Adding kics realtime command (#117)

tiagobcx · cx-pedro-lopes · web-flow · commit 5386b66aa00b · 2022-06-23T10:31:36.000+01:00
* adding kics realtime command

* adding engine support

* changing file flag

Co-authored-by: Pedro Lopes &lt;Pedro.Lopes@checkmarx.com&gt;
diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsLocation.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsLocation.java
@@ -0,0 +1,43 @@
+package com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+@lombok.Data
+@JsonDeserialize()
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+
+public class KicsLocation {
+    private final String fileName;
+    private final String similarityID;
+    private final int line;
+    private final String issueType;
+    private final String searchKey;
+    private final int searchLine;
+    private final String searchValue;
+    private final String expectedValue;
+    private final String actualValue;
+
+    public KicsLocation(@JsonProperty("file_name") String fileName,
+                        @JsonProperty("similarity_id") String similarityID,
+                        @JsonProperty("line") int line,
+                        @JsonProperty("issue_type") String issueType,
+                        @JsonProperty("search_key") String searchKey,
+                        @JsonProperty("search_line") int searchLine,
+                        @JsonProperty("search_value") String searchValue,
+                        @JsonProperty("expected_value") String expectedValue,
+                        @JsonProperty("actual_value") String actualValue) {
+        this.fileName = fileName;
+        this.similarityID = similarityID;
+        this.line = line;
+        this.issueType = issueType;
+        this.searchKey = searchKey;
+        this.searchLine = searchLine;
+        this.searchValue = searchValue;
+        this.expectedValue = expectedValue;
+        this.actualValue = actualValue;
+    }
+}
diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsResult.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsResult.java
@@ -0,0 +1,38 @@
+package com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import java.util.List;
+
+@lombok.Data
+@JsonDeserialize()
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+
+public class KicsResult {
+    private final String queryName;
+    private final String queryID;
+    private final String severity;
+    private final String platform;
+    private final String category;
+    private final String description;
+    private final List <KicsLocation> locations;
+
+    public KicsResult(@JsonProperty("query_name") String queryName,
+                       @JsonProperty("query_id") String queryID,
+                       @JsonProperty("severity") String severity,
+                       @JsonProperty("platform") String platform,
+                       @JsonProperty("category") String category,
+                       @JsonProperty("description") String description,
+                       @JsonProperty("files") List<KicsLocation> locations) {
+        this.queryName = queryName;
+        this.queryID = queryID;
+        this.severity = severity;
+        this.platform = platform;
+        this.category = category;
+        this.description = description;
+        this.locations = locations;
+    }
+}
diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsSummary.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/ast/kicsRealtimeResult/KicsSummary.java
@@ -0,0 +1,28 @@
+package com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+
+@lombok.Data
+@JsonDeserialize()
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+
+public class KicsSummary {
+    private final int high;
+    private final int medium;
+    private final int low;
+    private final int info;
+
+    public KicsSummary(@JsonProperty("HIGH") int high,
+                  @JsonProperty("MEDIUM") int medium,
+                  @JsonProperty("LOW") int low,
+                  @JsonProperty("INFO") int info) {
+        this.high = high;
+        this.medium = medium;
+        this.low = low;
+        this.info = info;
+    }
+}
diff --git a/src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java b/src/main/java/com/checkmarx/ast/kicsRealtimeResults/kicsRealtimeResults.java
@@ -0,0 +1,63 @@
+package com.checkmarx.ast.kicsRealtimeResults;
+
+import com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult.KicsResult;
+import com.checkmarx.ast.kicsRealtimeResults.ast.kicsRealtimeResult.KicsSummary;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.type.TypeFactory;
+import lombok.Value;
+import org.apache.commons.lang3.StringUtils;
+
+import java.io.IOException;
+import java.util.List;
+
+@Value
+@JsonDeserialize()
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class kicsRealtimeResults {
+
+    int totalCount;
+    String version;
+    List<KicsResult> results;
+    KicsSummary kicsSummary;
+
+    @JsonCreator
+    public kicsRealtimeResults(@JsonProperty("total_counter") int totalCount, @JsonProperty("queries") List<KicsResult> results,@JsonProperty("kics_version") String version, @JsonProperty("severity_counters") KicsSummary kicsSummary) {
+        this.totalCount = totalCount;
+        this.version = version;
+        this.results = results;
+        this.kicsSummary = kicsSummary;
+    }
+    public static <T> T fromLine(String line) {
+        return parse(line, TypeFactory.defaultInstance().constructType(kicsRealtimeResults.class));
+    }
+
+    private static <T> T parse(String line, JavaType type) {
+        T result = null;
+        try {
+            if (!StringUtils.isBlank(line) && isValidJSON(line)) {
+                result = new ObjectMapper().readValue(line, type);
+
+            }
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        return result;
+    }
+    private static boolean isValidJSON(final String json) {
+        try {
+            final ObjectMapper mapper = new ObjectMapper();
+            mapper.readTree(json);
+            return true;
+        } catch (IOException e) {
+            return false;
+        }
+    }
+}
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java
@@ -49,4 +49,8 @@ public final class CxConstants {
     static final String CWE_ID = "--cwe-id";
     static final String LANGUAGE = "--language";
     static final String VULNERABILITY_TYPE = "--vulnerability-type";
+    static final String FILE_SOURCES = "--file";
+    static final String ADDITONAL_PARAMS = "--additional-params";
+    static final String ENGINE = "--engine";
+    static final String SUB_CMD_KICS_REALTIME = "kics-realtime";
 }
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java
@@ -1,6 +1,7 @@
 package com.checkmarx.ast.wrapper;
 
 import com.checkmarx.ast.codebashing.CodeBashing;
+import com.checkmarx.ast.kicsRealtimeResults.kicsRealtimeResults;
 import com.checkmarx.ast.predicate.Predicate;
 import com.checkmarx.ast.project.Project;
 import com.checkmarx.ast.results.ReportFormat;
@@ -304,6 +305,26 @@ public int getResultsBfl(@NonNull UUID scanId, @NonNull String queryId, List<Nod
 
     }
 
+    public kicsRealtimeResults kicsRealtimeScan(@NonNull String fileSources,String engine ,String additionalParams)
+            throws IOException, InterruptedException, CxException {
+        this.logger.info("Executing 'scan kics-realtime' command using the CLI.");
+        this.logger.info("Fetching the results for fileSources {} and additionalParams {}", fileSources, additionalParams);
+
+        List<String> arguments = new ArrayList<>();
+        arguments.add(CxConstants.CMD_SCAN);
+        arguments.add(CxConstants.SUB_CMD_KICS_REALTIME);
+        arguments.add(CxConstants.FILE_SOURCES);
+        arguments.add(fileSources);
+        arguments.add(CxConstants.ADDITONAL_PARAMS);
+        arguments.add(additionalParams);
+        if(engine.length()>0){
+            arguments.add(CxConstants.ENGINE);
+            arguments.add(engine);
+        }
+        kicsRealtimeResults kicsResults = Execution.executeCommand(withConfigArguments(arguments), logger, kicsRealtimeResults::fromLine);
+        return kicsResults;
+
+    }
     private int getIndexOfBfLNode(List<Node> bflNodes, List<Node> resultNodes) {
 
         int bflNodeNotFound = -1;
diff --git a/src/test/java/com/checkmarx/ast/ScanTest.java b/src/test/java/com/checkmarx/ast/ScanTest.java
@@ -1,5 +1,6 @@
 package com.checkmarx.ast;
 
+import com.checkmarx.ast.kicsRealtimeResults.kicsRealtimeResults;
 import com.checkmarx.ast.scan.Scan;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
@@ -31,4 +32,10 @@ void testScanCreate() throws Exception {
         Assertions.assertEquals("Completed", wrapper.scanShow(UUID.fromString(scan.getId())).getStatus());
     }
 
+    @Test
+    void testKicsRealtimeScan() throws Exception {
+        kicsRealtimeResults scan = wrapper.kicsRealtimeScan("target/test-classes/Dockerfile","","v");
+        Assertions.assertTrue(scan.getResults().size() >= 1);
+    }
+
 }
diff --git a/src/test/resources/Dockerfile b/src/test/resources/Dockerfile
@@ -0,0 +1,16 @@
+FROM openjdk:11.0.1-jre-slim-stretch
+
+ARG webwolf_version=v8.0.0-SNAPSHOT
+
+RUN \
+  apt-get update && apt-get install && \
+  useradd --home-dir /home/webwolf --create-home -U webwolf
+
+USER webwolf
+COPY target/webwolf-${webwolf_version}.jar /home/webwolf/webwolf.jar
+COPY start-webwolf.sh /home/webwolf
+
+EXPOSE 9090
+
+ENTRYPOINT ["/home/webwolf/start-webwolf.sh"]
+CMD ["--server.port=9090", "--server.address=0.0.0.0"]

Original file line number	Diff line number	Diff line change
`@@ -49,4 +49,8 @@ public final class CxConstants {`
`49`	`49`	`static final String CWE_ID = "--cwe-id";`
`50`	`50`	`static final String LANGUAGE = "--language";`
`51`	`51`	`static final String VULNERABILITY_TYPE = "--vulnerability-type";`
	`52`	`+ static final String FILE_SOURCES = "--file";`
	`53`	`+ static final String ADDITONAL_PARAMS = "--additional-params";`
	`54`	`+ static final String ENGINE = "--engine";`
	`55`	`+ static final String SUB_CMD_KICS_REALTIME = "kics-realtime";`
`52`	`56`	`}`