From c97a1bc14ca465f9cff8cdfa22bf471d4a0622de Mon Sep 17 00:00:00 2001
From: itsKedar <37594766+itsKedar@users.noreply.github.com>
Date: Mon, 22 Jan 2024 16:10:08 +0530
Subject: [PATCH] Added latest committer email for JSON bug tracker (#1301)
* Added latest committer email for JSON bug tracker
* Added documentation
* updated testcase
* added null checks
* updated testcase
* update testcases
* Updated testcase
* updated testcase
---
build-11.gradle | 2 +-
build.gradle | 2 +-
docs/Bug-Trackers-and-Feedback-Channels.md | 5 ++++-
.../java/com/checkmarx/flow/controller/ADOController.java | 5 ++++-
.../com/checkmarx/flow/controller/GitHubController.java | 5 ++++-
.../com/checkmarx/flow/controller/GitLabController.java | 5 ++++-
.../bitbucket/cloud/BitbucketCloudController.java | 5 ++++-
.../java/com/checkmarx/flow/custom/JsonIssueTracker.java | 3 +++
.../java/com/checkmarx/flow/custom/JsonProperties.java | 7 +++++++
src/main/java/com/checkmarx/flow/dto/ScanRequest.java | 2 ++
.../bitbucket/server/BitbucketServerPushHandler.java | 5 ++++-
11 files changed, 38 insertions(+), 8 deletions(-)
diff --git a/build-11.gradle b/build-11.gradle
index 4ae2c4d5c..365b6c773 100644
--- a/build-11.gradle
+++ b/build-11.gradle
@@ -5,7 +5,7 @@ buildscript {
- CxSBSDK = "0.5.66"
+ CxSBSDK = "0.5.67"
ConfigProviderVersion = "1.0.9"
//cxVersion = "8.90.5"
diff --git a/build.gradle b/build.gradle
index fe4c020af..978d6a52a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,7 +1,7 @@
buildscript {
ext {
-CxSBSDK = "0.5.66"
+CxSBSDK = "0.5.67"
ConfigProviderVersion = "1.0.10"
//cxVersion = "8.90.5"
diff --git a/docs/Bug-Trackers-and-Feedback-Channels.md b/docs/Bug-Trackers-and-Feedback-Channels.md
index 5eb9fc08e..de1ad82d1 100644
--- a/docs/Bug-Trackers-and-Feedback-Channels.md
+++ b/docs/Bug-Trackers-and-Feedback-Channels.md
@@ -655,16 +655,19 @@ cx-xml:
The file system path as well as the file naming format is required.
## Json
-The JSON bug-tracker (defined as Json), is useful if you would like to retrieve all of the latest scan results per project (batch mode) from Checkmarx per project, Team, or entire instance. The CxFlow JSON configuration block requires you to specify the path where reports are created and file name format to when creating reports, example:
+The JSON bug-tracker (defined as Json), is useful if you would like to retrieve all the latest scan results per project (batch mode) from Checkmarx per project, Team, or entire instance. The CxFlow JSON configuration block requires you to specify the path where reports are created and file name format to when creating reports, example:
```
json:
file-name-format: "[NAMESPACE]-[REPO]-[BRANCH]-[TIME].xml"
data-folder: "C:\\tmp
+ latest-committer-email: true
```
The report contents will be a JSON representation of the ScanResults object, which includes issues based on the filtering specified in the main config block (cx-flow). You can determine how results Checkmarx found by looking at the "scanSummary" section, and you can determine how many results CxFlow reported after applying filters by looking at the "flow-summary" section. Each vulnerability found will appear in the "xissues" list.
+The boolean property `latest-committer-email` needs to be true in order to retrieve the latest committer email. By default, it is false. This property is only compatible with WEB mode.
+
The "XIssue" item looks like the following sample:
```
diff --git a/src/main/java/com/checkmarx/flow/controller/ADOController.java b/src/main/java/com/checkmarx/flow/controller/ADOController.java
index 31a0547c3..ce5e5184e 100644
--- a/src/main/java/com/checkmarx/flow/controller/ADOController.java
+++ b/src/main/java/com/checkmarx/flow/controller/ADOController.java
@@ -293,7 +293,10 @@ public ResponseEntity pushRequest(
.organizationId(determineNamespace(resourceContainers))
.gitUrl(gitUrl)
.build();
-
+ if(body.getResource().getCommits()!=null)
+ {
+ request.setLatestCommitterEmail(body.getResource().getCommits().get(0).getAuthor().getEmail());
+ }
setScmInstance(controllerRequest, request);
request.putAdditionalMetadata(ADOService.PROJECT_SELF_URL, getTheProjectURL(body.getResourceContainers()));
addMetadataToScanRequest(adoDetailsRequest, request);
diff --git a/src/main/java/com/checkmarx/flow/controller/GitHubController.java b/src/main/java/com/checkmarx/flow/controller/GitHubController.java
index 3c7eb2492..d194be7bd 100644
--- a/src/main/java/com/checkmarx/flow/controller/GitHubController.java
+++ b/src/main/java/com/checkmarx/flow/controller/GitHubController.java
@@ -377,7 +377,10 @@ public ResponseEntity pushRequest(
request.putAdditionalMetadata(HTMLHelper.WEB_HOOK_PAYLOAD, body);
request.setId(uid);
-
+ if(event.getCommits()!=null && event.getCommits().size()!=0)
+ {
+ request.setLatestCommitterEmail(event.getCommits().get(0).getAuthor().getEmail());
+ }
//only initiate scan/automation if branch is applicable
if(helperService.isBranch2Scan(request, branches)){
log.debug(repository.getId()+" :: Calling isBranch2Scan function End : "+System.currentTimeMillis());
diff --git a/src/main/java/com/checkmarx/flow/controller/GitLabController.java b/src/main/java/com/checkmarx/flow/controller/GitLabController.java
index f7707b1d1..365d48544 100644
--- a/src/main/java/com/checkmarx/flow/controller/GitLabController.java
+++ b/src/main/java/com/checkmarx/flow/controller/GitLabController.java
@@ -248,7 +248,6 @@ public ResponseEntity pushRequest(
BugTracker bt = ScanUtils.getBugTracker(controllerRequest.getAssignee(), bugType, jiraProperties, controllerRequest.getBug());
FilterConfiguration filter = filterFactory.getFilter(controllerRequest, flowProperties);
-
Project proj = body.getProject();
String gitUrl = proj.getGitHttpUrl();
@@ -285,6 +284,10 @@ public ResponseEntity pushRequest(
/*Determine emails*/
List emails = new ArrayList<>();
String commitEndpoint = null;
+ if(body.getCommits().get(0).getAuthor().getEmail()!=null)
+ {
+ request.setLatestCommitterEmail(body.getCommits().get(0).getAuthor().getEmail());
+ }
commitEndpoint = setUserEmail(body, bugType, proj, request, emails, commitEndpoint);
request.setMergeNoteUri(commitEndpoint);
diff --git a/src/main/java/com/checkmarx/flow/controller/bitbucket/cloud/BitbucketCloudController.java b/src/main/java/com/checkmarx/flow/controller/bitbucket/cloud/BitbucketCloudController.java
index 58026e9c6..32d5406a7 100644
--- a/src/main/java/com/checkmarx/flow/controller/bitbucket/cloud/BitbucketCloudController.java
+++ b/src/main/java/com/checkmarx/flow/controller/bitbucket/cloud/BitbucketCloudController.java
@@ -295,7 +295,10 @@ public ResponseEntity pushRequest(
.gitUrl(gitUrl)
.build();
-
+ if(body.getPush().getChanges().get(0).getCommits().get(0).getAuthor().getUsername()!=null)
+ {
+ request.setLatestCommitterEmail(body.getPush().getChanges().get(0).getCommits().get(0).getAuthor().getUsername());
+ }
setScmInstance(controllerRequest, request);
fillRequestWithAdditionalData(request, repository, body.toString());
checkForConfigAsCode(request);
diff --git a/src/main/java/com/checkmarx/flow/custom/JsonIssueTracker.java b/src/main/java/com/checkmarx/flow/custom/JsonIssueTracker.java
index a629fb51b..c620195ec 100644
--- a/src/main/java/com/checkmarx/flow/custom/JsonIssueTracker.java
+++ b/src/main/java/com/checkmarx/flow/custom/JsonIssueTracker.java
@@ -54,6 +54,9 @@ public void complete(ScanRequest request, ScanResults results) throws MachinaExc
try {
ObjectMapper mapper = new ObjectMapper();
mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
+ if(properties.isLatestCommitterEmail()) {
+ results.setLatestCommitterEmail(request.getLatestCommitterEmail());
+ }
if(request != null && results != null) {
mapper.writeValue(new File(request.getFilename()).getCanonicalFile(), results);
} else {
diff --git a/src/main/java/com/checkmarx/flow/custom/JsonProperties.java b/src/main/java/com/checkmarx/flow/custom/JsonProperties.java
index 9e67268c3..48a8b87c6 100644
--- a/src/main/java/com/checkmarx/flow/custom/JsonProperties.java
+++ b/src/main/java/com/checkmarx/flow/custom/JsonProperties.java
@@ -11,6 +11,7 @@ public class JsonProperties {
//TEAM, PROJECT, APP, BRANCH, REPO, NAMESPACE, TIME (YYYYMMDD.HHMMSS
private String fileNameFormat = "[APP]-[BRANCH]-[TIME]";
private String dataFolder = "/tmp";
+ private boolean latestCommitterEmail = false;
public String getFileNameFormat() {
return fileNameFormat;
@@ -27,4 +28,10 @@ public String getDataFolder() {
public void setDataFolder(String dataFolder) {
this.dataFolder = dataFolder;
}
+ public boolean isLatestCommitterEmail() {
+ return latestCommitterEmail;
+ }
+ public void setLatestCommitterEmail(boolean latestCommitterEmail) {
+ this.latestCommitterEmail = latestCommitterEmail;
+ }
}
diff --git a/src/main/java/com/checkmarx/flow/dto/ScanRequest.java b/src/main/java/com/checkmarx/flow/dto/ScanRequest.java
index 2c86bd566..7e2368f67 100644
--- a/src/main/java/com/checkmarx/flow/dto/ScanRequest.java
+++ b/src/main/java/com/checkmarx/flow/dto/ScanRequest.java
@@ -154,6 +154,8 @@ public class ScanRequest {
@Getter @Setter @Builder.Default
private boolean publicScan=true;
+ @Getter @Setter
+ private String latestCommitterEmail;
public ScanRequest(ScanRequest other) {
this.namespace = other.namespace;
diff --git a/src/main/java/com/checkmarx/flow/handlers/bitbucket/server/BitbucketServerPushHandler.java b/src/main/java/com/checkmarx/flow/handlers/bitbucket/server/BitbucketServerPushHandler.java
index fde9c1908..d57662810 100644
--- a/src/main/java/com/checkmarx/flow/handlers/bitbucket/server/BitbucketServerPushHandler.java
+++ b/src/main/java/com/checkmarx/flow/handlers/bitbucket/server/BitbucketServerPushHandler.java
@@ -74,7 +74,10 @@ public ResponseEntity execute(String uid) {
.filter(filter)
.hash(latestCommit)
.build();
-
+ if(emails.get(0)!=null)
+ {
+ request.setLatestCommitterEmail(emails.get(0));
+ }
webhookUtils.setScmInstance(controllerRequest, request);
setBrowseUrl(request);
fillRequestWithCommonAdditionalData(request, toProjectKey, toSlug, webhookPayload);