fix(fortify): Fortify spotcheck logic consistent with checkmarxs low (#3955)

* Improve logging * Fortify spotcheck logic consistent with checkmarx
2025-03-03 15:02:35 +02:00 · 2022-08-11 11:44:16 +02:00 · 2022-08-11 11:44:16 +02:00 · ed4467282f
commit ed4467282f
parent 65a637ca20
3 changed files with 13 additions and 13 deletions
--- a/cmd/checkmarxExecuteScan.go
+++ b/cmd/checkmarxExecuteScan.go
@ -596,9 +596,12 @@ func enforceThresholds(config checkmarxExecuteScanOptions, results map[string]in
 					lowAuditedRequiredPerQuery := int(math.Ceil(float64(lowOverallPerQuery) * float64(cxLowThreshold) / 100.0))
 					if lowAuditedPerQuery < lowAuditedRequiredPerQuery && lowAuditedPerQuery < cxLowThresholdPerQueryMax {
 						insecure = true
-						lowViolation = fmt.Sprintf("<-- query: %v - audited: %v - required: %v ", lowQuery, lowAuditedPerQuery, lowAuditedRequiredPerQuery)
+						msgSeperator := "|"
+						if lowViolation == "" {
+							msgSeperator = "<--"
+						}
+						lowViolation += fmt.Sprintf(" %v query: %v, audited: %v, required: %v ", msgSeperator, lowQuery, lowAuditedPerQuery, lowAuditedRequiredPerQuery)
 					}
-
 				}
 			}
 		} else { // calculate the Low findings threshold in total
@ -630,26 +633,26 @@ func enforceThresholds(config checkmarxExecuteScanOptions, results map[string]in
 	lowText := fmt.Sprintf("Low %v%v %v", lowValue, unit, lowViolation)
 	if len(highViolation) > 0 {
 		insecureResults = append(insecureResults, highText)
+		log.Entry().Error(highText)
 	} else {
 		neutralResults = append(neutralResults, highText)
+		log.Entry().Info(highText)
 	}
 	if len(mediumViolation) > 0 {
 		insecureResults = append(insecureResults, mediumText)
+		log.Entry().Error(mediumText)
 	} else {
 		neutralResults = append(neutralResults, mediumText)
+		log.Entry().Info(mediumText)
 	}
 	if len(lowViolation) > 0 {
 		insecureResults = append(insecureResults, lowText)
+		log.Entry().Error(lowText)
 	} else {
 		neutralResults = append(neutralResults, lowText)
+		log.Entry().Info(lowText)
 	}

-	log.Entry().Infoln("")
-	log.Entry().Info(highText)
-	log.Entry().Info(mediumText)
-	log.Entry().Info(lowText)
-	log.Entry().Infoln("")
-
 	return insecure, insecureResults, neutralResults
 }

--- a/cmd/fortifyExecuteScan.go
+++ b/cmd/fortifyExecuteScan.go
@ -550,10 +550,7 @@ func getSpotIssueCount(config fortifyExecuteScanOptions, sys fortify.System, spo

 func getMinSpotChecksPerCategory(config fortifyExecuteScanOptions, totalCount int) int {
 	if config.SpotCheckMinimumUnit == "percentage" {
-		spotCheckMinimumPercentageValue := int(math.Round(float64(config.SpotCheckMinimum) / 100.0 * float64(totalCount)))
-		if spotCheckMinimumPercentageValue == 0 {
-			return 1
-		}
+		spotCheckMinimumPercentageValue := int(math.Ceil(float64(config.SpotCheckMinimum) / 100.0 * float64(totalCount)))
 		return getSpotChecksMinAsPerMaximum(config.SpotCheckMaximum, spotCheckMinimumPercentageValue)
 	}

--- a/cmd/fortifyExecuteScan_test.go
+++ b/cmd/fortifyExecuteScan_test.go
@ -742,7 +742,7 @@ func TestGetMinSpotChecksPerCategory(t *testing.T) {
 	testExpectedGetMinSpotChecksPerCategory("percentage", 10, 10, 3, 1)
 	testExpectedGetMinSpotChecksPerCategory("percentage", 10, 10, 8, 1)
 	testExpectedGetMinSpotChecksPerCategory("percentage", 10, 10, 10, 1)
-	testExpectedGetMinSpotChecksPerCategory("percentage", 10, 10, 24, 2)
+	testExpectedGetMinSpotChecksPerCategory("percentage", 10, 10, 24, 3)
 	testExpectedGetMinSpotChecksPerCategory("percentage", 10, 10, 26, 3)
 	testExpectedGetMinSpotChecksPerCategory("percentage", 10, 10, 100, 10)
 	testExpectedGetMinSpotChecksPerCategory("percentage", 10, 10, 200, 10)