adding full results structure + support for new sca results

src/main/results/CxCvss.ts

@@ -0,0 +1,23 @@
+export default class CxCvss {
+    version:string;
+    attackVector:string;
+    availability:string;
+    confidentiality:string;
+    attackComplexity:string;
+    integrityImpact:string;
+    scope:string;
+    privilegesRequired:string;
+    userInteraction:string;
+
+    constructor(version: string,attackVector: string,availability: string,confidentiality: string,attackComplexity:string,integrityImpact:string,scope:string,privilegesRequired:string,userInteraction:string) {
+        this.version = version;
+        this.attackVector = attackVector;
+        this.availability = availability;
+        this.confidentiality = confidentiality;
+        this.attackComplexity = attackComplexity;
+        this.integrityImpact = integrityImpact;
+        this.scope = scope;
+        this.privilegesRequired = privilegesRequired;
+        this.userInteraction = userInteraction;
+    }
+}

src/main/results/CxData.ts

@@ -0,0 +1,29 @@
+import CxPackageData from "./CxPackageData";
+import CxScaPackageData from "./CxScaPackageData";
+import CxNode from "./CxNode";
+
+export default class CxData {
+    packageData:  CxPackageData[];
+    packageIdentifier: string;
+    scaPackageData: CxScaPackageData;
+    queryId: string;
+    queryName: string;
+    group: string;
+    resultHash: string;
+    languageName: string;
+    nodes: CxNode[];
+    recommendedVersion: string;
+
+    constructor(packageData: CxPackageData[],packageIdentifier: string,scaPackageData: CxScaPackageData,queryId: string,queryName: string,group: string,resultHash: string,languageName: string,nodes: CxNode[],recommendedVersion:string) {
+        this.packageData = packageData;
+        this.packageIdentifier = packageIdentifier;
+        this.scaPackageData = scaPackageData;
+        this.queryId = queryId;
+        this.queryName = queryName;
+        this.group = group;
+        this.resultHash = resultHash;
+        this.languageName = languageName;
+        this.nodes = nodes;
+        this.recommendedVersion=recommendedVersion;
+    }
+}

src/main/results/CxDependencyPaths.ts

@@ -0,0 +1,6 @@
+export default class CxDependencyPaths {
+    id: string;
+    name: string;
+    version: string;
+    isDevelopment: boolean;
+}

src/main/results/CxNode.ts

@@ -0,0 +1,31 @@
+export default class CxNode {
+    id: string;
+    line: number;
+    name: string;
+    column: number;
+    length: number;
+    method: string;
+    nodeID: number;
+    domType: string;
+    fileName: string;
+    fullName: string;
+    typeName: string;
+    methodLine: number;
+    definitions: string;
+
+    constructor(id: string,line: number,name: string,column: number,length: number,method: string,nodeID: number,domType: string,fileName: string,fullName:string,typeName: string,methodLine: number,definitions: string) {
+        this.id = id;
+        this.line = line;
+        this.name = name;
+        this.column = column;
+        this.length = length;
+        this.method = method;
+        this.nodeID = nodeID;
+        this.domType = domType;
+        this.fileName = fileName;
+        this.fullName = fullName;
+        this.typeName = typeName;
+        this.methodLine = methodLine;
+        this.definitions = definitions;
+    }
+}

src/main/results/CxPackageData.ts

@@ -0,0 +1,11 @@
+export default class CxPackageData {
+    comment: string;
+    type: string;
+    url: string;
+
+    constructor(comment: string,type: string,url: string) {
+        this.comment = comment;
+        this.type = type;
+        this.url = url;
+    }
+}

src/main/results/CxResult.ts

@@ -1,3 +1,6 @@
+import CxData from "./CxData";
+import CxVulnerabilityDetails from "./CxVulnerabilityDetails";
+
 export default class CxResult {
     type: string;
     id: string;
@@ -10,7 +13,25 @@ export default class CxResult {
     foundAt: string;
     firstScanId: string;
     description: string;
-    data: any = {};
+    data: CxData;
     comments: any = {};
-    vulnerabilityDetails:object = {};
-}
+    vulnerabilityDetails:CxVulnerabilityDetails;
+
+    constructor(type: string,id: string,status: string,similarityId: string,state: string,severity: string,created: string,firstFoundAt: string,foundAt: string,firstScanId:string,description: string,data: CxData,comments: any,vulnerabilityDetails: CxVulnerabilityDetails) {
+        this.type = type;
+        this.id = id;
+        this.status = status;
+        this.similarityId = similarityId;
+        this.state = state;
+        this.severity = severity;
+        this.created = created;
+        this.firstFoundAt = firstFoundAt;
+        this.foundAt = foundAt;
+        this.firstScanId = firstScanId;
+        this.description = description;
+        this.data = data;
+        this.comments = comments;
+        this.vulnerabilityDetails = vulnerabilityDetails;
+    }
+}
+

src/main/results/CxScaPackageData.ts

@@ -0,0 +1,17 @@
+import CxDependencyPaths from "./CxDependencyPaths";
+
+export default class CxScaPackageData {
+    id: string;
+    locations: string [];
+    dependencyPaths: CxDependencyPaths [];
+    outdated: boolean;
+    fixLink:string
+
+    constructor(id: string,locations: string [],dependencyPaths: CxDependencyPaths [],outdated: boolean,fixLink:string) {
+        this.id = id;
+        this.locations = locations;
+        this.dependencyPaths = dependencyPaths;
+        this.outdated = outdated;
+        this.fixLink = fixLink;
+    }
+}

src/main/results/CxVulnerabilityDetails.ts

@@ -0,0 +1,17 @@
+import CxCvss from "./CxCvss";
+
+export default class CxVulnerabilityDetails {
+    cweId: number;
+    cvss: CxCvss;
+    compliances: string[];
+    cvssScore:number;
+    cveName:string;
+
+    constructor(cweId: number,cvss: CxCvss,compliances: string[],cvssScore: number,cveName:string) {
+        this.cweId = cweId;
+        this.cvss = cvss;
+        this.compliances = compliances;
+        this.cvssScore = cvssScore;
+        this.cveName = cveName;
+    }
+}

src/main/wrapper/CxConstants.ts

@@ -18,9 +18,13 @@ export enum CxConstants {
     CMD_UTILS = "utils",
     CMD_REMEDIATION = "remediation",
     SUB_CMD_REMEDIATION_KICS = "kics",
+    SUB_CMD_REMEDIATION_SCA = "sca",
     KICS_REMEDIATION_RESULTS_FILE = "--results-file",
     KICS_REMEDIATION_KICS_FILE = "--kics-files",
     KICS_REMEDIATION_SIMILARITY_IDS = "--similarity-ids",
+    SCA_REMEDIATION_PACKAGE_FILE = "--package-file",
+    SCA_REMEDIATION_PACKAGE = "--package",
+    SCA_REMEDIATION_PACKAGE_VERSION = "--package-version",
     CMD_AUTH = "auth",
     SUB_CMD_VALIDATE = "validate",
     CMD_PROJECT = "project",

src/main/wrapper/CxWrapper.ts

@@ -1,13 +1,13 @@
-import { CxConfig } from "./CxConfig";
-import { CxParamType } from "./CxParamType";
-import { CxConstants } from "./CxConstants";
-import { ExecutionService } from "./ExecutionService";
-import { CxCommandOutput } from "./CxCommandOutput";
-import path = require('path');
-import { getLoggerWithFilePath, logger } from "./loggerConfig";
+import {CxConfig} from "./CxConfig";
+import {CxParamType} from "./CxParamType";
+import {CxConstants} from "./CxConstants";
+import {ExecutionService} from "./ExecutionService";
+import {CxCommandOutput} from "./CxCommandOutput";
+import {getLoggerWithFilePath, logger} from "./loggerConfig";
 import * as fs from "fs"
 import * as os from "os";
 import CxBFL from "../bfl/CxBFL";
+import path = require('path');
 
 type ParamTypeMap = Map<CxParamType, string>;
 
@@ -260,6 +260,13 @@ export class CxWrapper {
         return exec.executeKicsCommands(this.config.pathToExecutable, commands, CxConstants.KICS_REMEDIATION_TYPE);
     }
 
+    async scaRemediation(packageFile: string, packages:string, packageVersion:string): Promise<CxCommandOutput>  {
+        const commands: string[] = [CxConstants.CMD_UTILS, CxConstants.CMD_REMEDIATION,CxConstants.SUB_CMD_REMEDIATION_SCA,CxConstants.SCA_REMEDIATION_PACKAGE_FILE, packageFile,CxConstants.SCA_REMEDIATION_PACKAGE, packages,CxConstants.SCA_REMEDIATION_PACKAGE_VERSION,packageVersion];
+        commands.push(...this.initializeCommands(false));
+        const exec = new ExecutionService();
+        return exec.executeCommands(this.config.pathToExecutable, commands);
+    }
+
     getIndexOfBflNode(bflNodes: CxBFL[], resultNodes: any[]): number {
 
         const bflNodeNotFound = -1;

src/main/wrapper/ExecutionService.ts

@@ -10,6 +10,12 @@ import CxCodeBashing from "../codebashing/CxCodeBashing";
 import CxBFL from "../bfl/CxBFL";
 import spawner = require('child_process');
 import CxKicsRealTime from "../kicsRealtime/CxKicsRealTime";
+import CxData from "../results/CxData";
+import CxScaPackageData from "../results/CxScaPackageData";
+import CxVulnerabilityDetails from "../results/CxVulnerabilityDetails";
+import CxCvss from "../results/CxCvss";
+import CxNode from "../results/CxNode";
+import CxPackageData from "../results/CxPackageData";
 import CxKicsRemediation from "../remediation/CxKicsRemediation";
 
 
@@ -185,7 +191,19 @@ export class ExecutionService {
         if(fileExtension.includes("json")){
             const read_json = JSON.parse(read.replace(/:([0-9]{15,}),/g, ':"$1",'));
             if (read_json.results){
-                const r : CxResult[] = read_json.results.map((member:any)=>{return Object.assign( new CxResult(),member);});
+                const r : CxResult[] = read_json.results.map((member:any)=>{
+                    const cxScaPackageData = new CxScaPackageData(member.data.scaPackageData?.id,member.data.scaPackageData?.locations,member.data.scaPackageData?.dependencyPaths,member.data.scaPackageData?.outdated,member.data.scaPackageData?.fixLink);
+                    const cvss = new CxCvss(member.vulnerabilityDetails.cvss.version,member.vulnerabilityDetails.cvss.attackVector,member.vulnerabilityDetails.cvss.availability,member.vulnerabilityDetails.cvss.confidentiality,member.vulnerabilityDetails.cvss.attackComplexity,member.vulnerabilityDetails.cvss.integrityImpact,member.vulnerabilityDetails.cvss.scope,member.vulnerabilityDetails.cvss.privilegesRequired,member.vulnerabilityDetails.cvss.userInteraction);
+                    const cxVulnerabilityDetails = new CxVulnerabilityDetails(member.vulnerabilityDetails.cweId,cvss,member.vulnerabilityDetails.compliances,member.vulnerabilityDetails.cvssScore,member.vulnerabilityDetails.cveName);
+                    const nodes:CxNode[]=member.data.nodes?.map((node:any)=>{
+                        return new CxNode(node.id,node.line,node.name,node.column,node.length,node.method,node.nodeID,node.domType,node.fileName,node.fullName,node.typeName,node.methodLine,node.definitions)
+                    });
+                    const cxPackageData:CxPackageData[]=member.data.packageData?.map((packages:any)=>{
+                        return new CxPackageData(packages.comment,packages.type,packages.url);
+                    });
+                    const data = new CxData(cxPackageData,member.data.packageIdentifier,cxScaPackageData,member.data.queryId,member.data.queryName,member.data.group,member.data.resultHash,member.data.languageName,nodes,member.data.recommendedVersion);
+                    return new CxResult(member.type,member.id,member.status,member.similarityId,member.state,member.severity,member.created,member.firstFoundAt,member.foundAt,member.firstScanId,member.description,data,member.comments,cxVulnerabilityDetails);
+                });
                 cxCommandOutput.payload = r;
             }
             else{

src/tests/RemediationTest.test.ts

@@ -22,4 +22,10 @@ describe("Kics Remediation cases",() => {
         expect(remediation.availableRemediation).toBeDefined();
         expect(remediation.appliedRemediation).toBeDefined();
     });
+
+    it('SCA Remediation Successful case ', async () => {
+        const auth = new CxWrapper(cxScanConfig);
+        const e:CxCommandOutput = await auth.scaRemediation("dist/tests/data/package.json","copyfiles","1.2")
+        expect(e.exitCode).toBe(0);
+    });
 });