From bcbc60a2077be74e315032c5146fd51785cd49b5 Mon Sep 17 00:00:00 2001 From: satyamchaurasiapersistent <102941840+satyamchaurasiapersistent@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:17:05 +0530 Subject: [PATCH] Added code for project deletion on PR close event. (#1374) Co-authored-by: Satyam Chaurasia --- docs/Configuration.md | 3 +++ .../checkmarx/flow/config/FlowProperties.java | 4 ++++ .../flow/controller/GitHubController.java | 14 ++++++++++---- .../java/com/checkmarx/flow/dto/ScanRequest.java | 16 ++++++++++++++++ .../checkmarx/flow/dto/github/PullRequest.java | 8 ++++++++ .../com/checkmarx/flow/service/FlowService.java | 4 ++++ .../checkmarx/flow/service/ResultsService.java | 3 +++ 7 files changed, 48 insertions(+), 4 deletions(-) diff --git a/docs/Configuration.md b/docs/Configuration.md index ce6f421fc..0752d602f 100644 --- a/docs/Configuration.md +++ b/docs/Configuration.md @@ -87,6 +87,7 @@ cx-flow: - Confirmed - Urgent mitre-url: https://cwe.mitre.org/data/definitions/%s.html + deleteForkedProject: true wiki-url: https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance track-application-only: false web-hook-queue: 20 @@ -401,6 +402,7 @@ cx-flow: - Confirmed - Urgent mitre-url: https://cwe.mitre.org/data/definitions/%s.html + deleteForkedProject: true wiki-url: https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance track-application-only: false web-hook-queue: 20 @@ -466,6 +468,7 @@ cx-flow: | `comment` | | No | No | Yes | User can store comments field in metadata about the scan. | | `overrideProjectSetting` | | No | No | Yes | The utilization of this boolean variable empowers the user to restrict the override of project settings. By setting this variable, users can prevent any unauthorized alterations to the project's settings, ensuring stability and adherence to predefined configurations. This functionality serves as a safeguard against inadvertent or malicious changes that could potentially disrupt the project's operations. Thus, the boolean variable offers a valuable mechanism for maintaining the integrity and consistency of project settings, enhancing overall control and security within the system. Its implementation empowers users with the ability to govern and protect vital project parameters from unwarranted modifications. | | `enabledVulnerabilityScanners` | false | No | Yes | Yes | User can define which checkmarx tool they want to use like SAST, SCA or both. | +| `deleteForkedProject` | false | No | Yes | No | User can delete forked projects created on SAST portal. | No* = Default is applied diff --git a/src/main/java/com/checkmarx/flow/config/FlowProperties.java b/src/main/java/com/checkmarx/flow/config/FlowProperties.java index 18de9aa6e..c2f38666a 100644 --- a/src/main/java/com/checkmarx/flow/config/FlowProperties.java +++ b/src/main/java/com/checkmarx/flow/config/FlowProperties.java @@ -33,6 +33,10 @@ public class FlowProperties { private List enabledVulnerabilityScanners=new ArrayList<>(); private boolean autoProfile = false; private boolean alwaysProfile = false; + + @Getter + @Setter + private boolean deleteForkedProject = false; private Integer profilingDepth = 1; private String profileConfig = "CxProfile.json"; private boolean trackApplicationOnly = false; diff --git a/src/main/java/com/checkmarx/flow/controller/GitHubController.java b/src/main/java/com/checkmarx/flow/controller/GitHubController.java index d194be7bd..307426fe3 100644 --- a/src/main/java/com/checkmarx/flow/controller/GitHubController.java +++ b/src/main/java/com/checkmarx/flow/controller/GitHubController.java @@ -122,10 +122,13 @@ public ResponseEntity pullRequest( !action.equalsIgnoreCase("reopened") && !action.equalsIgnoreCase("synchronize")){ log.info("Pull requested not processed. Status was not opened ({})", action); - return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder() - .message("No processing occurred for updates to Pull Request") - .success(true) - .build()); + if(!flowProperties.isDeleteForkedProject()){ + return ResponseEntity.status(HttpStatus.OK).body(EventResponse.builder() + .message("No processing occurred for updates to Pull Request") + .success(true) + .build()); + } + } Repository repository = event.getRepository(); String app = repository.getName(); @@ -194,11 +197,14 @@ public ResponseEntity pullRequest( .mergeNoteUri(pullRequest.getIssueUrl().concat("/comments")) .mergeTargetBranch(targetBranch) .email(null) + .isDeleteForkedProject(flowProperties.isDeleteForkedProject()) .scanPreset(controllerRequest.getPreset()) .incremental(controllerRequest.getIncremental()) .excludeFolders(controllerRequest.getExcludeFolders()) .excludeFiles(controllerRequest.getExcludeFiles()) .bugTracker(bt) + .isPRCloseEvent(action.equalsIgnoreCase("closed")) + .isForked(event.getPullRequest().getHead().getRepo().getFork()) .filter(filter) .thresholds(thresholdMap) .organizationId(getOrganizationid(repository)) diff --git a/src/main/java/com/checkmarx/flow/dto/ScanRequest.java b/src/main/java/com/checkmarx/flow/dto/ScanRequest.java index ce8835243..c84cc2c2d 100644 --- a/src/main/java/com/checkmarx/flow/dto/ScanRequest.java +++ b/src/main/java/com/checkmarx/flow/dto/ScanRequest.java @@ -45,6 +45,22 @@ public class ScanRequest { @Builder.Default private boolean branchProtectionEnabled= false; + @Getter + @Setter + @Builder.Default + private boolean isForked= false; + + @Getter + @Setter + @Builder.Default + private boolean isPRCloseEvent= false; + + @Getter + @Setter + @Builder.Default + private boolean isDeleteForkedProject= false; + + /** * git commit ID, also known as 'SHA' or 'commit hash'. *
- For push event: ID of the last commit in the push event. diff --git a/src/main/java/com/checkmarx/flow/dto/github/PullRequest.java b/src/main/java/com/checkmarx/flow/dto/github/PullRequest.java index e5cf92f73..2daffa7e3 100644 --- a/src/main/java/com/checkmarx/flow/dto/github/PullRequest.java +++ b/src/main/java/com/checkmarx/flow/dto/github/PullRequest.java @@ -2,6 +2,8 @@ package com.checkmarx.flow.dto.github; import com.fasterxml.jackson.annotation.*; +import lombok.Getter; +import lombok.Setter; import java.util.HashMap; import java.util.Map; @@ -70,6 +72,12 @@ public class PullRequest { private String title; @JsonProperty("user") private User user; + + @JsonProperty("repo") + @Getter + @Setter + private Repository Repository; + @JsonProperty("body") private String body; @JsonProperty("created_at") diff --git a/src/main/java/com/checkmarx/flow/service/FlowService.java b/src/main/java/com/checkmarx/flow/service/FlowService.java index c48088672..aaa2ef8e6 100644 --- a/src/main/java/com/checkmarx/flow/service/FlowService.java +++ b/src/main/java/com/checkmarx/flow/service/FlowService.java @@ -68,6 +68,10 @@ private void runScanRequest(ScanRequest scanRequest, List } }); resultsService.publishCombinedResults(scanRequest, combinedResults); + if(scanRequest.isForked() && scanRequest.isDeleteForkedProject() && scanRequest.isPRCloseEvent()){ + deleteProject(scanRequest); + } + } diff --git a/src/main/java/com/checkmarx/flow/service/ResultsService.java b/src/main/java/com/checkmarx/flow/service/ResultsService.java index 53e7dd380..25dc129e4 100644 --- a/src/main/java/com/checkmarx/flow/service/ResultsService.java +++ b/src/main/java/com/checkmarx/flow/service/ResultsService.java @@ -106,6 +106,9 @@ public CompletableFuture publishCombinedResults(ScanRequest scanReq sendEmailNotification(scanRequest, scanResults); processResults(scanRequest, scanResults, new ScanDetails(projectId, scanResults.getSastScanId(), null)); logScanDetails(scanRequest, projectId, scanResults); + if(scanRequest.isForked()){ + + } } else { processResults(scanRequest, scanResults, new ScanDetails(null, scanResults.getSastScanId(), null)); }