• Home
• com.checkmarx
• cx-client-common
• 2020.4.132
• source code
• OSAUtils.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.cx.restclient.osa.utils.OSAUtils Maven / Gradle / Ivy

package com.cx.restclient.osa.utils;

import com.cx.restclient.common.ShragaUtils;
import com.cx.restclient.osa.dto.OSAResults;
import com.cx.restclient.osa.dto.OSASummaryResults;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;

import java.io.File;
import java.nio.charset.Charset;
import java.text.SimpleDateFormat;
import java.util.*;

import static com.cx.restclient.common.CxPARAM.CX_REPORT_LOCATION;

/**
 * Created by Galn on 07/02/2018.
 */
public abstract class OSAUtils {

    private static final String[] SUPPORTED_EXTENSIONS = {"jar", "war", "ear", "aar", "dll", "exe", "msi", "nupkg", "egg", "whl", "tar.gz", "gem", "deb", "udeb",
            "dmg", "drpm", "rpm", "pkg.tar.xz", "swf", "swc", "air", "apk", "zip", "gzip", "tar.bz2", "tgz", "js"};

    private static final String INCLUDE_ALL_EXTENSIONS = "**/**";
    private static final String JSON_EXTENSION = ".json";

    public static final String DEFAULT_ARCHIVE_INCLUDES = "**/.*jar,**/*.war,**/*.ear,**/*.sca,**/*.gem,**/*.whl,**/*.egg,**/*.tar,**/*.tar.gz,**/*.tgz,**/*.zip,**/*.rar";


    public static void writeToOsaListToFile(File dir, String osaDependenciesJson, Logger log) {
        try {
            File file = new File(dir, "OSADependencies.json");
            FileUtils.writeStringToFile(file, osaDependenciesJson, Charset.defaultCharset());
            log.info("OSA dependencies saved to file: [" + file.getAbsolutePath() + "]");
        } catch (Exception e) {
            log.info("Failed to write OSA dependencies to file: " + e.getMessage());
        }

    }

    public static String composeProjectOSASummaryLink(String url, long projectId) {
        return String.format(url + "/CxWebClient/SPA/#/viewer/project/%s", projectId);
    }

    public static Properties generateOSAScanConfiguration(String folderExclusions, String filterPatterns, String archiveIncludes, String sourceDir, boolean installBeforeScan, String osaScanDepth, Logger log) {
        Properties ret = new Properties();
        filterPatterns = StringUtils.defaultString(filterPatterns);
        archiveIncludes = StringUtils.defaultString(archiveIncludes);

        Map> stringListMap = ShragaUtils.generateIncludesExcludesPatternLists(folderExclusions, filterPatterns, log);

        List inclusions = stringListMap.get(ShragaUtils.INCLUDES_LIST);
        List exclusions = stringListMap.get(ShragaUtils.EXCLUDES_LIST);

        String includesString = StringUtils.join(inclusions, ",");
        String excludesString = StringUtils.join(exclusions, ",");

        if (StringUtils.isNotEmpty(includesString)) {
            ret.put("includes", includesString);
        } else {
            ret.put("includes", INCLUDE_ALL_EXTENSIONS);
        }

        if (StringUtils.isNotEmpty(excludesString)) {
            ret.put("excludes", excludesString);
        }

        ret.put("acceptExtensionsList", SUPPORTED_EXTENSIONS);

        if (StringUtils.isNotEmpty(archiveIncludes)) {
            String[] archivePatterns = archiveIncludes.split("\\s*,\\s*"); //split by comma and trim (spaces + newline)
            for (int i = 0; i < archivePatterns.length; i++) {
                if (StringUtils.isNotEmpty(archivePatterns[i]) && archivePatterns[i].startsWith("*.")) {
                    archivePatterns[i] = "**/" + archivePatterns[i];
                }
            }
            archiveIncludes = StringUtils.join(archivePatterns, ",");
            ret.put("archiveIncludes", archiveIncludes);
        } else {
            ret.put("archiveIncludes", DEFAULT_ARCHIVE_INCLUDES);
        }

        ret.put("archiveExtractionDepth", StringUtils.isNotEmpty(osaScanDepth) ? osaScanDepth : "4");

        if (installBeforeScan) {
            ret.put("npm.runPreStep", "true");
            ret.put("bower.runPreStep", "false");
            ret.put("npm.ignoreScripts", "true");
            ret.put("php.runPreStep", "true");
            ret.put("sbt.runPreStep", "true");
            setResolveDependencies(ret, "true");
            ret.put("sbt.targetFolder", getSbtTargetFolder(sourceDir));
        } else {
            setResolveDependencies(ret, "false");
        }

        ret.put("d", sourceDir);
        return ret;
    }

    private static void setResolveDependencies(Properties ret, String resolveDependencies) {
        ret.put("gradle.runAssembleCommand", resolveDependencies);
        ret.put("nuget.resolveDependencies", resolveDependencies);
        ret.put("nuget.restoreDependencies", resolveDependencies);
        ret.put("python.resolveDependencies", resolveDependencies);
        ret.put("python.ignorePipInstallErrors", resolveDependencies);
        ret.put("php.resolveDependencies", resolveDependencies);
        ret.put("sbt.resolveDependencies", resolveDependencies);
    }

    private static String getSbtTargetFolder(String sourceFolder) {
        List files = new ArrayList();
        files = getBuildSbtFiles(sourceFolder, files);
        if (!files.isEmpty()) {
            return files.get(0).getAbsolutePath().replace("build.sbt", "target");
        }
        return "target";
    }

    private static List getBuildSbtFiles(String path, List inputFiles) {
        File folder = new File(path);
        List files = Arrays.asList(folder.listFiles());
        for (File file : files) {
            if (file.isFile()) {
                if (file.getName().endsWith("build.sbt")) {
                    inputFiles.add(file);
                }
            } else if (file.isDirectory()) {
                inputFiles = getBuildSbtFiles(file.getAbsolutePath(), inputFiles);
            }
        }
        return inputFiles;
    }

    public static void printOSAResultsToConsole(OSAResults osaResults, boolean enableViolations, Logger log) {
        OSASummaryResults osaSummaryResults = osaResults.getResults();
        log.info("----------------------------Checkmarx Scan Results(CxOSA):-------------------------------");
        log.info("");
        log.info("------------------------");
        log.info("Vulnerabilities Summary:");
        log.info("------------------------");
        log.info("OSA high severity results: " + osaSummaryResults.getTotalHighVulnerabilities());
        log.info("OSA medium severity results: " + osaSummaryResults.getTotalMediumVulnerabilities());
        log.info("OSA low severity results: " + osaSummaryResults.getTotalLowVulnerabilities());
        log.info("Vulnerability score: " + osaSummaryResults.getVulnerabilityScore());
        log.info("");
        log.info("-----------------------");
        log.info("Libraries Scan Results:");
        log.info("-----------------------");
        log.info("Open-source libraries: " + osaSummaryResults.getTotalLibraries());
        log.info("Vulnerable and outdated: " + osaSummaryResults.getVulnerableAndOutdated());
        log.info("Vulnerable and updated: " + osaSummaryResults.getVulnerableAndUpdated());
        log.info("Non-vulnerable libraries: " + osaSummaryResults.getNonVulnerableLibraries());
        log.info("");
        log.info("OSA scan results location: " + osaResults.getOsaProjectSummaryLink());
        log.info("-----------------------------------------------------------------------------------------");
    }

    public static File getWorkDirectory(File filePath, Boolean osaGenerateJsonReport) {
        if (filePath == null) {
            return null;
        }

        if (!osaGenerateJsonReport) {
            return filePath;
        }

        File workDirectory;
        if (!filePath.isAbsolute()) {
            workDirectory = new File(System.getProperty("user.dir") + CX_REPORT_LOCATION);
        } else {
            workDirectory = filePath.getParentFile();
        }
        if (!workDirectory.exists()) {
            workDirectory.mkdirs();
        }

        return workDirectory;
    }

    public static void writeJsonToFile(String name, Object jsonObj, File workDirectory, Boolean cliOsaGenerateJsonReport, Logger log) {
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            String json = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(jsonObj);

            if (cliOsaGenerateJsonReport) {
                //workDirectory = new File(workDirectory.getPath().replace(".json", "_" + name + ".json"));
                if (!workDirectory.isAbsolute()) {
                    workDirectory = new File(System.getProperty("user.dir") + CX_REPORT_LOCATION + File.separator + workDirectory);
                }
                if (!workDirectory.getParentFile().exists()) {
                    workDirectory.getParentFile().mkdirs();
                }
                name = name.endsWith(JSON_EXTENSION) ? name : name + JSON_EXTENSION;
                File jsonFile = new File(workDirectory + File.separator + name);
                FileUtils.writeStringToFile(jsonFile, json);
                log.info(name + " saved under location: " + jsonFile);
            } else {
                String now = new SimpleDateFormat("dd_MM_yyyy-HH_mm_ss").format(new Date());
                String fileName = name + "_" + now + JSON_EXTENSION;
                File jsonFile = new File(workDirectory + CX_REPORT_LOCATION, fileName);
                FileUtils.writeStringToFile(jsonFile, json);
                log.info(name + " saved under location: " + workDirectory + CX_REPORT_LOCATION + File.separator + fileName);
            }
        } catch (Exception ex) {
            log.warn("Failed to write OSA JSON report (" + name + ") to file: " + ex.getMessage());
        }
    }

}