Skip to content

Commit

Permalink
checkmarx api
Browse files Browse the repository at this point in the history
  • Loading branch information
@siewer
siewer committed Jul 3, 2024
1 parent f733b07 commit f22b403
Show file tree
Hide file tree
Showing 6 changed files with 107 additions and 0 deletions.
11 changes: 11 additions & 0 deletions src/main/java/io/mixeway/api/cicd/controller/CICDController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,4 +153,15 @@ public ResponseEntity<?> loadKicsReport(@RequestBody KicsReport kicsReport,
Principal principal) throws UnknownHostException {
return cicdService.loadKicsReport(kicsReport, codeProjectid, principal);
}
/**
* Validate State of security for given CodeProject and Branch
*/
@CrossOrigin(origins="*")
@PreAuthorize("hasAuthority('ROLE_API')")
@PostMapping(value = "/asset/{id}/checkmarx/start",produces = "application/json")
public ResponseEntity<?> startCheckmarxScan(@RequestBody ProjectMetadata projectMetadat,
@PathVariable("id") long codeProjectid,
Principal principal) throws UnknownHostException {
return cicdService.startCheckmarxScan(projectMetadat, codeProjectid, principal);
}
}
12 changes: 12 additions & 0 deletions src/main/java/io/mixeway/api/cicd/service/CICDService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,4 +256,16 @@ public ResponseEntity<?> loadKicsReport(KicsReport kicsReport, long codeProjecti
}
return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
}

public ResponseEntity<?> startCheckmarxScan(ProjectMetadata projectMetadat, long codeProjectid, Principal principal) {
Optional<CodeProject> codeProject = findCodeProjectService.findById(codeProjectid);
if (codeProject.isPresent() && permissionFactory.canUserAccessProject(principal, codeProject.get().getProject())){
CodeProjectBranch codeProjectBranch = getOrCreateCodeProjectBranchService.getOrCreateCodeProjectBranch(codeProject.get(), projectMetadat.getBranch());
log.info("[CICD] Starting SAST scan for {} [{}]", codeProject.get().getName(), codeProject.get().getRepoUrl());
codeScanService.runScan(codeProject.get(),codeProjectBranch, projectMetadat, principal);
} else {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
}
}
39 changes: 39 additions & 0 deletions ...main/java/io/mixeway/scanmanager/integrations/checkmarx/apiclient/CheckmarxApiClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,23 @@ public Boolean runScan(CodeProject codeProject) throws CertificateException, Unr
}
}

@Override
public Boolean runScan(CodeProject codeProject, CodeProjectBranch codeProjectBranch) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, JSONException, ParseException {
Optional<Scanner> cxSast = scannerRepository.findByScannerType(scannerTypeRepository.findByNameIgnoreCase(Constants.SCANNER_TYPE_CHECKMARX)).stream().findFirst();
boolean hasToCreateProject = codeProject.getVersionIdAll() == 0 && codeProject.getRemoteid() ==0;
if (cxSast.isPresent()){
if (hasToCreateProject){
createProject(cxSast.get(),codeProject);
}
setGitRepositoryForProject(cxSast.get(),codeProject, codeProjectBranch);

return createScan(cxSast.get(),codeProject);
} else {
log.error("[Checkmarx] Checkmarx detected but no scanener found");
return false;
}
}

/**
* condition has to be fixed
*/
Expand Down Expand Up @@ -226,6 +243,28 @@ private void setGitRepositoryForProject(Scanner scanner, CodeProject codeProject
log.error("[Checkmarx] Error setting GIT repo for project {} - {}",codeProject.getName(), e.getLocalizedMessage());
}
}
/**
* configure granch and git URL for
* @param scanner
* @param codeProject
*/
private void setGitRepositoryForProject(Scanner scanner, CodeProject codeProject, CodeProjectBranch codeProjectBranch) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, JSONException, KeyStoreException, ParseException, IOException {
CodeRequestHelper codeRequestHelper = prepareRestTemplate(scanner);
String passwordString = getPasswordStringForCodeProejct(codeProject);
HttpEntity<CxSetGitRepo> cxSetGitRepoHttpEntity = new HttpEntity<>(new CxSetGitRepo(codeProject, passwordString, codeProjectBranch), codeRequestHelper.getHttpEntity().getHeaders());
ObjectMapper mapper = new ObjectMapper();
log.debug("[Checkmarx] Setting git repo {}", mapper.writeValueAsString(cxSetGitRepoHttpEntity));
codeRequestHelper.setHttpEntity(cxSetGitRepoHttpEntity);
try {
int remoteId = (codeProject.getRemoteid() == 0) ? codeProject.getVersionIdAll() : (codeProject.getVersionIdAll() == 0) ? codeProject.getRemoteid() : codeProject.getVersionIdAll();
ResponseEntity<String> response = codeRequestHelper
.getRestTemplate()
.exchange(scanner.getApiUrl() + Constants.CX_GET_PROJECTS_API + "/" + remoteId + "/sourceCode/remoteSettings/git", HttpMethod.POST, codeRequestHelper.getHttpEntity(), String.class);
log.info("[Checkmarx] Setting GIT repo for {} result {}", codeProject.getName(), response.getStatusCode());
} catch (Exception e){
log.error("[Checkmarx] Error setting GIT repo for project {} - {}",codeProject.getName(), e.getLocalizedMessage());
}
}

/**
* get auth string for particular project:
Expand Down
9 changes: 9 additions & 0 deletions src/main/java/io/mixeway/scanmanager/integrations/checkmarx/model/CxSetGitRepo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
package io.mixeway.scanmanager.integrations.checkmarx.model;

import io.mixeway.db.entity.CodeProject;
import io.mixeway.db.entity.CodeProjectBranch;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
Expand Down Expand Up @@ -33,5 +34,13 @@ public CxSetGitRepo(CodeProject codeProject, String pass){
this.branch = "refs/heads/" + codeProject.getBranch();
}
}
public CxSetGitRepo(CodeProject codeProject, String pass, CodeProjectBranch codeProjectBranch){
if (pass != null){
this.url ="https://"+pass+"@"+codeProject.getRepoUrl().split("://")[1];
} else {
this.url = codeProject.getRepoUrl();
}
this.branch = "refs/heads/" + codeProjectBranch.getName();
}

}
1 change: 1 addition & 0 deletions src/main/java/io/mixeway/scanmanager/service/code/CodeScanClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
public interface CodeScanClient {
void loadVulnerabilities(Scanner scanner, String urlToGetNext, Boolean single, CodeProject codeProject, List<ProjectVulnerability> codeVulns, CodeProjectBranch codeProjectBranch) throws ParseException, JSONException, CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, URISyntaxException;
Boolean runScan(CodeProject codeProject) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, JSONException, ParseException;
Boolean runScan(CodeProject codeProject, CodeProjectBranch codeProjectBranch) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, JSONException, ParseException;
boolean isScanDone(CodeProject cp) throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, ParseException, JSONException;
boolean canProcessRequest(CodeProject cp);
boolean canProcessRequest(Scanner scanner);
Expand Down
35 changes: 35 additions & 0 deletions src/main/java/io/mixeway/scanmanager/service/code/CodeScanService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,41 @@ public void runFromQueue() {
}
}

/**
* Get the CodeProjects and CodeGroups with inQueue=true
* Verify if scan can be run and then runs it.
*/
@Transactional
public void runScan(CodeProject codeProject, CodeProjectBranch codeProjectBranch, ProjectMetadata projectMetadata, Principal principal) {
Optional<Scanner> codeScanner = getScannerService.getCodeScanners();
if (codeScanner.isPresent() && codeScanner.get().getStatus()) {
try {
if (operateOnCodeProject.canScanCodeProject(codeProject)) {
for (CodeScanClient codeScanClient : codeScanClients) {
if (codeScanClient.canProcessRequest(codeProject)) {
log.info("[CodeScan] Starting scan form CICD [scope {}] {}", codeProject.getName(), codeProject.getName());
codeProject = updateCodeProjectService.removeFromQueueAndStart(codeProject);
codeScanClient.runScan( codeProject, codeProjectBranch);
Scan scan = createScanService.createCodeScan(codeProject, projectMetadata.getBranch(),
projectMetadata.getCommitId(),Constants.SAST_LABEL,principal );
CiOperations operations = createCiOperationsService.create(projectMetadata, codeProject);
updateCiOperations.putScanOnAPipeline(operations, scan, securityQualityGateway.buildGatewayResponse(new ArrayList<>()));

// TODO: create codescan
}
}
}
} catch (IndexOutOfBoundsException ex) {
log.debug("Fortify configuration missing");
} catch (HttpClientErrorException ex) {
log.warn("HttpClientErrorException with code [{}] during cloud scan job synchro ", ex.getStatusCode().toString());
} catch (ParseException | JSONException | CertificateException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyManagementException | KeyStoreException | IOException e) {
log.warn("Exception came up during running scan {}", e.getLocalizedMessage());
e.printStackTrace();
}
}
}


/**
* Method which run scan for given parameters
Expand Down

0 comments on commit f22b403

Please sign in to comment.