enabled scanning

checkmarx-ts · May 7, 2024 · b65e3b3 · b65e3b3
1 parent 2e95e95
commit b65e3b3
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 14 deletions.
diff --git a/cxone_api/projects.py b/cxone_api/projects.py
@@ -26,6 +26,14 @@ async def from_project_id(cxone_client : CxOneClient, project_id : str):
         retval.__project_data = json_on_ok(await cxone_client.get_project(project_id))
         return retval
 
+
+    def __getattr__(self, name):
+        if name in self.__project_data.keys():
+            return self.__project_data[name]
+        else:
+            raise AttributeError(name)
+
+
     async def __get_undocumented_config(self):
         # The documented project API seems to have a bug and does not return the repoUrl.  The undocumented
         # API used by the UI has it.  The undocumented API will no longer be called when the project

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -17,4 +17,4 @@ fi
 
 service cron start > /dev/null 2>&1
 
-python3 $@
+python3 "$@"
diff --git a/logic/__init__.py b/logic/__init__.py
@@ -31,7 +31,7 @@ async def __get_schedule_entry_from_tag(self, project_data, schedule_tag_value,
                 bad_cb(project_data['id'], "No schedule tag value.")
             return None
 
-        repo_details = ProjectRepoConfig.from_loaded_json(self.__client, project_data)
+        repo_details = await ProjectRepoConfig.from_loaded_json(self.__client, project_data)
 
         elements = schedule_tag_value.split(":")
 
@@ -108,7 +108,7 @@ async def __get_untagged_project_schedule(self, bad_cb):
                     continue
 
                 # Check that repo is defined and primary branch is defined
-                repo_cfg = ProjectRepoConfig.from_loaded_json(self.__client, project)
+                repo_cfg = await ProjectRepoConfig.from_loaded_json(self.__client, project)
                 if (await repo_cfg.repo_url) is not None and (await repo_cfg.primary_branch) is not None:
                     # If the project matches a group, assign it the schedule for all matching groups.
                     for gid in project['groups']:

diff --git a/scanner.py b/scanner.py
@@ -27,22 +27,24 @@ async def should_scan(client : CxOneClient, project_repo : ProjectRepoConfig, br
     else:
         # It currently isn't possible to tag a scan created in a project that was import from SCM, so just look
         # at the last scan in status Queued or Running.
-        potential_running_scan = json_on_ok(await client.get_projects_last_scan(branch=branch, limit=1, project_ids=[project_repo.project_id], scan_status="Running"))
-        potential_queued_scan = json_on_ok(await client.get_projects_last_scan(branch=branch, limit=1, project_ids=[project_repo.project_id], scan_status="Queued"))
+        potential_running_scan, potential_queued_scan = await asyncio.gather(
+            client.get_projects_last_scan(branch=branch, limit=1, project_ids=[project_repo.project_id], scan_status="Running"), 
+            client.get_projects_last_scan(branch=branch, limit=1, project_ids=[project_repo.project_id], scan_status="Queued")
+            )
 
-        if project_repo.project_id in potential_running_scan.keys() or project_repo.project_id in potential_queued_scan.keys():
+        if not (project_repo.project_id in json_on_ok(potential_running_scan).keys() or project_repo.project_id in json_on_ok(potential_queued_scan).keys()):
             return True
 
     return False
 
 
+async def create_name(project_name, project_id, repo_url, branch):
+    return f"{project_name}:{project_id}:{repo_url}:{branch}"
+
 async def main():
     try:
         args = parser.parse_args()
-
-        if args.is_imported and (args.scm_id is None or args.scm_org is None):
-            raise Exception("The SCM id and scm org are required to start a scan for an imported project.")
-
+
         tenant, oauth_id, oauth_secret = utils.load_secrets()
         assert not tenant is None
         assert not oauth_id is None
@@ -81,12 +83,12 @@ async def main():
                     scan_response = await ScanInvoker.scan_get_response(client, project_repo, args.branch, args.engines, tag)
 
                     if scan_response.ok:
-                        __log.info(f"Scanning project {args.projectid} branch {args.branch}")
+                        __log.info(f"Scanning {await create_name(project_repo.name, args.projectid, args.repo, args.branch)}")
                     else:
-                        __log.error(f"Failed to start scan for project {args.projectid} branch {args.branch}: {scan_response.status_code}:{scan_response.json()}")
+                        __log.error(f"Failed to start scan for project {await create_name(project_repo.name, args.projectid, args.repo, args.branch)}: {scan_response.status_code}:{scan_response.json()}")
 
                 else:
-                    __log.warning(f"Scheduled scan for project {args.projectid} branch {args.branch} is already running, skipping.")
+                    __log.warning(f"Scheduled scan for {await create_name(project_repo.name, args.projectid, args.repo, args.branch)} is already running, skipping.")
 
             except Exception as ex:
                 __log.exception(ex)
@@ -95,7 +97,7 @@ async def main():
 
 
         except BusyError:
-            __log.debug(f"Another process is handling scans for projectid {args.projectid} branch {args.branch}, skipping.")
+            __log.debug(f"Another process is handling scans for {await create_name(project_repo.name, args.projectid, args.repo, args.branch)}, skipping.")
         finally:
             sem.close()