Skip to content

Commit

Permalink
Added code for project deletion on PR close event. (#1374)
Browse files Browse the repository at this point in the history
Co-authored-by: Satyam Chaurasia <[email protected]>
  • Loading branch information
1 parent 82bfc29 commit bcbc60a
Show file tree
Hide file tree
Showing 7 changed files with 48 additions and 4 deletions.
3 changes: 3 additions & 0 deletions docs/Configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ cx-flow:
- Confirmed
- Urgent
mitre-url: https://cwe.mitre.org/data/definitions/%s.html
deleteForkedProject: true
wiki-url: https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance
track-application-only: false
web-hook-queue: 20
Expand Down Expand Up @@ -401,6 +402,7 @@ cx-flow:
- Confirmed
- Urgent
mitre-url: https://cwe.mitre.org/data/definitions/%s.html
deleteForkedProject: true
wiki-url: https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance
track-application-only: false
web-hook-queue: 20
Expand Down Expand Up @@ -466,6 +468,7 @@ cx-flow:
| `comment` | | No | No | Yes | User can store comments field in metadata about the scan. |
| `overrideProjectSetting` | | No | No | Yes | The utilization of this boolean variable empowers the user to restrict the override of project settings. By setting this variable, users can prevent any unauthorized alterations to the project's settings, ensuring stability and adherence to predefined configurations. This functionality serves as a safeguard against inadvertent or malicious changes that could potentially disrupt the project's operations. Thus, the boolean variable offers a valuable mechanism for maintaining the integrity and consistency of project settings, enhancing overall control and security within the system. Its implementation empowers users with the ability to govern and protect vital project parameters from unwarranted modifications. |
| `enabledVulnerabilityScanners` | false | No | Yes | Yes | User can define which checkmarx tool they want to use like SAST, SCA or both. |
| `deleteForkedProject` | false | No | Yes | No | User can delete forked projects created on SAST portal. |

No* = Default is applied

Expand Down
4 changes: 4 additions & 0 deletions src/main/java/com/checkmarx/flow/config/FlowProperties.java
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ public class FlowProperties {
private List<String> enabledVulnerabilityScanners=new ArrayList<>();
private boolean autoProfile = false;
private boolean alwaysProfile = false;

@Getter
@Setter
private boolean deleteForkedProject = false;
private Integer profilingDepth = 1;
private String profileConfig = "CxProfile.json";
private boolean trackApplicationOnly = false;
Expand Down
14 changes: 10 additions & 4 deletions src/main/java/com/checkmarx/flow/controller/GitHubController.java
Original file line number Diff line number Diff line change
Expand Up @@ -122,10 +122,13 @@ public ResponseEntity<EventResponse> pullRequest(
!action.equalsIgnoreCase("reopened") &&
!action.equalsIgnoreCase("synchronize")){
log.info("Pull requested not processed. Status was not opened ({})", action);
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder()
.message("No processing occurred for updates to Pull Request")
.success(true)
.build());
if(!flowProperties.isDeleteForkedProject()){
return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder()
.message("No processing occurred for updates to Pull Request")
.success(true)
.build());
}

}
Repository repository = event.getRepository();
String app = repository.getName();
Expand Down Expand Up @@ -194,11 +197,14 @@ public ResponseEntity<EventResponse> pullRequest(
.mergeNoteUri(pullRequest.getIssueUrl().concat("/comments"))
.mergeTargetBranch(targetBranch)
.email(null)
.isDeleteForkedProject(flowProperties.isDeleteForkedProject())
.scanPreset(controllerRequest.getPreset())
.incremental(controllerRequest.getIncremental())
.excludeFolders(controllerRequest.getExcludeFolders())
.excludeFiles(controllerRequest.getExcludeFiles())
.bugTracker(bt)
.isPRCloseEvent(action.equalsIgnoreCase("closed"))
.isForked(event.getPullRequest().getHead().getRepo().getFork())
.filter(filter)
.thresholds(thresholdMap)
.organizationId(getOrganizationid(repository))
Expand Down
16 changes: 16 additions & 0 deletions src/main/java/com/checkmarx/flow/dto/ScanRequest.java
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,22 @@ public class ScanRequest {
@Builder.Default
private boolean branchProtectionEnabled= false;

@Getter
@Setter
@Builder.Default
private boolean isForked= false;

@Getter
@Setter
@Builder.Default
private boolean isPRCloseEvent= false;

@Getter
@Setter
@Builder.Default
private boolean isDeleteForkedProject= false;


/**
* git commit ID, also known as 'SHA' or 'commit hash'.
* <br>- For push event: ID of the last commit in the push event.
Expand Down
8 changes: 8 additions & 0 deletions src/main/java/com/checkmarx/flow/dto/github/PullRequest.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
package com.checkmarx.flow.dto.github;

import com.fasterxml.jackson.annotation.*;
import lombok.Getter;
import lombok.Setter;

import java.util.HashMap;
import java.util.Map;
Expand Down Expand Up @@ -70,6 +72,12 @@ public class PullRequest {
private String title;
@JsonProperty("user")
private User user;

@JsonProperty("repo")
@Getter
@Setter
private Repository Repository;

@JsonProperty("body")
private String body;
@JsonProperty("created_at")
Expand Down
4 changes: 4 additions & 0 deletions src/main/java/com/checkmarx/flow/service/FlowService.java
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,10 @@ private void runScanRequest(ScanRequest scanRequest, List<VulnerabilityScanner>
}
});
resultsService.publishCombinedResults(scanRequest, combinedResults);
if(scanRequest.isForked() && scanRequest.isDeleteForkedProject() && scanRequest.isPRCloseEvent()){
deleteProject(scanRequest);
}

}


Expand Down
3 changes: 3 additions & 0 deletions src/main/java/com/checkmarx/flow/service/ResultsService.java
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,9 @@ public CompletableFuture<ScanResults> publishCombinedResults(ScanRequest scanReq
sendEmailNotification(scanRequest, scanResults);
processResults(scanRequest, scanResults, new ScanDetails(projectId, scanResults.getSastScanId(), null));
logScanDetails(scanRequest, projectId, scanResults);
if(scanRequest.isForked()){

}
} else {
processResults(scanRequest, scanResults, new ScanDetails(null, scanResults.getSastScanId(), null));
}
Expand Down

0 comments on commit bcbc60a

Please sign in to comment.