Q2 2024 integration branch (#113)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@checkmarx/cx-common-js-client",
-  "version": "0.1.86",
+  "version": "0.1.87",
   "description": "Client for interaction with Checkmarx products.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

src/dto/sca/report/package.ts

@@ -13,6 +13,7 @@ export class Package {
      */
     private _matchType: string = '';
 
+    private _criticalVulnerabilityCount: number = 0;
     private _highVulnerabilityCount: number = 0;
     private _mediumVulnerabilityCount: number = 0;
     private _lowVulnerabilityCount: number = 0;
@@ -72,6 +73,14 @@ export class Package {
         this._matchType = value;
     }
 
+    public get criticalVulnerabilityCount(): number {
+        return this._criticalVulnerabilityCount;
+    }
+
+    public set criticalVulnerabilityCount(value: number) {
+        this._criticalVulnerabilityCount = value;
+    }
+
     public get highVulnerabilityCount(): number {
         return this._highVulnerabilityCount;
     }

src/dto/sca/report/packageSeverity.ts

@@ -5,5 +5,6 @@ export enum PackageSeverity {
     NONE = "NONE",
     LOW = "LOW",
     MEDIUM = "MEDIUM",
-    HIGH = "HIGH"
+    HIGH = "HIGH",
+    CRITICAL = "CRITICAL"
 }

src/dto/sca/report/scaSummaryResults.ts

@@ -1,5 +1,6 @@
 export class ScaSummaryResults {
     private _riskReportId: string = '';
+    private _criticalVulnerabilityCount: number = 0;
     private _highVulnerabilityCount: number = 0;
     private _mediumVulnerabilityCount: number = 0;
     private _lowVulnerabilityCount: number = 0;
@@ -17,6 +18,14 @@ export class ScaSummaryResults {
         this._riskReportId = value;
     }
 
+    public get criticalVulnerabilityCount(): number {
+        return this._criticalVulnerabilityCount;
+    }
+
+    public set criticalVulnerabilityCount(value: number) {
+        this._criticalVulnerabilityCount = value;
+    }
+
     public get highVulnerabilityCount(): number {
         return this._highVulnerabilityCount;
     }

src/dto/sca/report/severity.ts

@@ -1,5 +1,6 @@
 export enum Severity {
     LOW = "Low",
     MEDIUM = "Medium",
-    HIGH = "High"
+    HIGH = "High",
+    CRITICAL = "Critical"
 }

src/dto/sca/scaConfig.ts

@@ -15,6 +15,7 @@ export interface ScaConfig {
     dependencyFileExtension: string;
     dependencyFolderExclusion: string;
     vulnerabilityThreshold: boolean;
+    criticalThreshold?: number;
     highThreshold?: number;
     mediumThreshold?: number;
     lowThreshold?: number;

src/dto/sca/scaReportResults.ts

@@ -8,6 +8,7 @@ import { ScaConfig } from './scaConfig';
 
 export class ScaReportResults {
     private _resultReady: boolean = false;
+    private _criticalVulnerability: number = 0;
     private _highVulnerability: number = 0;
     private _mediumVulnerability: number = 0;
     private _lowVulnerability: number = 0;
@@ -16,20 +17,23 @@ export class ScaReportResults {
     private _nonVulnerableLibraries: number = 0;
     private _scanStartTime: string = '';
     private _scanEndTime: string = '';
+    private _dependencyCriticalCVEReportTable: CveReportTableRow[] = [];
     private _dependencyHighCVEReportTable: CveReportTableRow[] = [];
     private _dependencyMediumCVEReportTable: CveReportTableRow[] = [];
     private _dependencyLowCVEReportTable: CveReportTableRow[] = [];
     private _totalLibraries: number = 0;
     private _packages: Package[] = [];
     private _summary: ScaSummaryResults | any;
     private _vulnerabilityThreshold: boolean = false;
+    private _criticalThreshold?: number;
     private _highThreshold?: number;
     private _mediumThreshold?: number;
     private _lowThreshold?: number;
 
     constructor(scaResults: SCAResults, scaConfig: ScaConfig) {
         if (scaConfig) {
             this._vulnerabilityThreshold = scaConfig.vulnerabilityThreshold;
+            this._criticalThreshold = scaConfig.criticalThreshold;
             this._highThreshold = scaConfig.highThreshold;
             this._mediumThreshold = scaConfig.mediumThreshold;
             this._lowThreshold = scaConfig.lowThreshold;
@@ -42,6 +46,7 @@ export class ScaReportResults {
             this._summary = scaResults.summary;
 
             if (scaResults.summary) {
+                this._criticalVulnerability = scaResults.summary.criticalVulnerabilityCount;
                 this._highVulnerability = scaResults.summary.highVulnerabilityCount;
                 this._mediumVulnerability = scaResults.summary.mediumVulnerabilityCount;
                 this._lowVulnerability = scaResults.summary.lowVulnerabilityCount;
@@ -60,7 +65,8 @@ export class ScaReportResults {
         let sum: number;
         (this._packages || []).forEach(pckg => {
             if (pckg) {
-                sum = pckg.highVulnerabilityCount +
+                sum = pckg.criticalVulnerabilityCount +
+                    pckg.highVulnerabilityCount +
                     pckg.mediumVulnerabilityCount +
                     pckg.lowVulnerabilityCount;
                 if (sum === 0) {
@@ -87,6 +93,9 @@ export class ScaReportResults {
                 else if (finding.severity === Severity.HIGH) {
                     this._dependencyHighCVEReportTable.push(row);
                 }
+                else if (finding.severity === Severity.CRITICAL) {
+                    this._dependencyCriticalCVEReportTable.push(row);
+                }
             }
         });
     }
@@ -99,6 +108,14 @@ export class ScaReportResults {
         this._resultReady = value;
     }
 
+    public get criticalVulnerability(): number {
+        return this._criticalVulnerability;
+    }
+
+    public set criticalVulnerability(value: number) {
+        this._criticalVulnerability = value;
+    }
+
     public get highVulnerability(): number {
         return this._highVulnerability;
     }
@@ -171,6 +188,14 @@ export class ScaReportResults {
         this._totalLibraries = value;
     }
 
+    public get dependencyCriticalCVEReportTable(): CveReportTableRow[] {
+        return this._dependencyCriticalCVEReportTable;
+    }
+
+    public set dependencyCriticalCVEReportTable(value: CveReportTableRow[]) {
+        this._dependencyCriticalCVEReportTable = value;
+    }
+
     public get dependencyHighCVEReportTable(): CveReportTableRow[] {
         return this._dependencyHighCVEReportTable;
     }
@@ -219,6 +244,14 @@ export class ScaReportResults {
         this._vulnerabilityThreshold = value;
     }
 
+    public get criticalThreshold(): number | undefined {
+        return this._criticalThreshold;
+    }
+
+    public set criticalThreshold(value: number | undefined) {
+        this._criticalThreshold = value;
+    }
+
     public get highThreshold(): number | undefined {
         return this._highThreshold;
     }

src/dto/scanResults.ts

@@ -27,6 +27,7 @@ export class ScanResults {
     osaScanId: string | null = null;
     osaProjectSummaryLink: string | null = null;
     osaThresholdEnabled = false;
+    osaCriticalThreshold = 0;
     osaHighThreshold = 0;
     osaMediumThreshold = 0;
     osaLowThreshold = 0;
@@ -78,6 +79,7 @@ export class ScanResults {
     queryList = '';
     osaStartTime = '';  // E.g. "2019-10-27T12:22:50.223"
     osaEndTime = '';
+    osaCriticalResults = 0;
     osaHighResults = 0;
     osaMediumResults = 0;
     osaLowResults = 0;

src/services/clients/cxClient.ts

@@ -57,6 +57,8 @@ export class CxClient {
         result.syncMode = this.config.isSyncMode;
 
         if (config.enableSastScan) {
+            this.log.info('Initializing Cx client');
+            await this.initClients(httpClient);
             if(!await this.isSASTSupportsCriticalSeverity() && this.sastConfig.vulnerabilityThreshold)
             {
                 this.sastConfig.criticalThreshold = 0;
@@ -67,8 +69,6 @@ export class CxClient {
                 this.log.warning('SAST 9.6 and lower version does not supports critical severity because of that ignoring critical threshold.');
             }
             result.updateSastDefaultResults(this.sastConfig);
-            this.log.info('Initializing Cx client');
-            await this.initClients(httpClient);
             await this.initDynamicFields();
 
             if(this.sastConfig.avoidDuplicateProjectScans)
@@ -345,6 +345,10 @@ export class CxClient {
         if (projectId) {
             this.log.debug(`Resolved project ID: ${projectId}`);
             this.isNewProject = false;
+            if (this.sastConfig.enableSastBranching)
+            {
+                throw Error(`Project with name ${this.config.projectName} is already exists. Cannot create branched project as project name already exists.`);
+            }
         } else {
             this.log.info('Project not found, creating a new one.');
             if (this.sastConfig.denyProject) 
@@ -646,27 +650,26 @@ export class CxClient {
         if(result.criticalResults != undefined)
         {
             this.log.info(`----------------------------Checkmarx Scan Results(CxSAST):-------------------------------
-            Critical severity results: ${result.criticalResults}${newCritical}
-            High severity results: ${result.highResults}${newHigh}
-            Medium severity results: ${result.mediumResults}${newMedium}
-            Low severity results: ${result.lowResults}${newLow}
-            Info severity results: ${result.infoResults}${newInfo}
-
-            Scan results location:  ${result.sastScanResultsLink}
-            ------------------------------------------------------------------------------------------
+Critical severity results: ${result.criticalResults}${newCritical}
+High severity results: ${result.highResults}${newHigh}
+Medium severity results: ${result.mediumResults}${newMedium}
+Low severity results: ${result.lowResults}${newLow}
+Info severity results: ${result.infoResults}${newInfo}
+
+Scan results location:  ${result.sastScanResultsLink}
+------------------------------------------------------------------------------------------
             `);
         }
         else
         {
             this.log.info(`----------------------------Checkmarx Scan Results(CxSAST):-------------------------------
-            Critical severity results: ${result.criticalResults}${newCritical}
 High severity results: ${result.highResults}${newHigh}
-            Medium severity results: ${result.mediumResults}${newMedium}
-            Low severity results: ${result.lowResults}${newLow}
-            Info severity results: ${result.infoResults}${newInfo}
+Medium severity results: ${result.mediumResults}${newMedium}
+Low severity results: ${result.lowResults}${newLow}
+Info severity results: ${result.infoResults}${newInfo}
 
-            Scan results location:  ${result.sastScanResultsLink}
-            ------------------------------------------------------------------------------------------
+Scan results location:  ${result.sastScanResultsLink}
+------------------------------------------------------------------------------------------
             `);
         }
     }

src/services/clients/scaClient.ts

@@ -539,6 +539,7 @@ The Build Failed for the Following Reasons:
         await this.printPolicyEvaluation(scaResults.scaPolicyViolation, this.config.scaEnablePolicyViolations);
         await this.determinePolicyViolation(scaResults);
         const vulResults = {
+            criticalResults:scaReportResults.criticalVulnerability,
             highResults: scaReportResults.highVulnerability,
             mediumResults: scaReportResults.mediumVulnerability,
             lowResults: scaReportResults.lowVulnerability
@@ -662,6 +663,7 @@ The Build Failed for the Following Reasons:
         this.log.info("\n----CxSCA risk report summary----");
         this.log.info("Created on: " + summary.createdOn);
         this.log.info("Direct packages: " + summary.directPackages);
+        this.log.info("Critical vulnerabilities: " + summary.criticalVulnerabilityCount);
         this.log.info("High vulnerabilities: " + summary.highVulnerabilityCount);
         this.log.info("Medium vulnerabilities: " + summary.mediumVulnerabilityCount);
         this.log.info("Low vulnerabilities: " + summary.lowVulnerabilityCount);