CLI Plugin Release Version 1.1.30 (#132)

* print plugin version in configurations log (#130) Co-authored-by: Swati Awate <[email protected]> * Vulnerability fixes * Policy Violations * upgrading jgit and guava * Removed unwanted code changes regarding policy voilation * Resoled issues: 1) SCA policies are not seen getting violated when we do scan to check for policy violations. 2) not able to see any "policy status : compliant" info/warning in logs. * policy violation * policy violation for SAST and SCA * policy violation for SAST Scan * Upgrading cx-client-common version * incremented plugin version * Incremented plugin version. Fixed issue regarding 9.5 sast error with wrong credentials --------- Co-authored-by: PravinGadankush <[email protected]> Co-authored-by: Swati Awate <[email protected]> Co-authored-by: PravinGadankush <[email protected]>
checkmarx-ltd · Jan 22, 2024 · 26b32df · 26b32df
1 parent e50e6c4
commit 26b32df
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 174 deletions.
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.cx.plugin</groupId>
     <artifactId>CxConsolePlugin</artifactId>
-    <version>1.1.27</version>
+    <version>1.1.30</version>
     <packaging>jar</packaging>
 
     <repositories>
@@ -134,7 +134,7 @@
         <dependency>
             <groupId>com.checkmarx</groupId>
             <artifactId>cx-client-common</artifactId>
-            <version>2023.4.1</version>
+            <version>2024.1.1</version>
             <!-- Remove these excludes once latest FSA is used -->
             <exclusions>
 				<exclusion>
@@ -144,115 +144,23 @@
 				<exclusion>
                     <groupId>com.google.collections</groupId>
                     <artifactId>google-collections</artifactId>
-                </exclusion>
-
-                <exclusion>
-				    <groupId>org.json</groupId>
-    				<artifactId>json</artifactId>
-				</exclusion>
-
-                <exclusion>
-
-                    <groupId>org.freemarker</groupId>
-                    <artifactId>freemarker</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>com.github.junrar</groupId>
-                    <artifactId>junrar</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.mozilla</groupId>
-                    <artifactId>rhino</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>io.vertx</groupId>
-                    <artifactId>vertx-web</artifactId>
-                </exclusion>
+                </exclusion>                
                 <exclusion>
                     <groupId>ch.qos.logback</groupId>
                     <artifactId>logback-classic</artifactId>
                 </exclusion>
-                <exclusion>
-                    <groupId>io.netty</groupId>
-                    <artifactId>netty-codec-http</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>io.netty</groupId>
-                    <artifactId>netty-codec</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>com.fasterxml.jackson.core</groupId>
-                    <artifactId>jackson-databind</artifactId>
-                </exclusion>
                 <exclusion>
                     <groupId>org.springframework</groupId>
                     <artifactId>spring-core</artifactId>
-                </exclusion>                
-				<exclusion>
-                    <groupId>org.yaml</groupId>
-                    <artifactId>snakeyaml</artifactId>
-                </exclusion>
-				<exclusion>
-                    <groupId>org.jsoup</groupId>
-                    <artifactId>jsoup</artifactId>
-                </exclusion>
-				<exclusion>
-                    <groupId>com.google.code.gson</groupId>
-                    <artifactId>gson</artifactId>
-                </exclusion>				 
-				<exclusion>
-                    <groupId>org.tmatesoft.sqljet</groupId>
-                    <artifactId>sqljet</artifactId>
-                </exclusion>
-                <exclusion>
-                	<groupId>org.codehaus.plexus</groupId>
-            		<artifactId>plexus-archiver</artifactId>
-                </exclusion>
-                <exclusion>
-                	<groupId>org.bouncycastle</groupId>
-            		<artifactId>bcprov-jdk15on</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
         <!-- excluded dependencies from cx-client-common -->
-        <dependency>
-				<groupId>org.json</groupId>
-				<artifactId>json</artifactId>
-				<version>20231013</version>
-			</dependency>
 			<dependency>
 			    <groupId>com.google.guava</groupId>
 			    <artifactId>guava</artifactId>
-			    <version>32.0.0-android</version>
+			    <version>32.0.1-android</version>
 			</dependency>
-
-
-        <dependency>
-            <groupId>com.github.junrar</groupId>
-            <artifactId>junrar</artifactId>
-            <version>7.4.1</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.slf4j</groupId>
-                    <artifactId>slf4j-api</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.freemarker</groupId>
-            <artifactId>freemarker</artifactId>
-            <version>2.3.31</version>
-        </dependency>
-        <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty-codec-http</artifactId>
-            <version>4.1.100.Final</version>
-        </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-databind</artifactId>
-            <version>2.15.0-rc1</version>
-        </dependency>
          <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-core</artifactId>
@@ -268,71 +176,6 @@
             <artifactId>spring-core</artifactId>
             <version>5.3.20</version>
         </dependency>
-        <dependency>
-            <groupId>org.mozilla</groupId>
-            <artifactId>rhino</artifactId>
-            <version>1.7.12</version>
-        </dependency>
-        <dependency>
-            <groupId>io.vertx</groupId>
-            <artifactId>vertx-web</artifactId>
-            <version>4.3.8</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>io.netty</groupId>
-                    <artifactId>netty-codec-http</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>io.netty</groupId>
-                    <artifactId>netty-codec</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>io.netty</groupId>
-                    <artifactId>netty-codec-http2</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty-codec</artifactId>
-            <version>4.1.86.Final</version>
-        </dependency>     
-
-        <dependency>
-    		<groupId>org.jsoup</groupId>
-    		<artifactId>jsoup</artifactId>
-    		<version>1.15.3</version>
-		</dependency>
-		<dependency>
-    		<groupId>com.google.code.gson</groupId>
-    		<artifactId>gson</artifactId>
-    		<version>2.10</version>
-		</dependency>		
-		<dependency>
-    		<groupId>org.tmatesoft.sqljet</groupId>
-    		<artifactId>sqljet</artifactId>
-    		<version>1.1.15</version>
-		</dependency>
-		<dependency>
-        	<groupId>org.codehaus.plexus</groupId>
-            <artifactId>plexus-archiver</artifactId>
-            <version>4.8.0</version>
-            <exclusions>
-                <exclusion>
-                    <artifactId>commons-compress</artifactId>
-                    <groupId>org.apache.commons</groupId>
-                </exclusion>
-                <exclusion>
-                    <artifactId>plexus-utils</artifactId>
-                    <groupId>org.codehaus.plexus</groupId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.70</version>
-        </dependency>
         <!-- end of excluded dependencies -->
         <dependency>
             <groupId>commons-cli</groupId>
@@ -359,8 +202,7 @@
                 <exclusion>
                     <groupId>commons-io</groupId>
                     <artifactId>commons-io</artifactId>
-                </exclusion>
-
+                </exclusion>                
                 <exclusion>
                     <groupId>com.fasterxml.jackson.core</groupId>
                     <artifactId>jackson-databind</artifactId>
@@ -382,9 +224,9 @@
                     <artifactId>log4j-slf4j-impl</artifactId>
                 </exclusion>
                 <exclusion>
-            		<groupId>org.eclipse.jgit</groupId>
-            		<artifactId>org.eclipse.jgit</artifactId>
-            	</exclusion>	
+					<groupId>org.eclipse.jgit</groupId>
+    				<artifactId>org.eclipse.jgit</artifactId>
+				</exclusion>	
             </exclusions>
         </dependency>
         <dependency>
@@ -414,11 +256,6 @@
             <artifactId>log4j-slf4j-impl</artifactId>
             <version>2.17.1</version>
         </dependency>
-        <dependency>
-            <groupId>org.eclipse.jgit</groupId>
-            <artifactId>org.eclipse.jgit</artifactId>
-            <version>6.6.1.202309021850-r</version>
-        </dependency>
         <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core -->
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
@@ -431,6 +268,11 @@
             <artifactId>log4j-api</artifactId>
             <version>2.17.1</version>
         </dependency>
+        <dependency>
+    		<groupId>org.eclipse.jgit</groupId>
+    		<artifactId>org.eclipse.jgit</artifactId>
+    		<version>5.13.3.202401111512-r</version>
+		</dependency>
     </dependencies>
 
 </project>
diff --git a/src/main/java/com/cx/plugin/cli/CxConsoleLauncher.java b/src/main/java/com/cx/plugin/cli/CxConsoleLauncher.java
@@ -186,6 +186,10 @@ private static int execute(Command command, CommandLine commandLine)
             results.add(scanResults);
 
             getScanResultExceptionIfExists(results);
+
+            if (((cxScanConfig.isSastEnabled()||cxScanConfig.isOsaEnabled()) && cxScanConfig.getEnablePolicyViolations()) || (cxScanConfig.isAstScaEnabled() && cxScanConfig.getEnablePolicyViolationsSCA())) {
+            	clientDelegator.printIsProjectViolated(scanResults);
+            }
 
             ScanSummary scanSummary = new ScanSummary(
                     cxScanConfig,

diff --git a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java
@@ -32,6 +32,7 @@
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.SystemUtils;
+import org.apache.maven.model.io.xpp3.MavenXpp3Reader;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.eclipse.jgit.transport.URIish;
@@ -41,6 +42,7 @@
 import javax.naming.ConfigurationException;
 import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
 import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
@@ -153,7 +155,13 @@ public CxScanConfig resolveConfiguration(Command command, CommandLine cmd) throw
         scanConfig.setDisableCertificateValidation(cmd.hasOption(TRUSTED_CERTIFICATES));
 
         scanConfig.setPublic(!cmd.hasOption(IS_PRIVATE));
-        scanConfig.setEnablePolicyViolations(cmd.hasOption(IS_CHECKED_POLICY));
+		if (cmd.hasOption(SCA_ENABLED) || command.equals(Command.SCA_SCAN)) {
+			scanConfig.setEnablePolicyViolationsSCA(cmd.hasOption(IS_CHECKED_POLICY));
+		}
+		if (scanConfig.isSastEnabled() || command.equals(Command.OSA_SCAN) || cmd.hasOption(OSA_ENABLED)) {
+			scanConfig.setEnablePolicyViolations(cmd.hasOption(IS_CHECKED_POLICY));
+		}
+
         if (!commandLine.hasOption(CONFIG_AS_CODE)) {
             if ((command.equals(Command.SCA_SCAN)) || (command.equals(Command.ASYNC_SCA_SCAN))) {
                 scanConfig.setProjectName(extractProjectName(cmd.getOptionValue(FULL_PROJECT_PATH), true));
@@ -1020,11 +1028,29 @@ private static String extractTeamPath(String fullPath, boolean isScaScan) throws
             return fullPath.substring(0, lastIdx);
 
     }
-
-    public static void printConfig(CommandLine commandLine) {
+
+    public static String getPluginVersion() {
+    	   String version = "";
+    	   try {
+    	       InputStream is = CxConfigHelper.class.getClassLoader().getResourceAsStream("META-INF/maven/com.cx.plugin/CxConsolePlugin/pom.xml");
+    	       if (is != null) {
+    	           MavenXpp3Reader reader = new MavenXpp3Reader();
+    	           org.apache.maven.model.Model model = reader.read(is);
+    	           version = model.getVersion();
+    	       }
+    	   } catch (Exception e) {
+    	   }
+    	   return version;
+    	}
+
+
+	public static void printConfig(CommandLine commandLine) {
         log.info("-----------------------------------------------------------------------------------------");
         log.info("CxConsole Configuration: ");
         log.info("--------------------");
+
+        String pluginVersion = getPluginVersion();
+		log.info("plugin version: {}", pluginVersion);
         for (Option param : commandLine.getOptions()) {
             String name = param.getLongOpt() != null ? param.getLongOpt() : param.getOpt();
             String value;