Added exclude parameters for vulnerability (#1395)

* Added exclude parameters for vulnerability * Added documentation
checkmarx-ltd · Oct 3, 2024 · 707002e · 707002e
1 parent f678dfc
commit 707002e
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 5 deletions.
diff --git a/build.gradle b/build.gradle
@@ -2,7 +2,8 @@ import org.gradle.api.tasks.testing.Test
 
 buildscript {
     ext {
-        CxSBSDK = "0.6.15"
+
+        CxSBSDK = "0.6.17"
         ConfigProviderVersion = '1.0.14'
         //cxVersion = "8.90.5"
         springBootVersion = '3.2.5'

diff --git a/docs/Configuration.md b/docs/Configuration.md
@@ -7,6 +7,7 @@
   * [Cx-Flow Section](#cxflow)
     * [E-Mail notifications](#email)
     * [Filtering](#filtering)
+    * [Excluding Vulnerability](#excludeFilter)
     * [Excluding Files from Zip Archive](#excludezip)
     * [Break build](#break)
   * [Checkmarx Section](#checkmarx)
@@ -505,6 +506,20 @@ cx-flow:
 * **State** → Urgent | Confirmed
 
 All values are case-sensitive as per the output from Checkmarx (i.e. High severity, Stored_XSS, Confirmed).
+#### <a name="excludeFilter">Excluding Vulnerability</a>
+We can exclude vulnerabilities according to category, cwe and state.  
+
+```yaml
+cx-flow:
+ exclude-category: Stored_XSS
+ exclude-cwe: 79
+ exclude-state: Confirmed
+```
+* **Category** → Vulnerability name within Checkmarx
+* **CWE** → CWE value from Checkmarx
+* **State** → Urgent | Confirmed
+
+All values are case-sensitive as per the output from Checkmarx (Stored_XSS, Confirmed).
 
 #### <a name="excludezip">Excluding and Including Files from Zip Archive</a>
 

diff --git a/src/main/java/com/checkmarx/flow/config/FlowProperties.java b/src/main/java/com/checkmarx/flow/config/FlowProperties.java
@@ -28,6 +28,15 @@ public class FlowProperties {
     private List<String> filterCategory;
     private List<String> filterStatus;
     private List<String> filterState;
+    @Getter
+    @Setter
+    private List<String> excludeCategory;
+    @Getter
+    @Setter
+    private List<String> excludeCwe;
+    @Getter
+    @Setter
+    private List<String> excludeState;
     private String filterScript;
     private String commentScript;
     private List<String> enabledVulnerabilityScanners=new ArrayList<>();

diff --git a/src/main/java/com/checkmarx/flow/dto/ControllerRequest.java b/src/main/java/com/checkmarx/flow/dto/ControllerRequest.java
@@ -24,6 +24,9 @@ public class ControllerRequest {
     private List<String> severity;
     private List<String> cwe;
     private List<String> category;
+    private List<String> excludeCategory;
+    private List<String> excludeCwe;
+    private List<String> excludeState;
     private String project;
     private String team;
     private List<String> status;

diff --git a/src/main/java/com/checkmarx/flow/service/FilterFactory.java b/src/main/java/com/checkmarx/flow/service/FilterFactory.java
@@ -34,7 +34,10 @@ public FilterConfiguration getFilter(ControllerRequest request,
                     request.getCategory(),
                     request.getStatus(),
                     request.getState(),
-                    null);
+                    null,
+                    request.getExcludeCategory(),
+                    request.getExcludeCwe(),
+                    request.getExcludeState());
         } else if (flowProperties != null) {
             result = getFilterFromProperties(flowProperties);
         } else {
@@ -67,7 +70,10 @@ private FilterConfiguration getFilterFromProperties(FlowProperties flowPropertie
                 flowProperties.getFilterCategory(),
                 flowProperties.getFilterStatus(),
                 flowProperties.getFilterState(),
-                flowProperties.getFilterScript());
+                flowProperties.getFilterScript(),
+                flowProperties.getExcludeCategory(),
+                flowProperties.getExcludeCwe(),
+                flowProperties.getExcludeState());
     }
 
     private boolean hasRequiredProperties(ControllerRequest request) {
@@ -86,14 +92,19 @@ private FilterConfiguration getFilterFromLists(List<String> severity,
                                                  List<String> category,
                                                  List<String> status,
                                                  List<String> state,
-                                                 String filterScript) {
+                                                 String filterScript,
+                                                   List<String> excludeCategory,
+                                                   List<String> excludeCwe,
+                                                   List<String> excludeState) {
         List<Filter> simpleFilters = new ArrayList<>();
         simpleFilters.addAll(getListByFilterType(severity, Filter.Type.SEVERITY));
         simpleFilters.addAll(getListByFilterType(cwe, Filter.Type.CWE));
         simpleFilters.addAll(getListByFilterType(category, Filter.Type.TYPE));
         simpleFilters.addAll(getListByFilterType(status, Filter.Type.STATUS));
         simpleFilters.addAll(getListByFilterType(state, Filter.Type.STATE));
-
+        simpleFilters.addAll(getListByFilterType(excludeCategory,Filter.Type.EXCLUDETYPE));
+        simpleFilters.addAll(getListByFilterType(excludeCwe,Filter.Type.EXCLUDECWE));
+        simpleFilters.addAll(getListByFilterType(excludeState,Filter.Type.EXCLUDESTATE));
         return getFilterFromComponents(filterScript, simpleFilters);
     }