Merge pull request #127 from bridgecrewio/BCE-38714-Analytics-and-ver…

…sion-fixes BCE-38714 - Analytics and version fixes
bridgecrewio · Sep 18, 2024 · fc611d3 · fc611d3
2 parents ae5aac4 + a445072
commit fc611d3
Show file tree

Hide file tree

Showing 24 changed files with 368 additions and 355 deletions.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -12,7 +12,6 @@ fun properties(key: String): String = project.findProperty(key).toString()
 plugins {
     id("java") // Java support
     alias(libs.plugins.kotlin) // Kotlin support
-//    alias(libs.plugins.kotlinSerialization) // Kotlin serialization support
     alias(libs.plugins.intelliJPlatform) // IntelliJ Platform Gradle Plugin
     alias(libs.plugins.changelog) // Gradle Changelog Plugin
     alias(libs.plugins.qodana) // Gradle Qodana Plugin
@@ -35,22 +34,19 @@ repositories {
 }
 
 dependencies {
-    implementation("com.beust:klaxon:5.6")
-    implementation("com.google.code.gson:gson:2.10.1")
-    implementation("org.json:json:20231013")
-    implementation("commons-io:commons-io:2.11.0")
-    implementation("io.github.java-diff-utils:java-diff-utils:4.12")
-    implementation("org.slf4j:slf4j-api:2.0.16")
-    implementation("ch.qos.logback:logback-classic:1.5.6")
-    implementation(libs.springWeb)
-//    implementation(libs.kotlinxSerializationJson)
     implementation(libs.jackson)
+    implementation(libs.springWeb)
+    implementation("org.json:json:20231013") // TODO: Remove when possible
+    implementation(libs.commons)
+    implementation(libs.slf4j)
+    implementation(libs.logback)
+    implementation(libs.diffUtils)
     compileOnly(libs.lombok)
     annotationProcessor(libs.lombok)
     testImplementation(libs.junit)
     testImplementation(libs.jupiterApi)
-    testRuntimeOnly("org.junit.jupiter:junit-jupiter:5.8.1")
-    testRuntimeOnly("org.junit.platform:junit-platform-launcher:1.9.0")
+    testRuntimeOnly(libs.jupiter)
+    testRuntimeOnly(libs.junitPlatform)
 
     // IntelliJ Platform Gradle Plugin Dependencies Extension - read more: https://plugins.jetbrains.com/docs/intellij/tools-intellij-platform-gradle-plugin-dependencies-extension.html
     intellijPlatform {

diff --git a/gradle.properties b/gradle.properties
@@ -2,7 +2,7 @@
 # -> https://plugins.jetbrains.com/docs/intellij/intellij-artifacts.html
 
 pluginGroup = com.github.bridgecrewio.prismajetbrainsidea
-pluginName = prismacloud-jetbrains-idea
+pluginName = Prisma Cloud
 pluginVersion=1.0.22
 # Plugin Verifier integration -> https://github.com/JetBrains/gradle-intellij-plugin#plugin-verifier-dsl
 # See https://jb.gg/intellij-platform-builds-list for available build versions

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -1,12 +1,16 @@
 [versions]
 
 # libraries
+jackson = "2.17.2"
 lombok = "1.18.34"
-junit = "4.13.2"
-jupiterApi = "5.8.1"
 springWeb = "6.1.12"
-jackson = "2.17.2"
-# kotlinxSerializationJson = "1.7.2"
+commons-io = "2.16.1"
+slf4j = "2.0.16"
+logback = "1.5.6"
+diffUtils = "4.12"
+junit = "4.13.2"
+jupiter = "5.8.1"
+junitPlatform = "1.9.0"
 
 # plugins
 changelog = "2.2.1"
@@ -17,16 +21,20 @@ qodana = "0.1.13"
 
 [libraries]
 jackson = { group = "com.fasterxml.jackson.module", name = "jackson-module-kotlin", version.ref = "jackson"}
-# kotlinxSerializationJson = { group = "org.jetbrains.kotlinx", name = "kotlinx-serialization-json", version.ref = "kotlinxSerializationJson"}
 lombok = { group = "org.projectlombok", name = "lombok", version.ref = "lombok" }
-junit = { group = "junit", name = "junit", version.ref = "junit" }
-jupiterApi = { group = "org.junit.jupiter", name = "junit-jupiter-api", version.ref = "jupiterApi" }
 springWeb = { group = "org.springframework", name = "spring-web", version.ref = "springWeb" }
+commons = { group = "commons-io", name = "commons-io", version.ref = "commons-io" }
+slf4j = { group = "org.slf4j", name = "slf4j-api", version.ref = "slf4j" }
+logback = { group = "ch.qos.logback", name = "logback-classic", version.ref = "logback" }
+diffUtils = { group = "io.github.java-diff-utils", name = "java-diff-utils", version.ref = "diffUtils" }
+junit = { group = "junit", name = "junit", version.ref = "junit" }
+jupiterApi = { group = "org.junit.jupiter", name = "junit-jupiter-api", version.ref = "jupiter" }
+jupiter = { group = "org.junit.jupiter", name = "junit-jupiter", version.ref = "jupiter" }
+junitPlatform = { group = "org.junit.platform", name = "junit-platform-launcher", version.ref = "junitPlatform" }
 
 [plugins]
 changelog = { id = "org.jetbrains.changelog", version.ref = "changelog" }
 intelliJPlatform = { id = "org.jetbrains.intellij.platform", version.ref = "intelliJPlatform" }
 kotlin = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" }
-# kotlinSerialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" }
 kover = { id = "org.jetbrains.kotlinx.kover", version.ref = "kover" }
 qodana = { id = "org.jetbrains.qodana", version.ref = "qodana" }
diff --git a/src/main/java/com/bridgecrew/log/LoggerService.java b/src/main/java/com/bridgecrew/log/LoggerService.java
@@ -1,10 +1,14 @@
 package com.bridgecrew.log;
 
 import ch.qos.logback.classic.LoggerContext;
+import ch.qos.logback.classic.joran.JoranConfigurator;
 import ch.qos.logback.core.Appender;
 import ch.qos.logback.core.FileAppender;
+import ch.qos.logback.core.joran.spi.JoranException;
+import com.intellij.openapi.application.PathManager;
 import com.intellij.openapi.components.Service;
 import org.slf4j.LoggerFactory;
+import java.net.URL;
 
 @Service
 public final class LoggerService {
@@ -18,4 +22,22 @@ public String getLogFilePath() {
         }
         return null;
     }
+
+    public void initializeLogger() {
+        System.setProperty("prisma.log", PathManager.getLogPath());
+        LoggerContext context = (LoggerContext) LoggerFactory.getILoggerFactory();
+        context.reset();
+        try {
+            JoranConfigurator configurator = new JoranConfigurator();
+            configurator.setContext(context);
+            URL configURL = getClass().getClassLoader().getResource("logback.xml");
+            if (configURL != null) {
+                configurator.doConfigure(configURL);
+            } else {
+                System.err.println("Logback configuration file not found");
+            }
+        } catch (JoranException je) {
+            System.err.println("Failed to initialize logback: " + je.getMessage());
+        }
+    }
 }
diff --git a/src/main/kotlin/com/bridgecrew/CheckovResult.kt b/src/main/kotlin/com/bridgecrew/CheckovResult.kt
@@ -1,72 +1,69 @@
 package com.bridgecrew
 
-import com.google.gson.Gson
-
-val gson = Gson()
-
 data class VulnerabilityDetails(
-        val id: String?,
-        val package_name: String?,
-        val package_version: String?,
-        val link: String?,
-        val description: String?,
-        val license: String?,
-        val cvss: Double?,
-        val lowest_fixed_version: String?,
-        val published_date: String?,
-        val vector: String?,
-        val risk_factors: Map<String, Any>,
-        val root_package_name: String?,
-        val root_package_version: String?,
-        val root_package_fix_version: String?,
-        val fix_command: FixCommand?
+    val id: String?,
+    val package_name: String?,
+    val package_version: String?,
+    val link: String?,
+    val description: String?,
+    val license: String?,
+    val cvss: Double?,
+    val lowest_fixed_version: String?,
+    val published_date: String?,
+    val vector: String?,
+    val risk_factors: Map<String, Any>?,
+    val root_package_name: String?,
+    val root_package_version: String?,
+    val root_package_fix_version: String?,
+    val fix_command: FixCommand?
 )
 
 data class FixCommand(
-        val msg: String?,
-        val cmds: ArrayList<String>,
-        val manualCodeFix: Boolean
+    val msg: String?,
+    val cmds: ArrayList<String>,
+    val manualCodeFix: Boolean
 )
 
 data class CheckovResult(
-        val check_id: String,
-        val bc_check_id: String = "",
-        val check_name: String,
-        val file_path: String,
-        val repo_file_path: String,
-        var file_abs_path: String,
-        val file_line_range: ArrayList<Int>,
-        val resource: String,
-        val severity: String,
-        val description: String,
-        val short_description: String,
-        val vulnerability_details: VulnerabilityDetails?,
-        val guideline: String = "\"No Guide\")",
-        val code_block: List<List<Any>>,
-        var check_type: String,
-        val fixed_definition: String = "",
-        val cwe: ArrayList<String>? = ArrayList(),
-        val owasp: ArrayList<String>? = ArrayList(),
-        val metadata: Metadata? = null
-)
+    val check_id: String,
+    val bc_check_id: String? = "",
+    val check_name: String,
+    val file_path: String,
+    val repo_file_path: String?,
+    var file_abs_path: String,
+    val file_line_range: ArrayList<Int>,
+    val resource: String,
+    val severity: String,
+    val description: String?,
+    val short_description: String?,
+    val vulnerability_details: VulnerabilityDetails?,
+    val guideline: String? = "\"No Guide\")",
+    val code_block: List<List<Any>>,
+    val fixed_definition: String? = "",
+    val cwe: ArrayList<String>? = ArrayList(),
+    val owasp: ArrayList<String>? = ArrayList(),
+    val metadata: Metadata? = null
+) {
+    lateinit var check_type: String
+}
 
 data class Metadata(
-        val code_locations: List<DataFlow>?,
-        val taint_mode: TaintMode?
+    val code_locations: List<DataFlow>?,
+    val taint_mode: TaintMode?
 )
 
 data class TaintMode(
-        val data_flow: List<DataFlow>?
+    val data_flow: List<DataFlow>?
 )
 
 data class DataFlow(
-        val path: String,
-        val start: CodePosition,
-        val end: CodePosition,
-        val code_block: String
+    val path: String,
+    val start: CodePosition,
+    val end: CodePosition,
+    val code_block: String
 )
 
 data class CodePosition(
-        val row: Int,
-        val column: Int
+    val row: Int,
+    val column: Int
 )
diff --git a/src/main/kotlin/com/bridgecrew/activities/PostStartupActivity.kt b/src/main/kotlin/com/bridgecrew/activities/PostStartupActivity.kt
@@ -5,8 +5,10 @@ import com.bridgecrew.initialization.InitializationService
 import com.bridgecrew.listeners.InitializationListener
 import com.bridgecrew.listeners.InitializationListener.Companion.INITIALIZATION_TOPIC
 import com.bridgecrew.listeners.PrismaVirtualFileListener
+import com.bridgecrew.log.LoggerService
 import com.bridgecrew.settings.PrismaSettingsState
 import com.bridgecrew.ui.CheckovToolWindowManagerPanel
+import com.bridgecrew.util.ApplicationServiceUtil
 import com.intellij.ide.plugins.IdeaPluginDescriptor
 import com.intellij.ide.plugins.PluginInstaller
 import com.intellij.ide.plugins.PluginManagerCore
@@ -24,6 +26,7 @@ class PostStartupActivity : ProjectActivity {
     private val logger = LoggerFactory.getLogger(javaClass)
 
     override suspend fun execute(project: Project) {
+        ApplicationServiceUtil.getService(LoggerService::class.java).initializeLogger()
         val version = PluginManagerCore.getPlugin(PluginId.getId("com.github.bridgecrewio.prismacloud"))?.version
         logger.info("Starting Prisma Cloud JetBrains plugin version $version")
         project.messageBus.connect().subscribe(INITIALIZATION_TOPIC, object : InitializationListener {

diff --git a/src/main/kotlin/com/bridgecrew/api/PrismaApiClient.kt b/src/main/kotlin/com/bridgecrew/api/PrismaApiClient.kt
@@ -5,6 +5,7 @@ import com.bridgecrew.listeners.CheckovSettingsListener
 import com.bridgecrew.settings.DEFAULT_REPORTING_INTERVAL
 import com.bridgecrew.settings.PLUGIN_NAME
 import com.bridgecrew.settings.PrismaSettingsState
+import com.fasterxml.jackson.annotation.JsonInclude
 import com.fasterxml.jackson.databind.DeserializationFeature
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.fasterxml.jackson.module.kotlin.KotlinModule
@@ -33,6 +34,7 @@ data class PrismaConnectionDetails(
 val mapper = ObjectMapper().apply {
     registerModule(KotlinModule.Builder().build())
     configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
+    setSerializationInclusion(JsonInclude.Include.NON_NULL)
 }
 
 @Service
@@ -77,7 +79,7 @@ class PrismaApiClient {
     private inline fun <reified T> sendRequest(endpoint: String, method: HttpMethod, payload: Any?, login: Boolean = false): T? {
         try {
             if (connection == null) {
-                logger.warn("API call aborted because Prisma Cloud settings were not configured in the plugin settings")
+                logger.warn("API call '$endpoint' aborted because Prisma Cloud settings were not configured in the plugin settings")
                 return null
             }
             logger.info("Sending {} request '{}' to {}", method, endpoint, connection!!.url)

diff --git a/src/main/kotlin/com/bridgecrew/results/BaseCheckovResult.kt b/src/main/kotlin/com/bridgecrew/results/BaseCheckovResult.kt
@@ -40,20 +40,20 @@ enum class Severity {
 }
 
 open class BaseCheckovResult(
-        val category: Category,
-        val checkType: CheckType,
-        val filePath: String,
-        val resource: String,
-        val name: String,
-        val id: String,
-        val severity: Severity,
-        val description: String?,
-        val guideline: String?,
-        val absoluteFilePath: String,
-        val fileLineRange: List<Int>,
-        val fixDefinition: String?,
-        val codeBlock: List<List<Any>>,
-        var codeDiffFirstLine: Int = fileLineRange[0]
+    val category: Category,
+    val checkType: CheckType,
+    val filePath: String,
+    val resource: String,
+    val name: String,
+    val id: String,
+    val severity: Severity,
+    val description: String?,
+    val guideline: String?,
+    val absoluteFilePath: String,
+    val fileLineRange: List<Int>,
+    val fixDefinition: String?,
+    val codeBlock: List<List<Any>>,
+    var codeDiffFirstLine: Int = fileLineRange[0]
 ) {
     override fun equals(other: Any?): Boolean {
         if (this === other) return true

diff --git a/src/main/kotlin/com/bridgecrew/results/IacCheckovResult.kt b/src/main/kotlin/com/bridgecrew/results/IacCheckovResult.kt
@@ -1,31 +1,31 @@
 package com.bridgecrew.results
 
 class IacCheckovResult(
-        checkType: CheckType,
-        filePath: String,
-        resource: String,
-        name: String,
-        id: String,
-        severity: Severity,
-        description: String?,
-        guideline: String?,
-        absoluteFilePath: String,
-        fileLineRange: List<Int>,
-        fixDefinition: String?,
-        codeBlock: List<List<Any>>,
-        val checkName: String
-        ) :
-        BaseCheckovResult(
-                category = Category.IAC,
-                checkType,
-                filePath,
-                resource,
-                name,
-                id,
-                severity,
-                description,
-                guideline,
-                absoluteFilePath,
-                fileLineRange,
-                fixDefinition,
-                codeBlock)
+    checkType: CheckType,
+    filePath: String,
+    resource: String,
+    name: String,
+    id: String,
+    severity: Severity,
+    description: String?,
+    guideline: String?,
+    absoluteFilePath: String,
+    fileLineRange: List<Int>,
+    fixDefinition: String?,
+    codeBlock: List<List<Any>>,
+    val checkName: String
+) : BaseCheckovResult(
+    category = Category.IAC,
+    checkType,
+    filePath,
+    resource,
+    name,
+    id,
+    severity,
+    description,
+    guideline,
+    absoluteFilePath,
+    fileLineRange,
+    fixDefinition,
+    codeBlock
+)