From aad6930ef47ce0603507c17d47b69f13b13cabd8 Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Thu, 10 Jul 2025 12:08:49 +0300 Subject: [PATCH 01/23] add support ignore file oss --- src/main/wrapper/CxConstants.ts | 1 + src/main/wrapper/CxWrapper.ts | 30 ++++++++++++-------- src/main/wrapper/resources/cx-mac | 4 +-- src/tests/ScanTest.test.ts | 27 ++++++++++++++++-- src/tests/data/ossTypes.ts | 21 ++++++++++++++ tsc/tests/data/checkmarxIgnoredTempFile.json | 7 +++++ tsc/tests/data/package.json | 3 +- 7 files changed, 76 insertions(+), 17 deletions(-) create mode 100644 src/tests/data/ossTypes.ts create mode 100644 tsc/tests/data/checkmarxIgnoredTempFile.json diff --git a/src/main/wrapper/CxConstants.ts b/src/main/wrapper/CxConstants.ts index 9174ea4f..2b2c93bb 100644 --- a/src/main/wrapper/CxConstants.ts +++ b/src/main/wrapper/CxConstants.ts @@ -1,4 +1,5 @@ export enum CxConstants { + IGNORE__FILE_PATH = "--ignored-file-path", SOURCE = "-s", VERBOSE = "-v", PROJECT_NAME = "--project-name", diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts index 2ab25729..4807966a 100644 --- a/src/main/wrapper/CxWrapper.ts +++ b/src/main/wrapper/CxWrapper.ts @@ -57,7 +57,7 @@ export class CxWrapper { } } - + initializeCommands(formatRequired: boolean): string[] { const list: string[] = []; if (this.config.clientId) { @@ -149,20 +149,26 @@ export class CxWrapper { return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_ASCA); } - async ossScanResults(sourceFile: string): Promise { - const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_OSS, CxConstants.SOURCE, sourceFile]; - commands.push(...this.initializeCommands(false)); - const exec = new ExecutionService(); - return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS); - } + async ossScanResults(sourceFile: string, ignoredFilePath?: string): Promise { + const commands: string[] = [ + CxConstants.CMD_SCAN, + CxConstants.CMD_OSS, + CxConstants.SOURCE, + sourceFile + ]; - async secretsScanResults(sourceFile: string): Promise { - const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_SECRETS, CxConstants.SOURCE, sourceFile]; - commands.push(...this.initializeCommands(false)); - const exec = new ExecutionService(); - return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS); + if (ignoredFilePath) { + commands.push(CxConstants.IGNORE__FILE_PATH); + commands.push(ignoredFilePath); } + commands.push(...this.initializeCommands(false)); + + const exec = new ExecutionService(); + return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS); +} + + async scanCancel(id: string): Promise { const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.SUB_CMD_CANCEL, CxConstants.SCAN_ID, id]; commands.push(...this.initializeCommands(false)); diff --git a/src/main/wrapper/resources/cx-mac b/src/main/wrapper/resources/cx-mac index 68ca418a..1920f53f 100755 --- a/src/main/wrapper/resources/cx-mac +++ b/src/main/wrapper/resources/cx-mac @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a290c0a5147403168bf8f56bb6b7752e76a278ded9639f4b8563e4a0f8f77090 -size 152195792 +oid sha256:b5c1762c7a739fbb292e270e674906d54eb8384650863aed8a5ca2e5d21d52c5 +size 152228816 diff --git a/src/tests/ScanTest.test.ts b/src/tests/ScanTest.test.ts index 781b0f12..3f6ec066 100644 --- a/src/tests/ScanTest.test.ts +++ b/src/tests/ScanTest.test.ts @@ -2,6 +2,7 @@ import { CxWrapper } from '../main/wrapper/CxWrapper'; import { CxCommandOutput } from "../main/wrapper/CxCommandOutput"; import { CxParamType } from "../main/wrapper/CxParamType"; import { BaseTest } from "./BaseTest"; +import {OssPackage} from "./data/ossTypes"; describe("ScanCreate cases", () => { const cxScanConfig = new BaseTest(); @@ -173,15 +174,37 @@ describe("ScanCreate cases", () => { expect(Number.isInteger(scanObject.scanDetails[0].line)).toBe(true); expect(typeof scanObject.scanDetails[0].description).toBe('string'); }); - + it('ScanOss Successful case', async () => { const wrapper = new CxWrapper(cxScanConfig); - const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json"); + const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json",""); console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput)); expect(cxCommandOutput.payload).toBeDefined(); expect(cxCommandOutput.exitCode).toBe(0); }); + it('ScanOss with ignored package should filter results', async () => { + const wrapper = new CxWrapper(cxScanConfig); + const sourceFile = "tsc/tests/data/package.json"; + const ignoredFile = "tsc/tests/data/checkmarxIgnoredTempFile.json"; + + const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults(sourceFile, ignoredFile); + + expect(cxCommandOutput.exitCode).toBe(0); + expect(cxCommandOutput.payload).toBeDefined(); + + const results = cxCommandOutput.payload as OssPackage[]; + + console.log("Filtered OSS packages:", results); + + expect(results.length).toBe(1); + + const hasCOA = results.some(pkg => + pkg.PackageManager === "coa" && pkg.PackageVersion === "3.1.3" + ); + expect(hasCOA).toBe(false); +}); + it.skip('ScanSecrets Successful case', async () => { const wrapper = new CxWrapper(cxScanConfig); const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults("src/tests/data/secret-exposed.txt"); diff --git a/src/tests/data/ossTypes.ts b/src/tests/data/ossTypes.ts new file mode 100644 index 00000000..e6e7b9fd --- /dev/null +++ b/src/tests/data/ossTypes.ts @@ -0,0 +1,21 @@ +export interface Location { + Line: number; + StartIndex: number; + EndIndex: number; +} + +export interface Vulnerability { + CVE: string; + Description: string; + Severity: string; +} + +export interface OssPackage { + PackageManager: string; + PackageName: string; + PackageVersion: string; + FilePath: string; + Locations: Location[]; + Status: string; + Vulnerabilities: Vulnerability[]; +} diff --git a/tsc/tests/data/checkmarxIgnoredTempFile.json b/tsc/tests/data/checkmarxIgnoredTempFile.json new file mode 100644 index 00000000..f8697fb2 --- /dev/null +++ b/tsc/tests/data/checkmarxIgnoredTempFile.json @@ -0,0 +1,7 @@ +[ + { + "PackageManager": "npm", + "PackageName": "coa", + "PackageVersion": "3.1.3" + } +] \ No newline at end of file diff --git a/tsc/tests/data/package.json b/tsc/tests/data/package.json index 0d9789b5..3be6abe0 100644 --- a/tsc/tests/data/package.json +++ b/tsc/tests/data/package.json @@ -3,6 +3,7 @@ "version": "0.0.1", "description": "AST CLI Javascript wrapper tests", "dependencies": { - "log4js": "^6.9.1" + "log4js": "^6.9.1", + "coa":"3.1.3" } } From eb5f3b82811afa6b859202c989ed8dc69fc8685e Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Thu, 10 Jul 2025 12:14:25 +0300 Subject: [PATCH 02/23] revert secretsscanresults --- src/main/wrapper/CxWrapper.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts index 4807966a..f37d8f39 100644 --- a/src/main/wrapper/CxWrapper.ts +++ b/src/main/wrapper/CxWrapper.ts @@ -168,6 +168,12 @@ export class CxWrapper { return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS); } + async secretsScanResults(sourceFile: string): Promise { + const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_SECRETS, CxConstants.SOURCE, sourceFile]; + commands.push(...this.initializeCommands(false)); + const exec = new ExecutionService(); + return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS); + } async scanCancel(id: string): Promise { const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.SUB_CMD_CANCEL, CxConstants.SCAN_ID, id]; From 1b42f5cf28452224a740df56293a883f7df2b2bf Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Thu, 10 Jul 2025 15:48:06 +0300 Subject: [PATCH 03/23] change realse tag --- .github/scripts/update_cli.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/update_cli.sh b/.github/scripts/update_cli.sh index 6d59970b..2538cedb 100755 --- a/.github/scripts/update_cli.sh +++ b/.github/scripts/update_cli.sh @@ -1,6 +1,6 @@ #!/bin/bash -release=$1 +release=2.3.28 filename_windows=ast-cli_${release}_windows_x64.zip filename_linux=ast-cli_${release}_linux_x64.tar.gz filename_darwin=ast-cli_${release}_darwin_x64.tar.gz From 81a802f8575f6021c13b0f11823ae29645fcfdf7 Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 10 Jul 2025 12:49:45 +0000 Subject: [PATCH 04/23] Track Checkmarx CLI binaries with Git LFS --- src/main/wrapper/resources/cx-linux | 4 ++-- src/main/wrapper/resources/cx.exe | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/wrapper/resources/cx-linux b/src/main/wrapper/resources/cx-linux index 772d7ef8..35497342 100755 --- a/src/main/wrapper/resources/cx-linux +++ b/src/main/wrapper/resources/cx-linux @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c575ad83e1b594441fa60b9ced859709adaeb1fb82310c7a14cc03faf8bed385 -size 75616440 +oid sha256:762b94537e73f7af3243a63e9702fbe372c00173861bfec4cb5d0d9e2a830ee1 +size 75632824 diff --git a/src/main/wrapper/resources/cx.exe b/src/main/wrapper/resources/cx.exe index cff311ae..bf19415f 100644 --- a/src/main/wrapper/resources/cx.exe +++ b/src/main/wrapper/resources/cx.exe @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9cb276f871d8fc9460baef9d12f7aaf5773d133e3327a83d7cfd228db8aa0d97 -size 77584256 +oid sha256:1aa93e9fd0708f6f6f22e89af164b61f1ecedd307cedabe8c8341255c31e3ca6 +size 77598656 From 944a911b9cbfac82eafcf90c61f7e5e4f4e3f5d4 Mon Sep 17 00:00:00 2001 From: cx-itay-paz <143506741+cx-itay-paz@users.noreply.github.com> Date: Thu, 10 Jul 2025 12:49:45 +0000 Subject: [PATCH 05/23] Update checkmarx-ast-cli to 2.3.27 --- checkmarx-ast-cli.version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkmarx-ast-cli.version b/checkmarx-ast-cli.version index 91a51660..e487952b 100644 --- a/checkmarx-ast-cli.version +++ b/checkmarx-ast-cli.version @@ -1 +1 @@ -2.3.26 +2.3.27 From 687966c0619238dbc6ec18c7d4d358849056acbc Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Mon, 14 Jul 2025 11:47:06 +0300 Subject: [PATCH 06/23] change to 2.3.27-itay pre ealse cli --- .github/scripts/update_cli.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/update_cli.sh b/.github/scripts/update_cli.sh index 2538cedb..ce6b9e60 100755 --- a/.github/scripts/update_cli.sh +++ b/.github/scripts/update_cli.sh @@ -1,6 +1,6 @@ #!/bin/bash -release=2.3.28 +release=2.3.27-ItayIgnorer filename_windows=ast-cli_${release}_windows_x64.zip filename_linux=ast-cli_${release}_linux_x64.tar.gz filename_darwin=ast-cli_${release}_darwin_x64.tar.gz From d8c11d96c70487372a7d8833c5bf99a468ee1051 Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Mon, 14 Jul 2025 12:02:49 +0300 Subject: [PATCH 07/23] remove exe files --- src/main/wrapper/resources/cx-linux | 3 --- src/main/wrapper/resources/cx-mac | 3 --- src/main/wrapper/resources/cx.exe | 3 --- 3 files changed, 9 deletions(-) delete mode 100755 src/main/wrapper/resources/cx-linux delete mode 100755 src/main/wrapper/resources/cx-mac delete mode 100644 src/main/wrapper/resources/cx.exe diff --git a/src/main/wrapper/resources/cx-linux b/src/main/wrapper/resources/cx-linux deleted file mode 100755 index 35497342..00000000 --- a/src/main/wrapper/resources/cx-linux +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:762b94537e73f7af3243a63e9702fbe372c00173861bfec4cb5d0d9e2a830ee1 -size 75632824 diff --git a/src/main/wrapper/resources/cx-mac b/src/main/wrapper/resources/cx-mac deleted file mode 100755 index 1920f53f..00000000 --- a/src/main/wrapper/resources/cx-mac +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b5c1762c7a739fbb292e270e674906d54eb8384650863aed8a5ca2e5d21d52c5 -size 152228816 diff --git a/src/main/wrapper/resources/cx.exe b/src/main/wrapper/resources/cx.exe deleted file mode 100644 index bf19415f..00000000 --- a/src/main/wrapper/resources/cx.exe +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1aa93e9fd0708f6f6f22e89af164b61f1ecedd307cedabe8c8341255c31e3ca6 -size 77598656 From 984f76e4b8041d66ced20135af132b1322b20c97 Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Mon, 14 Jul 2025 12:03:59 +0300 Subject: [PATCH 08/23] change tag cli --- .github/scripts/update_cli.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/update_cli.sh b/.github/scripts/update_cli.sh index ce6b9e60..c8d6a885 100755 --- a/.github/scripts/update_cli.sh +++ b/.github/scripts/update_cli.sh @@ -1,6 +1,6 @@ #!/bin/bash -release=2.3.27-ItayIgnorer +release=2.3.27-ItayIgnore filename_windows=ast-cli_${release}_windows_x64.zip filename_linux=ast-cli_${release}_linux_x64.tar.gz filename_darwin=ast-cli_${release}_darwin_x64.tar.gz From 54e69a7107a2e4dedadbc2f07c31e59c8ecc781f Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Mon, 14 Jul 2025 12:12:32 +0300 Subject: [PATCH 09/23] Revert "remove exe files" This reverts commit d8c11d96c70487372a7d8833c5bf99a468ee1051. --- src/main/wrapper/resources/cx-linux | 3 +++ src/main/wrapper/resources/cx-mac | 3 +++ src/main/wrapper/resources/cx.exe | 3 +++ 3 files changed, 9 insertions(+) create mode 100755 src/main/wrapper/resources/cx-linux create mode 100755 src/main/wrapper/resources/cx-mac create mode 100644 src/main/wrapper/resources/cx.exe diff --git a/src/main/wrapper/resources/cx-linux b/src/main/wrapper/resources/cx-linux new file mode 100755 index 00000000..35497342 --- /dev/null +++ b/src/main/wrapper/resources/cx-linux @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:762b94537e73f7af3243a63e9702fbe372c00173861bfec4cb5d0d9e2a830ee1 +size 75632824 diff --git a/src/main/wrapper/resources/cx-mac b/src/main/wrapper/resources/cx-mac new file mode 100755 index 00000000..1920f53f --- /dev/null +++ b/src/main/wrapper/resources/cx-mac @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b5c1762c7a739fbb292e270e674906d54eb8384650863aed8a5ca2e5d21d52c5 +size 152228816 diff --git a/src/main/wrapper/resources/cx.exe b/src/main/wrapper/resources/cx.exe new file mode 100644 index 00000000..bf19415f --- /dev/null +++ b/src/main/wrapper/resources/cx.exe @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1aa93e9fd0708f6f6f22e89af164b61f1ecedd307cedabe8c8341255c31e3ca6 +size 77598656 From 5cab6c56bfa2116293620192e0b754e03a114454 Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Mon, 21 Jul 2025 11:38:20 +0300 Subject: [PATCH 10/23] revert tag --- .github/scripts/update_cli.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/update_cli.sh b/.github/scripts/update_cli.sh index c8d6a885..6d59970b 100755 --- a/.github/scripts/update_cli.sh +++ b/.github/scripts/update_cli.sh @@ -1,6 +1,6 @@ #!/bin/bash -release=2.3.27-ItayIgnore +release=$1 filename_windows=ast-cli_${release}_windows_x64.zip filename_linux=ast-cli_${release}_linux_x64.tar.gz filename_darwin=ast-cli_${release}_darwin_x64.tar.gz From c62322d680ae7d0d85750ccf98b9f21e9e2fe2e4 Mon Sep 17 00:00:00 2001 From: Ben Alvo <144705560+cx-ben-alvo@users.noreply.github.com> Date: Mon, 21 Jul 2025 11:54:10 +0300 Subject: [PATCH 11/23] Update cx-mac --- src/main/wrapper/resources/cx-mac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/wrapper/resources/cx-mac b/src/main/wrapper/resources/cx-mac index 1920f53f..68ca418a 100755 --- a/src/main/wrapper/resources/cx-mac +++ b/src/main/wrapper/resources/cx-mac @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b5c1762c7a739fbb292e270e674906d54eb8384650863aed8a5ca2e5d21d52c5 -size 152228816 +oid sha256:a290c0a5147403168bf8f56bb6b7752e76a278ded9639f4b8563e4a0f8f77090 +size 152195792 From 0da8058ecc92aea7a90a027773a382b6d769962e Mon Sep 17 00:00:00 2001 From: Ben Alvo <144705560+cx-ben-alvo@users.noreply.github.com> Date: Mon, 21 Jul 2025 11:54:30 +0300 Subject: [PATCH 12/23] Update cx.exe --- src/main/wrapper/resources/cx.exe | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/wrapper/resources/cx.exe b/src/main/wrapper/resources/cx.exe index bf19415f..cff311ae 100644 --- a/src/main/wrapper/resources/cx.exe +++ b/src/main/wrapper/resources/cx.exe @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1aa93e9fd0708f6f6f22e89af164b61f1ecedd307cedabe8c8341255c31e3ca6 -size 77598656 +oid sha256:9cb276f871d8fc9460baef9d12f7aaf5773d133e3327a83d7cfd228db8aa0d97 +size 77584256 From f6b776342a133ac75439bc0a8d2562933366e22e Mon Sep 17 00:00:00 2001 From: Ben Alvo <144705560+cx-ben-alvo@users.noreply.github.com> Date: Mon, 21 Jul 2025 11:55:00 +0300 Subject: [PATCH 13/23] Update cx-linux --- src/main/wrapper/resources/cx-linux | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/wrapper/resources/cx-linux b/src/main/wrapper/resources/cx-linux index 35497342..772d7ef8 100755 --- a/src/main/wrapper/resources/cx-linux +++ b/src/main/wrapper/resources/cx-linux @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:762b94537e73f7af3243a63e9702fbe372c00173861bfec4cb5d0d9e2a830ee1 -size 75632824 +oid sha256:c575ad83e1b594441fa60b9ced859709adaeb1fb82310c7a14cc03faf8bed385 +size 75616440 From 222783417da032bd4d231209adb5f1f686d59b88 Mon Sep 17 00:00:00 2001 From: Ben Alvo <144705560+cx-ben-alvo@users.noreply.github.com> Date: Mon, 21 Jul 2025 11:55:16 +0300 Subject: [PATCH 14/23] Update checkmarx-ast-cli.version --- checkmarx-ast-cli.version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkmarx-ast-cli.version b/checkmarx-ast-cli.version index e487952b..91a51660 100644 --- a/checkmarx-ast-cli.version +++ b/checkmarx-ast-cli.version @@ -1 +1 @@ -2.3.27 +2.3.26 From 1e6b8e81b757cd53410ef1b057d55d2c09d0435e Mon Sep 17 00:00:00 2001 From: Itay Paz <143506741+cx-itay-paz@users.noreply.github.com> Date: Mon, 21 Jul 2025 12:03:47 +0300 Subject: [PATCH 15/23] Update ScanTest.test.ts --- src/tests/ScanTest.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/ScanTest.test.ts b/src/tests/ScanTest.test.ts index 3f6ec066..d37d0a35 100644 --- a/src/tests/ScanTest.test.ts +++ b/src/tests/ScanTest.test.ts @@ -183,7 +183,7 @@ describe("ScanCreate cases", () => { expect(cxCommandOutput.exitCode).toBe(0); }); - it('ScanOss with ignored package should filter results', async () => { + skip.it('ScanOss with ignored package should filter results', async () => { const wrapper = new CxWrapper(cxScanConfig); const sourceFile = "tsc/tests/data/package.json"; const ignoredFile = "tsc/tests/data/checkmarxIgnoredTempFile.json"; From a7f7a226673846516e4aa5d2b25921acc7ed1d1b Mon Sep 17 00:00:00 2001 From: Itay Paz <143506741+cx-itay-paz@users.noreply.github.com> Date: Mon, 21 Jul 2025 12:09:30 +0300 Subject: [PATCH 16/23] add ignore file to secrets (#865) Co-authored-by: Itay Paz --- src/main/wrapper/CxWrapper.ts | 22 +++++++++++++++++----- src/tests/ScanTest.test.ts | 4 ++-- src/tests/data/ignoreFileSecrets.json | 5 +++++ 3 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 src/tests/data/ignoreFileSecrets.json diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts index f37d8f39..5edde635 100644 --- a/src/main/wrapper/CxWrapper.ts +++ b/src/main/wrapper/CxWrapper.ts @@ -168,13 +168,25 @@ export class CxWrapper { return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS); } - async secretsScanResults(sourceFile: string): Promise { - const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_SECRETS, CxConstants.SOURCE, sourceFile]; - commands.push(...this.initializeCommands(false)); - const exec = new ExecutionService(); - return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS); + async secretsScanResults(sourceFile: string, ignoredFilePath?: string): Promise { + const commands: string[] = [ + CxConstants.CMD_SCAN, + CxConstants.CMD_SECRETS, + CxConstants.SOURCE, + sourceFile + ]; + + if (ignoredFilePath) { + commands.push(CxConstants.IGNORE__FILE_PATH); + commands.push(ignoredFilePath); } + commands.push(...this.initializeCommands(false)); + + const exec = new ExecutionService(); + return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS); +} + async scanCancel(id: string): Promise { const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.SUB_CMD_CANCEL, CxConstants.SCAN_ID, id]; commands.push(...this.initializeCommands(false)); diff --git a/src/tests/ScanTest.test.ts b/src/tests/ScanTest.test.ts index d37d0a35..0a75a058 100644 --- a/src/tests/ScanTest.test.ts +++ b/src/tests/ScanTest.test.ts @@ -205,9 +205,9 @@ describe("ScanCreate cases", () => { expect(hasCOA).toBe(false); }); - it.skip('ScanSecrets Successful case', async () => { + it('ScanSecrets Successful case', async () => { const wrapper = new CxWrapper(cxScanConfig); - const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults("src/tests/data/secret-exposed.txt"); + const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults("src/tests/data/secret-exposed.txt",""); console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput)); expect(cxCommandOutput.payload).toBeDefined(); expect(cxCommandOutput.exitCode).toBe(0); diff --git a/src/tests/data/ignoreFileSecrets.json b/src/tests/data/ignoreFileSecrets.json new file mode 100644 index 00000000..784c140f --- /dev/null +++ b/src/tests/data/ignoreFileSecrets.json @@ -0,0 +1,5 @@ +{ + "Title": "github-pat", + "FilePath": "/Users/itaypaz/Library/CloudStorage/OneDrive-Checkmarx/Documents/jswrapper/ast-cli-javascript-wrapper/src/tests/data/secret-exposed.txt", + "Line": 3 + } \ No newline at end of file From 8dae6d561177335a35ab8d63c494d01db139f8a3 Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Mon, 21 Jul 2025 12:16:51 +0300 Subject: [PATCH 17/23] add ignore secrets test --- src/tests/ScanTest.test.ts | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/tests/ScanTest.test.ts b/src/tests/ScanTest.test.ts index 0a75a058..7af2e61b 100644 --- a/src/tests/ScanTest.test.ts +++ b/src/tests/ScanTest.test.ts @@ -183,7 +183,7 @@ describe("ScanCreate cases", () => { expect(cxCommandOutput.exitCode).toBe(0); }); - skip.it('ScanOss with ignored package should filter results', async () => { + it.skip('ScanOss with ignored package should filter results', async () => { const wrapper = new CxWrapper(cxScanConfig); const sourceFile = "tsc/tests/data/package.json"; const ignoredFile = "tsc/tests/data/checkmarxIgnoredTempFile.json"; @@ -213,4 +213,19 @@ describe("ScanCreate cases", () => { expect(cxCommandOutput.exitCode).toBe(0); }); + it.skip('ScanSecrets with ignore file filters the result', async () => { + const wrapper = new CxWrapper(cxScanConfig); + const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults( + "src/tests/data/secret-exposed.txt", + "src/tests/data/ignoreFileSecrets.json" + ); + + console.log("Json object from scanSecrets with ignore file: " + JSON.stringify(cxCommandOutput)); + expect(cxCommandOutput.payload).toBeDefined(); + expect(Array.isArray(cxCommandOutput.payload)).toBe(true); + expect(cxCommandOutput.payload.length).toBe(0); + expect(cxCommandOutput.exitCode).toBe(0); +}); + }); + From f62515a79dbdfee891365692e693e6b11f796a8e Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Mon, 21 Jul 2025 12:51:19 +0300 Subject: [PATCH 18/23] fix ignore file --- src/tests/data/ignoreFileSecrets.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/tests/data/ignoreFileSecrets.json b/src/tests/data/ignoreFileSecrets.json index 784c140f..fc2e28f7 100644 --- a/src/tests/data/ignoreFileSecrets.json +++ b/src/tests/data/ignoreFileSecrets.json @@ -1,5 +1,7 @@ +[ { "Title": "github-pat", "FilePath": "/Users/itaypaz/Library/CloudStorage/OneDrive-Checkmarx/Documents/jswrapper/ast-cli-javascript-wrapper/src/tests/data/secret-exposed.txt", "Line": 3 - } \ No newline at end of file + } +] \ No newline at end of file From 679c9efd4d7b03f0f1259e1e1a3709b6f05eba78 Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Mon, 21 Jul 2025 12:56:12 +0300 Subject: [PATCH 19/23] change tag for pre prealse cli --- .github/scripts/update_cli.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/update_cli.sh b/.github/scripts/update_cli.sh index 6d59970b..b9ac0df2 100755 --- a/.github/scripts/update_cli.sh +++ b/.github/scripts/update_cli.sh @@ -1,6 +1,6 @@ #!/bin/bash -release=$1 +release=2.3.27-ItayIgnore-Secrets-oss filename_windows=ast-cli_${release}_windows_x64.zip filename_linux=ast-cli_${release}_linux_x64.tar.gz filename_darwin=ast-cli_${release}_darwin_x64.tar.gz From d4288e4543cc5268f0b85082bca2e06f917cac87 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 21 Jul 2025 09:57:16 +0000 Subject: [PATCH 20/23] Track Checkmarx CLI binaries with Git LFS --- src/main/wrapper/resources/cx-linux | 4 ++-- src/main/wrapper/resources/cx-mac | 4 ++-- src/main/wrapper/resources/cx.exe | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/wrapper/resources/cx-linux b/src/main/wrapper/resources/cx-linux index 772d7ef8..9f7b5b78 100755 --- a/src/main/wrapper/resources/cx-linux +++ b/src/main/wrapper/resources/cx-linux @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c575ad83e1b594441fa60b9ced859709adaeb1fb82310c7a14cc03faf8bed385 -size 75616440 +oid sha256:3dc4decd7c938c329a672b42f273e5a439e39294d60f7adb81e6e79b7187b333 +size 75718840 diff --git a/src/main/wrapper/resources/cx-mac b/src/main/wrapper/resources/cx-mac index 68ca418a..9376a70c 100755 --- a/src/main/wrapper/resources/cx-mac +++ b/src/main/wrapper/resources/cx-mac @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a290c0a5147403168bf8f56bb6b7752e76a278ded9639f4b8563e4a0f8f77090 -size 152195792 +oid sha256:c7ffcb8755b167b5b6cc2c4610bc4ebe664af6974df2127092ef30c2b7b17223 +size 152395216 diff --git a/src/main/wrapper/resources/cx.exe b/src/main/wrapper/resources/cx.exe index cff311ae..d18fa400 100644 --- a/src/main/wrapper/resources/cx.exe +++ b/src/main/wrapper/resources/cx.exe @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9cb276f871d8fc9460baef9d12f7aaf5773d133e3327a83d7cfd228db8aa0d97 -size 77584256 +oid sha256:14d343b959bcb155f03f2aa5f80fdb8e549b91827705051ef9455b6d67b12ad0 +size 77686208 From 1f7678a6b819142e0eeda0510679101c63f1d9be Mon Sep 17 00:00:00 2001 From: cx-itay-paz <143506741+cx-itay-paz@users.noreply.github.com> Date: Mon, 21 Jul 2025 09:57:17 +0000 Subject: [PATCH 21/23] Update checkmarx-ast-cli to 2.3.27 --- checkmarx-ast-cli.version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkmarx-ast-cli.version b/checkmarx-ast-cli.version index 91a51660..e487952b 100644 --- a/checkmarx-ast-cli.version +++ b/checkmarx-ast-cli.version @@ -1 +1 @@ -2.3.26 +2.3.27 From ead2807ee37518d99f96e5ed0eb6775e35279b08 Mon Sep 17 00:00:00 2001 From: Itay Paz Date: Tue, 22 Jul 2025 15:47:03 +0300 Subject: [PATCH 22/23] revert tag --- .github/scripts/update_cli.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/update_cli.sh b/.github/scripts/update_cli.sh index b9ac0df2..6d59970b 100755 --- a/.github/scripts/update_cli.sh +++ b/.github/scripts/update_cli.sh @@ -1,6 +1,6 @@ #!/bin/bash -release=2.3.27-ItayIgnore-Secrets-oss +release=$1 filename_windows=ast-cli_${release}_windows_x64.zip filename_linux=ast-cli_${release}_linux_x64.tar.gz filename_darwin=ast-cli_${release}_darwin_x64.tar.gz From 65f0ae51bd21aaa7ea2152763db7984b6cea04e3 Mon Sep 17 00:00:00 2001 From: Itay Paz <143506741+cx-itay-paz@users.noreply.github.com> Date: Tue, 22 Jul 2025 15:58:59 +0300 Subject: [PATCH 23/23] Update checkmarx-ast-cli.version --- checkmarx-ast-cli.version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkmarx-ast-cli.version b/checkmarx-ast-cli.version index e487952b..91a51660 100644 --- a/checkmarx-ast-cli.version +++ b/checkmarx-ast-cli.version @@ -1 +1 @@ -2.3.27 +2.3.26