From 9a73221033573b062cfcdef67320548446d5a1c7 Mon Sep 17 00:00:00 2001
From: ThokalSameer <thokalsameer@gmail.com>
Date: Fri, 18 Oct 2024 17:51:16 +0530
Subject: [PATCH 01/10] Update pom.xml

---
 pom.xml | 54 ++++++++++++++++++++++++++++++------------------------
 1 file changed, 30 insertions(+), 24 deletions(-)

diff --git a/pom.xml b/pom.xml
index a7bbfb6..8719aef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.checkmarx.maven</groupId>
     <artifactId>checkmarx-maven-plugin</artifactId>
-    <version>2022.2.3</version>
+    <version>2024.3.3</version>
     <packaging>maven-plugin</packaging>
     <name>Checkmarx Maven Plugin</name>
     <description>Enables a maven project to integrate with Checkmarx SAST scan.</description>
@@ -23,10 +23,10 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <log4j.version>1.2.17</log4j.version>
-        <slf4j.version>1.7.5</slf4j.version>
+        <log4j.version>2.17.2</log4j.version>
+        <slf4j.version>1.8.0-beta2</slf4j.version>
         <cxf.version>2.2.3</cxf.version>
-        <common.client.version>2022.1.10</common.client.version>
+        <common.client.version>2024.3.28</common.client.version>
 
         <sonar.projectKey>checkmarx-ltd_checkmarx-plugin</sonar.projectKey>
         <sonar.organization>checkmarx-ltd</sonar.organization>
@@ -38,29 +38,35 @@
         <dependency>
             <groupId>org.apache.maven</groupId>
             <artifactId>maven-plugin-api</artifactId>
-            <version>3.5.0</version>
+            <version>3.9.9</version>
         </dependency>
         <!-- for annotations -->
         <dependency>
             <groupId>org.apache.maven.plugin-tools</groupId>
             <artifactId>maven-plugin-annotations</artifactId>
-            <version>3.5.2</version>
+            <version>3.15.0</version>
             <scope>provided</scope>
         </dependency>
+	<!--		 
         <dependency>
             <groupId>org.apache.maven</groupId>
             <artifactId>maven-project</artifactId>
             <version>2.2.1</version>
+		</dependency>	-->
+        <dependency>
+   			 <groupId>org.apache.maven</groupId>
+  			 <artifactId>maven-core</artifactId>
+   			 <version>3.9.9</version>							 
         </dependency>
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>
             <artifactId>maven-reporting-api</artifactId>
-            <version>3.0</version>
+            <version>4.0.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.maven.reporting</groupId>
             <artifactId>maven-reporting-impl</artifactId>
-            <version>3.0.0</version>
+            <version>4.0.0-M15</version>
             <exclusions>
                 <exclusion>
                     <artifactId>httpclient</artifactId>
@@ -93,7 +99,7 @@
         <dependency>
             <groupId>org.codehaus.plexus</groupId>
             <artifactId>plexus-archiver</artifactId>
-            <version>3.7.0</version>
+            <version>4.10.0</version>
                 <exclusions>
                     <exclusion>
                         <artifactId>commons-compress</artifactId>
@@ -104,12 +110,12 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
-            <version>1.21</version>
+            <version>1.27.1</version>
         </dependency>     
         <dependency>
             <groupId>org.codehaus.plexus</groupId>
             <artifactId>plexus-utils</artifactId>
-            <version>3.1.0</version>
+            <version>4.0.2</version>
         </dependency>
         <!-- Logger -->
         <dependency>
@@ -148,12 +154,12 @@
         <dependency>
     		<groupId>commons-io</groupId>
     		<artifactId>commons-io</artifactId>
-    		<version>2.11.0</version>
+    		<version>2.17.0</version>
 		</dependency>
         <dependency>
     		<groupId>com.github.junrar</groupId>
     		<artifactId>junrar</artifactId>
-    		<version>7.5.1</version>
+    		<version>7.5.5</version>
 		</dependency>
         <dependency>
     		<groupId>org.freemarker</groupId>
@@ -163,12 +169,12 @@
         <dependency>
     		<groupId>com.fasterxml.jackson.core</groupId>
     		<artifactId>jackson-databind</artifactId>
-    		<version>2.13.2.2</version>
+    		<version>2.18.0</version>
 		</dependency>
         <dependency>
-    		<groupId>commons-collections</groupId>
-    		<artifactId>commons-collections</artifactId>
-    		<version>3.2.2</version>
+    		<groupId>org.apache.commons</groupId>
+    		<artifactId>commons-collections4</artifactId>
+    		<version>4.5.0-M2</version>
 		</dependency>
         
     </dependencies>
@@ -188,7 +194,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-deploy-plugin</artifactId>
-                    <version>2.8.2</version>
+                    <version>3.1.3</version>
                 </plugin>
             </plugins>
         </pluginManagement>
@@ -218,7 +224,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.7.0</version>
+                <version>3.13.0</version>
                 <configuration>
                     <source>1.7</source>
                     <target>1.7</target>
@@ -231,7 +237,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-plugin-plugin</artifactId>
-                <version>3.3</version>
+                <version>3.15.0</version>
             </plugin>
         </plugins>
     </reporting>
@@ -243,7 +249,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>2.10.4</version>
+                        <version>3.10.1</version>
                         <executions>
                             <execution>
                                 <id>attach-javadocs</id>
@@ -256,7 +262,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-source-plugin</artifactId>
-                        <version>3.0.1</version>
+                        <version>4.0.0-beta-1</version>
                         <executions>
                             <execution>
                                 <id>attach-sources</id>
@@ -269,7 +275,7 @@
                     <plugin>
                         <groupId>org.sonatype.plugins</groupId>
                         <artifactId>nexus-staging-maven-plugin</artifactId>
-                        <version>1.6.7</version>
+                        <version>1.7.0</version>
                         <extensions>true</extensions>
                         <configuration>
                             <serverId>ossrh</serverId>
@@ -280,7 +286,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>1.5</version>
+                        <version>3.2.7</version>
                         <configuration>
                             <executable>C:\Program Files (x86)\GNU\GnuPG\gpg2.exe</executable>
                             <passphrase>Checkmarx123456</passphrase>

From f814762a7576a8df8d8ad184220aff35724df001 Mon Sep 17 00:00:00 2001
From: Swati Awate <99341045+swatipersistent@users.noreply.github.com>
Date: Mon, 21 Oct 2024 14:55:54 +0530
Subject: [PATCH 02/10] critical severity

---
 pom.xml                                       |  4 +-
 src/main/java/com/cx/plugin/CxScanPlugin.java | 10 ++++-
 .../com/cx/plugin/utils/CxPluginUtils.java    | 29 ++++++++++++-
 .../java/com/cx/plugin/utils/SASTUtils.java   | 42 +++++++++++++++++++
 4 files changed, 81 insertions(+), 4 deletions(-)
 create mode 100644 src/main/java/com/cx/plugin/utils/SASTUtils.java

diff --git a/pom.xml b/pom.xml
index a7bbfb6..cf80357 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.checkmarx.maven</groupId>
     <artifactId>checkmarx-maven-plugin</artifactId>
-    <version>2022.2.3</version>
+    <version>2024.3.3</version>
     <packaging>maven-plugin</packaging>
     <name>Checkmarx Maven Plugin</name>
     <description>Enables a maven project to integrate with Checkmarx SAST scan.</description>
@@ -120,7 +120,7 @@
         <dependency>
             <groupId>com.checkmarx</groupId>
             <artifactId>cx-client-common</artifactId>
-            <version>${common.client.version}</version>
+            <version>2024.3.28</version>
             <exclusions>
                 <exclusion>
                     <artifactId>guava</artifactId>
diff --git a/src/main/java/com/cx/plugin/CxScanPlugin.java b/src/main/java/com/cx/plugin/CxScanPlugin.java
index d6c782b..bb722e7 100644
--- a/src/main/java/com/cx/plugin/CxScanPlugin.java
+++ b/src/main/java/com/cx/plugin/CxScanPlugin.java
@@ -125,6 +125,13 @@ public class CxScanPlugin extends AbstractMojo {
     @Parameter(defaultValue = "true", property = "cx.generatePDFReport")
     private boolean generatePDFReport;
 
+    /**
+     * Configure a threshold for the Critical Severity Vulnerabilities.
+     * The build will fail if the sum of Critical Severity Vulnerabilities is larger than the threshold.
+     * Leave empty to ignore threshold.
+     */
+    @Parameter(defaultValue = "-1", property = "cx.criticalSeveritiesThreshold")
+    private int criticalSeveritiesThreshold;
 
     /**
      * Configure a threshold for the High Severity Vulnerabilities.
@@ -464,7 +471,7 @@ private CxScanConfig resolveConfigurationMap() throws MojoExecutionException {
         scanConfig.setScanComment(comment);
         scanConfig.setIncremental(isIncrementalScan);
         scanConfig.setSynchronous(isSynchronous);
-        boolean thresholdEnabled = (highSeveritiesThreshold > 0 || mediumSeveritiesThreshold > 0 || lowSeveritiesThreshold > 0);//todo check null
+        boolean thresholdEnabled = (criticalSeveritiesThreshold > 0 || highSeveritiesThreshold > 0 || mediumSeveritiesThreshold > 0 || lowSeveritiesThreshold > 0);//todo check null
         scanConfig.setSastThresholdsEnabled(thresholdEnabled);
         scanConfig.setSastHighThreshold(highSeveritiesThreshold);
         scanConfig.setSastMediumThreshold(mediumSeveritiesThreshold);
@@ -486,6 +493,7 @@ private CxScanConfig resolveConfigurationMap() throws MojoExecutionException {
         boolean osaThresholdEnabled = (osaHighSeveritiesThreshold > 0 || osaMediumSeveritiesThreshold > 0 || osaLowSeveritiesThreshold > 0);//todo check null
         scanConfig.setOsaGenerateJsonReport(osaGenerateJsonReport);
         scanConfig.setOsaThresholdsEnabled(osaThresholdEnabled);
+        scanConfig.setSastCriticalThreshold(criticalSeveritiesThreshold);
         scanConfig.setOsaHighThreshold(osaHighSeveritiesThreshold);
         scanConfig.setOsaMediumThreshold(osaMediumSeveritiesThreshold);
         scanConfig.setOsaLowThreshold(osaLowSeveritiesThreshold);
diff --git a/src/main/java/com/cx/plugin/utils/CxPluginUtils.java b/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
index 39293df..cd9dfe0 100644
--- a/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
+++ b/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
@@ -1,23 +1,26 @@
 package com.cx.plugin.utils;
 
 
+import com.cx.plugin.utils.SASTUtils;
 import com.cx.restclient.configuration.CxScanConfig;
 import com.cx.restclient.dto.ScanResults;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.maven.model.Resource;
 import org.apache.maven.plugin.MojoExecutionException;
 import org.apache.maven.plugin.MojoFailureException;
+import org.apache.maven.plugins.annotations.Component;
 import org.apache.maven.project.MavenProject;
 import org.codehaus.plexus.archiver.zip.ZipArchiver;
 import org.slf4j.Logger;
+import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
 
 import java.io.File;
 import java.io.FilenameFilter;
 import java.io.IOException;
+import java.net.URL;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Properties;
-
 import static com.cx.plugin.CxScanPlugin.SOURCES_ZIP_NAME;
 
 /**
@@ -57,6 +60,7 @@ public static void printConfiguration(CxScanConfig config, String[] osaIgnoreSco
         log.info("---------------------------------------Configurations:------------------------------------");
         log.info("Maven plugin version: " + pluginVersion);
         log.info("Username: " + config.getUsername());
+        log.info("Password: " + config.getPassword());
         log.info("URL: " + config.getUrl());
         log.info("Project name: " + config.getProjectName());
         log.info("outputDirectory: " + config.getReportsDir());
@@ -71,6 +75,29 @@ public static void printConfiguration(CxScanConfig config, String[] osaIgnoreSco
         log.info("Policy violations enabled: " + config.getEnablePolicyViolations());
         log.info("CxSAST thresholds enabled: " + config.getSastThresholdsEnabled());
         if (config.getSastThresholdsEnabled()) {
+        	if (config.getSastThresholdsEnabled()) {
+                String cxServerUrl = config.getUrl();
+                String cxUser = config.getUsername();
+                String cxPass = config.getPassword();
+                Double version = 9.0;
+                String sastVersion;
+                // Fetch SAST version using API call
+                try {
+                    sastVersion = SASTUtils.loginToServer(new URL(cxServerUrl), cxUser, cxPass);
+                    String[] sastVersionSplit = sastVersion.split("\\.");
+                    version = Double.parseDouble(sastVersionSplit[0] + "." + sastVersionSplit[1]);
+                } catch (Exception e) {
+                    e.printStackTrace();
+                }
+                // Check if SAST version supports critical threshold
+                if (version >= 9.7) {
+                	log.info("CxSAST critical threshold: " + (config.getSastCriticalThreshold() == null ? "[No Threshold]" : config.getSastCriticalThreshold()));
+                }else {
+                	// Removing value of SAST Critical Threshold for SAST version prior to 9.6
+                	config.setSastCriticalThreshold(null);
+                }
+        	}
+        	
             log.info("CxSAST high threshold: " + (config.getSastHighThreshold() == null ? "[No Threshold]" : config.getSastHighThreshold()));
             log.info("CxSAST medium threshold: " + (config.getSastMediumThreshold() == null ? "[No Threshold]" : config.getSastMediumThreshold()));
             log.info("CxSAST low threshold: " + (config.getSastLowThreshold() == null ? "[No Threshold]" : config.getSastLowThreshold()));
diff --git a/src/main/java/com/cx/plugin/utils/SASTUtils.java b/src/main/java/com/cx/plugin/utils/SASTUtils.java
new file mode 100644
index 0000000..e0a9c01
--- /dev/null
+++ b/src/main/java/com/cx/plugin/utils/SASTUtils.java
@@ -0,0 +1,42 @@
+package com.cx.plugin.utils;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.cx.plugin.CxScanPlugin;
+import com.cx.restclient.CxClientDelegator;
+import com.cx.restclient.configuration.CxScanConfig;
+import com.cx.restclient.dto.ScannerType;
+import com.cx.restclient.exception.CxClientException;
+import com.cx.restclient.sast.utils.LegacyClient;
+
+public class SASTUtils {
+
+	public static LegacyClient getInstance(CxScanConfig config, Logger log)
+			throws MalformedURLException, CxClientException {
+		return new LegacyClient(config, log) {
+		};
+	}
+
+	private static final Logger log = LoggerFactory.getLogger(SASTUtils.class);
+	private CxClientDelegator clientDelegator;
+
+	public static String loginToServer(URL url, String username, String pssd) {
+		String version = null;
+		String result = "";
+		try {
+			CxScanConfig scanConfig = new CxScanConfig(url.toString().trim(), username, pssd,
+					CxScanPlugin.PLUGIN_ORIGIN, true);
+			scanConfig.addScannerType(ScannerType.SAST);
+			LegacyClient clientCommon = getInstance(scanConfig, log);
+			version = clientCommon.login(true);
+			return version;
+		} catch (Exception ex) {
+			result = ex.getMessage();
+			return version;
+		}
+	}
+}

From 8f208d0654cacf6d48c4bf214b1d2afea7270320 Mon Sep 17 00:00:00 2001
From: Swati Awate <99341045+swatipersistent@users.noreply.github.com>
Date: Wed, 23 Oct 2024 11:57:01 +0530
Subject: [PATCH 03/10] plugin Version

---
 src/main/java/com/cx/plugin/CxScanPlugin.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/com/cx/plugin/CxScanPlugin.java b/src/main/java/com/cx/plugin/CxScanPlugin.java
index bb722e7..d4c6591 100644
--- a/src/main/java/com/cx/plugin/CxScanPlugin.java
+++ b/src/main/java/com/cx/plugin/CxScanPlugin.java
@@ -281,6 +281,7 @@ public void execute() throws MojoExecutionException, MojoFailureException
             }
             //resolve configuration
             CxScanConfig config = resolveConfigurationMap();
+            config.setPluginVersion(pluginVersion);
             CxClientDelegator delegator = CommonClientFactory.getClientDelegatorInstance(config, log);
 
             //print configuration

From 3a429f16e7d9cf752d646ca96df411ecf0085d46 Mon Sep 17 00:00:00 2001
From: Swati Awate <99341045+swatipersistent@users.noreply.github.com>
Date: Wed, 23 Oct 2024 14:11:50 +0530
Subject: [PATCH 04/10] removed unwanted code changes

---
 .../com/cx/plugin/utils/CxPluginUtils.java    | 59 ++++++++++---------
 1 file changed, 30 insertions(+), 29 deletions(-)

diff --git a/src/main/java/com/cx/plugin/utils/CxPluginUtils.java b/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
index cd9dfe0..6f719b7 100644
--- a/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
+++ b/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
@@ -60,7 +60,6 @@ public static void printConfiguration(CxScanConfig config, String[] osaIgnoreSco
         log.info("---------------------------------------Configurations:------------------------------------");
         log.info("Maven plugin version: " + pluginVersion);
         log.info("Username: " + config.getUsername());
-        log.info("Password: " + config.getPassword());
         log.info("URL: " + config.getUrl());
         log.info("Project name: " + config.getProjectName());
         log.info("outputDirectory: " + config.getReportsDir());
@@ -74,34 +73,36 @@ public static void printConfiguration(CxScanConfig config, String[] osaIgnoreSco
         log.info("Generate PDF report: " + config.getGeneratePDFReport());
         log.info("Policy violations enabled: " + config.getEnablePolicyViolations());
         log.info("CxSAST thresholds enabled: " + config.getSastThresholdsEnabled());
-        if (config.getSastThresholdsEnabled()) {
-        	if (config.getSastThresholdsEnabled()) {
-                String cxServerUrl = config.getUrl();
-                String cxUser = config.getUsername();
-                String cxPass = config.getPassword();
-                Double version = 9.0;
-                String sastVersion;
-                // Fetch SAST version using API call
-                try {
-                    sastVersion = SASTUtils.loginToServer(new URL(cxServerUrl), cxUser, cxPass);
-                    String[] sastVersionSplit = sastVersion.split("\\.");
-                    version = Double.parseDouble(sastVersionSplit[0] + "." + sastVersionSplit[1]);
-                } catch (Exception e) {
-                    e.printStackTrace();
-                }
-                // Check if SAST version supports critical threshold
-                if (version >= 9.7) {
-                	log.info("CxSAST critical threshold: " + (config.getSastCriticalThreshold() == null ? "[No Threshold]" : config.getSastCriticalThreshold()));
-                }else {
-                	// Removing value of SAST Critical Threshold for SAST version prior to 9.6
-                	config.setSastCriticalThreshold(null);
-                }
-        	}
-        	
-            log.info("CxSAST high threshold: " + (config.getSastHighThreshold() == null ? "[No Threshold]" : config.getSastHighThreshold()));
-            log.info("CxSAST medium threshold: " + (config.getSastMediumThreshold() == null ? "[No Threshold]" : config.getSastMediumThreshold()));
-            log.info("CxSAST low threshold: " + (config.getSastLowThreshold() == null ? "[No Threshold]" : config.getSastLowThreshold()));
-        }
+		if (config.getSastThresholdsEnabled()) {
+			String cxServerUrl = config.getUrl();
+			String cxUser = config.getUsername();
+			String cxPass = config.getPassword();
+			Double version = 9.0;
+			String sastVersion;
+			// Fetch SAST version using API call
+			try {
+				sastVersion = SASTUtils.loginToServer(new URL(cxServerUrl), cxUser, cxPass);
+				String[] sastVersionSplit = sastVersion.split("\\.");
+				version = Double.parseDouble(sastVersionSplit[0] + "." + sastVersionSplit[1]);
+			} catch (Exception e) {
+				e.printStackTrace();
+			}
+			// Check if SAST version supports critical threshold
+			if (version >= 9.7) {
+				log.info("CxSAST critical threshold: " + (config.getSastCriticalThreshold() == null ? "[No Threshold]"
+						: config.getSastCriticalThreshold()));
+			} else {
+				// Removing value of SAST Critical Threshold for SAST version prior to 9.6
+				config.setSastCriticalThreshold(null);
+			}
+
+			log.info("CxSAST high threshold: "
+					+ (config.getSastHighThreshold() == null ? "[No Threshold]" : config.getSastHighThreshold()));
+			log.info("CxSAST medium threshold: "
+					+ (config.getSastMediumThreshold() == null ? "[No Threshold]" : config.getSastMediumThreshold()));
+			log.info("CxSAST low threshold: "
+					+ (config.getSastLowThreshold() == null ? "[No Threshold]" : config.getSastLowThreshold()));
+		}
         log.info("CxOSA enabled: " + config.isOsaEnabled());
         if (config.isOsaEnabled()) {
             log.info("osaIgnoreScopes: " + Arrays.toString(osaIgnoreScopes));

From 3351655ccbc65951311ecdf216e60b235b66082a Mon Sep 17 00:00:00 2001
From: Swati Awate <99341045+swatipersistent@users.noreply.github.com>
Date: Wed, 23 Oct 2024 14:13:07 +0530
Subject: [PATCH 05/10] updated plugin version

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ff23102..d650bcc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.checkmarx.maven</groupId>
     <artifactId>checkmarx-maven-plugin</artifactId>
-    <version>2024.3.3</version>
+    <version>2024.4.1</version>
     <packaging>maven-plugin</packaging>
     <name>Checkmarx Maven Plugin</name>
     <description>Enables a maven project to integrate with Checkmarx SAST scan.</description>

From 1e6fb4036a8d6104bc52a3b9962983c27207168b Mon Sep 17 00:00:00 2001
From: Swati Awate <99341045+swatipersistent@users.noreply.github.com>
Date: Fri, 25 Oct 2024 14:15:13 +0530
Subject: [PATCH 06/10] SAST Critical

---
 pom.xml                                       |  2 +-
 src/main/java/com/cx/plugin/CxScanPlugin.java |  6 ++---
 .../com/cx/plugin/utils/CxPluginUtils.java    | 25 +++++--------------
 3 files changed, 10 insertions(+), 23 deletions(-)

diff --git a/pom.xml b/pom.xml
index d650bcc..ddf4d8f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.checkmarx.maven</groupId>
     <artifactId>checkmarx-maven-plugin</artifactId>
-    <version>2024.4.1</version>
+    <version>2024.4.2</version>
     <packaging>maven-plugin</packaging>
     <name>Checkmarx Maven Plugin</name>
     <description>Enables a maven project to integrate with Checkmarx SAST scan.</description>
diff --git a/src/main/java/com/cx/plugin/CxScanPlugin.java b/src/main/java/com/cx/plugin/CxScanPlugin.java
index d4c6591..20a6d10 100644
--- a/src/main/java/com/cx/plugin/CxScanPlugin.java
+++ b/src/main/java/com/cx/plugin/CxScanPlugin.java
@@ -472,8 +472,9 @@ private CxScanConfig resolveConfigurationMap() throws MojoExecutionException {
         scanConfig.setScanComment(comment);
         scanConfig.setIncremental(isIncrementalScan);
         scanConfig.setSynchronous(isSynchronous);
-        boolean thresholdEnabled = (criticalSeveritiesThreshold > 0 || highSeveritiesThreshold > 0 || mediumSeveritiesThreshold > 0 || lowSeveritiesThreshold > 0);//todo check null
+        boolean thresholdEnabled = (criticalSeveritiesThreshold >= 0 || highSeveritiesThreshold >= 0 || mediumSeveritiesThreshold >= 0 || lowSeveritiesThreshold >= 0);//todo check null
         scanConfig.setSastThresholdsEnabled(thresholdEnabled);
+        scanConfig.setSastCriticalThreshold(criticalSeveritiesThreshold);
         scanConfig.setSastHighThreshold(highSeveritiesThreshold);
         scanConfig.setSastMediumThreshold(mediumSeveritiesThreshold);
         scanConfig.setSastLowThreshold(lowSeveritiesThreshold);
@@ -491,10 +492,9 @@ private CxScanConfig resolveConfigurationMap() throws MojoExecutionException {
         if(osaEnabled){
         	scanConfig.addScannerType(ScannerType.OSA);
         }
-        boolean osaThresholdEnabled = (osaHighSeveritiesThreshold > 0 || osaMediumSeveritiesThreshold > 0 || osaLowSeveritiesThreshold > 0);//todo check null
+        boolean osaThresholdEnabled = (osaHighSeveritiesThreshold >= 0 || osaMediumSeveritiesThreshold >= 0 || osaLowSeveritiesThreshold >= 0);//todo check null
         scanConfig.setOsaGenerateJsonReport(osaGenerateJsonReport);
         scanConfig.setOsaThresholdsEnabled(osaThresholdEnabled);
-        scanConfig.setSastCriticalThreshold(criticalSeveritiesThreshold);
         scanConfig.setOsaHighThreshold(osaHighSeveritiesThreshold);
         scanConfig.setOsaMediumThreshold(osaMediumSeveritiesThreshold);
         scanConfig.setOsaLowThreshold(osaLowSeveritiesThreshold);
diff --git a/src/main/java/com/cx/plugin/utils/CxPluginUtils.java b/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
index 6f719b7..b81ba13 100644
--- a/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
+++ b/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
@@ -74,27 +74,10 @@ public static void printConfiguration(CxScanConfig config, String[] osaIgnoreSco
         log.info("Policy violations enabled: " + config.getEnablePolicyViolations());
         log.info("CxSAST thresholds enabled: " + config.getSastThresholdsEnabled());
 		if (config.getSastThresholdsEnabled()) {
-			String cxServerUrl = config.getUrl();
-			String cxUser = config.getUsername();
-			String cxPass = config.getPassword();
-			Double version = 9.0;
-			String sastVersion;
-			// Fetch SAST version using API call
-			try {
-				sastVersion = SASTUtils.loginToServer(new URL(cxServerUrl), cxUser, cxPass);
-				String[] sastVersionSplit = sastVersion.split("\\.");
-				version = Double.parseDouble(sastVersionSplit[0] + "." + sastVersionSplit[1]);
-			} catch (Exception e) {
-				e.printStackTrace();
-			}
-			// Check if SAST version supports critical threshold
-			if (version >= 9.7) {
+			if (config.getSastCriticalThreshold()!=null) {
 				log.info("CxSAST critical threshold: " + (config.getSastCriticalThreshold() == null ? "[No Threshold]"
 						: config.getSastCriticalThreshold()));
-			} else {
-				// Removing value of SAST Critical Threshold for SAST version prior to 9.6
-				config.setSastCriticalThreshold(null);
-			}
+			} 
 
 			log.info("CxSAST high threshold: "
 					+ (config.getSastHighThreshold() == null ? "[No Threshold]" : config.getSastHighThreshold()));
@@ -122,12 +105,16 @@ public static void printBuildFailure(String thDescription, ScanResults ret, Logg
     	StringBuilder builder = new StringBuilder();
     	builder.append("********************************************");
     	builder.append(" The Build Failed for the Following Reasons: ");
+    	builder.append("\n");
     	builder.append("********************************************");
+    	builder.append("\n");
     	appendError(ret.getGeneralException(), builder);
+    	builder.append("\n");
     	
     	String[] lines = thDescription.split("\\n");
         for (String s : lines) {
             builder.append(s);
+            builder.append("\n");
         }
         builder.append("-----------------------------------------------------------------------------------------\n");
     	

From fd9956509fd492c41df7ed8f5a9af6ca5d774b47 Mon Sep 17 00:00:00 2001
From: Swati Awate <99341045+swatipersistent@users.noreply.github.com>
Date: Wed, 30 Oct 2024 11:35:40 +0530
Subject: [PATCH 07/10] thresholdEnabled

---
 src/main/java/com/cx/plugin/CxScanPlugin.java | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/cx/plugin/CxScanPlugin.java b/src/main/java/com/cx/plugin/CxScanPlugin.java
index 20a6d10..4d1dc34 100644
--- a/src/main/java/com/cx/plugin/CxScanPlugin.java
+++ b/src/main/java/com/cx/plugin/CxScanPlugin.java
@@ -474,10 +474,22 @@ private CxScanConfig resolveConfigurationMap() throws MojoExecutionException {
         scanConfig.setSynchronous(isSynchronous);
         boolean thresholdEnabled = (criticalSeveritiesThreshold >= 0 || highSeveritiesThreshold >= 0 || mediumSeveritiesThreshold >= 0 || lowSeveritiesThreshold >= 0);//todo check null
         scanConfig.setSastThresholdsEnabled(thresholdEnabled);
-        scanConfig.setSastCriticalThreshold(criticalSeveritiesThreshold);
-        scanConfig.setSastHighThreshold(highSeveritiesThreshold);
-        scanConfig.setSastMediumThreshold(mediumSeveritiesThreshold);
-        scanConfig.setSastLowThreshold(lowSeveritiesThreshold);
+        if (criticalSeveritiesThreshold != -1) {
+            scanConfig.setSastCriticalThreshold(criticalSeveritiesThreshold);
+        }
+
+        if (highSeveritiesThreshold != -1) {
+            scanConfig.setSastHighThreshold(highSeveritiesThreshold);
+        }
+
+        if (mediumSeveritiesThreshold != -1) {
+            scanConfig.setSastMediumThreshold(mediumSeveritiesThreshold);
+        }
+
+        if (lowSeveritiesThreshold != -1) {
+            scanConfig.setSastLowThreshold(lowSeveritiesThreshold);
+        }
+
         scanConfig.setGeneratePDFReport(generatePDFReport);
             
         for (String folder : folderExclusions){

From 7e0b4a934a272494fd69e4d8542de3ad29088f28 Mon Sep 17 00:00:00 2001
From: Swati Awate <99341045+swatipersistent@users.noreply.github.com>
Date: Wed, 30 Oct 2024 12:08:10 +0530
Subject: [PATCH 08/10] updated code

---
 src/main/java/com/cx/plugin/CxScanPlugin.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/cx/plugin/CxScanPlugin.java b/src/main/java/com/cx/plugin/CxScanPlugin.java
index 4d1dc34..86f665a 100644
--- a/src/main/java/com/cx/plugin/CxScanPlugin.java
+++ b/src/main/java/com/cx/plugin/CxScanPlugin.java
@@ -474,19 +474,19 @@ private CxScanConfig resolveConfigurationMap() throws MojoExecutionException {
         scanConfig.setSynchronous(isSynchronous);
         boolean thresholdEnabled = (criticalSeveritiesThreshold >= 0 || highSeveritiesThreshold >= 0 || mediumSeveritiesThreshold >= 0 || lowSeveritiesThreshold >= 0);//todo check null
         scanConfig.setSastThresholdsEnabled(thresholdEnabled);
-        if (criticalSeveritiesThreshold != -1) {
+        if (criticalSeveritiesThreshold >= 0) {
             scanConfig.setSastCriticalThreshold(criticalSeveritiesThreshold);
         }
 
-        if (highSeveritiesThreshold != -1) {
+        if (highSeveritiesThreshold >= 0) {
             scanConfig.setSastHighThreshold(highSeveritiesThreshold);
         }
 
-        if (mediumSeveritiesThreshold != -1) {
+        if (mediumSeveritiesThreshold >= 0) {
             scanConfig.setSastMediumThreshold(mediumSeveritiesThreshold);
         }
 
-        if (lowSeveritiesThreshold != -1) {
+        if (lowSeveritiesThreshold >= 0) {
             scanConfig.setSastLowThreshold(lowSeveritiesThreshold);
         }
 

From 0c953d0787ab47a4028b1150bcc6bc3044d35b88 Mon Sep 17 00:00:00 2001
From: Swati Awate <99341045+swatipersistent@users.noreply.github.com>
Date: Wed, 30 Oct 2024 12:36:54 +0530
Subject: [PATCH 09/10] incremented version

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ddf4d8f..f094b4c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.checkmarx.maven</groupId>
     <artifactId>checkmarx-maven-plugin</artifactId>
-    <version>2024.4.2</version>
+    <version>2024.4.3</version>
     <packaging>maven-plugin</packaging>
     <name>Checkmarx Maven Plugin</name>
     <description>Enables a maven project to integrate with Checkmarx SAST scan.</description>

From aacbea490a138413d0771f7a672048deee097f98 Mon Sep 17 00:00:00 2001
From: Swati Awate <99341045+swatipersistent@users.noreply.github.com>
Date: Wed, 30 Oct 2024 15:20:27 +0530
Subject: [PATCH 10/10] added version changes

---
 .../com/cx/plugin/utils/CxPluginUtils.java    | 23 ++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/cx/plugin/utils/CxPluginUtils.java b/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
index b81ba13..3fc3c77 100644
--- a/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
+++ b/src/main/java/com/cx/plugin/utils/CxPluginUtils.java
@@ -74,7 +74,9 @@ public static void printConfiguration(CxScanConfig config, String[] osaIgnoreSco
         log.info("Policy violations enabled: " + config.getEnablePolicyViolations());
         log.info("CxSAST thresholds enabled: " + config.getSastThresholdsEnabled());
 		if (config.getSastThresholdsEnabled()) {
-			if (config.getSastCriticalThreshold()!=null) {
+			Double version = getSASTVersion(config, log);
+			// Check if SAST version supports critical threshold
+			if (version >= 9.7) {
 				log.info("CxSAST critical threshold: " + (config.getSastCriticalThreshold() == null ? "[No Threshold]"
 						: config.getSastCriticalThreshold()));
 			} 
@@ -100,6 +102,25 @@ public static void printConfiguration(CxScanConfig config, String[] osaIgnoreSco
         //todo check log.info("fileExclusions: " + Arrays.toString(fileExclusions));
     }
 
+	private static Double getSASTVersion(CxScanConfig config, Logger log) {
+		String cxServerUrl = config.getUrl();
+		String cxUser = config.getUsername();
+		String cxPass = config.getPassword();
+		Double version = 9.0;
+		String sastVersion;
+		// Fetch SAST version using API call
+		try {
+			sastVersion = SASTUtils.loginToServer(new URL(cxServerUrl), cxUser, cxPass);
+			String[] sastVersionSplit = sastVersion.split("\\.");
+			if(sastVersionSplit != null && sastVersionSplit.length > 1) {
+			version = Double.parseDouble(sastVersionSplit[0] + "." + sastVersionSplit[1]);
+			}
+		} catch (Exception e) {
+			log.error(e.getMessage());
+		}
+		return version;
+	}
+
     public static void printBuildFailure(String thDescription, ScanResults ret, Logger log) throws MojoFailureException
     {
     	StringBuilder builder = new StringBuilder();