Merge pull request #371 from checkmarx-ltd/develop

Added API to get SCA tags

Author: itsKedar

pom.xml

@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>com.github.checkmarx-ltd</groupId>
 	<artifactId>cx-spring-boot-sdk</artifactId>
-	<version>0.5.68</version>
+	<version>0.5.69</version>
 	<name>cx-spring-boot-sdk</name>
 	<description>Checkmarx Java Spring Boot SDK</description>
 	<properties>

src/main/java/com/checkmarx/sdk/dto/ScanResults.java

@@ -656,6 +656,8 @@ public IssueDetails comment(final String comment) {
     @Builder
     public static class ScaDetails {
         private String vulnerabilityLink;
+
+        private Map scanTags;
         private Finding finding;
         private Package vulnerabilityPackage;
     }

src/main/java/com/checkmarx/sdk/dto/sca/SCAResults.java

@@ -7,6 +7,7 @@
 
 import java.io.Serializable;
 import java.util.List;
+import java.util.Map;
 
 @Builder
 @Getter
@@ -25,6 +26,8 @@ public class SCAResults extends ResultsBase implements Serializable {
     private boolean isPolicyViolated;
     private List<String> violatedPolicies;
     private String output;
+
+    private Map scanTags;
 
     public void calculateVulnerableAndOutdatedPackages() {
         int sum;

src/main/java/com/checkmarx/sdk/utils/scanner/client/ScaClientHelper.java

@@ -24,6 +24,7 @@
 import com.checkmarx.sdk.utils.zip.CxZipUtils;
 import com.checkmarx.sdk.utils.zip.NewCxZipFile;
 import com.checkmarx.sdk.utils.zip.Zipper;
+import com.fasterxml.jackson.core.TreeNode;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.MapperFeature;
@@ -78,6 +79,7 @@ public class ScaClientHelper extends ScanClientHelper implements IScanClientHelp
     private static final String PROJECTS_BY_ID = PROJECTS + "/%s";
     private static final String SUMMARY_REPORT = RISK_MANAGEMENT_API + "riskReports/%s/summary";
     private static final String FINDINGS = RISK_MANAGEMENT_API + "riskReports/%s/vulnerabilities";
+    private static final String TAGS = "/scan-runner/scans/%s";
     private static final String PACKAGES = RISK_MANAGEMENT_API + "riskReports/%s/packages";
     private static final String LATEST_SCAN = RISK_MANAGEMENT_API + "riskReports?size=1&projectId=%s";
     private static final String WEB_REPORT = "/#/projects/%s/reports/%s";
@@ -1462,6 +1464,10 @@ private SCAResults getScanResults() {
             result.setPolicyViolated(!scanViolatedPolicies.isEmpty());
             result.setViolatedPolicies(scanViolatedPolicies);
 
+            Map<String,String>tags = getScaScanTags();
+            result.setScanTags(tags);
+
+
             if(scaProperties.isPreserveXml()){
                 String path = String.format(REPORT_IN_XML_WITH_SCANID, URLEncoder.encode(scanId, ENCODING));
                 String xml = httpClient.getRequest(path,
@@ -1482,6 +1488,23 @@ private SCAResults getScanResults() {
         return result;
     }
 
+    private  Map<String, String> getScaScanTags() throws IOException {
+        log.debug("Getting SCA scan tags.");
+
+        String path = String.format(TAGS, URLEncoder.encode(scanId, ENCODING));
+
+        String response = httpClient.getRequest(path,
+                ContentType.CONTENT_TYPE_APPLICATION_JSON,
+                String.class,
+                HttpStatus.SC_OK,
+                "CxSCA Tags",
+                false);
+        JSONObject obj = new JSONObject(response);
+        JSONObject tags = obj.getJSONObject("tags");
+        Map<String, String> result = caseInsensitiveObjectMapper.convertValue(tags.toMap(), Map.class);
+        return result;
+    }
+
     protected Map<Filter.Severity, Integer> getFindingCountMap(ScaSummaryBaseFormat summary) {
         EnumMap<Filter.Severity, Integer> result = new EnumMap<>(Filter.Severity.class);
         result.put(Filter.Severity.HIGH, summary.getHighVulnerabilityCount());