Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix_property_delete #17

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix_property_delete #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9e932e2
bugid: Ensure delete legacy property
ilandn Apr 27, 2021
5a3c740
bugid: Ensure delete legacy property
ilandn Nov 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<groupId>checkmarx.com</groupId>
<artifactId>com.checkmarx.sonar.cxplugin</artifactId>
<packaging>sonar-plugin</packaging>
<version>2021.2.1</version>
<version>2021.2.3</version>
<name>Checkmarx plugin</name>
<description>Checkmarx plugin</description>

Expand Down
28 changes: 12 additions & 16 deletions src/main/java/com/checkmarx/sonar/measures/SastMetrics.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,92 +19,88 @@ public class SastMetrics implements Metrics {
public static String SAST_BASE_KEY = "cx.sast.result";
public static String NON_COMMENTIOG_LINES_OF_CODE = "Non commenting lines of code";

public static final Metric<Integer> SAST_HIGH_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY+".high", "Checkmarx - 1. High Vulnerabilities", Metric.ValueType.INT)
public static final Metric<Integer> SAST_HIGH_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY + ".high", "Checkmarx - 1. High Vulnerabilities", Metric.ValueType.INT)
.setDescription(NON_COMMENTIOG_LINES_OF_CODE)
.setDirection(Metric.DIRECTION_WORST)
.setQualitative(false)
.setDomain(CX_SAST_DOMAIN)
.create();

public static final Metric<Integer> SAST_MEDIUM_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY+".medium", "Checkmarx - 2. Medium Vulnerabilities", Metric.ValueType.INT)
public static final Metric<Integer> SAST_MEDIUM_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY + ".medium", "Checkmarx - 2. Medium Vulnerabilities", Metric.ValueType.INT)
.setDescription(NON_COMMENTIOG_LINES_OF_CODE)
.setDirection(Metric.DIRECTION_WORST)
.setQualitative(false)
.setDomain(CX_SAST_DOMAIN)
.create();

public static final Metric<Integer> SAST_LOW_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY +".low", "Checkmarx - 3. Low Vulnerabilities", Metric.ValueType.INT)
public static final Metric<Integer> SAST_LOW_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY + ".low", "Checkmarx - 3. Low Vulnerabilities", Metric.ValueType.INT)
.setDescription(NON_COMMENTIOG_LINES_OF_CODE)
.setDirection(Metric.DIRECTION_WORST)
.setQualitative(false)
.setDomain(CX_SAST_DOMAIN)
.create();



public static final Metric<Integer> SAST_TOTAL_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY +".total", "Checkmarx - 4. Total Vulnerabilities", Metric.ValueType.INT)
public static final Metric<Integer> SAST_TOTAL_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY + ".total", "Checkmarx - 4. Total Vulnerabilities", Metric.ValueType.INT)
.setDescription(NON_COMMENTIOG_LINES_OF_CODE)
.setDirection(Metric.DIRECTION_WORST)
.setQualitative(false)
.setDomain(CX_SAST_DOMAIN)
.create();

public static final Metric<Integer> SAST_NEW_HIGH_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY+"new.high", "Checkmarx - 5. New High Vulnerabilities", Metric.ValueType.INT)
public static final Metric<Integer> SAST_NEW_HIGH_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY + "new.high", "Checkmarx - 5. New High Vulnerabilities", Metric.ValueType.INT)
.setDescription(NON_COMMENTIOG_LINES_OF_CODE)
.setDirection(Metric.DIRECTION_WORST)
.setQualitative(false)
.setDomain(CX_SAST_DOMAIN)
.create();

public static final Metric<Integer> SAST_NEW_MEDIUM_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY+"new.medium", "Checkmarx - 6. New Medium Vulnerabilities", Metric.ValueType.INT)
public static final Metric<Integer> SAST_NEW_MEDIUM_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY + "new.medium", "Checkmarx - 6. New Medium Vulnerabilities", Metric.ValueType.INT)
.setDescription(NON_COMMENTIOG_LINES_OF_CODE)
.setDirection(Metric.DIRECTION_WORST)
.setQualitative(false)
.setDomain(CX_SAST_DOMAIN)
.create();

public static final Metric<Integer> SAST_NEW_LOW_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY +"new.low", "Checkmarx - 7. New Low Vulnerabilities", Metric.ValueType.INT)
public static final Metric<Integer> SAST_NEW_LOW_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY + "new.low", "Checkmarx - 7. New Low Vulnerabilities", Metric.ValueType.INT)
.setDescription(NON_COMMENTIOG_LINES_OF_CODE)
.setDirection(Metric.DIRECTION_WORST)
.setQualitative(false)
.setDomain(CX_SAST_DOMAIN)
.create();

public static final Metric<Integer> SAST_TOTAL_NEW_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY +".new.total", "Checkmarx - 8. Total New Vulnerabilities", Metric.ValueType.INT)
public static final Metric<Integer> SAST_TOTAL_NEW_VULNERABILITIES = new Metric.Builder(SAST_BASE_KEY + ".new.total", "Checkmarx - 8. Total New Vulnerabilities", Metric.ValueType.INT)
.setDescription(NON_COMMENTIOG_LINES_OF_CODE)
.setDirection(Metric.DIRECTION_WORST)
.setQualitative(false)
.setDomain(CX_SAST_DOMAIN)
.create();

public static final Metric<Integer> SONAR_PROJECT_HAVE_SAST_RESULTS = new Metric.Builder(SAST_BASE_KEY +".have_results", "Sonar project have sast results", Metric.ValueType.INT)
public static final Metric<Integer> SONAR_PROJECT_HAVE_SAST_RESULTS = new Metric.Builder(SAST_BASE_KEY + ".have_results", "Sonar project have sast results", Metric.ValueType.INT)
.setDescription("Sonar project have sast results")
.setQualitative(false)
.setHidden(true)
.setDomain(CX_SAST_DOMAIN)
.create();


public static final Metric<String> SAST_SCAN_DETAILS = new Metric.Builder(SAST_BASE_KEY +".details", "Checkmarx sast scan details", Metric.ValueType.STRING)
public static final Metric<String> SAST_SCAN_DETAILS = new Metric.Builder(SAST_BASE_KEY + ".details", "Checkmarx sast scan details", Metric.ValueType.STRING)
.setDescription("Additional scan details")
.setQualitative(true)
.setHidden(true)
.setDomain(CX_SAST_DOMAIN)
.create();

public static final Metric<String> SAST_SCAN_QUERIES = new Metric.Builder(SAST_BASE_KEY +".queries", "Checkmarx queries that are presented in sonar.", Metric.ValueType.STRING)
public static final Metric<String> SAST_SCAN_QUERIES = new Metric.Builder(SAST_BASE_KEY + ".queries", "Checkmarx queries that are presented in sonar.", Metric.ValueType.STRING)
.setDescription("Checkmarx queries that are presented as issues in sonar.")
.setQualitative(true)
.setHidden(true)
.setDomain(CX_SAST_DOMAIN)
.create();



@Override
public List<Metric> getMetrics() {
return asList(SAST_HIGH_VULNERABILITIES, SAST_MEDIUM_VULNERABILITIES, SAST_LOW_VULNERABILITIES, SAST_TOTAL_VULNERABILITIES,
SAST_NEW_HIGH_VULNERABILITIES, SAST_NEW_MEDIUM_VULNERABILITIES, SAST_NEW_LOW_VULNERABILITIES, SAST_TOTAL_NEW_VULNERABILITIES,
SONAR_PROJECT_HAVE_SAST_RESULTS, SAST_SCAN_DETAILS, SAST_SCAN_QUERIES);
}

}
6 changes: 6 additions & 0 deletions src/main/java/com/checkmarx/sonar/sensor/CheckmarxSensor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import org.slf4j.LoggerFactory;
import org.sonar.api.batch.fs.FileSystem;
import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.fs.internal.DefaultInputFile;
import org.sonar.api.batch.sensor.Sensor;
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.SensorDescriptor;
Expand Down Expand Up @@ -116,6 +117,10 @@ private void notifyComputeSatMeasuresSonarProjectHaveSastResults(SensorContext c
Iterable<InputFile> mainfiles = getMainFiles(context);
for (InputFile file : mainfiles) {
context.<Integer>newMeasure().on(file).forMetric(SONAR_PROJECT_HAVE_SAST_RESULTS).withValue(1).save();
String prjPath = ((DefaultInputFile) file).getProjectRelativePath();
String mdlPath = ((DefaultInputFile) file).getModuleRelativePath();
String absPath = ((DefaultInputFile) file).absolutePath();
logger.info("[CHECKMARX] Sonar project have SAST results metric on file:\nProject path: " + prjPath + "\nModule path: " + mdlPath + "\nAbsolute path: " + absPath);
}
}

Expand All @@ -135,6 +140,7 @@ private Iterable<InputFile> getMainFiles(SensorContext context) {
private void saveSastForDetailReport(SensorContext context, SastReportData sastReportData) throws JsonProcessingException {
String scanDetails = mapper.writeValueAsString(sastReportData);
context.<String>newMeasure().on(context.module()).forMetric(SAST_SCAN_DETAILS).withValue(scanDetails).save();
logger.info("[CHECKMARX] Scan report details: " + scanDetails);
}

private com.cx.restclient.sast.dto.CxXMLResults convertToXMLResult(byte[] cxReport) throws IOException, JAXBException, CxClientException {
Expand Down
Loading