diff --git a/checkmarx-ast-cli.version b/checkmarx-ast-cli.version index 0f1c3e55..929c535c 100644 --- a/checkmarx-ast-cli.version +++ b/checkmarx-ast-cli.version @@ -1 +1 @@ -2.3.40 +2.3.40-sca-triage diff --git a/src/main/wrapper/CxConstants.ts b/src/main/wrapper/CxConstants.ts index 7c40bc12..28e25439 100644 --- a/src/main/wrapper/CxConstants.ts +++ b/src/main/wrapper/CxConstants.ts @@ -1,4 +1,5 @@ export enum CxConstants { + VULNERABILITIES = "--vulnerabilities", IGNORE__FILE_PATH = "--ignored-file-path", SOURCE = "-s", VERBOSE = "-v", diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts index 67ded66c..ff8eb56f 100644 --- a/src/main/wrapper/CxWrapper.ts +++ b/src/main/wrapper/CxWrapper.ts @@ -298,6 +298,34 @@ export class CxWrapper { return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE); } + async triageSCAShow(projectId: string, vulnerabilities: string, scanType: string): Promise { + const commands: string[] = [ + CxConstants.CMD_TRIAGE, + CxConstants.SUB_CMD_SHOW, + CxConstants.SCAN_TYPES_SUB_CMD, scanType, + CxConstants.VULNERABILITIES, vulnerabilities, + CxConstants.PROJECT_ID, projectId + ]; + commands.push(...this.initializeCommands(true)); + const exec = new ExecutionService(); + return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE); + } + + async triageSCAUpdate(projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string): Promise { + const commands: string[] = [ + CxConstants.CMD_TRIAGE, + CxConstants.SUB_CMD_UPDATE, + CxConstants.SCAN_TYPES_SUB_CMD, scanType, + CxConstants.VULNERABILITIES, vulnerabilities, + CxConstants.STATE, state, + CxConstants.COMMENT, comment, + CxConstants.PROJECT_ID, projectId + ]; + commands.push(...this.initializeCommands(false)); + const exec = new ExecutionService(); + return await exec.executeCommands(this.config.pathToExecutable, commands); + } + async triageUpdate(projectId: string, similarityId: string, scanType: string, state: string, comment: string, severity: string, stateId: number | null = null): Promise { const commands: string[] = [CxConstants.CMD_TRIAGE, CxConstants.SUB_CMD_UPDATE, CxConstants.PROJECT_ID, projectId, CxConstants.SIMILARITY_ID, similarityId, CxConstants.SCAN_TYPES_SUB_CMD, scanType, CxConstants.STATE, state, CxConstants.COMMENT, comment, CxConstants.SEVERITY, severity]; if (stateId) { diff --git a/src/main/wrapper/resources/cx-linux b/src/main/wrapper/resources/cx-linux index ab37b459..a9b30237 100755 --- a/src/main/wrapper/resources/cx-linux +++ b/src/main/wrapper/resources/cx-linux @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:64460df9a00bcc48a599688c878ddabe20187127f5f7e0fb84cee08abc21120f -size 80982200 +oid sha256:976e2bc115e2172b632ace012dd609a9aec3c066558d6f9e0407b3be440ab804 +size 81002680 diff --git a/src/main/wrapper/resources/cx-mac b/src/main/wrapper/resources/cx-mac index b4b2df59..0c1005ac 100755 --- a/src/main/wrapper/resources/cx-mac +++ b/src/main/wrapper/resources/cx-mac @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ab046570766900b90ca6412175eb60096bbbc1b251142237f4f836f54afb56be -size 162864288 +oid sha256:aa582bd9dbcc6cc6326890f6a39bd7ec088cde1a8cc36da05b90a6ffe1c1c4ed +size 162885680 diff --git a/src/main/wrapper/resources/cx.exe b/src/main/wrapper/resources/cx.exe index a62fc095..bdce6c09 100644 --- a/src/main/wrapper/resources/cx.exe +++ b/src/main/wrapper/resources/cx.exe @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:606e331a9a722cf2668e6f8e09966f0972e483c3a2a1135277172194604b8195 -size 82958272 +oid sha256:7f699fe2dd1d4bf27024f94bd0835b739ed96678271b6e6c00cb639a475b06a1 +size 82977216 diff --git a/src/tests/PredicateTest.test.ts b/src/tests/PredicateTest.test.ts index ffa7b708..a9e977d0 100644 --- a/src/tests/PredicateTest.test.ts +++ b/src/tests/PredicateTest.test.ts @@ -39,6 +39,19 @@ describe("Triage cases", () => { ); expect(cxUpdate.exitCode).toEqual(0); }; + + // Helper for SCA triage show + const handleTriageSCAShow = async (projectId: string, vulnerabilities: string, scanType: string) => { + const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType); + expect(cxShow.exitCode).toEqual(0); + }; + + // Helper for SCA triage update + const handleTriageSCAUpdate = async (projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string) => { + const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment); + expect(cxUpdate.exitCode).toEqual(0); + }; + const handlegetStates = async () => { const cxCommandOutput: CxCommandOutput = await auth.triageGetStates(false); console.log("Json object from states successful case: " + JSON.stringify(cxCommandOutput)); @@ -47,12 +60,57 @@ describe("Triage cases", () => { return cxCommandOutput }; + it('SCA Triage Show and Update Successful case', async () => { + const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8"; + const vulnerabilities = "packagename=Maven-org.apache.tomcat.embed:tomcat-embed-core,packageversion=9.0.14,vulnerabilityId=CVE-2024-56337,packagemanager=maven"; + const scanType = "sca"; + const state = "To_verify"; + const comment = "comment1"; + await handleTriageSCAShow(projectId, vulnerabilities, scanType); + await handleTriageSCAUpdate(projectId, vulnerabilities, scanType, state, comment); + }); + + it('SCA Triage Show and Update Failure case', async () => { + const projectId = "invalid-project-id"; + const vulnerabilities = "invalid-vulnerability-string"; + const scanType = "invalid"; + const state = "invalid_state"; + const comment = "invalid_comment"; + + const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType); + expect(cxShow.exitCode).not.toEqual(0); + + const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment); + expect(cxUpdate.exitCode).not.toEqual(0); + }); + + it('SCA Triage Show and Update with empty vulnerabilities', async () => { + const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8"; + const vulnerabilities = ""; + const scanType = "sca"; + const state = "To_verify"; + const comment = "comment1"; + const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType); + expect(cxShow.exitCode).not.toEqual(0); + + const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment); + expect(cxUpdate.exitCode).not.toEqual(0); + }); + + it('SCA Triage Show and Update with null/undefined arguments', async () => { + const cxShow: CxCommandOutput = await auth.triageSCAShow(undefined, undefined, undefined); + expect(cxShow.exitCode).not.toEqual(0); + const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(undefined, undefined, undefined, undefined, undefined); + expect(cxUpdate.exitCode).not.toEqual(0); + }); + it('Triage Successful case', async () => { const { scan, result } = await getScanAndResult(); await handleTriageShow(scan, result); await handleTriageUpdate(scan, result, result.state, result.severity.toLowerCase() === "high" ? CxConstants.SEVERITY_MEDIUM : CxConstants.SEVERITY_HIGH); }); + it.skip('Triage with custom state Successful case', async () => { const { scan, result } = await getScanAndResult();