Skip to content

Commit

Permalink
Integration branch (#20)
Browse files Browse the repository at this point in the history 
* GA Changes

GA

* GA changes 1.0.11

* code changes for encryption and decryption of access_token

* code changes for encryption and decryption of access_token

* code changes for encryption and decryption of access_token

* updated scan summary name and update set

* change log level to basic

* Update Update_Set_GA_1.0.11.xml

* Added Update set From Vendor Instance

* Added changes for CxOne release 1.0.14 (#19)

---------

Co-authored-by: Nidhi Jaiswal <[email protected]>
Co-authored-by: Nidhi Jaiswal <[email protected]>
  • Loading branch information
@apoorvasingh5 @nidhi0512
3 people authored Oct 18, 2023
1 parent cb65f8d commit 79e0b61
Show file tree
Hide file tree
Showing 9 changed files with 13,143 additions and 118 deletions.
2 changes: 1 addition & 1 deletion ...ts/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati
//Creates XML summary for Projects
getAppList: function(filteredCount, offset) {
try {
var gr = new GlideRecord("x_chec3_chexone_checkmarxone_configuration");
var appListRootNodeStart = "<appInfoList><xml id=\"checkmarxone\"><projects>";
var appListRootNodeEnd = "</projects></xml></appInfoList>";
var appListAll = '';
Expand Down
224 changes: 182 additions & 42 deletions ...CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.xml
View file

Large diffs are not rendered by default.

45 changes: 26 additions & 19 deletions ...s/CheckmarxOneAppVulItemProcessor_sys_script_include_ba2b3da69769e510026f72021153af1b.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat
doc.parseXML(new GlideSysAttachment().getContent(attachment));
var listNode = doc.getNode('/detailedreport/xml/results');
} catch (ex) {
gs.error(this.MSG + "Error occurred while validating or parsing the XML: " + ex);
gs.info("error reported" + new GlideSysAttachment().getContent(attachment));
gs.error(this.MSG + "Error occurred while validating or parsing the XML: " + ex );
throw ex;
}
var reportData = {};
Expand All @@ -40,7 +41,11 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat
reportData['source_scan_id'] = node.getAttribute('scan_id');
reportData['last_scan_date'] = new GlideDateTime(node.getAttribute('last_scan_date'));
reportData['scan_summary_name'] = reportData['source_scan_id'] + ' ' + reportData['last_scan_date'];
reportData['scan_type'] = node.getAttribute('scan_type');
if (node.getAttribute('scan_type') == 'kics') {
reportData['scan_type'] = 'static';
} else {
reportData['scan_type'] = node.getAttribute('scan_type');
}
reportData['application_Id'] = node.getAttribute('application_ids').toString();
var queryData = {};
var nvdData = {};
Expand All @@ -59,21 +64,22 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat
var query_id = 'Checkmarx One' + "-" + node.getAttribute('id');
var cwe_name = node.getAttribute('cweName');
// var url = node.getAttribute('url');
queryData['scan_type'] = node.getAttribute('scan_type');
queryData['source_severity'] = source_severity;
queryData['scan_type'] = reportData['scan_type'];
queryData['source_severity'] = +source_severity;
queryData['threat'] = '';
queryData['cweId'] = node.getAttribute('cweId');
reportData['cweId'] = node.getAttribute('cweId');
queryData['cvss_base_score'] = node.getAttribute('cvssScore');
queryData['cvss_vector'] = node.getAttribute('cvssVector');
queryData['last_detection_date'] = reportData.last_scan_date.getDate();
if (scan_type == 'static') {
if (reportData['scan_type'] == 'static') {
if (node.getAttribute('OWASPTop10') != '') {
var owaspObj = {};
owaspObj[gs.getMessage("OWASPTop10")] = node.getAttribute('OWASPTop10');
queryData['owasp'] = JSON.stringify(owaspObj);
}
queryData['short_description'] = node.getAttribute('SANSTop25');
resultObj['source_notes'] = node.getFirstChild().getTextContent().toString();
}
// to check if first_detection_date checkbox is selected
Expand All @@ -83,34 +89,35 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat
resultObj['first_found'] = new GlideDateTime(node.getAttribute('first_found_date')).getDate();
}
queryData['package_unique_id'] = node.getAttribute('package_unique_id');
queryData['package_name'] = node.getAttribute('package_name');
reportData['cweName'] = node.getAttribute('cweName');
if (node.getAttribute('recommendation') != '') {
queryData['source_recommendation'] = 'Recommended version-' + node.getAttribute('recommendation');
resultObj['source_recommendation'] = 'Recommended version-' + node.getAttribute('recommendation');
}
if (scan_type == 'static') {
queryData['source_entry_id'] = 'Checkmarx One' + " CWE-" + queryData['cweId'];
queryData['source_entry_id'] = 'Checkmarx One' + " CWE-" + reportData['cweId'];
queryData['cwe_list'] = [{
cwe_id: queryData['cweId'],
cwe_id: reportData['cweId'],
name: queryData['category_name']
}];
} else {
queryData['source_entry_id'] = 'Checkmarx One' + "-" + node.getAttribute('id');
resultObj['source_avit_id'] = node.getAttribute('id');
}
if (scan_type != 'static') {
if (scan_type == 'sca') {
queryData['source_entry_id'] = 'Checkmarx One' + "-" + node.getAttribute('id');
resultObj['source_avit_id'] = node.getAttribute('id') + node.getAttribute('package_unique_id');
resultObj['source_references'] = node.getFirstChild().getTextContent().toString();
} else {
}
if (scan_type == 'kics') {
queryData['source_entry_id'] = 'Checkmarx One' + "-" + node.getAttribute('cweId');
resultObj['source_avit_id'] = node.getAttribute('id');
}
resultObj['source_app_id'] = reportData['source_app_id'];
resultObj['scan_type'] = reportData['scan_type'];
resultObj['package_unique_id'] = node.getAttribute('package_unique_id');
resultObj['package_name'] = node.getAttribute('package_name');
resultObj['source_notes'] = node.getAttribute('source_notes');
resultObj['location'] = node.getAttribute('location');
resultObj['source_link'] = node.getAttribute('sourcefile');
if (node.getAttribute('line_no') != '') {
Expand All @@ -120,9 +127,9 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat
resultObj['last_scan_date'] = reportData['last_scan_date'];
resultObj['scan_summary_name'] = reportData['scan_summary_name'];
resultObj['description'] = node.getLastChild().getTextContent().toString();
resultObj['source_references'] = node.getFirstChild().getTextContent().toString();
resultObj['source_vulnerability_summary'] = node.getLastChild().getTextContent().toString();
if (scan_type == 'static') {
if (reportData['scan_type'] == 'static') {
var status = this.UTIL.getSASTRemediationStatus(node.getAttribute('status'), node.getAttribute('state'));
} else {
status = this.UTIL.getSCARemediationStatus(node.getAttribute('status'), node.getAttribute('state'));
Expand All @@ -140,7 +147,7 @@ CheckmarxOneAppVulItemProcessor.prototype = Object.extendsObject(sn_vul.Applicat
resultObj['complies_with_policy'] = 'not_applicable';
resultObj['source_entry_id'] = queryData['source_entry_id'];
resultObj['category_name'] = queryData['category_name'];
if (scan_type != 'static') {
if (reportData['scan_type'] != 'static') {
nvdData['cvss_base_score'] = node.getAttribute('cvssScore');
nvdData['cvss_vector'] = node.getAttribute('cvssVector');
this._handleCVE(nvdData, resultObj, cwe_name);
Expand Down
5 changes: 4 additions & 1 deletion Scripts/CheckmarxOneConfigUtilBase_sys_script_include_508f0d54471f1110328ca368436d43f8.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ CheckmarxOneConfigUtilBase.prototype = {
"errorMessage": gs.getMessage("CheckmarxOne configuration not found.")
};
var response = new x_chec3_chexone.CheckmarxOneUtil().getProject(config.getValue("integration_instance"));
var implConfig = new GlideRecord("sn_sec_int_impl_config");
} catch (ex) {
result = false;
errorMessage = gs.getMessage("Credential validation failed!");
Expand Down Expand Up @@ -63,9 +64,11 @@ CheckmarxOneConfigUtilBase.prototype = {
"include_first_detection_date": gr.getValue("include_first_detection_date") === "1",
"import_sca": gr.getValue("import_sca") === "1",
"import_sast": gr.getValue("import_sast") === "1",
"import_kics": gr.getValue("import_kics") === "1",
"triaging_in_snow": gr.getValue("triaging_in_snow") === "1",
"vulnerability_threshold_level": gr.getValue("vulnerability_threshold_level"),
"access_token": gr.access_token.getDecryptedValue(),
"list_projects": gr.getValue("list_of_project_id_s"),
};
new sn_sec_int.Implementation().setConfiguration(instance, newconfig);
Expand Down
100 changes: 81 additions & 19 deletions ...heckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
MSG: 'CheckmarxOneScanSummaryIntegration:',
retrieveData: function() {
gs.info(this.MSG + 'retrieveData');
var params = this._getParameters(this.PROCESS.getValue('parameters'));
var response = "<null/>";
if (params.run) {
Expand All @@ -34,7 +33,7 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
} else
this.hasMoreData(true);
if (response == "<null/>") {
response = '<scanData><scaScanData><scans></scans></scaScanData><sastScanData><scans></scans></sastScanData></scanData>';
response = '<scanData><scaScanData><scans></scans></scaScanData><sastScanData><scans></scans></sastScanData><kicsScanData><scans></scans></kicsScanData></scanData>';
}
return {
contents: new GlideSysAttachment().write(this.PROCESS, this.FILENAME, "xml", response),
Expand All @@ -51,10 +50,12 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
var scanSummaryRootNodeEnd = "</scanData>";
var scaScanSummaryAll = '';
var sastScanSummaryAll = '';
var kicsScanSummaryAll = '';
var includescanSummaryAll = '';
var newoffset = offsetId - 1;
var includesca = this.UTIL.importScaFlaw(this.IMPLEMENTATION);
var includesast = this.UTIL.importSastFlaw(this.IMPLEMENTATION);
var includekics = this.UTIL.importKicsFlaw(this.IMPLEMENTATION);
var responseLastScanSummary = this.UTIL.getScanInfo(this.IMPLEMENTATION, appId, newoffset, this._getCurrentDeltaStartTime());
var jsonLastScanSummResp = JSON.parse(responseLastScanSummary.getBody());
for (var item in jsonLastScanSummResp.scans) {
Expand All @@ -79,6 +80,17 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
'" app_name="' + appId + '"/>';
}
}
//kics scan summary
if (jsonLastScanSummResp.scans[item].engines.toString().includes("kics")) {
var kicsresponsevul = this.UTIL.getKicsScanSummaryInfo(this.IMPLEMENTATION, jsonLastScanSummResp.scans[item].id);
if (kicsresponsevul != -1) {
kicsScanSummaryAll += '<scan id="' + 'IaC' + jsonLastScanSummResp.scans[item].id + '" app_id="' + appId +
'" last_scan_date="' + this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt) +
'" total_no_flaws="' + kicsresponsevul +
'" app_name="' + appId + '"/>';
}
}
var date = new GlideDateTime(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt));
if (!this.LATEST || date > this.LATEST)
this.LATEST = date;
Expand All @@ -89,6 +101,9 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
if (includesast) {
includescanSummaryAll += "<sastScanData><scans>" + sastScanSummaryAll + "</scans></sastScanData>";
}
if (includekics) {
includescanSummaryAll += "<kicsScanData><scans>" + kicsScanSummaryAll + "</scans></kicsScanData>";
}
reportContent = scanSummaryRootNodeStart + includescanSummaryAll + scanSummaryRootNodeEnd;
} catch (err) {
Expand All @@ -106,7 +121,12 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
};
var includesca = this.UTIL.importScaFlaw(this.IMPLEMENTATION);
var includesast = this.UTIL.importSastFlaw(this.IMPLEMENTATION);
var includekics = this.UTIL.importKicsFlaw(this.IMPLEMENTATION);
var appId = '';
var app = '';
var responseLastScan = '';
var jsonLastScanResp = '';
var offsetId = '';
try {
if (parameters) {
params = JSON.parse(parameters);
Expand All @@ -120,29 +140,71 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
} else {
this.LATEST = new GlideDateTime(this.DELTA_START_TIME || '1970-01-01T10:16:06.17544Z').getDate();
var apps = this.AVR_API.getAppReleases();
for (var i in apps) {
var appId = apps[i].source_app_id;
if (appId !== "undefined") {
var responseLastScan = this.UTIL.getScanList(this.IMPLEMENTATION, appId, this._getCurrentDeltaStartTime());
var jsonLastScanResp = JSON.parse(responseLastScan.getBody());
for (var item in jsonLastScanResp.scans) {
if (includesca) {
if (jsonLastScanResp.scans[item].engines.toString().includes("sca")) {
app = jsonLastScanResp.scans[item].projectId;
}
var app_list = this.UTIL.getConfigProjectList(this.IMPLEMENTATION);
if (app_list && app_list.length > 0) {
for (var id in app_list) {
for (var i in apps) {
if (apps[i].source_app_id == app_list[id]) {
appId = app_list[id];
if (appId !== "undefined") {
responseLastScan = this.UTIL.getScanList(this.IMPLEMENTATION, appId, this._getCurrentDeltaStartTime());
jsonLastScanResp = JSON.parse(responseLastScan.getBody());
for (var item in jsonLastScanResp.scans) {
if (includesca) {
if (jsonLastScanResp.scans[item].engines.toString().includes("sca")) {
app = jsonLastScanResp.scans[item].projectId;
}
}
if (includesast) {
if (jsonLastScanResp.scans[item].engines.toString().includes("sast")) {
app = jsonLastScanResp.scans[item].projectId;
}
if (includesast) {
if (jsonLastScanResp.scans[item].engines.toString().includes("sast")) {
app = jsonLastScanResp.scans[item].projectId;
}
}
if (includekics) {
if (jsonLastScanResp.scans[item].engines.toString().includes("kics")) {
app = jsonLastScanResp.scans[item].projectId;
}
}
}
}
if (app == appId) {
offsetId = this._getoffsets(appId);
params.remaining[app] = offsetId;
}
}
}
}
} else {
for (var j in apps) {
appId = apps[j].source_app_id;
if (appId !== "undefined") {
responseLastScan = this.UTIL.getScanList(this.IMPLEMENTATION, appId, this._getCurrentDeltaStartTime());
jsonLastScanResp = JSON.parse(responseLastScan.getBody());
for (var items in jsonLastScanResp.scans) {
if (includesca) {
if (jsonLastScanResp.scans[items].engines.toString().includes("sca")) {
app = jsonLastScanResp.scans[items].projectId;
}
}
if (includesast) {
if (jsonLastScanResp.scans[items].engines.toString().includes("sast")) {
app = jsonLastScanResp.scans[items].projectId;
}
}
if (includekics) {
if (jsonLastScanResp.scans[items].engines.toString().includes("kics")) {
app = jsonLastScanResp.scans[items].projectId;
}
}
}
}
if (app == appId) {
var offsetId = this._getoffsets(appId);
params.remaining[app] = offsetId;
if (app == appId) {
offsetId = this._getoffsets(appId);
params.remaining[app] = offsetId;
}
}
}
gs.debug(this.MSG + 'for appreleases complete');
Expand Down
Loading

0 comments on commit 79e0b61

Please sign in to comment.