Merge pull request #140 from checkmarx-ltd/CLI2024Q3_Integration_Branch

CLI 2024Q3 release related code changes

pom.xml

@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.cx.plugin</groupId>
     <artifactId>CxConsolePlugin</artifactId>
-    <version>1.1.30</version>
+    <version>1.1.31</version>
     <packaging>jar</packaging>
 
     <repositories>
@@ -23,9 +23,7 @@
             <id>snapshots</id>
             <name>libs-snapshot</name>
             <url>~/.m2</url>
-        </repository>
-
-
+        </repository>       
     </repositories>
 
     <properties>
@@ -134,7 +132,7 @@
         <dependency>
             <groupId>com.checkmarx</groupId>
             <artifactId>cx-client-common</artifactId>
-            <version>2024.1.1</version>
+            <version>2024.3.26</version>
             <!-- Remove these excludes once latest FSA is used -->
             <exclusions>
 				<exclusion>
@@ -153,6 +151,22 @@
                     <groupId>org.springframework</groupId>
                     <artifactId>spring-core</artifactId>
                 </exclusion>
+                <exclusion>
+					<groupId>io.vertx</groupId>
+					<artifactId>vertx-core</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.bouncycastle</groupId>
+					<artifactId>bcprov-jdk18on</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.commons</groupId>
+					<artifactId>commons-compress</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>io.netty</groupId>
+					<artifactId>netty-codec-http</artifactId>
+				</exclusion>
             </exclusions>
         </dependency>
         <!-- excluded dependencies from cx-client-common -->
@@ -176,6 +190,26 @@
             <artifactId>spring-core</artifactId>
             <version>5.3.20</version>
         </dependency>
+        <dependency>
+			<groupId>io.vertx</groupId>
+			<artifactId>vertx-core</artifactId>
+			<version>4.5.3</version>
+		</dependency>
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcprov-jdk18on</artifactId>
+			<version>1.78</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-compress</artifactId>
+			<version>1.26.0</version>
+		</dependency>
+		<dependency>
+			<groupId>io.netty</groupId>
+			<artifactId>netty-codec-http</artifactId>
+			<version>4.1.108.Final</version>
+		</dependency>
         <!-- end of excluded dependencies -->
         <dependency>
             <groupId>commons-cli</groupId>

src/main/java/com/cx/plugin/cli/configascode/SastConfig.java

@@ -21,6 +21,8 @@ public class SastConfig {
     private int medium;
     @Optional
     private int high;
+    @Optional
+    private int critical;
     @Optional
 	private boolean avoidDuplicateProjectScans;  
     @Optional
@@ -29,7 +31,9 @@ public class SastConfig {
     private boolean enableSastBranching;
     @Optional
     private String masterBranchProjName;
-
+    @Optional
+    private int branchTimeout;
+
     public SastConfig() {
     }
 
@@ -96,6 +100,14 @@ public int getHigh() {
     public void setHigh(int high) {
         this.high = high;
     }
+
+    public int getCritical() {
+        return critical;
+    }
+
+    public void setCritical(int critical) {
+        this.critical = critical;
+    }
 
     public boolean isPrivateScan() {
         return privateScan;
@@ -137,5 +149,12 @@ public void setMasterBranchProjName(String masterBranchProjName) {
 		this.masterBranchProjName = masterBranchProjName;
 	}
 
+	public void setBranchTimeout(int branchTimeout) {
+		this.branchTimeout = branchTimeout;
+	}
+
+	public int getBranchTimeout(){
+		return branchTimeout;
+	}
 
 }

src/main/java/com/cx/plugin/cli/configascode/ScaConfig.java

@@ -15,6 +15,8 @@ public class ScaConfig {
     private int medium;
     @Optional
     private int high;
+    @Optional
+    private int critical;
 
     public ScaConfig() {
     }
@@ -66,4 +68,12 @@ public int getHigh() {
     public void setHigh(int high) {
         this.high = high;
     }
+
+    public int getCritical() {
+        return critical;
+    }
+
+    public void setCritical(int critical) {
+        this.critical = critical;
+    }
 }

src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java

@@ -97,11 +97,13 @@ private ArgDescriptions() {
     static final String GENERATE_SCA_REPORT = "Set Generate Sca Report. Optional.";
     static final String SCA_REPORT_FORMAT = "Set Sca Report Format. Optional.";
 
+    static final String CRITICAL = "critical";
     static final String HIGH = "high";
     static final String MEDIUM = "medium";
     static final String LOW = "low";
 
 
+    static final String SAST_CRITICAL = String.format(THRESHOLD_TEMPLATE, CX_SAST, CRITICAL);
     static final String SAST_HIGH = String.format(THRESHOLD_TEMPLATE, CX_SAST, HIGH);
     static final String SAST_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_SAST, MEDIUM);
     static final String SAST_LOW = String.format(THRESHOLD_TEMPLATE, CX_SAST, LOW);
@@ -124,6 +126,7 @@ private ArgDescriptions() {
     static final String PATH_TO_RESOLVER = "Local path to sca resolver installation directory.";
     static final String SCA_RESOLVER_ADD_PARAMETERS = "Arguments to SCA Resolver tool. Mandatory parameters as documented in SCA Resolver documentation to execute it in offline mode must be provided.";
 
+    static final String SCA_CRITICAL = String.format(THRESHOLD_TEMPLATE, CX_SCA, CRITICAL);
     static final String SCA_HIGH = String.format(THRESHOLD_TEMPLATE, CX_SCA, HIGH);
     static final String SCA_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_SCA, MEDIUM);
     static final String SCA_LOW = String.format(THRESHOLD_TEMPLATE, CX_SCA, LOW);
@@ -160,4 +163,6 @@ private ArgDescriptions() {
     static final String PERIODIC_FULL_SCAN = "Run a full scan after X incremental scans . Scans all files, (-Incremental should be enable). Optional.";    
 
     static final String AVOID_DUPLICATE_PROJECT_SCANS = "Avoid duplicate project scans in queue";
+
+    static final String BRANCH_TIMEOUT = "TimeOut duration for branch project copy.";
 }

src/main/java/com/cx/plugin/cli/constants/Command.java

@@ -134,6 +134,7 @@ public static Options getOptions() {
         options.addOption(Option.builder(PRESET).desc(ArgDescriptions.PRESET).hasArg(true).argName("preset").build());
         options.addOption(Option.builder(SCAN_COMMENT).desc(ArgDescriptions.SCAN_COMMENT).hasArg(true).argName("text").build());
         options.addOption(Option.builder(IS_SSO).desc(ArgDescriptions.IS_SSO).hasArg(false).build());
+        options.addOption(SAST_CRITICAL, true, ArgDescriptions.SAST_CRITICAL);
         options.addOption(SAST_HIGH, true, ArgDescriptions.SAST_HIGH);
         options.addOption(SAST_MEDIUM, true, ArgDescriptions.SAST_MEDIUM);
         options.addOption(SAST_LOW, true, ArgDescriptions.SAST_LOW);
@@ -152,6 +153,7 @@ public static Options getOptions() {
         options.addOption(PATH_TO_RESOLVER, true, ArgDescriptions.PATH_TO_RESOLVER);//path to resolver
         options.addOption(SCA_RESOLVER_ADD_PARAMETERS, true, ArgDescriptions.SCA_RESOLVER_ADD_PARAMETERS);//path to resolver
 
+        options.addOption(SCA_CRITICAL, true, ArgDescriptions.SCA_CRITICAL);
         options.addOption(SCA_HIGH, true, ArgDescriptions.SCA_HIGH);
         options.addOption(SCA_MEDIUM, true, ArgDescriptions.SCA_MEDIUM);
         options.addOption(SCA_LOW, true, ArgDescriptions.SCA_LOW);
@@ -185,6 +187,7 @@ public static Options getOptions() {
 
         options.addOption(PERIODIC_FULL_SCAN, true, ArgDescriptions.PERIODIC_FULL_SCAN);
         options.addOption(AVOID_DUPLICATE_PROJECT_SCANS, false, ArgDescriptions.AVOID_DUPLICATE_PROJECT_SCANS);
+        options.addOption(BRANCH_TIMEOUT, true, ArgDescriptions.BRANCH_TIMEOUT);
 
         return options;
     }

src/main/java/com/cx/plugin/cli/constants/Parameters.java

@@ -73,6 +73,7 @@ private Parameters() {
     public static final String SCAN_COMMENT = "comment";
     public static final String IS_SSO = "usesso";
 
+    public static final String SAST_CRITICAL = "sastcritical";
     public static final String SAST_HIGH = "sasthigh";
     public static final String SAST_MEDIUM = "sastmedium";
     public static final String SAST_LOW = "sastlow";
@@ -93,6 +94,7 @@ private Parameters() {
 	public static final String PATH_TO_RESOLVER = "pathtoresolver";
     public static final String SCA_RESOLVER_ADD_PARAMETERS = "scaresolveraddparameters";
 
+    public static final String SCA_CRITICAL = "scacritical";
     public static final String SCA_HIGH = "scahigh";
     public static final String SCA_MEDIUM = "scamedium";
     public static final String SCA_LOW = "scalow";
@@ -122,4 +124,5 @@ private Parameters() {
 
     public static final String PERIODIC_FULL_SCAN = "periodicfullscan";
     public static final String AVOID_DUPLICATE_PROJECT_SCANS = "avoidduplicateprojectscans";
+    public static final String BRANCH_TIMEOUT = "copybranchtimeoutinseconds";
 }

src/main/java/com/cx/plugin/cli/constants/UsageExamples.java

@@ -6,7 +6,7 @@ private UsageExamples() {
         throw new IllegalStateException("Utility class");
     }
 
-    private static final String SCA_SCAN_TEMPLATE = "runCxConsole.cmd %s -projectname SP\\Cx\\Engine\\AST -scapathexclude .git -scalocationpath \\storage\\dir1\\subdir -scaUsername admin -scaPassword admin -scaAccount account -scahigh 1 -scamedium 2 -scalow 3";
+    private static final String SCA_SCAN_TEMPLATE = "runCxConsole.cmd %s -projectname SP\\Cx\\Engine\\AST -scapathexclude .git -scalocationpath \\storage\\dir1\\subdir -scaUsername admin -scaPassword admin -scaAccount account -scacritical 1 -scahigh 2 -scamedium 3 -scalow 4";
 
     static final String SCAN = "\n\nCxConsole Scan -Projectname SP\\Cx\\Engine\\AST -CxServer http://localhost -cxuser admin@cx -cxpassword admin -locationtype folder -locationpath C:\\cx" +
             " -preset All -incremental -reportpdf a.pdf\nCxConsole Scan -projectname SP\\Cx\\Engine\\AST -cxserver http://localhost -cxuser admin@cx -cxpassword admin -locationtype tfs" +

src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java

@@ -25,6 +25,7 @@ private ErrorMessages() {
     public static final String THRESHOLD_PARAMETER_IN_ASYNC_SCAN = "Asynchronous run does not support threshold. Please remove the threshold parameters and run again";
     public static final String SERVER_CONNECTIVITY_VALIDATION_ERROR = "Failed to validate server connectivity: ";
 
+    public static final String SAST_CRITICAL_THRESHOLD_ERROR_MSG = "SAST critical vulnerability threshold exceeded";
     public static final String SAST_HIGH_THRESHOLD_ERROR_MSG = "SAST high vulnerability threshold exceeded";
     public static final String SAST_MEDIUM_THRESHOLD_ERROR_MSG = "SAST medium vulnerability threshold exceeded";
     public static final String SAST_LOW_THRESHOLD_ERROR_MSG = "SAST low vulnerability threshold exceeded";

src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java

@@ -17,12 +17,13 @@ public enum Errors {
     OSA_RESOLVE_ERROR(6, OSA_RESOLVE_ERROR_MSG),
     OSA_NO_DEPENDENCIES_ERROR(7, OSA_NO_DEPENDENCIES_ERROR_MSG),
 
-    SAST_HIGH_THRESHOLD_ERROR(10, SAST_HIGH_THRESHOLD_ERROR_MSG),
-    SAST_MEDIUM_THRESHOLD_ERROR(11, SAST_MEDIUM_THRESHOLD_ERROR_MSG),
-    SAST_LOW_THRESHOLD_ERROR(12, SAST_LOW_THRESHOLD_ERROR_MSG),
-    OSA_HIGH_THRESHOLD_ERROR(13, OSA_HIGH_THRESHOLD_ERROR_MSG),
-    OSA_MEDIUM_THRESHOLD_ERROR(14, OSA_MEDIUM_THRESHOLD_ERROR_MSG),
-    OSA_LOW_THRESHOLD_ERROR(15, OSA_LOW_THRESHOLD_ERROR_MSG),
+    SAST_CRITICAL_THRESHOLD_ERROR(10, SAST_CRITICAL_THRESHOLD_ERROR_MSG),
+    SAST_HIGH_THRESHOLD_ERROR(11, SAST_HIGH_THRESHOLD_ERROR_MSG),
+    SAST_MEDIUM_THRESHOLD_ERROR(12, SAST_MEDIUM_THRESHOLD_ERROR_MSG),
+    SAST_LOW_THRESHOLD_ERROR(13, SAST_LOW_THRESHOLD_ERROR_MSG),
+    OSA_HIGH_THRESHOLD_ERROR(14, OSA_HIGH_THRESHOLD_ERROR_MSG),
+    OSA_MEDIUM_THRESHOLD_ERROR(15, OSA_MEDIUM_THRESHOLD_ERROR_MSG),
+    OSA_LOW_THRESHOLD_ERROR(16, OSA_LOW_THRESHOLD_ERROR_MSG),
 
     POLICY_VIOLATION_ERROR(18, POLICY_VIOLATED_ERROR_MSG),
     GENERIC_THRESHOLD_FAILURE_ERROR(19, GENERIC_THRESHOLD_FAILURE_ERROR_MSG),