December 23 integration (#239)

* 916plugjenkis

* changes from branch bug_1141

changes from branch bug_1141

* Support for Project Level Custom Fields (#236)

* Support for Project Level Custom Fields

* Updated OSA logs

* Updated logs for project level custom fields

* Project Level Custom Field

* Project Level-Custom Field

---------

Co-authored-by: Swati Awate <[email protected]>

* Plug1254 project level custom field (#238)

* Support for Project Level Custom Fields

* Updated OSA logs

* Updated logs for project level custom fields

* Project Level Custom Field

* Project Level-Custom Field

* Project level Custom Fields

---------

Co-authored-by: Swati Awate <[email protected]>

* Scan Level Custom tags

* Changes to fix issues in policy enforcement

* changes for vulnerability fixes

* Update java version

* reverting changes related to fsa upgrade

* Project Level Custom Field

* removed JAVA changes that previousl added

* Exceeded CxSAST Vulnerability Threshold

---------

Co-authored-by: Khant1000 <[email protected]>
Co-authored-by: PravinGadankush <[email protected]>
Co-authored-by: Swati Awate <[email protected]>
Co-authored-by: RahulPiddeCheckmarx <[email protected]>

pom.xml

@@ -28,7 +28,7 @@
         <javax.activation.version>1.2.0</javax.activation.version>
         <jaxb.api.version>2.3.0</jaxb.api.version>
         <lombok.version>1.18.6</lombok.version>
-        <cx.ws.fs.agent.version>23.0.2</cx.ws.fs.agent.version>
+        <cx.ws.fs.agent.version>23.0.5</cx.ws.fs.agent.version>
 
         <!--SonarCloud scan -->
         <sonar.projectKey>checkmarx-ltd_Cx-Client-Common</sonar.projectKey>
@@ -233,7 +233,7 @@
             <artifactId>jcommander</artifactId>
             <version>1.78</version>
         </dependency>
-        <!-- end of excluded dependencies -->
+        <!-- end of excluded dependencies -->        
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>

src/main/java/com/cx/restclient/CxClientDelegator.java

@@ -19,8 +19,7 @@
 import java.util.EnumMap;
 import java.util.Map;
 
-import static com.cx.restclient.common.CxPARAM.PROJECT_POLICY_COMPLIANT_STATUS;
-import static com.cx.restclient.common.CxPARAM.PROJECT_POLICY_VIOLATED_STATUS;
+import static com.cx.restclient.common.CxPARAM.*;
 import static com.cx.restclient.cxArm.utils.CxARMUtils.getPoliciesNames;
 
 /**
@@ -127,12 +126,11 @@ public ScanResults getLatestScanResults() {
     public void printIsProjectViolated(ScanResults scanResults) {
         if (config.getEnablePolicyViolations()) {
             log.info(PRINT_LINE);
-            log.info("Policy Management: ");
+            log.info("Policy Management: SAST and OSA ");
             log.info("--------------------");
 
             OSAResults osaResults = (OSAResults) scanResults.get(ScannerType.OSA);
             SASTResults sastResults = (SASTResults) scanResults.get(ScannerType.SAST);
-            AstScaResults scaResults = (AstScaResults) scanResults.get(ScannerType.AST_SCA);
 
             boolean hasOsaViolations =
                     osaResults != null &&
@@ -143,30 +141,44 @@ public void printIsProjectViolated(ScanResults scanResults) {
 
             if (sastResults != null && sastResults.getSastPolicies() != null && !sastResults.getSastPolicies().isEmpty()) {
                 hasSastPolicies = true;
-            }
-
-            boolean hasScaViolations = false;
-            if (scaResults != null && scaResults.getPolicyEvaluations() != null && !scaResults.getPolicyEvaluations().isEmpty()) {
-            	hasScaViolations = true;
             }            
 
-            if (!hasSastPolicies && !hasOsaViolations && !hasScaViolations) {
-                log.info(PROJECT_POLICY_COMPLIANT_STATUS);
+            if (!hasSastPolicies && !hasOsaViolations) {
+                log.info(PROJECT_POLICY_COMPLIANT_STATUS_SAST);
                 log.info(PRINT_LINE);
             } else {
-                log.info(PROJECT_POLICY_VIOLATED_STATUS);
+                log.info(PROJECT_POLICY_VIOLATED_STATUS_SAST);
                 if (hasSastPolicies) {
                     log.info("SAST violated policies names: {}", getPoliciesNames(sastResults.getSastPolicies()));
                 }
                 if (hasOsaViolations) {
                     log.info("OSA violated policies names: {}", getPoliciesNames(osaResults.getOsaPolicies()));
                 }
+                log.info(PRINT_LINE);
+            }
+        }
+        if (config.getEnablePolicyViolationsSCA()) {
+            log.info(PRINT_LINE);
+            log.info("Policy Management: SCA ");
+            log.info("--------------------");
+
+            AstScaResults scaResults = (AstScaResults) scanResults.get(ScannerType.AST_SCA);
+
+            boolean hasScaViolations = false;
+            if (scaResults != null && scaResults.getPolicyEvaluations() != null && !scaResults.getPolicyEvaluations().isEmpty()) {
+                hasScaViolations = true;
+            }
+
+            if (!hasScaViolations) {
+                log.info(PROJECT_POLICY_COMPLIANT_STATUS_SCA);
+                log.info(PRINT_LINE);
+            } else {
+                log.info(PROJECT_POLICY_VIOLATED_STATUS_SCA);
                 if (hasScaViolations) {
-                	log.info("SCA policies are violated.");
+                    log.info("SCA policies are violated.");
                 }
                 log.info(PRINT_LINE);
             }
-
         }
     }
 

src/main/java/com/cx/restclient/CxSASTClient.java

@@ -31,10 +31,6 @@
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import java.nio.charset.StandardCharsets;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
 import java.util.stream.Collectors;
 
 import org.apache.http.HttpEntity;
@@ -59,6 +55,7 @@
 import com.cx.restclient.dto.Status;
 import com.cx.restclient.exception.CxClientException;
 import com.cx.restclient.exception.CxHTTPClientException;
+import com.cx.restclient.osa.dto.CVE;
 import com.cx.restclient.sast.dto.*;
 import com.cx.restclient.sast.utils.LegacyClient;
 import com.cx.restclient.sast.utils.SASTUtils;
@@ -287,6 +284,9 @@ private void createSASTScan(long projectId) {
             } else {
                 scanId = createRemoteSourceScan(projectId);
             }
+            if(config.getProjectLevelCustomFields()!=null) {
+            	updateProjectCustomFields();
+            }
             sastResults.setSastLanguage(language);
             sastResults.setScanId(scanId);
             log.info("SAST scan created successfully: Scan ID is {}", scanId);
@@ -806,6 +806,74 @@ private boolean isScanWithSettingsSupported() {
         }
     }
 
+    public void updateProjectCustomFields() {
+ 	   try {
+ 	       log.info("Updating Project Custom Fields.");
+ 	       if (config != null) {
+ 	           String projectId = String.valueOf(this.projectId);
+ 	           String apiVersion = getContentTypeAndApiVersion(config, PROJECT_PATH);
+ 	           String apiVersionCustomField = getContentTypeAndApiVersion(config, CUSTOM_FIELD_PATH);
+ 	           String projectCustomFieldsString = config.getProjectLevelCustomFields();
+ 	           if (projectCustomFieldsString != null && !projectCustomFieldsString.isEmpty()) {
+ 	               List<ProjectLevelCustomFields> fetchSASTProjectCustomFields = (List<ProjectLevelCustomFields>) httpClient.getRequest(
+ 	                       CUSTOM_FIELD_PATH, apiVersionCustomField, ProjectLevelCustomFields.class, 200, SAST_SCAN, true
+ 	               );
+ 	               ArrayList<ProjectLevelCustomFields> custObj = new ArrayList<>();
+ 	               Map<String, String> projectCustomFieldMap = customFieldMap(projectCustomFieldsString);
+ 	               Project getProjectRequest = httpClient.getRequest(PROJECT_PATH + projectId, CONTENT_TYPE_APPLICATION_JSON_V2, Project.class, 200, SAST_SCAN, false);
+ 	               ProjectPutRequest projectPutRequest = new ProjectPutRequest();
+ 	               projectPutRequest.setName(getProjectRequest.getName());
+ 	               Integer team = Integer.parseInt(getProjectRequest.getTeamId());
+ 	               List<ProjectLevelCustomFields> tempCustomFields = getProjectRequest.getCustomFields();
+ 	               for (int i = 0; i < fetchSASTProjectCustomFields.size(); i++) {
+ 	                   if (projectCustomFieldMap.containsKey(fetchSASTProjectCustomFields.get(i).getName())) {
+ 	                       ProjectLevelCustomFields customProjectField = new ProjectLevelCustomFields(
+ 	                               fetchSASTProjectCustomFields.get(i).getId(),
+ 	                               projectCustomFieldMap.get(fetchSASTProjectCustomFields.get(i).getName()),
+                 		           fetchSASTProjectCustomFields.get(i).getName()
+ 	                       );
+ 	                       custObj.add(customProjectField);
+ 	                   }
+ 	               }
+					   List<ProjectLevelCustomFields> additionalCustomFields = new ArrayList<>();
+ 	                  for (ProjectLevelCustomFields existingCustomField : tempCustomFields) {
+ 	                      String existingCustomFieldName = existingCustomField.getName();
+ 	                      boolean isIdExists = projectCustomFieldMap.containsKey(existingCustomFieldName);
+ 	                      if (!isIdExists) {
+ 	                          additionalCustomFields.add(existingCustomField);
+ 	                      }
+ 	                  }
+ 	                  custObj.addAll(additionalCustomFields);
+ 	               projectPutRequest.setOwningTeam(team);
+ 	               if (!custObj.isEmpty()) {
+ 	                   projectPutRequest.setCustomFields(custObj);
+ 	                   String json = convertToJson(projectPutRequest);
+ 	                   StringEntity entity = new StringEntity(json);
+ 	                   try {
+ 	                       httpClient.putRequest(PROJECT_PATH + projectId, apiVersion, entity, null, 204, "define project level custom field");
+ 	                       log.info("Project Level-Custom Fields updated successfully.");
+ 	                   } catch (CxHTTPClientException e) {
+ 	                       log.error("Error updating Project Level-Custom Fields: {}", e.getMessage());
+ 	                   }
+ 	               } 
+ 	           }
+ 	       } 
+ 	   } catch (Exception ex) {
+ 	       throw new CxClientException("Failed to Update Project Level-Custom Fields: " + ex.getMessage());
+ 	   }
+ 	}
+
+    private Map<String,String> customFieldMap(String projectCustomField){
+        Map<String,String> customFieldMap = new HashMap<String,String>();
+        StringTokenizer tokenizer = new StringTokenizer(projectCustomField, ",");
+        log.info("Project custom field: {}",projectCustomField);
+        while (tokenizer.hasMoreTokens()) {
+            String token = tokenizer.nextToken();
+            String[] keyValue = token.split(":");
+            customFieldMap.put(keyValue[0], keyValue[1]);
+        }
+        return customFieldMap;
+    }
     private ScanWithSettingsResponse scanWithSettings(byte[] zipFile, long projectId, boolean isRemote) throws IOException {
         log.info("Uploading zip file");
         MultipartEntityBuilder builder = MultipartEntityBuilder.create();

src/main/java/com/cx/restclient/ast/AstClient.java

@@ -5,9 +5,7 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
-import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
+import java.util.*;
 
 import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -101,11 +99,11 @@ private void validate(CxScanConfig config, Logger log) {
 
     protected HttpResponse sendStartScanRequest(RemoteRepositoryInfo repoInfo,
                                                 SourceLocationType sourceLocation,
-                                                String projectId) throws IOException {
+                                                String projectId, String scanCustomTags) throws IOException {
         log.debug("Constructing the 'start scan' request");
 
         ScanStartHandler handler = getScanStartHandler(repoInfo);
-
+        Map<String,String> scanCustomMap = customFiledMap(scanCustomTags);
         ProjectToScan project = ProjectToScan.builder()
                 .id(projectId)
                 .type(sourceLocation.getApiValue())
@@ -117,6 +115,7 @@ protected HttpResponse sendStartScanRequest(RemoteRepositoryInfo repoInfo,
         StartScanRequest request = StartScanRequest.builder()
                 .project(project)
                 .config(apiScanConfig)
+                .tags(scanCustomMap)
                 .build();
 
         StringEntity entity = HttpClientHelper.convertToStringEntity(request);
@@ -125,15 +124,27 @@ protected HttpResponse sendStartScanRequest(RemoteRepositoryInfo repoInfo,
         return httpClient.postRequest(CREATE_SCAN, ContentType.CONTENT_TYPE_APPLICATION_JSON, entity,
                 HttpResponse.class, HttpStatus.SC_CREATED, "start the scan");
     }
-
-    protected HttpResponse submitSourcesFromRemoteRepo(ASTConfig config, String projectId) throws IOException {
+    private Map<String,String> customFiledMap(String scanCustomField){
+        Map<String,String> customFieldMap = new HashMap<String,String>();
+        if(!StringUtils.isEmpty(scanCustomField)) {
+            StringTokenizer tokenizer = new StringTokenizer(scanCustomField, ",");
+            log.info("scan custom Tags: {}", scanCustomField);
+            while (tokenizer.hasMoreTokens()) {
+                String token = tokenizer.nextToken();
+                String[] keyValue = token.split(":");
+                customFieldMap.put(keyValue[0], keyValue[1]);
+            }
+        }
+        return customFieldMap;
+    }
+    protected HttpResponse submitSourcesFromRemoteRepo(ASTConfig config, String projectId,String customTags) throws IOException {
         log.info("Using remote repository flow.");
         RemoteRepositoryInfo repoInfo = config.getRemoteRepositoryInfo();
         validateRepoInfo(repoInfo);
 
         URL sanitizedUrl = sanitize(repoInfo.getUrl());
         log.info("Repository URL: {}", sanitizedUrl);
-        return sendStartScanRequest(repoInfo, SourceLocationType.REMOTE_REPOSITORY, projectId);
+        return sendStartScanRequest(repoInfo, SourceLocationType.REMOTE_REPOSITORY, projectId,customTags);
     }
 
     protected void waitForScanToFinish(String scanId) {
@@ -249,7 +260,7 @@ protected void handleInitError(Exception e, Results results) {
         results.setException(new CxClientException(message, e));
     }
 
-    protected HttpResponse initiateScanForUpload(String projectId, byte[] zipFile, ASTConfig scanConfig) throws IOException {
+    protected HttpResponse initiateScanForUpload(String projectId, byte[] zipFile, ASTConfig scanConfig,String scanCustomTag) throws IOException {
         String uploadedArchiveUrl = getSourcesUploadUrl(scanConfig);
         String cleanPath = uploadedArchiveUrl.split("\\?")[0];
         log.info("Uploading to: {}", cleanPath);
@@ -262,7 +273,7 @@ protected HttpResponse initiateScanForUpload(String projectId, byte[] zipFile, A
         RemoteRepositoryInfo uploadedFileInfo = new RemoteRepositoryInfo();
         uploadedFileInfo.setUrl(new URL(uploadedArchiveUrl));
 
-        return sendStartScanRequest(uploadedFileInfo, SourceLocationType.LOCAL_DIRECTORY, projectId);
+        return sendStartScanRequest(uploadedFileInfo, SourceLocationType.LOCAL_DIRECTORY, projectId,scanCustomTag);
     }
 
     private String getSourcesUploadUrl(ASTConfig scanConfig) throws IOException {

src/main/java/com/cx/restclient/ast/AstSastClient.java

@@ -139,7 +139,7 @@ public Results initiateScan() {
             SourceLocationType locationType = astConfig.getSourceLocationType();
             HttpResponse response;
             if (locationType == SourceLocationType.REMOTE_REPOSITORY) {
-                response = submitSourcesFromRemoteRepo(astConfig, config.getProjectName());
+                response = submitSourcesFromRemoteRepo(astConfig, config.getProjectName(),config.getAstScaConfig().getScaScanCustomTags());
             } else {
 
                 response = submitAllSourcesFromLocalDir(config.getProjectName(), astConfig.getZipFilePath());
@@ -161,7 +161,7 @@ protected HttpResponse submitAllSourcesFromLocalDir(String projectId, String zip
         String sourceDir = config.getSourceDir();
         byte[] zipFile = CxZipUtils.getZippedSources(config, filter, sourceDir, log);
 
-        return initiateScanForUpload(projectId, zipFile, config.getAstSastConfig());
+        return initiateScanForUpload(projectId, zipFile, config.getAstSastConfig(),config.getAstScaConfig().getScaScanCustomTags());
     }
 
     @Override