From 2b809ef97527bf9d515b4028303355cbcbf32e14 Mon Sep 17 00:00:00 2001 From: Satyam Chaurasia Date: Sat, 23 Mar 2024 15:26:08 +0530 Subject: [PATCH 1/5] CXFLW-1176 Branching is broken (again) when using a project name Groovy script --- pom.xml | 2 +- .../com/checkmarx/sdk/config/CxProperties.java | 5 +++++ .../com/checkmarx/sdk/service/CxService.java | 16 ++++++++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5399d568..48cf6bcc 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ com.github.checkmarx-ltd cx-spring-boot-sdk - 0.6.1 + 0.6.3 cx-spring-boot-sdk Checkmarx Java Spring Boot SDK diff --git a/src/main/java/com/checkmarx/sdk/config/CxProperties.java b/src/main/java/com/checkmarx/sdk/config/CxProperties.java index b16c5d53..197757c9 100644 --- a/src/main/java/com/checkmarx/sdk/config/CxProperties.java +++ b/src/main/java/com/checkmarx/sdk/config/CxProperties.java @@ -66,6 +66,11 @@ public class CxProperties extends CxPropertiesBase{ @Getter @Setter private Map customStateFalsePositiveMap; + + + @Getter @Setter + private Map modifyBranchNameByPatternMap; + private Map sshKeyList; private Boolean cxBranch = false; diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index fdbe9b2a..87dbafcb 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -61,6 +61,7 @@ import java.time.format.DateTimeFormatter; import java.time.format.DateTimeParseException; import java.util.concurrent.atomic.AtomicInteger; +import java.util.regex.Pattern; import java.util.stream.Stream; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; @@ -2213,6 +2214,16 @@ public Integer createScan(CxScanParams params, String comment) throws CheckmarxE if(defaultBranch == null || defaultBranch.equalsIgnoreCase("")){ log.info("Default Branch Name not found"); } + + if (cxProperties.getModifyBranchNameByPatternMap() != null) { + for (Map.Entry entry : cxProperties.getModifyBranchNameByPatternMap().entrySet()) { + String pattern = entry.getKey(); + String replacementChar = entry.getValue(); + currentBranch = editBranchString(currentBranch, pattern, replacementChar); + defaultBranch = editBranchString(defaultBranch, pattern, replacementChar); + } + } + //params.getModifiedProjectName() have modified branch name in case if project name is append with current branch and there is script to change such project name //that changes branch value as well if(currentBranch != null && !currentBranch.equalsIgnoreCase("") && params.getProjectName().contains(currentBranch)){ @@ -2472,6 +2483,11 @@ public Integer createScan(CxScanParams params, String comment) throws CheckmarxE return UNKNOWN_INT; } + public static String editBranchString(String text, String pattern, String replacement) { + Pattern regex = Pattern.compile(pattern); + return regex.matcher(text).replaceAll(replacement); + } + private void setExcludeSettingsDetails(ExcludeSettingsmain excludeSettingsmainObj, Integer projectId) { HttpEntity requestEntity = new HttpEntity<>(excludeSettingsmainObj,authClient.createAuthHeaders()); try { From afb8a117c4685ba7560883c8208417d08daa05cb Mon Sep 17 00:00:00 2001 From: Satyam Chaurasia Date: Sat, 23 Mar 2024 15:44:10 +0530 Subject: [PATCH 2/5] CXFLW-869 Concurrency issue Fix --- .../java/com/checkmarx/sdk/service/scanner/AbstractScanner.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/checkmarx/sdk/service/scanner/AbstractScanner.java b/src/main/java/com/checkmarx/sdk/service/scanner/AbstractScanner.java index 55e16287..79ba46e1 100644 --- a/src/main/java/com/checkmarx/sdk/service/scanner/AbstractScanner.java +++ b/src/main/java/com/checkmarx/sdk/service/scanner/AbstractScanner.java @@ -64,7 +64,7 @@ public AstScaResults scanForPDF(ScanParams scanParams,PDFPropertiesSCA pdfSCApro protected abstract AstScaResults toResults(ResultsBase scanResults); - protected ResultsBase executeScan(RestClientConfig restClientConfig) { + protected synchronized ResultsBase executeScan(RestClientConfig restClientConfig) { ResultsBase finalResults; From 6ce9be8ca9d5ecb58f8bedd3950f6415fb0ad4b4 Mon Sep 17 00:00:00 2001 From: Satyam Chaurasia Date: Tue, 26 Mar 2024 17:10:36 +0530 Subject: [PATCH 3/5] CXFLW-916 scan location overwrite --- .../com/checkmarx/sdk/service/CxService.java | 138 ++++++++++++------ .../checkmarx/sdk/utils/SASTScanReport.java | 26 ++++ 2 files changed, 119 insertions(+), 45 deletions(-) create mode 100644 src/main/java/com/checkmarx/sdk/utils/SASTScanReport.java diff --git a/src/main/java/com/checkmarx/sdk/service/CxService.java b/src/main/java/com/checkmarx/sdk/service/CxService.java index fdbe9b2a..20ac0c83 100644 --- a/src/main/java/com/checkmarx/sdk/service/CxService.java +++ b/src/main/java/com/checkmarx/sdk/service/CxService.java @@ -25,6 +25,7 @@ import com.checkmarx.sdk.remotesettings.tfs.Tfsremotemain; import com.checkmarx.sdk.service.scanner.CxClient; import com.checkmarx.sdk.utils.CxRepoFileHelper; +import com.checkmarx.sdk.utils.SASTScanReport; import com.checkmarx.sdk.utils.ScanUtils; import com.checkmarx.sdk.utils.scanner.client.ScanClientHelper; import com.checkmarx.sdk.utils.scanner.client.httpClient.CxHttpClient; @@ -130,6 +131,7 @@ public class CxService implements CxClient { private static final String PROJECT_BRANCH_STATUS = "/projects/branch/{id}"; private static final String PROJECT_SOURCE = "/projects/{id}/sourceCode/remoteSettings/git"; private static final String PROJECT_SOURCE_FILE = "/projects/{id}/sourceCode/attachments"; + private static final String PROJECT_SOURCE_FILE_WITH_SETTINGS = "/sast/scanWithSettings"; private static final String PROJECT_EXCLUDE = "/projects/{id}/sourceCode/excludeSettings"; private static final String PROJECT_BRANCH_DETAILS = "/projects/branch/{id}"; private static final String SCAN = "/sast/scans"; @@ -276,7 +278,8 @@ public JSONObject getScanData(String scanId) { } @Override - public LocalDateTime getLastScanDate(Integer projectId) { + public LocalDateTime + getLastScanDate(Integer projectId) { HttpEntity requestEntity = new HttpEntity<>(authClient.createAuthHeaders()); DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss"); @@ -1795,9 +1798,6 @@ public void updateProjectCustomFields(CxProject cxProject) throws CheckmarxExcep } } - /** - * Upload file (zip of source) for a project - */ public void uploadProjectSource(Integer projectId, File file) throws CheckmarxException { HttpHeaders headers = authClient.createAuthHeaders(); headers.setContentType(MediaType.MULTIPART_FORM_DATA); @@ -1818,6 +1818,44 @@ public void uploadProjectSource(Integer projectId, File file) throws CheckmarxEx } } + /** + * Upload file (zip of source) for a project + */ + public Integer uploadProjectSource(CxScanParams params,Integer projectId, File file,String comment) throws CheckmarxException { + HttpHeaders headers = authClient.createAuthHeaders(); + headers.setContentType(MediaType.MULTIPART_FORM_DATA); + + LinkedMultiValueMap map = new LinkedMultiValueMap<>(); + FileSystemResource value = new FileSystemResource(file); + map.add("projectId", projectId); + map.add("customFields", params.getCustomFields()); + map.add("overrideProjectSetting", cxProperties.getOverrideProjectSetting()); + map.add("isIncremental", params.isIncremental()); + map.add("isPublic", params.isPublic()); + map.add("forceScan", params.isForceScan()); + map.add("comment", comment); + map.add("presetId", getPresetId(params.getScanPreset())); //Test Satyam + map.add("engineConfigurationId",getScanConfiguration(params.getScanConfiguration())); //Test Satyam + map.add("zippedSource", value); + + HttpEntity> requestEntity = new HttpEntity<>(map, headers); + + try { + log.info("Updating Source details for project Id {}", projectId); + String response = restTemplate.exchange(cxProperties.getUrl().concat(PROJECT_SOURCE_FILE_WITH_SETTINGS), HttpMethod.POST, requestEntity, String.class).getBody(); + JSONObject obj = new JSONObject(response); + String id = obj.get("id").toString(); + log.info("Scan created with Id {} for project Id {}", id, projectId); + System.err.println("cxflowscanidextractiongithubaction " +id+ "endofstatementscanidaction"); + return Integer.parseInt(id); + + } catch (HttpStatusCodeException e) { + log.error(ExceptionUtils.getStackTrace(e)); + log.error("Error occurred while uploading Project source for project id {}.", projectId); + } + return UNKNOWN_INT; + } + public void setProjectExcludeDetails(Integer projectId, List excludeFolders, List excludeFiles) { String excludeFilesStr = ""; String excludeFolderStr = ""; @@ -2380,8 +2418,6 @@ public Integer createScan(CxScanParams params, String comment) throws CheckmarxE // Svnremotemain svnremotemainObj = getSvnRepoDetails(projectId); // Tfsremotemain tfsremotemainObj = getTfsRepoDetails(projectId); // ExcludeSettingsmain excludeSettingsmainObj = getExcludeSettingsDetails(projectId); - - prepareSources(params, projectId); //Setting Remembered Git Settings // try { // if(params.isFileSource() || (params.isGitSource() @@ -2413,10 +2449,6 @@ public Integer createScan(CxScanParams params, String comment) throws CheckmarxE // log.error("Error Occurred While Setting Settings."); // log.error(ExceptionUtils.getStackTrace(e)); // } - - - - if(params.isIncremental() && projectExistedBeforeScan) { LocalDateTime scanDate = getLastScanDate(projectId); if(scanDate == null || LocalDateTime.now().isAfter(scanDate.plusDays(cxProperties.getIncrementalThreshold()))){ @@ -2433,41 +2465,47 @@ public Integer createScan(CxScanParams params, String comment) throws CheckmarxE params.setIncremental(false); } - CxScan scan = CxScan.builder() - .projectId(projectId) - .isIncremental(params.isIncremental()) - .forceScan(params.isForceScan()) - .isPublic(params.isPublic()) - .comment(comment) - .customFields(params.getScanCustomFields()) - .build(); - log.debug("scan: {}", scan); + SASTScanReport SASTScanReportObj = prepareSources(params, projectId,comment); + if(SASTScanReportObj.isHasFindings()){ + CxScan scan = CxScan.builder() + .projectId(projectId) + .isIncremental(params.isIncremental()) + .forceScan(params.isForceScan()) + .isPublic(params.isPublic()) + .comment(comment) + .customFields(params.getScanCustomFields()) + .build(); + log.debug("scan: {}", scan); - HttpHeaders headers = authClient.createAuthHeaders(); - headers.add(CxHttpClient.ORIGIN_HEADER, ScanClientHelper.CX_FLOW_SCAN_ORIGIN_NAME); - HttpEntity requestEntity = new HttpEntity<>(scan, headers); + HttpHeaders headers = authClient.createAuthHeaders(); + headers.add(CxHttpClient.ORIGIN_HEADER, ScanClientHelper.CX_FLOW_SCAN_ORIGIN_NAME); + HttpEntity requestEntity = new HttpEntity<>(scan, headers); - log.info("Creating Scan for project Id {}", projectId); - try { - String response = restTemplate.postForObject(cxProperties.getUrl().concat(SCAN), requestEntity, String.class); - JSONObject obj = new JSONObject(response); - String id = obj.get("id").toString(); - log.info("Scan created with Id {} for project Id {}", id, projectId); - System.err.println("cxflowscanidextractiongithubaction " +id+ "endofstatementscanidaction"); - return Integer.parseInt(id); - } catch (HttpStatusCodeException e) { - log.error(SCAN_CREATION_ERROR, projectId, e.getStatusCode()); - log.error(ExceptionUtils.getStackTrace(e)); - } catch (JSONException e) { - log.error("Error Occurred While processing JSON"); - log.error(ExceptionUtils.getStackTrace(e)); - } finally { - if (params.isGitSource() && cxProperties.getEnabledZipScan() || params.isFileSource()){ - FileUtils.deleteQuietly(new File(params.getFilePath())); + log.info("Creating Scan for project Id {}", projectId); + try { + String response = restTemplate.postForObject(cxProperties.getUrl().concat(SCAN), requestEntity, String.class); + JSONObject obj = new JSONObject(response); + String id = obj.get("id").toString(); + log.info("Scan created with Id {} for project Id {}", id, projectId); + System.err.println("cxflowscanidextractiongithubaction " +id+ "endofstatementscanidaction"); + return Integer.parseInt(id); + } catch (HttpStatusCodeException e) { + log.error(SCAN_CREATION_ERROR, projectId, e.getStatusCode()); + log.error(ExceptionUtils.getStackTrace(e)); + } catch (JSONException e) { + log.error("Error Occurred While processing JSON"); + log.error(ExceptionUtils.getStackTrace(e)); + } finally { + if (params.isGitSource() && cxProperties.getEnabledZipScan() || params.isFileSource()){ + FileUtils.deleteQuietly(new File(params.getFilePath())); + } } + }else{ + return SASTScanReportObj.getScanId(); } + log.info("...Finished creating scan"); return UNKNOWN_INT; } @@ -2641,19 +2679,29 @@ private Gitremotemain getGitRepoDetails(Integer projectId) { } - private void prepareSources(CxScanParams params, Integer projectId) throws CheckmarxException { - if (params.isFileSource()) { + private SASTScanReport prepareSources(CxScanParams params, Integer projectId, String comment) throws CheckmarxException { + if (params.isFileSource() && !cxProperties.getOverrideProjectSetting()) { + return new SASTScanReport(uploadProjectSource(params,projectId, new File(params.getFilePath()),comment),false); + }else if(params.isFileSource() && cxProperties.getOverrideProjectSetting()){ uploadProjectSource(projectId, new File(params.getFilePath())); - } - else if (params.isGitSource()) { - if (cxProperties.getEnabledZipScan()) { + return new SASTScanReport(UNKNOWN_INT,true); + }else if (params.isGitSource()) { + if (cxProperties.getEnabledZipScan() && cxProperties.getOverrideProjectSetting()) { String clonedRepoPath = cxRepoFileHelper.prepareRepoFile(params); uploadProjectSource(projectId, new File(clonedRepoPath)); params.setFilePath(clonedRepoPath); - }else { + return new SASTScanReport(UNKNOWN_INT,true); + }else if(cxProperties.getEnabledZipScan() && !cxProperties.getOverrideProjectSetting()){ + String clonedRepoPath = cxRepoFileHelper.prepareRepoFile(params); + uploadProjectSource(params,projectId, new File(clonedRepoPath),comment); + params.setFilePath(clonedRepoPath); + return new SASTScanReport(uploadProjectSource(params,projectId, new File(clonedRepoPath),comment),false); + } + else { setProjectRepositoryDetails(projectId, params.getGitUrl(), params.getBranch(), params); } } + return new SASTScanReport(UNKNOWN_INT,true); } private Integer determineProjectId(CxScanParams params, String teamId) { diff --git a/src/main/java/com/checkmarx/sdk/utils/SASTScanReport.java b/src/main/java/com/checkmarx/sdk/utils/SASTScanReport.java new file mode 100644 index 00000000..d56c54fb --- /dev/null +++ b/src/main/java/com/checkmarx/sdk/utils/SASTScanReport.java @@ -0,0 +1,26 @@ +public class SASTScanReport { + + private int scanId; + private boolean hasFindings; + + public SASTScanReport(int scanId, boolean hasFindings) { + this.scanId = scanId; + this.hasFindings = hasFindings; + } + + public int getScanId() { + return scanId; + } + + public void setScanId(int scanId) { + this.scanId = scanId; + } + + public boolean isHasFindings() { + return hasFindings; + } + + public void setHasFindings(boolean hasFindings) { + this.hasFindings = hasFindings; + } +} From 8aaeb56323c4703e7fd0f4242849c2d919c24a7c Mon Sep 17 00:00:00 2001 From: Satyam Chaurasia Date: Tue, 26 Mar 2024 17:14:40 +0530 Subject: [PATCH 4/5] Added git sastscanreport file --- src/main/java/com/checkmarx/sdk/utils/SASTScanReport.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/com/checkmarx/sdk/utils/SASTScanReport.java b/src/main/java/com/checkmarx/sdk/utils/SASTScanReport.java index d56c54fb..58cf0288 100644 --- a/src/main/java/com/checkmarx/sdk/utils/SASTScanReport.java +++ b/src/main/java/com/checkmarx/sdk/utils/SASTScanReport.java @@ -1,3 +1,5 @@ +package com.checkmarx.sdk.utils; + public class SASTScanReport { private int scanId; From 54f01d953f350b22a371e5d7e7cb44462d783637 Mon Sep 17 00:00:00 2001 From: Satyam Chaurasia Date: Tue, 26 Mar 2024 17:17:01 +0530 Subject: [PATCH 5/5] Adding cxpropertes file --- src/main/java/com/checkmarx/sdk/config/CxProperties.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/com/checkmarx/sdk/config/CxProperties.java b/src/main/java/com/checkmarx/sdk/config/CxProperties.java index b16c5d53..392e390b 100644 --- a/src/main/java/com/checkmarx/sdk/config/CxProperties.java +++ b/src/main/java/com/checkmarx/sdk/config/CxProperties.java @@ -92,6 +92,9 @@ public class CxProperties extends CxPropertiesBase{ @Setter private Boolean deleteRunningScans = false; + @Getter @Setter + private Boolean overrideProjectSetting = true; + /** * Maps finding state ID (as returned in CxSAST report) to state name (as specified in filter configuration).