diff --git a/src/main/java/com/cx/restclient/ast/AstScaClient.java b/src/main/java/com/cx/restclient/ast/AstScaClient.java index 58d81383..9dc32594 100644 --- a/src/main/java/com/cx/restclient/ast/AstScaClient.java +++ b/src/main/java/com/cx/restclient/ast/AstScaClient.java @@ -938,7 +938,6 @@ private String getRiskManagementProjectId(String projectName) throws IOException String result = Optional.ofNullable(project) .map(Project::getId) .orElse(null); - String message = (result == null ? "Project not found" : String.format("Project ID: %s", result)); log.info(message); @@ -1029,14 +1028,12 @@ private String createRiskManagementProject(String name, String assignedTeam, Str } StringEntity entity = HttpClientHelper.convertToStringEntity(request); - Project newProject = httpClient.postRequest(PROJECTS, ContentType.CONTENT_TYPE_APPLICATION_JSON, entity, Project.class, HttpStatus.SC_CREATED, "create a project"); - return newProject.getId(); } diff --git a/src/main/java/com/cx/restclient/common/summary/DependencyScanResult.java b/src/main/java/com/cx/restclient/common/summary/DependencyScanResult.java index 8b75c788..8727d5f0 100644 --- a/src/main/java/com/cx/restclient/common/summary/DependencyScanResult.java +++ b/src/main/java/com/cx/restclient/common/summary/DependencyScanResult.java @@ -54,7 +54,6 @@ public class DependencyScanResult extends Results implements Serializable { DependencyScanResult(OSAResults osaResults){ this.scannerType = ScannerType.OSA; - this.criticalVulnerability = osaResults.getResults().getTotalCriticalVulnerabilities(); this.highVulnerability = osaResults.getResults().getTotalHighVulnerabilities(); this.mediumVulnerability = osaResults.getResults().getTotalMediumVulnerabilities(); this.lowVulnerability = osaResults.getResults().getTotalLowVulnerabilities(); diff --git a/src/main/java/com/cx/restclient/configuration/CxScanConfig.java b/src/main/java/com/cx/restclient/configuration/CxScanConfig.java index b20850d7..b4642bac 100644 --- a/src/main/java/com/cx/restclient/configuration/CxScanConfig.java +++ b/src/main/java/com/cx/restclient/configuration/CxScanConfig.java @@ -103,7 +103,6 @@ public void setprojectCustomFields(String projectCustomFields) { private Boolean osaRunInstall = false; private Boolean osaThresholdsEnabled = false; private Boolean osaFailOnError = false; - private Integer osaCriticalThreshold; private Integer osaHighThreshold; private Integer osaMediumThreshold; private Integer osaLowThreshold; @@ -171,6 +170,8 @@ public void setOverrideRetentionRate(boolean overrideRetentionRate) { private Boolean enableSastBranching = false; private String masterBranchProjName; + + private Integer copyBranchTimeOutInSeconds; public CxScanConfig() { } @@ -637,14 +638,6 @@ public Boolean isOsaFailOnError() { public void setOsaFailOnError(Boolean osaFailOnError) { this.osaFailOnError = osaFailOnError; } - - public Integer getOsaCriticalThreshold() { - return osaCriticalThreshold; - } - - public void setOsaCriticalThreshold(Integer osaCriticalThreshold) { - this.osaCriticalThreshold = osaCriticalThreshold; - } public Integer getOsaHighThreshold() { return osaHighThreshold; @@ -691,7 +684,7 @@ public boolean isSASTThresholdEffectivelyEnabled() { public boolean isOSAThresholdEffectivelyEnabled() { return (isOsaEnabled() || isAstScaEnabled()) && getOsaThresholdsEnabled() && - (getOsaCriticalThreshold() != null ||getOsaHighThreshold() != null || getOsaMediumThreshold() != null || getOsaLowThreshold() != null); + (getOsaHighThreshold() != null || getOsaMediumThreshold() != null || getOsaLowThreshold() != null); } public void setOsaDependenciesJson(String osaDependenciesJson) { @@ -1076,5 +1069,12 @@ public void setScaReportFormat(String scaReportFormat) { this.scaReportFormat = scaReportFormat; } + public Integer getcopyBranchTimeOutInSeconds() { + return copyBranchTimeOutInSeconds; + } + + public void setcopyBranchTimeOutInSeconds(Integer copyBranchTimeOutInSeconds) { + this.copyBranchTimeOutInSeconds = copyBranchTimeOutInSeconds; + } } diff --git a/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java b/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java index 219781c3..65bfeb29 100644 --- a/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java +++ b/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java @@ -120,7 +120,6 @@ private void addDependencyScanThresholdErrors(CxScanConfig config, OSAResults os OSASummaryResults summary = osaResults.getResults(); if (summary != null) { hasSummary = true; - totalCritical = summary.getTotalCriticalVulnerabilities(); totalHigh = summary.getTotalHighVulnerabilities(); totalMedium = summary.getTotalMediumVulnerabilities(); totalLow = summary.getTotalLowVulnerabilities(); @@ -128,7 +127,6 @@ private void addDependencyScanThresholdErrors(CxScanConfig config, OSAResults os } if (hasSummary) { - checkForThresholdError(totalCritical, config.getOsaCriticalThreshold(), errorSource, Severity.CRITICAL); checkForThresholdError(totalHigh, config.getOsaHighThreshold(), errorSource, Severity.HIGH); checkForThresholdError(totalMedium, config.getOsaMediumThreshold(), errorSource, Severity.MEDIUM); checkForThresholdError(totalLow, config.getOsaLowThreshold(), errorSource, Severity.LOW); diff --git a/src/main/java/com/cx/restclient/dto/scansummary/Severity.java b/src/main/java/com/cx/restclient/dto/scansummary/Severity.java index f2973521..caa9e6d2 100644 --- a/src/main/java/com/cx/restclient/dto/scansummary/Severity.java +++ b/src/main/java/com/cx/restclient/dto/scansummary/Severity.java @@ -4,5 +4,6 @@ public enum Severity { LOW, MEDIUM, HIGH, - CRITICAL + CRITICAL, + NONE } diff --git a/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java b/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java index 72952c40..7fe0ed96 100644 --- a/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java +++ b/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java @@ -26,6 +26,7 @@ import org.apache.http.client.methods.*; import org.apache.http.client.params.AuthPolicy; import org.apache.http.client.utils.HttpClientUtils; +import org.apache.http.client.utils.URIBuilder; import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; import org.apache.http.conn.routing.HttpRoute; @@ -595,7 +596,7 @@ public T getRequest(String relPath, String contentType, Class responseTyp } public T getRequest(String rootURL, String relPath, String acceptHeader, String contentType, Class responseType, int expectStatus, String failedMsg, boolean isCollection) throws IOException { - HttpGet get = new HttpGet(rootURL + relPath); + HttpGet get = new HttpGet(rootURL + relPath); get.addHeader(HttpHeaders.ACCEPT, acceptHeader); return request(get, contentType, null, responseType, expectStatus, "get " + failedMsg, isCollection, true); } @@ -642,9 +643,9 @@ private T request(HttpRequestBase httpMethod, String contentType, HttpEntity URI tmpUri = httpMethod.getURI(); String host = StringUtils.isNotEmpty(tmpUri.getAuthority()) ? tmpUri.getAuthority() : tmpUri.getHost(); host = IDN.toASCII(host, IDN.ALLOW_UNASSIGNED); - try { - URI uri = new URI(tmpUri.getScheme(), tmpUri.getUserInfo(), host, tmpUri.getPort(), tmpUri.getPath(), - tmpUri.getQuery(), tmpUri.getFragment()); + try { + URIBuilder uriBuilder = new URIBuilder(tmpUri).setHost(host); + URI uri = uriBuilder.build(); httpMethod.setURI(uri); } catch (URISyntaxException e) { log.error("Fail to convert URI: " + httpMethod.getURI().toString()); @@ -656,6 +657,7 @@ private T request(HttpRequestBase httpMethod, String contentType, HttpEntity if (entity != null && httpMethod instanceof HttpEntityEnclosingRequestBase) { //Entity for Post methods ((HttpEntityEnclosingRequestBase) httpMethod).setEntity(entity); } + HttpResponse response = null; int statusCode = 0; @@ -669,8 +671,7 @@ private T request(HttpRequestBase httpMethod, String contentType, HttpEntity for (Map.Entry entry : customHeaders.entrySet()) { httpMethod.addHeader(entry.getKey(), entry.getValue()); - } - + } response = apacheClient.execute(httpMethod); statusCode = response.getStatusLine().getStatusCode(); diff --git a/src/main/java/com/cx/restclient/httpClient/utils/ContentType.java b/src/main/java/com/cx/restclient/httpClient/utils/ContentType.java index 8e238f7d..7dfdd1e1 100644 --- a/src/main/java/com/cx/restclient/httpClient/utils/ContentType.java +++ b/src/main/java/com/cx/restclient/httpClient/utils/ContentType.java @@ -7,6 +7,7 @@ public class ContentType { public static final String CONTENT_TYPE_APPLICATION_JSON = "application/json"; public static final String CONTENT_TYPE_API_VERSION_1_2 = "application/json;v=1.2"; public static final String CONTENT_TYPE_API_VERSION_1_1 = "application/json;v=1.1"; + public static final String CONTENT_TYPE_APPLICATION_JSON_V4 = "application/json;v=4.0"; public static final String CONTENT_TYPE_APPLICATION_JSON_V21 = "application/json;v=2.1"; public static final String CONTENT_TYPE_APPLICATION_JSON_V2 = "application/json;v=2.0"; public static final String CONTENT_TYPE_APPLICATION_JSON_V1 = "application/json;v=1.0"; diff --git a/src/main/java/com/cx/restclient/osa/dto/OSASummaryResults.java b/src/main/java/com/cx/restclient/osa/dto/OSASummaryResults.java index 0ad3da65..3f68d0bf 100644 --- a/src/main/java/com/cx/restclient/osa/dto/OSASummaryResults.java +++ b/src/main/java/com/cx/restclient/osa/dto/OSASummaryResults.java @@ -12,7 +12,6 @@ public class OSASummaryResults implements Serializable { private int totalLibraries; - private int criticalVulnerabilityLibraries; private int highVulnerabilityLibraries; private int mediumVulnerabilityLibraries; private int lowVulnerabilityLibraries; @@ -20,7 +19,6 @@ public class OSASummaryResults implements Serializable { private int vulnerableAndUpdated; private int vulnerableAndOutdated; private String vulnerabilityScore; - private int totalCriticalVulnerabilities; private int totalHighVulnerabilities; private int totalMediumVulnerabilities; private int totalLowVulnerabilities; @@ -32,14 +30,6 @@ public int getTotalLibraries() { public void setTotalLibraries(int totalLibraries) { this.totalLibraries = totalLibraries; } - - public int getCriticalVulnerabilityLibraries() { - return criticalVulnerabilityLibraries; - } - - public void setCriticalVulnerabilityLibraries(int criticalVulnerabilityLibraries) { - this.criticalVulnerabilityLibraries = criticalVulnerabilityLibraries; - } public int getHighVulnerabilityLibraries() { return highVulnerabilityLibraries; @@ -96,14 +86,6 @@ public String getVulnerabilityScore() { public void setVulnerabilityScore(String vulnerabilityScore) { this.vulnerabilityScore = vulnerabilityScore; } - - public int getTotalCriticalVulnerabilities() { - return totalCriticalVulnerabilities; - } - - public void setTotalCriticalVulnerabilities(int totalCriticalVulnerabilities) { - this.totalCriticalVulnerabilities = totalCriticalVulnerabilities; - } public int getTotalHighVulnerabilities() { return totalHighVulnerabilities; diff --git a/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java b/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java index 93f546f1..e340baf0 100644 --- a/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java +++ b/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java @@ -135,7 +135,6 @@ public static void printOSAResultsToConsole(OSAResults osaResults, boolean enabl log.info("------------------------"); log.info("Vulnerabilities Summary:"); log.info("------------------------"); - log.info("OSA critical severity results: " + osaSummaryResults.getTotalCriticalVulnerabilities()); log.info("OSA high severity results: " + osaSummaryResults.getTotalHighVulnerabilities()); log.info("OSA medium severity results: " + osaSummaryResults.getTotalMediumVulnerabilities()); log.info("OSA low severity results: " + osaSummaryResults.getTotalLowVulnerabilities()); diff --git a/src/main/java/com/cx/restclient/sast/dto/CreateBranchStatus.java b/src/main/java/com/cx/restclient/sast/dto/CreateBranchStatus.java new file mode 100644 index 00000000..3358a5bd --- /dev/null +++ b/src/main/java/com/cx/restclient/sast/dto/CreateBranchStatus.java @@ -0,0 +1,91 @@ +package com.cx.restclient.sast.dto; + +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class CreateBranchStatus { + + private long id; + private long originalProjectId; + private String originalProjectName; + private long branchedOnScanId; + private long branchedProjectId; + private String timestamp; + private String comment; + private Status status; + private String errorMessage; + public CreateBranchStatus(long id, long originalProjectId, String originalProjectName, long branchedOnScanId, + long branchedProjectId, String timestamp, String comment, Status status, String errorMessage) { + this.id = id; + this.originalProjectId = originalProjectId; + this.originalProjectName = originalProjectName; + this.branchedOnScanId = branchedOnScanId; + this.branchedProjectId = branchedProjectId; + this.timestamp = timestamp; + this.comment = comment; + this.status = status; + this.errorMessage = errorMessage; + } + + public CreateBranchStatus() { + } + + public long getId() { + return id; + } + public void setId(long id) { + this.id = id; + } + public long getOriginalProjectId() { + return originalProjectId; + } + public void setOriginalProjectId(Integer originalProjectId) { + this.originalProjectId = originalProjectId; + } + public String getOriginalProjectName() { + return originalProjectName; + } + public void setOriginalProjectName(String originalProjectName) { + this.originalProjectName = originalProjectName; + } + public long getBranchedOnScanId() { + return branchedOnScanId; + } + public void setBranchedOnScanId(long branchedOnScanId) { + this.branchedOnScanId = branchedOnScanId; + } + public long getBranchedProjectId() { + return branchedProjectId; + } + public void setBranchedProjectId(long branchedProjectId) { + this.branchedProjectId = branchedProjectId; + } + public String getTimestamp() { + return timestamp; + } + public void setTimestamp(String timestamp) { + this.timestamp = timestamp; + } + public String getComment() { + return comment; + } + public void setComment(String comment) { + this.comment = comment; + } + public Status getStatus() { + return status; + } + public void setStatus(Status status) { + this.status = status; + } + public String getErrorMessage() { + return errorMessage; + } + public void setErrorMessage(String errorMessage) { + this.errorMessage = errorMessage; + } + +} \ No newline at end of file diff --git a/src/main/java/com/cx/restclient/sast/dto/Status.java b/src/main/java/com/cx/restclient/sast/dto/Status.java new file mode 100644 index 00000000..39639432 --- /dev/null +++ b/src/main/java/com/cx/restclient/sast/dto/Status.java @@ -0,0 +1,23 @@ +package com.cx.restclient.sast.dto; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class Status { + + private long id; + private String value; + + public long getId() { + return id; + } + public void setId(long id) { + this.id = id; + } + public String getValue() { + return value; + } + public void setValue(String value) { + this.value = value; + } +} \ No newline at end of file diff --git a/src/main/java/com/cx/restclient/sast/utils/LegacyClient.java b/src/main/java/com/cx/restclient/sast/utils/LegacyClient.java index bd31f27e..3367ce45 100644 --- a/src/main/java/com/cx/restclient/sast/utils/LegacyClient.java +++ b/src/main/java/com/cx/restclient/sast/utils/LegacyClient.java @@ -27,6 +27,7 @@ import static com.cx.restclient.common.CxPARAM.*; import static com.cx.restclient.httpClient.utils.ContentType.CONTENT_TYPE_APPLICATION_JSON_V1; +import static com.cx.restclient.httpClient.utils.ContentType.CONTENT_TYPE_APPLICATION_JSON_V4; import static com.cx.restclient.httpClient.utils.HttpClientHelper.convertToJson; import static com.cx.restclient.sast.utils.SASTParam.*; @@ -104,7 +105,8 @@ public long resolveProjectId() throws IOException { throw new CxClientException( "Branched project could not be created: " + config.getProjectName()); }else { - log.info("Created a project with ID {}", projectId); + checkCreateBranchProjectStatus(projectId); + log.info("Created a project with ID {}", projectId); if(config.isEnableDataRetention()){ setRetentionRate(projectId); } @@ -136,6 +138,58 @@ public long resolveProjectId() throws IOException { return projectId; } + private void checkCreateBranchProjectStatus(long branchprojectId) throws IOException { + // TODO Auto-generated method stub + String Status = ""; + CreateBranchStatus getBranchRequest = null; + int timeout = checkTimeOut(); + for (int i = 0; i < 3; i++) { + try { + getBranchRequest = populateBranchStatusList(branchprojectId); + } catch (Exception e) { + log.info("Version is less than SAST 9.5 V4"); + break; + } + if (getBranchRequest != null) { + Status = getBranchRequest.getStatus().getValue(); + log.info("Interval =" + i + " BranchStatus=" + Status); + if (Status.equals("Completed")) { + break; + } else { + waitTime(timeout); + } + } + } + } + + private void waitTime(int timeout) { + try { + log.info("timeout =" + timeout +" Seconds"); + Thread.sleep(timeout*1000); + } catch (InterruptedException ex) { + Thread.currentThread().interrupt(); + } + } + + private int checkTimeOut() { + int timeout = 10; + if((config.getcopyBranchTimeOutInSeconds())!=null) { + timeout = config.getcopyBranchTimeOutInSeconds(); + log.info("copybranchtimeoutinseconds =" + timeout +" Seconds"); + } + if (timeout > 0 && timeout < 60 ) { + log.info("copybranchtimeoutinseconds is "+ timeout +"seconds"); + } else { + timeout = 10; + log.warn("copybranchtimeoutinseconds is not between the range of 0 to 60 seconds, using default timeout i.e. 10 seconds"); + } + return timeout; + } + + private CreateBranchStatus populateBranchStatusList(long branchprojectId) throws IOException, CxClientException { + return httpClient.getRequest(PROJECT_BRANCH_ID.replace("{id}", Long.toString(branchprojectId)), CONTENT_TYPE_APPLICATION_JSON_V4, CreateBranchStatus.class, 200, "branch status", false); + } + public String configureTeamPath() throws IOException, CxClientException { if (StringUtils.isEmpty(config.getTeamPath())) { diff --git a/src/main/java/com/cx/restclient/sast/utils/SASTParam.java b/src/main/java/com/cx/restclient/sast/utils/SASTParam.java index 63e0da9b..5877240e 100644 --- a/src/main/java/com/cx/restclient/sast/utils/SASTParam.java +++ b/src/main/java/com/cx/restclient/sast/utils/SASTParam.java @@ -55,5 +55,6 @@ public class SASTParam { //PROJECT BRANCHING public static final String PROJECT_BRANCH = "projects/{id}/branch"; + public static final String PROJECT_BRANCH_ID = "projects/branch/{id}"; } diff --git a/src/main/java/com/cx/restclient/sast/utils/SASTUtils.java b/src/main/java/com/cx/restclient/sast/utils/SASTUtils.java index 852ac8a9..83caebdf 100644 --- a/src/main/java/com/cx/restclient/sast/utils/SASTUtils.java +++ b/src/main/java/com/cx/restclient/sast/utils/SASTUtils.java @@ -47,17 +47,41 @@ public static void printSASTResultsToConsole(CxScanConfig config, SASTResults sa String lowNew = sastResults.getNewLow() > 0 ? " (" + sastResults.getNewLow() + " new)" : ""; String criticalNew = sastResults.getNewCritical() > 0 ? " (" + sastResults.getNewCritical() + " new)" : ""; String infoNew = sastResults.getNewInfo() > 0 ? " (" + sastResults.getNewInfo() + " new)" : ""; - - log.info("----------------------------Checkmarx Scan Results(CxSAST):-------------------------------"); + CxVersion cxVersion = config.getCxVersion(); String sastVersion = cxVersion != null ? cxVersion.getVersion() : null; + if (sastVersion != null && !sastVersion.isEmpty()) { + String[] versionComponents = sastVersion.split("\\."); + if (versionComponents.length >= 2) { + String currentVersion = versionComponents[0] + "." + versionComponents[1]; float currentVersionFloat = Float.parseFloat(currentVersion); + + String cxOrigin = config.getCxOrigin(); + + if(cxOrigin != null && cxOrigin.equals("cx-CLI") && currentVersionFloat < Float.parseFloat("9.7")){ + + if(config.getSastCriticalThreshold() != null && config.getSastCriticalThreshold() != 0) { + log.warn("-SASTCritical parameter only works with SAST >= 9.7"); + } + } + + log.info("----------------------------Checkmarx Scan Results(CxSAST):-------------------------------"); + +// CxVersion cxVersion = config.getCxVersion(); +// String sastVersion = cxVersion != null ? cxVersion.getVersion() : null; +// if (sastVersion != null && !sastVersion.isEmpty()) { +// String[] versionComponents = sastVersion.split("\\."); +// if (versionComponents.length >= 2) { +// String currentVersion = versionComponents[0] + "." + versionComponents[1]; +// float currentVersionFloat = Float.parseFloat(currentVersion); + + if (currentVersionFloat >= Float.parseFloat("9.7")) { - log.info("Critical severity results: " + sastResults.getCritical() + criticalNew); + log.info("Critical severity results: " + sastResults.getCritical() + criticalNew); } } } diff --git a/src/main/resources/com/cx/report/report.ftl b/src/main/resources/com/cx/report/report.ftl index 87b99ac2..de64ac75 100644 --- a/src/main/resources/com/cx/report/report.ftl +++ b/src/main/resources/com/cx/report/report.ftl @@ -1516,8 +1516,8 @@
    - + <#if sca.scaResultReady>
  • @@ -1585,7 +1585,7 @@
- +
  • @@ -2710,6 +2710,7 @@ + <#if sca.scaResultReady> <#if dependencyResult.dependencyCriticalCVEReportTable?size gt 0>
    @@ -2765,6 +2766,7 @@
    + <#if dependencyResult.dependencyHighCVEReportTable?size gt 0>