From e060a834a72dfba82fc951bf891cb3fc6a913cbe Mon Sep 17 00:00:00 2001 From: swatipersistent <99341045+swatipersistent@users.noreply.github.com> Date: Wed, 20 Dec 2023 22:43:56 +0530 Subject: [PATCH] December 23 integration (#239) * 916plugjenkis * changes from branch bug_1141 changes from branch bug_1141 * Support for Project Level Custom Fields (#236) * Support for Project Level Custom Fields * Updated OSA logs * Updated logs for project level custom fields * Project Level Custom Field * Project Level-Custom Field --------- Co-authored-by: Swati Awate * Plug1254 project level custom field (#238) * Support for Project Level Custom Fields * Updated OSA logs * Updated logs for project level custom fields * Project Level Custom Field * Project Level-Custom Field * Project level Custom Fields --------- Co-authored-by: Swati Awate * Scan Level Custom tags * Changes to fix issues in policy enforcement * changes for vulnerability fixes * Update java version * reverting changes related to fsa upgrade * Project Level Custom Field * removed JAVA changes that previousl added * Exceeded CxSAST Vulnerability Threshold --------- Co-authored-by: Khant1000 <131154593+Khant1000@users.noreply.github.com> Co-authored-by: PravinGadankush Co-authored-by: Swati Awate Co-authored-by: RahulPiddeCheckmarx --- pom.xml | 4 +- .../com/cx/restclient/CxClientDelegator.java | 40 +++++--- .../java/com/cx/restclient/CxSASTClient.java | 76 ++++++++++++++- .../java/com/cx/restclient/ast/AstClient.java | 31 +++++-- .../com/cx/restclient/ast/AstSastClient.java | 4 +- .../com/cx/restclient/ast/AstScaClient.java | 92 ++++++++++++++----- .../ast/dto/common/StartScanRequest.java | 1 + .../cx/restclient/ast/dto/common/tags.java | 11 +++ .../restclient/ast/dto/sca/AstScaConfig.java | 17 ++++ .../ast/dto/sca/CreateProjectRequest.java | 11 +++ .../cx/restclient/ast/dto/sca/Project.java | 1 + .../ast/dto/sca/UpdateProjectRequest.java | 39 ++++++++ .../com/cx/restclient/common/CxPARAM.java | 7 +- .../common/summary/SummaryUtils.java | 46 ++++++---- .../configuration/CxScanConfig.java | 40 ++++++++ .../dto/scansummary/ScanSummary.java | 20 +++- .../restclient/httpClient/CxHttpClient.java | 19 +++- .../com/cx/restclient/osa/utils/OSAUtils.java | 4 +- .../com/cx/restclient/sast/dto/Project.java | 26 ++++++ .../sast/dto/ProjectLevelCustomFields.java | 40 ++++++++ .../sast/dto/ProjectPutRequest.java | 42 +++++++++ .../restclient/sast/utils/LegacyClient.java | 4 +- .../cx/restclient/sast/utils/SASTParam.java | 2 + .../java/com/cx/restclient/sca/dto/Tags.java | 5 + src/main/resources/common.properties | 1 + 25 files changed, 504 insertions(+), 79 deletions(-) create mode 100644 src/main/java/com/cx/restclient/ast/dto/common/tags.java create mode 100644 src/main/java/com/cx/restclient/ast/dto/sca/UpdateProjectRequest.java create mode 100644 src/main/java/com/cx/restclient/sast/dto/ProjectLevelCustomFields.java create mode 100644 src/main/java/com/cx/restclient/sast/dto/ProjectPutRequest.java create mode 100644 src/main/java/com/cx/restclient/sca/dto/Tags.java diff --git a/pom.xml b/pom.xml index cc8b73fc..9b25bc8b 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ 1.2.0 2.3.0 1.18.6 - 23.0.2 + 23.0.5 checkmarx-ltd_Cx-Client-Common @@ -233,7 +233,7 @@ jcommander 1.78 - + org.projectlombok lombok diff --git a/src/main/java/com/cx/restclient/CxClientDelegator.java b/src/main/java/com/cx/restclient/CxClientDelegator.java index 28a5e764..2966a037 100644 --- a/src/main/java/com/cx/restclient/CxClientDelegator.java +++ b/src/main/java/com/cx/restclient/CxClientDelegator.java @@ -19,8 +19,7 @@ import java.util.EnumMap; import java.util.Map; -import static com.cx.restclient.common.CxPARAM.PROJECT_POLICY_COMPLIANT_STATUS; -import static com.cx.restclient.common.CxPARAM.PROJECT_POLICY_VIOLATED_STATUS; +import static com.cx.restclient.common.CxPARAM.*; import static com.cx.restclient.cxArm.utils.CxARMUtils.getPoliciesNames; /** @@ -127,12 +126,11 @@ public ScanResults getLatestScanResults() { public void printIsProjectViolated(ScanResults scanResults) { if (config.getEnablePolicyViolations()) { log.info(PRINT_LINE); - log.info("Policy Management: "); + log.info("Policy Management: SAST and OSA "); log.info("--------------------"); OSAResults osaResults = (OSAResults) scanResults.get(ScannerType.OSA); SASTResults sastResults = (SASTResults) scanResults.get(ScannerType.SAST); - AstScaResults scaResults = (AstScaResults) scanResults.get(ScannerType.AST_SCA); boolean hasOsaViolations = osaResults != null && @@ -143,30 +141,44 @@ public void printIsProjectViolated(ScanResults scanResults) { if (sastResults != null && sastResults.getSastPolicies() != null && !sastResults.getSastPolicies().isEmpty()) { hasSastPolicies = true; - } - - boolean hasScaViolations = false; - if (scaResults != null && scaResults.getPolicyEvaluations() != null && !scaResults.getPolicyEvaluations().isEmpty()) { - hasScaViolations = true; } - if (!hasSastPolicies && !hasOsaViolations && !hasScaViolations) { - log.info(PROJECT_POLICY_COMPLIANT_STATUS); + if (!hasSastPolicies && !hasOsaViolations) { + log.info(PROJECT_POLICY_COMPLIANT_STATUS_SAST); log.info(PRINT_LINE); } else { - log.info(PROJECT_POLICY_VIOLATED_STATUS); + log.info(PROJECT_POLICY_VIOLATED_STATUS_SAST); if (hasSastPolicies) { log.info("SAST violated policies names: {}", getPoliciesNames(sastResults.getSastPolicies())); } if (hasOsaViolations) { log.info("OSA violated policies names: {}", getPoliciesNames(osaResults.getOsaPolicies())); } + log.info(PRINT_LINE); + } + } + if (config.getEnablePolicyViolationsSCA()) { + log.info(PRINT_LINE); + log.info("Policy Management: SCA "); + log.info("--------------------"); + + AstScaResults scaResults = (AstScaResults) scanResults.get(ScannerType.AST_SCA); + + boolean hasScaViolations = false; + if (scaResults != null && scaResults.getPolicyEvaluations() != null && !scaResults.getPolicyEvaluations().isEmpty()) { + hasScaViolations = true; + } + + if (!hasScaViolations) { + log.info(PROJECT_POLICY_COMPLIANT_STATUS_SCA); + log.info(PRINT_LINE); + } else { + log.info(PROJECT_POLICY_VIOLATED_STATUS_SCA); if (hasScaViolations) { - log.info("SCA policies are violated."); + log.info("SCA policies are violated."); } log.info(PRINT_LINE); } - } } diff --git a/src/main/java/com/cx/restclient/CxSASTClient.java b/src/main/java/com/cx/restclient/CxSASTClient.java index adf7a4e0..51e1ff48 100644 --- a/src/main/java/com/cx/restclient/CxSASTClient.java +++ b/src/main/java/com/cx/restclient/CxSASTClient.java @@ -31,10 +31,6 @@ import java.io.InputStream; import java.net.MalformedURLException; import java.nio.charset.StandardCharsets; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; import java.util.stream.Collectors; import org.apache.http.HttpEntity; @@ -59,6 +55,7 @@ import com.cx.restclient.dto.Status; import com.cx.restclient.exception.CxClientException; import com.cx.restclient.exception.CxHTTPClientException; +import com.cx.restclient.osa.dto.CVE; import com.cx.restclient.sast.dto.*; import com.cx.restclient.sast.utils.LegacyClient; import com.cx.restclient.sast.utils.SASTUtils; @@ -287,6 +284,9 @@ private void createSASTScan(long projectId) { } else { scanId = createRemoteSourceScan(projectId); } + if(config.getProjectLevelCustomFields()!=null) { + updateProjectCustomFields(); + } sastResults.setSastLanguage(language); sastResults.setScanId(scanId); log.info("SAST scan created successfully: Scan ID is {}", scanId); @@ -806,6 +806,74 @@ private boolean isScanWithSettingsSupported() { } } + public void updateProjectCustomFields() { + try { + log.info("Updating Project Custom Fields."); + if (config != null) { + String projectId = String.valueOf(this.projectId); + String apiVersion = getContentTypeAndApiVersion(config, PROJECT_PATH); + String apiVersionCustomField = getContentTypeAndApiVersion(config, CUSTOM_FIELD_PATH); + String projectCustomFieldsString = config.getProjectLevelCustomFields(); + if (projectCustomFieldsString != null && !projectCustomFieldsString.isEmpty()) { + List fetchSASTProjectCustomFields = (List) httpClient.getRequest( + CUSTOM_FIELD_PATH, apiVersionCustomField, ProjectLevelCustomFields.class, 200, SAST_SCAN, true + ); + ArrayList custObj = new ArrayList<>(); + Map projectCustomFieldMap = customFieldMap(projectCustomFieldsString); + Project getProjectRequest = httpClient.getRequest(PROJECT_PATH + projectId, CONTENT_TYPE_APPLICATION_JSON_V2, Project.class, 200, SAST_SCAN, false); + ProjectPutRequest projectPutRequest = new ProjectPutRequest(); + projectPutRequest.setName(getProjectRequest.getName()); + Integer team = Integer.parseInt(getProjectRequest.getTeamId()); + List tempCustomFields = getProjectRequest.getCustomFields(); + for (int i = 0; i < fetchSASTProjectCustomFields.size(); i++) { + if (projectCustomFieldMap.containsKey(fetchSASTProjectCustomFields.get(i).getName())) { + ProjectLevelCustomFields customProjectField = new ProjectLevelCustomFields( + fetchSASTProjectCustomFields.get(i).getId(), + projectCustomFieldMap.get(fetchSASTProjectCustomFields.get(i).getName()), + fetchSASTProjectCustomFields.get(i).getName() + ); + custObj.add(customProjectField); + } + } + List additionalCustomFields = new ArrayList<>(); + for (ProjectLevelCustomFields existingCustomField : tempCustomFields) { + String existingCustomFieldName = existingCustomField.getName(); + boolean isIdExists = projectCustomFieldMap.containsKey(existingCustomFieldName); + if (!isIdExists) { + additionalCustomFields.add(existingCustomField); + } + } + custObj.addAll(additionalCustomFields); + projectPutRequest.setOwningTeam(team); + if (!custObj.isEmpty()) { + projectPutRequest.setCustomFields(custObj); + String json = convertToJson(projectPutRequest); + StringEntity entity = new StringEntity(json); + try { + httpClient.putRequest(PROJECT_PATH + projectId, apiVersion, entity, null, 204, "define project level custom field"); + log.info("Project Level-Custom Fields updated successfully."); + } catch (CxHTTPClientException e) { + log.error("Error updating Project Level-Custom Fields: {}", e.getMessage()); + } + } + } + } + } catch (Exception ex) { + throw new CxClientException("Failed to Update Project Level-Custom Fields: " + ex.getMessage()); + } + } + + private Map customFieldMap(String projectCustomField){ + Map customFieldMap = new HashMap(); + StringTokenizer tokenizer = new StringTokenizer(projectCustomField, ","); + log.info("Project custom field: {}",projectCustomField); + while (tokenizer.hasMoreTokens()) { + String token = tokenizer.nextToken(); + String[] keyValue = token.split(":"); + customFieldMap.put(keyValue[0], keyValue[1]); + } + return customFieldMap; + } private ScanWithSettingsResponse scanWithSettings(byte[] zipFile, long projectId, boolean isRemote) throws IOException { log.info("Uploading zip file"); MultipartEntityBuilder builder = MultipartEntityBuilder.create(); diff --git a/src/main/java/com/cx/restclient/ast/AstClient.java b/src/main/java/com/cx/restclient/ast/AstClient.java index d21c2782..12f4b2e8 100644 --- a/src/main/java/com/cx/restclient/ast/AstClient.java +++ b/src/main/java/com/cx/restclient/ast/AstClient.java @@ -5,9 +5,7 @@ import java.net.MalformedURLException; import java.net.URL; import java.nio.charset.StandardCharsets; -import java.util.Collections; -import java.util.List; -import java.util.Optional; +import java.util.*; import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang3.StringUtils; @@ -101,11 +99,11 @@ private void validate(CxScanConfig config, Logger log) { protected HttpResponse sendStartScanRequest(RemoteRepositoryInfo repoInfo, SourceLocationType sourceLocation, - String projectId) throws IOException { + String projectId, String scanCustomTags) throws IOException { log.debug("Constructing the 'start scan' request"); ScanStartHandler handler = getScanStartHandler(repoInfo); - + Map scanCustomMap = customFiledMap(scanCustomTags); ProjectToScan project = ProjectToScan.builder() .id(projectId) .type(sourceLocation.getApiValue()) @@ -117,6 +115,7 @@ protected HttpResponse sendStartScanRequest(RemoteRepositoryInfo repoInfo, StartScanRequest request = StartScanRequest.builder() .project(project) .config(apiScanConfig) + .tags(scanCustomMap) .build(); StringEntity entity = HttpClientHelper.convertToStringEntity(request); @@ -125,15 +124,27 @@ protected HttpResponse sendStartScanRequest(RemoteRepositoryInfo repoInfo, return httpClient.postRequest(CREATE_SCAN, ContentType.CONTENT_TYPE_APPLICATION_JSON, entity, HttpResponse.class, HttpStatus.SC_CREATED, "start the scan"); } - - protected HttpResponse submitSourcesFromRemoteRepo(ASTConfig config, String projectId) throws IOException { + private Map customFiledMap(String scanCustomField){ + Map customFieldMap = new HashMap(); + if(!StringUtils.isEmpty(scanCustomField)) { + StringTokenizer tokenizer = new StringTokenizer(scanCustomField, ","); + log.info("scan custom Tags: {}", scanCustomField); + while (tokenizer.hasMoreTokens()) { + String token = tokenizer.nextToken(); + String[] keyValue = token.split(":"); + customFieldMap.put(keyValue[0], keyValue[1]); + } + } + return customFieldMap; + } + protected HttpResponse submitSourcesFromRemoteRepo(ASTConfig config, String projectId,String customTags) throws IOException { log.info("Using remote repository flow."); RemoteRepositoryInfo repoInfo = config.getRemoteRepositoryInfo(); validateRepoInfo(repoInfo); URL sanitizedUrl = sanitize(repoInfo.getUrl()); log.info("Repository URL: {}", sanitizedUrl); - return sendStartScanRequest(repoInfo, SourceLocationType.REMOTE_REPOSITORY, projectId); + return sendStartScanRequest(repoInfo, SourceLocationType.REMOTE_REPOSITORY, projectId,customTags); } protected void waitForScanToFinish(String scanId) { @@ -249,7 +260,7 @@ protected void handleInitError(Exception e, Results results) { results.setException(new CxClientException(message, e)); } - protected HttpResponse initiateScanForUpload(String projectId, byte[] zipFile, ASTConfig scanConfig) throws IOException { + protected HttpResponse initiateScanForUpload(String projectId, byte[] zipFile, ASTConfig scanConfig,String scanCustomTag) throws IOException { String uploadedArchiveUrl = getSourcesUploadUrl(scanConfig); String cleanPath = uploadedArchiveUrl.split("\\?")[0]; log.info("Uploading to: {}", cleanPath); @@ -262,7 +273,7 @@ protected HttpResponse initiateScanForUpload(String projectId, byte[] zipFile, A RemoteRepositoryInfo uploadedFileInfo = new RemoteRepositoryInfo(); uploadedFileInfo.setUrl(new URL(uploadedArchiveUrl)); - return sendStartScanRequest(uploadedFileInfo, SourceLocationType.LOCAL_DIRECTORY, projectId); + return sendStartScanRequest(uploadedFileInfo, SourceLocationType.LOCAL_DIRECTORY, projectId,scanCustomTag); } private String getSourcesUploadUrl(ASTConfig scanConfig) throws IOException { diff --git a/src/main/java/com/cx/restclient/ast/AstSastClient.java b/src/main/java/com/cx/restclient/ast/AstSastClient.java index 236733b9..5a55f0cb 100644 --- a/src/main/java/com/cx/restclient/ast/AstSastClient.java +++ b/src/main/java/com/cx/restclient/ast/AstSastClient.java @@ -139,7 +139,7 @@ public Results initiateScan() { SourceLocationType locationType = astConfig.getSourceLocationType(); HttpResponse response; if (locationType == SourceLocationType.REMOTE_REPOSITORY) { - response = submitSourcesFromRemoteRepo(astConfig, config.getProjectName()); + response = submitSourcesFromRemoteRepo(astConfig, config.getProjectName(),config.getAstScaConfig().getScaScanCustomTags()); } else { response = submitAllSourcesFromLocalDir(config.getProjectName(), astConfig.getZipFilePath()); @@ -161,7 +161,7 @@ protected HttpResponse submitAllSourcesFromLocalDir(String projectId, String zip String sourceDir = config.getSourceDir(); byte[] zipFile = CxZipUtils.getZippedSources(config, filter, sourceDir, log); - return initiateScanForUpload(projectId, zipFile, config.getAstSastConfig()); + return initiateScanForUpload(projectId, zipFile, config.getAstSastConfig(),config.getAstScaConfig().getScaScanCustomTags()); } @Override diff --git a/src/main/java/com/cx/restclient/ast/AstScaClient.java b/src/main/java/com/cx/restclient/ast/AstScaClient.java index 82fe9f5c..79b28a0f 100644 --- a/src/main/java/com/cx/restclient/ast/AstScaClient.java +++ b/src/main/java/com/cx/restclient/ast/AstScaClient.java @@ -19,21 +19,16 @@ import java.nio.file.StandardCopyOption; import java.nio.file.attribute.FileAttribute; import java.sql.Timestamp; -import java.util.Date; +import java.util.*; import java.text.SimpleDateFormat; import java.text.ParseException; -import java.util.ArrayList; -import java.util.Arrays; import java.util.Date; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; +import com.cx.restclient.ast.dto.sca.*; +import com.cx.restclient.sca.dto.Tags; import org.apache.commons.io.FileUtils; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; @@ -102,6 +97,7 @@ public class AstScaClient extends AstClient implements Scanner { private static final String RISK_MANAGEMENT_API = properties.get("astSca.riskManagementApi"); private static final String PROJECTS = RISK_MANAGEMENT_API + properties.get("astSca.projects"); + private static final String PROJECTID = PROJECTS + properties.get("astSca.projectId"); private static final String SUMMARY_REPORT = RISK_MANAGEMENT_API + properties.get("astSca.summaryReport"); private static final String FINDINGS = RISK_MANAGEMENT_API + properties.get("astSca.findings"); private static final String PACKAGES = RISK_MANAGEMENT_API + properties.get("astSca.packages"); @@ -375,7 +371,7 @@ public Results initiateScan() { } if (locationType == SourceLocationType.REMOTE_REPOSITORY) { - response = submitSourcesFromRemoteRepo(scaConfig, projectId); + response = submitSourcesFromRemoteRepo(scaConfig, projectId,scaConfig.getScaScanCustomTags()); } else { if (scaConfig.isIncludeSources()) { response = submitAllSourcesFromLocalDir(projectId, astScaConfig.getZipFilePath()); @@ -415,7 +411,7 @@ protected HttpResponse submitAllSourcesFromLocalDir(String projectId, String zip FileUtils.deleteDirectory(configFileDestination.toFile()); - return initiateScanForUpload(projectId, zipFile, config.getAstScaConfig()); + return initiateScanForUpload(projectId, zipFile, config.getAstScaConfig(),config.getAstScaConfig().getScaScanCustomTags()); } /** @@ -510,7 +506,7 @@ private HttpResponse submitScaResolverEvidenceFile(AstScaConfig scaConfig) throw }else{ throw new CxClientException("Error while running sca resolver executable. Exit code: "+exitCode); } - return initiateScanForUpload(projectId, FileUtils.readFileToByteArray(zipFile), config.getAstScaConfig()); + return initiateScanForUpload(projectId, FileUtils.readFileToByteArray(zipFile), config.getAstScaConfig(),config.getAstScaConfig().getScaScanCustomTags()); } public boolean checkSastResultPath(AstScaConfig scaConfig) { @@ -625,7 +621,7 @@ private HttpResponse submitManifestsAndFingerprintsFromLocalDir(String projectId FileUtils.deleteDirectory(configFileDestination.toFile()); - return initiateScanForUpload(projectId, FileUtils.readFileToByteArray(zipFile), astScaConfig); + return initiateScanForUpload(projectId, FileUtils.readFileToByteArray(zipFile), astScaConfig,config.getAstScaConfig().getScaScanCustomTags()); } /** @@ -907,8 +903,8 @@ public void testScaConnection() { private String resolveRiskManagementProject() throws IOException { String projectName = config.getProjectName(); String assignedTeam = config.getAstScaConfig().getTeamPath(); - String assignedTeamId = config.getAstScaConfig().getTeamId(); - + String assignedTeamId = config.getAstScaConfig().getTeamId(); + String projectCustomTag = config.getAstScaConfig().getScaProjectCustomTags(); if (!StringUtils.isEmpty(assignedTeamId)) { assignedTeam = getTeamById(assignedTeamId); @@ -921,10 +917,11 @@ private String resolveRiskManagementProject() throws IOException { String resolvedProjectId = getRiskManagementProjectId(projectName); if (resolvedProjectId == null) { log.info("Project not found, creating a new one."); - resolvedProjectId = createRiskManagementProject(projectName, assignedTeam); + resolvedProjectId = createRiskManagementProject(projectName, assignedTeam,projectCustomTag); log.info("Created a project with ID {}", resolvedProjectId); } else { log.info("Project already exists with ID {}", resolvedProjectId); + UpdateRiskManagementProject(resolvedProjectId,projectCustomTag); } return resolvedProjectId; } @@ -1016,7 +1013,7 @@ private void getRiskManagementProjects() throws IOException { true); } - private String createRiskManagementProject(String name, String assignedTeam) throws IOException { + private String createRiskManagementProject(String name, String assignedTeam, String projectCustomTag) throws IOException { CreateProjectRequest request = new CreateProjectRequest(); request.setName(name); if(!StringUtils.isEmpty(assignedTeam)) { @@ -1024,6 +1021,13 @@ private String createRiskManagementProject(String name, String assignedTeam) thr log.info("Team name: {}", assignedTeam); } + log.info("Project level custom tag name: {}",projectCustomTag); + if(!StringUtils.isEmpty(projectCustomTag)) { + Map tagMaps = customFieldMap(projectCustomTag); + log.debug("Project level custom tags: {}",tagMaps); + request.setTags(tagMaps); + } + StringEntity entity = HttpClientHelper.convertToStringEntity(request); Project newProject = httpClient.postRequest(PROJECTS, @@ -1036,6 +1040,51 @@ private String createRiskManagementProject(String name, String assignedTeam) thr return newProject.getId(); } + private void UpdateRiskManagementProject(String projectId, String customTags) throws IOException { + Project existingProject = httpClient.getRequest(PROJECTID.replace("id",projectId),ContentType.CONTENT_TYPE_APPLICATION_JSON,Project.class, + HttpStatus.SC_OK,"got project details",false); + + UpdateProjectRequest request = new UpdateProjectRequest(); + request.setName(existingProject.getName()); + + log.info("Project level custom tag name: {}",customTags); + if(existingProject.getTags()!=null){ + Map tagMaps = (Map) existingProject.getTags(); + if(!StringUtils.isEmpty(customTags)) { + StringTokenizer tokenizer = new StringTokenizer(customTags, ","); + while (tokenizer.hasMoreTokens()) { + String token = tokenizer.nextToken(); + String[] keyValue = token.split(":"); + tagMaps.put(keyValue[0], keyValue[1]); + } + } + request.setTags(tagMaps); + }else{ + if(!StringUtils.isEmpty(customTags)) { + Map tagMaps = customFieldMap(customTags); + + request.setTags(tagMaps); + } + } + StringEntity entity = HttpClientHelper.convertToStringEntity(request); + httpClient.putRequest(PROJECTID.replace("id",projectId),ContentType.CONTENT_TYPE_APPLICATION_JSON,entity,Project.class, + HttpStatus.SC_NO_CONTENT,"Updated project successfully"); + } + + + private Map customFieldMap(String projectCustomField){ + Map customFieldMap = new LinkedHashMap(); + if(!StringUtils.isEmpty(projectCustomField)){ + StringTokenizer tokenizer = new StringTokenizer(projectCustomField, ","); + while (tokenizer.hasMoreTokens()) { + String token = tokenizer.nextToken(); + String[] keyValue = token.split(":"); + customFieldMap.put(keyValue[0], keyValue[1]); + } + } + return customFieldMap; + + } private AstScaResults getScanResults() { AstScaResults result; log.debug("Getting results for scan ID {}", scanId); @@ -1056,11 +1105,12 @@ private AstScaResults getScanResults() { List packages = getPackages(scanId); result.setPackages(packages); - if(config.isEnablePolicyViolations()) { - List policyEvaluations = getPolicyEvaluation(reportId); - result.setPolicyEvaluations(policyEvaluations); - printPolicyEvaluations(policyEvaluations); - determinePolicyViolations(result); + + if(config.isEnablePolicyViolationsSCA()) { + List policyEvaluations = getPolicyEvaluation(reportId); + result.setPolicyEvaluations(policyEvaluations); + printPolicyEvaluations(policyEvaluations); + determinePolicyViolations(result); } String reportLink = getWebReportLink(config.getAstScaConfig().getWebAppUrl()); diff --git a/src/main/java/com/cx/restclient/ast/dto/common/StartScanRequest.java b/src/main/java/com/cx/restclient/ast/dto/common/StartScanRequest.java index e2b6909e..c8a00382 100644 --- a/src/main/java/com/cx/restclient/ast/dto/common/StartScanRequest.java +++ b/src/main/java/com/cx/restclient/ast/dto/common/StartScanRequest.java @@ -17,4 +17,5 @@ public class StartScanRequest { * How to scan. */ private List config; + private Object tags; } diff --git a/src/main/java/com/cx/restclient/ast/dto/common/tags.java b/src/main/java/com/cx/restclient/ast/dto/common/tags.java new file mode 100644 index 00000000..481e802f --- /dev/null +++ b/src/main/java/com/cx/restclient/ast/dto/common/tags.java @@ -0,0 +1,11 @@ +package com.cx.restclient.ast.dto.common; + + +import lombok.Builder; +import lombok.Getter; + +@Builder +@Getter +public class tags { + +} diff --git a/src/main/java/com/cx/restclient/ast/dto/sca/AstScaConfig.java b/src/main/java/com/cx/restclient/ast/dto/sca/AstScaConfig.java index 528a5623..98558128 100644 --- a/src/main/java/com/cx/restclient/ast/dto/sca/AstScaConfig.java +++ b/src/main/java/com/cx/restclient/ast/dto/sca/AstScaConfig.java @@ -44,6 +44,8 @@ public class AstScaConfig extends ASTConfig implements Serializable { private Boolean isScaProxy; private String pathToScaResolver; + private String scaProjectCustomTags; + private String scaScanCustomTags; private String scaResolverAddParameters; public String getPathToScaResolver() { @@ -59,6 +61,21 @@ public void setScaResolverAddParameters(String scaResolverAddParameters) { this.scaResolverAddParameters = scaResolverAddParameters; } + public String getScaProjectCustomTags() { + return scaProjectCustomTags; + } + + public void setScaProjectCustomTags(String scaProjectCustomTags) { + this.scaProjectCustomTags = scaProjectCustomTags; + } + + public String getScaScanCustomTags() { + return scaScanCustomTags; + } + + public void setScaScanCustomTags(String scaScanCustomTags) { + this.scaScanCustomTags = scaScanCustomTags; + } private Map envVariables; private List configFilePaths; diff --git a/src/main/java/com/cx/restclient/ast/dto/sca/CreateProjectRequest.java b/src/main/java/com/cx/restclient/ast/dto/sca/CreateProjectRequest.java index ad130f14..40825995 100644 --- a/src/main/java/com/cx/restclient/ast/dto/sca/CreateProjectRequest.java +++ b/src/main/java/com/cx/restclient/ast/dto/sca/CreateProjectRequest.java @@ -1,11 +1,22 @@ package com.cx.restclient.ast.dto.sca; +import com.cx.restclient.sca.dto.Tags; + import java.util.ArrayList; import java.util.List; public class CreateProjectRequest { private String name; private List assignedTeams = new ArrayList<>(); + private Object Tags; + + public Object getTags() { + return Tags; + } + + public void setTags(Object tags) { + this.Tags = tags; + } public List getAssignedTeams() { return assignedTeams; diff --git a/src/main/java/com/cx/restclient/ast/dto/sca/Project.java b/src/main/java/com/cx/restclient/ast/dto/sca/Project.java index 7fafedea..d4284598 100644 --- a/src/main/java/com/cx/restclient/ast/dto/sca/Project.java +++ b/src/main/java/com/cx/restclient/ast/dto/sca/Project.java @@ -8,4 +8,5 @@ public class Project { private String name; private String id; + private Object Tags; } diff --git a/src/main/java/com/cx/restclient/ast/dto/sca/UpdateProjectRequest.java b/src/main/java/com/cx/restclient/ast/dto/sca/UpdateProjectRequest.java new file mode 100644 index 00000000..1aa1c5a5 --- /dev/null +++ b/src/main/java/com/cx/restclient/ast/dto/sca/UpdateProjectRequest.java @@ -0,0 +1,39 @@ +package com.cx.restclient.ast.dto.sca; + +import java.util.ArrayList; +import java.util.List; + +public class UpdateProjectRequest { + private String name; + + public void setAssignedTeams(List assignedTeams) { + this.assignedTeams = assignedTeams; + } + + private List assignedTeams = new ArrayList<>(); + private Object Tags; + + public Object getTags() { + return Tags; + } + + public void setTags(Object tags) { + this.Tags = tags; + } + + public List getAssignedTeams() { + return assignedTeams; + } + + public void addAssignedTeams(String assignedTeam) { + this.assignedTeams.add(assignedTeam); + } + + public void setName(String name) { + this.name = name; + } + + public String getName() { + return name; + } +} diff --git a/src/main/java/com/cx/restclient/common/CxPARAM.java b/src/main/java/com/cx/restclient/common/CxPARAM.java index b692c562..3570ff3a 100644 --- a/src/main/java/com/cx/restclient/common/CxPARAM.java +++ b/src/main/java/com/cx/restclient/common/CxPARAM.java @@ -26,9 +26,12 @@ public abstract class CxPARAM { public static final String ORIGIN_HEADER = "cxOrigin"; public static final String ORIGIN_URL_HEADER = "cxOriginUrl"; public static final String CSRF_TOKEN_HEADER = "CXCSRFToken"; - public static final String PROJECT_POLICY_VIOLATED_STATUS = "Project policy status : violated"; - public static final String PROJECT_POLICY_COMPLIANT_STATUS = "Project policy status : compliant"; + public static final String PROJECT_POLICY_VIOLATED_STATUS_SAST = "Project policy status for SAST and OSA : violated"; + public static final String PROJECT_POLICY_VIOLATED_STATUS ="Project policy status : violated"; + public static final String PROJECT_POLICY_VIOLATED_STATUS_SCA = "Project policy status for SCA : violated"; + public static final String PROJECT_POLICY_COMPLIANT_STATUS_SAST = "Project policy status for SAST and OSA : compliant"; + public static final String PROJECT_POLICY_COMPLIANT_STATUS_SCA = "Project policy status for SCA : compliant"; public static final String DENY_NEW_PROJECT_ERROR = "Creation of the new project [{projectName}] is not authorized. " + "Please use an existing project. \nYou can enable the creation of new projects by disabling" + "" + " the Deny new Checkmarx projects creation checkbox in the Checkmarx plugin global settings.\n"; diff --git a/src/main/java/com/cx/restclient/common/summary/SummaryUtils.java b/src/main/java/com/cx/restclient/common/summary/SummaryUtils.java index 7dd5193b..a2837e0f 100644 --- a/src/main/java/com/cx/restclient/common/summary/SummaryUtils.java +++ b/src/main/java/com/cx/restclient/common/summary/SummaryUtils.java @@ -57,7 +57,7 @@ else if(config.isOsaEnabled()) boolean buildFailed = false; boolean policyViolated = false; - int policyViolatedCount; + int policyViolatedCount=0; //sast: if (config.isSastEnabled()) { if (sastResults != null && sastResults.isSastResultsReady()) { @@ -180,7 +180,7 @@ else if(config.isOsaEnabled()) } - if (config.getEnablePolicyViolations()) { + if ((config.isSastEnabled()|| config.isOsaEnabled() )&& config.getEnablePolicyViolations()) { Map policies = new HashMap<>(); @@ -204,36 +204,50 @@ else if(config.isOsaEnabled()) (left, right) -> left))); } + if(scanSummary.isPolicyViolated()) { + buildFailed = true; + policyViolated = true; + } + policyViolatedCount = policies.size(); + String policyLabel = policyViolatedCount == 1 ? "Policy" : "Policies"; + templateData.put("policyLabel", policyLabel); + + templateData.put("policyViolatedCount", policyViolatedCount); + } + + if (config.isAstScaEnabled() && config.getEnablePolicyViolationsSCA()) { + Map policies = new HashMap<>(); if(Boolean.TRUE.equals(config.isAstScaEnabled()) && scaResults != null && scaResults.getPolicyEvaluations() != null - && !scaResults.getPolicyEvaluations().isEmpty()) + && !scaResults.getPolicyEvaluations().isEmpty()) { - policyViolated = true; - - policies.putAll(scaResults.getPolicyEvaluations().stream().filter(policy -> policy.getIsViolated()).collect( + policies.putAll(scaResults.getPolicyEvaluations().stream().filter(policy -> policy.getIsViolated()).collect( Collectors.toMap(PolicyEvaluation::getName, PolicyEvaluation::getId, (left, right) -> left))); - if(policies.size()==0) + if(!policyViolated && policies.size()==0) + { + policyViolated = false; + } + else { - policyViolated = false; + policyViolated = true; } } - - + + if(scanSummary.isPolicyViolated()) { - buildFailed = true; - policyViolated = true; + buildFailed = true; + policyViolated = true; } - policyViolatedCount = policies.size(); + policyViolatedCount = policyViolatedCount+policies.size(); String policyLabel = policyViolatedCount == 1 ? "Policy" : "Policies"; templateData.put("policyLabel", policyLabel); - + templateData.put("policyViolatedCount", policyViolatedCount); } - templateData.put("policyViolated", policyViolated); - buildFailed |= policyViolated; + buildFailed = buildFailed || policyViolated; templateData.put("buildFailed", buildFailed); //generate the report: diff --git a/src/main/java/com/cx/restclient/configuration/CxScanConfig.java b/src/main/java/com/cx/restclient/configuration/CxScanConfig.java index 6dcda6bf..252ed36b 100644 --- a/src/main/java/com/cx/restclient/configuration/CxScanConfig.java +++ b/src/main/java/com/cx/restclient/configuration/CxScanConfig.java @@ -65,6 +65,7 @@ public class CxScanConfig implements Serializable { private File zipFile; private Integer engineConfigurationId; private String engineConfigurationName; + private String projectCustomFields; private boolean ignoreBenignErrors = false; private String osaFolderExclusions; @@ -75,6 +76,14 @@ public String getEngineConfigurationName() { public void setEngineConfigurationName(String engineConfigurationName) { this.engineConfigurationName = engineConfigurationName; } + + public String getprojectCustomFields() { + return projectCustomFields; + } + + public void setprojectCustomFields(String projectCustomFields) { + this.projectCustomFields = projectCustomFields; + } private String osaFilterPattern; private String osaArchiveIncludePatterns; @@ -89,6 +98,7 @@ public void setEngineConfigurationName(String engineConfigurationName) { private String osaDependenciesJson; private Boolean avoidDuplicateProjectScans = false; private boolean enablePolicyViolations = false; + private boolean enablePolicyViolationsSCA = false; private Boolean generateXmlReport = true; private String cxARMUrl; @@ -131,6 +141,8 @@ public void setEngineConfigurationName(String engineConfigurationName) { private String customFields; + private String projectLevelCustomFields; + private boolean isOverrideProjectSetting = false; public boolean isOverrideRetentionRate() { @@ -257,6 +269,14 @@ public String getCustomFields() { public void setCustomFields(String customFields) { this.customFields = customFields; } + + public String getProjectLevelCustomFields() { + return projectLevelCustomFields; + } + + public void setProjectLevelCustomFields(String projectLevelCustomFields) { + this.projectLevelCustomFields = projectLevelCustomFields; + } public String getOsaLocationPath() { return osaLocationPath; @@ -650,14 +670,34 @@ public boolean getEnablePolicyViolations() { return enablePolicyViolations; } + public boolean getEnablePolicyViolationsSCA() { + return enablePolicyViolationsSCA; + } + public void setEnablePolicyViolations(boolean enablePolicyViolations) { this.enablePolicyViolations = enablePolicyViolations; } + public void setEnablePolicyViolationsSCA(boolean enablePolicyViolationsSCA) { + this.enablePolicyViolationsSCA = enablePolicyViolationsSCA; + } + public boolean isEnablePolicyViolations() { return enablePolicyViolations; } + public boolean isEnablePolicyViolationsSCA() { + return enablePolicyViolationsSCA; + } + + public Boolean isSASTversionCompitable(){ + + if(Float.parseFloat(cxVersion.getVersion())>=9.6){ + return false; + } + return true; + } + public String getCxARMUrl() { return cxARMUrl; } diff --git a/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java b/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java index 5bfe90fc..4d491107 100644 --- a/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java +++ b/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java @@ -19,6 +19,10 @@ public class ScanSummary { private final List newResultThresholdErrors = new ArrayList<>(); private final boolean policyViolated; + private boolean policyVioletedSAST; + + private boolean policyVioletedSCA; + public ScanSummary(CxScanConfig config, SASTResults sastResults, OSAResults osaResults, AstScaResults scaResults) { addSastThresholdErrors(config, sastResults); @@ -26,7 +30,13 @@ public ScanSummary(CxScanConfig config, SASTResults sastResults, OSAResults osaR addNewResultThresholdErrors(config, sastResults); - policyViolated = determinePolicyViolation(config, sastResults, osaResults, scaResults); + policyVioletedSAST = determinePolicyViolation(config, sastResults, osaResults); + policyVioletedSCA = determinePolicyViolationSCA(config,scaResults); + if(policyVioletedSAST&&policyVioletedSCA){ + policyViolated=true; + }else{ + policyViolated=false; + } } @Override @@ -145,11 +155,15 @@ private void addNewResultThresholdErrors(CxScanConfig config, SASTResults sastRe } } - private static boolean determinePolicyViolation(CxScanConfig config, SASTResults sastResults, OSAResults osaResults, AstScaResults scaResults) { + private static boolean determinePolicyViolation(CxScanConfig config, SASTResults sastResults, OSAResults osaResults) { return config.getEnablePolicyViolations() && ((osaResults != null && !osaResults.getOsaPolicies().isEmpty()) || - (sastResults != null && !sastResults.getSastPolicies().isEmpty())) || (scaResults != null && scaResults.isBreakTheBuild() && scaResults.isPolicyViolated()); + (sastResults != null && !sastResults.getSastPolicies().isEmpty())); + } + + private static boolean determinePolicyViolationSCA(CxScanConfig config,AstScaResults scaResults) { + return config.getEnablePolicyViolationsSCA() && (scaResults != null && scaResults.isBreakTheBuild() && scaResults.isPolicyViolated()); } private void checkForThresholdError(int value, Integer threshold, ErrorSource source, Severity severity) { diff --git a/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java b/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java index 65e9ea43..72952c40 100644 --- a/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java +++ b/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java @@ -63,6 +63,9 @@ import java.io.Closeable; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.net.IDN; +import java.net.URI; +import java.net.URISyntaxException; import java.net.UnknownHostException; import java.nio.charset.StandardCharsets; import java.security.KeyManagementException; @@ -633,7 +636,21 @@ public void addCustomHeader(String name, String value) { } private T request(HttpRequestBase httpMethod, String contentType, HttpEntity entity, Class responseType, int expectStatus, String failedMsg, boolean isCollection, boolean retry) throws IOException { - if (contentType != null) { + //Support unicode characters + if (httpMethod.getURI() != null && (StringUtils.isNotEmpty(httpMethod.getURI().getHost()) || + StringUtils.isNotEmpty(httpMethod.getURI().getAuthority()))) { + URI tmpUri = httpMethod.getURI(); + String host = StringUtils.isNotEmpty(tmpUri.getAuthority()) ? tmpUri.getAuthority() : tmpUri.getHost(); + host = IDN.toASCII(host, IDN.ALLOW_UNASSIGNED); + try { + URI uri = new URI(tmpUri.getScheme(), tmpUri.getUserInfo(), host, tmpUri.getPort(), tmpUri.getPath(), + tmpUri.getQuery(), tmpUri.getFragment()); + httpMethod.setURI(uri); + } catch (URISyntaxException e) { + log.error("Fail to convert URI: " + httpMethod.getURI().toString()); + } + } + if (contentType != null) { httpMethod.addHeader("Content-type", contentType); } if (entity != null && httpMethod instanceof HttpEntityEnclosingRequestBase) { //Entity for Post methods diff --git a/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java b/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java index 4d75263b..e340baf0 100644 --- a/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java +++ b/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java @@ -190,13 +190,13 @@ public static void writeJsonToFile(String name, Object jsonObj, File workDirecto name = name.endsWith(JSON_EXTENSION) ? name : name + JSON_EXTENSION; File jsonFile = new File(workDirectory + File.separator + name); FileUtils.writeStringToFile(jsonFile, json); - log.info(name + " saved under location: " + jsonFile); + log.info("Report '{}' saved under location: {}", name, jsonFile); } else { String now = new SimpleDateFormat("dd_MM_yyyy-HH_mm_ss").format(new Date()); String fileName = name + "_" + now + JSON_EXTENSION; File jsonFile = new File(workDirectory + CX_REPORT_LOCATION, fileName); FileUtils.writeStringToFile(jsonFile, json); - log.info(name + " saved under location: " + workDirectory + CX_REPORT_LOCATION + File.separator + fileName); + log.info("Report '{}' saved under location: {}", name, workDirectory + CX_REPORT_LOCATION + File.separator + fileName); } } catch (Exception ex) { log.warn("Failed to write OSA JSON report (" + name + ") to file: " + ex.getMessage()); diff --git a/src/main/java/com/cx/restclient/sast/dto/Project.java b/src/main/java/com/cx/restclient/sast/dto/Project.java index 22528849..f128c253 100644 --- a/src/main/java/com/cx/restclient/sast/dto/Project.java +++ b/src/main/java/com/cx/restclient/sast/dto/Project.java @@ -1,5 +1,8 @@ package com.cx.restclient.sast.dto; +import java.util.ArrayList; +import java.util.List; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; /** @@ -12,7 +15,29 @@ public class Project { private String name; private String teamId; private boolean isPublic; + private List customFields; + + public boolean isPublic() { + return isPublic; + } + public void setPublic(boolean aPublic) { + isPublic = aPublic; + } + + public ArrayList getCustomFields() { + if (customFields instanceof ArrayList) { + return (ArrayList) customFields; + } else if (customFields != null) { + return new ArrayList<>(customFields); + } else { + return new ArrayList<>(); + } + } + public void setCustomFields(ArrayList customFields) { + this.customFields = customFields; + } + public long getId() { return id; } @@ -52,4 +77,5 @@ public String getOwner() { public void setOwner(String owner) { this.owner = owner; } + } diff --git a/src/main/java/com/cx/restclient/sast/dto/ProjectLevelCustomFields.java b/src/main/java/com/cx/restclient/sast/dto/ProjectLevelCustomFields.java new file mode 100644 index 00000000..28bbba9e --- /dev/null +++ b/src/main/java/com/cx/restclient/sast/dto/ProjectLevelCustomFields.java @@ -0,0 +1,40 @@ +package com.cx.restclient.sast.dto; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +/** + * Created by Galn on 4/11/2018. + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class ProjectLevelCustomFields { + @Override + public String toString() { + return "ProjectLevelCustomFields [id=" + id + ", value=" + value + ", name=" + name + "]"; + } + + private long id; + private String value; + private String name; + + public ProjectLevelCustomFields() { + } + + public ProjectLevelCustomFields(long id, String value, String name) { + this.id = id; + this.value = value; + this.name = name; + } + + public long getId() { + return id; + } + + public String getValue() { + return value; + } + + public String getName() { + return name; + } + +} diff --git a/src/main/java/com/cx/restclient/sast/dto/ProjectPutRequest.java b/src/main/java/com/cx/restclient/sast/dto/ProjectPutRequest.java new file mode 100644 index 00000000..ffac0599 --- /dev/null +++ b/src/main/java/com/cx/restclient/sast/dto/ProjectPutRequest.java @@ -0,0 +1,42 @@ +package com.cx.restclient.sast.dto; + +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +/** + * Created by Galn on 13/02/2018. + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class ProjectPutRequest { + + private String name; + private Integer owningTeam; + private List customFields; + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public Integer getOwningTeam() { + return owningTeam; + } + + public void setOwningTeam(Integer owningTeam) { + this.owningTeam = owningTeam; + } + + public List getCustomFields() { + return customFields; + } + + public void setCustomFields(ArrayList custObj) { + this.customFields = custObj; + } + +} diff --git a/src/main/java/com/cx/restclient/sast/utils/LegacyClient.java b/src/main/java/com/cx/restclient/sast/utils/LegacyClient.java index 93c167c8..25bfe2a3 100644 --- a/src/main/java/com/cx/restclient/sast/utils/LegacyClient.java +++ b/src/main/java/com/cx/restclient/sast/utils/LegacyClient.java @@ -221,9 +221,9 @@ public void initiate() throws CxClientException { if (config.isSastEnabled()) { resolvePreset(); } - if (config.getEnablePolicyViolations()) { + if (config.getEnablePolicyViolations() || config.getEnablePolicyViolationsSCA()) { resolveCxARMUrl(); - } + } resolveEngineConfiguration(); resolveProjectId(); resolvePostScanAction(); diff --git a/src/main/java/com/cx/restclient/sast/utils/SASTParam.java b/src/main/java/com/cx/restclient/sast/utils/SASTParam.java index 894335d3..63e0da9b 100644 --- a/src/main/java/com/cx/restclient/sast/utils/SASTParam.java +++ b/src/main/java/com/cx/restclient/sast/utils/SASTParam.java @@ -23,6 +23,8 @@ public class SASTParam { public static final String SAST_EXCLUDE_FOLDERS_FILES_PATTERNS = "projects/%s/sourceCode/excludeSettings"; public static final String SAST_RETENTION_RATE ="projects/{id}/dataRetentionSettings"; + public static final String PROJECT_PATH = "projects/"; + public static final String CUSTOM_FIELD_PATH = "customFields"; //Once it has results public static final String SAST_SCAN_RESULTS_STATISTICS = "sast/scans/{scanId}/resultsStatistics"; diff --git a/src/main/java/com/cx/restclient/sca/dto/Tags.java b/src/main/java/com/cx/restclient/sca/dto/Tags.java new file mode 100644 index 00000000..49a2112f --- /dev/null +++ b/src/main/java/com/cx/restclient/sca/dto/Tags.java @@ -0,0 +1,5 @@ +package com.cx.restclient.sca.dto; + +public class Tags { + +} diff --git a/src/main/resources/common.properties b/src/main/resources/common.properties index b78bb8e3..b1bcc688 100644 --- a/src/main/resources/common.properties +++ b/src/main/resources/common.properties @@ -12,6 +12,7 @@ astSast.descriptionPath = /api/queries/descriptions astSca.riskManagementApi = /risk-management/ astSca.projects = projects +astSca.projectId = /id astSca.summaryReport = riskReports/%s/summary astSca.findings = riskReports/%s/vulnerabilities astSca.packages = riskReports/%s/packages