Nov22 integration branch (#115)

* Code changes for ability to run full scan after x incremental scans.

Code changes for ability to run full scan after x incremental scans.

* Update CxConfigHelper.java

Have stored the location_url in the value1 string. Then split that string with a '@' character. Converted characters before '@' to '*' by iterating it into for loop and stored that string into value variable. Then appended '@' and next part of '@' into value.

* Code changes for plug-12 project branch support.

Code changes for plug-12 project branch support.

* Fix for plug 606 vulnerabilities.

Fix for plug 606 vulnerabilities reported.

* Added validation for masterBranchProjName argument if enableSastBranch is set.

Added validation for masterBranchProjName argument if enableSastBranch is set.

* Code changes to remove support of periodic full scan from config as code.

Code changes to remove support of periodic full scan from config as code and code optimization.

* pCLI parameters to create a SCA report in XML\PDF\CSV format

* 881_sca_proxy (#112)

* bugid: 881 SCA proxy fix
CR_by: n/a

* bugid: 881 SCA proxy fix - nonProxyHosts support
CR_by: n/a

* Code changes for conflict resolution after PR merging.

Code changes for conflict resolution after PR merging.

* Removed repeated line from SCAN string.

Removed repeated line from SCAN string.

* Updated cx-common-client repo version and removed lingala zip4j library from pom.xml.

Updated cx-common-client repository version and removed lingala zip4j library from pom.xml

* Added correct way to support custom truststore.

* changes missed during cherrypick fromdev branch.

* Corrections to features of this release. New cxcommon with 21.0.5 FSA.

* Fixed issue for CLI Plugin Shows Git Token in Plain Text

* Updated CxConsolePlugin version to 1.1.18

* Version change for release.

Version change for release.

* Changed plugin version to 1.1.18.

Changed plugin version to 1.1.18.

Co-authored-by: swatipersistent <[email protected]>
Co-authored-by: ilandn <[email protected]>
Co-authored-by: umeshwaghode <[email protected]>

.gitignore

@@ -24,3 +24,7 @@ target
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
+.classpath
+.project
+.settings/org.eclipse.core.resources.prefs
+.settings/org.eclipse.jdt.core.prefs

config/cx_console.properties

@@ -60,3 +60,7 @@ scan.sca.accesscontrol.url=https://platform.checkmarx.net
 # URL of the SCA web application. Used to generate web report URL. Optional. If omitted, the scan will run as usual,
 # but no report URL will be generated.
 scan.sca.webapp.url=https://sca.checkmarx.net
+
+# Custom trust store location and password. If defined, it must contain trust certificates/chain for all endpoints of CxSAST and CxSCA.
+trustStore=
+trustStorePassword=

pom.xml

@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.cx.plugin</groupId>
     <artifactId>CxConsolePlugin</artifactId>
-    <version>1.1.14</version>
+    <version>1.1.18</version>
     <packaging>jar</packaging>
 
     <repositories>
@@ -132,7 +132,7 @@
         <dependency>
             <groupId>com.checkmarx</groupId>
             <artifactId>cx-client-common</artifactId>
-            <version>2022.2.14</version>
+            <version>2022.4.4</version>
             <!-- Remove these excludes once latest FSA is used -->
             <exclusions>
                 <exclusion>
@@ -170,12 +170,23 @@
                 <exclusion>
                     <groupId>org.springframework</groupId>
                     <artifactId>spring-core</artifactId>
+                </exclusion>                
+				<exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
                 </exclusion>
-                <exclusion>
-                    <groupId>net.lingala.zip4j</groupId>
-    				<artifactId>zip4j</artifactId>
+				<exclusion>
+                    <groupId>org.jsoup</groupId>
+                    <artifactId>jsoup</artifactId>
+                </exclusion>
+				<exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>				 
+				<exclusion>
+                    <groupId>org.tmatesoft.sqljet</groupId>
+                    <artifactId>sqljet</artifactId>
                 </exclusion>
-
             </exclusions>
         </dependency>
         <!-- excluded dependencies from cx-client-common -->
@@ -203,7 +214,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.13.2.1</version>
+            <version>2.14.0</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
@@ -237,14 +248,28 @@
         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-codec</artifactId>
-            <version>4.1.77.Final</version>
-        </dependency>
+            <version>4.1.86.Final</version>
+        </dependency>     
+        <dependency>
+    		<groupId>org.yaml</groupId>
+    		<artifactId>snakeyaml</artifactId>
+    		<version>1.33</version>
+		</dependency>
         <dependency>
-    		<groupId>net.lingala.zip4j</groupId>
-    		<artifactId>zip4j</artifactId>
-    		<version>2.10.0</version>
+    		<groupId>org.jsoup</groupId>
+    		<artifactId>jsoup</artifactId>
+    		<version>1.15.3</version>
+		</dependency>
+		<dependency>
+    		<groupId>com.google.code.gson</groupId>
+    		<artifactId>gson</artifactId>
+    		<version>2.10</version>
+		</dependency>		
+		<dependency>
+    		<groupId>org.tmatesoft.sqljet</groupId>
+    		<artifactId>sqljet</artifactId>
+    		<version>1.1.15</version>
 		</dependency>
-
         <!-- end of excluded dependencies -->
         <dependency>
             <groupId>commons-cli</groupId>
@@ -297,7 +322,7 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.8.0</version>
+            <version>2.11.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>

src/main/java/com/cx/plugin/cli/configascode/SastConfig.java

@@ -23,7 +23,10 @@ public class SastConfig {
     private int high;
     @Optional
     private boolean isOverrideProjectSetting;
-
+    @Optional
+    private boolean enableSastBranching;
+    @Optional
+    private String masterBranchProjName;
 
     public SastConfig() {
     }
@@ -107,7 +110,22 @@ public boolean isOverrideProjectSetting() {
 	public void setOverrideProjectSetting(boolean isOverrideProjectSetting) {
 		this.isOverrideProjectSetting = isOverrideProjectSetting;
 	}
+
+	public boolean isEnableSASTBranching() {
+		return enableSastBranching;
+	}
 
+	public void setEnableSASTBranching(boolean enableSASTBranching) {
+		this.enableSastBranching = enableSASTBranching;
+	}
+
+	public String getMasterBranchProjName() {
+		return masterBranchProjName;
+	}
+
+	public void setMasterBranchProjName(String masterBranchProjName) {
+		this.masterBranchProjName = masterBranchProjName;
+	}
 
 
 }

src/main/java/com/cx/plugin/cli/constants/ArgDescriptions.java

@@ -91,9 +91,15 @@ private ArgDescriptions() {
     static final String SCAN_COMMENT = "Saves a comment with the scan results. For example: -comment 'important scan1'. Optional. Not supported in AsyncScan mode";
     static final String IS_SSO = "Single Sign-On: Use Windows credentials of current user to log into CxSAST. Optional.";
 
+
+
+    static final String GENERATE_SCA_REPORT = "Set Generate Sca Report. Optional.";
+    static final String SCA_REPORT_FORMAT = "Set Sca Report Format. Optional.";
+
     static final String HIGH = "high";
     static final String MEDIUM = "medium";
     static final String LOW = "low";
+
 
     static final String SAST_HIGH = String.format(THRESHOLD_TEMPLATE, CX_SAST, HIGH);
     static final String SAST_MEDIUM = String.format(THRESHOLD_TEMPLATE, CX_SAST, MEDIUM);
@@ -144,4 +150,10 @@ private ArgDescriptions() {
     static final String SCA_INCLUDE_SOURCE_FLAG = "Flag to include the entire source code for the SCA scan.";
     static final String SCA_TIME_OUT = "Timeout duration for SCA scan.";
     static final String SCAN_LEVEL_CUSTOM_FIELDS = "Scan level custom fields";
+
+    static final String ENABLE_SAST_BRANCHING = "Enable to create child project";
+    static final String MASTER_BRANCH_PROJ_NAME = "Master branch project name";
+
+    static final String PERIODIC_FULL_SCAN = "Run a full scan after X incremental scans . Scans all files, (-Incremental should be enable). Optional.";    
+
 }

src/main/java/com/cx/plugin/cli/constants/Command.java

@@ -123,6 +123,10 @@ public static Options getOptions() {
         options.addOption(CSV_REPORT, true, ArgDescriptions.CSV_REPORT);
         options.addOption(RTF_REPORT, true, ArgDescriptions.RTF_REPORT);
 
+
+        options.addOption(GENERATE_SCA_REPORT, false, ArgDescriptions.GENERATE_SCA_REPORT);
+        options.addOption(SCA_REPORT_FORMAT, true, ArgDescriptions.SCA_REPORT_FORMAT);
+
         options.addOption(IS_INCREMENTAL, false, ArgDescriptions.IS_INCREMENTAL);
         options.addOption(IS_FORCE_SCAN, false, ArgDescriptions.IS_FORCE_SCAN);
         options.addOption(IS_PRIVATE, false, ArgDescriptions.IS_PRIVATE);
@@ -173,6 +177,11 @@ public static Options getOptions() {
         options.addOption(SCA_INCLUDE_SOURCE_FLAG, false, ArgDescriptions.SCA_INCLUDE_SOURCE_FLAG);
         options.addOption(SCA_TIMEOUT, true, ArgDescriptions.SCA_TIME_OUT);
 
+        options.addOption(ENABLE_SAST_BRANCHING, false, ArgDescriptions.ENABLE_SAST_BRANCHING);
+        options.addOption(MASTER_BRANCH_PROJ_NAME, true, ArgDescriptions.MASTER_BRANCH_PROJ_NAME);
+
+        options.addOption(PERIODIC_FULL_SCAN, true, ArgDescriptions.PERIODIC_FULL_SCAN);
+
         return options;
     }
 

src/main/java/com/cx/plugin/cli/constants/Parameters.java

@@ -59,6 +59,10 @@ private Parameters() {
     public static final String PDF_REPORT = "reportpdf";
     public static final String XML_REPORT = "reportxml";
     public static final String CSV_REPORT = "reportcsv";
+
+    public static final String GENERATE_SCA_REPORT = "generateScaReport";
+    public static final String SCA_REPORT_FORMAT = "scareportformat";
+
     public static final String RTF_REPORT = "reportrtf";
     public static final String IS_INCREMENTAL = "incremental";
     public static final String IS_FORCE_SCAN = "forcescan";
@@ -110,4 +114,10 @@ private Parameters() {
     public static final String SAST_USER = "cxsastuser";
     public static final String SCA_TIMEOUT = "scatimeout";
 
+    public static final String ENABLE_SAST_BRANCHING = "enablesastbranching";
+    public static final String MASTER_BRANCH_PROJ_NAME = "masterbranchprojname";
+
+
+    public static final String PERIODIC_FULL_SCAN = "periodicfullscan";
+
 }

src/main/java/com/cx/plugin/cli/constants/UsageExamples.java

@@ -13,8 +13,11 @@ private UsageExamples() {
             " -locationurl http://vsts2003:8080 -locationuser dm\\matys -locationpassword XYZ -preset default -reportxml a.xml -reportpdf b.pdf" +
             " -incremental -forcescan\nCxConsole Scan -projectname SP\\Cx\\Engine\\AST -cxserver http://localhost -cxuser admin@cx -cxpassword admin -locationtype share" +
             " -locationpath '\\\\storage\\path1;\\\\storage\\path2' -locationuser dm\\matys -locationpassword XYZ -preset \"Sans 25\" -reportxls a.xls -reportpdf b.pdf -private -verbose -log a.log\n" +
-            " -LocationPathExclude test*, *log* -LocationFilesExclude web.config , *.class\n";
-
+            " -LocationPathExclude test*, *log* -LocationFilesExclude web.config , *.class\n" +
+            "-enablesastbranching to check if branching support is enabled\n" +
+            "-masterbranchprojname master branch project name\n" +            
+            "-periodicfullscan number like 4,5,etc";
+
     static final String TOKEN_GEN = "runCxConsole.cmd GenerateToken -CxServer http://localhost -cxuser admin@company -cxpassword admin -v";
 
     static final String TOKEN_REVOKE = "runCxConsole.cmd RevokeToken -CxToken 1241513513tsfrg42 -CxServer http://localhost -v";