Merge branch 'master' into feature/cxone

.github/ISSUE_TEMPLATE/bug_report.md

@@ -25,7 +25,10 @@ assignees: ''
 > - Log files
 > - Application settings
 > - Screenshots
+> 
+> Please remove sensitive information from any included log output.  Bearer tokens should be considered sensitive information.
+
 
 ### Environment Details
 
-> Provide any information relating to the environment the issue was identified in - include applicable version and additional runtime information (include OS or other underlying infrastructure)
+> Provide any information relating to the environment the issue was identified in - include applicable version and additional runtime information (include OS or other underlying infrastructure).  Please include the CxAnalytix version and version+name of the service CxAnalytix is crawling (if known).

Libs/CxRestClient/SAST/CxVersion.cs

@@ -28,7 +28,7 @@ public class ServerVersion
             [JsonProperty(PropertyName = "version")]
             public String Version { get; internal set; }
             [JsonProperty(PropertyName = "hotFix")]
-            public String HotFix { get; internal set; }
+            public int HotFix { get; internal set; }
 
             [JsonProperty(PropertyName = "enginePackVersion")]
             public String EnginePack { get; internal set; }
@@ -56,10 +56,9 @@ public MajorMinor(int major, int minor, int hf)
             public bool IsUnknown { get; internal set; }
         }
 
-        public static ServerVersion GetServerVersion(CxSASTRestContext ctx, CancellationToken token)
+        public static ServerVersion GetServerVersion(CxSASTRestContext ctx, CancellationToken token, String apiVersion)
         {
             var requestUrl = UrlUtils.MakeUrl(ctx.Sast.ApiUrl, URL_SUFFIX);
-            var apiVersion = "1.1";
 
             return WebOperation.ExecuteGet<ServerVersion>(
             ctx.Sast.Json.CreateClient
@@ -77,25 +76,24 @@ public static ServerVersion GetServerVersion(CxSASTRestContext ctx, Cancellation
             , requestUrl
             , ctx.Sast
             , token, apiVersion: apiVersion,
-            responseErrorLogic: (err) => {
-                throw new UnsupportedAPIException(requestUrl, apiVersion);
-            } );
+            responseErrorLogic: (err) => false);
         }
 
         public static MajorMinor GetServerMajorMinorVersion(CxSASTRestContext ctx, CancellationToken token)
         {
-            try
-            {
-                var v = GetServerVersion(ctx, token);
+            List<String> apiVersions = new() { "1.1", "1.0" };
 
-                var m = _versionMatcher.Match(v.Version);
-
-                if (m.Success)
-                    return new MajorMinor(Convert.ToInt32(m.Groups["major"].Value), Convert.ToInt32(m.Groups["minor"].Value), Convert.ToInt32(v.HotFix));
-            }
-            catch (UnsupportedAPIException)
+            foreach(var version in apiVersions)
             {
-                // Some versions of SAST may not have this API.
+                var v = GetServerVersion(ctx, token, version);
+
+                if (v != null)
+                {
+                    var m = _versionMatcher.Match(v.Version);
+
+                    if (m.Success)
+                        return new MajorMinor(Convert.ToInt32(m.Groups["major"].Value), Convert.ToInt32(m.Groups["minor"].Value), v.HotFix);
+                }
             }
 
             return new MajorMinor();

manual/configuration-mongo.tex

@@ -22,6 +22,71 @@ \subsubsection{MongoDB Connection String Configuration}
 />
 \end{xml}
 
+
+\subsubsection{AWS DocumentDB Connection String Configuration}
+
+AWS DocumentDB has a MongoDB compatible API, making it suitable for
+use with CxAnalytix.  The configuration console of a DocumentDB cluster will
+provide a MongoDB URI that refers to the\\\texttt{rds-combined-ca-bundle.pem}
+file.  The PEM file contains the AWS Certificate Authority chain for 
+DocumentDB client SSL/TLS
+communication, and must be installed correctly on the machine running
+CxAnalytix.
+
+\noindent\\The URI provided in the DocumentDB cluster console does not
+generally work for the MongoDB driver used by CxAnalytix.  After 
+following one of the below platform-specific certificate installation
+procedures, the MongoDB URI can now be formatted as:
+
+\noindent\\\texttt{mongodb://user:password@machine:27017/database?ssl=true\&retryWrites=false}
+
+
+\noindent\\If the AWS CA bundle is not installed correctly, CxAnalytix
+logs will emit connection errors indicating the CA chain cannot be 
+validated for the DocumentDB server connection.
+
+
+\paragraph{AWS DocumentDB Configuration for Windows}
+
+
+\noindent\\\\For Windows, the requirement is to import the AWS RDS CA bundle
+into the local machine's Trusted Root Authority certificate store.  The 
+\texttt{rds-combined-ca-bundle.pem} PEM
+file\footnote{https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem}
+referenced on AWS documentation is not compatible with importing into the
+Windows certificate store.  Instead, the \texttt{rds-combined-ca-bundle.p7b} P7B version of the file
+\footnote{https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.p7b}
+should be used instead.\footnote{The URLs for the certificate bundles 
+were valid as of the time this document was written.  You may need to find
+the current location of the P7B form of the AWS certificate bundle.}
+
+\noindent\\To import the P7B certificate bundle, open PowerShell as
+an administator and issue the following command:\\
+
+
+\begin{code}{PowerShell Certificate Bundle Import Command}{}{}
+Import-Certificate -FilePath <path>\rds-combined-ca-bundle.p7b -CertStoreLocation cert:\LocalMachine\Root
+\end{code}
+
+
+
+\paragraph{AWS DocumentDB Configuration for Linux}
+
+\noindent\\\\Linux, unlike Windows, requires the 
+\texttt{rds-combined-ca-bundle.pem} PEM file
+\footnote{https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem}
+as the source of the AWS CA certificate bundle.  Installing the AWS CA 
+certificate bundle on Linux\footnote{This was tested
+on Amazon Linux but should apply to other Linux distributions.} is done
+with the following commands:\\
+
+\begin{code}{Linux Certificate Bundle Import Commands}{}{}
+wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
+sudo cp rds-combined-ca-bundle.pem /usr/share/pki/ca-trust-source/anchors/
+sudo update-ca-trust
+\end{code}
+
+
 \subsubsection{MongoDB Shard Keys}
 
 The \texttt{CxMongoOutput} configuration element is optional; it can be used to add an additional field to each record

manual/installing.tex

@@ -190,6 +190,8 @@ \section{Upgrading}
 
 \noindent\\When configuring CxAnalytix, it is recommended that the configuration, state, and log files are stored
 in directories separate from the CxAnalytix binaries.  This will prevent the inadvertent misconfiguration on upgrade.
-Note that if installing from the CxAnalytix zip binary that there is a default version of \texttt{cxanalytix.config}
+
+
+\noindent\\Note that if installing from the CxAnalytix zip binary that there is a default version of \texttt{cxanalytix.config}
 and \texttt{cxanalytix.log4net} in the zip binary.  These default configuration files can safely be removed upon
 upgrading the CxAnalytix binaries.

manual/release_notes-content.tex

@@ -5,13 +5,19 @@ \subsection*{FEATURES}
         \item Issue 126 - CxOne compatibility
     \end{itemize}
 
-
 \section{2.0.2}
-\subsection*{BUG FIXES}
-    \begin{itemize}
-        \item An issue with new API version detection code was preventing SAST API access for SAST versions < 9.5
-    \end{itemize}
 
+\subsection*{UPDATES}
+\begin{itemize}
+    \item Updated documentation to include instructions for more easily 
+    utilizing AWS DocumentDB for storing data when using the MongoDB
+    output.
+\end{itemize}
+
+\subsection*{BUG FIXES}
+\begin{itemize}
+    \item Issue \#187 - Can't start with SAST versions < 9.5
+\end{itemize}
 
 \section{2.0.1}