From 50ba9a369b067ad2c13b49031bff26e6a3ac4c18 Mon Sep 17 00:00:00 2001 From: apoorvasingh5 <98940507+apoorvasingh5@users.noreply.github.com> Date: Thu, 14 Mar 2024 14:00:34 +0530 Subject: [PATCH] Integration branch (#25) * GA Changes GA * GA changes 1.0.11 * code changes for encryption and decryption of access_token * code changes for encryption and decryption of access_token * code changes for encryption and decryption of access_token * updated scan summary name and update set * change log level to basic * Update Update_Set_GA_1.0.11.xml * Added Update set From Vendor Instance * Added changes for CxOne release 1.0.14 (#19) * CheckmarxOne Devops changes * CxOne 1.0.18 changes * Rename UpdateSet_GA.xml to UpdateSet_GA_1.0.18.xml * Cx_One_1.0.19 Features (#24) * Cx_One_1.0.19 Features * Updated resultHash in AVITID * Updated Update set * Updated update set and code changes --------- Co-authored-by: Nidhi Jaiswal Co-authored-by: Nidhi Jaiswal <35574348+nidhi0512@users.noreply.github.com> --- ...clude_f60f0ee047131110328ca368436d43ba.xml | 26 +- ...clude_716c87ad471f1110328ca368436d438a.xml | 55 +- ...clude_891d8fed471f1110328ca368436d4334.xml | 138 +- ...clude_ba2b3da69769e510026f72021153af1b.xml | 39 +- ...clude_d7f2d2e447131110328ca368436d4321.xml | 117 +- ...clude_ec0e828f47f42110328ca368436d433b.xml | 10 +- ...clude_1980bcb147935110328ca368436d435a.xml | 111 +- Scripts/UpdateSet_GA.xml | 19644 ++++++++++++++++ Scripts/UpdateSet_GA_1.0.19.xml | 16952 +++++++++++++ 9 files changed, 36922 insertions(+), 170 deletions(-) create mode 100644 Scripts/UpdateSet_GA.xml create mode 100644 Scripts/UpdateSet_GA_1.0.19.xml diff --git a/Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml b/Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml index 6c7c73c..b6fc2d9 100644 --- a/Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml +++ b/Scripts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml @@ -1,5 +1,5 @@ - + public true @@ -65,18 +65,27 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati var response = this.UTIL.getNextProjectList(this.IMPLEMENTATION, newoffset); var groups = ''; var groupval = ' '; + var isPrimaryBranchEnabled = this.UTIL._getConfig(this.IMPLEMENTATION).sync_only_primary_branch.toString(); for (var item in response.projects) { var projectTags = this._getProjectTags(JSON.stringify(response.projects[item].tags)); var applicationIds = ''; + var primaryBranch = ''; + var isProjectAllowed = 'true'; groups = +response.projects[item].groups.toString(); var projectResponse = this.UTIL.getProjectById(this.IMPLEMENTATION, response.projects[item].id); if (null != projectResponse.applicationIds && projectResponse.applicationIds.length > 0) - applicationIds = projectResponse.applicationIds.toString(); { + applicationIds = projectResponse.applicationIds.toString(); + if (null != projectResponse.mainBranch && projectResponse.mainBranch.length > 0) + primaryBranch = projectResponse.mainBranch.toString(); + if (isPrimaryBranchEnabled == 'true' && (primaryBranch == null || primaryBranch == '')) + isProjectAllowed = 'false'; + if (isProjectAllowed == 'true') { if (groups == 0) { appListAll += '<' + + '" groups="' + groupval + '"><' + + '![CDATA[' + primaryBranch + ']]' + '><' + '![CDATA[' + projectTags + ']]' + '><' + '![CDATA[' + response.projects[item].name + ']]' + '>'; @@ -84,7 +93,8 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati appListAll += '<' + + '" groups="' + response.projects[item].groups.toString() + '"><' + + '![CDATA[' + primaryBranch + ']]' + '><' + '![CDATA[' + projectTags + ']]' + '><' + '![CDATA[' + response.projects[item].name + ']]' + '>'; } @@ -123,12 +133,14 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati } else { this.LATEST = new GlideDateTime(); var offsetId; + var filteredCount; var list_projects = this.UTIL.getConfigProjectList(this.IMPLEMENTATION); if (list_projects && list_projects.length > 0) { offsetId = '0'; + filteredCount = '' + list_projects.length; } else { var projectJSON = this.UTIL.getNewProjectList(this.IMPLEMENTATION); - var filteredCount = projectJSON.filteredTotalCount; + filteredCount = projectJSON.filteredTotalCount; var totalCount = projectJSON.totalCount; if (filteredCount !== "undefined") { offsetId = this._getoffsets(filteredCount, totalCount); @@ -212,13 +224,13 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati admin 2022-11-18 05:11:38 f60f0ee047131110328ca368436d43ba -173 +179 CheckmarxOneAppListIntegration 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_f60f0ee047131110328ca368436d43ba admin -2024-01-05 14:48:25 +2024-02-08 16:03:48 diff --git a/Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml b/Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml index cafbf3d..fb48551 100644 --- a/Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml +++ b/Scripts/CheckmarxOneAppListProcessor_sys_script_include_716c87ad471f1110328ca368436d438a.xml @@ -1,5 +1,5 @@ - + public true @@ -41,42 +41,45 @@ CheckmarxOneAppListProcessor.prototype = Object.extendsObject(sn_vul.Application var attributes = appNode.getAttributes(); var applicationId = ''; var appId; - var projectTags = ''; - - var childIter = appNode.getChildNodeIterator(); + var projectTags = ''; + var primaryBranch = ''; + var infoObj = {}; + + var childIter = appNode.getChildNodeIterator(); + var projectTagsFlag = 'false'; + var primaryBranchFlag = 'false'; while (childIter.hasNext) { var childNode = childIter.next(); if (childNode.getNodeName() == "projectTags") { projectTags = childNode.getTextContent(); - break; + projectTagsFlag = 'true'; } - } - /* if (projectTags != null && projectTags != '') { - var sourceAPMIDObj = {}; - var projectTagsArr = projectTags.split(',', -1); - for (var item in projectTagsArr) { - var projectTagArr = projectTagsArr[item].split(':', -1); - sourceAPMIDObj[projectTagArr[0]] = projectTagArr[1]; + if (childNode.getNodeName() == "primaryBranch") { + primaryBranch = childNode.getTextContent(); + primaryBranchFlag = 'true'; } - if (sourceAPMIDObj != null) - appObj['apm_app_id'] = sourceAPMIDObj.toString(); - - } */ - if (appNode.getAttribute('applicationIds') && appNode.getAttribute('applicationIds') != {}) { - appId ={}; - appId[gs.getMessage("Application Id: ")] = appNode.getAttribute('applicationIds').toString(); - } else - appId = ''; + if(projectTagsFlag == 'true' && primaryBranchFlag == 'true') + break; + } + if (appNode.getAttribute('applicationIds') && appNode.getAttribute('applicationIds') != {}) + infoObj[gs.getMessage("Application Id ")] = appNode.getAttribute('applicationIds').toString(); + + if (null != primaryBranch && '' != primaryBranch) + infoObj[gs.getMessage("Primary Branch ")] = primaryBranch.toString(); + if (infoObj == {}) + infoObj = ""; + //map attributes from Checkmarx into the servicenow expected format' var appObj = { source_app_id: attributes.id, app_name: appNode.getLastChild().getTextContent().toString(), - apm_app_id: projectTags, + apm_app_id: projectTags, source_assigned_teams: attributes.groups, description: 'created at' + attributes.createdAt, - source_additional_info: JSON.stringify(appId), - + source_additional_info: JSON.stringify(infoObj), + source_app_guid : primaryBranch.toString() + }; //Updating the project information in ServiceNow table var result = this.AVR_API.createOrUpdateApp(appObj); @@ -107,13 +110,13 @@ CheckmarxOneAppListProcessor.prototype = Object.extendsObject(sn_vul.Application admin 2022-11-21 12:03:00 716c87ad471f1110328ca368436d438a -62 +74 CheckmarxOneAppListProcessor 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_716c87ad471f1110328ca368436d438a admin -2023-12-21 15:21:18 +2024-02-08 06:23:20 diff --git a/Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml b/Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml index 78c02c9..437e688 100644 --- a/Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml +++ b/Scripts/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml @@ -1,5 +1,5 @@ - + public true @@ -27,6 +27,14 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic var applicationIdsStr = ''; var engines = []; var engine = ''; + var reportLength = this.UTIL.getSASTVulcount(this.IMPLEMENTATION, Object.keys(params.run)[0]); + var loopLength = reportLength / 50; + var sast_offset = 0; + //in result api offset value start from 0 and increment by 1, here it acts like page instead of number of item like other api + for (var loop = 0; loop <= parseInt(loopLength); loop++) { + sast_offset += 1; + } + var delta_offset = sast_offset; var responseLastScanSummary = this.UTIL.getScanDetails(this.IMPLEMENTATION, Object.keys(params.run)[0]); var jsonLastScanSummResp = JSON.parse(responseLastScanSummary.getBody()); //to map value of last_scan_date, project name and project Id in XML @@ -41,6 +49,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic engines = jsonLastScanSummResp.scans[value].engines; engine = engines.toString(); } + + var secondlastscan = this.UTIL.getSecondLastScan(this.IMPLEMENTATION, appId, Object.keys(params.run)[0]); if (applicationIds.length > 0) { applicationIdsStr = applicationIds.toString(); } @@ -48,7 +58,7 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic if (params.run) { // scanId, offset var scanId = Object.keys(params.run)[0]; - response = this.getDetailedReport(scanId, params.run[Object.keys(params.run)[0]], lastscandate, appname, branch, appId, applicationIdsStr, engine); + response = this.getDetailedReport(scanId, params.run[Object.keys(params.run)[0]], lastscandate, secondlastscan, appname, branch, appId, applicationIdsStr, engine, delta_offset); gs.debug(this.MSG + ' getDetailedReport response:' + response); } @@ -78,7 +88,7 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic }; }, - getDetailedReport: function(scanId, offset, lastscandate, appname, branch, appId, applicationIdsStr, engine) { + getDetailedReport: function(scanId, offset, lastscandate, secondlastscan, appname, branch, appId, applicationIdsStr, engine, delta_offset) { try { var includesca = this.UTIL.importScaFlaw(this.IMPLEMENTATION); var includesast = this.UTIL.importSastFlaw(this.IMPLEMENTATION); @@ -92,18 +102,11 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic var SASTDeltascanDetailedAll = ''; var KICSscanDetailedAll = ''; var scanDetailedAll = ''; - var sca = 'sca'; - var sast = 'sast'; - var kics = 'kics'; - var description = ''; var line = ''; var ref = ''; - var reference = ''; var notes = ''; var recommendedVersion = ''; - var source_file = ''; var location = ''; - var scanSummaryAll = ''; var package_unique_id = " "; var package_name = " "; var cvssScore = " "; @@ -111,10 +114,10 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic var newoffset = offset - 1; var scan_type = "static"; var vulnerabilityCountThresholdLevel = config.vulnerability_threshold_level; + var delta_ = 0; - if (includesast && engine.includes('sast')) { - var secondlastscan = this.UTIL.getSecondLastScan(this.IMPLEMENTATION, appId, scanId); - if (secondlastscan != -1) { + if (includesast == true && engine.includes('sast')) { + if (secondlastscan != -1 && delta_offset > newoffset) { var responseDeltaScanReport = this.UTIL.getDeltaScan(this.IMPLEMENTATION, appId, scanId, secondlastscan, newoffset); if (responseDeltaScanReport != -1) { var jsonDeltaScanReportResp = JSON.parse(responseDeltaScanReport.getBody()); @@ -127,12 +130,11 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic (vulnerabilityCountThresholdLevel == 'HIGH' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW' && severity.toUpperCase() != 'MEDIUM') || severity.toUpperCase() == 'CRITICAL') { var i = 0; + var delta_path = ''; for (var j in jsonDeltaScanReportResp.results[item].nodes) { - if (i < 50) { - var nodeId = 'path:' + jsonDeltaScanReportResp.results[item].nodes[j].fileName; - notes += nodeId + '. '; - i += 1; - + if (i < 100) { + var pathStr = ' path:' + jsonDeltaScanReportResp.results[item].nodes[j].fileName + ' line: ' + jsonDeltaScanReportResp.results[item].nodes[j].line + ' column: ' + jsonDeltaScanReportResp.results[item].nodes[j].column; + delta_path += pathStr; } } var owasp = this._getOWASPTop10(jsonDeltaScanReportResp.results[item].compliances); @@ -160,35 +162,36 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic '" SANSTop25="' + sans + '" application_ids="' + applicationIdsStr + '" scan_id="' + 'sast' + scanId + '">' + - '<' + '![CDATA[' + notes + ']]' + '>' + + '<' + '![CDATA[' + delta_path + ']]' + '>' + + '<' + '![CDATA[' + jsonDeltaScanReportResp.results[item].resultHash + ']]' + '>' + '<' + '![CDATA[' + jsonDeltaScanReportResp.results[item].group + ']]' + '>'; } } } + if (jsonDeltaScanReportResp.results == '' || jsonDeltaScanReportResp.results == null) { + delta_ += 1; + } } } var responseLastScanReport = this.UTIL.getVulInfo(this.IMPLEMENTATION, scanId, newoffset); - gs.debug(this.MSG + " getDetailedReport : scanInfoResponse " + responseLastScanReport); var jsonLastScanReportResp = JSON.parse(responseLastScanReport.getBody()); for (item in jsonLastScanReportResp.results) { - - if (SASTDeltascanDetailedAll == '' && jsonLastScanReportResp.results[item].type == "sast") { + if (SASTDeltascanDetailedAll == '' && jsonLastScanReportResp.results[item].type == "sast" && delta_ == 0) { + var sastseverity = jsonLastScanReportResp.results[item].severity; - if ((vulnerabilityCountThresholdLevel == 'INFO') || (vulnerabilityCountThresholdLevel == 'LOW' && sastseverity.toUpperCase() != 'INFO') || (vulnerabilityCountThresholdLevel == 'MEDIUM' && sastseverity.toUpperCase() != 'INFO' && sastseverity.toUpperCase() != 'LOW') || (vulnerabilityCountThresholdLevel == 'HIGH' && sastseverity.toUpperCase() != 'INFO' && sastseverity.toUpperCase() != 'LOW' && sastseverity.toUpperCase() != 'MEDIUM') || sastseverity.toUpperCase() == 'CRITICAL') { - + var sast_path = ''; var m = 0; for (j in jsonLastScanReportResp.results[item].data.nodes) { - if (m < 50) { - nodeId = 'path:' + jsonLastScanReportResp.results[item].data.nodes[j].fileName; - notes += nodeId + '. '; - m += 1; + if (m < 100) { + var full_path = ' path:' + jsonLastScanReportResp.results[item].data.nodes[j].fileName + ' line: ' + jsonLastScanReportResp.results[item].data.nodes[j].line + ' column: ' + jsonLastScanReportResp.results[item].data.nodes[j].column; + sast_path += full_path; } } SASTscanDetailedAll += '' + - '<' + '![CDATA[' + notes + ']]' + '>' + + '<' + '![CDATA[' + sast_path + ']]' + '>' + + '<' + '![CDATA[' + jsonLastScanReportResp.results[item].data.resultHash + ']]' + '>' + '<' + '![CDATA[' + jsonLastScanReportResp.results[item].description + ']]' + '>'; } } - if (jsonLastScanReportResp.results[item].type == "sca" || jsonLastScanReportResp.results[item].type == "sca-container") { - + if (includesca == true && (jsonLastScanReportResp.results[item].type == "sca" || jsonLastScanReportResp.results[item].type == "sca-container")) { + if (jsonLastScanReportResp.results[item].type == "sca") { for (var k in jsonLastScanReportResp.results[item].data.packageData) { var url = jsonLastScanReportResp.results[item].data.packageData[k].url; @@ -263,7 +268,7 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic '<' + '![CDATA[' + jsonLastScanReportResp.results[item].description + ']]' + '>'; } } - if (jsonLastScanReportResp.results[item].type == "kics") { + if (includekics == true && jsonLastScanReportResp.results[item].type == "kics" ) { var kicsseverity = jsonLastScanReportResp.results[item].severity; if ((vulnerabilityCountThresholdLevel == 'INFO') || @@ -303,10 +308,10 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic } } - if (includesca) { + if (includesca == true) { scanDetailedAll += SCAscanDetailedAll; } - if (includesast) { + if (includesast == true) { if (SASTDeltascanDetailedAll == '') { scanDetailedAll += SASTscanDetailedAll; } else { @@ -314,7 +319,7 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic } } - if (includekics) { + if (includekics== true) { scanDetailedAll += KICSscanDetailedAll; } var reportContent = scanDetailedRootNodeStart + scanDetailedAll + scanDetailedRootNodeEnd; @@ -383,26 +388,26 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic } else { this.LATEST = new GlideDateTime(this.DELTA_START_TIME || '1970-01-01T10:16:06.17544Z').getDate(); var apps = this.AVR_API.getAppReleases(); + var isPrimaryBranchEnabled = this.UTIL._getConfig(this.IMPLEMENTATION).sync_only_primary_branch.toString(); var app_list = this.UTIL.getConfigProjectList(this.IMPLEMENTATION); var app = ''; var appId = ''; var scanId = ''; var offsetId = ''; var scans = []; + var appIds = []; + for (var i in apps) { + appIds.push(apps[i].source_app_id); + } if (app_list && app_list.length > 0) { for (var id in app_list) { - for (var i in apps) { - if (apps[i].source_app_id == app_list[id]) { - appId = app_list[id]; - if (appId !== "undefined") { - scans = this._getScans(appId); - } - for (var item in scans) { - scanId = scans[item]; - offsetId = this._getoffsets(appId, scanId); - params.remaining[scanId] = offsetId; - } - + if (appIds.indexOf(app_list[id]) != -1 && app_list[id] !== "undefined") { + appId = app_list[id]; + scans = this._getScans(appId, isPrimaryBranchEnabled); + for (var item in scans) { + scanId = scans[item]; + offsetId = this._getoffsets(appId, scanId); + params.remaining[scanId] = offsetId; } } } @@ -410,13 +415,12 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic for (var j in apps) { appId = apps[j].source_app_id; if (appId !== "undefined") { - - scans = this._getScans(appId); - } - for (var k in scans) { - scanId = scans[k]; - offsetId = this._getoffsets(appId, scanId); - params.remaining[scanId] = offsetId; + scans = this._getScans(appId, isPrimaryBranchEnabled); + for (var k in scans) { + scanId = scans[k]; + offsetId = this._getoffsets(appId, scanId); + params.remaining[scanId] = offsetId; + } } } } @@ -444,7 +448,7 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic }, // Gets the scan list for the particular app - _getScans: function(appId) { + _getScans: function(appId, isPrimaryBranchEnabled) { var includesca = this.UTIL.importScaFlaw(this.IMPLEMENTATION); var includesast = this.UTIL.importSastFlaw(this.IMPLEMENTATION); @@ -452,25 +456,33 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic var scans = []; var scanId = ''; try { + if (isPrimaryBranchEnabled == 'true') + var primaryBranch = this.UTIL.getProjectById(this.IMPLEMENTATION, appId).mainBranch.toString(); var responseLastScan = this.UTIL.getScanList(this.IMPLEMENTATION, appId, this._getCurrentDeltaStartTime()); var jsonLastScanResp = JSON.parse(responseLastScan.getBody()); for (var item in jsonLastScanResp.scans) { - if (includesca) { + + if (null != jsonLastScanResp.scans[item] && null != jsonLastScanResp.scans[item].branch) + var scanBranch = jsonLastScanResp.scans[item].branch.toString(); + var isScanAllowed = 'true'; + if (isPrimaryBranchEnabled == 'true' && primaryBranch != scanBranch) + isScanAllowed = 'false'; + if (includesca && isScanAllowed == 'true') { if (jsonLastScanResp.scans[item].engines.toString().includes("sca")) { scanId = this._getScan(appId, jsonLastScanResp.scans[item].id); } } - if (includesast) { + if (includesast && isScanAllowed == 'true') { if (jsonLastScanResp.scans[item].engines.toString().includes("sast")) { scanId = this._getScan(appId, jsonLastScanResp.scans[item].id); } } - if (includekics) { + if (includekics && isScanAllowed == 'true') { if (jsonLastScanResp.scans[item].engines.toString().includes("kics")) { scanId = this._getScan(appId, jsonLastScanResp.scans[item].id); } } - if (scanId) { + if (scanId && scanId != '') { scans.push(scanId); var date = new GlideDateTime(this.UTIL.parseDate(jsonLastScanResp.scans[item].updatedAt)); if (!this.LATEST || date > this.LATEST) @@ -487,8 +499,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic _getoffsets: function(appId, scanId) { var offsets = []; var offset = 0; - var ReportLength = this.UTIL.getTotalVulcount(this.IMPLEMENTATION, scanId); - var loopLength = ReportLength / 50; + var reportLength = this.UTIL.getTotalVulcount(this.IMPLEMENTATION, scanId); + var loopLength = reportLength / 50; //in result api offset value start from 0 and increment by 1, here it acts like page instead of number of item like other api for (var i = 0; i <= parseInt(loopLength); i++) { offset += 1; @@ -549,13 +561,13 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic admin 2022-11-21 12:06:20 891d8fed471f1110328ca368436d4334 -244 +282 CheckmarxOneAppVulItemIntegration 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_891d8fed471f1110328ca368436d4334 admin -2024-01-05 07:58:44 +2024-02-28 10:15:20 diff --git a/Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml b/Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml index 3e4ad3f..48b4799 100644 --- a/Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml +++ b/Scripts/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml @@ -1,5 +1,5 @@ - + public true @@ -97,12 +97,28 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat } if (scan_type == 'static') { + var resultHash = ''; + var childIter = node.getChildNodeIterator(); + while (childIter.hasNext) { + var childNode = childIter.next(); + if (childNode.getNodeName() == "resultHash") { + resultHash = childNode.getTextContent(); + break; + } + } + queryData['source_entry_id'] = 'Checkmarx One' + " CWE-" + reportData['cweId']; queryData['cwe_list'] = [{ cwe_id: reportData['cweId'], name: queryData['category_name'] }]; - resultObj['source_avit_id'] = node.getAttribute('id'); + var similarityId = node.getAttribute('id'); + var digest = new GlideDigest(); + var similarityIdHash = similarityId + '_' + resultHash; + var projectId = node.getAttribute('app_id'); + this._handleSimilarityId(similarityId, similarityIdHash, projectId); + resultObj['source_request'] = similarityId; + resultObj['source_avit_id'] = similarityIdHash; } if (scan_type == 'sca') { @@ -149,6 +165,7 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat resultObj['complies_with_policy'] = 'not_applicable'; resultObj['source_entry_id'] = queryData['source_entry_id']; resultObj['category_name'] = queryData['category_name']; + resultObj['project_branch'] = node.getAttribute('branch'); if (reportData['scan_type'] != 'static') { nvdData['cvss_base_score'] = node.getAttribute('cvssScore'); nvdData['cvss_vector'] = node.getAttribute('cvssVector'); @@ -212,6 +229,20 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat } }, + _handleSimilarityId: function(similarityId, similarityIdHash, projectId) { + var avit = new sn_vul.PagedGlideRecord('sn_vul_app_vulnerable_item'); + avit.addQuery('source_avit_id', similarityId); + avit.setSortField("sys_id"); + while (avit.next()) { + var appId = avit.gr.application_release.source_app_id; + if (appId == projectId) { + avit.gr.setValue('source_avit_id', similarityIdHash); + avit.gr.setValue('source_request', similarityId); + avit.gr.update(); + } + } + }, + _handleCVE: function(nvdData, resultObj, cve) { var name = cve; var url = resultObj.source_references; @@ -238,13 +269,13 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat apoorva.singh@checkmarx.com 2023-03-16 05:04:10 ba2b3da69769e510026f72021153af1b -41 +51 CheckmarxOneAppVulItemProcessor 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_ba2b3da69769e510026f72021153af1b admin -2023-12-20 14:25:21 +2024-02-19 05:57:51 diff --git a/Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml b/Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml index 7be5e6a..ec85c47 100644 --- a/Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml +++ b/Scripts/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml @@ -1,5 +1,5 @@ - + public true @@ -67,34 +67,39 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli var jsonLastScanSummResp = JSON.parse(responseLastScanSummary.getBody()); for (var item in jsonLastScanSummResp.scans) { //sca scan summary - if (jsonLastScanSummResp.scans[item].engines.toString().includes("sca")) { + if (includesca && jsonLastScanSummResp.scans[item].engines.toString().includes("sca")) { var scaresponsevul = this.UTIL.getScanSummaryInfo(this.IMPLEMENTATION, jsonLastScanSummResp.scans[item].id); if (scaresponsevul != -1) { scaScanSummaryAll += ''; } } //sast scan summary - if (jsonLastScanSummResp.scans[item].engines.toString().includes("sast")) { + if (includesast && jsonLastScanSummResp.scans[item].engines.toString().includes("sast")) { var sastresponsevul = this.UTIL.getSastScanSummaryInfo(this.IMPLEMENTATION, jsonLastScanSummResp.scans[item].id); if (sastresponsevul != -1) { + var loc = this._getLOCforSAST(jsonLastScanSummResp.scans[item].statusDetails); sastScanSummaryAll += ''; } } //kics scan summary - if (jsonLastScanSummResp.scans[item].engines.toString().includes("kics")) { + if (includekics && jsonLastScanSummResp.scans[item].engines.toString().includes("kics")) { var kicsresponsevul = this.UTIL.getKicsScanSummaryInfo(this.IMPLEMENTATION, jsonLastScanSummResp.scans[item].id); if (kicsresponsevul != -1) { kicsScanSummaryAll += ''; } } @@ -147,41 +152,54 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli } else { this.LATEST = new GlideDateTime(this.DELTA_START_TIME || '1970-01-01T10:16:06.17544Z').getDate(); var apps = this.AVR_API.getAppReleases(); + var isPrimaryBranchEnabled = this.UTIL._getConfig(this.IMPLEMENTATION).sync_only_primary_branch.toString(); + var primaryBranch = ''; + var scanBranch = ''; + var isScanAllowed = ''; + var appIds = []; + for (var i in apps) { + appIds.push(apps[i].source_app_id); + } var app_list = this.UTIL.getConfigProjectList(this.IMPLEMENTATION); if (app_list && app_list.length > 0) { for (var id in app_list) { - for (var i in apps) { - if (apps[i].source_app_id == app_list[id]) { - appId = app_list[id]; - if (appId !== "undefined") { - responseLastScan = this.UTIL.getScanList(this.IMPLEMENTATION, appId, this._getCurrentDeltaStartTime()); - if (responseLastScan != -1) { - jsonLastScanResp = JSON.parse(responseLastScan.getBody()); - for (var item in jsonLastScanResp.scans) { - if (includesca) { - if (jsonLastScanResp.scans[item].engines.toString().includes("sca")) { - app = jsonLastScanResp.scans[item].projectId; - } + if (appIds.indexOf(app_list[id]) != -1 && app_list[id] !== "undefined") { + appId = app_list[id]; + if (isPrimaryBranchEnabled == 'true') + primaryBranch = this.UTIL.getProjectById(this.IMPLEMENTATION, appId).mainBranch.toString(); - } - if (includesast) { - if (jsonLastScanResp.scans[item].engines.toString().includes("sast")) { - app = jsonLastScanResp.scans[item].projectId; - } - } - if (includekics) { - if (jsonLastScanResp.scans[item].engines.toString().includes("kics")) { - app = jsonLastScanResp.scans[item].projectId; - } - } + responseLastScan = this.UTIL.getScanList(this.IMPLEMENTATION, appId, this._getCurrentDeltaStartTime()); + if (responseLastScan != -1) { + jsonLastScanResp = JSON.parse(responseLastScan.getBody()); + app = ''; + for (var item in jsonLastScanResp.scans) { + if (null != jsonLastScanResp.scans[item] && null != jsonLastScanResp.scans[item].branch) + scanBranch = jsonLastScanResp.scans[item].branch.toString(); + isScanAllowed = 'true'; + if (isPrimaryBranchEnabled == 'true' && primaryBranch != scanBranch) + isScanAllowed = 'false'; + if (includesca && isScanAllowed == 'true') { + if (jsonLastScanResp.scans[item].engines.toString().includes("sca")) { + app = jsonLastScanResp.scans[item].projectId; } - if (app == appId) { - offsetId = this._getoffsets(appId); - params.remaining[app] = offsetId; + } + if (includesast && isScanAllowed == 'true') { + if (jsonLastScanResp.scans[item].engines.toString().includes("sast")) { + app = jsonLastScanResp.scans[item].projectId; + } + } + if (includekics && isScanAllowed == 'true') { + if (jsonLastScanResp.scans[item].engines.toString().includes("kics")) { + app = jsonLastScanResp.scans[item].projectId; } } } + + if (app != '' && app == appId) { + offsetId = this._getoffsets(appId); + params.remaining[app] = offsetId; + } } } } @@ -189,28 +207,37 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli for (var j in apps) { appId = apps[j].source_app_id; if (appId !== "undefined") { + if (isPrimaryBranchEnabled == 'true') + primaryBranch = this.UTIL.getProjectById(this.IMPLEMENTATION, appId).mainBranch.toString(); + responseLastScan = this.UTIL.getScanList(this.IMPLEMENTATION, appId, this._getCurrentDeltaStartTime()); if (responseLastScan != -1) { jsonLastScanResp = JSON.parse(responseLastScan.getBody()); + app = ''; for (var items in jsonLastScanResp.scans) { - if (includesca) { + if (null != jsonLastScanResp.scans[items] && null != jsonLastScanResp.scans[items].branch) + scanBranch = jsonLastScanResp.scans[items].branch.toString(); + isScanAllowed = 'true'; + if (isPrimaryBranchEnabled == 'true' && primaryBranch != scanBranch) + isScanAllowed = 'false'; + if (includesca && isScanAllowed == 'true') { if (jsonLastScanResp.scans[items].engines.toString().includes("sca")) { app = jsonLastScanResp.scans[items].projectId; } } - if (includesast) { + if (includesast && isScanAllowed == 'true') { if (jsonLastScanResp.scans[items].engines.toString().includes("sast")) { app = jsonLastScanResp.scans[items].projectId; } } - if (includekics) { + if (includekics && isScanAllowed == 'true') { if (jsonLastScanResp.scans[items].engines.toString().includes("kics")) { app = jsonLastScanResp.scans[items].projectId; } } } - if (app == appId) { + if (app != '' && app == appId) { offsetId = this._getoffsets(appId); params.remaining[app] = offsetId; } @@ -218,9 +245,7 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli } } } - gs.debug(this.MSG + 'for appreleases complete'); params = this._nextParameters(params); - gs.debug(this.MSG + 'next parameters'); if (params.run) { this.PROCESS.setValue('parameters', JSON.stringify(this._serializeParameters(params))); this.PROCESS.update(); @@ -293,19 +318,35 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli return true; }, + _getLOCforSAST: function(statusDetails) { + var loc = -1; + + if (null != statusDetails && statusDetails.length > 0) { + for (var index in statusDetails) { + var statusDetail = statusDetails[index]; + if (null != statusDetail && null != statusDetail.name && 'sast' == statusDetail.name && null != statusDetail.loc) { + loc = statusDetail.loc; + break; + } + } + } + + return loc; + }, + type: 'CheckmarxOneScanSummaryIntegration' });]]> sys_script_include admin 2022-11-18 05:18:19 d7f2d2e447131110328ca368436d4321 -175 +200 CheckmarxOneScanSummaryIntegration 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_d7f2d2e447131110328ca368436d4321 admin -2023-12-26 10:05:40 +2024-02-28 10:01:20 diff --git a/Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml b/Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml index b35a7ad..026064a 100644 --- a/Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml +++ b/Scripts/CheckmarxOneScanSummaryProcessor_sys_script_include_ec0e828f47f42110328ca368436d433b.xml @@ -1,5 +1,5 @@ - + public true @@ -45,6 +45,8 @@ CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.Applica sastdata['detected_flaw_count'] = +Sastattributes.total_no_flaws; sastdata['last_scan_date'] = new GlideDateTime(Sastattributes.last_scan_date); sastdata['scan_summary_name'] = Sastattributes.id + ' ' + sastdata['last_scan_date']; + sastdata['scan_analysis_size'] = +Sastattributes.loc; + sastdata['tags'] = Sastattributes.branch; this._upsert(sastdata); } catch (ex) { errorMessage = gs.getMessage("Error in retriving data for scan list integration!"); @@ -73,6 +75,7 @@ CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.Applica data['detected_flaw_count'] = +attributes.total_no_flaws; data['last_scan_date'] = new GlideDateTime(attributes.last_scan_date); data['scan_summary_name'] = attributes.id + ' ' + data['last_scan_date']; + data['tags'] = attributes.branch; this._upsert(data); } catch (ex) { errorMessage = gs.getMessage("Error in retriving data for scan list integration!"); @@ -101,6 +104,7 @@ CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.Applica kicsdata['detected_flaw_count'] = +kicsattributes.total_no_flaws; kicsdata['last_scan_date'] = new GlideDateTime(kicsattributes.last_scan_date); kicsdata['scan_summary_name'] = kicsattributes.id + ' ' + kicsdata['last_scan_date']; + kicsdata['tags'] = kicsattributes.branch; this._upsert(kicsdata); } catch (ex) { errorMessage = gs.getMessage("Error in retriving data for scan list integration!"); @@ -162,13 +166,13 @@ CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.Applica admin 2023-02-08 12:56:43 ec0e828f47f42110328ca368436d433b -12 +14 CheckmarxOneScanSummaryProcessor 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_ec0e828f47f42110328ca368436d433b admin -2023-09-29 15:42:36 +2024-02-08 15:41:36 diff --git a/Scripts/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.xml b/Scripts/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.xml index 2779b46..2a3efb9 100644 --- a/Scripts/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.xml +++ b/Scripts/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.xml @@ -1,5 +1,5 @@ - + public true @@ -92,13 +92,13 @@ CheckmarxOneUtilBase.prototype = { getConfigProjectList: function(configId) { var config = this._getConfig(configId); var project_lists = []; - var projectStatus; var list_projects = config.list_of_project_id_s; if (list_projects && list_projects.length > 0) { - list_projects = list_projects.split(";"); - for (var id in list_projects) { - if (list_projects[id].length > 0) - project_lists.push(list_projects[id]); + var list_project_arr = list_projects.split(";"); + for (var id in list_project_arr) { + var projectId = list_project_arr[id].trim(); + if (projectId && projectId.length > 0 && project_lists.indexOf(projectId) == -1) + project_lists.push(projectId); } } return project_lists; @@ -139,10 +139,10 @@ CheckmarxOneUtilBase.prototype = { for (var id in list_projects) { if (list_projects[id].length > 0) { var projectStatus = this.getConfigProjectById(configId, list_projects[id]); - if (projectStatus == 200 || projectJSON == 202) + if (projectStatus == 200 || projectStatus == 202) projectid += '&ids=' + list_projects[id]; - else - gs.info("Entered project id is wrong"+list_projects[id]); + else + gs.info("Entered project id is wrong" + list_projects[id]); } } query = '/api/projects/?' + projectid; @@ -389,6 +389,7 @@ CheckmarxOneUtilBase.prototype = { var includekics = this.importKicsFlaw(configId); var accesscontrolbaseUrl = config.checkmarxone_server_url; var apibaseurl = config.checkmarxone_api_base_url; + var vulnerabilityCountThresholdLevel = config.vulnerability_threshold_level; var method = "post"; var count = 0; var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId); @@ -398,14 +399,53 @@ CheckmarxOneUtilBase.prototype = { var body = resp.getBody(); var ScanSummaryJson = JSON.parse(body); for (var item in ScanSummaryJson.scansSummaries) { - if (includesast) { - count += ScanSummaryJson.scansSummaries[item].sastCounters.totalCounter; - } - if (includesca) { - count += count += ScanSummaryJson.scansSummaries[item].kicsCounters.totalCounter + ScanSummaryJson.scansSummaries[item].scaCounters.totalCounter + ScanSummaryJson.scansSummaries[item].scaContainersCounters.totalVulnerabilitiesCounter; - } - + + for (var value in ScanSummaryJson.scansSummaries[item].sastCounters.severityCounters) { + var severity = ScanSummaryJson.scansSummaries[item].sastCounters.severityCounters[value].severity; + if ((vulnerabilityCountThresholdLevel == 'INFO') || + (vulnerabilityCountThresholdLevel == 'LOW' && severity.toUpperCase() != 'INFO') || + (vulnerabilityCountThresholdLevel == 'MEDIUM' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW') || + (vulnerabilityCountThresholdLevel == 'HIGH' && severity.toUpperCase() != 'INFO' && severity.toUpperCase() != 'LOW' && severity.toUpperCase() != 'MEDIUM') || + severity.toUpperCase() == 'CRITICAL') { + var counts = ScanSummaryJson.scansSummaries[item].sastCounters.severityCounters[value].counter; + count += counts; + } + } + for (var sca_value in ScanSummaryJson.scansSummaries[item].scaCounters.severityCounters) { + var sca_severity = ScanSummaryJson.scansSummaries[item].scaCounters.severityCounters[sca_value].severity; + if ((vulnerabilityCountThresholdLevel == 'INFO') || + (vulnerabilityCountThresholdLevel == 'LOW' && sca_severity.toUpperCase() != 'INFO') || + (vulnerabilityCountThresholdLevel == 'MEDIUM' && sca_severity.toUpperCase() != 'INFO' && sca_severity.toUpperCase() != 'LOW') || + (vulnerabilityCountThresholdLevel == 'HIGH' && sca_severity.toUpperCase() != 'INFO' && sca_severity.toUpperCase() != 'LOW' && sca_severity.toUpperCase() != 'MEDIUM') || + sca_severity.toUpperCase() == 'CRITICAL') { + var sca_counts = ScanSummaryJson.scansSummaries[item].scaCounters.severityCounters[sca_value].counter; + count += sca_counts; + } + } + for (var sca_container_value in ScanSummaryJson.scansSummaries[item].scaContainersCounters.severityVulnerabilitiesCounters) { + var sca_container_severity = ScanSummaryJson.scansSummaries[item].scaContainersCounters.severityVulnerabilitiesCounters[sca_container_value].severity; + if ((vulnerabilityCountThresholdLevel == 'INFO') || + (vulnerabilityCountThresholdLevel == 'LOW' && sca_container_severity.toUpperCase() != 'INFO') || + (vulnerabilityCountThresholdLevel == 'MEDIUM' && sca_container_severity.toUpperCase() != 'INFO' && sca_container_severity.toUpperCase() != 'LOW') || + (vulnerabilityCountThresholdLevel == 'HIGH' && sca_container_severity.toUpperCase() != 'INFO' && sca_container_severity.toUpperCase() != 'LOW' && sca_container_severity.toUpperCase() != 'MEDIUM') || + sca_container_severity.toUpperCase() == 'CRITICAL') { + var sca_container_counts = ScanSummaryJson.scansSummaries[item].scaContainersCounters.severityVulnerabilitiesCounters[sca_container_value].counter; + count += sca_container_counts; + } + } + for (var kics_value in ScanSummaryJson.scansSummaries[item].kicsCounters.severityCounters) { + var kics_severity = ScanSummaryJson.scansSummaries[item].kicsCounters.severityCounters[kics_value].severity; + + if ((vulnerabilityCountThresholdLevel == 'INFO') || + (vulnerabilityCountThresholdLevel == 'LOW' && kics_severity.toUpperCase() != 'INFO') || + (vulnerabilityCountThresholdLevel == 'MEDIUM' && kics_severity.toUpperCase() != 'INFO' && kics_severity.toUpperCase() != 'LOW') || + (vulnerabilityCountThresholdLevel == 'HIGH' && kics_severity.toUpperCase() != 'INFO' && kics_severity.toUpperCase() != 'LOW' && kics_severity.toUpperCase() != 'MEDIUM') || + kics_severity.toUpperCase() == 'CRITICAL') { + var kics_counts = ScanSummaryJson.scansSummaries[item].kicsCounters.severityCounters[kics_value].counter; + count += kics_counts; + } + } } } catch (err) { gs.error(this.MSG + " getTotalVulcount: Error while getting the total vul count." + err + scanId); @@ -473,22 +513,16 @@ CheckmarxOneUtilBase.prototype = { }, // to get vulnerabilities information of scanId - getVulInfo: function(configId, scanId, offsetId) { + getVulInfo: function(configId, scanId, offsetId, delta) { try { var request = new sn_ws.RESTMessageV2(); var config = this._getConfig(configId); var includesca = this.importScaFlaw(configId); var includesast = this.importSastFlaw(configId); var includekics = this.importKicsFlaw(configId); - var limit_val = config.limit; - //var query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=' + limit_val; - if ((includesast && includesca) || includesast || (includekics && includesast && includekics)) { - var query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=' + limit_val + '&sort=-type'; - } else if (includesca || (includekics && includesca) || includekics) { - query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=' + limit_val + '&sort=%2Btype'; - } - //var query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=20' +'&sort=%2Bstatus&sort=%2Bseverity' ; + var limit_val = config.limit; + var query = '/api/results/?scan-id=' + scanId + '&offset=' + offsetId + '&limit=' + limit_val + '&sort=-severity'; var accesscontrolbaseUrl = config.checkmarxone_server_url; var apibaseurl = config.checkmarxone_api_base_url; var method = "post"; @@ -767,6 +801,7 @@ CheckmarxOneUtilBase.prototype = { request.setRequestBody(query); request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); request.setRequestHeader("Accept", "application/json"); + request.setRequestHeader('User-Agent', this.getUserAgentHeaderDetails()); //Convert the object to string and set it to Request Body- request.setRequestBody(query); var response = this._checkResponseStatus(request); @@ -795,6 +830,7 @@ CheckmarxOneUtilBase.prototype = { request.setRequestBody(query); request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); request.setRequestHeader("Accept", "application/json"); + request.setRequestHeader('User-Agent', this.getUserAgentHeaderDetails()); //Convert the object to string and set it to Request Body- request.setRequestBody(query); var response = request.execute(); @@ -812,7 +848,7 @@ CheckmarxOneUtilBase.prototype = { } catch (err) { - gs.error(this.MSG + " :_getToken : Error while getting the token." + err); + gs.error(this.MSG + " :getNewToken : Error while getting the token." + err); throw err; } @@ -821,6 +857,19 @@ CheckmarxOneUtilBase.prototype = { }, + getUserAgentHeaderDetails: function() { + try { + var plugin = new GlideRecord("sys_store_app"); + plugin.get("scope", "x_chec3_chexone"); + var pluginname_version = "plugin_name=" + plugin.getValue("name") + ";plugin_version=" + plugin.getValue("version"); + return pluginname_version.toString(); + } catch (err) { + gs.error(this.MSG + " :_getUserAgentHeaderDetailsn : Error while getting the plugin name and version." + err); + throw err; + + } + }, + //Compare current clientId with accessToken's clientId _checkClientId: function(clientId, accessToken) { try { @@ -895,6 +944,7 @@ CheckmarxOneUtilBase.prototype = { } var newHeader = "Bearer " + token; r.setRequestHeader('Authorization', newHeader); + r.setRequestHeader('User-Agent', this.getUserAgentHeaderDetails()); r.setHttpTimeout(30000); var config = this._getConfig(configId); var log_level = config.log_level; @@ -941,6 +991,7 @@ CheckmarxOneUtilBase.prototype = { var newHeader = "Bearer " + token; r.setRequestHeader("Accept", "application/json"); r.setRequestHeader("Authorization", newHeader); + r.setRequestHeader('User-Agent', this.getUserAgentHeaderDetails()); r.setHttpTimeout(30000); var config = this._getConfig(configId); var log_level = config.log_level; @@ -964,6 +1015,7 @@ CheckmarxOneUtilBase.prototype = { var newHeader = "Bearer " + token; r.setRequestHeader("Accept", "application/json"); r.setRequestHeader("Authorization", newHeader); + r.setRequestHeader('User-Agent', this.getUserAgentHeaderDetails()); r.setHttpTimeout(30000); var config = this._getConfig(configId); var log_level = config.log_level; @@ -1003,6 +1055,7 @@ CheckmarxOneUtilBase.prototype = { var newHeader = "Bearer " + token; r.setRequestHeader("Accept", "application/json"); r.setRequestHeader("Authorization", newHeader); + r.setRequestHeader('User-Agent', this.getUserAgentHeaderDetails()); r.setHttpTimeout(30000); return this._checkResponseStatus(r); }, @@ -1134,13 +1187,13 @@ CheckmarxOneUtilBase.prototype = { admin 2022-11-21 19:26:28 1980bcb147935110328ca368436d435a -271 +282 CheckmarxOneUtilBase 3d20e92d47471110328ca368436d436a 3d20e92d47471110328ca368436d436a sys_script_include_1980bcb147935110328ca368436d435a -admin -2024-01-05 14:49:39 +apoorva.singh@checkmarx.com +2024-03-05 11:34:56 diff --git a/Scripts/UpdateSet_GA.xml b/Scripts/UpdateSet_GA.xml new file mode 100644 index 0000000..4c93273 --- /dev/null +++ b/Scripts/UpdateSet_GA.xml @@ -0,0 +1,19644 @@ + + +3d20e92d47471110328ca368436d436a +Checkmarx One Vulnerability Integration +x_chec3_chexone +1.0.20 + + + +Checkmarx One Vulnerability Integration uses data imported from Checkmarx One Service to help determine the impact and priority of vulnerabilities in the code as well as its dependencies. + +Checkmarx One Vulnerability Integration + + + + + +3bab46b997784210026f72021153af72 +loaded + +sys_remote_update_set +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:52 +b33ccab997784210026f72021153af16 +0 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:52 + + + + + +DELETE +3d20e92d47471110328ca368436d436a +customer + +sys_metadata_link_2708d2dd972cb110026f72021153af9c +<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_metadata_link"><sys_metadata_link action="DELETE"><directory>update</directory><documentkey>a981cec29721a510026f72021153afa6</documentkey><payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update table="x_chec3_chexone_checkmarxone_configuration"> + <x_chec3_chexone_checkmarxone_configuration action="INSERT_OR_UPDATE"> + <access_token>eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2cVFULVppZHRORjd0RDFXOWZ4TnRQVHJYNEpfbm1xTy1ZcXo0MjJ1WGVnIn0.eyJleHAiOjE2OTE1MDAyNTUsImlhdCI6MTY5MTQ5ODQ1NSwianRpIjoiNGFjN2JlNjUtYjRlMi00YWIxLWE2MmUtNmVjYjIwYTg4ZDIxIiwiaXNzIjoiaHR0cHM6Ly9ldS5pYW0uY2hlY2ttYXJ4Lm5ldC9hdXRoL3JlYWxtcy9jeF9zZWciLCJhdWQiOlsicmVhbG0tbWFuYWdlbWVudCIsImFzdC1hcHAiLCJhY2NvdW50Il0sInN1YiI6IjU2NDZlZDQ4LWZlY2YtNGE3MC1hYjI1LTY2MmNhMDllMzAyYiIsInR5cCI6IkJlYXJlciIsImF6cCI6Im5ld2NsaWVudF9jeG9uZSIsImFjciI6IjEiLCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwiaW1wZXJzb25hdGlvbiIsInJlYWxtLWFkbWluIiwiY3JlYXRlLWNsaWVudCIsIm1hbmFnZS11c2VycyIsInF1ZXJ5LXJlYWxtcyIsInVtYV9wcm90ZWN0aW9uIiwibWFuYWdlLWtleXMiLCJ2aWV3LWF1dGhvcml6YXRpb24iLCJxdWVyeS1jbGllbnRzIiwicXVlcnktdXNlcnMiLCJtYW5hZ2UtZXZlbnRzIiwibWFuYWdlLXJlYWxtIiwidmlldy1ldmVudHMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWF1dGhvcml6YXRpb24iLCJtYW5hZ2UtZ3JvdXBzIiwibWFuYWdlLWNsaWVudHMiLCJxdWVyeS1ncm91cHMiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicHJvZmlsZSBhc3QtYXBpIHJvbGVzIGdyb3VwcyBlbWFpbCBpYW0tYXBpIiwidGVuYW50X2lkIjoiZXUuaWFtLmNoZWNrbWFyeC5uZXQ6OjliMzlhOWZhLTdlOTMtNGM3NS1iOTQ0LTgwN2EwY2FhNTA1NiIsInRlbmFudF9uYW1lIjoiY3hfc2VnIiwiY2xpZW50SWQiOiJuZXdjbGllbnRfY3hvbmUiLCJjbGllbnRIb3N0IjoiMTk5LjkxLjEzNi4xMiIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicm9sZXMiOlsibWFuYWdlLXVzZXJzIiwib2ZmbGluZV9hY2Nlc3MiLCJtYW5hZ2Uta2V5cyIsIm1hbmFnZS1ncm91cHMiLCJ1bWFfYXV0aG9yaXphdGlvbiIsImlhbS1hZG1pbiIsIm1hbmFnZS1jbGllbnRzIiwidXNlciIsImRlZmF1bHQtcm9sZXMtY3hfc2VnIl0sImV1bGEtYWNjZXB0ZWQiOnRydWUsImdyb3VwcyI6W10sImdyb3Vwc05hbWVzIjpbXSwiY2ItdXJsIjoiIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LW5ld2NsaWVudF9jeG9uZSIsImNsaWVudEFkZHJlc3MiOiIxOTkuOTEuMTM2LjEyIiwiYXN0LWJhc2UtdXJsIjoiaHR0cHM6Ly9ldS5hc3QuY2hlY2ttYXJ4Lm5ldCIsInNmLWlkIjoiMDAxM3owMDAwMkx6Y3ZBQUFSIiwicm9sZXNfYXN0IjpbImNyZWF0ZS1wcm9qZWN0Iiwidmlldy1wcm9qZWN0cyIsImRlbGV0ZS13ZWJob29rIiwiZGVsZXRlLWFwcGxpY2F0aW9uIiwiZGFzdC1hZG1pbiIsImRhc3QtZGVsZXRlLXNjYW4iLCJjcmVhdGUtd2ViaG9vayIsImFzdC1zY2FubmVyIiwidXBkYXRlLXNjYW4iLCJkZWxldGUtcXVlcnkiLCJ1cGRhdGUtZmVlZGJhY2thcHAiLCJkZWxldGUtcHJvamVjdCIsInZpZXctcHJvamVjdC1wYXJhbXMiLCJkZWxldGUtcG9vbCIsImNyZWF0ZS1wb29sIiwib3Blbi1mZWF0dXJlLXJlcXVlc3QiLCJ2aWV3LXBvbGljeS1tYW5hZ2VtZW50IiwiYXN0LXJpc2stbWFuYWdlciIsInZpZXctcXVlcmllcyIsInVwZGF0ZS10ZW5hbnQtcGFyYW1zIiwibWFuYWdlLXdlYmhvb2siLCJkYXN0LWNhbmNlbC1zY2FuIiwiY3JlYXRlLWZlZWRiYWNrYXBwIiwidXBkYXRlLXBvb2wiLCJhY2Nlc3MtaWFtIiwiY3JlYXRlLWFwcGxpY2F0aW9uIiwicXVlcmllcy1lZGl0b3IiLCJ2aWV3LXJlc3VsdHMiLCJ1cGRhdGUtcXVlcnkiLCJUZXN0Um9sZSIsImRlbGV0ZS1mZWVkYmFja2FwcCIsInVwZGF0ZS1yZXN1bHQtbm90LWV4cGxvaXRhYmxlIiwiZGFzdC11cGRhdGUtc2NhbiIsInVwZGF0ZS1wcm9qZWN0Iiwidmlldy1lbmdpbmVzIiwiY3JlYXRlLXF1ZXJ5IiwiZGVsZXRlLXNjYW4iLCJ1cGRhdGUtcmVzdWx0IiwiZGFzdC1jcmVhdGUtZW52aXJvbm1lbnQiLCJ2aWV3LXByZXNldCIsInVwZGF0ZS1wcmVzZXQiLCJ1cGRhdGUtcG9saWN5LW1hbmFnZW1lbnQiLCJkYXN0LXVwZGF0ZS1yZXN1bHRzIiwiZGFzdC1jcmVhdGUtc2NhbiIsImRlbGV0ZS1wb2xpY3ktbWFuYWdlbWVudCIsInZpZXctd2ViaG9va3MiLCJ1cGRhdGUtYWNjZXNzIiwibWFuYWdlLXBvbGljeS1tYW5hZ2VtZW50Iiwib3Blbi1zdXBwb3J0LXRpY2tldCIsImFzdC12aWV3ZXIiLCJ2aWV3LWFjY2VzcyIsIm1hbmFnZS1mZWVkYmFja2FwcCIsInZpZXctcG9vbHMiLCJkZWxldGUtcHJlc2V0Iiwidmlldy1hcHBsaWNhdGlvbnMiLCJ1cGRhdGUtYXBwbGljYXRpb24iLCJ2aWV3LWxpY2Vuc2UiLCJ1cGRhdGUtcHJvamVjdC1wYXJhbXMiLCJjcmVhdGUtcHJlc2V0IiwiZGFzdC1leHRlcm5hbC1zY2FucyIsImNyZWF0ZS1wb2xpY3ktbWFuYWdlbWVudCIsInZpZXctZmVlZGJhY2thcHAiLCJvcmRlci1zZXJ2aWNlcyIsImRhc3QtdXBkYXRlLWVudmlyb25tZW50IiwiZGFzdC1kZWxldGUtZW52aXJvbm1lbnQiLCJ2aWV3LXRlbmFudC1wYXJhbXMiLCJtYW5hZ2UtcHJvamVjdCIsInZpZXctc2NhbnMiLCJhc3QtYWRtaW4iLCJjcmVhdGUtc2NhbiIsIm1hbmFnZS1hY2Nlc3MiLCJ1cGRhdGUtd2ViaG9vayIsIm1hbmFnZS1hcHBsaWNhdGlvbiJdLCJ0ZW5hbnQtdHlwZSI6IkludGVybmFsIiwiYXN0LWxpY2Vuc2UiOnsiSUQiOjUzMTMsIlRlbmFudElEIjoiOWIzOWE5ZmEtN2U5My00Yzc1LWI5NDQtODA3YTBjYWE1MDU2IiwiSXNBY3RpdmUiOnRydWUsIlBhY2thZ2VJRCI6NiwiTGljZW5zZURhdGEiOnsiZmVhdHVyZXMiOlsiU1NPIl0sInNlcnZpY2VzIjpbIjAgT3B0aW1pemF0aW9uIFNlcnZpY2UgT3JkZXIiLCIwIEFwcHNlYyBIZWxwZGVzayBBc3Npc3RhbmNlIl0sInVzZXJzQ291bnQiOjUsInNlcnZpY2VUeXBlIjoiU3RhbmRhcmQiLCJhY3RpdmF0aW9uRGF0ZSI6MTY2MDU2MTcwODc0MiwiYWxsb3dlZEVuZ2luZXMiOlsiU0NBIiwiU0FTVCIsIktJQ1MiLCJDb250YWluZXJzIiwiRnVzaW9uIl0sImNvZGVCYXNoaW5nVXJsIjoiIiwiZXhwaXJhdGlvbkRhdGUiOjE2OTIwOTc3MDg3NDIsInVubGltaXRlZFByb2plY3RzIjp0cnVlLCJjb2RlQmFzaGluZ0VuYWJsZWQiOmZhbHNlLCJtYXhDb25jdXJyZW50U2NhbnMiOjEsImNvZGVCYXNoaW5nVXNlcnNDb3VudCI6MTAsImN1c3RvbU1heENvbmN1cnJlbnRTY2Fuc0VuYWJsZWQiOmZhbHNlfSwiUGFja2FnZU5hbWUiOiJQcm9mZXNzaW9uYWwifSwic2VydmljZV91c2Vyc19lbmFibGVkIjp0cnVlLCJ0ZW5hbnQiOiJjeF9zZWcifQ.K2TDhqnpV2P46DgV-wYg8dvTqYRNgho_aiVLgi7HirfHkf_JAC_whpMfcy_MVedfhhaFTORo9BAMyr9pnvlqa3reo_TLIuIg3d9HPOJ6PxMUVCSmncDoB8WgQWJ6N17BxdVq-QyqBKaSZeR9Nj8-NoD4M7CXrGnzYmLPSIYf-_nUpMJXjKZWTZytqXlYxDcYvtifJH-v1-UWgH9pIjESnpKjyqGRLd8aejnaBu59u3TXNtWqmacdX5Ta0S-N3LqeV2D_B06BFAK-r1jTx_BdgK4ez4YBuNNZ3J4-89xvz7ve5TWYRKMYOGyAJF1HGEXVBJmS-c7IAqNbpUYSFJB8OA</access_token> + <checkmarxone_api_base_url>https://eu.ast.checkmarx.net</checkmarxone_api_base_url> + <checkmarxone_server_url>https://eu.iam.checkmarx.net</checkmarxone_server_url> + <client_id/> + <client_secret/> + <configuration/> + <count_of_scans>1</count_of_scans> + <import_sast>true</import_sast> + <import_sca>true</import_sca> + <include_first_detection_date>true</include_first_detection_date> + <integration_instance display_value="Checkmarx One Application Vulnerability">ad7fff1c47575110328ca368436d437e</integration_instance> + <limit>50</limit> + <mid_server display_value="MID_CxOne">d7e0392f871e2150a1fc52883cbb3561</mid_server> + <single_tenant>false</single_tenant> + <sys_created_by>apoorva.singh@checkmarx.com</sys_created_by> + <sys_created_on>2023-03-14 16:13:35</sys_created_on> + <sys_id>a981cec29721a510026f72021153afa6</sys_id> + <sys_mod_count>11247</sys_mod_count> + <sys_updated_by>apoorva.singh@checkmarx.com</sys_updated_by> + <sys_updated_on>2023-08-08 12:56:45</sys_updated_on> + <tenant/> + <triaging_in_snow>false</triaging_in_snow> + <vulnerability_threshold_level>LOW</vulnerability_threshold_level> + </x_chec3_chexone_checkmarxone_configuration> +</record_update> +]]></payload><sys_class_name>sys_metadata_link</sys_class_name><sys_created_by>apoorva.singh@checkmarx.com</sys_created_by><sys_created_on>2023-08-08 13:04:40</sys_created_on><sys_id>2708d2dd972cb110026f72021153af9c</sys_id><sys_mod_count>0</sys_mod_count><sys_name/><sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package><sys_policy/><sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope><sys_update_name>sys_metadata_link_2708d2dd972cb110026f72021153af9c</sys_update_name><sys_updated_by>apoorva.singh@checkmarx.com</sys_updated_by><sys_updated_on>2023-08-08 13:04:40</sys_updated_on><tablename>x_chec3_chexone_checkmarxone_configurati</tablename></sys_metadata_link></record_update> +124269824 +b33ccab997784210026f72021153af16 +false +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +004c0eb997784210026f72021153af59 +0 +18e1d0e7a840000001 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 + + +Metadata Snapshot +global +510deadac92cb51029283024bdafe747 +510deadac92cb51029283024bdafe747:124269824,7708d2dd4e2cb110ba782e078c0a1e9e:489175540 + + + + +INSERT_OR_UPDATE +3d20e92d47471110328ca368436d436a +customer + +sys_metadata_link_cbbb48a7870fed10a1fc52883cbb3566 +<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_metadata_link"><sys_metadata_link action="INSERT_OR_UPDATE"><directory>update</directory><documentkey>2ca28e069721a510026f72021153af2b</documentkey><payload><![CDATA[<?xml version="1.0" encoding="UTF-8"?><record_update sys_domain="global" table="sn_vul_int_data_src"> + <sn_vul_int_data_src action="INSERT_OR_UPDATE"> + <ds_group_number>0</ds_group_number> + <last_used>2023-05-23 15:00:06</last_used> + <sn_vul_integration display_value="Checkmarx One Application List Integration">820d02a047131110328ca368436d43d0</sn_vul_integration> + <sys_created_by>apoorva.singh@checkmarx.com</sys_created_by> + <sys_created_on>2023-03-14 16:18:09</sys_created_on> + <sys_data_source display_value="CheckmarxOne Application List3">36a656a847131110328ca368436d43de</sys_data_source> + <sys_domain>global</sys_domain> + <sys_id>2ca28e069721a510026f72021153af2b</sys_id> + <sys_mod_count>3</sys_mod_count> + <sys_updated_by>VR.System</sys_updated_by> + <sys_updated_on>2023-05-23 15:00:06</sys_updated_on> + </sn_vul_int_data_src> +</record_update> +]]></payload><sys_class_name>sys_metadata_link</sys_class_name><sys_created_by>apoorva.singh@checkmarx.com</sys_created_by><sys_created_on>2023-06-01 13:03:45</sys_created_on><sys_id>cbbb48a7870fed10a1fc52883cbb3566</sys_id><sys_mod_count>0</sys_mod_count><sys_name>CheckmarxOne Application List3</sys_name><sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package><sys_policy/><sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope><sys_update_name>sys_metadata_link_cbbb48a7870fed10a1fc52883cbb3566</sys_update_name><sys_updated_by>apoorva.singh@checkmarx.com</sys_updated_by><sys_updated_on>2023-06-01 13:03:45</sys_updated_on><tablename>sn_vul_int_data_src</tablename></sys_metadata_link></record_update> +-65169321 +b33ccab997784210026f72021153af16 +false +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +004c0eb997784210026f72021153af5c +0 +18e1d0e76f70000001 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +
+CheckmarxOne Application List3 +Metadata Snapshot +global +27b37d8e893321102e0afcc87f6f79fc +502fa50a1f3321101c3781fdaeaaaf43:690056035,d93028cbb42482d0292b9bcbdb602a32:690056035,502fa50a1f3321101c3781fdaeaaaf43:690056035,96fcd8071e2482d060a250857ba3c97c:690056035,502fa50a1f3321101c3781fdaeaaaf43:690056035,7fd9bcddabafb9104d646d2e936bfa6e:690056035,686efe9afb53bd10d7ef2bff2328ee73:690056035,3846ede16babf5d0c78bc223113b7161:690056035,9e2930237e19f150f4b2b1c5dd7d1145:690056035,14c9a0b04b49f9505463a10cf434c311:690056035,364d4bdab534fd105d7c98003a05f488:690056035,7d56061665e831101076d820e25c24fb:690056035,5d90dbf576687110210d56383aff5293:690056035,fa29fb336260b1108fbf7c733e3e5c88:690056035,b102d3a1fe2bf55073c6dc3523346f66:690056035,502fa50a1f3321101c3781fdaeaaaf43:690056035,d7a49315fe903110a28dcbbd4ec6acdf:690056035,88d5bac19794311009b690ec646d097e:690056035,2605928c37f32110f1606758cd7784d6:690056035,2605928c37f32110f1606758cd7784d6:690056035,e09c2d0cc13321107246f1b0404726c0:690056035,e09c2d0cc13321107246f1b0404726c0:690056035,2f8b5abfa12f2110c0367cc8256a3f1b:690056035,2f8b5abfa12f2110c0367cc8256a3f1b:690056035,bc5d8c37912321104b306442aef4f533:690056035,bc5d8c37912321104b306442aef4f533:690056035,317127d742a321107f50b94d23483196:690056035,0504870af5a321106a8b863dd9381857:690056035,0504870af5a321106a8b863dd9381857:690056035,bc2a5ffcc7e3a91027395f5db487e662:690056035,bc2a5ffcc7e3a91027395f5db487e662:690056035,8355ae78946f6910930b0fb244fa1b81:690056035,8355ae78946f6910930b0fb244fa1b81:690056035,8d9612b4212f69105c8958ccd93f017f:690056035,8d9612b4212f69105c8958ccd93f017f:690056035,bea1dd6c1ae7291045caae9ce81a13b6:690056035,bea1dd6c1ae7291045caae9ce81a13b6:690056035,4530d91813e7e5106c4b723c463a18c8:690056035,2101c9d05ea7e51041a3f861cf4213a8:-65169321,808bf3f7d510311091e049061ab9abeb:690056035,9a569fac8288f110fb70cd551b0bfd02:690056035,7401e3fa4c9631100031799a85887960:690056035,6729a09f1b92f5106be5f86d974eaa4a:690056035,502fa50a1f3321101c3781fdaeaaaf43:690056035,502fa50a1f3321101c3781fdaeaaaf43:690056035,89949abf7f63a110b2dfa75eda17bb4f:690056035,89949abf7f63a110b2dfa75eda17bb4f:690056035,44faa1bf83af611063fde1aeb5b54d21:690056035,44faa1bf83af611063fde1aeb5b54d21:690056035,6d36a5f773af61103a9d310dd6c820c7:690056035,6d36a5f773af61103a9d310dd6c820c7:690056035,45f54df34d2f6110efdbc98c3f01f5da:690056035,45f54df34d2f6110efdbc98c3f01f5da:690056035,31d4587b74a761104e3bc3433b3dd015:690056035,31d4587b74a761104e3bc3433b3dd015:690056035,88d99f4910e7a510f43152f22340f62c:690056035,88d99f4910e7a510f43152f22340f62c:690056035,8bfd7b7b999361102d531680e1a4bf98:-65169321,54b579dee4bf2950ab4e66f0ff60de8e:131887284,4fbb48a7e00fed103026a63382f4aa67:-65169321 + + + + +INSERT_OR_UPDATE +3d20e92d47471110328ca368436d436a +customer + +sys_rest_message_fn_bf7c67e2475b1110328ca368436d43f9 +inherit_from_parentCheckmarxOneAPI BasegetfalseCheckmarxOne [ CheckmarxOneAPI Base ]https://eu.ast.checkmarx.net/api/defbafa2475b1110328ca368436d4397sys_rest_message_fnadmin2022-11-24 16:56:21bf7c67e2475b1110328ca368436d43f92CheckmarxOneAPI Base3d20e92d47471110328ca368436d436a3d20e92d47471110328ca368436d436asys_rest_message_fn_bf7c67e2475b1110328ca368436d43f9admin2023-02-28 06:28:56falsefalse]]> +-579666371 +b33ccab997784210026f72021153af16 +false +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +004c0eb997784210026f72021153af5f +0 +18e1d0e72710000001 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +
+CheckmarxOneAPI Base +HTTP Method +global +3fb3bd8e26332110dd7a46cc20718736 +dc2fa50adc3321101d0357d2bdcda42e:-386108111,993028cb2b2482d02d16f9993db1920c:-386108111,dc2fa50adc3321101d0357d2bdcda42e:-386108111,52fcd807502482d03c79337f6b5a4e63:-386108111,dc2fa50adc3321101d0357d2bdcda42e:-386108111,afd9bcdd79afb9101011eab98feb4248:-386108111,686efe9a9553bd104742d1d01f65506b:-386108111,3446ede1cfabf5d05fdcff5130548716:-386108111,5a2930234f19f150e2b8496681c7413e:-386108111,dcc9a0b07049f950b30ddbe9607e5009:-386108111,764d4bda4234fd105247867125ca9581:-386108111,3d560616c2e83110baaefe768e975cf3:-386108111,dd90dbf5c4687110fb5464673a52075a:-386108111,3e29fb336860b110191dd5d5dae3a881:-386108111,e502d3a1ac2bf5506cf8e84c35ac1d3c:-386108111,dc2fa50adc3321101d0357d2bdcda42e:-386108111,57a4931590903110898f83f80fa8dcd8:-386108111,c4d5bac124943110d6c9b059b22df064:-386108111,ae05928c1df32110201d0a8436d704ce:-386108111,ae05928c1df32110201d0a8436d704ce:-386108111,a49c2d0cc2332110c0901aaf994579ac:-386108111,a49c2d0cc2332110c0901aaf994579ac:-386108111,ab8b5abf4a2f211063a4d9b5296d0814:-386108111,ab8b5abf4a2f211063a4d9b5296d0814:-386108111,385d8c378523211070ac4b3dd6a2bd2c:-386108111,385d8c378523211070ac4b3dd6a2bd2c:-386108111,bd7127d728a3211027cdc0683d30238e:-386108111,8104870adba3211072e0f5512f870350:-386108111,8104870adba3211072e0f5512f870350:-386108111,bc2a5ffc86e3a910a83206af6fac105b:-386108111,bc2a5ffc86e3a910a83206af6fac105b:-386108111,8355ae78336f69103c04fd03b010717a:-386108111,8355ae78336f69103c04fd03b010717a:-386108111,8d9612b4af2f6910bf59520657b01778:-386108111,8d9612b4af2f6910bf59520657b01778:-386108111,7ea1dd6c99e7291036bc9ab3a95e4faf:-386108111,7ea1dd6c99e7291036bc9ab3a95e4faf:-386108111,cd30d9185ae7e510366ee5717da5e8b4:-386108111,7bb024d882e3e510a009d3c39adb1990:-386108111,7bb024d882e3e510a009d3c39adb1990:-386108111,c01e0110a23e61100d25933b975706dc:-386108111,ebae0928f743a9100b7e513820d7c6e0:-386108111,c88bf3f7f8103110214de0704ac20de3:-386108111,da565facca88f110bf71346819f3f1fa:-386108111,bc01e3fa80963110ed787b36bc9f5e4b:-386108111,1729a09f5192f51050f021c5c25ff116:-386108111,dc2fa50adc3321101d0357d2bdcda42e:-386108111,dc2fa50adc3321101d0357d2bdcda42e:-386108111,c5949abf7b63a110e270badcc5b3e347:-386108111,c5949abf7b63a110e270badcc5b3e347:-386108111,b7eaa1bf2caf6110855ec14fb57b7a19:-386108111,b7eaa1bf2caf6110855ec14fb57b7a19:-386108111,6d36a5f7deaf6110fab714f67c60a7bf:-386108111,6d36a5f7deaf6110fab714f67c60a7bf:-386108111,c5f54df31d2f6110a7fc5f08cf24fed2:-386108111,c5f54df31d2f6110a7fc5f08cf24fed2:-386108111,a9d4587b6aa76110b01f0df73d3d0c0d:-386108111,a9d4587b6aa76110b01f0df73d3d0c0d:-386108111,08d99f496ce7a5102215ce97b2f59024:-386108111,08d99f496ce7a5102215ce97b2f59024:-386108111,cbfd7b7bae936110576aa2a733491ec6:-579666371,d4b579decdbf2950924c8a9db2865674:-1755794598,5dce3902bd21a5104e6b7770a1382154:-2096105034,5dce3902bd21a5104e6b7770a1382154:-2096105034,85dfdff1b1ede110def7dde3720588d4:871621961 + + + + +DELETE +3d20e92d47471110328ca368436d436a +customer + +sys_scope_privilege_2b639f25972bf550026f72021153af5c +execute3d20e92d47471110328ca368436d436aallowedsys_scope_privilegeapoorva.singh@checkmarx.com2024-01-05 15:10:562b639f25972bf550026f72021153af5c0FlowActionConnectionUtility.forFlowAction3d20e92d47471110328ca368436d436a3d20e92d47471110328ca368436d436asys_scope_privilege_2b639f25972bf550026f72021153af5capoorva.singh@checkmarx.com2024-01-05 15:10:56FlowActionConnectionUtility.forFlowActionglobalscriptable]]> +-730662899 +b33ccab997784210026f72021153af16 +false +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +004c0eb997784210026f72021153af62 +0 +18e1d0f6c9e0000001 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +
+FlowActionConnectionUtility.forFlowAction +Cross scope privilege +global +c12c58c3da2482d098e32232a1438828 +c12c58c3da2482d098e32232a1438828:-730662899,012c58c31e2482d0b1f0fb8181f1ae26:616407809 + + + + +INSERT_OR_UPDATE +3d20e92d47471110328ca368436d436a +customer + +sys_scope_privilege_619e937547db5110328ca368436d4382 +execute3d20e92d47471110328ca368436d436aallowedsys_scope_privilegeadmin2022-11-22 08:00:08619e937547db5110328ca368436d43820CheckmarxUtil3d20e92d47471110328ca368436d436a3d20e92d47471110328ca368436d436asys_scope_privilege_619e937547db5110328ca368436d4382admin2022-11-22 08:00:08CheckmarxUtil4629a9961bb70110d7948559cc4bcbbfsys_script_include]]> +-745506592 +b33ccab997784210026f72021153af16 +false +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +004c0eb997784210026f72021153af65 +0 +18e1d0e6dd20000001 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +
+CheckmarxUtil +Cross scope privilege +global +33b3bd8e3e332110abb8d4334519d89c +361f250ad03321106f2a252a0d156d53:-1063115583,f7cf9c8b7b2482d02510767c06c04b6d:895195116,361f250ad03321106f2a252a0d156d53:-1063115583,538c5007312482d0bf8e9f8643cd9adf:895195116,361f250ad03321106f2a252a0d156d53:-1063115583,12d9f8dd76afb9103d5d2aefa426da73:-1971976663,a7630f3cf0eb3910e796d1024754b992:0,465e3e9ac153bd10e1b3f9ee9fb135c0:-92691874,8336e9e1dbabf5d02286f704682d165c:-92691874,1929bcef48d5f150f483d6fc8a0b88a7:-1063115583,2fb920b04849f950d165703436322f44:-1063115583,314dc7da6b34fd107cdfd5d3ad0728d4:-1063115583,6856821636e831100bd050e68eeef064:-1063115583,c8905bf50268711012424a7cab104202:-1971976663,40c28155d2603110f8e79513c60ea0de:0,8a297b334960b110bd3dd842d2f2feef:-1971976663,889e6bbf67ec7110e1ce6fa9e1200510:0,e8c11f61e42bf5500699846615e99cf1:895195116,361f250ad03321106f2a252a0d156d53:-1063115583,6829ac5f8892f510a04dd2747b812adf:895195116,361f250ad03321106f2a252a0d156d53:-1063115583,689dfcb53a703110e0a9af442489ae31:0,1ea413151d9031102903628db966a3fe:-1063115583,7ec53ac1e194311020367ac9e0c23d3c:-1971976663,0a58fc95ebc0b1102e9577e31fffd5bc:0,b105528c7bf321102cb2bde1e302ed23:895195116,b105528c7bf321102cb2bde1e302ed23:895195116,a38ce90cc13321102630be7d71800c00:895195116,a38ce90cc13321102630be7d71800c00:895195116,d28bd6bfa22f2110d74eff8035b74037:895195116,d28bd6bfa22f2110d74eff8035b74037:895195116,3b4dc837952321102ba9069dcb17de45:895195116,3b4dc837952321102ba9069dcb17de45:895195116,6871a3d72aa321102d72b5fb2dc1db7b:895195116,2cf3830a79a32110203cec631840f894:895195116,2cf3830a79a32110203cec631840f894:895195116,0c2adbfc6de3a9104ae7ceda7025997d:895195116,0c2adbfc6de3a9104ae7ceda7025997d:895195116,4e552e78716f6910b8b79cc4789e8036:895195116,4e552e78716f6910b8b79cc4789e8036:895195116,40969e74502f69102de805234414b69b:895195116,40969e74502f69102de805234414b69b:895195116,8ea15d6c6be729104ac4e2d39d339bdf:895195116,8ea15d6c6be729104ac4e2d39d339bdf:895195116,cf20d518bde7e510914568c6cfa865b3:895195116,8cb0ec98c5e3e5105cc7c202a9a8888f:-1971976663,8cb0ec98c5e3e5105cc7c202a9a8888f:-1971976663,3448e26076b2e1103c4d58bd47fb31e7:0,130ecddcb7fa6110f7a636fc521a6e61:-1063115583,ba7b73f764103110b6b6da3cc23a33d8:-1063115583,5556dbac6288f11003258beaddf183f2:-1063115583,e7f063fa5a9631109942b6711b14bc6e:895195116,361f250ad03321106f2a252a0d156d53:-1063115583,361f250ad03321106f2a252a0d156d53:-1063115583,23841abfa363a11087cbbcbd1a3eb21f:895195116,23841abfa363a11087cbbcbd1a3eb21f:895195116,dbeaed7f1baf6110cf3245839bc2c7e7:895195116,dbeaed7f1baf6110cf3245839bc2c7e7:895195116,6c3625f73daf6110c23b3cbfc8c99cfd:895195116,6c3625f73daf6110c23b3cbfc8c99cfd:895195116,d4f50df3602f611077d3a96dadf1200c:895195116,d4f50df3602f611077d3a96dadf1200c:895195116,84d4947b73a761109434f193fa8b6c79:895195116,84d4947b73a761109434f193fa8b6c79:895195116,1bc91f4971e7a51017a8f8993183155c:895195116,1bc91f4971e7a51017a8f8993183155c:895195116,cffd7b7bb093611038364583ae5155ff:-745506592,0aa5b5de68bf295059706e81116bfe67:1433888404,f8ceb5023121a510c7cbb1fbb44fc1e7:1293059156,f8ceb5023121a510c7cbb1fbb44fc1e7:1293059156,9ddf1335f2ede110e9283b91f81ba905:1786871108 + + + + +INSERT_OR_UPDATE +3d20e92d47471110328ca368436d436a +customer + +sys_scope_privilege_a400d94647539110328ca368436d43f3 +execute3d20e92d47471110328ca368436d436aallowedsys_scope_privilegeVR.System2022-11-22 16:15:41a400d94647539110328ca368436d43f30GlideSysAttachment.getContentStream3d20e92d47471110328ca368436d436a3d20e92d47471110328ca368436d436asys_scope_privilege_a400d94647539110328ca368436d43f3VR.System2022-11-22 16:15:41GlideSysAttachment.getContentStreamglobalscriptable]]> +-626783711 +b33ccab997784210026f72021153af16 +false +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +004c0eb997784210026f72021153af69 +0 +18e1d0e6e6f0000001 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +
+GlideSysAttachment.getContentStream +Cross scope privilege +global +8cc3bd8e943321100757d9670e6026d1 +eb1f650afa3321106b196ccd312cb25e:-1605922515,f4dfdc8bbd2482d05b7ea11520f63cfd:-1605922515,eb1f650afa3321106b196ccd312cb25e:-1605922515,8c9cd007352482d0f0413c48c29d817c:-1605922515,eb1f650afa3321106b196ccd312cb25e:-1605922515,0bd97cdd59afb910cde9d66791638c09:-1605922515,4f5ebe9a7b53bd10453564d8fe320f54:-1605922515,cc46ade1edabf5d05e8c09bce2789f0c:-1605922515,3929fcefddd5f150659d153a8536bdc3:-1605922515,44c960b09f49f950bf043e2c44e50f83:-1605922515,664d0bda4434fd105f40c4cd3cbe88e7:-1605922515,9156c21603e83110fe79cafb63edace4:-1605922515,b4909bf541687110793f37ceb7c0d1cb:-1605922515,6629bb33d060b110e62576ee33d8a9f6:-1605922515,11c19f61412bf5508e711a69db577090:-1605922515,eb1f650afa3321106b196ccd312cb25e:-1605922515,72a493156a9031105fbe38c8665da93f:-1605922515,6fc57ac185943110bc6ffda6eabdb869:-1605922515,5e05928c90f32110c711c32680e0a91c:-1605922515,5e05928c90f32110c711c32680e0a91c:-1605922515,409c2d0ceb3321104ac216f1ffb1b305:-1605922515,409c2d0ceb3321104ac216f1ffb1b305:-1605922515,4f8b1abf892f2110a42a21ea7d7d2f39:-1605922515,4f8b1abf892f2110a42a21ea7d7d2f39:-1605922515,185d0c372c232110181b185cc4031bdf:-1605922515,185d0c372c232110181b185cc4031bdf:-1605922515,9571e3d7faa32110135f78c2d15c04bf:-1605922515,9df3070aeea32110e0be934edb277490:-1605922515,9df3070aeea32110e0be934edb277490:-1605922515,642a1ffc5be3a91094f3510b827fac86:-1605922515,642a1ffc5be3a91094f3510b827fac86:-1605922515,2a556e78486f69107b0b20770896696f:-1605922515,2a556e78486f69107b0b20770896696f:-1605922515,a096de74612f69106479350cde319de8:-1605922515,a096de74612f69106479350cde319de8:-1605922515,26a19d6c89e72910682fbb721e3eb7f4:-1605922515,26a19d6c89e72910682fbb721e3eb7f4:-1605922515,00305918ffe7e51079df1d11da3b02c8:-1605922515,8db0a0d87ee3e51010d70c578c48831e:-1605922515,8db0a0d87ee3e51010d70c578c48831e:-1605922515,770e0110363e61100552f9b26d965f68:-1605922515,13ae09288243a91086df1ff4c7381d78:-1605922515,eb7bf3f7d5103110d42f3548b7ff881d:-1605922515,02565face688f110586fc46cece4f660:-1605922515,9c01a3fa199631102191cc8624114bbc:-1605922515,9a29209f3092f5107dea39505c2828ea:-1605922515,eb1f650afa3321106b196ccd312cb25e:-1605922515,eb1f650afa3321106b196ccd312cb25e:-1605922515,94945abf7f63a110154487390f34c14c:-1605922515,94945abf7f63a110154487390f34c14c:-1605922515,efea61bf3caf6110ba0493bb2809003a:-1605922515,efea61bf3caf6110ba0493bb2809003a:-1605922515,4536a5f7fcaf6110590410495d4b4f38:-1605922515,4536a5f7fcaf6110590410495d4b4f38:-1605922515,f0f54df3a02f6110e2119a36cffb9b0f:-1605922515,f0f54df3a02f6110e2119a36cffb9b0f:-1605922515,34d4d47b66a761105abe8a17609400fc:-1605922515,34d4d47b66a761105abe8a17609400fc:-1605922515,73c95f4933e7a5101a01ef5d27aee16c:-1605922515,73c95f4933e7a5101a01ef5d27aee16c:-1605922515,97fdbb7ba8936110333506f05246f31c:-626783711,13a5f5deb9bf29507fef376203daacf9:-717471412,c5cef5020e21a510c152357a9dca2eda:1799518914,c5cef5020e21a510c152357a9dca2eda:1799518914,d9df1335f1ede110122bc661c50f0e2a:-592703555 + + + + +INSERT_OR_UPDATE +3d20e92d47471110328ca368436d436a +customer + +sys_scope_privilege_d663357f47131110328ca368436d43f3 +execute3d20e92d47471110328ca368436d436aallowedsys_scope_privilegeadmin2022-11-28 05:19:44d663357f47131110328ca368436d43f30ScriptableRESTMessageClient.setHttpMethod3d20e92d47471110328ca368436d436a3d20e92d47471110328ca368436d436asys_scope_privilege_d663357f47131110328ca368436d43f3admin2022-11-28 05:19:44ScriptableRESTMessageClient.setHttpMethodglobalscriptable]]> +-1514226719 +b33ccab997784210026f72021153af16 +false +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +004c0eb997784210026f72021153af6c +0 +18e1d0e6f400000001 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +
+ScriptableRESTMessageClient.setHttpMethod +Cross scope privilege +global +88c3fd8ef83321101af560087dfe9729 +1c2fa50aa53321109e9a4a0444a3c95e:1433669869,a93028cbd92482d0dc3636dc78e37dbb:1433669869,1c2fa50aa53321109e9a4a0444a3c95e:1433669869,a6fcd807702482d03eb8d284b2750dce:1433669869,1c2fa50aa53321109e9a4a0444a3c95e:1433669869,b7d9bcddd4afb910e56a52df4b0e78ff:1433669869,646efe9ac853bd104fe6f9e80f733baa:1433669869,f046ede191abf5d0a784904b76ba3ea7:1433669869,9e2930239b19f150d0f6d8ccc6489d83:1433669869,28c9a0b0cb49f950803782b4fe881261:1433669869,b64d4bdab334fd10e6333eafd3997aa5:1433669869,86564616bbe8311070f8705baecd1e1c:1433669869,e590dbf589687110c2b3999393f8a8b1:1433669869,8f29fb33a760b1103c421f0b0ad456a5:1433669869,1a02d3a1c02bf5509321127c7e434ae0:1433669869,1c2fa50aa53321109e9a4a0444a3c95e:1433669869,1ba4d315359031102f1ffbed4bacd709:1433669869,9cd5bac1299431104f5ff781b26dd0b1:1433669869,7a05d28c06f32110c8e4f82b023b3d09:1433669869,7a05d28c06f32110c8e4f82b023b3d09:1433669869,e49c2d0cdf33211013d1ae4efa056df3:1433669869,e49c2d0cdf33211013d1ae4efa056df3:1433669869,6b8b5abffb2f2110dd97efa846b3d139:1433669869,6b8b5abffb2f2110dd97efa846b3d139:1433669869,3c5d8c373d232110586287f29088e776:1433669869,3c5d8c373d232110586287f29088e776:1433669869,797127d727a32110ffe6a8e8b7b8bdb3:1433669869,9d04870a3aa32110f6387c655952a474:1433669869,9d04870a3aa32110f6387c655952a474:1433669869,cd2a5ffc10e3a9107a3ddf0dade0677f:1433669869,cd2a5ffc10e3a9107a3ddf0dade0677f:1433669869,c755ae78eb6f69106815ff01d88c6aa4:1433669869,c755ae78eb6f69106815ff01d88c6aa4:1433669869,c59612b47f2f6910c4c7351435b707a9:1433669869,c59612b47f2f6910c4c7351435b707a9:1433669869,83a1dd6cfbe72910d34c156db2214bd8:1433669869,83a1dd6cfbe72910d34c156db2214bd8:1433669869,1d301d1865e7e51064b48b1adf26650a:1433669869,c0c024d8b9e3e510a5123ee69ebbabbe:1433669869,c0c024d8b9e3e510a5123ee69ebbabbe:1433669869,401e4110833e61109562c3f14c1f6411:1433669869,a3ae49288b43a910f1bf17f089413a09:1433669869,108b37f766103110fe41fe458437ff23:1433669869,e6569facfd88f11022befbecc49abb55:1433669869,7401e3fa3e963110ce0bcf491ba97c8a:1433669869,7729a09fce92f5105db237874b568daa:1433669869,1c2fa50aa53321109e9a4a0444a3c95e:1433669869,1c2fa50aa53321109e9a4a0444a3c95e:1433669869,09949abf9e63a110b87830782f39a279:1433669869,09949abf9e63a110b87830782f39a279:1433669869,4cfaa1bf67af61102937e4abc08da23e:1433669869,4cfaa1bf67af61102937e4abc08da23e:1433669869,e136a5f757af6110157dcebadb0c11e9:1433669869,e136a5f757af6110157dcebadb0c11e9:1433669869,81f54df3062f6110ecf6e42189a07efb:1433669869,81f54df3062f6110ecf6e42189a07efb:1433669869,31d4587bbfa76110af3d07f6305e8b40:1433669869,31d4587bbfa76110af3d07f6305e8b40:1433669869,58d99f499ce7a510e7c33a69492b8851:1433669869,58d99f499ce7a510e7c33a69492b8851:1433669869,57fdbb7b0993611082263f2b05d40b3a:-1514226719,acb579defbbf2950d9e1c57c7310e8d3:-292299328,15ce39025121a51032a2bbe193662877:-1957514613,15ce39025121a51032a2bbe193662877:-1957514613,19df133533ede1108ce3aed7ebf77c3e:-1893338531 + + + + +INSERT_OR_UPDATE +3d20e92d47471110328ca368436d436a +customer + +sys_scope_privilege_fa9220cf972482d0026f72021153aff1 +execute3d20e92d47471110328ca368436d436aallowedsys_scope_privilegeapoorva.singh@checkmarx.com2024-02-28 11:12:02fa9220cf972482d0026f72021153aff10FlowActionConnectionUtility.forFlowAction3d20e92d47471110328ca368436d436a3d20e92d47471110328ca368436d436asys_scope_privilege_fa9220cf972482d0026f72021153aff1apoorva.singh@checkmarx.com2024-02-28 11:12:02FlowActionConnectionUtility.forFlowActionglobalscriptable]]> +616407809 +b33ccab997784210026f72021153af16 +false +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +004c0eb997784210026f72021153af6f +0 +18e1d0f6d3f0000001 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:53 +
+FlowActionConnectionUtility.forFlowAction +Cross scope privilege +global + + + + + + +INSERT_OR_UPDATE +3d20e92d47471110328ca368436d436a +customer + +sys_script_include_ec0e828f47f42110328ca368436d433b +<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_script_include"><sys_script_include action="INSERT_OR_UPDATE"><access>public</access><active>true</active><api_name>x_chec3_chexone.CheckmarxOneScanSummaryProcessor</api_name><caller_access/><client_callable>false</client_callable><description>This script process the payload from CheckmarxOne app summary endpoint.</description><name>CheckmarxOneScanSummaryProcessor</name><script><![CDATA[var CheckmarxOneScanSummaryProcessor = Class.create(); +CheckmarxOneScanSummaryProcessor.prototype = Object.extendsObject(sn_vul.ApplicationVulnerabilityImportProcessorBase, { + MSG: 'CheckmarxOne Scan Summary Processor: ', + UTIL: new x_chec3_chexone.CheckmarxOneUtil(), + + process: function(attachment) { + if (attachment) { + try { + this.UTIL.validateXML(new GlideSysAttachment().getContent(attachment), 'error'); + var doc = new XMLDocument2(); + doc.parseXML(new GlideSysAttachment().getContent(attachment)); + var Node = doc.getNode('/scanData'); + } catch (ex) { + gs.error(this.MSG + "Error occurred while validating or parsing the XML: " + ex); + throw ex; + } + var errorProcess = ''; + + if (Node.toString().includes("sastScanData")) { + try { + var sastnodes = doc.getNode('/scanData/sastScanData/scans'); + var iteration = sastnodes.getChildNodeIterator(); + } catch (ex) { + gs.error(this.MSG + "Error occurred while parsing the XML: " + ex); + throw ex; + } + var sastdata = {}; + while (iteration.hasNext()) { + try { + var SastappNode = iteration.next(); + var Sastattributes = SastappNode.getAttributes(); + //map attributes from CheckmarxOne into the servicenow scan summary table + sastdata['source_app_id'] = Sastattributes.app_id; + sastdata['source_scan_id'] = Sastattributes.id; + sastdata['detected_flaw_count'] = +Sastattributes.total_no_flaws; + sastdata['last_scan_date'] = new GlideDateTime(Sastattributes.last_scan_date); + sastdata['scan_summary_name'] = Sastattributes.id + ' ' + sastdata['last_scan_date']; + sastdata['scan_analysis_size'] = +Sastattributes.loc; + sastdata['tags'] = Sastattributes.branch; + this._upsert(sastdata); + } catch (ex) { + errorMessage = gs.getMessage("Error in retriving data for scan list integration!"); + gs.error(this.MSG + "errorMessage " + ex); + errorProcess += " | " + ex.getMessage(); + //throw ex; + } + } + } + if (Node.toString().includes("scaScanData")) { + try { + var scanodes = doc.getNode('/scanData/scaScanData/scans'); + var iter = scanodes.getChildNodeIterator(); + } catch (ex) { + gs.error(this.MSG + "Error occurred while validating or parsing the XML: " + ex); + throw ex; + } + var data = {}; + while (iter.hasNext()) { + try { + var appNode = iter.next(); + var attributes = appNode.getAttributes(); + //map attributes from Checkmarx into the servicenow scan summary table + data['source_app_id'] = attributes.app_id; + data['source_scan_id'] = attributes.id; + data['detected_flaw_count'] = +attributes.total_no_flaws; + data['last_scan_date'] = new GlideDateTime(attributes.last_scan_date); + data['scan_summary_name'] = attributes.id + ' ' + data['last_scan_date']; + data['tags'] = attributes.branch; + this._upsert(data); + } catch (ex) { + errorMessage = gs.getMessage("Error in retriving data for scan list integration!"); + gs.error(this.MSG + "errorMessage " + ex); + errorProcess += " | " + ex.getMessage(); + //throw ex; + } + } + } + if (Node.toString().includes("kicsScanData")) { + try { + var kicsnodes = doc.getNode('/scanData/kicsScanData/scans'); + var kicsiteration = kicsnodes.getChildNodeIterator(); + } catch (ex) { + gs.error(this.MSG + "Error occurred while parsing the XML: " + ex); + throw ex; + } + var kicsdata = {}; + while (kicsiteration.hasNext()) { + try { + var kicsappNode = kicsiteration.next(); + var kicsattributes = kicsappNode.getAttributes(); + //map attributes from CheckmarxOne into the servicenow scan summary table + kicsdata['source_app_id'] = kicsattributes.app_id; + kicsdata['source_scan_id'] = kicsattributes.id; + kicsdata['detected_flaw_count'] = +kicsattributes.total_no_flaws; + kicsdata['last_scan_date'] = new GlideDateTime(kicsattributes.last_scan_date); + kicsdata['scan_summary_name'] = kicsattributes.id + ' ' + kicsdata['last_scan_date']; + kicsdata['tags'] = kicsattributes.branch; + this._upsert(kicsdata); + } catch (ex) { + errorMessage = gs.getMessage("Error in retriving data for scan list integration!"); + gs.error(this.MSG + "errorMessage " + ex); + errorProcess += " | " + ex.getMessage(); + //throw ex; + } + } + } + if (!gs.nil(errorProcess)) + gs.error(this.MSG + "All errors that occurred while processing scan summary: " + errorProcess); + this.completeProcess(this.integrationProcessGr, this.import_counts); + + } else + gs.warn(this.MSG + ':process called with no attachment'); + }, + + + _parseStatic: function(node, data) { + try { + this._handleScanType(node, data, 'last_static_scan_date'); + } catch (err) { + gs.error(this.MSG + " _parseStatic : Error while parsing the date and rating field."); + throw err; + } + }, + + _handleScanType: function(node, data, dateField) { + try { + data[dateField] = new GlideDateTime(node.getAttribute('last_scan_date')); + if (gs.nil(data['last_scan_date']) >= data['last_scan_date']) { + data['last_scan_date'] = data[dateField]; + } + } catch (err) { + gs.error(this.MSG + " _handleScanType : Error while handling scan type."); + throw err; + } + }, + + _upsert: function(data) { + try { + var result = this.AVR_API.createOrUpdateSummary(data); + if (!result) + return; + if (result.updated) + this.import_counts.updated++; + else if (result.inserted) + this.import_counts.inserted++; + else if (result.unchanged) + this.import_counts.unchanged++; + } catch (err) { + gs.error(this.MSG + " _upsert : Error while inserting data into ServiceNow DB."); + throw err; + } + }, + type: 'CheckmarxOneScanSummaryProcessor' +});]]></script><sys_class_name>sys_script_include</sys_class_name><sys_created_by>admin</sys_created_by><sys_created_on>2023-02-08 12:56:43</sys_created_on><sys_id>ec0e828f47f42110328ca368436d433b</sys_id><sys_mod_count>14</sys_mod_count><sys_name>CheckmarxOneScanSummaryProcessor</sys_name><sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package><sys_policy/><sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope><sys_update_name>sys_script_include_ec0e828f47f42110328ca368436d433b</sys_update_name><sys_updated_by>admin</sys_updated_by><sys_updated_on>2024-02-08 15:41:36</sys_updated_on></sys_script_include></record_update> +1554594072 +b33ccab997784210026f72021153af16 +false +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:54 +004c0eb997784210026f72021153af72 +0 +18e1d0f05780000001 +nidhikumari.jaiswal@checkmarx.com +2024-03-08 07:56:54 +
+CheckmarxOneScanSummaryProcessor +Script Include +global +2480a2acff5c4e108d2a738ff051da11 +2480a2acff5c4e108d2a738ff051da11:1554594072,0e3068cb992482d0df1a1d12fead2275:-2088130676,2480a2acff5c4e108d2a738ff051da11:1554594072,940d5c07362482d09bb9cf441d0aa016:-2088130676,2480a2acff5c4e108d2a738ff051da11:1554594072,5d1fb110c5a086109e099c60e73737be:-2088130676,2480a2acff5c4e108d2a738ff051da11:1554594072,351667bde010821007b4e9636f837071:-2088130676,2480a2acff5c4e108d2a738ff051da11:1554594072,2ed913a518004210a3080b549032bc58:1985399810,2d79c361c8cc0210efbe7a0ca37f12c8:-153681982,431adfd6e7d806104b445e63e7fe7cb0:-153681982,dff28613a03f7110e88ef56074c41b25:-153681982,24afcd6138a375d0dd64000c23aa1925:-153681982,44eee606dced711039ecc15f3e507dde:196892494,98e93011f7efb910e51f10d8870e585c:-153681982,4d6e32da8c53bd104a574c68ee7f1b7c:-153681982,9d4621258babf5d05dc4b0a9b00d5481:-153681982,ea297023c619f15002ef77048dd63444:1056773477,38c9a0b03449f9506953e17271eb82e3:1056773477,c34d8bdacd34fd1005f7832c7b9e2343:1056773477,720217a16a2bf5503f6d5007a7c72dc8:-153681982,44eee606dced711039ecc15f3e507dde:196892494,d50127facb963110d1a2b2dd8bb79f2b:-153681982,3439249f0492f510e816eaa705e0e5f0:-153681982,44eee606dced711039ecc15f3e507dde:196892494,e0676216d1c5b590d90076cb3d2f069e:-1862975132,3db1b486e98d35906d445839d6f60bc3:1056773477,b7bbe80e6b4d3590951afc827f25909c:-996886519,a7374d744c613110052242657ad508d2:1056773477,daf61b487b30f1107d239d1d5fb70246:1431492185,5656461631e831105fbf72ce54ddebe7:-996886519,b1901ff52b6871104e9007cdf7702140:-996886519,9f293f33f360b1102e65b826abbe5034:-996886519,1f8cd788d1703110a812257fc22ace53:-996886519,f3a4d3152d90311058d5605a9340f590:-996886519,e4d5fac19f943110264fb3bb7c350e77:-996886519,c305d28c2ef321108cdb786bef388fdb:-996886519,c305d28c2ef321108cdb786bef388fdb:-996886519,bc9c6d0c413321103c64bfc9d3992b61:-996886519,bc9c6d0c413321103c64bfc9d3992b61:-996886519,3f8b5abf472f21104057e755174cf9cc:-996886519,3f8b5abf472f21104057e755174cf9cc:-996886519,d55d8c37c023211085cd21f7d6da3dfa:1353693257,d55d8c37c023211085cd21f7d6da3dfa:1353693257,52eb702b0fe36110065771fba3d9d55c:-1081641923,19477423ece36110d86b84837ff12023:-1045159965,7b037c6b27a36110f7e2c2fd4de45371:40895773,743e0467aa6721109dbe2bf5e854ddff:1678402281,3f9dc0675867211063bde8962f97abdd:-1295611197,427167d725a321107b93d3e23da99844:-635597160,4a80d78612e321105804de260fd6354a:345458468,6c140b0a7aa32110d3fb1abbbd2e9a67:-735277001,6c140b0a7aa32110d3fb1abbbd2e9a67:-735277001,952a9ffcdfe3a9102f987dbff86c5302:-735277001,952a9ffcdfe3a9102f987dbff86c5302:-735277001,5355ee78646f69105a870ca48d3cff33:-735277001,5355ee78646f69105a870ca48d3cff33:-735277001,5d9652b4e42f6910811f075b89c07c12:-735277001,5d9652b4e42f6910811f075b89c07c12:-735277001,1ba111acc8e72910e20343f9e4860b5a:-735277001,1ba111acc8e72910e20343f9e4860b5a:-735277001,86301d18b3e7e51059ff776f1294f8e0:-735277001,d2c064d823e3e5104035d5fbd53cdcb0:-1256524472,d2c064d823e3e5104035d5fbd53cdcb0:-1256524472,df875f7b5b1f65104e6c792f1b5716ef:-276733740,efcf9affa71b65107714dfa7196c86fe:-1163233878,1d5e163f3f1b6510e78fa08ef6dbf4a7:157202333,3efdd67fe11b65103509e93b3a041722:-251715976,4bfbbbab419f2510db3b15c4389e1fc8:-758273041,7f4c0e27445725104f46cadd484aff19:-276733740,14019b5fd197e110b9a48c165a3307af:1840687636,0f3e479bfd97e110e6ae348eedd51262:359317030,83db8d57db9fa1100cf61e6b06955e80:-2092988125,3fc909d3349fa110ce91d090484f25da:1127859770,cdefad6c49c3a910dd01793ec852685b:-777452861,101e4110d53e61109353ac885b823378:302834381,77ae4928f243a910d4afad84c68d7870:302834381,f88b37f731103110311c313148c91ec5:-996886519,ba56dfacd088f11071eb32960193c894:-996886519,847e2eda8c2cb510a3d042aec5bfe778:1431492185,412fe50a8b332110dc5386886b95fe04:-996886519,412fe50a8b332110dc5386886b95fe04:-996886519,6194dabf3363a110431949c005c8b99f:-996886519,6194dabf3363a110431949c005c8b99f:-996886519,9cfaa1bfdbaf6110f679118baaba16be:-996886519,9cfaa1bfdbaf6110f679118baaba16be:-996886519,f136e5f702af61105f1200911945f069:-996886519,f136e5f702af61105f1200911945f069:-996886519,15f58df3732f6110d95cb09b88356080:-996886519,15f58df3732f6110d95cb09b88356080:-996886519,26d4587ba2a76110b1028ba95dfd0cd4:-1171475831,26d4587ba2a76110b1028ba95dfd0cd4:-1171475831,9249c7db24232110d909b5da066d6f33:-862734211,a0d99f4997e7a510f6f04b7f8823fcc4:-735277001,a0d99f4997e7a510f6f04b7f8823fcc4:-735277001,6bfdbb7b769361102a120992c9c17bc0:-777452861,c5b5b9dedbbf2950908ba148b730dd78:1481310473,60b6f1eb01afed1077332b381d866545:-1658017027,a1b2fda7e7afed10dc1f27f081ee4ab7:-1696885030,013f42e8be4ba51078c0dbccfdf5f6a9:-777452861,e1ce39029a21a510d1d67c6462a3ede0:-1640701482,e1ce39029a21a510d1d67c6462a3ede0:-1640701482,69df1335d7ede11039439156dc0d6c79:809725627 + + + + +INSERT_OR_UPDATE +3d20e92d47471110328ca368436d436a +customer + +sys_security_acl_69b2a60e47875110328ca368436d43ca +truetruefalseDefault access control on x_chec3_chexone_checkmarxone_scan_summary_importx_chec3_chexone_checkmarxone_scan_summary_importwrite