From 1ee59c5ce1beb74b8092a6cf3f50b0efbf11dbb2 Mon Sep 17 00:00:00 2001 From: ilandn Date: Mon, 25 Mar 2024 09:41:21 -0500 Subject: [PATCH 01/18] bugid: 1782, XML reports are generated without 'reportxml' argument CR_by: N/A --- .../cx/plugin/cli/utils/CxConfigHelper.java | 397 +++++++++--------- 1 file changed, 200 insertions(+), 197 deletions(-) diff --git a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java index ea1ff8f..bf0b383 100644 --- a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java @@ -81,7 +81,7 @@ public final class CxConfigHelper { private int fullScanCycle; public static final int FULL_SCAN_CYCLE_MIN = 1; public static final int FULL_SCAN_CYCLE_MAX = 99; - + public CxConfigHelper(String configFilePath) { props = PropertiesManager.getProps(configFilePath); } @@ -101,7 +101,7 @@ public CxScanConfig resolveConfiguration(Command command, CommandLine cmd) throw //pass trust store setSystemProperties(); - + CxScanConfig scanConfig = new CxScanConfig(); if (testConnection(scanConfig)) { @@ -155,12 +155,12 @@ public CxScanConfig resolveConfiguration(Command command, CommandLine cmd) throw scanConfig.setDisableCertificateValidation(cmd.hasOption(TRUSTED_CERTIFICATES)); scanConfig.setPublic(!cmd.hasOption(IS_PRIVATE)); - if (cmd.hasOption(SCA_ENABLED) || command.equals(Command.SCA_SCAN)) { - scanConfig.setEnablePolicyViolationsSCA(cmd.hasOption(IS_CHECKED_POLICY)); - } - if (scanConfig.isSastEnabled() || command.equals(Command.OSA_SCAN) || cmd.hasOption(OSA_ENABLED)) { - scanConfig.setEnablePolicyViolations(cmd.hasOption(IS_CHECKED_POLICY)); - } + if (cmd.hasOption(SCA_ENABLED) || command.equals(Command.SCA_SCAN)) { + scanConfig.setEnablePolicyViolationsSCA(cmd.hasOption(IS_CHECKED_POLICY)); + } + if (scanConfig.isSastEnabled() || command.equals(Command.OSA_SCAN) || cmd.hasOption(OSA_ENABLED)) { + scanConfig.setEnablePolicyViolations(cmd.hasOption(IS_CHECKED_POLICY)); + } if (!commandLine.hasOption(CONFIG_AS_CODE)) { if ((command.equals(Command.SCA_SCAN)) || (command.equals(Command.ASYNC_SCA_SCAN))) { @@ -169,11 +169,10 @@ public CxScanConfig resolveConfiguration(Command command, CommandLine cmd) throw if (cmd.hasOption(SCA_TIMEOUT)) { scanConfig.setSCAScanTimeoutInMinutes(Integer.valueOf(cmd.getOptionValue(SCA_TIMEOUT))); } - } - else { - if(cmd.hasOption(SCA_ENABLED) && cmd.hasOption(SCA_TIMEOUT)) { - scanConfig.setSCAScanTimeoutInMinutes(Integer.valueOf(cmd.getOptionValue(SCA_TIMEOUT))); - } + } else { + if (cmd.hasOption(SCA_ENABLED) && cmd.hasOption(SCA_TIMEOUT)) { + scanConfig.setSCAScanTimeoutInMinutes(Integer.valueOf(cmd.getOptionValue(SCA_TIMEOUT))); + } scanConfig.setProjectName(extractProjectName(cmd.getOptionValue(FULL_PROJECT_PATH), false)); scanConfig.setTeamPath(extractTeamPath(cmd.getOptionValue(FULL_PROJECT_PATH), false)); } @@ -188,52 +187,52 @@ public CxScanConfig resolveConfiguration(Command command, CommandLine cmd) throw scanConfig.setScanComment(cmd.getOptionValue(SCAN_COMMENT)); setScanReports(scanConfig); String reportPath = getReportPath(SCA_REPORT_PATH); - if(reportPath != null && !reportPath.isEmpty()) { - File reportDir = new File(reportPath); - scanConfig.setReportsDir(reportDir); + if (reportPath != null && !reportPath.isEmpty()) { + File reportDir = new File(reportPath); + scanConfig.setReportsDir(reportDir); } - scanConfig.setGenerateScaReport(cmd.hasOption(GENERATE_SCA_REPORT)); + scanConfig.setGenerateScaReport(cmd.hasOption(GENERATE_SCA_REPORT)); scanConfig.setScaReportFormat(cmd.getOptionValue(SCA_REPORT_FORMAT)); - if(scanConfig.isGenerateScaReport()) { - throwForInvalidScaReportFormat(scanConfig.getScaReportFormat()); - if (!cmd.hasOption(SCA_REPORT_PATH)) { - throw new CLIParsingException("scareportpath command line option must be specified."); - } + if (scanConfig.isGenerateScaReport()) { + throwForInvalidScaReportFormat(scanConfig.getScaReportFormat()); + if (!cmd.hasOption(SCA_REPORT_PATH)) { + throw new CLIParsingException("scareportpath command line option must be specified."); + } } - + scanConfig.setIncremental(cmd.hasOption(IS_INCREMENTAL)); String postScanAction = cmd.getOptionValue(POST_SCAN_ACTION); - scanConfig.setPostScanName(postScanAction); - scanConfig.setForceScan(cmd.hasOption(IS_FORCE_SCAN)); - scanConfig.setEnableSASTBranching(cmd.hasOption(ENABLE_SAST_BRANCHING)); - if (cmd.hasOption(ENABLE_SAST_BRANCHING)) { - if (!cmd.hasOption(MASTER_BRANCH_PROJ_NAME)) { - getRequiredParam(cmd, MASTER_BRANCH_PROJ_NAME, null); - } else { - scanConfig.setMasterBranchProjName(cmd.getOptionValue(MASTER_BRANCH_PROJ_NAME)); - } - } - + scanConfig.setPostScanName(postScanAction); + scanConfig.setForceScan(cmd.hasOption(IS_FORCE_SCAN)); + scanConfig.setEnableSASTBranching(cmd.hasOption(ENABLE_SAST_BRANCHING)); + if (cmd.hasOption(ENABLE_SAST_BRANCHING)) { + if (!cmd.hasOption(MASTER_BRANCH_PROJ_NAME)) { + getRequiredParam(cmd, MASTER_BRANCH_PROJ_NAME, null); + } else { + scanConfig.setMasterBranchProjName(cmd.getOptionValue(MASTER_BRANCH_PROJ_NAME)); + } + } + if (cmd.hasOption(IS_INCREMENTAL)) { - scanConfig.setIncremental(!cmd.hasOption(IS_FORCE_SCAN)); + scanConfig.setIncremental(!cmd.hasOption(IS_FORCE_SCAN)); } boolean isFullScan = (cmd.hasOption(IS_INCREMENTAL)) && (cmd.hasOption(IS_FORCE_SCAN)); - if(isFullScan) { - log.info("Both incremental scan and Force scan options are provided. Full scan will be performed."); - } - if (cmd.hasOption(PERIODIC_FULL_SCAN)) { - if (!cmd.hasOption(IS_INCREMENTAL)) { - getRequiredParam(cmd, IS_INCREMENTAL, null); - } else { - String periodicFullScan = cmd.getOptionValue(PERIODIC_FULL_SCAN); - this.fullScanCycle = Integer.valueOf(periodicFullScan); - boolean isIncremental = isThisBuildIncremental(); - scanConfig.setIncremental(isIncremental); - } - } - scanConfig.setAvoidDuplicateProjectScans(cmd.hasOption(AVOID_DUPLICATE_PROJECT_SCANS)); - setSASTThresholds(scanConfig); - + if (isFullScan) { + log.info("Both incremental scan and Force scan options are provided. Full scan will be performed."); + } + if (cmd.hasOption(PERIODIC_FULL_SCAN)) { + if (!cmd.hasOption(IS_INCREMENTAL)) { + getRequiredParam(cmd, IS_INCREMENTAL, null); + } else { + String periodicFullScan = cmd.getOptionValue(PERIODIC_FULL_SCAN); + this.fullScanCycle = Integer.valueOf(periodicFullScan); + boolean isIncremental = isThisBuildIncremental(); + scanConfig.setIncremental(isIncremental); + } + } + scanConfig.setAvoidDuplicateProjectScans(cmd.hasOption(AVOID_DUPLICATE_PROJECT_SCANS)); + setSASTThresholds(scanConfig); + String dsLocationPath = getSharedDependencyScanOption(scanConfig, OSA_LOCATION_PATH, SCA_LOCATION_PATH); if (scanConfig.isSastEnabled() || dsLocationPath == null) { ScanSourceConfigurator locator = new ScanSourceConfigurator(); @@ -251,19 +250,19 @@ public CxScanConfig resolveConfiguration(Command command, CommandLine cmd) throw return scanConfig; } - - + + /* * Sets JSSE JVM properties to pass custom trust store and its password */ public void setSystemProperties() { - - String customTrustStore = props.getProperty(KEY_CUSTOM_TRUSTSTORE); + + String customTrustStore = props.getProperty(KEY_CUSTOM_TRUSTSTORE); String customTrustStorePassword = props.getProperty(KEY_CUSTOM_TRUSTSTORE_PASSWORD); - if(customTrustStore != null && !customTrustStore.isEmpty()) { - System.setProperty("javax.net.ssl.trustStore", customTrustStore); - System.setProperty("javax.net.ssl.trustStorePassword", customTrustStorePassword); - System.setProperty("javax.net.ssl.trustStoreType", "JKS"); + if (customTrustStore != null && !customTrustStore.isEmpty()) { + System.setProperty("javax.net.ssl.trustStore", customTrustStore); + System.setProperty("javax.net.ssl.trustStorePassword", customTrustStorePassword); + System.setProperty("javax.net.ssl.trustStoreType", "JKS"); } } @@ -503,28 +502,28 @@ private void mapSastConfiguration(Optional sast, CxScanConfig scanCo }); sast.map(SastConfig::isOverrideProjectSetting) - .ifPresent(pValue -> { - scanConfig.setIsOverrideProjectSetting(pValue); - overridesResults.put("Is Overridable", String.valueOf(pValue)); - }); - + .ifPresent(pValue -> { + scanConfig.setIsOverrideProjectSetting(pValue); + overridesResults.put("Is Overridable", String.valueOf(pValue)); + }); + sast.map(SastConfig::isEnableSASTBranching) - .ifPresent(pValue -> { - scanConfig.setEnableSASTBranching(pValue); - overridesResults.put("Enable SAST Branching", String.valueOf(pValue)); - }); - + .ifPresent(pValue -> { + scanConfig.setEnableSASTBranching(pValue); + overridesResults.put("Enable SAST Branching", String.valueOf(pValue)); + }); + sast.map(SastConfig::getMasterBranchProjName) - .ifPresent(pValue -> { - scanConfig.setMasterBranchProjName(pValue); - overridesResults.put("Master Branch Project Name", String.valueOf(pValue)); - }); + .ifPresent(pValue -> { + scanConfig.setMasterBranchProjName(pValue); + overridesResults.put("Master Branch Project Name", String.valueOf(pValue)); + }); sast.map(SastConfig::isAvoidDuplicateProjectScans) - .ifPresent(pValue -> { - scanConfig.setAvoidDuplicateProjectScans(pValue); - overridesResults.put("Avoid Duplicate Project Scans", String.valueOf(pValue)); - }); + .ifPresent(pValue -> { + scanConfig.setAvoidDuplicateProjectScans(pValue); + overridesResults.put("Avoid Duplicate Project Scans", String.valueOf(pValue)); + }); } private void mapProjectConfiguration(Optional project, CxScanConfig scanConfig, Map overridesResults) throws CLIParsingException { @@ -747,16 +746,16 @@ private void configureScaWithSastDetails(AstScaConfig sca) throws CLIParsingExce //SCA alone scan if ((!commandLine.hasOption(SCA_ENABLED))) { - if (commandLine.hasOption(SAST_PROJECT_NAME) || commandLine.hasOption(SAST_PROJECT_ID)) { - if (exploitablePathParamsIncomplete(serverURL, user, password, projectId, projectName)) { - serverURL = StringUtils.isEmpty(serverURL) ? getOptionalParam(SERVER_URL, "") : serverURL; - user = StringUtils.isEmpty(user) ? getOptionalParam(USER_NAME, "") : user; - password = StringUtils.isEmpty(password) ? getOptionalParam(USER_PASSWORD, "") : password; - projectName = StringUtils.isEmpty(projectName) ? getOptionalParam(FULL_PROJECT_PATH, "") - : projectName; - } - } - if (exploitablePathParamsIncomplete(serverURL, user, password, projectId, projectName)) { + if (commandLine.hasOption(SAST_PROJECT_NAME) || commandLine.hasOption(SAST_PROJECT_ID)) { + if (exploitablePathParamsIncomplete(serverURL, user, password, projectId, projectName)) { + serverURL = StringUtils.isEmpty(serverURL) ? getOptionalParam(SERVER_URL, "") : serverURL; + user = StringUtils.isEmpty(user) ? getOptionalParam(USER_NAME, "") : user; + password = StringUtils.isEmpty(password) ? getOptionalParam(USER_PASSWORD, "") : password; + projectName = StringUtils.isEmpty(projectName) ? getOptionalParam(FULL_PROJECT_PATH, "") + : projectName; + } + } + if (exploitablePathParamsIncomplete(serverURL, user, password, projectId, projectName)) { if (!exploitablePathParamsEmpty(serverURL, user, password, projectId, projectName)) throw new CLIParsingException( "[CxConsole] For SCA exploitable path, CxSAST server details like url, user, password and full project path or project id are required. Received partial parameters."); @@ -900,11 +899,17 @@ private void setScanReports(CxScanConfig scanConfig) { String reportPath = getReportPath(PDF_REPORT); if (reportPath != null) { scanConfig.addPDFReport(reportPath); + scanConfig.setGeneratePDFReport(true); + } else { + scanConfig.setGeneratePDFReport(false); } reportPath = getReportPath(XML_REPORT); if (reportPath != null) { scanConfig.addXMLReport(reportPath); + scanConfig.setGenerateXmlReport(true); + } else { + scanConfig.setGenerateXmlReport(false); } reportPath = getReportPath(CSV_REPORT); @@ -916,7 +921,6 @@ private void setScanReports(CxScanConfig scanConfig) { if (reportPath != null) { scanConfig.addRTFReport(reportPath); } - } private String getReportPath(String optionName) { @@ -1028,29 +1032,29 @@ private static String extractTeamPath(String fullPath, boolean isScaScan) throws return fullPath.substring(0, lastIdx); } - + public static String getPluginVersion() { - String version = ""; - try { - InputStream is = CxConfigHelper.class.getClassLoader().getResourceAsStream("META-INF/maven/com.cx.plugin/CxConsolePlugin/pom.xml"); - if (is != null) { - MavenXpp3Reader reader = new MavenXpp3Reader(); - org.apache.maven.model.Model model = reader.read(is); - version = model.getVersion(); - } - } catch (Exception e) { - } - return version; - } - - - public static void printConfig(CommandLine commandLine) { + String version = ""; + try { + InputStream is = CxConfigHelper.class.getClassLoader().getResourceAsStream("META-INF/maven/com.cx.plugin/CxConsolePlugin/pom.xml"); + if (is != null) { + MavenXpp3Reader reader = new MavenXpp3Reader(); + org.apache.maven.model.Model model = reader.read(is); + version = model.getVersion(); + } + } catch (Exception e) { + } + return version; + } + + + public static void printConfig(CommandLine commandLine) { log.info("-----------------------------------------------------------------------------------------"); log.info("CxConsole Configuration: "); log.info("--------------------"); - + String pluginVersion = getPluginVersion(); - log.info("plugin version: {}", pluginVersion); + log.info("plugin version: {}", pluginVersion); for (Option param : commandLine.getOptions()) { String name = param.getLongOpt() != null ? param.getLongOpt() : param.getOpt(); String value; @@ -1065,24 +1069,23 @@ public static void printConfig(CommandLine commandLine) { value = param.getValue(); log.debug("{}: {}", name, value); value = DigestUtils.sha256Hex(param.getValue()); - }else if (param.getOpt().equalsIgnoreCase(LOCATION_URL)) { - String value1 = param.getValue(); - String[] arrOfStr = value1.split("@"); - value = ""; - if(arrOfStr.length==1) { - for (int i = 0; i < arrOfStr[0].length(); i++) { - value+="*"; - } - } - else { - for (int i = 0; i < arrOfStr[0].length(); i++) { - value+="*"; - } - value+="@"; - value+=arrOfStr[1]; - } - - }else if (param.hasArg()) { + } else if (param.getOpt().equalsIgnoreCase(LOCATION_URL)) { + String value1 = param.getValue(); + String[] arrOfStr = value1.split("@"); + value = ""; + if (arrOfStr.length == 1) { + for (int i = 0; i < arrOfStr[0].length(); i++) { + value += "*"; + } + } else { + for (int i = 0; i < arrOfStr[0].length(); i++) { + value += "*"; + } + value += "@"; + value += arrOfStr[1]; + } + + } else if (param.hasArg()) { value = param.getValue(); } else { value = "true"; @@ -1188,66 +1191,66 @@ private static String getRequiredParam(CommandLine cmdLine, String cmdLineOption return result; } - public static String checkMissingMandatoryAdditionalParams(CommandLine cmdLine, String addParams) - throws CLIParsingException { - if (addParams == null) - addParams = ""; - if (!addParams.contains("-n ")) { - String projectName = cmdLine.getOptionValue(FULL_PROJECT_PATH); - if (StringUtils.isNotEmpty(projectName)) { - projectName = projectName.trim(); - addParams += " -n " + projectName; - } else - throw new CLIParsingException("projectname command line option must be specified"); - } - if (!addParams.contains("-s ")) { - String locationPath = cmdLine.getOptionValue(LOCATION_PATH); - String scaLocationPath = cmdLine.getOptionValue(SCA_LOCATION_PATH); - if (StringUtils.isNotEmpty(locationPath)) { - locationPath = locationPath.trim(); - addParams += " -s " + locationPath; - } else if (StringUtils.isNotEmpty(scaLocationPath)) { - scaLocationPath = scaLocationPath.trim(); - addParams += " -s " + scaLocationPath; - } else - throw new CLIParsingException("locationpath command line option must be specified"); - } - if (cmdLine.hasOption(SCA_ENABLED) - && (addParams.contains("--cxprojectname ") || addParams.contains("--cxprojectid "))) { - if (!addParams.contains("--cxserver ")) { - String cxserver = cmdLine.getOptionValue(SERVER_URL); - if (StringUtils.isNotEmpty(cxserver)) { - cxserver = cxserver.trim(); - addParams += " --cxserver " + cxserver; - } else - throw new CLIParsingException("cxserver command line option must be specified"); - } - if (!addParams.contains("--cxuser ")) { - String cxuser = cmdLine.getOptionValue(USER_NAME); - if (StringUtils.isNotEmpty(cxuser)) { - cxuser = cxuser.trim(); - addParams += " --cxuser " + cxuser; - } else - throw new CLIParsingException("cxuser command line option must be specified"); - } - if (!addParams.contains("--cxpassword ")) { - String cxpassword = cmdLine.getOptionValue(USER_PASSWORD); - if (StringUtils.isNotEmpty(cxpassword)) { - cxpassword = cxpassword.trim(); - addParams += " --cxpassword " + cxpassword; - } else - throw new CLIParsingException("cxpassword command line option must be specified"); - } - } else if (addParams.contains("--cxprojectname ") || addParams.contains("--cxprojectid ")) { - if (!addParams.contains("--cxserver ") || !addParams.contains("--cxuser ") - || !addParams.contains("--cxpassword ")) { - throw new CLIParsingException( - "--cxserver, --cxuser, --cxpassword and --cxprojectname must be specified to use Exploitable Path."); - } - - } - return addParams; - } + public static String checkMissingMandatoryAdditionalParams(CommandLine cmdLine, String addParams) + throws CLIParsingException { + if (addParams == null) + addParams = ""; + if (!addParams.contains("-n ")) { + String projectName = cmdLine.getOptionValue(FULL_PROJECT_PATH); + if (StringUtils.isNotEmpty(projectName)) { + projectName = projectName.trim(); + addParams += " -n " + projectName; + } else + throw new CLIParsingException("projectname command line option must be specified"); + } + if (!addParams.contains("-s ")) { + String locationPath = cmdLine.getOptionValue(LOCATION_PATH); + String scaLocationPath = cmdLine.getOptionValue(SCA_LOCATION_PATH); + if (StringUtils.isNotEmpty(locationPath)) { + locationPath = locationPath.trim(); + addParams += " -s " + locationPath; + } else if (StringUtils.isNotEmpty(scaLocationPath)) { + scaLocationPath = scaLocationPath.trim(); + addParams += " -s " + scaLocationPath; + } else + throw new CLIParsingException("locationpath command line option must be specified"); + } + if (cmdLine.hasOption(SCA_ENABLED) + && (addParams.contains("--cxprojectname ") || addParams.contains("--cxprojectid "))) { + if (!addParams.contains("--cxserver ")) { + String cxserver = cmdLine.getOptionValue(SERVER_URL); + if (StringUtils.isNotEmpty(cxserver)) { + cxserver = cxserver.trim(); + addParams += " --cxserver " + cxserver; + } else + throw new CLIParsingException("cxserver command line option must be specified"); + } + if (!addParams.contains("--cxuser ")) { + String cxuser = cmdLine.getOptionValue(USER_NAME); + if (StringUtils.isNotEmpty(cxuser)) { + cxuser = cxuser.trim(); + addParams += " --cxuser " + cxuser; + } else + throw new CLIParsingException("cxuser command line option must be specified"); + } + if (!addParams.contains("--cxpassword ")) { + String cxpassword = cmdLine.getOptionValue(USER_PASSWORD); + if (StringUtils.isNotEmpty(cxpassword)) { + cxpassword = cxpassword.trim(); + addParams += " --cxpassword " + cxpassword; + } else + throw new CLIParsingException("cxpassword command line option must be specified"); + } + } else if (addParams.contains("--cxprojectname ") || addParams.contains("--cxprojectid ")) { + if (!addParams.contains("--cxserver ") || !addParams.contains("--cxuser ") + || !addParams.contains("--cxpassword ")) { + throw new CLIParsingException( + "--cxserver, --cxuser, --cxpassword and --cxprojectname must be specified to use Exploitable Path."); + } + + } + return addParams; + } private static String normalizeUrl(String rawValue) { return rawValue.startsWith("http") ? rawValue : "http://" + rawValue; @@ -1314,16 +1317,16 @@ private boolean testConnection(CxScanConfig scanConfig) throws CLIParsingExcepti } return false; } - + //function to test whether build will be incremental or full scan private boolean isThisBuildIncremental() { int buildNumber = 0; Map env = System.getenv(); - - if(env.get("BUILD_NUMBER") != null) { - buildNumber = Integer.valueOf(env.get("BUILD_NUMBER")); - } - + + if (env.get("BUILD_NUMBER") != null) { + buildNumber = Integer.valueOf(env.get("BUILD_NUMBER")); + } + if (fullScanCycle == 0) { return true; } @@ -1336,15 +1339,15 @@ private boolean isThisBuildIncremental() { // If user asked to perform full scan after every 9 incremental scans - // it means that every 10th scan should be full, // that is the ordinal numbers of full scans will be "1", "11", "21" and so on... - boolean shouldBeFullScan = buildNumber % (fullScanCycle + 1) == 1; + boolean shouldBeFullScan = buildNumber % (fullScanCycle + 1) == 1; return !shouldBeFullScan; } - + private void throwForInvalidScaReportFormat(String format) throws ConfigurationException { - boolean valid = false; - List supportedFormats = Arrays.asList(new String[] {"json", "xml", "pdf", "csv", "cyclonedxjson", "cyclonedxxml"}); - - if(format == null || !supportedFormats.contains(format.toLowerCase())) - throw new ConfigurationException("Invalid SCA report format:" + format +". Supported formats are:" + supportedFormats.toString()); + boolean valid = false; + List supportedFormats = Arrays.asList(new String[]{"json", "xml", "pdf", "csv", "cyclonedxjson", "cyclonedxxml"}); + + if (format == null || !supportedFormats.contains(format.toLowerCase())) + throw new ConfigurationException("Invalid SCA report format:" + format + ". Supported formats are:" + supportedFormats.toString()); } } From 4eeb6a48fb4b0a1088b10832e70d1e7265495165 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Wed, 19 Jun 2024 00:21:38 +0530 Subject: [PATCH 02/18] Code changes for Critical Severity --- pom.xml | 13 +++++++++++-- .../cx/plugin/cli/configascode/SastConfig.java | 10 ++++++++++ .../cx/plugin/cli/constants/ArgDescriptions.java | 2 ++ .../java/com/cx/plugin/cli/constants/Command.java | 1 + .../com/cx/plugin/cli/constants/Parameters.java | 1 + .../plugin/cli/errorsconstants/ErrorMessages.java | 1 + .../com/cx/plugin/cli/errorsconstants/Errors.java | 13 +++++++------ .../com/cx/plugin/cli/utils/CxConfigHelper.java | 15 +++++++++++++++ .../cx/plugin/cli/utils/ErrorParsingHelper.java | 3 +++ .../cx/plugin/cli/utils/CxConfigHelperTests.java | 7 ++++--- 10 files changed, 55 insertions(+), 11 deletions(-) diff --git a/pom.xml b/pom.xml index 890b9e5..35bc7bb 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,16 @@ libs-snapshot ~/.m2 - + + + + + + + + + + @@ -134,7 +143,7 @@ com.checkmarx cx-client-common - 2024.1.1 + 2024.2.7 diff --git a/src/main/java/com/cx/plugin/cli/configascode/SastConfig.java b/src/main/java/com/cx/plugin/cli/configascode/SastConfig.java index 24afb85..0810f79 100644 --- a/src/main/java/com/cx/plugin/cli/configascode/SastConfig.java +++ b/src/main/java/com/cx/plugin/cli/configascode/SastConfig.java @@ -21,6 +21,8 @@ public class SastConfig { private int medium; @Optional private int high; + @Optional + private int critical; @Optional private boolean avoidDuplicateProjectScans; @Optional @@ -96,6 +98,14 @@ public int getHigh() { public void setHigh(int high) { this.high = high; } + + public int getCritical() { + return critical; + } + + public void setCritical(int critical) { + this.critical = critical; + } public boolean isPrivateScan() { return privateScan; diff --git a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java index c6289d3..0e88c92 100644 --- a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java +++ b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java @@ -97,11 +97,13 @@ private ArgDescriptions() { static final String GENERATE_SCA_REPORT = "Set Generate Sca Report. Optional."; static final String SCA_REPORT_FORMAT = "Set Sca Report Format. Optional."; + static final String CRITICAL = "critical"; static final String HIGH = "high"; static final String MEDIUM = "medium"; static final String LOW = "low"; + static final String SAST_CRITICAL = String.format(THRESHOLD_TEMPLATE, CX_SAST, CRITICAL); static final String SAST_HIGH = String.format(THRESHOLD_TEMPLATE, CX_SAST, HIGH); static final String SAST_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_SAST, MEDIUM); static final String SAST_LOW = String.format(THRESHOLD_TEMPLATE, CX_SAST, LOW); diff --git a/src/main/java/com/cx/plugin/cli/constants/Command.java b/src/main/java/com/cx/plugin/cli/constants/Command.java index 9af7e14..6167093 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Command.java +++ b/src/main/java/com/cx/plugin/cli/constants/Command.java @@ -134,6 +134,7 @@ public static Options getOptions() { options.addOption(Option.builder(PRESET).desc(ArgDescriptions.PRESET).hasArg(true).argName("preset").build()); options.addOption(Option.builder(SCAN_COMMENT).desc(ArgDescriptions.SCAN_COMMENT).hasArg(true).argName("text").build()); options.addOption(Option.builder(IS_SSO).desc(ArgDescriptions.IS_SSO).hasArg(false).build()); + options.addOption(SAST_CRITICAL, true, ArgDescriptions.SAST_CRITICAL); options.addOption(SAST_HIGH, true, ArgDescriptions.SAST_HIGH); options.addOption(SAST_MEDIUM, true, ArgDescriptions.SAST_MEDIUM); options.addOption(SAST_LOW, true, ArgDescriptions.SAST_LOW); diff --git a/src/main/java/com/cx/plugin/cli/constants/Parameters.java b/src/main/java/com/cx/plugin/cli/constants/Parameters.java index 84f5162..0b3f9f0 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Parameters.java +++ b/src/main/java/com/cx/plugin/cli/constants/Parameters.java @@ -73,6 +73,7 @@ private Parameters() { public static final String SCAN_COMMENT = "comment"; public static final String IS_SSO = "usesso"; + public static final String SAST_CRITICAL = "sastcritical"; public static final String SAST_HIGH = "sasthigh"; public static final String SAST_MEDIUM = "sastmedium"; public static final String SAST_LOW = "sastlow"; diff --git a/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java b/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java index 1358a96..266eeff 100644 --- a/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java +++ b/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java @@ -25,6 +25,7 @@ private ErrorMessages() { public static final String THRESHOLD_PARAMETER_IN_ASYNC_SCAN = "Asynchronous run does not support threshold. Please remove the threshold parameters and run again"; public static final String SERVER_CONNECTIVITY_VALIDATION_ERROR = "Failed to validate server connectivity: "; + public static final String SAST_CRITICAL_THRESHOLD_ERROR_MSG = "SAST critical vulnerability threshold exceeded"; public static final String SAST_HIGH_THRESHOLD_ERROR_MSG = "SAST high vulnerability threshold exceeded"; public static final String SAST_MEDIUM_THRESHOLD_ERROR_MSG = "SAST medium vulnerability threshold exceeded"; public static final String SAST_LOW_THRESHOLD_ERROR_MSG = "SAST low vulnerability threshold exceeded"; diff --git a/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java b/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java index d9a8868..a4419a9 100644 --- a/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java +++ b/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java @@ -17,12 +17,13 @@ public enum Errors { OSA_RESOLVE_ERROR(6, OSA_RESOLVE_ERROR_MSG), OSA_NO_DEPENDENCIES_ERROR(7, OSA_NO_DEPENDENCIES_ERROR_MSG), - SAST_HIGH_THRESHOLD_ERROR(10, SAST_HIGH_THRESHOLD_ERROR_MSG), - SAST_MEDIUM_THRESHOLD_ERROR(11, SAST_MEDIUM_THRESHOLD_ERROR_MSG), - SAST_LOW_THRESHOLD_ERROR(12, SAST_LOW_THRESHOLD_ERROR_MSG), - OSA_HIGH_THRESHOLD_ERROR(13, OSA_HIGH_THRESHOLD_ERROR_MSG), - OSA_MEDIUM_THRESHOLD_ERROR(14, OSA_MEDIUM_THRESHOLD_ERROR_MSG), - OSA_LOW_THRESHOLD_ERROR(15, OSA_LOW_THRESHOLD_ERROR_MSG), + SAST_CRITICAL_THRESHOLD_ERROR(10, SAST_CRITICAL_THRESHOLD_ERROR_MSG), + SAST_HIGH_THRESHOLD_ERROR(11, SAST_HIGH_THRESHOLD_ERROR_MSG), + SAST_MEDIUM_THRESHOLD_ERROR(12, SAST_MEDIUM_THRESHOLD_ERROR_MSG), + SAST_LOW_THRESHOLD_ERROR(13, SAST_LOW_THRESHOLD_ERROR_MSG), + OSA_HIGH_THRESHOLD_ERROR(14, OSA_HIGH_THRESHOLD_ERROR_MSG), + OSA_MEDIUM_THRESHOLD_ERROR(15, OSA_MEDIUM_THRESHOLD_ERROR_MSG), + OSA_LOW_THRESHOLD_ERROR(16, OSA_LOW_THRESHOLD_ERROR_MSG), POLICY_VIOLATION_ERROR(18, POLICY_VIOLATED_ERROR_MSG), GENERIC_THRESHOLD_FAILURE_ERROR(19, GENERIC_THRESHOLD_FAILURE_ERROR_MSG), diff --git a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java index ea1ff8f..3ec40f7 100644 --- a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java @@ -467,6 +467,15 @@ private void mapSastConfiguration(Optional sast, CxScanConfig scanCo scanConfig.setSastHighThreshold(pValue); overridesResults.put("High", String.valueOf(pValue)); }); + + sast.map(SastConfig::getCritical) + .filter(n -> n > 0) + .ifPresent(pValue -> { + scanConfig.setSastThresholdsEnabled(true); + scanConfig.setSastCriticalThreshold(pValue); + overridesResults.put("Critical", String.valueOf(pValue)); + }); + sast.map(SastConfig::getPreset) .filter(StringUtils::isNotBlank) .ifPresent(pValue -> { @@ -930,11 +939,17 @@ private String getReportPath(String optionName) { } private CxScanConfig setSASTThresholds(CxScanConfig scanConfig) { + String sastCritical = commandLine.getOptionValue(SAST_CRITICAL); String sastHigh = commandLine.getOptionValue(SAST_HIGH); String sastMedium = commandLine.getOptionValue(SAST_MEDIUM); String sastLow = commandLine.getOptionValue(SAST_LOW); scanConfig.setSastThresholdsEnabled(false); + + if (!Strings.isNullOrEmpty(sastCritical)) { + scanConfig.setSastCriticalThreshold(Integer.valueOf(sastHigh)); + scanConfig.setSastThresholdsEnabled(true); + } if (!Strings.isNullOrEmpty(sastHigh)) { scanConfig.setSastHighThreshold(Integer.valueOf(sastHigh)); scanConfig.setSastThresholdsEnabled(true); diff --git a/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java b/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java index 80776eb..e80e8dc 100644 --- a/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java @@ -45,6 +45,7 @@ private static Map createMessageToCodeMap() { messageToCodeMap.put(OSA_MEDIUM_THRESHOLD_ERROR_MSG, Errors.OSA_MEDIUM_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_LOW_THRESHOLD_ERROR_MSG, Errors.OSA_LOW_THRESHOLD_ERROR.getCode()); // SAST thresholds + messageToCodeMap.put(SAST_CRITICAL_THRESHOLD_ERROR_MSG, Errors.SAST_CRITICAL_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(SAST_HIGH_THRESHOLD_ERROR_MSG, Errors.SAST_HIGH_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(SAST_MEDIUM_THRESHOLD_ERROR_MSG, Errors.SAST_MEDIUM_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(SAST_LOW_THRESHOLD_ERROR_MSG, Errors.SAST_LOW_THRESHOLD_ERROR.getCode()); @@ -85,6 +86,8 @@ public static Errors getErrorType(ScanSummary scanSummary) { private static Errors toThresholdErrorCode(ThresholdError error) { if (error.getSource() == ErrorSource.SAST) { switch (error.getSeverity()) { + case CRITICAL: + return Errors.SAST_CRITICAL_THRESHOLD_ERROR; case HIGH: return Errors.SAST_HIGH_THRESHOLD_ERROR; case MEDIUM: diff --git a/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java b/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java index 2ebd2bd..60f7942 100644 --- a/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java +++ b/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java @@ -35,9 +35,10 @@ void ScaArgs_Valid() throws ParseException, CLIParsingException, IOException, Co FILE_EXCLUDE = "excludedfiles", PATH_EXCLUDE = "excludedpath"; - final Integer HIGH = 1, - MEDIUM = 2, - LOW = 3; + final Integer CRITICAL = 1, + HIGH = 2, + MEDIUM = 3, + LOW = 4; final String[] DEFAULT_ARGS = { "-projectname", "CxServer\\SP\\myprojectname", From 5a5a5a5d589d6bb7c2c6374f0eef297eae389483 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Wed, 19 Jun 2024 14:13:51 +0530 Subject: [PATCH 03/18] SCA Vulnerability fix --- pom.xml | 42 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 890b9e5..7ae5ac4 100644 --- a/pom.xml +++ b/pom.xml @@ -23,9 +23,7 @@ snapshots libs-snapshot ~/.m2 - - - + @@ -134,7 +132,7 @@ com.checkmarx cx-client-common - 2024.1.1 + 2024.2.7 @@ -153,6 +151,22 @@ org.springframework spring-core + + io.vertx + vertx-core + + + org.bouncycastle + bcprov-jdk18on + + + org.apache.commons + commons-compress + + + io.netty + netty-codec-http + @@ -176,6 +190,26 @@ spring-core 5.3.20 + + io.vertx + vertx-core + 4.5.3 + + + org.bouncycastle + bcprov-jdk18on + 1.78 + + + org.apache.commons + commons-compress + 1.26.0 + + + io.netty + netty-codec-http + 4.1.108.Final + commons-cli From 55df9b0b33919bb839fcc6f503deba0fe05b9584 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Thu, 11 Jul 2024 02:10:03 +0530 Subject: [PATCH 04/18] SCA and OSA critical severity changes --- .../cx/plugin/cli/configascode/ScaConfig.java | 10 ++++++++++ .../plugin/cli/constants/ArgDescriptions.java | 2 ++ .../com/cx/plugin/cli/constants/Command.java | 2 ++ .../cx/plugin/cli/constants/Parameters.java | 2 ++ .../plugin/cli/constants/UsageExamples.java | 2 +- .../cli/errorsconstants/ErrorMessages.java | 1 + .../cx/plugin/cli/errorsconstants/Errors.java | 7 ++++--- .../cx/plugin/cli/utils/CxConfigHelper.java | 19 ++++++++++++++++--- .../plugin/cli/utils/ErrorParsingHelper.java | 5 ++++- .../plugin/cli/utils/CxConfigHelperTests.java | 2 ++ 10 files changed, 44 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/cx/plugin/cli/configascode/ScaConfig.java b/src/main/java/com/cx/plugin/cli/configascode/ScaConfig.java index de2c288..2c76d87 100644 --- a/src/main/java/com/cx/plugin/cli/configascode/ScaConfig.java +++ b/src/main/java/com/cx/plugin/cli/configascode/ScaConfig.java @@ -15,6 +15,8 @@ public class ScaConfig { private int medium; @Optional private int high; + @Optional + private int critical; public ScaConfig() { } @@ -66,4 +68,12 @@ public int getHigh() { public void setHigh(int high) { this.high = high; } + + public int getCritical() { + return critical; + } + + public void setCritical(int critical) { + this.critical = critical; + } } diff --git a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java index 0e88c92..ee2186e 100644 --- a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java +++ b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java @@ -107,6 +107,7 @@ private ArgDescriptions() { static final String SAST_HIGH = String.format(THRESHOLD_TEMPLATE, CX_SAST, HIGH); static final String SAST_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_SAST, MEDIUM); static final String SAST_LOW = String.format(THRESHOLD_TEMPLATE, CX_SAST, LOW); + static final String OSA_CRITICAL = String.format(THRESHOLD_TEMPLATE, CX_OSA, CRITICAL); static final String OSA_HIGH = String.format(THRESHOLD_TEMPLATE, CX_OSA, HIGH); static final String OSA_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_OSA, MEDIUM); static final String OSA_LOW = String.format(THRESHOLD_TEMPLATE, CX_OSA, LOW); @@ -126,6 +127,7 @@ private ArgDescriptions() { static final String PATH_TO_RESOLVER = "Local path to sca resolver installation directory."; static final String SCA_RESOLVER_ADD_PARAMETERS = "Arguments to SCA Resolver tool. Mandatory parameters as documented in SCA Resolver documentation to execute it in offline mode must be provided."; + static final String SCA_CRITICAL = String.format(THRESHOLD_TEMPLATE, CX_SCA, CRITICAL); static final String SCA_HIGH = String.format(THRESHOLD_TEMPLATE, CX_SCA, HIGH); static final String SCA_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_SCA, MEDIUM); static final String SCA_LOW = String.format(THRESHOLD_TEMPLATE, CX_SCA, LOW); diff --git a/src/main/java/com/cx/plugin/cli/constants/Command.java b/src/main/java/com/cx/plugin/cli/constants/Command.java index 6167093..0ed9900 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Command.java +++ b/src/main/java/com/cx/plugin/cli/constants/Command.java @@ -138,6 +138,7 @@ public static Options getOptions() { options.addOption(SAST_HIGH, true, ArgDescriptions.SAST_HIGH); options.addOption(SAST_MEDIUM, true, ArgDescriptions.SAST_MEDIUM); options.addOption(SAST_LOW, true, ArgDescriptions.SAST_LOW); + options.addOption(OSA_CRITICAL, true, ArgDescriptions.OSA_CRITICAL); options.addOption(OSA_HIGH, true, ArgDescriptions.OSA_HIGH); options.addOption(OSA_MEDIUM, true, ArgDescriptions.OSA_MEDIUM); options.addOption(OSA_LOW, true, ArgDescriptions.OSA_LOW); @@ -153,6 +154,7 @@ public static Options getOptions() { options.addOption(PATH_TO_RESOLVER, true, ArgDescriptions.PATH_TO_RESOLVER);//path to resolver options.addOption(SCA_RESOLVER_ADD_PARAMETERS, true, ArgDescriptions.SCA_RESOLVER_ADD_PARAMETERS);//path to resolver + options.addOption(SCA_CRITICAL, true, ArgDescriptions.SCA_CRITICAL); options.addOption(SCA_HIGH, true, ArgDescriptions.SCA_HIGH); options.addOption(SCA_MEDIUM, true, ArgDescriptions.SCA_MEDIUM); options.addOption(SCA_LOW, true, ArgDescriptions.SCA_LOW); diff --git a/src/main/java/com/cx/plugin/cli/constants/Parameters.java b/src/main/java/com/cx/plugin/cli/constants/Parameters.java index 0b3f9f0..e381c0e 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Parameters.java +++ b/src/main/java/com/cx/plugin/cli/constants/Parameters.java @@ -78,6 +78,7 @@ private Parameters() { public static final String SAST_MEDIUM = "sastmedium"; public static final String SAST_LOW = "sastlow"; + public static final String OSA_CRITICAL = "osacritical"; public static final String OSA_HIGH = "osahigh"; public static final String OSA_MEDIUM = "osamedium"; public static final String OSA_LOW = "osalow"; @@ -94,6 +95,7 @@ private Parameters() { public static final String PATH_TO_RESOLVER = "pathtoresolver"; public static final String SCA_RESOLVER_ADD_PARAMETERS = "scaresolveraddparameters"; + public static final String SCA_CRITICAL = "scacritical"; public static final String SCA_HIGH = "scahigh"; public static final String SCA_MEDIUM = "scamedium"; public static final String SCA_LOW = "scalow"; diff --git a/src/main/java/com/cx/plugin/cli/constants/UsageExamples.java b/src/main/java/com/cx/plugin/cli/constants/UsageExamples.java index 40fe9c7..01ed97c 100644 --- a/src/main/java/com/cx/plugin/cli/constants/UsageExamples.java +++ b/src/main/java/com/cx/plugin/cli/constants/UsageExamples.java @@ -6,7 +6,7 @@ private UsageExamples() { throw new IllegalStateException("Utility class"); } - private static final String SCA_SCAN_TEMPLATE = "runCxConsole.cmd %s -projectname SP\\Cx\\Engine\\AST -scapathexclude .git -scalocationpath \\storage\\dir1\\subdir -scaUsername admin -scaPassword admin -scaAccount account -scahigh 1 -scamedium 2 -scalow 3"; + private static final String SCA_SCAN_TEMPLATE = "runCxConsole.cmd %s -projectname SP\\Cx\\Engine\\AST -scapathexclude .git -scalocationpath \\storage\\dir1\\subdir -scaUsername admin -scaPassword admin -scaAccount account -scacritical 1 -scahigh 2 -scamedium 3 -scalow 4"; static final String SCAN = "\n\nCxConsole Scan -Projectname SP\\Cx\\Engine\\AST -CxServer http://localhost -cxuser admin@cx -cxpassword admin -locationtype folder -locationpath C:\\cx" + " -preset All -incremental -reportpdf a.pdf\nCxConsole Scan -projectname SP\\Cx\\Engine\\AST -cxserver http://localhost -cxuser admin@cx -cxpassword admin -locationtype tfs" + diff --git a/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java b/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java index 266eeff..2037664 100644 --- a/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java +++ b/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java @@ -29,6 +29,7 @@ private ErrorMessages() { public static final String SAST_HIGH_THRESHOLD_ERROR_MSG = "SAST high vulnerability threshold exceeded"; public static final String SAST_MEDIUM_THRESHOLD_ERROR_MSG = "SAST medium vulnerability threshold exceeded"; public static final String SAST_LOW_THRESHOLD_ERROR_MSG = "SAST low vulnerability threshold exceeded"; + public static final String OSA_CRITICAL_THRESHOLD_ERROR_MSG = "OSA critical vulnerability threshold exceeded"; public static final String OSA_HIGH_THRESHOLD_ERROR_MSG = "OSA high vulnerability threshold exceeded"; public static final String OSA_MEDIUM_THRESHOLD_ERROR_MSG = "OSA medium vulnerability threshold exceeded"; public static final String OSA_LOW_THRESHOLD_ERROR_MSG = "OSA low vulnerability threshold exceeded"; diff --git a/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java b/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java index a4419a9..afff808 100644 --- a/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java +++ b/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java @@ -21,9 +21,10 @@ public enum Errors { SAST_HIGH_THRESHOLD_ERROR(11, SAST_HIGH_THRESHOLD_ERROR_MSG), SAST_MEDIUM_THRESHOLD_ERROR(12, SAST_MEDIUM_THRESHOLD_ERROR_MSG), SAST_LOW_THRESHOLD_ERROR(13, SAST_LOW_THRESHOLD_ERROR_MSG), - OSA_HIGH_THRESHOLD_ERROR(14, OSA_HIGH_THRESHOLD_ERROR_MSG), - OSA_MEDIUM_THRESHOLD_ERROR(15, OSA_MEDIUM_THRESHOLD_ERROR_MSG), - OSA_LOW_THRESHOLD_ERROR(16, OSA_LOW_THRESHOLD_ERROR_MSG), + OSA_CRITICAL_THRESHOLD_ERROR(14, OSA_CRITICAL_THRESHOLD_ERROR_MSG), + OSA_HIGH_THRESHOLD_ERROR(15, OSA_HIGH_THRESHOLD_ERROR_MSG), + OSA_MEDIUM_THRESHOLD_ERROR(16, OSA_MEDIUM_THRESHOLD_ERROR_MSG), + OSA_LOW_THRESHOLD_ERROR(17, OSA_LOW_THRESHOLD_ERROR_MSG), POLICY_VIOLATION_ERROR(18, POLICY_VIOLATED_ERROR_MSG), GENERIC_THRESHOLD_FAILURE_ERROR(19, GENERIC_THRESHOLD_FAILURE_ERROR_MSG), diff --git a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java index 3ec40f7..ad54be5 100644 --- a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java @@ -394,6 +394,14 @@ private void mapScaConfiguration(Optional sca, CxScanConfig scanConfi overridesResults.put("Sca Folder Exclude", pValue); }); + sca.map(ScaConfig::getCritical) + .filter(n -> n > 0) + .ifPresent(pValue -> { + scanConfig.setOsaThresholdsEnabled(true); + scanConfig.setOsaCriticalThreshold(pValue); + overridesResults.put("Sca Critical", String.valueOf(pValue)); + }); + sca.map(ScaConfig::getHigh) .filter(n -> n > 0) .ifPresent(pValue -> { @@ -947,7 +955,7 @@ private CxScanConfig setSASTThresholds(CxScanConfig scanConfig) { scanConfig.setSastThresholdsEnabled(false); if (!Strings.isNullOrEmpty(sastCritical)) { - scanConfig.setSastCriticalThreshold(Integer.valueOf(sastHigh)); + scanConfig.setSastCriticalThreshold(Integer.valueOf(sastCritical)); scanConfig.setSastThresholdsEnabled(true); } if (!Strings.isNullOrEmpty(sastHigh)) { @@ -967,11 +975,16 @@ private CxScanConfig setSASTThresholds(CxScanConfig scanConfig) { } private void setDependencyScanThresholds(CxScanConfig scanConfig) { - String high = getSharedDependencyScanOption(scanConfig, OSA_HIGH, SCA_HIGH); + String critical = getSharedDependencyScanOption(scanConfig, OSA_CRITICAL, SCA_CRITICAL); + String high = getSharedDependencyScanOption(scanConfig, OSA_HIGH, SCA_HIGH); String medium = getSharedDependencyScanOption(scanConfig, OSA_MEDIUM, SCA_MEDIUM); String low = getSharedDependencyScanOption(scanConfig, OSA_LOW, SCA_LOW); scanConfig.setOsaThresholdsEnabled(false); + if (!Strings.isNullOrEmpty(critical)) { + scanConfig.setOsaCriticalThreshold(Integer.valueOf(critical)); + scanConfig.setOsaThresholdsEnabled(true); + } if (!Strings.isNullOrEmpty(high)) { scanConfig.setOsaHighThreshold(Integer.valueOf(high)); scanConfig.setOsaThresholdsEnabled(true); @@ -1070,7 +1083,7 @@ public static void printConfig(CommandLine commandLine) { String name = param.getLongOpt() != null ? param.getLongOpt() : param.getOpt(); String value; if (param.getOpt().equalsIgnoreCase(Parameters.USER_PASSWORD) || - param.getOpt().equalsIgnoreCase(SCA_PASSWORD) || + param.getOpt().equalsIgnoreCase(SCA_PASSWORD) || param.getOpt().equalsIgnoreCase(LOCATION_PASSWORD) || param.getOpt().equalsIgnoreCase(TOKEN)) { value = "********"; diff --git a/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java b/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java index e80e8dc..4fbfe90 100644 --- a/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java @@ -41,6 +41,7 @@ private static Map createMessageToCodeMap() { // Generic threshold messageToCodeMap.put(GENERIC_THRESHOLD_FAILURE_ERROR_MSG, Errors.GENERIC_THRESHOLD_FAILURE_ERROR.getCode()); // OSA thresholds + messageToCodeMap.put(OSA_CRITICAL_THRESHOLD_ERROR_MSG, Errors.OSA_CRITICAL_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_HIGH_THRESHOLD_ERROR_MSG, Errors.OSA_HIGH_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_MEDIUM_THRESHOLD_ERROR_MSG, Errors.OSA_MEDIUM_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_LOW_THRESHOLD_ERROR_MSG, Errors.OSA_LOW_THRESHOLD_ERROR.getCode()); @@ -97,7 +98,9 @@ private static Errors toThresholdErrorCode(ThresholdError error) { } } else { switch (error.getSeverity()) { - case HIGH: + case CRITICAL: + return Errors.OSA_CRITICAL_THRESHOLD_ERROR; + case HIGH: return Errors.OSA_HIGH_THRESHOLD_ERROR; case MEDIUM: return Errors.OSA_MEDIUM_THRESHOLD_ERROR; diff --git a/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java b/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java index 60f7942..d18d6d0 100644 --- a/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java +++ b/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java @@ -49,6 +49,7 @@ void ScaArgs_Valid() throws ParseException, CLIParsingException, IOException, Co "-scausername", USERNAME, "-scapassword", PASSWORD, "-scaaccount", ACCOUNT, + "-scacritical", String.valueOf(CRITICAL), "-scahigh", String.valueOf(HIGH), "-scamedium", String.valueOf(MEDIUM), "-scalow", String.valueOf(LOW), @@ -67,6 +68,7 @@ void ScaArgs_Valid() throws ParseException, CLIParsingException, IOException, Co assertTrue(StringUtils.isNotEmpty(config.getTeamPath())); assertEquals(LOCATION_PATH, config.getOsaLocationPath()); + assertEquals(CRITICAL, config.getOsaCriticalThreshold()); assertEquals(HIGH, config.getOsaHighThreshold()); assertEquals(MEDIUM, config.getOsaMediumThreshold()); assertEquals(LOW, config.getOsaLowThreshold()); From da7ec0b6f151052595a1cbd2a578e04eebd972f3 Mon Sep 17 00:00:00 2001 From: ThokalSameer Date: Mon, 15 Jul 2024 11:38:16 +0530 Subject: [PATCH 05/18] Plug 1931 Changes --- .../com/cx/plugin/cli/configascode/SastConfig.java | 11 ++++++++++- .../com/cx/plugin/cli/constants/ArgDescriptions.java | 2 ++ .../java/com/cx/plugin/cli/constants/Command.java | 1 + .../java/com/cx/plugin/cli/constants/Parameters.java | 1 + .../java/com/cx/plugin/cli/utils/CxConfigHelper.java | 7 +++++++ 5 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/cx/plugin/cli/configascode/SastConfig.java b/src/main/java/com/cx/plugin/cli/configascode/SastConfig.java index 24afb85..d90e0b4 100644 --- a/src/main/java/com/cx/plugin/cli/configascode/SastConfig.java +++ b/src/main/java/com/cx/plugin/cli/configascode/SastConfig.java @@ -29,7 +29,9 @@ public class SastConfig { private boolean enableSastBranching; @Optional private String masterBranchProjName; - + @Optional + private int branchTimeout; + public SastConfig() { } @@ -137,5 +139,12 @@ public void setMasterBranchProjName(String masterBranchProjName) { this.masterBranchProjName = masterBranchProjName; } + public void setBranchTimeout(int branchTimeout) { + this.branchTimeout = branchTimeout; + } + + public int getBranchTimeout(){ + return branchTimeout; + } } diff --git a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java index c6289d3..d91cdb1 100644 --- a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java +++ b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java @@ -160,4 +160,6 @@ private ArgDescriptions() { static final String PERIODIC_FULL_SCAN = "Run a full scan after X incremental scans . Scans all files, (-Incremental should be enable). Optional."; static final String AVOID_DUPLICATE_PROJECT_SCANS = "Avoid duplicate project scans in queue"; + + static final String BRANCH_TIMEOUT = "TimeOut duration for branch project copy."; } diff --git a/src/main/java/com/cx/plugin/cli/constants/Command.java b/src/main/java/com/cx/plugin/cli/constants/Command.java index 9af7e14..5ce7c8e 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Command.java +++ b/src/main/java/com/cx/plugin/cli/constants/Command.java @@ -185,6 +185,7 @@ public static Options getOptions() { options.addOption(PERIODIC_FULL_SCAN, true, ArgDescriptions.PERIODIC_FULL_SCAN); options.addOption(AVOID_DUPLICATE_PROJECT_SCANS, false, ArgDescriptions.AVOID_DUPLICATE_PROJECT_SCANS); + options.addOption(BRANCH_TIMEOUT, true, ArgDescriptions.BRANCH_TIMEOUT); return options; } diff --git a/src/main/java/com/cx/plugin/cli/constants/Parameters.java b/src/main/java/com/cx/plugin/cli/constants/Parameters.java index 84f5162..3b3792d 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Parameters.java +++ b/src/main/java/com/cx/plugin/cli/constants/Parameters.java @@ -122,4 +122,5 @@ private Parameters() { public static final String PERIODIC_FULL_SCAN = "periodicfullscan"; public static final String AVOID_DUPLICATE_PROJECT_SCANS = "avoidduplicateprojectscans"; + public static final String BRANCH_TIMEOUT = "copybranchtimeoutinseconds"; } diff --git a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java index ea1ff8f..c1a4e1c 100644 --- a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java @@ -243,6 +243,13 @@ public CxScanConfig resolveConfiguration(Command command, CommandLine cmd) throw scanConfig.setProgressInterval(props.getIntProperty(KEY_PROGRESS_INTERVAL)); scanConfig.setConnectionRetries(props.getIntProperty(KEY_RETRIES)); scanConfig.setDefaultProjectName(props.getProperty(KEY_DEF_PROJECT_NAME)); + + boolean isTimeOutProvided = cmd.hasOption(BRANCH_TIMEOUT); + if(isTimeOutProvided) { + int timeoutinseconds = Integer.valueOf(cmd.getOptionValue(BRANCH_TIMEOUT)); + log.info("=============timeoutinseconds=========="+timeoutinseconds); + scanConfig.setcopyBranchTimeOutInSeconds(timeoutinseconds); + } configureDependencyScan(scanConfig); From a57f8609704fb22f5799ad6e1a62bd9513d735f4 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Thu, 18 Jul 2024 23:59:15 +0530 Subject: [PATCH 06/18] Update pom.xml --- pom.xml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/pom.xml b/pom.xml index 35bc7bb..50723d0 100644 --- a/pom.xml +++ b/pom.xml @@ -24,17 +24,6 @@ libs-snapshot ~/.m2 - - - - - - - - - - - From fda6fe7f94cb69e0d93588f4014cdcf2b903ac00 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Fri, 19 Jul 2024 00:00:35 +0530 Subject: [PATCH 07/18] Update pom.xml --- pom.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pom.xml b/pom.xml index 50723d0..551deab 100644 --- a/pom.xml +++ b/pom.xml @@ -24,6 +24,8 @@ libs-snapshot ~/.m2 + + From 1ab7cdc819e96f94ffcd08bd0aa414e9f49d91e0 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Tue, 23 Jul 2024 15:46:22 +0530 Subject: [PATCH 08/18] Reverting OSA Critical severity related changes(commented) --- pom.xml | 2 +- .../cx/plugin/cli/constants/ArgDescriptions.java | 2 +- .../java/com/cx/plugin/cli/constants/Command.java | 2 +- .../com/cx/plugin/cli/constants/Parameters.java | 2 +- .../plugin/cli/errorsconstants/ErrorMessages.java | 2 +- .../com/cx/plugin/cli/errorsconstants/Errors.java | 8 ++++---- .../com/cx/plugin/cli/utils/CxConfigHelper.java | 15 ++++++++------- .../cx/plugin/cli/utils/ErrorParsingHelper.java | 6 +++--- .../cx/plugin/cli/utils/CxConfigHelperTests.java | 2 +- 9 files changed, 21 insertions(+), 20 deletions(-) diff --git a/pom.xml b/pom.xml index 551deab..ecfd5ad 100644 --- a/pom.xml +++ b/pom.xml @@ -134,7 +134,7 @@ com.checkmarx cx-client-common - 2024.2.7 + 1.1.1 diff --git a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java index ee2186e..7defd82 100644 --- a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java +++ b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java @@ -107,7 +107,7 @@ private ArgDescriptions() { static final String SAST_HIGH = String.format(THRESHOLD_TEMPLATE, CX_SAST, HIGH); static final String SAST_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_SAST, MEDIUM); static final String SAST_LOW = String.format(THRESHOLD_TEMPLATE, CX_SAST, LOW); - static final String OSA_CRITICAL = String.format(THRESHOLD_TEMPLATE, CX_OSA, CRITICAL); +// static final String OSA_CRITICAL = String.format(THRESHOLD_TEMPLATE, CX_OSA, CRITICAL); static final String OSA_HIGH = String.format(THRESHOLD_TEMPLATE, CX_OSA, HIGH); static final String OSA_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_OSA, MEDIUM); static final String OSA_LOW = String.format(THRESHOLD_TEMPLATE, CX_OSA, LOW); diff --git a/src/main/java/com/cx/plugin/cli/constants/Command.java b/src/main/java/com/cx/plugin/cli/constants/Command.java index 0ed9900..76e65c9 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Command.java +++ b/src/main/java/com/cx/plugin/cli/constants/Command.java @@ -138,7 +138,7 @@ public static Options getOptions() { options.addOption(SAST_HIGH, true, ArgDescriptions.SAST_HIGH); options.addOption(SAST_MEDIUM, true, ArgDescriptions.SAST_MEDIUM); options.addOption(SAST_LOW, true, ArgDescriptions.SAST_LOW); - options.addOption(OSA_CRITICAL, true, ArgDescriptions.OSA_CRITICAL); +// options.addOption(OSA_CRITICAL, true, ArgDescriptions.OSA_CRITICAL); options.addOption(OSA_HIGH, true, ArgDescriptions.OSA_HIGH); options.addOption(OSA_MEDIUM, true, ArgDescriptions.OSA_MEDIUM); options.addOption(OSA_LOW, true, ArgDescriptions.OSA_LOW); diff --git a/src/main/java/com/cx/plugin/cli/constants/Parameters.java b/src/main/java/com/cx/plugin/cli/constants/Parameters.java index e381c0e..5ea6d75 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Parameters.java +++ b/src/main/java/com/cx/plugin/cli/constants/Parameters.java @@ -78,7 +78,7 @@ private Parameters() { public static final String SAST_MEDIUM = "sastmedium"; public static final String SAST_LOW = "sastlow"; - public static final String OSA_CRITICAL = "osacritical"; +// public static final String OSA_CRITICAL = "osacritical"; public static final String OSA_HIGH = "osahigh"; public static final String OSA_MEDIUM = "osamedium"; public static final String OSA_LOW = "osalow"; diff --git a/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java b/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java index 2037664..84e8245 100644 --- a/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java +++ b/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java @@ -29,7 +29,7 @@ private ErrorMessages() { public static final String SAST_HIGH_THRESHOLD_ERROR_MSG = "SAST high vulnerability threshold exceeded"; public static final String SAST_MEDIUM_THRESHOLD_ERROR_MSG = "SAST medium vulnerability threshold exceeded"; public static final String SAST_LOW_THRESHOLD_ERROR_MSG = "SAST low vulnerability threshold exceeded"; - public static final String OSA_CRITICAL_THRESHOLD_ERROR_MSG = "OSA critical vulnerability threshold exceeded"; +// public static final String OSA_CRITICAL_THRESHOLD_ERROR_MSG = "OSA critical vulnerability threshold exceeded"; public static final String OSA_HIGH_THRESHOLD_ERROR_MSG = "OSA high vulnerability threshold exceeded"; public static final String OSA_MEDIUM_THRESHOLD_ERROR_MSG = "OSA medium vulnerability threshold exceeded"; public static final String OSA_LOW_THRESHOLD_ERROR_MSG = "OSA low vulnerability threshold exceeded"; diff --git a/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java b/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java index afff808..164d38e 100644 --- a/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java +++ b/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java @@ -21,10 +21,10 @@ public enum Errors { SAST_HIGH_THRESHOLD_ERROR(11, SAST_HIGH_THRESHOLD_ERROR_MSG), SAST_MEDIUM_THRESHOLD_ERROR(12, SAST_MEDIUM_THRESHOLD_ERROR_MSG), SAST_LOW_THRESHOLD_ERROR(13, SAST_LOW_THRESHOLD_ERROR_MSG), - OSA_CRITICAL_THRESHOLD_ERROR(14, OSA_CRITICAL_THRESHOLD_ERROR_MSG), - OSA_HIGH_THRESHOLD_ERROR(15, OSA_HIGH_THRESHOLD_ERROR_MSG), - OSA_MEDIUM_THRESHOLD_ERROR(16, OSA_MEDIUM_THRESHOLD_ERROR_MSG), - OSA_LOW_THRESHOLD_ERROR(17, OSA_LOW_THRESHOLD_ERROR_MSG), +// OSA_CRITICAL_THRESHOLD_ERROR(14, OSA_CRITICAL_THRESHOLD_ERROR_MSG), + OSA_HIGH_THRESHOLD_ERROR(14, OSA_HIGH_THRESHOLD_ERROR_MSG), + OSA_MEDIUM_THRESHOLD_ERROR(15, OSA_MEDIUM_THRESHOLD_ERROR_MSG), + OSA_LOW_THRESHOLD_ERROR(16, OSA_LOW_THRESHOLD_ERROR_MSG), POLICY_VIOLATION_ERROR(18, POLICY_VIOLATED_ERROR_MSG), GENERIC_THRESHOLD_FAILURE_ERROR(19, GENERIC_THRESHOLD_FAILURE_ERROR_MSG), diff --git a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java index ad54be5..31dad89 100644 --- a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java @@ -397,8 +397,8 @@ private void mapScaConfiguration(Optional sca, CxScanConfig scanConfi sca.map(ScaConfig::getCritical) .filter(n -> n > 0) .ifPresent(pValue -> { - scanConfig.setOsaThresholdsEnabled(true); - scanConfig.setOsaCriticalThreshold(pValue); +// scanConfig.setOsaThresholdsEnabled(true); +// scanConfig.setOsaCriticalThreshold(pValue); overridesResults.put("Sca Critical", String.valueOf(pValue)); }); @@ -975,16 +975,17 @@ private CxScanConfig setSASTThresholds(CxScanConfig scanConfig) { } private void setDependencyScanThresholds(CxScanConfig scanConfig) { - String critical = getSharedDependencyScanOption(scanConfig, OSA_CRITICAL, SCA_CRITICAL); + if(scanConfig.isAstScaEnabled()) { + String critical = getSharedDependencyScanOption(scanConfig,"",SCA_CRITICAL);} String high = getSharedDependencyScanOption(scanConfig, OSA_HIGH, SCA_HIGH); String medium = getSharedDependencyScanOption(scanConfig, OSA_MEDIUM, SCA_MEDIUM); String low = getSharedDependencyScanOption(scanConfig, OSA_LOW, SCA_LOW); scanConfig.setOsaThresholdsEnabled(false); - if (!Strings.isNullOrEmpty(critical)) { - scanConfig.setOsaCriticalThreshold(Integer.valueOf(critical)); - scanConfig.setOsaThresholdsEnabled(true); - } +// if (!Strings.isNullOrEmpty(critical)) { +// scanConfig.setOsaCriticalThreshold(Integer.valueOf(critical)); +// scanConfig.setOsaThresholdsEnabled(true); +// } if (!Strings.isNullOrEmpty(high)) { scanConfig.setOsaHighThreshold(Integer.valueOf(high)); scanConfig.setOsaThresholdsEnabled(true); diff --git a/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java b/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java index 4fbfe90..f245145 100644 --- a/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java @@ -41,7 +41,7 @@ private static Map createMessageToCodeMap() { // Generic threshold messageToCodeMap.put(GENERIC_THRESHOLD_FAILURE_ERROR_MSG, Errors.GENERIC_THRESHOLD_FAILURE_ERROR.getCode()); // OSA thresholds - messageToCodeMap.put(OSA_CRITICAL_THRESHOLD_ERROR_MSG, Errors.OSA_CRITICAL_THRESHOLD_ERROR.getCode()); +// messageToCodeMap.put(OSA_CRITICAL_THRESHOLD_ERROR_MSG, Errors.OSA_CRITICAL_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_HIGH_THRESHOLD_ERROR_MSG, Errors.OSA_HIGH_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_MEDIUM_THRESHOLD_ERROR_MSG, Errors.OSA_MEDIUM_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_LOW_THRESHOLD_ERROR_MSG, Errors.OSA_LOW_THRESHOLD_ERROR.getCode()); @@ -98,8 +98,8 @@ private static Errors toThresholdErrorCode(ThresholdError error) { } } else { switch (error.getSeverity()) { - case CRITICAL: - return Errors.OSA_CRITICAL_THRESHOLD_ERROR; +// case CRITICAL: +// return Errors.OSA_CRITICAL_THRESHOLD_ERROR; case HIGH: return Errors.OSA_HIGH_THRESHOLD_ERROR; case MEDIUM: diff --git a/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java b/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java index d18d6d0..0f1b84c 100644 --- a/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java +++ b/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java @@ -68,7 +68,7 @@ void ScaArgs_Valid() throws ParseException, CLIParsingException, IOException, Co assertTrue(StringUtils.isNotEmpty(config.getTeamPath())); assertEquals(LOCATION_PATH, config.getOsaLocationPath()); - assertEquals(CRITICAL, config.getOsaCriticalThreshold()); +// assertEquals(CRITICAL, config.getOsaCriticalThreshold()); assertEquals(HIGH, config.getOsaHighThreshold()); assertEquals(MEDIUM, config.getOsaMediumThreshold()); assertEquals(LOW, config.getOsaLowThreshold()); From 81f98c9d55088901e11466c7766866022cff4057 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Wed, 24 Jul 2024 14:10:50 +0530 Subject: [PATCH 09/18] removed commented LOCs --- .../java/com/cx/plugin/cli/constants/ArgDescriptions.java | 1 - src/main/java/com/cx/plugin/cli/constants/Command.java | 1 - src/main/java/com/cx/plugin/cli/constants/Parameters.java | 1 - .../com/cx/plugin/cli/errorsconstants/ErrorMessages.java | 1 - .../java/com/cx/plugin/cli/errorsconstants/Errors.java | 1 - src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java | 7 +------ .../java/com/cx/plugin/cli/utils/ErrorParsingHelper.java | 3 --- .../java/com/cx/plugin/cli/utils/CxConfigHelperTests.java | 1 - 8 files changed, 1 insertion(+), 15 deletions(-) diff --git a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java index 4d2f0da..d9aa54f 100644 --- a/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java +++ b/src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java @@ -107,7 +107,6 @@ private ArgDescriptions() { static final String SAST_HIGH = String.format(THRESHOLD_TEMPLATE, CX_SAST, HIGH); static final String SAST_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_SAST, MEDIUM); static final String SAST_LOW = String.format(THRESHOLD_TEMPLATE, CX_SAST, LOW); -// static final String OSA_CRITICAL = String.format(THRESHOLD_TEMPLATE, CX_OSA, CRITICAL); static final String OSA_HIGH = String.format(THRESHOLD_TEMPLATE, CX_OSA, HIGH); static final String OSA_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_OSA, MEDIUM); static final String OSA_LOW = String.format(THRESHOLD_TEMPLATE, CX_OSA, LOW); diff --git a/src/main/java/com/cx/plugin/cli/constants/Command.java b/src/main/java/com/cx/plugin/cli/constants/Command.java index c6b09eb..ed58756 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Command.java +++ b/src/main/java/com/cx/plugin/cli/constants/Command.java @@ -138,7 +138,6 @@ public static Options getOptions() { options.addOption(SAST_HIGH, true, ArgDescriptions.SAST_HIGH); options.addOption(SAST_MEDIUM, true, ArgDescriptions.SAST_MEDIUM); options.addOption(SAST_LOW, true, ArgDescriptions.SAST_LOW); -// options.addOption(OSA_CRITICAL, true, ArgDescriptions.OSA_CRITICAL); options.addOption(OSA_HIGH, true, ArgDescriptions.OSA_HIGH); options.addOption(OSA_MEDIUM, true, ArgDescriptions.OSA_MEDIUM); options.addOption(OSA_LOW, true, ArgDescriptions.OSA_LOW); diff --git a/src/main/java/com/cx/plugin/cli/constants/Parameters.java b/src/main/java/com/cx/plugin/cli/constants/Parameters.java index a77f5f3..1642b81 100644 --- a/src/main/java/com/cx/plugin/cli/constants/Parameters.java +++ b/src/main/java/com/cx/plugin/cli/constants/Parameters.java @@ -78,7 +78,6 @@ private Parameters() { public static final String SAST_MEDIUM = "sastmedium"; public static final String SAST_LOW = "sastlow"; -// public static final String OSA_CRITICAL = "osacritical"; public static final String OSA_HIGH = "osahigh"; public static final String OSA_MEDIUM = "osamedium"; public static final String OSA_LOW = "osalow"; diff --git a/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java b/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java index 84e8245..266eeff 100644 --- a/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java +++ b/src/main/java/com/cx/plugin/cli/errorsconstants/ErrorMessages.java @@ -29,7 +29,6 @@ private ErrorMessages() { public static final String SAST_HIGH_THRESHOLD_ERROR_MSG = "SAST high vulnerability threshold exceeded"; public static final String SAST_MEDIUM_THRESHOLD_ERROR_MSG = "SAST medium vulnerability threshold exceeded"; public static final String SAST_LOW_THRESHOLD_ERROR_MSG = "SAST low vulnerability threshold exceeded"; -// public static final String OSA_CRITICAL_THRESHOLD_ERROR_MSG = "OSA critical vulnerability threshold exceeded"; public static final String OSA_HIGH_THRESHOLD_ERROR_MSG = "OSA high vulnerability threshold exceeded"; public static final String OSA_MEDIUM_THRESHOLD_ERROR_MSG = "OSA medium vulnerability threshold exceeded"; public static final String OSA_LOW_THRESHOLD_ERROR_MSG = "OSA low vulnerability threshold exceeded"; diff --git a/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java b/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java index 164d38e..a4419a9 100644 --- a/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java +++ b/src/main/java/com/cx/plugin/cli/errorsconstants/Errors.java @@ -21,7 +21,6 @@ public enum Errors { SAST_HIGH_THRESHOLD_ERROR(11, SAST_HIGH_THRESHOLD_ERROR_MSG), SAST_MEDIUM_THRESHOLD_ERROR(12, SAST_MEDIUM_THRESHOLD_ERROR_MSG), SAST_LOW_THRESHOLD_ERROR(13, SAST_LOW_THRESHOLD_ERROR_MSG), -// OSA_CRITICAL_THRESHOLD_ERROR(14, OSA_CRITICAL_THRESHOLD_ERROR_MSG), OSA_HIGH_THRESHOLD_ERROR(14, OSA_HIGH_THRESHOLD_ERROR_MSG), OSA_MEDIUM_THRESHOLD_ERROR(15, OSA_MEDIUM_THRESHOLD_ERROR_MSG), OSA_LOW_THRESHOLD_ERROR(16, OSA_LOW_THRESHOLD_ERROR_MSG), diff --git a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java index 5ac90e0..4383752 100644 --- a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java @@ -404,8 +404,6 @@ private void mapScaConfiguration(Optional sca, CxScanConfig scanConfi sca.map(ScaConfig::getCritical) .filter(n -> n > 0) .ifPresent(pValue -> { -// scanConfig.setOsaThresholdsEnabled(true); -// scanConfig.setOsaCriticalThreshold(pValue); overridesResults.put("Sca Critical", String.valueOf(pValue)); }); @@ -989,10 +987,7 @@ private void setDependencyScanThresholds(CxScanConfig scanConfig) { String low = getSharedDependencyScanOption(scanConfig, OSA_LOW, SCA_LOW); scanConfig.setOsaThresholdsEnabled(false); -// if (!Strings.isNullOrEmpty(critical)) { -// scanConfig.setOsaCriticalThreshold(Integer.valueOf(critical)); -// scanConfig.setOsaThresholdsEnabled(true); -// } + if (!Strings.isNullOrEmpty(high)) { scanConfig.setOsaHighThreshold(Integer.valueOf(high)); scanConfig.setOsaThresholdsEnabled(true); diff --git a/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java b/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java index f245145..af9aedf 100644 --- a/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/ErrorParsingHelper.java @@ -41,7 +41,6 @@ private static Map createMessageToCodeMap() { // Generic threshold messageToCodeMap.put(GENERIC_THRESHOLD_FAILURE_ERROR_MSG, Errors.GENERIC_THRESHOLD_FAILURE_ERROR.getCode()); // OSA thresholds -// messageToCodeMap.put(OSA_CRITICAL_THRESHOLD_ERROR_MSG, Errors.OSA_CRITICAL_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_HIGH_THRESHOLD_ERROR_MSG, Errors.OSA_HIGH_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_MEDIUM_THRESHOLD_ERROR_MSG, Errors.OSA_MEDIUM_THRESHOLD_ERROR.getCode()); messageToCodeMap.put(OSA_LOW_THRESHOLD_ERROR_MSG, Errors.OSA_LOW_THRESHOLD_ERROR.getCode()); @@ -98,8 +97,6 @@ private static Errors toThresholdErrorCode(ThresholdError error) { } } else { switch (error.getSeverity()) { -// case CRITICAL: -// return Errors.OSA_CRITICAL_THRESHOLD_ERROR; case HIGH: return Errors.OSA_HIGH_THRESHOLD_ERROR; case MEDIUM: diff --git a/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java b/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java index 0f1b84c..ba951a6 100644 --- a/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java +++ b/src/test/java/com/cx/plugin/cli/utils/CxConfigHelperTests.java @@ -68,7 +68,6 @@ void ScaArgs_Valid() throws ParseException, CLIParsingException, IOException, Co assertTrue(StringUtils.isNotEmpty(config.getTeamPath())); assertEquals(LOCATION_PATH, config.getOsaLocationPath()); -// assertEquals(CRITICAL, config.getOsaCriticalThreshold()); assertEquals(HIGH, config.getOsaHighThreshold()); assertEquals(MEDIUM, config.getOsaMediumThreshold()); assertEquals(LOW, config.getOsaLowThreshold()); From 5157467d8011c3995c7dbc89821e72040508dcda Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Tue, 30 Jul 2024 14:37:56 +0530 Subject: [PATCH 10/18] Update pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 890b9e5..d9ac8c9 100644 --- a/pom.xml +++ b/pom.xml @@ -134,7 +134,7 @@ com.checkmarx cx-client-common - 2024.1.1 + 2024.3.24 From 7fee8ce48fcc3906660bfdd6973743f7f89b0eda Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Thu, 1 Aug 2024 17:02:32 +0530 Subject: [PATCH 11/18] Update pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 64ac477..fde2420 100644 --- a/pom.xml +++ b/pom.xml @@ -132,7 +132,7 @@ com.checkmarx cx-client-common - 2024.3.24 + 2024.3.25 From c7249e7f668f3e1f76dbc53c8d0c764e9f277bab Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Thu, 1 Aug 2024 17:18:04 +0530 Subject: [PATCH 12/18] Revert "Update pom.xml" This reverts commit 7fee8ce48fcc3906660bfdd6973743f7f89b0eda. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index fde2420..64ac477 100644 --- a/pom.xml +++ b/pom.xml @@ -132,7 +132,7 @@ com.checkmarx cx-client-common - 2024.3.25 + 2024.3.24 From b78c94f1229fc59cc2a8a29fb8c07ede247745f0 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Thu, 1 Aug 2024 17:21:43 +0530 Subject: [PATCH 13/18] Reapply "Update pom.xml" This reverts commit c7249e7f668f3e1f76dbc53c8d0c764e9f277bab. --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 64ac477..fde2420 100644 --- a/pom.xml +++ b/pom.xml @@ -132,7 +132,7 @@ com.checkmarx cx-client-common - 2024.3.24 + 2024.3.25 From 11bc6630fe7f5dfdf938e7ba64fec5d035f11620 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Thu, 1 Aug 2024 17:51:52 +0530 Subject: [PATCH 14/18] Update pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index fde2420..e14540a 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 4.0.0 com.cx.plugin CxConsolePlugin - 1.1.30 + 1.1.31 jar From b58d4f17bf16afb06d4027b8776d7c212138422e Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Fri, 2 Aug 2024 16:09:18 +0530 Subject: [PATCH 15/18] Update CxConfigHelper.java --- .../java/com/cx/plugin/cli/utils/CxConfigHelper.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java index f0d2c9b..4ca9f09 100644 --- a/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java +++ b/src/main/java/com/cx/plugin/cli/utils/CxConfigHelper.java @@ -403,6 +403,8 @@ private void mapScaConfiguration(Optional sca, CxScanConfig scanConfi sca.map(ScaConfig::getCritical) .filter(n -> n > 0) .ifPresent(pValue -> { + scanConfig.setOsaThresholdsEnabled(true); + scanConfig.setOsaCriticalThreshold(pValue); overridesResults.put("Sca Critical", String.valueOf(pValue)); }); @@ -984,14 +986,16 @@ private CxScanConfig setSASTThresholds(CxScanConfig scanConfig) { } private void setDependencyScanThresholds(CxScanConfig scanConfig) { - if(scanConfig.isAstScaEnabled()) { - String critical = getSharedDependencyScanOption(scanConfig,"",SCA_CRITICAL);} + String critical = getSharedDependencyScanOption(scanConfig,"",SCA_CRITICAL); String high = getSharedDependencyScanOption(scanConfig, OSA_HIGH, SCA_HIGH); String medium = getSharedDependencyScanOption(scanConfig, OSA_MEDIUM, SCA_MEDIUM); String low = getSharedDependencyScanOption(scanConfig, OSA_LOW, SCA_LOW); scanConfig.setOsaThresholdsEnabled(false); - + if (!Strings.isNullOrEmpty(critical)) { + scanConfig.setOsaCriticalThreshold(Integer.valueOf(critical)); + scanConfig.setOsaThresholdsEnabled(true); + } if (!Strings.isNullOrEmpty(high)) { scanConfig.setOsaHighThreshold(Integer.valueOf(high)); scanConfig.setOsaThresholdsEnabled(true); From bcd788d60ce2bc71a7fe1661c90f14f9eed391e7 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Thu, 8 Aug 2024 14:03:03 +0530 Subject: [PATCH 16/18] Update pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e14540a..2a4c3f8 100644 --- a/pom.xml +++ b/pom.xml @@ -132,7 +132,7 @@ com.checkmarx cx-client-common - 2024.3.25 + 2024.3.26 From 34b827a0f767dcf809b2bebe4137b5be4ba87bc8 Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Thu, 8 Aug 2024 14:14:35 +0530 Subject: [PATCH 17/18] Update pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2a4c3f8..4c4fb46 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 4.0.0 com.cx.plugin CxConsolePlugin - 1.1.31 + 1.1.32 jar From d606956895f9cedd37d89f343e17a661b2e9e9ac Mon Sep 17 00:00:00 2001 From: susmitagorai29 Date: Mon, 12 Aug 2024 15:47:08 +0530 Subject: [PATCH 18/18] Update pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4c4fb46..2a4c3f8 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ 4.0.0 com.cx.plugin CxConsolePlugin - 1.1.32 + 1.1.31 jar