Skip to content

Commit

Permalink
sca endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
siewer committed Jun 13, 2024
1 parent d0893e3 commit a13f86e
Show file tree
Hide file tree
Showing 5 changed files with 59 additions and 4 deletions.
13 changes: 13 additions & 0 deletions src/main/java/io/mixeway/api/cicd/controller/CICDController.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import io.mixeway.api.cicd.model.GitleaksReport;
import io.mixeway.api.cicd.model.LoadSCA;
import io.mixeway.api.cicd.model.ProjectMetadata;
import io.mixeway.api.cicd.service.CICDService;
import io.mixeway.api.cioperations.model.LoadVulnModel;
import io.mixeway.api.cioperations.model.ZapReportModel;
Expand Down Expand Up @@ -127,4 +128,16 @@ public ResponseEntity<?> loadGitleaksReport(@RequestBody GitleaksReport gitleaks
Principal principal) throws UnknownHostException {
return cicdService.loadGitleaksReport(gitleaksReport, codeProjectid, principal);
}

/**
* Validate State of security for given CodeProject and Branch
*/
@CrossOrigin(origins="*")
@PreAuthorize("hasAuthority('ROLE_API')")
@PostMapping(value = "/asset/{id}/sca",produces = "application/json")
public ResponseEntity<?> loadScaVulns(@RequestBody ProjectMetadata projectMetadata,
@PathVariable("id") long codeProjectid,
Principal principal) throws IOException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
return cicdService.loadScaVulns(projectMetadata, codeProjectid, principal);
}
}
12 changes: 12 additions & 0 deletions src/main/java/io/mixeway/api/cicd/service/CICDService.java
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import io.mixeway.api.cicd.model.GitleaksReport;
import io.mixeway.api.cicd.model.LoadSCA;
import io.mixeway.api.cicd.model.ProjectMetadata;
import io.mixeway.api.cioperations.model.ZapReportModel;
import io.mixeway.api.protocol.OpenSourceConfig;
import io.mixeway.api.protocol.cioperations.GetInfoRequest;
Expand Down Expand Up @@ -228,4 +229,15 @@ public ResponseEntity<?> loadGitleaksReport(GitleaksReport gitleaksReport, long
return new ResponseEntity<>(HttpStatus.BAD_REQUEST);

}

public ResponseEntity<?> loadScaVulns(ProjectMetadata projectMetadata, long codeProjectid, Principal principal) throws UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
Optional<CodeProject> codeProject = findCodeProjectService.findById(codeProjectid);
if (codeProject.isPresent() && permissionFactory.canUserAccessProject(principal, codeProject.get().getProject())){
log.info("[CICD] Received info about SCA scan for {} [{}]", codeProject.get().getName(), codeProject.get().getRepoUrl());
openSourceScanService.loadVulnerabilities(codeProject.get(), projectMetadata, principal);
} else {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
*/
package io.mixeway.domain.service.cioperations;

import io.mixeway.api.cicd.model.ProjectMetadata;
import io.mixeway.api.cioperations.model.CIVulnManageResponse;
import io.mixeway.api.cioperations.service.CiOperationsService;
import io.mixeway.config.Constants;
Expand All @@ -30,6 +31,7 @@ public class UpdateCiOperationsService {
private final SecurityQualityGateway securityQualityGateway;
private final CiOperationsRepository ciOperationsRepository;
private final VulnTemplate vulnTemplate;
private final GetOrCreateCiOperationsService getOrCreateCiOperationsService;


@Transactional
Expand All @@ -44,6 +46,12 @@ public void updateCiOperationsForOpenSource(CodeProject codeProject){
}
}
@Transactional
public void updateCiOperationsForOpenSource(CodeProject codeProject, ProjectMetadata projectMetadata){
SecurityGatewayEntry gateway = securityQualityGateway.buildGatewayResponse(vulnTemplate.projectVulnerabilityRepository.findByCodeProject(codeProject));
Optional<CiOperations> ciOperations = ciOperationsRepository.findByCodeProjectAndCommitId(codeProject, projectMetadata.getCommitId());
CiOperations operations = getOrCreateCiOperationsService.create(projectMetadata,codeProject);
}
@Transactional
public void updateCiOperationsForSAST(CodeProject codeProject){
SecurityGatewayEntry gateway = securityQualityGateway.buildGatewayResponse(vulnTemplate.projectVulnerabilityRepository.findByCodeProject(codeProject));
Optional<CiOperations> ciOperations = ciOperationsRepository.findByCodeProjectAndCommitId(codeProject,codeProject.getCommitid());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate;

Expand Down Expand Up @@ -437,8 +438,11 @@ private boolean createScan(Scanner scanner, CodeProject codeProject) throws Cert
log.info("[Checkmarx] Successfull Created and started scan for {}", codeProject.getName());
return true;
}
} catch (HttpClientErrorException e){
} catch (HttpClientErrorException | HttpServerErrorException e){
log.error("[Checkmarx] Error creating scan - {}", e.getStatusCode());
codeProject.setRunning(false);
codeProjectRepository.save(codeProject);

} catch (ResourceAccessException e) {
log.error("[Checkmarx] Error creating the scan - checkmarx not avaliable");
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
package io.mixeway.scanmanager.service.opensource;

import io.mixeway.api.cicd.model.ProjectMetadata;
import io.mixeway.api.protocol.OpenSourceConfig;
import io.mixeway.config.Constants;
import io.mixeway.db.entity.*;
import io.mixeway.domain.service.cioperations.UpdateCiOperationsService;
import io.mixeway.domain.service.opensource.CreateOpenSourceConfigService;
import io.mixeway.domain.service.project.FindProjectService;
import io.mixeway.domain.service.projectvulnerability.DeleteProjectVulnerabilityService;
import io.mixeway.domain.service.projectvulnerability.GetProjectVulnerabilitiesService;
import io.mixeway.domain.service.scan.CreateScanService;
import io.mixeway.domain.service.scanmanager.code.GetOrCreateCodeProjectBranchService;
import io.mixeway.domain.service.scanner.GetScannerService;
import io.mixeway.domain.service.softwarepackage.GetOrCreateSoftwarePacketService;
Expand Down Expand Up @@ -47,6 +50,7 @@ public class OpenSourceScanService {
private final GetProjectVulnerabilitiesService getProjectVulnerabilitiesService;
private final GetOrCreateSoftwarePacketService getOrCreateSoftwarePacketService;
private final GetOrCreateCodeProjectBranchService getOrCreateCodeProjectBranchService;
private final CreateScanService createScanService;

/**
* Method witch get information about configured OpenSource scanner which is proper for particular project
Expand Down Expand Up @@ -78,8 +82,17 @@ public ResponseEntity<OpenSourceConfig> getOpenSourceScannerConfiguration(Long i
* @param codeProjectToVerify CodeProject to load opensource vulnerabilities
*/
@Transactional()
public void loadVulnerabilities(CodeProject codeProjectToVerify) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException {
CodeProjectBranch codeProjectBranch = getOrCreateCodeProjectBranchService.getOrCreateCodeProjectBranch(codeProjectToVerify, codeProjectToVerify.getBranch());
public void loadVulnerabilities(CodeProject codeProjectToVerify, ProjectMetadata projectMetadata, Principal principal) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException {
CodeProjectBranch codeProjectBranch;
if (projectMetadata != null){
codeProjectBranch = getOrCreateCodeProjectBranchService
.getOrCreateCodeProjectBranch(
codeProjectToVerify,
projectMetadata.getBranch()
);
} else {
codeProjectBranch = getOrCreateCodeProjectBranchService.getOrCreateCodeProjectBranch(codeProjectToVerify, codeProjectToVerify.getBranch());
}
for (OpenSourceScanClient openSourceScanClient : openSourceScanClients){
if (openSourceScanClient.canProcessRequest(codeProjectToVerify)){
List<ProjectVulnerability> oldVulns = getProjectVulnerabilitiesService.getOldVulnsForCodeProjectAndSourceForBranch(codeProjectToVerify,vulnTemplate.SOURCE_OPENSOURCE, codeProjectBranch );
Expand All @@ -89,7 +102,12 @@ public void loadVulnerabilities(CodeProject codeProjectToVerify) throws Certific
vulnTemplate.projectVulnerabilityRepository.updateVulnStateForBranch(vulnsToUpdate,
vulnTemplate.STATUS_REMOVED.getId(), codeProjectBranch.getId());
openSourceScanClient.loadVulnerabilities(codeProjectToVerify, codeProjectBranch);
updateCiOperations.updateCiOperationsForOpenSource(codeProjectToVerify);
if (projectMetadata != null ){
updateCiOperations.updateCiOperationsForOpenSource(codeProjectToVerify, projectMetadata);
createScanService.createCodeScan(codeProjectToVerify, codeProjectBranch.getName(), projectMetadata.getCommitId(), Constants.SCA_LABEL,principal);
} else {
updateCiOperations.updateCiOperationsForOpenSource(codeProjectToVerify);
}
//vulnTemplate.projectVulnerabilityRepository.deleteByStatusAndCodeProjectAndVulnerabilitySourceAndCodeProjectBranch(vulnTemplate.STATUS_REMOVED, codeProjectToVerify, vulnTemplate.SOURCE_OPENSOURCE, codeProjectBranch);
break;
}
Expand Down

0 comments on commit a13f86e

Please sign in to comment.