Vulnerability fix and Force scan when both incremental and force scan…

… configured. (#119)

* Security fix plug 974 (#117)

* Fixed high vulnerabilities in CLI plugin

* Corrected to fix NoSuchMethod error for Platform class from guava library in CLI

* Upgraded to fix JAXBException class not found while doing OSA scan. But later its failing for SAST + OSA combination where it fails for SAST scan

* Reverted back changes for uptaking latest released cx-client-common . Because it had FSA agent 23.0.0 version which is causing issues for JAXBException class .
Just fixed vulnerabilities by upgrading the libraries guava, json

* Incremented the version

* Making the scan type full when both incremental and force scan set to true (#118)

* Fix for plug - 1007, if both ( -Incremental and -ForceScan)  parameters are set TRUE, the scan will be full.

* Fixed code review comments for plug-1007

* Incremented the version

* Fixed the medium vulnerability for vertx-web library

* Incremented the plugin version

pom.xml

@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.cx.plugin</groupId>
     <artifactId>CxConsolePlugin</artifactId>
-    <version>1.1.18</version>
+    <version>1.1.21</version>
     <packaging>jar</packaging>
 
     <repositories>
@@ -135,7 +135,22 @@
             <version>2022.4.4</version>
             <!-- Remove these excludes once latest FSA is used -->
             <exclusions>
+				<exclusion>
+				    <groupId>com.google.guava</groupId>
+				    <artifactId>guava</artifactId>
+				</exclusion>
+				<exclusion>
+                    <groupId>com.google.collections</groupId>
+                    <artifactId>google-collections</artifactId>
+                </exclusion>
+
                 <exclusion>
+				    <groupId>org.json</groupId>
+    				<artifactId>json</artifactId>
+				</exclusion>
+
+                <exclusion>
+
                     <groupId>org.freemarker</groupId>
                     <artifactId>freemarker</artifactId>
                 </exclusion>
@@ -190,6 +205,18 @@
             </exclusions>
         </dependency>
         <!-- excluded dependencies from cx-client-common -->
+        <dependency>
+				<groupId>org.json</groupId>
+				<artifactId>json</artifactId>
+				<version>20220924</version>
+			</dependency>
+			<dependency>
+			    <groupId>com.google.guava</groupId>
+			    <artifactId>guava</artifactId>
+			    <version>31.1-jre</version>
+			</dependency>
+
+
         <dependency>
             <groupId>com.github.junrar</groupId>
             <artifactId>junrar</artifactId>
@@ -229,7 +256,7 @@
         <dependency>
             <groupId>io.vertx</groupId>
             <artifactId>vertx-web</artifactId>
-            <version>4.0.2</version>
+            <version>4.3.8</version>
             <exclusions>
                 <exclusion>
                     <groupId>io.netty</groupId>
@@ -297,6 +324,7 @@
                     <groupId>commons-io</groupId>
                     <artifactId>commons-io</artifactId>
                 </exclusion>
+
                 <exclusion>
                     <groupId>com.fasterxml.jackson.core</groupId>
                     <artifactId>jackson-databind</artifactId>

src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java

@@ -192,9 +192,12 @@ public CxScanConfig resolveConfiguration(Command command, CommandLine cmd) throw
 		}
 
         if (cmd.hasOption(IS_INCREMENTAL)) {
-        	scanConfig.setIncremental(cmd.hasOption(IS_INCREMENTAL));
+        	scanConfig.setIncremental(!cmd.hasOption(IS_FORCE_SCAN));
+        }
+        boolean isFullScan = (cmd.hasOption(IS_INCREMENTAL)) && (cmd.hasOption(IS_FORCE_SCAN));
+        if(isFullScan) {
+        	log.info("Both incremental scan and Force scan options are provided. Full scan will be performed.");
         }
-
 		if (cmd.hasOption(PERIODIC_FULL_SCAN)) {
 			if (!cmd.hasOption(IS_INCREMENTAL)) {
 				getRequiredParam(cmd, IS_INCREMENTAL, null);