Skip to content

Commit 5ae4722

Browse files
cx-rahul-piddecx-rahul-pidde
committed
Added changed to show or update SCA triage
1 parent 1bafa75 commit 5ae4722

File tree

4 files changed

+172
-1
lines changed

4 files changed

+172
-1
lines changed

checkmarx-ast-cli.version

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
2.3.40
1+
2.3.40-sca-triage

src/main/wrapper/CxConstants.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
export enum CxConstants {
2+
VULNERABILITIES = "--vulnerabilities",
23
IGNORE__FILE_PATH = "--ignored-file-path",
34
SOURCE = "-s",
45
VERBOSE = "-v",

src/main/wrapper/CxWrapper.ts

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -298,6 +298,38 @@ export class CxWrapper {
298298
return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE);
299299
}
300300

301+
async triageSCAShow(projectId: string, vulnerabilities: string, scanType: string): Promise<CxCommandOutput> {
302+
const commands: string[] = [
303+
CxConstants.CMD_TRIAGE,
304+
CxConstants.SUB_CMD_SHOW,
305+
CxConstants.SCAN_TYPES_SUB_CMD, scanType,
306+
CxConstants.VULNERABILITIES, vulnerabilities,
307+
CxConstants.PROJECT_ID, projectId
308+
];
309+
commands.push(...this.initializeCommands(true));
310+
const exec = new ExecutionService();
311+
return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE);
312+
}
313+
314+
async triageSCAUpdate(projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string,stateId: number | null = null): Promise<CxCommandOutput> {
315+
const commands: string[] = [
316+
CxConstants.CMD_TRIAGE,
317+
CxConstants.SUB_CMD_UPDATE,
318+
CxConstants.SCAN_TYPES_SUB_CMD, scanType,
319+
CxConstants.VULNERABILITIES, vulnerabilities,
320+
CxConstants.STATE, state,
321+
CxConstants.COMMENT, comment,
322+
CxConstants.PROJECT_ID, projectId
323+
];
324+
if (stateId) {
325+
commands.push(CxConstants.STATE_ID);
326+
commands.push(stateId.toString());
327+
}
328+
commands.push(...this.initializeCommands(false));
329+
const exec = new ExecutionService();
330+
return await exec.executeCommands(this.config.pathToExecutable, commands);
331+
}
332+
301333
async triageUpdate(projectId: string, similarityId: string, scanType: string, state: string, comment: string, severity: string, stateId: number | null = null): Promise<CxCommandOutput> {
302334
const commands: string[] = [CxConstants.CMD_TRIAGE, CxConstants.SUB_CMD_UPDATE, CxConstants.PROJECT_ID, projectId, CxConstants.SIMILARITY_ID, similarityId, CxConstants.SCAN_TYPES_SUB_CMD, scanType, CxConstants.STATE, state, CxConstants.COMMENT, comment, CxConstants.SEVERITY, severity];
303335
if (stateId) {

src/tests/PredicateTest.test.ts

Lines changed: 138 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,120 @@ import CxResult from '../main/results/CxResult';
55
import {CxConstants} from '../main/wrapper/CxConstants';
66

77
describe("Triage cases", () => {
8+
9+
it('SCA Triage Show and Update Successful case', async () => {
10+
const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8";
11+
const vulnerabilities = "packagename=Maven-org.apache.tomcat.embed:tomcat-embed-core,packageversion=9.0.14,vulnerabilityId=CVE-2024-56337,packagemanager=maven";
12+
const scanType = "sca";
13+
const state = "To_verify";
14+
const comment = "comment1";
15+
await handleTriageSCAShow(projectId, vulnerabilities, scanType);
16+
await handleTriageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
17+
});
18+
19+
// SCA Triage Update with stateId
20+
it('SCA Triage Update with stateId', async () => {
21+
const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8";
22+
const vulnerabilities = "packagename=Maven-org.apache.tomcat.embed:tomcat-embed-core,packageversion=9.0.14,vulnerabilityId=CVE-2024-56337,packagemanager=maven";
23+
const scanType = "sca";
24+
const state = "To_verify";
25+
const comment = "comment1";
26+
const stateId = 123;
27+
await handleTriageSCAUpdate(projectId, vulnerabilities, scanType, state, comment, stateId);
28+
});
29+
30+
// SCA Triage Show and Update - Failure
31+
it('SCA Triage Show and Update Failure case', async () => {
32+
const projectId = "invalid-project-id";
33+
const vulnerabilities = "invalid-vulnerability-string";
34+
const scanType = "invalid";
35+
const state = "invalid_state";
36+
const comment = "invalid_comment";
37+
let errorShow = false;
38+
let errorUpdate = false;
39+
try {
40+
const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
41+
expect(cxShow.exitCode).not.toEqual(0);
42+
} catch (e) {
43+
errorShow = true;
44+
}
45+
try {
46+
const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
47+
expect(cxUpdate.exitCode).not.toEqual(0);
48+
} catch (e) {
49+
errorUpdate = true;
50+
}
51+
expect(errorShow || errorUpdate).toBe(true);
52+
});
53+
54+
// SCA Triage Show and Update - Edge case: empty vulnerabilities
55+
it('SCA Triage Show and Update with empty vulnerabilities', async () => {
56+
const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8";
57+
const vulnerabilities = "";
58+
const scanType = "sca";
59+
const state = "To_verify";
60+
const comment = "comment1";
61+
let errorShow = false;
62+
let errorUpdate = false;
63+
try {
64+
const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
65+
expect(cxShow.exitCode).not.toEqual(0);
66+
} catch (e) {
67+
errorShow = true;
68+
}
69+
try {
70+
const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
71+
expect(cxUpdate.exitCode).not.toEqual(0);
72+
} catch (e) {
73+
errorUpdate = true;
74+
}
75+
expect(errorShow || errorUpdate).toBe(true);
76+
});
77+
78+
// SCA Triage Show and Update - Edge case: null/undefined arguments
79+
it('SCA Triage Show and Update with null/undefined arguments', async () => {
80+
let errorShow = false;
81+
let errorUpdate = false;
82+
try {
83+
// @ts-ignore
84+
const cxShow: CxCommandOutput = await auth.triageSCAShow(undefined, undefined, undefined);
85+
expect(cxShow.exitCode).not.toEqual(0);
86+
} catch (e) {
87+
errorShow = true;
88+
}
89+
try {
90+
// @ts-ignore
91+
const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(undefined, undefined, undefined, undefined, undefined);
92+
expect(cxUpdate.exitCode).not.toEqual(0);
93+
} catch (e) {
94+
errorUpdate = true;
95+
}
96+
expect(errorShow || errorUpdate).toBe(true);
97+
});
98+
99+
it('SCA Triage Show and Update Failure case', async () => {
100+
// Example values for SCA triage (simulate failure)
101+
const projectId = "invalid-project-id";
102+
const vulnerabilities = "invalid-vulnerability-string";
103+
const scanType = "invalid";
104+
const state = "invalid_state";
105+
const comment = "invalid_comment";
106+
let errorShow = false;
107+
let errorUpdate = false;
108+
try {
109+
const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
110+
expect(cxShow.exitCode).not.toEqual(0);
111+
} catch (e) {
112+
errorShow = true;
113+
}
114+
try {
115+
const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
116+
expect(cxUpdate.exitCode).not.toEqual(0);
117+
} catch (e) {
118+
errorUpdate = true;
119+
}
120+
expect(errorShow || errorUpdate).toBe(true);
121+
});
8122
const cxScanConfig = new BaseTest();
9123
const auth = new CxWrapper(cxScanConfig);
10124
const getScanAndResult = async (): Promise<{ scan: any, result: CxResult }> => {
@@ -39,6 +153,19 @@ describe("Triage cases", () => {
39153
);
40154
expect(cxUpdate.exitCode).toEqual(0);
41155
};
156+
157+
// Helper for SCA triage show
158+
const handleTriageSCAShow = async (projectId: string, vulnerabilities: string, scanType: string) => {
159+
const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType);
160+
expect(cxShow.exitCode).toEqual(0);
161+
};
162+
163+
// Helper for SCA triage update
164+
const handleTriageSCAUpdate = async (projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string, stateId: number | null = null) => {
165+
const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment, stateId);
166+
expect(cxUpdate.exitCode).toEqual(0);
167+
};
168+
42169
const handlegetStates = async () => {
43170
const cxCommandOutput: CxCommandOutput = await auth.triageGetStates(false);
44171
console.log("Json object from states successful case: " + JSON.stringify(cxCommandOutput));
@@ -47,12 +174,23 @@ describe("Triage cases", () => {
47174
return cxCommandOutput
48175
};
49176

177+
it('SCA Triage Show and Update Successful case', async () => {
178+
const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8";
179+
const vulnerabilities = "packagename=Maven-org.apache.tomcat.embed:tomcat-embed-core,packageversion=9.0.14,vulnerabilityId=CVE-2024-56337,packagemanager=maven";
180+
const scanType = "sca";
181+
const state = "To_verify";
182+
const comment = "comment1";
183+
await handleTriageSCAShow(projectId, vulnerabilities, scanType);
184+
await handleTriageSCAUpdate(projectId, vulnerabilities, scanType, state, comment);
185+
});
186+
50187
it('Triage Successful case', async () => {
51188
const { scan, result } = await getScanAndResult();
52189
await handleTriageShow(scan, result);
53190
await handleTriageUpdate(scan, result, result.state, result.severity.toLowerCase() === "high" ? CxConstants.SEVERITY_MEDIUM : CxConstants.SEVERITY_HIGH);
54191
});
55192

193+
56194
it.skip('Triage with custom state Successful case', async () => {
57195
const { scan, result } = await getScanAndResult();
58196

0 commit comments

Comments
 (0)