From 9a96e7c00edfba04935deb1e4bdf7c1f0bbd3e55 Mon Sep 17 00:00:00 2001 From: Ken McDonald Date: Mon, 20 Jul 2020 23:34:44 -0400 Subject: [PATCH] Returning ScanResults directly to CLI driven scan logic. Async calls for both/all scanners will need future consideration --- .../java/com/checkmarx/flow/CxFlowRunner.java | 26 +++------------ .../checkmarx/flow/service/SCAScanner.java | 6 ++-- .../checkmarx/flow/service/SastScanner.java | 33 +++++++------------ 3 files changed, 20 insertions(+), 45 deletions(-) diff --git a/src/main/java/com/checkmarx/flow/CxFlowRunner.java b/src/main/java/com/checkmarx/flow/CxFlowRunner.java index c7e1c5fe0..38021d326 100644 --- a/src/main/java/com/checkmarx/flow/CxFlowRunner.java +++ b/src/main/java/com/checkmarx/flow/CxFlowRunner.java @@ -25,7 +25,6 @@ import java.lang.reflect.InvocationTargetException; import java.util.Arrays; import java.util.List; - import static com.checkmarx.flow.exception.ExitThrowable.exit; @Component @@ -452,7 +451,6 @@ private String getOptionValues(ApplicationArguments arg, String option){ } private void cxScan(ScanRequest request, String gitUrl, String gitAuthUrl, String branch, ScanRequest.Repository repoType) throws ExitThrowable { - ScanDetails sastScanDetails = null; ScanResults sastScanResults = null; ScanResults scaScanResults = null; log.info("Initiating scan using Checkmarx git clone"); @@ -465,16 +463,16 @@ private void cxScan(ScanRequest request, String gitUrl, String gitAuthUrl, Strin if(flowProperties.getEnabledVulnerabilityScanners() == null || flowProperties.getEnabledVulnerabilityScanners().contains(SAST_SCANNER)) { - sastScanDetails = sastScanner.cxFullScan(request); + sastScanResults = sastScanner.cxFullScan(request); } if(flowProperties.getEnabledVulnerabilityScanners().contains(SCA_SCANNER)) { scaScanResults = scaScanner.scan(request); } - handleScanResults(request, sastScanDetails, sastScanResults, scaScanResults); + ScanResults scanResults = resultsService.joinResults(sastScanResults, scaScanResults); + processResults(request, scanResults); } private void cxScan(ScanRequest request, String path) throws ExitThrowable { - ScanDetails sastScanDetails = null; ScanResults sastScanResults = null; ScanResults scaScanResults = null; if(ScanUtils.empty(request.getProject())){ @@ -483,24 +481,10 @@ private void cxScan(ScanRequest request, String path) throws ExitThrowable { } if(flowProperties.getEnabledVulnerabilityScanners() == null || flowProperties.getEnabledVulnerabilityScanners().contains(SAST_SCANNER)) { - sastScanDetails = sastScanner.cxFullScan(request, path); + sastScanResults = sastScanner.cxFullScan(request, path); } if(flowProperties.getEnabledVulnerabilityScanners().contains(SCA_SCANNER)) { - scaScanResults = scaScanner.cxFullScan(request, path); - } - handleScanResults(request, sastScanDetails, sastScanResults, scaScanResults); - } - - private void handleScanResults(ScanRequest request, ScanDetails sastScanDetails, ScanResults sastScanResults, ScanResults scaScanResults) throws ExitThrowable { - if(sastScanDetails != null){ - if (sastScanDetails.getResults().isCompletedExceptionally()) { - log.error("An error occurred while executing process"); - } else { - if (log.isInfoEnabled()) { - log.info("Finished processing the request"); - } - } - sastScanResults = sastScanDetails.getResults().join(); + scaScanResults = scaScanner.scan(request, path); } ScanResults scanResults = resultsService.joinResults(sastScanResults, scaScanResults); processResults(request, scanResults); diff --git a/src/main/java/com/checkmarx/flow/service/SCAScanner.java b/src/main/java/com/checkmarx/flow/service/SCAScanner.java index b009f5368..379a931cf 100644 --- a/src/main/java/com/checkmarx/flow/service/SCAScanner.java +++ b/src/main/java/com/checkmarx/flow/service/SCAScanner.java @@ -55,8 +55,8 @@ public ScanResults scan(ScanRequest scanRequest) { return result; } - public ScanResults cxFullScan(ScanRequest scanRequest, String path) throws ExitThrowable { - ScanResults result = null; + public ScanResults scan(ScanRequest scanRequest, String path) throws ExitThrowable { + ScanResults result; log.info("--------------------- Initiating new {} scan ---------------------", SCAN_TYPE); SCAResults internalResults = new SCAResults(); @@ -73,6 +73,7 @@ public ScanResults cxFullScan(ScanRequest scanRequest, String path) throws ExitT internalResults = scaClient.scanLocalSource(internalScaParams); logRequest(scanRequest, internalResults.getScanId(), OperationResult.successful()); result = toScanResults(internalResults); + log.debug("Deleting temp file {}", f.getPath()); Files.deleteIfExists(Paths.get(cxZipFile)); @@ -86,7 +87,6 @@ public ScanResults cxFullScan(ScanRequest scanRequest, String path) throws ExitT return result; } - private void logRequest(ScanRequest request, String scanId, OperationResult scanCreationResult) { ScanReport report = new ScanReport(scanId, request,request.getRepoUrl(), scanCreationResult, ScanReport.SCA); report.log(); diff --git a/src/main/java/com/checkmarx/flow/service/SastScanner.java b/src/main/java/com/checkmarx/flow/service/SastScanner.java index b7881dd77..981ae17ab 100644 --- a/src/main/java/com/checkmarx/flow/service/SastScanner.java +++ b/src/main/java/com/checkmarx/flow/service/SastScanner.java @@ -24,7 +24,6 @@ import org.eclipse.jgit.api.Git; import org.eclipse.jgit.api.errors.GitAPIException; import org.springframework.stereotype.Service; - import java.io.File; import java.io.IOException; import java.nio.file.FileSystems; @@ -32,7 +31,6 @@ import java.nio.file.Paths; import java.util.*; import java.util.concurrent.CompletableFuture; - import static com.checkmarx.flow.exception.ExitThrowable.exit; import static com.checkmarx.sdk.config.Constants.UNKNOWN; import static com.checkmarx.sdk.config.Constants.UNKNOWN_INT; @@ -142,15 +140,6 @@ public boolean isEnabled() { return result; } - public CompletableFuture executeCxScanFlow(ScanRequest request, File cxFile) throws MachinaException { - ScanDetails details = executeCxScan(request, cxFile); - if (details.processResults()) { - return resultsService.processScanResultsAsync(request, details.getProjectId(), details.getScanId(), details.getOsaScanId(), request.getFilter()); - } else { - return details.getResults(); - } - } - public ScanDetails executeCxScan(ScanRequest request, File cxFile) throws MachinaException { String osaScanId; @@ -197,8 +186,8 @@ public ScanDetails executeCxScan(ScanRequest request, File cxFile) throws Machin return scanDetails; } - public ScanDetails cxFullScan(ScanRequest request, String path) throws ExitThrowable { - ScanDetails cliScanDetails = null; + public ScanResults cxFullScan(ScanRequest request, String path) throws ExitThrowable { + ScanResults results = null; try { String effectiveProjectName = projectNameGenerator.determineProjectName(request); request.setProject(effectiveProjectName); @@ -210,30 +199,32 @@ public ScanDetails cxFullScan(ScanRequest request, String path) throws ExitThrow log.debug("free space {}", f.getFreeSpace()); log.debug("total space {}", f.getTotalSpace()); log.debug(f.getAbsolutePath()); - cliScanDetails = new ScanDetails(UNKNOWN_INT, UNKNOWN_INT, executeCxScanFlow(request, f), true); + ScanDetails details = executeCxScan(request, f); + results = cxService.getReportContentByScanId(details.getScanId(), request.getFilter()); log.debug("Deleting temp file {}", f.getPath()); Files.deleteIfExists(Paths.get(cxZipFile)); } catch (IOException e) { log.error("Error occurred while attempting to zip path {}", path, e); exit(3); - } catch (MachinaException e) { + } catch (MachinaException | CheckmarxException e) { log.error("Error occurred", e); exit(3); } - return cliScanDetails; + return results; } - public ScanDetails cxFullScan(ScanRequest request) throws ExitThrowable { - ScanDetails cliScanDetails = null; + public ScanResults cxFullScan(ScanRequest request) throws ExitThrowable { + ScanResults results = null; try { String effectiveProjectName = projectNameGenerator.determineProjectName(request); request.setProject(effectiveProjectName); - cliScanDetails = new ScanDetails(UNKNOWN_INT, UNKNOWN_INT, executeCxScanFlow(request, null), true); - } catch (MachinaException e) { + ScanDetails details = executeCxScan(request, null); + results = cxService.getReportContentByScanId(details.getScanId(), request.getFilter()); + } catch (MachinaException | CheckmarxException e) { log.error("Error occurred", e); exit(3); } - return cliScanDetails; + return results; } public void cxParseResults(ScanRequest request, File file) throws ExitThrowable {