From 707002e13ee3988bfef4031faeb6e44c1e81837a Mon Sep 17 00:00:00 2001
From: itsKedar <37594766+itsKedar@users.noreply.github.com>
Date: Thu, 3 Oct 2024 10:01:10 +0530
Subject: [PATCH] Added exclude parameters for vulnerability (#1395)
* Added exclude parameters for vulnerability
* Added documentation
---
build.gradle | 3 ++-
docs/Configuration.md | 15 +++++++++++++++
.../checkmarx/flow/config/FlowProperties.java | 9 +++++++++
.../checkmarx/flow/dto/ControllerRequest.java | 3 +++
.../checkmarx/flow/service/FilterFactory.java | 19 +++++++++++++++----
5 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/build.gradle b/build.gradle
index d03a9b817..124b7971b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,7 +2,8 @@ import org.gradle.api.tasks.testing.Test
buildscript {
ext {
- CxSBSDK = "0.6.15"
+
+ CxSBSDK = "0.6.17"
ConfigProviderVersion = '1.0.14'
//cxVersion = "8.90.5"
springBootVersion = '3.2.5'
diff --git a/docs/Configuration.md b/docs/Configuration.md
index 8619534b7..d2da155e3 100644
--- a/docs/Configuration.md
+++ b/docs/Configuration.md
@@ -7,6 +7,7 @@
* [Cx-Flow Section](#cxflow)
* [E-Mail notifications](#email)
* [Filtering](#filtering)
+ * [Excluding Vulnerability](#excludeFilter)
* [Excluding Files from Zip Archive](#excludezip)
* [Break build](#break)
* [Checkmarx Section](#checkmarx)
@@ -505,6 +506,20 @@ cx-flow:
* **State** → Urgent | Confirmed
All values are case-sensitive as per the output from Checkmarx (i.e. High severity, Stored_XSS, Confirmed).
+#### Excluding Vulnerability
+We can exclude vulnerabilities according to category, cwe and state.
+
+```yaml
+cx-flow:
+ exclude-category: Stored_XSS
+ exclude-cwe: 79
+ exclude-state: Confirmed
+```
+* **Category** → Vulnerability name within Checkmarx
+* **CWE** → CWE value from Checkmarx
+* **State** → Urgent | Confirmed
+
+All values are case-sensitive as per the output from Checkmarx (Stored_XSS, Confirmed).
#### Excluding and Including Files from Zip Archive
diff --git a/src/main/java/com/checkmarx/flow/config/FlowProperties.java b/src/main/java/com/checkmarx/flow/config/FlowProperties.java
index c2f38666a..2e9024ce5 100644
--- a/src/main/java/com/checkmarx/flow/config/FlowProperties.java
+++ b/src/main/java/com/checkmarx/flow/config/FlowProperties.java
@@ -28,6 +28,15 @@ public class FlowProperties {
private List filterCategory;
private List filterStatus;
private List filterState;
+ @Getter
+ @Setter
+ private List excludeCategory;
+ @Getter
+ @Setter
+ private List excludeCwe;
+ @Getter
+ @Setter
+ private List excludeState;
private String filterScript;
private String commentScript;
private List enabledVulnerabilityScanners=new ArrayList<>();
diff --git a/src/main/java/com/checkmarx/flow/dto/ControllerRequest.java b/src/main/java/com/checkmarx/flow/dto/ControllerRequest.java
index bf21f195f..58100ee62 100644
--- a/src/main/java/com/checkmarx/flow/dto/ControllerRequest.java
+++ b/src/main/java/com/checkmarx/flow/dto/ControllerRequest.java
@@ -24,6 +24,9 @@ public class ControllerRequest {
private List severity;
private List cwe;
private List category;
+ private List excludeCategory;
+ private List excludeCwe;
+ private List excludeState;
private String project;
private String team;
private List status;
diff --git a/src/main/java/com/checkmarx/flow/service/FilterFactory.java b/src/main/java/com/checkmarx/flow/service/FilterFactory.java
index 919c873d1..594f3624d 100644
--- a/src/main/java/com/checkmarx/flow/service/FilterFactory.java
+++ b/src/main/java/com/checkmarx/flow/service/FilterFactory.java
@@ -34,7 +34,10 @@ public FilterConfiguration getFilter(ControllerRequest request,
request.getCategory(),
request.getStatus(),
request.getState(),
- null);
+ null,
+ request.getExcludeCategory(),
+ request.getExcludeCwe(),
+ request.getExcludeState());
} else if (flowProperties != null) {
result = getFilterFromProperties(flowProperties);
} else {
@@ -67,7 +70,10 @@ private FilterConfiguration getFilterFromProperties(FlowProperties flowPropertie
flowProperties.getFilterCategory(),
flowProperties.getFilterStatus(),
flowProperties.getFilterState(),
- flowProperties.getFilterScript());
+ flowProperties.getFilterScript(),
+ flowProperties.getExcludeCategory(),
+ flowProperties.getExcludeCwe(),
+ flowProperties.getExcludeState());
}
private boolean hasRequiredProperties(ControllerRequest request) {
@@ -86,14 +92,19 @@ private FilterConfiguration getFilterFromLists(List severity,
List category,
List status,
List state,
- String filterScript) {
+ String filterScript,
+ List excludeCategory,
+ List excludeCwe,
+ List excludeState) {
List simpleFilters = new ArrayList<>();
simpleFilters.addAll(getListByFilterType(severity, Filter.Type.SEVERITY));
simpleFilters.addAll(getListByFilterType(cwe, Filter.Type.CWE));
simpleFilters.addAll(getListByFilterType(category, Filter.Type.TYPE));
simpleFilters.addAll(getListByFilterType(status, Filter.Type.STATUS));
simpleFilters.addAll(getListByFilterType(state, Filter.Type.STATE));
-
+ simpleFilters.addAll(getListByFilterType(excludeCategory,Filter.Type.EXCLUDETYPE));
+ simpleFilters.addAll(getListByFilterType(excludeCwe,Filter.Type.EXCLUDECWE));
+ simpleFilters.addAll(getListByFilterType(excludeState,Filter.Type.EXCLUDESTATE));
return getFilterFromComponents(filterScript, simpleFilters);
}