Skip to content

Commit 7ca5035

Browse files
cx-kedar-bhujadecx-kedar-bhujade
authored
Merge pull request #457 from checkmarx-ltd/develop
0.6.28 version release
2 parents 6b7b310 + de4a1cb commit 7ca5035

File tree

3 files changed

+46
-48
lines changed

3 files changed

+46
-48
lines changed

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
</parent>
1111
<groupId>com.github.checkmarx-ltd</groupId>
1212
<artifactId>cx-spring-boot-sdk</artifactId>
13-
<version>0.6.27</version>
13+
<version>0.6.28</version>
1414

1515

1616
<name>cx-spring-boot-sdk</name>

src/main/java/com/checkmarx/sdk/utils/scaResolver/ScaResolverUtils.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,13 @@ public class ScaResolverUtils {
1818
public static final String SCA_RESOLVER_FOR_LINUX = "/" + "ScaResolver";
1919
public static final String OFFLINE = "offline";
2020

21-
public static int runScaResolver(String pathToScaResolver, ArrayList<String> mandatoryList , String scaResolverAddParams, String pathToResultJSONFile, Logger log, ScaConfig scaConfig, ScaProperties scaProperties,String custom)
21+
public static int runScaResolver(String pathToScaResolver, ArrayList<String> mandatoryList, ArrayList<String> exploitableList, String scaResolverAddParams, String pathToResultJSONFile, Logger log, ScaConfig scaConfig, ScaProperties scaProperties,String custom)
2222
throws CxHTTPClientException {
2323
int exitCode = -100;
2424
String[] scaResolverCommand;
2525

2626
ArrayList<String> arguments = new ArrayList<>(mandatoryList);
27+
arguments.addAll(exploitableList);
2728

2829
Matcher m1 = Pattern.compile("([^\"]\\S*|\".+?\")\\s*").matcher(scaResolverAddParams);
2930
while (m1.find())
@@ -70,7 +71,7 @@ public static int runScaResolver(String pathToScaResolver, ArrayList<String> man
7071
}
7172
}
7273
}
73-
//Overridng sca properties project name params
74+
//Overriding sca properties project name params
7475
if(scaProperties.getScaResolverOverrideProjectName()!=null)
7576
{
7677
for(int i=0;i<arguments.size();i++)
@@ -144,7 +145,7 @@ public static int runScaResolver(String pathToScaResolver, ArrayList<String> man
144145
exitCode = process.waitFor();
145146

146147
} catch (IOException | InterruptedException e) {
147-
log.error("Failed to execute next command : " + scaResolverCommand, e.getMessage(), e.getStackTrace());
148+
log.error("Failed to execute next command : " + Arrays.toString(scaResolverCommand), e.getMessage(), e.getStackTrace());
148149
Thread.currentThread().interrupt();
149150
if (Thread.interrupted()) {
150151
throw new CxHTTPClientException(e);

src/main/java/com/checkmarx/sdk/utils/scanner/client/ScaClientHelper.java

Lines changed: 41 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -98,11 +98,11 @@ public class ScaClientHelper extends ScanClientHelper implements IScanClientHelp
9898
private static final String ENGINE_TYPE_FOR_API = "sca";
9999

100100
private static final String TENANT_HEADER_NAME = "Account-Name";
101-
private static final String CX_USER_NAME ="--cxuser ";
102-
private static final String CX_SERVER ="--cxserver ";
103-
private static final String CX_PASSWORD = "--cxpassword ";
104-
private static final String CX_PROJECT_NAME = "--cxprojectname ";
105-
private static final String CX_SAST_RESULT_PATH ="--sast-result-path ";
101+
private static final String CX_USER_NAME ="--cxuser";
102+
private static final String CX_SERVER ="--cxserver";
103+
private static final String CX_PASSWORD = "--cxpassword";
104+
private static final String CX_PROJECT_NAME = "--cxprojectname";
105+
private static final String CX_SAST_RESULT_PATH ="--sast-result-path";
106106

107107

108108
public static final String CX_REPORT_LOCATION = File.separator + "Checkmarx" + File.separator + "Reports";
@@ -401,27 +401,27 @@ private HttpResponse submitScaResolverEvidenceFile(ScaConfig scaConfig) throws I
401401
String projectName = config.getProjectName();
402402
String FolderName = uniqueFolderName();
403403
String resultPath = cxRepoFileHelper.getGitClonePath()+File.separator+ FolderName ;
404-
String additionalParameters = manageParameters(scaProperties.getScaResolverAddParameters(),projectName,resultPath );
404+
String additionalParameters = convertMapToString(scaProperties.getScaResolverAddParameters());
405405
String sastResultPath ="";
406406
ArrayList<File> resultToZip = new ArrayList<>();
407-
407+
ArrayList<String> exploitablePath = createExploitableList(scaProperties.getScaResolverAddParameters(),projectName,resultPath);
408408
//file creation
409-
resultPath=resultPath+ File.separator + SCA_RESOLVER_RESULT_FILE_NAME;
410-
File resultFilePath = new File(resultPath);
409+
String scaResultPath=resultPath+ File.separator + SCA_RESOLVER_RESULT_FILE_NAME;
410+
File resultFilePath = new File(scaResultPath);
411411
File sastResultFile = null;
412412
log.info("Executing SCA Resolver flow.");
413413
log.info("Path to Sca Resolver: {}", scaProperties.getPathToScaResolver());
414-
//log.info("Sca Resolver Additional Parameters: {}", additionalParameters);
415414
File zipFile =null;
416-
int exitCode = ScaResolverUtils.runScaResolver(scaProperties.getPathToScaResolver(),createMandatoryList(sourceDir,projectName,resultPath),additionalParameters,resultPath,log,scaConfig,scaProperties,customParameters);
415+
int exitCode = ScaResolverUtils.runScaResolver(scaProperties.getPathToScaResolver(),createMandatoryList(sourceDir,projectName,scaResultPath),exploitablePath,additionalParameters,scaResultPath,log,scaConfig,scaProperties,customParameters);
417416
try {
418417
if (exitCode == 0) {
419418
log.info("***************SCA resolution completed successfully.******************");
420419
resultToZip.add(resultFilePath);
421420
//check if sast-result-path is present, if exists add to zip.
422-
if(additionalParameters.contains("--sast-result-path"))
421+
if(exploitablePath.contains(CX_SAST_RESULT_PATH))
423422
{
424-
sastResultPath = getSastResultFilePathFromAdditionalParams(additionalParameters);
423+
int index = exploitablePath.indexOf(CX_SAST_RESULT_PATH);
424+
sastResultPath = exploitablePath.get(index+1);
425425
sastResultFile = new File(sastResultPath);
426426
resultToZip.add(sastResultFile);
427427
}
@@ -479,39 +479,36 @@ private ArrayList<String> createMandatoryList(String sourceDir, String projectNa
479479
return mandatoryList;
480480
}
481481

482-
private String manageParameters(Map<String,String> additionalParametersMap,String projectName,String path)
483-
{
484-
String newAdditionalParameters="";
485-
String convertedAddParams = convertMapToString(additionalParametersMap);
486-
String cxUser = CX_USER_NAME.concat(cxProperties.getUsername());
487-
String cxServer = CX_SERVER.concat(cxProperties.getBaseUrl());
488-
String cxPassword = CX_PASSWORD.concat(cxProperties.getPassword());
489-
String cxProjectName = CX_PROJECT_NAME.concat(projectName);
490-
String temp = convertedAddParams;
491-
String exploitableParams = temp.concat(cxServer).concat(" ").concat(cxUser).concat(" ").concat(" ")
492-
.concat(cxPassword).concat(" ").concat(cxProjectName).concat(" ");
493-
if(scaProperties.isEnableExploitablePath() && !convertedAddParams.contains("--sast-result-path")) {
494-
String finalPath = path + File.separator +SAST_RESOLVER_RESULT_FILE_NAME;
495-
String resultPath = CX_SAST_RESULT_PATH.concat(finalPath);
496-
convertedAddParams = exploitableParams.concat(resultPath).concat(" ");
497-
}
498-
else if(scaProperties.isEnableExploitablePath() && convertedAddParams.contains("--sast-result-path"))
499-
{
500-
convertedAddParams = exploitableParams;
501-
String sastResultPath =getSastResultFilePathFromAdditionalParams(convertedAddParams);
502-
File sastResultFile = new File(sastResultPath);
503-
if(sastResultFile.isDirectory())
504-
{
505-
sastResultPath = sastResultPath + File.separator + uniqueFolderName()+ File.separator + SAST_RESOLVER_RESULT_FILE_NAME;
506-
}
507-
else {
508-
String parentName = sastResultFile.getParent();
509-
sastResultPath = parentName + File.separator + uniqueFolderName()+ File.separator + SAST_RESOLVER_RESULT_FILE_NAME;
482+
private ArrayList<String> createExploitableList(Map<String,String> additionalParametersMap,String projectName,String path){
483+
ArrayList<String> exploitableList = new ArrayList<>();
484+
String convertedParams = convertMapToString(additionalParametersMap);
485+
if(scaProperties.isEnableExploitablePath()){
486+
exploitableList.add(CX_SERVER);
487+
exploitableList.add(cxProperties.getBaseUrl());
488+
exploitableList.add(CX_USER_NAME);
489+
exploitableList.add(cxProperties.getUsername());
490+
exploitableList.add(CX_PASSWORD);
491+
exploitableList.add(cxProperties.getPassword());
492+
exploitableList.add(CX_PROJECT_NAME);
493+
exploitableList.add(projectName);
494+
exploitableList.add(CX_SAST_RESULT_PATH);
495+
if(convertedParams.contains(CX_SAST_RESULT_PATH)){
496+
String sastResultPath =getSastResultFilePathFromAdditionalParams(convertedParams);
497+
File sastResultFile = new File(sastResultPath);
498+
if(sastResultFile.isDirectory())
499+
{
500+
exploitableList.add(sastResultPath + File.separator + uniqueFolderName()+ File.separator + SAST_RESOLVER_RESULT_FILE_NAME);
501+
}
502+
else {
503+
String parentName = sastResultFile.getParent();
504+
exploitableList.add(parentName + File.separator + uniqueFolderName()+ File.separator + SAST_RESOLVER_RESULT_FILE_NAME);
505+
}
506+
}else{
507+
String finalPath = path + File.separator +SAST_RESOLVER_RESULT_FILE_NAME;
508+
exploitableList.add(finalPath);
510509
}
511-
newAdditionalParameters = setSastResultFilePathFromAdditionalParams(convertedAddParams,sastResultPath);
512-
return newAdditionalParameters;
513510
}
514-
return convertedAddParams;
511+
return exploitableList;
515512
}
516513

517514
private String convertMapToString(Map<String,String> addParams)

0 commit comments

Comments
 (0)