Integration boa&config as code (#102)

* we are implementing Override and Origin via Config as Code we are implementing Override and Origin via Config as Code We have added one flag in cx.config file which will decide whether we need to override the parameter mention in cx.config file If the project is new irrespective of flag it will override the parameter in cx.config file * bugid: BOA changes merge CR_by: n/a * Upgraded springshell version * Updated Common client version * upgraded version * Fixed vulnerable dependencies Co-authored-by: Sumit Nigade <[email protected]> Co-authored-by: ilandn <[email protected]>
checkmarx-ltd · Jun 8, 2022 · 488f99e · 488f99e
1 parent 5fe36fa
commit 488f99e
Show file tree

Hide file tree

Showing 11 changed files with 449 additions and 301 deletions.
diff --git a/config/cx_console.properties b/config/cx_console.properties
@@ -19,7 +19,7 @@ scan.osa.exclude.files=
 
 #List of files which will be extracted in order to get files for OSA analysis (wildcards are supported)
 #Supported archive files are: "jar", "war", "ear", "sca", "gem", "whl", "egg", "tar", "tar.gz", "tgz", "zip", "rar"
-scan.osa.extractable.include.files=*.zip, *.war, *.ear, *.tgz
+scan.osa.extractable.include.files=**/*.jar,**/*.war,**/*.ear,**/*.sca,**/*.gem,**/*.whl,**/*.egg,**/*.tar,**/*.tar.gz,**/*.tgz,**/*.zip,**/*.rar
 
 #Value of the unzip depth for extracting files for OSA analysis
 scan.osa.extractable.depth=4

diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.cx.plugin</groupId>
     <artifactId>CxConsolePlugin</artifactId>
-    <version>1.1.12</version>
+    <version>1.1.13</version>
     <packaging>jar</packaging>
 
     <repositories>
@@ -132,110 +132,120 @@
         <dependency>
             <groupId>com.checkmarx</groupId>
             <artifactId>cx-client-common</artifactId>
-            <version>2022.1.10</version>
+            <version>2022.2.12</version>
             <!-- Remove these excludes once latest FSA is used -->
-           <exclusions>
-		   <exclusion>
-	     		<groupId>org.freemarker</groupId>
-				<artifactId>freemarker</artifactId>
-           	</exclusion>
-			<exclusion>
-	     		<groupId>com.github.junrar</groupId>
-				<artifactId>junrar</artifactId>
-           	</exclusion>
-	     	<exclusion>
-	     		<groupId>org.mozilla</groupId>
-           		<artifactId>rhino</artifactId>
-           	</exclusion>
-           	<exclusion>
-           		<groupId>io.vertx</groupId>
-           		<artifactId>vertx-web</artifactId>
-           	</exclusion>
-            <exclusion>
-                <groupId>ch.qos.logback</groupId>
-                <artifactId>logback-classic</artifactId>
-            </exclusion>
-			<exclusion>
-                   <groupId>io.netty</groupId>
-					<artifactId>netty-codec-http</artifactId>
-               </exclusion>
-               <exclusion>
-           			<groupId>io.netty</groupId>
-           			<artifactId>netty-codec</artifactId>
-           		</exclusion>
-			   <exclusion>
-                   <groupId>com.fasterxml.jackson.core</groupId>
-					<artifactId>jackson-databind</artifactId>
-               </exclusion>
-			   <exclusion>
-                   <groupId>org.springframework</groupId>
-					<artifactId>spring-core</artifactId>
-               </exclusion>
-
-	      </exclusions>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.freemarker</groupId>
+                    <artifactId>freemarker</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.github.junrar</groupId>
+                    <artifactId>junrar</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.mozilla</groupId>
+                    <artifactId>rhino</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.vertx</groupId>
+                    <artifactId>vertx-web</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-codec-http</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-codec</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.lingala.zip4j</groupId>
+    				<artifactId>zip4j</artifactId>
+                </exclusion>
+
+            </exclusions>
         </dependency>
         <!-- excluded dependencies from cx-client-common -->
-		<dependency>
-			<groupId>com.github.junrar</groupId>
-			<artifactId>junrar</artifactId>
-			<version>7.4.1</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.slf4j</groupId>
-					<artifactId>slf4j-api</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.freemarker</groupId>
-			<artifactId>freemarker</artifactId>
-			<version>2.3.31</version>
-		</dependency>
-		<dependency>
-			<groupId>io.netty</groupId>
-			<artifactId>netty-codec-http</artifactId>
-			<version>4.1.75.Final</version>
-		</dependency>
-		<dependency>
-			<groupId>com.fasterxml.jackson.core</groupId>
-			<artifactId>jackson-databind</artifactId>
-			<version>2.13.2.1</version>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-core</artifactId>
-			<version>5.3.18</version>
-		</dependency>
         <dependency>
-        	<groupId>org.mozilla</groupId>
-           	<artifactId>rhino</artifactId>
-           	<version>1.7.12</version>
+            <groupId>com.github.junrar</groupId>
+            <artifactId>junrar</artifactId>
+            <version>7.4.1</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
-        		<groupId>io.vertx</groupId>
-           		<artifactId>vertx-web</artifactId>
-           		<version>4.0.2</version>
-           		<exclusions>
-           	 <exclusion>
-           		<groupId>io.netty</groupId>
-           		<artifactId>netty-codec-http</artifactId>
-           	</exclusion>
-           	<exclusion>
-           		<groupId>io.netty</groupId>
-           		<artifactId>netty-codec</artifactId>
-           	</exclusion>
-           	 <exclusion>
-           		<groupId>io.netty</groupId>
-           		<artifactId>netty-codec-http2</artifactId>
-           	</exclusion>
-           	</exclusions>	
+            <groupId>org.freemarker</groupId>
+            <artifactId>freemarker</artifactId>
+            <version>2.3.31</version>
         </dependency>
-         <dependency>
+        <dependency>
             <groupId>io.netty</groupId>
-           		<artifactId>netty-codec</artifactId>
-            <version>4.1.75.Final</version>
+            <artifactId>netty-codec-http</artifactId>
+            <version>4.1.77.Final</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.13.2.1</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-core</artifactId>
+            <version>5.3.20</version>
+        </dependency>
+        <dependency>
+            <groupId>org.mozilla</groupId>
+            <artifactId>rhino</artifactId>
+            <version>1.7.12</version>
         </dependency>
-         <!-- end of excluded dependencies -->
+        <dependency>
+            <groupId>io.vertx</groupId>
+            <artifactId>vertx-web</artifactId>
+            <version>4.0.2</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-codec-http</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-codec</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-codec-http2</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-codec</artifactId>
+            <version>4.1.77.Final</version>
+        </dependency>
+        <dependency>
+    		<groupId>net.lingala.zip4j</groupId>
+    		<artifactId>zip4j</artifactId>
+    		<version>2.10.0</version>
+		</dependency>
+
+        <!-- end of excluded dependencies -->
         <dependency>
             <groupId>commons-cli</groupId>
             <artifactId>commons-cli</artifactId>
@@ -258,27 +268,31 @@
             <artifactId>cx-config-provider</artifactId>
             <version>1.0.13</version>
             <exclusions>
-            <exclusion>
-	      		 <groupId>commons-io</groupId>
-            	 <artifactId>commons-io</artifactId>
-	     	</exclusion>
-	     	<exclusion>
-	      		<groupId>com.fasterxml.jackson.core</groupId>
-            	<artifactId>jackson-databind</artifactId>
-	     	</exclusion>
-	        <exclusion>
-	      		<groupId>org.apache.logging.log4j</groupId>
-            	<artifactId>log4j-core</artifactId>
-	     	</exclusion>
-	        <exclusion>
-	      		<groupId>org.apache.logging.log4j</groupId>
-            	<artifactId>log4j-api</artifactId>
-	     	</exclusion>
-	        <exclusion>
-	      		<groupId>org.apache.logging.log4j</groupId>
-            	<artifactId>log4j-slf4j-impl</artifactId>
-	     	</exclusion>	     		     	
-	     	</exclusions>
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-slf4j-impl</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>commons-io</groupId>
@@ -289,36 +303,36 @@
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
             <version>4.5.13</version>
-             <exclusions>
-            <exclusion>
-	      		 <groupId>commons-codec</groupId>
-            	 <artifactId>commons-codec</artifactId>
-	     	</exclusion>
-	     	</exclusions>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-codec</groupId>
+                    <artifactId>commons-codec</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
-		<dependency>
+        <dependency>
             <groupId>commons-codec</groupId>
             <artifactId>commons-codec</artifactId>
             <version>1.15</version>
         </dependency>
-			<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-to-slf4j -->
-			<dependency>
-			    <groupId>org.apache.logging.log4j</groupId>
-			    <artifactId>log4j-slf4j-impl</artifactId>
-			    <version>2.17.1</version>
-			</dependency>
-			<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core -->
-			<dependency>
-			    <groupId>org.apache.logging.log4j</groupId>
-			    <artifactId>log4j-core</artifactId>
-			    <version>2.17.1</version>
-			</dependency>
-			<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api -->
-			<dependency>
-			    <groupId>org.apache.logging.log4j</groupId>
-			    <artifactId>log4j-api</artifactId>
-			    <version>2.17.1</version>
-			</dependency>        
+        <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-to-slf4j -->
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-slf4j-impl</artifactId>
+            <version>2.17.1</version>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core -->
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.17.1</version>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api -->
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-api</artifactId>
+            <version>2.17.1</version>
+        </dependency>
     </dependencies>
 
 </project>