ast weblink field support

build-11.gradle

@@ -2,7 +2,7 @@ import org.gradle.api.tasks.testing.Test
 
 buildscript {
 	ext {
-        CxSBSDK = "0.4.45"
+        CxSBSDK = "0.4.47"
         //cxVersion = "8.90.5"
         springBootVersion = '2.2.6.RELEASE'
         sonarqubeVersion = '2.8'

build-cxgo.gradle

@@ -1,6 +1,6 @@
 buildscript {
     ext {
-        CxSBSDK = "0.1.38"
+        CxSBSDK = "0.1.39"
         //cxVersion = "8.90.5"
         springBootVersion = '2.2.6.RELEASE'
         sonarqubeVersion = '2.8'

build.gradle

@@ -1,6 +1,6 @@
 buildscript {
     ext {
-        CxSBSDK = "0.4.45"
+        CxSBSDK = "0.4.47"
         //cxVersion = "8.90.5"
         springBootVersion = '2.2.6.RELEASE'
         sonarqubeVersion = '2.8'

src/main/java/com/checkmarx/flow/service/ConfigurationOverrider.java

@@ -220,7 +220,7 @@ private void overridePropertiesSca(Optional<Sca> sca, Map<String, String> overri
         });
 
         sca.map(Sca::getThresholdsSeverity).ifPresent(thresholdsSeverity -> {
-            scaConfig.setThresholdsSeverity(thresholdsSeverity);
+            scaConfig.initThresholdsSeverity(thresholdsSeverity);
             overrideReport.put("thresholdsSeverity", convertMapToString(thresholdsSeverity));
         });
 

src/main/java/com/checkmarx/flow/utils/HTMLHelper.java

@@ -46,7 +46,7 @@ public class HTMLHelper {
     public static final String ISSUE_BODY_TEXT = "%s issue exists @ %s in branch %s";
 
     private static final String DIV_A_HREF = "<div><a href='";
-    private static final String NO_POLICY_VIOLATION_MESSAGE = "No policy violation found";
+    public static final String NO_POLICY_VIOLATION_MESSAGE = "No policy violation found";
     private static final String NO_PACKAGE_VIOLATION_MESSAGE = "No package violation found";
 
     private HTMLHelper() {
@@ -93,7 +93,7 @@ public static String getHTMLBody(ScanResults.XIssue issue, ScanRequest request,
     }
 
     private static void addFlowSummarySection(ScanResults results, RepoProperties properties, StringBuilder body, ScanRequest request) {
-        if (properties.isFlowSummary() && results.getAstResults() == null) {
+        if (properties.isFlowSummary() ) {
             if (!ScanUtils.empty(properties.getFlowSummaryHeader())) {
                 appendAll(body, MarkDownHelper.getMdHeaderType(3, properties.getFlowSummaryHeader()), CRLF);
             }
@@ -103,18 +103,17 @@ private static void addFlowSummarySection(ScanResults results, RepoProperties pr
                 appendAll(body, MarkDownHelper.getMdHeaderType(4, NO_POLICY_VIOLATION_MESSAGE), CRLF);
             } else {
                 flowSummaryToMap.forEach((severityKey, value) ->
-                    appendAll(body,
-                            MarkDownHelper.getSeverityIconFromLinkByText(severityKey, request),
-                            MarkDownHelper.getNonBreakingSpace(request), MarkDownHelper.getBoldText(value.toString()),
-                            " ",
-                            MarkDownHelper.getBoldText(severityKey), MarkDownHelper.getLineBreak(request))
+                        appendAll(body,
+                                MarkDownHelper.getSeverityIconFromLinkByText(severityKey, request),
+                                MarkDownHelper.getNonBreakingSpace(request), MarkDownHelper.getBoldText(value.toString()),
+                                " ",
+                                MarkDownHelper.getBoldText(severityKey), MarkDownHelper.getLineBreak(request))
                 );
                 body.append(CRLF);
                 appendAll(body, MarkDownHelper.getTextLink(MarkDownHelper.MORE_DETAILS_LINK_HEADER, results.getLink()), CRLF);
             }
         }
     }
-
     private static void addScaBody(ScanResults results, StringBuilder body, ScanRequest request) {
         Optional.ofNullable(results.getScaResults()).ifPresent(r -> {
             log.debug("Building merge comment MD for SCA scanner");

src/main/java/com/checkmarx/flow/utils/MarkDownHelper.java

@@ -42,6 +42,11 @@ public class MarkDownHelper {
     public static final String SAST_HEADER = CHECKMARX_PREFIX + SAST_SCANNER + " - " + SCAN_SUMMARY_DETAILS;
     public static final String SCA_HEADER = CHECKMARX_PREFIX + SCA_SCANNER + " - " + SCAN_SUMMARY_DETAILS;
     private static final String AST_SAST_HEADER = CHECKMARX_PREFIX + AST_SAST_SCANNER + " - " + SCAN_SUMMARY_DETAILS;
+    private static final String HIGH = "HIGH";
+    private static final String MEDIUM = "MEDIUM";
+    private static final String LOW = "LOW";
+    private static final String INFORMATION = "INFORMATION";
+    private static final String INFO = "INFO";
 
 
     private MarkDownHelper() {
@@ -145,14 +150,18 @@ static String getTextLink(String text, String link) {
     }
 
     static String getSeverityIconFromLinkByText(String severity, ScanRequest request) {
+
+        severity = severity.toUpperCase();
+
         switch (severity) {
-            case "High":
+            case HIGH:
                 return getHighIconFromLink(request);
-            case "Medium":
+            case MEDIUM:
                 return getMediumIconFromLink(request);
-            case "Low":
+            case LOW:    
                 return getLowIconFromLink(request);
-            case "Information":
+            case INFORMATION:
+            case INFO:
                 return getInfoIconFromLink(request);
             default:
                 throw new MachinaRuntimeException(severity + " is not a valid severity");

src/main/java/com/checkmarx/flow/utils/ScanUtils.java

@@ -4,11 +4,13 @@
 import com.checkmarx.flow.constants.SCATicketingConstants;
 import com.checkmarx.flow.dto.*;
 import com.checkmarx.flow.exception.MachinaRuntimeException;
+import com.checkmarx.sdk.config.Constants;
 import com.checkmarx.sdk.dto.Filter;
 import com.checkmarx.sdk.dto.ScanResults;
 import com.checkmarx.sdk.dto.ast.SCAResults;
 import com.cx.restclient.ast.dto.sast.report.FindingNode;
 import com.checkmarx.sdk.dto.cx.CxScanSummary;
+import com.cx.restclient.ast.dto.sast.report.StatusCounter;
 import com.cx.restclient.ast.dto.sca.report.Finding;
 import com.cx.restclient.ast.dto.sca.report.Package;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -90,6 +92,8 @@ public static List<ScanResults.XIssue> setASTXIssuesInScanResults(ScanResults re
 
         setAstScanSummary(results);
 
+        Map<String, Integer> severityCount = new HashMap<>();
+
         List<com.cx.restclient.ast.dto.sast.report.Finding> findings = results.getAstResults().getResults().getFindings();
         findings.forEach(finding -> {
 
@@ -115,19 +119,25 @@ public static List<ScanResults.XIssue> setASTXIssuesInScanResults(ScanResults re
             xIssueBuilder.additionalDetails(additionalDetails);
 
             ScanResults.XIssue issue = xIssueBuilder.build();
-            removeDuplicateIssues(issueList, issue, issue.getDetails());
+
+            removeDuplicateIssues(issueList, issue, issue.getDetails(), severityCount);
+
         });
 
+        results.getAdditionalDetails().put(Constants.SUMMARY_KEY, severityCount);
         results.setXIssues(issueList);
-
+        
         return issueList;
     }
 
-    private static void removeDuplicateIssues(List<ScanResults.XIssue> issueList, ScanResults.XIssue issue, Map<Integer, ScanResults.IssueDetails> details) {
+    private static void removeDuplicateIssues(List<ScanResults.XIssue> issueList, ScanResults.XIssue issue, Map<Integer, ScanResults.IssueDetails> details, Map<String, Integer> severityMap) {
+
         if (issueList.contains(issue)) {
             ScanResults.XIssue existingIssue = issueList.get(issueList.indexOf(issue));
             existingIssue.getDetails().putAll(details);
         } else {
+            Integer severityCount = Optional.ofNullable(severityMap.get(issue.getSeverity())).orElse(0) ;
+            severityMap.put(issue.getSeverity(), ++severityCount);
             issueList.add(issue);
         }
     }
@@ -140,6 +150,7 @@ private static void setAstScanSummary( ScanResults results) {
         scanSummary.setInfoSeverity(0);
         results.setLink(results.getAstResults().getResults().getWebReportLink());
         results.setScanSummary( scanSummary);
+
     }
 
 

src/test/java/com/checkmarx/flow/cucumber/component/ast/parse/GitHubCommentsASTSteps.java

@@ -42,13 +42,15 @@
 import com.cx.restclient.ast.dto.sast.report.Finding;
 
 
+import javax.validation.constraints.AssertTrue;
 import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
 
 
+import static com.checkmarx.flow.utils.HTMLHelper.NO_POLICY_VIOLATION_MESSAGE;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.doAnswer;
@@ -67,6 +69,7 @@ public class GitHubCommentsASTSteps {
     private static final String AST_SCA = "AST,SCA";
     private static final String GIT_URL =  "https://github.com/cxflowtestuser/testsAST.git";
     private static final String REGEX = "### Checkmarx";
+    private static final String AST_WEB_REPORT_LINK = "https://astWebReportUrl";
 
     private final CxClient cxClientMock;
     private final FlowProperties flowProperties;
@@ -170,6 +173,7 @@ private ScanResults createFakeASTScanResults(int highCount, int mediumCount, int
         summary.setMediumVulnerabilityCount(mediumCount);
         summary.setLowVulnerabilityCount(lowCount);
 
+        astSastResults.setWebReportLink(AST_WEB_REPORT_LINK);
         astSastResults.setSummary(summary);
         Map<String, Object> details = new HashMap<>();
         details.put(Constants.SUMMARY_KEY, new HashMap<>());
@@ -256,11 +260,11 @@ private void initMock(CxClient cxClientMock) {
 
     private void initGitHubProperties() {
         this.gitHubProperties.setCxSummary(false);
-        this.gitHubProperties.setFlowSummary(false);
         this.gitHubProperties.setUrl(GIT_URL);
         this.gitHubProperties.setWebhookToken("1234");
         this.gitHubProperties.setApiUrl("https://api.github.com/repos");
         this.gitHubProperties.setBlockMerge(false);
+        this.gitHubProperties.setFlowSummary(true);
     }
 
 
@@ -396,30 +400,47 @@ public ScanResults answer(InvocationOnMock invocation) {
     @Then("we should see the expected number of results in comments")
     public void verifyComments(){
 
-        int highCounter = StringUtils.countMatches(comment, "HIGH");
-        int mediumCounter = StringUtils.countMatches(comment, "MEDIUM");
-        int lowCounter = StringUtils.countMatches(comment, "LOW");
+        int actaulHighCounter = StringUtils.countMatches(comment, "HIGH");
+        int actualMediumCounter = StringUtils.countMatches(comment, "MEDIUM");
+        int actaulLowCounter = StringUtils.countMatches(comment, "LOW");
 
 
         if (scannerType.equalsIgnoreCase(AST_SCA)) {
             Assert.assertTrue(PullRequestCommentsHelper.isSastAndScaComment(comment) );
-            
+
             Assert.assertEquals(scanResultsToInject.getAstResults().getResults().getSummary().getHighVulnerabilityCount()+
-                    scanResultsToInject.getScaResults().getSummary().getFindingCounts().get(Filter.Severity.HIGH), highCounter);
+                    scanResultsToInject.getScaResults().getSummary().getFindingCounts().get(Filter.Severity.HIGH), actaulHighCounter);
             Assert.assertEquals(scanResultsToInject.getAstResults().getResults().getSummary().getMediumVulnerabilityCount() +
-                    scanResultsToInject.getScaResults().getSummary().getFindingCounts().get(Filter.Severity.MEDIUM), mediumCounter);
-            Assert.assertEquals(scanResultsToInject.getAstResults().getResults().getSummary().getLowVulnerabilityCount()+
-                    scanResultsToInject.getScaResults().getSummary().getFindingCounts().get(Filter.Severity.LOW), lowCounter);
+                    scanResultsToInject.getScaResults().getSummary().getFindingCounts().get(Filter.Severity.MEDIUM), actualMediumCounter);
+
+            // add 1 to the results 
+            Assert.assertEquals(scanResultsToInject.getAstResults().getResults().getSummary().getLowVulnerabilityCount()+ 1 +
+                    scanResultsToInject.getScaResults().getSummary().getFindingCounts().get(Filter.Severity.LOW), actaulLowCounter);
 
         }
         else if (scannerType.equalsIgnoreCase(AST)) {
+
             Assert.assertTrue(PullRequestCommentsHelper.isSastFindingsComment(comment));
 
-            Assert.assertEquals(scanResultsToInject.getAstResults().getResults().getSummary().getHighVulnerabilityCount(), highCounter);
-            Assert.assertEquals(scanResultsToInject.getAstResults().getResults().getSummary().getMediumVulnerabilityCount(), mediumCounter);
-            Assert.assertEquals(scanResultsToInject.getAstResults().getResults().getSummary().getLowVulnerabilityCount(), lowCounter);
-
+            int expectedHigh = getExpectedResults(scanResultsToInject.getAstResults().getResults().getSummary().getHighVulnerabilityCount());
+            int expectedMedium = getExpectedResults(scanResultsToInject.getAstResults().getResults().getSummary().getMediumVulnerabilityCount());
+            int expectedLow = getExpectedResults(scanResultsToInject.getAstResults().getResults().getSummary().getLowVulnerabilityCount());
+
+            Assert.assertEquals(expectedHigh  , actaulHighCounter);
+            Assert.assertEquals(expectedMedium  , actualMediumCounter);
+            Assert.assertEquals(expectedLow , actaulLowCounter);
+
+            if(!comment.contains(NO_POLICY_VIOLATION_MESSAGE)) {
+                Assert.assertTrue(comment.contains(AST_WEB_REPORT_LINK));
+            }
         }
+
+
+    }
+
+    private int getExpectedResults(int vulnerabilityCount) {
 
+        //adding 1 to the expected count since the severity string appears not only in the Summary section but also in in the Flow Summary Section
+        return vulnerabilityCount==0 ? 0 :  vulnerabilityCount + 1;
     }
 }