-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* GA Changes GA * GA changes 1.0.12 * code changes for encryption and decryption of access_token * code changes for encryption and decryption of access_token * code changes for encryption and decryption of access_token * updated scan summary name and update set * change log level to basic * Update Update_Set_GA_1.0.11.xml * Added Update set From Vendor Instance --------- Co-authored-by: Apoorva <[email protected]>
- Loading branch information
1 parent
255b673
commit cb65f8d
Showing
12 changed files
with
8,468 additions
and
7,941 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <unload unload_date="2023-06-27 13:48:20"> | ||
| <unload unload_date="2023-08-11 14:37:20"> | ||
| <sys_script_include action="INSERT_OR_UPDATE"> | ||
| <access>public</access> | ||
| <active>true</active> | ||
|
|
@@ -58,21 +58,26 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati | |
| var groups = ''; | ||
| var groupval = ' '; | ||
| for (var item in response.projects) { | ||
| var applicationIds = ''; | ||
| groups = +response.projects[item].groups.toString(); | ||
| { | ||
| var projectResponse = this.UTIL.getProjectById(this.IMPLEMENTATION, response.projects[item].id); | ||
| if (null != projectResponse.applicationIds && projectResponse.applicationIds.length > 0) | ||
| applicationIds = projectResponse.applicationIds.toString(); { | ||
| if (groups == 0) { | ||
| appListAll += '<project id="' + response.projects[item].id + | ||
| '" createdAt="' + response.projects[item].createdAt + | ||
| '" applicationIds="' + applicationIds + | ||
| '" groups="' + groupval + '">' + | ||
| '<name><' + '![CDATA[' + response.projects[item].name + ']]' + '></name></project>'; | ||
| } else { | ||
| appListAll += '<project id="' + response.projects[item].id + | ||
| '" createdAt="' + response.projects[item].createdAt + | ||
| '" applicationIds="' + applicationIds + | ||
| '" groups="' + response.projects[item].groups.toString() + '">' + | ||
| '<name><' + '![CDATA[' + response.projects[item].name + ']]' + '></name></project>'; | ||
| } | ||
| } | ||
| } | ||
| } | ||
| var reportContent = appListRootNodeStart + appListAll + appListRootNodeEnd; | ||
|
|
@@ -178,20 +183,19 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati | |
| shouldRetry: function(process) { | ||
| return true; | ||
| }, | ||
| type: 'CheckmarxOneAppListIntegration' | ||
| });]]></script> | ||
| <sys_class_name>sys_script_include</sys_class_name> | ||
| <sys_created_by>admin</sys_created_by> | ||
| <sys_created_on>2022-11-18 05:11:38</sys_created_on> | ||
| <sys_id>f60f0ee047131110328ca368436d43ba</sys_id> | ||
| <sys_mod_count>132</sys_mod_count> | ||
| <sys_mod_count>133</sys_mod_count> | ||
| <sys_name>CheckmarxOneAppListIntegration</sys_name> | ||
| <sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package> | ||
| <sys_policy/> | ||
| <sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope> | ||
| <sys_update_name>sys_script_include_f60f0ee047131110328ca368436d43ba</sys_update_name> | ||
| <sys_updated_by>[email protected]</sys_updated_by> | ||
| <sys_updated_on>2023-06-26 17:02:50</sys_updated_on> | ||
| <sys_updated_on>2023-08-08 11:25:54</sys_updated_on> | ||
| </sys_script_include> | ||
| </unload> | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <unload unload_date="2023-06-27 13:48:59"> | ||
| <unload unload_date="2023-08-11 14:38:22"> | ||
| <sys_script_include action="INSERT_OR_UPDATE"> | ||
| <access>public</access> | ||
| <active>true</active> | ||
|
|
@@ -16,15 +16,14 @@ CheckmarxOneAppListProcessor.prototype = Object.extendsObject(sn_vul.Application | |
| */ | ||
| MSG: 'CheckmarxOne AppListProcessor:', | ||
| UTIL: new x_chec3_chexone.CheckmarxOneUtil(), | ||
| process: function (attachment) { | ||
| process: function(attachment) { | ||
| if (!attachment) { | ||
| gs.warn(gs.getMessage('CheckmarxOneAppListProcessor: Called with no attachment')); | ||
| return; | ||
| } | ||
| try { | ||
| this.UTIL.validateXML(new GlideSysAttachment().getContent(attachment), 'error'); | ||
| //Parsing the Project List attachment | ||
| var appDoc = new XMLDocument2(); | ||
| appDoc.parseXML(new GlideSysAttachment().getContent(attachment)); | ||
|
|
@@ -38,17 +37,22 @@ CheckmarxOneAppListProcessor.prototype = Object.extendsObject(sn_vul.Application | |
| var errorProcess = ''; | ||
| while (iter.hasNext()) { | ||
| try { | ||
| var appNode = iter.next(); | ||
| var attributes = appNode.getAttributes(); | ||
| var applicationId = ''; | ||
| var appId; | ||
| if (appNode.getAttribute('applicationIds') && appNode.getAttribute('applicationIds') != {}) { | ||
| appId ={}; | ||
| appId[gs.getMessage("Application Id: ")] = appNode.getAttribute('applicationIds').toString(); | ||
| } else | ||
| appId = ''; | ||
| //map attributes from Checkmarx into the servicenow expected format' | ||
| var appObj = { | ||
| source_app_id: attributes.id, | ||
| app_name: appNode.getLastChild().getTextContent().toString(), | ||
| source_assigned_teams: attributes.groups, | ||
| description: 'created at' + attributes.createdAt, | ||
| source_additional_info: JSON.stringify(appId), | ||
| }; | ||
| //Updating the project information in ServiceNow table | ||
| var result = this.AVR_API.createOrUpdateApp(appObj); | ||
|
|
@@ -59,45 +63,33 @@ CheckmarxOneAppListProcessor.prototype = Object.extendsObject(sn_vul.Application | |
| this.import_counts.updated++; | ||
| else if (result.unchanged) | ||
| this.import_counts.unchanged++; | ||
| } | ||
| } | ||
| } catch (ex) { | ||
| errorMessage = gs.getMessage("Error in retriving data for app list integration!"); | ||
| gs.error(this.MSG + "errorMessage " + ex); | ||
| errorProcess += " | " + ex.getMessage(); | ||
| } catch (ex) { | ||
| errorMessage = gs.getMessage("Error in retriving data for app list integration!"); | ||
| gs.error(this.MSG + "errorMessage " + ex); | ||
| errorProcess += " | " + ex.getMessage(); | ||
| } | ||
| } | ||
| } | ||
| if (!gs.nil(errorProcess)) | ||
| gs.error(this.MSG + "All errors that occurred while processing project lists: " + errorProcess); | ||
| this.completeProcess(this.integrationProcessGr, this.import_counts); | ||
| }, | ||
| } | ||
| } | ||
| } catch (ex) { | ||
| errorMessage = gs.getMessage("Error in retriving data for app list integration!"); | ||
| gs.error(this.MSG + "errorMessage " + ex); | ||
| throw ex; | ||
| } | ||
| this.completeProcess(this.integrationProcessGr, this.import_counts); | ||
| }, | ||
| type: 'CheckmarxOneAppListProcessor' | ||
| });]]></script> | ||
| <sys_class_name>sys_script_include</sys_class_name> | ||
| <sys_created_by>admin</sys_created_by> | ||
| <sys_created_on>2022-11-21 12:03:00</sys_created_on> | ||
| <sys_id>716c87ad471f1110328ca368436d438a</sys_id> | ||
| <sys_mod_count>48</sys_mod_count> | ||
| <sys_mod_count>49</sys_mod_count> | ||
| <sys_name>CheckmarxOneAppListProcessor</sys_name> | ||
| <sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package> | ||
| <sys_policy/> | ||
| <sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope> | ||
| <sys_update_name>sys_script_include_716c87ad471f1110328ca368436d438a</sys_update_name> | ||
| <sys_updated_by>[email protected]</sys_updated_by> | ||
| <sys_updated_on>2023-06-26 17:18:16</sys_updated_on> | ||
| <sys_updated_on>2023-08-08 11:22:07</sys_updated_on> | ||
| </sys_script_include> | ||
| </unload> | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <unload unload_date="2023-06-27 13:49:35"> | ||
| <unload unload_date="2023-09-05 08:40:21"> | ||
| <sys_script_include action="INSERT_OR_UPDATE"> | ||
| <access>public</access> | ||
| <active>true</active> | ||
|
|
@@ -17,9 +17,32 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| retrieveData: function() { | ||
| var params = this._getParameters(this.PROCESS.getValue('parameters')); | ||
| var response = "<null/>"; | ||
| if (Object.keys(params.run)[0]) { | ||
| var appname = ''; | ||
| var lastscandate = ''; | ||
| var branch = ''; | ||
| var appId = ''; | ||
| var applicationIds = []; | ||
| var applicationIdsStr = ''; | ||
| var responseLastScanSummary = this.UTIL.getScanDetails(this.IMPLEMENTATION, Object.keys(params.run)[0]); | ||
| var jsonLastScanSummResp = JSON.parse(responseLastScanSummary.getBody()); | ||
| //to map value of last_scan_date, project name and project Id in XML | ||
| for (var value in jsonLastScanSummResp.scans) { | ||
| var projectResponse = this.UTIL.getProjectById(this.IMPLEMENTATION, jsonLastScanSummResp.scans[value].projectId); | ||
| if (null != projectResponse.applicationIds && projectResponse.applicationIds.length > 0) | ||
| applicationIds = applicationIds.concat(projectResponse.applicationIds); | ||
| lastscandate += this.UTIL.parseDate(jsonLastScanSummResp.scans[value].updatedAt); | ||
| appname += jsonLastScanSummResp.scans[value].projectName; | ||
| branch += jsonLastScanSummResp.scans[value].branch; | ||
| appId += jsonLastScanSummResp.scans[value].projectId; | ||
| } | ||
| if (applicationIds.length > 0) | ||
| applicationIdsStr = applicationIds.toString(); | ||
| } | ||
| if (params.run) { | ||
| // scanId, offset | ||
| response = this.getDetailedReport(Object.keys(params.run)[0], params.run[Object.keys(params.run)[0]]); | ||
| response = this.getDetailedReport(Object.keys(params.run)[0], params.run[Object.keys(params.run)[0]], lastscandate, appname, branch, appId, applicationIdsStr); | ||
| gs.debug(this.MSG + ' getDetailedReport response:' + response); | ||
| } | ||
|
|
@@ -45,7 +68,7 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| }; | ||
| }, | ||
| getDetailedReport: function(scanId, offset) { | ||
| getDetailedReport: function(scanId, offset, lastscandate, appname, branch, appId, applicationIdsStr) { | ||
| try { | ||
| var includesca = this.UTIL.importScaFlaw(this.IMPLEMENTATION); | ||
| var includesast = this.UTIL.importSastFlaw(this.IMPLEMENTATION); | ||
|
|
@@ -56,13 +79,9 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| var SCAscanDetailedAll = ''; | ||
| var SASTscanDetailedAll = ''; | ||
| var scanDetailedAll = ''; | ||
| var lastscandate = ''; | ||
| var sca = 'sca'; | ||
| var sast = 'sast'; | ||
| var description = ''; | ||
| var appname = ''; | ||
| var branch = ''; | ||
| var appId = ''; | ||
| var line = ''; | ||
| var ref = ''; | ||
| var reference = ''; | ||
|
|
@@ -76,20 +95,11 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| var cvssScore = " "; | ||
| var cvssVector = " "; | ||
| var newoffset = offset - 1; | ||
| var responseLastScanSummary = this.UTIL.getScanDetails(this.IMPLEMENTATION, scanId); | ||
| var jsonLastScanSummResp = JSON.parse(responseLastScanSummary.getBody()); | ||
| gs.debug(this.MSG + " getSummaryReport : parsed scanInfoResponse " + JSON.stringify(jsonLastScanSummResp)); | ||
| //to map value of last_scan_date, project name and project Id in XML | ||
| for (var value in jsonLastScanSummResp.scans) { | ||
| lastscandate += this.UTIL.parseDate(jsonLastScanSummResp.scans[value].updatedAt); | ||
| appId += jsonLastScanSummResp.scans[value].projectId; | ||
| } | ||
| var responseLastScanReport = this.UTIL.getVulInfo(this.IMPLEMENTATION, scanId, newoffset); | ||
| gs.debug(this.MSG + " getDetailedReport : scanInfoResponse " + responseLastScanReport); | ||
| var jsonLastScanReportResp = JSON.parse(responseLastScanReport.getBody()); | ||
| var scan_type = "static"; | ||
| var vulnerabilityCountThresholdLevel = config.vulnerability_threshold_level; | ||
| for (var item in jsonLastScanReportResp.results) { | ||
| if (jsonLastScanReportResp.results[item].type == "sast") { | ||
| for (var j in jsonLastScanReportResp.results[item].data.nodes) { | ||
|
|
@@ -100,6 +110,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| if ((vulnerabilityCountThresholdLevel == 'LOW') || | ||
| (severity.toUpperCase() == 'HIGH') || | ||
| (severity.toUpperCase() == vulnerabilityCountThresholdLevel)) { | ||
| var owasp = this._getOWASPTop10(jsonLastScanReportResp.results[item].vulnerabilityDetails.compliances); | ||
| var sans = this._getSANSTop25(jsonLastScanReportResp.results[item].vulnerabilityDetails.compliances); | ||
| SASTscanDetailedAll += '<result id="' + jsonLastScanReportResp.results[item].similarityId + '" scan_type="' + scan_type + | ||
| '" cweId="' + jsonLastScanReportResp.results[item].vulnerabilityDetails.cweId + | ||
| '" cweName="' + jsonLastScanReportResp.results[item].data.queryName + | ||
|
|
@@ -120,25 +132,28 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| '" app_id="' + appId + | ||
| '" branch="' + branch + | ||
| '" last_scan_date="' + lastscandate + | ||
| '" OWASPTop10="' + owasp + | ||
| '" SANSTop25="' + sans + | ||
| '" application_ids="' + applicationIdsStr + | ||
| '" scan_id="' + 'sast' + scanId + '">' + | ||
| '<references><' + '![CDATA[' + reference + ']]' + '></references>' + | ||
| '<description><' + '![CDATA[' + jsonLastScanReportResp.results[item].description + ']]' + '></description></result>'; | ||
| } | ||
| } | ||
| if (jsonLastScanReportResp.results[item].type == "sca") { | ||
| if (jsonLastScanReportResp.results[item].type == "sca" || jsonLastScanReportResp.results[item].type == "sca-container") { | ||
| for (var k in jsonLastScanReportResp.results[item].data.packageData) { | ||
| var url = jsonLastScanReportResp.results[item].data.packageData[k].url; | ||
| ref += url + ', '; | ||
| } | ||
| var scaseverity = jsonLastScanReportResp.results[item].severity; | ||
| if ((vulnerabilityCountThresholdLevel == 'LOW') || | ||
| (scaseverity.toUpperCase() == 'HIGH') || | ||
| (scaseverity.toUpperCase() == vulnerabilityCountThresholdLevel)) { | ||
| SCAscanDetailedAll += '<result id="' + jsonLastScanReportResp.results[item].id + '" scan_type="' + jsonLastScanReportResp.results[item].type + | ||
| SCAscanDetailedAll += '<result id="' + jsonLastScanReportResp.results[item].id + | ||
| '" scan_type="' + 'sca' + | ||
| '" cweId="' + jsonLastScanReportResp.results[item].vulnerabilityDetails.cweId + | ||
| '" cweName="' + jsonLastScanReportResp.results[item].vulnerabilityDetails.cveName + | ||
| '" cvssScore="' + jsonLastScanReportResp.results[item].vulnerabilityDetails.cvssScore + | ||
|
|
@@ -159,12 +174,13 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| '" app_id="' + appId + | ||
| '" branch="' + branch + | ||
| '" last_scan_date="' + lastscandate + | ||
| '" application_ids="' + applicationIdsStr + | ||
| '" scan_id="' + 'sca' + scanId + '">' + | ||
| '<references><' + '![CDATA[' + ref + ']]' + '></references>' + | ||
| '<description><' + '![CDATA[' + jsonLastScanReportResp.results[item].description + ']]' + '></description></result>'; | ||
| } | ||
| } | ||
| // '" references="' + ref.replace(/</g, " ") + | ||
| } | ||
| if (includesca) { | ||
| scanDetailedAll += SCAscanDetailedAll; | ||
|
|
@@ -181,6 +197,44 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| return reportContent; | ||
| }, | ||
| // Get all the OWASP Top 10 compliances as a concatenated string with comma. | ||
| _getOWASPTop10: function(compliances) { | ||
| var owasp = ''; | ||
| if (compliances != null) { | ||
| for (var value in compliances) { | ||
| var compliance = compliances[value].toString(); | ||
| var tempStr = compliance.toLowerCase(); | ||
| var containsStr = tempStr.indexOf('owasp top 10'); | ||
| if (containsStr != -1) { | ||
| if (owasp == '') | ||
| owasp += compliance; | ||
| else | ||
| owasp += ',' + compliance; | ||
| } | ||
| } | ||
| } | ||
| return owasp; | ||
| }, | ||
| // Get all the SANS Top 25 compliances as a concatenated string with comma. | ||
| _getSANSTop25: function(compliances) { | ||
| var sans = ''; | ||
| if (compliances != null) { | ||
| for (var value in compliances) { | ||
| var compliance = compliances[value].toString(); | ||
| var tempStr = compliance.toLowerCase(); | ||
| var containsStr = tempStr.indexOf('sans top 25'); | ||
| if (containsStr != -1) { | ||
| if (sans == '') | ||
| sans += compliance; | ||
| else | ||
| sans += ',' + compliance; | ||
| } | ||
| } | ||
| } | ||
| return sans; | ||
| }, | ||
| // Gets the integration parameters as a map | ||
| _getParameters: function(parameters) { | ||
| var params = { | ||
|
|
@@ -275,6 +329,7 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| var offsets = []; | ||
| var offset = 0; | ||
| var ReportLength = this.UTIL.getTotalVulcount(this.IMPLEMENTATION, scanId); | ||
| //gs.info("Report Length" + ReportLength); | ||
| var loopLength = ReportLength / 50; | ||
| //in result api offset value start from 0 and increment by 1, here it acts like page instead of number of item like other api | ||
| for (var i = 0; i <= parseInt(loopLength); i++) { | ||
|
|
@@ -336,10 +391,13 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic | |
| <sys_created_by>admin</sys_created_by> | ||
| <sys_created_on>2022-11-21 12:06:20</sys_created_on> | ||
| <sys_id>891d8fed471f1110328ca368436d4334</sys_id> | ||
| <sys_mod_count>163</sys_mod_count> | ||
| <sys_name>CheckmarxOneAppVulItemIntegration</sys_name> | ||
| <sys_package display_value="Checkmarx One Vulnerability Integration" source="x_chec3_chexone">3d20e92d47471110328ca368436d436a</sys_package> | ||
| <sys_policy/> | ||
| <sys_scope display_value="Checkmarx One Vulnerability Integration">3d20e92d47471110328ca368436d436a</sys_scope> | ||
| <sys_update_name>sys_script_include_891d8fed471f1110328ca368436d4334</sys_update_name> | ||
| <sys_updated_by>[email protected]</sys_updated_by> | ||
| <sys_updated_on>2023-08-29 05:30:33</sys_updated_on> | ||
| </sys_script_include> | ||
| </unload> | ||
Oops, something went wrong.