From 9c6c90f782494043f928ef619b34ba70722c0d63 Mon Sep 17 00:00:00 2001 From: hmmachadocx Date: Thu, 23 Dec 2021 14:24:31 +0000 Subject: [PATCH 1/2] Add checkmarx vulnerabilities to Problems View --- .../eclipse/utils/PluginConstants.java | 4 + .../checkmarx/eclipse/utils/PluginUtils.java | 134 ++++++++++++++++++ .../eclipse/views/CheckmarxView.java | 12 ++ .../checkmarx/eclipse/views/DataProvider.java | 4 +- 4 files changed, 153 insertions(+), 1 deletion(-) diff --git a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginConstants.java b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginConstants.java index 03cf4bda..ed529512 100644 --- a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginConstants.java +++ b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginConstants.java @@ -23,6 +23,7 @@ public class PluginConstants { public static final String ERROR_FINDING_FILE = "An error occurred while finding file in workspace: %s"; public static final String ERROR_GETTING_GIT_BRANCH = "An error occurred while getting git branch: %s"; public static final String ERROR_BUILDING_CX_WRAPPER = "An error occurred while instantiating a CxWrapper: %s"; + public static final String ERROR_FINDING_OR_DELETING_MARKER = "An error occurred while finding or deleting a marker from Problems View: %s"; /******************************** LOG VIEW: INFO ********************************/ public static final String INFO_AUTHENTICATION_STATUS = "Authentication Status: %s"; @@ -49,5 +50,8 @@ public class PluginConstants { /******************************** TOPICS ********************************/ public static final String TOPIC_APPLY_SETTINGS = "ApplySettings"; + + /******************************** PROBLEMS VIEW ********************************/ + public static final String PROBLEM_SOURCE_ID = "CheckmarxEclipsePlugin"; } diff --git a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java index ea214323..7e1cff97 100644 --- a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java +++ b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java @@ -3,16 +3,29 @@ import java.time.Instant; import java.time.ZoneId; import java.time.format.DateTimeFormatter; +import java.util.ArrayList; import java.util.List; import org.apache.commons.lang3.StringUtils; +import org.eclipse.core.resources.IFile; +import org.eclipse.core.resources.IMarker; +import org.eclipse.core.resources.IResource; +import org.eclipse.core.resources.IResourceProxy; +import org.eclipse.core.resources.IResourceProxyVisitor; +import org.eclipse.core.resources.IWorkspace; +import org.eclipse.core.resources.ResourcesPlugin; +import org.eclipse.core.runtime.CoreException; +import org.eclipse.core.runtime.Path; import org.eclipse.e4.core.services.events.IEventBroker; import org.eclipse.jface.action.Action; import org.eclipse.jface.viewers.ComboViewer; import org.eclipse.jface.viewers.TreeViewer; import org.eclipse.ui.PlatformUI; +import com.checkmarx.ast.results.result.Node; +import com.checkmarx.ast.results.result.Result; import com.checkmarx.eclipse.enums.ActionName; +import com.checkmarx.eclipse.enums.Severity; import com.checkmarx.eclipse.properties.Preferences; import com.checkmarx.eclipse.views.DataProvider; import com.checkmarx.eclipse.views.DisplayModel; @@ -22,6 +35,7 @@ public class PluginUtils { private static final String PARAM_TIMESTAMP_PATTERN = "yyyy-MM-dd | HH:mm:ss"; private static final String PARAM_SCAN_ID_VALID_FORMAT = "[a-f0-9]{8}-[a-f0-9]{4}-[1-5][a-f0-9]{3}-[89ab][a-f0-9]{3}-[0-9a-f]{12}"; + private static final String PARAM_LINE = "line %d"; /** * Converts a String timestamp to a specific format @@ -114,11 +128,131 @@ public static void showMessage(DisplayModel rootModel, TreeViewer viewer, String viewer.refresh(); } + /** + * Get Event Broker + * + * @return + */ public static IEventBroker getEventBroker() { return (IEventBroker) PlatformUI.getWorkbench().getService(IEventBroker.class); } + /** + * Check if checkmarx credentials are defined in the Preferences + * + * @return + */ public static boolean areCredentialsDefined() { return StringUtils.isNotBlank(Preferences.getServerUrl()) && StringUtils.isNotBlank(Preferences.getTenant()) && StringUtils.isNotBlank(Preferences.getApiKey()); } + + /** + * Add Checkmarx vulnerabilities to Problems View + * + * @param resultsList + */ + public static void addVulnerabilitiesToProblemsView(List resultsList) { + for (Result result : resultsList) { + List nodeList = result.getData().getNodes(); + + if (nodeList == null) { + continue; + } + + for (Node node : nodeList) { + String fileName = node.getFileName(); + Path filePath = new Path(fileName); + List filesFound = findFileInWorkspace(filePath.lastSegment()); + + for (IFile file : filesFound) { + try { + IMarker fileMarker = file.createMarker(IMarker.PROBLEM); + fileMarker.setAttribute(IMarker.MESSAGE, node.getName()); + fileMarker.setAttribute(IMarker.LOCATION, String.format(PARAM_LINE, node.getLine())); + fileMarker.setAttribute(IMarker.SOURCE_ID, PluginConstants.PROBLEM_SOURCE_ID); + fileMarker.setAttribute(IMarker.SEVERITY, getIMarkerSeverity(result.getSeverity())); + } catch (CoreException e) { + CxLogger.error(String.format(PluginConstants.ERROR_OPENING_FILE, e.getMessage()), e); + } + } + } + } + } + + /** + * Get IMarker severity based on each checkmarx result severity + * + * @param resultSeverity + * @return + */ + private static Integer getIMarkerSeverity(String resultSeverity) { + Severity severity = Severity.getSeverity(resultSeverity); + + switch (severity) { + case CRITICAL: + return IMarker.SEVERITY_ERROR; + case HIGH: + return IMarker.SEVERITY_ERROR; + case MEDIUM: + return IMarker.SEVERITY_WARNING; + case LOW: + return IMarker.SEVERITY_INFO; + case INFO: + return IMarker.SEVERITY_INFO; + default: + break; + } + + return IMarker.SEVERITY_INFO; + } + + /** + * Find files in workspace + * + * @param fileName + * @return + */ + private static List findFileInWorkspace(final String fileName) { + final List foundFiles = new ArrayList(); + try { + // visiting only resources proxy because we obtain the resource only when matching name, thus the workspace traversal is much faster + ResourcesPlugin.getWorkspace().getRoot().accept(new IResourceProxyVisitor() { + @Override + public boolean visit(IResourceProxy resourceProxy) throws CoreException { + if (resourceProxy.getType() == IResource.FILE) { + String resourceName = resourceProxy.getName(); + if (resourceName.equals(fileName)) { + IFile foundFile = (IFile) resourceProxy.requestResource(); + foundFiles.add(foundFile); + } + } + return true; + } + }, IResource.NONE); + } catch (Exception e) { + CxLogger.error(String.format(PluginConstants.ERROR_FINDING_FILE, e.getMessage()), e); + } + return foundFiles; + } + + /** + * Clear checkmarx vulnerabilities from Problems View + */ + public static void clearVulnerabilitiesFromProblemsView() { + IWorkspace workspace = ResourcesPlugin.getWorkspace(); + IResource resource = workspace.getRoot(); + IMarker[] markers; + + try { + markers = resource.findMarkers(IMarker.MARKER, true, IResource.DEPTH_INFINITE); + + for (IMarker m : markers) { + if(m.getAttribute(IMarker.SOURCE_ID) != null && m.getAttribute(IMarker.SOURCE_ID).equals(PluginConstants.PROBLEM_SOURCE_ID)) { + m.delete(); + } + } + } catch (CoreException e) { + CxLogger.error(String.format(PluginConstants.ERROR_FINDING_OR_DELETING_MARKER, e.getMessage()), e); + } + } } diff --git a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/CheckmarxView.java b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/CheckmarxView.java index 36c7d3b1..003e45e9 100644 --- a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/CheckmarxView.java +++ b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/CheckmarxView.java @@ -181,6 +181,9 @@ public void dispose() { @Override public void createPartControl(Composite parent) { this.parent = parent; + + // Clear vulnerabilities from Problems View + PluginUtils.clearVulnerabilitiesFromProblemsView(); if(PluginUtils.areCredentialsDefined()) { drawPluginPanel(); @@ -674,6 +677,8 @@ private void onProjectChangePluginLoading(String projectId) { // Hide center and right panels resultViewComposite.setVisible(false); attackVectorCompositePanel.setVisible(false); + // Clear vulnerabilities from Problems View + PluginUtils.clearVulnerabilitiesFromProblemsView(); } /** @@ -770,6 +775,8 @@ private void onBranchChangePluginLoading(String branch) { // Hide center and right panels resultViewComposite.setVisible(false); attackVectorCompositePanel.setVisible(false); + // Clear vulnerabilities from Problems View + PluginUtils.clearVulnerabilitiesFromProblemsView(); } private void createScanIdComboBox(Composite parent){ @@ -850,6 +857,8 @@ private void onScanChangePluginLoading(String scan) { // Hide center and right panels resultViewComposite.setVisible(false); attackVectorCompositePanel.setVisible(false); + // Clear vulnerabilities from Problems View + PluginUtils.clearVulnerabilitiesFromProblemsView(); } /** @@ -1309,6 +1318,9 @@ public void run() { toolBarActions.getScanResultsAction().setEnabled(true); } }); + + // Clear vulnerabilities from Problems View + PluginUtils.clearVulnerabilitiesFromProblemsView(); } /** diff --git a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/DataProvider.java b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/DataProvider.java index e5259a01..6f294128 100644 --- a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/DataProvider.java +++ b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/DataProvider.java @@ -109,7 +109,6 @@ public List getBranchesForProject(String projectId) { this.projectId = projectId; List branchList = new ArrayList(); - try { CxWrapper cxWrapper = getWrapper(); @@ -229,6 +228,9 @@ private List processResults(Results scanResults, String scanId) { } List resultsList = scanResults.getResults(); + + // Add Checkmarx vulnerabilities to Problems View + PluginUtils.addVulnerabilitiesToProblemsView(resultsList); // transform all the results at once to avoid multiple transformation steps List allResultsTransformed = resultsList.stream().map(resultItem -> transform(resultItem)).collect(Collectors.toList()); From 4b4bcc552a01112604b3db78b27544739c4a6f8a Mon Sep 17 00:00:00 2001 From: hmmachadocx Date: Thu, 23 Dec 2021 14:36:12 +0000 Subject: [PATCH 2/2] Add line number to the marker to go to the specific line when opening through the problems --- .../src/com/checkmarx/eclipse/utils/PluginUtils.java | 1 + 1 file changed, 1 insertion(+) diff --git a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java index 7e1cff97..f2ed5e63 100644 --- a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java +++ b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java @@ -169,6 +169,7 @@ public static void addVulnerabilitiesToProblemsView(List resultsList) { IMarker fileMarker = file.createMarker(IMarker.PROBLEM); fileMarker.setAttribute(IMarker.MESSAGE, node.getName()); fileMarker.setAttribute(IMarker.LOCATION, String.format(PARAM_LINE, node.getLine())); + fileMarker.setAttribute(IMarker.LINE_NUMBER, node.getLine()); fileMarker.setAttribute(IMarker.SOURCE_ID, PluginConstants.PROBLEM_SOURCE_ID); fileMarker.setAttribute(IMarker.SEVERITY, getIMarkerSeverity(result.getSeverity())); } catch (CoreException e) {