Merge branch 'main' into other/one-scan-action

Author: cx-anurag-dalke

.github/workflows/pr-automation.yml

@@ -51,6 +51,29 @@ jobs:
           chmod +x ./.github/scripts/update_cli.sh
           ./.github/scripts/update_cli.sh ${{ inputs.cliTag }}
 
+      - name: Extract CLI version
+        id: extract_cli_version
+        run: |
+          CLI_VERSION=$(./src/main/resources/cx-linux version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+')
+          echo "CLI version being packed is $CLI_VERSION"
+          echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV
+          echo "::set-output name=CLI_VERSION::$CLI_VERSION"
+
+      - name: Check if CLI version is latest
+        if: ${{ github.event.inputs.dev == 'false' && !github.event.inputs.cliTag && github.ref == 'refs/heads/main' }}
+        id: check_latest_cli_version
+        run: |
+          LATEST_CLI_VERSION=$(curl -s https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+          echo "CLI_VERSION=[$CLI_VERSION]"
+          echo "LATEST_CLI_VERSION=[$LATEST_CLI_VERSION]"
+          echo "Latest CLI version from GitHub: $LATEST_CLI_VERSION"
+          if [ "$CLI_VERSION" = "$LATEST_CLI_VERSION" ]; then
+            echo "CLI_VERSION ($CLI_VERSION) matches the latest released version ($LATEST_CLI_VERSION). Proceeding."
+          else
+            echo "CLI_VERSION ($CLI_VERSION) does not match the latest released version ($LATEST_CLI_VERSION). Failing workflow."
+            exit 1
+          fi    
+
       - name: Tag
         id: set_tag_name
         run: |
@@ -94,14 +117,6 @@ jobs:
           fi
           echo "AID_PROP=${prop}" >> $GITHUB_ENV
 
-      - name: Extract CLI version
-        id: extract_cli_version
-        run: |
-          CLI_VERSION=$(./src/main/resources/cx-linux version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+')
-          echo "CLI version being packed is $CLI_VERSION"
-          echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV
-          echo "::set-output name=CLI_VERSION::$CLI_VERSION"
-
       - name: Publish package
         run: mvn --batch-mode deploy -DskipTests ${{ env.AID_PROP }}
         env:
@@ -124,8 +139,8 @@ jobs:
       product_name: Java Wrapper
       release_version: ${{ needs.release.outputs.TAG_NAME }}
       cli_release_version: ${{ needs.release.outputs.CLI_VERSION }}
-      release_author: "Phoenix Team"
-      release_url: https://github.com/CheckmarxDev/ast-cli-java-wrapper/releases/tag/${{ needs.release.outputs.TAG_NAME }}
+      release_author: "Sypher Team"
+      release_url: https://github.com/Checkmarx/ast-cli-java-wrapper/releases/tag/${{ needs.release.outputs.TAG_NAME }}
       jira_product_name: JAVA_WRAPPER
     secrets: inherit
 

.github/workflows/release.yml

@@ -2,4 +2,4 @@
 # Each line is a file pattern followed by one or more owners
 
 # Specify the default owners for the entire repository
-*       @cx-anurag-dalke @cx-anand-nandeshwar @cx-atish-jadhav
+#*       @cx-anurag-dalke @cx-anand-nandeshwar @cx-atish-jadhav

CODEOWNERS

@@ -2,7 +2,7 @@
 <br />
 <p align="center">
   <a href="">
-    <img src="./logo.png" alt="Logo" width="80" height="80">
+    <img src="https://raw.githubusercontent.com/Checkmarx/ci-cd-integrations/main/.images/cx_x_icon.png" alt="Logo" width="80" height="80">
   </a>
 
 <h3 align="center">AST-CLI-JAVA-WRAPPER</h3>

README.md

@@ -1 +1 @@
-2.3.28
+2.3.46

checkmarx-ast-cli.version

@@ -24,7 +24,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.14.0</version>
+            <version>3.18.0</version>
         </dependency>
         <dependency>
             <groupId>com.googlecode.json-simple</groupId>
@@ -44,7 +44,7 @@
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.10.1</version>
+            <version>2.12.1</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -228,8 +228,8 @@
 
     <developers>
         <developer>
-            <name>Rahul Pidde</name>
-            <email>rahul.pidde@checkmarx.com</email>
+            <name>Anand Nandeshwar</name>
+            <email>anand.nandeshwar@checkmarx.com</email>
             <organization>Checkmarx</organization>
             <organizationUrl>https://www.checkmarx.com/</organizationUrl>
         </developer>

pom.xml

@@ -0,0 +1,40 @@
+package com.checkmarx.ast.containersrealtime;
+
+import com.checkmarx.ast.realtime.RealtimeLocation;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+
+import java.util.Collections;
+import java.util.List;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class ContainersRealtimeImage {
+    @JsonProperty("ImageName") String imageName;
+    @JsonProperty("ImageTag") String imageTag;
+    @JsonProperty("FilePath") String filePath;
+    @JsonProperty("Locations") List<RealtimeLocation> locations;
+    @JsonProperty("Status") String status;
+    @JsonProperty("Vulnerabilities") List<ContainersRealtimeVulnerability> vulnerabilities;
+
+    @JsonCreator
+    public ContainersRealtimeImage(@JsonProperty("ImageName") String imageName,
+                                   @JsonProperty("ImageTag") String imageTag,
+                                   @JsonProperty("FilePath") String filePath,
+                                   @JsonProperty("Locations") List<RealtimeLocation> locations,
+                                   @JsonProperty("Status") String status,
+                                   @JsonProperty("Vulnerabilities") List<ContainersRealtimeVulnerability> vulnerabilities) {
+        this.imageName = imageName;
+        this.imageTag = imageTag;
+        this.filePath = filePath;
+        this.locations = locations == null ? Collections.emptyList() : locations;
+        this.status = status;
+        this.vulnerabilities = vulnerabilities == null ? Collections.emptyList() : vulnerabilities;
+    }
+}

src/main/java/com/checkmarx/ast/containersrealtime/ContainersRealtimeImage.java

@@ -0,0 +1,53 @@
+package com.checkmarx.ast.containersrealtime;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.List;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class ContainersRealtimeResults {
+    private static final Logger log = LoggerFactory.getLogger(ContainersRealtimeResults.class);
+
+    @JsonProperty("Images") List<ContainersRealtimeImage> images;
+
+    @JsonCreator
+    public ContainersRealtimeResults(@JsonProperty("Images") List<ContainersRealtimeImage> images) {
+        this.images = images;
+    }
+
+    public static ContainersRealtimeResults fromLine(String line) {
+        if (StringUtils.isBlank(line)) {
+            return null;
+        }
+        try {
+            if (line.contains("\"Images\"") && isValidJSON(line)) {
+                return new ObjectMapper().readValue(line, ContainersRealtimeResults.class);
+            }
+        } catch (IOException e) {
+            log.debug("Failed to parse containers realtime line: {}", line, e);
+        }
+        return null;
+    }
+
+    private static boolean isValidJSON(String json) {
+        try {
+            new ObjectMapper().readTree(json);
+            return true;
+        } catch (IOException e) {
+            return false;
+        }
+    }
+}

src/main/java/com/checkmarx/ast/containersrealtime/ContainersRealtimeResults.java

@@ -0,0 +1,24 @@
+package com.checkmarx.ast.containersrealtime;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class ContainersRealtimeVulnerability {
+    @JsonProperty("CVE") String cve;
+    @JsonProperty("Severity") String severity;
+
+    @JsonCreator
+    public ContainersRealtimeVulnerability(@JsonProperty("CVE") String cve,
+                                           @JsonProperty("Severity") String severity) {
+        this.cve = cve;
+        this.severity = severity;
+    }
+}

src/main/java/com/checkmarx/ast/containersrealtime/ContainersRealtimeVulnerability.java

@@ -0,0 +1,98 @@
+package com.checkmarx.ast.iacrealtime;
+
+import com.checkmarx.ast.realtime.RealtimeLocation;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class IacRealtimeResults {
+    private static final Logger log = LoggerFactory.getLogger(IacRealtimeResults.class);
+    @JsonProperty("Results") List<Issue> results; // Normalized list (array or single object)
+
+    @JsonCreator
+    public IacRealtimeResults(@JsonProperty("Results") List<Issue> results) {
+        this.results = results == null ? Collections.emptyList() : results;
+    }
+
+    @Value
+    @JsonDeserialize
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    @JsonIgnoreProperties(ignoreUnknown = true)
+    public static class Issue {
+        @JsonProperty("Title") String title;
+        @JsonProperty("Description") String description;
+        @JsonProperty("SimilarityID") String similarityId;
+        @JsonProperty("FilePath") String filePath;
+        @JsonProperty("Severity") String severity;
+        @JsonProperty("ExpectedValue") String expectedValue;
+        @JsonProperty("ActualValue") String actualValue;
+        @JsonProperty("Locations") List<RealtimeLocation> locations;
+
+        @JsonCreator
+        public Issue(@JsonProperty("Title") String title,
+                     @JsonProperty("Description") String description,
+                     @JsonProperty("SimilarityID") String similarityId,
+                     @JsonProperty("FilePath") String filePath,
+                     @JsonProperty("Severity") String severity,
+                     @JsonProperty("ExpectedValue") String expectedValue,
+                     @JsonProperty("ActualValue") String actualValue,
+                     @JsonProperty("Locations") List<RealtimeLocation> locations) {
+            this.title = title;
+            this.description = description;
+            this.similarityId = similarityId;
+            this.filePath = filePath;
+            this.severity = severity;
+            this.expectedValue = expectedValue;
+            this.actualValue = actualValue;
+            this.locations = locations == null ? Collections.emptyList() : locations;
+        }
+    }
+
+    public static IacRealtimeResults fromLine(String line) {
+        if (StringUtils.isBlank(line)) {
+            return null;
+        }
+        try {
+            if (!isValidJSON(line)) {
+                return null;
+            }
+            ObjectMapper mapper = new ObjectMapper();
+            String trimmed = line.trim();
+            if (trimmed.startsWith("[")) {
+                List<Issue> list = mapper.readValue(trimmed, mapper.getTypeFactory().constructCollectionType(List.class, Issue.class));
+                return new IacRealtimeResults(list == null ? Collections.emptyList() : list);
+            }
+            if (trimmed.startsWith("{")) {
+                Issue single = mapper.readValue(trimmed, Issue.class);
+                return new IacRealtimeResults(Collections.singletonList(single));
+            }
+        } catch (IOException e) {
+            log.debug("Failed to parse iac realtime JSON line: {}", line, e);
+        }
+        return null;
+    }
+
+    private static boolean isValidJSON(String json) {
+        try {
+            new ObjectMapper().readTree(json);
+            return true;
+        } catch (IOException e) {
+            return false;
+        }
+    }
+}