @JsonProperty("queries") List<KicsResult> results,@JsonProperty("kics_version") String version, @JsonProperty("severity_counters") KicsSummary kicsSummary) {
+    public KicsRealtimeResults(@JsonProperty("total_counter") int totalCount, @JsonProperty("queries") List<KicsResult> results, @JsonProperty("kics_version") String version, @JsonProperty("severity_counters") KicsSummary kicsSummary) {
         this.totalCount = totalCount;
         this.version = version;
         this.results = results;
         this.kicsSummary = kicsSummary;
     }
     public static <T> T fromLine(String line) {
-        return parse(line, TypeFactory.defaultInstance().constructType(kicsRealtimeResults.class));
+        return parse(line, TypeFactory.defaultInstance().constructType(KicsRealtimeResults.class));
     }
 
     private static <T> T parse(String line, JavaType type) {

src/main/java/com/checkmarx/ast/remediation/KicsRemediation.java

@@ -0,0 +1,56 @@
+package com.checkmarx.ast.remediation;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.type.TypeFactory;
+import lombok.Value;
+import org.apache.commons.lang3.StringUtils;
+
+import java.io.IOException;
+
+@Value
+@JsonDeserialize()
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class KicsRemediation {
+    String availableRemediation;
+    String appliedRemediation;
+
+    @JsonCreator
+    public KicsRemediation(@JsonProperty("available_remediation_count") String availableRemediation, @JsonProperty("applied_remediation_count") String appliedRemediation) {
+        this.availableRemediation = availableRemediation;
+        this.appliedRemediation = appliedRemediation;
+    }
+
+    public static <T> T fromLine(String line) {
+        return parse(line, TypeFactory.defaultInstance().constructType(KicsRemediation.class));
+    }
+
+    private static <T> T parse(String line, JavaType type) {
+        T result = null;
+        try {
+            if (!StringUtils.isBlank(line) && isValidJSON(line)) {
+                result = new ObjectMapper().readValue(line, type);
+
+            }
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        return result;
+    }
+
+    private static boolean isValidJSON(final String json) {
+        try {
+            final ObjectMapper mapper = new ObjectMapper();
+            mapper.readTree(json);
+            return true;
+        } catch (IOException e) {
+            return false;
+        }
+    }
+}

src/main/java/com/checkmarx/ast/wrapper/CxConfig.java

@@ -5,15 +5,14 @@
 import lombok.Data;
 import lombok.Setter;
 import org.apache.commons.lang3.StringUtils;
-
 import java.util.ArrayList;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 @Data
 @Builder
-public class  CxConfig {
+public class CxConfig {
 
     private static final Pattern pattern = Pattern.compile("([^\"]\\S*|\".+?\")\\s*");
 
@@ -31,17 +30,6 @@ public void setAdditionalParameters(String additionalParameters) {
         this.additionalParameters = parseAdditionalParameters(additionalParameters);
     }
 
-    void validate() throws InvalidCLIConfigException {
-        if (StringUtils.isBlank(getBaseUri())) {
-            throw new InvalidCLIConfigException("Checkmarx server URL is not set");
-        }
-
-        if (StringUtils.isBlank(getApiKey())
-            && (StringUtils.isBlank(getClientId()) || StringUtils.isBlank(getClientSecret()))) {
-            throw new InvalidCLIConfigException("Credentials are not set");
-        }
-    }
-
     List<String> toArguments() {
         List<String> commands = new ArrayList<>();
 

src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java

@@ -1,9 +1,10 @@
 package com.checkmarx.ast.wrapper;
 
 import com.checkmarx.ast.codebashing.CodeBashing;
-import com.checkmarx.ast.kicsRealtimeResults.kicsRealtimeResults;
+import com.checkmarx.ast.kicsRealtimeResults.KicsRealtimeResults;
 import com.checkmarx.ast.predicate.Predicate;
 import com.checkmarx.ast.project.Project;
+import com.checkmarx.ast.remediation.KicsRemediation;
 import com.checkmarx.ast.results.ReportFormat;
 import com.checkmarx.ast.results.Results;
 import com.checkmarx.ast.results.ResultsSummary;
@@ -40,7 +41,6 @@ public CxWrapper(CxConfig cxConfig)
 
     public CxWrapper(@NonNull CxConfig cxConfig, @NonNull Logger logger) throws CxConfig.InvalidCLIConfigException,
             IOException {
-        cxConfig.validate();
         this.cxConfig = cxConfig;
         this.logger = logger;
         this.executable = StringUtils.isBlank(this.cxConfig.getPathToExecutable())
@@ -319,7 +319,7 @@ public int getResultsBfl(@NonNull UUID scanId, @NonNull String queryId, List<Nod
 
     }
 
-    public kicsRealtimeResults kicsRealtimeScan(@NonNull String fileSources,String engine ,String additionalParams)
+    public KicsRealtimeResults kicsRealtimeScan(@NonNull String fileSources, String engine, String additionalParams)
             throws IOException, InterruptedException, CxException {
         this.logger.info("Executing 'scan kics-realtime' command using the CLI.");
         this.logger.info("Fetching the results for fileSources {} and additionalParams {}", fileSources, additionalParams);
@@ -331,14 +331,40 @@ public kicsRealtimeResults kicsRealtimeScan(@NonNull String fileSources,String e
         arguments.add(fileSources);
         arguments.add(CxConstants.ADDITONAL_PARAMS);
         arguments.add(additionalParams);
-        if(engine.length()>0){
+        if (engine.length() > 0) {
             arguments.add(CxConstants.ENGINE);
             arguments.add(engine);
         }
-        kicsRealtimeResults kicsResults = Execution.executeCommand(withConfigArguments(arguments), logger, kicsRealtimeResults::fromLine);
+        KicsRealtimeResults kicsResults = Execution.executeCommand(withConfigArguments(arguments), logger, KicsRealtimeResults::fromLine);
         return kicsResults;
+    }
+
+    public KicsRemediation kicsRemediate(@NonNull String resultsFile, String kicsFile, String engine,String similarityIds)
+            throws IOException, InterruptedException, CxException {
+        this.logger.info("Executing 'remediation kics' command using the CLI.");
+        this.logger.info("Applying remediation for resultsFile {} and resultsFile {}", resultsFile, kicsFile);
 
+        List<String> arguments = new ArrayList<>();
+        arguments.add(this.executable);
+        arguments.add("utils");
+        arguments.add("remediation");
+        arguments.add("kics");
+        arguments.add("--results-file");
+        arguments.add(resultsFile);
+        arguments.add("--kics-files");
+        arguments.add(kicsFile);
+        if (engine.length() > 0) {
+            arguments.add(CxConstants.ENGINE);
+            arguments.add(engine);
+        }
+        if (similarityIds.length() > 0) {
+            arguments.add("--similarity-ids");
+            arguments.add(similarityIds);
+        }
+        KicsRemediation remediation = Execution.executeCommand(arguments, logger, KicsRemediation::fromLine);
+        return remediation;
     }
+
     private int getIndexOfBfLNode(List<Node> bflNodes, List<Node> resultNodes) {
 
         int bflNodeNotFound = -1;