Implemented mask cmd in java wrapper

Author: cx-atish-jadhav

src/main/java/com/checkmarx/ast/mask/MaskResult.java

@@ -0,0 +1,37 @@
+package com.checkmarx.ast.mask;
+
+import com.checkmarx.ast.utils.JsonParser;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.type.TypeFactory;
+import lombok.EqualsAndHashCode;
+import lombok.ToString;
+import lombok.Value;
+
+import java.util.List;
+
+@Value
+@EqualsAndHashCode()
+@JsonDeserialize()
+@ToString(callSuper = true)
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class MaskResult {
+
+    List<MaskedSecret> maskedSecrets;
+    String maskedFile;
+
+    @JsonCreator
+    public MaskResult(@JsonProperty("maskedSecrets") List<MaskedSecret> maskedSecrets,
+                     @JsonProperty("maskedFile") String maskedFile) {
+        this.maskedSecrets = maskedSecrets;
+        this.maskedFile = maskedFile;
+    }
+
+    public static MaskResult fromLine(String line) {
+        return JsonParser.parse(line, TypeFactory.defaultInstance().constructType(MaskResult.class));
+    }
+}

src/main/java/com/checkmarx/ast/mask/MaskedSecret.java

@@ -0,0 +1,32 @@
+package com.checkmarx.ast.mask;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.EqualsAndHashCode;
+import lombok.ToString;
+import lombok.Value;
+
+@Value
+@EqualsAndHashCode()
+@JsonDeserialize()
+@ToString(callSuper = true)
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class MaskedSecret {
+
+    String masked;
+    String secret;
+    int line;
+
+    @JsonCreator
+    public MaskedSecret(@JsonProperty("masked") String masked,
+                       @JsonProperty("secret") String secret,
+                       @JsonProperty("line") int line) {
+        this.masked = masked;
+        this.secret = secret;
+        this.line = line;
+    }
+}

src/main/java/com/checkmarx/ast/wrapper/CxConstants.java

@@ -80,4 +80,6 @@ public final class CxConstants {
     static final String SUB_CMD_IAC_REALTIME = "iac-realtime";
     static final String SUB_CMD_SECRETS_REALTIME = "secrets-realtime";
     static final String SUB_CMD_CONTAINERS_REALTIME = "containers-realtime";
+    static final String SUB_CMD_MASK = "mask";
+    static final String RESULT_FILE = "--result-file";
 }

src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java

@@ -4,6 +4,7 @@
 import com.checkmarx.ast.codebashing.CodeBashing;
 import com.checkmarx.ast.kicsRealtimeResults.KicsRealtimeResults;
 import com.checkmarx.ast.learnMore.LearnMore;
+import com.checkmarx.ast.mask.MaskResult;
 import com.checkmarx.ast.ossrealtime.OssRealtimeResults;
 import com.checkmarx.ast.secretsrealtime.SecretsRealtimeResults;
 
@@ -522,6 +523,17 @@ public List<TenantSetting> tenantSettings() throws CxException, IOException, Int
         return Execution.executeCommand(withConfigArguments(arguments), logger, TenantSetting::listFromLine);
     }
 
+    public MaskResult maskSecrets(@NonNull String filePath) throws CxException, IOException, InterruptedException {
+        List<String> arguments = new ArrayList<>();
+
+        arguments.add(CxConstants.CMD_UTILS);
+        arguments.add(CxConstants.SUB_CMD_MASK);
+        arguments.add(CxConstants.RESULT_FILE);
+        arguments.add(filePath);
+
+        return Execution.executeCommand(withConfigArguments(arguments), logger, MaskResult::fromLine);
+    }
+
     private int getIndexOfBfLNode(List<Node> bflNodes, List<Node> resultNodes) {
 
         int bflNodeNotFound = -1;

src/test/java/com/checkmarx/ast/MaskTest.java

@@ -0,0 +1,105 @@
+package com.checkmarx.ast;
+
+import com.checkmarx.ast.mask.MaskResult;
+import com.checkmarx.ast.mask.MaskedSecret;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+public class MaskTest extends BaseTest {
+
+    private static final String RESULTS_FILE = "target/test-classes/results.json";
+    private static final String SECRETS_REALTIME_FILE = "target/test-classes/Secrets-realtime.json";
+
+    @Test
+    void testMaskSecretsWithFileContainingSecrets() throws Exception {
+        // Tests CLI execution with file containing actual secrets and validates masking behavior
+        MaskResult result = wrapper.maskSecrets(SECRETS_REALTIME_FILE);
+
+        Assertions.assertNotNull(result);
+        Assertions.assertNotNull(result.getMaskedFile());
+        Assertions.assertNotNull(result.getMaskedSecrets());
+        Assertions.assertFalse(result.getMaskedSecrets().isEmpty());
+
+        MaskedSecret secret = result.getMaskedSecrets().get(0);
+        Assertions.assertNotNull(secret.getMasked());
+        Assertions.assertNotNull(secret.getSecret());
+        Assertions.assertEquals(5, secret.getLine());
+        Assertions.assertTrue(secret.getMasked().contains("<masked>") || secret.getMasked().contains("\\u003cmasked\\u003e"));
+        Assertions.assertTrue(secret.getSecret().contains("-----BEGIN RSA PRIVATE KEY-----"));
+        Assertions.assertTrue(secret.getSecret().length() > secret.getMasked().length());
+    }
+
+    @Test
+    void testMaskSecretsWithFileContainingNoSecrets() throws Exception {
+        // Tests CLI execution with file containing no secrets
+        MaskResult result = wrapper.maskSecrets(RESULTS_FILE);
+
+        Assertions.assertNotNull(result);
+        Assertions.assertNotNull(result.getMaskedFile());
+        Assertions.assertFalse(result.getMaskedFile().isEmpty());
+    }
+
+    @Test
+    void testMaskSecretsErrorHandling() {
+        // Tests CLI error handling for invalid inputs
+        Assertions.assertThrows(Exception.class, () -> wrapper.maskSecrets(null));
+        Assertions.assertThrows(Exception.class, () -> wrapper.maskSecrets("non-existent-file.json"));
+        Assertions.assertDoesNotThrow(() -> wrapper.maskSecrets(RESULTS_FILE));
+    }
+
+    @Test
+    void testMaskSecretsResponseParsing() throws Exception {
+        // Tests CLI response structure and JSON parsing functionality
+        MaskResult result = wrapper.maskSecrets(SECRETS_REALTIME_FILE);
+
+        Assertions.assertNotNull(result);
+        Assertions.assertNotNull(result.getMaskedSecrets());
+        Assertions.assertFalse(result.getMaskedSecrets().isEmpty());
+
+        MaskedSecret secret = result.getMaskedSecrets().get(0);
+        Assertions.assertNotNull(secret.getMasked());
+        Assertions.assertNotNull(secret.getSecret());
+        Assertions.assertTrue(secret.getLine() >= 0);
+
+        Assertions.assertNull(MaskResult.fromLine(""));
+        Assertions.assertNull(MaskResult.fromLine("{invalid json}"));
+        Assertions.assertNull(MaskResult.fromLine(null));
+    }
+
+    @Test
+    void testMaskSecretsObjectBehavior() throws Exception {
+        // Tests object equality, serialization and consistency with CLI responses
+        MaskResult result1 = wrapper.maskSecrets(SECRETS_REALTIME_FILE);
+        MaskResult result2 = wrapper.maskSecrets(SECRETS_REALTIME_FILE);
+
+        Assertions.assertEquals(result1.getMaskedFile(), result2.getMaskedFile());
+        Assertions.assertNotNull(result1.toString());
+        Assertions.assertTrue(result1.toString().contains("MaskResult"));
+
+        if (result1.getMaskedSecrets() != null && !result1.getMaskedSecrets().isEmpty()) {
+            MaskedSecret secret1 = result1.getMaskedSecrets().get(0);
+            MaskedSecret secret2 = result2.getMaskedSecrets().get(0);
+
+            Assertions.assertEquals(secret1.getMasked(), secret2.getMasked());
+            Assertions.assertEquals(secret1.getSecret(), secret2.getSecret());
+            Assertions.assertEquals(secret1.getLine(), secret2.getLine());
+            Assertions.assertEquals(secret1.hashCode(), secret2.hashCode());
+            Assertions.assertEquals(secret1, secret1);
+            Assertions.assertNotEquals(secret1, null);
+
+            String toString = secret1.toString();
+            Assertions.assertNotNull(toString);
+            Assertions.assertTrue(toString.contains("MaskedSecret"));
+        }
+
+        ObjectMapper mapper = new ObjectMapper();
+        String json = mapper.writeValueAsString(result1);
+        MaskResult deserialized = mapper.readValue(json, MaskResult.class);
+
+        Assertions.assertEquals(result1.getMaskedFile(), deserialized.getMaskedFile());
+        if (result1.getMaskedSecrets() != null) {
+            Assertions.assertEquals(result1.getMaskedSecrets().size(), deserialized.getMaskedSecrets().size());
+        }
+    }
+}

src/test/resources/Secrets-realtime.json

@@ -0,0 +1,147 @@
+[
+	{
+		"Title": "private-key",
+		"Description": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.",
+		"SecretValue": "-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAl5X22d9tXl2Bz1b+3mWsAouoBiQhrDS3GxFAdpJFkKF6Wst+Vl1mfshTd+gF2kHXTzLMdxsUM2AS8laG2xeIhLe07FhhOtQGSoAOjHD++K53MBcOD/mDVOlPhNOWAc3qWfa3R7ohxUJq8lvy1OErw7qlQv9U+xABUJtHbJtMn/dDBs1Fy6MUgO6TOtEwzQaTaGpWh3NmGaUu3KQuaekHZnzlYd8mc1XkztXrph0XxZPq43Gg8RVh25fCrcA+7iAkqa4MNL/5gsatzzjP7KRdx1IP0pnM6F/cwoMClmuV7FFhKoP3KFwt8SXglZnqLrCNK6DzrYU5bRaszIxYc8egywIDAQABAoIBADGaq2rkiF+m7cGx0Dlqv/0dQmCwFizKG1lKLfQfLZCEpwtrJ+6PJek7GMVWMgQYI6MRFoOrYtLlD44p7ntnmg8EJrpouXiMxXo/qYMfvvAV937PLJThq65vosvuiVoRziyeZZ+dM0vfzit9F1u+S5oDS+0+rMpzlFqSVa8eqtZ1i4wmVwKXF35FqHyzhXgKmVNXUy/JCiftJYF2hpe2zXAuGQKTD5x3v52GX+cUsRPPAO5GhJbDnwhbL8i06gLDc7xwfaTJbebvOKHT1F2AW/RhoW+BpJke86beea8DM7KR8RYjobgdf66fadosa27u8qqpcdtyzYMqLc3GuTeYL/ECgYEA36KgaxlWNCuQhLOLPZ/2fzebD1SCI7HsPtbiM+mSbWTGBnSPX36b1XLJkynZrAFKYoe9zx9ksqlrBHWG7PC3FLeIO9ExV9BsGFGjzDpkENteArcO5eLfSMkfXIXNlWwhb8m8DPjdnK2pihs3vVN0OMIPeYu9mAXst0CcR8vQuJ0CgYEArYYBgmAyWfRs8exU2F7vQoG8B4mykTOQ9J91Js72WiHaqt+z4NdGJrFr5VkXCZdbBf3J/PfEPVFT3ud/dAm2PZ40TfNQJTa4pwBhuyCozZff1Qm+X5NdzvHkLePFex6wxUgupVwr/W9UOVU7gRFB/hziSLnlglfpgwxA9j9tfocCgYEAqH69YzQp0RDpyDIGvR2i+WMJ/1jq3L4Xg5kfwYFAhA+jbAWyaH7aJs5ftfOYP5KRWv9vMXkzw7EGIsvyJt+O8Zr+mCMbjFBKwV/xi9SKxHCjumP2Y5q2JP70FB/0L5rS7okOmK+BOaVW0emD66/PJ1x/kFKLPNlp6wBRP37++bkCgYAgrkdkfaeeB4npOmB0a9TWCscWCFoIPNUFLW8MAxikuxGK8xzWsNS2ft3aUSAkn0v2YekD6sob3lBUf/ciLJ4VFtG1CKlEiPzX/xto+eqw5fSzE+W17HRTgH1AI1DTMmGKlmCqpiRm0+vh7GqLkWuDZ386wUA3f0UseEdX2XROywKBgE1Xer2yEZtLlrubHgVAKVrz2u5ZCEPzDkLEDhOxX2h1dP19TWvm2Sr6Fm1QL8lez52YhCW/xJHsr8S4Kka3Ntbm9+ZfhhATTICTpqIicqeAq/Iiw++7UgCk1gZPW1hnlDHYRdmI4Dr6j5aUBFLl4Bj2nedH+1L1Eo8EXfnjm0pi-----END RSA PRIVATE KEY-----",
+		"FilePath": "C:\\Users\\XYZ\\GitHub_Repo\\JavaVulnerableLab\\CxAppMonDeploy.pem",
+		"Severity": "High",
+		"Locations": [
+			{
+				"Line": 0,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 1,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 2,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 3,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 4,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 5,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 6,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 7,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 8,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 9,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 10,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 11,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 12,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 13,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 14,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 15,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 16,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 17,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 18,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 19,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 20,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 21,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 22,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 23,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 24,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 25,
+				"StartIndex": 1,
+				"EndIndex": 30
+			},
+			{
+				"Line": 26,
+				"StartIndex": 1,
+				"EndIndex": 30
+			}
+		]
+	}
+]
+