merge

Author: tiagobcx

.github/workflows/ci.yml

@@ -7,7 +7,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Use Node.js 14
-        uses: actions/setup-node@v3.3.0
+        uses: actions/setup-node@v3.4.1
         with:
           node-version: 14
           registry-url: https://npm.pkg.github.com/

.github/workflows/dependabot-auto-merge.yml

@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v1.3.1
+        uses: dependabot/fetch-metadata@v1.3.3
         with:
           github-token: "${{ secrets.PERSONAL_ACCESS_TOKEN  }}"
       - name: Enable auto-merge for Dependabot PRs

.github/workflows/release.yml

@@ -14,7 +14,7 @@ jobs:
           fetch-depth: 0
       - name: Set env
         run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
-      - uses: actions/setup-node@v3.3.0
+      - uses: actions/setup-node@v3.4.1
         with:
           node-version: 10
           registry-url: https://npm.pkg.github.com/

checkmarx-ast-cli.version

@@ -1 +1 @@
-2.0.20
+2.0.22

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@CheckmarxDev/ast-cli-javascript-wrapper",
-  "version": "0.0.54",
+  "version": "0.0.55",
   "description": "AST CLI Javascript wrapper",
   "main": "dist/main/wrapper/CxWrapper.js",
   "typings": "dist/main/wrapper/CxWrapper.d.ts",
@@ -9,11 +9,11 @@
     "README.md"
   ],
   "dependencies": {
-    "log4js": "^6.5.2"
+    "log4js": "^6.6.1"
   },
   "scripts": {
     "build": "tsc",
-    "postbuild": "copyfiles -u 1 src/main/wrapper/resources/cx* dist/",
+    "postbuild": "copyfiles -u 1 src/main/wrapper/resources/cx* dist/;copyfiles -u 1 src/tests/data/* dist/;",
     "lint": "eslint . --ext .ts",
     "lint-and-fix": "eslint . --ext .ts --fix",
     "test": "copyfiles -u 1 src/tests/data/* dist/; tsc && jest --runInBand --coverage"
@@ -27,13 +27,13 @@
   "homepage": "https://github.com/CheckmarxDev/ast-cli-javascript-wrapper#readme",
   "devDependencies": {
     "@types/jest": "^27.5.0",
-    "@types/node": "^18.0.0",
-    "@typescript-eslint/eslint-plugin": "^5.29.0",
-    "@typescript-eslint/parser": "^5.29.0",
+    "@types/node": "^18.6.3",
+    "@typescript-eslint/eslint-plugin": "^5.32.0",
+    "@typescript-eslint/parser": "^5.32.0",
     "copyfiles": "^2.4.1",
-    "eslint": "^8.18.0",
+    "eslint": "^8.21.0",
     "jest": "^26.6.3",
-    "jest-cli": "28.1.1",
+    "jest-cli": "28.1.3",
     "ts-jest": "^26.0.0",
     "typescript": "^4.7.4"
   },

package.json

@@ -0,0 +1,14 @@
+export default class CxKicsRemediation {
+    availableRemediation: string;
+    appliedRemediation: string;
+
+    constructor(availableRemediation: string,appliedRemediation: string) {
+        this.availableRemediation = availableRemediation;
+        this.appliedRemediation = appliedRemediation;
+    }
+
+    static parseKicsRemediation(resultObject: any): CxKicsRemediation {
+        const output: CxKicsRemediation = new CxKicsRemediation(resultObject.available_remediation_count,resultObject.applied_remediation_count);
+        return output;
+    }
+}

src/main/remediation/CxKicsRemediation.ts

@@ -15,6 +15,12 @@ export enum CxConstants {
     TENANT = "--tenant",
     BASE_URI = "--base-uri",
     BASE_AUTH_URI = "--base-auth-uri",
+    CMD_UTILS = "utils",
+    CMD_REMEDIATION = "remediation",
+    SUB_CMD_REMEDIATION_KICS = "kics",
+    KICS_REMEDIATION_RESULTS_FILE = "--results-file",
+    KICS_REMEDIATION_KICS_FILE = "--kics-files",
+    KICS_REMEDIATION_SIMILARITY_IDS = "--similarity-ids",
     CMD_AUTH = "auth",
     SUB_CMD_VALIDATE = "validate",
     CMD_PROJECT = "project",
@@ -56,6 +62,7 @@ export enum CxConstants {
     PREDICATE_TYPE = "CxPredicate",
     CODE_BASHING_TYPE = "CxCodeBashing",
     KICS_REALTIME_TYPE = "CxKicsRealTime",
+    KICS_REMEDIATION_TYPE = "CxKicsRemediation",
     BFL_TYPE = "CxBFL",
     SAST = "sast",
     LANGUAGE = "--language",

src/main/wrapper/CxConstants.ts

@@ -247,6 +247,19 @@ export class CxWrapper {
         return exec.executeKicsCommands(this.config.pathToExecutable, commands, CxConstants.KICS_REALTIME_TYPE);
     }
 
+    async kicsRemediation(resultsFile: string, kicsFile:string, engine:string,similarityIds?: string):Promise<[Promise<CxCommandOutput>,any]>  {
+        const commands: string[] = [CxConstants.CMD_UTILS, CxConstants.CMD_REMEDIATION,CxConstants.SUB_CMD_REMEDIATION_KICS,CxConstants.KICS_REMEDIATION_RESULTS_FILE, resultsFile, CxConstants.KICS_REMEDIATION_KICS_FILE, kicsFile];
+        if(engine.length>0){
+            commands.push(CxConstants.ENGINE,engine)
+        }
+        if(similarityIds){
+            commands.push(CxConstants.KICS_REMEDIATION_SIMILARITY_IDS,similarityIds)
+        }
+        commands.push(...this.initializeCommands(false));
+        const exec = new ExecutionService();
+        return exec.executeKicsCommands(this.config.pathToExecutable, commands, CxConstants.KICS_REMEDIATION_TYPE);
+    }
+
     getIndexOfBflNode(bflNodes: CxBFL[], resultNodes: any[]): number {
 
         const bflNodeNotFound = -1;

src/main/wrapper/CxWrapper.ts

@@ -16,6 +16,7 @@ import CxVulnerabilityDetails from "../results/CxVulnerabilityDetails";
 import CxCvss from "../results/CxCvss";
 import CxNode from "../results/CxNode";
 import CxPackageData from "../results/CxPackageData";
+import CxKicsRemediation from "../remediation/CxKicsRemediation";
 
 
 
@@ -146,6 +147,10 @@ export class ExecutionService {
                     const kicsResults = CxKicsRealTime.parseKicsRealTimeResponse(resultObject);
                     cxCommandOutput.payload = [kicsResults];
                     break;
+                  case "CxKicsRemediation":
+                    const kicsRemediationOutput = CxKicsRemediation.parseKicsRemediation(resultObject)
+                    cxCommandOutput.payload = [kicsRemediationOutput]
+                    break;
                 default:
                   cxCommandOutput.payload = resultObject;
               }