Integration april release (#99)

* Add support for SCA proxy

Will compile with next cx-common-client branch 'https://github.com/checkmarx-ltd/Cx-Client-Common/tree/scaProxy'

* Add print for Dependency scanner type and all info

* Changes for common upgrade and fix bug

Changes for common upgrade and fix bug

* Commented out the SCA resolver path validations. This is causing issues for feature to work in Linux

* Fix testScaConnection issue on local setting and global settings

* Upgrade cx-client common

Upgrade cx-client common

* Changes for upgrade

Changes for upgrade

* Revert "Changes for upgrade"

This reverts commit f5c4707.

* Upgrade

Upgrade

* Changes for jenkins version

Changes for jenkins version

* Chnages for fix note

Chnages for fix note

* Changes for new bug

Changes for new bug

Co-authored-by: Margarital <[email protected]>
Co-authored-by: SubhadraSahoo <[email protected]>
Co-authored-by: [email protected] <[email protected]>

build.gradle

@@ -53,7 +53,7 @@ dependencies {
         exclude group: 'org.apache.logging.log4j', module: 'log4j-core'
     }
 
-    compile 'com.checkmarx:cx-client-common:2021.4.9',
+    compile 'com.checkmarx:cx-client-common:2022.2.11',
             'com.fasterxml.jackson.core:jackson-core:2.11.3',
             'com.fasterxml.jackson.core:jackson-annotations:2.11.3',
             'com.fasterxml.jackson.core:jackson-databind:2.11.3',

gradle.properties

@@ -1,6 +1,6 @@
 description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface.
 group = com.checkmarx.jenkins
-version = 2022.1.3
+version = 2022.2.1
 
 repositoryVersion=
 

src/main/java/com/checkmarx/jenkins/CxConnectionDetails.java

@@ -22,6 +22,7 @@ public class CxConnectionDetails {
     private String username;
     private String encryptedPassword;
     private Boolean isProxy;
+    private Boolean isScaProxy;
 
     public String getServerUrl() {
         return serverUrl;
@@ -54,6 +55,13 @@ public Boolean isProxy() {
     public void setProxy(Boolean proxy) {
         isProxy = proxy;
     }
+    public Boolean isScaProxy() {
+        return isScaProxy;
+    }
+
+    public void setScaProxy(Boolean scaProxy) {
+        isScaProxy = scaProxy;
+    }
 
     @NotNull
     private static CxConnectionDetails getCxCredentials(Run<?, ?> run, CxConnectionDetails ret, String credentialsId, String username, String passwordPlainText) {

src/main/java/com/checkmarx/jenkins/CxScanBuilder.java

@@ -134,7 +134,7 @@ public class CxScanBuilder extends Builder implements SimpleBuildStep {
     private boolean fullScansScheduled;
     private int fullScanCycle;
     private boolean isThisBuildIncremental;
-    private Integer postScanActionId;
+    private int postScanActionId;
     @Nullable
     private String sourceEncoding;
     @Nullable
@@ -226,7 +226,7 @@ public CxScanBuilder(
             boolean incremental,
             boolean fullScansScheduled,
             int fullScanCycle,
-            Integer postScanActionId,
+            int postScanActionId,
             @Nullable String sourceEncoding,
             @Nullable String comment,
             boolean skipSCMTriggers,
@@ -432,7 +432,7 @@ public int getFullScanCycle() {
         return fullScanCycle;
     }
 
-    public Integer getPostScanActionId() {
+    public int getPostScanActionId() {
         return postScanActionId;
     }
 
@@ -901,8 +901,9 @@ public void perform(@Nonnull Run<?, ?> run, @Nonnull FilePath workspace, @Nonnul
         Jenkins instance = Jenkins.getInstance();
         final CxScanCallable action;
         if (instance != null && instance.proxy != null &&
-                (useOwnServerCredentials ? this.isProxy : getDescriptor().getIsProxy()) &&
-                !(isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns()))) {
+             ((!isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns()))
+                    || (!isCxURLinNoProxyHost(getDescriptor().getDependencyScanConfig().scaAccessControlUrl, instance.proxy.getNoProxyHostPatterns()))))
+        {
             action = new CxScanCallable(config, listener, instance.proxy, isHideDebugLogs(), fsaVars);
         } else {
             action = new CxScanCallable(config, listener, isHideDebugLogs(), fsaVars);
@@ -1315,16 +1316,30 @@ private CxScanConfig resolveConfiguration(Run<?, ?> run, DescriptorImpl descript
         ret.setPassword(Aes.decrypt(cxConnectionDetails.getPassword(), cxConnectionDetails.getUsername()));
         if (cxConnectionDetails.isProxy()) {
             Jenkins instance = Jenkins.getInstance();
-            if (instance != null && instance.proxy != null && !(isCxURLinNoProxyHost(useOwnServerCredentials ?
-                    this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns()))) {
-                ret.setProxy(true);
-                ret.setProxyConfig(new ProxyConfig(instance.proxy.name, instance.proxy.port,
-                        instance.proxy.getUserName(), instance.proxy.getPassword(), false));
+            if (instance != null && instance.proxy != null) {
+                boolean sastProxy = false;
+
+                if (!isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns())) {
+                    ret.setProxy(true);
+                    ret.setProxyConfig(new ProxyConfig(instance.proxy.name, instance.proxy.port,
+                            instance.proxy.getUserName(), instance.proxy.getPassword(), false));
+                    sastProxy = true;
+                }
+                if (!isCxURLinNoProxyHost(getDescriptor().getDependencyScanConfig().scaAccessControlUrl, instance.proxy.getNoProxyHostPatterns())) {
+                    if (!sastProxy){
+                        ret.setProxy(false);
+                    }
+                    ret.setScaProxy(true);
+                    ret.setScaProxyConfig(new ProxyConfig(instance.proxy.name, instance.proxy.port,
+                            instance.proxy.getUserName(), instance.proxy.getPassword(), false));
+                }
             } else {
                 ret.setProxy(false);
+                ret.setScaProxy(false);
             }
         } else {
             ret.setProxy(false);
+            ret.setScaProxy(false);
         }
 
         /*
@@ -1459,12 +1474,23 @@ private LegacyClient prepareLoggedInClient(CxConnectionDetails credentials, Desc
         Jenkins instance = Jenkins.getInstance();
 
         if (credentials.isProxy()) {
-            if (instance != null && instance.proxy != null && isCxURLinNoProxyHost(serverUrl, instance.proxy.getNoProxyHostPatterns())) {
-                credentials.setProxy(false);
+            if (instance != null && instance.proxy != null) {
+                boolean isSastProxy = false;
+                if (!isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns())) {
+                    credentials.setProxy(true);
+                    isSastProxy = true;
+                }
+                if (!isCxURLinNoProxyHost(getDescriptor().getDependencyScanConfig().scaAccessControlUrl, instance.proxy.getNoProxyHostPatterns())) {
+                    credentials.setScaProxy(true);
+                    if (!isSastProxy || !getSastEnabled()){
+                        credentials.setProxy(false);
+                    }
+                }
             }
             ret = CommonClientFactory.getInstance(credentials, descriptor.isEnableCertificateValidation(), serverLog);
         } else {
             credentials.setProxy(false);
+            credentials.setScaProxy(false);
             ret = CommonClientFactory.getInstance(credentials, descriptor.isEnableCertificateValidation(), serverLog);
         }
 
@@ -1552,7 +1578,7 @@ private AstScaConfig getScaConfig(Run<?, ?> run, EnvVars env, DependencyScanConf
         //add SCA Resolver code here
         if (dsConfig.enableScaResolver != null
                 && SCAScanType.SCA_RESOLVER.toString().equalsIgnoreCase(dsConfig.enableScaResolver.toString())) {
-            scaResolverPathExist(dsConfig.pathToScaResolver);
+//            scaResolverPathExist(dsConfig.pathToScaResolver);
             validateScaResolverParams(dsConfig.scaResolverAddParameters);
             result.setEnableScaResolver(true);
         }
@@ -1625,7 +1651,9 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) {
         log.info("plugin version: {}", CxConfig.version());
         log.info("server url: " + config.getUrl());
         log.info("username: " + config.getUsername());
-        boolean proxyEnabled = ((useOwnServerCredentials ? getIsProxy() : config.getProxyConfig()) != null);
+        //Print correct value only for local project proxy setup
+        //useOwnServerCredentials == true once it's un-checked on job config and false once its checked
+        boolean proxyEnabled = ((!useOwnServerCredentials ? getIsProxy() : config.getProxyConfig()) != null);
         log.info("is using Jenkins server proxy: " + proxyEnabled);
         if (proxyEnabled) {
             if (Jenkins.getInstance().proxy != null)
@@ -1646,7 +1674,6 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) {
         ScannerType scannerType = getDependencyScannerType(config);
         String dependencyScannerType = scannerType != null ? scannerType.getDisplayName() : "NONE";
 
-        log.info("Dependency scanner type: {}", dependencyScannerType);
         if (config.isSastEnabled()) {
             log.info("preset id: " + config.getPresetId());
             log.info("SAST folder exclusions: " + config.getSastFolderExclusions());
@@ -1965,7 +1992,7 @@ private void validateScaResolverParams(String additionalParams) {
         String dirPath = params.get("-s");
         if(StringUtils.isEmpty(dirPath))
             throw new CxClientException("Source code path (-s <source code path>) is not provided.");
-        fileExists(dirPath);
+//        fileExists(dirPath);
 
         String projectName = params.get("-n");
         if(StringUtils.isEmpty(projectName))
@@ -2511,11 +2538,11 @@ public FormValidation doTestScaSASTConnection(@QueryParameter final String scaSa
 
                     if (cred.isProxy()) {
                         if (instance != null && instance.proxy != null && isCxURLinNoProxyHost(serverUrl, instance.proxy.getNoProxyHostPatterns())) {
-                            cred.setProxy(false);
+                            cred.setScaProxy(false);
                         }
                         commonClient = CommonClientFactory.getInstance(cred, this.isEnableCertificateValidation(), serverLog);
                     } else {
-                        cred.setProxy(false);
+                        cred.setScaProxy(false);
                         commonClient = CommonClientFactory.getInstance(cred, this.isEnableCertificateValidation(), serverLog);
                     }
                 } catch (Exception e) {
@@ -2564,12 +2591,10 @@ public FormValidation doValidateMvnPath(@QueryParameter final String mvnPath) th
         }
 
         @POST
-        public FormValidation doTestScaConnection(@QueryParameter String scaServerUrl,
-                                                  @QueryParameter String scaAccessControlUrl,
-                                                  @QueryParameter String scaCredentialsId,
-                                                  @QueryParameter String scaTenant,
-                                                  @QueryParameter Integer scaTimeout,
-                                                  @AncestorInPath Item item) {
+        public FormValidation doTestScaConnection(@QueryParameter String scaServerUrl, @QueryParameter String scaAccessControlUrl,
+                                                  @QueryParameter String scaCredentialsId, @QueryParameter String scaTenant,
+                                                  @QueryParameter Integer scaTimeout, @QueryParameter final boolean isProxy,
+                                                  @QueryParameter final String timestamp, @AncestorInPath Item item) {
             Jenkins.getInstance().checkPermission(Item.CONFIGURE);
             try {
                 CxScanConfig config = new CxScanConfig();
@@ -2597,9 +2622,15 @@ public FormValidation doTestScaConnection(@QueryParameter String scaServerUrl,
 
                 try {
                     Jenkins instance = Jenkins.getInstance();
-                    if (instance != null && instance.proxy != null && isProxy && !(isCxURLinNoProxyHost(serverUrl, instance.proxy.getNoProxyHostPatterns()))) {
+                    if (instance != null && instance.proxy != null){
+                        if (isProxy && !(isCxURLinNoProxyHost(scaConfig.getAccessControlUrl(), instance.proxy.getNoProxyHostPatterns())))
+                        {
+                            config.setScaProxy(true);
+                        }else{
+                            config.setScaProxy(false);
+                        }
                         ProxyConfig proxyConfig = ProxyHelper.getProxyConfig();
-                        config.setProxyConfig(proxyConfig);
+                        config.setScaProxyConfig(proxyConfig);
                     }
                 } catch (Exception e) {
                     return buildError(e, "Failed to init cx client");

src/main/resources/com/checkmarx/jenkins/CxProjectResult/jobMain.jelly

@@ -29,9 +29,7 @@
                     vertical-align: top;
                     }
                 </style>
-
-            </j:if>
-            <j:if test="${result.isRemoveAsyncHtml()}">
+               <j:if test="${result.isRemoveAsyncHtml()}">
              	<div id="async-note">
                     <div class="async-note"><div class="async-note-title">Note:</div>
                         <div class="async-note-body" id="async-note-body">Job is configured to run Checkmarx scan asynchronously. Displayed results are of the previous successful scan.</div></div>
@@ -47,7 +45,12 @@
                         <div class="async-note-body" id="async-note-body">Job is configured to run Checkmarx scan asynchronously.Report generation is disabled.</div></div>
                 </div>
             </j:if> 
-
+            </j:if>
+            <j:if test="${!result.scanRanAsynchronous}">
+               <div>
+                    ${result.getHtmlReport()}
+                </div>
+            </j:if>
         </j:forEach>
     </j:if>
 

src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly

@@ -190,7 +190,7 @@
                     </f:entry>
 
                     <f:validateButton title="Test Connection" progress="Testing..." method="testScaConnection"
-                                      with="scaServerUrl,scaAccessControlUrl,scaCredentialsId,scaTenant"/>
+                                      with="scaServerUrl,scaAccessControlUrl,scaCredentialsId,scaTenant,timestamp,isProxy"/>
 
                     <f:radioBlock checked="${instance.dependencyScanConfig.enableScaResolver == null || instance.dependencyScanConfig.enableScaResolver == 'SCA_RESOLVER'}" inline="true"
                                     name="enableScaResolver" title="Perform SCA scan using dependency resolution by SCA Resolver tool."

src/main/resources/com/checkmarx/jenkins/CxScanBuilder/global.jelly

@@ -166,7 +166,7 @@
                         <f:textbox value="${descriptor.dependencyScanConfig.scaTimeout}"/>
                      </f:entry>
                     <f:validateButton title="Test Connection" progress="Testing..." method="testScaConnection"
-                                      with="scaServerUrl,scaAccessControlUrl,scaCredentialsId,scaTenant,scaTimeout"/>
+                                      with="scaServerUrl,scaAccessControlUrl,scaCredentialsId,scaTenant,scaTimeout,timestamp,isProxy"/>
                 </f:nested>
                 <f:entry title="Package Manager's Config File(s) Path" field="scaConfigFile">
                         <f:textarea value="${descriptor.dependencyScanConfig.scaConfigFile}" />