Support Ignore file path for Oss real time and Secrets real time (#859)

cx-itay-paz · Itay Paz · github-actions · web-flow · commit 5a23f6f75987 · 2025-07-22T16:06:48.000+03:00
* add support ignore file oss * revert secretsscanresults * change realse tag * Track Checkmarx CLI binaries with Git LFS * Update checkmarx-ast-cli to 2.3.27 * change to 2.3.27-itay pre ealse cli * remove exe files * change tag cli * Revert "remove exe files" This reverts commit d8c11d9. * revert tag * Update cx-mac * Update cx.exe * Update cx-linux * Update checkmarx-ast-cli.version * Update ScanTest.test.ts * add ignore file to secrets (#865) Co-authored-by: Itay Paz <itaypaz@Itays-MacBook-Pro-2.local> * add ignore secrets test * fix ignore file * change tag for pre prealse cli * Track Checkmarx CLI binaries with Git LFS * Update checkmarx-ast-cli to 2.3.27 * revert tag * Update checkmarx-ast-cli.version --------- Co-authored-by: Itay Paz <itaypaz@Itays-MacBook-Pro-2.local> Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Daniel Greenspan <33864348+cx-daniel-greenspan@users.noreply.github.com> Co-authored-by: Ben Alvo <144705560+cx-ben-alvo@users.noreply.github.com>
diff --git a/src/main/wrapper/CxConstants.ts b/src/main/wrapper/CxConstants.ts
@@ -1,4 +1,5 @@
 export enum CxConstants {
+    IGNORE__FILE_PATH = "--ignored-file-path",
     SOURCE = "-s",
     VERBOSE = "-v",
     PROJECT_NAME = "--project-name",
diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts
@@ -57,7 +57,7 @@ export class CxWrapper {
         }
     }
 
-    
+
     initializeCommands(formatRequired: boolean): string[] {
         const list: string[] = [];
         if (this.config.clientId) {
@@ -149,20 +149,44 @@ export class CxWrapper {
         return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_ASCA);
     }
 
-    async ossScanResults(sourceFile: string): Promise<CxCommandOutput> {
-        const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_OSS, CxConstants.SOURCE, sourceFile];
-        commands.push(...this.initializeCommands(false));
-        const exec = new ExecutionService();
-        return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS);
+    async ossScanResults(sourceFile: string, ignoredFilePath?: string): Promise<CxCommandOutput> {
+    const commands: string[] = [
+        CxConstants.CMD_SCAN,
+        CxConstants.CMD_OSS,
+        CxConstants.SOURCE,
+        sourceFile
+    ];
+
+    if (ignoredFilePath) {
+        commands.push(CxConstants.IGNORE__FILE_PATH);
+        commands.push(ignoredFilePath);
     }
 
-    async secretsScanResults(sourceFile: string): Promise<CxCommandOutput> {
-        const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_SECRETS, CxConstants.SOURCE, sourceFile];
-        commands.push(...this.initializeCommands(false));
-        const exec = new ExecutionService();
-        return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS);
+    commands.push(...this.initializeCommands(false));
+
+    const exec = new ExecutionService();
+    return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS);
+}
+
+    async secretsScanResults(sourceFile: string, ignoredFilePath?: string): Promise<CxCommandOutput> {
+    const commands: string[] = [
+        CxConstants.CMD_SCAN,
+        CxConstants.CMD_SECRETS,
+        CxConstants.SOURCE,
+        sourceFile
+    ];
+
+    if (ignoredFilePath) {
+        commands.push(CxConstants.IGNORE__FILE_PATH);
+        commands.push(ignoredFilePath);
     }
 
+    commands.push(...this.initializeCommands(false));
+
+    const exec = new ExecutionService();
+    return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS);
+}
+
     async scanCancel(id: string): Promise<CxCommandOutput> {
         const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.SUB_CMD_CANCEL, CxConstants.SCAN_ID, id];
         commands.push(...this.initializeCommands(false));
diff --git a/src/main/wrapper/resources/cx-linux b/src/main/wrapper/resources/cx-linux
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c575ad83e1b594441fa60b9ced859709adaeb1fb82310c7a14cc03faf8bed385
-size 75616440
+oid sha256:3dc4decd7c938c329a672b42f273e5a439e39294d60f7adb81e6e79b7187b333
+size 75718840
diff --git a/src/main/wrapper/resources/cx-mac b/src/main/wrapper/resources/cx-mac
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:a290c0a5147403168bf8f56bb6b7752e76a278ded9639f4b8563e4a0f8f77090
-size 152195792
+oid sha256:c7ffcb8755b167b5b6cc2c4610bc4ebe664af6974df2127092ef30c2b7b17223
+size 152395216
diff --git a/src/main/wrapper/resources/cx.exe b/src/main/wrapper/resources/cx.exe
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:9cb276f871d8fc9460baef9d12f7aaf5773d133e3327a83d7cfd228db8aa0d97
-size 77584256
+oid sha256:14d343b959bcb155f03f2aa5f80fdb8e549b91827705051ef9455b6d67b12ad0
+size 77686208
diff --git a/src/tests/ScanTest.test.ts b/src/tests/ScanTest.test.ts
@@ -2,6 +2,7 @@ import { CxWrapper } from '../main/wrapper/CxWrapper';
 import { CxCommandOutput } from "../main/wrapper/CxCommandOutput";
 import { CxParamType } from "../main/wrapper/CxParamType";
 import { BaseTest } from "./BaseTest";
+import {OssPackage} from "./data/ossTypes";
 
 describe("ScanCreate cases", () => {
     const cxScanConfig = new BaseTest();
@@ -173,21 +174,58 @@ describe("ScanCreate cases", () => {
         expect(Number.isInteger(scanObject.scanDetails[0].line)).toBe(true);
         expect(typeof scanObject.scanDetails[0].description).toBe('string');
     });
-    
+
     it('ScanOss Successful case', async () => {
         const wrapper = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json");
+        const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json","");
         console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput));
         expect(cxCommandOutput.payload).toBeDefined();
         expect(cxCommandOutput.exitCode).toBe(0);
     });
 
-    it.skip('ScanSecrets Successful case', async () => {
+    it.skip('ScanOss with ignored package should filter results', async () => {
+    const wrapper = new CxWrapper(cxScanConfig);
+    const sourceFile = "tsc/tests/data/package.json";
+    const ignoredFile = "tsc/tests/data/checkmarxIgnoredTempFile.json";
+
+    const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults(sourceFile, ignoredFile);
+
+    expect(cxCommandOutput.exitCode).toBe(0);
+    expect(cxCommandOutput.payload).toBeDefined();
+
+    const results = cxCommandOutput.payload as OssPackage[];
+
+    console.log("Filtered OSS packages:", results);
+
+    expect(results.length).toBe(1);
+
+    const hasCOA = results.some(pkg =>
+        pkg.PackageManager === "coa" && pkg.PackageVersion === "3.1.3"
+    );
+    expect(hasCOA).toBe(false);
+});
+
+    it('ScanSecrets Successful case', async () => {
         const wrapper = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults("src/tests/data/secret-exposed.txt");
+        const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults("src/tests/data/secret-exposed.txt","");
         console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput));
         expect(cxCommandOutput.payload).toBeDefined();
         expect(cxCommandOutput.exitCode).toBe(0);
     });
 
+    it.skip('ScanSecrets with ignore file filters the result', async () => {
+    const wrapper = new CxWrapper(cxScanConfig);
+    const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults(
+        "src/tests/data/secret-exposed.txt",
+        "src/tests/data/ignoreFileSecrets.json"
+    );
+
+    console.log("Json object from scanSecrets with ignore file: " + JSON.stringify(cxCommandOutput));
+    expect(cxCommandOutput.payload).toBeDefined();
+    expect(Array.isArray(cxCommandOutput.payload)).toBe(true);
+    expect(cxCommandOutput.payload.length).toBe(0);
+    expect(cxCommandOutput.exitCode).toBe(0);
 });
+
+});
+
diff --git a/src/tests/data/ignoreFileSecrets.json b/src/tests/data/ignoreFileSecrets.json
@@ -0,0 +1,7 @@
+[
+{
+    "Title": "github-pat",
+    "FilePath": "/Users/itaypaz/Library/CloudStorage/OneDrive-Checkmarx/Documents/jswrapper/ast-cli-javascript-wrapper/src/tests/data/secret-exposed.txt",
+    "Line": 3
+  }
+]
diff --git a/src/tests/data/ossTypes.ts b/src/tests/data/ossTypes.ts
@@ -0,0 +1,21 @@
+export interface Location {
+    Line: number;
+    StartIndex: number;
+    EndIndex: number;
+}
+
+export interface Vulnerability {
+    CVE: string;
+    Description: string;
+    Severity: string;
+}
+
+export interface OssPackage {
+    PackageManager: string;
+    PackageName: string;
+    PackageVersion: string;
+    FilePath: string;
+    Locations: Location[];
+    Status: string;
+    Vulnerabilities: Vulnerability[];
+}
diff --git a/tsc/tests/data/checkmarxIgnoredTempFile.json b/tsc/tests/data/checkmarxIgnoredTempFile.json
@@ -0,0 +1,7 @@
+[
+  {
+    "PackageManager": "npm",
+    "PackageName": "coa",
+    "PackageVersion": "3.1.3"
+  }
+]
diff --git a/tsc/tests/data/package.json b/tsc/tests/data/package.json
@@ -3,6 +3,7 @@
   "version": "0.0.1",
   "description": "AST CLI Javascript wrapper tests",
   "dependencies": {
-    "log4js": "^6.9.1"
+    "log4js": "^6.9.1",
+    "coa":"3.1.3"
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`export enum CxConstants {`
	`2`	`+ IGNORE__FILE_PATH = "--ignored-file-path",`
`2`	`3`	`SOURCE = "-s",`
`3`	`4`	`VERBOSE = "-v",`
`4`	`5`	`PROJECT_NAME = "--project-name",`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`"version": "0.0.1",`
`4`	`4`	`"description": "AST CLI Javascript wrapper tests",`
`5`	`5`	`"dependencies": {`
`6`		`- "log4js": "^6.9.1"`
	`6`	`+ "log4js": "^6.9.1",`
	`7`	`+ "coa":"3.1.3"`
`7`	`8`	`}`
`8`	`9`	`}`