From 08e4b1c0ac446ecaad7e38eb8e9b882cb0d68b9c Mon Sep 17 00:00:00 2001 From: Nidhi Jaiswal <35574348+nidhi0512@users.noreply.github.com> Date: Tue, 6 Feb 2024 11:10:08 +0530 Subject: [PATCH] Integration branch (#22) * GA Changes GA * GA changes 1.0.11 * code changes for encryption and decryption of access_token * code changes for encryption and decryption of access_token * code changes for encryption and decryption of access_token * updated scan summary name and update set * change log level to basic * Update Update_Set_GA_1.0.11.xml * Added Update set From Vendor Instance * Added changes for CxOne release 1.0.14 (#19) * CheckmarxOne Devops changes * CxOne 1.0.18 changes * Rename UpdateSet_GA.xml to UpdateSet_GA_1.0.18.xml --------- Co-authored-by: Apoorva Co-authored-by: apoorvasingh5 <98940507+apoorvasingh5@users.noreply.github.com> --- ...clude_f60f0ee047131110328ca368436d43ba.xml | 85 +++++++---- ...clude_716c87ad471f1110328ca368436d438a.xml | 32 +++- ...clude_891d8fed471f1110328ca368436d4334.xml | 140 ++++++++++-------- ...clude_ba2b3da69769e510026f72021153af1b.xml | 18 ++- ...clude_508f0d54471f1110328ca368436d43f8.xml | 16 +- ...clude_d7f2d2e447131110328ca368436d4321.xml | 125 +++++++++------- ...clude_ec0e828f47f42110328ca368436d433b.xml | 8 +- ...clude_1980bcb147935110328ca368436d435a.xml | 123 ++++++++++----- Scripts/UpdateSet_GA_1.0.18.xml | 1 + ...ction_6390cdd847db1110328ca368436d4361.xml | 2 +- 10 files changed, 336 insertions(+), 214 deletions(-) create mode 100644 Scripts/UpdateSet_GA_1.0.18.xml diff --git a/Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml b/Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml index e99337e..6c7c73c 100644 --- a/Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml +++ b/Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml @@ -1,5 +1,5 @@ - + public true @@ -16,25 +16,33 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati MSG: 'CheckmarxOne AppListIntegration:', retrieveData: function() { gs.debug(this.MSG + 'retrieveData'); - var params = this._getParameters(this.PROCESS.getValue('parameters')); var response = ""; - if (params.run) { - // filteredcount, offset - response = this.getAppList(Object.keys(params.run)[0], params.run[Object.keys(params.run)[0]]); + try { + var params = this._getParameters(this.PROCESS.getValue('parameters')); + + if (params.run) { + // filteredcount, offset + response = this.getAppList(Object.keys(params.run)[0], params.run[Object.keys(params.run)[0]]); + } + params = this._serializeParameters(this._nextParameters(params)); + this.setNextRunParameters(params); + + //Saving delta_start_time + if (!params.run) { + var latest = this.LATEST ? this.LATEST : ''; + this.INTEGRATION.setValue('delta_start_time', latest); + this.INTEGRATION.update(); + this.hasMoreData(false); + } else + this.hasMoreData(true); + } catch (ex) { + gs.error(this.MSG + "Error in retriving data for app list integration!" + ex); + response = ''; + } - params = this._serializeParameters(this._nextParameters(params)); - this.setNextRunParameters(params); - - //Saving delta_start_time - if (!params.run) { - var latest = this.LATEST ? this.LATEST : ''; - this.INTEGRATION.setValue('delta_start_time', latest); - this.INTEGRATION.update(); - this.hasMoreData(false); - } else - this.hasMoreData(true); if (response == "") { response = ''; + } return { @@ -58,6 +66,7 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati var groups = ''; var groupval = ' '; for (var item in response.projects) { + var projectTags = this._getProjectTags(JSON.stringify(response.projects[item].tags)); var applicationIds = ''; groups = +response.projects[item].groups.toString(); var projectResponse = this.UTIL.getProjectById(this.IMPLEMENTATION, response.projects[item].id); @@ -67,15 +76,17 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati appListAll += '' + - '<' + '![CDATA[' + response.projects[item].name + ']]' + '>'; + '" groups="' + groupval + '"><' + + '![CDATA[' + projectTags + ']]' + '><' + + '![CDATA[' + response.projects[item].name + ']]' + '>'; } else { appListAll += '' + - '<' + '![CDATA[' + response.projects[item].name + ']]' + '>'; + '" groups="' + response.projects[item].groups.toString() + '"><' + + '![CDATA[' + projectTags + ']]' + '><' + + '![CDATA[' + response.projects[item].name + ']]' + '>'; } } } @@ -88,6 +99,12 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati return reportContent; }, + _getProjectTags: function(tags) { + if (tags == null || tags.length < 3) + return ''; + return tags.substring(1, tags.length - 1); + }, + // Gets the integration parameters as a map _getParameters: function(parameters) { var params = { @@ -105,12 +122,19 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati } } else { this.LATEST = new GlideDateTime(); - var projectJSON = this.UTIL.getNewProjectList(this.IMPLEMENTATION); - var filteredCount = projectJSON.filteredTotalCount; - if (filteredCount !== "undefined") { - var offsetId = this._getoffsets(filteredCount); - params.remaining[filteredCount] = offsetId; + var offsetId; + var list_projects = this.UTIL.getConfigProjectList(this.IMPLEMENTATION); + if (list_projects && list_projects.length > 0) { + offsetId = '0'; + } else { + var projectJSON = this.UTIL.getNewProjectList(this.IMPLEMENTATION); + var filteredCount = projectJSON.filteredTotalCount; + var totalCount = projectJSON.totalCount; + if (filteredCount !== "undefined") { + offsetId = this._getoffsets(filteredCount, totalCount); + } } + params.remaining[filteredCount] = offsetId; gs.debug(this.MSG + 'for appreleases complete'); params = this._nextParameters(params); if (params.run) { @@ -125,10 +149,9 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati return params; }, //to get offset value from total length - _getoffsets: function(filteredCount) { + _getoffsets: function(filteredCount, totalCount) { var offsets = []; - var projectJSON = this.UTIL.getNewProjectList(this.IMPLEMENTATION); - var loopLength = projectJSON.projects.length / 50; + var loopLength = totalCount / 50; var offset = 0; for (var i = 0; i <= parseInt(loopLength); i++) { offset += 50; @@ -189,13 +212,13 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati admin 2022-11-18 05:11:38 f60f0ee047131110328ca368436d43ba -133 +173 CheckmarxOneAppListIntegration 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_f60f0ee047131110328ca368436d43ba -apoorva.singh@checkmarx.com -2023-08-08 11:25:54 +admin +2024-01-05 14:48:25 diff --git a/Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml b/Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml index df705ba..cafbf3d 100644 --- a/Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml +++ b/Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml @@ -1,5 +1,5 @@ - + public true @@ -41,18 +41,42 @@ CheckmarxOneAppListProcessor.prototype = Object.extendsObject(sn_vul.Application var attributes = appNode.getAttributes(); var applicationId = ''; var appId; + var projectTags = ''; + + var childIter = appNode.getChildNodeIterator(); + while (childIter.hasNext) { + var childNode = childIter.next(); + if (childNode.getNodeName() == "projectTags") { + projectTags = childNode.getTextContent(); + break; + } + } + /* if (projectTags != null && projectTags != '') { + var sourceAPMIDObj = {}; + var projectTagsArr = projectTags.split(',', -1); + for (var item in projectTagsArr) { + var projectTagArr = projectTagsArr[item].split(':', -1); + sourceAPMIDObj[projectTagArr[0]] = projectTagArr[1]; + } + if (sourceAPMIDObj != null) + appObj['apm_app_id'] = sourceAPMIDObj.toString(); + + } */ if (appNode.getAttribute('applicationIds') && appNode.getAttribute('applicationIds') != {}) { appId ={}; appId[gs.getMessage("Application Id: ")] = appNode.getAttribute('applicationIds').toString(); } else appId = ''; + //map attributes from Checkmarx into the servicenow expected format' var appObj = { source_app_id: attributes.id, app_name: appNode.getLastChild().getTextContent().toString(), + apm_app_id: projectTags, source_assigned_teams: attributes.groups, description: 'created at' + attributes.createdAt, source_additional_info: JSON.stringify(appId), + }; //Updating the project information in ServiceNow table var result = this.AVR_API.createOrUpdateApp(appObj); @@ -83,13 +107,13 @@ CheckmarxOneAppListProcessor.prototype = Object.extendsObject(sn_vul.Application admin 2022-11-21 12:03:00 716c87ad471f1110328ca368436d438a -49 +62 CheckmarxOneAppListProcessor 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_716c87ad471f1110328ca368436d438a -apoorva.singh@checkmarx.com -2023-08-08 11:22:07 +admin +2023-12-21 15:21:18 diff --git a/Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml b/Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml index 2eb2906..78c02c9 100644 --- a/Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml +++ b/Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml @@ -1,5 +1,5 @@ - + public true @@ -15,54 +15,58 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic MSG: "CheckmarxOneAppVulItemIntegration", retrieveData: function() { - var params = this._getParameters(this.PROCESS.getValue('parameters')); var response = ""; - if (params.run != null) { - var appname = ''; - var lastscandate = ''; - var branch = ''; - var appId = ''; - var applicationIds = []; - var applicationIdsStr = ''; - var engines = []; - var engine = ''; - var responseLastScanSummary = this.UTIL.getScanDetails(this.IMPLEMENTATION, Object.keys(params.run)[0]); - var jsonLastScanSummResp = JSON.parse(responseLastScanSummary.getBody()); - //to map value of last_scan_date, project name and project Id in XML - for (var value in jsonLastScanSummResp.scans) { - var projectResponse = this.UTIL.getProjectById(this.IMPLEMENTATION, jsonLastScanSummResp.scans[value].projectId); - if (null != projectResponse.applicationIds && projectResponse.applicationIds.length > 0) - applicationIds = applicationIds.concat(projectResponse.applicationIds); - lastscandate += this.UTIL.parseDate(jsonLastScanSummResp.scans[value].updatedAt); - appname += jsonLastScanSummResp.scans[value].projectName; - branch += jsonLastScanSummResp.scans[value].branch; - appId += jsonLastScanSummResp.scans[value].projectId; - engines = jsonLastScanSummResp.scans[value].engines; - engine = engines.toString(); - } - if (applicationIds.length > 0) { - applicationIdsStr = applicationIds.toString(); + try { + var params = this._getParameters(this.PROCESS.getValue('parameters')); + if (params.run != null) { + var appname = ''; + var lastscandate = ''; + var branch = ''; + var appId = ''; + var applicationIds = []; + var applicationIdsStr = ''; + var engines = []; + var engine = ''; + var responseLastScanSummary = this.UTIL.getScanDetails(this.IMPLEMENTATION, Object.keys(params.run)[0]); + var jsonLastScanSummResp = JSON.parse(responseLastScanSummary.getBody()); + //to map value of last_scan_date, project name and project Id in XML + for (var value in jsonLastScanSummResp.scans) { + var projectResponse = this.UTIL.getProjectById(this.IMPLEMENTATION, jsonLastScanSummResp.scans[value].projectId); + if (null != projectResponse.applicationIds && projectResponse.applicationIds.length > 0) + applicationIds = applicationIds.concat(projectResponse.applicationIds); + lastscandate += this.UTIL.parseDate(jsonLastScanSummResp.scans[value].updatedAt); + appname += jsonLastScanSummResp.scans[value].projectName; + branch += jsonLastScanSummResp.scans[value].branch; + appId += jsonLastScanSummResp.scans[value].projectId; + engines = jsonLastScanSummResp.scans[value].engines; + engine = engines.toString(); + } + if (applicationIds.length > 0) { + applicationIdsStr = applicationIds.toString(); + } } + if (params.run) { + // scanId, offset + var scanId = Object.keys(params.run)[0]; + response = this.getDetailedReport(scanId, params.run[Object.keys(params.run)[0]], lastscandate, appname, branch, appId, applicationIdsStr, engine); + gs.debug(this.MSG + ' getDetailedReport response:' + response); + } + params = this._serializeParameters(this._nextParameters(params)); + this.setNextRunParameters(params); + + //Saving delta_start_time + if (!params.run) { + var latest = this.LATEST ? this.LATEST : ''; + this.INTEGRATION.setValue('delta_start_time', latest); + this.INTEGRATION.update(); + this.hasMoreData(false); + } else + this.hasMoreData(true); + } catch (err) { + gs.error(this.MSG + " retrieveData : Error occured while getting report. Skipping buildId: " + scanId + err); + response = ''; } - - if (params.run) { - // scanId, offset - response = this.getDetailedReport(Object.keys(params.run)[0], params.run[Object.keys(params.run)[0]], lastscandate, appname, branch, appId, applicationIdsStr, engine); - gs.debug(this.MSG + ' getDetailedReport response:' + response); - - } - params = this._serializeParameters(this._nextParameters(params)); - this.setNextRunParameters(params); - - //Saving delta_start_time - if (!params.run) { - var latest = this.LATEST ? this.LATEST : ''; - this.INTEGRATION.setValue('delta_start_time', latest); - this.INTEGRATION.update(); - this.hasMoreData(false); - } else - this.hasMoreData(true); if (response == "") { response = ''; } @@ -115,16 +119,22 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic if (responseDeltaScanReport != -1) { var jsonDeltaScanReportResp = JSON.parse(responseDeltaScanReport.getBody()); for (var item in jsonDeltaScanReportResp.results) { - for (var j in jsonDeltaScanReportResp.results[item].nodes) { - var nodeId = 'fullName:' + jsonDeltaScanReportResp.results[item].nodes[j].fullName + ', path:' + jsonDeltaScanReportResp.results[item].nodes[j].fileName; - notes += nodeId + '. '; - } var severity = jsonDeltaScanReportResp.results[item].severity; if ((vulnerabilityCountThresholdLevel == 'INFO') || (vulnerabilityCountThresholdLevel == 'LOW' && severity.toUpperCase() != 'INFO') || (vulnerabilityCountThresholdLevel == 'MEDIUM' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW') || - severity.toUpperCase() == 'HIGH') { + (vulnerabilityCountThresholdLevel == 'HIGH' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW' && severity.toUpperCase() != 'MEDIUM') || + severity.toUpperCase() == 'CRITICAL') { + var i = 0; + for (var j in jsonDeltaScanReportResp.results[item].nodes) { + if (i < 50) { + var nodeId = 'path:' + jsonDeltaScanReportResp.results[item].nodes[j].fileName; + notes += nodeId + '. '; + i += 1; + + } + } var owasp = this._getOWASPTop10(jsonDeltaScanReportResp.results[item].compliances); var sans = this._getSANSTop25(jsonDeltaScanReportResp.results[item].compliances); SASTDeltascanDetailedAll += '3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_891d8fed471f1110328ca368436d4334 -apoorva.singh@checkmarx.com -2023-08-29 05:30:33 +admin +2024-01-05 07:58:44 diff --git a/Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml b/Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml index 814159f..3e4ad3f 100644 --- a/Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml +++ b/Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml @@ -1,5 +1,5 @@ - + public true @@ -26,8 +26,8 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat doc.parseXML(new GlideSysAttachment().getContent(attachment)); var listNode = doc.getNode('/detailedreport/xml/results'); } catch (ex) { - gs.info("error reported" + new GlideSysAttachment().getContent(attachment)); - gs.error(this.MSG + "Error occurred while validating or parsing the XML: " + ex ); + gs.info("error reported" + new GlideSysAttachment().getContent(attachment)); + gs.error(this.MSG + "Error occurred while validating or parsing the XML: " + ex); throw ex; } var reportData = {}; @@ -52,7 +52,9 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat var resultObj = {}; var scan_type = node.getAttribute('scan_type'); var source_severity_string = node.getAttribute('source_severity'); - if (source_severity_string == 'HIGH') { + if (source_severity_string == 'CRITICAL') { + source_severity = 0; + } else if (source_severity_string == 'HIGH') { var source_severity = 1; } else if (source_severity_string == 'MEDIUM') { source_severity = 2; @@ -141,7 +143,7 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat infObj[gs.getMessage("Branch Name")] = node.getAttribute('branch'); infObj[gs.getMessage("Project Id")] = node.getAttribute('app_id'); resultObj['source_additional_info'] = JSON.stringify(infObj); - resultObj['source_finding_status'] = 'State= ' + node.getAttribute('state'); + resultObj['source_finding_status'] = node.getAttribute('state'); resultObj['last_found'] = reportData.last_scan_date.getDate(); resultObj['source_severity'] = source_severity_string; resultObj['complies_with_policy'] = 'not_applicable'; @@ -236,13 +238,13 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat apoorva.singh@checkmarx.com 2023-03-16 05:04:10 ba2b3da69769e510026f72021153af1b -26 +41 CheckmarxOneAppVulItemProcessor 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_ba2b3da69769e510026f72021153af1b -apoorva.singh@checkmarx.com -2023-08-29 05:47:30 +admin +2023-12-20 14:25:21 diff --git a/Scripts/CheckmarxOneConfigUtilBase_sys_script_include_508f0d54471f1110328ca368436d43f8.xml b/Scripts/CheckmarxOneConfigUtilBase_sys_script_include_508f0d54471f1110328ca368436d43f8.xml index bfd177a..88dc730 100644 --- a/Scripts/CheckmarxOneConfigUtilBase_sys_script_include_508f0d54471f1110328ca368436d43f8.xml +++ b/Scripts/CheckmarxOneConfigUtilBase_sys_script_include_508f0d54471f1110328ca368436d43f8.xml @@ -1,5 +1,5 @@ - + package_private true @@ -23,8 +23,8 @@ CheckmarxOneConfigUtilBase.prototype = { "errorMessage": gs.getMessage("CheckmarxOne configuration not found.") }; var response = new x_chec3_chexone.CheckmarxOneUtil().getProject(config.getValue("integration_instance")); - var implConfig = new GlideRecord("sn_sec_int_impl_config"); - + var implConfig = new GlideRecord("sn_sec_int_impl_config"); + } catch (ex) { result = false; errorMessage = gs.getMessage("Credential validation failed!"); @@ -48,6 +48,8 @@ CheckmarxOneConfigUtilBase.prototype = { while (implConfig.next()) { var configName = implConfig.getDisplayValue("configuration"); var configVal = gr.getValue(configName); + if (configVal == null) + configVal = ""; if (implConfig.configuration.elem_type == "boolean") implConfig.setValue("value", configVal === "1"); else @@ -64,11 +66,11 @@ CheckmarxOneConfigUtilBase.prototype = { "include_first_detection_date": gr.getValue("include_first_detection_date") === "1", "import_sca": gr.getValue("import_sca") === "1", "import_sast": gr.getValue("import_sast") === "1", - "import_kics": gr.getValue("import_kics") === "1", + "import_kics": gr.getValue("import_kics") === "1", "triaging_in_snow": gr.getValue("triaging_in_snow") === "1", "vulnerability_threshold_level": gr.getValue("vulnerability_threshold_level"), "access_token": gr.access_token.getDecryptedValue(), - "list_projects": gr.getValue("list_of_project_id_s"), + "list_projects": gr.getValue("list_of_project_id_s"), }; new sn_sec_int.Implementation().setConfiguration(instance, newconfig); @@ -83,13 +85,13 @@ CheckmarxOneConfigUtilBase.prototype = { admin 2022-11-17 05:45:19 508f0d54471f1110328ca368436d43f8 -48 +49 CheckmarxOneConfigUtilBase 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_508f0d54471f1110328ca368436d43f8 admin -2023-09-08 09:28:36 +2023-12-27 15:25:17 diff --git a/Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml b/Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml index 181a189..7be5e6a 100644 --- a/Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml +++ b/Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml @@ -1,5 +1,5 @@ - + public true @@ -15,23 +15,30 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli MSG: 'CheckmarxOneScanSummaryIntegration:', retrieveData: function() { - var params = this._getParameters(this.PROCESS.getValue('parameters')); var response = ""; - if (params.run) { - // appId, offset - response = this.getSummaryReport(Object.keys(params.run)[0], params.run[Object.keys(params.run)[0]]); - } - params = this._serializeParameters(this._nextParameters(params)); - this.setNextRunParameters(params); + try { + var params = this._getParameters(this.PROCESS.getValue('parameters')); + if (params.run) { + // appId, offset + var appId = Object.keys(params.run)[0]; + var offsetId = params.run[Object.keys(params.run)[0]]; + response = this.getSummaryReport(appId, offsetId); + } + params = this._serializeParameters(this._nextParameters(params)); + this.setNextRunParameters(params); - //Saving delta_start_time - if (!params.run) { - var latest = this.LATEST ? this.LATEST : ''; - this.INTEGRATION.setValue('delta_start_time', latest); - this.INTEGRATION.update(); - this.hasMoreData(false); - } else - this.hasMoreData(true); + //Saving delta_start_time + if (!params.run) { + var latest = this.LATEST ? this.LATEST : ''; + this.INTEGRATION.setValue('delta_start_time', latest); + this.INTEGRATION.update(); + this.hasMoreData(false); + } else + this.hasMoreData(true); + } catch (err) { + gs.error(this.MSG + " retrieveData : Error while retrieving the data. Skipping appId: " + appId + ", scanId: " + offsetId + err); + response = ''; + } if (response == "") { response = ''; } @@ -148,30 +155,33 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli appId = app_list[id]; if (appId !== "undefined") { responseLastScan = this.UTIL.getScanList(this.IMPLEMENTATION, appId, this._getCurrentDeltaStartTime()); - jsonLastScanResp = JSON.parse(responseLastScan.getBody()); - for (var item in jsonLastScanResp.scans) { - if (includesca) { - if (jsonLastScanResp.scans[item].engines.toString().includes("sca")) { - app = jsonLastScanResp.scans[item].projectId; - } + if (responseLastScan != -1) { + jsonLastScanResp = JSON.parse(responseLastScan.getBody()); + for (var item in jsonLastScanResp.scans) { + if (includesca) { + if (jsonLastScanResp.scans[item].engines.toString().includes("sca")) { + app = jsonLastScanResp.scans[item].projectId; + } - } - if (includesast) { - if (jsonLastScanResp.scans[item].engines.toString().includes("sast")) { - app = jsonLastScanResp.scans[item].projectId; } - } - if (includekics) { - if (jsonLastScanResp.scans[item].engines.toString().includes("kics")) { - app = jsonLastScanResp.scans[item].projectId; + if (includesast) { + if (jsonLastScanResp.scans[item].engines.toString().includes("sast")) { + app = jsonLastScanResp.scans[item].projectId; + } + } + if (includekics) { + if (jsonLastScanResp.scans[item].engines.toString().includes("kics")) { + app = jsonLastScanResp.scans[item].projectId; + } } } + + if (app == appId) { + offsetId = this._getoffsets(appId); + params.remaining[app] = offsetId; + } } } - if (app == appId) { - offsetId = this._getoffsets(appId); - params.remaining[app] = offsetId; - } } } } @@ -180,31 +190,32 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli appId = apps[j].source_app_id; if (appId !== "undefined") { responseLastScan = this.UTIL.getScanList(this.IMPLEMENTATION, appId, this._getCurrentDeltaStartTime()); - jsonLastScanResp = JSON.parse(responseLastScan.getBody()); - for (var items in jsonLastScanResp.scans) { - if (includesca) { - if (jsonLastScanResp.scans[items].engines.toString().includes("sca")) { - app = jsonLastScanResp.scans[items].projectId; - } + if (responseLastScan != -1) { + jsonLastScanResp = JSON.parse(responseLastScan.getBody()); + for (var items in jsonLastScanResp.scans) { + if (includesca) { + if (jsonLastScanResp.scans[items].engines.toString().includes("sca")) { + app = jsonLastScanResp.scans[items].projectId; + } - } - if (includesast) { - if (jsonLastScanResp.scans[items].engines.toString().includes("sast")) { - app = jsonLastScanResp.scans[items].projectId; } - } - if (includekics) { - if (jsonLastScanResp.scans[items].engines.toString().includes("kics")) { - app = jsonLastScanResp.scans[items].projectId; + if (includesast) { + if (jsonLastScanResp.scans[items].engines.toString().includes("sast")) { + app = jsonLastScanResp.scans[items].projectId; + } + } + if (includekics) { + if (jsonLastScanResp.scans[items].engines.toString().includes("kics")) { + app = jsonLastScanResp.scans[items].projectId; + } } } + if (app == appId) { + offsetId = this._getoffsets(appId); + params.remaining[app] = offsetId; + } } } - - if (app == appId) { - offsetId = this._getoffsets(appId); - params.remaining[app] = offsetId; - } } } gs.debug(this.MSG + 'for appreleases complete'); @@ -217,7 +228,7 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli } } catch (err) { gs.error(this.MSG + " _getParameters : Error while getting the integration parameters." + err); - throw err; + // throw err; } return params; }, @@ -288,13 +299,13 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli admin 2022-11-18 05:18:19 d7f2d2e447131110328ca368436d4321 -148 +175 CheckmarxOneScanSummaryIntegration 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_d7f2d2e447131110328ca368436d4321 -apoorva.singh@checkmarx.com -2023-06-26 17:01:21 +admin +2023-12-26 10:05:40 diff --git a/Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml b/Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml index df5135c..b35a7ad 100644 --- a/Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml +++ b/Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml @@ -1,5 +1,5 @@ - + public true @@ -162,13 +162,13 @@ CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.Applica admin 2023-02-08 12:56:43 ec0e828f47f42110328ca368436d433b -9 +12 CheckmarxOneScanSummaryProcessor 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_ec0e828f47f42110328ca368436d433b -apoorva.singh@checkmarx.com -2023-06-26 17:22:27 +admin +2023-09-29 15:42:36 diff --git a/Scripts/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.xml b/Scripts/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.xml index 83d43f1..2779b46 100644 --- a/Scripts/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.xml +++ b/Scripts/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.xml @@ -1,5 +1,5 @@ - + public true @@ -77,19 +77,7 @@ CheckmarxOneUtilBase.prototype = { var query = ''; var projectid = ''; var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request); - var list_projects = config.list_projects; - if (list_projects && list_projects.length > 0) { - list_projects = list_projects.split(";"); - for (var id in list_projects) { - if (list_projects[id].length > 0) { - projectid += '&ids=' + list_projects[id]; - } - } - query = '/api/projects/?' + projectid; - - } else { - query = '/api/projects/?offset=0&limit=0'; - } + query = '/api/projects/?offset=0&limit=1'; var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get"); var body = resp.getBody(); var projectJSON = JSON.parse(body); @@ -104,18 +92,36 @@ CheckmarxOneUtilBase.prototype = { getConfigProjectList: function(configId) { var config = this._getConfig(configId); var project_lists = []; - var list_projects = config.list_projects; + var projectStatus; + var list_projects = config.list_of_project_id_s; if (list_projects && list_projects.length > 0) { list_projects = list_projects.split(";"); for (var id in list_projects) { - if (list_projects[id].length > 0) { + if (list_projects[id].length > 0) project_lists.push(list_projects[id]); - } } } return project_lists; }, + //get Project By Id + getConfigProjectById: function(configId, projectId) { + try { + var request = new sn_ws.RESTMessageV2(); + var config = this._getConfig(configId); + var accesscontrolbaseUrl = config.checkmarxone_server_url; + var apibaseurl = config.checkmarxone_api_base_url; + var method = "post"; + var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId); + var query = '/api/projects/' + projectId; + var resp = this._makeConfigRestApiCall(apibaseurl, configId, token, query, "get"); + } catch (err) { + gs.error(this.MSG + " getConfigProjectById: Error while getting the project info." + err); + } + return resp; + }, + + //get 50 project list at a time getNextProjectList: function(configId, offsetno) { try { @@ -128,12 +134,15 @@ CheckmarxOneUtilBase.prototype = { var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId); var query = ''; var projectid = ''; - var list_projects = config.list_projects; + var list_projects = this.getConfigProjectList(configId); if (list_projects && list_projects.length > 0) { - list_projects = list_projects.split(";"); for (var id in list_projects) { if (list_projects[id].length > 0) { - projectid += '&ids=' + list_projects[id]; + var projectStatus = this.getConfigProjectById(configId, list_projects[id]); + if (projectStatus == 200 || projectJSON == 202) + projectid += '&ids=' + list_projects[id]; + else + gs.info("Entered project id is wrong"+list_projects[id]); } } query = '/api/projects/?' + projectid; @@ -151,6 +160,7 @@ CheckmarxOneUtilBase.prototype = { return projectJSON; }, + //get Project By Id getProjectById: function(configId, projectId) { try { @@ -203,12 +213,14 @@ CheckmarxOneUtilBase.prototype = { var method = "post"; var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId); var query = '/api/scans/?offset=0&limit=1&statuses=Completed&project-id=' + projectId + '&from-date=' + last_run_date + '&sort=%2Bcreated_at&sort=%2Bstatus&field=scan-ids'; - + var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get"); } catch (err) { gs.error(this.MSG + " :getScanList :Error in getting status of the report." + err); - throw err; + return -1; } - return this._makeRestApiCall(apibaseurl, configId, token, query, "get"); + + return resp; + }, //Second Last scanId for a given app/project @@ -381,7 +393,7 @@ CheckmarxOneUtilBase.prototype = { var count = 0; var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId); - var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=true'; + var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=false'; var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get"); var body = resp.getBody(); var ScanSummaryJson = JSON.parse(body); @@ -390,12 +402,10 @@ CheckmarxOneUtilBase.prototype = { count += ScanSummaryJson.scansSummaries[item].sastCounters.totalCounter; } if (includesca) { - count += ScanSummaryJson.scansSummaries[item].scaCounters.totalCounter + ScanSummaryJson.scansSummaries[item].scaContainersCounters.totalVulnerabilitiesCounter; - } - if (includekics) { - count += ScanSummaryJson.scansSummaries[item].kicsCounters.totalCounter; + count += count += ScanSummaryJson.scansSummaries[item].kicsCounters.totalCounter + ScanSummaryJson.scansSummaries[item].scaCounters.totalCounter + ScanSummaryJson.scansSummaries[item].scaContainersCounters.totalVulnerabilitiesCounter; } + } } catch (err) { gs.error(this.MSG + " getTotalVulcount: Error while getting the total vul count." + err + scanId); @@ -417,7 +427,7 @@ CheckmarxOneUtilBase.prototype = { var method = "post"; var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId); - var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=true'; + var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=false'; var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get"); var body = resp.getBody(); var ScanSummaryJson = JSON.parse(body); @@ -444,7 +454,7 @@ CheckmarxOneUtilBase.prototype = { var method = "post"; var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId); var flaws = 0; - var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=true'; + var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=false'; var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get"); var body = resp.getBody(); var ScanSummaryJson = JSON.parse(body); @@ -472,7 +482,12 @@ CheckmarxOneUtilBase.prototype = { var includekics = this.importKicsFlaw(configId); var limit_val = config.limit; //var query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=' + limit_val; - var query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=' + limit_val + '&sort=%2Bstatus&sort=%2Bseverity'; + if ((includesast && includesca) || includesast || (includekics && includesast && includekics)) { + var query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=' + limit_val + '&sort=-type'; + } else if (includesca || (includekics && includesca) || includekics) { + query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=' + limit_val + '&sort=%2Btype'; + } + //var query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=20' +'&sort=%2Bstatus&sort=%2Bseverity' ; var accesscontrolbaseUrl = config.checkmarxone_server_url; var apibaseurl = config.checkmarxone_api_base_url; @@ -497,7 +512,7 @@ CheckmarxOneUtilBase.prototype = { var method = "post"; var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId); - var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=true'; + var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=false'; var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get"); var body = resp.getBody(); var ScanSummaryJson = JSON.parse(body); @@ -509,7 +524,8 @@ CheckmarxOneUtilBase.prototype = { if ((vulnerabilityCountThresholdLevel == 'INFO') || (vulnerabilityCountThresholdLevel == 'LOW' && severity.toUpperCase() != 'INFO') || (vulnerabilityCountThresholdLevel == 'MEDIUM' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW') || - severity.toUpperCase() == 'HIGH') { + (vulnerabilityCountThresholdLevel == 'HIGH' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW' && severity.toUpperCase() != 'MEDIUM') || + severity.toUpperCase() == 'CRITICAL') { var counts = ScanSummaryJson.scansSummaries[item].scaCounters.severityCounters[value].counter; flaws += counts; } @@ -519,7 +535,8 @@ CheckmarxOneUtilBase.prototype = { if ((vulnerabilityCountThresholdLevel == 'INFO') || (vulnerabilityCountThresholdLevel == 'LOW' && sca_container_severity.toUpperCase() != 'INFO') || (vulnerabilityCountThresholdLevel == 'MEDIUM' && sca_container_severity.toUpperCase() != 'INFO' && sca_container_severity.toUpperCase() != 'LOW') || - sca_container_severity.toUpperCase() == 'HIGH') { + (vulnerabilityCountThresholdLevel == 'HIGH' && sca_container_severity.toUpperCase() != 'INFO' && sca_container_severity.toUpperCase() != 'LOW' && sca_container_severity.toUpperCase() != 'MEDIUM') || + sca_container_severity.toUpperCase() == 'CRITICAL') { var sca_container_counts = ScanSummaryJson.scansSummaries[item].scaContainersCounters.severityVulnerabilitiesCounters[value].counter; flaws += sca_container_counts; } @@ -545,7 +562,7 @@ CheckmarxOneUtilBase.prototype = { var method = "post"; var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId); - var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=true'; + var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=false'; var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get"); var body = resp.getBody(); var ScanSummaryJson = JSON.parse(body); @@ -557,7 +574,8 @@ CheckmarxOneUtilBase.prototype = { if ((vulnerabilityCountThresholdLevel == 'INFO') || (vulnerabilityCountThresholdLevel == 'LOW' && severity.toUpperCase() != 'INFO') || (vulnerabilityCountThresholdLevel == 'MEDIUM' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW') || - severity.toUpperCase() == 'HIGH') { + (vulnerabilityCountThresholdLevel == 'HIGH' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW' && severity.toUpperCase() != 'MEDIUM') || + severity.toUpperCase() == 'CRITICAL') { var counts = ScanSummaryJson.scansSummaries[item].sastCounters.severityCounters[value].counter; flaws += counts; } @@ -581,7 +599,7 @@ CheckmarxOneUtilBase.prototype = { var method = "post"; var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request); - var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=true'; + var query = '/api/scan-summary/?scan-ids=' + scanId + '&include-severity-status=true&include-status-counters=true&include-queries=true&include-files=true&apply-predicates=false'; var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get"); var body = resp.getBody(); var ScanSummaryJson = JSON.parse(body); @@ -594,7 +612,8 @@ CheckmarxOneUtilBase.prototype = { if ((vulnerabilityCountThresholdLevel == 'INFO') || (vulnerabilityCountThresholdLevel == 'LOW' && severity.toUpperCase() != 'INFO') || (vulnerabilityCountThresholdLevel == 'MEDIUM' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW') || - severity.toUpperCase() == 'HIGH') { + (vulnerabilityCountThresholdLevel == 'HIGH' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW' && severity.toUpperCase() != 'MEDIUM') || + severity.toUpperCase() == 'CRITICAL') { var counts = ScanSummaryJson.scansSummaries[item].kicsCounters.severityCounters[value].counter; flaws += counts; } @@ -682,7 +701,7 @@ CheckmarxOneUtilBase.prototype = { getFirstDetectionDate: function() { try { - var configId = 'getconfig'; + var configId = '1234'; var config = this._getConfig(configId); var include_first_found = config.include_first_detection_date; } catch (err) { @@ -913,6 +932,28 @@ CheckmarxOneUtilBase.prototype = { } }, + _makeConfigRestApiCall: function(baseUrl, configId, token, name, method) { + try { + var fullUrl = baseUrl + name; + var r = new sn_ws.RESTMessageV2(); + r.setEndpoint(fullUrl); + r.setHttpMethod(method); + var newHeader = "Bearer " + token; + r.setRequestHeader("Accept", "application/json"); + r.setRequestHeader("Authorization", newHeader); + r.setHttpTimeout(30000); + var config = this._getConfig(configId); + var log_level = config.log_level; + r.setLogLevel(log_level); + var response = r.execute(); + var status = response.getStatusCode(); + } catch (err) { + gs.error(this.MSG + " :_makeConfigRestApiCall :Error in making API call."); + throw err; + } + return status; + }, + _makeRestApiCall: function(baseUrl, configId, token, name, method, params) { try { var fullUrl = baseUrl + name; @@ -1093,13 +1134,13 @@ CheckmarxOneUtilBase.prototype = { admin 2022-11-21 19:26:28 1980bcb147935110328ca368436d435a -240 +271 CheckmarxOneUtilBase 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_1980bcb147935110328ca368436d435a admin -2023-11-09 09:54:20 +2024-01-05 14:49:39 diff --git a/Scripts/UpdateSet_GA_1.0.18.xml b/Scripts/UpdateSet_GA_1.0.18.xml new file mode 100644 index 0000000..d3f5a12 --- /dev/null +++ b/Scripts/UpdateSet_GA_1.0.18.xml @@ -0,0 +1 @@ + diff --git a/Scripts/checkmarxone_configuration_save_and test_sys_ui_action_6390cdd847db1110328ca368436d4361.xml b/Scripts/checkmarxone_configuration_save_and test_sys_ui_action_6390cdd847db1110328ca368436d4361.xml index 0f3b124..8cd4dab 100644 --- a/Scripts/checkmarxone_configuration_save_and test_sys_ui_action_6390cdd847db1110328ca368436d4361.xml +++ b/Scripts/checkmarxone_configuration_save_and test_sys_ui_action_6390cdd847db1110328ca368436d4361.xml @@ -1,5 +1,5 @@ - + checkmarxone_configuration_save true