From 9938f62a93a9f5ecbbcf105bbd0f958f89293dad Mon Sep 17 00:00:00 2001 From: swatipersistent <99341045+swatipersistent@users.noreply.github.com> Date: Wed, 16 Oct 2024 19:43:44 +0530 Subject: [PATCH] 2024 q3 integration branch (#158) * SCA Vulnerability fixes * Changes related to critical severity * Upgrading client-common and setting plugin version in config * Updating the plugin version * Fixed bugs found in QA testing * Updating version for QA release --------- Co-authored-by: susmitagorai29 Co-authored-by: PravinGadankush --- build.gradle | 47 ++++- gradle.properties | 2 +- .../jenkins/CommonClientFactory.java | 3 + .../checkmarx/jenkins/CxProjectResult.java | 11 +- .../checkmarx/jenkins/CxResultSeverity.java | 3 +- .../com/checkmarx/jenkins/CxScanBuilder.java | 166 +++++++++++++++++- .../com/checkmarx/jenkins/CxScanCallable.java | 16 +- .../com/checkmarx/jenkins/CxScanResult.java | 57 +++++- .../com/checkmarx/jenkins/EnvVarAction.java | 4 +- .../com/checkmarx/jenkins/RemoteScanInfo.java | 27 +++ .../jenkins/configascode/SastConfig.java | 10 ++ .../jenkins/configascode/ScaConfig.java | 10 ++ .../GetOpenSourceSummaryResponse.java | 25 +++ .../jenkins/legacy8_7/OsaScanResult.java | 21 ++- .../jenkins/legacy8_7/SastScanResult.java | 33 +++- .../jenkins/legacy8_7/ThresholdConfig.java | 10 +- .../jenkins/CxScanBuilder/config.jelly | 25 ++- .../jenkins/CxScanBuilder/global.jelly | 7 + .../CxScanBuilder/help-criticalThreshold.html | 3 + .../help-criticalThresholdEnforcement.html | 3 + .../help-osaCriticalThreshold.html | 3 + .../help-osaCriticalThresholdEnforcement.html | 3 + 22 files changed, 448 insertions(+), 41 deletions(-) create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-criticalThreshold.html create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-criticalThresholdEnforcement.html create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-osaCriticalThreshold.html create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-osaCriticalThresholdEnforcement.html diff --git a/build.gradle b/build.gradle index 2797d57f..d062f6c4 100644 --- a/build.gradle +++ b/build.gradle @@ -1,7 +1,7 @@ buildscript { repositories { - jcenter() - maven { url 'http://repo.jenkins-ci.org/releases/' } + jcenter() + maven { url 'http://repo.jenkins-ci.org/releases/' } } dependencies { classpath 'org.jenkins-ci.tools:gradle-jpi-plugin:0.35.0', @@ -18,7 +18,7 @@ apply plugin: 'project-report' apply plugin: 'org.jenkins-ci.jpi' apply plugin: 'nebula.provided-base' -repositories { +repositories { jcenter() mavenLocal() // Use this to load a custom build of Common Client from a local Maven repo. maven { url 'http://repo.jenkins-ci.org/releases/' } @@ -53,7 +53,7 @@ dependencies { } - compile ('com.checkmarx:cx-client-common:2024.2.3') { + compile ('com.checkmarx:cx-client-common:2024.3.28') { exclude group: 'org.yaml' , module: 'snakeyaml' exclude group: 'com.google.code.gson', module: 'gson' @@ -62,7 +62,23 @@ dependencies { exclude group: 'com.google.guava', module: 'guava' exclude group: 'commons-collections', module: 'commons-collections' exclude group: 'io.netty', module: 'netty-codec-http' - exclude group: 'org.apache.commons', module: 'commons-compress' + exclude group: 'org.apache.commons', module: 'commons-compress' + exclude group: 'io.vertx', module: 'vertx-core' + exclude group: 'org.mozilla', module: 'rhino' + exclude group: 'io.netty', module: 'netty-common' + exclude group: 'io.netty', module: 'netty-buffer' + exclude group: 'io.netty', module: 'netty-transport' + exclude group: 'io.netty', module: 'netty-resolver' + exclude group: 'io.netty', module: 'netty-handler' + exclude group: 'io.netty', module: 'netty-transport-native-unix-common' + exclude group: 'io.netty', module: 'netty-codec' + exclude group: 'io.netty', module: 'netty-handler-proxy' + exclude group: 'io.netty', module: 'netty-codec-socks' + exclude group: 'io.netty', module: 'netty-codec-http2' + exclude group: 'io.netty', module: 'netty-resolver-dns' + exclude group: 'io.netty', module: 'netty-codec-dns' + exclude group: 'org.iq80.snappy', module: 'snappy' + exclude group: 'org.codehaus.plexus', module: 'plexus-utils' } compile 'com.fasterxml.jackson.core:jackson-core:2.11.3', @@ -74,12 +90,29 @@ dependencies { 'org.apache.logging.log4j:log4j-slf4j-impl:2.17.1', 'org.apache.logging.log4j:log4j-api:2.17.1', 'org.apache.logging.log4j:log4j-core:2.17.1', - 'org.apache.commons:commons-compress:1.26.0', + 'org.apache.commons:commons-compress:1.27.0', 'com.google.code.gson:gson:2.8.9', 'org.yaml:snakeyaml:2.2', 'org.json:json:20231013', 'org.eclipse.jgit:org.eclipse.jgit:6.8.0.202311291450-r', - 'com.google.guava:guava:32.1.1-jre' + 'com.google.guava:guava:32.1.1-jre', + 'io.vertx:vertx-core:4.5.9', + 'org.mozilla:rhino:1.7.15', + 'javax.annotation:javax.annotation-api:1.3.2', + 'io.netty:netty-common:4.1.112.Final', + 'io.netty:netty-buffer:4.1.112.Final', + 'io.netty:netty-transport:4.1.112.Final', + 'io.netty:netty-resolver:4.1.112.Final', + 'io.netty:netty-handler:4.1.112.Final', + 'io.netty:netty-transport-native-unix-common:4.1.112.Final', + 'io.netty:netty-codec:4.1.112.Final', + 'io.netty:netty-handler-proxy:4.1.112.Final', + 'io.netty:netty-codec-socks:4.1.112.Final', + 'io.netty:netty-codec-http2:4.1.112.Final', + 'io.netty:netty-resolver-dns:4.1.112.Final', + 'io.netty:netty-codec-dns:4.1.112.Final', + 'org.codehaus.plexus:plexus-utils:3.5.1', + 'org.iq80.snappy:snappy:0.5' constraints { implementation('io.vertx:vertx-web:3.9.7') { diff --git a/gradle.properties b/gradle.properties index c1804e33..50586f11 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2024.2.3 +version = 2024.3.2 repositoryVersion= diff --git a/src/main/java/com/checkmarx/jenkins/CommonClientFactory.java b/src/main/java/com/checkmarx/jenkins/CommonClientFactory.java index 5d9a468a..0e106da7 100644 --- a/src/main/java/com/checkmarx/jenkins/CommonClientFactory.java +++ b/src/main/java/com/checkmarx/jenkins/CommonClientFactory.java @@ -20,6 +20,9 @@ static LegacyClient getInstance(CxConnectionDetails connDetails, Aes.decrypt(connDetails.getPassword(), connDetails.getUsername()), SCAN_ORIGIN, !enableCertificateValidation); + + //setting plugin version to be added in api request headers + scanConfig.setPluginVersion(CxConfig.version()); if (connDetails.isProxy()) { scanConfig.setProxyConfig(ProxyHelper.getProxyConfig()); diff --git a/src/main/java/com/checkmarx/jenkins/CxProjectResult.java b/src/main/java/com/checkmarx/jenkins/CxProjectResult.java index 7a33f878..8a8a19c9 100644 --- a/src/main/java/com/checkmarx/jenkins/CxProjectResult.java +++ b/src/main/java/com/checkmarx/jenkins/CxProjectResult.java @@ -185,6 +185,7 @@ private CategoryDataset buildDataSet(StaplerRequest req) { // In this case we generate an empty graph DataSetBuilder dsb = new DataSetBuilder(); + dsb.add(0, CxResultSeverity.CRITICAL, "0"); dsb.add(0, CxResultSeverity.HIGH, "0"); dsb.add(0, CxResultSeverity.MEDIUM, "0"); dsb.add(0, CxResultSeverity.LOW, "0"); @@ -194,7 +195,8 @@ private CategoryDataset buildDataSet(StaplerRequest req) { DataSetBuilder dsb = new DataSetBuilder(); for (CxScanResult a = lastBuildAction; a != null; a = a.getPreviousResult()) { - dsb.add(a.getHighCount(), CxResultSeverity.HIGH, new ChartUtil.NumberOnlyBuildLabel((Run) a.owner)); + dsb.add(a.getCriticalCount(), CxResultSeverity.CRITICAL, new ChartUtil.NumberOnlyBuildLabel((Run) a.owner)); + dsb.add(a.getHighCount(), CxResultSeverity.HIGH, new ChartUtil.NumberOnlyBuildLabel((Run) a.owner)); dsb.add(a.getMediumCount(), CxResultSeverity.MEDIUM, new ChartUtil.NumberOnlyBuildLabel((Run) a.owner)); dsb.add(a.getLowCount(), CxResultSeverity.LOW, new ChartUtil.NumberOnlyBuildLabel((Run) a.owner)); } @@ -250,9 +252,10 @@ public String generateURL(CategoryDataset dataset, int row, int column) { } }; plot.setRenderer(ar); - ar.setSeriesPaint(0, new Color(246, 0, 22)); // high. - ar.setSeriesPaint(1, new Color(249, 167, 16)); // medium. - ar.setSeriesPaint(2, new Color(254, 255, 3)); // low. + ar.setSeriesPaint(0, new Color(246, 0, 22).darker()); // critical. + ar.setSeriesPaint(1, new Color(246, 0, 22)); // high. + ar.setSeriesPaint(2, new Color(249, 167, 16)); // medium. + ar.setSeriesPaint(3, new Color(254, 255, 3)); // low. // crop extra space around the graph plot.setInsets(new RectangleInsets(0, 0, 0, 5.0)); diff --git a/src/main/java/com/checkmarx/jenkins/CxResultSeverity.java b/src/main/java/com/checkmarx/jenkins/CxResultSeverity.java index 4e9e4a04..adb636be 100644 --- a/src/main/java/com/checkmarx/jenkins/CxResultSeverity.java +++ b/src/main/java/com/checkmarx/jenkins/CxResultSeverity.java @@ -4,7 +4,8 @@ * This class represents the severity of a result in a scan report */ public enum CxResultSeverity { - HIGH("High","3"), + CRITICAL("Critical","4"), + HIGH("High","3"), MEDIUM("Medium","2"), LOW("Low","1"), INFO("Info","0"); diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 59f833e9..34ce9721 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -165,6 +165,8 @@ public Boolean getOverrideGlobalRetentionRate() { private boolean waitForResultsEnabled; private boolean vulnerabilityThresholdEnabled; @Nullable + private Integer criticalThreshold; + @Nullable private Integer highThreshold; @Nullable private Integer mediumThreshold; @@ -178,6 +180,8 @@ public Boolean getOverrideGlobalRetentionRate() { private boolean enableProjectPolicyEnforcementSCA; @Nullable + private Integer osaCriticalThreshold; + @Nullable private Integer osaHighThreshold; @Nullable private Integer osaMediumThreshold; @@ -261,12 +265,14 @@ public CxScanBuilder( @Nullable String comment, boolean skipSCMTriggers, boolean waitForResultsEnabled, - boolean vulnerabilityThresholdEnabled, + boolean vulnerabilityThresholdEnabled, + @Nullable Integer criticalThreshold, @Nullable Integer highThreshold, @Nullable Integer mediumThreshold, @Nullable Integer lowThreshold, boolean failBuildOnNewResults, String failBuildOnNewSeverity, + @Nullable Integer osaCriticalThreshold, @Nullable Integer osaHighThreshold, @Nullable Integer osaMediumThreshold, @Nullable Integer osaLowThreshold, @@ -316,12 +322,14 @@ public CxScanBuilder( this.comment = comment; this.skipSCMTriggers = skipSCMTriggers; this.waitForResultsEnabled = waitForResultsEnabled; - this.vulnerabilityThresholdEnabled = vulnerabilityThresholdEnabled; + this.vulnerabilityThresholdEnabled = vulnerabilityThresholdEnabled; + this.criticalThreshold = criticalThreshold; this.highThreshold = highThreshold; this.mediumThreshold = mediumThreshold; this.lowThreshold = lowThreshold; this.failBuildOnNewResults = failBuildOnNewResults; this.failBuildOnNewSeverity = failBuildOnNewSeverity; + this.osaCriticalThreshold = osaCriticalThreshold; this.osaHighThreshold = osaHighThreshold; this.osaMediumThreshold = osaMediumThreshold; this.osaLowThreshold = osaLowThreshold; @@ -520,6 +528,10 @@ public boolean isWaitForResultsEnabled() { public boolean isVulnerabilityThresholdEnabled() { return vulnerabilityThresholdEnabled; } + + public Integer getCriticalThreshold() { + return criticalThreshold; + } public Integer getHighThreshold() { return highThreshold; @@ -557,6 +569,16 @@ public boolean isOsaEnabled() { public void setOsaEnabled(boolean osaEnabled) { this.osaEnabled = osaEnabled; } + + @Nullable + public Integer getOsaCriticalThreshold() { + return osaCriticalThreshold; + } + + @DataBoundSetter + public void setOsaCriticalThreshold(Integer osaCriticalThreshold) { + this.osaCriticalThreshold = osaCriticalThreshold; + } @Nullable public Integer getOsaHighThreshold() { @@ -783,6 +805,11 @@ public void setWaitForResultsEnabled(boolean waitForResultsEnabled) { public void setVulnerabilityThresholdEnabled(boolean vulnerabilityThresholdEnabled) { this.vulnerabilityThresholdEnabled = vulnerabilityThresholdEnabled; } + + @DataBoundSetter + public void setCriticalThreshold(@Nullable Integer criticalThreshold) { + this.criticalThreshold = criticalThreshold; + } @DataBoundSetter public void setHighThreshold(@Nullable Integer highThreshold) { @@ -1007,7 +1034,6 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul } } - //print configuration printConfiguration(config, descriptor, log); @@ -1026,11 +1052,20 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul action = new CxScanCallable(config, listener, instance.proxy, isHideDebugLogs(), fsaVars); } else { action = new CxScanCallable(config, listener, isHideDebugLogs(), fsaVars); - } + } + //create scans and retrieve results (in jenkins agent) RemoteScanInfo scanInfo = workspace.act(action); ScanResults scanResults = scanInfo.getScanResults(); + //setting cxVersion in config if it is null (Jenkins agent node scenario). We need this for HTML report. + if(config.getCxVersion() == null){ + CxVersion cxVersion = new CxVersion(); + cxVersion.setVersion(scanInfo.getVersion()); + cxVersion.setHotFix(scanInfo.getHotFix()); + cxVersion.setEnginePackVersion(scanInfo.getEnginePackVersion()); + config.setCxVersion(cxVersion); + } // We'll need this for the HTML report. config.setCxARMUrl(scanInfo.getCxARMUrl()); @@ -1085,11 +1120,10 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul //in case of async mode, do not create reports (only the report of the latest scan) //and don't assert threshold vulnerabilities - + failTheBuild(run, config, scanResults); if (config.getSynchronous()) { - - //generate html report + //generate html report String reportName = generateHTMLReport(workspace, checkmarxBuildDir, config, scanResults); cxScanResult.setHtmlReportName(reportName); run.addAction(cxScanResult); @@ -1245,6 +1279,14 @@ private void mapScaConfiguration(Optional sca, CxScanConfig scanConfi scanConfig.setOsaFolderExclusions(pValue); overridesResults.put("Sca Folder Exclude", pValue); }); + + sca.map(ScaConfig::getCritical) + .filter(n -> n > 0) + .ifPresent(pValue -> { + scanConfig.setOsaThresholdsEnabled(true); + scanConfig.setOsaCriticalThreshold(pValue); + overridesResults.put("Sca Critical", String.valueOf(pValue)); + }); sca.map(ScaConfig::getHigh) .filter(n -> n > 0) @@ -1331,6 +1373,14 @@ private void mapSastConfiguration(Optional sast, CxScanConfig scanCo scanConfig.setSastMediumThreshold(pValue); overridesResults.put("Medium", String.valueOf(pValue)); }); + + sast.map(SastConfig::getCritical) + .filter(n -> n > 0) + .ifPresent(pValue -> { + scanConfig.setSastThresholdsEnabled(true); + scanConfig.setSastCriticalThreshold(pValue); + overridesResults.put("Critical", String.valueOf(pValue)); + }); sast.map(SastConfig::getHigh) .filter(n -> n > 0) @@ -1488,6 +1538,8 @@ private Boolean verifyCustomCharacters(String inputString) { } private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descriptor, EnvVars env, CxLoggerAdapter log, FilePath workspace) throws IOException, ConfigurationException { CxScanConfig ret = new CxScanConfig(); + //setting plugin version to be added in api request headers + ret.setPluginVersion(CxConfig.version()); ret.setIsOverrideProjectSetting(overrideProjectSetting); @@ -1638,12 +1690,14 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript } if (useGlobalThreshold) { + ret.setSastCriticalThreshold(descriptor.getCriticalThresholdEnforcement()); ret.setSastHighThreshold(descriptor.getHighThresholdEnforcement()); ret.setSastMediumThreshold(descriptor.getMediumThresholdEnforcement()); ret.setSastLowThreshold(descriptor.getLowThresholdEnforcement()); resolvedVulnerabilityThresholdResult = Result.fromString(descriptor.getJobGlobalStatusOnThresholdViolation().name()); resolvedExceptionOnThresholdError = descriptor.isExceptionOnThresholdErrorGlobal(); } else if (useJobThreshold) { + ret.setSastCriticalThreshold(getCriticalThreshold()); ret.setSastHighThreshold(getHighThreshold()); ret.setSastMediumThreshold(getMediumThreshold()); ret.setSastLowThreshold(getLowThreshold()); @@ -1797,12 +1851,14 @@ private void configureDependencyScan(Run run, DescriptorImpl descriptor, E config.setOsaThresholdsEnabled(useGlobalThreshold || useJobThreshold); if (useGlobalThreshold) { + config.setOsaCriticalThreshold(descriptor.getOsaCriticalThresholdEnforcement()); config.setOsaHighThreshold(descriptor.getOsaHighThresholdEnforcement()); config.setOsaMediumThreshold(descriptor.getOsaMediumThresholdEnforcement()); config.setOsaLowThreshold(descriptor.getOsaLowThresholdEnforcement()); resolvedVulnerabilityThresholdResult = Result.fromString(descriptor.getJobGlobalStatusOnThresholdViolation().name()); resolvedExceptionOnThresholdError = descriptor.isExceptionOnThresholdErrorGlobal(); } else if (useJobThreshold) { + config.setOsaCriticalThreshold(getOsaCriticalThreshold()); config.setOsaHighThreshold(getOsaHighThreshold()); config.setOsaMediumThreshold(getOsaMediumThreshold()); config.setOsaLowThreshold(getOsaLowThreshold()); @@ -1973,6 +2029,7 @@ private void printConfiguration(CxScanConfig config, DescriptorImpl descriptor, log.info("source code encoding id: " + config.getEngineConfigurationId()); log.info("SAST thresholds enabled: " + config.getSastThresholdsEnabled()); if (config.getSastThresholdsEnabled()) { + log.info("SAST critical threshold: " + config.getSastCriticalThreshold()); log.info("SAST high threshold: " + config.getSastHighThreshold()); log.info("SAST medium threshold: " + config.getSastMediumThreshold()); log.info("SAST low threshold: " + config.getSastLowThreshold()); @@ -1985,6 +2042,7 @@ private void printConfiguration(CxScanConfig config, DescriptorImpl descriptor, log.info(" filter patterns: " + config.getOsaFilterPattern()); log.info(" thresholds enabled: " + config.getOsaThresholdsEnabled()); if (config.getOsaThresholdsEnabled()) { + log.info(" critical threshold: " + config.getOsaCriticalThreshold()); log.info(" high threshold: " + config.getOsaHighThreshold()); log.info(" medium threshold: " + config.getOsaMediumThreshold()); log.info(" low threshold: " + config.getOsaLowThreshold()); @@ -2103,9 +2161,33 @@ private void writeJsonObjectToFile(Object jsonObj, FilePath to, String fileName) IOUtils.closeQuietly(is); } } + + private void showWarningForFailTheBuildOnNewCriticalVulnerabilities(CxScanConfig config){ + String msg = "Critical severity is not supported for the version of the configured SAST server. Thus, fail the build functionality for new critical vulnerabilities will not work if critical severity is not supported by the configured SAST server."; + if(config.getSastNewResultsThresholdEnabled() + && "CRITICAL".equalsIgnoreCase(config.getSastNewResultsThresholdSeverity())) { + if(config.getCxVersion()!=null && config.getCxVersion().getVersion()!=null) { + String sastVersion = config.getCxVersion().getVersion(); + String[] versionComponents = sastVersion.split("\\."); + float currentVersionFloat = Float.parseFloat("9.0"); + if (versionComponents.length >= 2) { + String currentVersion = versionComponents[0] + "." + versionComponents[1]; + currentVersionFloat = Float.parseFloat(currentVersion); + } + if(currentVersionFloat < Float.parseFloat("9.7")) { + log.warn(msg); + } + } + else { + log.warn(msg); + } + } + } private void failTheBuild(Run run, CxScanConfig config, ScanResults ret) throws AbortException { - //assert if expected exception is thrown OR when vulnerabilities under threshold OR when policy violated + //check if critical severity is supported for fail the build + showWarningForFailTheBuildOnNewCriticalVulnerabilities(config); + //assert if expected exception is thrown OR when vulnerabilities under threshold OR when policy violated ScanSummary scanSummary = new ScanSummary(config, ret.getSastResults(), ret.getOsaResults(), ret.getScaResults()); if (scanSummary.hasErrors() || ret.getGeneralException() != null || (ret.getSastResults() != null && ret.getSastResults().getException() != null) || @@ -2177,7 +2259,8 @@ private void logError(Exception ex) { private void addEnvVarAction(Run run, SASTResults sastResults) { EnvVarAction envVarAction = new EnvVarAction(); - envVarAction.setCxSastResults(sastResults.getHigh(), + envVarAction.setCxSastResults(sastResults.getCritical(), + sastResults.getHigh(), sastResults.getMedium(), sastResults.getLow(), sastResults.getInformation()); @@ -2525,12 +2608,16 @@ public void setSastcomment(String sastcomment) { private boolean forcingVulnerabilityThresholdEnabled; @Nullable + private Integer criticalThresholdEnforcement; + @Nullable private Integer highThresholdEnforcement; @Nullable private Integer mediumThresholdEnforcement; @Nullable private Integer lowThresholdEnforcement; @Nullable + private Integer osaCriticalThresholdEnforcement; + @Nullable private Integer osaHighThresholdEnforcement; @Nullable private Integer osaMediumThresholdEnforcement; @@ -2697,6 +2784,14 @@ public boolean isForcingVulnerabilityThresholdEnabled() { public void setForcingVulnerabilityThresholdEnabled(boolean forcingVulnerabilityThresholdEnabled) { this.forcingVulnerabilityThresholdEnabled = forcingVulnerabilityThresholdEnabled; } + + public Integer getCriticalThresholdEnforcement() { + return criticalThresholdEnforcement; + } + + public void setCriticalThresholdEnforcement(Integer criticalThresholdEnforcement) { + this.criticalThresholdEnforcement = criticalThresholdEnforcement; + } public Integer getHighThresholdEnforcement() { return highThresholdEnforcement; @@ -2721,6 +2816,15 @@ public Integer getLowThresholdEnforcement() { public void setLowThresholdEnforcement(Integer lowThresholdEnforcement) { this.lowThresholdEnforcement = lowThresholdEnforcement; } + + @Nullable + public Integer getOsaCriticalThresholdEnforcement() { + return osaCriticalThresholdEnforcement; + } + + public void setOsaCriticalThresholdEnforcement(@Nullable Integer osaCriticalThresholdEnforcement) { + this.osaCriticalThresholdEnforcement = osaCriticalThresholdEnforcement; + } @Nullable public Integer getOsaHighThresholdEnforcement() { @@ -3650,6 +3754,7 @@ public ListBoxModel doFillFailBuildOnNewSeverityItems(@AncestorInPath Item item) } item.checkPermission(Item.CONFIGURE); ListBoxModel listBoxModel = new ListBoxModel(); + listBoxModel.add(new ListBoxModel.Option("Critical", "CRITICAL")); listBoxModel.add(new ListBoxModel.Option("High", "HIGH")); listBoxModel.add(new ListBoxModel.Option("Medium", "MEDIUM")); listBoxModel.add(new ListBoxModel.Option("Low", "LOW")); @@ -3686,6 +3791,19 @@ public ListBoxModel doFillScaReportFormat(@AncestorInPath Item item) { } return listBoxModel; } + + /* + * Note: This method is called concurrently by multiple threads, refrain from using mutable shared state to + * avoid synchronization issues. + */ + @POST + public FormValidation doCheckCriticalThreshold(@QueryParameter final Integer value,@AncestorInPath Item item) { + if (item == null) { + return FormValidation.ok(); + } + item.checkPermission(Item.CONFIGURE); + return checkNonNegativeValue(value); + } /* @@ -3726,6 +3844,16 @@ public FormValidation doCheckLowThreshold(@QueryParameter final Integer value,@A item.checkPermission(Item.CONFIGURE); return checkNonNegativeValue(value); } + + /* + * Note: This method is called concurrently by multiple threads, refrain from using mutable shared state to + * avoid synchronization issues. + */ + @POST + public FormValidation doCheckCriticalThresholdEnforcement(@QueryParameter final Integer value) { + Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); + return checkNonNegativeValue(value); + } /* * Note: This method is called concurrently by multiple threads, refrain from using mutable shared state to @@ -3756,6 +3884,20 @@ public FormValidation doCheckLowThresholdEnforcement(@QueryParameter final Integ Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); return checkNonNegativeValue(value); } + + /* + * Note: This method is called concurrently by multiple threads, refrain from using mutable + * shared state to avoid synchronization issues. + */ + + @POST + public FormValidation doCheckOsaCriticalThreshold(@QueryParameter final Integer value,@AncestorInPath Item item) { + if (item == null) { + return FormValidation.ok(); + } + item.checkPermission(Item.CONFIGURE); + return checkNonNegativeValue(value); + } /* * Note: This method is called concurrently by multiple threads, refrain from using mutable @@ -3796,6 +3938,12 @@ public FormValidation doCheckOsaLowThreshold(@QueryParameter final Integer value item.checkPermission(Item.CONFIGURE); return checkNonNegativeValue(value); } + + @POST + public FormValidation doCheckOsaCriticalThresholdEnforcement(@QueryParameter final Integer value) { + Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); + return checkNonNegativeValue(value); + } @POST public FormValidation doCheckOsaHighThresholdEnforcement(@QueryParameter final Integer value) { diff --git a/src/main/java/com/checkmarx/jenkins/CxScanCallable.java b/src/main/java/com/checkmarx/jenkins/CxScanCallable.java index d1a497be..176030c4 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanCallable.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanCallable.java @@ -82,10 +82,9 @@ public RemoteScanInfo invoke(File file, VirtualChannel channel) throws IOExcepti List results = new ArrayList<>(); try { - delegator = CommonClientFactory.getClientDelegatorInstance(config, log); + delegator = CommonClientFactory.getClientDelegatorInstance(config, log); ScanResults initResults = delegator.init(); results.add(initResults); - // Make sure CxARMUrl is passed in the result. // Cannot pass CxARMUrl in the config object, because this callable can be executed on a Jenkins agent. // On a Jenkins agent we'll get a cloned config instead of the original object reference. @@ -120,7 +119,7 @@ public RemoteScanInfo invoke(File file, VirtualChannel channel) throws IOExcepti } throw new IOException(message); } - + Logger rootLog = null; OsaConsoleHandler handler = null; ScanResults createScanResults; @@ -148,21 +147,24 @@ public RemoteScanInfo invoke(File file, VirtualChannel channel) throws IOExcepti } finally { semaphore.release(); } - + ScanResults scanResults = config.getSynchronous() ? delegator.waitForScanResults() : delegator.getLatestScanResults(); results.add(scanResults); - if (config.getSynchronous() && config.isSastEnabled() && ((createScanResults.getSastResults() != null && createScanResults.getSastResults().getException() != null && createScanResults.getSastResults().getScanId() > 0) || (scanResults.getSastResults() != null && scanResults.getSastResults().getException() != null))) { cancelScan(delegator); } - if (((config.isSastEnabled()||config.isOsaEnabled()) && config.getEnablePolicyViolations()) || (config.isAstScaEnabled() && config.getEnablePolicyViolationsSCA())) { delegator.printIsProjectViolated(scanResults); } - ScanResults finalScanResults = getFinalScanResults(results); result.setScanResults(finalScanResults); + + if(config.getCxVersion()!=null) { + result.setVersion(config.getCxVersion().getVersion()); + result.setHotFix(config.getCxVersion().getHotFix()); + result.setEnginePackVersion(config.getCxVersion().getEnginePackVersion()); + } return result; } diff --git a/src/main/java/com/checkmarx/jenkins/CxScanResult.java b/src/main/java/com/checkmarx/jenkins/CxScanResult.java index 2861a576..cce20435 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanResult.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanResult.java @@ -81,6 +81,7 @@ public CxScanResult(Run owner, CxScanConfig config) { } public void setSastResults(SASTResults results) { + this.criticalCount = results.getCritical(); this.highCount = results.getHigh(); this.mediumCount = results.getMedium(); this.lowCount = results.getLow(); @@ -95,6 +96,7 @@ public CxScanResult(Run owner, String serverUrl, long projectId, boolean s this.serverUrl = serverUrl; this.resultIsValid = false; //sast fails flag for jelly this.errorMessage = "No Scan Results"; // error message to appear if results were not parsed + this.criticalQueryResultList = new LinkedList<>(); this.highQueryResultList = new LinkedList<>(); this.mediumQueryResultList = new LinkedList<>(); this.lowQueryResultList = new LinkedList<>(); @@ -378,14 +380,16 @@ public boolean getIsThresholdForNewResultExceeded() { public boolean isThresholdExceeded() { - boolean ret = isThresholdExceededByLevel(sastScanResult.getHighCount(), sastThresholdConfig.getHighSeverity()); + boolean ret = isThresholdExceededByLevel(sastScanResult.getCriticalCount(), sastThresholdConfig.getCriticalSeverity()); + ret |= isThresholdExceededByLevel(sastScanResult.getHighCount(), sastThresholdConfig.getHighSeverity()); ret |= isThresholdExceededByLevel(sastScanResult.getMediumCount(), sastThresholdConfig.getMediumSeverity()); ret |= isThresholdExceededByLevel(sastScanResult.getLowCount(), sastThresholdConfig.getLowSeverity()); return ret; } public boolean isOsaThresholdExceeded() { - boolean ret = isThresholdExceededByLevel(osaScanResult.getOsaHighCount(), osaThresholdConfig.getHighSeverity()); + boolean ret = isThresholdExceededByLevel(osaScanResult.getOsaCriticalCount(), osaThresholdConfig.getCriticalSeverity()); + ret |= isThresholdExceededByLevel(osaScanResult.getOsaHighCount(), osaThresholdConfig.getHighSeverity()); ret |= isThresholdExceededByLevel(osaScanResult.getOsaMediumCount(), osaThresholdConfig.getMediumSeverity()); ret |= isThresholdExceededByLevel(osaScanResult.getOsaLowCount(), osaThresholdConfig.getLowSeverity()); return ret; @@ -405,11 +409,13 @@ private boolean isThresholdExceededByLevel(int count, Integer threshold) { //(when we stop supporting 8.4.1 and down) /*******************Legacy Variables for UI backward computability****************************************/ + private int criticalCount; private int highCount; private int mediumCount; private int lowCount; private int infoCount; + private LinkedList criticalQueryResultList; private LinkedList highQueryResultList; private LinkedList mediumQueryResultList; private LinkedList lowQueryResultList; @@ -434,11 +440,13 @@ private boolean isThresholdExceededByLevel(int count, Integer threshold) { public void initializeSastLegacyVariables(SastScanResult sastScanResult) { - this.highCount = sastScanResult.getHighCount(); + this.criticalCount = sastScanResult.getCriticalCount(); + this.highCount = sastScanResult.getHighCount(); this.mediumCount = sastScanResult.getMediumCount(); this.lowCount = sastScanResult.getLowCount(); this.infoCount = sastScanResult.getInfoCount(); + this.criticalQueryResultList = sastScanResult.getCriticalQueryResultList(); this.highQueryResultList = sastScanResult.getHighQueryResultList(); this.mediumQueryResultList = sastScanResult.getMediumQueryResultList(); this.lowQueryResultList = sastScanResult.getLowQueryResultList(); @@ -455,6 +463,10 @@ public void initializeSastLegacyVariables(SastScanResult sastScanResult) { this.errorMessage = sastScanResult.getErrorMessage(); } + public int getCriticalCount() { + return criticalCount; + } + public int getHighCount() { return highCount; } @@ -508,6 +520,10 @@ public String getErrorMessage() { public boolean isResultIsValid() { return resultIsValid; } + + public List getCriticalQueryResultList() { + return criticalQueryResultList; + } public List getHighQueryResultList() { return highQueryResultList; @@ -526,6 +542,7 @@ public List getInfoQueryResultList() { } //osa results + private int osaCriticalCount; private int osaHighCount; private int osaMediumCount; private int osaLowCount; @@ -534,6 +551,7 @@ public List getInfoQueryResultList() { public void initializeOsaLegacyVariables(OsaScanResult osaScanResult) { if (osaScanResult != null) { + this.osaCriticalCount = osaScanResult.getOsaCriticalCount(); this.osaHighCount = osaScanResult.getOsaHighCount(); this.osaMediumCount = osaScanResult.getOsaMediumCount(); this.osaLowCount = osaScanResult.getOsaLowCount(); @@ -542,6 +560,10 @@ public void initializeOsaLegacyVariables(OsaScanResult osaScanResult) { } } + public int getOsaCriticalCount() { + return osaCriticalCount; + } + public int getOsaHighCount() { return osaHighCount; } @@ -562,7 +584,8 @@ public int getOsaNoVulnerabilityLibs() { return osaNoVulnerabilityLibs; } - + @Nullable + private Integer criticalThreshold; @Nullable private Integer highThreshold; @Nullable @@ -570,6 +593,8 @@ public int getOsaNoVulnerabilityLibs() { @Nullable private Integer lowThreshold; @Nullable + private Integer osaCriticalThreshold; + @Nullable private Integer osaHighThreshold; @Nullable private Integer osaMediumThreshold; @@ -577,17 +602,28 @@ public int getOsaNoVulnerabilityLibs() { private Integer osaLowThreshold; private void initializeSastLegacyThresholdVariables(ThresholdConfig thresholdConfig) { - this.setHighThreshold(thresholdConfig.getHighSeverity()); + this.setCriticalThreshold(thresholdConfig.getCriticalSeverity()); + this.setHighThreshold(thresholdConfig.getHighSeverity()); this.setMediumThreshold(thresholdConfig.getMediumSeverity()); this.setLowThreshold(thresholdConfig.getLowSeverity()); } private void initializeOsaLegacyThresholdVariables(ThresholdConfig thresholdConfig) { - this.setOsaHighThreshold(thresholdConfig.getHighSeverity()); + this.setOsaCriticalThreshold(thresholdConfig.getCriticalSeverity()); + this.setOsaHighThreshold(thresholdConfig.getHighSeverity()); this.setOsaMediumThreshold(thresholdConfig.getMediumSeverity()); this.setOsaLowThreshold(thresholdConfig.getLowSeverity()); } + @Nullable + public Integer getCriticalThreshold() { + return criticalThreshold; + } + + public void setCriticalThreshold(@Nullable Integer criticalThreshold) { + this.criticalThreshold = criticalThreshold; + } + @Nullable public Integer getHighThreshold() { return highThreshold; @@ -615,6 +651,15 @@ public void setLowThreshold(@Nullable Integer lowThreshold) { this.lowThreshold = lowThreshold; } + @Nullable + public Integer getOsaCriticalThreshold() { + return osaCriticalThreshold; + } + + public void setOsaCriticalThreshold(@Nullable Integer osaCriticalThreshold) { + this.osaCriticalThreshold = osaCriticalThreshold; + } + @Nullable public Integer getOsaHighThreshold() { return osaHighThreshold; diff --git a/src/main/java/com/checkmarx/jenkins/EnvVarAction.java b/src/main/java/com/checkmarx/jenkins/EnvVarAction.java index d4434d98..e8941ad0 100644 --- a/src/main/java/com/checkmarx/jenkins/EnvVarAction.java +++ b/src/main/java/com/checkmarx/jenkins/EnvVarAction.java @@ -26,15 +26,17 @@ private void add(String key, String val) { public void setCxSastResults(CxScanResult cxScanResult) { final String cxPrefix = "CXSAST_RESULTS_"; + add(cxPrefix + "CRITICAL", Integer.toString(cxScanResult.getCriticalCount())); add(cxPrefix + "HIGH", Integer.toString(cxScanResult.getHighCount())); add(cxPrefix + "MEDIUM", Integer.toString(cxScanResult.getMediumCount())); add(cxPrefix + "LOW", Integer.toString(cxScanResult.getLowCount())); add(cxPrefix + "INFO", Integer.toString(cxScanResult.getInfoCount())); } - public void setCxSastResults(int high, int medium, int low, int info) { + public void setCxSastResults(int critical, int high, int medium, int low, int info) { final String cxPrefix = "CXSAST_RESULTS_"; + add(cxPrefix + "CRITICAL", Integer.toString(critical)); add(cxPrefix + "HIGH", Integer.toString(high)); add(cxPrefix + "MEDIUM", Integer.toString(medium)); add(cxPrefix + "LOW", Integer.toString(low)); diff --git a/src/main/java/com/checkmarx/jenkins/RemoteScanInfo.java b/src/main/java/com/checkmarx/jenkins/RemoteScanInfo.java index 6484efa0..a9e90d38 100644 --- a/src/main/java/com/checkmarx/jenkins/RemoteScanInfo.java +++ b/src/main/java/com/checkmarx/jenkins/RemoteScanInfo.java @@ -11,6 +11,9 @@ public class RemoteScanInfo implements Serializable { private ScanResults scanResults; private String cxARMUrl; + private String version; + private String hotFix; + private String enginePackVersion; public void setScanResults(ScanResults scanResults) { this.scanResults = scanResults; @@ -27,4 +30,28 @@ public void setCxARMUrl(String cxARMUrl) { public String getCxARMUrl() { return cxARMUrl; } + + public void setVersion(String version) { + this.version = version; + } + + public String getVersion() { + return version; + } + + public void setHotFix(String hotFix) { + this.hotFix = hotFix; + } + + public String getHotFix() { + return hotFix; + } + + public void setEnginePackVersion(String enginePackVersion) { + this.enginePackVersion = enginePackVersion; + } + + public String getEnginePackVersion() { + return enginePackVersion; + } } diff --git a/src/main/java/com/checkmarx/jenkins/configascode/SastConfig.java b/src/main/java/com/checkmarx/jenkins/configascode/SastConfig.java index 50a6d866..02608a0a 100644 --- a/src/main/java/com/checkmarx/jenkins/configascode/SastConfig.java +++ b/src/main/java/com/checkmarx/jenkins/configascode/SastConfig.java @@ -22,6 +22,8 @@ public class SastConfig { @Optional private int high; @Optional + private int critical; + @Optional private boolean overrideProjectSetting; public SastConfig() { @@ -90,6 +92,14 @@ public int getHigh() { public void setHigh(int high) { this.high = high; } + + public int getCritical() { + return critical; + } + + public void setCritical(int critical) { + this.critical = critical; + } public boolean isPrivateScan() { return privateScan; diff --git a/src/main/java/com/checkmarx/jenkins/configascode/ScaConfig.java b/src/main/java/com/checkmarx/jenkins/configascode/ScaConfig.java index 655ea77a..235bbc59 100644 --- a/src/main/java/com/checkmarx/jenkins/configascode/ScaConfig.java +++ b/src/main/java/com/checkmarx/jenkins/configascode/ScaConfig.java @@ -15,6 +15,8 @@ public class ScaConfig { private int medium; @Optional private int high; + @Optional + private int critical; public ScaConfig() { } @@ -66,4 +68,12 @@ public int getHigh() { public void setHigh(int high) { this.high = high; } + + public int getCritical() { + return critical; + } + + public void setCritical(int critical) { + this.critical = critical; + } } diff --git a/src/main/java/com/checkmarx/jenkins/legacy8_7/GetOpenSourceSummaryResponse.java b/src/main/java/com/checkmarx/jenkins/legacy8_7/GetOpenSourceSummaryResponse.java index 53968a97..0be287d1 100644 --- a/src/main/java/com/checkmarx/jenkins/legacy8_7/GetOpenSourceSummaryResponse.java +++ b/src/main/java/com/checkmarx/jenkins/legacy8_7/GetOpenSourceSummaryResponse.java @@ -17,6 +17,8 @@ public class GetOpenSourceSummaryResponse { private Integer vulnerableAndOutdated; @JsonProperty("totalLibraries") private Integer total; + @JsonProperty("criticalVulnerabilityLibraries") + private Integer criticalVulnerabilityLibraries; @JsonProperty("highVulnerabilityLibraries") private Integer highVulnerabilityLibraries; @JsonProperty("mediumVulnerabilityLibraries") @@ -25,6 +27,8 @@ public class GetOpenSourceSummaryResponse { private Integer lowVulnerabilityLibraries; @JsonProperty("vulnerabilityScore") private String vulnerabilityScore; + @JsonProperty("totalCriticalVulnerabilities") + private Integer criticalVulnerabilities; @JsonProperty("totalHighVulnerabilities") private Integer highVulnerabilities; @JsonProperty("totalMediumVulnerabilities") @@ -33,6 +37,10 @@ public class GetOpenSourceSummaryResponse { private Integer lowVulnerabilities; + public int getCriticalCount() { + return criticalVulnerabilities; + } + public int getHighCount() { return highVulnerabilities; } @@ -75,6 +83,14 @@ public Integer getTotal() { public void setTotal(Integer total) { this.total = total; } + + public Integer getCriticalVulnerabilityLibraries() { + return criticalVulnerabilityLibraries; + } + + public void setCriticalVulnerabilityLibraries(Integer criticalVulnerabilityLibraries) { + this.criticalVulnerabilityLibraries = criticalVulnerabilityLibraries; + } public Integer getHighVulnerabilityLibraries() { return highVulnerabilityLibraries; @@ -97,6 +113,15 @@ public String getVulnerabilityScore() return vulnerabilityScore; } + public Integer getCriticalVulnerabilities() + { + return criticalVulnerabilities; + } + + public void setCriticalVulnerabilities(Integer criticalVulnerabilities) { + this.criticalVulnerabilities = criticalVulnerabilities; + } + public Integer getHighVulnerabilities() { return highVulnerabilities; diff --git a/src/main/java/com/checkmarx/jenkins/legacy8_7/OsaScanResult.java b/src/main/java/com/checkmarx/jenkins/legacy8_7/OsaScanResult.java index e734c067..3ac3f703 100644 --- a/src/main/java/com/checkmarx/jenkins/legacy8_7/OsaScanResult.java +++ b/src/main/java/com/checkmarx/jenkins/legacy8_7/OsaScanResult.java @@ -17,6 +17,7 @@ public class OsaScanResult { //osa results private GetOpenSourceSummaryResponse openSourceSummaryResponse; private String openSourceSummaryJson; + private Integer osaCriticalCount; private Integer osaHighCount; private Integer osaMediumCount; private Integer osaLowCount; @@ -30,6 +31,7 @@ public class OsaScanResult { private String osaFullLibraryList; private String osaFullCVEsList; + private String criticalCvesList; private String highCvesList; private String mediumCvesList; private String lowCvesList; @@ -60,10 +62,11 @@ private String formatTime(String time){ public void setOsaResults(GetOpenSourceSummaryResponse osaResults) { if(osaResults != null) { this.openSourceSummaryResponse = osaResults; + this.osaCriticalCount = osaResults.getCriticalCount(); this.osaHighCount = osaResults.getHighCount(); this.osaMediumCount = osaResults.getMediumCount(); this.osaLowCount = osaResults.getLowCount(); - this.osaTotalVulnerabilitiesLibs = osaResults.getLowVulnerabilityLibraries() + osaResults.getMediumVulnerabilityLibraries() + osaResults.getHighVulnerabilityLibraries(); + this.osaTotalVulnerabilitiesLibs = osaResults.getLowVulnerabilityLibraries() + osaResults.getMediumVulnerabilityLibraries() + osaResults.getHighVulnerabilityLibraries() + osaResults.getCriticalVulnerabilityLibraries(); this.osaVulnerableAndOutdatedLibs = osaResults.getVulnerableAndOutdated(); this.osaNoVulnerabilityLibs = osaResults.getNoKnownVulnerabilities(); this.osaScanTotalLibraries = getOsaTotalVulnerabilitiesLibs() + getOsaNoVulnerabilityLibs(); @@ -85,6 +88,14 @@ public String getOsaScanEndTime() { return osaScanEndTime; } + public int getOsaCriticalCount() { + return osaCriticalCount; + } + + public void setOsaCriticalCount(int osaCriticalCount) { + this.osaCriticalCount = osaCriticalCount; + } + public int getOsaHighCount() { return osaHighCount; } @@ -169,6 +180,14 @@ public void setOsaFullCVEsList(String osaFullCVEsList) { this.osaFullCVEsList = osaFullCVEsList; } + public String getCriticalCvesList() { + return criticalCvesList; + } + + public void setCriticalCvesList(String criticalCvesList) { + this.criticalCvesList = criticalCvesList; + } + public String getHighCvesList() { return highCvesList; } diff --git a/src/main/java/com/checkmarx/jenkins/legacy8_7/SastScanResult.java b/src/main/java/com/checkmarx/jenkins/legacy8_7/SastScanResult.java index 1efaaa05..10c3250b 100644 --- a/src/main/java/com/checkmarx/jenkins/legacy8_7/SastScanResult.java +++ b/src/main/java/com/checkmarx/jenkins/legacy8_7/SastScanResult.java @@ -11,20 +11,24 @@ */ public class SastScanResult { - private Integer highCount; + private Integer criticalCount; + private Integer highCount; private Integer mediumCount; private Integer lowCount; private Integer infoCount; + private Integer newCriticalCount; private Integer newHighCount; private Integer newMediumCount; private Integer newLowCount; + private LinkedList criticalQueryResultList; private LinkedList highQueryResultList; private LinkedList mediumQueryResultList; private LinkedList lowQueryResultList; private LinkedList infoQueryResultList; + private String criticalQueryResultsJson; private String highQueryResultsJson; private String mediumQueryResultsJson; private String lowQueryResultsJson; @@ -48,12 +52,21 @@ public class SastScanResult { private String errorMessage; public SastScanResult() { + this.criticalQueryResultList = new LinkedList<>(); this.highQueryResultList = new LinkedList<>(); this.mediumQueryResultList = new LinkedList<>(); this.lowQueryResultList = new LinkedList<>(); this.infoQueryResultList = new LinkedList<>(); this.resultDeepLink = ""; } + + public Integer getCriticalCount() { + return criticalCount; + } + + public void setCriticalCount(int criticalCount) { + this.criticalCount = criticalCount; + } public Integer getHighCount() { return highCount; @@ -87,6 +100,10 @@ public void setInfoCount(int infoCount) { this.infoCount = infoCount; } + public Integer getNewCriticalCount() { return newCriticalCount; } + + public void setNewCriticalCount(Integer newCriticalCount) { this.newCriticalCount = newCriticalCount; } + public Integer getNewHighCount() { return newHighCount; } public void setNewHighCount(Integer newHighCount) { this.newHighCount = newHighCount; } @@ -99,10 +116,14 @@ public void setInfoCount(int infoCount) { public void setNewLowCount(Integer newLowCount) { this.newLowCount = newLowCount; } + public LinkedList getCriticalQueryResultList() { + return criticalQueryResultList; + } + public LinkedList getHighQueryResultList() { return highQueryResultList; } - + public LinkedList getMediumQueryResultList() { return mediumQueryResultList; } @@ -115,6 +136,14 @@ public LinkedList getInfoQueryResultList() { return infoQueryResultList; } + public String getCriticalQueryResultsJson() { + return criticalQueryResultsJson; + } + + public void setCriticalQueryResultsJson(String criticalQueryResultsJson) { + this.criticalQueryResultsJson = criticalQueryResultsJson; + } + public String getHighQueryResultsJson() { return highQueryResultsJson; } diff --git a/src/main/java/com/checkmarx/jenkins/legacy8_7/ThresholdConfig.java b/src/main/java/com/checkmarx/jenkins/legacy8_7/ThresholdConfig.java index 3d324c0e..216edb7b 100644 --- a/src/main/java/com/checkmarx/jenkins/legacy8_7/ThresholdConfig.java +++ b/src/main/java/com/checkmarx/jenkins/legacy8_7/ThresholdConfig.java @@ -3,12 +3,20 @@ import hudson.model.Result; public class ThresholdConfig { + private Integer criticalSeverity; private Integer highSeverity; private Integer mediumSeverity; private Integer lowSeverity; private Result buildStatus; - public Integer getHighSeverity() { + public Integer getCriticalSeverity() { + return criticalSeverity; + } + public void setCriticalSeverity(Integer criticalSeverity) { + this.criticalSeverity = criticalSeverity; + } + + public Integer getHighSeverity() { return highSeverity; } public void setHighSeverity(Integer highSeverity) { diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index 5028cf8f..5f0cd8e7 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -264,7 +264,9 @@ - + + + @@ -274,6 +276,9 @@ + + + @@ -346,6 +351,9 @@ + + + @@ -355,6 +363,9 @@ + + + @@ -374,6 +385,9 @@ + + + @@ -390,6 +404,9 @@ + + + @@ -408,6 +425,9 @@ + + + @@ -424,6 +444,9 @@ + + + diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly index 64412efc..7fdd0361 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly @@ -86,6 +86,10 @@ + + + + @@ -96,6 +100,9 @@ + + + diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-criticalThreshold.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-criticalThreshold.html new file mode 100644 index 00000000..666762d4 --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-criticalThreshold.html @@ -0,0 +1,3 @@ +
+ Critical severity vulnerability threshold. If set, the threshold is crossed if number of critical severity vulnerabilities exceeds it. Applicable only if the configured SAST supports critical severity. Critical severity is not supported in SAST versions 9.6 and prior. +
\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-criticalThresholdEnforcement.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-criticalThresholdEnforcement.html new file mode 100644 index 00000000..666762d4 --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-criticalThresholdEnforcement.html @@ -0,0 +1,3 @@ +
+ Critical severity vulnerability threshold. If set, the threshold is crossed if number of critical severity vulnerabilities exceeds it. Applicable only if the configured SAST supports critical severity. Critical severity is not supported in SAST versions 9.6 and prior. +
\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-osaCriticalThreshold.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-osaCriticalThreshold.html new file mode 100644 index 00000000..8dc732c9 --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-osaCriticalThreshold.html @@ -0,0 +1,3 @@ +
+ Critical severity vulnerabilities threshold for dependency scan. If set, the threshold is crossed if number of critical severity vulnerabilities exceeds it. Applicable only if the configured dependency scanner supports critical severity. +
\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-osaCriticalThresholdEnforcement.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-osaCriticalThresholdEnforcement.html new file mode 100644 index 00000000..8dc732c9 --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-osaCriticalThresholdEnforcement.html @@ -0,0 +1,3 @@ +
+ Critical severity vulnerabilities threshold for dependency scan. If set, the threshold is crossed if number of critical severity vulnerabilities exceeds it. Applicable only if the configured dependency scanner supports critical severity. +
\ No newline at end of file