From 744dc52612cf0a4e35d10b6ff1a8e6b7b0ee496e Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Fri, 6 May 2022 17:01:12 +0100 Subject: [PATCH 1/3] adding kics realtime command --- .../ast/kicsRealtimeResult/KicsLocation.java | 43 +++++++++++++ .../ast/kicsRealtimeResult/KicsResult.java | 38 +++++++++++ .../ast/kicsRealtimeResult/KicsSummary.java | 28 +++++++++ .../kicsRealtimeResults.java | 63 +++++++++++++++++++ .../checkmarx/ast/wrapper/CxConstants.java | 3 + .../com/checkmarx/ast/wrapper/CxWrapper.java | 18 ++++++ src/test/java/com/checkmarx/ast/ScanTest.java | 7 +++ src/test/resources/Dockerfile | 16 +++++ 8 files changed, 216 insertions(+) create mode 100644 src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsLocation.java create mode 100644 src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsResult.java create mode 100644 src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsSummary.java create mode 100644 src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java create mode 100644 src/test/resources/Dockerfile diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsLocation.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsLocation.java new file mode 100644 index 00000000..75ea9918 --- /dev/null +++ b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsLocation.java @@ -0,0 +1,43 @@ +package com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; + +@lombok.Data +@JsonDeserialize() +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) + +public class KicsLocation { + private final String fileName; + private final String similarityID; + private final int line; + private final String issueType; + private final String searchKey; + private final int searchLine; + private final String searchValue; + private final String expectedValue; + private final String actualValue; + + public KicsLocation(@JsonProperty("file_name") String fileName, + @JsonProperty("similarity_id") String similarityID, + @JsonProperty("line") int line, + @JsonProperty("issue_type") String issueType, + @JsonProperty("search_key") String searchKey, + @JsonProperty("search_line") int searchLine, + @JsonProperty("search_value") String searchValue, + @JsonProperty("expected_value") String expectedValue, + @JsonProperty("actual_value") String actualValue) { + this.fileName = fileName; + this.similarityID = similarityID; + this.line = line; + this.issueType = issueType; + this.searchKey = searchKey; + this.searchLine = searchLine; + this.searchValue = searchValue; + this.expectedValue = expectedValue; + this.actualValue = actualValue; + } +} diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsResult.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsResult.java new file mode 100644 index 00000000..37e0d0e8 --- /dev/null +++ b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsResult.java @@ -0,0 +1,38 @@ +package com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import java.util.List; + +@lombok.Data +@JsonDeserialize() +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) + +public class KicsResult { + private final String queryName; + private final String queryID; + private final String severity; + private final String platform; + private final String category; + private final String description; + private final List locations; + + public KicsResult(@JsonProperty("query_name") String queryName, + @JsonProperty("query_id") String queryID, + @JsonProperty("severity") String severity, + @JsonProperty("platform") String platform, + @JsonProperty("category") String category, + @JsonProperty("description") String description, + @JsonProperty("files") List locations) { + this.queryName = queryName; + this.queryID = queryID; + this.severity = severity; + this.platform = platform; + this.category = category; + this.description = description; + this.locations = locations; + } +} diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsSummary.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsSummary.java new file mode 100644 index 00000000..eb445568 --- /dev/null +++ b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsSummary.java @@ -0,0 +1,28 @@ +package com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; + + +@lombok.Data +@JsonDeserialize() +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) + +public class KicsSummary { + private final int high; + private final int medium; + private final int low; + private final int info; + + public KicsSummary(@JsonProperty("HIGH") int high, + @JsonProperty("MEDIUM") int medium, + @JsonProperty("LOW") int low, + @JsonProperty("INFO") int info) { + this.high = high; + this.medium = medium; + this.low = low; + this.info = info; + } +} diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java new file mode 100644 index 00000000..c9fd88d4 --- /dev/null +++ b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java @@ -0,0 +1,63 @@ +package com.checkmarx.ast.kicsRealtimeResults; + +import com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult.KicsResult; +import com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult.KicsSummary; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.databind.type.TypeFactory; +import lombok.Value; +import org.apache.commons.lang3.StringUtils; + +import java.io.IOException; +import java.util.List; + +@Value +@JsonDeserialize() +@JsonInclude(JsonInclude.Include.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) +public class kicsRealtimeResults { + + int totalCount; + String version; + List results; + KicsSummary kicsSummary; + + @JsonCreator + public kicsRealtimeResults(@JsonProperty("total_counter") int totalCount, @JsonProperty("queries") List results,@JsonProperty("kics_version") String version, @JsonProperty("severity_counters") KicsSummary kicsSummary) { + this.totalCount = totalCount; + this.version = version; + this.results = results; + this.kicsSummary = kicsSummary; + } + public static T fromLine(String line) { + return parse(line, TypeFactory.defaultInstance().constructType(kicsRealtimeResults.class)); + } + + private static T parse(String line, JavaType type) { + T result = null; + try { + if (!StringUtils.isBlank(line) && isValidJSON(line)) { + result = new ObjectMapper().readValue(line, type); + + } + } catch (IOException e) { + e.printStackTrace(); + } + return result; + } + private static boolean isValidJSON(final String json) { + try { + final ObjectMapper mapper = new ObjectMapper(); + mapper.readTree(json); + return true; + } catch (IOException e) { + return false; + } + } +} diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java index 3cd85501..8796bc22 100644 --- a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java +++ b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java @@ -49,4 +49,7 @@ public final class CxConstants { static final String CWE_ID = "--cwe-id"; static final String LANGUAGE = "--language"; static final String VULNERABILITY_TYPE = "--vulnerability-type"; + static final String FILE_SOURCES = "--file-sources"; + static final String ADDITONAL_PARAMS = "--additional-params"; + static final String SUB_CMD_KICS_REALTIME = "kics-realtime"; } diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java index 14646281..3d336c77 100644 --- a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java +++ b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java @@ -1,6 +1,7 @@ package com.checkmarx.ast.wrapper; import com.checkmarx.ast.codebashing.CodeBashing; +import com.checkmarx.ast.kicsRealtimeResults.kicsRealtimeResults; import com.checkmarx.ast.predicate.Predicate; import com.checkmarx.ast.project.Project; import com.checkmarx.ast.results.ReportFormat; @@ -305,6 +306,23 @@ public int getResultsBfl(@NonNull UUID scanId, @NonNull String queryId, List arguments = new ArrayList<>(); + arguments.add(CxConstants.CMD_SCAN); + arguments.add(CxConstants.SUB_CMD_KICS_REALTIME); + arguments.add(CxConstants.FILE_SOURCES); + arguments.add(fileSources); + arguments.add(CxConstants.ADDITONAL_PARAMS); + arguments.add(additionalParams); + + kicsRealtimeResults kicsResults = Execution.executeCommand(withConfigArguments(arguments), logger, kicsRealtimeResults::fromLine); + return kicsResults; + + } private int getIndexOfBfLNode(List bflNodes, List resultNodes) { int bflNodeNotFound = -1; diff --git a/src/test/java/com/checkmarx/ast/ScanTest.java b/src/test/java/com/checkmarx/ast/ScanTest.java index 985611e2..6b20ac2b 100644 --- a/src/test/java/com/checkmarx/ast/ScanTest.java +++ b/src/test/java/com/checkmarx/ast/ScanTest.java @@ -1,5 +1,6 @@ package com.checkmarx.ast; +import com.checkmarx.ast.kicsRealtimeResults.kicsRealtimeResults; import com.checkmarx.ast.scan.Scan; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; @@ -31,4 +32,10 @@ void testScanCreate() throws Exception { Assertions.assertEquals("Completed", wrapper.scanShow(UUID.fromString(scan.getId())).getStatus()); } + @Test + void testKicsRealtimeScan() throws Exception { + kicsRealtimeResults scan = wrapper.kicsRealtimeScan("target/test-classes/Dockerfile","v"); + Assertions.assertTrue(scan.getResults().size() >= 1); + } + } diff --git a/src/test/resources/Dockerfile b/src/test/resources/Dockerfile new file mode 100644 index 00000000..46598e80 --- /dev/null +++ b/src/test/resources/Dockerfile @@ -0,0 +1,16 @@ +FROM openjdk:11.0.1-jre-slim-stretch + +ARG webwolf_version=v8.0.0-SNAPSHOT + +RUN \ + apt-get update && apt-get install && \ + useradd --home-dir /home/webwolf --create-home -U webwolf + +USER webwolf +COPY target/webwolf-${webwolf_version}.jar /home/webwolf/webwolf.jar +COPY start-webwolf.sh /home/webwolf + +EXPOSE 9090 + +ENTRYPOINT ["/home/webwolf/start-webwolf.sh"] +CMD ["--server.port=9090", "--server.address=0.0.0.0"] \ No newline at end of file From b95d181f34d2e0d66d30eb41dd00cbef41e8c0ae Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Tue, 24 May 2022 10:47:04 +0100 Subject: [PATCH 2/3] adding engine support --- src/main/java/com/checkmarx/ast/wrapper/CxConstants.java | 1 + src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java | 7 +++++-- src/test/java/com/checkmarx/ast/ScanTest.java | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java index 8796bc22..7d9cac89 100644 --- a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java +++ b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java @@ -51,5 +51,6 @@ public final class CxConstants { static final String VULNERABILITY_TYPE = "--vulnerability-type"; static final String FILE_SOURCES = "--file-sources"; static final String ADDITONAL_PARAMS = "--additional-params"; + static final String ENGINE = "--engine"; static final String SUB_CMD_KICS_REALTIME = "kics-realtime"; } diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java index 3d336c77..05ad421b 100644 --- a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java +++ b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java @@ -306,7 +306,7 @@ public int getResultsBfl(@NonNull UUID scanId, @NonNull String queryId, List0){ + arguments.add(CxConstants.ENGINE); + arguments.add(engine); + } kicsRealtimeResults kicsResults = Execution.executeCommand(withConfigArguments(arguments), logger, kicsRealtimeResults::fromLine); return kicsResults; diff --git a/src/test/java/com/checkmarx/ast/ScanTest.java b/src/test/java/com/checkmarx/ast/ScanTest.java index 6b20ac2b..655ff787 100644 --- a/src/test/java/com/checkmarx/ast/ScanTest.java +++ b/src/test/java/com/checkmarx/ast/ScanTest.java @@ -34,7 +34,7 @@ void testScanCreate() throws Exception { @Test void testKicsRealtimeScan() throws Exception { - kicsRealtimeResults scan = wrapper.kicsRealtimeScan("target/test-classes/Dockerfile","v"); + kicsRealtimeResults scan = wrapper.kicsRealtimeScan("target/test-classes/Dockerfile","","v"); Assertions.assertTrue(scan.getResults().size() >= 1); } From 80cf1247b435746248c395f39d3df339b18cfbb5 Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Fri, 27 May 2022 11:07:11 +0100 Subject: [PATCH 3/3] changing file flag --- src/main/java/com/checkmarx/ast/wrapper/CxConstants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java index 7d9cac89..b5e761a1 100644 --- a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java +++ b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java @@ -49,7 +49,7 @@ public final class CxConstants { static final String CWE_ID = "--cwe-id"; static final String LANGUAGE = "--language"; static final String VULNERABILITY_TYPE = "--vulnerability-type"; - static final String FILE_SOURCES = "--file-sources"; + static final String FILE_SOURCES = "--file"; static final String ADDITONAL_PARAMS = "--additional-params"; static final String ENGINE = "--engine"; static final String SUB_CMD_KICS_REALTIME = "kics-realtime";