def __init__(self, hostname=None, username=None, password=None):
"""
:param hostname:
Checkmarx hostname
:param username:
Checkmarx username
:param password:
Checkmarx password
"""
self.logger = configure_logging(logging.getLogger(__name__))
self.hostname = hostname
self.username = username
self.password = password
self.resolver_url = "%s/cxwebinterface/cxwsresolver.asmx?wsdl" % self.hostname
session = Session()
session.verify = False
self.transport = Transport(session=session)
try:
self._resolver_client = Client(self.resolver_url,
transport=self.transport)
except Exception as error:
self.logger.error(
"Checkmarx connection failed: {error}".format(error=error))
raise ConnectionError(
f"Checkmarx connection failed. Wrong or inaccessible hostname: {hostname}"
) from None
self.session_id = None
self.clients = {}
def __init__(self, project=None):
self.logger = configure_logging(logging.getLogger(__name__))
self.checkmarx_url = os.environ.get('CX_URL')
self.owner = os.environ.get('CX_USER', '')
if not self.owner:
self.owner = os.environ.get('OWNER')
self.password = os.environ.get('CX_PASSWORD', '')
if not self.password:
self.password = os.environ.get('PASSWORD')
self.project = project
connection = CheckmarxConnection(self.checkmarx_url, self.owner,
self.password)
sdk_client = connection.get_client()
session_id = connection.session_id
self.version = "{http://Checkmarx.com/%s}" % (
os.environ.get('CX_WSDL_VERSION'))
if not session_id:
self.client = None
self.session = None
self.valid = False
else:
# default client is SDK type client
self.client = sdk_client
self.sdk_client = sdk_client
self.web_portal_client = connection.get_client('WebPortal')
self.session = session_id
self.valid = True
project_settings = self.find_project_by_name(project)
self.project_config = project_settings.ProjectSettings if project_settings else None
self.group_details = self.get_associated_groups()
self.scan_path = self.group_details['GroupList']['Group'][0][
'GroupName']
self.associated_group_id = self.group_details['GroupList'][
'Group'][0]['ID']
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from copy import deepcopy
import logging
import os
from sast_controller.bin import config
from sast_controller.drivers.cx import Checkmarx, utils
from sast_controller.extractors import vulnerability_info as vi
from sast_controller.converters.BaseReport import BaseReport
LOG = logging.getLogger(__name__)
utils.configure_logging(LOG)
CX_PROJECT = config.Config().CX_PROJECT_NAME
RP_DEFECT_TYPES = {
'0': 'To Investigate',
'1': 'No Defect',
'2': 'Product Bug',
'3': 'Product Bug',
'4': 'System Issue'
}
class CheckmarxReport(BaseReport):
"""Canonical dta model implementation for Checkmarx"""
tool_name = "Checkmarx"