def test_add_or_update_a_comment_by_scan_id():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id, only_finished_scans=True)
result = scan_api.add_or_update_a_comment_by_scan_id(scan_id, "updated scan")
assert result is True
def test_get_sast_scan_details_by_scan_id():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id)
scan = scan_api.get_sast_scan_details_by_scan_id(scan_id)
assert scan is not None
def test_get_scan_results_for_a_specific_query_group_by_best_fix_location():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id, only_finished_scans=True)
query_version_code = 56110529
response = scan_api.get_scan_results_for_a_specific_query_group_by_best_fix_location(scan_id, query_version_code)
pass
def test_get_scan_results_of_a_specific_query():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id, only_finished_scans=True)
query_version_code = 56089346
response = scan_api.get_scan_results_of_a_specific_query(scan_id, query_version_code)
pass
def test_assign_ticket_to_scan_results():
scan_api = ScansAPI()
results_id = "1000004-5"
ticket_id = "10060"
is_successful = scan_api.assign_ticket_to_scan_results(results_id, ticket_id)
assert is_successful is True
def test_get_parsed_files_metrics_of_a_scan():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id,
only_finished_scans=True)
parsed_files = scan_api.get_parsed_files_metrics_of_a_scan(scan_id=scan_id)
assert parsed_files is not None
def test_get_basic_metrics_of_a_scan():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id,
only_finished_scans=True)
statistics = scan_api.get_basic_metrics_of_a_scan(scan_id=scan_id)
assert statistics is not None
def test_create_new_scan():
project_id = get_project_id()
scan_api = ScansAPI()
scan = scan_api.create_new_scan(project_id, is_incremental=False, is_public=True, force_scan=True,
comment="scan from REST API")
time.sleep(300)
assert scan is not None
def test_update_queued_scan_status_by_scan_id():
project_id = get_project_id()
scan_api = ScansAPI()
scan = scan_api.create_new_scan(project_id, is_incremental=False, is_public=True, force_scan=True,
comment="scan from REST API")
time.sleep(5)
result = scan_api.update_queued_scan_status_by_scan_id(scan_id=scan.id)
assert result is True
def test_get_succeeded_general_queries_metrics_of_a_scan():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id,
only_finished_scans=True)
succeeded_general_queries = scan_api.get_succeeded_general_queries_metrics_of_a_scan(
scan_id=scan_id)
assert succeeded_general_queries is not None
def test_define_sast_scan_scheduling_settings():
project_id = get_project_id()
scan_api = ScansAPI()
schedule_type = "weekly"
schedule_days = ["Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"]
schedule_time = "23:59"
result = scan_api.define_sast_scan_scheduling_settings(project_id, schedule_type, schedule_days, schedule_time)
assert result is True
def test_get_all_scan_details_in_queue():
project_id = get_project_id()
scan_api = ScansAPI()
scan_api.create_new_scan(project_id, is_incremental=False, is_public=True, force_scan=True,
comment="scan from REST API")
time.sleep(4)
all_scan_details_in_queue = scan_api.get_all_scan_details_in_queue()
assert all_scan_details_in_queue is not None
def test_get_scan_logs():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id,
only_finished_scans=True)
logs = scan_api.get_scan_logs(scan_id=scan_id)
assert logs is not None
def test_get_scan_result_labels_fields():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id,
only_finished_scans=True)
fields = scan_api.get_scan_result_labels_fields(scan_id=scan_id,
result_id=1)
assert fields is not None
def test_get_short_vulnerability_description_for_a_scan_result():
"""
This test may raise error:
NotFoundError(http_code=404, msg="Result path Id 1 does not exist for scan with Id 1000020")
"""
path_id = 1
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id, only_finished_scans=True)
short_description = scan_api.get_short_vulnerability_description_for_a_scan_result(scan_id=scan_id, path_id=path_id)
assert short_description is not None
def test_update_scan_result_labels_fields():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id, only_finished_scans=True)
is_successful = scan_api.update_scan_result_labels_fields(scan_id=scan_id,
result_id=1,
state=1,
severity=None,
user_assignment=None,
comment=None)
assert is_successful is True
def test_create_new_scan_with_settings():
project_id = get_project_id()
projects_api = ProjectsAPI()
scan_api = ScansAPI()
preset_id = projects_api.get_preset_id_by_name("All")
scan = scan_api.create_new_scan_with_settings(
project_id=project_id,
preset_id=preset_id,
zipped_source_file_path="JavaVulnerableLab-master.zip",
custom_fields={"some1": "baby2"},
api_version="1.2")
assert scan is not None
def test_update_sast_scan_settings():
project_id = get_project_id()
scan_api = ScansAPI()
project_api = ProjectsAPI()
preset_id = project_api.get_preset_id_by_name("Checkmarx Default")
engine_configuration_id = 1
post_scan_action_id = None
failed_scan_emails = ["*****@*****.**"]
before_scan_emails = ["*****@*****.**"]
after_scan_emails = ["*****@*****.**"]
scan_settings = scan_api.update_sast_scan_settings(project_id, preset_id, engine_configuration_id,
post_scan_action_id,
failed_scan_emails, before_scan_emails, after_scan_emails)
assert scan_settings is not None
def generate_report(project_name, scan_id, result_state_list, report_type,
reports_folder):
"""
Args:
project_name (str):
scan_id (int):
result_state_list (list of str): ["To Verify", "Not Exploitable", "Confirmed", "Urgent",
"Proposed Not Exploitable"]
report_type (str): ('XML', 'PDF')
reports_folder (str):
Returns:
"""
scan_api = ScansAPI()
if not exists(normpath(reports_folder)):
print("The folder to store the Checkmarx scan reports does not exist")
return
if not scan_id:
print(
"No scan found for this project, team full name: {}, project name: {}"
.format(team, project))
return
# register scan report
report = create_scan_report(
scan_id=scan_id,
report_type=report_type,
results_per_vulnerability_maximum=500,
results_state_all=False,
results_state_ids=get_result_state_id_list(result_state_list))
report_id = report["ID"]
# get report status by id
while not scan_api.is_report_generation_finished(report_id):
time.sleep(10)
# get report by id
report_content = scan_api.get_report_by_id(report_id)
# write report content into a file
time_stamp = datetime.now().strftime('_%Y_%m_%d_%H_%M_%S')
name = project_name + time_stamp + "." + report_type
file_name = normpath(join(reports_folder, name))
with open(str(file_name), "wb") as f_out:
f_out.write(report_content)
def test_sample():
team_api = TeamAPI()
projects_api = ProjectsAPI()
scan_api = ScansAPI()
team_id = team_api.get_team_id_by_team_full_name()
projects = projects_api.get_all_project_details(project_name="jvl_git",
team_id=team_id)
for project in projects:
scans = scan_api.get_all_scans_for_project(
project_id=project.project_id, scan_status='Finished')
for scan in scans:
print(str(scan.id))
def get_last_scan_id_of_a_project(team_full_name, project_name):
"""
Args:
team_full_name (str):
project_name (str):
Returns:
scan_id (int)
"""
projects_api = ProjectsAPI()
scan_api = ScansAPI()
project_id = projects_api.get_project_id_by_project_name_and_team_full_name(
project_name=project_name, team_full_name=team_full_name)
return scan_api.get_last_scan_id_of_a_project(project_id=project_id,
only_finished_scans=True)
def test_create_new_scan():
project_id = get_project_id()
scan_api = ScansAPI()
# scan = scan_api.create_new_scan(project_id, is_incremental=False, is_public=True, force_scan=True,
# comment="scan from REST API")
# time.sleep(30)
scan = scan_api.create_new_scan(project_id,
is_incremental=False,
is_public=True,
force_scan=True,
custom_fields={
"key1": "value1",
"key2": "value2"
},
comment="scan from Python SDK",
api_version="1.2")
assert scan is not None
def test_get_scan_queue_details_by_scan_id():
project_id = get_project_id()
scan_api = ScansAPI()
scan_api.create_new_scan(project_id, is_incremental=False, is_public=True, force_scan=True,
comment="scan from REST API")
time.sleep(5)
scan_id = scan_api.get_last_scan_id_of_a_project(project_id)
scan_queue_details = scan_api.get_scan_queue_details_by_scan_id(scan_id)
assert scan_queue_details is not None
def test_register_scan_report():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id, only_finished_scans=True)
report_type = "XML"
scan_report = scan_api.register_scan_report(scan_id, report_type)
assert scan_report is not None
report_id = scan_report.report_id
report_status = scan_api.get_report_status_by_id(report_id)
assert report_status is not None
time.sleep(30)
report_content = scan_api.get_report_by_id(report_id)
assert report_content is not None
def scan_from_local():
team_full_name = "/CxServer"
project_name = "jvl_local"
directory = os.path.dirname(__file__)
# the absolute path of the file config.ini
zip_file_path = normpath(join(directory, "JavaVulnerableLab-master.zip"))
if not exists(zip_file_path):
print(
"JavaVulnerableLab-master.zip not found under current directory.")
report_name = "local_report.xml"
filter_xml = True
team_api = TeamAPI()
projects_api = ProjectsAPI()
scan_api = ScansAPI()
projects_api.delete_project_if_exists_by_project_name_and_team_full_name(
project_name, team_full_name)
# 2. get team id
print("2. get team id")
team_id = team_api.get_team_id_by_team_full_name(team_full_name)
# 3. create project with default configuration, will get project id
print("3. create project with default configuration, will get project id")
project = projects_api.create_project_with_default_configuration(
project_name=project_name, team_id=team_id)
project_id = project.id
# 4. upload source code zip file
print("4. upload source code zip file")
projects_api.upload_source_code_zip_file(project_id, str(zip_file_path))
# 6. set data retention settings by project id
print("6. set data retention settings by project id")
projects_api.set_data_retention_settings_by_project_id(
project_id=project_id, scans_to_keep=3)
# 7. define SAST scan settings
print("7. define SAST scan settings")
preset_id = projects_api.get_preset_id_by_name()
scan_api.define_sast_scan_settings(project_id=project_id,
preset_id=preset_id)
# 8. create new scan, will get a scan id
print("8. create new scan, will get a scan id")
scan = scan_api.create_new_scan(project_id=project_id)
scan_id = scan.id
print("scan_id: {}".format(scan_id))
# 9. get scan details by scan id
print("9. get scan details by scan id")
while True:
scan_detail = scan_api.get_sast_scan_details_by_scan_id(
scan_id=scan_id)
scan_status = scan_detail.status.name
if scan_status == "Finished":
break
elif scan_status == "Failed":
return
time.sleep(1)
# 11[optional]. get statistics results by scan id
print("11[optional]. get statistics results by scan id")
statistics = scan_api.get_statistics_results_by_scan_id(scan_id=scan_id)
if statistics:
print(statistics)
# 12. register scan report
print("12. register scan report")
report = scan_api.register_scan_report(scan_id=scan_id, report_type="XML")
report_id = report.report_id
print("report_id: {}".format(report_id))
# 13. get report status by id
print("13. get report status by id")
while not scan_api.is_report_generation_finished(report_id):
time.sleep(1)
# 14. get report by id
print("14. get report by id")
report_content = scan_api.get_report_by_id(report_id)
# # optional, filter XML report data
# file_name = Path(__file__).parent.absolute() / "filter_by_severity.xml"
# if "xml" in report_name and filter_xml:
# f = io.BytesIO(report_content)
# xml_report = CxScanReportXmlContent(f)
# xml_report.filter_by_severity(high=True, medium=True)
# xml_report.write_new_xml(str(file_name))
report_path = normpath(join(directory, report_name))
with open(str(report_path), "wb") as f:
f.write(report_content)
def scan_from_git():
team_full_name = "/CxServer"
project_name = "jvl_git"
report_name = "report.pdf"
file_name = normpath(join(dirname(__file__), report_name))
print(file_name)
url = "https://github.com/CSPF-Founder/JavaVulnerableLab.git"
branch = "refs/heads/master"
projects_api = ProjectsAPI()
team_api = TeamAPI()
scan_api = ScansAPI()
projects_api.delete_project_if_exists_by_project_name_and_team_full_name(
project_name, team_full_name)
# 2. get team id
print("2. get team id")
team_id = team_api.get_team_id_by_team_full_name(team_full_name)
# 3. create project with default configuration, will get project id
print("3. create project with default configuration, will get project id")
project = projects_api.create_project_with_default_configuration(
project_name=project_name, team_id=team_id)
project_id = project.id
# 4. set remote source setting to git
print("4. set remote source setting to git")
projects_api.set_remote_source_setting_to_git(project_id=project_id,
url=url,
branch=branch)
# 6. set data retention settings by project id
print("6. set data retention settings by project id")
projects_api.set_data_retention_settings_by_project_id(
project_id=project_id, scans_to_keep=3)
# 7. define SAST scan settings
print("7. define SAST scan settings")
preset_id = projects_api.get_preset_id_by_name()
scan_api.define_sast_scan_settings(project_id=project_id,
preset_id=preset_id)
projects_api.set_project_exclude_settings_by_project_id(
project_id, exclude_folders_pattern="", exclude_files_pattern="")
# 8. create new scan, will get a scan id
print("8. create new scan, will get a scan id")
scan = scan_api.create_new_scan(project_id=project_id)
scan_id = scan.id
print("scan_id : {}".format(scan_id))
# 9. get scan details by scan id
print("9. get scan details by scan id")
while True:
scan_detail = scan_api.get_sast_scan_details_by_scan_id(
scan_id=scan_id)
scan_status = scan_detail.status.name
if scan_status == "Finished":
break
elif scan_status == "Failed":
return
time.sleep(10)
# 11[optional]. get statistics results by scan id
print("11[optional]. get statistics results by scan id")
statistics = scan_api.get_statistics_results_by_scan_id(scan_id=scan_id)
if statistics:
print(statistics)
# 12. register scan report
print("12. register scan report")
report = scan_api.register_scan_report(scan_id=scan_id, report_type="PDF")
report_id = report.report_id
print("report_id : {}".format(report_id))
# 13. get report status by id
print("13. get report status by id")
while not scan_api.is_report_generation_finished(report_id):
time.sleep(10)
# 14. get report by id
print("14. get report by id")
report_content = scan_api.get_report_by_id(report_id)
with open(str(file_name), "wb") as f_out:
f_out.write(report_content)
def scan_from_local(team_full_name,
project_name,
report_type,
zip_file_path,
report_folder=None):
"""
Args:
team_full_name (str):
project_name (str):
report_type (str):
zip_file_path (str)
report_folder (str):
Returns:
"""
if not report_folder or not exists(report_folder):
report_folder = dirname(__file__)
if not exists(zip_file_path):
print("zip file not found. \n abort scan.")
return
print(
("team_full_name: {}, \n"
"project_name: {}, \n"
"report_type: {}, \n"
"zip_file_path: {}, \n"
"report_folder: {}").format(team_full_name, project_name, report_type,
zip_file_path, report_folder))
team_api = TeamAPI()
projects_api = ProjectsAPI()
scan_api = ScansAPI()
# 2. get team id
print("2. get team id")
team_id = team_api.get_team_id_by_team_full_name(team_full_name)
if not team_id:
print("team: {} not exist".format(team_full_name))
return
project_id = projects_api.get_project_id_by_project_name_and_team_full_name(
project_name=project_name, team_full_name=team_full_name)
# 3. create project with default configuration, will get project id
print("3. create project with default configuration, will get project id")
if not project_id:
project = projects_api.create_project_with_default_configuration(
project_name=project_name, team_id=team_id)
project_id = project.id
print("project_id: {}".format(project_id))
# 4. upload source code zip file
print("4. upload source code zip file")
projects_api.upload_source_code_zip_file(project_id, str(zip_file_path))
# 6. set data retention settings by project id
print("6. set data retention settings by project id")
projects_api.set_data_retention_settings_by_project_id(
project_id=project_id, scans_to_keep=3)
# 7. define SAST scan settings
print("7. define SAST scan settings")
preset_id = projects_api.get_preset_id_by_name()
print("preset id: {}".format(preset_id))
scan_api.define_sast_scan_settings(project_id=project_id,
preset_id=preset_id)
projects_api.set_project_exclude_settings_by_project_id(
project_id, exclude_folders_pattern="", exclude_files_pattern="")
# 8. create new scan, will get a scan id
print("8. create new scan, will get a scan id")
scan = scan_api.create_new_scan(project_id=project_id)
scan_id = scan.id
print("scan_id : {}".format(scan_id))
# 9. get scan details by scan id
print("9. get scan details by scan id")
while True:
scan_detail = scan_api.get_sast_scan_details_by_scan_id(
scan_id=scan_id)
scan_status = scan_detail.status.name
print("scan_status: {}".format(scan_status))
if scan_status == "Finished":
break
elif scan_status == "Failed":
return
time.sleep(10)
# 11[optional]. get statistics results by scan id
print("11[optional]. get statistics results by scan id")
statistics = scan_api.get_statistics_results_by_scan_id(scan_id=scan_id)
if statistics:
print(statistics)
# 12. register scan report
print("12. register scan report")
report = scan_api.register_scan_report(scan_id=scan_id,
report_type=report_type)
report_id = report.report_id
print("report_id : {}".format(report_id))
# 13. get report status by id
print("13. get report status by id")
while not scan_api.is_report_generation_finished(report_id):
time.sleep(10)
# 14. get report by id
print("14. get report by id")
report_content = scan_api.get_report_by_id(report_id)
time_stamp = datetime.now().strftime('_%Y_%m_%d_%H_%M_%S')
file_name = normpath(
join(report_folder, project_name + time_stamp + "." + report_type))
with open(str(file_name), "wb") as f_out:
f_out.write(report_content)
def test_get_statistics_results_by_scan_id():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id, only_finished_scans=True)
statistics = scan_api.get_statistics_results_by_scan_id(scan_id)
assert statistics is not None
def test_delete_scan_by_scan_id():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id, only_finished_scans=True)
result = scan_api.delete_scan_by_scan_id(scan_id)
assert result is True
def test_get_last_scan_id_of_a_project():
project_id = get_project_id()
scan_api = ScansAPI()
scan_id = scan_api.get_last_scan_id_of_a_project(project_id)
assert scan_id is not None