CheckmarxOne Devops changes (#21)

* GA Changes GA * GA changes 1.0.11 * code changes for encryption and decryption of access_token * code changes for encryption and decryption of access_token * code changes for encryption and decryption of access_token * updated scan summary name and update set * change log level to basic * Update Update_Set_GA_1.0.11.xml * Added Update set From Vendor Instance * Added changes for CxOne release 1.0.14 (#19) * CheckmarxOne Devops changes --------- Co-authored-by: Apoorva <[email protected]>
checkmarx-ltd · Dec 11, 2023 · 8c13670 · 8c13670
1 parent 79e0b61
commit 8c13670
Show file tree

Hide file tree

Showing 9 changed files with 18,967 additions and 24,378 deletions.
diff --git a/...marx One Application Security_sn_sec_int_integration_e5dffb5c47575110328ca368436d436b.xml b/...marx One Application Security_sn_sec_int_integration_e5dffb5c47575110328ca368436d436b.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<unload unload_date="2023-12-05 10:01:56">
+<sn_sec_int_integration action="INSERT_OR_UPDATE">
+<asset_type/>
+<banner_logo>9fea57dc47a56110b6966285d36d43c6</banner_logo>
+<categories/>
+<configurable>true</configurable>
+<description>Allows application security information to be downloaded from Checkmarx One Server</description>
+<external_link/>
+<help_link/>
+<host_attributes_table/>
+<id>com.snc.vulnerability.appvul.checkmarxone</id>
+<include_proof_in_vi_key>false</include_proof_in_vi_key>
+<instance_setup_script/>
+<integration_type>Application Vulnerability Integration</integration_type>
+<ire_source_name/>
+<is_auto_close_supported>true</is_auto_close_supported>
+<is_multi_source_supported>false</is_multi_source_supported>
+<is_reapply_ci_lookup_supported>false</is_reapply_ci_lookup_supported>
+<lookup_by_network>false</lookup_by_network>
+<name>Checkmarx One Application Security</name>
+<order>100</order>
+<pre_validation_script><![CDATA[(function validation(config) {
+    try {
+        if (gs.nil(config) || gs.nil(config.client_id) || gs.nil(config.client_secret) ||  gs.nil(config.checkmarxone_api_base_url) || gs.nil(config.checkmarxone_server_url) ) {
+            return false;
+        }
+ 
+        var response = new CheckmarxOneUtil().getProjectListForValidation(config);
+        return response;
+    } catch (error) {
+        gs.error(error);
+        throw error;
+    }
+})(config);]]></pre_validation_script>
+<short_description>Checkmarx One application security integration</short_description>
+<source>Checkmarx One</source>
+<sys_class_name>sn_sec_int_integration</sys_class_name>
+<sys_created_by>admin</sys_created_by>
+<sys_created_on>2022-11-17 18:37:11</sys_created_on>
+<sys_id>e5dffb5c47575110328ca368436d436b</sys_id>
+<sys_mod_count>13</sys_mod_count>
+<sys_name>Checkmarx One Application Security</sys_name>
+<sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package>
+<sys_policy/>
+<sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope>
+<sys_update_name>sn_sec_int_integration_e5dffb5c47575110328ca368436d436b</sys_update_name>
+<sys_updated_by>admin</sys_updated_by>
+<sys_updated_on>2023-11-08 10:26:10</sys_updated_on>
+<validation_script><![CDATA[(function validation(configId) {
+    var valid = false;
+    try {
+        var response = new CheckmarxOneUtil().getProject(configId);
+ 
+        valid = response.getStatusCode() == 200;
+ 
+        var impl = new GlideRecord('sn_sec_int_impl');
+        if (impl.get(configId)) {
+            impl.setValue('validation_status', valid ? 'valid' : 'invalid');
+            impl.update();
+        }
+        return response;
+    } catch (error) {
+        gs.error(error);
+        throw error;
+    }
+})(sn_sec_int_impl);]]></validation_script>
+</sn_sec_int_integration>
+</unload>
diff --git a/Scripts/CheckmarxOneConfigUtilBase_sys_script_include_508f0d54471f1110328ca368436d43f8.xml b/Scripts/CheckmarxOneConfigUtilBase_sys_script_include_508f0d54471f1110328ca368436d43f8.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<unload unload_date="2023-09-05 08:46:31">
+<unload unload_date="2023-12-05 10:09:56">
 <sys_script_include action="INSERT_OR_UPDATE">
 <access>package_private</access>
 <active>true</active>
@@ -83,13 +83,13 @@ CheckmarxOneConfigUtilBase.prototype = {
 <sys_created_by>admin</sys_created_by>
 <sys_created_on>2022-11-17 05:45:19</sys_created_on>
 <sys_id>508f0d54471f1110328ca368436d43f8</sys_id>
-<sys_mod_count>37</sys_mod_count>
+<sys_mod_count>48</sys_mod_count>
 <sys_name>CheckmarxOneConfigUtilBase</sys_name>
 <sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package>
 <sys_policy/>
 <sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope>
 <sys_update_name>sys_script_include_508f0d54471f1110328ca368436d43f8</sys_update_name>
 <sys_updated_by>admin</sys_updated_by>
-<sys_updated_on>2023-08-16 15:13:31</sys_updated_on>
+<sys_updated_on>2023-09-08 09:28:36</sys_updated_on>
 </sys_script_include>
 </unload>
diff --git a/...pts/CheckmarxOneDevOpsIntegration_sys_script_include_f171708947e431108a980178c26d434f.xml b/...pts/CheckmarxOneDevOpsIntegration_sys_script_include_f171708947e431108a980178c26d434f.xml
@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<unload unload_date="2023-12-05 10:05:24">
+<sys_script_include action="INSERT_OR_UPDATE">
+<access>package_private</access>
+<active>true</active>
+<api_name>x_chec3_chexone.CheckmarxOneDevOpsIntegration</api_name>
+<caller_access/>
+<client_callable>false</client_callable>
+<description>Integration script for DevOps and Checkmarx One integration to get scan summaries</description>
+<name>CheckmarxOneDevOpsIntegration</name>
+<script><![CDATA[var CheckmarxOneDevOpsIntegration = Class.create();
+CheckmarxOneDevOpsIntegration.prototype = Object.extendsObject(sn_vul.DevOpsVulnerabilityIntegrationBase, {
+    UTIL: new x_chec3_chexone.CheckmarxOneUtil(),
+
+    retrieveData: function() {
+        try {
+            var body = null;
+            var processParams = this._getParameters();
+            processParams = this._validateAndUpdateParams(processParams);
+
+
+            //validate scan status, if results are not ready defer it to next run
+            if (processParams.scanId && processParams.scanStatus == "false") {
+                this._updateDevOpsIntegrationRunState([processParams.sysId], 'new', 'success', gs.getMessage('Scan is still in progress, deferring to next run.'));
+                return;
+            }
+
+            var response = this.UTIL.getLastScanInfo(this.IMPLEMENTATION, processParams.appId, processParams.scanId);
+            body = JSON.parse(response.getBody());
+
+            if (gs.nil(body))
+                throw gs.getMessage("Invalid API response for process: {}", [this.PROCESS.getDisplayValue()]);
+
+
+
+            body.totalVulnerabilities = this.UTIL.getTotal_SAST_KICS_Vulcount(this.IMPLEMENTATION, body.id);
+            body.Query = JSON.stringify(this.UTIL.processQueryData(this.IMPLEMENTATION, body.id));
+
+
+            var fileName = this.integrationGr.name + "_" + new GlideDateTime().toString() + ".json";
+            return {
+                contents: new GlideSysAttachment().write(this.PROCESS, fileName, "json", JSON.stringify(body)),
+                contentType: "sys_attachment",
+                extension: "json"
+            };
+        } catch (err) {
+            gs.error(err);
+            if (this.RUN_SYS_ID) {
+                this._updateDevOpsIntegrationRunState([this.RUN_SYS_ID], 'complete', 'failed', err);
+            }
+        }
+    },
+
+    _validateAndUpdateParams: function(processParams) {
+        var appId = processParams.projectId;
+        var appName = processParams.projectName;
+        var scanId = processParams.scanId;
+
+        if (gs.nil(appId) && gs.nil(appName)) {
+            throw gs.getMessage('Missing application info for fetching Scan summary details of process: {0}',
+                [this.PROCESS.getDisplayValue()]);
+        }
+
+        var applicationInfo = this._fetchProjectInfo(appId, appName);
+
+        if (gs.nil(applicationInfo)) {
+            throw gs.getMessage("Application Id not found for process: {0}.", [this.PROCESS.getDisplayValue()]);
+        }
+
+        processParams.applicationId = appId = applicationInfo;
+
+        if (gs.nil(scanId)) {
+            scanId = this._fetchScanId(appId);
+        }
+        if (!gs.nil(scanId)) {
+            processParams.scanId = scanId;
+            processParams.scanStatus = this._fetchScanStatus(appId, scanId);
+        }
+        return processParams;
+    },
+
+    _fetchProjectInfo: function(appId, appName) {
+        var queryParams = {};
+        var projectId = '';
+        if (!gs.nil(appId)) {
+            queryParams.app_id = appId;
+            var responseByid = this.UTIL.getProjectById(this.IMPLEMENTATION, appId);
+            projectId = responseByid.id.toString();
+
+        } else if (!gs.nil(appName)) {
+            queryParams.app_name = encodeURIComponent(appName);
+            var responseByname = this.UTIL.getProjectByName(this.IMPLEMENTATION, queryParams.app_name);
+            for (var item in responseByname.projects) {
+                projectId = responseByname.projects[item].id;
+            }
+        }
+        if (projectId.length == 0 || projectId == '') {
+            throw gs.getMessage("Application details could not be found for the process: {0}", [this.PROCESS.getDisplayValue()]);
+
+
+        } else {
+            return projectId;
+        }
+
+
+    },
+
+    _fetchScanId: function(appId) {
+        var resp = this.UTIL.getLastScan(this.IMPLEMENTATION, appId);
+        var jsonLastScanSummResp = JSON.parse(resp.getBody());
+
+        if (jsonLastScanSummResp.scans) {
+            for (var item in jsonLastScanSummResp.scans) {
+                return jsonLastScanSummResp.scans[item].id;
+            }
+        }
+        return null;
+    },
+
+
+    _fetchScanStatus: function(appId, scanId) {
+        var resp = this.UTIL.getLastScanInfo(this.IMPLEMENTATION, appId, scanId);
+        var jsonLastScanSummResp = JSON.parse(resp.getBody());
+
+        if (jsonLastScanSummResp.scans) {
+            for (var item in jsonLastScanSummResp.scans) {
+                return jsonLastScanSummResp.scans[item].status;
+            }
+        }
+        return null;
+    },
+
+    type: 'CheckmarxOneDevOpsIntegration'
+});]]></script>
+<sys_class_name>sys_script_include</sys_class_name>
+<sys_created_by>admin</sys_created_by>
+<sys_created_on>2023-08-07 10:58:12</sys_created_on>
+<sys_id>f171708947e431108a980178c26d434f</sys_id>
+<sys_mod_count>37</sys_mod_count>
+<sys_name>CheckmarxOneDevOpsIntegration</sys_name>
+<sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package>
+<sys_policy>read</sys_policy>
+<sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope>
+<sys_update_name>sys_script_include_f171708947e431108a980178c26d434f</sys_update_name>
+<sys_updated_by>admin</sys_updated_by>
+<sys_updated_on>2023-11-09 09:55:09</sys_updated_on>
+</sys_script_include>
+</unload>
diff --git a/...neScanSummaryDetailsJSONProcessor_sys_script_include_b8934b914768b1108a980178c26d4313.xml b/...neScanSummaryDetailsJSONProcessor_sys_script_include_b8934b914768b1108a980178c26d4313.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<unload unload_date="2023-12-05 10:05:58">
+<sys_script_include action="INSERT_OR_UPDATE">
+<access>package_private</access>
+<active>true</active>
+<api_name>x_chec3_chexone.CheckmarxOneScanSummaryDetailsJSONProcessor</api_name>
+<caller_access/>
+<client_callable>false</client_callable>
+<description/>
+<name>CheckmarxOneScanSummaryDetailsJSONProcessor</name>
+<script><![CDATA[var CheckmarxOneScanSummaryDetailsJSONProcessor = Class.create();
+CheckmarxOneScanSummaryDetailsJSONProcessor.prototype = Object.extendsObject(sn_vul.ApplicationVulnerabilityImportProcessorBase, {
+    
+	UTIL: new x_chec3_chexone.CheckmarxOneUtil(),
+    processRecord: function(sourceGr) {
+
+        var data = {};
+        //map attributes from CheckmarxOne into the servicenow scan summary table
+        data['source_app_id'] = sourceGr.u_projectid + "";
+        data['source_scan_id'] = sourceGr.u_id + "";
+		data['name'] = sourceGr.u_projectname + "";
+		data['app_name'] = sourceGr.u_projectname + "";
+		data['last_scan_date'] = this.UTIL.parseDate(sourceGr.u_updatedat);
+        //data['last_scan_date'] = new GlideDateTime(sourceGr.u_updatedat);
+        data['detected_flaw_count'] = +sourceGr.u_totalvulnerabilities;
+        data['scan_summary_name'] = sourceGr.u_id + ' ' + data['last_scan_date'];
+        var query = JSON.parse(sourceGr.u_query + "");
+        data['scan_summary_details'] = query;
+        var summaryId = this._upsert(data);
+        this.postProcessRecord(summaryId);
+        this.completeProcess(this.integrationProcessGr, this.import_counts);
+    },
+
+    postProcessRecord: function(summaryId) {
+        this._getLatestProcessRecord();
+
+        var parameters = JSON.parse(this.PROCESS_GR.getValue('parameters'));
+        var currentParameters = parameters.run;
+
+        var devopsRunGr = new GlideRecord('sn_vul_devops_integration_run');
+        devopsRunGr.addQuery('sys_id', currentParameters.sysId);
+        devopsRunGr.query();
+
+        if (devopsRunGr.next()) {
+            if (gs.nil(summaryId)) {
+                devopsRunGr.setValue('state', 'complete');
+                devopsRunGr.setValue('substate', 'failed');
+                devopsRunGr.update();
+            } else {
+                devopsRunGr.setValue('state', 'complete');
+                devopsRunGr.setValue('substate', 'success');
+                devopsRunGr.setValue('scan_summary', summaryId);
+                devopsRunGr.update();
+            }
+        }
+    },
+
+    _getLatestProcessRecord: function() {
+        var processGr = new GlideRecord('sn_vul_integration_process');
+        processGr.addQuery('sys_id', this.PROCESS_ID);
+        processGr.query();
+        processGr.next();
+        this.PROCESS_GR = processGr;
+    },
+
+       _upsert: function(data) {
+        try {
+            var result = this.AVR_API.createOrUpdateSummary(data);
+            if (!result)
+                return;
+            if (result.updated)
+                this.import_counts.updated++;
+            else if (result.inserted)
+                this.import_counts.inserted++;
+            else if (result.unchanged)
+                this.import_counts.unchanged++;
+
+            var summaryId = result.summaryId;
+
+            var summaryDetails = data.scan_summary_details;
+            for (i = 0; i < summaryDetails.length; i++)
+                this.AVR_API.createOrUpdateSummaryDetails(summaryDetails[i], summaryId);
+        } catch (err) {
+            gs.error(this.MSG + " _upsert : Error while inserting data into ServiceNow DB." + err);
+            throw err;
+        }
+        return summaryId;
+    },
+
+    type: 'CheckmarxOneScanSummaryDetailsJSONProcessor'
+});]]></script>
+<sys_class_name>sys_script_include</sys_class_name>
+<sys_created_by>admin</sys_created_by>
+<sys_created_on>2023-08-08 16:15:13</sys_created_on>
+<sys_id>b8934b914768b1108a980178c26d4313</sys_id>
+<sys_mod_count>31</sys_mod_count>
+<sys_name>CheckmarxOneScanSummaryDetailsJSONProcessor</sys_name>
+<sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package>
+<sys_policy>read</sys_policy>
+<sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope>
+<sys_update_name>sys_script_include_b8934b914768b1108a980178c26d4313</sys_update_name>
+<sys_updated_by>admin</sys_updated_by>
+<sys_updated_on>2023-11-08 11:58:36</sys_updated_on>
+</sys_script_include>
+</unload>