Merge pull request #437 from checkmarx-ltd/develop

Release Items of Cx-flow 1.7.07

pom.xml

@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>com.github.checkmarx-ltd</groupId>
 	<artifactId>cx-spring-boot-sdk</artifactId>
-	<version>0.6.19</version>
+	<version>0.6.20</version>
 
 
 	<name>cx-spring-boot-sdk</name>

src/main/java/com/checkmarx/sdk/config/CxProperties.java

@@ -38,6 +38,22 @@ public class CxProperties extends CxPropertiesBase{
     @Setter
     private Boolean cancelInpregressScan = false;
 
+    @Getter
+    @Setter
+
+    private Boolean enableTokenLogin = false;
+
+    @Getter
+    @Setter
+    private String token ;
+
+
+    @Getter
+    @Setter
+    @Builder.Default
+    private Boolean isDefaultBranchEmpty = false;
+
+
     @Getter
     @Setter
     @Builder.Default
@@ -125,6 +141,9 @@ public class CxProperties extends CxPropertiesBase{
     @Getter @Setter
     private Boolean considerScanningStatus = false;
 
+    @Getter @Setter
+    private Boolean projectSummary= false;
+
 
     /**
      * Maps finding state ID (as returned in CxSAST report) to state name (as specified in filter configuration).
@@ -136,6 +155,14 @@ public class CxProperties extends CxPropertiesBase{
             "4", "PROPOSED NOT EXPLOITABLE"
     );
 
+    private static final Map<String, String> CXSAST_SEVERITY_ID_TO_NAME = ImmutableMap.of(
+            "0", "INFO",
+            "1","LOW",
+            "2", "MEDIUM",
+            "3", "HIGH",
+            "4", "CRITICAL"
+    );
+
     public void setEnabledZipScan(Boolean enabledZipScan){
         this.enabledZipScan = enabledZipScan;
     }
@@ -342,6 +369,10 @@ public String getStateFullName(String key){
 	return stateFullName;
     }
 
+    public String getSeverityFullName(String key){
+        return CXSAST_SEVERITY_ID_TO_NAME.get(key);
+    }
+
     public String checkCustomFalsePositive(String key){
         try {
             return customStateFalsePositiveMap.get(key);

src/main/java/com/checkmarx/sdk/config/CxPropertiesBase.java

@@ -32,6 +32,13 @@ public abstract class CxPropertiesBase {
     private String excludeFolders;
     private Boolean offline = false;
     private String teamScript;
+
+    @Getter
+    @Setter
+    private String branchScript;
+    @Getter
+    @Setter
+    private String defaultBranchScript;
     private String projectScript;
     private Boolean enablePostActionMonitor = false;
     private String postCloneScript;

src/main/java/com/checkmarx/sdk/dto/ScanResults.java

@@ -61,6 +61,9 @@ public class ScanResults{
     private String output;
     private Map<String, Object> additionalDetails;
     private CxScanSummary scanSummary;
+    @Getter
+    @Setter
+    private CxScanSummary projectScanSummary;
     private SCAResults scaResults;
     private ASTResults astResults;
 
@@ -71,7 +74,7 @@ public class ScanResults{
     @Getter @Setter
     private String latestCommitterEmail;
     public ScanResults(Boolean osa, String projectId,String deepLink, String reportCreationTime, String scanTime, String team, String project, String link, String files, String loc, String scanType,String version,
-                       List<XIssue> xIssues,List<XIssue> unFilteredIssues, Map<String, Object> additionalDetails, CxScanSummary scanSummary, SCAResults scaResults, ASTResults astResults) {
+                       List<XIssue> xIssues,List<XIssue> unFilteredIssues, Map<String, Object> additionalDetails, CxScanSummary scanSummary,CxScanSummary projectScanSummary, SCAResults scaResults, ASTResults astResults) {
         this.osa = osa;
         this.projectId = projectId;
         this.DeepLink = deepLink;
@@ -88,6 +91,7 @@ public ScanResults(Boolean osa, String projectId,String deepLink, String reportC
         this.unFilteredIssues = unFilteredIssues;
         this.additionalDetails = additionalDetails;
         this.scanSummary = scanSummary;
+        this.projectScanSummary = projectScanSummary;
         this.scaResults = scaResults;
         this.astResults = astResults;
     }
@@ -809,6 +813,7 @@ public static class ScanResultsBuilder {
         private List<XIssue> unFilteredIssues;
         private Map<String, Object> additionalDetails;
         private CxScanSummary scanSummary;
+        private CxScanSummary projectScanSummary;
         private SCAResults scaResults;
         private ASTResults astResults;
 
@@ -874,6 +879,11 @@ public ScanResults.ScanResultsBuilder scanSummary(CxScanSummary scanSummary) {
             this.scanSummary = scanSummary;
             return this;
         }
+        public ScanResults.ScanResultsBuilder projectScanSummary(CxScanSummary projectScanSummary) {
+            this.projectScanSummary = projectScanSummary;
+            return this;
+        }
+
 
         public ScanResults.ScanResultsBuilder scaResults(SCAResults scaResults) {
             this.scaResults = scaResults;
@@ -886,7 +896,7 @@ public ScanResults.ScanResultsBuilder astResults(ASTResults astResults) {
         }
 
         public ScanResults build() {
-            return new ScanResults(osa, projectId, DeepLink,  ReportCreationTime, ScanTime, team, project, link, files, loc, scanType,version, xIssues,unFilteredIssues ,additionalDetails, scanSummary, scaResults, astResults);
+            return new ScanResults(osa, projectId, DeepLink,  ReportCreationTime, ScanTime, team, project, link, files, loc, scanType,version, xIssues,unFilteredIssues ,additionalDetails, scanSummary,projectScanSummary, scaResults, astResults);
         }
 
         public String getVersion() {

src/main/java/com/checkmarx/sdk/service/CxAuthService.java

@@ -225,7 +225,13 @@ public HttpHeaders createAuthHeaders() {
         //
         /// If shards are enabled then fetch the token from the shard; otherwise, use the local one
         //
-        String authToken = token;
+        String authToken ;
+
+        if(cxProperties.getEnableTokenLogin()){
+        token= cxProperties.getToken();
+        }
+
+        authToken = token;
         if(cxProperties.getEnableShardManager()) {
             ShardSession shard = sessionTracker.getShardSession();
             authToken = shard.getAccessToken();
@@ -234,7 +240,11 @@ public HttpHeaders createAuthHeaders() {
         /// Get a new access token if missing or has expired.
         //
         if (authToken == null || isTokenExpired()) {
-            getAuthToken();
+            if(cxProperties.getEnableTokenLogin()){
+                token= cxProperties.getToken();
+            }else{
+                getAuthToken();
+            }
             authToken = token;
         }
         //

src/main/java/com/checkmarx/sdk/service/CxService.java

@@ -409,6 +409,29 @@ public Integer getScanStatus(Integer scanId) {
         return UNKNOWN_INT;
     }
 
+    public String getScanStatusName(Integer scanId) {
+        HttpEntity httpEntity = new HttpEntity<>(authClient.createAuthHeaders());
+        log.debug("Retrieving xml status of xml Id {}", scanId);
+        try {
+            ResponseEntity<String> projects = restTemplate.exchange(cxProperties.getUrl().concat(SCAN_STATUS), HttpMethod.GET, httpEntity, String.class, scanId);
+            JSONObject obj = new JSONObject(projects.getBody());
+            JSONObject status = obj.getJSONObject("status");
+            log.debug("status id {}, status name {}", status.getInt("id"), status.getString("name"));
+            return status.getString("name");
+        } catch (HttpStatusCodeException e) {
+            log.error("HTTP Status Code of {} while getting xml status for xml Id {}", e.getStatusCode(), scanId);
+            log.error(ExceptionUtils.getStackTrace(e));
+        } catch (JSONException e) {
+            log.error("Error processing JSON Response");
+            log.error(ExceptionUtils.getStackTrace(e));
+        }
+        catch (Exception e) {
+            log.error("Error occurred while getting scan status");
+            log.error(ExceptionUtils.getStackTrace(e));
+        }
+        return "NA";
+    }
+
     /**
      * Generate a scan report request (xml) based on ScanId
      */
@@ -639,12 +662,17 @@ public ScanResults getReportContent(Integer reportId, FilterConfiguration filter
             cxScanBuilder.setVersion(cxResults.getCheckmarxVersion());
             cxScanBuilder.additionalDetails(getAdditionalScanDetails(cxResults));
             CxScanSummary scanSummary = null;
+            CxScanSummary projectSummary = null;
             if (cxProperties.getRestrictResultsToBranch() != null && cxProperties.getRestrictResultsToBranch()) {
+                if(cxProperties.getProjectSummary()!=null && cxProperties.getProjectSummary()){
+                    projectSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId()));
+                }
                 scanSummary = new CxScanSummary(summary);
             } else {
                 scanSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId()));
             }
             cxScanBuilder.scanSummary(scanSummary);
+            cxScanBuilder.projectScanSummary(projectSummary);
             ScanResults results = cxScanBuilder.build();
             //Add the summary map (severity, count)
             results.getAdditionalDetails().put(Constants.SUMMARY_KEY, summary);
@@ -837,12 +865,17 @@ public ScanResults getReportContent(File file, FilterConfiguration filter) throw
             ScanResults results = cxScanBuilder.build();
             if (!cxProperties.getOffline() && !ScanUtils.empty(cxResults.getScanId())) {
                 CxScanSummary scanSummary = null;
+                CxScanSummary projectSummary = null;
                 if (cxProperties.getRestrictResultsToBranch() != null && cxProperties.getRestrictResultsToBranch()) {
+                    if(cxProperties.getProjectSummary()!=null && cxProperties.getProjectSummary()){
+                        projectSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId()));
+                    }
                     scanSummary = new CxScanSummary(summary);
                 } else {
                     scanSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId()));
                 }
                 results.setScanSummary(scanSummary);
+                results.setProjectScanSummary(projectSummary);
             }
             results.getAdditionalDetails().put(Constants.SUMMARY_KEY, summary);
             return results;
@@ -1028,7 +1061,7 @@ private ScanResults.XIssue buildIssue(ScanResults.XIssue.XIssueBuilder xIssueBui
         xIssueBuilder.severity(result.getSeverity());
         xIssueBuilder.vulnerability(result.getName());
         xIssueBuilder.file(resultType.getFileName());
-        xIssueBuilder.severity(resultType.getSeverity());
+        xIssueBuilder.severity(cxProperties.getSeverityFullName(resultType.getSeverityIndex()));
         xIssueBuilder.link(resultType.getDeepLink());
         xIssueBuilder.vulnerabilityStatus(cxProperties.getStateFullName(resultType.getState()));
         xIssueBuilder.queryId(result.getId());
@@ -1171,6 +1204,7 @@ private Map<String, String> getNodeData(List<PathNodeType> nodes, int nodeIndex)
     private void prepareIssuesRemoveDuplicates(List<ScanResults.XIssue> cxIssueList, ResultType resultType, Map<Integer, ScanResults.IssueDetails> details,
                                                boolean falsePositive, ScanResults.XIssue issue, Map<String, Integer> summary) {
         try {
+            String severityName = cxProperties.getSeverityFullName(resultType.getSeverityIndex());
             if (!cxProperties.getDisableClubbing() && cxIssueList.contains(issue)) {
                 /*Get existing issue of same vuln+filename*/
                 ScanResults.XIssue existingIssue = cxIssueList.get(cxIssueList.indexOf(issue));
@@ -1179,12 +1213,12 @@ private void prepareIssuesRemoveDuplicates(List<ScanResults.XIssue> cxIssueList,
                     if (falsePositive) {
                         existingIssue.setFalsePositiveCount((existingIssue.getFalsePositiveCount() + 1));
                     } else {
-                        if (!summary.containsKey(resultType.getSeverity())) {
-                            summary.put(resultType.getSeverity(), 0);
+                        if (!summary.containsKey(severityName)) {
+                            summary.put(severityName, 0);
                         }
-                        int severityCount = summary.get(resultType.getSeverity());
+                        int severityCount = summary.get(severityName);
                         severityCount++;
-                        summary.put(resultType.getSeverity(), severityCount);
+                        summary.put(severityName, severityCount);
                     }
                     existingIssue.getDetails().putAll(details);
                 } else { //reference exists, ensure fp flag is maintained
@@ -1194,9 +1228,9 @@ private void prepareIssuesRemoveDuplicates(List<ScanResults.XIssue> cxIssueList,
                         existingDetails.setFalsePositive(true);
                         existingIssue.setFalsePositiveCount((existingIssue.getFalsePositiveCount() + 1));
                         //bump down the count for the severity
-                        int severityCount = summary.get(resultType.getSeverity());
+                        int severityCount = summary.get(severityName);
                         severityCount--;
-                        summary.put(resultType.getSeverity(), severityCount);
+                        summary.put(severityName, severityCount);
                     }
                 }
                 //adding description if existing ref found
@@ -1227,12 +1261,12 @@ private void prepareIssuesRemoveDuplicates(List<ScanResults.XIssue> cxIssueList,
                 if (falsePositive) {
                     issue.setFalsePositiveCount((issue.getFalsePositiveCount() + 1));
                 } else {
-                    if (!summary.containsKey(resultType.getSeverity())) {
-                        summary.put(resultType.getSeverity(), 0);
+                    if (!summary.containsKey(severityName)) {
+                        summary.put(severityName, 0);
                     }
-                    int severityCount = summary.get(resultType.getSeverity());
+                    int severityCount = summary.get(severityName);
                     severityCount++;
-                    summary.put(resultType.getSeverity(), severityCount);
+                    summary.put(severityName, severityCount);
                 }
                 cxIssueList.add(issue);
             }
@@ -2298,7 +2332,11 @@ public Integer createScan(CxScanParams params, String comment) throws CheckmarxE
 
                             derivedProjectName = params.getProjectName().replace(params.getModifiedProjectName(),defaultBranch);
                         }else{
-                            derivedProjectName = params.getProjectName() + "-" + defaultBranch;
+                            if(cxProperties.getIsDefaultBranchEmpty() && (defaultBranch==null || defaultBranch.isEmpty())){
+                                derivedProjectName = params.getProjectName();
+                            }else{
+                                derivedProjectName = params.getProjectName() + "-" + defaultBranch;
+                            }
                         }
                     }
 
@@ -2307,7 +2345,13 @@ public Integer createScan(CxScanParams params, String comment) throws CheckmarxE
                     if(baseProjectId.equals(UNKNOWN_INT)){
                         baseProjectId = createProject(teamId, derivedProjectName);
                     }
-                    projectId = branchProject(baseProjectId, params.getProjectName());
+
+                    if(cxProperties.getIsDefaultBranchEmpty() && (defaultBranch==null || defaultBranch.isEmpty()) && (currentBranch!=null || !currentBranch.isEmpty())){
+                        projectId = branchProject(baseProjectId, params.getProjectName()+"-"+currentBranch);
+                    }else{
+                        projectId = branchProject(baseProjectId, params.getProjectName());
+                    }
+
                 } else {
                     projectId = createProject(teamId, params.getProjectName());
                 }

src/main/java/com/checkmarx/sdk/service/FilterInputFactory.java

@@ -37,12 +37,13 @@ public class FilterInputFactory {
 
     public FilterInput createFilterInputForCxSast(QueryType findingGroup, ResultType finding) {
         String stateName = cxProperties.getStateFullName(finding.getState());
+        String severityName = cxProperties.getSeverityFullName(finding.getSeverityIndex());
 
         return FilterInput.builder()
                 .id(finding.getNodeId())
                 .category(findingGroup.getName().toUpperCase(Locale.ROOT))
                 .cwe(findingGroup.getCweId())
-                .severity(finding.getSeverity().toUpperCase(Locale.ROOT))
+                .severity(severityName)
                 .status(finding.getStatus().toUpperCase(Locale.ROOT))
                 .state(stateName)
                 .build();