From de6842b2b22d3ef28ec003873308837c437f83d0 Mon Sep 17 00:00:00 2001 From: umeshwaghode <77615542+umeshwaghode@users.noreply.github.com> Date: Mon, 5 Dec 2022 14:33:35 +0530 Subject: [PATCH] Special characters and version (#112) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Corrected config-as-code feature. Prior version failed to parse cx.config file. • ‘overrideProjectSetting’ plugin parameter indicates whether preset, engineConfigurationId value will be saved on the SAST project. • HTTP link to OSA scan results that appear in the plugin logs are corrected • Enhanced default include/exclude pattern to exclude SCAResolver’s result files. • Introduced ‘ABORTED’ as new value for parameters jobStatusOnError, vulnerabilityThresholdResult that will stop the pipeline immediately • Fixed issue that the build was not marked failed for SCA Policy violations. • Upgraded below libraries: --- build.gradle | 16 +++- gradle.properties | 2 +- sample/cx.config | 21 +++++ .../jenkins/CxConnectionDetails.java | 12 +-- .../com/checkmarx/jenkins/CxScanBuilder.java | 85 ++++++++++++++---- .../jenkins/JobGlobalStatusOnError.java | 2 +- .../checkmarx/jenkins/JobStatusOnError.java | 2 +- .../jenkins/configascode/ConfigAsCode.java | 6 +- .../jenkins/configascode/ProjectConfig.java | 29 ++++++ .../jenkins/configascode/SastConfig.java | 11 ++- .../jenkins/CxScanBuilder/config.jelly | 3 +- .../CxScanBuilder/help-configAsCode.html | 3 + .../help-overrideProjectSetting.html | 3 + .../com/checkmarx/jenkins/cxconfig.xml | 2 +- src/main/webapp/CxIcon24x24.png | Bin 1445 -> 1056 bytes src/main/webapp/CxIcon48x48.png | Bin 3593 -> 2885 bytes 16 files changed, 159 insertions(+), 38 deletions(-) create mode 100644 sample/cx.config create mode 100644 src/main/java/com/checkmarx/jenkins/configascode/ProjectConfig.java create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-configAsCode.html create mode 100644 src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-overrideProjectSetting.html diff --git a/build.gradle b/build.gradle index 0815bb55..66e8cb7a 100644 --- a/build.gradle +++ b/build.gradle @@ -53,16 +53,24 @@ dependencies { exclude group: 'org.apache.logging.log4j', module: 'log4j-core' } - compile 'com.checkmarx:cx-client-common:2022.3.16', - 'com.fasterxml.jackson.core:jackson-core:2.11.3', + compile ('com.checkmarx:cx-client-common:2022.4.3') { + exclude group: 'org.apache.commons', module: 'commons-compress' + exclude group: 'org.yaml' , module: 'snakeyaml' + exclude group: 'com.google.code.gson', module: 'gson' + } + + compile 'com.fasterxml.jackson.core:jackson-core:2.11.3', 'com.fasterxml.jackson.core:jackson-annotations:2.11.3', - 'com.fasterxml.jackson.core:jackson-databind:2.11.3', + 'com.fasterxml.jackson.core:jackson-databind:2.14.1', 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.11.3', 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.5', 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.5', 'org.apache.logging.log4j:log4j-slf4j-impl:2.17.1', 'org.apache.logging.log4j:log4j-api:2.17.1', - 'org.apache.logging.log4j:log4j-core:2.17.1' + 'org.apache.logging.log4j:log4j-core:2.17.1', + 'org.apache.commons:commons-compress:1.22', + 'com.google.code.gson:gson:2.8.9', + 'org.yaml:snakeyaml:1.33' constraints { implementation('io.vertx:vertx-web:3.9.7') { because 'previous versions have a bug impacting this application' diff --git a/gradle.properties b/gradle.properties index 9c2029a9..604c6b93 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2022.3.3 +version = 2022.4.3 repositoryVersion= diff --git a/sample/cx.config b/sample/cx.config new file mode 100644 index 00000000..5d9dc7d9 --- /dev/null +++ b/sample/cx.config @@ -0,0 +1,21 @@ +project: + fullPath: "Testcac02" + origin: "jenkins" +sast: + engineConfiguration: "Korean" + excludeFolders: \"_cvs, .svn, .hg, .git, .bzr, bin, obj, backup, node_modules\" + includeExcludePattern: \"!**/.cxsca-results.json, !**/.cxsca-sast-results.json, !.checkmarx/cx.config,!**/*.DS_Store, !**/*.ipr, !**/*.iws, !**/*.TEST_SOMETHING, !**/*.bak, !**/*.tmp, !**/*.aac, !**/*.aif, !**/*.iff, !**/*.m3u, !**/*.mid, !**/*.mp3, !**/*.mpa, !**/*.ra, !**/*.wav, !**/*.wma, !**/*.3g2, !**/*.3gp, !**/*.asf, !**/*.asx, !**/*.avi, !**/*.flv, !**/*.mov, !**/*.mp4, !**/*.mpg, !**/*.rm, !**/*.swf, !**/*.vob, !**/*.wmv, !**/*.bmp, !**/*.gif, !**/*.jpg, !**/*.png, !**/*.psd, !**/*.tif, !**/*.jar, !**/*.zip, !**/*.rar, !**/*.exe, !**/*.dll, !**/*.pdb, !**/*.7z, !**/*.gz, !**/*.tar.gz, !**/*.tar, !**/*.ahtm, !**/*.ahtml, !**/*.fhtml, !**/*.hdm, !**/*.hdml, !**/*.hsql, !**/*.ht, !**/*.hta, !**/*.htc, !**/*.htd, !**/*.htmls, !**/*.ihtml, !**/*.mht, !**/*.mhtm, !**/*.mhtml, !**/*.ssi, !**/*.stm, !**/*.stml, !**/*.ttml, !**/*.txn, !**/*.class, !**/*.iml, !**/Checkmarx/Reports/*.*\" + high: 3 + medium: 1 + low: 2 + incremental: false + preset: "All" + privateScan: false + overrideProjectSetting: false +sca: + fileInclude: \"*.dll\" + fileExclude: \"nothing*.jar\" + pathExclude: \"!**/*.DS_Store, !**/*.ipr, !**/*.iws, !**/*.TEST_SOMETHING, !**/*.bak, !**/*.tmp, !**/*.aac, !**/*.aif, !**/*.iff, !**/*.m3u, !**/*.mid, !**/*.mp3, !**/*.mpa, !**/*.ra, !**/*.wav, !**/*.wma, !**/*.3g2, !**/*.3gp, !**/*.asf, !**/*.asx, !**/*.avi, !**/*.flv, !**/*.mov, !**/*.mp4, !**/*.mpg, !**/*.rm, !**/*.swf, !**/*.vob, !**/*.wmv, !**/*.bmp, !**/*.gif, !**/*.jpg, !**/*.png, !**/*.psd, !**/*.tif, !**/*.jar, !**/*.zip, !**/*.rar, !**/*.exe, !**/*.dll, !**/*.pdb, !**/*.7z, !**/*.gz, !**/*.tar.gz, !**/*.tar, !**/*.ahtm, !**/*.ahtml, !**/*.fhtml, !**/*.hdm, !**/*.hdml, !**/*.hsql, !**/*.ht, !**/*.hta, !**/*.htc, !**/*.htd, !**/*.htmls, !**/*.ihtml, !**/*.mht, !**/*.mhtm, !**/*.mhtml, !**/*.ssi, !**/*.stm, !**/*.stml, !**/*.ttml, !**/*.txn, !**/*.class, !**/*.iml, !**/Checkmarx/Reports/*.*\" + high: 3 + medium: 3 + low: 3 \ No newline at end of file diff --git a/src/main/java/com/checkmarx/jenkins/CxConnectionDetails.java b/src/main/java/com/checkmarx/jenkins/CxConnectionDetails.java index 54dd0a65..4b9e6513 100644 --- a/src/main/java/com/checkmarx/jenkins/CxConnectionDetails.java +++ b/src/main/java/com/checkmarx/jenkins/CxConnectionDetails.java @@ -21,8 +21,8 @@ public class CxConnectionDetails { private String serverUrl; private String username; private String encryptedPassword; - private Boolean isProxy; - private Boolean isScaProxy; + private boolean isProxy; + private boolean isScaProxy; public String getServerUrl() { return serverUrl; @@ -48,18 +48,18 @@ public void setPassword(String encryptedPassword) { this.encryptedPassword = encryptedPassword; } - public Boolean isProxy() { + public boolean isProxy() { return isProxy; } - public void setProxy(Boolean proxy) { + public void setProxy(boolean proxy) { isProxy = proxy; } - public Boolean isScaProxy() { + public boolean isScaProxy() { return isScaProxy; } - public void setScaProxy(Boolean scaProxy) { + public void setScaProxy(boolean scaProxy) { isScaProxy = scaProxy; } diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index 17ed3212..91414ee7 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -4,6 +4,7 @@ import com.checkmarx.configprovider.dto.ResourceType; import com.checkmarx.configprovider.dto.interfaces.ConfigReader; import com.checkmarx.jenkins.configascode.ConfigAsCode; +import com.checkmarx.jenkins.configascode.ProjectConfig; import com.checkmarx.jenkins.configascode.SastConfig; import com.checkmarx.jenkins.configascode.ScaConfig; import com.checkmarx.jenkins.exception.CxCredException; @@ -99,6 +100,8 @@ public class CxScanBuilder extends Builder implements SimpleBuildStep { // Persistent plugin configuration parameters ////////////////////////////////////////////////////////////////////////////////////// private boolean useOwnServerCredentials; + + private boolean overrideProjectSetting; private boolean configAsCode; @Nullable @@ -318,8 +321,17 @@ public boolean isConfigAsCode() { public void setConfigAsCode(boolean configAsCode) { this.configAsCode = configAsCode; } + + public boolean isOverrideProjectSetting() { + return overrideProjectSetting; + } - @Nullable + @DataBoundSetter + public void setOverrideProjectSetting(boolean overrideProjectSetting) { + this.overrideProjectSetting = overrideProjectSetting; + } + + @Nullable public String getServerUrl() { return serverUrl; } @@ -905,7 +917,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul try { overrideConfigAsCode(config, workspace); } catch (ConfigurationException e) { - log.warn("couldn't load config file", e.getMessage()); + log.warn("couldn't load config file: " + e.getMessage(), e); } } @@ -916,7 +928,7 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul //validate at least one scan type is enabled if (!config.isSastEnabled() && !config.isAstScaEnabled() && !config.isOsaEnabled()) { log.error("Both SAST and dependency scan are disabled. Exiting."); - run.setResult(Result.FAILURE); + run.setResult(Result.FAILURE); return; } @@ -1030,8 +1042,7 @@ private ConfigAsCode getConfigAsCode(ConfigReader reader) throws ConfigurationEx if (configProvider.hasConfiguration(CX_ORIGIN, "project")) configAsCodeFromFile.setProject( - configProvider.getStringConfiguration(CX_ORIGIN, "project") - ); + configProvider.getConfiguration(CX_ORIGIN, "project",ProjectConfig.class)); if (configProvider.hasConfiguration(CX_ORIGIN, "team")) configAsCodeFromFile.setTeam( @@ -1052,14 +1063,14 @@ private void overrideConfigAsCode(ConfigAsCode configAsCodeFromFile, CxScanConfi //map global Optional.ofNullable(configAsCodeFromFile).ifPresent(cac -> { - if (StringUtils.isNotEmpty(cac.getProject())) { - scanConfig.setProjectName(cac.getProject()); - overridesResults.put("Project Name:", String.valueOf(cac.getProject())); + if (StringUtils.isNotEmpty(cac.getProject().getFullPath())) { + scanConfig.setProjectName(cac.getProject().getFullPath()); + overridesResults.put("Project Name:", String.valueOf(cac.getProject().getFullPath())); } if (StringUtils.isNotEmpty(cac.getTeam())) { scanConfig.setTeamPath(cac.getTeam()); - overridesResults.put("Project Name:", String.valueOf(cac.getTeam())); + overridesResults.put("Team Name:", String.valueOf(cac.getTeam())); } }); @@ -1067,7 +1078,7 @@ private void overrideConfigAsCode(ConfigAsCode configAsCodeFromFile, CxScanConfi mapScaConfiguration(Optional.ofNullable(configAsCodeFromFile.getSca()), scanConfig, overridesResults); if (!overridesResults.isEmpty()) { - log.info("the following fields was overrides using config as code file : "); + log.info("The following fields are overridden using config as code file : "); overridesResults.keySet().forEach(key -> log.info(String.format("%s = %s", key, overridesResults.get(key)))); } } @@ -1156,6 +1167,12 @@ private void mapSastConfiguration(Optional sast, CxScanConfig scanCo scanConfig.setIncremental(pValue); overridesResults.put("Is Incremental", String.valueOf(pValue)); }); + + sast.map(SastConfig::isOverrideProjectSetting) + .ifPresent(pValue -> { + scanConfig.setIsOverrideProjectSetting(pValue); + overridesResults.put("Is OverrideProjectSetting", String.valueOf(pValue)); + }); sast.map(SastConfig::isPrivateScan) .ifPresent(pValue -> { @@ -1190,8 +1207,10 @@ private void mapSastConfiguration(Optional sast, CxScanConfig scanCo .filter(StringUtils::isNotBlank) .ifPresent(pValue -> { scanConfig.setPresetName(pValue); + scanConfig.setPresetId(null); overridesResults.put("Preset", pValue); }); + sast.map(SastConfig::getExcludeFolders) .filter(StringUtils::isNotBlank) @@ -1313,6 +1332,8 @@ private Boolean verifyCustomCharacters(String inputString) { } private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descriptor, EnvVars env, CxLoggerAdapter log) throws IOException { CxScanConfig ret = new CxScanConfig(); + + ret.setIsOverrideProjectSetting(overrideProjectSetting); if (isIncremental() && isForceScan()) { throw new IOException("Force scan and incremental scan can not be configured in pair for SAST. Configure either Incremental or Force scan option"); @@ -1411,6 +1432,7 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript ret.setSastEnabled(this.sastEnabled == null || sastEnabled); //for backward compatibility, assuming if sastEnabled is not set, then sast is enabled if (ret.isSastEnabled()) { + int presetId = parseInt(preset, log, "Invalid presetId: [%s]. Using default preset.", 0); ret.setPresetId(presetId); @@ -1724,6 +1746,7 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { log.info("post scan action: " + config.getPostScanActionId()); log.info("is force scan: " + config.getForceScan()); log.info("scan level custom fields: " + config.getCustomFields()); + log.info("overrideProjectSetting value: " + overrideProjectSetting); ScannerType scannerType = getDependencyScannerType(config); String dependencyScannerType = scannerType != null ? scannerType.getDisplayName() : "NONE"; @@ -1855,7 +1878,7 @@ private void writeJsonObjectToFile(Object jsonObj, File to, String description) } } - private void failTheBuild(Run run, CxScanConfig config, ScanResults ret) { + private void failTheBuild(Run run, CxScanConfig config, ScanResults ret) throws AbortException { //assert if expected exception is thrown OR when vulnerabilities under threshold OR when policy violated ScanSummary scanSummary = new ScanSummary(config, ret.getSastResults(), ret.getOsaResults(), ret.getScaResults()); if (scanSummary.hasErrors() || ret.getGeneralException() != null || @@ -1863,15 +1886,27 @@ private void failTheBuild(Run run, CxScanConfig config, ScanResults ret) { (ret.getOsaResults() != null && ret.getOsaResults().getException() != null) || (ret.getScaResults() != null && ret.getScaResults().getException() != null)) { printBuildFailure(scanSummary.toString(), ret, log); - if (resolvedVulnerabilityThresholdResult != null) { - run.setResult(resolvedVulnerabilityThresholdResult); - } + + String statusToReturn = ""; + String msgPrefix = ""; + if (!scanSummary.getThresholdErrors().isEmpty() || (config.getSastNewResultsThresholdEnabled() && scanSummary.isSastThresholdForNewResultsExceeded() ) ) { + resolvedVulnerabilityThresholdResult = resolvedVulnerabilityThresholdResult == null? + Result.fromString(JobStatusOnError.FAILURE.toString()): resolvedVulnerabilityThresholdResult; + run.setResult(resolvedVulnerabilityThresholdResult); + statusToReturn = resolvedVulnerabilityThresholdResult.toString(); + msgPrefix = "Threshold exceeded."; + }else { + msgPrefix = "Scan error occurred."; + statusToReturn = getReturnStatusOnError(getDescriptor()); + run.setResult(Result.fromString(statusToReturn)); + } + + if(JobStatusOnError.ABORTED.toString().equalsIgnoreCase(statusToReturn)) { + String msg = msgPrefix + "Job is configured to return ABORTED and stop the build/pipeline."; + log.warn(msg); + throw new AbortException(msg); + } - if (useUnstableOnError(getDescriptor())) { - run.setResult(Result.UNSTABLE); - } else { - run.setResult(Result.FAILURE); - } } } @@ -1971,6 +2006,18 @@ private boolean useUnstableOnError(final DescriptorImpl descriptor) { || (JobStatusOnError.GLOBAL.equals(getJobStatusOnError()) && JobGlobalStatusOnError.UNSTABLE.equals(descriptor .getJobGlobalStatusOnError())); } + + private String getReturnStatusOnError(final DescriptorImpl descriptor) { + + String status = JobStatusOnError.FAILURE.toString(); + + if (JobStatusOnError.GLOBAL.equals(getJobStatusOnError())) + status = descriptor.getJobGlobalStatusOnError().toString(); + else + status = getJobStatusOnError().toString(); + + return status; + } /** * Checks if job should fail with UNSTABLE status instead of FAILED diff --git a/src/main/java/com/checkmarx/jenkins/JobGlobalStatusOnError.java b/src/main/java/com/checkmarx/jenkins/JobGlobalStatusOnError.java index 423fe053..460addb9 100644 --- a/src/main/java/com/checkmarx/jenkins/JobGlobalStatusOnError.java +++ b/src/main/java/com/checkmarx/jenkins/JobGlobalStatusOnError.java @@ -2,7 +2,7 @@ public enum JobGlobalStatusOnError { - FAILURE("Failure"), UNSTABLE("Unstable"); + FAILURE("Failure"), UNSTABLE("Unstable"), ABORTED("ABORTED"); private final String displayName; diff --git a/src/main/java/com/checkmarx/jenkins/JobStatusOnError.java b/src/main/java/com/checkmarx/jenkins/JobStatusOnError.java index ca4f6a71..275afd62 100644 --- a/src/main/java/com/checkmarx/jenkins/JobStatusOnError.java +++ b/src/main/java/com/checkmarx/jenkins/JobStatusOnError.java @@ -1,7 +1,7 @@ package com.checkmarx.jenkins; public enum JobStatusOnError { - GLOBAL("Use Global Settings"), FAILURE("Failure"), UNSTABLE("Unstable"); + GLOBAL("Use Global Settings"), FAILURE("Failure"), UNSTABLE("Unstable"), ABORTED("ABORTED"); private final String displayName; diff --git a/src/main/java/com/checkmarx/jenkins/configascode/ConfigAsCode.java b/src/main/java/com/checkmarx/jenkins/configascode/ConfigAsCode.java index cd188d7a..c77d351e 100644 --- a/src/main/java/com/checkmarx/jenkins/configascode/ConfigAsCode.java +++ b/src/main/java/com/checkmarx/jenkins/configascode/ConfigAsCode.java @@ -4,7 +4,7 @@ public class ConfigAsCode { @Optional - private String project; + private ProjectConfig project; @Optional private String team; @Optional @@ -31,11 +31,11 @@ public void setSast(SastConfig sast) { this.sast = sast; } - public String getProject() { + public ProjectConfig getProject() { return project; } - public void setProject(String project) { + public void setProject(ProjectConfig project) { this.project = project; } diff --git a/src/main/java/com/checkmarx/jenkins/configascode/ProjectConfig.java b/src/main/java/com/checkmarx/jenkins/configascode/ProjectConfig.java new file mode 100644 index 00000000..7113d31e --- /dev/null +++ b/src/main/java/com/checkmarx/jenkins/configascode/ProjectConfig.java @@ -0,0 +1,29 @@ +package com.checkmarx.jenkins.configascode; + +import com.typesafe.config.Optional; + +public class ProjectConfig { + @Optional + private String fullPath; + @Optional + private String origin; + + public ProjectConfig() { + } + + public String getOrigin() { + return origin; + } + + public void setOrigin(String origin) { + this.origin = origin; + } + + public String getFullPath() { + return fullPath; + } + + public void setFullPath(String fullPath) { + this.fullPath = fullPath; + } +} diff --git a/src/main/java/com/checkmarx/jenkins/configascode/SastConfig.java b/src/main/java/com/checkmarx/jenkins/configascode/SastConfig.java index 1defa9b9..50a6d866 100644 --- a/src/main/java/com/checkmarx/jenkins/configascode/SastConfig.java +++ b/src/main/java/com/checkmarx/jenkins/configascode/SastConfig.java @@ -21,7 +21,8 @@ public class SastConfig { private int medium; @Optional private int high; - + @Optional + private boolean overrideProjectSetting; public SastConfig() { } @@ -97,4 +98,12 @@ public boolean isPrivateScan() { public void setPrivateScan(boolean privateScan) { this.privateScan = privateScan; } + + public boolean isOverrideProjectSetting() { + return overrideProjectSetting; + } + + public void setOverrideProjectSetting(boolean isOverrideProjectSetting) { + this.overrideProjectSetting = isOverrideProjectSetting; + } } diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index e4ff382b..3514ccc1 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -47,7 +47,7 @@
The following fields will be overriding by config file values if exists (project name ,team name ,sast scan settings and sca scan settings.).
 - + @@ -125,6 +125,7 @@ + diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-configAsCode.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-configAsCode.html new file mode 100644 index 00000000..42c584fa --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-configAsCode.html @@ -0,0 +1,3 @@ +
+ Create cx.config config-as-code input file at the root of the repo in '.checkmarx' folder. For example .checkmarx/cx.config +
\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-overrideProjectSetting.html b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-overrideProjectSetting.html new file mode 100644 index 00000000..c154268f --- /dev/null +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/help-overrideProjectSetting.html @@ -0,0 +1,3 @@ +
+ When selected, preset & engine configuration value selected in the pipeline will be saved on the CxSAST project. +
\ No newline at end of file diff --git a/src/main/resources/com/checkmarx/jenkins/cxconfig.xml b/src/main/resources/com/checkmarx/jenkins/cxconfig.xml index 04cc81dd..d001def1 100644 --- a/src/main/resources/com/checkmarx/jenkins/cxconfig.xml +++ b/src/main/resources/com/checkmarx/jenkins/cxconfig.xml @@ -14,7 +14,7 @@ !**/*.htmls, !**/*.ihtml, !**/*.mht, !**/*.mhtm, !**/*.mhtml, !**/*.ssi, !**/*.stm, !**/*.bin,!**/*.lock,!**/*.svg,!**/*.obj, !**/*.stml, !**/*.ttml, !**/*.txn, !**/*.xhtm, !**/*.xhtml, !**/*.class, !**/*.iml, !Checkmarx/Reports/*.*, - !OSADependencies.json, !**/node_modules/**/* + !OSADependencies.json, !**/node_modules/**/*, !**/.cxsca-results.json, !**/.cxsca-sast-results.json, !.checkmarx/cx.config *.zip, *.war, *.ear, *.tgz https://api-sca.checkmarx.net https://platform.checkmarx.net diff --git a/src/main/webapp/CxIcon24x24.png b/src/main/webapp/CxIcon24x24.png index 030caafa652d33b2dd6f42e73e0095c74b46a32b..cef8b1af8ab89a1e18bcfa0e99a3d4bd3371d46d 100644 GIT binary patch delta 1036 zcmV+n1oQi)3!n&)BYyw^b5ch_0Itp)=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGq zB>(^xB>_oNB=7(L1GPy+K~zXftyBq9T2~b2*R~N^WD`@JD99@CtgRZ!q%}+JWD;YV zrKw5N7;RP53Zk-U@UbW^Bm@l0~^ zmXUHlL|oN(CQd6NHzC^Y{Qm~kN(H-je?n5-2R{?`;HF9Qf=nWt}_A@@c zTST>5Wr59N|9{~mk{ai^_@>-~Smyxp;VpJ9$@wGLCbtCr-kz=>=|`{FK{H4{eM^}; zuquj26;{M<45AR*5gB9$QOirTjI~3Cykx_$0Xwt!x zH!Pcg7!Yjjr6xI$kMJU`hNI;Gq9hn-HL|+LDVd$YF?I(U;e3j+)Zq7RR)l0G_-KYB zax?hOZ*Y=25E(#jeG^;MuaK;li6>MJq^QJ|lcLC|$G^t($QQ(xo@0|Bn6RdqZ=sya zqrh*|nSTpmN-{w-d?plGyGLJUn4D=2!CMJ1|j)!UQ zgVHz!9hr1-Ui?XkT!wRla=C)XuM_C#51@_26{g?W{>K+*m#tW;VBmfj?JhqQy)#f- zJ%7-1e!Q9AW#<=x8RYV(xIMu`KM;n3#O3B$=tz9%!6r(lwbwP1Euz;Qgxa~nI7-1} zAcRM+l9XWMS6FhCFQb1f3N4AtC_rZMK*a@M9gQG+ToP$D#8NqQ4u_zmatT}^M*r;w zzJJP7G8K_kgXHDhK6E$ZklL2mQgG|&a(_pVN*6>*Jytglp`py>eO|QM7HKU(Hxz}R zzJCtMlj&V(-P^ckUxth_*9>hS6l?r&{S(u^k5H4S)Zs^q-3#qV0!zWHcv^#GKSOoB z7l-;*3Yw8Ec!JH1pMaO1k5CQs(72OuKiff}_<4zdzX3EO39R0+RIUI3002ovP6b4+ GLSTZd_2u*c delta 1428 zcmV;F1#9}C2&D^KNklt&_G&6txXX z9|A$DY9v%aB|uOFq^J+=L+Lv&AW?!+glOM*fuKBq5Dh}&0jZ#XxU`}bRk^f56}hOX zb8Q^g_w{dxoGsC^FQZ*&dABLvmg)^x__R}7g3%74hc*E9zf`s z_LgC+O15`YDH$a5*yT-KTI<}NJGSqMKhEBN;%8tOn4CO23qUvWN{BqZ1t=iep9h!w zj$|H2Qhs*a}29WRnVV0o07U2;i{kQvwG8jAe z{llz)MhauqfPXcHnb9LSbA&hM{z4^LSUocRiGz^bcGmK33y+9w0}i~FUEc3}Fm*jP z?OYkFInp6vqS58BzmHchUKn|`^Wz^itL`iE!#~Y-3{;REAi^sG*QIwRvV+xtp%GAp zdTR96Vz++rz5L1X+AuTws+!ii(r$Iv8>x)Bpj0CLcz^f6UogUV(h`)MpbE}_kB}8g zlwP)-g=$F{t6Tp1?=EM~UOz8c>xGGlAvykq84e$6)Z4A%fQ!2AxdDyJ56X$KnJedS zc)A`c2~3Y!_A~_34^cZ;F3$)4e$lg>Sw4Aen$}W_t5??e&F^n9^^ug3n(Me-iHy!L z9F@(t=YKpmmjdNPhzfHHf%~T%lTBfMMY*{YS#3vrgnHFJKRz-1z46I9>2QT>b1Td* zcIQXx$@?yxgMkN}6`ME#co{f+=NtSMxC*_B-)SOHc%JuxlZ97uuOuigC|fy*0h~o@ z!+(agOkWhkr!?qeTh#^+^v7=S^P8D|Ev<0w;B-PnSZqbsy~#4_wJaQ% zws;@LR$K9G2y#z|vNtdEm#Z6o>W&-;P%gW+IK%Y|i`=-f&g8yvlGOb)MvWTzG;ltu zo-jaKQl^>~?<4DNZ5Sh%ek+M8tZ#$|w^U?}P;{eRUD<4|tz>H#{&O3n&}p_w+) zoEDMOf>Jh6DM4Bh1SJoaQdvrQ9?*Wzi4kI8ZJU7=)Cljq`N6LWuTQ4cWWL`;W9)hr zR1;@{b0UcovBnS;^%2dz-s4n%9u*V_9!iO{M@LKNT!_3Y!UI}FhH53!YI1bp((-%F zJ?W~kqN)HM+!dYd(AG{mUEwu-0Hk@2=r0_J33e`lY;x z?-oHh`0x}T-QOhdc(P7`nBK>ux&vIdfw$@?@J@_8YD?x9np$!L^7x5|nSOAT#`F-~ zEYR)vk5?-0sCCl3eQli^msdz@B`Rrxvw}?wNn&w{;H;38EY8ZJvGP`>YTv5W6E6L0 ikvD#KgVjsx{10rAxyjHprVT~_0000Px#1ZP1_K>z@;j|==^1poj532;bRa{vGq zB>(^xB>_oNB=7(L3ff6TK~!i%%~%Il8&?zM*M2cYfDp~?1JS{BH?VQyxW;zkn&1=1 zCbluyfzU(|MO{b;gXqQ7n>%lJ<)s<0@i`1<^j52VZ|2m+|&l@k}rht z{pavjUWc#l7tH+Qz{bj|`u+G4pa}TsmM(+ z&7fuDI+!wY-^;uYmj8rB->90qB?9Z~>sXyzz}nKXe&;*N#)cYJX67(jcMk!kL=SU& zx11O7GWxBh2v*;q=Ob#aI9(Cg;KiKNjmbx^5U#(E$c-nMYVJ^El!&K}G8#Jg)rBR5 zZ#+gY?SGsC-hF}uwt<(FaY)(_eE9M&_!OB?a}7LkGR(GiA$axzA1Z^FVf3Yz!Ouk_ zKR(3j)Qoy?bK__T7-_S%{0U=se@7s#483}Kn1LJh-oef6C!X;ePqCt7QDP8S@&qxO za}gfd`TAsI4B0C1@#ZtEA5}`}M%PzY5&7+fa(|edsshvuUMWfS#pfwUj@^2SwfRLg zcT=Kg%7(bm?PqFZ7GoxcM@ex_`dI`r4YB`z2d(bDaYSW>#W= z4U^h5#)7)4@4PR4iI@G!Y`;sNdN`SF?|*~;bPa|Q3zf6Bm&3+havz zzv2g~B@Xr09d1u5@1Ybd&I`Wl#!81~AjEXbs7-DC6p5P01Mw;Kn zac-_1`2R&jTRRVxsOlV8nVm=Emqxgm>wU7Zc8P?cJ|5$tnw#qMRI&#N1N{834}U?D zc3BEl&Kqs9rnHr4=SvE~=htDjXHd;KjKmoLq_jzO@MV;<2NzF$1|3rs897wS5N`O5 z2i?4y%Q$PJA$r&s{2>I28@R{V-)vutD$$Vr7bvR7+<+-H4-orlBq zBE2}hvy+HcUghW?yW5CW9!MgpK7X6WrO`3fvv?V?F7dQ^4RHkboE(~=%Ac|1)%u#R zkytNe7#5kAoXx+ij639@F&ozbNS*dsS*QPa&CXye_+=jVqfE0PNy=RFe21hb=L`7J z+FMv2)%qHha(krXmt;#bXAa$h%Z~uPBgeQpElnUq<-3#j-Rb8r^{!K&#edE+I)hN% zeZ4u`=6PzbM33h{_{sye&{2JsPT(tKD}imYG(O2(|5Y_xy(e~p(aJ09HebA_+Z4vSW4qy_VL2hYb{ze7b>E#; z37`Ek23c*i3Z_*Xxt0>#$A7d5q?N0+R$`m~+rW!_F#?9HbE8HZS)q6u%SowfcZ>i5 zvJD;}i9z{IB4v6Vl;>1m!xAlh&FX^QlpO(hk^KqicEn(`xgDO9RdDOAhk(;mzup2| z?%B20z{bt~v)=VG*MB$#=MSf;#(!w&DGYKPK5?4o zN*SUrTGTnCia9CQL~HQ}RUj2;dlRoUwSVRiyskF;Yvfk6p{Y55)m5!EKB~=Y$iY*H5*nMsmD~L|d#)4d zd4DVK+X&i50%|1abQ!5?%z4Quy~F9!c077Mg1LF^&FUyge3^jB&Y&xbsvmoCvaADX z^sHH}_P>#qC*$_}GLmH8Tbw!9g| zx8@TR0a^3jC{0u2TVxb}z^U?oVJm7yDhXMIkoxU4Y@A~&XvXRCZq(f#L?AS$tu24w z$YNIl#+oZDYxw&^2st%9NM{;Y3*I6%pP=$(Y*wR{DI&xk{NX`ccLddpQdW5|p3Kc=B!4Qe^{a>)@+~BG5HQwSSX{xw7e1V+FhN z+EUm5Yh!a zH>D!L2!A9O(zvb`8n=}@P}DGl5x>3}O^X=U@{-f|CKPjo%rmbePEaH5WL5X$`V%jr z)B4-pAtIq7u*rAYw%!TkUm1p#Ii18xV&TF`G%RX~>3gKIlH}G8q0{+!6YeF;pH^}I z&j2!O1{F}5ze9`PBdPE`GOL}qbk75SSaZrjg?|J#@veIUXX;%@p=T|{{~&3b$~{X7 zwX_3S=bd=dA+LejzfJb?mEpws#Z_E;>_bM)5R$oua!71#agcGZ4e8Z`sJP`qDDpWi z_mj8)AI`hxMhZ8ig{3m7q#cP|Of-o(nxsbFCwN=!5T3mWW9@*=nUM+~r`S1@>;2W-*$ck zcVCR+6VHajhylPCo=3^gE~HisC`ToV9Rd~=0^0X>Br}Ecuesn2X>V=&?T5IAC-i=e z6Y-^;NT8P!Sij?SmFvWFY#lDRapiGPrGJCSVK$jr`rUKLX>h|rkcnk`UO@UqKQWLIO|Ic%G8+JY?d_x{y#V*BwZ%9Y)1nKgK4HrV(p( zOd+ezMSDGpgxFI~(;b*p;lLS^>}N$3*_S}CdmfqfJ|wWN$Ll0c2obgemRdLRu77(O zesit=HUcvLW%~ruF1l&Mp+}tH#Wt_gE(LJ$VE~Jt^!8hQ?k#a^Ya6)#dK|VZVZ>Js z5_}JSpcj%adXe*U2o9J2AA}G dZnyUr;6EnZ159$BqsRaN002ovPDHLkV1n?hk3IkZ literal 3593 zcmV+k4)*bhP)gS;v20Rd=7;oVo4H?s{kMzF@p0CK1F@9DxE3iEvPY5@8;a*bZz2ig*YDzZfMz zq&z@CenAEsffGbxl8`76AzP4O3u6>-Y{i!2Tx_qiUhnSA?9A-U&N*`~-BlkC)qSSV znKSmak8-uYXEN%^03z6javi&|XU`qGagn6+I z>#lc%%|0{|s78=^P#}(=7K4bg-icUhP0ud3+Hd{w^24{Uv>$!fOnvtGiOTV_uSoy` zndeJhxm$$h0F(rv1-Rng6z@jION12Tv4v_3JqMdTXjTGn=Rq}qpRNmsXR6FKW^uZo z)E(gb<#R`$U-`zzD$(WcRg*XW_pSsG^#3v7R|g=a1ilPfhR01V1+&XH<*`Zx-a|JF zMC9s<2fU9kGQs}lJo_i-iR>ixWFOshnjbEG^Oj0X zN;)mO+?Smu?3`B^dYl9sSnt404V>37CKi!|zDt;&*h4L@vfA#_tR$SdbR&h`hhCshw?vEqLX^@09 zf}$V_D5>wT*;}M)Yh+$YT^s09vCvJM2{rkHO3WWc1aDoakMOByhOgRCjQ5 z8Rg3ei-pzKH@j%I?DtsB?w}95Ds+U!3-22h-^7~>>k)TFrSCwba zWDoZ)t$tB`5L0s^((A98@VDM_mF$~MWNp2Vh~PXwXB2+k6I_^ZaB)-l*3&(fSNdqL z2kJ+RMydsf~N`H(#i1J)9lzNzmq1%Vki;nfSr_&3o zRAOPeF6^5&?4L1Y4!Zqq%Tf)5R}(=LHap5smK{qQp2c;g+c)exIEet2TJ-Lu8qwM8 zk@hm8*l^&gI;UUW;zy_3{`#vMrrpjqB4h9cXenVY3^Tu`IU!UMVPng4>V=F}M~N&% zHcVP?dtOp8um^ZG9SK8VrX@h(~F*q8=jR-)@@kJ8uARU+o{Ur_xRRWRfq~`TC0Ch2)@lu$Uh=d$ z%2ZuOJeN?fK<40u3y!lZp2Ks7tFN+nRW7V~&aZjaT8e6rShKb*ZdKl{PCpNNop-sK zRU;OznTOND=31L5wxWRdT=wukkt!&Xdj-v5u;Z!(E?vCrSz32Y)P}&<@@q$PTbQg1 znSS8qz!%(enJ0=ZQ4%xR zjLqJ;O4jZB&!|G=OPn5Z%v#<^Ng`o+!?S$JQA-3>-T@4yw!p1kNWsSP{BTIJQt{ekM8DZf7eB7}b#44!O}GsRYSbBec7aW?%&ieC1X4{04CB z)j$D%3_SE&;34p{pL%Ll%gQy{e388;lOe&NXe%I~&1e&8j|0660bDFRpKq0{q)x*fcNZLbC%9C`O4 z;QPQWR}4OHs(ROS)7~y-IA=2hBOMco%c^7qY86uu^z;?(dmHeP{QfTqYS(<7*e?LL zh{&I(nd1HMsm~PNW>oLX#JHT~iMkY`dk%Q?3IW^?d=L2K>jVzLmQDcQ>ZOYFiZz1s zL8VhSMup1Y%WBlmlt$Iis9VGsqS*X~i1bxo6#zg5xbY2uze|J5nl+)*SDYJjgoU6&19D*4N6GMWrch4|lXb&JD;s2?gvk3cuM09*EI)lX#yMrH=ZP)vbjq)(GUYu_MuvYB*is7e)&04vP3JMNC%1KG&?qC2nHN=#&wjin8|hC@fGoysx{ijH&AshcqJ~R?p4z6 zexB9E7E^OAW)Do$n6Bj;cu?L8d^`s`5Bz`-kx#)kQ>=tC`$SEMBIu_DqZGgzvt6tz zl|TbF1&}mSu!YJD3|O~aR+cH6`p8BG8yQxXJ3RBlHyYC_-YCBnpAC5(h`n?s}SaOA;BpSAZ?&bO$C%&#FkI8V>Bm#DZc4 zB5UY(Q!XyHZ>rYfr;HU|{NXAW7u!tFR8ZCYq-1fKM|&AIc9uJIP$B0*@_!HoSJTY1)rDFuqM!LcQ3Ou_ zJ6hpWAj|w|qi|}p8dpSN=ar-yVT>HTcy9AwioNHEY|&)wrPy``v<47u_Wwo27L9;tF3c#3d99}|&K@=vPUD}jbN>yCg9g? z69lV>7YvG*P^D89)Powf>r*=TVt~mjB(bo$nf~o&E2Ai@{GBSRqrTrObh{Z-dumMY zsfE9ZRg19(Yb_!|eX>ezBEjX>SR{VrYn5}U;&E{P7>)jn$qGg=St~e?`|gu#pL^`F z<@`hz#y>oIuu%MT(*$oe^So^l{+x zvAAMbUG0AD*=N`PrrY)Oy19cWaqE++{KM$ExYx~SOjbC4VvaPA{l*w>W$=(JN*A&M=TbEG|o6y>)OVHA2@=;?0UX9Vo1Ejg$6yHtNUiiLVTqFS|7t9ECg z%Xhuo!@IrmSfQV3rlft(b#K|v@e}hnr*yj+>Y&r=q241RLmVvAGb(`{fX7HCAA80t zAJY6k-e|MG_=ywLrjlT=Jzti_Y2fdHCloS)$t?4eB4XwaOwgRFh9D;3eK=l5i4B1a z5RpMgz!(WNaLG$E`PB>};PzaFR|sXtKNaEk2+1HxY-qPKR@VB|XDcN22w8aZEDLX% z<;M3PVQQg4+Viwly12gI5kLfvs zhWr}3Sg>Mtyf;?7F)XU;3&w~q{J$y~3wsaNSz7Aw#AD0!mO3mybBX^2XQ$`l(Y-)? P00000NkvXXu0mjfOJeox