diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4814c165..8f869ab7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,7 +34,7 @@ jobs: with: project_name: ast-cli-javascript-wrapper branch: master - base_uri: ${{ secrets.BASEURI }} + base_uri: ${{ secrets.BASE_URI }} cx_tenant: ${{ secrets.TENANT }} cx_client_id: ${{ secrets.CLIENT_ID }} cx_client_secret: ${{ secrets.CLIENT_SECRET }} diff --git a/jest.config.bkup.txt b/jest.config.bkup.txt deleted file mode 100644 index ac744ece..00000000 --- a/jest.config.bkup.txt +++ /dev/null @@ -1,4 +0,0 @@ -export default { - testEnvironment: 'jest-environment-node', - transform: {} -}; \ No newline at end of file diff --git a/mock-results.json b/mock-results.json deleted file mode 100644 index dc83908c..00000000 --- a/mock-results.json +++ /dev/null @@ -1,269 +0,0 @@ -{ - "date": "4/21/2021", - "version": "0.0.1", - "engines": [ - "sast", - "sca", - "kics" - ], - "results": [ - { - "id": "12345", - "similarityId": -868420736, - "vulnerabilityDetails": { - "cweId": 602, - "owasp2017": "A1" - }, - "severity": "LOW", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "NOT_EXPLOITABLE", - "type": "sast", - "data": { - "queryId": 10526212270892872000, - "queryName": "Client Side Only Validation", - "group": "VbNet_Low_Visibility", - "pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "languageName": "VbNet", - "nodes": [ - { - "column": 15, - "fileName": "test.cs", - "fullName": "/bookstore/test.php", - "length": 14, - "line": 1, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl" - }, - { - "column": 15, - "fileName": "source.cs", - "fullName": "/bookstore/src/source.cs", - "length": 14, - "line": 22, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl" - } - ] - }, - "comments": "This is long standing SASt error?" - }, - { - "id": "12345", - "similarityId": -868420736, - "vulnerabilityDetails": { - "cweId": 602, - "owasp2017": "A1" - }, - "severity": "LOW", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "NEW", - "state": "NOT_EXPLOITABLE", - "type": "sast", - "data": { - "queryId": 10526212270892872000, - "queryName": "Jeff Major Issue", - "group": "VbNet_Low_Visibility", - "pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "languageName": "Java", - "nodes": [ - { - "column": 15, - "fileName": "BookDetail.aspx", - "fullName": "/bookstore/BookDetail.aspx", - "length": 14, - "line": 68, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl", - "nodeSystemId": "fTPHOKt18pwXgBGUaMx8XV7rL5s=", - "nodeHash": "fTPHOKt18pwXgBGUaMx8XV7rL5s=" - } - ] - }, - "comments": "This is long standing SASt error?" - }, - { - "id": "12345", - "similarityId": -868420736, - "vulnerabilityDetails": { - "cweId": 602, - "owasp2017": "A1" - }, - "severity": "HIGH", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "NEW", - "state": "NOT_EXPLOITABLE", - "type": "sast", - "data": { - "queryId": 10526212270892872000, - "queryName": "SQL Injection", - "group": "VbNet_Low_Visibility", - "pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "languageName": "VbNet", - "nodes": [ - { - "column": 15, - "fileName": "BookDetail.aspx", - "fullName": "/bookstore/BookDetail.aspx", - "length": 14, - "line": 90, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl", - "nodeSystemId": "fTPHOKt18pwXgBGUaMx8XV7rL5s=", - "nodeHash": "fTPHOKt18pwXgBGUaMx8XV7rL5s=" - } - ] - }, - "comments": "This another error we created for testing." - }, - { - "id": "12345", - "similarityId": -868420736, - "vulnerabilityDetails": { - "cweId": 602, - "owasp2017": "A1" - }, - "severity": "MEDIUM", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "NOT_EXPLOITABLE", - "type": "sast", - "data": { - "queryId": 10526212270892872000, - "queryName": "XSS", - "group": "VbNet_Low_Visibility", - "pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "languageName": "VbNet", - "nodes": [ - { - "column": 15, - "fileName": "StoreFront.aspx", - "fullName": "/bookstore/StoreFront.aspx", - "length": 14, - "line": 44, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl", - "nodeSystemId": "fTPHOKt18pwXgBGUaMx8XV7rL5s=", - "nodeHash": "fTPHOKt18pwXgBGUaMx8XV7rL5s=" - } - ] - }, - "comments": "The alternative test page." - }, - - { - "id": "12346", - "type": "dependency", - "similarityId": "?? Null currently CVE?", - "vulnerabilityMetadata": { - "cvssScore": 7.5, - "cveName": "CVE-2014-0114", - "cweId": 20, - "cvss*": "any cvss calc values" - }, - "severity": "INFO", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "CONFIRMED", - "data": { - "description": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.3, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.", - "recommendations": "", - "packageId": "Maven-commons-beanutils:commons-beanutils-1.8.3", - "recommendedVersion": "1.9.4", - "exploitableMethods": [ - "" - ], - "packagePublishDate": "2014-04-30T10:49:00Z", - "packageData": [ - { - "url": "https://issues.apache.org/jira/browse/BEANUTILS-520", - "type": "Issue", - "comment": "Apache Commons BeanUtils" - }, - { - "url": "https://github.com/apache/commons-beanutils/pull/7", - "type": "Pull request", - "comment": "" - } - ] - }, - "comments": "href to comments?" - }, - { - "id": "12347", - "similarityId": "-1", - "vulnerabilityDetails": { - "royaltyFree": "Free", - "copyrightRiskScore": "3", - "linking": "NonViral", - "copyLeft": "NoCopyleft", - "patentRiskScore": "3" - }, - "severity": "LOW", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "CONFIRMED", - "type": "license", - "data": { - "queryId": "Unknown-abbrev-1.0.9-ISC", - "queryName": "ISC", - "queryUrl": "https://opensource.org/licenses/ISC", - "packageType": "Npm", - "packageUrl": "https://www.npmjs.com/package/abbrev/v/1.0.9" - }, - "comments": "href to comments?" - }, - { - "id": "12348", - "type": "infrastructure", - "similarityId": "80c80ca05c3cd6fdddc808e042d3a404aee120a7419d89649c909409d6235614", - "vulnerabilityDetails": { - "tbd": "tbd" - }, - "severity": "MEDIUM", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "NOT_EXPLOITABLE", - "data": { - "queryId": "a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b", - "queryName": "AD Admin Not Configured For SQL Server", - "group": "Build Process", - "queryUrl": "https://docs.docker.com/engine/reference/builder/#entrypoint", - "fileName": "/terraform/azure/sql.tf", - "line": 9, - "platform": "Terraform", - "issueType": "IncorrectValue", - "searchKey": "FROM={{alpine:3.12.0}}.{{CMD /entrypoint.sh && crond -l 2 -f}}", - "searchValue": "", - "expectedValue": "FROM={{alpine:3.12.0}}.{{CMD /entrypoint.sh && crond -l 2 -f}} is in the JSON Notation", - "actualValue": "FROM={{alpine:3.12.0}}.{{CMD /entrypoint.sh && crond -l 2 -f}} isn't in the JSON Notation", - "value": null, - "description": "Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments" - }, - "comments": "href to comments?" - } - ] -} diff --git a/package-bkup-0.0.17.txt b/package-bkup-0.0.17.txt deleted file mode 100644 index 1084859f..00000000 --- a/package-bkup-0.0.17.txt +++ /dev/null @@ -1,52 +0,0 @@ -{ - "name": "@CheckmarxDev/ast-cli-javascript-wrapper", - "version": "0.0.17", - "description": "AST CLI Javascript wrapper", - "main": "dist/CxAuth.js", - "typings": "dist/CxAuth.d.ts", - "jest": { - "verbose": true, - "transform": {}, - "testEnvironment": "jest-environment-jsdom-sixteen" - }, - "type": "module", - "files": [ - "dist/main/resources/cx*", - "dist/main/*.ts", - "dist/main/*.js", - "dist/main/*.map", - "babel.config.js", - "jest.config.js", - "jest.setup.js", - "README.md" - ], - "dependencies": { - "typescript-logging": "^1.0.0", - "log4js": "6.3.0", - "tslog": "3.2.0" - }, - "scripts": { - "build": "tsc", - "postbuild": "copyfiles -u 1 src/main/resources/cx* dist/", - "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js" - }, - "repository": "https://github.com/CheckmarxDev/ast-cli-javascript-wrapper.git", - "author": "Jay Nanduri", - "license": "ISC", - "bugs": { - "url": "https://github.com/CheckmarxDev/ast-cli-javascript-wrapper/issues" - }, - "homepage": "https://github.com/CheckmarxDev/ast-cli-javascript-wrapper#readme", - "devDependencies": { - "@types/jest": "^26.0.24", - "copyfiles": "^2.4.1", - "jest": "^27.0.6", - "jest-extended": "^0.11.5", - "ts-jest": "^26.5.6", - "jest-environment-jsdom-sixteen": "^1.0.3", - "jest-environment-node": "^26.1.0" - }, - "publishConfig": { - "registry": "https://npm.pkg.github.com" - } -} diff --git a/package-bkup.json b/package-bkup.json deleted file mode 100644 index 348cdd86..00000000 --- a/package-bkup.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "name": "@CheckmarxDev/ast-cli-javascript-wrapper", - "version": "0.0.16", - "description": "AST CLI Javascript wrapper", - "main": "dist/CxAuth.js", - "typings": "dist/CxAuth.d.ts", - "jest": { - "verbose": true - }, - "type": "commonjs", - "files": [ - "dist/main/resources/cx*", - "dist/main/*.ts", - "dist/main/*.js", - "dist/main/*.map", - "babel.config.js", - "jest.config.js", - "jest.setup.js", - "README.md" - ], - "dependencies": { - "typescript-logging": "^1.0.0", - "log4js": "6.3.0", - "tslog": "3.2.0" - }, - "scripts": { - "build": "tsc", - "postbuild": "copyfiles -u 1 src/main/resources/cx* dist/", - "test": "jest -i --silent=false" - }, - "repository": "https://github.com/CheckmarxDev/ast-cli-javascript-wrapper.git", - "author": "Jay Nanduri", - "license": "ISC", - "bugs": { - "url": "https://github.com/CheckmarxDev/ast-cli-javascript-wrapper/issues" - }, - "homepage": "https://github.com/CheckmarxDev/ast-cli-javascript-wrapper#readme", - "devDependencies": { - // "@babel/plugin-proposal-class-properties": "^7.14.5", - // "@babel/preset-env": "^7.14.2", - // "@babel/preset-typescript": "^7.13.0", - // "@babel/runtime": "7.14.8", - // "@types/jest": "^26.0.23", - // "@types/node": "^15.6.1", - // "babel-core": "^6.26.0", - // "babel-jest": "^27.0.1", - // "babel-plugin-transform-regenerator": "^6.26.0", - // "babel-polyfill": "^6.26.0", - // "babel-preset-es2015": "^6.0.15", - // "babel-preset-stage-0": "^6.0.15", - "copyfiles": "^2.4.1", - "jest": "^27.0.6", - "ts-jest": "^26.5.6", - "babel-jest" : "27.0.6" - // "@babel/core": "^7.14.8", - // "@babel/cli": "^7.14.8", - // "babel-loader": "^8.2.2", - // "babel-plugin-lodash": "^3.3.2", - // "babel-plugin-react-transform": "^3.0.0", - // "@babel/preset-react": "^7.14.5" - }, - "publishConfig": { - "registry": "https://npm.pkg.github.com" - } -} diff --git a/package-lock.json b/package-lock.json index d9e4a66e..876d8d85 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1479,6 +1479,29 @@ "to-object-path": "^0.3.0", "union-value": "^1.0.0", "unset-value": "^1.0.0" + }, + "dependencies": { + "extend-shallow": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", + "dev": true, + "requires": { + "is-extendable": "^0.1.0" + } + }, + "set-value": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz", + "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==", + "dev": true, + "requires": { + "extend-shallow": "^2.0.1", + "is-extendable": "^0.1.1", + "is-plain-object": "^2.0.3", + "split-string": "^3.0.1" + } + } } }, "call-bind": { @@ -3579,29 +3602,6 @@ "@jest/core": "^26.6.3", "import-local": "^3.0.2", "jest-cli": "^26.6.3" - }, - "dependencies": { - "jest-cli": { - "version": "26.6.3", - "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-26.6.3.tgz", - "integrity": "sha512-GF9noBSa9t08pSyl3CY4frMrqp+aQXFGFkf5hEPbh/pIUFYWMK6ZLTfbmadxJVcJrdRoChlWQsA2VkJcDFK8hg==", - "dev": true, - "requires": { - "@jest/core": "^26.6.3", - "@jest/test-result": "^26.6.2", - "@jest/types": "^26.6.2", - "chalk": "^4.0.0", - "exit": "^0.1.2", - "graceful-fs": "^4.2.4", - "import-local": "^3.0.2", - "is-ci": "^2.0.0", - "jest-config": "^26.6.3", - "jest-util": "^26.6.2", - "jest-validate": "^26.6.2", - "prompts": "^2.0.1", - "yargs": "^15.4.1" - } - } } }, "jest-changed-files": { @@ -5772,29 +5772,6 @@ "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=", "dev": true }, - "set-value": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz", - "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==", - "dev": true, - "requires": { - "extend-shallow": "^2.0.1", - "is-extendable": "^0.1.1", - "is-plain-object": "^2.0.3", - "split-string": "^3.0.1" - }, - "dependencies": { - "extend-shallow": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", - "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", - "dev": true, - "requires": { - "is-extendable": "^0.1.0" - } - } - } - }, "shebang-command": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", @@ -6681,6 +6658,29 @@ "get-value": "^2.0.6", "is-extendable": "^0.1.1", "set-value": "^2.0.1" + }, + "dependencies": { + "extend-shallow": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=", + "dev": true, + "requires": { + "is-extendable": "^0.1.0" + } + }, + "set-value": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz", + "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==", + "dev": true, + "requires": { + "extend-shallow": "^2.0.1", + "is-extendable": "^0.1.1", + "is-plain-object": "^2.0.3", + "split-string": "^3.0.1" + } + } } }, "universalify": { diff --git a/package.json b/package.json index e3cad67d..98309885 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "scripts": { "build": "tsc", "postbuild": "copyfiles -u 1 src/main/resources/cx* dist/", - "test": "tsc && jest" + "test": "tsc && jest --runInBand" }, "repository": "https://github.com/CheckmarxDev/ast-cli-javascript-wrapper.git", "author": "Jay Nanduri", diff --git a/src/main/resources/cx-linux b/src/main/resources/cx-linux index 49b9f215..42b9adf9 100644 Binary files a/src/main/resources/cx-linux and b/src/main/resources/cx-linux differ diff --git a/src/main/resources/mock-results.json b/src/main/resources/mock-results.json deleted file mode 100644 index dc83908c..00000000 --- a/src/main/resources/mock-results.json +++ /dev/null @@ -1,269 +0,0 @@ -{ - "date": "4/21/2021", - "version": "0.0.1", - "engines": [ - "sast", - "sca", - "kics" - ], - "results": [ - { - "id": "12345", - "similarityId": -868420736, - "vulnerabilityDetails": { - "cweId": 602, - "owasp2017": "A1" - }, - "severity": "LOW", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "NOT_EXPLOITABLE", - "type": "sast", - "data": { - "queryId": 10526212270892872000, - "queryName": "Client Side Only Validation", - "group": "VbNet_Low_Visibility", - "pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "languageName": "VbNet", - "nodes": [ - { - "column": 15, - "fileName": "test.cs", - "fullName": "/bookstore/test.php", - "length": 14, - "line": 1, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl" - }, - { - "column": 15, - "fileName": "source.cs", - "fullName": "/bookstore/src/source.cs", - "length": 14, - "line": 22, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl" - } - ] - }, - "comments": "This is long standing SASt error?" - }, - { - "id": "12345", - "similarityId": -868420736, - "vulnerabilityDetails": { - "cweId": 602, - "owasp2017": "A1" - }, - "severity": "LOW", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "NEW", - "state": "NOT_EXPLOITABLE", - "type": "sast", - "data": { - "queryId": 10526212270892872000, - "queryName": "Jeff Major Issue", - "group": "VbNet_Low_Visibility", - "pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "languageName": "Java", - "nodes": [ - { - "column": 15, - "fileName": "BookDetail.aspx", - "fullName": "/bookstore/BookDetail.aspx", - "length": 14, - "line": 68, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl", - "nodeSystemId": "fTPHOKt18pwXgBGUaMx8XV7rL5s=", - "nodeHash": "fTPHOKt18pwXgBGUaMx8XV7rL5s=" - } - ] - }, - "comments": "This is long standing SASt error?" - }, - { - "id": "12345", - "similarityId": -868420736, - "vulnerabilityDetails": { - "cweId": 602, - "owasp2017": "A1" - }, - "severity": "HIGH", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "NEW", - "state": "NOT_EXPLOITABLE", - "type": "sast", - "data": { - "queryId": 10526212270892872000, - "queryName": "SQL Injection", - "group": "VbNet_Low_Visibility", - "pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "languageName": "VbNet", - "nodes": [ - { - "column": 15, - "fileName": "BookDetail.aspx", - "fullName": "/bookstore/BookDetail.aspx", - "length": 14, - "line": 90, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl", - "nodeSystemId": "fTPHOKt18pwXgBGUaMx8XV7rL5s=", - "nodeHash": "fTPHOKt18pwXgBGUaMx8XV7rL5s=" - } - ] - }, - "comments": "This another error we created for testing." - }, - { - "id": "12345", - "similarityId": -868420736, - "vulnerabilityDetails": { - "cweId": 602, - "owasp2017": "A1" - }, - "severity": "MEDIUM", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "NOT_EXPLOITABLE", - "type": "sast", - "data": { - "queryId": 10526212270892872000, - "queryName": "XSS", - "group": "VbNet_Low_Visibility", - "pathSystemId": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "resultHash": "CF0SQeGPoCwKDphvpEFO5OUHZME=", - "languageName": "VbNet", - "nodes": [ - { - "column": 15, - "fileName": "StoreFront.aspx", - "fullName": "/bookstore/StoreFront.aspx", - "length": 14, - "line": 44, - "methodLine": 1, - "name": "bookdetailpage", - "domType": "ClassDecl", - "nodeSystemId": "fTPHOKt18pwXgBGUaMx8XV7rL5s=", - "nodeHash": "fTPHOKt18pwXgBGUaMx8XV7rL5s=" - } - ] - }, - "comments": "The alternative test page." - }, - - { - "id": "12346", - "type": "dependency", - "similarityId": "?? Null currently CVE?", - "vulnerabilityMetadata": { - "cvssScore": 7.5, - "cveName": "CVE-2014-0114", - "cweId": 20, - "cvss*": "any cvss calc values" - }, - "severity": "INFO", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "CONFIRMED", - "data": { - "description": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.3, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.", - "recommendations": "", - "packageId": "Maven-commons-beanutils:commons-beanutils-1.8.3", - "recommendedVersion": "1.9.4", - "exploitableMethods": [ - "" - ], - "packagePublishDate": "2014-04-30T10:49:00Z", - "packageData": [ - { - "url": "https://issues.apache.org/jira/browse/BEANUTILS-520", - "type": "Issue", - "comment": "Apache Commons BeanUtils" - }, - { - "url": "https://github.com/apache/commons-beanutils/pull/7", - "type": "Pull request", - "comment": "" - } - ] - }, - "comments": "href to comments?" - }, - { - "id": "12347", - "similarityId": "-1", - "vulnerabilityDetails": { - "royaltyFree": "Free", - "copyrightRiskScore": "3", - "linking": "NonViral", - "copyLeft": "NoCopyleft", - "patentRiskScore": "3" - }, - "severity": "LOW", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "CONFIRMED", - "type": "license", - "data": { - "queryId": "Unknown-abbrev-1.0.9-ISC", - "queryName": "ISC", - "queryUrl": "https://opensource.org/licenses/ISC", - "packageType": "Npm", - "packageUrl": "https://www.npmjs.com/package/abbrev/v/1.0.9" - }, - "comments": "href to comments?" - }, - { - "id": "12348", - "type": "infrastructure", - "similarityId": "80c80ca05c3cd6fdddc808e042d3a404aee120a7419d89649c909409d6235614", - "vulnerabilityDetails": { - "tbd": "tbd" - }, - "severity": "MEDIUM", - "firstScanId": "fc6a6e5e-3dab-4b3f-af2b-6dcf446626ef", - "firstFoundAt": "2021-03-25T19:09:06Z", - "foundAt": "2021-03-25T20:07:30Z", - "status": "RECURRENT", - "state": "NOT_EXPLOITABLE", - "data": { - "queryId": "a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b", - "queryName": "AD Admin Not Configured For SQL Server", - "group": "Build Process", - "queryUrl": "https://docs.docker.com/engine/reference/builder/#entrypoint", - "fileName": "/terraform/azure/sql.tf", - "line": 9, - "platform": "Terraform", - "issueType": "IncorrectValue", - "searchKey": "FROM={{alpine:3.12.0}}.{{CMD /entrypoint.sh && crond -l 2 -f}}", - "searchValue": "", - "expectedValue": "FROM={{alpine:3.12.0}}.{{CMD /entrypoint.sh && crond -l 2 -f}} is in the JSON Notation", - "actualValue": "FROM={{alpine:3.12.0}}.{{CMD /entrypoint.sh && crond -l 2 -f}} isn't in the JSON Notation", - "value": null, - "description": "Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments" - }, - "comments": "href to comments?" - } - ] -} diff --git a/src/main/resources/test-mock.json b/src/main/resources/test-mock.json deleted file mode 100644 index 6316a256..00000000 --- a/src/main/resources/test-mock.json +++ /dev/null @@ -1 +0,0 @@ -[{"id":"12345","similarityId":"","type":"sast","status":"RECURRENT","state":"NOT_EXPLOITABLE","data":"","severity":"LOW","column":"","fileName":"/bookstore/BookDetail.aspx","fullName":"bookdetailpage","name":"bookdetailpage","line":"","methodLine":"","comments":"","queryName":"Client_Side_Only_Validation"},{"id":"12346","similarityId":"?? Null currently CVE?","type":"dependency","status":"RECURRENT","state":"CONFIRMED","data":"","severity":"INFO","column":"","fileName":"","fullName":"","name":"","line":"","methodLine":"","comments":"","queryName":""},{"id":"12347","similarityId":"-1","type":"license","status":"RECURRENT","state":"CONFIRMED","data":"","severity":"LOW","column":"","fileName":"","fullName":"","name":"","line":"","methodLine":"","comments":"","queryName":"ISC"},{"id":"12348","similarityId":"80c80ca05c3cd6fdddc808e042d3a404aee120a7419d89649c909409d6235614","type":"infrastructure","status":"RECURRENT","state":"NOT_EXPLOITABLE","data":"","severity":"MEDIUM","column":"","fileName":"","fullName":"","name":"","line":"","methodLine":"","comments":"","queryName":"AD Admin Not Configured For SQL Server"}] \ No newline at end of file diff --git a/src/tests/CxAuthCall.test.ts b/src/tests/CxAuthCall.test.ts index ebad926c..104ef77b 100644 --- a/src/tests/CxAuthCall.test.ts +++ b/src/tests/CxAuthCall.test.ts @@ -4,7 +4,6 @@ import {CxParamType} from '../main/CxParamType'; import {CxCommandOutput} from "../main/CxCommandOutput"; import * as fs from "fs"; - let cxScanConfig = new CxScanConfig(); cxScanConfig.baseUri = process.env["CX_BASE_URI"]; cxScanConfig.clientId = process.env["CX_CLIENT_ID"]; @@ -13,16 +12,15 @@ cxScanConfig.tenant = process.env["CX_TENANT"]; if(process.env["PATH_TO_EXECUTABLE"] !== null && process.env["PATH_TO_EXECUTABLE"] !== undefined ) { cxScanConfig.pathToExecutable = process.env["PATH_TO_EXECUTABLE"]; } -let params = new Map(); -params.set(CxParamType.PROJECT_NAME, "ASTJSWrapperIntegrationTests"); -params.set(CxParamType.SCAN_TYPES, "sast"); - -params.set(CxParamType.S, "./src/tests"); -params.set(CxParamType.FILTER, "*.ts,!**/node_modules/**/*"); -const auth = new CxAuth(cxScanConfig); describe("ScanCreate cases",() => { it('ScanCreate Successful case wait mode', async () => { + const params = new Map(); + params.set(CxParamType.PROJECT_NAME, "ast-cli-javascript-integration-success"); + params.set(CxParamType.S, "./src"); + params.set(CxParamType.FILTER, "*.ts,!**/node_modules/**/*"); + + const auth = new CxAuth(cxScanConfig); const data = await auth.scanCreate(params); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) const ScanObject = cxCommandOutput.scanObjectList.pop() @@ -32,8 +30,13 @@ describe("ScanCreate cases",() => { }) it('ScanCreate Successful case with Branch', async () => { + const params = new Map(); + params.set(CxParamType.PROJECT_NAME, "ast-cli-javascript-integration-success-branch"); + params.set(CxParamType.S, "./src"); + params.set(CxParamType.FILTER, "*.ts,!**/node_modules/**/*"); params.set(CxParamType.BRANCH, "master"); - //params.set(CxParamType.PROJECT_NAME, "ASTJavascriptWrapperTest"); + const auth = new CxAuth(cxScanConfig); + const data = await auth.scanCreate(params); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) const ScanObject = cxCommandOutput.scanObjectList.pop() @@ -44,7 +47,12 @@ describe("ScanCreate cases",() => { }) it('ScanCreate Failure case', async () => { + const params = new Map(); + params.set(CxParamType.PROJECT_NAME, "ast-cli-javascript-integration-failure"); + params.set(CxParamType.S, "./src"); params.set(CxParamType.SAST_PRESET_NAME, "Checkmarx Default Fake"); + const auth = new CxAuth(cxScanConfig); + const data = await auth.scanCreate(params); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) const ScanObject = cxCommandOutput.scanObjectList.pop() @@ -54,9 +62,13 @@ describe("ScanCreate cases",() => { }) it('ScanCreate Successful case no wait mode', async () => { - params.set(CxParamType.PROJECT_NAME, "ASTJSWrapperTestNoWait"); - params.set(CxParamType.SAST_PRESET_NAME, "Checkmarx Default"); + const params = new Map(); + params.set(CxParamType.PROJECT_NAME, "ast-cli-javascript-integration-nowait"); + params.set(CxParamType.S, "./src"); + params.set(CxParamType.SAST_PRESET_NAME, "Checkmarx Default Fake"); params.set(CxParamType.ADDITIONAL_PARAMETERS, "--nowait"); + const auth = new CxAuth(cxScanConfig); + const data = await auth.scanCreate(params); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) const ScanObject = cxCommandOutput.scanObjectList.pop() @@ -69,6 +81,7 @@ describe("ScanCreate cases",() => { describe("ScanList cases",() => { it('ScanList Successful case', async () => { + const auth = new CxAuth(cxScanConfig); const data = await auth.scanList(); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) expect(cxCommandOutput.scanObjectList.length).toBeGreaterThan(0); @@ -77,6 +90,7 @@ describe("ScanList cases",() => { describe("ProjectList cases",() => { it('ProjectList Successful case', async () => { + const auth = new CxAuth(cxScanConfig); const data = await auth.projectList(); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) expect(cxCommandOutput.scanObjectList.length).toBeGreaterThan(0); @@ -85,40 +99,40 @@ describe("ProjectList cases",() => { describe("Results cases",() => { it('Result Test Successful case', async () => { + const auth = new CxAuth(cxScanConfig); const data = await auth.scanList(); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) let sampleId = cxCommandOutput.scanObjectList.pop().ID; - const written = await auth.getResults(sampleId,"json","jsonList", ".") - console.log(written) + await auth.getResults(sampleId,"json","jsonList", ".") const file = await fileExists("./jsonList.json"); expect(file).toBe(true); }); it('Result List Successful case', async () => { + const auth = new CxAuth(cxScanConfig); const data = await auth.scanList(); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) let sampleId = cxCommandOutput.scanObjectList.pop().ID; const written = await auth.getResultsList(sampleId) - console.log(written) expect(written.length).toBeGreaterThan(0); }); it('Result summary html file generation successful case', async () => { + const auth = new CxAuth(cxScanConfig); const data = await auth.scanList(); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) let sampleId = cxCommandOutput.scanObjectList.pop().ID; - const written = await auth.getResults(sampleId,"summaryHTML","test", ".") - console.log(written) + await auth.getResults(sampleId,"summaryHTML","test", ".") const file = await fileExists("./test.html"); expect(file).toBe(true); }); it('Result summary html string successful case', async () => { + const auth = new CxAuth(cxScanConfig); const data = await auth.scanList(); const cxCommandOutput: CxCommandOutput = JSON.parse(JSON.stringify(data)) let sampleId = cxCommandOutput.scanObjectList.pop().ID; const written = await auth.getResultsSummary(sampleId) - console.log(written) expect(written.length).toBeGreaterThan(0); });