Merge pull request #142 from CheckmarxDev/feature/AST-12643-sca-panel

Feature/ast 12643 sca panel

Author: diogopcx

src/main/java/com/checkmarx/ast/results/result/Data.java

@@ -25,9 +25,12 @@ public class Data {
     String expectedValue;
     String value;
     String fileName;
+    String packageIdentifier;
+    String recommendedVersion;
     int line;
     List<Node> nodes;
     List<PackageData> packageData;
+    ScaPackageData scaPackageData;
 
     public Data(@JsonProperty("queryId") String queryId,
                 @JsonProperty("queryName") String queryName,
@@ -39,9 +42,12 @@ public Data(@JsonProperty("queryId") String queryId,
                 @JsonProperty("expectedValue") String expectedValue,
                 @JsonProperty("value") String value,
                 @JsonProperty("filename") String fileName,
+                @JsonProperty("packageIdentifier") String packageIdentifier,
+                @JsonProperty("recommendedVersion") String recommendedVersion,
                 @JsonProperty("line") int line,
                 @JsonProperty("nodes") List<Node> nodes,
-                @JsonProperty("packageData") List<PackageData> packageData) {
+                @JsonProperty("packageData") List<PackageData> packageData,
+                @JsonProperty("scaPackageData") ScaPackageData scaPackageData) {
         this.queryId = queryId;
         this.queryName = queryName;
         this.group = group;
@@ -52,8 +58,11 @@ public Data(@JsonProperty("queryId") String queryId,
         this.expectedValue = expectedValue;
         this.value = value;
         this.fileName = fileName;
+        this.packageIdentifier = packageIdentifier;
+        this.recommendedVersion = recommendedVersion;
         this.line = line;
         this.nodes = nodes;
         this.packageData = packageData;
+        this.scaPackageData = scaPackageData;
     }
 }

src/main/java/com/checkmarx/ast/results/result/DependencyPath.java

@@ -0,0 +1,42 @@
+package com.checkmarx.ast.results.result;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+
+import java.util.List;
+
+@Value
+@JsonDeserialize()
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class DependencyPath {
+
+    String Id;
+    String name;
+    String version;
+    List<String> locations;
+    boolean isResolved;
+    boolean isDevelopment;
+    boolean supportsQuickFix;
+
+
+    public DependencyPath(@JsonProperty("Id") String id,
+                          @JsonProperty("name") String name,
+                          @JsonProperty("version") String version,
+                          @JsonProperty("locations") List<String> locations,
+                          @JsonProperty("isResolved") boolean isResolved,
+                          @JsonProperty("isDevelopment") boolean isDevelopment,
+                          @JsonProperty("supportsQuickFix") boolean supportsQuickFix) {
+
+        Id = id;
+        this.name = name;
+        this.version = version;
+        this.locations = locations;
+        this.isResolved = isResolved;
+        this.isDevelopment = isDevelopment;
+        this.supportsQuickFix = supportsQuickFix;
+    }
+}

src/main/java/com/checkmarx/ast/results/result/ScaPackageData.java

@@ -0,0 +1,36 @@
+package com.checkmarx.ast.results.result;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+
+import java.util.List;
+
+@Value
+@JsonDeserialize()
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class ScaPackageData {
+
+    String Id;
+    String fixLink;
+    List<List<DependencyPath>> dependencyPaths;
+    boolean outdated;
+    boolean supportsQuickFix;
+
+
+    public ScaPackageData(@JsonProperty("Id") String id,
+                          @JsonProperty("fixLink") String fixLink,
+                          @JsonProperty("dependencyPaths") List<List<DependencyPath>> dependencyPaths,
+                          @JsonProperty("outdated") boolean outdated,
+                          @JsonProperty("supportsQuickFix") boolean supportsQuickFix) {
+
+        Id = id;
+        this.fixLink = fixLink;
+        this.dependencyPaths = dependencyPaths;
+        this.outdated = outdated;
+        this.supportsQuickFix = supportsQuickFix;
+    }
+}

src/main/java/com/checkmarx/ast/results/result/VulnerabilityCVSS.java

@@ -17,16 +17,29 @@ public class VulnerabilityCVSS {
     String availability;
     String confidentiality;
     String attackComplexity;
+    String integrityImpact;
+    String scope;
+    String privilegesRequired;
+    String userInteraction;
+
 
     public VulnerabilityCVSS(@JsonProperty("version") int version,
                              @JsonProperty("attackVector") String attackVector,
                              @JsonProperty("availability") String availability,
                              @JsonProperty("confidentiality") String confidentiality,
-                             @JsonProperty("attackComplexity") String attackComplexity) {
+                             @JsonProperty("attackComplexity") String attackComplexity,
+                             @JsonProperty("integrityImpact") String integrityImpact,
+                             @JsonProperty("scope") String scope,
+                             @JsonProperty("privilegesRequired") String privilegesRequired,
+                             @JsonProperty("userInteraction") String userInteraction) {
         this.version = version;
         this.attackVector = attackVector;
         this.availability = availability;
         this.confidentiality = confidentiality;
         this.attackComplexity = attackComplexity;
+        this.integrityImpact = integrityImpact;
+        this.scope = scope;
+        this.privilegesRequired = privilegesRequired;
+        this.userInteraction = userInteraction;
     }
 }

src/main/java/com/checkmarx/ast/wrapper/CxConstants.java

@@ -53,4 +53,10 @@ public final class CxConstants {
     static final String ADDITONAL_PARAMS = "--additional-params";
     static final String ENGINE = "--engine";
     static final String SUB_CMD_KICS_REALTIME = "kics-realtime";
+    static final String SCA_REMEDIATION_PACKAGE_FILES = "--package-files";
+    static final String SCA_REMEDIATION_PACKAGE = "--package";
+    static final String SCA_REMEDIATION_PACKAGE_VERSION = "--package-version";
+    static final String CMD_UTILS = "utils";
+    static final String CMD_REMEDIATION = "remediation";
+    static final String SUB_CMD_REMEDIATION_SCA = "sca";
 }

src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java

@@ -17,6 +17,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+
 import java.io.IOException;
 import java.nio.file.Files;
 import java.util.ArrayList;
@@ -286,6 +287,21 @@ private List<String> buildResultsArgumentsArray(UUID scanId, ReportFormat report
         return arguments;
     }
 
+    public String scaRemediation(String packageFiles, String packages, String packageVersion) throws CxException, IOException, InterruptedException {
+        List<String> arguments = new ArrayList<>();
+        arguments.add(CxConstants.CMD_UTILS);
+        arguments.add(CxConstants.CMD_REMEDIATION);
+        arguments.add(CxConstants.SUB_CMD_REMEDIATION_SCA);
+        arguments.add(CxConstants.SCA_REMEDIATION_PACKAGE_FILES);
+        arguments.add(packageFiles);
+        arguments.add(CxConstants.SCA_REMEDIATION_PACKAGE);
+        arguments.add(packages);
+        arguments.add(CxConstants.SCA_REMEDIATION_PACKAGE_VERSION);
+        arguments.add(packageVersion);
+
+        return Execution.executeCommand(withConfigArguments(arguments), logger, line -> null);
+    }
+
     public int getResultsBfl(@NonNull UUID scanId, @NonNull String queryId, List<Node> resultNodes)
             throws IOException, InterruptedException, CxException {
         this.logger.info("Executing 'results bfl' command using the CLI.");