mirror of
https://github.com/SAP/jenkins-library.git
synced 2025-01-22 05:33:10 +02:00
f39dec68a5
* Initial in progress * compiling but not yet functional * Missed file * updated checkmarxone step * Working up to fetching a project then breaks * Missed file * Breaks when retrieving projects+proxy set * Create project & run scan working, now polling * Fixed polling * added back the zipfile remove command * Fixed polling again * Generates and downloads PDF report * Updated and working, prep for refactor * Added compliance steps * Cleanup, reporting, added groovy connector * fixed groovy file * checkmarxone to checkmarxOne * checkmarxone to checkmarxOne * split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix * Fixed filenames & yaml * missed the metadata_generated.go * added json to sarif conversion * fix:type in new checkmarxone package * fix:type in new checkmarxone package * removed test logs, added temp error log for creds * extra debugging to fix crash * improved auth logging, fixed query parse issue * fixed bug with group fetch when using oauth user * CWE can be -1 if not defined, can't be uint * Query also had CweID * Disabled predicates-fetch in sarif generation * Removing leftover info log message * Better error handling * fixed default preset configuration * removing .bat files - sorry * Cleanup per initial review * refactoring per Gist, fixed project find, add apps * small fix - sorry for commit noise while testing * Fixing issues with incremental scans. * removing maxretries * Updated per PR feedback, further changes todo toda * JSON Report changes and reporting cleanup * removing .bat (again?) * adding docs, groovy unit test, linter fixes * Started adding tests maybe 15% covered * fix(checkmarxOne): test cases for pkg and reporting * fix(checkmarxOne):fix formatting * feat(checkmarxone): update interface with missing method * feat(checkmarxone):change runStep signature to be able to inject dependency * feat(checkmarxone): add tests for step (wip) * Adding a bit more coverage * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix code review * feat(checkmarxOne): fix integration test PR * adding scan-summary bug workaround, reportgen fail * enforceThresholds fix when no results passed in * fixed gap when preset empty in yaml & project conf * fixed another gap in preset selection * fix 0-result panic * fail when no preset is set anywhere * removed comment * initial project-under-app support * fixing sarif reportgen * some cleanup of error messages * post-merge test fixes * revert previous upstream merge * adding "incremental" to "full" triggers * wrong boolean * project-in-application api change prep * Fixing SARIF report without preset access * fix sarif deeplink * removing comments * fix(cxone):formatting * fix(cxone):formatting --------- Co-authored-by: thtri <trinhthanhhai@gmail.com> Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
1405 lines
43 KiB
Go
1405 lines
43 KiB
Go
package checkmarxOne
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"os"
|
|
|
|
//"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
//"encoding/xml"
|
|
piperHttp "github.com/SAP/jenkins-library/pkg/http"
|
|
"github.com/SAP/jenkins-library/pkg/log"
|
|
"github.com/SAP/jenkins-library/pkg/piperutils"
|
|
"github.com/pkg/errors"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// ReportsDirectory defines the subfolder for the Checkmarx reports which are generated
|
|
const ReportsDirectory = "checkmarxOne"
|
|
const cxOrigin = "GolangScript"
|
|
|
|
// AuthToken - Structure to store OAuth2 token
|
|
// Updated for Cx1
|
|
type AuthToken struct {
|
|
TokenType string `json:"token_type"`
|
|
AccessToken string `json:"access_token"`
|
|
ExpiresIn int `json:"expires_in"`
|
|
// RefreshExpiresIn int `json:"refresh_expires_in"`
|
|
// NotBeforePolicy int `json:"not-before-policy"`
|
|
// Scope string `json:"scope"`
|
|
}
|
|
|
|
type Application struct {
|
|
ApplicationID string `json:"id"`
|
|
Name string `json:"name"`
|
|
Description string `json:"description"`
|
|
Criticality uint `json:"criticality"`
|
|
Rules []ApplicationRule `json:"rules"`
|
|
Tags map[string]string `json:"tags"`
|
|
CreatedAt string `json:"createdAt"`
|
|
UpdatedAt string `json:"updatedAt"`
|
|
}
|
|
|
|
type ApplicationRule struct {
|
|
Type string `json:"type"`
|
|
Value string `json:"value"`
|
|
}
|
|
|
|
// Preset - Project's Preset
|
|
// Updated for Cx1
|
|
type Preset struct {
|
|
PresetID int `json:"id"`
|
|
Name string `json:"name"`
|
|
}
|
|
|
|
// Project - Project Structure
|
|
// Updated for Cx1
|
|
type Project struct {
|
|
ProjectID string `json:"id"`
|
|
Name string `json:"name"`
|
|
CreatedAt string `json:"createdAt"`
|
|
UpdatedAt string `json:"updatedAt"`
|
|
Groups []string `json:"groups"`
|
|
Applications []string `json:"applicationIds"`
|
|
Tags map[string]string `json:"tags"`
|
|
RepoUrl string `json:"repoUrl"`
|
|
MainBranch string `json:"mainBranch"`
|
|
Origin string `json:"origin"`
|
|
Criticality int `json:"criticality"`
|
|
}
|
|
|
|
// New for Cx1
|
|
// These settings are higher-level settings that define how an engine should run, for example "multi-language" mode or setting a preset.
|
|
type ProjectConfigurationSetting struct {
|
|
Key string `json:"key"`
|
|
Name string `json:"name"`
|
|
Category string `json:"category"`
|
|
OriginLevel string `json:"originLevel"`
|
|
Value string `json:"value"`
|
|
ValueType string `json:"valuetype"`
|
|
ValueTypeParams string `json:"valuetypeparams"`
|
|
AllowOverride bool `json:"allowOverride"`
|
|
}
|
|
|
|
type Query struct {
|
|
QueryID uint64 `json:"queryID,string"`
|
|
Name string `json:"queryName"`
|
|
Group string
|
|
Language string
|
|
Severity string
|
|
CweID int64
|
|
QueryDescriptionID int64
|
|
Custom bool
|
|
}
|
|
|
|
// ReportStatus - ReportStatus Structure
|
|
// Updated for Cx1
|
|
type ReportStatus struct {
|
|
ReportID string `json:"reportId"`
|
|
Status string `json:"status"`
|
|
ReportURL string `json:"url"`
|
|
}
|
|
|
|
type ResultsPredicates struct {
|
|
PredicateID string `json:"ID"`
|
|
SimilarityID int64 `json:"similarityId,string"`
|
|
ProjectID string `json:"projectId"`
|
|
State string `json:"state"`
|
|
Comment string `json:"comment"`
|
|
Severity string `json:"severity"`
|
|
CreatedBy string
|
|
CreatedAt string
|
|
}
|
|
|
|
// Scan - Scan Structure
|
|
// updated for Cx1
|
|
type Scan struct {
|
|
ScanID string `json:"id"`
|
|
Status string `json:"status"`
|
|
StatusDetails []ScanStatusDetails `json:"statusDetails"`
|
|
Branch string `json:"branch"`
|
|
CreatedAt string `json:"createdAt"`
|
|
UpdatedAt string `json:"updatedAt"`
|
|
ProjectID string `json:"projectId"`
|
|
ProjectName string `json:"projectName"`
|
|
UserAgent string `json:"userAgent"`
|
|
Initiator string `json:"initiator"`
|
|
Tags map[string]string `json:"tags"`
|
|
Metadata struct {
|
|
Type string `json:"type"`
|
|
Configs []ScanConfiguration `json:"configs"`
|
|
} `json:"metadata"`
|
|
Engines []string `json:"engines"`
|
|
SourceType string `json:"sourceType"`
|
|
SourceOrigin string `json:"sourceOrigin"`
|
|
}
|
|
|
|
// New for Cx1: ScanConfiguration - list of key:value pairs used to configure the scan for each scan engine
|
|
// This is specifically for scan-level configurations like "is incremental" and scan tags
|
|
type ScanConfiguration struct {
|
|
ScanType string `json:"type"`
|
|
Values map[string]string `json:"value"`
|
|
}
|
|
|
|
/*
|
|
{"scanId":"bef5d38b-7eb9-4138-b74b-2639fcf49e2e","projectId":"ad34ade3-9bf3-4b5a-91d7-3ad67eca7852","loc":137,"fileCount":12,"isIncremental":false,"isIncrementalCanceled":false,"queryPreset":"ASA Premium"}
|
|
*/
|
|
type ScanMetadata struct {
|
|
ScanID string
|
|
ProjectID string
|
|
LOC int
|
|
FileCount int
|
|
IsIncremental bool
|
|
IsIncrementalCanceled bool
|
|
PresetName string `json:"queryPreset"`
|
|
}
|
|
|
|
type ScanResultData struct {
|
|
QueryID uint64
|
|
QueryName string
|
|
Group string
|
|
ResultHash string
|
|
LanguageName string
|
|
Nodes []ScanResultNodes
|
|
}
|
|
|
|
type ScanResultNodes struct {
|
|
ID string
|
|
Line int
|
|
Name string
|
|
Column int
|
|
Length int
|
|
Method string
|
|
NodeID int
|
|
DOMType string
|
|
FileName string
|
|
FullName string
|
|
TypeName string
|
|
MethodLine int
|
|
Definitions string
|
|
}
|
|
|
|
type ScanResult struct {
|
|
Type string
|
|
ResultID string `json:"id"`
|
|
SimilarityID int64 `json:"similarityId,string"`
|
|
Status string
|
|
State string
|
|
Severity string
|
|
CreatedAt string `json:"created"`
|
|
FirstFoundAt string
|
|
FoundAt string
|
|
FirstScanId string
|
|
Description string
|
|
Data ScanResultData
|
|
VulnerabilityDetails ScanResultDetails
|
|
}
|
|
|
|
type ScanResultDetails struct {
|
|
CweId int
|
|
Compliances []string
|
|
}
|
|
|
|
// Cx1: StatusDetails - details of each engine type's scan status for a multi-engine scan
|
|
type ScanStatusDetails struct {
|
|
Name string `json:"name"`
|
|
Status string `json:"status"`
|
|
Details string `json:"details"`
|
|
}
|
|
|
|
// Very simplified for now
|
|
type ScanSummary struct {
|
|
TenantID string
|
|
ScanID string
|
|
SASTCounters struct {
|
|
//QueriesCounters []?
|
|
//SinkFileCounters []?
|
|
LanguageCounters []struct {
|
|
Language string
|
|
Counter uint64
|
|
}
|
|
ComplianceCounters []struct {
|
|
Compliance string
|
|
Counter uint64
|
|
}
|
|
SeverityCounters []struct {
|
|
Severity string
|
|
Counter uint64
|
|
}
|
|
StatusCounters []struct {
|
|
Status string
|
|
Counter uint64
|
|
}
|
|
StateCounters []struct {
|
|
State string
|
|
Counter uint64
|
|
}
|
|
TotalCounter uint64
|
|
FilesScannedCounter uint64
|
|
}
|
|
// ignoring the other counters
|
|
// KICSCounters
|
|
// SCACounters
|
|
// SCAPackagesCounters
|
|
// SCAContainerCounters
|
|
// APISecCounters
|
|
}
|
|
|
|
// Status - Status Structure
|
|
type Status struct {
|
|
ID int `json:"id"`
|
|
Name string `json:"name"`
|
|
Details ScanStatusDetails `json:"details"`
|
|
}
|
|
|
|
type VersionInfo struct {
|
|
CxOne string `json:"CxOne"`
|
|
KICS string `json:"KICS"`
|
|
SAST string `json:"SAST"`
|
|
}
|
|
|
|
type WorkflowLog struct {
|
|
Source string `json:"Source"`
|
|
Info string `json:"Info"`
|
|
Timestamp string `json:"Timestamp"`
|
|
}
|
|
|
|
// Cx1 Group/Group - Group Structure
|
|
type Group struct {
|
|
GroupID string `json:"id"`
|
|
Name string `json:"name"`
|
|
}
|
|
|
|
// SystemInstance is the client communicating with the Checkmarx backend
|
|
type SystemInstance struct {
|
|
serverURL string
|
|
iamURL string // New for Cx1
|
|
tenant string // New for Cx1
|
|
APIKey string // New for Cx1
|
|
oauth_client_id string // separate from APIKey
|
|
oauth_client_secret string //separate from APIKey
|
|
client piperHttp.Uploader
|
|
logger *logrus.Entry
|
|
}
|
|
|
|
// System is the interface abstraction of a specific SystemIns
|
|
type System interface {
|
|
DownloadReport(reportID string) ([]byte, error)
|
|
GetReportStatus(reportID string) (ReportStatus, error)
|
|
RequestNewReport(scanID, projectID, branch, reportType string) (string, error)
|
|
|
|
CreateApplication(appname string) (Application, error)
|
|
GetApplicationByName(appname string) (Application, error)
|
|
GetApplicationByID(appId string) (Application, error)
|
|
UpdateApplication(app *Application) error
|
|
|
|
GetScan(scanID string) (Scan, error)
|
|
GetScanMetadata(scanID string) (ScanMetadata, error)
|
|
GetScanResults(scanID string, limit uint64) ([]ScanResult, error)
|
|
GetScanSummary(scanID string) (ScanSummary, error)
|
|
GetResultsPredicates(SimilarityID int64, ProjectID string) ([]ResultsPredicates, error)
|
|
GetScanWorkflow(scanID string) ([]WorkflowLog, error)
|
|
GetLastScans(projectID string, limit int) ([]Scan, error)
|
|
GetLastScansByStatus(projectID string, limit int, status []string) ([]Scan, error)
|
|
|
|
ScanProject(projectID, sourceUrl, branch, scanType string, settings []ScanConfiguration) (Scan, error)
|
|
ScanProjectZip(projectID, sourceUrl, branch string, settings []ScanConfiguration) (Scan, error)
|
|
ScanProjectGit(projectID, repoUrl, branch string, settings []ScanConfiguration) (Scan, error)
|
|
|
|
UploadProjectSourceCode(projectID string, zipFile string) (string, error)
|
|
CreateProject(projectName string, groupIDs []string) (Project, error)
|
|
CreateProjectInApplication(projectName, applicationID string, groupIDs []string) (Project, error)
|
|
GetPresets() ([]Preset, error)
|
|
GetProjectByID(projectID string) (Project, error)
|
|
GetProjectsByName(projectName string) ([]Project, error)
|
|
GetProjectsByNameAndGroup(projectName, groupID string) ([]Project, error)
|
|
GetProjects() ([]Project, error)
|
|
GetQueries() ([]Query, error)
|
|
//GetShortDescription(scanID int, pathID int) (ShortDescription, error)
|
|
GetGroups() ([]Group, error)
|
|
GetGroupByName(groupName string) (Group, error)
|
|
GetGroupByID(groupID string) (Group, error)
|
|
SetProjectBranch(projectID, branch string, allowOverride bool) error
|
|
SetProjectPreset(projectID, presetName string, allowOverride bool) error
|
|
SetProjectLanguageMode(projectID, languageMode string, allowOverride bool) error
|
|
SetProjectFileFilter(projectID, filter string, allowOverride bool) error
|
|
|
|
GetProjectConfiguration(projectID string) ([]ProjectConfigurationSetting, error)
|
|
UpdateProjectConfiguration(projectID string, settings []ProjectConfigurationSetting) error
|
|
|
|
GetVersion() (VersionInfo, error)
|
|
}
|
|
|
|
// NewSystemInstance returns a new Checkmarx client for communicating with the backend
|
|
// Updated for Cx1
|
|
func NewSystemInstance(client piperHttp.Uploader, serverURL, iamURL, tenant, APIKey, client_id, client_secret string) (*SystemInstance, error) {
|
|
loggerInstance := log.Entry().WithField("package", "SAP/jenkins-library/pkg/checkmarxOne")
|
|
sys := &SystemInstance{
|
|
serverURL: serverURL,
|
|
iamURL: iamURL,
|
|
tenant: tenant,
|
|
APIKey: APIKey,
|
|
oauth_client_id: client_id,
|
|
oauth_client_secret: client_secret,
|
|
client: client,
|
|
logger: loggerInstance,
|
|
}
|
|
|
|
var token string
|
|
var err error
|
|
|
|
if APIKey != "" {
|
|
token, err = sys.getAPIToken()
|
|
if err != nil {
|
|
return sys, errors.Wrap(err, fmt.Sprintf("Error fetching oAuth token using API Key: %v", shortenGUID(APIKey)))
|
|
}
|
|
} else if client_id != "" && client_secret != "" {
|
|
token, err = sys.getOAuth2Token()
|
|
if err != nil {
|
|
return sys, errors.Wrap(err, fmt.Sprintf("Error fetching oAuth token using OIDC client: %v/%v", shortenGUID(client_id), shortenGUID(client_secret)))
|
|
}
|
|
} else {
|
|
return sys, errors.New("No APIKey or client_id/client_secret provided.")
|
|
}
|
|
|
|
log.RegisterSecret(token)
|
|
|
|
options := piperHttp.ClientOptions{
|
|
Token: token,
|
|
TransportTimeout: time.Minute * 15,
|
|
}
|
|
sys.client.SetOptions(options)
|
|
|
|
return sys, nil
|
|
}
|
|
|
|
// Updated for Cx1
|
|
func sendRequest(sys *SystemInstance, method, url string, body io.Reader, header http.Header, acceptedErrorCodes []int) ([]byte, error) {
|
|
cx1url := fmt.Sprintf("%v/api%v", sys.serverURL, url)
|
|
return sendRequestInternal(sys, method, cx1url, body, header, acceptedErrorCodes)
|
|
}
|
|
|
|
// Updated for Cx1
|
|
func sendRequestIAM(sys *SystemInstance, method, base, url string, body io.Reader, header http.Header, acceptedErrorCodes []int) ([]byte, error) {
|
|
iamurl := fmt.Sprintf("%v%v/realms/%v%v", sys.iamURL, base, sys.tenant, url)
|
|
return sendRequestInternal(sys, method, iamurl, body, header, acceptedErrorCodes)
|
|
}
|
|
|
|
// Updated for Cx1
|
|
func sendRequestInternal(sys *SystemInstance, method, url string, body io.Reader, header http.Header, acceptedErrorCodes []int) ([]byte, error) {
|
|
var requestBody io.Reader
|
|
var reqBody string
|
|
if body != nil {
|
|
closer := io.NopCloser(body)
|
|
bodyBytes, _ := io.ReadAll(closer)
|
|
reqBody = string(bodyBytes)
|
|
requestBody = bytes.NewBuffer(bodyBytes)
|
|
defer closer.Close()
|
|
}
|
|
|
|
if header == nil {
|
|
header = http.Header{}
|
|
}
|
|
header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0")
|
|
//header.Set("User-Agent", "Project-Piper.io cicd pipeline") // currently this causes some requests to fail due to unknown UA validation in the backend.
|
|
|
|
response, err := sys.client.SendRequest(method, url, requestBody, header, nil)
|
|
if err != nil && (response == nil || !piperutils.ContainsInt(acceptedErrorCodes, response.StatusCode)) {
|
|
|
|
var resBodyBytes []byte
|
|
if response != nil && response.Body != nil {
|
|
resBodyBytes, _ = io.ReadAll(response.Body)
|
|
defer response.Body.Close()
|
|
resBody := string(resBodyBytes)
|
|
sys.recordRequestDetailsInErrorCase(reqBody, resBody)
|
|
}
|
|
|
|
var str string
|
|
if len(resBodyBytes) > 0 {
|
|
var msg map[string]interface{}
|
|
_ = json.Unmarshal(resBodyBytes, &msg)
|
|
|
|
if msg["message"] != nil {
|
|
str = msg["message"].(string)
|
|
} else if msg["error_description"] != nil {
|
|
str = msg["error_description"].(string)
|
|
} else if msg["error"] != nil {
|
|
str = msg["error"].(string)
|
|
} else {
|
|
if len(str) > 20 {
|
|
str = string(resBodyBytes[:20])
|
|
} else {
|
|
str = string(resBodyBytes)
|
|
}
|
|
}
|
|
}
|
|
|
|
if err != nil {
|
|
if str != "" {
|
|
err = fmt.Errorf("%s: %v", err, str)
|
|
} else {
|
|
err = fmt.Errorf("%s", err)
|
|
}
|
|
sys.logger.Errorf("HTTP request failed with error: %s", err)
|
|
return resBodyBytes, err
|
|
} else {
|
|
if str != "" {
|
|
err = fmt.Errorf("HTTP %v: %v", response.Status, str)
|
|
} else {
|
|
err = fmt.Errorf("HTTP %v", response.Status)
|
|
}
|
|
|
|
sys.logger.Errorf("HTTP response indicates error: %s", err)
|
|
return resBodyBytes, err
|
|
}
|
|
}
|
|
|
|
data, _ := io.ReadAll(response.Body)
|
|
//sys.logger.Debugf("Valid response body: %v", string(data))
|
|
defer response.Body.Close()
|
|
return data, nil
|
|
}
|
|
|
|
func (sys *SystemInstance) recordRequestDetailsInErrorCase(requestBody string, responseBody string) {
|
|
if requestBody != "" {
|
|
sys.logger.Errorf("Request body: %s", requestBody)
|
|
}
|
|
if responseBody != "" {
|
|
sys.logger.Errorf("Response body: %s", responseBody)
|
|
}
|
|
}
|
|
|
|
/*
|
|
CxOne authentication options are:
|
|
|
|
1. APIKey: post to /protocol/openid-connect/token with client_id ("ast-app"), refresh_token (APIKey generated in the UI), & grant_type ("refresh_token")
|
|
2. OAuth Client (service account): post to /protocol/openid-connect/token with client_id (set in the OIDC client in the Cx1 UI), client_secret (set in the UI), grant_type ("client_credentials")
|
|
|
|
For regular users, the API Key is likely to be used - it is a token tied to the user account.
|
|
For service accounts, Administrators will need to create OAuth clients.
|
|
*/
|
|
// Updated for Cx1
|
|
func (sys *SystemInstance) getOAuth2Token() (string, error) {
|
|
body := url.Values{
|
|
"grant_type": {"client_credentials"},
|
|
"client_id": {sys.oauth_client_id},
|
|
"client_secret": {sys.oauth_client_secret},
|
|
}
|
|
header := http.Header{}
|
|
header.Add("Content-type", "application/x-www-form-urlencoded")
|
|
data, err := sendRequestIAM(sys, http.MethodPost, "/auth", "/protocol/openid-connect/token", strings.NewReader(body.Encode()), header, []int{})
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
var token AuthToken
|
|
json.Unmarshal(data, &token)
|
|
return token.TokenType + " " + token.AccessToken, nil
|
|
}
|
|
|
|
// Updated for Cx1
|
|
func (sys *SystemInstance) getAPIToken() (string, error) {
|
|
body := url.Values{
|
|
"grant_type": {"refresh_token"},
|
|
"client_id": {"ast-app"},
|
|
"refresh_token": {sys.APIKey},
|
|
}
|
|
header := http.Header{}
|
|
header.Add("Content-type", "application/x-www-form-urlencoded")
|
|
data, err := sendRequestIAM(sys, http.MethodPost, "/auth", "/protocol/openid-connect/token", strings.NewReader(body.Encode()), header, []int{})
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
var token AuthToken
|
|
json.Unmarshal(data, &token)
|
|
return token.TokenType + " " + token.AccessToken, nil
|
|
}
|
|
|
|
func (sys *SystemInstance) GetApplicationsByName(name string, limit uint64) ([]Application, error) {
|
|
sys.logger.Debugf("Get Cx1 Applications by name: %v", name)
|
|
|
|
var ApplicationResponse struct {
|
|
TotalCount uint64
|
|
FilteredCount uint64
|
|
Applications []Application
|
|
}
|
|
|
|
body := url.Values{
|
|
//"offset": {fmt.Sprintf("%d", 0)},
|
|
"limit": {fmt.Sprintf("%d", limit)},
|
|
"name": {name},
|
|
}
|
|
|
|
response, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/applications?%v", body.Encode()), nil, nil, []int{})
|
|
|
|
if err != nil {
|
|
return ApplicationResponse.Applications, err
|
|
}
|
|
|
|
err = json.Unmarshal(response, &ApplicationResponse)
|
|
sys.logger.Tracef("Retrieved %d applications", len(ApplicationResponse.Applications))
|
|
return ApplicationResponse.Applications, err
|
|
}
|
|
|
|
func (sys *SystemInstance) GetApplicationByID(appId string) (Application, error) {
|
|
sys.logger.Debugf("Get Cx1 Application by ID: %v", appId)
|
|
|
|
var ret Application
|
|
|
|
response, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/applications/%v", appId), nil, nil, []int{})
|
|
|
|
if err != nil {
|
|
return ret, err
|
|
}
|
|
|
|
err = json.Unmarshal(response, &ret)
|
|
return ret, err
|
|
}
|
|
|
|
func (sys *SystemInstance) GetApplicationByName(name string) (Application, error) {
|
|
apps, err := sys.GetApplicationsByName(name, 0)
|
|
if err != nil {
|
|
return Application{}, err
|
|
}
|
|
|
|
for _, a := range apps {
|
|
if a.Name == name {
|
|
return a, nil
|
|
}
|
|
}
|
|
|
|
return Application{}, fmt.Errorf("no application found named %v", name)
|
|
}
|
|
|
|
func (sys *SystemInstance) CreateApplication(appname string) (Application, error) {
|
|
sys.logger.Debugf("Create Application: %v", appname)
|
|
data := map[string]interface{}{
|
|
"name": appname,
|
|
"description": "",
|
|
"criticality": 3,
|
|
"rules": []ApplicationRule{},
|
|
"tags": map[string]string{},
|
|
}
|
|
|
|
var app Application
|
|
|
|
jsonBody, err := json.Marshal(data)
|
|
if err != nil {
|
|
return app, err
|
|
}
|
|
|
|
response, err := sendRequest(sys, http.MethodPost, "/applications", bytes.NewReader(jsonBody), nil, []int{})
|
|
if err != nil {
|
|
sys.logger.Tracef("Error while creating application: %s", err)
|
|
return app, err
|
|
}
|
|
|
|
err = json.Unmarshal(response, &app)
|
|
|
|
return app, err
|
|
}
|
|
|
|
func (a *Application) GetRuleByType(ruletype string) *ApplicationRule {
|
|
for id := range a.Rules {
|
|
if a.Rules[id].Type == ruletype {
|
|
return &(a.Rules[id])
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (a *Application) AddRule(ruletype, value string) {
|
|
rule := a.GetRuleByType(ruletype)
|
|
if rule == nil {
|
|
var newrule ApplicationRule
|
|
newrule.Type = ruletype
|
|
newrule.Value = value
|
|
a.Rules = append(a.Rules, newrule)
|
|
} else {
|
|
if rule.Value == value || strings.Contains(rule.Value, fmt.Sprintf(";%v;", value)) || rule.Value[len(rule.Value)-len(value)-1:] == fmt.Sprintf(";%v", value) || rule.Value[:len(value)+1] == fmt.Sprintf("%v;", value) {
|
|
return // rule value already contains this value
|
|
}
|
|
rule.Value = fmt.Sprintf("%v;%v", rule.Value, value)
|
|
}
|
|
}
|
|
|
|
func (a *Application) AssignProject(project *Project) {
|
|
a.AddRule("project.name.in", project.Name)
|
|
}
|
|
|
|
func (sys *SystemInstance) UpdateApplication(app *Application) error {
|
|
sys.logger.Debugf("Updating application: %v", app.Name)
|
|
jsonBody, err := json.Marshal(*app)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = sendRequest(sys, http.MethodPut, fmt.Sprintf("/applications/%v", app.ApplicationID), bytes.NewReader(jsonBody), nil, []int{})
|
|
if err != nil {
|
|
sys.logger.Tracef("Error while updating application: %s", err)
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Updated for Cx1
|
|
func (sys *SystemInstance) GetGroups() ([]Group, error) {
|
|
sys.logger.Debug("Getting Groups...")
|
|
var groups []Group
|
|
|
|
data, err := sendRequestIAM(sys, http.MethodGet, "/auth", "/pip/groups", nil, http.Header{}, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Fetching groups failed: %s", err)
|
|
return groups, err
|
|
}
|
|
|
|
err = json.Unmarshal(data, &groups)
|
|
if err != nil {
|
|
sys.logger.Errorf("Fetching groups failed: %s", err)
|
|
return groups, err
|
|
}
|
|
|
|
return groups, nil
|
|
}
|
|
|
|
// New for Cx1
|
|
func (sys *SystemInstance) GetGroupByName(groupName string) (Group, error) {
|
|
sys.logger.Debugf("Getting Group named %v...", groupName)
|
|
groups, err := sys.GetGroups()
|
|
var group Group
|
|
if err != nil {
|
|
return group, err
|
|
}
|
|
|
|
for _, g := range groups {
|
|
if g.Name == groupName {
|
|
return g, nil
|
|
}
|
|
}
|
|
|
|
return group, errors.New(fmt.Sprintf("No group matching %v", groupName))
|
|
}
|
|
|
|
// New for Cx1
|
|
func (sys *SystemInstance) GetGroupByID(groupID string) (Group, error) {
|
|
sys.logger.Debugf("Getting Group with ID %v...", groupID)
|
|
groups, err := sys.GetGroups()
|
|
var group Group
|
|
if err != nil {
|
|
return group, err
|
|
}
|
|
|
|
for _, g := range groups {
|
|
if g.GroupID == groupID {
|
|
return g, nil
|
|
}
|
|
}
|
|
|
|
return group, errors.New(fmt.Sprintf("No group with ID %v", groupID))
|
|
}
|
|
|
|
// GetProjects returns the projects defined in the Checkmarx backend which the user has access to
|
|
func (sys *SystemInstance) GetProjects() ([]Project, error) {
|
|
return sys.GetProjectsByNameAndGroup("", "")
|
|
}
|
|
|
|
// GetProjectByID returns the project addressed by projectID from the Checkmarx backend which the user has access to
|
|
// Updated for Cx1
|
|
func (sys *SystemInstance) GetProjectByID(projectID string) (Project, error) {
|
|
sys.logger.Debugf("Getting Project with ID %v...", projectID)
|
|
var project Project
|
|
|
|
data, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/projects/%v", projectID), nil, http.Header{}, []int{})
|
|
if err != nil {
|
|
return project, errors.Wrapf(err, "fetching project %v failed", projectID)
|
|
}
|
|
|
|
err = json.Unmarshal(data, &project)
|
|
return project, err
|
|
}
|
|
|
|
// GetProjectsByNameAndGroup returns the project addressed by project name from the Checkmarx backend which the user has access to
|
|
// Updated for Cx1
|
|
func (sys *SystemInstance) GetProjectsByName(projectName string) ([]Project, error) {
|
|
sys.logger.Debugf("Getting projects with name %v", projectName)
|
|
|
|
var projectResponse struct {
|
|
TotalCount int `json:"totalCount"`
|
|
FilteredCount int `json:"filteredCount"`
|
|
Projects []Project `json:"projects"`
|
|
}
|
|
|
|
header := http.Header{}
|
|
header.Set("Accept-Type", "application/json")
|
|
var data []byte
|
|
var err error
|
|
|
|
body := url.Values{}
|
|
body.Add("name", projectName)
|
|
|
|
data, err = sendRequest(sys, http.MethodGet, fmt.Sprintf("/projects/?%v", body.Encode()), nil, header, []int{404})
|
|
|
|
if err != nil {
|
|
return []Project{}, errors.Wrapf(err, "fetching project %v failed", projectName)
|
|
}
|
|
|
|
err = json.Unmarshal(data, &projectResponse)
|
|
return projectResponse.Projects, err
|
|
}
|
|
|
|
// GetProjectsByNameAndGroup returns the project addressed by project name from the Checkmarx backend which the user has access to
|
|
// Updated for Cx1
|
|
func (sys *SystemInstance) GetProjectsByNameAndGroup(projectName, groupID string) ([]Project, error) {
|
|
sys.logger.Debugf("Getting projects with name %v of group %v...", projectName, groupID)
|
|
|
|
var projectResponse struct {
|
|
TotalCount int `json:"totalCount"`
|
|
FilteredCount int `json:"filteredCount"`
|
|
Projects []Project `json:"projects"`
|
|
}
|
|
|
|
header := http.Header{}
|
|
header.Set("Accept-Type", "application/json")
|
|
var data []byte
|
|
var err error
|
|
|
|
body := url.Values{}
|
|
if len(groupID) > 0 {
|
|
body.Add("groups", groupID)
|
|
}
|
|
if len(projectName) > 0 {
|
|
body.Add("name", projectName)
|
|
}
|
|
|
|
if len(body) > 0 {
|
|
data, err = sendRequest(sys, http.MethodGet, fmt.Sprintf("/projects/?%v", body.Encode()), nil, header, []int{404})
|
|
} else {
|
|
data, err = sendRequest(sys, http.MethodGet, "/projects/", nil, header, []int{404})
|
|
}
|
|
if err != nil {
|
|
return projectResponse.Projects, errors.Wrapf(err, "fetching project %v failed", projectName)
|
|
}
|
|
|
|
err = json.Unmarshal(data, &projectResponse)
|
|
return projectResponse.Projects, err
|
|
}
|
|
|
|
// CreateProject creates a new project in the Checkmarx backend
|
|
// Updated for Cx1
|
|
func (sys *SystemInstance) CreateProject(projectName string, groupIDs []string) (Project, error) {
|
|
var project Project
|
|
jsonData := map[string]interface{}{
|
|
"name": projectName,
|
|
"groups": groupIDs,
|
|
"origin": cxOrigin,
|
|
"criticality": 3, // default
|
|
// multiple additional parameters exist as options
|
|
}
|
|
|
|
jsonValue, err := json.Marshal(jsonData)
|
|
if err != nil {
|
|
return project, errors.Wrapf(err, "failed to marshal project data")
|
|
}
|
|
|
|
header := http.Header{}
|
|
header.Set("Content-Type", "application/json")
|
|
|
|
data, err := sendRequest(sys, http.MethodPost, "/projects", bytes.NewBuffer(jsonValue), header, []int{})
|
|
if err != nil {
|
|
return project, errors.Wrapf(err, "failed to create project %v", projectName)
|
|
}
|
|
|
|
err = json.Unmarshal(data, &project)
|
|
return project, err
|
|
}
|
|
|
|
func (sys *SystemInstance) CreateProjectInApplication(projectName, applicationID string, groupIDs []string) (Project, error) {
|
|
var project Project
|
|
jsonData := map[string]interface{}{
|
|
"name": projectName,
|
|
"groups": groupIDs,
|
|
"origin": cxOrigin,
|
|
"criticality": 3, // default
|
|
// multiple additional parameters exist as options
|
|
}
|
|
|
|
jsonValue, err := json.Marshal(jsonData)
|
|
if err != nil {
|
|
return project, errors.Wrapf(err, "failed to marshal project data")
|
|
}
|
|
|
|
header := http.Header{}
|
|
header.Set("Content-Type", "application/json")
|
|
|
|
data, err := sendRequest(sys, http.MethodPost, fmt.Sprintf("/projects/application/%v", applicationID), bytes.NewBuffer(jsonValue), header, []int{})
|
|
|
|
if err != nil && err.Error()[0:8] == "HTTP 404" { // At some point, the api /projects/applications will be removed and instead the normal /projects API will do the job.
|
|
jsonData["applicationIds"] = []string{applicationID}
|
|
jsonValue, err = json.Marshal(data)
|
|
if err != nil {
|
|
return project, err
|
|
}
|
|
data, err = sendRequest(sys, http.MethodPost, "/projects", bytes.NewReader(jsonValue), header, []int{})
|
|
}
|
|
|
|
if err != nil {
|
|
return project, errors.Wrapf(err, "failed to create project %v under %v", projectName, applicationID)
|
|
}
|
|
|
|
err = json.Unmarshal(data, &project)
|
|
if err != nil {
|
|
return project, errors.Wrapf(err, "failed to unmarshal project data")
|
|
}
|
|
|
|
// since there is a delay to assign a project to an application, adding a check to ensure project is ready after creation
|
|
// (if project is not ready, 403 will be returned)
|
|
projectID := project.ProjectID
|
|
project, err = sys.GetProjectByID(projectID)
|
|
if err != nil {
|
|
const max_retry = 12 // 3 minutes
|
|
const delay = 15
|
|
retry_counter := 1
|
|
for retry_counter <= max_retry && err != nil {
|
|
sys.logger.Debug("Waiting for project assignment to application, retry #", retry_counter)
|
|
time.Sleep(delay * time.Second)
|
|
retry_counter++
|
|
project, err = sys.GetProjectByID(projectID)
|
|
}
|
|
}
|
|
|
|
return project, err
|
|
}
|
|
|
|
// New for Cx1
|
|
func (sys *SystemInstance) GetUploadURI() (string, error) {
|
|
sys.logger.Debug("Retrieving upload URI")
|
|
header := http.Header{}
|
|
header.Set("Content-Type", "application/json")
|
|
resp, err := sendRequest(sys, http.MethodPost, "/uploads", nil, header, []int{})
|
|
|
|
if err != nil {
|
|
return "", errors.Wrap(err, "failed to get an upload uri")
|
|
}
|
|
|
|
responseData := make(map[string]string)
|
|
json.Unmarshal(resp, &responseData)
|
|
sys.logger.Debugf("Upload URI %s", responseData["url"])
|
|
|
|
return responseData["url"], nil
|
|
}
|
|
|
|
func (sys *SystemInstance) UploadProjectSourceCode(projectID string, zipFile string) (string, error) {
|
|
sys.logger.Debugf("Preparing to upload file %v...", zipFile)
|
|
|
|
// get URI
|
|
uploadUri, err := sys.GetUploadURI()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
header := http.Header{}
|
|
header.Add("Accept-Encoding", "gzip,deflate")
|
|
header.Add("Content-Type", "application/zip")
|
|
header.Add("Accept", "application/json")
|
|
|
|
zipContents, err := os.ReadFile(zipFile)
|
|
if err != nil {
|
|
sys.logger.Error("Failed to Read the File " + zipFile + ": " + err.Error())
|
|
return "", err
|
|
}
|
|
|
|
response, err := sendRequestInternal(sys, http.MethodPut, uploadUri, bytes.NewReader(zipContents), header, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to upload file %v: %s", zipFile, err)
|
|
return uploadUri, err
|
|
}
|
|
|
|
sys.logger.Debugf("Upload request response: %v", string(response))
|
|
|
|
return uploadUri, nil
|
|
}
|
|
|
|
func (sys *SystemInstance) scanProject(scanConfig map[string]interface{}) (Scan, error) {
|
|
scan := Scan{}
|
|
|
|
jsonValue, err := json.Marshal(scanConfig)
|
|
header := http.Header{}
|
|
header.Set("Content-Type", "application/json")
|
|
sys.logger.Tracef("Starting scan with settings: " + string(jsonValue))
|
|
|
|
data, err := sendRequest(sys, http.MethodPost, "/scans/", bytes.NewBuffer(jsonValue), header, []int{})
|
|
if err != nil {
|
|
return scan, err
|
|
}
|
|
|
|
err = json.Unmarshal(data, &scan)
|
|
return scan, err
|
|
}
|
|
|
|
func (sys *SystemInstance) ScanProjectZip(projectID, sourceUrl, branch string, settings []ScanConfiguration) (Scan, error) {
|
|
jsonBody := map[string]interface{}{
|
|
"project": map[string]interface{}{"id": projectID},
|
|
"type": "upload",
|
|
"handler": map[string]interface{}{
|
|
"uploadurl": sourceUrl,
|
|
"branch": branch,
|
|
},
|
|
"config": settings,
|
|
}
|
|
|
|
scan, err := sys.scanProject(jsonBody)
|
|
if err != nil {
|
|
return scan, errors.Wrapf(err, "Failed to start a zip scan for project %v", projectID)
|
|
}
|
|
return scan, err
|
|
}
|
|
|
|
func (sys *SystemInstance) ScanProjectGit(projectID, repoUrl, branch string, settings []ScanConfiguration) (Scan, error) {
|
|
jsonBody := map[string]interface{}{
|
|
"project": map[string]interface{}{"id": projectID},
|
|
"type": "git",
|
|
"handler": map[string]interface{}{
|
|
"repoUrl": repoUrl,
|
|
"branch": branch,
|
|
},
|
|
"config": settings,
|
|
}
|
|
|
|
scan, err := sys.scanProject(jsonBody)
|
|
if err != nil {
|
|
return scan, errors.Wrapf(err, "Failed to start a git scan for project %v", projectID)
|
|
}
|
|
return scan, err
|
|
}
|
|
|
|
func (sys *SystemInstance) ScanProject(projectID, sourceUrl, branch, scanType string, settings []ScanConfiguration) (Scan, error) {
|
|
if scanType == "upload" {
|
|
return sys.ScanProjectZip(projectID, sourceUrl, branch, settings)
|
|
} else if scanType == "git" {
|
|
return sys.ScanProjectGit(projectID, sourceUrl, branch, settings)
|
|
}
|
|
|
|
return Scan{}, errors.New("Invalid scanType provided, must be 'upload' or 'git'")
|
|
}
|
|
|
|
func (sys *SystemInstance) GetPresets() ([]Preset, error) {
|
|
sys.logger.Debug("Getting Presets...")
|
|
var presets []Preset
|
|
|
|
data, err := sendRequest(sys, http.MethodGet, "/queries/presets", nil, http.Header{}, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Fetching presets failed: %s", err)
|
|
return presets, err
|
|
}
|
|
|
|
err = json.Unmarshal(data, &presets)
|
|
return presets, err
|
|
}
|
|
|
|
func (sys *SystemInstance) GetProjectConfiguration(projectID string) ([]ProjectConfigurationSetting, error) {
|
|
sys.logger.Debug("Getting project configuration")
|
|
var projectConfigurations []ProjectConfigurationSetting
|
|
params := url.Values{
|
|
"project-id": {projectID},
|
|
}
|
|
data, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/configuration/project?%v", params.Encode()), nil, http.Header{}, []int{})
|
|
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to get project configuration for project ID %v: %s", projectID, err)
|
|
return projectConfigurations, err
|
|
}
|
|
|
|
err = json.Unmarshal(data, &projectConfigurations)
|
|
return projectConfigurations, err
|
|
}
|
|
|
|
func (sys *SystemInstance) UpdateProjectConfiguration(projectID string, settings []ProjectConfigurationSetting) error {
|
|
if len(settings) == 0 {
|
|
return errors.New("Empty list of settings provided.")
|
|
}
|
|
|
|
params := url.Values{
|
|
"project-id": {projectID},
|
|
}
|
|
|
|
jsonValue, err := json.Marshal(settings)
|
|
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to marshal settings.")
|
|
return err
|
|
}
|
|
|
|
_, err = sendRequest(sys, http.MethodPatch, fmt.Sprintf("/configuration/project?%v", params.Encode()), bytes.NewReader(jsonValue), http.Header{}, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to update project configuration: %s", err)
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (sys *SystemInstance) SetProjectBranch(projectID, branch string, allowOverride bool) error {
|
|
var setting ProjectConfigurationSetting
|
|
setting.Key = "scan.handler.git.branch"
|
|
setting.Value = branch
|
|
setting.AllowOverride = allowOverride
|
|
|
|
return sys.UpdateProjectConfiguration(projectID, []ProjectConfigurationSetting{setting})
|
|
}
|
|
|
|
func (sys *SystemInstance) SetProjectPreset(projectID, presetName string, allowOverride bool) error {
|
|
var setting ProjectConfigurationSetting
|
|
setting.Key = "scan.config.sast.presetName"
|
|
setting.Value = presetName
|
|
setting.AllowOverride = allowOverride
|
|
|
|
return sys.UpdateProjectConfiguration(projectID, []ProjectConfigurationSetting{setting})
|
|
}
|
|
|
|
func (sys *SystemInstance) SetProjectLanguageMode(projectID, languageMode string, allowOverride bool) error {
|
|
var setting ProjectConfigurationSetting
|
|
setting.Key = "scan.config.sast.languageMode"
|
|
setting.Value = languageMode
|
|
setting.AllowOverride = allowOverride
|
|
|
|
return sys.UpdateProjectConfiguration(projectID, []ProjectConfigurationSetting{setting})
|
|
}
|
|
|
|
func (sys *SystemInstance) SetProjectFileFilter(projectID, filter string, allowOverride bool) error {
|
|
var setting ProjectConfigurationSetting
|
|
setting.Key = "scan.config.sast.filter"
|
|
setting.Value = filter
|
|
setting.AllowOverride = allowOverride
|
|
|
|
// TODO - apply the filter across all languages? set up separate calls per engine? engine as param?
|
|
|
|
return sys.UpdateProjectConfiguration(projectID, []ProjectConfigurationSetting{setting})
|
|
}
|
|
|
|
// GetScans returns all scan status on the project addressed by projectID
|
|
func (sys *SystemInstance) GetScan(scanID string) (Scan, error) {
|
|
var scan Scan
|
|
|
|
data, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/scans/%v", scanID), nil, http.Header{}, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to fetch scan with ID %v: %s", scanID, err)
|
|
return scan, errors.Wrapf(err, "failed to fetch scan with ID %v", scanID)
|
|
}
|
|
|
|
json.Unmarshal(data, &scan)
|
|
return scan, nil
|
|
}
|
|
|
|
func (sys *SystemInstance) GetScanMetadata(scanID string) (ScanMetadata, error) {
|
|
var scanmeta ScanMetadata
|
|
|
|
data, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/sast-metadata/%v", scanID), nil, http.Header{}, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to fetch metadata for scan with ID %v: %s", scanID, err)
|
|
return scanmeta, errors.Wrapf(err, "failed to fetch metadata for scan with ID %v", scanID)
|
|
}
|
|
|
|
json.Unmarshal(data, &scanmeta)
|
|
return scanmeta, nil
|
|
}
|
|
|
|
func (sys *SystemInstance) GetScanWorkflow(scanID string) ([]WorkflowLog, error) {
|
|
var workflow []WorkflowLog
|
|
|
|
data, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/scans/%v/workflow", scanID), nil, http.Header{}, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to fetch scan with ID %v: %s", scanID, err)
|
|
return []WorkflowLog{}, errors.Wrapf(err, "failed to fetch scan with ID %v", scanID)
|
|
}
|
|
|
|
json.Unmarshal(data, &workflow)
|
|
return workflow, nil
|
|
}
|
|
|
|
func (sys *SystemInstance) GetLastScans(projectID string, limit int) ([]Scan, error) {
|
|
var scanResponse struct {
|
|
TotalCount uint64
|
|
FilteredTotalCount uint64
|
|
Scans []Scan
|
|
}
|
|
|
|
body := url.Values{
|
|
"project-id": {projectID},
|
|
"offset": {fmt.Sprintf("%v", 0)},
|
|
"limit": {fmt.Sprintf("%v", limit)},
|
|
"sort": {"+created_at"},
|
|
}
|
|
|
|
header := http.Header{}
|
|
header.Set("Accept-Type", "application/json")
|
|
data, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/scans/?%v", body.Encode()), nil, header, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to fetch scans of project %v: %s", projectID, err)
|
|
return []Scan{}, errors.Wrapf(err, "failed to fetch scans of project %v", projectID)
|
|
}
|
|
|
|
err = json.Unmarshal(data, &scanResponse)
|
|
return scanResponse.Scans, err
|
|
}
|
|
|
|
func (sys *SystemInstance) GetLastScansByStatus(projectID string, limit int, status []string) ([]Scan, error) {
|
|
var scanResponse struct {
|
|
TotalCount uint64
|
|
FilteredTotalCount uint64
|
|
Scans []Scan
|
|
}
|
|
|
|
body := url.Values{
|
|
"project-id": {projectID},
|
|
"offset": {fmt.Sprintf("%d", 0)},
|
|
"limit": {fmt.Sprintf("%d", limit)},
|
|
"sort": {"+created_at"},
|
|
"statuses": status,
|
|
}
|
|
|
|
data, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/scans/?%v", body.Encode()), nil, nil, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to fetch scans of project %v: %s", projectID, err)
|
|
return []Scan{}, errors.Wrapf(err, "failed to fetch scans of project %v", projectID)
|
|
}
|
|
|
|
err = json.Unmarshal(data, &scanResponse)
|
|
|
|
return scanResponse.Scans, err
|
|
}
|
|
|
|
func (s *Scan) IsIncremental() (bool, error) {
|
|
for _, scanconfig := range s.Metadata.Configs {
|
|
if scanconfig.ScanType == "sast" {
|
|
if val, ok := scanconfig.Values["incremental"]; ok {
|
|
return val == "true", nil
|
|
}
|
|
}
|
|
}
|
|
return false, errors.New(fmt.Sprintf("Scan %v did not have a sast-engine incremental flag set", s.ScanID))
|
|
}
|
|
|
|
func (sys *SystemInstance) GetScanResults(scanID string, limit uint64) ([]ScanResult, error) {
|
|
sys.logger.Debug("Get Cx1 Scan Results")
|
|
var resultResponse struct {
|
|
Results []ScanResult
|
|
TotalCount int
|
|
}
|
|
|
|
params := url.Values{
|
|
"scan-id": {scanID},
|
|
"limit": {fmt.Sprintf("%d", limit)},
|
|
"state": []string{},
|
|
"severity": []string{},
|
|
"status": []string{},
|
|
}
|
|
|
|
response, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/results/?%v", params.Encode()), nil, nil, []int{})
|
|
if err != nil && len(response) == 0 {
|
|
sys.logger.Errorf("Failed to retrieve scan results for scan ID %v", scanID)
|
|
return []ScanResult{}, err
|
|
}
|
|
|
|
err = json.Unmarshal(response, &resultResponse)
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed while parsing response: %s", err)
|
|
sys.logger.Tracef("Response contents: %s", string(response))
|
|
return []ScanResult{}, err
|
|
}
|
|
sys.logger.Debugf("Retrieved %d results", resultResponse.TotalCount)
|
|
|
|
if len(resultResponse.Results) != resultResponse.TotalCount {
|
|
sys.logger.Warnf("Expected results total count %d but parsed only %d", resultResponse.TotalCount, len(resultResponse.Results))
|
|
sys.logger.Warnf("Response was: %v", string(response))
|
|
}
|
|
|
|
return resultResponse.Results, nil
|
|
}
|
|
|
|
func (s *ScanSummary) TotalCount() uint64 {
|
|
var count uint64
|
|
count = 0
|
|
|
|
for _, c := range s.SASTCounters.StateCounters {
|
|
count += c.Counter
|
|
}
|
|
|
|
return count
|
|
}
|
|
|
|
func (sys *SystemInstance) GetScanSummary(scanID string) (ScanSummary, error) {
|
|
var ScansSummaries struct {
|
|
ScanSum []ScanSummary `json:"scansSummaries"`
|
|
TotalCount uint64
|
|
}
|
|
|
|
params := url.Values{
|
|
"scan-ids": {scanID},
|
|
"include-queries": {"false"},
|
|
"include-status-counters": {"true"},
|
|
"include-files": {"false"},
|
|
}
|
|
|
|
data, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/scan-summary/?%v", params.Encode()), nil, nil, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to fetch metadata for scan with ID %v: %s", scanID, err)
|
|
return ScanSummary{}, errors.Wrapf(err, "failed to fetch metadata for scan with ID %v", scanID)
|
|
}
|
|
|
|
err = json.Unmarshal(data, &ScansSummaries)
|
|
|
|
if err != nil {
|
|
return ScanSummary{}, err
|
|
}
|
|
if ScansSummaries.TotalCount == 0 {
|
|
return ScanSummary{}, errors.New(fmt.Sprintf("Failed to retrieve scan summary for scan ID %v", scanID))
|
|
}
|
|
|
|
if len(ScansSummaries.ScanSum) == 0 {
|
|
sys.logger.Errorf("Failed to parse data, 0-len ScanSum.\n%v", string(data))
|
|
return ScanSummary{}, errors.New("Fail")
|
|
}
|
|
|
|
return ScansSummaries.ScanSum[0], nil
|
|
}
|
|
|
|
func (sys *SystemInstance) GetResultsPredicates(SimilarityID int64, ProjectID string) ([]ResultsPredicates, error) {
|
|
sys.logger.Debugf("Fetching results predicates for project %v similarityId %d", ProjectID, SimilarityID)
|
|
|
|
var Predicates struct {
|
|
PredicateHistoryPerProject []struct {
|
|
ProjectID string
|
|
SimilarityID int64 `json:"similarityId,string"`
|
|
Predicates []ResultsPredicates
|
|
TotalCount uint
|
|
}
|
|
|
|
TotalCount uint
|
|
}
|
|
response, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/sast-results-predicates/%d?project-ids=%v", SimilarityID, ProjectID), nil, nil, []int{})
|
|
if err != nil {
|
|
return []ResultsPredicates{}, err
|
|
}
|
|
|
|
err = json.Unmarshal(response, &Predicates)
|
|
if err != nil {
|
|
return []ResultsPredicates{}, err
|
|
}
|
|
|
|
if Predicates.TotalCount == 0 {
|
|
return []ResultsPredicates{}, nil
|
|
}
|
|
|
|
return Predicates.PredicateHistoryPerProject[0].Predicates, err
|
|
}
|
|
|
|
// RequestNewReport triggers the generation of a report for a specific scan addressed by scanID
|
|
func (sys *SystemInstance) RequestNewReport(scanID, projectID, branch, reportType string) (string, error) {
|
|
jsonData := map[string]interface{}{
|
|
"fileFormat": reportType,
|
|
"reportType": "ui",
|
|
"reportName": "scan-report",
|
|
"data": map[string]interface{}{
|
|
"scanId": scanID,
|
|
"projectId": projectID,
|
|
"branchName": branch,
|
|
"sections": []string{
|
|
"ScanSummary",
|
|
"ExecutiveSummary",
|
|
"ScanResults",
|
|
},
|
|
"scanners": []string{"SAST"},
|
|
"host": "",
|
|
},
|
|
}
|
|
|
|
jsonValue, _ := json.Marshal(jsonData)
|
|
|
|
header := http.Header{}
|
|
header.Set("cxOrigin", cxOrigin)
|
|
header.Set("Content-Type", "application/json")
|
|
data, err := sendRequest(sys, http.MethodPost, "/reports", bytes.NewBuffer(jsonValue), header, []int{})
|
|
if err != nil {
|
|
return "", errors.Wrapf(err, "Failed to trigger report generation for scan %v", scanID)
|
|
} else {
|
|
sys.logger.Infof("Generating report %v", string(data))
|
|
}
|
|
|
|
var reportResponse struct {
|
|
ReportId string
|
|
}
|
|
err = json.Unmarshal(data, &reportResponse)
|
|
|
|
return reportResponse.ReportId, err
|
|
}
|
|
|
|
// GetReportStatus returns the status of the report generation process
|
|
func (sys *SystemInstance) GetReportStatus(reportID string) (ReportStatus, error) {
|
|
var response ReportStatus
|
|
|
|
header := http.Header{}
|
|
header.Set("Accept", "application/json")
|
|
data, err := sendRequest(sys, http.MethodGet, fmt.Sprintf("/reports/%v", reportID), nil, header, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to fetch report status for reportID %v: %s", reportID, err)
|
|
return response, errors.Wrapf(err, "failed to fetch report status for reportID %v", reportID)
|
|
}
|
|
|
|
json.Unmarshal(data, &response)
|
|
return response, nil
|
|
}
|
|
|
|
func (sys *SystemInstance) GetQueries() ([]Query, error) {
|
|
sys.logger.Debug("Get Cx1 Queries")
|
|
var queries []Query
|
|
|
|
response, err := sendRequest(sys, http.MethodGet, "/presets/queries", nil, nil, []int{})
|
|
if err != nil {
|
|
return queries, err
|
|
}
|
|
|
|
err = json.Unmarshal(response, &queries)
|
|
if err != nil {
|
|
sys.logger.Errorf("Failed to parse %v", string(response))
|
|
}
|
|
return queries, err
|
|
}
|
|
|
|
func shortenGUID(guid string) string {
|
|
return fmt.Sprintf("%v..%v", guid[:2], guid[len(guid)-2:])
|
|
}
|
|
|
|
// DownloadReport downloads the report addressed by reportID and returns the XML contents
|
|
func (sys *SystemInstance) DownloadReport(reportUrl string) ([]byte, error) {
|
|
header := http.Header{}
|
|
header.Set("Accept", "application/json")
|
|
data, err := sendRequestInternal(sys, http.MethodGet, reportUrl, nil, header, []int{})
|
|
if err != nil {
|
|
return []byte{}, errors.Wrapf(err, "failed to download report from url: %v", reportUrl)
|
|
}
|
|
return data, nil
|
|
}
|
|
|
|
func (sys *SystemInstance) GetVersion() (VersionInfo, error) {
|
|
sys.logger.Debug("Getting Version information...")
|
|
var version VersionInfo
|
|
|
|
data, err := sendRequest(sys, http.MethodGet, "/versions", nil, http.Header{}, []int{})
|
|
if err != nil {
|
|
sys.logger.Errorf("Fetching versions failed: %s", err)
|
|
return version, err
|
|
}
|
|
|
|
err = json.Unmarshal(data, &version)
|
|
return version, err
|
|
}
|