Cxone release - Fixes for 0-result scans, better preset handling (#4387)

* Initial in progress

* compiling but not yet functional

* Missed file

* updated checkmarxone step

* Working up to fetching a project then breaks

* Missed file

* Breaks when retrieving projects+proxy set

* Create project & run scan working, now polling

* Fixed polling

* added back the zipfile remove command

* Fixed polling again

* Generates and downloads PDF report

* Updated and working, prep for refactor

* Added compliance steps

* Cleanup, reporting, added groovy connector

* fixed groovy file

* checkmarxone to checkmarxOne

* checkmarxone to checkmarxOne

* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix

* Fixed filenames & yaml

* missed the metadata_generated.go

* added json to sarif conversion

* fix:type in new checkmarxone package

* fix:type in new checkmarxone package

* removed test logs, added temp error log for creds

* extra debugging to fix crash

* improved auth logging, fixed query parse issue

* fixed bug with group fetch when using oauth user

* CWE can be -1 if not defined, can't be uint

* Query also had CweID

* Disabled predicates-fetch in sarif generation

* Removing leftover info log message

* Better error handling

* fixed default preset configuration

* removing .bat files - sorry

* Cleanup per initial review

* refactoring per Gist, fixed project find, add apps

* small fix - sorry for commit noise while testing

* Fixing issues with incremental scans.

* removing maxretries

* Updated per PR feedback, further changes todo toda

* JSON Report changes and reporting cleanup

* removing .bat (again?)

* adding docs, groovy unit test, linter fixes

* Started adding tests maybe 15% covered

* fix(checkmarxOne): test cases for pkg and reporting

* fix(checkmarxOne):fix formatting

* feat(checkmarxone): update interface with missing method

* feat(checkmarxone):change runStep signature to be able to inject dependency

* feat(checkmarxone): add tests for step (wip)

* Adding a bit more coverage

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix integration test PR

* adding scan-summary bug workaround, reportgen fail

* enforceThresholds fix when no results passed in

* fixed gap when preset empty in yaml & project conf

* fixed another gap in preset selection

* fix 0-result panic

* fail when no preset is set anywhere

* removed comment

---------

Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>

cmd/checkmarxOneExecuteScan.go

@@ -272,13 +272,17 @@ func (c *checkmarxOneExecuteScanHelper) SetProjectPreset() error {
 	}
 
 	if c.config.Preset == "" {
-		log.Entry().Infof("Pipeline yaml does not specify a preset, will use project configuration (%v).", currentPreset)
+		if currentPreset == "" {
+			return fmt.Errorf("must specify the preset in either the pipeline yaml or in the CheckmarxOne project configuration")
+		} else {
+			log.Entry().Infof("Pipeline yaml does not specify a preset, will use project configuration (%v).", currentPreset)
+		}
 		c.config.Preset = currentPreset
 	} else if currentPreset != c.config.Preset {
 		log.Entry().Infof("Project configured preset (%v) does not match pipeline yaml (%v) - updating project configuration.", currentPreset, c.config.Preset)
 		c.sys.SetProjectPreset(c.Project.ProjectID, c.config.Preset, true)
 	} else {
-		log.Entry().Infof("Project is configured to use preset %v", currentPreset)
+		log.Entry().Infof("Project is already configured to use pipeline preset %v", currentPreset)
 	}
 	return nil
 }
@@ -532,12 +536,17 @@ func (c *checkmarxOneExecuteScanHelper) ParseResults(scan *checkmarxOne.Scan) (m
 		return detailedResults, fmt.Errorf("Unable to fetch scan metadata for scan %v: %s", scan.ScanID, err)
 	}
 
+	totalResultCount := uint64(0)
+
 	scansummary, err := c.sys.GetScanSummary(scan.ScanID)
 	if err != nil {
-		return detailedResults, fmt.Errorf("Unable to fetch scan summary for scan %v: %s", scan.ScanID, err)
+		/* TODO: scansummary throws a 404 for 0-result scans, once the bug is fixed put this code back. */
+		// return detailedResults, fmt.Errorf("Unable to fetch scan summary for scan %v: %s", scan.ScanID, err)
+	} else {
+		totalResultCount = scansummary.TotalCount()
 	}
 
-	results, err := c.sys.GetScanResults(scan.ScanID, scansummary.TotalCount())
+	results, err := c.sys.GetScanResults(scan.ScanID, totalResultCount)
 	if err != nil {
 		return detailedResults, fmt.Errorf("Unable to fetch scan results for scan %v: %s", scan.ScanID, err)
 	}
@@ -606,12 +615,15 @@ func (c *checkmarxOneExecuteScanHelper) generateAndDownloadReport(scan *checkmar
 
 		if finalStatus.Status == "completed" {
 			break
+		} else if finalStatus.Status == "failed" {
+			return []byte{}, fmt.Errorf("report generation failed")
 		}
 		time.Sleep(10 * time.Second)
 	}
 	if finalStatus.Status == "completed" {
 		return c.sys.DownloadReport(finalStatus.ReportURL)
 	}
+
 	return []byte{}, fmt.Errorf("unexpected status %v recieved", finalStatus.Status)
 }
 
@@ -954,8 +966,9 @@ func (c *checkmarxOneExecuteScanHelper) enforceThresholds(results *map[string]in
 		}
 		// if the flag is switched on, calculate the Low findings threshold per query
 		if cxLowThresholdPerQuery {
-			lowPerQueryMap := (*results)["LowPerQuery"].(map[string]map[string]int)
-			if lowPerQueryMap != nil {
+			if (*results)["LowPerQuery"] != nil {
+				lowPerQueryMap := (*results)["LowPerQuery"].(map[string]map[string]int)
+
 				for lowQuery, resultsLowQuery := range lowPerQueryMap {
 					lowAuditedPerQuery := resultsLowQuery["Confirmed"] + resultsLowQuery["NotExploitable"]
 					lowOverallPerQuery := resultsLowQuery["Issues"]