diff --git a/build.gradle b/build.gradle index 909a3555..e5f9e923 100644 --- a/build.gradle +++ b/build.gradle @@ -53,7 +53,7 @@ dependencies { exclude group: 'org.apache.logging.log4j', module: 'log4j-core' } - compile 'com.checkmarx:cx-client-common:2021.4.9', + compile 'com.checkmarx:cx-client-common:2022.2.11', 'com.fasterxml.jackson.core:jackson-core:2.11.3', 'com.fasterxml.jackson.core:jackson-annotations:2.11.3', 'com.fasterxml.jackson.core:jackson-databind:2.11.3', diff --git a/gradle.properties b/gradle.properties index 03325ba1..4018e6aa 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ description = Provides automatic scan of code by Checkmarx server and shows results summary and trend in Jenkins interface. group = com.checkmarx.jenkins -version = 2022.1.3 +version = 2022.2.1 repositoryVersion= diff --git a/src/main/java/com/checkmarx/jenkins/CxConnectionDetails.java b/src/main/java/com/checkmarx/jenkins/CxConnectionDetails.java index 0a87dc59..54dd0a65 100644 --- a/src/main/java/com/checkmarx/jenkins/CxConnectionDetails.java +++ b/src/main/java/com/checkmarx/jenkins/CxConnectionDetails.java @@ -22,6 +22,7 @@ public class CxConnectionDetails { private String username; private String encryptedPassword; private Boolean isProxy; + private Boolean isScaProxy; public String getServerUrl() { return serverUrl; @@ -54,6 +55,13 @@ public Boolean isProxy() { public void setProxy(Boolean proxy) { isProxy = proxy; } + public Boolean isScaProxy() { + return isScaProxy; + } + + public void setScaProxy(Boolean scaProxy) { + isScaProxy = scaProxy; + } @NotNull private static CxConnectionDetails getCxCredentials(Run run, CxConnectionDetails ret, String credentialsId, String username, String passwordPlainText) { diff --git a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java index d72a8a94..9a7e94de 100644 --- a/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java +++ b/src/main/java/com/checkmarx/jenkins/CxScanBuilder.java @@ -134,7 +134,7 @@ public class CxScanBuilder extends Builder implements SimpleBuildStep { private boolean fullScansScheduled; private int fullScanCycle; private boolean isThisBuildIncremental; - private Integer postScanActionId; + private int postScanActionId; @Nullable private String sourceEncoding; @Nullable @@ -226,7 +226,7 @@ public CxScanBuilder( boolean incremental, boolean fullScansScheduled, int fullScanCycle, - Integer postScanActionId, + int postScanActionId, @Nullable String sourceEncoding, @Nullable String comment, boolean skipSCMTriggers, @@ -432,7 +432,7 @@ public int getFullScanCycle() { return fullScanCycle; } - public Integer getPostScanActionId() { + public int getPostScanActionId() { return postScanActionId; } @@ -901,8 +901,9 @@ public void perform(@Nonnull Run run, @Nonnull FilePath workspace, @Nonnul Jenkins instance = Jenkins.getInstance(); final CxScanCallable action; if (instance != null && instance.proxy != null && - (useOwnServerCredentials ? this.isProxy : getDescriptor().getIsProxy()) && - !(isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns()))) { + ((!isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns())) + || (!isCxURLinNoProxyHost(getDescriptor().getDependencyScanConfig().scaAccessControlUrl, instance.proxy.getNoProxyHostPatterns())))) + { action = new CxScanCallable(config, listener, instance.proxy, isHideDebugLogs(), fsaVars); } else { action = new CxScanCallable(config, listener, isHideDebugLogs(), fsaVars); @@ -1315,16 +1316,30 @@ private CxScanConfig resolveConfiguration(Run run, DescriptorImpl descript ret.setPassword(Aes.decrypt(cxConnectionDetails.getPassword(), cxConnectionDetails.getUsername())); if (cxConnectionDetails.isProxy()) { Jenkins instance = Jenkins.getInstance(); - if (instance != null && instance.proxy != null && !(isCxURLinNoProxyHost(useOwnServerCredentials ? - this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns()))) { - ret.setProxy(true); - ret.setProxyConfig(new ProxyConfig(instance.proxy.name, instance.proxy.port, - instance.proxy.getUserName(), instance.proxy.getPassword(), false)); + if (instance != null && instance.proxy != null) { + boolean sastProxy = false; + + if (!isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns())) { + ret.setProxy(true); + ret.setProxyConfig(new ProxyConfig(instance.proxy.name, instance.proxy.port, + instance.proxy.getUserName(), instance.proxy.getPassword(), false)); + sastProxy = true; + } + if (!isCxURLinNoProxyHost(getDescriptor().getDependencyScanConfig().scaAccessControlUrl, instance.proxy.getNoProxyHostPatterns())) { + if (!sastProxy){ + ret.setProxy(false); + } + ret.setScaProxy(true); + ret.setScaProxyConfig(new ProxyConfig(instance.proxy.name, instance.proxy.port, + instance.proxy.getUserName(), instance.proxy.getPassword(), false)); + } } else { ret.setProxy(false); + ret.setScaProxy(false); } } else { ret.setProxy(false); + ret.setScaProxy(false); } /* @@ -1459,12 +1474,23 @@ private LegacyClient prepareLoggedInClient(CxConnectionDetails credentials, Desc Jenkins instance = Jenkins.getInstance(); if (credentials.isProxy()) { - if (instance != null && instance.proxy != null && isCxURLinNoProxyHost(serverUrl, instance.proxy.getNoProxyHostPatterns())) { - credentials.setProxy(false); + if (instance != null && instance.proxy != null) { + boolean isSastProxy = false; + if (!isCxURLinNoProxyHost(useOwnServerCredentials ? this.serverUrl : getDescriptor().getServerUrl(), instance.proxy.getNoProxyHostPatterns())) { + credentials.setProxy(true); + isSastProxy = true; + } + if (!isCxURLinNoProxyHost(getDescriptor().getDependencyScanConfig().scaAccessControlUrl, instance.proxy.getNoProxyHostPatterns())) { + credentials.setScaProxy(true); + if (!isSastProxy || !getSastEnabled()){ + credentials.setProxy(false); + } + } } ret = CommonClientFactory.getInstance(credentials, descriptor.isEnableCertificateValidation(), serverLog); } else { credentials.setProxy(false); + credentials.setScaProxy(false); ret = CommonClientFactory.getInstance(credentials, descriptor.isEnableCertificateValidation(), serverLog); } @@ -1552,7 +1578,7 @@ private AstScaConfig getScaConfig(Run run, EnvVars env, DependencyScanConf //add SCA Resolver code here if (dsConfig.enableScaResolver != null && SCAScanType.SCA_RESOLVER.toString().equalsIgnoreCase(dsConfig.enableScaResolver.toString())) { - scaResolverPathExist(dsConfig.pathToScaResolver); +// scaResolverPathExist(dsConfig.pathToScaResolver); validateScaResolverParams(dsConfig.scaResolverAddParameters); result.setEnableScaResolver(true); } @@ -1625,7 +1651,9 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { log.info("plugin version: {}", CxConfig.version()); log.info("server url: " + config.getUrl()); log.info("username: " + config.getUsername()); - boolean proxyEnabled = ((useOwnServerCredentials ? getIsProxy() : config.getProxyConfig()) != null); + //Print correct value only for local project proxy setup + //useOwnServerCredentials == true once it's un-checked on job config and false once its checked + boolean proxyEnabled = ((!useOwnServerCredentials ? getIsProxy() : config.getProxyConfig()) != null); log.info("is using Jenkins server proxy: " + proxyEnabled); if (proxyEnabled) { if (Jenkins.getInstance().proxy != null) @@ -1646,7 +1674,6 @@ private void printConfiguration(CxScanConfig config, CxLoggerAdapter log) { ScannerType scannerType = getDependencyScannerType(config); String dependencyScannerType = scannerType != null ? scannerType.getDisplayName() : "NONE"; - log.info("Dependency scanner type: {}", dependencyScannerType); if (config.isSastEnabled()) { log.info("preset id: " + config.getPresetId()); log.info("SAST folder exclusions: " + config.getSastFolderExclusions()); @@ -1965,7 +1992,7 @@ private void validateScaResolverParams(String additionalParams) { String dirPath = params.get("-s"); if(StringUtils.isEmpty(dirPath)) throw new CxClientException("Source code path (-s ) is not provided."); - fileExists(dirPath); +// fileExists(dirPath); String projectName = params.get("-n"); if(StringUtils.isEmpty(projectName)) @@ -2511,11 +2538,11 @@ public FormValidation doTestScaSASTConnection(@QueryParameter final String scaSa if (cred.isProxy()) { if (instance != null && instance.proxy != null && isCxURLinNoProxyHost(serverUrl, instance.proxy.getNoProxyHostPatterns())) { - cred.setProxy(false); + cred.setScaProxy(false); } commonClient = CommonClientFactory.getInstance(cred, this.isEnableCertificateValidation(), serverLog); } else { - cred.setProxy(false); + cred.setScaProxy(false); commonClient = CommonClientFactory.getInstance(cred, this.isEnableCertificateValidation(), serverLog); } } catch (Exception e) { @@ -2564,12 +2591,10 @@ public FormValidation doValidateMvnPath(@QueryParameter final String mvnPath) th } @POST - public FormValidation doTestScaConnection(@QueryParameter String scaServerUrl, - @QueryParameter String scaAccessControlUrl, - @QueryParameter String scaCredentialsId, - @QueryParameter String scaTenant, - @QueryParameter Integer scaTimeout, - @AncestorInPath Item item) { + public FormValidation doTestScaConnection(@QueryParameter String scaServerUrl, @QueryParameter String scaAccessControlUrl, + @QueryParameter String scaCredentialsId, @QueryParameter String scaTenant, + @QueryParameter Integer scaTimeout, @QueryParameter final boolean isProxy, + @QueryParameter final String timestamp, @AncestorInPath Item item) { Jenkins.getInstance().checkPermission(Item.CONFIGURE); try { CxScanConfig config = new CxScanConfig(); @@ -2597,9 +2622,15 @@ public FormValidation doTestScaConnection(@QueryParameter String scaServerUrl, try { Jenkins instance = Jenkins.getInstance(); - if (instance != null && instance.proxy != null && isProxy && !(isCxURLinNoProxyHost(serverUrl, instance.proxy.getNoProxyHostPatterns()))) { + if (instance != null && instance.proxy != null){ + if (isProxy && !(isCxURLinNoProxyHost(scaConfig.getAccessControlUrl(), instance.proxy.getNoProxyHostPatterns()))) + { + config.setScaProxy(true); + }else{ + config.setScaProxy(false); + } ProxyConfig proxyConfig = ProxyHelper.getProxyConfig(); - config.setProxyConfig(proxyConfig); + config.setScaProxyConfig(proxyConfig); } } catch (Exception e) { return buildError(e, "Failed to init cx client"); diff --git a/src/main/resources/com/checkmarx/jenkins/CxProjectResult/jobMain.jelly b/src/main/resources/com/checkmarx/jenkins/CxProjectResult/jobMain.jelly index b79d7652..7dfbdb90 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxProjectResult/jobMain.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxProjectResult/jobMain.jelly @@ -29,9 +29,7 @@ vertical-align: top; } - - - +
Note:
Job is configured to run Checkmarx scan asynchronously. Displayed results are of the previous successful scan.
@@ -47,7 +45,12 @@
Job is configured to run Checkmarx scan asynchronously.Report generation is disabled.
 - + + +
+ ${result.getHtmlReport()} +
+ diff --git a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly index 997ceb3d..e4ff382b 100644 --- a/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly +++ b/src/main/resources/com/checkmarx/jenkins/CxScanBuilder/config.jelly @@ -190,7 +190,7 @@ + with="scaServerUrl,scaAccessControlUrl,scaCredentialsId,scaTenant,timestamp,isProxy"/> + with="scaServerUrl,scaAccessControlUrl,scaCredentialsId,scaTenant,scaTimeout,timestamp,isProxy"/>