From 91679d64a9836531d5e86028adcf2123fd73065a Mon Sep 17 00:00:00 2001 From: ilandn Date: Wed, 4 Nov 2020 17:05:29 -0600 Subject: [PATCH 1/9] bugid: 1379 - Fix for OSADependencies.json file generate not in workspace if job running on master CR_by: n/a --- src/main/java/com/checkmarx/jenkins/CxScanBuilder.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index a36b6a28..43712a9c 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -819,6 +819,7 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript ret.setDisableCertificateValidation(!descriptor.isEnableCertificateValidation()); ret.setProxyConfig(ProxyHelper.getProxyConfig()); ret.setMvnPath(descriptor.getMvnPath()); + ret.setOsaGenerateJsonReport(false); //cx server CxCredentials cxCredentials = CxCredentials.resolveCred(this, descriptor, run); From 03d9b86c0ac789eea74170dc132f8207583bcafc Mon Sep 17 00:00:00 2001 From: ilandn Date: Fri, 6 Nov 2020 13:47:22 -0600 Subject: [PATCH 2/9] bugid: Added proxy support CR_by: n/a --- .../jenkins/CommonClientFactory.java | 6 +- .../com/checkmarx/jenkins/CxScanBuilder.java | 201 ++++++++++++++++-- .../com/checkmarx/jenkins/CxScanCallable.java | 9 + .../com/checkmarx/jenkins/ProxyHelper.java | 1 + .../jenkins/CxScanBuilder/config.jelly | 4 +- .../jenkins/CxScanBuilder/global.jelly | 2 + 6 files changed, 197 insertions(+), 26 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CommonClientFactory.java b/src/main/java/com/checkmarx/jenkins/CommonClientFactory.java index b2eb5a07..028bff33 100644 --- a/src/main/java/com/checkmarx/jenkins/CommonClientFactory.java +++ b/src/main/java/com/checkmarx/jenkins/CommonClientFactory.java @@ -13,7 +13,7 @@ class CommonClientFactory { static LegacyClient getInstance(CxCredentials credentials, boolean enableCertificateValidation, - Logger log) + Logger log, boolean isProxy) throws MalformedURLException, CxClientException { CxScanConfig scanConfig = new CxScanConfig(credentials.getServerUrl(), credentials.getUsername(), @@ -21,7 +21,9 @@ static LegacyClient getInstance(CxCredentials credentials, SCAN_ORIGIN, !enableCertificateValidation); - scanConfig.setProxyConfig(ProxyHelper.getProxyConfig()); + if (isProxy) { + scanConfig.setProxyConfig(ProxyHelper.getProxyConfig()); + } return getInstance(scanConfig, log); } diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 43712a9c..6577dc6d 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -6,6 +6,8 @@ import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials; import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials; import com.cx.restclient.CxClientDelegator; +import com.cx.restclient.ast.dto.sca.AstScaConfig; +import com.cx.restclient.ast.dto.sca.AstScaResults; import com.cx.restclient.common.summary.SummaryUtils; import com.cx.restclient.configuration.CxScanConfig; import com.cx.restclient.dto.*; @@ -16,17 +18,10 @@ import com.cx.restclient.sast.dto.Preset; import com.cx.restclient.sast.dto.Project; import com.cx.restclient.sast.dto.SASTResults; -import com.cx.restclient.ast.dto.sca.AstScaConfig; -import com.cx.restclient.ast.dto.sca.AstScaResults; -import com.cx.restclient.dto.SourceLocationType; import com.cx.restclient.sast.utils.LegacyClient; import com.fasterxml.jackson.databind.ObjectMapper; import freemarker.template.TemplateException; import hudson.*; -import hudson.EnvVars; -import hudson.Extension; -import hudson.FilePath; -import hudson.Launcher; import hudson.model.*; import hudson.tasks.BuildStepDescriptor; import hudson.tasks.Builder; @@ -40,8 +35,8 @@ import net.sf.json.JSONObject; import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; -import org.apache.commons.lang.StringUtils; import org.apache.commons.lang3.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.kohsuke.stapler.*; @@ -56,7 +51,10 @@ import java.nio.charset.Charset; import java.nio.file.Path; import java.nio.file.Paths; -import java.util.*; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -95,6 +93,7 @@ public class CxScanBuilder extends Builder implements SimpleBuildStep { @Nullable private String password; private String credentialsId; + private Boolean isProxy = true; @Nullable private String projectName; @Nullable @@ -185,6 +184,7 @@ public CxScanBuilder( @Nullable String serverUrl, @Nullable String username, @Nullable String password, + Boolean isProxy, String credentialsId, String projectName, long projectId, @@ -227,6 +227,7 @@ public CxScanBuilder( this.password = Secret.fromString(password).getEncryptedValue(); this.credentialsId = credentialsId; // Workaround for compatibility with Conditional BuildStep Plugin + this.isProxy = (isProxy == null) ? true : isProxy; this.projectName = (projectName == null) ? buildStep : projectName; this.projectId = projectId; this.groupId = (groupId != null && !groupId.startsWith("Provide Checkmarx")) ? groupId : null; @@ -520,6 +521,9 @@ public boolean isAvoidDuplicateProjectScans() { return avoidDuplicateProjectScans; } + public Boolean getIsProxy() { + return isProxy; + } public Boolean getGenerateXmlReport() { return generateXmlReport; @@ -678,6 +682,11 @@ public void setGenerateXmlReport(Boolean generateXmlReport) { this.generateXmlReport = generateXmlReport; } + @DataBoundSetter + public void setIsProxy(Boolean proxy) { + this.isProxy = proxy; + } + @DataBoundSetter public void setProjectId(long projectId) { this.projectId = projectId; @@ -705,6 +714,20 @@ public void setDependencyScanConfig(DependencyScanConfig dependencyScanConfig) { this.dependencyScanConfig = dependencyScanConfig; } + private void setFsaConfiguration(EnvVars env) { + for (Map.Entry entry : env.entrySet()) { + if (entry.getKey().contains("CX_MAVEN_PATH") || + entry.getKey().contains("CX_GRADLE_PATH") || + entry.getKey().contains("CX_NPM_PATH") || + entry.getKey().contains("CX_COMPOSER_PATH") || + entry.getKey().contains("FSA_CONFIGURATION")) { + if (StringUtils.isNotEmpty(entry.getValue())) { + System.setProperty(entry.getKey(), entry.getValue()); + } + } + } + } + @Override public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnull Launcher launcher, @Nonnull TaskListener listener) throws InterruptedException, IOException { @@ -719,6 +742,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul //resolve configuration final DescriptorImpl descriptor = getDescriptor(); EnvVars env = run.getEnvironment(listener); + setFsaConfiguration(env); CxScanConfig config = resolveConfiguration(run, descriptor, env, log); //print configuration @@ -731,7 +755,15 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul return; } - final CxScanCallable action = new CxScanCallable(config, listener); + Jenkins instance = Jenkins.getInstance(); + final CxScanCallable action; + if (instance != null && instance.proxy != null && + (useOwnServerCredentials ? this.isProxy : getDescriptor().getIsProxy()) && + !(isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns()))) { + action = new CxScanCallable(config, listener, instance.proxy); + } else { + action = new CxScanCallable(config, listener); + } //create scans and retrieve results (in jenkins agent) RemoteScanInfo scanInfo = workspace.act(action); @@ -811,13 +843,46 @@ private void createScaReports(AstScaResults scaResults, File checkmarxBuildDir) writeJsonObjectToFile(scaResults.getFindings(), new File(checkmarxBuildDir, SCA_VULNERABILITIES_JSON), "OSA vulnerabilities json report"); } + /** + * Method validate if CxServerURL is part of 'No proxy host' + * + * @param serverUrl + * @param noProxyHostPatterns + * @return + */ + private Boolean isCxURLinNoProxyHost(String serverUrl, List noProxyHostPatterns) { + + if ((noProxyHostPatterns != null) && (!noProxyHostPatterns.isEmpty()) && (serverUrl != null) && (!serverUrl.isEmpty())) { + + Pattern pattern; + String tempSt; + for (Pattern noProxyHostPattern : noProxyHostPatterns) { + pattern = noProxyHostPattern; + tempSt = pattern.toString(); + while ((tempSt.contains("\\")) || + (tempSt.contains("..")) || + (tempSt.contains(".*")) || + (tempSt.contains("*"))) { + tempSt = tempSt.replace("\\", ""); + tempSt = tempSt.replace("..", "."); + tempSt = tempSt.replace(".*", ""); + tempSt = tempSt.replace("*", ""); + } + + if (serverUrl.contains(tempSt)) { + return true; + } + } + } + return false; + } + private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descriptor, EnvVars env, CxLoggerAdapter log) { CxScanConfig ret = new CxScanConfig(); //general ret.setCxOrigin(REQUEST_ORIGIN); ret.setDisableCertificateValidation(!descriptor.isEnableCertificateValidation()); - ret.setProxyConfig(ProxyHelper.getProxyConfig()); ret.setMvnPath(descriptor.getMvnPath()); ret.setOsaGenerateJsonReport(false); @@ -826,6 +891,14 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript ret.setUrl(cxCredentials.getServerUrl().trim()); ret.setUsername(cxCredentials.getUsername()); ret.setPassword(Aes.decrypt(cxCredentials.getPassword(), cxCredentials.getUsername())); + if (descriptor.getIsProxy()) { + Jenkins instance = Jenkins.getInstance(); + if (instance != null && instance.proxy != null && (useOwnServerCredentials ? this.isProxy : getDescriptor().getIsProxy()) + && !(isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns()))) { + ret.setProxyConfig(new ProxyConfig(instance.proxy.name, instance.proxy.port, + instance.proxy.getUserName(), instance.proxy.getPassword(), false)); + } + } //project ret.setProjectName(env.expand(projectName.trim())); @@ -991,6 +1064,11 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { log.info("plugin version: {}", CxConfig.version()); log.info("server url: " + config.getUrl()); log.info("username: " + config.getUsername()); + log.info("is using Jenkins server proxy: " + (useOwnServerCredentials ? getIsProxy() : config.getProxyConfig() != null)); + if (useOwnServerCredentials ? getIsProxy() : config.getProxyConfig() != null) { + if (Jenkins.getInstance().proxy != null) + log.info("No Proxy Host: " + printNoProxyHost()); + } log.info("project name: " + config.getProjectName()); log.info("team id: " + config.getTeamId()); log.info("is synchronous mode: " + config.getSynchronous()); @@ -1051,6 +1129,25 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { log.info("------------------------------------------------------------------------------------------"); } + private String printNoProxyHost() { + String noProxyHost = ""; + ProxyConfiguration proxy = Jenkins.getInstance().proxy; + if (proxy.getNoProxyHostPatterns() != null) { + List noProxyHostPatterns = proxy.getNoProxyHostPatterns(); + for (Pattern noProxyHostPattern : noProxyHostPatterns) { + String tempString = noProxyHostPattern.toString(); + tempString = tempString.replace("\\.", ".").replace(".*", "*"); + if (noProxyHost.isEmpty()) { + noProxyHost = noProxyHost + tempString; + } else { + noProxyHost = noProxyHost + ", " + tempString; + } + } + return noProxyHost; + } + return noProxyHost; + } + private void createSastReports(SASTResults sastResults, File checkmarxBuildDir, @Nonnull FilePath workspace) { File xmlReportFile = new File(checkmarxBuildDir, SCAN_REPORT_XML); try { @@ -1310,6 +1407,7 @@ public static final class DescriptorImpl extends BuildStepDescriptor { private String credentialsId; private String mvnPath; + private boolean isProxy = true; private boolean prohibitProjectCreation; private boolean hideResults; @@ -1402,6 +1500,14 @@ public void setCredentialsId(String credentialsId) { this.credentialsId = credentialsId; } + public boolean getIsProxy() { + return this.isProxy; + } + + public void setIsProxy(final boolean isProxy) { + this.isProxy = isProxy; + } + public boolean isProhibitProjectCreation() { return prohibitProjectCreation; } @@ -1554,6 +1660,38 @@ public String getCredentialsDescription() { } + /** + * Method validate if CxServerURL is part of 'No proxy host' + * + * @param serverUrl + * @param noProxyHostPatterns + * @return + */ + private Boolean isCxURLinNoProxyHost(String serverUrl, List noProxyHostPatterns) { + if ((noProxyHostPatterns != null) && (!noProxyHostPatterns.isEmpty()) && (serverUrl != null) && (!serverUrl.isEmpty())) { + Pattern pattern; + String tempSt; + for (Pattern noProxyHostPattern : noProxyHostPatterns) { + pattern = noProxyHostPattern; + tempSt = pattern.toString(); + while ((tempSt.contains("\\")) || + (tempSt.contains("..")) || + (tempSt.contains(".*")) || + (tempSt.contains("*"))) { + tempSt = tempSt.replace("\\", ""); + tempSt = tempSt.replace("..", "."); + tempSt = tempSt.replace(".*", ""); + tempSt = tempSt.replace("*", ""); + } + + if (serverUrl.contains(tempSt)) { + return true; + } + } + } + return false; + } + /* * Used to fill the value of hidden timestamp textbox, which in turn is used for Internet Explorer cache invalidation */ @@ -1571,7 +1709,7 @@ public String getCurrentTime() { */ public FormValidation doTestConnection(@QueryParameter final String serverUrl, @QueryParameter final String password, @QueryParameter final String username, @QueryParameter final String timestamp, - @QueryParameter final String credentialsId, @AncestorInPath Item item) { + @QueryParameter final String credentialsId, @QueryParameter final boolean isProxy, @AncestorInPath Item item) { // timestamp is not used in code, it is one of the arguments to invalidate Internet Explorer cache CxCredentials cred; @@ -1580,8 +1718,12 @@ public FormValidation doTestConnection(@QueryParameter final String serverUrl, @ try { cred = CxCredentials.resolveCred(true, serverUrl, username, getPasswordPlainText(password), credentialsId, this, item); CxCredentials.validateCxCredentials(cred); - //todo: add proxy support - commonClient = CommonClientFactory.getInstance(cred, this.isEnableCertificateValidation(), serverLog); + Jenkins instance = Jenkins.getInstance(); + if (instance != null && instance.proxy != null && isProxy && !(isCxURLinNoProxyHost(serverUrl, instance.proxy.getNoProxyHostPatterns()))) { + commonClient = CommonClientFactory.getInstance(cred, this.isEnableCertificateValidation(), serverLog, true); + } else { + commonClient = CommonClientFactory.getInstance(cred, this.isEnableCertificateValidation(), serverLog, false); + } } catch (Exception e) { return buildError(e, "Failed to init cx client"); } @@ -1634,6 +1776,7 @@ public FormValidation doTestScaConnection(@QueryParameter String scaServerUrl, CxScanConfig config = new CxScanConfig(); config.setCxOrigin(REQUEST_ORIGIN); config.setDisableCertificateValidation(!isEnableCertificateValidation()); + config.setOsaGenerateJsonReport(false); AstScaConfig scaConfig = new AstScaConfig(); scaConfig.setAccessControlUrl(scaAccessControlUrl); @@ -1648,8 +1791,15 @@ public FormValidation doTestScaConnection(@QueryParameter String scaServerUrl, config.setAstScaConfig(scaConfig); config.addScannerType(ScannerType.AST_SCA); - ProxyConfig proxyConfig = ProxyHelper.getProxyConfig(); - config.setProxyConfig(proxyConfig); + try { + Jenkins instance = Jenkins.getInstance(); + if (instance != null && instance.proxy != null && isProxy && !(isCxURLinNoProxyHost(serverUrl, instance.proxy.getNoProxyHostPatterns()))) { + ProxyConfig proxyConfig = ProxyHelper.getProxyConfig(); + config.setProxyConfig(proxyConfig); + } + } catch (Exception e) { + return buildError(e, "Failed to init cx client"); + } CxClientDelegator commonClient = CommonClientFactory.getClientDelegatorInstance(config, serverLog); commonClient.getScaClient().testScaConnection(); @@ -1669,10 +1819,15 @@ private FormValidation buildError(Exception e, String errorLogMessage) { * Note: This method is called concurrently by multiple threads, refrain from using mutable * shared state to avoid synchronization issues. */ - private LegacyClient prepareLoggedInClient(CxCredentials credentials) + private LegacyClient prepareLoggedInClient(CxCredentials credentials, boolean isProxy, String serverUrl) throws IOException, CxClientException { - //todo: add proxy support - LegacyClient ret = CommonClientFactory.getInstance(credentials, this.isEnableCertificateValidation(), serverLog); + LegacyClient ret; + Jenkins instance = Jenkins.getInstance(); + if (instance != null && instance.proxy != null && isProxy && !(isCxURLinNoProxyHost(serverUrl, instance.proxy.getNoProxyHostPatterns()))) { + ret = CommonClientFactory.getInstance(credentials, this.isEnableCertificateValidation(), serverLog, true); + } else { + ret = CommonClientFactory.getInstance(credentials, this.isEnableCertificateValidation(), serverLog, false); + } ret.login(); return ret; } @@ -1689,7 +1844,7 @@ public ComboBoxModel doFillProjectNameItems(@QueryParameter final boolean useOwn LegacyClient commonClient = null; try { CxCredentials credentials = CxCredentials.resolveCred(!useOwnServerCredentials, serverUrl, username, getPasswordPlainText(password), credentialsId, this, item); - commonClient = prepareLoggedInClient(credentials); + commonClient = prepareLoggedInClient(credentials, useOwnServerCredentials ? this.isProxy : isProxy, useOwnServerCredentials ? this.serverUrl : serverUrl); List projects = commonClient.getAllProjects(); for (Project p : projects) { @@ -1728,7 +1883,7 @@ public ListBoxModel doFillPresetItems(@QueryParameter final boolean useOwnServer ListBoxModel listBoxModel = new ListBoxModel(); try { CxCredentials credentials = CxCredentials.resolveCred(!useOwnServerCredentials, serverUrl, username, StringEscapeUtils.escapeHtml4(getPasswordPlainText(password)), credentialsId, this, item); - LegacyClient commonClient = prepareLoggedInClient(credentials); + LegacyClient commonClient = prepareLoggedInClient(credentials, useOwnServerCredentials ? this.isProxy : isProxy, useOwnServerCredentials ? this.serverUrl : serverUrl); //todo import preset List presets = commonClient.getPresetList(); @@ -1773,7 +1928,7 @@ public ListBoxModel doFillSourceEncodingItems(@QueryParameter final boolean useO try { CxCredentials credentials = CxCredentials.resolveCred(!useOwnServerCredentials, serverUrl, username, StringEscapeUtils.escapeHtml4(getPasswordPlainText(password)), credentialsId, this, item); - commonClient = prepareLoggedInClient(credentials); + commonClient = prepareLoggedInClient(credentials, useOwnServerCredentials ? this.isProxy : isProxy, useOwnServerCredentials ? this.serverUrl : serverUrl); List configurationList = commonClient.getConfigurationSetList(); for (CxNameObj cs : configurationList) { @@ -1808,7 +1963,7 @@ public ListBoxModel doFillGroupIdItems(@QueryParameter final boolean useOwnServe LegacyClient commonClient = null; try { CxCredentials credentials = CxCredentials.resolveCred(!useOwnServerCredentials, serverUrl, username, StringEscapeUtils.escapeHtml4(getPasswordPlainText(password)), credentialsId, this, item); - commonClient = prepareLoggedInClient(credentials); + commonClient = prepareLoggedInClient(credentials, useOwnServerCredentials ? this.isProxy : isProxy, useOwnServerCredentials ? this.serverUrl : serverUrl); List teamList = commonClient.getTeamList(); for (Team team : teamList) { listBoxModel.add(new ListBoxModel.Option(team.getFullName(), team.getId())); diff --git a/src/main/java/com/checkmarx/jenkins/CxScanCallable.java b/src/main/java/com/checkmarx/jenkins/CxScanCallable.java index 55aef425..1694919c 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanCallable.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanCallable.java @@ -2,6 +2,7 @@ import com.cx.restclient.CxClientDelegator; import com.cx.restclient.configuration.CxScanConfig; +import com.cx.restclient.dto.ProxyConfig; import com.cx.restclient.dto.Results; import com.cx.restclient.dto.ScanResults; import com.cx.restclient.dto.ScannerType; @@ -46,6 +47,14 @@ public RemoteScanInfo invoke(File file, VirtualChannel channel) throws IOExcepti CxLoggerAdapter log = new CxLoggerAdapter(listener.getLogger()); config.setSourceDir(file.getAbsolutePath()); config.setReportsDir(file); + if (jenkinsProxy != null) { + config.setProxyConfig(new ProxyConfig(jenkinsProxy.name, jenkinsProxy.port, + jenkinsProxy.getUserName(), jenkinsProxy.getPassword(), false)); + log.debug("Proxy host: " + jenkinsProxy.name); + log.debug("Proxy port: " + jenkinsProxy.port); + log.debug("Proxy user: " + jenkinsProxy.getUserName()); + log.debug("Proxy password: *************"); + } RemoteScanInfo result = new RemoteScanInfo(); CxClientDelegator delegator = null; diff --git a/src/main/java/com/checkmarx/jenkins/ProxyHelper.java b/src/main/java/com/checkmarx/jenkins/ProxyHelper.java index aa6d5a1e..5bac6e57 100644 --- a/src/main/java/com/checkmarx/jenkins/ProxyHelper.java +++ b/src/main/java/com/checkmarx/jenkins/ProxyHelper.java @@ -7,6 +7,7 @@ class ProxyHelper { /** * Gets proxy settings defined globally for current Jenkins instance. + * * @return Jenkins proxy settings converted to an internal object. */ static ProxyConfig getProxyConfig() { diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index cc3949b0..48853cdd 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -35,8 +35,10 @@ + + + with="serverUrl,username,password,timestamp,credentialsId,isProxy" /> diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly index 4d625318..1ac25397 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly @@ -39,6 +39,8 @@ + + From d13154b2342c20eedda5b3562c9eac9429aa4072 Mon Sep 17 00:00:00 2001 From: ghannamz <55191809+ghannamz@users.noreply.github.com> Date: Sun, 8 Nov 2020 11:07:03 +0200 Subject: [PATCH 3/9] Update version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 2ae6c5e6..a8b38eaf 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2020.4.3 +version = 2020.4.6 repositoryVersion= From b2120ac201ea960e610a970b3445246afddb86d1 Mon Sep 17 00:00:00 2001 From: GhannamZ Date: Sun, 8 Nov 2020 11:24:36 +0200 Subject: [PATCH 4/9] Added missing class to white list --- src/main/resources/META-INF/hudson.remoting.ClassFilter | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/META-INF/hudson.remoting.ClassFilter b/src/main/resources/META-INF/hudson.remoting.ClassFilter index d0d6e6e4..7b01b66f 100644 --- a/src/main/resources/META-INF/hudson.remoting.ClassFilter +++ b/src/main/resources/META-INF/hudson.remoting.ClassFilter @@ -4,6 +4,7 @@ com.cx.restclient.cxArm.dto.Rule com.cx.restclient.cxArm.dto.CxArmConfig com.cx.restclient.cxArm.dto.CxProviders com.cx.restclient.osa.dto.OSAResults +com.cx.restclient.osa.dto.OSAScanStatusEnum com.cx.restclient.osa.dto.OSAScanStatus com.cx.restclient.ast.dto.sca.AstScaResults com.cx.restclient.dto.Status From 9e7713af6ccf8106d25ad06f1b365fd9a3dbc39a Mon Sep 17 00:00:00 2001 From: GhannamZ Date: Wed, 11 Nov 2020 13:59:12 +0200 Subject: [PATCH 5/9] Fixed some issues --- .../com/checkmarx/jenkins/CxScanBuilder.java | 26 +++++++++---------- .../com/checkmarx/jenkins/CxScanCallable.java | 1 + src/main/resources/index.jelly | 2 +- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 6577dc6d..3c88e757 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -834,7 +834,6 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul String reportName = generateHTMLReport(workspace, checkmarxBuildDir, config, scanResults); cxScanResult.setHtmlReportName(reportName); run.addAction(cxScanResult); - } private void createScaReports(AstScaResults scaResults, File checkmarxBuildDir) { @@ -1089,7 +1088,7 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { log.info("SAST scan comment: " + config.getScanComment()); log.info("is incremental scan: " + config.getIncremental()); log.info("is generate full XML report: " + config.getGenerateXmlReport()); - log.info("is generate pfd report: " + config.getGeneratePDFReport()); + log.info("is generate PDF report: " + config.getGeneratePDFReport()); log.info("source code encoding id: " + config.getEngineConfigurationId()); log.info("SAST thresholds enabled: " + config.getSastThresholdsEnabled()); if (config.getSastThresholdsEnabled()) { @@ -1115,17 +1114,6 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { } } - ProxyConfig proxyConfig = config.getProxyConfig(); - if (proxyConfig != null) { - log.info("Proxy configuration:"); - log.info(" host: " + proxyConfig.getHost()); - log.info(" port: " + proxyConfig.getPort()); - log.info(" user: " + proxyConfig.getUsername()); - log.info(" password: *************"); - } else { - log.info("Proxy: not set"); - } - log.info("------------------------------------------------------------------------------------------"); } @@ -1182,7 +1170,17 @@ private String generateHTMLReport(@Nonnull FilePath workspace, File checkmarxBui FileUtils.writeStringToFile(reportFile, reportHTML, Charset.defaultCharset()); writeFileToWorkspaceReports(workspace, reportFile); } catch (IOException | TemplateException e) { - log.error("Failed to generate HTML report.", e); + log.error("Failed to generate HTML report. {}", e.getMessage()); + } catch (NullPointerException e) { + String message = ""; + if (results.getSastResults() != null && !results.getSastResults().isSastResultsReady()) { + message = "SAST results are empty."; + } else if (results.getOsaResults() != null && !results.getOsaResults().isOsaResultsReady()) { + message = "OSA results are empty."; + } else if (results.getScaResults() != null && !results.getScaResults().isScaResultReady()) { + message = "SCA results are empty."; + } + log.error("Failed to generate HTML report. {}", message); } return reportName; } diff --git a/src/main/java/com/checkmarx/jenkins/CxScanCallable.java b/src/main/java/com/checkmarx/jenkins/CxScanCallable.java index 1694919c..cb881cd5 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanCallable.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanCallable.java @@ -50,6 +50,7 @@ public RemoteScanInfo invoke(File file, VirtualChannel channel) throws IOExcepti if (jenkinsProxy != null) { config.setProxyConfig(new ProxyConfig(jenkinsProxy.name, jenkinsProxy.port, jenkinsProxy.getUserName(), jenkinsProxy.getPassword(), false)); + log.debug("Proxy configuration:"); log.debug("Proxy host: " + jenkinsProxy.name); log.debug("Proxy port: " + jenkinsProxy.port); log.debug("Proxy user: " + jenkinsProxy.getUserName()); diff --git a/src/main/resources/index.jelly b/src/main/resources/index.jelly index 7fc4c191..a84625b6 100644 --- a/src/main/resources/index.jelly +++ b/src/main/resources/index.jelly @@ -3,5 +3,5 @@ This view is used to render the installed plugins page. -->
- This plugin allows scanning the source code in Checkmarx static code analysis engine. See https://checkmarx.atlassian.net/wiki/display/KC/CxSAST+Jenkins+Plugin. + This plugin allows scanning the source code in Checkmarx static code analysis engine. See https://checkmarx.atlassian.net/wiki/spaces/SD/pages/1339130110/Jenkins+Plugin.
From afadd10b7302a662b720f7e6c5384252ef4455ed Mon Sep 17 00:00:00 2001 From: GhannamZ Date: Wed, 11 Nov 2020 17:25:28 +0200 Subject: [PATCH 6/9] Updated common client version and Jenkins plugin version --- build.gradle | 2 +- gradle.properties | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index e7a6a64d..5234ed06 100644 --- a/build.gradle +++ b/build.gradle @@ -44,7 +44,7 @@ dependencies { compileOnly 'com.intellij:annotations:12.0', 'org.slf4j:slf4j-api:1.6.1' - compile 'com.checkmarx:cx-client-common:2020.4.96', + compile 'com.checkmarx:cx-client-common:2020.4.107', 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.5', 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.5' diff --git a/gradle.properties b/gradle.properties index a8b38eaf..e65517bb 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2020.4.6 +version = 2020.4.7 repositoryVersion= From b6912f2fc1956a719831290f1d1c942eae61b841 Mon Sep 17 00:00:00 2001 From: ilandn Date: Wed, 11 Nov 2020 19:31:08 -0600 Subject: [PATCH 7/9] bugid: Added FSA custom vars support CR_by: n/a --- .../java/com/checkmarx/jenkins/CxScanBuilder.java | 14 ++++++++++++++ .../checkmarx/jenkins/DependencyScanConfig.java | 3 +++ .../checkmarx/jenkins/CxScanBuilder/config.jelly | 3 +++ .../jenkins/CxScanBuilder/help-fsaVariables.html | 3 +++ 4 files changed, 23 insertions(+) create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-fsaVariables.html diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 3c88e757..8721a18a 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -715,6 +715,7 @@ public void setDependencyScanConfig(DependencyScanConfig dependencyScanConfig) { } private void setFsaConfiguration(EnvVars env) { + // As job environment variable for (Map.Entry entry : env.entrySet()) { if (entry.getKey().contains("CX_MAVEN_PATH") || entry.getKey().contains("CX_GRADLE_PATH") || @@ -726,6 +727,19 @@ private void setFsaConfiguration(EnvVars env) { } } } + // As custom field - for pipeline jobs + String fsaVars = dependencyScanConfig != null ? dependencyScanConfig.fsaVariables : ""; + if (StringUtils.isNotEmpty(fsaVars)) { + try { + String[] vars = fsaVars.replaceAll("[\\n\\r]", "").trim().split(","); + for (String var : vars) { + String[] entry = var.split("="); + System.setProperty(entry[0], entry[1]); + } + } catch (Exception e) { + log.warn("Fail to add comment FSA vars"); + } + } } @Override diff --git a/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java b/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java index fdad6d56..e00bc2a8 100644 --- a/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java +++ b/src/main/java/com/checkmarx/jenkins/DependencyScanConfig.java @@ -44,6 +44,9 @@ public class DependencyScanConfig { @DataBoundSetter public String scaTenant; + @DataBoundSetter + public String fsaVariables; + @DataBoundConstructor public DependencyScanConfig() { } diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index 48853cdd..6bb43068 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -122,6 +122,9 @@ + + + diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-fsaVariables.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-fsaVariables.html new file mode 100644 index 00000000..0d84ea39 --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-fsaVariables.html @@ -0,0 +1,3 @@ +
+ Give a set of key/value (separated by comma): KEY1=VALUE, KEY2=VALUE +
\ No newline at end of file From a0e961eee538aa421a1fc6c741f85e85382cbd49 Mon Sep 17 00:00:00 2001 From: ilandn Date: Wed, 11 Nov 2020 19:42:42 -0600 Subject: [PATCH 8/9] bugid: build.gradle format CR_by: n/a --- build.gradle | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/build.gradle b/build.gradle index 5234ed06..f68b9f81 100644 --- a/build.gradle +++ b/build.gradle @@ -51,24 +51,20 @@ dependencies { optionalJenkinsPlugins 'org.jenkins-ci.main:maven-plugin:1.509.4@jar', 'org.jenkins-ci.plugins:credentials:2.1.19@jar' - testCompile 'junit:junit:4.13.1', 'org.eclipse.sisu:org.eclipse.sisu.plexus:0.0.0.M5', 'org.jmockit:jmockit:1.16' - // Fails with Gradle 2.12 and up without it. Related to https://issues.jenkins-ci.org/browse/JENKINS-17129 jenkinsTest 'org.jenkins-ci.plugins:ant:1.2@jar', 'org.jenkins-ci.plugins:mailer:1.32.1@jar', 'org.jenkins-ci.plugins:matrix-project:1.18@jar' testImplementation('org.junit.jupiter:junit-jupiter-api:5.4.2', - 'org.mockito:mockito-junit-jupiter:2.23.0') + 'org.mockito:mockito-junit-jupiter:2.23.0') testRuntime('org.junit.jupiter:junit-jupiter-engine:5.4.2', - 'org.mockito:mockito-junit-jupiter:2.23.0') + 'org.mockito:mockito-junit-jupiter:2.23.0') } - - jenkinsPlugin { // version of Jenkins core this plugin depends on coreVersion = '2.77' @@ -102,12 +98,9 @@ jenkinsPlugin { developers { developer { - id 'checkmarxsupport' - name 'Checkmarx Support' - } - developer { - id 'galdor' - name 'Gal Dor' + id 'iland' + name 'Ilan Dayan' } } } + From f2d2c95df25aaea2729640647554b52663dc56e4 Mon Sep 17 00:00:00 2001 From: ghannamz <55191809+ghannamz@users.noreply.github.com> Date: Thu, 12 Nov 2020 12:36:54 +0200 Subject: [PATCH 9/9] Updated plugin version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index e65517bb..9daed132 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2020.4.7 +version = 2020.4.8 repositoryVersion=