diff --git a/src/main/wrapper/CxConstants.ts b/src/main/wrapper/CxConstants.ts index 4f41ea0e..49d7643d 100644 --- a/src/main/wrapper/CxConstants.ts +++ b/src/main/wrapper/CxConstants.ts @@ -39,6 +39,8 @@ export enum CxConstants { SUB_CMD_GET_STATES = "get-states", ALL_STATES_FLAG = "--all", CMD_RESULT = "results", + CMD_RISK_MANAGEMENT = "risk-management", + CMD_LIMIT = "--limit", SUB_CMD_BFL = "bfl", CMD_CODE_BASHING = "codebashing", CMD_KICS_REALTIME = "kics-realtime", diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts index ba1d7ca2..0afa2f33 100644 --- a/src/main/wrapper/CxWrapper.ts +++ b/src/main/wrapper/CxWrapper.ts @@ -229,6 +229,20 @@ export class CxWrapper { return exec.executeResultsCommandsFile(scanId, CxConstants.FORMAT_JSON, CxConstants.FORMAT_JSON_FILE, commands, this.config.pathToExecutable, fileName); } + async riskManagementResults(projectId: string, limit?: number): Promise { + const commands: string[] = [CxConstants.CMD_RESULT, CxConstants.CMD_RISK_MANAGEMENT]; + commands.push(CxConstants.PROJECT_ID, projectId); + + if (limit !== undefined) { + commands.push(CxConstants.CMD_LIMIT, limit.toString()); + } + + commands.push(...this.initializeCommands(false)); + + const exec = new ExecutionService(); + return await exec.executeCommands(this.config.pathToExecutable, commands); + } + async getResultsSummary(scanId: string): Promise { const exec = new ExecutionService(); const fileName = new Date().getTime().toString(); diff --git a/src/tests/ResultTest.test.ts b/src/tests/ResultTest.test.ts index 05d28a58..4ec203f3 100644 --- a/src/tests/ResultTest.test.ts +++ b/src/tests/ResultTest.test.ts @@ -63,7 +63,51 @@ describe("Results cases",() => { const cxCommandOutput: CxCommandOutput = await auth.codeBashingList("79","PHP","Reflected XSS All Clients"); expect(cxCommandOutput.payload.length).toBeGreaterThan(0); }); -}); + + // The project ID is hardcoded because there is no dynamic way to associate + // an application with a project through the CLI. + // link to the our application: https://deu.ast.checkmarx.net/applications/5dff8d1c-d27f-4910-afc1-0b9df02324b4/overview + it("Risk Management - Successful case", async () => { + const auth = new CxWrapper(cxScanConfig); + const projectId = "a5d99fa4-973d-48b5-86c7-6401487e1d52" + + const cxCommandOutput: CxCommandOutput = await auth.riskManagementResults( + projectId + ); + + const str = JSON.stringify(cxCommandOutput); + console.log("Risk Management Result 1: " + str); + console.log("Risk Management Exit code 1: " + cxCommandOutput.exitCode); + console.log("Risk Management payload 1: " + cxCommandOutput.payload); + + expect(cxCommandOutput.exitCode).toBe(0); + expect(Object.keys(cxCommandOutput.payload).length).toBeGreaterThan(0); + }); + + + // The project ID is hardcoded because there is no dynamic way to associate + // an application with a project through the CLI. + // link to the our application: https://deu.ast.checkmarx.net/applications/5dff8d1c-d27f-4910-afc1-0b9df02324b4/overview + it("Risk Management - With Limit", async () => { + const auth = new CxWrapper(cxScanConfig); + const projectId = "a5d99fa4-973d-48b5-86c7-6401487e1d52" + const cxCommandOutput: CxCommandOutput = await auth.riskManagementResults( + projectId, + 10 + ); + + const str = JSON.stringify(cxCommandOutput); + console.log("Risk Management Result 2: " + str); + console.log("Risk Management Exit code 2: " + cxCommandOutput.exitCode); + console.log("Risk Management payload 2: " + cxCommandOutput.payload); + + expect(cxCommandOutput.exitCode).toBe(0); + expect(Object.keys(cxCommandOutput.payload).length).toBeGreaterThan(0); + }); + +}) + + const fileExists = (file:string) => { return new Promise((resolve) => {