Cli2024 q3 integration branch (#262)

* SAST9.7 Warning message and PLUG1906 * Code changes related to Plug1931 and SCA related issue * Removed unwanted logs * Set Default Timeout * Plug 1906 Final Changes * Update CxHttpClient.java * Changed warning log for copybranchtimeoutinseconds * removed OSA chnages * updated report.ftl * updated OSA code * updated log message --------- Co-authored-by: susmitagorai29 <[email protected]> Co-authored-by: ThokalSameer <[email protected]> Co-authored-by: susmitagorai29 <[email protected]>
checkmarx-ltd · Jul 22, 2024 · d52ba76 · d52ba76
1 parent fd11048
commit d52ba76
Show file tree

Hide file tree

Showing 15 changed files with 221 additions and 48 deletions.
diff --git a/src/main/java/com/cx/restclient/ast/AstScaClient.java b/src/main/java/com/cx/restclient/ast/AstScaClient.java
@@ -938,7 +938,6 @@ private String getRiskManagementProjectId(String projectName) throws IOException
         String result = Optional.ofNullable(project)
                 .map(Project::getId)
                 .orElse(null);
-
         String message = (result == null ? "Project not found" : String.format("Project ID: %s", result));
         log.info(message);
 
@@ -1029,14 +1028,12 @@ private String createRiskManagementProject(String name, String assignedTeam, Str
         }
 
         StringEntity entity = HttpClientHelper.convertToStringEntity(request);
-
         Project newProject = httpClient.postRequest(PROJECTS,
                 ContentType.CONTENT_TYPE_APPLICATION_JSON,
                 entity,
                 Project.class,
                 HttpStatus.SC_CREATED,
                 "create a project");
-
         return newProject.getId();
     }
 

diff --git a/src/main/java/com/cx/restclient/common/summary/DependencyScanResult.java b/src/main/java/com/cx/restclient/common/summary/DependencyScanResult.java
@@ -54,7 +54,6 @@ public class DependencyScanResult extends Results implements Serializable {
 
     DependencyScanResult(OSAResults osaResults){
         this.scannerType = ScannerType.OSA;
-        this.criticalVulnerability = osaResults.getResults().getTotalCriticalVulnerabilities();
         this.highVulnerability = osaResults.getResults().getTotalHighVulnerabilities();
         this.mediumVulnerability = osaResults.getResults().getTotalMediumVulnerabilities();
         this.lowVulnerability = osaResults.getResults().getTotalLowVulnerabilities();

diff --git a/src/main/java/com/cx/restclient/configuration/CxScanConfig.java b/src/main/java/com/cx/restclient/configuration/CxScanConfig.java
@@ -103,7 +103,6 @@ public void setprojectCustomFields(String projectCustomFields) {
     private Boolean osaRunInstall = false;
     private Boolean osaThresholdsEnabled = false;
     private Boolean osaFailOnError = false;
-    private Integer osaCriticalThreshold;
     private Integer osaHighThreshold;
     private Integer osaMediumThreshold;
     private Integer osaLowThreshold;
@@ -171,6 +170,8 @@ public void setOverrideRetentionRate(boolean overrideRetentionRate) {
     private Boolean enableSastBranching = false;
 
     private String masterBranchProjName;
+
+    private Integer copyBranchTimeOutInSeconds;
 
     public CxScanConfig() {
     }
@@ -637,14 +638,6 @@ public Boolean isOsaFailOnError() {
     public void setOsaFailOnError(Boolean osaFailOnError) {
         this.osaFailOnError = osaFailOnError;
     }
-
-    public Integer getOsaCriticalThreshold() {
-        return osaCriticalThreshold;
-    }
-
-    public void setOsaCriticalThreshold(Integer osaCriticalThreshold) {
-        this.osaCriticalThreshold = osaCriticalThreshold;
-    }
 
     public Integer getOsaHighThreshold() {
         return osaHighThreshold;
@@ -691,7 +684,7 @@ public boolean isSASTThresholdEffectivelyEnabled() {
     public boolean isOSAThresholdEffectivelyEnabled() {
         return (isOsaEnabled() || isAstScaEnabled()) &&
                 getOsaThresholdsEnabled() &&
-                (getOsaCriticalThreshold() != null ||getOsaHighThreshold() != null || getOsaMediumThreshold() != null || getOsaLowThreshold() != null);
+                (getOsaHighThreshold() != null || getOsaMediumThreshold() != null || getOsaLowThreshold() != null);
     }
 
     public void setOsaDependenciesJson(String osaDependenciesJson) {
@@ -1076,5 +1069,12 @@ public void setScaReportFormat(String scaReportFormat) {
 		this.scaReportFormat = scaReportFormat;
 	}
 
+    public Integer getcopyBranchTimeOutInSeconds() {
+        return copyBranchTimeOutInSeconds;
+    }
+
+    public void setcopyBranchTimeOutInSeconds(Integer copyBranchTimeOutInSeconds) {
+        this.copyBranchTimeOutInSeconds = copyBranchTimeOutInSeconds;
+    }
 
 }
diff --git a/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java b/src/main/java/com/cx/restclient/dto/scansummary/ScanSummary.java
@@ -120,15 +120,13 @@ private void addDependencyScanThresholdErrors(CxScanConfig config, OSAResults os
                 OSASummaryResults summary = osaResults.getResults();
                 if (summary != null) {
                     hasSummary = true;
-                    totalCritical = summary.getTotalCriticalVulnerabilities();
                     totalHigh = summary.getTotalHighVulnerabilities();
                     totalMedium = summary.getTotalMediumVulnerabilities();
                     totalLow = summary.getTotalLowVulnerabilities();
                 }
             }
 
             if (hasSummary) {
-            	checkForThresholdError(totalCritical, config.getOsaCriticalThreshold(), errorSource, Severity.CRITICAL);
                 checkForThresholdError(totalHigh, config.getOsaHighThreshold(), errorSource, Severity.HIGH);
                 checkForThresholdError(totalMedium, config.getOsaMediumThreshold(), errorSource, Severity.MEDIUM);
                 checkForThresholdError(totalLow, config.getOsaLowThreshold(), errorSource, Severity.LOW);

diff --git a/src/main/java/com/cx/restclient/dto/scansummary/Severity.java b/src/main/java/com/cx/restclient/dto/scansummary/Severity.java
@@ -4,5 +4,6 @@ public enum Severity {
     LOW,
     MEDIUM,
     HIGH,
-    CRITICAL
+    CRITICAL,
+    NONE
 }
diff --git a/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java b/src/main/java/com/cx/restclient/httpClient/CxHttpClient.java
@@ -26,6 +26,7 @@
 import org.apache.http.client.methods.*;
 import org.apache.http.client.params.AuthPolicy;
 import org.apache.http.client.utils.HttpClientUtils;
+import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.config.Registry;
 import org.apache.http.config.RegistryBuilder;
 import org.apache.http.conn.routing.HttpRoute;
@@ -595,7 +596,7 @@ public <T> T getRequest(String relPath, String contentType, Class<T> responseTyp
     }
 
     public <T> T getRequest(String rootURL, String relPath, String acceptHeader, String contentType, Class<T> responseType, int expectStatus, String failedMsg, boolean isCollection) throws IOException {
-        HttpGet get = new HttpGet(rootURL + relPath);
+    	HttpGet get = new HttpGet(rootURL + relPath);
         get.addHeader(HttpHeaders.ACCEPT, acceptHeader);
         return request(get, contentType, null, responseType, expectStatus, "get " + failedMsg, isCollection, true);
     }
@@ -642,9 +643,9 @@ private <T> T request(HttpRequestBase httpMethod, String contentType, HttpEntity
             URI tmpUri = httpMethod.getURI();
             String host = StringUtils.isNotEmpty(tmpUri.getAuthority()) ? tmpUri.getAuthority() : tmpUri.getHost();
             host = IDN.toASCII(host, IDN.ALLOW_UNASSIGNED);
-            try {
-                URI uri = new URI(tmpUri.getScheme(), tmpUri.getUserInfo(), host, tmpUri.getPort(), tmpUri.getPath(),
-                        tmpUri.getQuery(), tmpUri.getFragment());
+            try {               
+                URIBuilder uriBuilder = new URIBuilder(tmpUri).setHost(host);
+                URI uri = uriBuilder.build();
                 httpMethod.setURI(uri);
             } catch (URISyntaxException e) {
                 log.error("Fail to convert URI: " + httpMethod.getURI().toString());
@@ -656,6 +657,7 @@ private <T> T request(HttpRequestBase httpMethod, String contentType, HttpEntity
         if (entity != null && httpMethod instanceof HttpEntityEnclosingRequestBase) { //Entity for Post methods
             ((HttpEntityEnclosingRequestBase) httpMethod).setEntity(entity);
         }
+
         HttpResponse response = null;
         int statusCode = 0;
 
@@ -669,8 +671,7 @@ private <T> T request(HttpRequestBase httpMethod, String contentType, HttpEntity
 
             for (Map.Entry<String, String> entry : customHeaders.entrySet()) {
                 httpMethod.addHeader(entry.getKey(), entry.getValue());
-            }
-
+            }            
             response = apacheClient.execute(httpMethod);
             statusCode = response.getStatusLine().getStatusCode();
 

diff --git a/src/main/java/com/cx/restclient/httpClient/utils/ContentType.java b/src/main/java/com/cx/restclient/httpClient/utils/ContentType.java
@@ -7,6 +7,7 @@ public class ContentType {
     public static final String CONTENT_TYPE_APPLICATION_JSON = "application/json";
     public static final String CONTENT_TYPE_API_VERSION_1_2 = "application/json;v=1.2";
     public static final String CONTENT_TYPE_API_VERSION_1_1 = "application/json;v=1.1";
+    public static final String CONTENT_TYPE_APPLICATION_JSON_V4 = "application/json;v=4.0";
     public static final String CONTENT_TYPE_APPLICATION_JSON_V21 = "application/json;v=2.1";
     public static final String CONTENT_TYPE_APPLICATION_JSON_V2 = "application/json;v=2.0";
     public static final String CONTENT_TYPE_APPLICATION_JSON_V1 = "application/json;v=1.0";

diff --git a/src/main/java/com/cx/restclient/osa/dto/OSASummaryResults.java b/src/main/java/com/cx/restclient/osa/dto/OSASummaryResults.java
@@ -12,15 +12,13 @@
 public class OSASummaryResults implements Serializable {
 
     private int totalLibraries;
-    private int criticalVulnerabilityLibraries;
     private int highVulnerabilityLibraries;
     private int mediumVulnerabilityLibraries;
     private int lowVulnerabilityLibraries;
     private int nonVulnerableLibraries;
     private int vulnerableAndUpdated;
     private int vulnerableAndOutdated;
     private String vulnerabilityScore;
-    private int totalCriticalVulnerabilities;
     private int totalHighVulnerabilities;
     private int totalMediumVulnerabilities;
     private int totalLowVulnerabilities;
@@ -32,14 +30,6 @@ public int getTotalLibraries() {
     public void setTotalLibraries(int totalLibraries) {
         this.totalLibraries = totalLibraries;
     }
-
-    public int getCriticalVulnerabilityLibraries() {
-        return criticalVulnerabilityLibraries;
-    }
-
-    public void setCriticalVulnerabilityLibraries(int criticalVulnerabilityLibraries) {
-        this.criticalVulnerabilityLibraries = criticalVulnerabilityLibraries;
-    }
 
     public int getHighVulnerabilityLibraries() {
         return highVulnerabilityLibraries;
@@ -96,14 +86,6 @@ public String getVulnerabilityScore() {
     public void setVulnerabilityScore(String vulnerabilityScore) {
         this.vulnerabilityScore = vulnerabilityScore;
     }
-
-    public int getTotalCriticalVulnerabilities() {
-        return totalCriticalVulnerabilities;
-    }
-
-    public void setTotalCriticalVulnerabilities(int totalCriticalVulnerabilities) {
-        this.totalCriticalVulnerabilities = totalCriticalVulnerabilities;
-    }
 
     public int getTotalHighVulnerabilities() {
         return totalHighVulnerabilities;

diff --git a/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java b/src/main/java/com/cx/restclient/osa/utils/OSAUtils.java
@@ -135,7 +135,6 @@ public static void printOSAResultsToConsole(OSAResults osaResults, boolean enabl
         log.info("------------------------");
         log.info("Vulnerabilities Summary:");
         log.info("------------------------");
-        log.info("OSA critical severity results: " + osaSummaryResults.getTotalCriticalVulnerabilities());
         log.info("OSA high severity results: " + osaSummaryResults.getTotalHighVulnerabilities());
         log.info("OSA medium severity results: " + osaSummaryResults.getTotalMediumVulnerabilities());
         log.info("OSA low severity results: " + osaSummaryResults.getTotalLowVulnerabilities());

diff --git a/src/main/java/com/cx/restclient/sast/dto/CreateBranchStatus.java b/src/main/java/com/cx/restclient/sast/dto/CreateBranchStatus.java
@@ -0,0 +1,91 @@
+package com.cx.restclient.sast.dto;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class CreateBranchStatus {
+
+    private long id;
+    private long originalProjectId;
+    private String originalProjectName;
+    private long branchedOnScanId;
+    private long branchedProjectId;
+    private String timestamp;
+    private String comment;
+    private Status status;
+    private String errorMessage;
+    public CreateBranchStatus(long id, long originalProjectId, String originalProjectName, long branchedOnScanId,
+			long branchedProjectId, String timestamp, String comment, Status status, String errorMessage) {
+		this.id = id;
+		this.originalProjectId = originalProjectId;
+		this.originalProjectName = originalProjectName;
+		this.branchedOnScanId = branchedOnScanId;
+		this.branchedProjectId = branchedProjectId;
+		this.timestamp = timestamp;
+		this.comment = comment;
+		this.status = status;
+		this.errorMessage = errorMessage;
+	}
+
+    public CreateBranchStatus() {
+    }
+
+	public long getId() {
+        return id;
+    }
+    public void setId(long id) {
+        this.id = id;
+    }
+    public long getOriginalProjectId() {
+        return originalProjectId;
+    }
+    public void setOriginalProjectId(Integer originalProjectId) {
+        this.originalProjectId = originalProjectId;
+    }
+    public String getOriginalProjectName() {
+        return originalProjectName;
+    }
+    public void setOriginalProjectName(String originalProjectName) {
+        this.originalProjectName = originalProjectName;
+    }
+    public long getBranchedOnScanId() {
+        return branchedOnScanId;
+    }
+    public void setBranchedOnScanId(long branchedOnScanId) {
+        this.branchedOnScanId = branchedOnScanId;
+    }
+    public long getBranchedProjectId() {
+        return branchedProjectId;
+    }
+    public void setBranchedProjectId(long branchedProjectId) {
+        this.branchedProjectId = branchedProjectId;
+    }
+    public String getTimestamp() {
+        return timestamp;
+    }
+    public void setTimestamp(String timestamp) {
+        this.timestamp = timestamp;
+    }
+    public String getComment() {
+        return comment;
+    }
+    public void setComment(String comment) {
+        this.comment = comment;
+    }
+    public Status getStatus() {
+        return status;
+    }
+    public void setStatus(Status status) {
+        this.status = status;
+    }
+    public String getErrorMessage() {
+        return errorMessage;
+    }
+    public void setErrorMessage(String errorMessage) {
+        this.errorMessage = errorMessage;
+    }
+
+}
diff --git a/src/main/java/com/cx/restclient/sast/dto/Status.java b/src/main/java/com/cx/restclient/sast/dto/Status.java
@@ -0,0 +1,23 @@
+package com.cx.restclient.sast.dto;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class Status {
+
+    private long id;
+    private String value;
+
+    public long getId() {
+        return id;
+    }
+    public void setId(long id) {
+        this.id = id;
+    }
+    public String getValue() {
+        return value;
+    }
+    public void setValue(String value) {
+        this.value = value;
+    }
+}