From 8103101a1803bbd3b7cdbf316b0f62acfc807d0f Mon Sep 17 00:00:00 2001 From: James Bostock Date: Mon, 19 Sep 2022 01:52:40 +0000 Subject: [PATCH 1/9] Add getProjectBranch method This method uses the GET /projects/branch/{id} API to retrieve the branch details of the specified project. If the branch is found, the details are returned in the form of an instance of the new CxProjectBranch class. --- .../checkmarx/sdk/dto/cx/CxProjectBranch.java | 29 +++++++++++ .../com/checkmarx/sdk/service/CxService.java | 52 +++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 src/main/java/com/checkmarx/sdk/dto/cx/CxProjectBranch.java diff --git a/src/main/java/com/checkmarx/sdk/dto/cx/CxProjectBranch.java b/src/main/java/com/checkmarx/sdk/dto/cx/CxProjectBranch.java new file mode 100644 index 00000000..a0434591 --- /dev/null +++ b/src/main/java/com/checkmarx/sdk/dto/cx/CxProjectBranch.java @@ -0,0 +1,29 @@ +package com.checkmarx.sdk.dto.cx; + +import java.util.Date; + +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; + +@Getter +@Setter +@ToString +public class CxProjectBranch { + public Integer id; + public Integer originalProjectId; + public Integer branchedOnScanId; + public Integer branchedProjectId; + public Date timestamp; + public String comment; + public Status status; + public String errorMessage; + + @Getter + @Setter + @ToString + public static class Status { + public Integer id; + public String value; + } +} diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index 0f1a7d3a..b2309122 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -85,6 +85,7 @@ public class CxService implements CxClient { private static final Integer SCAN_STATUS_SOURCE_PULLING = 10; private static final Integer SCAN_STATUS_NONE = 1001; + private static final Integer MESSAGE_CODE_BRANCH_NOT_FOUND = 49805; /* report statuses - there are only 2: @@ -110,6 +111,7 @@ public class CxService implements CxClient { private static final String PROJECT_SOURCE = "/projects/{id}/sourceCode/remoteSettings/git"; private static final String PROJECT_SOURCE_FILE = "/projects/{id}/sourceCode/attachments"; private static final String PROJECT_EXCLUDE = "/projects/{id}/sourceCode/excludeSettings"; + private static final String PROJECT_BRANCH_DETAILS = "/projects/branch/{id}"; private static final String SCAN = "/sast/scans"; private static final String SCAN_SUMMARY = "/sast/scans/{id}/resultsStatistics"; private static final String PROJECT_SCANS = "/sast/scans?projectId={pid}"; @@ -126,6 +128,7 @@ public class CxService implements CxClient { public static final String ERROR_WITH_XML_REPORT = "Error with XML report"; public static final String ERROR_PROCESSING_SCAN_RESULTS = "Error while processing scan results"; public static final String ERROR_GETTING_PROJECT = "Error occurred while retrieving project with id {}, http error {}"; + public static final String ERROR_GETTING_PROJECT_BRANCH = "Error occurred while retrieving branch details for project with id {}, http error {}"; public static final String PROJECT_REMOTE_SETTINGS_NOT_FOUND = "Project's remote settings were not found, http message {}"; public static final String FOUND_TEAM = "Found team {} with ID {}"; public static final String ONLY_SUPPORTED_IN_90_PLUS = "Operation only supported in 9.0+"; @@ -1194,6 +1197,55 @@ public CxProject getProject(Integer projectId) { } + /** + * Return project branch based on projectId + * + * @return + */ + public CxProjectBranch getProjectBranch(Integer projectId) { + log.debug("Retrieving branch details for project {}", projectId); + HttpEntity httpEntity = new HttpEntity<>(authClient.createAuthHeaders()); + try { + ResponseEntity project = restTemplate.exchange(cxProperties.getUrl().concat(PROJECT_BRANCH_DETAILS), HttpMethod.GET, httpEntity, CxProjectBranch.class, projectId); + return project.getBody(); + } catch (HttpStatusCodeException e) { + if (e.getStatusCode() != HttpStatus.NOT_FOUND) { + log.error(ERROR_GETTING_PROJECT_BRANCH, projectId, e.getStatusCode()); + log.error(ExceptionUtils.getStackTrace(e)); + } else { + /* + * For version 2.2 and higher of the SAST API, if a project is not branched, a 404 response + * will be returned and the body of the response will be JSON data: + * + * { + * "messageCode": 49805, + * "messageDetails": "Branch with id 168 was not found" + * } + * + * For earlier versions of the SAST API, the body will be a HTML document with a generic + * "resource not found" message. + */ + String responseBody = e.getResponseBodyAsString(); + try { + JSONObject obj = new JSONObject(responseBody); + int messageCode = obj.optInt("messageCode"); + if (messageCode == MESSAGE_CODE_BRANCH_NOT_FOUND) { + log.debug("Project {} is not a branched project", projectId); + } else { + String messageDetails = obj.optString("messageDetails"); + log.debug("{}: unexpected message code in response (messageDetails: {})", messageCode, messageDetails); + } + } catch (JSONException je) { + log.debug("Response payload is not JSON. Assuming a version of SAST that does not support the GET /projects/branch/{id} API"); + } + } + } catch (JSONException e) { + log.error("Error processing JSON Response"); + log.error(ExceptionUtils.getStackTrace(e)); + } + return null; + } + /** * Check if a scan exists for a projectId */ From ba0c10b58831da617574ab07c762d05497f54cbd Mon Sep 17 00:00:00 2001 From: James Bostock Date: Wed, 21 Sep 2022 03:22:54 +0000 Subject: [PATCH 2/9] Restrict results to branch If enabled, by the checkmarx.restrict-results-to-branch configuration property, when retrieving scan results, if the project is a branched project, only results since the branching of the project are included. This is implemented by comparing similarity ids from the pre-branch scan with the results of the current scan. --- .../sdk/config/CxPropertiesBase.java | 8 +++ .../com/checkmarx/sdk/service/CxService.java | 50 +++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/src/main/java/com/checkmarx/sdk/config/CxPropertiesBase.java b/src/main/java/com/checkmarx/sdk/config/CxPropertiesBase.java index 77f05b06..452cba94 100644 --- a/src/main/java/com/checkmarx/sdk/config/CxPropertiesBase.java +++ b/src/main/java/com/checkmarx/sdk/config/CxPropertiesBase.java @@ -38,6 +38,8 @@ public abstract class CxPropertiesBase { private Boolean scanQueuing = false; private Integer scanQueuingTimeout = 720; + + private Boolean restrictResultsToBranch; public abstract Boolean getEnableOsa(); @@ -311,5 +313,11 @@ public void setEmailNotifications(CxEmailNotifications emailNotifications) { public void setDetectionDateFormat(String detectionDateFormat) { this.detectionDateFormat = detectionDateFormat; } + + public Boolean getRestrictResultsToBranch() { return this.restrictResultsToBranch; } + + public void setRestrictResultsToBranch(Boolean restrictResultsToBranch) { + this.restrictResultsToBranch = restrictResultsToBranch; + } } diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index b2309122..3c0773d7 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -105,6 +105,7 @@ public class CxService implements CxClient { private static final String ROLE_LDAP_MAPPINGS = "/auth/LDAPRoleMappings?ldapServerId={id}"; private static final String ROLE_LDAP_MAPPINGS_DELETE = "/auth/LDAPRoleMappings/{id}"; private static final String LDAP_SERVER = "/auth/LDAPServers"; + private static final String ODATA_SCAN_SIMILARITY_IDS = "/cxwebinterface/odata/v1/Scans({id})?$select=Id&$expand=Results($select=SimilarityId)"; private static final String PROJECTS = "/projects"; private static final String PROJECT = "/projects/{id}"; private static final String PROJECT_BRANCH = "/projects/{id}/branch"; @@ -304,6 +305,36 @@ public LocalDateTime getLastScanDate(Integer projectId) { return null; } + /** + * Return the similarity id's for the specified scan. + */ + public Set getScanSimilarityIds(Integer scanId) { + log.debug("Getting similarity ids for scan {}", scanId); + HttpEntity requestEntity = new HttpEntity<>(authClient.createAuthHeaders()); + Set similarityIds = new HashSet<>(); + try { + ResponseEntity response = restTemplate.exchange(cxProperties.getBaseUrl().concat(ODATA_SCAN_SIMILARITY_IDS), + HttpMethod.GET, requestEntity, String.class, scanId); + JSONObject obj = new JSONObject(response.getBody()); + JSONArray value = obj.getJSONArray("value"); + // We only expect a single entry in the array + JSONObject scan = value.getJSONObject(0); + JSONArray results = scan.getJSONArray("Results"); + for (int i = 0; i < results.length(); i++) { + JSONObject result = results.getJSONObject(i); + int similarityId = result.getInt("SimilarityId"); + similarityIds.add(similarityId); + } + return similarityIds; + } catch (HttpStatusCodeException e) { + log.error("Error occurred while fetching results for scan {}, http error {}", scanId, e.getStatusCode()); + log.error(ExceptionUtils.getStackTrace(e)); + } catch (JSONException e) { + log.error("Error occurred while processing JSON"); + log.error(ExceptionUtils.getStackTrace(e)); + } + return null; + } /** * Get the status of a given scanId @@ -806,11 +837,30 @@ private Map getIssues(FilterConfiguration filter, String sessio .map(FilterConfiguration::getSastFilters) .orElse(null); + Set similarityIdsToExclude = null; + if (cxProperties.getRestrictResultsToBranch() != null && cxProperties.getRestrictResultsToBranch()) { + log.debug("Restricting results to current branch"); + int projectId = Integer.parseInt(cxResults.getProjectId()); + CxProjectBranch branch = getProjectBranch(projectId); + if (branch != null) { + log.debug("Excluding results from scan {} (and earlier)", branch.getBranchedOnScanId()); + similarityIdsToExclude = getScanSimilarityIds(branch.getBranchedOnScanId()); + log.trace("similarityIdsToExclude: {}", similarityIdsToExclude); + } else { + log.debug("Cannot get branch details for project {}", cxResults.getProjectId()); + } + } + DateTimeFormatter formatter = DateTimeFormatter.ofPattern(cxProperties.getDetectionDateFormat()); for (QueryType result : cxResults.getQuery()) { ScanResults.XIssue.XIssueBuilder xIssueBuilder = ScanResults.XIssue.builder(); /*Top node of each issue*/ for (ResultType resultType : result.getResult()) { + int similarityId = Integer.parseInt(resultType.getPath().getSimilarityId()); + if (similarityIdsToExclude != null && similarityIdsToExclude.contains(similarityId)) { + log.trace("Excluding result {} (with similarityId {})", resultType.getNodeId(), similarityId); + continue; + } FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(result, resultType); if (filterValidator.passesFilter(filterInput, sastFilters)) { boolean falsePositive = false; From acd2e41cc66dea37695ba2d8c2011d688e3e73d5 Mon Sep 17 00:00:00 2001 From: James Bostock Date: Thu, 6 Oct 2022 09:56:18 +0000 Subject: [PATCH 3/9] Add additional trace log statements --- src/main/java/com/checkmarx/sdk/service/CxService.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index 3c0773d7..adf04927 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -851,6 +851,7 @@ private Map getIssues(FilterConfiguration filter, String sessio } } + log.debug("similarityIdsToExclude: {}", similarityIdsToExclude); DateTimeFormatter formatter = DateTimeFormatter.ofPattern(cxProperties.getDetectionDateFormat()); for (QueryType result : cxResults.getQuery()) { ScanResults.XIssue.XIssueBuilder xIssueBuilder = ScanResults.XIssue.builder(); @@ -860,6 +861,8 @@ private Map getIssues(FilterConfiguration filter, String sessio if (similarityIdsToExclude != null && similarityIdsToExclude.contains(similarityId)) { log.trace("Excluding result {} (with similarityId {})", resultType.getNodeId(), similarityId); continue; + } else { + log.trace("Not excluding result {} (with similarityId {})", resultType.getNodeId(), similarityId); } FilterInput filterInput = filterInputFactory.createFilterInputForCxSast(result, resultType); if (filterValidator.passesFilter(filterInput, sastFilters)) { From eca75bf3ba58208ae5125d3f020c0c4bdc6d1f28 Mon Sep 17 00:00:00 2001 From: James Bostock Date: Mon, 17 Oct 2022 00:58:47 +0000 Subject: [PATCH 4/9] If restricting results to branch, don't fetch scan summary Fortunately, the getIssues method itself returns a Map containing the scan summary. Adding an appropriate constructor to the CxScanSummary class allows us to use this map, instead of fetching the summary from CxSAST, when restricting results to a branch. --- .../com/checkmarx/sdk/dto/cx/CxScanSummary.java | 10 ++++++++++ .../java/com/checkmarx/sdk/service/CxService.java | 15 +++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/checkmarx/sdk/dto/cx/CxScanSummary.java b/src/main/java/com/checkmarx/sdk/dto/cx/CxScanSummary.java index 529b1afa..96f76b6d 100644 --- a/src/main/java/com/checkmarx/sdk/dto/cx/CxScanSummary.java +++ b/src/main/java/com/checkmarx/sdk/dto/cx/CxScanSummary.java @@ -1,5 +1,7 @@ package com.checkmarx.sdk.dto.cx; +import java.time.LocalDateTime; +import java.util.Map; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; @@ -27,6 +29,14 @@ public class CxScanSummary { public CxScanSummary() { } + public CxScanSummary(Map summary) { + highSeverity = summary.getOrDefault("High", 0); + mediumSeverity = summary.getOrDefault("Medium", 0); + lowSeverity = summary.getOrDefault("Low", 0); + infoSeverity = summary.getOrDefault("Info", 0); + LocalDateTime now = LocalDateTime.now(); + statisticsCalculationDate = now.toString(); + } public Integer getHighSeverity() { return highSeverity; } diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index adf04927..b57bda79 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -517,7 +517,13 @@ public ScanResults getReportContent(Integer reportId, FilterConfiguration filter cxScanBuilder.xIssues(xIssueList); cxScanBuilder.setVersion(cxResults.getCheckmarxVersion()); cxScanBuilder.additionalDetails(getAdditionalScanDetails(cxResults)); - CxScanSummary scanSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId())); + CxScanSummary scanSummary = null; + if (cxProperties.getRestrictResultsToBranch() != null && cxProperties.getRestrictResultsToBranch()) { + scanSummary = new CxScanSummary(summary); + } else { + scanSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId())); + } + log.debug("scanSummary: {}", scanSummary); cxScanBuilder.scanSummary(scanSummary); ScanResults results = cxScanBuilder.build(); //Add the summary map (severity, count) @@ -708,7 +714,12 @@ public ScanResults getReportContent(File file, FilterConfiguration filter) throw cxScanBuilder.additionalDetails(getAdditionalScanDetails(cxResults)); ScanResults results = cxScanBuilder.build(); if (!cxProperties.getOffline() && !ScanUtils.empty(cxResults.getScanId())) { - CxScanSummary scanSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId())); + CxScanSummary scanSummary = null; + if (cxProperties.getRestrictResultsToBranch() != null && cxProperties.getRestrictResultsToBranch()) { + scanSummary = new CxScanSummary(summary); + } else { + scanSummary = getScanSummaryByScanId(Integer.valueOf(cxResults.getScanId())); + } results.setScanSummary(scanSummary); } results.getAdditionalDetails().put(Constants.SUMMARY_KEY, summary); From 3a74ea6311d06c116057cde3efef9a71b5d2a8b0 Mon Sep 17 00:00:00 2001 From: James Bostock Date: Thu, 27 Oct 2022 15:59:52 +1100 Subject: [PATCH 5/9] Handle 403 response to OData request as a special case To use the OData API, the user must be assigned a role with the API permission, and the clientId and scope must be set differently (see https://checkmarx.com/resource/documents/en/34965-46554-cxsast--odata--api-authentication.html). --- .../java/com/checkmarx/sdk/service/CxService.java | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index b57bda79..aaf3b5d1 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -327,8 +327,17 @@ public Set getScanSimilarityIds(Integer scanId) { } return similarityIds; } catch (HttpStatusCodeException e) { - log.error("Error occurred while fetching results for scan {}, http error {}", scanId, e.getStatusCode()); - log.error(ExceptionUtils.getStackTrace(e)); + // If we get a 403, then the likely explanation is that either + // the user does not have a role with the API permission, or the + // client-id or scope have not been set correctly (for OData). + if (e.getStatusCode() == HttpStatus.FORBIDDEN) { + log.error("User is not permitted to access the Checkmarx SAST OData API"); + log.error("OData access is required if the restrict-results-to-branch option is enabled."); + log.error("See https://checkmarx.com/resource/documents/en/34965-46554-cxsast--odata--api-authentication.html"); + } else { + log.error("Error occurred while fetching results for scan {}, http error {}", scanId, e.getStatusCode()); + log.error(ExceptionUtils.getStackTrace(e)); + } } catch (JSONException e) { log.error("Error occurred while processing JSON"); log.error(ExceptionUtils.getStackTrace(e)); From fcc158b23797002680d1a45aa83b01b48fc20e16 Mon Sep 17 00:00:00 2001 From: James Bostock Date: Wed, 30 Nov 2022 08:44:24 +1100 Subject: [PATCH 6/9] Add debug and trace log messages --- src/main/java/com/checkmarx/sdk/service/CxService.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index aaf3b5d1..4d582c24 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -856,6 +856,7 @@ private Map getIssues(FilterConfiguration filter, String sessio EngineFilterConfiguration sastFilters = Optional.ofNullable(filter) .map(FilterConfiguration::getSastFilters) .orElse(null); + log.debug("sastFilters: {}", sastFilters); Set similarityIdsToExclude = null; if (cxProperties.getRestrictResultsToBranch() != null && cxProperties.getRestrictResultsToBranch()) { @@ -956,6 +957,8 @@ private Map getIssues(FilterConfiguration filter, String sessio xIssueBuilder.details(details); ScanResults.XIssue issue = xIssueBuilder.build(); prepareIssuesRemoveDuplicates(cxIssueList, resultType, details, falsePositive, issue, summary); + } else { + log.trace("Result with similarityId {} did not pass filter", similarityId); } } } From a437605f72670a5c6da248d33fa1bdd977c95ae6 Mon Sep 17 00:00:00 2001 From: James Bostock Date: Tue, 17 Jan 2023 11:27:56 +1100 Subject: [PATCH 7/9] Remove duplicate functionality The CxProjectBranch class and the CxService.getProjectBranch method are superseded by the CxProjectBranchingStatus class and the CxService.getProjectBranchingStatus method introduced by pull request 279 (https://github.com/checkmarx-ltd/checkmarx-spring-boot-java-sdk/pull/279). --- .../checkmarx/sdk/dto/cx/CxProjectBranch.java | 29 ----------- .../com/checkmarx/sdk/service/CxService.java | 52 +------------------ 2 files changed, 1 insertion(+), 80 deletions(-) delete mode 100644 src/main/java/com/checkmarx/sdk/dto/cx/CxProjectBranch.java diff --git a/src/main/java/com/checkmarx/sdk/dto/cx/CxProjectBranch.java b/src/main/java/com/checkmarx/sdk/dto/cx/CxProjectBranch.java deleted file mode 100644 index a0434591..00000000 --- a/src/main/java/com/checkmarx/sdk/dto/cx/CxProjectBranch.java +++ /dev/null @@ -1,29 +0,0 @@ -package com.checkmarx.sdk.dto.cx; - -import java.util.Date; - -import lombok.Getter; -import lombok.Setter; -import lombok.ToString; - -@Getter -@Setter -@ToString -public class CxProjectBranch { - public Integer id; - public Integer originalProjectId; - public Integer branchedOnScanId; - public Integer branchedProjectId; - public Date timestamp; - public String comment; - public Status status; - public String errorMessage; - - @Getter - @Setter - @ToString - public static class Status { - public Integer id; - public String value; - } -} diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index 543964cc..06b78ff5 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -870,7 +870,7 @@ private Map getIssues(FilterConfiguration filter, String sessio if (cxProperties.getRestrictResultsToBranch() != null && cxProperties.getRestrictResultsToBranch()) { log.debug("Restricting results to current branch"); int projectId = Integer.parseInt(cxResults.getProjectId()); - CxProjectBranch branch = getProjectBranch(projectId); + CxProjectBranchingStatus branch = getProjectBranchingStatus(projectId); if (branch != null) { log.debug("Excluding results from scan {} (and earlier)", branch.getBranchedOnScanId()); similarityIdsToExclude = getScanSimilarityIds(branch.getBranchedOnScanId()); @@ -1389,56 +1389,6 @@ public CxProject getProject(Integer projectId) { return null; } - - /** - * Return project branch based on projectId - * - * @return - */ - public CxProjectBranch getProjectBranch(Integer projectId) { - log.debug("Retrieving branch details for project {}", projectId); - HttpEntity httpEntity = new HttpEntity<>(authClient.createAuthHeaders()); - try { - ResponseEntity project = restTemplate.exchange(cxProperties.getUrl().concat(PROJECT_BRANCH_DETAILS), HttpMethod.GET, httpEntity, CxProjectBranch.class, projectId); - return project.getBody(); - } catch (HttpStatusCodeException e) { - if (e.getStatusCode() != HttpStatus.NOT_FOUND) { - log.error(ERROR_GETTING_PROJECT_BRANCH, projectId, e.getStatusCode()); - log.error(ExceptionUtils.getStackTrace(e)); - } else { - /* - * For version 2.2 and higher of the SAST API, if a project is not branched, a 404 response - * will be returned and the body of the response will be JSON data: - * - * { - * "messageCode": 49805, - * "messageDetails": "Branch with id 168 was not found" - * } - * - * For earlier versions of the SAST API, the body will be a HTML document with a generic - * "resource not found" message. - */ - String responseBody = e.getResponseBodyAsString(); - try { - JSONObject obj = new JSONObject(responseBody); - int messageCode = obj.optInt("messageCode"); - if (messageCode == MESSAGE_CODE_BRANCH_NOT_FOUND) { - log.debug("Project {} is not a branched project", projectId); - } else { - String messageDetails = obj.optString("messageDetails"); - log.debug("{}: unexpected message code in response (messageDetails: {})", messageCode, messageDetails); - } - } catch (JSONException je) { - log.debug("Response payload is not JSON. Assuming a version of SAST that does not support the GET /projects/branch/{id} API"); - } - } - } catch (JSONException e) { - log.error("Error processing JSON Response"); - log.error(ExceptionUtils.getStackTrace(e)); - } - return null; - } - /** * Check if a scan exists for a projectId */ From e0ffb17fcba82722da9a8d5440ee5381d2837b1c Mon Sep 17 00:00:00 2001 From: James Bostock Date: Tue, 17 Jan 2023 11:31:07 +1100 Subject: [PATCH 8/9] Remove superfluous import statement --- src/main/java/com/checkmarx/sdk/service/CxService.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index 06b78ff5..b60a9bee 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -3,7 +3,6 @@ import com.checkmarx.sdk.config.Constants; import com.checkmarx.sdk.config.CxProperties; import com.checkmarx.sdk.config.CxPropertiesBase; -import com.checkmarx.sdk.dto.cx.CxProjectBranchingStatus; import com.checkmarx.sdk.dto.sast.Filter; import com.checkmarx.sdk.dto.ScanResults; import com.checkmarx.sdk.dto.cx.*; From 6f0934dc83f4203e801eb2a329249104bf9416e7 Mon Sep 17 00:00:00 2001 From: satyamchaurasiapersistent <102941840+satyamchaurasiapersistent@users.noreply.github.com> Date: Wed, 25 Jan 2023 06:41:01 +0530 Subject: [PATCH 9/9] Update pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4c372f2e..47f80d5d 100644 --- a/pom.xml +++ b/pom.xml @@ -12,7 +12,7 @@ cx-spring-boot-sdk - 0.5.37 + 0.5.38 cx-spring-boot-sdk Checkmarx Java Spring Boot SDK