Checkmarx · tiagobcx · Aug 2, 2024 · Oct 19, 2023 · Oct 23, 2023 · Oct 23, 2023
@@ -66,7 +66,7 @@ func triageUpdateSubCommand(resultsPredicatesWrapper wrappers.ResultsPredicatesW
 				--similarity-id <SimilarityID> 
 				--project-id <ProjectID> 
 				--state <TO_VERIFY|NOT_EXPLOITABLE|PROPOSED_NOT_EXPLOITABLE|CONFIRMED|URGENT> 
-				--severity <HIGH|MEDIUM|LOW|INFO> 
+				--severity <CRITICAL|HIGH|MEDIUM|LOW|INFO> 
 				--comment <Comment(Optional)> 
 				--scan-type <SAST|IAC-SECURITY>
 		`,
@@ -142,7 +142,10 @@ func runTriageUpdate(resultsPredicatesWrapper wrappers.ResultsPredicatesWrapper)
 		state, _ := cmd.Flags().GetString(params.StateFlag)
 		comment, _ := cmd.Flags().GetString(params.CommentFlag)
 		scanType, _ := cmd.Flags().GetString(params.ScanTypeFlag)
-
+		// check if the current tenant has critical severity available
+		if !wrappers.FeatureFlags[wrappers.CVSSV3Enabled] && strings.EqualFold(severity, "critical") {
+			return errors.Errorf("%s", "Critical severity is not available for your tenant.This severity status will be enabled shortly")
+		}
 		predicate := &wrappers.PredicateRequest{
 			SimilarityID: similarityID,
 			ProjectID:    projectID,

@@ -36,6 +36,7 @@ const (
 	failedListingResults      = "Failed listing results"
 	failedListingCodeBashing  = "Failed codebashing link"
 	mediumLabel               = "medium"
+	criticalLabel             = "critical"
 	highLabel                 = "high"
 	lowLabel                  = "low"
 	infoLabel                 = "info"
@@ -46,6 +47,7 @@ const (
 	lowSonar                  = "MINOR"
 	mediumSonar               = "MAJOR"
 	highSonar                 = "CRITICAL"
+	criticalSonar             = "BLOCKER"
 	infoLowSarif              = "note"
 	mediumSarif               = "warning"
 	highSarif                 = "error"
@@ -54,6 +56,7 @@ const (
 	lowCx                     = "LOW"
 	mediumCx                  = "MEDIUM"
 	highCx                    = "HIGH"
+	criticalCx                = "CRITICAL"
 	codeBashingKey            = "cb-url"
 	failedGettingBfl          = "Failed getting BFL"
 	notAvailableString        = "-"
@@ -126,19 +129,22 @@ var filterResultsListFlagUsage = fmt.Sprintf(
 	),
 )
 
+// Follows: over 9.0 is critical, 7.0 to 8.9 is high, 4.0 to 6.9 is medium and 3.9 or less is low.
 var securities = map[string]string{
-	infoCx:   "3.5",
-	lowCx:    "6.5",
-	mediumCx: "8.5",
-	highCx:   "9.5",
+	infoCx:     "1.0",
+	lowCx:      "2.0",
+	mediumCx:   "4.0",
+	highCx:     "7.0",
+	criticalCx: "9.0",
 }
 
 // Match cx severity with sonar severity
 var sonarSeverities = map[string]string{
-	infoCx:   infoSonar,
-	lowCx:    lowSonar,
-	mediumCx: mediumSonar,
-	highCx:   highSonar,
+	infoCx:     infoSonar,
+	lowCx:      lowSonar,
+	mediumCx:   mediumSonar,
+	highCx:     highSonar,
+	criticalCx: criticalSonar,
 }
 
 func NewResultsCommand(
@@ -516,6 +522,7 @@ func convertScanToResultsSummary(scanInfo *wrappers.ScanResponseModel, resultsWr
 		ProjectID:      scanInfo.ProjectID,
 		RiskStyle:      "",
 		RiskMsg:        "",
+		CriticalIssues: 0,
 		HighIssues:     0,
 		MediumIssues:   0,
 		LowIssues:      0,
@@ -591,7 +598,10 @@ func setNotAvailableEnginesStatusCode(summary *wrappers.ResultSummary) {
 }
 
 func setRiskMsgAndStyle(summary *wrappers.ResultSummary) {
-	if summary.HighIssues > 0 {
+	if summary.CriticalIssues > 0 {
+		summary.RiskStyle = criticalLabel
+		summary.RiskMsg = "Critical Risk"
+	} else if summary.HighIssues > 0 {
 		summary.RiskStyle = highLabel
 		summary.RiskMsg = "High Risk"
 	} else if summary.MediumIssues > 0 {
@@ -712,44 +722,46 @@ func printAPIsSecuritySummary(summary *wrappers.ResultSummary) {
 	if summary.HasAPISecurityDocumentation() {
 		fmt.Printf("              APIS DOCUMENTATION: %*d \n", defaultPaddingSize, summary.GetAPISecurityDocumentationTotal())
 	}
-	fmt.Printf("              --------------------------------------------------     \n\n")
+	fmt.Printf("              ---------------------------------------------------------------     \n\n")
 }
 
 func printTableRow(title string, counts *wrappers.EngineResultSummary, statusNumber int) {
-	formatString := "              | %-4s   %4d   %6d   %4d   %4d   %-9s  |\n"
+	formatString := "              | %-5s  %6d   %6d   %6d   %4d   %3d     %-8s  |\n"
 	notAvailableFormatString := "              | %-4s   %4s   %6s   %4s   %4s   %5s      |\n"
 
 	switch statusNumber {
 	case notAvailableNumber:
 		fmt.Printf(notAvailableFormatString, title, notAvailableString, notAvailableString, notAvailableString, notAvailableString, notAvailableString)
 	case scanFailedNumber:
-		fmt.Printf(formatString, title, counts.High, counts.Medium, counts.Low, counts.Info, scanFailedString)
+		fmt.Printf(formatString, title, counts.Critical, counts.High, counts.Medium, counts.Low, counts.Info, scanFailedString)
 	case scanCanceledNumber:
-		fmt.Printf(formatString, title, counts.High, counts.Medium, counts.Low, counts.Info, scanCanceledString)
+		fmt.Printf(formatString, title, counts.Critical, counts.High, counts.Medium, counts.Low, counts.Info, scanCanceledString)
 	default:
-		fmt.Printf(formatString, title, counts.High, counts.Medium, counts.Low, counts.Info, scanSuccessString)
+		fmt.Printf(formatString, title, counts.Critical, counts.High, counts.Medium, counts.Low, counts.Info, scanSuccessString)
 	}
 }
 
 func printResultsSummaryTable(summary *wrappers.ResultSummary) {
+	totalCriticalIssues := summary.EnginesResult.GetCriticalIssues()
 	totalHighIssues := summary.EnginesResult.GetHighIssues()
 	totalMediumIssues := summary.EnginesResult.GetMediumIssues()
 	totalLowIssues := summary.EnginesResult.GetLowIssues()
 	totalInfoIssues := summary.EnginesResult.GetInfoIssues()
-	fmt.Printf("              ---------------------------------------------------     \n\n")
+
+	fmt.Printf("              ---------------------------------------------------------------     \n\n")
 	fmt.Printf("              Total Results: %d                       \n", summary.TotalIssues)
-	fmt.Println("              ---------------------------------------------------     ")
-	fmt.Println("              |          High   Medium   Low   Info   Status    |")
+	fmt.Println("              ---------------------------------------------------------------     ")
+	fmt.Println("              |          Critical   High   Medium   Low   Info   Status     |")
 
 	printTableRow("APIs", summary.EnginesResult[commonParams.APISecType], summary.EnginesResult[commonParams.APISecType].StatusCode)
 	printTableRow("IAC", summary.EnginesResult[commonParams.KicsType], summary.EnginesResult[commonParams.KicsType].StatusCode)
 	printTableRow("SAST", summary.EnginesResult[commonParams.SastType], summary.EnginesResult[commonParams.SastType].StatusCode)
 	printTableRow("SCA", summary.EnginesResult[commonParams.ScaType], summary.EnginesResult[commonParams.ScaType].StatusCode)
 
-	fmt.Println("              ---------------------------------------------------     ")
-	fmt.Printf("              | %-4s  %4d   %6d   %4d   %4d   %-9s  |\n",
-		fmt.Sprintf(boldFormat, "TOTAL"), totalHighIssues, totalMediumIssues, totalLowIssues, totalInfoIssues, summary.Status)
-	fmt.Printf("              ---------------------------------------------------     \n\n")
+	fmt.Println("              ---------------------------------------------------------------     ")
+	fmt.Printf("              | %-4s  %6d   %6d   %6d   %4d   %3d     %-8s  |\n",
+		fmt.Sprintf(boldFormat, "TOTAL"), totalCriticalIssues, totalHighIssues, totalMediumIssues, totalLowIssues, totalInfoIssues, summary.Status)
+	fmt.Printf("              ---------------------------------------------------------------     \n\n")
 }
 
 func generateScanSummaryURL(summary *wrappers.ResultSummary) string {
@@ -942,7 +954,9 @@ func countResult(summary *wrappers.ResultSummary, result *wrappers.ScanResult) {
 			summary.KicsIssues++
 			summary.TotalIssues++
 		}
-		if severity == highLabel {
+		if severity == criticalLabel {
+			summary.CriticalIssues++
+		} else if severity == highLabel {
 			summary.HighIssues++
 		} else if severity == lowLabel {
 			summary.LowIssues++
@@ -1055,6 +1069,7 @@ func createReport(format,
 		return writeHTMLSummary(summaryRpt, summary)
 	}
 	if printer.IsFormat(format, printer.FormatSummaryJSON) {
+		targetFile = fmt.Sprintf("%s_summary", targetFile)
 		summaryRpt := createTargetName(targetFile, targetPath, printer.FormatJSON)
 		convertNotAvailableNumberToZero(summary)
 		return exportJSONSummaryResults(summaryRpt, summary)
@@ -1780,16 +1795,16 @@ func findProperties(result *wrappers.ScanResult) wrappers.SarifProperties {
 	sarifProperties.Description = findDescriptionText(result)
 	sarifProperties.SecuritySeverity = securities[result.Severity]
 	sarifProperties.Tags = []string{"security", "checkmarx", result.Type}
-
 	return sarifProperties
 }
 
 func findSarifLevel(result *wrappers.ScanResult) string {
 	level := map[string]string{
-		infoCx:   infoLowSarif,
-		lowCx:    infoLowSarif,
-		mediumCx: mediumSarif,
-		highCx:   highSarif,
+		infoCx:     infoLowSarif,
+		lowCx:      infoLowSarif,
+		mediumCx:   mediumSarif,
+		highCx:     highSarif,
+		criticalCx: highSarif,
 	}
 	return level[result.Severity]
 }

diff --git a/internal/params/flags.go b/internal/params/flags.go
@@ -105,7 +105,7 @@ const (
 	PresetName                    = "sast-preset-name"
 	Threshold                     = "threshold"
 	ThresholdFlagUsage            = "Local build threshold. Format <engine>-<severity>=<limit>. " +
-		"Example: scan --threshold \"sast-high=10;sca-high=5;iac-security-low=10\""
+		"Example: scan --threshold \"sast-critical=1;sast-high=10;sca-high=5;iac-security-low=10\""
 	KeyValuePairSize         = 2
 	WaitDelayDefault         = 5
 	SimilarityIDFlag         = "similarity-id"

@@ -7,6 +7,7 @@ import (
 
 const tenantIDClaimKey = "tenant_id"
 const PackageEnforcementEnabled = "PACKAGE_ENFORCEMENT_ENABLED"
+const CVSSV3Enabled = "CVSS_V3_ENABLED"
 const MinioEnabled = "MINIO_ENABLED"
 const ContainerEngineCLIEnabled = "CONTAINER_ENGINE_CLI_ENABLED"
 const NewScanReportEnabled = "NEW_SAST_SCAN_REPORT_ENABLED"
@@ -52,6 +53,15 @@ var FeatureFlagsBaseMap = []CommandFlags{
 			},
 		},
 	},
+	{
+		CommandName: "cx triage update",
+		FeatureFlags: []FlagBase{
+			{
+				Name:    CVSSV3Enabled,
+				Default: false,
+			},
+		},
+	},
 }
 
 var FeatureFlags = map[string]bool{}

diff --git a/internal/wrappers/mock/results-mock.go b/internal/wrappers/mock/results-mock.go
@@ -221,3 +221,92 @@ func (r ResultsMockWrapper) GetAllResultsByScanID(params map[string]string) (
 func (r ResultsMockWrapper) GetResultsURL(projectID string) (string, error) {
 	return fmt.Sprintf("projects/%s/overview", projectID), nil
 }
+
+func (r ResultsMockWrapper) GetScanSummariesByScanIDS(params map[string]string) (*wrappers.ScanSummariesModel, *wrappers.WebError, error) {
+	if params["scan-ids"] == "MOCKWEBERR" {
+		return nil, &wrappers.WebError{
+			Message: "web error",
+		}, nil
+	}
+	if params["scan-ids"] == "MOCKERR" {
+		return nil, nil, fmt.Errorf("mock error")
+	}
+	return &wrappers.ScanSummariesModel{
+		ScansSummaries: []wrappers.ScanSumaries{
+			{
+				SastCounters: wrappers.SastCounters{
+					SeverityCounters: []wrappers.SeverityCounters{
+						{
+							Severity: "info",
+							Counter:  1,
+						},
+						{
+							Severity: "low",
+							Counter:  1,
+						},
+						{
+							Severity: "medium",
+							Counter:  1,
+						},
+						{
+							Severity: "high",
+							Counter:  1,
+						},
+						{
+							Severity: "critical",
+							Counter:  1,
+						},
+					},
+					TotalCounter:        5,
+					FilesScannedCounter: 1,
+				},
+				KicsCounters: wrappers.KicsCounters{
+					SeverityCounters: []wrappers.SeverityCounters{
+						{
+							Severity: "info",
+							Counter:  1,
+						},
+						{
+							Severity: "low",
+							Counter:  1,
+						},
+						{
+							Severity: "medium",
+							Counter:  1,
+						},
+						{
+							Severity: "high",
+							Counter:  1,
+						},
+					},
+
+					TotalCounter:        4,
+					FilesScannedCounter: 1,
+				},
+				ScaCounters: wrappers.ScaCounters{
+					SeverityCounters: []wrappers.SeverityCounters{
+						{
+							Severity: "info",
+							Counter:  1,
+						},
+						{
+							Severity: "low",
+							Counter:  1,
+						},
+						{
+							Severity: "medium",
+							Counter:  1,
+						},
+						{
+							Severity: "high",
+							Counter:  1,
+						},
+					},
+
+					TotalCounter:        4,
+					FilesScannedCounter: 1,
+				},
+			},
+		},
+	}, nil, nil
+}