Checkmarx · cx-itay-paz · Mar 17, 2025 · Mar 17, 2025 · Mar 17, 2025 · Mar 18, 2025
@@ -26,7 +26,7 @@ jobs:
       - name: Get Latest Checkmarx API version
         id: checkmarx-ast-cli
         run: |
-          echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name")
+          echo ::set-output name=release_tag::"2.3.17-test"
           echo ::set-output name=current_tag::$(<checkmarx-ast-cli.version)
 
       - name: Update Checkmarx cli version
@@ -53,21 +53,24 @@ jobs:
           git add .gitattributes
           git add src/main/wrapper/resources/cx-linux src/main/wrapper/resources/cx.exe src/main/wrapper/resources/cx-mac
           git commit -m "Track Checkmarx CLI binaries with Git LFS"
+          git push origin HEAD:${{ github.ref_name }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.AUTOMATION_TOKEN }}
 
-      - name: Create Pull Request
-        id: cretae_pull_request
-        if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6
-        with:
-          token: ${{ secrets.AUTOMATION_TOKEN }}
-          commit-message: Update checkmarx-ast-cli to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
-          title: Update checkmarx-ast-cli binaries with ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
-          body: |
-            Updates [checkmarx-ast-cli][1] to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+      # - name: Create Pull Request
+      #   id: cretae_pull_request
+      #   if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
+      #   uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6
+      #   with:
+      #     token: ${{ secrets.AUTOMATION_TOKEN }}
+      #     commit-message: Update checkmarx-ast-cli to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+      #     title: Update checkmarx-ast-cli binaries with ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+      #     body: |
+      #       Updates [checkmarx-ast-cli][1] to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
 
-            Auto-generated by [create-pull-request][2]
+      #       Auto-generated by [create-pull-request][2]
 
-            [1]: https://github.com/Checkmarx/checkmarx-ast-cli
-          labels: cxone
-          branch: feature/update_cli_${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+      #       [1]: https://github.com/Checkmarx/checkmarx-ast-cli
+      #     labels: cxone
+      #     branch: feature/update_cli_${{ steps.checkmarx-ast-cli.outputs.release_tag }}
 
@@ -39,6 +39,8 @@ export enum CxConstants {
     SUB_CMD_GET_STATES = "get-states",
     ALL_STATES_FLAG = "--all",
     CMD_RESULT = "results",
+    CMD_RISK_MANAGEMENT = "risk-management",
+    CMD_LIMIT = "--limit",
     SUB_CMD_BFL = "bfl",
     CMD_CODE_BASHING = "codebashing",
     CMD_KICS_REALTIME = "kics-realtime",

@@ -228,6 +228,20 @@ export class CxWrapper {
         // Reads the result file and retrieves the results
         return exec.executeResultsCommandsFile(scanId, CxConstants.FORMAT_JSON, CxConstants.FORMAT_JSON_FILE, commands, this.config.pathToExecutable, fileName);
     }
+
+    async riskManagementResults(projectId: string, limit?: number):  Promise<CxCommandOutput> {
+        const commands: string[] = [CxConstants.CMD_RESULT, CxConstants.CMD_RISK_MANAGEMENT];
+        commands.push(CxConstants.PROJECT_ID, projectId);
+
+        if (limit !== undefined) {
+            commands.push(CxConstants.CMD_LIMIT, limit.toString());
+        }
+
+        commands.push(...this.initializeCommands(false));
+
+        const exec = new ExecutionService();
+        return await exec.executeCommands(this.config.pathToExecutable, commands);
+    }
 
     async getResultsSummary(scanId: string): Promise<CxCommandOutput> {
         const exec = new ExecutionService();

@@ -1,74 +1,133 @@
-import {CxWrapper} from '../main/wrapper/CxWrapper';
-import {CxCommandOutput} from "../main/wrapper/CxCommandOutput";
-import {BaseTest} from "./BaseTest";
+import { CxWrapper } from "../main/wrapper/CxWrapper";
+import { CxCommandOutput } from "../main/wrapper/CxCommandOutput";
+import { BaseTest } from "./BaseTest";
 import * as fs from "fs";
 
-describe("Results cases",() => {
-    const cxScanConfig = new BaseTest();
-    it('Result Test Successful case', async () => {
-        const auth = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput  = await auth.scanList("statuses=Completed");
-        const sampleId  = cxCommandOutput.payload.pop().id;
-
-        auth.getResults(sampleId,"json","jsonList", ".").then(() => {
-           fileExists("./jsonList.json").then(file => expect(file).toBe(true));
-        });
-    });
+describe("Results cases", () => {
+  const cxScanConfig = new BaseTest();
+  it("Result Test Successful case", async () => {
+    const auth = new CxWrapper(cxScanConfig);
+    const cxCommandOutput: CxCommandOutput = await auth.scanList(
+      "statuses=Completed"
+    );
+    const sampleId = cxCommandOutput.payload.pop().id;
 
-    it('Result Test With Agent Flug Successful case', async () => {
-        const auth = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput  = await auth.scanList("statuses=Completed");
-        const sampleId  = cxCommandOutput.payload.pop().id;
-
-        auth.getResults(sampleId,"json","jsonList", ".", "jswrapper").then(() => {
-           fileExists("./jsonList.json").then(file => expect(file).toBe(true));
-        });
+    auth.getResults(sampleId, "json", "jsonList", ".").then(() => {
+      fileExists("./jsonList.json").then((file) => expect(file).toBe(true));
     });
+  });
 
-    it('Result List Successful case', async () => {
-        const auth = new CxWrapper(cxScanConfig);
-        const scanList: CxCommandOutput = await auth.scanList("statuses=Completed");
-        let output;
-        while (!output && scanList && scanList.payload && scanList.payload.length > 0) {
-            const scanId = scanList.payload.pop().id;
-            console.log("Triage Successful case -  ScanId " + scanId);
-            output = await auth.getResultsList(scanId);
-            if (output.status == "Error in the json file.") {
-                output = undefined;
-            }
-        }
-        expect(output.status).toBeUndefined();
-        expect(output.payload.length).toBeGreaterThanOrEqual(0);
-    });
+  it("Result Test With Agent Flug Successful case", async () => {
+    const auth = new CxWrapper(cxScanConfig);
+    const cxCommandOutput: CxCommandOutput = await auth.scanList(
+      "statuses=Completed"
+    );
+    const sampleId = cxCommandOutput.payload.pop().id;
 
-    it('Result summary html file generation successful case', async () => {
-        const auth = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput = await auth.scanList("statuses=Completed");
-        const sampleId  = cxCommandOutput.payload.pop().id;
-        await auth.getResults(sampleId,"summaryHTML","test", ".");
-        const file = await fileExists("./test.html");
-        expect(file).toBe(true);
+    auth.getResults(sampleId, "json", "jsonList", ".", "jswrapper").then(() => {
+      fileExists("./jsonList.json").then((file) => expect(file).toBe(true));
     });
+  });
 
-    it('Result summary html string successful case', async () => {
-        const auth = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput = await auth.scanList("statuses=Completed");
-        const sampleId  = cxCommandOutput.payload.pop().id;
-        const written = await auth.getResultsSummary(sampleId);
-        expect(written.payload.length).toBeGreaterThan(0);
-    });
+  it("Result List Successful case", async () => {
+    const auth = new CxWrapper(cxScanConfig);
+    const scanList: CxCommandOutput = await auth.scanList("statuses=Completed");
+    let output;
+    while (
+      !output &&
+      scanList &&
+      scanList.payload &&
+      scanList.payload.length > 0
+    ) {
+      const scanId = scanList.payload.pop().id;
+      console.log("Triage Successful case -  ScanId " + scanId);
+      output = await auth.getResultsList(scanId);
+      if (output.status == "Error in the json file.") {
+        output = undefined;
+      }
+    }
+    expect(output.status).toBeUndefined();
+    expect(output.payload.length).toBeGreaterThanOrEqual(0);
+  });
 
-    it('Result codebashing successful case', async () => {
-        const auth = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput = await auth.codeBashingList("79","PHP","Reflected XSS All Clients");
-        expect(cxCommandOutput.payload.length).toBeGreaterThan(0);
-    });
+  it("Result summary html file generation successful case", async () => {
+    const auth = new CxWrapper(cxScanConfig);
+    const cxCommandOutput: CxCommandOutput = await auth.scanList(
+      "statuses=Completed"
+    );
+    const sampleId = cxCommandOutput.payload.pop().id;
+    await auth.getResults(sampleId, "summaryHTML", "test", ".");
+    const file = await fileExists("./test.html");
+    expect(file).toBe(true);
+  });
+
+  it("Result summary html string successful case", async () => {
+    const auth = new CxWrapper(cxScanConfig);
+    const cxCommandOutput: CxCommandOutput = await auth.scanList(
+      "statuses=Completed"
+    );
+    const sampleId = cxCommandOutput.payload.pop().id;
+    const written = await auth.getResultsSummary(sampleId);
+    expect(written.payload.length).toBeGreaterThan(0);
+  });
+
+  it("Result codebashing successful case", async () => {
+    const auth = new CxWrapper(cxScanConfig);
+    const cxCommandOutput: CxCommandOutput = await auth.codeBashingList(
+      "79",
+      "PHP",
+      "Reflected XSS All Clients"
+    );
+    expect(cxCommandOutput.payload.length).toBeGreaterThan(0);
+  });
+
+  // The project ID is hardcoded because there is no dynamic way to associate 
+  // an application with a project through the CLI.
+  // link to the our application: https://deu.ast.checkmarx.net/applications/5dff8d1c-d27f-4910-afc1-0b9df02324b4/overview
+  it("Risk Management - Successful case", async () => {
+    const auth = new CxWrapper(cxScanConfig);
+    const projectId = "a5d99fa4-973d-48b5-86c7-6401487e1d52"
+
+    const cxCommandOutput: CxCommandOutput = await auth.riskManagementResults(
+      projectId
+    );
+
+    const str = JSON.stringify(cxCommandOutput);
+    console.log("Risk Management Result 1: " + str);
+    console.log("Risk Management Exit code 1: " + cxCommandOutput.exitCode);
+    console.log("Risk Management payload 1: " + cxCommandOutput.payload);
+
+    expect(cxCommandOutput.exitCode).toBe(0);
+    expect(Object.keys(cxCommandOutput.payload).length).toBeGreaterThan(0);
+  });
+
+
+   // The project ID is hardcoded because there is no dynamic way to associate 
+  // an application with a project through the CLI.
+  // link to the our application: https://deu.ast.checkmarx.net/applications/5dff8d1c-d27f-4910-afc1-0b9df02324b4/overview
+  it("Risk Management - With Limit", async () => {
+    const auth = new CxWrapper(cxScanConfig);
+    const projectId = "a5d99fa4-973d-48b5-86c7-6401487e1d52"
+    const cxCommandOutput: CxCommandOutput = await auth.riskManagementResults(
+      projectId,
+      10
+    );
+
+    const str = JSON.stringify(cxCommandOutput);
+    console.log("Risk Management Result 2: " + str);
+    console.log("Risk Management Exit code 2: " + cxCommandOutput.exitCode);
+    console.log("Risk Management payload 2: " + cxCommandOutput.payload);
+
+    expect(cxCommandOutput.exitCode).toBe(0);
+    expect(Object.keys(cxCommandOutput.payload).length).toBeGreaterThan(0);
+  });
 });
 
-const fileExists = (file:string) => {
-    return new Promise((resolve) => {
-        fs.access(file, fs.constants.F_OK, (err) => {
-            err ? resolve(false) : resolve(true)
-        });
-    })
-}
+
+const fileExists = (file: string) => {
+  return new Promise((resolve) => {
+    fs.access(file, fs.constants.F_OK, (err) => {
+      err ? resolve(false) : resolve(true);
+    });
+  });
+};