Add containers realtime scan functionality and related constants

Author: cx-ben-alvo

src/main/containersRealtime/CxContainerRealtime.ts

@@ -0,0 +1,65 @@
+import { CxRealtimeEngineStatus } from './CxRealtimeEngineStatus';
+
+export interface Location {
+  line: number;
+  startIndex: number;
+  endIndex: number;
+}
+
+export default class CxContainerRealtimeResult {
+  imageName: string;
+  imageTag: string;
+  filepath: string;
+  locations: Location[];
+  status: CxRealtimeEngineStatus;
+  vulnerabilities: { cve: string, severity: string }[];
+
+  static parseResult(resultObject: any): CxContainerRealtimeResult[] {
+    const images = resultObject.Images;
+    let imageResults: CxContainerRealtimeResult[] = [];
+    if (images instanceof Array) {
+      imageResults = images.map((member: any) => {
+        const imageResult = new CxContainerRealtimeResult();
+        imageResult.imageName = member.ImageName;
+        imageResult.imageTag = member.ImageTag;
+        imageResult.filepath = member.FilePath;
+        imageResult.locations = Array.isArray(member.Locations)
+          ? member.Locations.map((loc: any) => ({
+            line: loc.Line,
+            startIndex: loc.StartIndex,
+            endIndex: loc.EndIndex
+          }))
+          : [];
+        imageResult.status = member.Status as CxRealtimeEngineStatus;
+        imageResult.vulnerabilities = Array.isArray(member.Vulnerabilities)
+          ? member.Vulnerabilities.map((vul: any) => ({
+            cve: vul.CVE,
+            severity: vul.Severity
+          }))
+          : [];
+        return imageResult;
+      });
+    } else {
+      const imageResult = new CxContainerRealtimeResult();
+      imageResult.imageName = images.PackageManager;
+      imageResult.imageTag = images.PackageName;
+      imageResult.filepath = images.FilePath;
+      imageResult.locations = Array.isArray(images.Locations)
+        ? images.Locations.map((loc: any) => ({
+          line: loc.Line,
+          startIndex: loc.StartIndex,
+          endIndex: loc.EndIndex
+        }))
+        : [];
+      imageResult.status = images.Status as CxRealtimeEngineStatus;
+      imageResult.vulnerabilities = Array.isArray(images.Vulnerabilities)
+    ? images.Vulnerabilities.map((vul: any) => ({
+        cve: vul.CVE,
+        severity: vul.Severity
+      }))
+    : [];
+      imageResults.push(imageResult);
+    }
+    return imageResults;
+  }
+}

src/main/containersRealtime/CxRealtimeEngineStatus.ts

@@ -0,0 +1,9 @@
+export enum CxRealtimeEngineStatus {
+    malicious = "Malicious",
+    ok = "OK",
+    unknown = "Unknown",
+    critical = "Critical",
+    high = "High",
+    medium = "Medium",
+    low = "Low"
+}

src/main/wrapper/CxConstants.ts

@@ -73,6 +73,7 @@ export enum CxConstants {
     SOURCE_FILE = "--file-source",
     ASCA_UPDATE_VERSION = "--asca-latest-version",
     CMD_OSS = "oss-realtime",
+    CMD_CONTAINERS_REALTIME = "containers-realtime",
     CMD_SECRETS = "secrets-realtime",
     PROJECT_ID = "--project-id",
     SIMILARITY_ID = "--similarity-id",
@@ -90,6 +91,7 @@ export enum CxConstants {
     SCAN_TYPE = "CxScan",
     SCAN_ASCA = "CxAsca",
     SCAN_OSS = "CxOss",
+    SCAN_CONTAINERS_REALTIME = "CxContainersRealtime",
     SCAN_SECRETS = "CxSecrets",
     PROJECT_TYPE = "CxProject",
     PREDICATE_TYPE = "CxPredicate",

src/main/wrapper/CxWrapper.ts

@@ -156,6 +156,13 @@ export class CxWrapper {
         return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS);
     }
 
+    async containersRealtimeScanResults(sourceFile: string): Promise<CxCommandOutput> {
+        const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_CONTAINERS_REALTIME, CxConstants.SOURCE, sourceFile];
+        commands.push(...this.initializeCommands(false));
+        const exec = new ExecutionService();
+        return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_CONTAINERS_REALTIME);
+    }
+
     async secretsScanResults(sourceFile: string): Promise<CxCommandOutput> {
         const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_SECRETS, CxConstants.SOURCE, sourceFile];
         commands.push(...this.initializeCommands(false));

src/main/wrapper/ExecutionService.ts

@@ -25,6 +25,7 @@ import CxMask from "../mask/CxMask";
 import CxAsca from "../asca/CxAsca";
 import CxOssResult from "../oss/CxOss";
 import CxSecretsResult from "../secrets/CxSecrets";
+import CxContainerRealtimeResult from "../containersRealtime/CxContainerRealtime";
 
 let skipValue = false;
 const fileSourceFlag = "--file-source"
@@ -211,6 +212,10 @@ export class ExecutionService {
                         const oss = CxOssResult.parseResult(resultObject);
                         cxCommandOutput.payload = [oss];
                         break;
+                    case CxConstants.SCAN_CONTAINERS_REALTIME:
+                        const images = CxContainerRealtimeResult.parseResult(resultObject);
+                        cxCommandOutput.payload = [images];
+                        break;
                     case CxConstants.SCAN_SECRETS:
                         const secrets = CxSecretsResult.parseResult(resultObject);
                         cxCommandOutput.payload = [secrets];

src/tests/ScanTest.test.ts

@@ -190,4 +190,13 @@ describe("ScanCreate cases", () => {
         expect(cxCommandOutput.exitCode).toBe(0);
     });
 
+    it('ScanContainersRealtime Successful case', async () => {
+        const wrapper = new CxWrapper(cxScanConfig);
+        const cxCommandOutput: CxCommandOutput = await wrapper.containersRealtimeScanResults("src/tests/data/Dockerfile");
+        console.log("Json object from scanContainersRealtime successful case: " + JSON.stringify(cxCommandOutput));
+        expect(cxCommandOutput.payload).toBeDefined();
+        expect(cxCommandOutput.exitCode).toBe(0);
+    });
+
+
 });