v3.0.5

Add FIXINATOR_API_TIMEOUT setting, update SAST report version, add timestamp to json report.

README.md

@@ -109,6 +109,17 @@ You can also set this value by running:
 
 This variable should only be used with the enterprise edition otherwise you may run into issues.
 
+### FIXINATOR_API_TIMEOUT `ENTERPRISE EDITION`
+
+The `FIXINATOR_API_TIMEOUT` environment variables specifies the http timeout for connecting to the
+fixinator api server.
+
+You can also set this value by running:
+
+	box config set modules.fixinator.api_timeout=35
+
+This variable should only be used with the enterprise edition.
+
 ## .fixinator.json
 
 A `.fixinator.json` configuration file can be placed in the root of a folder to be scanned. For Example:

box.json

@@ -1,8 +1,8 @@
 {
     "name":"fixinator",
-    "version":"3.0.4",
+    "version":"3.0.5",
     "author":"Foundeo Inc.",
-    "location":"foundeo/fixinator#v3.0.4",
+    "location":"foundeo/fixinator#v3.0.5",
     "homepage":"https://fixinator.app/",
     "documentation":"https://github.com/foundeo/fixinator/wiki",
     "repository":{

commands/fixinator.cfc

@@ -172,6 +172,10 @@ component extends="commandbox.system.BaseCommand" excludeFromHelp=false {
 			fixinatorClient.setMaxPayloadFileCount(configService.getSetting("modules.fixinator.max_payload_file_count", "UNDEFINED"));
 		}
 
+		if (configService.getSetting("modules.fixinator.api_timeout", "UNDEFINED") != "UNDEFINED") {
+			fixinatorClient.setAPITimeout(configService.getSetting("modules.fixinator.api_timeout", "35"));
+		}
+
 		if (arguments.verbose) {
 			print.greenLine("Fixinator API Server: #fixinatorClient.getAPIURL()#");
 		}
@@ -413,7 +417,7 @@ component extends="commandbox.system.BaseCommand" excludeFromHelp=false {
 				local.resultIndex++;
 				local.rFile = listGetAt(arguments.resultFile, local.resultIndex);
 				local.rFile = fileSystemUtil.resolvePath( local.rFile );	
-				fixinatorReport.generateReport(resultFile=local.rFile, format=local.rFormat, listBy=arguments.listBy, data=local.results);	
+				fixinatorReport.generateReport(resultFile=local.rFile, format=local.rFormat, listBy=arguments.listBy, data=local.results, fixinatorClientVersion=fixinatorClient.getClientVersion());	
 			}
 		}
 

models/fixinator/FixinatorClient.cfc

@@ -16,6 +16,11 @@ component singleton="true" {
 		variables.apiURL = trim(variables.system.getenv("FIXINATOR_API_URL"));
 	}
 
+	variables.apiTimeout = 35;
+	if (!isNull(variables.system.getenv("FIXINATOR_API_TIMEOUT"))) {
+		variables.apiTimeout = trim(variables.system.getenv("FIXINATOR_API_TIMEOUT"));
+	}
+
 	variables.clientUpdate = false;
 	variables.debugMode = false;
 
@@ -183,6 +188,18 @@ component singleton="true" {
 		variables.apiURL = arguments.apiURL;
 	}
 
+	public function getAPITimeout() {
+		return variables.apiTimeout;
+	}
+
+	public function setAPITimeout(numeric apiTimeout) {
+		variables.apiTimeout = arguments.apiTimeout;
+	}
+
+	public function getLockTimeout() {
+		return getAPITimeout() + 1;
+	}
+
 	public function setMaxPayloadSize(numeric size) {
 		variables.maxPayloadSize = arguments.size;
 	}
@@ -197,7 +214,7 @@ component singleton="true" {
 			//progress bar worker
 			for (local.i=0;i<1000;i++) {
 				updateProgressBar(element);
-				cflock(name=element.lock_name, type="readonly", timeout="30") {
+				cflock(name=element.lock_name, type="readonly", timeout=getLockTimeout()) {
 					if (variables.fixinator_shared[element.lock_name].error != 0) {
 						//thread errored out
 						return;
@@ -220,7 +237,7 @@ component singleton="true" {
 				local.payload = {"config"=element.config, "files"=[], "categories":element.categories};
 
 				for (local.f in element.files) {
-					cflock(name=element.lock_name, type="exclusive", timeout="30") {
+					cflock(name=element.lock_name, type="exclusive", timeout=getLockTimeout()) {
 						variables.fixinator_shared[element.lock_name].fileCounter++;	
 						if (variables.fixinator_shared[element.lock_name].error != 0) {
 							//another thread errored out so quit
@@ -239,12 +256,12 @@ component singleton="true" {
 							} else {
 
 								if (local.size + local.fileInfo.size > variables.maxPayloadSize || arrayLen(payload.files) > variables.maxPayloadFileCount) {
-									cflock(name=element.lock_name, type="exclusive", timeout="30") {
+									cflock(name=element.lock_name, type="exclusive", timeout=getLockTimeout()) {
 										variables.fixinator_shared[element.lock_name].pendingCounter+=arrayLen(payload.files);	
 									}
 									local.result = sendPayload(payload);
 
-									cflock(name=element.lock_name, type="exclusive", timeout="30") {
+									cflock(name=element.lock_name, type="exclusive", timeout=getLockTimeout()) {
 										variables.fixinator_shared[element.lock_name].pendingCounter-=arrayLen(payload.files);	
 									}
 									arrayAppend(element.results.results, local.result.results, true);
@@ -266,11 +283,11 @@ component singleton="true" {
 					}
 				}
 				if (arrayLen(payload.files)) {
-					cflock(name=element.lock_name, type="exclusive", timeout="30") {
+					cflock(name=element.lock_name, type="exclusive", timeout=getLockTimeout()) {
 						variables.fixinator_shared[element.lock_name].pendingCounter+=arrayLen(payload.files);	
 					}
 					local.result = sendPayload(payload);
-					cflock(name=element.lock_name, type="exclusive", timeout="30") {
+					cflock(name=element.lock_name, type="exclusive", timeout=getLockTimeout()) {
 						variables.fixinator_shared[element.lock_name].pendingCounter-=arrayLen(payload.files);	
 					}
 					payload.result = local.result;
@@ -283,7 +300,7 @@ component singleton="true" {
 
 			} catch (any e) {
 				element.error = e;
-				cflock(name=element.lock_name, type="exclusive", timeout="30") {
+				cflock(name=element.lock_name, type="exclusive", timeout=getLockTimeout()) {
 					variables.fixinator_shared[element.lock_name].error+=1;
 				}
 			}
@@ -296,7 +313,7 @@ component singleton="true" {
 			local.fileCounter = 0;
 			local.pendingCounter = 0;
 			local.totalFileCount = 0;
-			cflock(name=element.lock_name, type="readonly", timeout="30") {
+			cflock(name=element.lock_name, type="readonly", timeout=getLockTimeout()) {
 				local.lastPercentValue = variables.fixinator_shared[element.lock_name].lastPercentValue;
 				local.fileCounter = variables.fixinator_shared[element.lock_name].fileCounter;
 				local.pendingCounter = variables.fixinator_shared[element.lock_name].pendingCounter;
@@ -323,7 +340,7 @@ component singleton="true" {
 			}
 
 			if (local.lastPercentValue != local.percentValue) {
-				cflock(name=element.lock_name, type="exclusive", timeout="30") {
+				cflock(name=element.lock_name, type="exclusive", timeout=getLockTimeout()) {
 					variables.fixinator_shared[element.lock_name].lastPercentValue = local.percentValue;
 				}
 			}
@@ -362,7 +379,7 @@ component singleton="true" {
 			debugger("Payload Paths #local.payloadID#: #serializeJSON(local.payloadPaths)#");
 			local.tick = getTickCount();
 		} 
-		cfhttp(url=getAPIURL(), method="POST", result="httpResult", timeout="35") {
+		cfhttp(url=getAPIURL(), method="POST", result="httpResult", timeout=getAPITimeout()) {
 			cfhttpparam(type="header", name="Content-Type", value="application/json");
 			cfhttpparam(type="header", name="x-api-key", value=getAPIKey());
 			cfhttpparam(type="header", name="X-Client-Version", value=getClientVersion());

models/fixinator/FixinatorReport.cfc

@@ -12,6 +12,10 @@
 		<cfargument name="resultFile" default="">
 		<cfargument name="data">
 		<cfargument name="listBy" type="string" default="type">
+		<cfargument name="fixinatorClientVersion" type="string" default="0.0.0">
+		<cfset var utc_now = dateConvert("local2utc", now())>
+		<cfset arguments.data["timestamp"] = dateFormat(utc_now, "yyyy-mm-dd") & "T" & timeFormat(utc_now, "HH:mm:ss") & "Z">
+		<cfset arguments.data["fixinator_client_version"] = arguments.fixinatorClientVersion>
 		<!--- make sure user is not passing a directory --->
 		<cfif directoryExists(arguments.resultFile)>
 			<cfthrow message="Please specify a file name in resultFile, not a directory.">
@@ -331,9 +335,18 @@
 
 	<cffunction name="generateSASTReport" returntype="string" output="false">
 		<cfargument name="data">
-		<cfset var sast = {"version"="14.0.4", "vulnerabilities"=[]}>
+		<cfset var sast = {"version"="15.0.6", "vulnerabilities"=[], "scan"={}}>
 		<cfset var i = "">
 		<cfset var v = "">
+		<cfset sast.scan["analyzer"] = {"id"="fixinator","name"="Fixinator", "version"=data.fixinator_client_version, "vendor"={"name":"Foundeo Inc."}}>
+		<cfset sast.scan["end_time"] = replace(arguments.data.timestamp, "Z", "")>
+		<cfset sast.scan["start_time"] = replace(arguments.data.timestamp, "Z", "")>
+		<cfset sast.scan["scanner"] = sast.scan["analyzer"]>
+		<cfset sast.scan["status"] = "success">
+		<cfset sast.scan["type"] = "sast">
+		<cfif arrayLen(arguments.data.results)>
+			<cfset sast.scan["status"] = "failure">
+		</cfif>
 		<!--- docs: https://gitlab.com/help/user/application_security/sast/index#reports-json-format --->
 		<cfloop array="#arguments.data.results#" index="i">
 			<cfset v = {"id"="", "category"="sast", "name"="", "message"="", "description"="", "severity"="Unknown", "confidence"="Unknown", "scanner"={"id"="", "name"=""}, "location"={}, "identifiers"=[]}>