Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sast results analysis #645

Merged
merged 13 commits into from
Feb 1, 2024
Merged

Sast results analysis #645

merged 13 commits into from
Feb 1, 2024

Conversation

ittaigilat-cx
Copy link
Contributor

@ittaigilat-cx ittaigilat-cx commented Jan 23, 2024

By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Many SAST results share matching sub-flows, which as a result share the same fix. This feature locates these sub-flows and filters out redundant results that don't need to be fixed since a fix for other results will fix them as well. This feature is activated by $ cx results show --scan-id <scan-id> --sast-redundancy. Activating prioritization will populate a data.redundancy field as fix for results that need to be fixed, and redundant for results that do not need to be fixed.

References

#645

Testing

Added unit tests that execute the redundancy logic

Checklist

  • I have added documentation for new/changed functionality in this PR (if applicable).
  • I have updated the CLI help for new/changed functionality in this PR (if applicable).
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used

@pedrompflopes pedrompflopes requested review from a team, sshay77 and helderfvieira and removed request for a team January 23, 2024 08:53
@ittaigilat-cx ittaigilat-cx merged commit dd80840 into main Feb 1, 2024
8 checks passed
@ittaigilat-cx ittaigilat-cx deleted the sast-results-analysis branch February 1, 2024 18:52
@Checkmarx Checkmarx deleted a comment from github-actions bot Feb 5, 2024
OrShamirCM added a commit that referenced this pull request Apr 4, 2024
* adding minio feature flag (#646)

* Rename gpt fix (#648)

* Add "*.cmp" extension (#647)

* Bump github.com/google/uuid from 1.5.0 to 1.6.0 (#650)

Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](google/uuid@v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Sast results analysis (#645)

* Add result show --prioritize-sast flag & implementation

* Fix linter errors

* Add tests and fix linter

* Change prioritize-sast help text and priority values

* Fix line-too-long lint issue

* Update result integration test for --prioritize-sast

* Change prioritize-sast to sast-prioritization

* Change UnknownReference to a more informational value

* Chage sast-prioritization to sast-redundancy

* Add newlines to response if necessary

* Fix lint errors in new code

* Refactor for better coverage on chat-sast code

* initialize array (#651)

* AST-35649 | fix ast-cli vulnerabilities (#655)

* fix vulnerabilities

* fix vulnerabilities

* fix vulnerabilities

* fix vulnerabilities

* fix vulnerabilities

* alpine:3.17.0

* 19

* sha

* kics vulnerabilities

* kics and lint problems

* delete if

* ignore 0666 number

* fix vulnerabilities

* permission const

* 666

* AST-34271 | improve result summary table in cli (#656)

* AST-34271 | improve result summary table in cli

* AST-34271 | fixing pr decoration test

* AST-34271 | fixing triage test, removing uneeded project remove

* AST-34271 | solve getRoot function test bugs

* Update release.yml (#660)

* remove sca optin from scan log description (#661)

* remove sca option from scan log description

* AST-35664 | Enhance AI Guided Remediation answers (#662)

* AST-35664 | Enhance AI Guided Remediation answers
* AST-35664 | improved test readability

* Encode client ID and secret (#654)

* Add policy violation to PR/MR decoration (#643)

* AST-35640 | Create Groups Assignment (#663)

* create groups assignment

* lint

* lint issues

* import order

* import order

* do not send groups when FF = on

* code review

* lint issues

* load feature flags

* Or review fixes

* Integration Tests

* Integration Tests-update project

* groups.go

* lint

* fix PrintIfVerbose

* fix PrintfIfVerbose

* findGroupByName fix

* fix nul error in find group

* fixing linter

---------

Co-authored-by: Or Shamir Checkmarx <[email protected]>
Co-authored-by: tiagobcx <[email protected]>

* CLI | Support the application-name flag and add association to the project (AST-35636 , AST-35637) (#664)

* Add application name flag

* fixes

* AST-35637 | add project association to application functionality

* Renamed integration test

* AST-35637 | added create project with app-name test

* added NoPermissionApp case

* Added constants to mock flags and error messages

* added test

* passing application Id to project

* AST-35637 | added unit tests for create scan/project under application

* Added integration tests + handling of forbidden status

* extracted fail message to const + handled error model

* AST-35637 | handle 403 status code in update and create project

* AST-35637 | fix github linter applicationId param

* AST-35637 | initialize projModel applicationIds in updateProject func

* AST-35637 | fix github linter problem - change Id to ID

* AST-35637 | fix github linter problem - change Id to ID

* removed ErroModelUsage + formatting errors

* AST-35637 | fix github linter problem - shadowing errors

* AST-35637 | fix github linter problem - shadowing errors

* AST-35637 | fix github linter problem - change package applicationErrors to applicationerrors

* AST-35637 | fix github linter problem - change FakeHttpStatus to FakeHTTPStatus

* AST-35637 | fix github linter problem

* AST-35637 | fix integration tests

* AST-35637 | add checked returned error when deffering

* AST-35637 | fix tests

* AST-35637 | go linter imports order

* AST-35637 | make createApplicationIds func more readable

* reduced the limit count

* fix

* fixes

* AST-35637 | change prameter type of applicationId from string to []string

* AST-35637 | resolved conflict

* AST-35637 | resolved github linter errors

---------

Co-authored-by: checkmarx-kobi-hagmi <[email protected]>
Co-authored-by: AlvoBen <[email protected]>

* AST-36339 | enable Ai Guided Remediation only if the tenant has permission (#666)

* enable Ai Guided Remediation only if the tenant has permission

* trigger unit test

* fix test

* hide chat command from help (#668)

* Update Get Application by Name with Exact Match and Update Permissions Log Message (AST-36823) (#669)

* the application name passed to application-name flag must match application name exactly

* Changed ApplicationDoesntExist and ApplicationNoPermission to ApplicationDoesntExistOrNoPermission

* Fixed lint error

---------

Co-authored-by: Or Shamir Checkmarx <[email protected]>

* AST-36690 | cleanup integration test (#671)

* fix test

* fix test

* names

* crypto

* crypto

* adding assert

* adding application ids to project creation print

---------

Co-authored-by: Or Shamir Checkmarx <[email protected]>

* Update Confidence Description (AST-37132) (#676)

* Update Confidence Description (AST-37132)

* Update Confidence Description (AST-37132)

* fix tests

* Fix "About this vulnerability" link

Fix "About this vulnerability" link

* Update result.go

* Update result.go

* Add Directory.Packages.props for Nuget Central Package Management (#652)

* Update filters.go

Added Directory.Packages.props file used by Nuget Central Package Management for dependency management in SCA

* Fixed linting issue

---------

Co-authored-by: Or Shamir Checkmarx <[email protected]>

* Update CI.yml to Use GitLab Env Vars (#681)

* Update CI.yml to Use GitLab Env Vars

* Update CI.yml to Use GitLab Env Vars

* Update CI.yml to Use GitLab Env Vars

* AST-37225 Shared Containers Constants (#684)

* AST-37225 const

* containers type

---------

Co-authored-by: Or Shamir Checkmarx <[email protected]>

* Bump alpine from 3.19.0 to 3.19.1 (#649)

Bumps alpine from 3.19.0 to 3.19.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Pedro Lopes <[email protected]>
Co-authored-by: Or Shamir Checkmarx <[email protected]>

* update-gon-test (#686)

* Update gonMac.hcl

* Update release.yml

* Update gonMac.hcl

* Update gonMac.hcl

* Update gonMac.hcl

* Update gonMac.hcl

* Update gonMac.hcl

* Update gonMac.hcl

* Update result_test.go

fix test

* Update result_test.go

* CLI | Add Missing PackageManager Types (AST-38138) (#691)

* add package manager types

* add unit test

* Change createDependencyMapFromDependencyResolution signature to fix linter errors

* fix lint errors

* Resolve pr review conversation

---------

Co-authored-by: AlvoBen <[email protected]>

* changes after merge and testcases

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Tiago Baptista <[email protected]>
Co-authored-by: Margarita <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ittai Gilat <[email protected]>
Co-authored-by: Pedro Lopes <[email protected]>
Co-authored-by: tamarleviCm <[email protected]>
Co-authored-by: AlvoBen <[email protected]>
Co-authored-by: Or Shamir Checkmarx <[email protected]>
Co-authored-by: tiagobcx <[email protected]>
Co-authored-by: checkmarx-kobi-hagmi <[email protected]>
Co-authored-by: AlvoBen <[email protected]>
Co-authored-by: checkmarx-kobi-hagmi <[email protected]>
Co-authored-by: elchananarb <[email protected]>
Co-authored-by: Phillip Dade <[email protected]>
Co-authored-by: elchananarb <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants