sca endpoint

siewer · siewer · commit 499fdeb2e802 · 2024-06-13T14:42:20.000+02:00
diff --git a/src/main/java/io/mixeway/api/cioperations/service/CiOperationsService.java b/src/main/java/io/mixeway/api/cioperations/service/CiOperationsService.java
@@ -129,7 +129,7 @@ public ResponseEntity<CIVulnManageResponse> codeVerify(String codeGroup, String
                 CodeProject codeProjectToVerify =sastRequestVerify.getCp();
                 CIVulnManageResponse ciVulnManageResponse = new CIVulnManageResponse();
                 if (StringUtils.isNotBlank(codeProjectToVerify.getdTrackUuid())){
-                    openSourceScanService.loadVulnerabilities(codeProjectToVerify);
+                    openSourceScanService.loadVulnerabilities(codeProjectToVerify, null,null);
                 }
                 List<VulnManageResponse> vmr = createVulnManageResponseForCodeProject(codeProjectToVerify);
                 ciVulnManageResponse.setVulnManageResponseList(vmr);
@@ -239,7 +239,7 @@ public ResponseEntity<Status> infoScanPerformed(InfoScanPerformed infoScanPerfor
                 createCiOperationsService.create(codeProject.get(), infoScanPerformed);
             }
             updateCodeProjectService.changeCommitId(infoScanPerformed.getCommitId(), codeProject.get());
-            openSourceScanService.loadVulnerabilities(codeProject.get());
+            openSourceScanService.loadVulnerabilities(codeProject.get(),null,null);
             return new ResponseEntity<>(HttpStatus.OK);
         } else {
             return new ResponseEntity<>(HttpStatus.NOT_FOUND);
@@ -359,7 +359,7 @@ public ResponseEntity<Status> performSastScanForCodeProject(Long codeProjectId,
         if (codeProject.isPresent() && permissionFactory.canUserAccessProject(principal, codeProject.get().getProject())) {
             codeScanService.putCodeProjectToQueue(codeProjectId,principal);
             if (StringUtils.isNotBlank(codeProject.get().getdTrackUuid())) {
-                openSourceScanService.loadVulnerabilities(codeProject.get());
+                openSourceScanService.loadVulnerabilities(codeProject.get(), null, null);
                 log.info("[CICD] {} Loaded OpenSource Vulns for project - {}", principal.getName(), codeProject.get().getName());
             }
             log.info("[CICD] {} put SAST Project in queue - {}", principal.getName(), codeProject.get().getName());
@@ -397,7 +397,7 @@ public ResponseEntity<SecurityGatewayResponse> getVulnerabilitiesForCodeProject(
         Optional<CodeProject> codeProject = codeProjectRepository.findById(codeProjectId);
         if (codeProject.isPresent() && permissionFactory.canUserAccessProject(principal, codeProject.get().getProject())) {
             List<ProjectVulnerability> vulns = vulnTemplate.projectVulnerabilityRepository.findByCodeProject(codeProject.get());
-            openSourceScanService.loadVulnerabilities(codeProject.get());
+            openSourceScanService.loadVulnerabilities(codeProject.get(), null, null);
             List<Vuln> vulnList = new ArrayList<>();
             for (ProjectVulnerability pv : vulns){
                 if (pv.getVulnerabilitySource().getId().equals(vulnTemplate.SOURCE_OPENSOURCE.getId())){
diff --git a/src/main/java/io/mixeway/api/vulnmanage/service/GetVulnerabilitiesService.java b/src/main/java/io/mixeway/api/vulnmanage/service/GetVulnerabilitiesService.java
@@ -359,7 +359,7 @@ public ResponseEntity<CIVulnManageResponse> getCiScoreForCodeProject(String code
         SecurityGateway securityGateway = securityGatewayRepository.findAll().stream().findFirst().orElse(null);
         if (securityGateway != null && cp.isPresent()) {
             if (StringUtils.isNotBlank(cp.get().getdTrackUuid())) {
-                openSourceScanService.loadVulnerabilities(cp.get());
+                openSourceScanService.loadVulnerabilities(cp.get(),null,null);
             }
             List<VulnManageResponse> vulnManageResponses = createVulnManageResponseForCodeProject(cp.get());
             CIVulnManageResponse ciVulnManageResponse = new CIVulnManageResponse();
diff --git a/src/main/java/io/mixeway/scheduler/GlobalScheduler.java b/src/main/java/io/mixeway/scheduler/GlobalScheduler.java
@@ -123,7 +123,7 @@ public void getDepTrackVulns() {
                 }
                     try {
 
-                        openSourceScanService.loadVulnerabilities(cp);
+                        openSourceScanService.loadVulnerabilities(cp,null,null);
                     } catch (CertificateException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyManagementException | KeyStoreException | IOException e) {
                         log.error("Error {} during OpenSource Scan Synchro for {}", e.getLocalizedMessage(), cp.getName());
                     }
diff --git a/src/test/java/io/mixeway/scanmanager/service/opensource/OpenSourceScanServiceTest.java b/src/test/java/io/mixeway/scanmanager/service/opensource/OpenSourceScanServiceTest.java
@@ -112,7 +112,7 @@ void loadVulnerabilities() throws UnrecoverableKeyException, CertificateExceptio
         }
         Mockito.doNothing().when(dependencyTrackApiClient).loadVulnerabilities(Mockito.any(CodeProject.class),Mockito.any(CodeProjectBranch.class));
         Mockito.when(dependencyTrackApiClient.canProcessRequest(Mockito.any(CodeProject.class))).thenReturn(true);
-        openSourceScanService.loadVulnerabilities(codeProject);
+        openSourceScanService.loadVulnerabilities(codeProject, null, null);
         List<ProjectVulnerability> projectVulnerabilities = vulnTemplate.projectVulnerabilityRepository.findByCodeProject(codeProject);
         assertEquals(15, projectVulnerabilities.size());
     }

Original file line number	Diff line number	Diff line change
`@@ -359,7 +359,7 @@ public ResponseEntity<CIVulnManageResponse> getCiScoreForCodeProject(String code`
`359`	`359`	`SecurityGateway securityGateway = securityGatewayRepository.findAll().stream().findFirst().orElse(null);`
`360`	`360`	`if (securityGateway != null && cp.isPresent()) {`
`361`	`361`	`if (StringUtils.isNotBlank(cp.get().getdTrackUuid())) {`
`362`		`- openSourceScanService.loadVulnerabilities(cp.get());`
	`362`	`+ openSourceScanService.loadVulnerabilities(cp.get(),null,null);`
`363`	`363`	`}`
`364`	`364`	`List<VulnManageResponse> vulnManageResponses = createVulnManageResponseForCodeProject(cp.get());`
`365`	`365`	`CIVulnManageResponse ciVulnManageResponse = new CIVulnManageResponse();`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ public void getDepTrackVulns() {`
`123`	`123`	`}`
`124`	`124`	`try {`
`125`	`125`
`126`		`- openSourceScanService.loadVulnerabilities(cp);`
	`126`	`+ openSourceScanService.loadVulnerabilities(cp,null,null);`
`127`	`127`	`} catch (CertificateException \| UnrecoverableKeyException \| NoSuchAlgorithmException \| KeyManagementException \| KeyStoreException \| IOException e) {`
`128`	`128`	`log.error("Error {} during OpenSource Scan Synchro for {}", e.getLocalizedMessage(), cp.getName());`
`129`	`129`	`}`
Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ void loadVulnerabilities() throws UnrecoverableKeyException, CertificateExceptio`
`112`	`112`	`}`
`113`	`113`	`Mockito.doNothing().when(dependencyTrackApiClient).loadVulnerabilities(Mockito.any(CodeProject.class),Mockito.any(CodeProjectBranch.class));`
`114`	`114`	`Mockito.when(dependencyTrackApiClient.canProcessRequest(Mockito.any(CodeProject.class))).thenReturn(true);`
`115`		`- openSourceScanService.loadVulnerabilities(codeProject);`
	`115`	`+ openSourceScanService.loadVulnerabilities(codeProject, null, null);`
`116`	`116`	`List<ProjectVulnerability> projectVulnerabilities = vulnTemplate.projectVulnerabilityRepository.findByCodeProject(codeProject);`
`117`	`117`	`assertEquals(15, projectVulnerabilities.size());`
`118`	`118`	`}`