Critical Severity (#254)

* SCA Critical Severity

* SCA Threshold Exceed

* critical Severity

* client common version

src/main/java/com/cx/restclient/ast/AstSastClient.java

@@ -463,7 +463,10 @@ private static void setFindingCountsPerSeverity(List<SeverityCounter> nativeCoun
             Severity parsedSeverity = EnumUtils.getEnum(Severity.class, counter.getSeverity());
             int value = counter.getCounter();
             if (parsedSeverity != null) {
-                if (parsedSeverity == Severity.HIGH) {
+            	if (parsedSeverity == Severity.CRITICAL) {
+                    target.setCriticalVulnerabilityCount(value);
+                }
+            	else if (parsedSeverity == Severity.HIGH) {
                     target.setHighVulnerabilityCount(value);
                 } else if (parsedSeverity == Severity.MEDIUM) {
                     target.setMediumVulnerabilityCount(value);

src/main/java/com/cx/restclient/ast/AstScaClient.java

@@ -1223,6 +1223,7 @@ private void printSummary(AstScaSummaryResults summary, String scanId) {
             log.info("----CxSCA risk report summary----");
             log.info("Created on: {}", summary.getCreatedOn());
             log.info("Direct packages: {}", summary.getDirectPackages());
+            log.info("Critical vulnerabilities: {}", summary.getCriticalVulnerabilityCount());
             log.info("High vulnerabilities: {}", summary.getHighVulnerabilityCount());
             log.info("Medium vulnerabilities: {}", summary.getMediumVulnerabilityCount());
             log.info("Low vulnerabilities: {}", summary.getLowVulnerabilityCount());

src/main/java/com/cx/restclient/ast/dto/common/SummaryResults.java

@@ -6,6 +6,7 @@
 @Getter
 @Setter
 public class SummaryResults {
+	private int criticalVulnerabilityCount = 0;
     private int highVulnerabilityCount = 0;
     private int mediumVulnerabilityCount = 0;
     private int lowVulnerabilityCount = 0;

src/main/java/com/cx/restclient/ast/dto/sca/AstScaResults.java

@@ -170,7 +170,7 @@ public void calculateVulnerableAndOutdatedPackages() {
         int sum;
         if (this.packages != null) {
             for (Package pckg : this.packages) {
-                sum = pckg.getHighVulnerabilityCount() + pckg.getMediumVulnerabilityCount() + pckg.getLowVulnerabilityCount();
+                sum = pckg.getCriticalVulnerabilityCount() + pckg.getHighVulnerabilityCount() + pckg.getMediumVulnerabilityCount() + pckg.getLowVulnerabilityCount();
                 if (sum == 0) {
                     this.nonVulnerableLibraries++;
                 } else if (sum > 0 && pckg.isOutdated()) {

src/main/java/com/cx/restclient/ast/dto/sca/report/AstScaSummaryResults.java

@@ -9,26 +9,28 @@ public class AstScaSummaryResults implements Serializable {
     private String createdOn;
     private double riskScore;
     private int totalOutdatedPackages;
+    private int criticalVulnerabilityCount = 0;
     private int highVulnerabilityCount = 0;
     private int mediumVulnerabilityCount = 0;
     private int lowVulnerabilityCount = 0;
 
     public AstScaSummaryResults() {
     }
 
-    public AstScaSummaryResults(int totalPackages, int directPackages, String createdOn, double riskScore, int totalOutdatedPackages, int highVulnerabilityCount, int mediumVulnerabilityCount, int lowVulnerabilityCount) {
+    public AstScaSummaryResults(int totalPackages, int directPackages, String createdOn, double riskScore, int totalOutdatedPackages, int criticalVulnerabilityCount, int highVulnerabilityCount, int mediumVulnerabilityCount, int lowVulnerabilityCount) {
         this.totalPackages = totalPackages;
         this.directPackages = directPackages;
         this.createdOn = createdOn;
         this.riskScore = riskScore;
         this.totalOutdatedPackages = totalOutdatedPackages;
+        this.criticalVulnerabilityCount = criticalVulnerabilityCount;
         this.highVulnerabilityCount = highVulnerabilityCount;
         this.mediumVulnerabilityCount = mediumVulnerabilityCount;
         this.lowVulnerabilityCount = lowVulnerabilityCount;
     }
 
     public int getTotalOkLibraries() {
-        int totalOk = (totalPackages - (highVulnerabilityCount + mediumVulnerabilityCount + lowVulnerabilityCount));
+        int totalOk = (totalPackages - (criticalVulnerabilityCount +highVulnerabilityCount + mediumVulnerabilityCount + lowVulnerabilityCount));
         totalOk = Math.max(totalOk, 0);
         return totalOk;
     }
@@ -72,6 +74,14 @@ public int getTotalOutdatedPackages() {
     public void setTotalOutdatedPackages(int totalOutdatedPackages) {
         this.totalOutdatedPackages = totalOutdatedPackages;
     }
+
+    public int getCriticalVulnerabilityCount() {
+        return criticalVulnerabilityCount;
+    }
+
+    public void setCriticalVulnerabilityCount(int criticalVulnerabilityCount) {
+        this.criticalVulnerabilityCount = criticalVulnerabilityCount;
+    }
 
     public int getHighVulnerabilityCount() {
         return highVulnerabilityCount;

src/main/java/com/cx/restclient/ast/dto/sca/report/Package.java

@@ -23,6 +23,7 @@ public class Package implements Serializable {
      */
     private String matchType;
 
+    private int criticalVulnerabilityCount;
     private int highVulnerabilityCount;
     private int mediumVulnerabilityCount;
     private int lowVulnerabilityCount;

src/main/java/com/cx/restclient/ast/dto/sca/report/PackageSeverity.java

@@ -8,5 +8,6 @@ public enum PackageSeverity {
 
     LOW,
     MEDIUM,
-    HIGH
+    HIGH,
+    CRITICAL
 }

src/main/java/com/cx/restclient/common/summary/DependencyScanResult.java

@@ -17,6 +17,7 @@
 public class DependencyScanResult extends Results implements Serializable {
     private ScannerType scannerType;
     private boolean resultReady;
+    private int criticalVulnerability;
     private int highVulnerability;
     private int mediumVulnerability;
     private int lowVulnerability;
@@ -25,6 +26,7 @@ public class DependencyScanResult extends Results implements Serializable {
     private int nonVulnerableLibraries;
     private String scanStartTime;
     private String scanEndTime;
+    private List<CVEReportTableRow> dependencyCriticalCVEReportTable = new ArrayList<>();
     private List<CVEReportTableRow> dependencyHighCVEReportTable = new ArrayList<>();
     private List<CVEReportTableRow> dependencyMediumCVEReportTable = new ArrayList<>();
     private List<CVEReportTableRow> dependencyLowCVEReportTable = new ArrayList<>();
@@ -35,6 +37,7 @@ public class DependencyScanResult extends Results implements Serializable {
     DependencyScanResult(AstScaResults scaResults){
         scaResults.calculateVulnerableAndOutdatedPackages();
         this.scannerType = ScannerType.AST_SCA;
+        this.criticalVulnerability = scaResults.getSummary().getCriticalVulnerabilityCount();
         this.highVulnerability = scaResults.getSummary().getHighVulnerabilityCount();
         this.mediumVulnerability = scaResults.getSummary().getMediumVulnerabilityCount();
         this.lowVulnerability = scaResults.getSummary().getLowVulnerabilityCount();
@@ -51,6 +54,7 @@ public class DependencyScanResult extends Results implements Serializable {
 
     DependencyScanResult(OSAResults osaResults){
         this.scannerType = ScannerType.OSA;
+        this.criticalVulnerability = osaResults.getResults().getTotalCriticalVulnerabilities();
         this.highVulnerability = osaResults.getResults().getTotalHighVulnerabilities();
         this.mediumVulnerability = osaResults.getResults().getTotalMediumVulnerabilities();
         this.lowVulnerability = osaResults.getResults().getTotalLowVulnerabilities();
@@ -60,11 +64,11 @@ public class DependencyScanResult extends Results implements Serializable {
         this.nonVulnerableLibraries = osaResults.getResults().getNonVulnerableLibraries();
         this.scanStartTime =osaResults.getScanStartTime();
         this.scanEndTime = osaResults.getScanEndTime();
-        this.setDependencyCVEReportTableOsa(osaResults.getOsaLowCVEReportTable(),osaResults.getOsaMediumCVEReportTable(),osaResults.getOsaHighCVEReportTable());
+        this.setDependencyCVEReportTableOsa(osaResults.getOsaLowCVEReportTable(),osaResults.getOsaMediumCVEReportTable(),osaResults.getOsaHighCVEReportTable(),osaResults.getOsaCriticalCVEReportTable());
         this.setTotalLibraries(osaResults.getResults().getTotalLibraries());
     }
 
-    public void setDependencyCVEReportTableOsa(List<CVEReportTableRow> osaCVEResultsLow,List<CVEReportTableRow> osaCVEResultsMedium,List<CVEReportTableRow> osaCVEResultsHigh){
+    public void setDependencyCVEReportTableOsa(List<CVEReportTableRow> osaCVEResultsLow,List<CVEReportTableRow> osaCVEResultsMedium,List<CVEReportTableRow> osaCVEResultsHigh, List<CVEReportTableRow> osaCVEResultsCritical){
         CVEReportTableRow row;
         for(CVEReportTableRow lowCVE :osaCVEResultsLow ){
             row = lowCVE;
@@ -78,6 +82,10 @@ public void setDependencyCVEReportTableOsa(List<CVEReportTableRow> osaCVEResults
             row = highCVE;
             this.dependencyHighCVEReportTable.add(row);
         }
+        for(CVEReportTableRow criticalCVE :osaCVEResultsCritical ){
+            row = criticalCVE;
+            this.dependencyCriticalCVEReportTable.add(row);
+        }
     }
 
     public void setDependencyCVEReportTableSCA(List<Finding> scaFindings){
@@ -90,6 +98,8 @@ public void setDependencyCVEReportTableSCA(List<Finding> scaFindings){
                 this.dependencyMediumCVEReportTable.add(row);
             }else if(scaFinding.getSeverity() == Severity.HIGH){
                 this.dependencyHighCVEReportTable.add(row);
+            }else if(scaFinding.getSeverity() == Severity.CRITICAL){
+                this.dependencyCriticalCVEReportTable.add(row);
             }
         }
     }
@@ -109,6 +119,14 @@ public boolean isResultReady() {
     public void setResultReady(boolean resultReady) {
         this.resultReady = resultReady;
     }
+
+    public int getCriticalVulnerability() {
+        return criticalVulnerability;
+    }
+
+    public void setCriticalVulnerability(int criticalVulnerability) {
+        this.criticalVulnerability = criticalVulnerability;
+    }
 
     public int getHighVulnerability() {
         return highVulnerability;
@@ -173,6 +191,14 @@ public String getScanEndTime() {
     public void setScanEndTime(String scanEndTime) {
         this.scanEndTime = scanEndTime;
     }
+
+    public List<CVEReportTableRow> getDependencyCriticalCVEReportTable() {
+        return dependencyCriticalCVEReportTable;
+    }
+
+    public void setDependencyCriticalCVEReportTable(List<CVEReportTableRow> dependencyCriticalCVEReportTable) {
+        this.dependencyCriticalCVEReportTable = dependencyCriticalCVEReportTable;
+    }
 
     public List<CVEReportTableRow> getDependencyHighCVEReportTable() {
         return dependencyHighCVEReportTable;

src/main/java/com/cx/restclient/common/summary/SummaryUtils.java

@@ -169,17 +169,20 @@ else if(config.isOsaEnabled())
                 }
 
                 //calculate dependency results bars:
+                int dependencyCritical = dependencyScanResult.getCriticalVulnerability();
                 int dependencyHigh = dependencyScanResult.getHighVulnerability();
                 int dependencyMedium = dependencyScanResult.getMediumVulnerability();
                 int dependencyLow = dependencyScanResult.getLowVulnerability();
                 float dependencyMaxCount = Math.max(dependencyHigh, Math.max(dependencyMedium, dependencyLow));
                 float dependencyBarNorm = dependencyMaxCount * 10f / 9f;
 
 
+                float dependencyCriticalTotalHeight = (float) dependencyCritical / dependencyBarNorm * 238f;
                 float dependencyHighTotalHeight = (float) dependencyHigh / dependencyBarNorm * 238f;
                 float dependencyMediumTotalHeight = (float) dependencyMedium / dependencyBarNorm * 238f;
                 float dependencyLowTotalHeight = (float) dependencyLow / dependencyBarNorm * 238f;
 
+                templateData.put("dependencyCriticalTotalHeight", dependencyCriticalTotalHeight);
                 templateData.put("dependencyHighTotalHeight", dependencyHighTotalHeight);
                 templateData.put("dependencyMediumTotalHeight", dependencyMediumTotalHeight);
                 templateData.put("dependencyLowTotalHeight", dependencyLowTotalHeight);

src/main/java/com/cx/restclient/configuration/CxScanConfig.java

@@ -65,7 +65,8 @@ public void setShowCriticalLabel(boolean showCriticalLabel) {
     private Boolean isIncremental = false;
     private Boolean isSynchronous = false;
     private Boolean sastThresholdsEnabled = false;
-    private Integer sastCriticalThreshold;
+    private Boolean sastEnableCriticalSeverity = false;
+	private Integer sastCriticalThreshold;
     private Integer sastHighThreshold;
     private Integer sastMediumThreshold;
     private Integer sastLowThreshold;
@@ -102,6 +103,7 @@ public void setprojectCustomFields(String projectCustomFields) {
     private Boolean osaRunInstall = false;
     private Boolean osaThresholdsEnabled = false;
     private Boolean osaFailOnError = false;
+    private Integer osaCriticalThreshold;
     private Integer osaHighThreshold;
     private Integer osaMediumThreshold;
     private Integer osaLowThreshold;
@@ -498,6 +500,15 @@ public Boolean getSynchronous() {
     public void setSynchronous(Boolean synchronous) {
         this.isSynchronous = synchronous;
     }
+
+    public Boolean getSastEnableCriticalSeverity() {
+		return sastEnableCriticalSeverity;
+	}
+
+	public void setSastEnableCriticalSeverity(Boolean sastEnableCriticalSeverity) {
+		this.sastEnableCriticalSeverity = sastEnableCriticalSeverity;
+	}
+
 
     public Boolean getSastThresholdsEnabled() {
         return sastThresholdsEnabled;
@@ -626,6 +637,14 @@ public Boolean isOsaFailOnError() {
     public void setOsaFailOnError(Boolean osaFailOnError) {
         this.osaFailOnError = osaFailOnError;
     }
+
+    public Integer getOsaCriticalThreshold() {
+        return osaCriticalThreshold;
+    }
+
+    public void setOsaCriticalThreshold(Integer osaCriticalThreshold) {
+        this.osaCriticalThreshold = osaCriticalThreshold;
+    }
 
     public Integer getOsaHighThreshold() {
         return osaHighThreshold;
@@ -672,7 +691,7 @@ public boolean isSASTThresholdEffectivelyEnabled() {
     public boolean isOSAThresholdEffectivelyEnabled() {
         return (isOsaEnabled() || isAstScaEnabled()) &&
                 getOsaThresholdsEnabled() &&
-                (getOsaHighThreshold() != null || getOsaMediumThreshold() != null || getOsaLowThreshold() != null);
+                (getOsaCriticalThreshold() != null ||getOsaHighThreshold() != null || getOsaMediumThreshold() != null || getOsaLowThreshold() != null);
     }
 
     public void setOsaDependenciesJson(String osaDependenciesJson) {

src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java

@@ -101,6 +101,7 @@ private void addDependencyScanThresholdErrors(CxScanConfig config, OSAResults os
         if (config.isOSAThresholdEffectivelyEnabled() && (scaResults != null || osaResults != null)) {
 
             ErrorSource errorSource = osaResults != null ? ErrorSource.OSA : ErrorSource.SCA;
+            int totalCritical = 0;
             int totalHigh = 0;
             int totalMedium = 0;
             int totalLow = 0;
@@ -110,6 +111,7 @@ private void addDependencyScanThresholdErrors(CxScanConfig config, OSAResults os
                 AstScaSummaryResults summary = scaResults.getSummary();
                 if (summary != null) {
                     hasSummary = true;
+                    totalCritical = summary.getCriticalVulnerabilityCount();
                     totalHigh = summary.getHighVulnerabilityCount();
                     totalMedium = summary.getMediumVulnerabilityCount();
                     totalLow = summary.getLowVulnerabilityCount();
@@ -118,13 +120,15 @@ private void addDependencyScanThresholdErrors(CxScanConfig config, OSAResults os
                 OSASummaryResults summary = osaResults.getResults();
                 if (summary != null) {
                     hasSummary = true;
+                    totalCritical = summary.getTotalCriticalVulnerabilities();
                     totalHigh = summary.getTotalHighVulnerabilities();
                     totalMedium = summary.getTotalMediumVulnerabilities();
                     totalLow = summary.getTotalLowVulnerabilities();
                 }
             }
 
             if (hasSummary) {
+            	checkForThresholdError(totalCritical, config.getOsaCriticalThreshold(), errorSource, Severity.CRITICAL);
                 checkForThresholdError(totalHigh, config.getOsaHighThreshold(), errorSource, Severity.HIGH);
                 checkForThresholdError(totalMedium, config.getOsaMediumThreshold(), errorSource, Severity.MEDIUM);
                 checkForThresholdError(totalLow, config.getOsaLowThreshold(), errorSource, Severity.LOW);

src/main/java/com/cx/restclient/osa/dto/Library.java

@@ -11,6 +11,8 @@ public class Library implements Serializable {
     private String id;//:"36b32b00-9ee6-4e2f-85c9-3f03f26519a9",
     private String name;//:"lib-name",
     private String version;//:"lib-version",
+    @JsonProperty("criticalUniqueVulnerabilityCount")
+    private int criticalVulnerabilityCount;//:1,
     @JsonProperty("highUniqueVulnerabilityCount")
     private int highVulnerabilityCount;//:1,
     @JsonProperty("mediumUniqueVulnerabilityCount")
@@ -46,6 +48,14 @@ public String getVersion() {
     public void setVersion(String version) {
         this.version = version;
     }
+
+    public int getCriticalVulnerabilityCount() {
+        return this.criticalVulnerabilityCount;
+    }
+
+    public void setCriticalVulnerabilityCount(int criticalVulnerabilityCount) {
+        this.criticalVulnerabilityCount = criticalVulnerabilityCount;
+    }
 
     public int getHighVulnerabilityCount() {
         return this.highVulnerabilityCount;

src/main/java/com/cx/restclient/osa/dto/OSAResults.java

@@ -25,6 +25,7 @@ public class OSAResults extends Results implements Serializable {
     private OSAScanStatus osaScanStatus;
     private String osaProjectSummaryLink;
     private boolean osaResultsReady = false;
+    private List<CVEReportTableRow> osaCriticalCVEReportTable = new ArrayList<CVEReportTableRow>();
     private List<CVEReportTableRow> osaHighCVEReportTable = new ArrayList<CVEReportTableRow>();
     private List<CVEReportTableRow> osaMediumCVEReportTable = new ArrayList<CVEReportTableRow>();
     private List<CVEReportTableRow> osaLowCVEReportTable = new ArrayList<CVEReportTableRow>();
@@ -111,6 +112,10 @@ public String getOsaScanId() {
     public void setOsaScanId(String osaScanId) {
         this.osaScanId = osaScanId;
     }
+
+    public List<CVEReportTableRow> getOsaCriticalCVEReportTable() {
+        return osaCriticalCVEReportTable;
+    }
 
     public List<CVEReportTableRow> getOsaHighCVEReportTable() {
         return osaHighCVEReportTable;
@@ -148,7 +153,10 @@ private void setOsaCVEReportTable(List<CVE> osaVulnerabilities, List<Library> os
         }
 
         for (CVEReportTableRow row : cveMap.values()) {
-            if ("High".equals(row.getSeverity())) {
+        	if ("Critical".equals(row.getSeverity())) {
+                osaCriticalCVEReportTable.add(row);
+            }
+        	else if ("High".equals(row.getSeverity())) {
                 osaHighCVEReportTable.add(row);
             } else if ("Medium".equals(row.getSeverity())) {
                 osaMediumCVEReportTable.add(row);
@@ -163,6 +171,10 @@ public void setDates(OSAScanStatus status) {
         this.scanStartTime = formatDate(status.getStartAnalyzeTime(), "yyyy-MM-dd'T'HH:mm:ss.SSSSSSS", "dd/MM/yy HH:mm");
         this.scanEndTime = formatDate(status.getEndAnalyzeTime(), "yyyy-MM-dd'T'HH:mm:ss.SSSSSSS", "dd/MM/yy HH:mm");
     }
+
+    public void setOsaCriticalCVEReportTable(List<CVEReportTableRow> osaCriticalCVEReportTable) {
+        this.osaCriticalCVEReportTable = osaCriticalCVEReportTable;
+    }
 
     public void setOsaHighCVEReportTable(List<CVEReportTableRow> osaHighCVEReportTable) {
         this.osaHighCVEReportTable = osaHighCVEReportTable;