From 05f4bc0d9a0b4cfdd4e045d62df1b798d26b1dbf Mon Sep 17 00:00:00 2001 From: swatipersistent <99341045+swatipersistent@users.noreply.github.com> Date: Thu, 16 Mar 2023 04:11:01 -0700 Subject: [PATCH 01/35] SSL/TLS validation is disabled by default --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 4 ++-- .../com/checkmarx/jenkins/CxScanBuilder/global.jelly | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 91414ee7..1915213b 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2170,7 +2170,7 @@ public static final class DescriptorImpl extends BuildStepDescriptor { private boolean hideResults; private boolean asyncHtmlRemoval; - private boolean enableCertificateValidation; + private boolean enableCertificateValidation = true; @Nullable private String excludeFolders; @Nullable @@ -2513,7 +2513,7 @@ public String getCurrentTime() { * shared state to avoid synchronization issues. */ @POST - public FormValidation doTestConnection(@QueryParameter final String serverUrl, @QueryParameter final String password, + public FormValidation doTestConnection(@QueryParameter final boolean enableCertificateValidation,@QueryParameter final String serverUrl, @QueryParameter final String password, @QueryParameter final String username, @QueryParameter final String timestamp, @QueryParameter final String credentialsId, @QueryParameter final boolean isProxy, @AncestorInPath Item item) { if(item==null){ diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly index 26918737..e437f770 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly @@ -42,7 +42,7 @@ + with="enableCertificateValidation,isProxy,serverUrl,username,password,timestamp,credentialsId" /> From d1028febcce6a88b9df259c7e1654d8f1e3b6fdb Mon Sep 17 00:00:00 2001 From: "Subhadra.Sahoo@checkmarx.com" Date: Fri, 17 Mar 2023 00:39:02 +0530 Subject: [PATCH 02/35] Merged Code from bug_776_latest branch --- .../com/checkmarx/jenkins/CxScanBuilder.java | 87 ++++++++++--------- 1 file changed, 48 insertions(+), 39 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 91414ee7..3a1348cc 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -57,9 +57,11 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.io.*; import java.net.URL; import java.net.URLDecoder; import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; import java.nio.file.Path; import java.nio.file.Paths; import java.util.Optional; @@ -203,7 +205,7 @@ public class CxScanBuilder extends Builder implements SimpleBuildStep { private Boolean generateXmlReport = true; public static final int MINIMUM_TIMEOUT_IN_MINUTES = 1; - public static final String REPORTS_FOLDER = "Checkmarx/Reports"; + public static final String REPORTS_FOLDER = "Checkmarx" + File.separator + "Reports"; @DataBoundConstructor public CxScanBuilder( @@ -831,12 +833,12 @@ public void setHideDebugLogs(Boolean hideDebugLogs) { /** * Using environment injection plugin you can add the JVM proxy settings. * For example using EnvInject plugin the following can be applied under 'Properties Content': - * - * http.proxyHost={HOST} - * http.proxyPass={PORT} - * http.proxyUser={USER} - * http.proxyPassword={PASS} - * http.nonProxyHosts={HOSTS} + *

+ * http.proxyHost={HOST} + * http.proxyPass={PORT} + * http.proxyUser={USER} + * http.proxyPassword={PASS} + * http.nonProxyHosts={HOSTS} */ private void setJvmVars(EnvVars env) { for (Map.Entry entry : env.entrySet()) { @@ -849,21 +851,22 @@ private void setJvmVars(EnvVars env) { } } } - private Map getAllFsaVars(EnvVars env) { + + private Map getAllFsaVars(EnvVars env, String workspacePath) { Map sumFsaVars = new HashMap<>(); // As job environment variable for (Map.Entry entry : env.entrySet()) { if (entry.getKey().contains("CX_") || entry.getKey().contains("FSA_")) { if (StringUtils.isNotEmpty(entry.getValue())) { - sumFsaVars.put(entry.getKey(), entry.getValue()); + sumFsaVars.put(entry.getKey().trim(), entry.getValue().trim()); } } } // As custom field - for pipeline jobs String fsaVars = dependencyScanConfig != null ? dependencyScanConfig.fsaVariables : ""; if (StringUtils.isNotEmpty(fsaVars)) { - fsaVars = fsaVars.contains("${WORKSPACE}") ? fsaVars.replace("${WORKSPACE}", env.get("WORKSPACE")) : fsaVars; + fsaVars = fsaVars.contains("${WORKSPACE}") ? fsaVars.replace("${WORKSPACE}", workspacePath) : fsaVars; try { String[] vars = fsaVars.replaceAll("[\\n\\r]", "").trim().split(","); for (String var : vars) { @@ -910,7 +913,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul final DescriptorImpl descriptor = getDescriptor(); EnvVars env = run.getEnvironment(listener); setJvmVars(env); - Map fsaVars = getAllFsaVars(env); + Map fsaVars = getAllFsaVars(env, workspace.getRemote()); CxScanConfig config = resolveConfiguration(run, descriptor, env, log); if (configAsCode) { @@ -935,9 +938,8 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul Jenkins instance = Jenkins.getInstance(); final CxScanCallable action; if (instance != null && instance.proxy != null && - ((!isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns())) - || (config.isScaProxy()))) - { + ((!isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns())) + || (config.isScaProxy()))) { action = new CxScanCallable(config, listener, instance.proxy, isHideDebugLogs(), fsaVars); } else { action = new CxScanCallable(config, listener, isHideDebugLogs(), fsaVars); @@ -1002,9 +1004,9 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul OSAResults osaResults = scanResults.getOsaResults(); AstScaResults scaResults = scanResults.getScaResults(); if (osaResults != null && osaResults.isOsaResultsReady()) { - createOsaReports(osaResults, checkmarxBuildDir); + createOsaReports(osaResults, workspace); } else if (scaResults != null && scaResults.isScaResultReady()) { - createScaReports(scaResults, checkmarxBuildDir); + createScaReports(scaResults, workspace); } return; } @@ -1241,11 +1243,10 @@ private void mapSastConfiguration(Optional sast, CxScanConfig scanCo }); } - - private void createScaReports(AstScaResults scaResults, File checkmarxBuildDir) { - writeJsonObjectToFile(scaResults.getSummary(), new File(checkmarxBuildDir, SCA_SUMMERY_JSON), "OSA summary json report"); - writeJsonObjectToFile(scaResults.getPackages(), new File(checkmarxBuildDir, SCA_LIBRARIES_JSON), "OSA libraries json report"); - writeJsonObjectToFile(scaResults.getFindings(), new File(checkmarxBuildDir, SCA_VULNERABILITIES_JSON), "OSA vulnerabilities json report"); + private void createScaReports(AstScaResults scaResults, FilePath checkmarxBuildDir) { + writeJsonObjectToFile(scaResults.getSummary(), checkmarxBuildDir, SCA_SUMMERY_JSON); + writeJsonObjectToFile(scaResults.getPackages(), checkmarxBuildDir, SCA_LIBRARIES_JSON); + writeJsonObjectToFile(scaResults.getFindings(), checkmarxBuildDir, SCA_VULNERABILITIES_JSON); } /** @@ -1322,14 +1323,16 @@ private String getCxOriginUrl(EnvVars env, CxLoggerAdapter log) { } return originUrl; } + private Boolean verifyCustomCharacters(String inputString) { - Pattern pattern = Pattern.compile("(^([a-zA-Z0-9#._]*):([a-zA-Z0-9#._]*)+(,([a-zA-Z0-9#._]*):([a-zA-Z0-9#._]*)+)*$)"); - Matcher match = pattern.matcher(inputString); - if (!StringUtil.isNullOrEmpty(inputString) && !match.find()) { - return false; - } - return true; + Pattern pattern = Pattern.compile("(^([a-zA-Z0-9#._]*):([a-zA-Z0-9#._]*)+(,([a-zA-Z0-9#._]*):([a-zA-Z0-9#._]*)+)*$)"); + Matcher match = pattern.matcher(inputString); + if (!StringUtil.isNullOrEmpty(inputString) && !match.find()) { + return false; + } + return true; } + private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descriptor, EnvVars env, CxLoggerAdapter log) throws IOException { CxScanConfig ret = new CxScanConfig(); @@ -1835,10 +1838,10 @@ private void createSastReports(SASTResults sastResults, File checkmarxBuildDir, } } - private void createOsaReports(OSAResults osaResults, File checkmarxBuildDir) { - writeJsonObjectToFile(osaResults.getResults(), new File(checkmarxBuildDir, OSA_SUMMERY_JSON), "OSA summery json report"); - writeJsonObjectToFile(osaResults.getOsaLibraries(), new File(checkmarxBuildDir, OSA_LIBRARIES_JSON), "OSA libraries json report"); - writeJsonObjectToFile(osaResults.getOsaVulnerabilities(), new File(checkmarxBuildDir, OSA_VULNERABILITIES_JSON), "OSA vulnerabilities json report"); + private void createOsaReports(OSAResults osaResults, FilePath checkmarxBuildDir) { + writeJsonObjectToFile(osaResults.getResults(), checkmarxBuildDir, OSA_SUMMERY_JSON); + writeJsonObjectToFile(osaResults.getOsaLibraries(), checkmarxBuildDir, OSA_LIBRARIES_JSON); + writeJsonObjectToFile(osaResults.getOsaVulnerabilities(), checkmarxBuildDir, OSA_VULNERABILITIES_JSON); } private String generateHTMLReport(@Nonnull FilePath workspace, File checkmarxBuildDir, CxScanConfig config, ScanResults results) { @@ -1865,16 +1868,23 @@ private String generateHTMLReport(@Nonnull FilePath workspace, File checkmarxBui return reportName; } - private void writeJsonObjectToFile(Object jsonObj, File to, String description) { + private void writeJsonObjectToFile(Object jsonObj, FilePath to, String fileName) { + String remoteDirPath = to.getRemote() + File.separator + REPORTS_FOLDER; + InputStream is = null; try { ObjectMapper objectMapper = new ObjectMapper(); String json = null; json = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(jsonObj); - FileUtils.writeStringToFile(to, json); - log.info("Copying file [" + to.getName() + "] to workspace [" + to.getAbsolutePath() + "]"); - } catch (Exception e) { - log.error("Failed to write " + description + " to [" + to.getAbsolutePath() + "]"); + is = IOUtils.toInputStream(json, StandardCharsets.UTF_8); + String remoteFilePath = remoteDirPath + File.separator + fileName; + log.info("Copying file {} to workspace {}", fileName, remoteFilePath); + FilePath remoteFile = new FilePath(to.getChannel(), remoteFilePath); + remoteFile.copyFrom(is); + } catch (Exception e) { + log.error("Failed to write '" + fileName + "' to [" + to.getRemote() + "]", e); + } finally { + IOUtils.closeQuietly(is); } } @@ -1963,12 +1973,11 @@ private int parseInt(String number, CxLoggerAdapter log, String templateMessage, } private void writeFileToWorkspaceReports(FilePath workspace, File file) { - - String remoteDirPath = workspace.getRemote() + "/" + REPORTS_FOLDER; + String remoteDirPath = workspace.getRemote() + File.separator + REPORTS_FOLDER; FileInputStream fis = null; try { - String remoteFilePath = remoteDirPath + "/" + file.getName(); + String remoteFilePath = remoteDirPath + File.separator + file.getName(); log.info("Copying file {} to workspace {}", file.getName(), remoteFilePath); FilePath remoteFile = new FilePath(workspace.getChannel(), remoteFilePath); fis = new FileInputStream(file); From 93dd7e38664f0db72918f7d65e294f4f7a444d4d Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Fri, 31 Mar 2023 13:51:23 +0530 Subject: [PATCH 03/35] Fixed build status while threshold exceeded in SCA --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 91414ee7..6d25607d 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -1615,10 +1615,12 @@ private void configureDependencyScan(Run run, DescriptorImpl descriptor, E config.setOsaHighThreshold(descriptor.getOsaHighThresholdEnforcement()); config.setOsaMediumThreshold(descriptor.getOsaMediumThresholdEnforcement()); config.setOsaLowThreshold(descriptor.getOsaLowThresholdEnforcement()); + resolvedVulnerabilityThresholdResult = Result.fromString(descriptor.getJobGlobalStatusOnThresholdViolation().name()); } else if (useJobThreshold) { config.setOsaHighThreshold(getOsaHighThreshold()); config.setOsaMediumThreshold(getOsaMediumThreshold()); config.setOsaLowThreshold(getOsaLowThreshold()); + resolvedVulnerabilityThresholdResult = vulnerabilityThresholdResult; } if (config.isOsaEnabled()) { From de751cdecbac83065545d3d2e5ee42d4dcbdd961 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 18 Apr 2023 15:12:59 +0530 Subject: [PATCH 04/35] add retention rate settings --- .../com/checkmarx/jenkins/CxScanBuilder.java | 53 ++++++++++++++++++- .../jenkins/CxScanBuilder/config.jelly | 16 ++++-- .../jenkins/CxScanBuilder/global.jelly | 7 +++ .../help-enableDataRetention.html | 3 ++ 4 files changed, 74 insertions(+), 5 deletions(-) create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-enableDataRetention.html diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 91414ee7..924d37a2 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -114,8 +114,18 @@ public class CxScanBuilder extends Builder implements SimpleBuildStep { //used for SCA Exploitable path feature private String sastCredentialsId; private Boolean isProxy = true; + + public Boolean getOverrideGlobalRetentionRate() { + return overrideGlobalRetentionRate; + } + + private Boolean overrideGlobalRetentionRate = false; @Nullable private String projectName; + + @Nullable + private Integer projectRetentionRate; + @Nullable private String groupId; @Nullable @@ -217,6 +227,7 @@ public CxScanBuilder( boolean configAsCode, String projectName, long projectId, + Integer projectRetentionRate, String buildStep, @Nullable String groupId, @Nullable String teamPath, //used by pipeline @@ -266,6 +277,7 @@ public CxScanBuilder( this.isProxy = (isProxy == null) ? true : isProxy; this.projectName = (projectName == null) ? buildStep : projectName; this.projectId = projectId; + this.projectRetentionRate=projectRetentionRate; this.groupId = (groupId != null && !groupId.startsWith("Provide Checkmarx")) ? groupId : null; this.teamPath = teamPath; this.sastEnabled = sastEnabled; @@ -373,6 +385,11 @@ public String getProjectName() { return projectName; } + @Nullable + public Integer getProjectRetentionRate() { + return projectRetentionRate; + } + // Workaround for compatibility with Conditional BuildStep Plugin @Nullable public String getBuildStep() { @@ -777,6 +794,10 @@ public void setGenerateXmlReport(Boolean generateXmlReport) { public void setIsProxy(Boolean proxy) { this.isProxy = proxy; } + @DataBoundSetter + public void setoverrideGlobalRetentionRate(Boolean overrideGlobalRetentionRate) { + this.overrideGlobalRetentionRate = overrideGlobalRetentionRate; + } @DataBoundSetter public void setProjectId(long projectId) { @@ -815,6 +836,10 @@ public void setGroupId(@Nullable String groupId) { this.groupId = groupId; } + @DataBoundSetter + public void setProjectRetentionRate(@Nullable Integer projectRetentionRate){ + this.projectRetentionRate=projectRetentionRate; + } public DependencyScanConfig getDependencyScanConfig() { return dependencyScanConfig; } @@ -1346,6 +1371,14 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript ret.setCxOrigin(jenkinURL); log.info(" ORIGIN FROM JENKIN :: " + jenkinURL); log.info(" ORIGIN URL FROM JENKIN :: " + originUrl); + ret.setEnableDataRetention(getDescriptor().isEnableDataRetention()); + if (getDescriptor().isEnableDataRetention()) { + if (getOverrideGlobalRetentionRate()) { + ret.setProjectRetentionRate(getProjectRetentionRate()); + } else { + ret.setProjectRetentionRate(getDescriptor().getprojectRetentionRate()); + } + } if(getPostScanActionId() == 0) ret.setPostScanActionId(null); @@ -1737,6 +1770,7 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { } log.info("project name: " + config.getProjectName()); log.info("team id: " + config.getTeamId()); + log.info("Project Retention Rate: " + config.getProjectRetentionRate()); log.info("is synchronous mode: " + config.getSynchronous()); log.info("deny new project creation: " + config.getDenyProject()); log.info("SAST scan enabled: " + config.isSastEnabled()); @@ -2136,7 +2170,7 @@ protected Object readResolve() { ////////////////////////////////////////////////////////////////////////////////////////////// @Override - public DescriptorImpl getDescriptor() { + public DescriptorImpl getDescriptor() { return (DescriptorImpl) super.getDescriptor(); } @@ -2161,10 +2195,11 @@ public static final class DescriptorImpl extends BuildStepDescriptor { private String username; @Nullable private String password; - + private Integer projectRetentionRate; private String credentialsId; private String mvnPath; private boolean isProxy = true; + private boolean enableDataRetention=false; private boolean prohibitProjectCreation; private boolean hideResults; @@ -2232,6 +2267,13 @@ public String getUsername() { return username; } + public Integer getprojectRetentionRate() { + return projectRetentionRate; + } + + public void setProjectRetentionRate(Integer projectRetentionRate) { + this.projectRetentionRate = projectRetentionRate; + } public void setUsername(@Nullable String username) { this.username = username; } @@ -2258,6 +2300,13 @@ public void setPassword(@Nullable String password) { this.password = Secret.fromString(password).getEncryptedValue(); } + public boolean isEnableDataRetention() { + return enableDataRetention; + } + + public void setEnableDataRetention(boolean enableDataRetention) { + this.enableDataRetention = enableDataRetention; + } @Nullable public String getPasswordPlainText(String password) { return Secret.fromString(password).getPlainText(); diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index 3514ccc1..b7ad698f 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -62,7 +62,19 @@ - + + + + + + + + + + Global settings option for Data Retention is disabled + + @@ -128,8 +140,6 @@ - - diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly index 26918737..ee057c0b 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly @@ -56,6 +56,7 @@ + @@ -191,6 +192,12 @@ with="scaSastServerUrl,password,username,timestamp,sastCredentialsId,isProxy" /> + + + + + diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-enableDataRetention.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-enableDataRetention.html new file mode 100644 index 00000000..71e8a7ba --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-enableDataRetention.html @@ -0,0 +1,3 @@ +

+ Enables the option to set number for scan to retain while creating project. +
\ No newline at end of file From 6eb876aaafb11b86c25365c7214eca75da0bfbb7 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Fri, 19 May 2023 17:22:08 +0530 Subject: [PATCH 05/35] Updated Plugin Version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 604c6b93..4d0c5f91 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2022.4.3 +version = 2023.2.1 repositoryVersion= From ef3b673a0272b4a3669163604baac524cdf1131b Mon Sep 17 00:00:00 2001 From: swatipersistent <99341045+swatipersistent@users.noreply.github.com> Date: Fri, 19 May 2023 06:33:01 -0700 Subject: [PATCH 06/35] Report with results of both SCA and SAST from Jenkins Plugin --- .../com/checkmarx/jenkins/CxScanBuilder.java | 112 +++++++++++++++++- .../jenkins/DependencyScanConfig.java | 3 + .../checkmarx/jenkins/ScaReportFormat.java | 15 +++ .../jenkins/CxScanBuilder/config.jelly | 9 ++ .../CxScanBuilder/help-generateScaReport.html | 3 + 5 files changed, 138 insertions(+), 4 deletions(-) create mode 100644 src/main/java/com/checkmarx/jenkins/ScaReportFormat.java create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-generateScaReport.html diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 2401ead5..0d108378 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -169,6 +169,7 @@ public Boolean getOverrideGlobalRetentionRate() { private boolean failBuildOnNewResults; private String failBuildOnNewSeverity; private boolean generatePdfReport; + private boolean generateScaReport; private boolean enableProjectPolicyEnforcement; @Nullable private Integer osaHighThreshold; @@ -208,6 +209,7 @@ public Boolean getOverrideGlobalRetentionRate() { CxLoggerAdapter log; private JobStatusOnError jobStatusOnError; + private ScaReportFormat scaReportFormat; private String exclusionsSetting; private String thresholdSettings; private Result vulnerabilityThresholdResult; @@ -238,6 +240,7 @@ public CxScanBuilder( Boolean sastEnabled, @Nullable String preset, JobStatusOnError jobStatusOnError, + ScaReportFormat scaReportFormat, boolean presetSpecified, String exclusionsSetting, @Nullable String excludeFolders, @@ -260,6 +263,7 @@ public CxScanBuilder( @Nullable Integer osaMediumThreshold, @Nullable Integer osaLowThreshold, boolean generatePdfReport, + boolean generateScaReport, boolean enableProjectPolicyEnforcement, String thresholdSettings, String vulnerabilityThresholdResult, @@ -287,6 +291,7 @@ public CxScanBuilder( this.sastEnabled = sastEnabled; this.preset = (preset != null && !preset.startsWith("Provide Checkmarx")) ? preset : null; this.jobStatusOnError = jobStatusOnError; + this.scaReportFormat = scaReportFormat; this.presetSpecified = presetSpecified; this.exclusionsSetting = exclusionsSetting; this.globalExclusions = "global".equals(exclusionsSetting); @@ -310,6 +315,7 @@ public CxScanBuilder( this.osaMediumThreshold = osaMediumThreshold; this.osaLowThreshold = osaLowThreshold; this.generatePdfReport = generatePdfReport; + this.generateScaReport = generateScaReport; this.enableProjectPolicyEnforcement = enableProjectPolicyEnforcement; this.thresholdSettings = thresholdSettings; if (vulnerabilityThresholdResult != null) { @@ -611,6 +617,10 @@ public void setOsaInstallBeforeScan(boolean osaInstallBeforeScan) { public boolean isGeneratePdfReport() { return generatePdfReport; } + + public boolean isGenerateScaReport() { + return generateScaReport; + } public boolean isEnableProjectPolicyEnforcement() { return enableProjectPolicyEnforcement; @@ -768,6 +778,11 @@ public void setLowThreshold(@Nullable Integer lowThreshold) { public void setGeneratePdfReport(boolean generatePdfReport) { this.generatePdfReport = generatePdfReport; } + + @DataBoundSetter + public void setGenerateScaReport(boolean generateScaReport) { + this.generateScaReport = generateScaReport; + } @DataBoundSetter public void setEnableProjectPolicyEnforcement(boolean enableProjectPolicyEnforcement) { @@ -940,9 +955,11 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul final DescriptorImpl descriptor = getDescriptor(); EnvVars env = run.getEnvironment(listener); setJvmVars(env); - Map fsaVars = getAllFsaVars(env, workspace.getRemote()); - CxScanConfig config = resolveConfiguration(run, descriptor, env, log, workspace); - + Map fsaVars = getAllFsaVars(env); + CxScanConfig config; + try { + config = resolveConfiguration(run, descriptor, env, log, workspace); + if (configAsCode) { try { overrideConfigAsCode(config, workspace); @@ -1004,6 +1021,28 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul scanResults.getSastResults().setSastPDFLink(pdfUrl); } } + + if (config.isGenerateScaReport()) { + if(config.getScaReportFormat() != null) { + String path = ""; + // run.getUrl() returns a URL path similar to job/MyJobName/124/ + //getRootUrl() will return the value of "Manage Jenkins->configuration->Jenkins URL" + String baseUrl = Jenkins.getInstance().getRootUrl(); + if (StringUtils.isNotEmpty(baseUrl)) { + URL parsedUrl = new URL(baseUrl); + path = parsedUrl.getPath(); + } + if (!(path.equals("/"))) { + //to handle this Jenkins root url,EX: http://localhost:8081/jenkins + Path pdfUrlPath = Paths.get(path, run.getUrl(), PDF_URL); + scanResults.getScaResults().setScaPDFLink(pdfUrlPath.toString()); + } else { + //to handle this Jenkins root url,EX: http://localhost:8081/ + String pdfUrl = String.format(PDF_URL_TEMPLATE, run.getUrl()); + scanResults.getScaResults().setScaPDFLink(pdfUrl); + } + } + } //in case of async mode, do not create reports (only the report of the latest scan) //and don't assert threshold vulnerabilities @@ -1015,6 +1054,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul String reportName = generateHTMLReport(workspace, checkmarxBuildDir, config, scanResults); cxScanResult.setHtmlReportName(reportName); run.addAction(cxScanResult); + //create sast reports @@ -1044,6 +1084,9 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul cxScanResult.setHtmlReportName(reportName); } run.addAction(cxScanResult); + } catch (ConfigurationException e1) { + e1.printStackTrace(); + } } private void overrideConfigAsCode(CxScanConfig config, FilePath workspace) throws ConfigurationException { @@ -1274,6 +1317,14 @@ private void createScaReports(AstScaResults scaResults, FilePath checkmarxBuildD writeJsonObjectToFile(scaResults.getSummary(), checkmarxBuildDir, SCA_SUMMERY_JSON); writeJsonObjectToFile(scaResults.getPackages(), checkmarxBuildDir, SCA_LIBRARIES_JSON); writeJsonObjectToFile(scaResults.getFindings(), checkmarxBuildDir, SCA_VULNERABILITIES_JSON); + if (scaResults.getPDFReport() != null) { + File pdfReportFile = new File(checkmarxBuildDir, CxScanResult.PDF_REPORT_NAME); + try { + FileUtils.writeByteArrayToFile(pdfReportFile, scaResults.getPDFReport()); + } catch (IOException e) { + log.warn("Failed to write SCA PDF report to workspace: " + e.getMessage()); + } + } } /** @@ -1359,7 +1410,7 @@ private Boolean verifyCustomCharacters(String inputString) { } return true; } - private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descriptor, EnvVars env, CxLoggerAdapter log, FilePath workspace) throws IOException { + private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descriptor, EnvVars env, CxLoggerAdapter log, FilePath workspace) throws IOException, ConfigurationException { CxScanConfig ret = new CxScanConfig(); ret.setIsOverrideProjectSetting(overrideProjectSetting); @@ -1535,6 +1586,20 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript } ret.setEnablePolicyViolations(enableProjectPolicyEnforcement); + if (!ret.isAstScaEnabled() || !ret.getSynchronous()) { + generateScaReport = false; + } + if (ret.isAstScaEnabled()) { + ret.setGenerateScaReport(generateScaReport); + ret.setScaReportFormat(scaReportFormat.name()); + if (ret.getScaReportFormat() != null && !ret.getScaReportFormat().isEmpty()) { + ret.setGenerateScaReport(true); + } else { + ret.setGenerateScaReport(false); + throw new ConfigurationException("Invalid SCA report format:" + scaReportFormat + "."); + } + } + // Set the Continue build flag to Configuration object if Option from UI is choosen as useContinueBuildOnError if (useContinueBuildOnError(getDescriptor())) { ret.setContinueBuild(Boolean.TRUE); @@ -1832,6 +1897,7 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { log.info("CxSCA web app URL: " + config.getAstScaConfig().getWebAppUrl()); log.info("Account: " + config.getAstScaConfig().getTenant()); log.info("Team: " + config.getAstScaConfig().getTeamPath()); + log.info("is generate SCA report: "+ config.isGenerateScaReport()); } } @@ -2243,6 +2309,15 @@ public DescriptorImpl getDescriptor() { return (DescriptorImpl) super.getDescriptor(); } + public ScaReportFormat getScaReportFormat() { + return scaReportFormat; + } + + @DataBoundSetter + public void setScaReportFormat(ScaReportFormat scaReportFormat) { + this.scaReportFormat = scaReportFormat; + } + @Extension public static final class DescriptorImpl extends BuildStepDescriptor { @@ -2760,6 +2835,22 @@ public FormValidation doCheckIncremental(@QueryParameter boolean value, @QueryPa return FormValidation.ok(); } + + @POST + public FormValidation doCheckGenerateScaReport(@QueryParameter boolean value, @QueryParameter boolean dependencyScanConfig, @QueryParameter boolean generateScaReport,@AncestorInPath Item item) { + if (item == null) { + return FormValidation.ok(); + } + item.checkPermission(Item.CONFIGURE); + if (!dependencyScanConfig && value) { + generateScaReport=false; + dependencyScanConfig = false; + return FormValidation.error("Enable dependency scanner as SCA"); + } + + return FormValidation.ok(); + } + @POST public FormValidation doTestScaSASTConnection(@QueryParameter final String scaSastServerUrl, @QueryParameter final String password, @@ -3186,6 +3277,19 @@ public ListBoxModel doFillVulnerabilityThresholdResultItems(@AncestorInPath Item return listBoxModel; } + + @POST + public ListBoxModel doFillScaReportFormat(@AncestorInPath Item item) { + if (item == null) { + return new ListBoxModel(); + } + item.checkPermission(Item.CONFIGURE); + ListBoxModel listBoxModel = new ListBoxModel(); + for (ScaReportFormat status : ScaReportFormat.values()) { + listBoxModel.add(new ListBoxModel.Option(status.getDisplayName(), status.name())); + } + return listBoxModel; + } /* diff --git a/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java b/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java index 611d34ef..2bc574f1 100644 --- a/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java +++ b/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java @@ -77,6 +77,9 @@ public class DependencyScanConfig { @DataBoundSetter public Integer scaTimeout; + @DataBoundSetter + public boolean generateScaReport; + @DataBoundSetter public boolean isIncludeSources; diff --git a/src/main/java/com/checkmarx/jenkins/ScaReportFormat.java b/src/main/java/com/checkmarx/jenkins/ScaReportFormat.java new file mode 100644 index 00000000..8da51a05 --- /dev/null +++ b/src/main/java/com/checkmarx/jenkins/ScaReportFormat.java @@ -0,0 +1,15 @@ +package com.checkmarx.jenkins; + +public enum ScaReportFormat { + PDF("PDF"), XML("XML"), CSV("CSV"), JSON("JSON"), cyclonedxjson("cyclonedxjson"), cyclonedxxml("cyclonedxxml"); + + private final String displayName; + + ScaReportFormat(String displayName) { + this.displayName = displayName; + } + + public String getDisplayName() { + return displayName; + } +} \ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index db91c5d5..770e5d6c 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -323,6 +323,15 @@ + + + + + ${it.displayName} + + + diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-generateScaReport.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-generateScaReport.html new file mode 100644 index 00000000..5cd99e9c --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-generateScaReport.html @@ -0,0 +1,3 @@ +
+ Downloads a PDF report with scan results from the Checkmarx server. The report is available via a link on "Checkmarx Scan Results" page. +
\ No newline at end of file From be271ce1bb11769517c1f47b50fcfbe46bf2e053 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Sun, 21 May 2023 14:10:43 +0530 Subject: [PATCH 07/35] updated scaresolver additional param --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 2401ead5..a28db954 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2207,6 +2207,12 @@ private String checkMissingMandatoryAdditionalParams(String additionalParams, Fi else throw new CxClientException("sast result path must be specified"); } + if (!additionalParams.contains("--cxprojectname ") && !additionalParams.contains("--cxprojectid ")) { + if(StringUtils.isNotEmpty(config.getProjectName())) + additionalParams += " --cxprojectname "+ config.getProjectName(); + else + throw new CxClientException("sast project name or sast project id must be specified"); + } } log.debug("Sca Resolver Additional params: "+additionalParams); return additionalParams; From 55f0c8882bc304a68e1ca8c214de58244b75a12a Mon Sep 17 00:00:00 2001 From: swatipersistent <99341045+swatipersistent@users.noreply.github.com> Date: Sun, 21 May 2023 21:47:43 -0700 Subject: [PATCH 08/35] Removed unwanted code changes for issue related to sca report generation --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 0d108378..b7d60cdf 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -955,7 +955,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul final DescriptorImpl descriptor = getDescriptor(); EnvVars env = run.getEnvironment(listener); setJvmVars(env); - Map fsaVars = getAllFsaVars(env); + Map fsaVars = getAllFsaVars(env, workspace.getRemote()); CxScanConfig config; try { config = resolveConfiguration(run, descriptor, env, log, workspace); @@ -1317,14 +1317,6 @@ private void createScaReports(AstScaResults scaResults, FilePath checkmarxBuildD writeJsonObjectToFile(scaResults.getSummary(), checkmarxBuildDir, SCA_SUMMERY_JSON); writeJsonObjectToFile(scaResults.getPackages(), checkmarxBuildDir, SCA_LIBRARIES_JSON); writeJsonObjectToFile(scaResults.getFindings(), checkmarxBuildDir, SCA_VULNERABILITIES_JSON); - if (scaResults.getPDFReport() != null) { - File pdfReportFile = new File(checkmarxBuildDir, CxScanResult.PDF_REPORT_NAME); - try { - FileUtils.writeByteArrayToFile(pdfReportFile, scaResults.getPDFReport()); - } catch (IOException e) { - log.warn("Failed to write SCA PDF report to workspace: " + e.getMessage()); - } - } } /** From 982c450d8fd873f1f87f9a6b526a52497c69842e Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Mon, 22 May 2023 16:09:50 +0530 Subject: [PATCH 09/35] Added UI and log level validation for Exploitable Path params in SCA Resolver --- .../com/checkmarx/jenkins/CxScanBuilder.java | 176 ++++++++++++------ 1 file changed, 118 insertions(+), 58 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 4624cbd1..83ef0aa0 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2216,65 +2216,94 @@ private void validateScaResolverParams(String additionalParams, CxScanConfig con } } - private String checkMissingMandatoryAdditionalParams(String additionalParams, FilePath workspace, CxScanConfig config, boolean isExploitablePathByScaResolver) { - if (additionalParams == null) { - additionalParams = ""; - } - if (!additionalParams.contains("-n ")) { - if(StringUtils.isNotEmpty(config.getProjectName())) - additionalParams += " -n " +config.getProjectName(); - else - throw new CxClientException("projectname must be specified"); - } - - if (!additionalParams.contains("-s ")) { - if(null != workspace) - additionalParams += " -s " + workspace; - else - throw new CxClientException("source path must be specified"); - } + private String checkMissingMandatoryAdditionalParams(String additionalParams, FilePath workspace, + CxScanConfig config, boolean isExploitablePathByScaResolver) { + if (additionalParams == null) { + additionalParams = ""; + } + if (!additionalParams.contains("-n ")) { + if (StringUtils.isNotEmpty(config.getProjectName())) + additionalParams += " -n " + config.getProjectName(); + else + throw new CxClientException("projectname must be specified"); + } - if (!additionalParams.contains("-r ") && !additionalParams.contains("--resolver-result-path ")) { - if(null != workspace) - additionalParams += " -r " + workspace + File.separator + scaResolverResultPath; - else - throw new CxClientException("result path must be specified"); - } - if(isExploitablePathByScaResolver) { - if (!additionalParams.contains("--cxserver ")) { - if(StringUtils.isNotEmpty(config.getUrl())) - additionalParams += " --cxserver " +config.getUrl(); - else - throw new CxClientException("cxserver must be specified"); - } - if (!additionalParams.contains("--cxuser ")) { - if(StringUtils.isNotEmpty(config.getUsername())) - additionalParams += " --cxuser " +config.getUsername(); - else - throw new CxClientException("cxuser must be specified"); - } - if (!additionalParams.contains("--cxpassword ")) { - if(StringUtils.isNotEmpty(config.getPassword())) - additionalParams += " --cxpassword " +config.getPassword(); - else - throw new CxClientException("cxpassword must be specified"); - } - if (!additionalParams.contains("--sast-result-path ")) { - if(null != workspace) - additionalParams += " --sast-result-path "+ workspace + File.separator + scaResolverSastResultPath; - else - throw new CxClientException("sast result path must be specified"); - } - if (!additionalParams.contains("--cxprojectname ") && !additionalParams.contains("--cxprojectid ")) { - if(StringUtils.isNotEmpty(config.getProjectName())) - additionalParams += " --cxprojectname "+ config.getProjectName(); - else - throw new CxClientException("sast project name or sast project id must be specified"); - } - } - log.debug("Sca Resolver Additional params: "+additionalParams); - return additionalParams; - } + if (!additionalParams.contains("-s ")) { + if (null != workspace) + additionalParams += " -s " + workspace; + else + throw new CxClientException("source path must be specified"); + } + + if (!additionalParams.contains("-r ") && !additionalParams.contains("--resolver-result-path ")) { + if (null != workspace) + additionalParams += " -r " + workspace + File.separator + scaResolverResultPath; + else + throw new CxClientException("result path must be specified"); + } + if (isExploitablePathByScaResolver && !additionalParams.isEmpty() + && exploitablePathParamsIncomplete(additionalParams.contains("--cxserver "), + additionalParams.contains("--cxuser"), additionalParams.contains("--cxpassword "), + additionalParams.contains("--cxprojectname "), additionalParams.contains("--cxprojectid "), + additionalParams.contains("--sast-result-path "))) { + log.warn( + "Partial sca resolver additional parameters will be override for exploitable path detection. Rest other parameters will be taken from Job level arguments."); + } + + if (isExploitablePathByScaResolver && (additionalParams.contains("--cxserver ") + && additionalParams.contains("--cxuser ") && additionalParams.contains("--cxpassword ") + && additionalParams.contains("--sast-result-path ") + && (additionalParams.contains("--cxprojectname ") || additionalParams.contains("--cxprojectid ")))) { + log.warn("Sca Resolver additional parameters will be used for exploitable path detection"); + + } + + if (isExploitablePathByScaResolver) { + if (!additionalParams.contains("--cxserver ")) { + if (StringUtils.isNotEmpty(config.getUrl())) + additionalParams += " --cxserver " + config.getUrl(); + else + throw new CxClientException("cxserver must be specified"); + } + if (!additionalParams.contains("--cxuser ")) { + if (StringUtils.isNotEmpty(config.getUsername())) + additionalParams += " --cxuser " + config.getUsername(); + else + throw new CxClientException("cxuser must be specified"); + } + if (!additionalParams.contains("--cxpassword ")) { + if (StringUtils.isNotEmpty(config.getPassword())) + additionalParams += " --cxpassword " + config.getPassword(); + else + throw new CxClientException("cxpassword must be specified"); + } + if (!additionalParams.contains("--sast-result-path ")) { + if (null != workspace) + additionalParams += " --sast-result-path " + workspace + File.separator + scaResolverSastResultPath; + else + throw new CxClientException("sast result path must be specified"); + } + if (!additionalParams.contains("--cxprojectname ") && !additionalParams.contains("--cxprojectid ")) { + if (StringUtils.isNotEmpty(config.getProjectName())) + additionalParams += " --cxprojectname " + config.getProjectName(); + else + throw new CxClientException("sast project name or sast project id must be specified"); + } + } + log.debug("Sca Resolver Additional params: " + additionalParams); + return additionalParams; + } + + private boolean exploitablePathParamsIncomplete(boolean isServerURL, boolean isUser, boolean isPassword, + boolean isProjectId, boolean isProjectName, boolean isSastResultPath) { + boolean partialParams = false; + partialParams = isServerURL && !partialParams ? false : true; + partialParams = isUser && !partialParams ? false : true; + partialParams = isPassword && !partialParams ? false : true; + partialParams = (isProjectId || isProjectName) && !partialParams ? false : true; + partialParams = isSastResultPath && !partialParams ? false : true; + return partialParams; + } private void fileExists(String file) { @@ -2774,6 +2803,37 @@ public FormValidation doCheckScaSASTProjectID(@QueryParameter String value, @Que return FormValidation.ok(); } + @POST + public FormValidation doCheckScaResolverAddParameters(@QueryParameter String value, @QueryParameter boolean isExploitablePathByScaResolver, @AncestorInPath Item item) { + if(item == null) { + return FormValidation.ok(); + } + item.checkPermission(Item.CONFIGURE); + if(!isExploitablePathByScaResolver && ((value.contains("--cxserver ") && + value.contains("--cxuser ") && value.contains("--cxpassword ") && + value.contains("--cxprojectid ") || value.contains("--cxprojectname ") && + value.contains("--sast-result-path ")))) { + return FormValidation.error("Enable Exploitable Path to use Exploitable Path Detection"); + } + return FormValidation.ok(); + } + + @POST + public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter boolean value, @QueryParameter String scaResolverAddParameters, @AncestorInPath Item item) { + if(item == null) { + return FormValidation.ok(); + } + item.checkPermission(Item.CONFIGURE); + if((scaResolverAddParameters.contains("--cxserver ") && + scaResolverAddParameters.contains("--cxuser ") && scaResolverAddParameters.contains("--cxpassword ") && + scaResolverAddParameters.contains("--cxprojectid ") || scaResolverAddParameters.contains("--cxprojectname ") && + scaResolverAddParameters.contains("--sast-result-path ")) && !value) { + return FormValidation.error("Enable Exploitable Path to use Exploitable Path Detection"); + } + return FormValidation.ok(); + + + } /** * This method verify correct format for Custom Fields From 24f7e40dbdea166d187b3d341dd8240fb75db663 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 25 May 2023 18:36:54 +0530 Subject: [PATCH 10/35] support 0 value for data retention --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 3 +++ .../resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 924d37a2..1cc25e49 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -1374,6 +1374,9 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript ret.setEnableDataRetention(getDescriptor().isEnableDataRetention()); if (getDescriptor().isEnableDataRetention()) { if (getOverrideGlobalRetentionRate()) { + if(getProjectRetentionRate()==0){ + ret.setEnableDataRetention(false); + } ret.setProjectRetentionRate(getProjectRetentionRate()); } else { ret.setProjectRetentionRate(getDescriptor().getprojectRetentionRate()); diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index b7ad698f..399cbc72 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -67,7 +67,7 @@ - + From 3a1c81267fa4dfada10161de20e262376822a38b Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Thu, 25 May 2023 19:23:16 +0530 Subject: [PATCH 11/35] Added UI Validations and Log Messages for SCA Resolver Additional Parameters --- .../com/checkmarx/jenkins/CxScanBuilder.java | 328 ++++++++++++++---- .../jenkins/DependencyScanConfig.java | 6 + .../jenkins/CxScanBuilder/global.jelly | 6 +- 3 files changed, 273 insertions(+), 67 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 2401ead5..6ad94bb1 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -1270,11 +1270,23 @@ private void mapSastConfiguration(Optional sast, CxScanConfig scanCo }); } - private void createScaReports(AstScaResults scaResults, FilePath checkmarxBuildDir) { - writeJsonObjectToFile(scaResults.getSummary(), checkmarxBuildDir, SCA_SUMMERY_JSON); - writeJsonObjectToFile(scaResults.getPackages(), checkmarxBuildDir, SCA_LIBRARIES_JSON); - writeJsonObjectToFile(scaResults.getFindings(), checkmarxBuildDir, SCA_VULNERABILITIES_JSON); - } + private void createScaReports(AstScaResults scaResults, FilePath checkmarxBuildDir) { + writeJsonObjectToFile(scaResults.getSummary(), checkmarxBuildDir, SCA_SUMMERY_JSON); + writeJsonObjectToFile(scaResults.getPackages(), checkmarxBuildDir, SCA_LIBRARIES_JSON); + writeJsonObjectToFile(scaResults.getFindings(), checkmarxBuildDir, SCA_VULNERABILITIES_JSON); + + if (scaResults.getPDFReport() != null) { + String pdfReportPath = checkmarxBuildDir.getRemote() + File.separator + CxScanResult.SCA_PDF_REPORT_NAME; + log.debug("PDF Report path: " + pdfReportPath); + File pdfReportFile = new File(pdfReportPath); + try { + FileUtils.writeByteArrayToFile(pdfReportFile, scaResults.getPDFReport()); + log.info("PDF Report generated at location: " + pdfReportPath); + } catch (IOException e) { + log.warn("Failed to write SCA PDF report to workspace: " + e.getMessage()); + } + } + } /** * Method validate if CxServerURL is part of 'No proxy host' @@ -1675,7 +1687,7 @@ private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConf DependencyScanConfig dsConfig; boolean globalSettingsInUse = false; if (dsConfigJobLevel.overrideGlobalConfig) { - dsConfig = dsConfigJobLevel; + dsConfig = dsConfigJobLevel; } else { globalSettingsInUse = true; dsConfig = descriptor.getDependencyScanConfig(); @@ -1691,12 +1703,17 @@ private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConf result.setIncludeSources(dsConfig.isIncludeSources); //add SCA Resolver code here - String additionalParams = dsConfig.scaResolverAddParameters; + String additionalParams = (globalSettingsInUse == true) ? dsConfig.globalScaResolverAddParameters + : dsConfig.scaResolverAddParameters; + boolean isExploitablePath = (globalSettingsInUse == true) ? dsConfig.isGlobalExploitablePathByScaResolver + : dsConfig.isExploitablePathByScaResolver; + if (dsConfig.enableScaResolver != null && SCAScanType.SCA_RESOLVER.toString().equalsIgnoreCase(dsConfig.enableScaResolver.toString())) { // scaResolverPathExist(dsConfig.pathToScaResolver); validateScaResolverParams(additionalParams, config, workspace); - additionalParams = checkMissingMandatoryAdditionalParams(additionalParams, workspace, config, dsConfig.isExploitablePathByScaResolver); + additionalParams = checkMissingMandatoryAdditionalParams(additionalParams, workspace, config, + isExploitablePath); result.setEnableScaResolver(true); } else result.setEnableScaResolver(false); @@ -1832,6 +1849,10 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { log.info("CxSCA web app URL: " + config.getAstScaConfig().getWebAppUrl()); log.info("Account: " + config.getAstScaConfig().getTenant()); log.info("Team: " + config.getAstScaConfig().getTeamPath()); + log.info("is generate SCA report: "+ config.isGenerateScaReport()); + log.info("Enable Sca Resolver: " +config.getAstScaConfig().isEnableScaResolver()); + if(config.getAstScaConfig().isEnableScaResolver()) + log.info("Enable Exploitable Path by Sca Resolver: "+((dependencyScanConfig.overrideGlobalConfig) ? dependencyScanConfig.isExploitablePathByScaResolver : dependencyScanConfig.isGlobalExploitablePathByScaResolver); } } @@ -2158,59 +2179,85 @@ private void validateScaResolverParams(String additionalParams, CxScanConfig con } } - private String checkMissingMandatoryAdditionalParams(String additionalParams, FilePath workspace, CxScanConfig config, boolean isExploitablePathByScaResolver) { - if (additionalParams == null) { - additionalParams = ""; - } - if (!additionalParams.contains("-n ")) { - if(StringUtils.isNotEmpty(config.getProjectName())) - additionalParams += " -n " +config.getProjectName(); - else - throw new CxClientException("projectname must be specified"); - } - - if (!additionalParams.contains("-s ")) { - if(null != workspace) - additionalParams += " -s " + workspace; - else - throw new CxClientException("source path must be specified"); - } - - if (!additionalParams.contains("-r ") && !additionalParams.contains("--resolver-result-path ")) { - if(null != workspace) - additionalParams += " -r " + workspace + File.separator + scaResolverResultPath; - else - throw new CxClientException("result path must be specified"); - } - if(isExploitablePathByScaResolver) { - if (!additionalParams.contains("--cxserver ")) { - if(StringUtils.isNotEmpty(config.getUrl())) - additionalParams += " --cxserver " +config.getUrl(); - else - throw new CxClientException("cxserver must be specified"); - } - if (!additionalParams.contains("--cxuser ")) { - if(StringUtils.isNotEmpty(config.getUsername())) - additionalParams += " --cxuser " +config.getUsername(); - else - throw new CxClientException("cxuser must be specified"); - } - if (!additionalParams.contains("--cxpassword ")) { - if(StringUtils.isNotEmpty(config.getPassword())) - additionalParams += " --cxpassword " +config.getPassword(); - else - throw new CxClientException("cxpassword must be specified"); - } - if (!additionalParams.contains("--sast-result-path ")) { - if(null != workspace) - additionalParams += " --sast-result-path "+ workspace + File.separator + scaResolverSastResultPath; - else - throw new CxClientException("sast result path must be specified"); - } - } - log.debug("Sca Resolver Additional params: "+additionalParams); - return additionalParams; - } + private String checkMissingMandatoryAdditionalParams(String additionalParams, FilePath workspace, + CxScanConfig config, boolean isExploitablePathByScaResolver) { + if (additionalParams == null) { + additionalParams = ""; + } + String addParams = additionalParams; + if (!additionalParams.contains("-n ")) { + if (StringUtils.isNotEmpty(config.getProjectName())) + additionalParams += " -n " + config.getProjectName(); + else + throw new CxClientException("projectname must be specified"); + } + + if (!additionalParams.contains("-s ")) { + if (null != workspace) + additionalParams += " -s " + workspace; + else + throw new CxClientException("source path must be specified"); + } + + if (!additionalParams.contains("-r ") && !additionalParams.contains("--resolver-result-path ")) { + if (null != workspace) + additionalParams += " -r " + workspace + File.separator + scaResolverResultPath; + else + throw new CxClientException("result path must be specified"); + } + if (isExploitablePathByScaResolver) { + if (!additionalParams.contains("--cxserver ")) { + if (StringUtils.isNotEmpty(config.getUrl())) + additionalParams += " --cxserver " + config.getUrl(); + else + throw new CxClientException("cxserver must be specified"); + } + if (!additionalParams.contains("--cxuser ")) { + if (StringUtils.isNotEmpty(config.getUsername())) + additionalParams += " --cxuser " + config.getUsername(); + else + throw new CxClientException("cxuser must be specified"); + } + if (!additionalParams.contains("--cxpassword ")) { + if (StringUtils.isNotEmpty(config.getPassword())) + additionalParams += " --cxpassword " + config.getPassword(); + else + throw new CxClientException("cxpassword must be specified"); + } + if (!additionalParams.contains("--sast-result-path ")) { + if (null != workspace) + additionalParams += " --sast-result-path " + workspace + File.separator + scaResolverSastResultPath; + else + throw new CxClientException("sast result path must be specified"); + } + if (!additionalParams.contains("--cxprojectname ") && !additionalParams.contains("--cxprojectid ")) { + if (StringUtils.isNotEmpty(config.getProjectName())) + additionalParams += " --cxprojectname " + config.getProjectName(); + else + throw new CxClientException("sast project name or sast project id must be specified"); + } + } + if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") && addParams.contains("--cxuser ") + && addParams.contains("--cxpassword ") + && (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) + && addParams.contains("--sast-result-path "))) + log.warn( + "All SAST Parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."); + + else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") + || addParams.contains("--cxpassword ") + || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) + || addParams.contains("--sast-result-path "))) + log.warn( + "Provided SAST Parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be taken from ScaResolver Additional Parameters. Rest missing parameters will be taken from the Job level parameters."); + + if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") + || addParams.contains("--resolver-result-path")) + log.warn( + "Provided parameters (-n , -s, -r or --resolver-result-path) will be taken from ScaResolver Additional Parameters. Rest missing parameters will be taken from the Job level parameters."); + + return additionalParams; + } private void fileExists(String file) { @@ -2690,17 +2737,170 @@ public FormValidation doTestConnection(@QueryParameter final boolean enableCerti * browser. */ @POST - public FormValidation doCheckScaSASTProjectID(@QueryParameter String value, @QueryParameter String scaSASTProjectFullPath,@AncestorInPath Item item) { + public FormValidation doCheckScaSASTProjectID(@QueryParameter String value, @QueryParameter String scaSASTProjectFullPath, @AncestorInPath Item item) { if (item == null) { return FormValidation.ok(); - } + } item.checkPermission(Item.CONFIGURE); if (StringUtil.isNullOrEmpty(value) && StringUtil.isNullOrEmpty(scaSASTProjectFullPath)) { return FormValidation.error("Must provide value for either 'Project Full Path' or 'Project Id'."); } return FormValidation.ok(); } - + + + private boolean checkAllSastAddParamsWithoutExpPath(boolean isExploitablePathByScaResolver, + String scaResolverAddParameters) { + return (!isExploitablePathByScaResolver && (scaResolverAddParameters.contains("--cxserver ") + && scaResolverAddParameters.contains("--cxuser ") + && scaResolverAddParameters.contains("--cxpassword ") + && (scaResolverAddParameters.contains("--cxprojectid ") + || scaResolverAddParameters.contains("--cxprojectname ")) + && scaResolverAddParameters.contains("--sast-result-path "))); + } + + private boolean checkAnySastAddParamsWithExpPath(boolean isExploitablePathByScaResolver, + String scaResolverAddParameters) { + return (isExploitablePathByScaResolver && (scaResolverAddParameters.contains("--cxserver ") + || scaResolverAddParameters.contains("--cxuser ") + || scaResolverAddParameters.contains("--cxpassword ") + || (scaResolverAddParameters.contains("--cxprojectid ") + || scaResolverAddParameters.contains("--cxprojectname ")) + || scaResolverAddParameters.contains("--sast-result-path "))); + } + + private boolean checkAnyMandatoryAddParams(String scaResolverAddParameters) { + return (scaResolverAddParameters.contains("-n ") || scaResolverAddParameters.contains("-s ") + || scaResolverAddParameters.contains("-r ") + || scaResolverAddParameters.contains("--resolver-result-path")); + } + + /** + * This method validates the SCA Resolver Additional Parameters on UI. + * + * @param value: Indicates scaResolverAddParameters. + * @param isExploitablePathByScaResolver + * @return FormValidation: Indicates the outcome of the validation and send to + * UI. + */ + @POST + public FormValidation doCheckScaResolverAddParameters(@QueryParameter String value, + @QueryParameter boolean isExploitablePathByScaResolver) { + String warnMessage = ""; + String errorMessage = ""; + String otherWarnMessage = ""; + if (checkAllSastAddParamsWithoutExpPath(isExploitablePathByScaResolver, value)) { + errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."; + } else if (checkAnySastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { + warnMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered. Rest missing parameters will be considered from the Job/Global level parameters."; + } + if (checkAnyMandatoryAddParams(value)) { + otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Rest missing parameters will be considered from the Job level parameters."; + } + if (!StringUtil.isNullOrEmpty(errorMessage)) { + if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + errorMessage += "\n" + otherWarnMessage; + return FormValidation.error(errorMessage); + } else if (!StringUtil.isNullOrEmpty(warnMessage)) { + if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + warnMessage += "\n" + otherWarnMessage; + return FormValidation.warning(warnMessage); + } else if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + return FormValidation.warning(otherWarnMessage); + return FormValidation.ok(); + } + + /** + * This method validates the SCA Resolver Additional Parameters on UI. + * + * @param value: Indicates isExploitablePathByScaResolver. + * @param scaResolverAddParameters + * @return FormValidation: Indicates the outcome of the validation and send to + * UI. + */ + @POST + public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter boolean value, + @QueryParameter String scaResolverAddParameters) { + String warnMessage = ""; + String errorMessage = ""; + if (checkAllSastAddParamsWithoutExpPath(value, scaResolverAddParameters)) { + errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But 'Enable Exploitable Path' is disabled."; + } else if (checkAnySastAddParamsWithExpPath(!value, scaResolverAddParameters)) { + errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; + } + if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { + warnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Rest missing parameters will be taken from the Job level parameters."; + } + if (!StringUtil.isNullOrEmpty(errorMessage)) + return FormValidation.error(errorMessage); + else if (!StringUtil.isNullOrEmpty(warnMessage)) + return FormValidation.warning(warnMessage); + return FormValidation.ok(); + } + + /** + * This method validates the Global SCA Resolver Additional Parameters on UI. + * + * @param value: Indicates + * globalScaResolverAddParameters. + * @param isGlobalExploitablePathByScaResolver + * @return FormValidation: Indicates the outcome of the validation and send to + * UI. + */ + @POST + public FormValidation doCheckGlobalScaResolverAddParameters(@QueryParameter String value, + @QueryParameter boolean isGlobalExploitablePathByScaResolver) { + String warnMessage = ""; + String errorMessage = ""; + String otherWarnMessage = ""; + String globalWarnMessage = "Given parameters will be considered only if 'Override global dependency scan settings' parameter is disabled at Job Level."; + if (checkAllSastAddParamsWithoutExpPath(isGlobalExploitablePathByScaResolver, value)) { + errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."; + } else if (checkAnySastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { + warnMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered. Rest missing parameters will be considered from the Job/Global level parameters."; + } + if (checkAnyMandatoryAddParams(value)) { + otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Rest missing parameters will be considered from the Job level parameters."; + } + if (!StringUtil.isNullOrEmpty(errorMessage)) { + if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + errorMessage += "\n" + otherWarnMessage; + return FormValidation.error(errorMessage); + } + if (!StringUtil.isNullOrEmpty(warnMessage) || !StringUtil.isNullOrEmpty(otherWarnMessage)) + return FormValidation.warning(globalWarnMessage + "\n" + warnMessage + "\n" + otherWarnMessage); + return FormValidation.ok(); + } + + /** + * This method validates the Global SCA Resolver Additional Parameters on UI. + * + * @param value: Indicates + * isGlobalExploitablePathByScaResolver. + * @param globalScaResolverAddParameters + * @return FormValidation: Indicates the outcome of the validation and send to + * UI. + */ + @POST + public FormValidation doCheckIsGlobalExploitablePathByScaResolver(@QueryParameter boolean value, + @QueryParameter String globalScaResolverAddParameters) { + String warnMessage = ""; + String errorMessage = ""; + String globalWarnMessage = "Given parameters will be considered only if 'Override global dependency scan settings' parameter is disabled at Job Level."; + if (checkAllSastAddParamsWithoutExpPath(value, globalScaResolverAddParameters)) { + errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But 'Enable Exploitable Path' is disabled."; + } else if (checkAnySastAddParamsWithExpPath(!value, globalScaResolverAddParameters)) { + errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; + } + if (checkAnyMandatoryAddParams(globalScaResolverAddParameters)) { + warnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Rest missing parameters will be taken from the Job level parameters."; + } + if (!StringUtil.isNullOrEmpty(errorMessage)) + return FormValidation.error(errorMessage); + else if (!StringUtil.isNullOrEmpty(warnMessage)) + return FormValidation.warning(globalWarnMessage + "\n" + warnMessage); + return FormValidation.ok(); + } /** * This method verify correct format for Custom Fields diff --git a/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java b/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java index 611d34ef..23dd7460 100644 --- a/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java +++ b/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java @@ -89,9 +89,15 @@ public class DependencyScanConfig { @DataBoundSetter public String scaResolverAddParameters; + @DataBoundSetter + public String globalScaResolverAddParameters; + @DataBoundSetter public boolean isExploitablePathByScaResolver; + @DataBoundSetter + public boolean isGlobalExploitablePathByScaResolver; + @DataBoundSetter public String fsaVariables; diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly index ce5db118..1389a84b 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly @@ -177,10 +177,10 @@ - - + + - + Date: Thu, 25 May 2023 21:51:05 +0530 Subject: [PATCH 12/35] Resolving Merge Conflict --- .../com/checkmarx/jenkins/CxScanBuilder.java | 46 ++++++++----------- 1 file changed, 18 insertions(+), 28 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 28078bf8..36ffefda 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -970,7 +970,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul //print configuration - printConfiguration(config, log); + printConfiguration(config, descriptor, log); //validate at least one scan type is enabled if (!config.isSastEnabled() && !config.isAstScaEnabled() && !config.isOsaEnabled()) { @@ -1317,18 +1317,6 @@ private void createScaReports(AstScaResults scaResults, FilePath checkmarxBuildD writeJsonObjectToFile(scaResults.getSummary(), checkmarxBuildDir, SCA_SUMMERY_JSON); writeJsonObjectToFile(scaResults.getPackages(), checkmarxBuildDir, SCA_LIBRARIES_JSON); writeJsonObjectToFile(scaResults.getFindings(), checkmarxBuildDir, SCA_VULNERABILITIES_JSON); - - if (scaResults.getPDFReport() != null) { - String pdfReportPath = checkmarxBuildDir.getRemote() + File.separator + CxScanResult.SCA_PDF_REPORT_NAME; - log.debug("PDF Report path: " + pdfReportPath); - File pdfReportFile = new File(pdfReportPath); - try { - FileUtils.writeByteArrayToFile(pdfReportFile, scaResults.getPDFReport()); - log.info("PDF Report generated at location: " + pdfReportPath); - } catch (IOException e) { - log.warn("Failed to write SCA PDF report to workspace: " + e.getMessage()); - } - } } /** @@ -1760,9 +1748,9 @@ private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConf result.setIncludeSources(dsConfig.isIncludeSources); //add SCA Resolver code here - String additionalParams = (globalSettingsInUse == true) ? dsConfig.globalScaResolverAddParameters + String additionalParams = (globalSettingsInUse) ? dsConfig.globalScaResolverAddParameters : dsConfig.scaResolverAddParameters; - boolean isExploitablePath = (globalSettingsInUse == true) ? dsConfig.isGlobalExploitablePathByScaResolver + boolean isExploitablePath = (globalSettingsInUse) ? dsConfig.isGlobalExploitablePathByScaResolver : dsConfig.isExploitablePathByScaResolver; if (dsConfig.enableScaResolver != null @@ -1836,7 +1824,7 @@ private ScannerType getDependencyScannerType(CxScanConfig config) { return result; } - private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { + private void printConfiguration(CxScanConfig config, DescriptorImpl descriptor, CxLoggerAdapter log) { log.info("---------------------------------------Configurations:------------------------------------"); log.info("plugin version: {}", CxConfig.version()); log.info("server url: " + config.getUrl()); @@ -1900,18 +1888,20 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { log.info(" OSA run Execute dependency managers install packages command before Scan: " + config.getOsaRunInstall()); } if (config.isAstScaEnabled() && config.getAstScaConfig() != null){ - log.info("Use CxSCA dependency scanner is enabled"); - log.info("CxSCA API URL: " + config.getAstScaConfig().getApiUrl()); - log.info("Access control server URL: " + config.getAstScaConfig().getAccessControlUrl()); - log.info("CxSCA web app URL: " + config.getAstScaConfig().getWebAppUrl()); - log.info("Account: " + config.getAstScaConfig().getTenant()); - log.info("Team: " + config.getAstScaConfig().getTeamPath()); - log.info("is generate SCA report: "+ config.isGenerateScaReport()); - log.info("Enable Sca Resolver: " +config.getAstScaConfig().isEnableScaResolver()); - if(config.getAstScaConfig().isEnableScaResolver()) - log.info("Enable Exploitable Path by Sca Resolver: "+((dependencyScanConfig.overrideGlobalConfig) ? dependencyScanConfig.isExploitablePathByScaResolver : dependencyScanConfig.isGlobalExploitablePathByScaResolver); - } - } + log.info("Use CxSCA dependency scanner is enabled"); + log.info("CxSCA API URL: " + config.getAstScaConfig().getApiUrl()); + log.info("Access control server URL: " + config.getAstScaConfig().getAccessControlUrl()); + log.info("CxSCA web app URL: " + config.getAstScaConfig().getWebAppUrl()); + log.info("Account: " + config.getAstScaConfig().getTenant()); + log.info("Team: " + config.getAstScaConfig().getTeamPath()); + log.info("is generate SCA report: " + config.isGenerateScaReport()); + log.info("Enable Sca Resolver: " + config.getAstScaConfig().isEnableScaResolver()); + if (config.getAstScaConfig().isEnableScaResolver()) + log.info("Enable Exploitable Path by Sca Resolver: " + ((dependencyScanConfig.overrideGlobalConfig) + ? dependencyScanConfig.isExploitablePathByScaResolver + : descriptor.getDependencyScanConfig().isGlobalExploitablePathByScaResolver)); + } + } log.info("------------------------------------------------------------------------------------------"); } From d2271e1d80d8240aa27fdb5bfb53e66de9e6e48d Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 26 May 2023 13:22:19 +0530 Subject: [PATCH 13/35] log update --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 1cc25e49..76f1341f 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -1773,7 +1773,7 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { } log.info("project name: " + config.getProjectName()); log.info("team id: " + config.getTeamId()); - log.info("Project Retention Rate: " + config.getProjectRetentionRate()); + log.info("scan retention rate: " + config.getProjectRetentionRate()); log.info("is synchronous mode: " + config.getSynchronous()); log.info("deny new project creation: " + config.getDenyProject()); log.info("SAST scan enabled: " + config.isSastEnabled()); From b6f3b52479e5001b56f3dd7f78ef9103752feb7a Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Fri, 26 May 2023 17:36:36 +0530 Subject: [PATCH 14/35] Updated plugin version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 4d0c5f91..eda1cc37 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2023.2.1 +version = 2023.2.2 repositoryVersion= From 68b3b7df3db9abcfd420aebb5f844736f8aee4c3 Mon Sep 17 00:00:00 2001 From: swatipersistent <99341045+swatipersistent@users.noreply.github.com> Date: Fri, 26 May 2023 08:40:36 -0700 Subject: [PATCH 15/35] fixed issue regarding sca report generation and did ui changes --- .../com/checkmarx/jenkins/CxScanBuilder.java | 45 ++++++++++++------- .../com/checkmarx/jenkins/CxScanResult.java | 14 ++++++ .../jenkins/CxScanBuilder/config.jelly | 2 +- .../CxScanBuilder/help-generateScaReport.html | 2 +- 4 files changed, 45 insertions(+), 18 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index b7d60cdf..b91fe8d3 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -94,6 +94,8 @@ public class CxScanBuilder extends Builder implements SimpleBuildStep { private static final String PDF_URL_TEMPLATE = "/%scheckmarx/pdfReport"; private static final String PDF_URL = "checkmarx/pdfReport"; + private static final String SCA_PDF_URL_TEMPLATE = "/%scheckmarx/scaPdfReport"; + private static final String SCA_PDF_URL = "checkmarx/scaPdfReport"; private static final String REQUEST_ORIGIN = "Jenkins"; private static final String SUPPRESS_BENIGN_ERRORS = "suppressBenignErrors"; @@ -1023,7 +1025,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul } if (config.isGenerateScaReport()) { - if(config.getScaReportFormat() != null) { + if(config.getScaReportFormat() != null && "pdf".equalsIgnoreCase(config.getScaReportFormat())) { String path = ""; // run.getUrl() returns a URL path similar to job/MyJobName/124/ //getRootUrl() will return the value of "Manage Jenkins->configuration->Jenkins URL" @@ -1034,11 +1036,11 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul } if (!(path.equals("/"))) { //to handle this Jenkins root url,EX: http://localhost:8081/jenkins - Path pdfUrlPath = Paths.get(path, run.getUrl(), PDF_URL); + Path pdfUrlPath = Paths.get(path, run.getUrl(), SCA_PDF_URL); scanResults.getScaResults().setScaPDFLink(pdfUrlPath.toString()); } else { //to handle this Jenkins root url,EX: http://localhost:8081/ - String pdfUrl = String.format(PDF_URL_TEMPLATE, run.getUrl()); + String pdfUrl = String.format(SCA_PDF_URL_TEMPLATE, run.getUrl()); scanResults.getScaResults().setScaPDFLink(pdfUrl); } } @@ -1047,7 +1049,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul //in case of async mode, do not create reports (only the report of the latest scan) //and don't assert threshold vulnerabilities - failTheBuild(run, config, scanResults); + failTheBuild(run, config, scanResults); if (config.getSynchronous()) { //generate html report @@ -1073,7 +1075,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul if (osaResults != null && osaResults.isOsaResultsReady()) { createOsaReports(osaResults, workspace); } else if (scaResults != null && scaResults.isScaResultReady()) { - createScaReports(scaResults, workspace); + createScaReports(scaResults, config, checkmarxBuildDir, workspace); } return; } @@ -1313,11 +1315,26 @@ private void mapSastConfiguration(Optional sast, CxScanConfig scanCo }); } - private void createScaReports(AstScaResults scaResults, FilePath checkmarxBuildDir) { - writeJsonObjectToFile(scaResults.getSummary(), checkmarxBuildDir, SCA_SUMMERY_JSON); - writeJsonObjectToFile(scaResults.getPackages(), checkmarxBuildDir, SCA_LIBRARIES_JSON); - writeJsonObjectToFile(scaResults.getFindings(), checkmarxBuildDir, SCA_VULNERABILITIES_JSON); - } + private void createScaReports(AstScaResults scaResults, CxScanConfig config, File checkmarxBuildDir, + FilePath workspace) { + + writeJsonObjectToFile(scaResults.getSummary(), workspace, SCA_SUMMERY_JSON); + writeJsonObjectToFile(scaResults.getPackages(), workspace, SCA_LIBRARIES_JSON); + writeJsonObjectToFile(scaResults.getFindings(), workspace, SCA_VULNERABILITIES_JSON); + if (config.isGenerateScaReport()) { + if (scaResults.getPDFReport() != null) { + File pdfReportFile = new File(checkmarxBuildDir, CxScanResult.SCA_PDF_REPORT_NAME); + log.info("PDF Report generated at location: " + pdfReportFile.getAbsolutePath()); + try { + FileUtils.writeByteArrayToFile(pdfReportFile, scaResults.getPDFReport()); + scaResults.setScaPDFLink(checkmarxBuildDir + File.separator + CxScanResult.SCA_PDF_REPORT_NAME); + log.info("PDF Report generated at location: " + pdfReportFile.getAbsolutePath()); + } catch (IOException e) { + log.warn("Failed to write SCA PDF report to workspace: " + e.getMessage()); + } + } + } + } /** * Method validate if CxServerURL is part of 'No proxy host' @@ -1583,12 +1600,8 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript } if (ret.isAstScaEnabled()) { ret.setGenerateScaReport(generateScaReport); - ret.setScaReportFormat(scaReportFormat.name()); - if (ret.getScaReportFormat() != null && !ret.getScaReportFormat().isEmpty()) { - ret.setGenerateScaReport(true); - } else { - ret.setGenerateScaReport(false); - throw new ConfigurationException("Invalid SCA report format:" + scaReportFormat + "."); + if (getScaReportFormat() != null && scaReportFormat.name() != null) { + ret.setScaReportFormat(scaReportFormat.name()); } } diff --git a/src/main/java/com/checkmarx/jenkins/CxScanResult.java b/src/main/java/com/checkmarx/jenkins/CxScanResult.java index 7e865791..1da8cef1 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanResult.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanResult.java @@ -58,6 +58,8 @@ public class CxScanResult implements Action { private File pdfReport; public static final String PDF_REPORT_NAME = "ScanReport.pdf"; + + public static final String SCA_PDF_REPORT_NAME = "ScaPdfReport.pdf"; private boolean osaSuccessful; //osa fails flag for jelly private String htmlReportName; @@ -233,6 +235,18 @@ public void doPdfReport(StaplerRequest req, StaplerResponse rsp) throws IOExcept outputStream.close(); } + public void doScaPdfReport(StaplerRequest req, StaplerResponse rsp) throws IOException { + rsp.setContentType("application/pdf"); + ServletOutputStream outputStream = rsp.getOutputStream(); + File buildDirectory = owner.getRootDir(); + File b = new File(buildDirectory, "/checkmarx/" + SCA_PDF_REPORT_NAME); + + IOUtils.copy(b, outputStream); + + outputStream.flush(); + outputStream.close(); + } + static String resolveHTMLReportName(boolean sastEnabled, ScannerType dependencyScanner) { final String POSTFIX = ".html"; String result = "Report"; diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index 770e5d6c..a714857d 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -325,7 +325,7 @@ + checked="${instance.generateScaReport && instance.dependencyScanConfig.dependencyScannerType == 'SCA'}"> ${it.displayName} diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-generateScaReport.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-generateScaReport.html index 5cd99e9c..cd10e4df 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-generateScaReport.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-generateScaReport.html @@ -1,3 +1,3 @@
- Downloads a PDF report with scan results from the Checkmarx server. The report is available via a link on "Checkmarx Scan Results" page. + Downloads a report with scan results from the Checkmarx server. The report is available via a link on "Checkmarx Scan Results" page.
\ No newline at end of file From aa2954a89151d622f58aed476a858bb6e69b1120 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Sat, 27 May 2023 17:38:33 +0530 Subject: [PATCH 16/35] Updated warning and error UI and log messages for Sca Resolver Add Params --- .../com/checkmarx/jenkins/CxScanBuilder.java | 113 +++++++++++++----- 1 file changed, 84 insertions(+), 29 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index b9d175e5..9b5baa5c 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2306,19 +2306,31 @@ private String checkMissingMandatoryAdditionalParams(String additionalParams, Fi && (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) && addParams.contains("--sast-result-path "))) log.warn( - "All SAST Parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."); + "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."); else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) || addParams.contains("--sast-result-path "))) log.warn( - "Provided SAST Parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be taken from ScaResolver Additional Parameters. Rest missing parameters will be taken from the Job level parameters."); - - if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") + "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered for Exploitable Path Detection. Missing parameters, If any, will be considered from the Job/Global level parameters."); + else if (isExploitablePathByScaResolver && (!addParams.contains("--cxserver ") + && !addParams.contains("--cxuser ") + && !addParams.contains("--cxpassword ") + && !(addParams.contains("--cxprojectid ") + || addParams.contains("--cxprojectname ")) + && !addParams.contains("--sast-result-path "))) + log.warn("Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."); + + if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") || addParams.contains("--resolver-result-path")) log.warn( - "Provided parameters (-n , -s, -r or --resolver-result-path) will be taken from ScaResolver Additional Parameters. Rest missing parameters will be taken from the Job level parameters."); + "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be considered from the Job level parameters."); + else if (!addParams.contains("-n ") && !addParams.contains("-s ") + && !(addParams.contains("-r ") + || addParams.contains("--resolver-result-path"))) + log.warn("'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."); + return additionalParams; } @@ -2842,12 +2854,28 @@ private boolean checkAnySastAddParamsWithExpPath(boolean isExploitablePathByScaR || scaResolverAddParameters.contains("--sast-result-path "))); } + private boolean checkNoSastAddParamsWithExpPath(boolean isExploitablePathByScaResolver, + String scaResolverAddParameters) { + return (isExploitablePathByScaResolver && (!scaResolverAddParameters.contains("--cxserver ") + && !scaResolverAddParameters.contains("--cxuser ") + && !scaResolverAddParameters.contains("--cxpassword ") + && !(scaResolverAddParameters.contains("--cxprojectid ") + || scaResolverAddParameters.contains("--cxprojectname ")) + && !scaResolverAddParameters.contains("--sast-result-path "))); + } + private boolean checkAnyMandatoryAddParams(String scaResolverAddParameters) { return (scaResolverAddParameters.contains("-n ") || scaResolverAddParameters.contains("-s ") || scaResolverAddParameters.contains("-r ") || scaResolverAddParameters.contains("--resolver-result-path")); } + private boolean checkNoMandatoryAddParams(String scaResolverAddParameters) { + return (!scaResolverAddParameters.contains("-n ") && !scaResolverAddParameters.contains("-s ") + && !(scaResolverAddParameters.contains("-r ") + || scaResolverAddParameters.contains("--resolver-result-path"))); + } + /** * This method validates the SCA Resolver Additional Parameters on UI. * @@ -2865,11 +2893,15 @@ public FormValidation doCheckScaResolverAddParameters(@QueryParameter String val if (checkAllSastAddParamsWithoutExpPath(isExploitablePathByScaResolver, value)) { errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."; } else if (checkAnySastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { - warnMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered. Rest missing parameters will be considered from the Job/Global level parameters."; - } + warnMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered for Exploitable Path Detection. Missing parameters, If any, will be considered from the Job/Global level parameters."; + } else if (checkNoSastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { + warnMessage = "Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."; + } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Rest missing parameters will be considered from the Job level parameters."; - } + otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be considered from the Job level parameters."; + } else if (checkNoMandatoryAddParams(value)) { + otherWarnMessage = "'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."; + } if (!StringUtil.isNullOrEmpty(errorMessage)) { if (!StringUtil.isNullOrEmpty(otherWarnMessage)) errorMessage += "\n" + otherWarnMessage; @@ -2896,19 +2928,30 @@ public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter bool @QueryParameter String scaResolverAddParameters) { String warnMessage = ""; String errorMessage = ""; + String otherWarnMessage = ""; if (checkAllSastAddParamsWithoutExpPath(value, scaResolverAddParameters)) { errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But 'Enable Exploitable Path' is disabled."; } else if (checkAnySastAddParamsWithExpPath(!value, scaResolverAddParameters)) { errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; - } + } else if (checkNoSastAddParamsWithExpPath(value, scaResolverAddParameters)) { + warnMessage = "Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."; + } if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { - warnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Rest missing parameters will be taken from the Job level parameters."; - } - if (!StringUtil.isNullOrEmpty(errorMessage)) - return FormValidation.error(errorMessage); - else if (!StringUtil.isNullOrEmpty(warnMessage)) - return FormValidation.warning(warnMessage); - return FormValidation.ok(); + otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be taken from the Job level parameters."; + } else if (checkNoMandatoryAddParams(scaResolverAddParameters)) { + otherWarnMessage = "'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."; + } + if (!StringUtil.isNullOrEmpty(errorMessage)) { + if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + errorMessage += "\n" + otherWarnMessage; + return FormValidation.error(errorMessage); + } else if (!StringUtil.isNullOrEmpty(warnMessage)) { + if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + warnMessage += "\n" + otherWarnMessage; + return FormValidation.warning(warnMessage); + } else if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + return FormValidation.warning(otherWarnMessage); + return FormValidation.ok(); } /** @@ -2930,11 +2973,15 @@ public FormValidation doCheckGlobalScaResolverAddParameters(@QueryParameter Stri if (checkAllSastAddParamsWithoutExpPath(isGlobalExploitablePathByScaResolver, value)) { errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."; } else if (checkAnySastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { - warnMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered. Rest missing parameters will be considered from the Job/Global level parameters."; - } + warnMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered for Exploitable Path Detection. Missing parameters, If any, will be considered from the Job/Global level parameters."; + } else if (checkNoSastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { + warnMessage = "Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."; + } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Rest missing parameters will be considered from the Job level parameters."; - } + otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be considered from the Job level parameters."; + } else if (checkNoMandatoryAddParams(value)) { + otherWarnMessage = "'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."; + } if (!StringUtil.isNullOrEmpty(errorMessage)) { if (!StringUtil.isNullOrEmpty(otherWarnMessage)) errorMessage += "\n" + otherWarnMessage; @@ -2959,20 +3006,28 @@ public FormValidation doCheckIsGlobalExploitablePathByScaResolver(@QueryParamete @QueryParameter String globalScaResolverAddParameters) { String warnMessage = ""; String errorMessage = ""; + String otherWarnMessage = ""; String globalWarnMessage = "Given parameters will be considered only if 'Override global dependency scan settings' parameter is disabled at Job Level."; if (checkAllSastAddParamsWithoutExpPath(value, globalScaResolverAddParameters)) { errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But 'Enable Exploitable Path' is disabled."; } else if (checkAnySastAddParamsWithExpPath(!value, globalScaResolverAddParameters)) { errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; - } + } else if (checkNoSastAddParamsWithExpPath(value, globalScaResolverAddParameters)) { + warnMessage = "Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."; + } if (checkAnyMandatoryAddParams(globalScaResolverAddParameters)) { - warnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Rest missing parameters will be taken from the Job level parameters."; - } - if (!StringUtil.isNullOrEmpty(errorMessage)) - return FormValidation.error(errorMessage); - else if (!StringUtil.isNullOrEmpty(warnMessage)) - return FormValidation.warning(globalWarnMessage + "\n" + warnMessage); - return FormValidation.ok(); + otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be taken from the Job level parameters."; + } else if (checkNoMandatoryAddParams(globalScaResolverAddParameters)) { + otherWarnMessage = "'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."; + } + if (!StringUtil.isNullOrEmpty(errorMessage)) { + if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + errorMessage += "\n" + otherWarnMessage; + return FormValidation.error(errorMessage); + } + if (!StringUtil.isNullOrEmpty(warnMessage) || !StringUtil.isNullOrEmpty(otherWarnMessage)) + return FormValidation.warning(globalWarnMessage + "\n" + warnMessage + "\n" + otherWarnMessage); + return FormValidation.ok(); } /** From f7ed3d81f5ff21be486d31cb00df4c4c1fb3c781 Mon Sep 17 00:00:00 2001 From: swatipersistent <99341045+swatipersistent@users.noreply.github.com> Date: Sun, 28 May 2023 22:14:41 -0700 Subject: [PATCH 17/35] Fixed issue regarding sca pdf file getting generated in build directory. --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index b9d175e5..5c1bbf48 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -1323,7 +1323,7 @@ private void createScaReports(AstScaResults scaResults, CxScanConfig config, Fil writeJsonObjectToFile(scaResults.getPackages(), workspace, SCA_LIBRARIES_JSON); writeJsonObjectToFile(scaResults.getFindings(), workspace, SCA_VULNERABILITIES_JSON); if (config.isGenerateScaReport()) { - if (scaResults.getPDFReport() != null) { + if (scaResults.getPDFReport() != null && "pdf".equalsIgnoreCase(config.getScaReportFormat())) { File pdfReportFile = new File(checkmarxBuildDir, CxScanResult.SCA_PDF_REPORT_NAME); log.info("PDF Report generated at location: " + pdfReportFile.getAbsolutePath()); try { From 1be9e9180514d9080031ebd1df701027293828e0 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 29 May 2023 12:12:18 +0530 Subject: [PATCH 18/35] warning for 0 retention rate --- .../java/com/checkmarx/jenkins/CxScanBuilder.java | 11 +++++++++++ .../com/checkmarx/jenkins/CxScanBuilder/config.jelly | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index b9d175e5..969eb03c 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -3625,6 +3625,17 @@ public FormValidation doCheckOsaLowThresholdEnforcement(@QueryParameter final In return checkNonNegativeValue(value); } + @POST + public FormValidation doCheckProjectRetentionRate(@QueryParameter final Integer value,@AncestorInPath Item item) { + if (item == null) { + return FormValidation.ok(); + } + item.checkPermission(Item.CONFIGURE); + if(value==0){ + return FormValidation.warning("scan retention with 0 value will not set retention rate"); + } + return checkNonNegativeValue(value); + } private FormValidation checkNonNegativeValue(final Integer value) { if (value == null || value >= 0) { diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index e4009810..2343ce1a 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -67,7 +67,7 @@ - + From 14e80c7a48a81483c42438ccdde2383f74d7c28a Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Mon, 29 May 2023 12:28:08 +0530 Subject: [PATCH 19/35] updated plugin version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index eda1cc37..0dd3a8c4 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2023.2.2 +version = 2023.2.3 repositoryVersion= From 7a58f839b5897b1bbf54939eea7a63073e7eb5e7 Mon Sep 17 00:00:00 2001 From: unknown Date: Mon, 29 May 2023 14:45:56 +0530 Subject: [PATCH 20/35] worning change --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 969eb03c..4048d44e 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -3632,7 +3632,7 @@ public FormValidation doCheckProjectRetentionRate(@QueryParameter final Integer } item.checkPermission(Item.CONFIGURE); if(value==0){ - return FormValidation.warning("scan retention with 0 value will not set retention rate"); + return FormValidation.warning("Scan retention with 0 value will not set retention rate"); } return checkNonNegativeValue(value); } From 88f08b85617d17b1e1b58e99720ecaf32e0978b6 Mon Sep 17 00:00:00 2001 From: swatipersistent <99341045+swatipersistent@users.noreply.github.com> Date: Mon, 29 May 2023 02:18:11 -0700 Subject: [PATCH 21/35] Updated title of Checkbox of Generate CxSCA Report --- .../resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index e4009810..dc230656 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -324,7 +324,7 @@ - From 55f45a562e469083406a8f17777c97dbf90b5b45 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Tue, 30 May 2023 11:26:12 +0530 Subject: [PATCH 22/35] Updated org.json version --- build.gradle | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 36ed89b3..970df9d8 100644 --- a/build.gradle +++ b/build.gradle @@ -57,6 +57,7 @@ dependencies { exclude group: 'org.apache.commons', module: 'commons-compress' exclude group: 'org.yaml' , module: 'snakeyaml' exclude group: 'com.google.code.gson', module: 'gson' + exclude group: 'org.json', module: 'json' } compile 'com.fasterxml.jackson.core:jackson-core:2.11.3', @@ -70,7 +71,9 @@ dependencies { 'org.apache.logging.log4j:log4j-core:2.17.1', 'org.apache.commons:commons-compress:1.22', 'com.google.code.gson:gson:2.8.9', - 'org.yaml:snakeyaml:1.33' + 'org.yaml:snakeyaml:1.33', + 'org.json:json:20230227' + constraints { implementation('io.vertx:vertx-web:3.9.7') { because 'previous versions have a bug impacting this application' From c3838720b8619c346bf58e85da28ec9beb38023c Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 30 May 2023 14:48:08 +0530 Subject: [PATCH 23/35] bugFix for UI --- .../java/com/checkmarx/jenkins/CxScanBuilder.java | 12 ++++++------ .../com/checkmarx/jenkins/CxScanBuilder/config.jelly | 2 +- .../com/checkmarx/jenkins/CxScanBuilder/global.jelly | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index cef6e580..a36bc38b 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -1444,7 +1444,7 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript } ret.setProjectRetentionRate(getProjectRetentionRate()); } else { - ret.setProjectRetentionRate(getDescriptor().getprojectRetentionRate()); + ret.setProjectRetentionRate(getDescriptor().getprojectRetentionRateEnforce()); } } @@ -2396,7 +2396,7 @@ public static final class DescriptorImpl extends BuildStepDescriptor { private String username; @Nullable private String password; - private Integer projectRetentionRate; + private Integer projectRetentionRateEnforce; private String credentialsId; private String mvnPath; private boolean isProxy = true; @@ -2468,12 +2468,12 @@ public String getUsername() { return username; } - public Integer getprojectRetentionRate() { - return projectRetentionRate; + public Integer getprojectRetentionRateEnforce() { + return projectRetentionRateEnforce; } - public void setProjectRetentionRate(Integer projectRetentionRate) { - this.projectRetentionRate = projectRetentionRate; + public void setProjectRetentionRateEnforce(Integer projectRetentionRateEnforce) { + this.projectRetentionRateEnforce = projectRetentionRateEnforce; } public void setUsername(@Nullable String username) { this.username = username; diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index 6236a7e8..9dfac686 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -67,7 +67,7 @@ - + diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly index 1389a84b..ee8b6641 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly @@ -214,7 +214,7 @@ - + From fe5dc354751f8b24f43483fb469834b7435d1fa5 Mon Sep 17 00:00:00 2001 From: unknown Date: Tue, 30 May 2023 16:12:41 +0530 Subject: [PATCH 24/35] version change --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 0dd3a8c4..8daa564a 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2023.2.3 +version = 2023.2.4 repositoryVersion= From 92904cf4579add68ceb838fd260e222aae52f4ac Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Wed, 31 May 2023 17:41:35 +0530 Subject: [PATCH 25/35] Changed log and UI warning and error messages and Tooltips messages --- .../com/checkmarx/jenkins/CxScanBuilder.java | 158 ++++++------------ .../jenkins/CxScanBuilder/config.jelly | 7 +- .../jenkins/CxScanBuilder/global.jelly | 6 +- .../CxScanBuilder/help-enableScaResolver.html | 2 +- .../help-globalScaResolverAddParameters.html | 5 + .../help-isExploitablePathByScaResolver.html | 7 +- ...-isGlobalExploitablePathByScaResolver.html | 6 + .../help-scaResolverAddParameters.html | 9 +- 8 files changed, 77 insertions(+), 123 deletions(-) create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isGlobalExploitablePathByScaResolver.html diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 9b5baa5c..4dc9d3d7 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2306,31 +2306,18 @@ private String checkMissingMandatoryAdditionalParams(String additionalParams, Fi && (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) && addParams.contains("--sast-result-path "))) log.warn( - "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."); + "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."); else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) || addParams.contains("--sast-result-path "))) log.warn( - "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered for Exploitable Path Detection. Missing parameters, If any, will be considered from the Job/Global level parameters."); - else if (isExploitablePathByScaResolver && (!addParams.contains("--cxserver ") - && !addParams.contains("--cxuser ") - && !addParams.contains("--cxpassword ") - && !(addParams.contains("--cxprojectid ") - || addParams.contains("--cxprojectname ")) - && !addParams.contains("--sast-result-path "))) - log.warn("Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."); - + "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead the corresponding parameters configured in the pipeline."); if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") || addParams.contains("--resolver-result-path")) log.warn( - "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be considered from the Job level parameters."); - else if (!addParams.contains("-n ") && !addParams.contains("-s ") - && !(addParams.contains("-r ") - || addParams.contains("--resolver-result-path"))) - log.warn("'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."); - + "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."); return additionalParams; } @@ -2854,15 +2841,6 @@ private boolean checkAnySastAddParamsWithExpPath(boolean isExploitablePathByScaR || scaResolverAddParameters.contains("--sast-result-path "))); } - private boolean checkNoSastAddParamsWithExpPath(boolean isExploitablePathByScaResolver, - String scaResolverAddParameters) { - return (isExploitablePathByScaResolver && (!scaResolverAddParameters.contains("--cxserver ") - && !scaResolverAddParameters.contains("--cxuser ") - && !scaResolverAddParameters.contains("--cxpassword ") - && !(scaResolverAddParameters.contains("--cxprojectid ") - || scaResolverAddParameters.contains("--cxprojectname ")) - && !scaResolverAddParameters.contains("--sast-result-path "))); - } private boolean checkAnyMandatoryAddParams(String scaResolverAddParameters) { return (scaResolverAddParameters.contains("-n ") || scaResolverAddParameters.contains("-s ") @@ -2870,11 +2848,6 @@ private boolean checkAnyMandatoryAddParams(String scaResolverAddParameters) { || scaResolverAddParameters.contains("--resolver-result-path")); } - private boolean checkNoMandatoryAddParams(String scaResolverAddParameters) { - return (!scaResolverAddParameters.contains("-n ") && !scaResolverAddParameters.contains("-s ") - && !(scaResolverAddParameters.contains("-r ") - || scaResolverAddParameters.contains("--resolver-result-path"))); - } /** * This method validates the SCA Resolver Additional Parameters on UI. @@ -2891,29 +2864,25 @@ public FormValidation doCheckScaResolverAddParameters(@QueryParameter String val String errorMessage = ""; String otherWarnMessage = ""; if (checkAllSastAddParamsWithoutExpPath(isExploitablePathByScaResolver, value)) { - errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."; + errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; } else if (checkAnySastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { - warnMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered for Exploitable Path Detection. Missing parameters, If any, will be considered from the Job/Global level parameters."; - } else if (checkNoSastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { - warnMessage = "Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."; - } + warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead the corresponding parameters configured in the pipeline."; + } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be considered from the Job level parameters."; - } else if (checkNoMandatoryAddParams(value)) { - otherWarnMessage = "'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."; - } - if (!StringUtil.isNullOrEmpty(errorMessage)) { - if (!StringUtil.isNullOrEmpty(otherWarnMessage)) - errorMessage += "\n" + otherWarnMessage; - return FormValidation.error(errorMessage); - } else if (!StringUtil.isNullOrEmpty(warnMessage)) { - if (!StringUtil.isNullOrEmpty(otherWarnMessage)) - warnMessage += "\n" + otherWarnMessage; - return FormValidation.warning(warnMessage); - } else if (!StringUtil.isNullOrEmpty(otherWarnMessage)) - return FormValidation.warning(otherWarnMessage); - return FormValidation.ok(); - } + otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."; + } + if (!StringUtil.isNullOrEmpty(errorMessage)) { + if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + errorMessage += "\n" + otherWarnMessage; + return FormValidation.error(errorMessage); + } else if (!StringUtil.isNullOrEmpty(warnMessage)) { + if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + warnMessage += "\n" + otherWarnMessage; + return FormValidation.warning(warnMessage); + } else if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + return FormValidation.warning(otherWarnMessage); + return FormValidation.ok(); + } /** * This method validates the SCA Resolver Additional Parameters on UI. @@ -2926,33 +2895,22 @@ public FormValidation doCheckScaResolverAddParameters(@QueryParameter String val @POST public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter boolean value, @QueryParameter String scaResolverAddParameters) { - String warnMessage = ""; - String errorMessage = ""; - String otherWarnMessage = ""; - if (checkAllSastAddParamsWithoutExpPath(value, scaResolverAddParameters)) { - errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But 'Enable Exploitable Path' is disabled."; - } else if (checkAnySastAddParamsWithExpPath(!value, scaResolverAddParameters)) { - errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; - } else if (checkNoSastAddParamsWithExpPath(value, scaResolverAddParameters)) { - warnMessage = "Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."; + String warnMessage = ""; + String errorMessage = ""; + if (checkAllSastAddParamsWithoutExpPath(value, scaResolverAddParameters)) { + errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; + } else if (checkAnySastAddParamsWithExpPath(!value, scaResolverAddParameters)) { + errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; } - if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { - otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be taken from the Job level parameters."; - } else if (checkNoMandatoryAddParams(scaResolverAddParameters)) { - otherWarnMessage = "'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."; + if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { + warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."; } - if (!StringUtil.isNullOrEmpty(errorMessage)) { - if (!StringUtil.isNullOrEmpty(otherWarnMessage)) - errorMessage += "\n" + otherWarnMessage; + if (!StringUtil.isNullOrEmpty(errorMessage)) return FormValidation.error(errorMessage); - } else if (!StringUtil.isNullOrEmpty(warnMessage)) { - if (!StringUtil.isNullOrEmpty(otherWarnMessage)) - warnMessage += "\n" + otherWarnMessage; + else if (!StringUtil.isNullOrEmpty(warnMessage)) return FormValidation.warning(warnMessage); - } else if (!StringUtil.isNullOrEmpty(otherWarnMessage)) - return FormValidation.warning(otherWarnMessage); return FormValidation.ok(); - } + } /** * This method validates the Global SCA Resolver Additional Parameters on UI. @@ -2971,26 +2929,22 @@ public FormValidation doCheckGlobalScaResolverAddParameters(@QueryParameter Stri String otherWarnMessage = ""; String globalWarnMessage = "Given parameters will be considered only if 'Override global dependency scan settings' parameter is disabled at Job Level."; if (checkAllSastAddParamsWithoutExpPath(isGlobalExploitablePathByScaResolver, value)) { - errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But Enable Exploitable Path is disabled."; + errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; } else if (checkAnySastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { - warnMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will be considered for Exploitable Path Detection. Missing parameters, If any, will be considered from the Job/Global level parameters."; - } else if (checkNoSastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { - warnMessage = "Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."; - } + warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead the corresponding parameters configured in the pipeline."; + } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be considered from the Job level parameters."; - } else if (checkNoMandatoryAddParams(value)) { - otherWarnMessage = "'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."; - } - if (!StringUtil.isNullOrEmpty(errorMessage)) { - if (!StringUtil.isNullOrEmpty(otherWarnMessage)) - errorMessage += "\n" + otherWarnMessage; - return FormValidation.error(errorMessage); + otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."; } - if (!StringUtil.isNullOrEmpty(warnMessage) || !StringUtil.isNullOrEmpty(otherWarnMessage)) - return FormValidation.warning(globalWarnMessage + "\n" + warnMessage + "\n" + otherWarnMessage); - return FormValidation.ok(); - } + if (!StringUtil.isNullOrEmpty(errorMessage)) { + if (!StringUtil.isNullOrEmpty(otherWarnMessage)) + errorMessage += "\n" + otherWarnMessage; + return FormValidation.error(errorMessage); + } + if (!StringUtil.isNullOrEmpty(warnMessage) || !StringUtil.isNullOrEmpty(otherWarnMessage)) + return FormValidation.warning(globalWarnMessage + "\n" + warnMessage + "\n" + otherWarnMessage); + return FormValidation.ok(); + } /** * This method validates the Global SCA Resolver Additional Parameters on UI. @@ -3006,29 +2960,21 @@ public FormValidation doCheckIsGlobalExploitablePathByScaResolver(@QueryParamete @QueryParameter String globalScaResolverAddParameters) { String warnMessage = ""; String errorMessage = ""; - String otherWarnMessage = ""; String globalWarnMessage = "Given parameters will be considered only if 'Override global dependency scan settings' parameter is disabled at Job Level."; if (checkAllSastAddParamsWithoutExpPath(value, globalScaResolverAddParameters)) { - errorMessage = "All SAST Parameters in 'SCA Resolver Additional Parameters' (--cxserver, --cxuser, --cxpassword, --sast-result-path, and --cxprojectid or --cxprojectname) are provided. But 'Enable Exploitable Path' is disabled."; + errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; } else if (checkAnySastAddParamsWithExpPath(!value, globalScaResolverAddParameters)) { errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; - } else if (checkNoSastAddParamsWithExpPath(value, globalScaResolverAddParameters)) { - warnMessage = "Exploitable Path is Enabled, but 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) are not mentioned, Thus missing parameters for Exploitable Path Detection will be considered from Job/Global level parameters."; - } + } if (checkAnyMandatoryAddParams(globalScaResolverAddParameters)) { - otherWarnMessage = "Given parameters in 'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) will be considered. Missing parameters, If any, will be taken from the Job level parameters."; - } else if (checkNoMandatoryAddParams(globalScaResolverAddParameters)) { - otherWarnMessage = "'SCA Resolver Additional Parameters' (like -n , -s, -r or --resolver-result-path) are not mentioned, Thus missing parameters will be considered from Job level parameters."; - } - if (!StringUtil.isNullOrEmpty(errorMessage)) { - if (!StringUtil.isNullOrEmpty(otherWarnMessage)) - errorMessage += "\n" + otherWarnMessage; + warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."; + } + if (!StringUtil.isNullOrEmpty(errorMessage)) return FormValidation.error(errorMessage); - } - if (!StringUtil.isNullOrEmpty(warnMessage) || !StringUtil.isNullOrEmpty(otherWarnMessage)) - return FormValidation.warning(globalWarnMessage + "\n" + warnMessage + "\n" + otherWarnMessage); + else if (!StringUtil.isNullOrEmpty(warnMessage)) + return FormValidation.warning(globalWarnMessage + "\n" + warnMessage); return FormValidation.ok(); - } + } /** * This method verify correct format for Custom Fields diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index e4009810..800dcd25 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -210,12 +210,11 @@ - - - - + + + - - - + + + - When this flag is enabled, the plugin will use SCA Resolver utility to scan dependencies. + When this flag is enabled, the plugin will use SCA Resolver utility to scan dependencies. ScaResolver tool will be executed in offline mode. \ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html new file mode 100644 index 00000000..67f7b3f6 --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html @@ -0,0 +1,5 @@ +
+

For dependency resolution using SCA Resolver tool, arguments to SCA Resolver tool needs to be provided.

+

For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile

+

"-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in pipeline. These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

+
\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isExploitablePathByScaResolver.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isExploitablePathByScaResolver.html index c044342d..cd8f7fa5 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isExploitablePathByScaResolver.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isExploitablePathByScaResolver.html @@ -1,5 +1,6 @@
-

"Enable Exploitable Path" option can be checked to enable the exploitable path

-

"--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path" are mandatory parameters for exploitable path detection that can be inherited from job or global arguments. These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

-

Example: --cxprojectname sastprojname --cxserver http://sasturl --cxuser sastuser --cxpassword sastpassword --sast-result-path D://result

+

For Exploitable Path Detections, Sca Resolver needs to connect to SAST server, thus it needs to following SAST related parameters: "--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path".

+

The plugin has capability to automatically determine these parameters from the SAST parametrers configured in pipeline. + These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

+

Example: --cxprojectname sastprojname --cxserver http://sasturl --cxuser sastuser --cxpassword sastpassword --sast-result-path D://result

\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isGlobalExploitablePathByScaResolver.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isGlobalExploitablePathByScaResolver.html new file mode 100644 index 00000000..cd8f7fa5 --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isGlobalExploitablePathByScaResolver.html @@ -0,0 +1,6 @@ +
+

For Exploitable Path Detections, Sca Resolver needs to connect to SAST server, thus it needs to following SAST related parameters: "--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path".

+

The plugin has capability to automatically determine these parameters from the SAST parametrers configured in pipeline. + These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

+

Example: --cxprojectname sastprojname --cxserver http://sasturl --cxuser sastuser --cxpassword sastpassword --sast-result-path D://result

+
\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html index 8e3b3d35..ced82c45 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html @@ -1,8 +1,5 @@
- Provide arguments to ScaResovler tool in the same format as supported by the ScaResolver tool. ScaResolver tool will be executed in offline mode. -

"-s", "-n" and "-r" are mandatory parameters that can be inherited from job level arguments. These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

-

Example: -s C:\Users\SampleProject -n ProjectName -r c:\output, where

-

-s: Path to the source code

-

-n: name of the project

-

-r: local machine path where the evidence file must be stored

+

For dependency resolution using SCA Resolver tool, arguments to SCA Resolver tool needs to be provided.

+

For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile

+

"-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in pipeline. These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

\ No newline at end of file From f064c885f9066ada7ebd02c5ef95a3210a0b1ed5 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Wed, 31 May 2023 17:41:59 +0530 Subject: [PATCH 26/35] Update gradle.properties --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 8daa564a..7d702ba3 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2023.2.4 +version = 2023.2.5 repositoryVersion= From 22a05c5dfd53ce4b1ca458f06762e7ecb2271bfb Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Wed, 31 May 2023 18:08:31 +0530 Subject: [PATCH 27/35] corrected grammar for log messages --- .../com/checkmarx/jenkins/CxScanBuilder.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 443b73c2..f97a7820 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2313,11 +2313,11 @@ else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) || addParams.contains("--sast-result-path "))) log.warn( - "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead the corresponding parameters configured in the pipeline."); + "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") || addParams.contains("--resolver-result-path")) log.warn( - "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."); + "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); return additionalParams; } @@ -2866,10 +2866,10 @@ public FormValidation doCheckScaResolverAddParameters(@QueryParameter String val if (checkAllSastAddParamsWithoutExpPath(isExploitablePathByScaResolver, value)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; } else if (checkAnySastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { - warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."; + otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) { if (!StringUtil.isNullOrEmpty(otherWarnMessage)) @@ -2903,7 +2903,7 @@ public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter bool errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; } if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { - warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) return FormValidation.error(errorMessage); @@ -2931,10 +2931,10 @@ public FormValidation doCheckGlobalScaResolverAddParameters(@QueryParameter Stri if (checkAllSastAddParamsWithoutExpPath(isGlobalExploitablePathByScaResolver, value)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; } else if (checkAnySastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { - warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."; + otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) { if (!StringUtil.isNullOrEmpty(otherWarnMessage)) @@ -2967,7 +2967,7 @@ public FormValidation doCheckIsGlobalExploitablePathByScaResolver(@QueryParamete errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; } if (checkAnyMandatoryAddParams(globalScaResolverAddParameters)) { - warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) return FormValidation.error(errorMessage); From 46873e130addd4c89aab919ffb7d0e6b62b47de1 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Wed, 31 May 2023 21:13:33 +0530 Subject: [PATCH 28/35] Added error messages in Case of exp path params --- .../com/checkmarx/jenkins/CxScanBuilder.java | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index f97a7820..fd399a11 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2313,7 +2313,13 @@ else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) || addParams.contains("--sast-result-path "))) log.warn( - "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); + "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); + else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") + || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") + || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) + || addParams.contains("--sast-result-path "))) + log.error( + "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."); if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") || addParams.contains("--resolver-result-path")) log.warn( @@ -2866,8 +2872,10 @@ public FormValidation doCheckScaResolverAddParameters(@QueryParameter String val if (checkAllSastAddParamsWithoutExpPath(isExploitablePathByScaResolver, value)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; } else if (checkAnySastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { - warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; - } + warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; + } else if (checkAnySastAddParamsWithExpPath(!isExploitablePathByScaResolver, value)) { + errorMessage = "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."; + } if (checkAnyMandatoryAddParams(value)) { otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } @@ -2900,7 +2908,7 @@ public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter bool if (checkAllSastAddParamsWithoutExpPath(value, scaResolverAddParameters)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; } else if (checkAnySastAddParamsWithExpPath(!value, scaResolverAddParameters)) { - errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; + errorMessage = "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; @@ -2931,8 +2939,10 @@ public FormValidation doCheckGlobalScaResolverAddParameters(@QueryParameter Stri if (checkAllSastAddParamsWithoutExpPath(isGlobalExploitablePathByScaResolver, value)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; } else if (checkAnySastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { - warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; - } + warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; + } else if (checkAnySastAddParamsWithExpPath(!isGlobalExploitablePathByScaResolver, value)) { + errorMessage = "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."; + } if (checkAnyMandatoryAddParams(value)) { otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } @@ -2964,7 +2974,7 @@ public FormValidation doCheckIsGlobalExploitablePathByScaResolver(@QueryParamete if (checkAllSastAddParamsWithoutExpPath(value, globalScaResolverAddParameters)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; } else if (checkAnySastAddParamsWithExpPath(!value, globalScaResolverAddParameters)) { - errorMessage = "Given SAST Parameters in 'SCA Resolver Additional Parameters' (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname) will not be considered. As 'Enable Exploitable Path' is disabled."; + errorMessage = "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(globalScaResolverAddParameters)) { warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; From 2687a494d73f5faadb713b759fe409ca9133d771 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Thu, 1 Jun 2023 12:08:22 +0530 Subject: [PATCH 29/35] Changed log messages --- .../com/checkmarx/jenkins/CxScanBuilder.java | 41 +++++++++++-------- .../help-globalScaResolverAddParameters.html | 6 +-- .../help-isExploitablePathByScaResolver.html | 5 +-- ...-isGlobalExploitablePathByScaResolver.html | 5 +-- .../help-scaResolverAddParameters.html | 6 +-- 5 files changed, 33 insertions(+), 30 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index fd399a11..cde6f06f 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2306,7 +2306,7 @@ private String checkMissingMandatoryAdditionalParams(String additionalParams, Fi && (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) && addParams.contains("--sast-result-path "))) log.warn( - "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."); + "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."); else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") @@ -2319,12 +2319,17 @@ else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) || addParams.contains("--sast-result-path "))) log.error( - "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."); + " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."); if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") || addParams.contains("--resolver-result-path")) log.warn( - "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); - + "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); + + if(!isExploitablePathByScaResolver) { + if(additionalParams.contains("--cxserver ")) { + additionalParams.replace("--cxserver ", ""); + } + } return additionalParams; } @@ -2870,14 +2875,14 @@ public FormValidation doCheckScaResolverAddParameters(@QueryParameter String val String errorMessage = ""; String otherWarnMessage = ""; if (checkAllSastAddParamsWithoutExpPath(isExploitablePathByScaResolver, value)) { - errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; + errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { - warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } else if (checkAnySastAddParamsWithExpPath(!isExploitablePathByScaResolver, value)) { - errorMessage = "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."; + errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; + otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) { if (!StringUtil.isNullOrEmpty(otherWarnMessage)) @@ -2906,12 +2911,12 @@ public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter bool String warnMessage = ""; String errorMessage = ""; if (checkAllSastAddParamsWithoutExpPath(value, scaResolverAddParameters)) { - errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; + errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(!value, scaResolverAddParameters)) { - errorMessage = "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."; + errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { - warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) return FormValidation.error(errorMessage); @@ -2937,14 +2942,14 @@ public FormValidation doCheckGlobalScaResolverAddParameters(@QueryParameter Stri String otherWarnMessage = ""; String globalWarnMessage = "Given parameters will be considered only if 'Override global dependency scan settings' parameter is disabled at Job Level."; if (checkAllSastAddParamsWithoutExpPath(isGlobalExploitablePathByScaResolver, value)) { - errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; + errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { - warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional paramters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } else if (checkAnySastAddParamsWithExpPath(!isGlobalExploitablePathByScaResolver, value)) { - errorMessage = "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."; + errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; + otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) { if (!StringUtil.isNullOrEmpty(otherWarnMessage)) @@ -2972,12 +2977,12 @@ public FormValidation doCheckIsGlobalExploitablePathByScaResolver(@QueryParamete String errorMessage = ""; String globalWarnMessage = "Given parameters will be considered only if 'Override global dependency scan settings' parameter is disabled at Job Level."; if (checkAllSastAddParamsWithoutExpPath(value, globalScaResolverAddParameters)) { - errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."; + errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(!value, globalScaResolverAddParameters)) { - errorMessage = "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."; + errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(globalScaResolverAddParameters)) { - warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) return FormValidation.error(errorMessage); diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html index 67f7b3f6..312ded57 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html @@ -1,5 +1,5 @@
-

For dependency resolution using SCA Resolver tool, arguments to SCA Resolver tool needs to be provided.

-

For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile

-

"-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in pipeline. These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

+

For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided..

+

For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile

+

"-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.

\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isExploitablePathByScaResolver.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isExploitablePathByScaResolver.html index cd8f7fa5..affeed33 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isExploitablePathByScaResolver.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isExploitablePathByScaResolver.html @@ -1,6 +1,5 @@
-

For Exploitable Path Detections, Sca Resolver needs to connect to SAST server, thus it needs to following SAST related parameters: "--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path".

-

The plugin has capability to automatically determine these parameters from the SAST parametrers configured in pipeline. - These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

+

For Exploitable Path Detections, SCA Resolver needs to connect to the SAST server, thus it needs the following SAST related parameters: "--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path".

+

The plugin can automatically determine these parameters from the SAST parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.

Example: --cxprojectname sastprojname --cxserver http://sasturl --cxuser sastuser --cxpassword sastpassword --sast-result-path D://result

\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isGlobalExploitablePathByScaResolver.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isGlobalExploitablePathByScaResolver.html index cd8f7fa5..affeed33 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isGlobalExploitablePathByScaResolver.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-isGlobalExploitablePathByScaResolver.html @@ -1,6 +1,5 @@
-

For Exploitable Path Detections, Sca Resolver needs to connect to SAST server, thus it needs to following SAST related parameters: "--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path".

-

The plugin has capability to automatically determine these parameters from the SAST parametrers configured in pipeline. - These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

+

For Exploitable Path Detections, SCA Resolver needs to connect to the SAST server, thus it needs the following SAST related parameters: "--cxprojectname" or "--cxprojectid", "--cxuser", "--cxpassword", "--cxserver" and "--sast-result-path".

+

The plugin can automatically determine these parameters from the SAST parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.

Example: --cxprojectname sastprojname --cxserver http://sasturl --cxuser sastuser --cxpassword sastpassword --sast-result-path D://result

\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html index ced82c45..7814d097 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html @@ -1,5 +1,5 @@
-

For dependency resolution using SCA Resolver tool, arguments to SCA Resolver tool needs to be provided.

-

For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile

-

"-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in pipeline. These parameters can also be overridden by adding them to the Sca Resolver Additional Parameters.

+

For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided..

+

For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile

+

"-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.

\ No newline at end of file From 0c205ac4d68dbdc8d6cacd21447dbc9b400689c1 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Thu, 1 Jun 2023 12:31:48 +0530 Subject: [PATCH 30/35] updated log messages --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index cde6f06f..90878a3b 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2319,7 +2319,7 @@ else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) || addParams.contains("--sast-result-path "))) log.error( - " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."); + " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."); if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") || addParams.contains("--resolver-result-path")) log.warn( @@ -2879,7 +2879,7 @@ public FormValidation doCheckScaResolverAddParameters(@QueryParameter String val } else if (checkAnySastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } else if (checkAnySastAddParamsWithExpPath(!isExploitablePathByScaResolver, value)) { - errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; + errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(value)) { otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; @@ -2913,7 +2913,7 @@ public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter bool if (checkAllSastAddParamsWithoutExpPath(value, scaResolverAddParameters)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(!value, scaResolverAddParameters)) { - errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; + errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; @@ -2946,7 +2946,7 @@ public FormValidation doCheckGlobalScaResolverAddParameters(@QueryParameter Stri } else if (checkAnySastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } else if (checkAnySastAddParamsWithExpPath(!isGlobalExploitablePathByScaResolver, value)) { - errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; + errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(value)) { otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; @@ -2979,7 +2979,7 @@ public FormValidation doCheckIsGlobalExploitablePathByScaResolver(@QueryParamete if (checkAllSastAddParamsWithoutExpPath(value, globalScaResolverAddParameters)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(!value, globalScaResolverAddParameters)) { - errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; + errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(globalScaResolverAddParameters)) { warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; From 4e4cf64ec6e1001f4ddd898d83fe399be1830859 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal <35574348+nidhi0512@users.noreply.github.com> Date: Thu, 1 Jun 2023 12:33:50 +0530 Subject: [PATCH 31/35] Update help-scaResolverAddParameters.html --- .../jenkins/CxScanBuilder/help-scaResolverAddParameters.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html index 7814d097..0d190063 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html @@ -1,5 +1,5 @@
-

For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided..

+

For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided.

For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile

"-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.

-
\ No newline at end of file + From 14fe698c00157e012419c838469f9b189edcf82a Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Thu, 1 Jun 2023 14:40:50 +0530 Subject: [PATCH 32/35] updated plugin version and log messages --- gradle.properties | 2 +- .../com/checkmarx/jenkins/CxScanBuilder.java | 16 ++++++++-------- .../help-globalScaResolverAddParameters.html | 2 +- .../help-scaResolverAddParameters.html | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/gradle.properties b/gradle.properties index 7d702ba3..6699e5ff 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2023.2.5 +version = 2023.2.6 repositoryVersion= diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 90878a3b..d550eb3a 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2313,7 +2313,7 @@ else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) || addParams.contains("--sast-result-path "))) log.warn( - "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); + "Any of the parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) @@ -2323,7 +2323,7 @@ else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") || addParams.contains("--resolver-result-path")) log.warn( - "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); + "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); if(!isExploitablePathByScaResolver) { if(additionalParams.contains("--cxserver ")) { @@ -2877,12 +2877,12 @@ public FormValidation doCheckScaResolverAddParameters(@QueryParameter String val if (checkAllSastAddParamsWithoutExpPath(isExploitablePathByScaResolver, value)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { - warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } else if (checkAnySastAddParamsWithExpPath(!isExploitablePathByScaResolver, value)) { errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; + otherWarnMessage = "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) { if (!StringUtil.isNullOrEmpty(otherWarnMessage)) @@ -2916,7 +2916,7 @@ public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter bool errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { - warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) return FormValidation.error(errorMessage); @@ -2944,12 +2944,12 @@ public FormValidation doCheckGlobalScaResolverAddParameters(@QueryParameter Stri if (checkAllSastAddParamsWithoutExpPath(isGlobalExploitablePathByScaResolver, value)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { - warnMessage = "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } else if (checkAnySastAddParamsWithExpPath(!isGlobalExploitablePathByScaResolver, value)) { errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(value)) { - otherWarnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; + otherWarnMessage = "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) { if (!StringUtil.isNullOrEmpty(otherWarnMessage)) @@ -2982,7 +2982,7 @@ public FormValidation doCheckIsGlobalExploitablePathByScaResolver(@QueryParamete errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(globalScaResolverAddParameters)) { - warnMessage = "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; + warnMessage = "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; } if (!StringUtil.isNullOrEmpty(errorMessage)) return FormValidation.error(errorMessage); diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html index 312ded57..b0fbd4fb 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-globalScaResolverAddParameters.html @@ -1,5 +1,5 @@
-

For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided..

+

For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided.

For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile

"-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.

\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html index 7814d097..be534d21 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-scaResolverAddParameters.html @@ -1,5 +1,5 @@
-

For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided..

+

For dependency resolution using the SCA Resolver tool, arguments to the SCA Resolver tool need to be provided.

For Example: --log-level Debug --save-evidence-path ./evidences.json --extract-archives zip,ear --extract-depth 3 --gradle-exclude-scopes api,testCompile

"-s", "-n" and "-r" are mandatory parameters that can be automatically determined from the parameters configured in the pipeline. These parameters can also be overridden by adding them to the SCA Resolver Additional Parameters.

\ No newline at end of file From c43fa3e1835e63fe7181acd7b30c7389deccc0d4 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Thu, 1 Jun 2023 15:01:12 +0530 Subject: [PATCH 33/35] Updated log messages --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index d550eb3a..30ad920f 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -2319,7 +2319,7 @@ else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) || addParams.contains("--sast-result-path "))) log.error( - " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."); + "Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."); if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") || addParams.contains("--resolver-result-path")) log.warn( @@ -2879,7 +2879,7 @@ public FormValidation doCheckScaResolverAddParameters(@QueryParameter String val } else if (checkAnySastAddParamsWithExpPath(isExploitablePathByScaResolver, value)) { warnMessage = "Any of the parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } else if (checkAnySastAddParamsWithExpPath(!isExploitablePathByScaResolver, value)) { - errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; + errorMessage = "Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(value)) { otherWarnMessage = "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; @@ -2913,7 +2913,7 @@ public FormValidation doCheckIsExploitablePathByScaResolver(@QueryParameter bool if (checkAllSastAddParamsWithoutExpPath(value, scaResolverAddParameters)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(!value, scaResolverAddParameters)) { - errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; + errorMessage = "Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(scaResolverAddParameters)) { warnMessage = "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; @@ -2946,7 +2946,7 @@ public FormValidation doCheckGlobalScaResolverAddParameters(@QueryParameter Stri } else if (checkAnySastAddParamsWithExpPath(isGlobalExploitablePathByScaResolver, value)) { warnMessage = "Any of the parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."; } else if (checkAnySastAddParamsWithExpPath(!isGlobalExploitablePathByScaResolver, value)) { - errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; + errorMessage = "Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(value)) { otherWarnMessage = "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; @@ -2979,7 +2979,7 @@ public FormValidation doCheckIsGlobalExploitablePathByScaResolver(@QueryParamete if (checkAllSastAddParamsWithoutExpPath(value, globalScaResolverAddParameters)) { errorMessage = "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."; } else if (checkAnySastAddParamsWithExpPath(!value, globalScaResolverAddParameters)) { - errorMessage = " Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; + errorMessage = "Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."; } if (checkAnyMandatoryAddParams(globalScaResolverAddParameters)) { warnMessage = "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."; From 6e784993a40c400bfe15b1d50d89be330e215cb7 Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Thu, 1 Jun 2023 19:16:47 +0530 Subject: [PATCH 34/35] Merge branch 'master' into march23-integration --- build.gradle | 2 +- gradle.properties | 2 +- .../com/checkmarx/jenkins/CxScanBuilder.java | 233 +++++++++--------- .../jenkins/DependencyScanConfig.java | 2 +- .../jenkins/CxScanBuilder/config.jelly | 2 +- .../jenkins/CxScanBuilder/global.jelly | 3 +- 6 files changed, 119 insertions(+), 125 deletions(-) diff --git a/build.gradle b/build.gradle index 970df9d8..f9f0e0b1 100644 --- a/build.gradle +++ b/build.gradle @@ -53,7 +53,7 @@ dependencies { exclude group: 'org.apache.logging.log4j', module: 'log4j-core' } - compile ('com.checkmarx:cx-client-common:2023.2.5') { + compile ('com.checkmarx:cx-client-common:2022.4.3') { exclude group: 'org.apache.commons', module: 'commons-compress' exclude group: 'org.yaml' , module: 'snakeyaml' exclude group: 'com.google.code.gson', module: 'gson' diff --git a/gradle.properties b/gradle.properties index 7d702ba3..6699e5ff 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2023.2.5 +version = 2023.2.6 repositoryVersion= diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index fd399a11..05ffde9f 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -100,8 +100,6 @@ public class CxScanBuilder extends Builder implements SimpleBuildStep { private static final String SUPPRESS_BENIGN_ERRORS = "suppressBenignErrors"; - private static final String scaResolverResultPath = ".cxscaresolver" + File.separator + "sca"; - private static final String scaResolverSastResultPath = ".cxscaresolver" + File.separator + "sast"; ////////////////////////////////////////////////////////////////////////////////////// // Persistent plugin configuration parameters ////////////////////////////////////////////////////////////////////////////////////// @@ -961,7 +959,6 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul CxScanConfig config; try { config = resolveConfiguration(run, descriptor, env, log, workspace); - if (configAsCode) { try { overrideConfigAsCode(config, workspace); @@ -1592,7 +1589,7 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript setDependencyScanConfig(config); } - configureDependencyScan(run, descriptor, env, ret, workspace); + configureDependencyScan(run, descriptor, env, ret); if (!ret.getSynchronous()) { enableProjectPolicyEnforcement = false; @@ -1685,7 +1682,7 @@ private LegacyClient prepareLoggedInClient(CxConnectionDetails credentials, Desc } - private void configureDependencyScan(Run run, DescriptorImpl descriptor, EnvVars env, CxScanConfig config, FilePath workspace) { + private void configureDependencyScan(Run run, DescriptorImpl descriptor, EnvVars env, CxScanConfig config) { boolean dependencyScanEnabled = dependencyScanConfig != null; if (!dependencyScanEnabled) { return; @@ -1738,12 +1735,12 @@ private void configureDependencyScan(Run run, DescriptorImpl descriptor, E config.setOsaArchiveIncludePatterns(effectiveConfig.osaArchiveIncludePatterns.trim()); config.setOsaRunInstall(effectiveConfig.osaInstallBeforeScan); } else if (config.isAstScaEnabled()) { - config.setAstScaConfig(getScaConfig(run, env, dependencyScanConfig, descriptor, workspace, config)); + config.setAstScaConfig(getScaConfig(run, env, dependencyScanConfig, descriptor)); config.setSCAScanTimeoutInMinutes(dependencyScanConfig.scaTimeout); } } - private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConfig dsConfigJobLevel, DescriptorImpl descriptor, FilePath workspace, CxScanConfig config) { + private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConfig dsConfigJobLevel, DescriptorImpl descriptor) { DependencyScanConfig dsConfig; @@ -1765,22 +1762,23 @@ private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConf result.setIncludeSources(dsConfig.isIncludeSources); //add SCA Resolver code here - String additionalParams = (globalSettingsInUse) ? dsConfig.globalScaResolverAddParameters - : dsConfig.scaResolverAddParameters; - boolean isExploitablePath = (globalSettingsInUse) ? dsConfig.isGlobalExploitablePathByScaResolver - : dsConfig.isExploitablePathByScaResolver; + //add SCA Resolver code here + String additionalParams = (globalSettingsInUse) ? dsConfig.globalScaResolverAddParameters + : dsConfig.scaResolverAddParameters; + boolean isExploitablePath = (globalSettingsInUse) ? dsConfig.isGlobalExploitablePathByScaResolver + : dsConfig.isExploitablePathByScaResolver; - if (dsConfig.enableScaResolver != null - && SCAScanType.SCA_RESOLVER.toString().equalsIgnoreCase(dsConfig.enableScaResolver.toString())) { + if (dsConfig.enableScaResolver != null + && SCAScanType.SCA_RESOLVER.toString().equalsIgnoreCase(dsConfig.enableScaResolver.toString())) { // scaResolverPathExist(dsConfig.pathToScaResolver); - validateScaResolverParams(additionalParams, config, workspace); - additionalParams = checkMissingMandatoryAdditionalParams(additionalParams, workspace, config, - isExploitablePath); - result.setEnableScaResolver(true); - } else - result.setEnableScaResolver(false); - - result.setPathToScaResolver(dsConfig.pathToScaResolver); + validateScaResolverParams(additionalParams, config, workspace); + additionalParams = checkMissingMandatoryAdditionalParams(additionalParams, workspace, config, + isExploitablePath); + result.setEnableScaResolver(true); + } else + result.setEnableScaResolver(false); + + result.setPathToScaResolver(dsConfig.pathToScaResolver); result.setScaResolverAddParameters(additionalParams); UsernamePasswordCredentials credentials = CxConnectionDetails.getCredentialsById(dsConfig.scaCredentialsId, run); @@ -2218,115 +2216,112 @@ private boolean scaResolverPathExist(String pathToResolver) { return true; } - private void validateScaResolverParams(String additionalParams, CxScanConfig config, FilePath workspace) { + private void validateScaResolverParams(String additionalParams) { String[] arguments = additionalParams.split(" "); Map params = new HashMap<>(); - for (int i = 0; i < arguments.length ; i++) { - if(arguments[i].startsWith("-") && (i+1 != arguments.length && !arguments[i+1].startsWith("-"))) - params.put(arguments[i], arguments[i+1]); + for (int i = 0; i < arguments.length; i++) { + if (arguments[i].startsWith("-") && (i + 1 != arguments.length && !arguments[i + 1].startsWith("-"))) + params.put(arguments[i], arguments[i + 1]); else params.put(arguments[i], ""); } String dirPath = params.get("-s"); - if(StringUtils.isEmpty(dirPath)) { - if(null == workspace) - throw new CxClientException("Source code path (-s ) is not provided."); - // fileExists(dirPath); - } - String projectName = params.get("-n"); - if(StringUtils.isEmpty(projectName)) { - if (StringUtils.isEmpty(config.getProjectName())) - throw new CxClientException("Project name parameter (-n ) must be provided to ScaResolver."); - } - } - - private String checkMissingMandatoryAdditionalParams(String additionalParams, FilePath workspace, - CxScanConfig config, boolean isExploitablePathByScaResolver) { - if (additionalParams == null) { - additionalParams = ""; - } - String addParams = additionalParams; - if (!additionalParams.contains("-n ")) { - if (StringUtils.isNotEmpty(config.getProjectName())) - additionalParams += " -n " + config.getProjectName(); - else - throw new CxClientException("projectname must be specified"); - } - - if (!additionalParams.contains("-s ")) { - if (null != workspace) - additionalParams += " -s " + workspace; - else - throw new CxClientException("source path must be specified"); - } + if (StringUtils.isEmpty(dirPath)) + throw new CxClientException("Source code path (-s ) is not provided."); +// fileExists(dirPath); - if (!additionalParams.contains("-r ") && !additionalParams.contains("--resolver-result-path ")) { - if (null != workspace) - additionalParams += " -r " + workspace + File.separator + scaResolverResultPath; - else - throw new CxClientException("result path must be specified"); - } - if (isExploitablePathByScaResolver) { - if (!additionalParams.contains("--cxserver ")) { - if (StringUtils.isNotEmpty(config.getUrl())) - additionalParams += " --cxserver " + config.getUrl(); - else - throw new CxClientException("cxserver must be specified"); - } - if (!additionalParams.contains("--cxuser ")) { - if (StringUtils.isNotEmpty(config.getUsername())) - additionalParams += " --cxuser " + config.getUsername(); - else - throw new CxClientException("cxuser must be specified"); - } - if (!additionalParams.contains("--cxpassword ")) { - if (StringUtils.isNotEmpty(config.getPassword())) - additionalParams += " --cxpassword " + config.getPassword(); - else - throw new CxClientException("cxpassword must be specified"); - } - if (!additionalParams.contains("--sast-result-path ")) { - if (null != workspace) - additionalParams += " --sast-result-path " + workspace + File.separator + scaResolverSastResultPath; - else - throw new CxClientException("sast result path must be specified"); - } - if (!additionalParams.contains("--cxprojectname ") && !additionalParams.contains("--cxprojectid ")) { - if (StringUtils.isNotEmpty(config.getProjectName())) - additionalParams += " --cxprojectname " + config.getProjectName(); - else - throw new CxClientException("sast project name or sast project id must be specified"); - } - } - if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") && addParams.contains("--cxuser ") - && addParams.contains("--cxpassword ") - && (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) - && addParams.contains("--sast-result-path "))) - log.warn( - "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."); - - else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") - || addParams.contains("--cxpassword ") - || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) - || addParams.contains("--sast-result-path "))) - log.warn( - "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); - else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") - || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") - || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) - || addParams.contains("--sast-result-path "))) - log.error( - "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."); + String projectName = params.get("-n"); + if (StringUtils.isEmpty(projectName)) + throw new CxClientException("Project name parameter (-n ) must be provided to ScaResolver."); + } + private String checkMissingMandatoryAdditionalParams (String additionalParams, FilePath workspace, + CxScanConfig config,boolean isExploitablePathByScaResolver){ + if (additionalParams == null) { + additionalParams = ""; + } + String addParams = additionalParams; + if (!additionalParams.contains("-n ")) { + if (StringUtils.isNotEmpty(config.getProjectName())) + additionalParams += " -n " + config.getProjectName(); + else + throw new CxClientException("projectname must be specified"); + } + + if (!additionalParams.contains("-s ")) { + if (null != workspace) + additionalParams += " -s " + workspace; + else + throw new CxClientException("source path must be specified"); + } + + if (!additionalParams.contains("-r ") && !additionalParams.contains("--resolver-result-path ")) { + if (null != workspace) + additionalParams += " -r " + workspace + File.separator + scaResolverResultPath; + else + throw new CxClientException("result path must be specified"); + } + if (isExploitablePathByScaResolver) { + if (!additionalParams.contains("--cxserver ")) { + if (StringUtils.isNotEmpty(config.getUrl())) + additionalParams += " --cxserver " + config.getUrl(); + else + throw new CxClientException("cxserver must be specified"); + } + if (!additionalParams.contains("--cxuser ")) { + if (StringUtils.isNotEmpty(config.getUsername())) + additionalParams += " --cxuser " + config.getUsername(); + else + throw new CxClientException("cxuser must be specified"); + } + if (!additionalParams.contains("--cxpassword ")) { + if (StringUtils.isNotEmpty(config.getPassword())) + additionalParams += " --cxpassword " + config.getPassword(); + else + throw new CxClientException("cxpassword must be specified"); + } + if (!additionalParams.contains("--sast-result-path ")) { + if (null != workspace) + additionalParams += " --sast-result-path " + workspace + File.separator + scaResolverSastResultPath; + else + throw new CxClientException("sast result path must be specified"); + } + if (!additionalParams.contains("--cxprojectname ") && !additionalParams.contains("--cxprojectid ")) { + if (StringUtils.isNotEmpty(config.getProjectName())) + additionalParams += " --cxprojectname " + config.getProjectName(); + else + throw new CxClientException("sast project name or sast project id must be specified"); + } + } + if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") && addParams.contains("--cxuser ") + && addParams.contains("--cxpassword ") + && (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) + && addParams.contains("--sast-result-path "))) + log.warn( + "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."); + + else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") + || addParams.contains("--cxpassword ") + || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) + || addParams.contains("--sast-result-path "))) + log.warn( + "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); + else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") + || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") + || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) + || addParams.contains("--sast-result-path "))) + log.error( + "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."); if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") - || addParams.contains("--resolver-result-path")) - log.warn( - "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); + || addParams.contains("--resolver-result-path")) + log.warn( + "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); - return additionalParams; - } + return additionalParams; + } + } private void fileExists(String file) { @@ -3813,4 +3808,4 @@ public void setDependencyScanConfig(DependencyScanConfig dependencyScanConfig) { this.dependencyScanConfig = dependencyScanConfig; } } -} \ No newline at end of file +} diff --git a/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java b/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java index 0123d072..b4404bd5 100644 --- a/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java +++ b/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java @@ -110,4 +110,4 @@ public class DependencyScanConfig { @DataBoundConstructor public DependencyScanConfig() { } -} \ No newline at end of file +} diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index cdc8f289..c6896497 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -442,4 +442,4 @@ - \ No newline at end of file + diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly index 808caa83..0572742a 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly @@ -210,7 +210,6 @@ with="scaSastServerUrl,password,username,timestamp,sastCredentialsId,isProxy" /> - @@ -221,4 +220,4 @@ - \ No newline at end of file + From a79d5e881505ec480ec020d1d138cacc945ead4e Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal Date: Thu, 1 Jun 2023 19:29:54 +0530 Subject: [PATCH 35/35] Update CxScanBuilder.java --- .../com/checkmarx/jenkins/CxScanBuilder.java | 288 +++++++----------- 1 file changed, 106 insertions(+), 182 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 3ee2813d..e568284b 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -99,6 +99,8 @@ public class CxScanBuilder extends Builder implements SimpleBuildStep { private static final String REQUEST_ORIGIN = "Jenkins"; private static final String SUPPRESS_BENIGN_ERRORS = "suppressBenignErrors"; + private static final String scaResolverResultPath = ".cxscaresolver" + File.separator + "sca"; + private static final String scaResolverSastResultPath = ".cxscaresolver" + File.separator + "sast"; ////////////////////////////////////////////////////////////////////////////////////// // Persistent plugin configuration parameters @@ -1589,7 +1591,7 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript setDependencyScanConfig(config); } - configureDependencyScan(run, descriptor, env, ret); + configureDependencyScan(run, descriptor, env, ret, workspace); if (!ret.getSynchronous()) { enableProjectPolicyEnforcement = false; @@ -1682,7 +1684,7 @@ private LegacyClient prepareLoggedInClient(CxConnectionDetails credentials, Desc } - private void configureDependencyScan(Run run, DescriptorImpl descriptor, EnvVars env, CxScanConfig config) { + private void configureDependencyScan(Run run, DescriptorImpl descriptor, EnvVars env, CxScanConfig config, FilePath workspace) { boolean dependencyScanEnabled = dependencyScanConfig != null; if (!dependencyScanEnabled) { return; @@ -1735,12 +1737,12 @@ private void configureDependencyScan(Run run, DescriptorImpl descriptor, E config.setOsaArchiveIncludePatterns(effectiveConfig.osaArchiveIncludePatterns.trim()); config.setOsaRunInstall(effectiveConfig.osaInstallBeforeScan); } else if (config.isAstScaEnabled()) { - config.setAstScaConfig(getScaConfig(run, env, dependencyScanConfig, descriptor)); + config.setAstScaConfig(getScaConfig(run, env, dependencyScanConfig, descriptor, workspace, config)); config.setSCAScanTimeoutInMinutes(dependencyScanConfig.scaTimeout); } } - private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConfig dsConfigJobLevel, DescriptorImpl descriptor) { + private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConfig dsConfigJobLevel, DescriptorImpl descriptor, FilePath workspace, CxScanConfig config) { DependencyScanConfig dsConfig; @@ -1761,12 +1763,15 @@ private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConf result.setTeamId(dsConfig.scaTeamId); result.setIncludeSources(dsConfig.isIncludeSources); - //add SCA Resolver code here //add SCA Resolver code here String additionalParams = (globalSettingsInUse) ? dsConfig.globalScaResolverAddParameters : dsConfig.scaResolverAddParameters; boolean isExploitablePath = (globalSettingsInUse) ? dsConfig.isGlobalExploitablePathByScaResolver : dsConfig.isExploitablePathByScaResolver; + additionalParams = (globalSettingsInUse) ? dsConfig.globalScaResolverAddParameters + : dsConfig.scaResolverAddParameters; + isExploitablePath = (globalSettingsInUse) ? dsConfig.isGlobalExploitablePathByScaResolver + : dsConfig.isExploitablePathByScaResolver; if (dsConfig.enableScaResolver != null && SCAScanType.SCA_RESOLVER.toString().equalsIgnoreCase(dsConfig.enableScaResolver.toString())) { @@ -1778,6 +1783,7 @@ private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConf } else result.setEnableScaResolver(false); + result.setPathToScaResolver(dsConfig.pathToScaResolver); result.setPathToScaResolver(dsConfig.pathToScaResolver); result.setScaResolverAddParameters(additionalParams); @@ -2216,202 +2222,120 @@ private boolean scaResolverPathExist(String pathToResolver) { return true; } - private void validateScaResolverParams(String additionalParams) { + private void validateScaResolverParams(String additionalParams, CxScanConfig config, FilePath workspace) { String[] arguments = additionalParams.split(" "); Map params = new HashMap<>(); - for (int i = 0; i < arguments.length; i++) { - if (arguments[i].startsWith("-") && (i + 1 != arguments.length && !arguments[i + 1].startsWith("-"))) - params.put(arguments[i], arguments[i + 1]); + for (int i = 0; i < arguments.length ; i++) { + if(arguments[i].startsWith("-") && (i+1 != arguments.length && !arguments[i+1].startsWith("-"))) + params.put(arguments[i], arguments[i+1]); else params.put(arguments[i], ""); } String dirPath = params.get("-s"); - if (StringUtils.isEmpty(dirPath)) - throw new CxClientException("Source code path (-s ) is not provided."); -// fileExists(dirPath); - + if(StringUtils.isEmpty(dirPath)) { + if(null == workspace) + throw new CxClientException("Source code path (-s ) is not provided."); + // fileExists(dirPath); + } String projectName = params.get("-n"); - if (StringUtils.isEmpty(projectName)) - throw new CxClientException("Project name parameter (-n ) must be provided to ScaResolver."); + if(StringUtils.isEmpty(projectName)) { + if (StringUtils.isEmpty(config.getProjectName())) + throw new CxClientException("Project name parameter (-n ) must be provided to ScaResolver."); + } } - private String checkMissingMandatoryAdditionalParams (String additionalParams, FilePath workspace, - CxScanConfig config,boolean isExploitablePathByScaResolver){ - if (additionalParams == null) { - additionalParams = ""; + + private String checkMissingMandatoryAdditionalParams(String additionalParams, FilePath workspace, + CxScanConfig config, boolean isExploitablePathByScaResolver) { + if (additionalParams == null) { + additionalParams = ""; + } + String addParams = additionalParams; + if (!additionalParams.contains("-n ")) { + if (StringUtils.isNotEmpty(config.getProjectName())) + additionalParams += " -n " + config.getProjectName(); + else + throw new CxClientException("projectname must be specified"); + } + + if (!additionalParams.contains("-s ")) { + if (null != workspace) + additionalParams += " -s " + workspace; + else + throw new CxClientException("source path must be specified"); + } + + if (!additionalParams.contains("-r ") && !additionalParams.contains("--resolver-result-path ")) { + if (null != workspace) + additionalParams += " -r " + workspace + File.separator + scaResolverResultPath; + else + throw new CxClientException("result path must be specified"); + } + if (isExploitablePathByScaResolver) { + if (!additionalParams.contains("--cxserver ")) { + if (StringUtils.isNotEmpty(config.getUrl())) + additionalParams += " --cxserver " + config.getUrl(); + else + throw new CxClientException("cxserver must be specified"); } - String addParams = additionalParams; - if (!additionalParams.contains("-n ")) { - if (StringUtils.isNotEmpty(config.getProjectName())) - additionalParams += " -n " + config.getProjectName(); + if (!additionalParams.contains("--cxuser ")) { + if (StringUtils.isNotEmpty(config.getUsername())) + additionalParams += " --cxuser " + config.getUsername(); else - throw new CxClientException("projectname must be specified"); + throw new CxClientException("cxuser must be specified"); } - - if (!additionalParams.contains("-s ")) { - if (null != workspace) - additionalParams += " -s " + workspace; + if (!additionalParams.contains("--cxpassword ")) { + if (StringUtils.isNotEmpty(config.getPassword())) + additionalParams += " --cxpassword " + config.getPassword(); else - throw new CxClientException("source path must be specified"); + throw new CxClientException("cxpassword must be specified"); } - - if (!additionalParams.contains("-r ") && !additionalParams.contains("--resolver-result-path ")) { + if (!additionalParams.contains("--sast-result-path ")) { if (null != workspace) - additionalParams += " -r " + workspace + File.separator + scaResolverResultPath; + additionalParams += " --sast-result-path " + workspace + File.separator + scaResolverSastResultPath; else - throw new CxClientException("result path must be specified"); - } - if (isExploitablePathByScaResolver) { - if (!additionalParams.contains("--cxserver ")) { - if (StringUtils.isNotEmpty(config.getUrl())) - additionalParams += " --cxserver " + config.getUrl(); - else - throw new CxClientException("cxserver must be specified"); - } - if (!additionalParams.contains("--cxuser ")) { - if (StringUtils.isNotEmpty(config.getUsername())) - additionalParams += " --cxuser " + config.getUsername(); - else - throw new CxClientException("cxuser must be specified"); - } - if (!additionalParams.contains("--cxpassword ")) { - if (StringUtils.isNotEmpty(config.getPassword())) - additionalParams += " --cxpassword " + config.getPassword(); - else - throw new CxClientException("cxpassword must be specified"); - } - if (!additionalParams.contains("--sast-result-path ")) { - if (null != workspace) - additionalParams += " --sast-result-path " + workspace + File.separator + scaResolverSastResultPath; - else - throw new CxClientException("sast result path must be specified"); - } - if (!additionalParams.contains("--cxprojectname ") && !additionalParams.contains("--cxprojectid ")) { - if (StringUtils.isNotEmpty(config.getProjectName())) - additionalParams += " --cxprojectname " + config.getProjectName(); - else - throw new CxClientException("sast project name or sast project id must be specified"); - } + throw new CxClientException("sast result path must be specified"); } - if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") && addParams.contains("--cxuser ") - && addParams.contains("--cxpassword ") - && (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) - && addParams.contains("--sast-result-path "))) - log.warn( - "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameter."); - - else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") - || addParams.contains("--cxpassword ") - || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) - || addParams.contains("--sast-result-path "))) - log.warn( - "Any of the parameters(--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); - else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") - || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") - || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) - || addParams.contains("--sast-result-path "))) - log.error( - "As Enable Exploitable Path is disabled and only few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path ) are defined in SCA Resolver Additional Parameter. Thus Exploitable Path Detection will not happen."); - if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") - || addParams.contains("--resolver-result-path")) - log.warn( - "Any of the parameters(-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional paramters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); - - return additionalParams; - } - } - - private String checkMissingMandatoryAdditionalParams(String additionalParams, FilePath workspace, - CxScanConfig config, boolean isExploitablePathByScaResolver) { - if (additionalParams == null) { - additionalParams = ""; - } - String addParams = additionalParams; - if (!additionalParams.contains("-n ")) { - if (StringUtils.isNotEmpty(config.getProjectName())) - additionalParams += " -n " + config.getProjectName(); - else - throw new CxClientException("projectname must be specified"); - } - - if (!additionalParams.contains("-s ")) { - if (null != workspace) - additionalParams += " -s " + workspace; - else - throw new CxClientException("source path must be specified"); - } - - if (!additionalParams.contains("-r ") && !additionalParams.contains("--resolver-result-path ")) { - if (null != workspace) - additionalParams += " -r " + workspace + File.separator + scaResolverResultPath; - else - throw new CxClientException("result path must be specified"); - } - if (isExploitablePathByScaResolver) { - if (!additionalParams.contains("--cxserver ")) { - if (StringUtils.isNotEmpty(config.getUrl())) - additionalParams += " --cxserver " + config.getUrl(); - else - throw new CxClientException("cxserver must be specified"); - } - if (!additionalParams.contains("--cxuser ")) { - if (StringUtils.isNotEmpty(config.getUsername())) - additionalParams += " --cxuser " + config.getUsername(); - else - throw new CxClientException("cxuser must be specified"); - } - if (!additionalParams.contains("--cxpassword ")) { - if (StringUtils.isNotEmpty(config.getPassword())) - additionalParams += " --cxpassword " + config.getPassword(); - else - throw new CxClientException("cxpassword must be specified"); - } - if (!additionalParams.contains("--sast-result-path ")) { - if (null != workspace) - additionalParams += " --sast-result-path " + workspace + File.separator + scaResolverSastResultPath; - else - throw new CxClientException("sast result path must be specified"); - } - if (!additionalParams.contains("--cxprojectname ") && !additionalParams.contains("--cxprojectid ")) { - if (StringUtils.isNotEmpty(config.getProjectName())) - additionalParams += " --cxprojectname " + config.getProjectName(); - else - throw new CxClientException("sast project name or sast project id must be specified"); - } - } - if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") && addParams.contains("--cxuser ") - && addParams.contains("--cxpassword ") - && (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) - && addParams.contains("--sast-result-path "))) - log.warn( - "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."); - - else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") - || addParams.contains("--cxpassword ") - || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) - || addParams.contains("--sast-result-path "))) - log.warn( - "Any of the parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); - else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") - || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") - || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) - || addParams.contains("--sast-result-path "))) - log.error( - "Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."); - if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") - || addParams.contains("--resolver-result-path")) - log.warn( - "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); - - if(!isExploitablePathByScaResolver) { - if(additionalParams.contains("--cxserver ")) { - additionalParams.replace("--cxserver ", ""); - } - } - return additionalParams; - } + if (!additionalParams.contains("--cxprojectname ") && !additionalParams.contains("--cxprojectid ")) { + if (StringUtils.isNotEmpty(config.getProjectName())) + additionalParams += " --cxprojectname " + config.getProjectName(); + else + throw new CxClientException("sast project name or sast project id must be specified"); + } + } + if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") && addParams.contains("--cxuser ") + && addParams.contains("--cxpassword ") + && (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) + && addParams.contains("--sast-result-path "))) + log.warn( + "Enable Exploitable Path option is not selected, but exploitable path detection will be performed since all the required parameters for exploitable path detection are provided in SCA Resolver Additional Parameters."); + + else if (isExploitablePathByScaResolver && (addParams.contains("--cxserver ") || addParams.contains("--cxuser ") + || addParams.contains("--cxpassword ") + || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) + || addParams.contains("--sast-result-path "))) + log.warn( + "Any of the parameters (--cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) specified in SCA Resolver additional parameters will be used for Exploitable Path Detection instead of the corresponding parameters configured in the pipeline."); + else if (!isExploitablePathByScaResolver && (addParams.contains("--cxserver ") + || addParams.contains("--cxuser ") || addParams.contains("--cxpassword ") + || (addParams.contains("--cxprojectid ") || addParams.contains("--cxprojectname ")) + || addParams.contains("--sast-result-path "))) + log.error( + "Enable Exploitable Path is disabled and only a few SAST parameters (like --cxserver, --cxuser, --cxpassword, --sast-result-path, --cxprojectid or --cxprojectname, --sast-result-path) are specified in SCA Resolver Additional Parameters. Thus, Exploitable Path Detection will not happen."); + if (addParams.contains("-n ") || addParams.contains("-s ") || addParams.contains("-r ") + || addParams.contains("--resolver-result-path")) + log.warn( + "Any of the parameters (-n, -s, -r/--resolver-result-path) specified in SCA Resolver additional parameters will be used for dependency resolution instead of the corresponding parameters configured in the pipeline."); + + if(!isExploitablePathByScaResolver) { + if(additionalParams.contains("--cxserver ")) { + additionalParams.replace("--cxserver ", ""); + } + } + return additionalParams; + } private void fileExists(String file) {