Q3 2024 integration branch (#51)

VS Plugin release version - 9.00.31
checkmarx-ltd · Sep 3, 2024 · a1bad8c · a1bad8c
1 parent d95c427
commit a1bad8c
Show file tree

Hide file tree

Showing 21 changed files with 388 additions and 106 deletions.
diff --git a/CxActionShared/CxActionShared.projitems b/CxActionShared/CxActionShared.projitems
@@ -106,6 +106,7 @@
     <Compile Include="$(MSBuildThisFileDirectory)Services\EnvDTEConstants.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Services\RESTApi\CxRESTApi.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Services\RESTApi\CxRESTApiCommon.cs" />
+    <Compile Include="$(MSBuildThisFileDirectory)services\restapi\CxRESTApiNoneConfiguration.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Services\RESTApi\CxRESTApiPortalConfiguration.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Services\RESTApi\CxRESTApiWebRequestBase.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Services\WinCookieHelper.cs" />
@@ -114,6 +115,8 @@
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\RESTApi\CxProjectDetails.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\RESTApi\CxQueryDescription.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\RESTApi\CxRESTApiLoginResponse.cs" />
+    <Compile Include="$(MSBuildThisFileDirectory)valueobjects\restapi\enum\ResultStates.cs" />
+    <Compile Include="$(MSBuildThisFileDirectory)valueobjects\restapi\CxVersionInfo.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\Results.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\WebPortal\Models\CxPortalConfiguration.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)Views\BindingPrjList.cs">
@@ -365,4 +368,7 @@
     <EmbeddedResource Include="$(MSBuildThisFileDirectory)Resources\NormalNode.png" />
     <EmbeddedResource Include="$(MSBuildThisFileDirectory)Resources\NormalSelected.png" />
   </ItemGroup>
+  <ItemGroup>
+    <Folder Include="$(MSBuildThisFileDirectory)ValueObjects\RESTApi\Enum\" />
+  </ItemGroup>
 </Project>
diff --git a/CxActionShared/Entities/WebServiceEntity/ReportQueryResult.cs b/CxActionShared/Entities/WebServiceEntity/ReportQueryResult.cs
@@ -12,7 +12,8 @@ public enum ReportQuerySeverityType
         Information = 0,
         Low         = 1,
         Medium      = 2,
-        High        = 3
+        High        = 3,
+        Critical    = 4
     }
 
     public enum ViewerTreeNodeType
@@ -456,6 +457,7 @@ public static ReportQuerySeverityType SeverityTypeFromString(string str)
                 case "Low": type = ReportQuerySeverityType.Low; break;
                 case "Medium": type = ReportQuerySeverityType.Medium; break;
                 case "High": type = ReportQuerySeverityType.High; break;
+                case "Critical": type = ReportQuerySeverityType.Critical; break;
                 default: type = ReportQuerySeverityType.None; break;
             }
 

diff --git a/CxActionShared/Entities/WebServiceEntity/ReportResult.cs b/CxActionShared/Entities/WebServiceEntity/ReportResult.cs
@@ -49,6 +49,11 @@ public Dictionary<ReportQuerySeverityType, List<ReportQueryResult>> Tree
                     tepmTree[problem.Severity].Add(problem);
                 }
 
+                if (tepmTree.ContainsKey(ReportQuerySeverityType.Critical))
+                {
+                    _tree.Add(ReportQuerySeverityType.Critical, tepmTree[ReportQuerySeverityType.Critical]);
+                }
+
                 if (tepmTree.ContainsKey(ReportQuerySeverityType.High))
                 {
                     _tree.Add(ReportQuerySeverityType.High, tepmTree[ReportQuerySeverityType.High]);

diff --git a/CxActionShared/Helpers/LoginHelper.cs b/CxActionShared/Helpers/LoginHelper.cs
@@ -434,8 +434,16 @@ public static bool DolLogin(LoginData login, CxWebServiceClient client)
                         //Add logs for print Server url and AccessToken
                         Logger.Create().Debug("Server URL: " + login.ServerBaseUri);
                         cxRestApi = new CxRESTApi(login);
-                        string accessToken = cxRestApi.Login(oidcLoginResult.Code);
-                        cxRestApi.GetPermissions(accessToken);                    
+                        try
+                        {
+                            string accessToken = cxRestApi.Login(oidcLoginResult.Code);
+                            cxRestApi.GetPermissions(accessToken);
+                        }
+                        catch(Exception ex)
+                        {
+                             Logger.Create().Debug("Failed to get accesstoken. Error: " + ex.ToString());
+                        }
+
                 }
 
                 loginSucceeded = true;

diff --git a/CxActionShared/Helpers/PerspectiveHelper.cs b/CxActionShared/Helpers/PerspectiveHelper.cs
@@ -12,6 +12,10 @@
 using CxViewerAction.Entities.WebServiceEntity;
 using System.Collections.Generic;
 using Common;
+using System.Net;
+using System.Text;
+using System.Web.Script.Serialization;
+using CxViewerAction.ValueObjects;
 
 namespace CxViewerAction.Helpers
 {
@@ -26,7 +30,7 @@ public class PerspectiveHelper
         /// Perspective not exist message
         /// </summary>
         private const string _perspectiveNotExist = "Current project perspective not exist";
-
+        private static string _apiSASTVersionDetails = "system/version";
         #endregion [ Constants ]
 
         /// <summary>
@@ -310,6 +314,7 @@ public static void ShowStored(CxWSQueryVulnerabilityData[] queries, LoginData lo
                 List<CxWSQueryVulnerabilityData> sev1 = new List<CxWSQueryVulnerabilityData>();
                 List<CxWSQueryVulnerabilityData> sev2 = new List<CxWSQueryVulnerabilityData>();
                 List<CxWSQueryVulnerabilityData> sev3 = new List<CxWSQueryVulnerabilityData>();
+                List<CxWSQueryVulnerabilityData> sev4 = new List<CxWSQueryVulnerabilityData>();
 
                 for (int i = 0; i < queries.Length; i++)
                 {
@@ -328,8 +333,15 @@ public static void ShowStored(CxWSQueryVulnerabilityData[] queries, LoginData lo
                         case 3:
                             sev3.Add(cur);
                             break;
+                        case 4:
+                            sev4.Add(cur);
+                            break;
                     }
                 }
+                if (sev4.Count > 0)
+                {
+                    queriesGroups.Add(ReportQuerySeverityType.Critical, sev4);
+                }
                 if (sev3.Count > 0)
                 {
                     queriesGroups.Add(ReportQuerySeverityType.High, sev3);
@@ -554,6 +566,34 @@ public static ResultState[] GetResultStateList()
             return res;
         }
 
+        public static string GetSASTVersionDetails()
+        {
+            string responseText = string.Empty;
+
+            if(!string.IsNullOrEmpty(LoginHelper.ServerBaseUrl))
+            {
+                CxRESTApiCommon rESTApiPortalConfiguration = new CxRESTApiCommon(string.Format(_apiSASTVersionDetails));
+                HttpWebResponse response = rESTApiPortalConfiguration.InitPortalBaseUrl();
+
+                if (response != null && response.StatusCode == HttpStatusCode.OK)
+                {
+                    using (StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.UTF8))
+                    {
+                        responseText = reader.ReadToEnd();
+                    }
+                }
+            }
+
+            if (!string.IsNullOrEmpty(responseText))
+            {
+                CxVersionInfo versionInfo = new CxVersionInfo();
+                JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer();
+                versionInfo = (CxVersionInfo)javaScriptSerializer.Deserialize(responseText, typeof(CxVersionInfo));
+                return versionInfo.version;
+            }
+            return "";
+        }
+
         private static ResultState[] RemoveNotExploitableFromArray(ResultState[] resultStates)
         {
             ResultState [] statesWithoutNotExploitable = new ResultState[resultStates.Length-1];

diff --git a/CxActionShared/Services/RESTApi/CxRESTApiNoneConfiguration.cs b/CxActionShared/Services/RESTApi/CxRESTApiNoneConfiguration.cs
@@ -0,0 +1,145 @@
+using Common;
+using CxViewerAction.Entities;
+using CxViewerAction.Helpers;
+using CxViewerAction.WebPortal;
+using System;
+using System.IO;
+using System.Net;
+using System.Text;
+using System.Web.Script.Serialization;
+
+namespace CxViewerAction.Services
+{
+    public class CxRESTApiNoneConfiguration
+    {
+        #region Fields
+
+        private string _restAPIRelativePath = "/cxrestapi/Configurations/None";
+        private const string requestContentType = "application/json, text/plain, */*";
+
+        #endregion
+
+        #region API
+
+        public void InitNoneBaseUrl()
+        {
+            try
+            {
+                LoginHelper.PortalConfiguration = new CxPortalConfiguration();
+                Uri uri = GetLoginUri();
+                HttpWebRequest webRequest = GetWebRequest(uri);
+                CxPortalConfiguration result = GetWebResponse(webRequest);
+                LoginHelper.PortalConfiguration.WebServer = GetWebServerBaseUrl(result.WebServer);
+            }
+            catch (System.Net.WebException ex)
+            {
+                var response = (System.Net.HttpWebResponse)ex.Response;
+
+                if (response.StatusCode == HttpStatusCode.NotFound)
+                {
+                    LoginHelper.PortalConfiguration.WebServer = LoginHelper.ServerBaseUrl;
+                }
+                else
+                {
+                    Logger.Create().Error("CxRESTApiPortalConfiguration->GetPortalBaseUrl: " + ex.ToString());
+                }
+            }
+        }
+
+        public CxPortalConfiguration InitNoneConfigurationDetails()
+        {
+            try
+            {
+                LoginHelper.PortalConfiguration = new CxPortalConfiguration();
+                Uri uri = GetLoginUri();
+                HttpWebRequest webRequest = GetWebRequest(uri);
+                return GetWebResponse(webRequest);
+            }
+            catch (System.Net.WebException ex)
+            {
+                var response = (System.Net.HttpWebResponse)ex.Response;
+
+                if (response.StatusCode == HttpStatusCode.NotFound)
+                {
+                    LoginHelper.PortalConfiguration.WebServer = LoginHelper.ServerBaseUrl;
+                }
+                else
+                {
+                    Logger.Create().Error("CxRESTApiPortalConfiguration->InitPortalConfigurationDetails: " + ex.ToString());
+                }
+            }
+            return null;
+        }
+        #endregion
+
+        #region Private methods
+
+        private string GetWebServerBaseUrl(string url)
+        {
+            if (string.IsNullOrEmpty(url))
+            {
+                return LoginHelper.ServerBaseUrl;
+            }
+
+            Uri uri = new Uri(LoginHelper.ServerBaseUrl);
+
+            if (!url.StartsWith(uri.Scheme))
+            {
+                return string.Format("{0}://{1}", uri.Scheme, url);
+            }
+
+            return url;
+        }
+
+        private HttpWebRequest GetWebRequest(Uri uri)
+        {
+            HttpWebRequest webRequest = new CxRESTApiWebRequestCore().Create(uri, "GET");
+            webRequest.Accept = requestContentType;
+            OidcLoginData oidcLoginData = OidcLoginData.GetOidcLoginDataInstance();
+            if (CxVSWebServiceWrapper.IsTokenExpired(oidcLoginData))
+            {
+                //get the login data again with the new access token
+                oidcLoginData = OidcLoginData.GetOidcLoginDataInstance();
+            };
+            webRequest.Headers.Clear();
+            webRequest.Headers.Add(Constants.AUTHORIZATION_HEADER, Constants.BEARER + oidcLoginData.AccessToken);
+            return webRequest;
+        }
+
+        private CxPortalConfiguration GetWebResponse(HttpWebRequest webRequest)
+        {
+            string responseText = string.Empty;
+            CxPortalConfiguration portalConfiguration = new CxPortalConfiguration();
+            HttpWebResponse webResponse = (HttpWebResponse)webRequest.GetResponse();
+
+            if (webResponse.StatusCode != HttpStatusCode.OK)
+            {
+                Logger.Create().Error("CxRESTApiPortalConfiguration->HandleWebResponse->Rest API, status message: " + webResponse.StatusDescription);
+            }
+
+            using (StreamReader reader = new StreamReader(webResponse.GetResponseStream(), ASCIIEncoding.ASCII))
+            {
+                responseText = reader.ReadToEnd();
+            }
+
+            if (!string.IsNullOrEmpty(responseText))
+            {
+                JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer();
+                portalConfiguration = (CxPortalConfiguration)javaScriptSerializer.Deserialize(responseText, typeof(CxPortalConfiguration));
+            }
+
+            return portalConfiguration;
+        }
+
+        private Uri GetLoginUri()
+        {
+            string url = string.Format("{0}{1}",
+                Common.Text.Text.RemoveTrailingSlash(LoginHelper.ServerBaseUrl),
+                _restAPIRelativePath);
+
+            return new Uri(url);
+        }
+
+        #endregion
+    }
+}
diff --git a/CxActionShared/ValueObjects/RESTApi/CxVersionInfo.cs b/CxActionShared/ValueObjects/RESTApi/CxVersionInfo.cs
@@ -0,0 +1,9 @@
+namespace CxViewerAction.ValueObjects
+{
+    public class CxVersionInfo
+    {
+        public string version { get; set; }
+        public string hotFix { get; set; }
+        public string enginePackVersion { get; set; }
+    }
+}
diff --git a/CxActionShared/ValueObjects/RESTApi/Enum/ResultStates.cs b/CxActionShared/ValueObjects/RESTApi/Enum/ResultStates.cs
@@ -0,0 +1,11 @@
+namespace CxViewerAction.ValueObjects
+{
+    public enum ResultStates
+    {
+        ToVerify,
+        NotExploitable,
+        Confirmed,
+        Urgent,
+        ProposedNotExploitable
+    }
+}
diff --git a/CxActionShared/ValueObjects/WebPortal/Models/CxPortalConfiguration.cs b/CxActionShared/ValueObjects/WebPortal/Models/CxPortalConfiguration.cs
@@ -8,6 +8,9 @@ public class CxPortalConfiguration
 
         public bool MandatoryCommentOnChangeResultState { get; set; }
 
+        public bool MandatoryCommentOnChangeResultStateToNE { get; set; }
+
+        public bool MandatoryCommentOnChangeResultStateToPNE { get; set; }
         #endregion
     }
 }
diff --git a/CxActionShared/Views/BrowserForm.cs b/CxActionShared/Views/BrowserForm.cs
@@ -16,6 +16,7 @@
 using CefSharp.WinForms;
 using System.Collections.Specialized;
 using static CxViewerAction.Views.BrowserForm.MyCustomResourceRequestHandler;
+using CxViewerAction.Entities;
 
 //This code is using CefSharp Browser for Login.
 // Use of this source code is governed by a BSD-style license that can be found in the CxViewerVSIX Resource LICENSE file.
@@ -28,6 +29,7 @@ public partial class BrowserForm : Form
         public event EventHandler UserClosedForm;
         public const string ERROR_QUERY_KEY = "Error";
         public const string BLANK_PAGE = "about:blank";
+        public const String CODE_KEY = "code=";
         public BrowserForm()
         {
             InitializeComponent();
@@ -130,7 +132,7 @@ private void chromium_FrameLoadEnd(object sender, CefSharp.FrameLoadEndEventArgs
             // Was the loaded page the first page load?
             browser.ExecuteScriptAsync("document.oncontextmenu = function() { return false; };");
 
-            if (!e.Url.ToLower().Contains("code="))
+            if (!validateUrlResponse(e)) 
             {
                 if (e.Url.ToString().Contains("CxRestAPI"))
                 {
@@ -159,6 +161,21 @@ private void chromium_FrameLoadEnd(object sender, CefSharp.FrameLoadEndEventArgs
             Cef.GetGlobalCookieManager().DeleteCookies("", "");
             Application.ExitThread();
         }
+
+        private Boolean validateUrlResponse(CefSharp.FrameLoadEndEventArgs eventArgs)
+        {
+            try
+            {
+                LoginData loginData = LoginHelper.LoadSaved();
+                Uri myUri = new Uri(loginData.ServerBaseUri);
+                String host = myUri.Host;
+                return eventArgs.Url.Contains(host) && eventArgs.Url.ToLower().Contains(CODE_KEY);
+            }
+            catch (Exception ex)
+            {
+                throw new Exception(ex.ToString());
+            }
+        }
         private string ExtractCodeFromUrl(string absoluteUri)
         {
             Uri myUri = new Uri(absoluteUri);