diff --git a/build.gradle.kts b/build.gradle.kts index 519782a..7621fe8 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -12,7 +12,6 @@ fun properties(key: String): String = project.findProperty(key).toString() plugins { id("java") // Java support alias(libs.plugins.kotlin) // Kotlin support -// alias(libs.plugins.kotlinSerialization) // Kotlin serialization support alias(libs.plugins.intelliJPlatform) // IntelliJ Platform Gradle Plugin alias(libs.plugins.changelog) // Gradle Changelog Plugin alias(libs.plugins.qodana) // Gradle Qodana Plugin @@ -35,22 +34,19 @@ repositories { } dependencies { - implementation("com.beust:klaxon:5.6") - implementation("com.google.code.gson:gson:2.10.1") - implementation("org.json:json:20231013") - implementation("commons-io:commons-io:2.11.0") - implementation("io.github.java-diff-utils:java-diff-utils:4.12") - implementation("org.slf4j:slf4j-api:2.0.16") - implementation("ch.qos.logback:logback-classic:1.5.6") - implementation(libs.springWeb) -// implementation(libs.kotlinxSerializationJson) implementation(libs.jackson) + implementation(libs.springWeb) + implementation("org.json:json:20231013") // TODO: Remove when possible + implementation(libs.commons) + implementation(libs.slf4j) + implementation(libs.logback) + implementation(libs.diffUtils) compileOnly(libs.lombok) annotationProcessor(libs.lombok) testImplementation(libs.junit) testImplementation(libs.jupiterApi) - testRuntimeOnly("org.junit.jupiter:junit-jupiter:5.8.1") - testRuntimeOnly("org.junit.platform:junit-platform-launcher:1.9.0") + testRuntimeOnly(libs.jupiter) + testRuntimeOnly(libs.junitPlatform) // IntelliJ Platform Gradle Plugin Dependencies Extension - read more: https://plugins.jetbrains.com/docs/intellij/tools-intellij-platform-gradle-plugin-dependencies-extension.html intellijPlatform { diff --git a/gradle.properties b/gradle.properties index 36d7433..5162aef 100644 --- a/gradle.properties +++ b/gradle.properties @@ -2,7 +2,7 @@ # -> https://plugins.jetbrains.com/docs/intellij/intellij-artifacts.html pluginGroup = com.github.bridgecrewio.prismajetbrainsidea -pluginName = prismacloud-jetbrains-idea +pluginName = Prisma Cloud pluginVersion=1.0.22 # Plugin Verifier integration -> https://github.com/JetBrains/gradle-intellij-plugin#plugin-verifier-dsl # See https://jb.gg/intellij-platform-builds-list for available build versions diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index c84d6ab..455ac40 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,12 +1,16 @@ [versions] # libraries +jackson = "2.17.2" lombok = "1.18.34" -junit = "4.13.2" -jupiterApi = "5.8.1" springWeb = "6.1.12" -jackson = "2.17.2" -# kotlinxSerializationJson = "1.7.2" +commons-io = "2.16.1" +slf4j = "2.0.16" +logback = "1.5.6" +diffUtils = "4.12" +junit = "4.13.2" +jupiter = "5.8.1" +junitPlatform = "1.9.0" # plugins changelog = "2.2.1" @@ -17,16 +21,20 @@ qodana = "0.1.13" [libraries] jackson = { group = "com.fasterxml.jackson.module", name = "jackson-module-kotlin", version.ref = "jackson"} -# kotlinxSerializationJson = { group = "org.jetbrains.kotlinx", name = "kotlinx-serialization-json", version.ref = "kotlinxSerializationJson"} lombok = { group = "org.projectlombok", name = "lombok", version.ref = "lombok" } -junit = { group = "junit", name = "junit", version.ref = "junit" } -jupiterApi = { group = "org.junit.jupiter", name = "junit-jupiter-api", version.ref = "jupiterApi" } springWeb = { group = "org.springframework", name = "spring-web", version.ref = "springWeb" } +commons = { group = "commons-io", name = "commons-io", version.ref = "commons-io" } +slf4j = { group = "org.slf4j", name = "slf4j-api", version.ref = "slf4j" } +logback = { group = "ch.qos.logback", name = "logback-classic", version.ref = "logback" } +diffUtils = { group = "io.github.java-diff-utils", name = "java-diff-utils", version.ref = "diffUtils" } +junit = { group = "junit", name = "junit", version.ref = "junit" } +jupiterApi = { group = "org.junit.jupiter", name = "junit-jupiter-api", version.ref = "jupiter" } +jupiter = { group = "org.junit.jupiter", name = "junit-jupiter", version.ref = "jupiter" } +junitPlatform = { group = "org.junit.platform", name = "junit-platform-launcher", version.ref = "junitPlatform" } [plugins] changelog = { id = "org.jetbrains.changelog", version.ref = "changelog" } intelliJPlatform = { id = "org.jetbrains.intellij.platform", version.ref = "intelliJPlatform" } kotlin = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" } -# kotlinSerialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" } kover = { id = "org.jetbrains.kotlinx.kover", version.ref = "kover" } qodana = { id = "org.jetbrains.qodana", version.ref = "qodana" } \ No newline at end of file diff --git a/src/main/kotlin/com/bridgecrew/CheckovResult.kt b/src/main/kotlin/com/bridgecrew/CheckovResult.kt index 384815a..b0e2e86 100644 --- a/src/main/kotlin/com/bridgecrew/CheckovResult.kt +++ b/src/main/kotlin/com/bridgecrew/CheckovResult.kt @@ -1,72 +1,69 @@ package com.bridgecrew -import com.google.gson.Gson - -val gson = Gson() - data class VulnerabilityDetails( - val id: String?, - val package_name: String?, - val package_version: String?, - val link: String?, - val description: String?, - val license: String?, - val cvss: Double?, - val lowest_fixed_version: String?, - val published_date: String?, - val vector: String?, - val risk_factors: Map, - val root_package_name: String?, - val root_package_version: String?, - val root_package_fix_version: String?, - val fix_command: FixCommand? + val id: String?, + val package_name: String?, + val package_version: String?, + val link: String?, + val description: String?, + val license: String?, + val cvss: Double?, + val lowest_fixed_version: String?, + val published_date: String?, + val vector: String?, + val risk_factors: Map?, + val root_package_name: String?, + val root_package_version: String?, + val root_package_fix_version: String?, + val fix_command: FixCommand? ) data class FixCommand( - val msg: String?, - val cmds: ArrayList, - val manualCodeFix: Boolean + val msg: String?, + val cmds: ArrayList, + val manualCodeFix: Boolean ) data class CheckovResult( - val check_id: String, - val bc_check_id: String = "", - val check_name: String, - val file_path: String, - val repo_file_path: String, - var file_abs_path: String, - val file_line_range: ArrayList, - val resource: String, - val severity: String, - val description: String, - val short_description: String, - val vulnerability_details: VulnerabilityDetails?, - val guideline: String = "\"No Guide\")", - val code_block: List>, - var check_type: String, - val fixed_definition: String = "", - val cwe: ArrayList? = ArrayList(), - val owasp: ArrayList? = ArrayList(), - val metadata: Metadata? = null -) + val check_id: String, + val bc_check_id: String? = "", + val check_name: String, + val file_path: String, + val repo_file_path: String?, + var file_abs_path: String, + val file_line_range: ArrayList, + val resource: String, + val severity: String, + val description: String?, + val short_description: String?, + val vulnerability_details: VulnerabilityDetails?, + val guideline: String? = "\"No Guide\")", + val code_block: List>, + val fixed_definition: String? = "", + val cwe: ArrayList? = ArrayList(), + val owasp: ArrayList? = ArrayList(), + val metadata: Metadata? = null +) { + lateinit var check_type: String +} data class Metadata( - val code_locations: List?, - val taint_mode: TaintMode? + val code_locations: List?, + val taint_mode: TaintMode? ) data class TaintMode( - val data_flow: List? + val data_flow: List? ) data class DataFlow( - val path: String, - val start: CodePosition, - val end: CodePosition, - val code_block: String + val path: String, + val start: CodePosition, + val end: CodePosition, + val code_block: String ) data class CodePosition( - val row: Int, - val column: Int + val row: Int, + val column: Int ) \ No newline at end of file diff --git a/src/main/kotlin/com/bridgecrew/api/PrismaApiClient.kt b/src/main/kotlin/com/bridgecrew/api/PrismaApiClient.kt index 06438e9..08f17d4 100644 --- a/src/main/kotlin/com/bridgecrew/api/PrismaApiClient.kt +++ b/src/main/kotlin/com/bridgecrew/api/PrismaApiClient.kt @@ -5,6 +5,7 @@ import com.bridgecrew.listeners.CheckovSettingsListener import com.bridgecrew.settings.DEFAULT_REPORTING_INTERVAL import com.bridgecrew.settings.PLUGIN_NAME import com.bridgecrew.settings.PrismaSettingsState +import com.fasterxml.jackson.annotation.JsonInclude import com.fasterxml.jackson.databind.DeserializationFeature import com.fasterxml.jackson.databind.ObjectMapper import com.fasterxml.jackson.module.kotlin.KotlinModule @@ -33,6 +34,7 @@ data class PrismaConnectionDetails( val mapper = ObjectMapper().apply { registerModule(KotlinModule.Builder().build()) configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false) + setSerializationInclusion(JsonInclude.Include.NON_NULL) } @Service @@ -77,7 +79,7 @@ class PrismaApiClient { private inline fun sendRequest(endpoint: String, method: HttpMethod, payload: Any?, login: Boolean = false): T? { try { if (connection == null) { - logger.warn("API call aborted because Prisma Cloud settings were not configured in the plugin settings") + logger.warn("API call '$endpoint' aborted because Prisma Cloud settings were not configured in the plugin settings") return null } logger.info("Sending {} request '{}' to {}", method, endpoint, connection!!.url) diff --git a/src/main/kotlin/com/bridgecrew/results/BaseCheckovResult.kt b/src/main/kotlin/com/bridgecrew/results/BaseCheckovResult.kt index 498d722..89dd436 100644 --- a/src/main/kotlin/com/bridgecrew/results/BaseCheckovResult.kt +++ b/src/main/kotlin/com/bridgecrew/results/BaseCheckovResult.kt @@ -40,20 +40,20 @@ enum class Severity { } open class BaseCheckovResult( - val category: Category, - val checkType: CheckType, - val filePath: String, - val resource: String, - val name: String, - val id: String, - val severity: Severity, - val description: String?, - val guideline: String?, - val absoluteFilePath: String, - val fileLineRange: List, - val fixDefinition: String?, - val codeBlock: List>, - var codeDiffFirstLine: Int = fileLineRange[0] + val category: Category, + val checkType: CheckType, + val filePath: String, + val resource: String, + val name: String, + val id: String, + val severity: Severity, + val description: String?, + val guideline: String?, + val absoluteFilePath: String, + val fileLineRange: List, + val fixDefinition: String?, + val codeBlock: List>, + var codeDiffFirstLine: Int = fileLineRange[0] ) { override fun equals(other: Any?): Boolean { if (this === other) return true diff --git a/src/main/kotlin/com/bridgecrew/results/IacCheckovResult.kt b/src/main/kotlin/com/bridgecrew/results/IacCheckovResult.kt index 80ccb3d..f5e6bc8 100644 --- a/src/main/kotlin/com/bridgecrew/results/IacCheckovResult.kt +++ b/src/main/kotlin/com/bridgecrew/results/IacCheckovResult.kt @@ -1,31 +1,31 @@ package com.bridgecrew.results class IacCheckovResult( - checkType: CheckType, - filePath: String, - resource: String, - name: String, - id: String, - severity: Severity, - description: String?, - guideline: String?, - absoluteFilePath: String, - fileLineRange: List, - fixDefinition: String?, - codeBlock: List>, - val checkName: String - ) : - BaseCheckovResult( - category = Category.IAC, - checkType, - filePath, - resource, - name, - id, - severity, - description, - guideline, - absoluteFilePath, - fileLineRange, - fixDefinition, - codeBlock) \ No newline at end of file + checkType: CheckType, + filePath: String, + resource: String, + name: String, + id: String, + severity: Severity, + description: String?, + guideline: String?, + absoluteFilePath: String, + fileLineRange: List, + fixDefinition: String?, + codeBlock: List>, + val checkName: String +) : BaseCheckovResult( + category = Category.IAC, + checkType, + filePath, + resource, + name, + id, + severity, + description, + guideline, + absoluteFilePath, + fileLineRange, + fixDefinition, + codeBlock +) \ No newline at end of file diff --git a/src/main/kotlin/com/bridgecrew/results/LicenseCheckovResult.kt b/src/main/kotlin/com/bridgecrew/results/LicenseCheckovResult.kt index 41bc05a..3225559 100644 --- a/src/main/kotlin/com/bridgecrew/results/LicenseCheckovResult.kt +++ b/src/main/kotlin/com/bridgecrew/results/LicenseCheckovResult.kt @@ -1,32 +1,33 @@ package com.bridgecrew.results class LicenseCheckovResult( - checkType: CheckType, - filePath: String, - resource: String, - name: String, - id: String, - severity: Severity, - description: String?, - guideline: String?, - absoluteFilePath: String, - fileLineRange: List, - fixDefinition: String?, - codeBlock: List>, - val policy: String?, - val licenseType: String?, - val approvedSPDX: Boolean) : - BaseCheckovResult( - category = Category.LICENSES, - checkType, - filePath, - resource, - name, - id, - severity, - description, - guideline, - absoluteFilePath, - fileLineRange, - fixDefinition, - codeBlock) \ No newline at end of file + checkType: CheckType, + filePath: String, + resource: String, + name: String, + id: String, + severity: Severity, + description: String?, + guideline: String?, + absoluteFilePath: String, + fileLineRange: List, + fixDefinition: String?, + codeBlock: List>, + val policy: String?, + val licenseType: String?, + val approvedSPDX: Boolean +) : BaseCheckovResult( + category = Category.LICENSES, + checkType, + filePath, + resource, + name, + id, + severity, + description, + guideline, + absoluteFilePath, + fileLineRange, + fixDefinition, + codeBlock +) \ No newline at end of file diff --git a/src/main/kotlin/com/bridgecrew/results/SecretsCheckovResult.kt b/src/main/kotlin/com/bridgecrew/results/SecretsCheckovResult.kt index 344e4ab..385fc6b 100644 --- a/src/main/kotlin/com/bridgecrew/results/SecretsCheckovResult.kt +++ b/src/main/kotlin/com/bridgecrew/results/SecretsCheckovResult.kt @@ -1,30 +1,31 @@ package com.bridgecrew.results class SecretsCheckovResult( - checkType: CheckType, - filePath: String, - resource: String, - name: String, - id: String, - severity: Severity, - description: String?, - guideline: String?, - absoluteFilePath: String, - fileLineRange: List, - fixDefinition: String?, - codeBlock: List>, - val checkName: String) : - BaseCheckovResult( - category = Category.SECRETS, - checkType, - filePath, - resource, - name, - id, - severity, - description, - guideline, - absoluteFilePath, - fileLineRange, - fixDefinition, - codeBlock) \ No newline at end of file + checkType: CheckType, + filePath: String, + resource: String, + name: String, + id: String, + severity: Severity, + description: String?, + guideline: String?, + absoluteFilePath: String, + fileLineRange: List, + fixDefinition: String?, + codeBlock: List>, + val checkName: String +) : BaseCheckovResult( + category = Category.SECRETS, + checkType, + filePath, + resource, + name, + id, + severity, + description, + guideline, + absoluteFilePath, + fileLineRange, + fixDefinition, + codeBlock +) \ No newline at end of file diff --git a/src/main/kotlin/com/bridgecrew/results/VulnerabilityCheckovResult.kt b/src/main/kotlin/com/bridgecrew/results/VulnerabilityCheckovResult.kt index ccb707e..d38b167 100644 --- a/src/main/kotlin/com/bridgecrew/results/VulnerabilityCheckovResult.kt +++ b/src/main/kotlin/com/bridgecrew/results/VulnerabilityCheckovResult.kt @@ -3,45 +3,45 @@ package com.bridgecrew.results import com.bridgecrew.FixCommand class VulnerabilityCheckovResult( - checkType: CheckType, - filePath: String, - resource: String, - name: String, - id: String, - severity: Severity, - description: String?, - guideline: String?, - absoluteFilePath: String, - fileLineRange: List, - fixDefinition: String?, - codeBlock: List>, - val cvss: Double?, - val packageName: String?, - val packageVersion: String?, - val fixVersion: String?, - val cveLink: String?, - val publishedDate: String?, - val vector: String?, - val violationId: String?, - val resourceId: String, - val riskFactors: Map?, - val rootPackageName: String?, - val rootPackageVersion: String?, - val rootPackageFixVersion: String?, - val fixCommand: FixCommand? - ) : - BaseCheckovResult( - category = Category.VULNERABILITIES, - checkType, - filePath, - resource, - name, - id, - severity, - description, - guideline, - absoluteFilePath, - fileLineRange, - fixDefinition, - codeBlock) + checkType: CheckType, + filePath: String, + resource: String, + name: String, + id: String, + severity: Severity, + description: String?, + guideline: String?, + absoluteFilePath: String, + fileLineRange: List, + fixDefinition: String?, + codeBlock: List>, + val cvss: Double?, + val packageName: String?, + val packageVersion: String?, + val fixVersion: String?, + val cveLink: String?, + val publishedDate: String?, + val vector: String?, + val violationId: String?, + val resourceId: String, + val riskFactors: Map?, + val rootPackageName: String?, + val rootPackageVersion: String?, + val rootPackageFixVersion: String?, + val fixCommand: FixCommand? +) : BaseCheckovResult( + category = Category.VULNERABILITIES, + checkType, + filePath, + resource, + name, + id, + severity, + description, + guideline, + absoluteFilePath, + fileLineRange, + fixDefinition, + codeBlock +) diff --git a/src/main/kotlin/com/bridgecrew/results/WeaknessCheckovResult.kt b/src/main/kotlin/com/bridgecrew/results/WeaknessCheckovResult.kt index af5e45b..d645e9c 100644 --- a/src/main/kotlin/com/bridgecrew/results/WeaknessCheckovResult.kt +++ b/src/main/kotlin/com/bridgecrew/results/WeaknessCheckovResult.kt @@ -3,33 +3,34 @@ package com.bridgecrew.results import com.bridgecrew.Metadata class WeaknessCheckovResult( - checkType: CheckType, - filePath: String, - resource: String, - name: String, - id: String, - severity: Severity, - description: String?, - guideline: String?, - absoluteFilePath: String, - fileLineRange: List, - fixDefinition: String?, - codeBlock: List>, - val checkName: String, - val cwe: List?, - val owasp: List?, - val metadata: Metadata?) : - BaseCheckovResult( - category = Category.WEAKNESSES, - checkType, - filePath, - resource, - name, - id, - severity, - description, - guideline, - absoluteFilePath, - fileLineRange, - fixDefinition, - codeBlock) \ No newline at end of file + checkType: CheckType, + filePath: String, + resource: String, + name: String, + id: String, + severity: Severity, + description: String?, + guideline: String?, + absoluteFilePath: String, + fileLineRange: List, + fixDefinition: String?, + codeBlock: List>, + val checkName: String, + val cwe: List?, + val owasp: List?, + val metadata: Metadata? +) : BaseCheckovResult( + category = Category.WEAKNESSES, + checkType, + filePath, + resource, + name, + id, + severity, + description, + guideline, + absoluteFilePath, + fileLineRange, + fixDefinition, + codeBlock +) \ No newline at end of file diff --git a/src/main/kotlin/com/bridgecrew/services/CliService.kt b/src/main/kotlin/com/bridgecrew/services/CliService.kt index 4601f60..4dea12d 100644 --- a/src/main/kotlin/com/bridgecrew/services/CliService.kt +++ b/src/main/kotlin/com/bridgecrew/services/CliService.kt @@ -81,7 +81,6 @@ class CliService { } } } - } } diff --git a/src/main/kotlin/com/bridgecrew/services/ResultsCacheService.kt b/src/main/kotlin/com/bridgecrew/services/ResultsCacheService.kt index 331c2e9..c9b9199 100644 --- a/src/main/kotlin/com/bridgecrew/services/ResultsCacheService.kt +++ b/src/main/kotlin/com/bridgecrew/services/ResultsCacheService.kt @@ -13,7 +13,7 @@ import org.slf4j.LoggerFactory import java.io.File import java.nio.file.Paths -@Service +@Service(Service.Level.PROJECT) class ResultsCacheService(val project: Project) { private val logger: Logger = LoggerFactory.getLogger(javaClass) @@ -30,7 +30,7 @@ class ResultsCacheService(val project: Project) { } if (CheckovGlobalState.shouldRecalculateResult) { - var changedResults: MutableList = mutableListOf() + val changedResults: MutableList = mutableListOf() CheckovGlobalState.modifiedCheckovResults.forEach { modifiedResult -> val originalResult = modifiedResults.find { res -> res.mostlyEquals(modifiedResult) } if (originalResult != null) { @@ -95,7 +95,7 @@ class ResultsCacheService(val project: Project) { result.file_abs_path = fromDockerFilePath(result.file_abs_path) if (isWindows()) { - result.file_abs_path = result.file_abs_path.replace("\\", "/"); + result.file_abs_path = result.file_abs_path.replace("\\", "/") } val category: Category = mapCheckovCheckTypeToScanType(result.check_type, result.check_id) @@ -113,34 +113,35 @@ class ResultsCacheService(val project: Project) { throw Exception("type is vulnerability but no vulnerability_details") } val vulnerabilityCheckovResult = VulnerabilityCheckovResult( - checkType, filePath, - resource, name, result.check_id, severity, description, - result.guideline, fileAbsPath, result.file_line_range, result.fixed_definition, - result.code_block, - result.vulnerability_details.cvss, - result.vulnerability_details.package_name, - result.vulnerability_details.package_version, - result.vulnerability_details.lowest_fixed_version, - result.vulnerability_details.link, - result.vulnerability_details.published_date, - result.vulnerability_details.vector, - result.vulnerability_details.id, - result.file_path, - result.vulnerability_details.risk_factors, - result.vulnerability_details.root_package_name, - result.vulnerability_details.root_package_version, - result.vulnerability_details.root_package_fix_version, - result.vulnerability_details.fix_command - ) + checkType, filePath, + resource, name, result.check_id, severity, description, + result.guideline, fileAbsPath, result.file_line_range, result.fixed_definition, + result.code_block, + result.vulnerability_details.cvss, + result.vulnerability_details.package_name, + result.vulnerability_details.package_version, + result.vulnerability_details.lowest_fixed_version, + result.vulnerability_details.link, + result.vulnerability_details.published_date, + result.vulnerability_details.vector, + result.vulnerability_details.id, + result.file_path, + result.vulnerability_details.risk_factors, + result.vulnerability_details.root_package_name, + result.vulnerability_details.root_package_version, + result.vulnerability_details.root_package_fix_version, + result.vulnerability_details.fix_command + ) checkovResults.add(vulnerabilityCheckovResult) continue } Category.SECRETS -> { - val secretCheckovResult = SecretsCheckovResult(checkType, filePath, - resource, name, result.check_id, severity, description, - result.guideline, fileAbsPath, result.file_line_range, result.fixed_definition, - result.code_block, result.check_name) + val secretCheckovResult = SecretsCheckovResult( + checkType, filePath, resource, name, result.check_id, severity, description, + result.guideline, fileAbsPath, result.file_line_range, result.fixed_definition, + result.code_block, result.check_name + ) checkovResults.add(secretCheckovResult) continue } diff --git a/src/main/kotlin/com/bridgecrew/services/scan/FullScanState.kt b/src/main/kotlin/com/bridgecrew/services/scan/FullScanState.kt index dc7db01..14eab9c 100644 --- a/src/main/kotlin/com/bridgecrew/services/scan/FullScanState.kt +++ b/src/main/kotlin/com/bridgecrew/services/scan/FullScanState.kt @@ -1,6 +1,7 @@ package com.bridgecrew.services.scan import com.bridgecrew.analytics.AnalyticsService +import com.bridgecrew.api.mapper import com.bridgecrew.listeners.CheckovScanListener import com.bridgecrew.results.BaseCheckovResult import com.bridgecrew.services.ResultsCacheService @@ -10,13 +11,11 @@ import com.bridgecrew.ui.actions.SeverityFilterActions import com.bridgecrew.utils.DESIRED_NUMBER_OF_FRAMEWORK_FOR_FULL_SCAN import com.bridgecrew.utils.FULL_SCAN_STATE_FILE import com.bridgecrew.utils.createCheckovTempFile -import com.google.gson.Gson -import com.google.gson.reflect.TypeToken +import com.fasterxml.jackson.module.kotlin.jacksonTypeRef import com.intellij.notification.NotificationType import com.intellij.openapi.components.Service import com.intellij.openapi.components.service import com.intellij.openapi.project.Project -import org.json.JSONArray import org.slf4j.LoggerFactory import java.io.File @@ -41,7 +40,6 @@ class FullScanStateService(val project: Project) { var onCancel: Boolean = false var previousState = State.FIRST_TIME_SCAN - private val gson = Gson() private val logger = LoggerFactory.getLogger(javaClass) var isFullScanRunning = false @@ -84,16 +82,13 @@ class FullScanStateService(val project: Project) { fun saveCurrentState() { val currentResults: List = project.service().getAdjustedCheckovResults() stateFile = createCheckovTempFile(FULL_SCAN_STATE_FILE, ".json") - - val resultsAsJson = JSONArray(currentResults) - stateFile!!.writeText(resultsAsJson.toString()) + stateFile!!.writeText(mapper.writeValueAsString(currentResults)) } private fun returnToPreviousState() { try { val stateContent = stateFile!!.readText() - val resultsListType = object : TypeToken>() {}.type - val checkovResultsList: MutableList = gson.fromJson(stateContent, resultsListType) + val checkovResultsList: MutableList = mapper.readValue(stateContent, jacksonTypeRef()) project.service().checkovResults = checkovResultsList SeverityFilterActions.restartState() } catch (e: Exception) { diff --git a/src/main/kotlin/com/bridgecrew/services/scan/ScanTask.kt b/src/main/kotlin/com/bridgecrew/services/scan/ScanTask.kt index 3dea08d..236ee15 100644 --- a/src/main/kotlin/com/bridgecrew/services/scan/ScanTask.kt +++ b/src/main/kotlin/com/bridgecrew/services/scan/ScanTask.kt @@ -19,6 +19,7 @@ import com.intellij.openapi.progress.Task import com.intellij.openapi.project.Project import com.intellij.openapi.project.ProjectManagerListener import com.intellij.openapi.util.Key +import org.slf4j.Logger import org.slf4j.LoggerFactory import java.io.File @@ -35,10 +36,15 @@ data class ScanTaskResult( } } -abstract class ScanTask(project: Project, title: String, private val sourceName: String, private val processHandler: ProcessHandler, val checkovResultFile: File) : - Task.Backgroundable(project, title, true) { +abstract class ScanTask( + project: Project, + title: String, + private val sourceName: String, + private val processHandler: ProcessHandler, + val checkovResultFile: File +) : Task.Backgroundable(project, title, true) { - protected val logger = LoggerFactory.getLogger(javaClass) + protected val logger: Logger = LoggerFactory.getLogger(javaClass) val debugOutputFile: File = createCheckovTempFile("${sourceName}-debug-output", ".txt") var errorReason = "" @@ -49,7 +55,6 @@ abstract class ScanTask(project: Project, title: String, private val sourceName: if (!processHandler.isStartNotified) { logger.error("Assertion failed: processHandler.isStartNotified = ${processHandler.isStartNotified}") } - processHandler.addProcessListener(object : ProcessAdapter() { override fun onTextAvailable(event: ProcessEvent, outputType: Key<*>) { @@ -122,8 +127,13 @@ abstract class ScanTask(project: Project, title: String, private val sourceName: debugOutputFile.delete() } - class FrameworkScanTask(project: Project, title: String, private val framework: String, private val processHandler: ProcessHandler, checkovResultOutputFile: File) : - ScanTask(project, title, framework, processHandler, checkovResultOutputFile), ProjectManagerListener { + class FrameworkScanTask( + project: Project, + title: String, + private val framework: String, + private val processHandler: ProcessHandler, + checkovResultOutputFile: File + ) : ScanTask(project, title, framework, processHandler, checkovResultOutputFile), ProjectManagerListener { override fun run(indicator: ProgressIndicator) { try { diff --git a/src/main/kotlin/com/bridgecrew/ui/CodeDiffPanel.kt b/src/main/kotlin/com/bridgecrew/ui/CodeDiffPanel.kt index 31b87f7..659e444 100644 --- a/src/main/kotlin/com/bridgecrew/ui/CodeDiffPanel.kt +++ b/src/main/kotlin/com/bridgecrew/ui/CodeDiffPanel.kt @@ -85,7 +85,7 @@ class CodeDiffPanel(val result: BaseCheckovResult, isErrorBubble: Boolean): JPan private fun buildCodeBlock(): ArrayList { val codeBlock = arrayListOf() result.codeBlock.forEach { block -> - var currentLine = (block[0] as Double).toInt() + val currentLine = block[0].toString().toInt() val code = block[1] codeBlock += "$currentLine\t$code".replace("\n", "") } @@ -108,7 +108,7 @@ class CodeDiffPanel(val result: BaseCheckovResult, isErrorBubble: Boolean): JPan private fun buildFixLines(): ArrayList { val fixWithRowNumber = arrayListOf() if (result.codeBlock.isNotEmpty()) { - var currentLine = (result.codeBlock[0][0] as Double).toInt() + var currentLine = result.codeBlock[0][0].toString().toInt() result.fixDefinition?.split("\n")?.forEach { codeRow -> fixWithRowNumber += "$currentLine\t$codeRow".replace("\n", "") currentLine++ diff --git a/src/main/kotlin/com/bridgecrew/ui/vulnerabilitiesTree/CheckovVulnerabilityTreeNode.kt b/src/main/kotlin/com/bridgecrew/ui/vulnerabilitiesTree/CheckovVulnerabilityTreeNode.kt index d47116d..540d9ec 100644 --- a/src/main/kotlin/com/bridgecrew/ui/vulnerabilitiesTree/CheckovVulnerabilityTreeNode.kt +++ b/src/main/kotlin/com/bridgecrew/ui/vulnerabilitiesTree/CheckovVulnerabilityTreeNode.kt @@ -6,7 +6,6 @@ import javax.swing.Icon class CheckovVulnerabilityTreeNode(val checkovResult: BaseCheckovResult, override val relativePathNode: String): CheckovTreeNode { - override fun getNodeIcon(): Icon { val severity = checkovResult.severity return getSeverityIconBySeverity(severity) diff --git a/src/main/kotlin/com/bridgecrew/utils/CheckovUtils.kt b/src/main/kotlin/com/bridgecrew/utils/CheckovUtils.kt index 149c202..ef093c6 100644 --- a/src/main/kotlin/com/bridgecrew/utils/CheckovUtils.kt +++ b/src/main/kotlin/com/bridgecrew/utils/CheckovUtils.kt @@ -2,11 +2,11 @@ package com.bridgecrew.utils import com.bridgecrew.CheckovResult import com.bridgecrew.VulnerabilityDetails -import com.bridgecrew.gson +import com.bridgecrew.api.mapper import com.bridgecrew.results.BaseCheckovResult import com.bridgecrew.results.Category import com.bridgecrew.results.CheckType -import com.google.gson.reflect.TypeToken +import com.fasterxml.jackson.module.kotlin.jacksonTypeRef import org.json.JSONArray import org.json.JSONObject import org.slf4j.LoggerFactory @@ -139,10 +139,9 @@ class CheckovUtils { return arrayListOf() } val failedChecks = results.getJSONArray("failed_checks") - val resultsList = object : TypeToken>() {}.type val checkType = outputObj.getString("check_type") - val checkovResults: ArrayList = gson.fromJson(failedChecks.toString(), resultsList) + val checkovResults: ArrayList = mapper.readValue(failedChecks.toString(), jacksonTypeRef()) checkovResults.forEach { result -> result.check_type = checkType } return checkovResults diff --git a/src/test/kotlin/com/bridgecrew/fixtures/CheckovResultFixture.kt b/src/test/kotlin/com/bridgecrew/fixtures/CheckovResultFixture.kt index 9d9c53b..15d9e81 100644 --- a/src/test/kotlin/com/bridgecrew/fixtures/CheckovResultFixture.kt +++ b/src/test/kotlin/com/bridgecrew/fixtures/CheckovResultFixture.kt @@ -2,67 +2,48 @@ package com.bridgecrew.fixtures import com.bridgecrew.CheckovResult -fun createDefaultResults(): CheckovResult { - return CheckovResult( - check_id = "CKV3_SAST_13", - bc_check_id = "", - check_name = "Unsafe custom MessageDigest is implemented", - file_path = "Assertions.fail.java", - repo_file_path = "/sast-policies/tests/sast/source_code/java/BrokenCryptographicAlgorithm/Assertions.fail.java", - file_abs_path = "/Users/user/sast-policies/tests/sast/source_code/java/BrokenCryptographicAlgorithm/fail.java", - file_line_range = ArrayList(listOf(1, 3)), - resource = "", - severity = "MEDIUM", - description = "", - short_description = "", - vulnerability_details = null, - guideline = "", - code_block = listOf(listOf(1.0, "class MyBadImplementation extends java.security.MessageDigest {], [2.0 ], [3.0, }")), - check_type = "sast_java", - fixed_definition = "", - ) -} - fun createSastCheckovResult(): CheckovResult { return CheckovResult( - check_id = "CKV3_SAST_13", - bc_check_id = "", - check_name = "Unsafe custom MessageDigest is implemented", - file_path = "Assertions.fail.java", - repo_file_path = "/sast-policies/tests/sast/source_code/java/BrokenCryptographicAlgorithm/Assertions.fail.java", - file_abs_path = "/Users/user/sast-policies/tests/sast/source_code/java/BrokenCryptographicAlgorithm/fail.java", - file_line_range = ArrayList(listOf(1, 3)), - resource = "", - severity = "MEDIUM", - description = "", - short_description = "", - vulnerability_details = null, - guideline = "", - code_block = listOf(listOf(1.0, "class MyBadImplementation extends java.security.MessageDigest {], [2.0 ], [3.0, }")), - check_type = "sast_java", - cwe = arrayListOf("CWE-327: Use of a Broken or Risky Cryptographic Algorithm"), - fixed_definition = "" - ) + check_id = "CKV3_SAST_13", + bc_check_id = "", + check_name = "Unsafe custom MessageDigest is implemented", + file_path = "Assertions.fail.java", + repo_file_path = "/sast-policies/tests/sast/source_code/java/BrokenCryptographicAlgorithm/Assertions.fail.java", + file_abs_path = "/Users/user/sast-policies/tests/sast/source_code/java/BrokenCryptographicAlgorithm/fail.java", + file_line_range = ArrayList(listOf(1, 3)), + resource = "", + severity = "MEDIUM", + description = "", + short_description = "", + vulnerability_details = null, + guideline = "", + code_block = listOf(listOf(1.0, "class MyBadImplementation extends java.security.MessageDigest {], [2.0 ], [3.0, }")), + cwe = arrayListOf("CWE-327: Use of a Broken or Risky Cryptographic Algorithm"), + fixed_definition = "" + ).apply { + check_type = "sast_java" + } } fun createCdkCheckovResult(): CheckovResult { return CheckovResult( - check_type = "cdk_python", - check_id = "CKV2_AWS_6", - bc_check_id = "", - check_name = "Ensure that S3 bucket has a Public Access block", - file_path = "Assertions.fail.java", - repo_file_path = "/cdkgoat/cdkgoat_stack.py", - file_abs_path = "/Users/user/cdkgoat/cdkgoat/cdkgoat_stack.py", - file_line_range = ArrayList(listOf(1, 3)), - resource = "", - severity = "", - description = "", - short_description = "", - vulnerability_details = null, - guideline = "", - code_block = listOf(listOf(19, "s3.Bucket(self, bucket_name, removal_policy=RemovalPolicy.DESTROY)")), - cwe = null, - fixed_definition = "" - ) + check_id = "CKV2_AWS_6", + bc_check_id = "", + check_name = "Ensure that S3 bucket has a Public Access block", + file_path = "Assertions.fail.java", + repo_file_path = "/cdkgoat/cdkgoat_stack.py", + file_abs_path = "/Users/user/cdkgoat/cdkgoat/cdkgoat_stack.py", + file_line_range = ArrayList(listOf(1, 3)), + resource = "", + severity = "", + description = "", + short_description = "", + vulnerability_details = null, + guideline = "", + code_block = listOf(listOf(19, "s3.Bucket(self, bucket_name, removal_policy=RemovalPolicy.DESTROY)")), + cwe = null, + fixed_definition = "" + ).apply { + check_type = "cdk_python" + } } diff --git a/src/test/kotlin/com/bridgecrew/fixtures/WeaknessCheckovResultFixture.kt b/src/test/kotlin/com/bridgecrew/fixtures/WeaknessCheckovResultFixture.kt index 6b4b883..5705c95 100644 --- a/src/test/kotlin/com/bridgecrew/fixtures/WeaknessCheckovResultFixture.kt +++ b/src/test/kotlin/com/bridgecrew/fixtures/WeaknessCheckovResultFixture.kt @@ -1,9 +1,8 @@ package com.bridgecrew.fixtures +import com.bridgecrew.api.mapper import com.bridgecrew.results.WeaknessCheckovResult -import com.google.gson.Gson - - +import com.fasterxml.jackson.module.kotlin.jacksonTypeRef const val metadataCodeCollectionJson = """ "metadata": { @@ -97,8 +96,7 @@ fun createWeaknessCheckovResult(metadata: String): WeaknessCheckovResult { } """.trimIndent() - val gson = Gson() - val userObject: WeaknessCheckovResult = gson.fromJson(resultJson, WeaknessCheckovResult::class.java) + val userObject: WeaknessCheckovResult = mapper.readValue(resultJson, jacksonTypeRef()) return userObject }