Skip to content

Support Ignore file path for Oss real time and Secrets real time #859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 26 commits into from
Jul 22, 2025
Merged

Support Ignore file path for Oss real time and Secrets real time #859

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
aad6930
add support ignore file oss
Jul 10, 2025
eb5f3b8
revert secretsscanresults
Jul 10, 2025
1b42f5c
change realse tag
Jul 10, 2025
81a802f
Track Checkmarx CLI binaries with Git LFS
invalid-email-address Jul 10, 2025
944a911
Update checkmarx-ast-cli to 2.3.27
cx-itay-paz Jul 10, 2025
26b8b55
Merge pull request #860 from CheckmarxDev/feature/update_cli_2.3.27
cx-daniel-greenspan Jul 10, 2025
687966c
change to 2.3.27-itay pre ealse cli
Jul 14, 2025
d8c11d9
remove exe files
Jul 14, 2025
984f76e
change tag cli
Jul 14, 2025
54e69a7
Revert "remove exe files"
Jul 14, 2025
5cab6c5
revert tag
Jul 21, 2025
c62322d
Update cx-mac
cx-ben-alvo Jul 21, 2025
0da8058
Update cx.exe
cx-ben-alvo Jul 21, 2025
f6b7763
Update cx-linux
cx-ben-alvo Jul 21, 2025
2227834
Update checkmarx-ast-cli.version
cx-ben-alvo Jul 21, 2025
1e6b8e8
Update ScanTest.test.ts
cx-itay-paz Jul 21, 2025
a7f7a22
add ignore file to secrets (#865)
cx-itay-paz Jul 21, 2025
8dae6d5
add ignore secrets test
Jul 21, 2025
f62515a
fix ignore file
Jul 21, 2025
679c9ef
change tag for pre prealse cli
Jul 21, 2025
d4288e4
Track Checkmarx CLI binaries with Git LFS
invalid-email-address Jul 21, 2025
1f7678a
Update checkmarx-ast-cli to 2.3.27
cx-itay-paz Jul 21, 2025
abbe523
Merge pull request #866 from CheckmarxDev/feature/update_cli_2.3.27
cx-daniel-greenspan Jul 21, 2025
ead2807
revert tag
Jul 22, 2025
679a0e6
Merge branch 'Add-support-ignore-file-in-oss-plus-tests' of https://g…
Jul 22, 2025
65f0ae5
Update checkmarx-ast-cli.version
cx-itay-paz Jul 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/main/wrapper/CxConstants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
export enum CxConstants {
IGNORE__FILE_PATH = "--ignored-file-path",
SOURCE = "-s",
VERBOSE = "-v",
PROJECT_NAME = "--project-name",
Expand Down
46 changes: 35 additions & 11 deletions src/main/wrapper/CxWrapper.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ export class CxWrapper {
}
}


initializeCommands(formatRequired: boolean): string[] {
const list: string[] = [];
if (this.config.clientId) {
Expand Down Expand Up @@ -149,20 +149,44 @@ export class CxWrapper {
return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_ASCA);
}

async ossScanResults(sourceFile: string): Promise<CxCommandOutput> {
const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_OSS, CxConstants.SOURCE, sourceFile];
commands.push(...this.initializeCommands(false));
const exec = new ExecutionService();
return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS);
async ossScanResults(sourceFile: string, ignoredFilePath?: string): Promise<CxCommandOutput> {
const commands: string[] = [
CxConstants.CMD_SCAN,
CxConstants.CMD_OSS,
CxConstants.SOURCE,
sourceFile
];

if (ignoredFilePath) {
commands.push(CxConstants.IGNORE__FILE_PATH);
commands.push(ignoredFilePath);
}

async secretsScanResults(sourceFile: string): Promise<CxCommandOutput> {
const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_SECRETS, CxConstants.SOURCE, sourceFile];
commands.push(...this.initializeCommands(false));
const exec = new ExecutionService();
return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS);
commands.push(...this.initializeCommands(false));

const exec = new ExecutionService();
return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_OSS);
}

async secretsScanResults(sourceFile: string, ignoredFilePath?: string): Promise<CxCommandOutput> {
const commands: string[] = [
CxConstants.CMD_SCAN,
CxConstants.CMD_SECRETS,
CxConstants.SOURCE,
sourceFile
];

if (ignoredFilePath) {
commands.push(CxConstants.IGNORE__FILE_PATH);
commands.push(ignoredFilePath);
}

commands.push(...this.initializeCommands(false));

const exec = new ExecutionService();
return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_SECRETS);
}

async scanCancel(id: string): Promise<CxCommandOutput> {
const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.SUB_CMD_CANCEL, CxConstants.SCAN_ID, id];
commands.push(...this.initializeCommands(false));
Expand Down
4 changes: 2 additions & 2 deletions src/main/wrapper/resources/cx-linux
View file
Open in desktop
Git LFS file not shown
4 changes: 2 additions & 2 deletions src/main/wrapper/resources/cx-mac
View file
Open in desktop
Git LFS file not shown
4 changes: 2 additions & 2 deletions src/main/wrapper/resources/cx.exe
View file
Open in desktop
Git LFS file not shown
46 changes: 42 additions & 4 deletions src/tests/ScanTest.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import { CxWrapper } from '../main/wrapper/CxWrapper';
import { CxCommandOutput } from "../main/wrapper/CxCommandOutput";
import { CxParamType } from "../main/wrapper/CxParamType";
import { BaseTest } from "./BaseTest";
import {OssPackage} from "./data/ossTypes";

describe("ScanCreate cases", () => {
const cxScanConfig = new BaseTest();
Expand Down Expand Up @@ -173,21 +174,58 @@ describe("ScanCreate cases", () => {
expect(Number.isInteger(scanObject.scanDetails[0].line)).toBe(true);
expect(typeof scanObject.scanDetails[0].description).toBe('string');
});

it('ScanOss Successful case', async () => {
const wrapper = new CxWrapper(cxScanConfig);
const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json");
const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json","");
console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput));
expect(cxCommandOutput.payload).toBeDefined();
expect(cxCommandOutput.exitCode).toBe(0);
});

it.skip('ScanSecrets Successful case', async () => {
it.skip('ScanOss with ignored package should filter results', async () => {
const wrapper = new CxWrapper(cxScanConfig);
const sourceFile = "tsc/tests/data/package.json";
const ignoredFile = "tsc/tests/data/checkmarxIgnoredTempFile.json";

const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults(sourceFile, ignoredFile);

expect(cxCommandOutput.exitCode).toBe(0);
expect(cxCommandOutput.payload).toBeDefined();

const results = cxCommandOutput.payload as OssPackage[];

console.log("Filtered OSS packages:", results);

expect(results.length).toBe(1);

const hasCOA = results.some(pkg =>
pkg.PackageManager === "coa" && pkg.PackageVersion === "3.1.3"
);
expect(hasCOA).toBe(false);
});

it('ScanSecrets Successful case', async () => {
const wrapper = new CxWrapper(cxScanConfig);
const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults("src/tests/data/secret-exposed.txt");
const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults("src/tests/data/secret-exposed.txt","");
console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput));
expect(cxCommandOutput.payload).toBeDefined();
expect(cxCommandOutput.exitCode).toBe(0);
});

it.skip('ScanSecrets with ignore file filters the result', async () => {
const wrapper = new CxWrapper(cxScanConfig);
const cxCommandOutput: CxCommandOutput = await wrapper.secretsScanResults(
"src/tests/data/secret-exposed.txt",
"src/tests/data/ignoreFileSecrets.json"
);

console.log("Json object from scanSecrets with ignore file: " + JSON.stringify(cxCommandOutput));
expect(cxCommandOutput.payload).toBeDefined();
expect(Array.isArray(cxCommandOutput.payload)).toBe(true);
expect(cxCommandOutput.payload.length).toBe(0);
expect(cxCommandOutput.exitCode).toBe(0);
});

});

7 changes: 7 additions & 0 deletions src/tests/data/ignoreFileSecrets.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
[
{
"Title": "github-pat",
"FilePath": "/Users/itaypaz/Library/CloudStorage/OneDrive-Checkmarx/Documents/jswrapper/ast-cli-javascript-wrapper/src/tests/data/secret-exposed.txt",
"Line": 3
}
]
21 changes: 21 additions & 0 deletions src/tests/data/ossTypes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
export interface Location {
Line: number;
StartIndex: number;
EndIndex: number;
}

export interface Vulnerability {
CVE: string;
Description: string;
Severity: string;
}

export interface OssPackage {
PackageManager: string;
PackageName: string;
PackageVersion: string;
FilePath: string;
Locations: Location[];
Status: string;
Vulnerabilities: Vulnerability[];
}
7 changes: 7 additions & 0 deletions tsc/tests/data/checkmarxIgnoredTempFile.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
[
{
"PackageManager": "npm",
"PackageName": "coa",
"PackageVersion": "3.1.3"
}
]
3 changes: 2 additions & 1 deletion tsc/tests/data/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
"version": "0.0.1",
"description": "AST CLI Javascript wrapper tests",
"dependencies": {
"log4js": "^6.9.1"
"log4js": "^6.9.1",
"coa":"3.1.3"
}
}