Added support for getting BFL using 'results bfl' command (#89)

Mithilesh Pawar · web-flow · commit 8d9d6728dd40 · 2022-03-07T11:20:54.000-05:00
* Added support for getting BFL using 'results bfl' command
Added unit tests

* Returning an index for the BFlnode found in the results.

* Fixed compilation error after resolving the conflicts.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,6 +1,6 @@
 name: AST Java Wrapper CI
 
-on: [pull_request]
+on: [ pull_request ]
 
 jobs:
   integration-tests:
@@ -40,8 +40,7 @@ jobs:
       - name: Checkmarx AST CLI Action
         uses: checkmarxDev/ast-github-action@main
         with:
-          project_name: ast-cli-java-wrapper
-          branch: master
+          project_name: ${{ github.repository }}
           base_uri: ${{ secrets.CX_BASE_URI }}
           cx_tenant: ${{ secrets.CX_TENANT }}
           cx_client_id: ${{ secrets.CX_CLIENT_ID }}
diff --git a/src/main/java/com/checkmarx/ast/results/result/Node.java b/src/main/java/com/checkmarx/ast/results/result/Node.java
@@ -3,8 +3,15 @@
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.type.TypeFactory;
 import lombok.Value;
+import org.apache.commons.lang3.StringUtils;
+
+import java.io.IOException;
+import java.util.List;
 
 @Value
 @JsonDeserialize()
@@ -53,4 +60,57 @@ public Node(@JsonProperty("id") String id,
         this.methodLine = methodLine;
         this.definitions = definitions;
     }
+
+    public static <T> T fromLine(String line) {
+        return parse(line, TypeFactory.defaultInstance().constructType(Node.class));
+    }
+
+    public static <T> List<T> listFromLine(String line) {
+        return parse(line, TypeFactory.defaultInstance().constructCollectionType(List.class, Node.class));
+    }
+
+    protected static <T> T parse(String line, JavaType type) {
+        T result = null;
+        try {
+            if (!StringUtils.isBlank(line) && isValidJSON(line)) {
+                result = new ObjectMapper().readValue(line, type);
+
+            }
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        return result;
+    }
+
+    private static boolean isValidJSON(final String json) {
+        try {
+            final ObjectMapper mapper = new ObjectMapper();
+            mapper.readTree(json);
+            return true;
+        } catch (IOException e) {
+            return false;
+        }
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj == null || getClass() != obj.getClass()) {
+            return false;
+        }
+        Node node = (Node) obj;
+        return line == node.line &&
+                column == node.column &&
+                length == node.length &&
+                name.equals(node.name) &&
+                method.equals(node.method) &&
+                domType.equals(node.domType) &&
+                fileName.equals(node.fileName) &&
+                fullName.equals(node.fullName) &&
+                methodLine.equals(node.methodLine);
+
+    }
+
 }
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java
@@ -24,6 +24,7 @@ public final class CxConstants {
     static final String SUB_CMD_BRANCHES = "branches";
     static final String CMD_SCAN = "scan";
     static final String SUB_CMD_SHOW = "show";
+    static final String RESULTS_BFL_SUB_CMD = "bfl";
     static final String SUB_CMD_LIST = "list";
     static final String SUB_CMD_CREATE = "create";
     static final String CMD_TRIAGE = "triage";
@@ -36,6 +37,7 @@ public final class CxConstants {
     static final String SCAN_ID = "--scan-id";
     static final String PROJECT_ID = "--project-id";
     static final String SIMILARITY_ID = "--similarity-id";
+    static final String QUERY_ID = "--query-id";
     static final String STATE = "--state";
     static final String COMMENT = "--comment";
     static final String SEVERITY = "--severity";
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java
@@ -6,6 +6,7 @@
 import com.checkmarx.ast.results.ReportFormat;
 import com.checkmarx.ast.results.Results;
 import com.checkmarx.ast.results.ResultsSummary;
+import com.checkmarx.ast.results.result.Node;
 import com.checkmarx.ast.scan.Scan;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.type.CollectionType;
@@ -255,6 +256,38 @@ public String results(@NonNull UUID scanId, ReportFormat reportFormat)
                 fileName + reportFormat.getExtension());
     }
 
+    public int getResultsBfl(@NonNull UUID scanId, @NonNull String queryId, List<Node> resultNodes)
+            throws IOException, InterruptedException, CxException {
+        this.logger.info("Executing 'results bfl' command using the CLI.");
+        this.logger.info("Fetching the best fix location for ScanId {} and QueryId {}", scanId, queryId);
+
+        List<String> arguments = new ArrayList<>();
+        arguments.add(CxConstants.CMD_RESULT);
+        arguments.add(CxConstants.RESULTS_BFL_SUB_CMD);
+        arguments.add(CxConstants.SCAN_ID);
+        arguments.add(scanId.toString());
+        arguments.add(CxConstants.QUERY_ID);
+        arguments.add(queryId);
+        arguments.addAll(jsonArguments());
+
+        List<Node> bflNodes = Execution.executeCommand(withConfigArguments(arguments), logger, Node::listFromLine);
+        return getIndexOfBfLNode(bflNodes, resultNodes);
+
+    }
+
+    private int getIndexOfBfLNode(List<Node> bflNodes, List<Node> resultNodes) {
+        
+        int bflNodeIndex = -1;
+        for (Node bflNode : bflNodes) {
+            for (Node resultNode : resultNodes) {
+                if (bflNode.equals(resultNode)) {
+                    bflNodeIndex = resultNodes.indexOf(resultNode);
+                }
+            }
+        }
+        return bflNodeIndex;
+    }
+
     private List<String> withConfigArguments(List<String> commands) {
         List<String> arguments = new ArrayList<>();
 
diff --git a/src/test/java/com/checkmarx/ast/BaseTest.java b/src/test/java/com/checkmarx/ast/BaseTest.java
@@ -12,16 +12,7 @@
 
 public abstract class BaseTest {
 
-    protected CxWrapper wrapper;
-    private String projectId;
-
-    @BeforeEach
-    public void init() throws Exception {
-        wrapper = new CxWrapper(getConfig(), getLogger());
-    }
-
     public static final String CX_SCAN_ID = getEnvOrNull("CX_SCAN_ID");
-
     private static final String CX_BASE_URI = getEnvOrNull("CX_BASE_URI");
     private static final String CX_BASE_AUTH_URI = getEnvOrNull("CX_BASE_AUTH_URI");
     private static final String CX_TENANT = getEnvOrNull("CX_TENANT");
@@ -31,10 +22,8 @@ public void init() throws Exception {
     private static final String CX_ADDITIONAL_PARAMETERS = getEnvOrNull("CX_ADDITIONAL_PARAMETERS");
     private static final String PATH_TO_EXECUTABLE = getEnvOrNull("PATH_TO_EXECUTABLE");
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
-
-    protected Logger getLogger() {
-        return logger;
-    }
+    protected CxWrapper wrapper;
+    private String projectId;
 
     protected static CxConfig getConfig() {
         return CxConfig.builder()
@@ -53,9 +42,18 @@ private static String getEnvOrNull(String key) {
         return System.getenv().getOrDefault(key, null);
     }
 
+    @BeforeEach
+    public void init() throws Exception {
+        wrapper = new CxWrapper(getConfig(), getLogger());
+    }
+
+    protected Logger getLogger() {
+        return logger;
+    }
+
     protected Map<String, String> commonParams() {
         Map<String, String> params = new HashMap<>();
-        params.put(CxConstants.PROJECT_NAME, "CLI-Java-Wrapper-Tests");
+        params.put(CxConstants.PROJECT_NAME, "cli-java-wrapper-tests");
         params.put(CxConstants.SOURCE, ".");
         params.put(CxConstants.FILE_FILTER, "!test");
         params.put(CxConstants.BRANCH, "main");
diff --git a/src/test/java/com/checkmarx/ast/ResultTest.java b/src/test/java/com/checkmarx/ast/ResultTest.java
@@ -4,17 +4,23 @@
 import com.checkmarx.ast.results.ReportFormat;
 import com.checkmarx.ast.results.Results;
 import com.checkmarx.ast.results.ResultsSummary;
+import com.checkmarx.ast.results.result.Data;
+import com.checkmarx.ast.results.result.Node;
+import com.checkmarx.ast.results.result.Result;
 import com.checkmarx.ast.scan.Scan;
+import com.checkmarx.ast.wrapper.CxConstants;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
+import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
 
 class ResultTest extends BaseTest {
     private static String CWE_ID = "79";
     private static String LANGUAGE = "PHP";
     private static String QUERY_NAME = "Reflected XSS All Clients";
+
     @Test
     void testResultsHTML() throws Exception {
         List<Scan> scanList = wrapper.scanList();
@@ -54,9 +60,31 @@ void testResultsStructure() throws Exception {
 
     @Test()
     void testResultsCodeBashing() throws Exception {
-        List<CodeBashing> codeBashingList = wrapper.codeBashingList(CWE_ID,LANGUAGE,QUERY_NAME);
+        List<CodeBashing> codeBashingList = wrapper.codeBashingList(CWE_ID, LANGUAGE, QUERY_NAME);
         Assertions.assertTrue(codeBashingList.size() > 0);
         String path = codeBashingList.get(0).getPath();
         Assertions.assertTrue(path.length() > 0);
     }
+
+    @Test
+    void testResultsBflJSON() throws Exception {
+
+        UUID scanId = UUID.fromString(CX_SCAN_ID);
+        Results results = wrapper.results(scanId);
+        Result result = results.getResults().stream().filter(res -> res.getType().equalsIgnoreCase(CxConstants.SAST)).findFirst().get();
+        Data data = result.getData();
+        String queryId = data.getQueryId();
+        int bflNodeIndex = wrapper.getResultsBfl(scanId, queryId, data.getNodes());
+        Assertions.assertTrue(bflNodeIndex == -1 || bflNodeIndex >= 0);
+
+    }
+
+    @Test
+    void testResultsBflWithInvalidQueryId() throws Exception {
+
+        UUID scanId = UUID.fromString(CX_SCAN_ID);
+        String queryId = "0000";
+        int bflNodeIndex = wrapper.getResultsBfl(scanId, queryId, new ArrayList<Node>());
+        Assertions.assertEquals(-1, bflNodeIndex);
+    }
 }
