diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsLocation.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsLocation.java new file mode 100644 index 00000000..75ea9918 --- /dev/null +++ b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsLocation.java @@ -0,0 +1,43 @@ +package com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; + +@lombok.Data +@JsonDeserialize() +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) + +public class KicsLocation { + private final String fileName; + private final String similarityID; + private final int line; + private final String issueType; + private final String searchKey; + private final int searchLine; + private final String searchValue; + private final String expectedValue; + private final String actualValue; + + public KicsLocation(@JsonProperty("file_name") String fileName, + @JsonProperty("similarity_id") String similarityID, + @JsonProperty("line") int line, + @JsonProperty("issue_type") String issueType, + @JsonProperty("search_key") String searchKey, + @JsonProperty("search_line") int searchLine, + @JsonProperty("search_value") String searchValue, + @JsonProperty("expected_value") String expectedValue, + @JsonProperty("actual_value") String actualValue) { + this.fileName = fileName; + this.similarityID = similarityID; + this.line = line; + this.issueType = issueType; + this.searchKey = searchKey; + this.searchLine = searchLine; + this.searchValue = searchValue; + this.expectedValue = expectedValue; + this.actualValue = actualValue; + } +} diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsResult.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsResult.java new file mode 100644 index 00000000..37e0d0e8 --- /dev/null +++ b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsResult.java @@ -0,0 +1,38 @@ +package com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import java.util.List; + +@lombok.Data +@JsonDeserialize() +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) + +public class KicsResult { + private final String queryName; + private final String queryID; + private final String severity; + private final String platform; + private final String category; + private final String description; + private final List locations; + + public KicsResult(@JsonProperty("query_name") String queryName, + @JsonProperty("query_id") String queryID, + @JsonProperty("severity") String severity, + @JsonProperty("platform") String platform, + @JsonProperty("category") String category, + @JsonProperty("description") String description, + @JsonProperty("files") List locations) { + this.queryName = queryName; + this.queryID = queryID; + this.severity = severity; + this.platform = platform; + this.category = category; + this.description = description; + this.locations = locations; + } +} diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsSummary.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsSummary.java new file mode 100644 index 00000000..eb445568 --- /dev/null +++ b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsSummary.java @@ -0,0 +1,28 @@ +package com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; + + +@lombok.Data +@JsonDeserialize() +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) + +public class KicsSummary { + private final int high; + private final int medium; + private final int low; + private final int info; + + public KicsSummary(@JsonProperty("HIGH") int high, + @JsonProperty("MEDIUM") int medium, + @JsonProperty("LOW") int low, + @JsonProperty("INFO") int info) { + this.high = high; + this.medium = medium; + this.low = low; + this.info = info; + } +} diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java new file mode 100644 index 00000000..c9fd88d4 --- /dev/null +++ b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java @@ -0,0 +1,63 @@ +package com.checkmarx.ast.kicsRealtimeResults; + +import com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult.KicsResult; +import com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult.KicsSummary; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.databind.type.TypeFactory; +import lombok.Value; +import org.apache.commons.lang3.StringUtils; + +import java.io.IOException; +import java.util.List; + +@Value +@JsonDeserialize() +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) +public class kicsRealtimeResults { + + int totalCount; + String version; + List results; + KicsSummary kicsSummary; + + @JsonCreator + public kicsRealtimeResults(@JsonProperty("total_counter") int totalCount, @JsonProperty("queries") List results,@JsonProperty("kics_version") String version, @JsonProperty("severity_counters") KicsSummary kicsSummary) { + this.totalCount = totalCount; + this.version = version; + this.results = results; + this.kicsSummary = kicsSummary; + } + public static T fromLine(String line) { + return parse(line, TypeFactory.defaultInstance().constructType(kicsRealtimeResults.class)); + } + + private static T parse(String line, JavaType type) { + T result = null; + try { + if (!StringUtils.isBlank(line) && isValidJSON(line)) { + result = new ObjectMapper().readValue(line, type); + + } + } catch (IOException e) { + e.printStackTrace(); + } + return result; + } + private static boolean isValidJSON(final String json) { + try { + final ObjectMapper mapper = new ObjectMapper(); + mapper.readTree(json); + return true; + } catch (IOException e) { + return false; + } + } +} diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java index 3cd85501..b5e761a1 100644 --- a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java +++ b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java @@ -49,4 +49,8 @@ public final class CxConstants { static final String CWE_ID = "--cwe-id"; static final String LANGUAGE = "--language"; static final String VULNERABILITY_TYPE = "--vulnerability-type"; + static final String FILE_SOURCES = "--file"; + static final String ADDITONAL_PARAMS = "--additional-params"; + static final String ENGINE = "--engine"; + static final String SUB_CMD_KICS_REALTIME = "kics-realtime"; } diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java index 383c4bfa..e37c5c3f 100644 --- a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java +++ b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java @@ -1,6 +1,7 @@ package com.checkmarx.ast.wrapper; import com.checkmarx.ast.codebashing.CodeBashing; +import com.checkmarx.ast.kicsRealtimeResults.kicsRealtimeResults; import com.checkmarx.ast.predicate.Predicate; import com.checkmarx.ast.project.Project; import com.checkmarx.ast.results.ReportFormat; @@ -304,6 +305,26 @@ public int getResultsBfl(@NonNull UUID scanId, @NonNull String queryId, List arguments = new ArrayList<>(); + arguments.add(CxConstants.CMD_SCAN); + arguments.add(CxConstants.SUB_CMD_KICS_REALTIME); + arguments.add(CxConstants.FILE_SOURCES); + arguments.add(fileSources); + arguments.add(CxConstants.ADDITONAL_PARAMS); + arguments.add(additionalParams); + if(engine.length()>0){ + arguments.add(CxConstants.ENGINE); + arguments.add(engine); + } + kicsRealtimeResults kicsResults = Execution.executeCommand(withConfigArguments(arguments), logger, kicsRealtimeResults::fromLine); + return kicsResults; + + } private int getIndexOfBfLNode(List bflNodes, List resultNodes) { int bflNodeNotFound = -1; diff --git a/src/test/java/com/checkmarx/ast/ScanTest.java b/src/test/java/com/checkmarx/ast/ScanTest.java index 985611e2..655ff787 100644 --- a/src/test/java/com/checkmarx/ast/ScanTest.java +++ b/src/test/java/com/checkmarx/ast/ScanTest.java @@ -1,5 +1,6 @@ package com.checkmarx.ast; +import com.checkmarx.ast.kicsRealtimeResults.kicsRealtimeResults; import com.checkmarx.ast.scan.Scan; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; @@ -31,4 +32,10 @@ void testScanCreate() throws Exception { Assertions.assertEquals("Completed", wrapper.scanShow(UUID.fromString(scan.getId())).getStatus()); } + @Test + void testKicsRealtimeScan() throws Exception { + kicsRealtimeResults scan = wrapper.kicsRealtimeScan("target/test-classes/Dockerfile","","v"); + Assertions.assertTrue(scan.getResults().size() >= 1); + } + } diff --git a/src/test/resources/Dockerfile b/src/test/resources/Dockerfile new file mode 100644 index 00000000..46598e80 --- /dev/null +++ b/src/test/resources/Dockerfile @@ -0,0 +1,16 @@ +FROM openjdk:11.0.1-jre-slim-stretch + +ARG webwolf_version=v8.0.0-SNAPSHOT + +RUN \ + apt-get update && apt-get install && \ + useradd --home-dir /home/webwolf --create-home -U webwolf + +USER webwolf +COPY target/webwolf-${webwolf_version}.jar /home/webwolf/webwolf.jar +COPY start-webwolf.sh /home/webwolf + +EXPOSE 9090 + +ENTRYPOINT ["/home/webwolf/start-webwolf.sh"] +CMD ["--server.port=9090", "--server.address=0.0.0.0"] \ No newline at end of file