From e91bc1b33707c3c04aa6d2e8ec105d15b044da12 Mon Sep 17 00:00:00 2001 From: Kripajoy Melitpalathingal Date: Mon, 19 Aug 2024 12:28:47 +0530 Subject: [PATCH 01/19] Rescan --- .../com/hcl/appscan/sdk/CoreConstants.java | 2 + .../sdk/scan/ASEScanServiceProvider.java | 5 ++ .../sdk/scan/CloudScanServiceProvider.java | 51 ++++++++++++++++++- .../sdk/scan/IScanServiceProvider.java | 3 ++ .../appscan/sdk/scanners/sast/SASTScan.java | 11 +++- 5 files changed, 69 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index d35bcfb9..85be55e7 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -22,6 +22,7 @@ public interface CoreConstants { String FILE_TO_UPLOAD = "fileToUpload"; //$NON-NLS-1$ String UPLOADED_FILE = "uploadedFile"; //$NON-NLS-1$ String ID = "Id"; //$NON-NLS-1$ + String SCAN_ID = "ScanId"; //$NON-NLS-1$ String KEY = "Key"; //$NON-NLS-1$ String LATEST_EXECUTION = "LatestExecution"; //$NON-NLS-1$ String LOCALE = "Locale"; //$NON-NLS-1$ @@ -75,6 +76,7 @@ public interface CoreConstants { String API_FILE_UPLOAD = API_ENV_LATEST + "/FileUpload"; //$NON-NLS-1$ String API_SCAN = API_ENV + "/%s"; //$NON-NLS-1$ String API_SCANNER = API_ENV_LATEST + "/Scans/%s"; //$NON-NLS-1$ + String API_RESCAN = API_ENV_LATEST + "/Scans/%s/Executions"; //$NON-NLS-1$ String API_SCANS = API_ENV + "/Scans"; //$NON-NLS-1$ String API_NONCOMPLIANT_ISSUES = API_ENV + "/Scans/%s/NonCompliantIssues"; //$NON-NLS-1$ String API_SCANS_REPORT = API_ENV_LATEST + "/Scans/%s/Report/%s"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java index b8c10897..a4bb624a 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java @@ -398,6 +398,11 @@ public JSONObject getScanDetails(String jobId) throws IOException, JSONException public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONException { throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. } + + @Override + public String rescan(Map params) { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } @Override public IAuthenticationProvider getAuthenticationProvider() { diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 0618f49c..4aeaa3ff 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -96,7 +96,56 @@ public String createAndExecuteScan(String type, Map params) { } return null; } - + @Override + public String rescan(Map params) { + + if (loginExpired() || (params.containsKey(APP_ID) && !verifyApplication(params.get(APP_ID).toString()))) { + return null; + } + + Map request_headers = m_authProvider.getAuthorizationHeader(true); + HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); + + try { + request_headers.put("Content-Type", "application/json"); + request_headers.put("accept", "application/json"); + String request_url = m_authProvider.getServer() + String.format(API_RESCAN, params.get(CoreConstants.SCAN_ID)); + + HttpResponse response = client.post(request_url, request_headers, params); + int status = response.getResponseCode(); + + JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); + + if (status == HttpsURLConnection.HTTP_CREATED || status == HttpsURLConnection.HTTP_OK) { + String scanId = json.getString(SCAN_ID); + String executionId = json.getString(ID); + //todo: + m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(CREATE_SCAN_SUCCESS,"", scanId))); + String scanOverviewUrl = m_authProvider.getServer() + "/main/myapps/" + params.get(CoreConstants.APP_ID) + "/scans/" + scanId; + m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(SCAN_OVERVIEW, "", scanOverviewUrl))); + return scanId; + } else if (json != null && json.has(MESSAGE)) { + String errorResponse = json.getString(MESSAGE); + if (json.has(FORMAT_PARAMS) && !json.isNull(FORMAT_PARAMS)) { + JSONArray jsonArray = json.getJSONArray(FORMAT_PARAMS); + if (jsonArray != null) { + String[] messageParams = new String[jsonArray.size()]; + for (int i = 0; i < jsonArray.size(); i++) { + messageParams[i] = (String) jsonArray.get(i); + } + errorResponse = MessageFormat.format(errorResponse, (Object[]) messageParams); + } + } + m_progress.setStatus(new Message(Message.ERROR, errorResponse)); + } else { + m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_SUBMITTING_SCAN, status))); + } + } catch (IOException | JSONException e) { + m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_SUBMITTING_SCAN, e.getLocalizedMessage()))); + } + return null; + } + @Override public String submitFile(File file) throws IOException { if(loginExpired()) diff --git a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java index 42d9eb41..cb364beb 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java @@ -31,6 +31,9 @@ public interface IScanServiceProvider { * @return The id of the submitted scan, if successful. Otherwise, null. */ public String createAndExecuteScan(String type, Map params); + + //TODO + public String rescan(Map params); /** * Submits a file for scanning. diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java index 7a1920bd..48e1596b 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java @@ -118,11 +118,18 @@ protected void analyzeIR() throws IOException, ScannerException { Map params = getProperties(); params.put(FILE_ID, fileId); - - submitScan(); + + if(params.containsKey(CoreConstants.SCAN_ID)) + submitRescan(); + else + submitScan(); if(getScanId() == null) throw new ScannerException(Messages.getMessage(ERROR_SUBMITTING_IRX)); } + + protected void submitRescan() { + setScanId(getServiceProvider().rescan(getProperties())); + } protected void submitScan() { setScanId(getServiceProvider().createAndExecuteScan(STATIC_ANALYZER, getProperties())); From 5a9ce923dc63a1038deb88d63b647ad341a7a503 Mon Sep 17 00:00:00 2001 From: Kripajoy Melitpalathingal Date: Mon, 19 Aug 2024 21:03:27 +0530 Subject: [PATCH 02/19] Params --- .../java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java index 48e1596b..060c846c 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java @@ -117,12 +117,14 @@ protected void analyzeIR() throws IOException, ScannerException { throw new ScannerException(Messages.getMessage(ERROR_FILE_UPLOAD, m_irx.getName())); Map params = getProperties(); - params.put(FILE_ID, fileId); - if(params.containsKey(CoreConstants.SCAN_ID)) + if (params.containsKey(CoreConstants.SCAN_ID)) { + params.put(CoreConstants.FILE_ID, fileId); submitRescan(); - else + } else { + params.put(FILE_ID, fileId); submitScan(); + } if(getScanId() == null) throw new ScannerException(Messages.getMessage(ERROR_SUBMITTING_IRX)); } From b8842dbac56e42930eebc8dabc840aee14906323 Mon Sep 17 00:00:00 2001 From: Kripajoy Melitpalathingal Date: Tue, 20 Aug 2024 18:55:58 +0530 Subject: [PATCH 03/19] Java Doc --- .../com/hcl/appscan/sdk/scan/IScanServiceProvider.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java index cb364beb..588f899b 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java @@ -32,7 +32,12 @@ public interface IScanServiceProvider { */ public String createAndExecuteScan(String type, Map params); - //TODO + /** + * Initiates a Rescan + * + * @param params A Map of rescan parameters. + * @return The id of the submitted rescan, if successful. Otherwise, returns null. + */ public String rescan(Map params); /** From e08614da214f2c72dee43b86af1b583a8c28bb7b Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Wed, 21 Aug 2024 18:47:46 +0530 Subject: [PATCH 04/19] scanId validation method --- .../hcl/appscan/sdk/utils/ServiceUtil.java | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index e0a29eea..57c125e5 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -13,6 +13,7 @@ import javax.net.ssl.HttpsURLConnection; +import org.apache.wink.json4j.JSONArray; import org.apache.wink.json4j.JSONArtifact; import org.apache.wink.json4j.JSONException; import org.apache.wink.json4j.JSONObject; @@ -218,4 +219,41 @@ private static boolean hasEntitlement(String scanType, IAuthenticationProvider p return false; } + + /** + * Checks if the given scanId is valid for scanning. + * + * @param scanId The scanId to test. + * @param provider The IAuthenticationProvider for authentication. + * @param params The map which consist the user inputs. + * @return True if the scanId is valid. False is returned if the scanId is not valid, the request fails, or an exception occurs. + */ + public static boolean isScanId(String scanId, IAuthenticationProvider provider, Map params) { + String request_url = provider.getServer() + API_BASIC_DETAILS; + request_url += "?$filter=Id%20eq%20"+scanId+"&%24select=AppId%2C%20Technology"; + Map request_headers = provider.getAuthorizationHeader(true); + + HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts()); + try { + HttpResponse response = client.get(request_url, request_headers, null); + + if (response.isSuccess()){ + JSONObject obj = (JSONObject) response.getResponseBodyAsJSON(); + JSONArray array = (JSONArray) obj.get(ITEMS); + if(array.isEmpty()) { + return false; + } else { + JSONObject body = (JSONObject) array.getJSONObject(0); + String appId = body.getString(CoreConstants.APP_ID); + String technologyName = body.getString("Technology").toLowerCase(); + return (appId.equals(params.get(CoreConstants.APP_ID))) && (technologyName.equalsIgnoreCase(params.get(CoreConstants.SCANNER_TYPE).replaceAll("\\s", ""))); + } + } + } + catch(IOException | JSONException e) { + // Ignore and return false. + } + + return false; + } } From a3b336b76ab9ee7a4cbe0f6278ba08b3be1be4c2 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Fri, 23 Aug 2024 10:20:51 +0530 Subject: [PATCH 05/19] Rewrite console-logs for rescan --- src/main/java/com/hcl/appscan/sdk/CoreConstants.java | 2 ++ src/main/java/com/hcl/appscan/sdk/messages.properties | 2 ++ .../com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java | 4 ++-- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index 85be55e7..2c4a1c6a 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -119,6 +119,8 @@ public interface CoreConstants { String CREATE_SCAN_SUCCESS = "message.created.scan"; //$NON-NLS-1$ String SCAN_OVERVIEW = "message.scan.overview"; //$NON-NLS-1$ + String RESCAN_SUCCESS = "message.rescan"; //$NON-NLS-1$ + String RESCAN_OVERVIEW = "message.rescan.overview"; //$NON-NLS-1$ String DOWNLOADING_CLIENT = "message.downloading.client"; //$NON-NLS-1$ String EXECUTING_SCAN = "message.running.scan"; //$NON-NLS-1$ String UPLOADING_FILE = "message.uploading.file"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties index 4564dc39..e375529b 100644 --- a/src/main/java/com/hcl/appscan/sdk/messages.properties +++ b/src/main/java/com/hcl/appscan/sdk/messages.properties @@ -10,6 +10,8 @@ transfer.progress={0}% transferred message.created.scan=Successfully submitted {0} scan for analysis. Scan ID: {1} message.scan.overview={0} scan overview: {1} +message.rescan= Successfully submitted rescan for analysis. Scan ID: {0} +message.rescan.overview= Rescan overview: {0} message.running.scan=Creating and executing {0} scan... message.uploading.file=Uploading {0} to the analysis service... message.done=Done. diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 4aeaa3ff..e420ed3a 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -120,9 +120,9 @@ public String rescan(Map params) { String scanId = json.getString(SCAN_ID); String executionId = json.getString(ID); //todo: - m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(CREATE_SCAN_SUCCESS,"", scanId))); + m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(RESCAN_SUCCESS, scanId))); String scanOverviewUrl = m_authProvider.getServer() + "/main/myapps/" + params.get(CoreConstants.APP_ID) + "/scans/" + scanId; - m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(SCAN_OVERVIEW, "", scanOverviewUrl))); + m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(RESCAN_OVERVIEW, scanOverviewUrl))); return scanId; } else if (json != null && json.has(MESSAGE)) { String errorResponse = json.getString(MESSAGE); From 1fd4d89414a9904c8d818822657d78edb7150858 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Fri, 23 Aug 2024 21:20:22 +0530 Subject: [PATCH 06/19] scan details with execution ID Fetching the scan details with execution ID during re-scanning --- .../com/hcl/appscan/sdk/CoreConstants.java | 1 + .../sdk/results/CloudResultsProvider.java | 11 ++++++ .../NonCompliantIssuesResultProvider.java | 12 ++++++- .../sdk/scan/ASEScanServiceProvider.java | 5 +++ .../sdk/scan/CloudScanServiceProvider.java | 36 ++++++++++++++++++- .../sdk/scan/IScanServiceProvider.java | 10 ++++++ .../hcl/appscan/sdk/scanners/ASoCScan.java | 2 +- .../hcl/appscan/sdk/utils/ServiceUtil.java | 4 +++ 8 files changed, 78 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index 2c4a1c6a..88b796ad 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -23,6 +23,7 @@ public interface CoreConstants { String UPLOADED_FILE = "uploadedFile"; //$NON-NLS-1$ String ID = "Id"; //$NON-NLS-1$ String SCAN_ID = "ScanId"; //$NON-NLS-1$ + String EXECUTION_ID = "ExecutionId"; //$NON-NLS-1$ String KEY = "Key"; //$NON-NLS-1$ String LATEST_EXECUTION = "LatestExecution"; //$NON-NLS-1$ String LOCALE = "Locale"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java b/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java index ae77fb80..421ecbba 100644 --- a/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java @@ -47,6 +47,7 @@ public class CloudResultsProvider implements IResultsProvider, Serializable, Cor protected int m_mediumFindings; protected int m_lowFindings; protected int m_infoFindings; + protected Map m_properties; public CloudResultsProvider(String scanId, String type, IScanServiceProvider provider, IProgress progress) { m_type = type; @@ -57,6 +58,16 @@ public CloudResultsProvider(String scanId, String type, IScanServiceProvider pro m_reportFormat = DEFAULT_REPORT_FORMAT; } + public CloudResultsProvider(String scanId, Map properties, String type, IScanServiceProvider provider, IProgress progress) { + m_type = type; + m_scanId = scanId; + m_properties = properties; + m_hasResults = false; + m_scanProvider = provider; + m_progress = progress; + m_reportFormat = DEFAULT_REPORT_FORMAT; + } + @Override public void getResultsFile(File file, String format) { if(format == null) diff --git a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java index aef88265..a7645ee0 100644 --- a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java @@ -3,6 +3,7 @@ */ package com.hcl.appscan.sdk.results; +import com.hcl.appscan.sdk.CoreConstants; import com.hcl.appscan.sdk.Messages; import com.hcl.appscan.sdk.auth.IAuthenticationProvider; import com.hcl.appscan.sdk.http.HttpClient; @@ -33,6 +34,10 @@ public NonCompliantIssuesResultProvider(String scanId, String type, IScanService super(scanId, type, provider, progress); } + public NonCompliantIssuesResultProvider(String scanId, Map properties, String type, IScanServiceProvider provider, IProgress progress) { + super(scanId, properties, type, provider, progress); + } + @Override protected void loadResults() { try { @@ -61,7 +66,12 @@ protected void loadResults() { m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(SUSPEND_JOB_BYUSER, "Scan Id: " + m_scanId))); m_message = Messages.getMessage(SUSPEND_JOB_BYUSER, "Scan Id: " + m_scanId); } else if (m_status != null && !(m_status.equalsIgnoreCase(INQUEUE) || m_status.equalsIgnoreCase(RUNNING) || m_status.equalsIgnoreCase(PAUSING))) { - JSONArray array = m_scanProvider.getNonCompliantIssues(m_scanId); + JSONArray array; + if(m_properties.containsKey(CoreConstants.EXECUTION_ID)) { + array = m_scanProvider.getNonCompliantIssues(m_properties); + } else { + array = m_scanProvider.getNonCompliantIssues(m_scanId); + } m_totalFindings = 0; for (int i = 0; i < array.length(); i++) { diff --git a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java index a4bb624a..bb38ddf2 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java @@ -398,6 +398,11 @@ public JSONObject getScanDetails(String jobId) throws IOException, JSONException public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONException { throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. } + + @Override + public JSONArray getNonCompliantIssues(Map properties) throws IOException, JSONException { + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + } @Override public String rescan(Map params) { diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index e420ed3a..5f7b58ec 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -119,7 +119,7 @@ public String rescan(Map params) { if (status == HttpsURLConnection.HTTP_CREATED || status == HttpsURLConnection.HTTP_OK) { String scanId = json.getString(SCAN_ID); String executionId = json.getString(ID); - //todo: + params.put(CoreConstants.EXECUTION_ID,executionId); m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(RESCAN_SUCCESS, scanId))); String scanOverviewUrl = m_authProvider.getServer() + "/main/myapps/" + params.get(CoreConstants.APP_ID) + "/scans/" + scanId; m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(RESCAN_OVERVIEW, scanOverviewUrl))); @@ -252,6 +252,40 @@ public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONEx return null; } + + @Override + public JSONArray getNonCompliantIssues(Map params) throws IOException, JSONException { + if(loginExpired()) + return null; + + String request_url = m_authProvider.getServer() + String.format(API_ISSUES_COUNT, "ScanExecution", params.get(CoreConstants.EXECUTION_ID)); + request_url +="?applyPolicies=All&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27%20or%20Status%20eq%20%27New%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29"; + Map request_headers = m_authProvider.getAuthorizationHeader(true); + request_headers.put("Content-Type", "application/json; charset=UTF-8"); + request_headers.put("Accept", "application/json"); + + HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); + HttpResponse response = client.get(request_url, request_headers, null); + + if (response.isSuccess()) { + JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); + return (JSONArray) json.getJSONArray("Items"); + } + + if (response.getResponseCode() == HttpsURLConnection.HTTP_BAD_REQUEST) + m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_INFO, "Scan", params.get(CoreConstants.SCAN_ID)))); + else { + JSONObject obj=(JSONObject)response.getResponseBodyAsJSON(); + if (obj!=null && obj.has(MESSAGE)){ + m_progress.setStatus(new Message(Message.ERROR, obj.getString(MESSAGE))); + } + else { + m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_DETAILS, response.getResponseCode()))); + } + } + + return null; + } @Override public IAuthenticationProvider getAuthenticationProvider() { diff --git a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java index 588f899b..4806fccc 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java @@ -68,6 +68,16 @@ public interface IScanServiceProvider { * @throws JSONException If an error occurs. */ public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONException; + + /** + * Gets the non compliant issues in JSON format. + * + * @param properties The properties map of the scan to retrieve all the non compliant issues. + * @return JSONArray containing the issues as JSON objects. + * @throws IOException If an error occurs. + * @throws JSONException If an error occurs. + */ + public JSONArray getNonCompliantIssues(Map properties) throws IOException, JSONException; /** * Gets the {@link IAuthenticationProvider} used to authenticate with a scanning service. diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java index cb323d45..05c86fd8 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java @@ -62,7 +62,7 @@ public IResultsProvider getResultsProvider() { @Override public IResultsProvider getResultsProvider(boolean nonCompliantIssues) { if(nonCompliantIssues) { - IResultsProvider provider = new NonCompliantIssuesResultProvider(m_scanId, getType(), m_serviceProvider, m_progress); + IResultsProvider provider = new NonCompliantIssuesResultProvider(m_scanId, m_properties, getType(), m_serviceProvider, m_progress); provider.setReportFormat(getReportFormat()); return provider; } diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index 57c125e5..38d71a6d 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -229,6 +229,10 @@ private static boolean hasEntitlement(String scanType, IAuthenticationProvider p * @return True if the scanId is valid. False is returned if the scanId is not valid, the request fails, or an exception occurs. */ public static boolean isScanId(String scanId, IAuthenticationProvider provider, Map params) { + if(provider.isTokenExpired()) { + return true; + } + String request_url = provider.getServer() + API_BASIC_DETAILS; request_url += "?$filter=Id%20eq%20"+scanId+"&%24select=AppId%2C%20Technology"; Map request_headers = provider.getAuthorizationHeader(true); From 5eed66aa5c7faf3c346143ce5f40091db56f310a Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Sat, 24 Aug 2024 14:38:01 +0530 Subject: [PATCH 07/19] Update ServiceUtil.java --- src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index 38d71a6d..53567066 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -224,11 +224,12 @@ private static boolean hasEntitlement(String scanType, IAuthenticationProvider p * Checks if the given scanId is valid for scanning. * * @param scanId The scanId to test. + * @param applicationId The applicationId to verify. + * @param type The scanType to verify. * @param provider The IAuthenticationProvider for authentication. - * @param params The map which consist the user inputs. * @return True if the scanId is valid. False is returned if the scanId is not valid, the request fails, or an exception occurs. */ - public static boolean isScanId(String scanId, IAuthenticationProvider provider, Map params) { + public static boolean isScanId(String scanId, String applicationId, String type, IAuthenticationProvider provider) { if(provider.isTokenExpired()) { return true; } @@ -250,7 +251,7 @@ public static boolean isScanId(String scanId, IAuthenticationProvider provider, JSONObject body = (JSONObject) array.getJSONObject(0); String appId = body.getString(CoreConstants.APP_ID); String technologyName = body.getString("Technology").toLowerCase(); - return (appId.equals(params.get(CoreConstants.APP_ID))) && (technologyName.equalsIgnoreCase(params.get(CoreConstants.SCANNER_TYPE).replaceAll("\\s", ""))); + return (appId.equals(applicationId)) && (technologyName.equalsIgnoreCase(type.replaceAll("\\s", ""))); } } } From 433f83e3bc55f920bdd48fe13bc80ed820de43b2 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Tue, 27 Aug 2024 14:54:20 +0530 Subject: [PATCH 08/19] Update NonCompliantIssuesResultProvider.java --- .../appscan/sdk/results/NonCompliantIssuesResultProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java index a7645ee0..9effdbe9 100644 --- a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java @@ -67,7 +67,7 @@ protected void loadResults() { m_message = Messages.getMessage(SUSPEND_JOB_BYUSER, "Scan Id: " + m_scanId); } else if (m_status != null && !(m_status.equalsIgnoreCase(INQUEUE) || m_status.equalsIgnoreCase(RUNNING) || m_status.equalsIgnoreCase(PAUSING))) { JSONArray array; - if(m_properties.containsKey(CoreConstants.EXECUTION_ID)) { + if(m_properties != null && m_properties.containsKey(CoreConstants.EXECUTION_ID)) { array = m_scanProvider.getNonCompliantIssues(m_properties); } else { array = m_scanProvider.getNonCompliantIssues(m_scanId); From 587b03086d45d4281e1d2871e207daa05a44c4bd Mon Sep 17 00:00:00 2001 From: Kripajoy Melitpalathingal Date: Sun, 8 Sep 2024 00:14:26 +0530 Subject: [PATCH 09/19] As per the comments --- .../sdk/scan/ASEScanServiceProvider.java | 2 +- .../sdk/scan/CloudScanServiceProvider.java | 8 +++---- .../sdk/scan/IScanServiceProvider.java | 3 ++- .../hcl/appscan/sdk/scanners/ASoCScan.java | 22 +++++++++++++++++++ .../appscan/sdk/scanners/sast/SASTScan.java | 7 ++---- 5 files changed, 31 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java index bb38ddf2..6b7bbfeb 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java @@ -405,7 +405,7 @@ public JSONArray getNonCompliantIssues(Map properties) throws IO } @Override - public String rescan(Map params) { + public String rescan(String scanId, Map params) { throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. } diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 5f7b58ec..ef5bf985 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -96,8 +96,9 @@ public String createAndExecuteScan(String type, Map params) { } return null; } + @Override - public String rescan(Map params) { + public String rescan(String scanId, Map params) { if (loginExpired() || (params.containsKey(APP_ID) && !verifyApplication(params.get(APP_ID).toString()))) { return null; @@ -117,13 +118,12 @@ public String rescan(Map params) { JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); if (status == HttpsURLConnection.HTTP_CREATED || status == HttpsURLConnection.HTTP_OK) { - String scanId = json.getString(SCAN_ID); String executionId = json.getString(ID); - params.put(CoreConstants.EXECUTION_ID,executionId); + params.put(CoreConstants.EXECUTION_ID,executionId); //not required. Split CreateExecute Rescan to Three methods. m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(RESCAN_SUCCESS, scanId))); String scanOverviewUrl = m_authProvider.getServer() + "/main/myapps/" + params.get(CoreConstants.APP_ID) + "/scans/" + scanId; m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(RESCAN_OVERVIEW, scanOverviewUrl))); - return scanId; + return executionId; } else if (json != null && json.has(MESSAGE)) { String errorResponse = json.getString(MESSAGE); if (json.has(FORMAT_PARAMS) && !json.isNull(FORMAT_PARAMS)) { diff --git a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java index 4806fccc..6bc3fdce 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java @@ -35,10 +35,11 @@ public interface IScanServiceProvider { /** * Initiates a Rescan * + * @param scanId The ID of the parent scan on which the rescan will be executed. * @param params A Map of rescan parameters. * @return The id of the submitted rescan, if successful. Otherwise, returns null. */ - public String rescan(Map params); + public String rescan(String scanId, Map params); /** * Submits a file for scanning. diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java index 05c86fd8..18e4a677 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java @@ -25,6 +25,8 @@ public abstract class ASoCScan implements IScan, ScanConstants, Serializable { private String m_target; private String m_scanId; + private String m_executionId; + private Boolean m_rescan; private IProgress m_progress; private IScanServiceProvider m_serviceProvider; private Map m_properties; @@ -46,6 +48,14 @@ public ASoCScan(Map properties, IProgress progress, IScanService public String getScanId() { return m_scanId; } + + public String getExecutionId() { + return m_executionId; + } + + public Boolean isRescan() { + return m_properties.containsKey(CoreConstants.SCAN_ID); + } @Override public String getName() { @@ -74,6 +84,14 @@ public IResultsProvider getResultsProvider(boolean nonCompliantIssues) { protected void setScanId(String id) { m_scanId = id; } + + protected void setExecutionId(String id){ + m_executionId = id; + } + + public void setRescan(Boolean rescan){ + m_rescan = rescan; + } protected String getAppId() { return m_properties.get(CoreConstants.APP_ID); @@ -104,5 +122,9 @@ protected Map getProperties() { return m_properties; } + protected void submitRescan() { + setExecutionId(getServiceProvider().rescan(getScanId(),getProperties())); + } + public abstract String getReportFormat(); } \ No newline at end of file diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java index 060c846c..03a5cb6d 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java @@ -118,7 +118,8 @@ protected void analyzeIR() throws IOException, ScannerException { Map params = getProperties(); - if (params.containsKey(CoreConstants.SCAN_ID)) { + if (isRescan()) { + setScanId(params.get(CoreConstants.SCAN_ID)); params.put(CoreConstants.FILE_ID, fileId); submitRescan(); } else { @@ -129,10 +130,6 @@ protected void analyzeIR() throws IOException, ScannerException { throw new ScannerException(Messages.getMessage(ERROR_SUBMITTING_IRX)); } - protected void submitRescan() { - setScanId(getServiceProvider().rescan(getProperties())); - } - protected void submitScan() { setScanId(getServiceProvider().createAndExecuteScan(STATIC_ANALYZER, getProperties())); } From c09f3388d7224a2c77af32d4bb0c7b6c6b8ab6ca Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Mon, 9 Sep 2024 11:05:25 +0530 Subject: [PATCH 10/19] removed the "new" status from query --- .../java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 5f7b58ec..44118c21 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -259,7 +259,7 @@ public JSONArray getNonCompliantIssues(Map params) throws IOExce return null; String request_url = m_authProvider.getServer() + String.format(API_ISSUES_COUNT, "ScanExecution", params.get(CoreConstants.EXECUTION_ID)); - request_url +="?applyPolicies=All&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27%20or%20Status%20eq%20%27New%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29"; + request_url +="?applyPolicies=All&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29"; Map request_headers = m_authProvider.getAuthorizationHeader(true); request_headers.put("Content-Type", "application/json; charset=UTF-8"); request_headers.put("Accept", "application/json"); From 4b2f2bb4d0382f3608fff0ad13c2cbc6bf685619 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Wed, 11 Sep 2024 17:24:05 +0530 Subject: [PATCH 11/19] Addressed the PR comments --- .../com/hcl/appscan/sdk/messages.properties | 8 +- .../sdk/results/CloudResultsProvider.java | 6 +- .../NonCompliantIssuesResultProvider.java | 9 +- .../sdk/scan/ASEScanServiceProvider.java | 2 +- .../sdk/scan/CloudScanServiceProvider.java | 171 ++++++------------ .../sdk/scan/IScanServiceProvider.java | 5 +- .../hcl/appscan/sdk/scanners/ASoCScan.java | 2 +- .../hcl/appscan/sdk/utils/ServiceUtil.java | 27 ++- 8 files changed, 94 insertions(+), 136 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties index e375529b..fe985a8e 100644 --- a/src/main/java/com/hcl/appscan/sdk/messages.properties +++ b/src/main/java/com/hcl/appscan/sdk/messages.properties @@ -8,10 +8,10 @@ transfer.progress={0}% transferred -message.created.scan=Successfully submitted {0} scan for analysis. Scan ID: {1} -message.scan.overview={0} scan overview: {1} -message.rescan= Successfully submitted rescan for analysis. Scan ID: {0} -message.rescan.overview= Rescan overview: {0} +message.created.scan=Successfully submitted {0} scan for analysis. Scan ID: +message.scan.overview={0} scan overview: +message.rescan= Successfully submitted rescan for analysis. Execution ID: +message.rescan.overview= Rescan overview: message.running.scan=Creating and executing {0} scan... message.uploading.file=Uploading {0} to the analysis service... message.done=Done. diff --git a/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java b/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java index 421ecbba..de2fba20 100644 --- a/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java @@ -47,7 +47,7 @@ public class CloudResultsProvider implements IResultsProvider, Serializable, Cor protected int m_mediumFindings; protected int m_lowFindings; protected int m_infoFindings; - protected Map m_properties; + protected String m_executionId; public CloudResultsProvider(String scanId, String type, IScanServiceProvider provider, IProgress progress) { m_type = type; @@ -58,10 +58,10 @@ public CloudResultsProvider(String scanId, String type, IScanServiceProvider pro m_reportFormat = DEFAULT_REPORT_FORMAT; } - public CloudResultsProvider(String scanId, Map properties, String type, IScanServiceProvider provider, IProgress progress) { + public CloudResultsProvider(String scanId, String executionId, String type, IScanServiceProvider provider, IProgress progress) { m_type = type; m_scanId = scanId; - m_properties = properties; + m_executionId = executionId; m_hasResults = false; m_scanProvider = provider; m_progress = progress; diff --git a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java index 9effdbe9..de0f2dcc 100644 --- a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java @@ -11,6 +11,7 @@ import com.hcl.appscan.sdk.logging.IProgress; import com.hcl.appscan.sdk.logging.Message; import com.hcl.appscan.sdk.scan.IScanServiceProvider; +import com.hcl.appscan.sdk.scanners.ASoCScan; import com.hcl.appscan.sdk.utils.SystemUtil; import java.io.File; import java.io.IOException; @@ -34,8 +35,8 @@ public NonCompliantIssuesResultProvider(String scanId, String type, IScanService super(scanId, type, provider, progress); } - public NonCompliantIssuesResultProvider(String scanId, Map properties, String type, IScanServiceProvider provider, IProgress progress) { - super(scanId, properties, type, provider, progress); + public NonCompliantIssuesResultProvider(String scanId, String executionId, String type, IScanServiceProvider provider, IProgress progress) { + super(scanId, executionId, type, provider, progress); } @Override @@ -67,8 +68,8 @@ protected void loadResults() { m_message = Messages.getMessage(SUSPEND_JOB_BYUSER, "Scan Id: " + m_scanId); } else if (m_status != null && !(m_status.equalsIgnoreCase(INQUEUE) || m_status.equalsIgnoreCase(RUNNING) || m_status.equalsIgnoreCase(PAUSING))) { JSONArray array; - if(m_properties != null && m_properties.containsKey(CoreConstants.EXECUTION_ID)) { - array = m_scanProvider.getNonCompliantIssues(m_properties); + if(m_executionId != null && !m_executionId.isEmpty()) { + array = m_scanProvider.getNonCompliantIssuesUsingExecutionId(m_executionId); } else { array = m_scanProvider.getNonCompliantIssues(m_scanId); } diff --git a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java index 6b7bbfeb..be50c587 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/ASEScanServiceProvider.java @@ -400,7 +400,7 @@ public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONEx } @Override - public JSONArray getNonCompliantIssues(Map properties) throws IOException, JSONException { + public JSONArray getNonCompliantIssuesUsingExecutionId(String executionId) throws IOException, JSONException { throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. } diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index dd6673e8..f85e69dc 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -52,78 +52,49 @@ public CloudScanServiceProvider(IProgress progress, IAuthenticationProvider auth @Override public String createAndExecuteScan(String type, Map params) { - if(loginExpired() || (params.containsKey(APP_ID) && !verifyApplication(params.get(APP_ID).toString()))) { - return null; - } - - Map request_headers = m_authProvider.getAuthorizationHeader(true); - HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); - - try { - request_headers.put("Content-Type", "application/json"); - request_headers.put("accept", "application/json"); - String request_url = m_authProvider.getServer() + String.format(API_SCANNER, type); - - HttpResponse response = client.post(request_url,request_headers,params); - int status = response.getResponseCode(); - - JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); - - if (status == HttpsURLConnection.HTTP_CREATED || status == HttpsURLConnection.HTTP_OK) { - String scanId = json.getString(ID); - m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(CREATE_SCAN_SUCCESS, type.toUpperCase(), scanId))); - String scanOverviewUrl = m_authProvider.getServer() + "/main/myapps/" + params.get(CoreConstants.APP_ID) + "/scans/" + scanId; - m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(SCAN_OVERVIEW, type.toUpperCase(), scanOverviewUrl))); - return scanId; - } else if (json != null && json.has(MESSAGE)) { - String errorResponse = json.getString(MESSAGE); - if(json.has(FORMAT_PARAMS) && !json.isNull(FORMAT_PARAMS)) { - JSONArray jsonArray = json.getJSONArray(FORMAT_PARAMS); - if(jsonArray != null){ - String[] messageParams = new String[jsonArray.size()]; - for (int i = 0; i < jsonArray.size(); i++) { - messageParams[i] = (String)jsonArray.get(i); - } - errorResponse = MessageFormat.format(errorResponse, (Object[]) messageParams); - } - } - m_progress.setStatus(new Message(Message.ERROR, errorResponse)); - } - else - m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_SUBMITTING_SCAN, status))); - } catch(IOException | JSONException e) { - m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_SUBMITTING_SCAN, e.getLocalizedMessage()))); - } - return null; + String requestUrl = m_authProvider.getServer() + String.format(API_SCANNER, type); + String progressMessage = Messages.getMessage(CREATE_SCAN_SUCCESS,type); + String overviewMessage = Messages.getMessage(SCAN_OVERVIEW,type); + return executeScan(requestUrl, params, progressMessage, overviewMessage); } @Override public String rescan(String scanId, Map params) { + String requestUrl = m_authProvider.getServer() + String.format(API_RESCAN, scanId); + String progressMessage = Messages.getMessage(RESCAN_SUCCESS); + String overviewMessage = Messages.getMessage(RESCAN_OVERVIEW); + return executeScan(requestUrl, params, progressMessage, overviewMessage); + } + //private method to handle common logic + private String executeScan(String requestUrl, Map params, String successMessageKey, String overviewMessageKey) { if (loginExpired() || (params.containsKey(APP_ID) && !verifyApplication(params.get(APP_ID).toString()))) { return null; } - Map request_headers = m_authProvider.getAuthorizationHeader(true); + Map requestHeaders = m_authProvider.getAuthorizationHeader(true); HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); try { - request_headers.put("Content-Type", "application/json"); - request_headers.put("accept", "application/json"); - String request_url = m_authProvider.getServer() + String.format(API_RESCAN, params.get(CoreConstants.SCAN_ID)); + requestHeaders.put("Content-Type", "application/json"); + requestHeaders.put("accept", "application/json"); - HttpResponse response = client.post(request_url, request_headers, params); + HttpResponse response = client.post(requestUrl, requestHeaders, params); int status = response.getResponseCode(); - JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); if (status == HttpsURLConnection.HTTP_CREATED || status == HttpsURLConnection.HTTP_OK) { - String executionId = json.getString(ID); - params.put(CoreConstants.EXECUTION_ID,executionId); //not required. Split CreateExecute Rescan to Three methods. - m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(RESCAN_SUCCESS, scanId))); - String scanOverviewUrl = m_authProvider.getServer() + "/main/myapps/" + params.get(CoreConstants.APP_ID) + "/scans/" + scanId; - m_progress.setStatus(new Message(Message.INFO, Messages.getMessage(RESCAN_OVERVIEW, scanOverviewUrl))); - return executionId; + String id = json.getString(ID); + String scanOverviewUrl; + if(params.containsKey(SCAN_ID)) { + String scanId= params.get(SCAN_ID); + scanOverviewUrl = m_authProvider.getServer() + "/main/myapps/" + params.get(CoreConstants.APP_ID) + "/scans/" + scanId; + } else { + scanOverviewUrl = m_authProvider.getServer() + "/main/myapps/" + params.get(CoreConstants.APP_ID) + "/scans/" + id; + } + m_progress.setStatus(new Message(Message.INFO, successMessageKey + " " + id)); + m_progress.setStatus(new Message(Message.INFO, overviewMessageKey + " " + scanOverviewUrl)); + return id; } else if (json != null && json.has(MESSAGE)) { String errorResponse = json.getString(MESSAGE); if (json.has(FORMAT_PARAMS) && !json.isNull(FORMAT_PARAMS)) { @@ -221,71 +192,47 @@ public JSONObject getScanDetails(String scanId) throws IOException, JSONExceptio @Override public JSONArray getNonCompliantIssues(String scanId) throws IOException, JSONException { - if(loginExpired()) - return null; - - String request_url = m_authProvider.getServer() + String.format(API_ISSUES_COUNT, "Scan", scanId); - request_url +="?applyPolicies=All&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27%20or%20Status%20eq%20%27New%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29"; - Map request_headers = m_authProvider.getAuthorizationHeader(true); - request_headers.put("Content-Type", "application/json; charset=UTF-8"); - request_headers.put("Accept", "application/json"); - - HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); - HttpResponse response = client.get(request_url, request_headers, null); - - if (response.isSuccess()) { - JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); - return (JSONArray) json.getJSONArray("Items"); - } - - if (response.getResponseCode() == HttpsURLConnection.HTTP_BAD_REQUEST) - m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_INFO, "Scan", scanId))); - else { - JSONObject obj=(JSONObject)response.getResponseBodyAsJSON(); - if (obj!=null && obj.has(MESSAGE)){ - m_progress.setStatus(new Message(Message.ERROR, obj.getString(MESSAGE))); - } - else { - m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_DETAILS, response.getResponseCode()))); - } - } - - return null; + return getNonCompliantIssues("Scan", scanId); } @Override - public JSONArray getNonCompliantIssues(Map params) throws IOException, JSONException { - if(loginExpired()) - return null; + public JSONArray getNonCompliantIssuesUsingExecutionId(String executionId) throws IOException, JSONException { + return getNonCompliantIssues("ScanExecution", executionId); + } - String request_url = m_authProvider.getServer() + String.format(API_ISSUES_COUNT, "ScanExecution", params.get(CoreConstants.EXECUTION_ID)); - request_url +="?applyPolicies=All&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29"; - Map request_headers = m_authProvider.getAuthorizationHeader(true); - request_headers.put("Content-Type", "application/json; charset=UTF-8"); - request_headers.put("Accept", "application/json"); + //private method to handle common logic + private JSONArray getNonCompliantIssues(String idType, String id) throws IOException, JSONException { + if (loginExpired()) + return null; - HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); - HttpResponse response = client.get(request_url, request_headers, null); + String requestUrl = m_authProvider.getServer() + String.format(API_ISSUES_COUNT, idType, id); + requestUrl += "?applyPolicies=All&%24filter=Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27&%24apply=groupby%28%28Status%2CSeverity%29%2Caggregate%28%24count%20as%20N%29%29"; - if (response.isSuccess()) { - JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); - return (JSONArray) json.getJSONArray("Items"); - } + Map requestHeaders = m_authProvider.getAuthorizationHeader(true); + requestHeaders.put("Content-Type", "application/json; charset=UTF-8"); + requestHeaders.put("Accept", "application/json"); - if (response.getResponseCode() == HttpsURLConnection.HTTP_BAD_REQUEST) - m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_INFO, "Scan", params.get(CoreConstants.SCAN_ID)))); - else { - JSONObject obj=(JSONObject)response.getResponseBodyAsJSON(); - if (obj!=null && obj.has(MESSAGE)){ - m_progress.setStatus(new Message(Message.ERROR, obj.getString(MESSAGE))); - } - else { - m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_DETAILS, response.getResponseCode()))); - } - } + HttpClient client = new HttpClient(m_authProvider.getProxy(), m_authProvider.getacceptInvalidCerts()); + HttpResponse response = client.get(requestUrl, requestHeaders, null); - return null; - } + if (response.isSuccess()) { + JSONObject json = (JSONObject) response.getResponseBodyAsJSON(); + return (JSONArray) json.getJSONArray("Items"); + } + + if (response.getResponseCode() == HttpsURLConnection.HTTP_BAD_REQUEST) { + m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_INFO, idType, id))); + } else { + JSONObject obj = (JSONObject) response.getResponseBodyAsJSON(); + if (obj != null && obj.has(MESSAGE)) { + m_progress.setStatus(new Message(Message.ERROR, obj.getString(MESSAGE))); + } else { + m_progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_GETTING_DETAILS, response.getResponseCode()))); + } + } + + return null; + } @Override public IAuthenticationProvider getAuthenticationProvider() { diff --git a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java index 6bc3fdce..7cd2922f 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java @@ -73,13 +73,12 @@ public interface IScanServiceProvider { /** * Gets the non compliant issues in JSON format. * - * @param properties The properties map of the scan to retrieve all the non compliant issues. + * @param executionId The id of the scan execution to retrieve all the non compliant issues * @return JSONArray containing the issues as JSON objects. * @throws IOException If an error occurs. * @throws JSONException If an error occurs. */ - public JSONArray getNonCompliantIssues(Map properties) throws IOException, JSONException; - + public JSONArray getNonCompliantIssuesUsingExecutionId(String executionId) throws IOException, JSONException; /** * Gets the {@link IAuthenticationProvider} used to authenticate with a scanning service. * diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java index 18e4a677..ce7eb278 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java @@ -72,7 +72,7 @@ public IResultsProvider getResultsProvider() { @Override public IResultsProvider getResultsProvider(boolean nonCompliantIssues) { if(nonCompliantIssues) { - IResultsProvider provider = new NonCompliantIssuesResultProvider(m_scanId, m_properties, getType(), m_serviceProvider, m_progress); + IResultsProvider provider = new NonCompliantIssuesResultProvider(m_scanId, m_executionId, getType(), m_serviceProvider, m_progress); provider.setReportFormat(getReportFormat()); return provider; } diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index 53567066..50cd24a8 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -230,35 +230,46 @@ private static boolean hasEntitlement(String scanType, IAuthenticationProvider p * @return True if the scanId is valid. False is returned if the scanId is not valid, the request fails, or an exception occurs. */ public static boolean isScanId(String scanId, String applicationId, String type, IAuthenticationProvider provider) { - if(provider.isTokenExpired()) { + if (provider.isTokenExpired()) { return true; } String request_url = provider.getServer() + API_BASIC_DETAILS; - request_url += "?$filter=Id%20eq%20"+scanId+"&%24select=AppId%2C%20Technology"; + request_url += "?$filter=Id%20eq%20" + scanId + "&%24select=AppId%2C%20Technology"; Map request_headers = provider.getAuthorizationHeader(true); HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts()); try { HttpResponse response = client.get(request_url, request_headers, null); - if (response.isSuccess()){ + if (response.isSuccess()) { JSONObject obj = (JSONObject) response.getResponseBodyAsJSON(); JSONArray array = (JSONArray) obj.get(ITEMS); - if(array.isEmpty()) { + if (array.isEmpty()) { return false; } else { JSONObject body = (JSONObject) array.getJSONObject(0); String appId = body.getString(CoreConstants.APP_ID); - String technologyName = body.getString("Technology").toLowerCase(); - return (appId.equals(applicationId)) && (technologyName.equalsIgnoreCase(type.replaceAll("\\s", ""))); + String technologyName = body.getString("Technology"); + return appId.equals(applicationId) && technologyName.equals(updatedScanType(type)); } } - } - catch(IOException | JSONException e) { + } catch (IOException | JSONException e) { // Ignore and return false. } return false; } + + public static String updatedScanType(String type) { + switch (type) { + case "Static Analyzer": + return STATIC_TECH; + case "Dynamic Analyzer": + return DYNAMIC_TECH; + case CoreConstants.SOFTWARE_COMPOSITION_ANALYZER: + return SCA_TECH; + } + return type; + } } From fd46f4e2dae09e077a0df34c7cdd04df98b5e84e Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Thu, 12 Sep 2024 12:51:43 +0530 Subject: [PATCH 12/19] addressing comments --- src/main/java/com/hcl/appscan/sdk/CoreConstants.java | 1 - .../java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index 88b796ad..2c4a1c6a 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -23,7 +23,6 @@ public interface CoreConstants { String UPLOADED_FILE = "uploadedFile"; //$NON-NLS-1$ String ID = "Id"; //$NON-NLS-1$ String SCAN_ID = "ScanId"; //$NON-NLS-1$ - String EXECUTION_ID = "ExecutionId"; //$NON-NLS-1$ String KEY = "Key"; //$NON-NLS-1$ String LATEST_EXECUTION = "LatestExecution"; //$NON-NLS-1$ String LOCALE = "Locale"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java index 7cd2922f..41e858ce 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/IScanServiceProvider.java @@ -1,6 +1,6 @@ /** * © Copyright IBM Corporation 2016. - * © Copyright HCL Technologies Ltd. 2017,2018. + * © Copyright HCL Technologies Ltd. 2017,2024. * LICENSE: Apache License, Version 2.0 https://www.apache.org/licenses/LICENSE-2.0 */ From 052f5c91f5b5a34250c2f4fdd99a821a5d69585b Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Thu, 12 Sep 2024 18:47:18 +0530 Subject: [PATCH 13/19] ASA-9456 --- .../com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index f85e69dc..aee09ec6 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -53,8 +53,8 @@ public CloudScanServiceProvider(IProgress progress, IAuthenticationProvider auth @Override public String createAndExecuteScan(String type, Map params) { String requestUrl = m_authProvider.getServer() + String.format(API_SCANNER, type); - String progressMessage = Messages.getMessage(CREATE_SCAN_SUCCESS,type); - String overviewMessage = Messages.getMessage(SCAN_OVERVIEW,type); + String progressMessage = Messages.getMessage(CREATE_SCAN_SUCCESS,type.toUpperCase()); + String overviewMessage = Messages.getMessage(SCAN_OVERVIEW,type.toUpperCase()); return executeScan(requestUrl, params, progressMessage, overviewMessage); } From c02ad471d1789c5f1e264b6cf588fbb7dccfb132 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Thu, 19 Sep 2024 20:31:49 +0530 Subject: [PATCH 14/19] ASA-9480 & ASA-9479 --- .../com/hcl/appscan/sdk/http/HttpClient.java | 35 +++++++++++++++++++ .../NonCompliantIssuesResultProvider.java | 7 +++- .../sdk/scan/CloudScanServiceProvider.java | 8 +++++ .../hcl/appscan/sdk/utils/ServiceUtil.java | 19 ++++++++++ 4 files changed, 68 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java index 2caf1399..6beb24e1 100644 --- a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java +++ b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java @@ -158,6 +158,41 @@ public HttpResponse put(String url, return makeRequest(Method.PUT, url, headerProperties, body); } + /** + * Submit a put request. + * + * @param url The URL string. + * @param headerProperties An optional Map of header properties. + * @param parameters An optional Map of properties. + * @return The response as a byte array. + * @throws IOException If an error occurs. + */ + public HttpResponse put(String url, Map headerProperties, Map parameters) + throws IOException, JSONException { + JSONObject params = new JSONObject(parameters); + JSONObject objectMap = new JSONObject(); + for (Object key : params.keySet()) { + if (params.get(key) != null){ + String value = params.get(key).toString(); + if (value != null) { + if (value.equalsIgnoreCase("true")) { + objectMap.put(key.toString(), true); + } else if (value.equalsIgnoreCase("false")) { + objectMap.put(key.toString(), false); + } else { + // If the string is not "true" or "false," keep it as is + objectMap.put(key.toString(), params.get(key)); + } + } else { + // If the value is not a string, keep it as is + objectMap.put(key.toString(), value); + } + } + } + String body = objectMap.toString(); + return put(url, headerProperties, body); + } + /** * Submit a delete request. * diff --git a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java index de0f2dcc..c25d1d64 100644 --- a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java @@ -190,7 +190,12 @@ private String createNonCompliantIssuesReport(String scanId, String format) thro return null; } - String request_url = authProvider.getServer() + String.format(API_REPORT_SELECTED_ISSUES, SCOPE, scanId); + String request_url; + if(m_executionId != null && !m_executionId.isEmpty()) { + request_url = authProvider.getServer() + String.format(API_REPORT_SELECTED_ISSUES, "ScanExecution", m_executionId); + } else { + request_url = authProvider.getServer() + String.format(API_REPORT_SELECTED_ISSUES, SCOPE, scanId); + } Map request_headers = authProvider.getAuthorizationHeader(true); request_headers.put("Content-Type", "application/json; charset=UTF-8"); request_headers.put("Accept", "application/json"); diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index aee09ec6..0d95d2c2 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -14,6 +14,7 @@ import java.util.Arrays; import java.util.List; import java.util.Map; +import java.util.HashMap; import javax.net.ssl.HttpsURLConnection; @@ -61,6 +62,13 @@ public String createAndExecuteScan(String type, Map params) { @Override public String rescan(String scanId, Map params) { String requestUrl = m_authProvider.getServer() + String.format(API_RESCAN, scanId); + + Map updateParams = new HashMap<>(); + updateParams.put("Name", params.remove(CoreConstants.SCAN_NAME)); + updateParams.put("EnableMailNotifications", params.remove(CoreConstants.EMAIL_NOTIFICATION)); + updateParams.put("FullyAutomatic", params.remove("FullyAutomatic")); + ServiceUtil.updateScanData(updateParams, scanId, m_authProvider); + String progressMessage = Messages.getMessage(RESCAN_SUCCESS); String overviewMessage = Messages.getMessage(RESCAN_OVERVIEW); return executeScan(requestUrl, params, progressMessage, overviewMessage); diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index 50638141..cbd0e1ef 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -272,4 +272,23 @@ public static String updatedScanType(String type) { } return type; } + + public static void updateScanData(Map params, String scanId, IAuthenticationProvider provider) { + if (provider.isTokenExpired()) { + return; + } + + String request_url = provider.getServer() + String.format(API_SCANNER,scanId); + Map request_headers = provider.getAuthorizationHeader(true); + + HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts()); + try { + HttpResponse response = client.put(request_url, request_headers, params); + if (response.isSuccess()) { + return; + } + } catch (IOException | JSONException e) { + // Ignore and return false. + } + } } From 66281962e8b002e18b72086430e38fbedccc0b0d Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Thu, 19 Sep 2024 23:41:04 +0530 Subject: [PATCH 15/19] As per comments --- .../appscan/sdk/results/CloudResultsProvider.java | 7 +------ .../java/com/hcl/appscan/sdk/scanners/ASoCScan.java | 13 +++++++------ .../com/hcl/appscan/sdk/scanners/sast/SASTScan.java | 2 +- .../java/com/hcl/appscan/sdk/utils/ServiceUtil.java | 1 + 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java b/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java index de2fba20..5d48cd96 100644 --- a/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/results/CloudResultsProvider.java @@ -50,12 +50,7 @@ public class CloudResultsProvider implements IResultsProvider, Serializable, Cor protected String m_executionId; public CloudResultsProvider(String scanId, String type, IScanServiceProvider provider, IProgress progress) { - m_type = type; - m_scanId = scanId; - m_hasResults = false; - m_scanProvider = provider; - m_progress = progress; - m_reportFormat = DEFAULT_REPORT_FORMAT; + this(scanId, null, type, provider, progress); } public CloudResultsProvider(String scanId, String executionId, String type, IScanServiceProvider provider, IProgress progress) { diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java index ce7eb278..1f0f3371 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/ASoCScan.java @@ -26,7 +26,7 @@ public abstract class ASoCScan implements IScan, ScanConstants, Serializable { private String m_target; private String m_scanId; private String m_executionId; - private Boolean m_rescan; + private boolean m_rescan; private IProgress m_progress; private IScanServiceProvider m_serviceProvider; private Map m_properties; @@ -42,6 +42,7 @@ public ASoCScan(Map properties, IProgress progress, IScanService m_properties.put(CoreConstants.SCAN_NAME, getType() + SystemUtil.getTimeStamp()); m_progress = progress; m_serviceProvider = provider; + m_rescan = m_properties.containsKey(CoreConstants.SCAN_ID); } @Override @@ -52,10 +53,6 @@ public String getScanId() { public String getExecutionId() { return m_executionId; } - - public Boolean isRescan() { - return m_properties.containsKey(CoreConstants.SCAN_ID); - } @Override public String getName() { @@ -89,9 +86,13 @@ protected void setExecutionId(String id){ m_executionId = id; } - public void setRescan(Boolean rescan){ + public void setRescan(boolean rescan){ m_rescan = rescan; } + + public boolean getRescan() { + return m_rescan; + } protected String getAppId() { return m_properties.get(CoreConstants.APP_ID); diff --git a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java index 03a5cb6d..7052096b 100644 --- a/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java +++ b/src/main/java/com/hcl/appscan/sdk/scanners/sast/SASTScan.java @@ -118,7 +118,7 @@ protected void analyzeIR() throws IOException, ScannerException { Map params = getProperties(); - if (isRescan()) { + if (getRescan()) { setScanId(params.get(CoreConstants.SCAN_ID)); params.put(CoreConstants.FILE_ID, fileId); submitRescan(); diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index cbd0e1ef..60fb1e12 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -280,6 +280,7 @@ public static void updateScanData(Map params, String scanId, IAu String request_url = provider.getServer() + String.format(API_SCANNER,scanId); Map request_headers = provider.getAuthorizationHeader(true); + request_headers.put("accept", "*/*"); HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts()); try { From 02aedd71fa8fed184781ae6ee49a33eb34d7bbb5 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Fri, 20 Sep 2024 16:15:54 +0530 Subject: [PATCH 16/19] ASA-9475 --- .../NonCompliantIssuesResultProvider.java | 62 ++++++++++--------- .../sdk/scan/CloudScanServiceProvider.java | 2 +- .../hcl/appscan/sdk/utils/ServiceUtil.java | 14 +++-- 3 files changed, 43 insertions(+), 35 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java index c25d1d64..400286c4 100644 --- a/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/results/NonCompliantIssuesResultProvider.java @@ -75,35 +75,39 @@ protected void loadResults() { } m_totalFindings = 0; - for (int i = 0; i < array.length(); i++) { - JSONObject jobj = array.getJSONObject(i); - String sev = jobj.getString("Severity"); - int count = jobj.getInt("N"); - - switch (sev.toLowerCase()) { - case "critical": - m_criticalFindings += count; - m_totalFindings += count; - break; - case "high": - m_highFindings += count; - m_totalFindings += count; - break; - case "medium": - m_mediumFindings += count; - m_totalFindings += count; - break; - case "low": - m_lowFindings += count; - m_totalFindings += count; - break; - case "informational": - m_infoFindings += count; - m_totalFindings += count; - break; - default: - m_totalFindings += count; - break; + if(array == null) { + m_status = FAILED; + } else { + for (int i = 0; i < array.length(); i++) { + JSONObject jobj = array.getJSONObject(i); + String sev = jobj.getString("Severity"); + int count = jobj.getInt("N"); + + switch (sev.toLowerCase()) { + case "critical": + m_criticalFindings += count; + m_totalFindings += count; + break; + case "high": + m_highFindings += count; + m_totalFindings += count; + break; + case "medium": + m_mediumFindings += count; + m_totalFindings += count; + break; + case "low": + m_lowFindings += count; + m_totalFindings += count; + break; + case "informational": + m_infoFindings += count; + m_totalFindings += count; + break; + default: + m_totalFindings += count; + break; + } } } setHasResult(true); diff --git a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java index 0d95d2c2..152d5a55 100644 --- a/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java +++ b/src/main/java/com/hcl/appscan/sdk/scan/CloudScanServiceProvider.java @@ -67,7 +67,7 @@ public String rescan(String scanId, Map params) { updateParams.put("Name", params.remove(CoreConstants.SCAN_NAME)); updateParams.put("EnableMailNotifications", params.remove(CoreConstants.EMAIL_NOTIFICATION)); updateParams.put("FullyAutomatic", params.remove("FullyAutomatic")); - ServiceUtil.updateScanData(updateParams, scanId, m_authProvider); + ServiceUtil.updateScanData(updateParams, scanId, m_authProvider, m_progress); String progressMessage = Messages.getMessage(RESCAN_SUCCESS); String overviewMessage = Messages.getMessage(RESCAN_OVERVIEW); diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index 60fb1e12..9d2b1856 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -13,6 +13,9 @@ import javax.net.ssl.HttpsURLConnection; +import com.hcl.appscan.sdk.Messages; +import com.hcl.appscan.sdk.logging.IProgress; +import com.hcl.appscan.sdk.logging.Message; import org.apache.wink.json4j.JSONArray; import org.apache.wink.json4j.JSONArtifact; import org.apache.wink.json4j.JSONException; @@ -273,23 +276,24 @@ public static String updatedScanType(String type) { return type; } - public static void updateScanData(Map params, String scanId, IAuthenticationProvider provider) { + public static void updateScanData(Map params, String scanId, IAuthenticationProvider provider, IProgress progress) { if (provider.isTokenExpired()) { return; } String request_url = provider.getServer() + String.format(API_SCANNER,scanId); Map request_headers = provider.getAuthorizationHeader(true); - request_headers.put("accept", "*/*"); + request_headers.put("accept", "application/json"); + request_headers.put("Content-Type", "application/json"); HttpClient client = new HttpClient(provider.getProxy(), provider.getacceptInvalidCerts()); try { HttpResponse response = client.put(request_url, request_headers, params); - if (response.isSuccess()) { - return; + if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) { + progress.setStatus(new Message(Message.INFO, "Updating the scan parameters.")); } } catch (IOException | JSONException e) { - // Ignore and return false. + progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage()))); } } } From c8062fdacc7de93a236eb9251977c282db5b461f Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Fri, 20 Sep 2024 17:26:33 +0530 Subject: [PATCH 17/19] Created a common constant for a status statement --- src/main/java/com/hcl/appscan/sdk/CoreConstants.java | 1 + src/main/java/com/hcl/appscan/sdk/messages.properties | 1 + src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java index 2c4a1c6a..e59f60ed 100644 --- a/src/main/java/com/hcl/appscan/sdk/CoreConstants.java +++ b/src/main/java/com/hcl/appscan/sdk/CoreConstants.java @@ -152,6 +152,7 @@ public interface CoreConstants { String CREATING_JOB = "message.creating.job"; //$NON-NLS-1$ String CREATE_JOB_SUCCESS = "message.created.job"; //$NON-NLS-1$ String ERROR_CREATE_JOB = "error.create.job"; //$NON-NLS-1$ + String UPDATE_JOB = "message.update.job"; //$NON-NLS-1$ String ERROR_UPDATE_JOB = "error.update.job"; //$NON-NLS-1$ String EXECUTING_JOB = "message.running.job"; //$NON-NLS-1$ String EXECUTE_JOB_SUCCESS = "message.executed.job"; //$NON-NLS-1$ diff --git a/src/main/java/com/hcl/appscan/sdk/messages.properties b/src/main/java/com/hcl/appscan/sdk/messages.properties index fe985a8e..eb348dbc 100644 --- a/src/main/java/com/hcl/appscan/sdk/messages.properties +++ b/src/main/java/com/hcl/appscan/sdk/messages.properties @@ -56,6 +56,7 @@ error.login.type.deprectated=The specified login type is deprecated. Please use error.getting.info=An error occurred getting information for {0} with id {1}. error.getting.scanlog=An error occurred retrieving the scan log. error.url.validation = An error occurred while validating the Starting URL: {0}. +message.update.job = Updated the scan job parameters. #Presence error.getting.presence.details=An error occurred retrieving details for Presence with id {0}. diff --git a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java index 9d2b1856..2eb3186f 100644 --- a/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java +++ b/src/main/java/com/hcl/appscan/sdk/utils/ServiceUtil.java @@ -290,7 +290,7 @@ public static void updateScanData(Map params, String scanId, IAu try { HttpResponse response = client.put(request_url, request_headers, params); if (response.getResponseCode() == HttpsURLConnection.HTTP_NO_CONTENT) { - progress.setStatus(new Message(Message.INFO, "Updating the scan parameters.")); + progress.setStatus(new Message(Message.INFO, Messages.getMessage(UPDATE_JOB))); } } catch (IOException | JSONException e) { progress.setStatus(new Message(Message.ERROR, Messages.getMessage(ERROR_UPDATE_JOB, e.getLocalizedMessage()))); From 396cd0849cd0296d54054ca67f232bfeae29f644 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Sat, 21 Sep 2024 00:12:34 +0530 Subject: [PATCH 18/19] As per comments --- .../com/hcl/appscan/sdk/http/HttpClient.java | 24 +++++++------------ 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java index 6beb24e1..696db178 100644 --- a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java +++ b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java @@ -169,23 +169,17 @@ public HttpResponse put(String url, */ public HttpResponse put(String url, Map headerProperties, Map parameters) throws IOException, JSONException { - JSONObject params = new JSONObject(parameters); JSONObject objectMap = new JSONObject(); - for (Object key : params.keySet()) { - if (params.get(key) != null){ - String value = params.get(key).toString(); - if (value != null) { - if (value.equalsIgnoreCase("true")) { - objectMap.put(key.toString(), true); - } else if (value.equalsIgnoreCase("false")) { - objectMap.put(key.toString(), false); - } else { - // If the string is not "true" or "false," keep it as is - objectMap.put(key.toString(), params.get(key)); - } + for (String key : parameters.keySet()) { + if (parameters.get(key) != null){ + String value = parameters.get(key); + if (value.equalsIgnoreCase("true")) { + objectMap.put(key, true); + } else if (value.equalsIgnoreCase("false")) { + objectMap.put(key, false); } else { - // If the value is not a string, keep it as is - objectMap.put(key.toString(), value); + // If the string is not "true" or "false," keep it as is + objectMap.put(key, parameters.get(key)); } } } From d1649b8fc0bee05d2fdf7295bf1be108781186c1 Mon Sep 17 00:00:00 2001 From: Vishal Chaudhary Date: Sat, 21 Sep 2024 00:19:02 +0530 Subject: [PATCH 19/19] Update HttpClient.java --- src/main/java/com/hcl/appscan/sdk/http/HttpClient.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java index 696db178..1a25ba14 100644 --- a/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java +++ b/src/main/java/com/hcl/appscan/sdk/http/HttpClient.java @@ -179,7 +179,7 @@ public HttpResponse put(String url, Map headerProperties, Map