checkmarx

package
v1.230.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 22, 2022 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const ReportsDirectory = "checkmarx"

ReportsDirectory defines the subfolder for the Checkmarx reports which are generated

Variables

This section is empty.

Functions

func ConvertCxxmlToSarif

func ConvertCxxmlToSarif(sys System, xmlReportName string, scanID int) (format.SARIF, error)

ConvertCxxmlToSarif is the entrypoint for the Parse function

func CreateCustomReport

func CreateCustomReport(data map[string]interface{}, insecure, neutral []string) reporting.ScanReport

func Parse

func Parse(sys System, data []byte, scanID int) (format.SARIF, error)

Parse function

func WriteCustomReports

func WriteCustomReports(scanReport reporting.ScanReport, projectName, projectID string) ([]piperutils.Path, error)

func WriteJSONReport

func WriteJSONReport(jsonReport CheckmarxReportData) ([]piperutils.Path, error)

func WriteSarif

func WriteSarif(sarif format.SARIF) ([]piperutils.Path, error)

WriteSarif writes a json file to disk as a .sarif if it respects the specification declared in format.SARIF

Types

type AuthToken

type AuthToken struct {
	TokenType   string `json:"token_type"`
	AccessToken string `json:"access_token"`
	ExpiresIn   int    `json:"expires_in"`
}

AuthToken - Structure to store OAuth2 token

type CheckmarxReportData

type CheckmarxReportData struct {
	ToolName           string `json:"toolName"`
	ProjectName        string `json:"projectName"`
	ProjectID          int64  `json:"projectID"`
	ScanID             int64  `json:"scanID"`
	TeamName           string `json:"teamName"`
	TeamPath           string `json:"teamPath"`
	DeepLink           string `json:"deepLink"`
	Preset             string `json:"preset"`
	CheckmarxVersion   string `json:"checkmarxVersion"`
	ScanType           string `json:"scanType"`
	HighTotal          int    `json:"highTotal"`
	HighAudited        int    `json:"highAudited"`
	MediumTotal        int    `json:"mediumTotal"`
	MediumAudited      int    `json:"mediumAudited"`
	LowTotal           int    `json:"lowTotal"`
	LowAudited         int    `json:"lowAudited"`
	InformationTotal   int    `json:"informationTotal"`
	InformationAudited int    `json:"informationAudited"`
}

func CreateJSONReport

func CreateJSONReport(data map[string]interface{}) CheckmarxReportData

type CxXMLResults

type CxXMLResults struct {
	XMLName                  xml.Name     `xml:"CxXMLResults"`
	InitiatorName            string       `xml:"InitiatorName,attr"`
	Owner                    string       `xml:"Owner,attr"`
	ScanID                   string       `xml:"ScanId,attr"`
	ProjectID                string       `xml:"ProjectId,attr"`
	ProjectName              string       `xml:"ProjectName,attr"`
	TeamFullPathOnReportDate string       `xml:"TeamFullPathOnReportDate,attr"`
	DeepLink                 string       `xml:"DeepLink,attr"`
	ScanStart                string       `xml:"ScanStart,attr"`
	Preset                   string       `xml:"Preset,attr"`
	ScanTime                 string       `xml:"ScanTime,attr"`
	LinesOfCodeScanned       string       `xml:"LinesOfCodeScanned,attr"`
	FilesScanned             string       `xml:"FilesScanned,attr"`
	ReportCreationTime       string       `xml:"ReportCreationTime,attr"`
	Team                     string       `xml:"Team,attr"`
	CheckmarxVersion         string       `xml:"CheckmarxVersion,attr"`
	ScanComments             string       `xml:"ScanComments,attr"`
	ScanType                 string       `xml:"ScanType,attr"`
	SourceOrigin             string       `xml:"SourceOrigin,attr"`
	Visibility               string       `xml:"Visibility,attr"`
	Query                    []CxxmlQuery `xml:"Query"`
}

CxXMLResults : This struct encapsulates everyting in the Cx XML document

type CxxmlQuery

type CxxmlQuery struct {
	XMLName            xml.Name      `xml:"Query"`
	ID                 string        `xml:"id,attr"`
	Categories         string        `xml:"categories,attr"`
	CweID              string        `xml:"cweId,attr"`
	Name               string        `xml:"name,attr"`
	Group              string        `xml:"group,attr"`
	Severity           string        `xml:"Severity,attr"`
	Language           string        `xml:"Language,attr"`
	LanguageHash       string        `xml:"LanguageHash,attr"`
	LanguageChangeDate string        `xml:"LanguageChangeDate,attr"`
	SeverityIndex      int           `xml:"SeverityIndex,attr"`
	QueryPath          string        `xml:"QueryPath,attr"`
	QueryVersionCode   string        `xml:"QueryVersionCode,attr"`
	Result             []CxxmlResult `xml:"Result"`
}

CxxmlQuery CxxmlQuery

type CxxmlResult

type CxxmlResult struct {
	XMLName       xml.Name `xml:"Result"`
	NodeID        string   `xml:"NodeId,attr"`
	FileName      string   `xml:"FileName,attr"`
	Status        string   `xml:"Status,attr"`
	Line          int      `xml:"Line,attr"`
	Column        int      `xml:"Column,attr"`
	FalsePositive bool     `xml:"FalsePositive,attr"`
	Severity      string   `xml:"Severity,attr"`
	AssignToUser  string   `xml:"AssignToUser,attr"`
	State         int      `xml:"state,attr"`
	Remark        string   `xml:"Remark,attr"`
	DeepLink      string   `xml:"DeepLink,attr"`
	SeverityIndex int      `xml:"SeverityIndex,attr"`
	StatusIndex   int      `xml:"StatusIndex,attr"`
	DetectionDate string   `xml:"DetectionDate,attr"`
	Path          Path     `xml:"Path"`
}

CxxmlResult CxxmlResult

type DetailedResult

type DetailedResult struct {
	XMLName                  xml.Name `xml:"CxXMLResults"`
	InitiatorName            string   `xml:"InitiatorName,attr"`
	ScanID                   string   `xml:"ScanId,attr"`
	Owner                    string   `xml:"Owner,attr"`
	ProjectID                string   `xml:"ProjectId,attr"`
	ProjectName              string   `xml:"ProjectName,attr"`
	TeamFullPathOnReportDate string   `xml:"TeamFullPathOnReportDate,attr"`
	DeepLink                 string   `xml:"DeepLink,attr"`
	ScanStart                string   `xml:"ScanStart,attr"`
	Preset                   string   `xml:"Preset,attr"`
	ScanTime                 string   `xml:"ScanTime,attr"`
	LinesOfCodeScanned       int      `xml:"LinesOfCodeScanned,attr"`
	FilesScanned             int      `xml:"FilesScanned,attr"`
	ReportCreationTime       string   `xml:"ReportCreationTime,attr"`
	Team                     string   `xml:"Team,attr"`
	CheckmarxVersion         string   `xml:"CheckmarxVersion,attr"`
	ScanType                 string   `xml:"ScanType,attr"`
	SourceOrigin             string   `xml:"SourceOrigin,attr"`
	Visibility               string   `xml:"Visibility,attr"`
	Queries                  []Query  `xml:"Query"`
}

DetailedResult - DetailedResult Structure

type EngineConfigurationLink struct {
	EngineConfigurationID int  `json:"id"`
	Link                  Link `json:"link"`
}

EngineConfigurationLink - engine configuration link found in ScanSettings response

type Line

type Line struct {
	XMLName xml.Name `xml:"Line"`
	Number  int      `xml:"Number"`
	Code    string   `xml:"Code"`
}

Line Line

type Link struct {
	Rel string `json:"rel"`
	URI string `json:"uri"`
}

Link - Link Structure

type Links struct {
	Report Link `json:"report"`
	Status Link `json:"status"`
}

Links - Links Structure

type Path

type Path struct {
	XMLName           xml.Name   `xml:"Path"`
	ResultID          string     `xml:"ResultId,attr"`
	PathID            int        `xml:"PathId,attr"`
	SimilarityID      string     `xml:"SimilarityId,attr"`
	SourceMethod      string     `xml:"SourceMethod,attr"`
	DestinationMethod string     `xml:"DestinationMethod,attr"`
	PathNode          []PathNode `xml:"PathNode"`
}

Path Path

type PathNode

type PathNode struct {
	XMLName  xml.Name `xml:"PathNode"`
	FileName string   `xml:"FileName"`
	Line     int      `xml:"Line"`
	Column   int      `xml:"Column"`
	NodeID   int      `xml:"NodeId"`
	Name     string   `xml:"Name"`
	Type     string   `xml:"Type"`
	Length   int      `xml:"Length"`
	Snippet  Snippet  `xml:"Snippet"`
}

PathNode PathNode

type Preset

type Preset struct {
	ID        int    `json:"id"`
	Name      string `json:"name"`
	OwnerName string `json:"ownerName"`
	Link      Link   `json:"link"`
}

Preset - Project's Preset

type PresetLink struct {
	PresetID int  `json:"id"`
	Link     Link `json:"link"`
}

PresetLink - preset link found in ScanSettings response

type Project

type Project struct {
	ID                 int                `json:"id"`
	TeamID             string             `json:"teamId"`
	Name               string             `json:"name"`
	IsPublic           bool               `json:"isPublic"`
	SourceSettingsLink SourceSettingsLink `json:"sourceSettingsLink"`
	Link               Link               `json:"link"`
}

Project - Project Structure

type ProjectCreateResult

type ProjectCreateResult struct {
	ID   int  `json:"id"`
	Link Link `json:"link"`
}

ProjectCreateResult - ProjectCreateResult Structure

type ProjectLink struct {
	ProjectID int  `json:"id"`
	Link      Link `json:"link"`
}

ProjectLink - project link found in ScanSettings response

type Query

type Query struct {
	XMLName xml.Name `xml:"Query"`
	Results []Result `xml:"Result"`
}

Query - Query Structure

type Report

type Report struct {
	ReportID int   `json:"reportId"`
	Links    Links `json:"links"`
}

Report - Report Structure

type ReportStatus

type ReportStatus struct {
	ID    int    `json:"id"`
	Value string `json:"value"`
}

ReportStatus - ReportStatus Structure

type ReportStatusResponse

type ReportStatusResponse struct {
	Location    string       `json:"location"`
	ContentType string       `json:"contentType"`
	Status      ReportStatus `json:"status"`
}

ReportStatusResponse - ReportStatusResponse Structure

type Result

type Result struct {
	XMLName       xml.Name `xml:"Result"`
	State         string   `xml:"state,attr"`
	Severity      string   `xml:"Severity,attr"`
	FalsePositive string   `xml:"FalsePositive,attr"`
}

Result - Result Structure

type ResultsStatistics

type ResultsStatistics struct {
	High   int `json:"highSeverity"`
	Medium int `json:"mediumSeverity"`
	Low    int `json:"lowSeverity"`
	Info   int `json:"infoSeverity"`
}

ResultsStatistics - ResultsStatistics Structure

type Scan

type Scan struct {
	ID   int  `json:"id"`
	Link Link `json:"link"`
}

Scan - Scan Structure

type ScanSettings

type ScanSettings struct {
	Project             ProjectLink             `json:"project"`
	Preset              PresetLink              `json:"preset"`
	EngineConfiguration EngineConfigurationLink `json:"engineConfiguration" `
}

ScanSettings - scan settings at project level

type ScanStatus

type ScanStatus struct {
	ID            int    `json:"id"`
	Link          Link   `json:"link"`
	Status        Status `json:"status"`
	ScanType      string `json:"scanType"`
	Comment       string `json:"comment"`
	IsIncremental bool   `json:"isIncremental"`
}

ScanStatus - ScanStatus Structure

type ScanStatusDetail

type ScanStatusDetail struct {
	Stage string `json:"stage"`
	Step  string `json:"step"`
}

ScanStatusDetail - ScanStatusDetail Structure

type ShortDescription

type ShortDescription struct {
	Text string `json:"shortDescription"`
}

type Snippet

type Snippet struct {
	XMLName xml.Name `xml:"Snippet"`
	Line    Line     `xml:"Line"`
}

Snippet Snippet

type SourceSettingsLink struct {
	Type string `json:"type"`
	Rel  string `json:"rel"`
	URI  string `json:"uri"`
}

SourceSettingsLink - SourceSettingsLink Structure

type Status

type Status struct {
	ID      int              `json:"id"`
	Name    string           `json:"name"`
	Details ScanStatusDetail `json:"details"`
}

Status - Status Structure

type System

type System interface {
	FilterPresetByName(presets []Preset, presetName string) Preset
	FilterPresetByID(presets []Preset, presetID int) Preset
	FilterProjectByName(projects []Project, projectName string) Project
	FilterTeamByName(teams []Team, teamName string) (Team, error)
	FilterTeamByID(teams []Team, teamID json.RawMessage) Team
	DownloadReport(reportID int) ([]byte, error)
	GetReportStatus(reportID int) (ReportStatusResponse, error)
	RequestNewReport(scanID int, reportType string) (Report, error)
	GetResults(scanID int) ResultsStatistics
	GetScanStatusAndDetail(scanID int) (string, ScanStatusDetail)
	GetScans(projectID int) ([]ScanStatus, error)
	ScanProject(projectID int, isIncremental, isPublic, forceScan bool) (Scan, error)
	UpdateProjectConfiguration(projectID int, presetID int, engineConfigurationID string) error
	UpdateProjectExcludeSettings(projectID int, excludeFolders string, excludeFiles string) error
	UploadProjectSourceCode(projectID int, zipFile string) error
	CreateProject(projectName, teamID string) (ProjectCreateResult, error)
	CreateBranch(projectID int, branchName string) int
	GetPresets() []Preset
	GetProjectByID(projectID int) (Project, error)
	GetProjectsByNameAndTeam(projectName, teamID string) ([]Project, error)
	GetProjects() ([]Project, error)
	GetShortDescription(scanID int, pathID int) (ShortDescription, error)
	GetTeams() []Team
}

System is the interface abstraction of a specific SystemIns

type SystemInstance

type SystemInstance struct {
	// contains filtered or unexported fields
}

SystemInstance is the client communicating with the Checkmarx backend

func NewSystemInstance

func NewSystemInstance(client piperHttp.Uploader, serverURL, username, password string) (*SystemInstance, error)

NewSystemInstance returns a new Checkmarx client for communicating with the backend

func (*SystemInstance) CreateBranch

func (sys *SystemInstance) CreateBranch(projectID int, branchName string) int

CreateBranch creates a branch of an existing project in the Checkmarx backend

func (*SystemInstance) CreateProject

func (sys *SystemInstance) CreateProject(projectName, teamID string) (ProjectCreateResult, error)

CreateProject creates a new project in the Checkmarx backend

func (*SystemInstance) DownloadReport

func (sys *SystemInstance) DownloadReport(reportID int) ([]byte, error)

DownloadReport downloads the report addressed by reportID and returns the XML contents

func (*SystemInstance) FilterPresetByID

func (sys *SystemInstance) FilterPresetByID(presets []Preset, presetID int) Preset

FilterPresetByID filters a preset by its name

func (*SystemInstance) FilterPresetByName

func (sys *SystemInstance) FilterPresetByName(presets []Preset, presetName string) Preset

FilterPresetByName filters a preset by its name

func (*SystemInstance) FilterProjectByName

func (sys *SystemInstance) FilterProjectByName(projects []Project, projectName string) Project

FilterProjectByName filters a project by its name

func (*SystemInstance) FilterTeamByID

func (sys *SystemInstance) FilterTeamByID(teams []Team, teamID json.RawMessage) Team

FilterTeamByID filters a team by its ID

func (*SystemInstance) FilterTeamByName

func (sys *SystemInstance) FilterTeamByName(teams []Team, teamName string) (Team, error)

FilterTeamByName filters a team by its name

func (*SystemInstance) GetPresets

func (sys *SystemInstance) GetPresets() []Preset

GetPresets loads the preset values defined in the Checkmarx backend

func (*SystemInstance) GetProjectByID

func (sys *SystemInstance) GetProjectByID(projectID int) (Project, error)

GetProjectByID returns the project addressed by projectID from the Checkmarx backend which the user has access to

func (*SystemInstance) GetProjects

func (sys *SystemInstance) GetProjects() ([]Project, error)

GetProjects returns the projects defined in the Checkmarx backend which the user has access to

func (*SystemInstance) GetProjectsByNameAndTeam

func (sys *SystemInstance) GetProjectsByNameAndTeam(projectName, teamID string) ([]Project, error)

GetProjectsByNameAndTeam returns the project addressed by projectID from the Checkmarx backend which the user has access to

func (*SystemInstance) GetReportStatus

func (sys *SystemInstance) GetReportStatus(reportID int) (ReportStatusResponse, error)

GetReportStatus returns the status of the report generation process

func (*SystemInstance) GetResults

func (sys *SystemInstance) GetResults(scanID int) ResultsStatistics

GetResults returns the results of the scan addressed by scanID

func (*SystemInstance) GetScanStatusAndDetail

func (sys *SystemInstance) GetScanStatusAndDetail(scanID int) (string, ScanStatusDetail)

GetScanStatusAndDetail returns the status of the scan addressed by scanID

func (*SystemInstance) GetScans

func (sys *SystemInstance) GetScans(projectID int) ([]ScanStatus, error)

GetScans returns all scan status on the project addressed by projectID

func (*SystemInstance) GetShortDescription

func (sys *SystemInstance) GetShortDescription(scanID int, pathID int) (ShortDescription, error)

GetShortDescription returns the short description for an issue with a scanID and pathID

func (*SystemInstance) GetTeams

func (sys *SystemInstance) GetTeams() []Team

GetTeams returns the teams the user is assigned to

func (*SystemInstance) RequestNewReport

func (sys *SystemInstance) RequestNewReport(scanID int, reportType string) (Report, error)

RequestNewReport triggers the generation of a report for a specific scan addressed by scanID

func (*SystemInstance) ScanProject

func (sys *SystemInstance) ScanProject(projectID int, isIncremental, isPublic, forceScan bool) (Scan, error)

ScanProject triggers a scan on the project addressed by projectID

func (*SystemInstance) UpdateProjectConfiguration

func (sys *SystemInstance) UpdateProjectConfiguration(projectID int, presetID int, engineConfigurationID string) error

UpdateProjectConfiguration updates the configuration of the project addressed by projectID

func (*SystemInstance) UpdateProjectExcludeSettings

func (sys *SystemInstance) UpdateProjectExcludeSettings(projectID int, excludeFolders string, excludeFiles string) error

UpdateProjectExcludeSettings updates the exclude configuration of the project

func (*SystemInstance) UploadProjectSourceCode

func (sys *SystemInstance) UploadProjectSourceCode(projectID int, zipFile string) error

UploadProjectSourceCode zips and uploads the project sources for scanning

type Team

type Team struct {
	ID       json.RawMessage `json:"id"`
	FullName string          `json:"fullName"`
}

Team - Team Structure

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL