Merge pull request #156 from CheckmarxDev/feature/AST-12644-updating-sca-results-details

adding full results structure + support for new sca results

Author: diogopcx

src/main/results/CxCvss.ts

@@ -0,0 +1,23 @@
+export default class CxCvss {
+    version:string;
+    attackVector:string;
+    availability:string;
+    confidentiality:string;
+    attackComplexity:string;
+    integrityImpact:string;
+    scope:string;
+    privilegesRequired:string;
+    userInteraction:string;
+
+    constructor(version: string,attackVector: string,availability: string,confidentiality: string,attackComplexity:string,integrityImpact:string,scope:string,privilegesRequired:string,userInteraction:string) {
+        this.version = version;
+        this.attackVector = attackVector;
+        this.availability = availability;
+        this.confidentiality = confidentiality;
+        this.attackComplexity = attackComplexity;
+        this.integrityImpact = integrityImpact;
+        this.scope = scope;
+        this.privilegesRequired = privilegesRequired;
+        this.userInteraction = userInteraction;
+    }
+}

src/main/results/CxData.ts

@@ -0,0 +1,29 @@
+import CxPackageData from "./CxPackageData";
+import CxScaPackageData from "./CxScaPackageData";
+import CxNode from "./CxNode";
+
+export default class CxData {
+    packageData:  CxPackageData[];
+    packageIdentifier: string;
+    scaPackageData: CxScaPackageData;
+    queryId: string;
+    queryName: string;
+    group: string;
+    resultHash: string;
+    languageName: string;
+    nodes: CxNode[];
+    recommendedVersion: string;
+
+    constructor(packageData: CxPackageData[],packageIdentifier: string,scaPackageData: CxScaPackageData,queryId: string,queryName: string,group: string,resultHash: string,languageName: string,nodes: CxNode[],recommendedVersion:string) {
+        this.packageData = packageData;
+        this.packageIdentifier = packageIdentifier;
+        this.scaPackageData = scaPackageData;
+        this.queryId = queryId;
+        this.queryName = queryName;
+        this.group = group;
+        this.resultHash = resultHash;
+        this.languageName = languageName;
+        this.nodes = nodes;
+        this.recommendedVersion=recommendedVersion;
+    }
+}

src/main/results/CxDependencyPaths.ts

@@ -0,0 +1,6 @@
+export default class CxDependencyPaths {
+    id: string;
+    name: string;
+    version: string;
+    isDevelopment: boolean;
+}

src/main/results/CxNode.ts

@@ -0,0 +1,31 @@
+export default class CxNode {
+    id: string;
+    line: number;
+    name: string;
+    column: number;
+    length: number;
+    method: string;
+    nodeID: number;
+    domType: string;
+    fileName: string;
+    fullName: string;
+    typeName: string;
+    methodLine: number;
+    definitions: string;
+
+    constructor(id: string,line: number,name: string,column: number,length: number,method: string,nodeID: number,domType: string,fileName: string,fullName:string,typeName: string,methodLine: number,definitions: string) {
+        this.id = id;
+        this.line = line;
+        this.name = name;
+        this.column = column;
+        this.length = length;
+        this.method = method;
+        this.nodeID = nodeID;
+        this.domType = domType;
+        this.fileName = fileName;
+        this.fullName = fullName;
+        this.typeName = typeName;
+        this.methodLine = methodLine;
+        this.definitions = definitions;
+    }
+}

src/main/results/CxPackageData.ts

@@ -0,0 +1,11 @@
+export default class CxPackageData {
+    comment: string;
+    type: string;
+    url: string;
+
+    constructor(comment: string,type: string,url: string) {
+        this.comment = comment;
+        this.type = type;
+        this.url = url;
+    }
+}

src/main/results/CxResult.ts

@@ -1,3 +1,6 @@
+import CxData from "./CxData";
+import CxVulnerabilityDetails from "./CxVulnerabilityDetails";
+
 export default class CxResult {
     type: string;
     id: string;
@@ -10,7 +13,25 @@ export default class CxResult {
     foundAt: string;
     firstScanId: string;
     description: string;
-    data: any = {};
+    data: CxData;
     comments: any = {};
-    vulnerabilityDetails:object = {};
-}
+    vulnerabilityDetails:CxVulnerabilityDetails;
+
+    constructor(type: string,id: string,status: string,similarityId: string,state: string,severity: string,created: string,firstFoundAt: string,foundAt: string,firstScanId:string,description: string,data: CxData,comments: any,vulnerabilityDetails: CxVulnerabilityDetails) {
+        this.type = type;
+        this.id = id;
+        this.status = status;
+        this.similarityId = similarityId;
+        this.state = state;
+        this.severity = severity;
+        this.created = created;
+        this.firstFoundAt = firstFoundAt;
+        this.foundAt = foundAt;
+        this.firstScanId = firstScanId;
+        this.description = description;
+        this.data = data;
+        this.comments = comments;
+        this.vulnerabilityDetails = vulnerabilityDetails;
+    }
+}
+

src/main/results/CxScaPackageData.ts

@@ -0,0 +1,17 @@
+import CxDependencyPaths from "./CxDependencyPaths";
+
+export default class CxScaPackageData {
+    id: string;
+    locations: string [];
+    dependencyPaths: CxDependencyPaths [];
+    outdated: boolean;
+    fixLink:string
+
+    constructor(id: string,locations: string [],dependencyPaths: CxDependencyPaths [],outdated: boolean,fixLink:string) {
+        this.id = id;
+        this.locations = locations;
+        this.dependencyPaths = dependencyPaths;
+        this.outdated = outdated;
+        this.fixLink = fixLink;
+    }
+}

src/main/results/CxVulnerabilityDetails.ts

@@ -0,0 +1,17 @@
+import CxCvss from "./CxCvss";
+
+export default class CxVulnerabilityDetails {
+    cweId: number;
+    cvss: CxCvss;
+    compliances: string[];
+    cvssScore:number;
+    cveName:string;
+
+    constructor(cweId: number,cvss: CxCvss,compliances: string[],cvssScore: number,cveName:string) {
+        this.cweId = cweId;
+        this.cvss = cvss;
+        this.compliances = compliances;
+        this.cvssScore = cvssScore;
+        this.cveName = cveName;
+    }
+}

src/main/wrapper/CxConstants.ts

@@ -18,9 +18,13 @@ export enum CxConstants {
     CMD_UTILS = "utils",
     CMD_REMEDIATION = "remediation",
     SUB_CMD_REMEDIATION_KICS = "kics",
+    SUB_CMD_REMEDIATION_SCA = "sca",
     KICS_REMEDIATION_RESULTS_FILE = "--results-file",
     KICS_REMEDIATION_KICS_FILE = "--kics-files",
     KICS_REMEDIATION_SIMILARITY_IDS = "--similarity-ids",
+    SCA_REMEDIATION_PACKAGE_FILE = "--package-file",
+    SCA_REMEDIATION_PACKAGE = "--package",
+    SCA_REMEDIATION_PACKAGE_VERSION = "--package-version",
     CMD_AUTH = "auth",
     SUB_CMD_VALIDATE = "validate",
     CMD_PROJECT = "project",

src/main/wrapper/CxWrapper.ts

@@ -1,13 +1,13 @@
-import { CxConfig } from "./CxConfig";
-import { CxParamType } from "./CxParamType";
-import { CxConstants } from "./CxConstants";
-import { ExecutionService } from "./ExecutionService";
-import { CxCommandOutput } from "./CxCommandOutput";
-import path = require('path');
-import { getLoggerWithFilePath, logger } from "./loggerConfig";
+import {CxConfig} from "./CxConfig";
+import {CxParamType} from "./CxParamType";
+import {CxConstants} from "./CxConstants";
+import {ExecutionService} from "./ExecutionService";
+import {CxCommandOutput} from "./CxCommandOutput";
+import {getLoggerWithFilePath, logger} from "./loggerConfig";
 import * as fs from "fs"
 import * as os from "os";
 import CxBFL from "../bfl/CxBFL";
+import path = require('path');
 
 type ParamTypeMap = Map<CxParamType, string>;
 
@@ -260,6 +260,13 @@ export class CxWrapper {
         return exec.executeKicsCommands(this.config.pathToExecutable, commands, CxConstants.KICS_REMEDIATION_TYPE);
     }
 
+    async scaRemediation(packageFile: string, packages:string, packageVersion:string): Promise<CxCommandOutput>  {
+        const commands: string[] = [CxConstants.CMD_UTILS, CxConstants.CMD_REMEDIATION,CxConstants.SUB_CMD_REMEDIATION_SCA,CxConstants.SCA_REMEDIATION_PACKAGE_FILE, packageFile,CxConstants.SCA_REMEDIATION_PACKAGE, packages,CxConstants.SCA_REMEDIATION_PACKAGE_VERSION,packageVersion];
+        commands.push(...this.initializeCommands(false));
+        const exec = new ExecutionService();
+        return exec.executeCommands(this.config.pathToExecutable, commands);
+    }
+
     getIndexOfBflNode(bflNodes: CxBFL[], resultNodes: any[]): number {
 
         const bflNodeNotFound = -1;