Checkmarx · pedrompflopes · Nov 24, 2023 · Nov 20, 2023 · Nov 20, 2023 · Nov 20, 2023
@@ -9,8 +9,6 @@ env:
 jobs:
   unit-tests:
     runs-on: ubuntu-latest
-    env:
-      GOPRIVATE: "github.com/checkmarxDev/*"
     steps:
       - name: Checkout the repository
         uses: actions/checkout@v4
@@ -19,8 +17,6 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
       - run: go version
-      - name: Setup git
-        run: git config --global url."https://${{ secrets.PERSONAL_ACCESS_TOKEN }}:@github.com/".insteadOf "https://github.com"
       - name: go test with coverage
         run: |
           sudo chmod +x ./internal/commands/.scripts/up.sh
@@ -40,13 +36,10 @@ jobs:
           fi
   integration-tests:
     runs-on: ubuntu-latest
-    env:
-      GOPRIVATE: "github.com/checkmarxDev/*"
+    environment: DEU_GALACTICA
     steps:
       - name: Checkout the repository
         uses: actions/checkout@v4
-      - name: Setup git
-        run: git config --global url."https://${{ secrets.PERSONAL_ACCESS_TOKEN }}:@github.com/".insteadOf "https://github.com"
       - name: Set up Go version
         uses: actions/setup-go@v4
         with:
@@ -116,17 +109,13 @@ jobs:
   lint:
     name: lint
     runs-on: ubuntu-latest
-    env:
-      GOPRIVATE: "github.com/checkmarxDev/*"
     steps:
       - uses: actions/checkout@v4
       - name: Set up Go version
         uses: actions/setup-go@v4
         with:
           go-version: ${{ env.GO_VERSION }}
       - run: go version
-      - name: Setup git
-        run: git config --global url."https://${{ secrets.PERSONAL_ACCESS_TOKEN }}:@github.com/".insteadOf "https://github.com"
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:

@@ -251,14 +251,14 @@ func createGroupsMap(groupsStr string, groupsWrapper wrappers.GroupsWrapper) ([]
 		if len(group) > 0 {
 			groupIds, err := groupsWrapper.Get(group)
 			if err != nil {
-				return nil, err
-			}
-
-			groupID := findGroupID(groupIds, group)
-			if groupID != "" {
-				groupMap = append(groupMap, groupID)
-			} else {
 				groupsNotFound = append(groupsNotFound, group)
+			} else {
+				groupID := findGroupID(groupIds, group)
+				if groupID != "" {
+					groupMap = append(groupMap, groupID)
+				} else {
+					groupsNotFound = append(groupsNotFound, group)
+				}
 			}
 		}
 	}

@@ -17,6 +17,8 @@ import (
 	"github.com/checkmarx/ast-cli/internal/commands/util"
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
 	"github.com/checkmarx/ast-cli/internal/logger"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
 
 	commonParams "github.com/checkmarx/ast-cli/internal/params"
 
@@ -79,21 +81,18 @@ const (
 	scaPrivatePackageVersionFlagDescription = "SCA project private package version. Example: 0.1.1"
 	policeManagementNoneStatus              = "none"
 	apiDocumentationFlagDescription         = "Swagger folder/file filter for API-Security scan. Example: ./swagger.json"
+	summaryCreatedAtLayout                  = "2006-01-02, 15:04:05"
+	glTimeFormat                            = "2006-01-02T15:04:05"
 )
 
-var resultsFormats = []string{
-	printer.FormatJSON,
-	printer.FormatSarif,
-	printer.FormatSonar,
-	printer.FormatGL,
-}
 var summaryFormats = []string{
 	printer.FormatSummaryConsole,
 	printer.FormatSummary,
 	printer.FormatSummaryJSON,
 	printer.FormatPDF,
 	printer.FormatSummaryMarkdown,
 	printer.FormatSbom,
+	printer.FormatGL,
 }
 
 var filterResultsListFlagUsage = fmt.Sprintf(
@@ -190,6 +189,7 @@ func resultShowSubCommand(
 		printer.FormatSbom,
 		printer.FormatPDF,
 		printer.FormatSummaryMarkdown,
+		printer.FormatGL,
 	)
 	resultShowCmd.PersistentFlags().String(commonParams.ReportFormatPdfToEmailFlag, "", pdfToEmailFlagDescription)
 	resultShowCmd.PersistentFlags().String(commonParams.ReportSbomFormatFlag, defaultSbomOption, sbomReportFlagDescription)
@@ -979,26 +979,50 @@ func exportSarifResults(targetFile string, results *wrappers.ScanResultsCollecti
 	return nil
 }
 func exportGlSastResults(targetFile string, results *wrappers.ScanResultsCollection, summary *wrappers.ResultSummary) error {
-	var err error
-	var resultsJSON []byte
 	log.Println("Creating gl-sast Report: ", targetFile)
-	var glSastResults = convertCxResultsToGLSast(results)
-	glSastResults = addStatus(summary, glSastResults)
-	resultsJSON, err = json.Marshal(glSastResults)
+	var glSast = new(wrappers.GlSastResultsCollection)
+	err := addScanToGlSastReport(summary, glSast)
 	if err != nil {
-		return errors.Wrapf(err, "%s: failed to serialize results response ", failedGettingAll)
+		return errors.Wrapf(err, "%s: failed to add scan to gl sast report", failedListingResults)
+	}
+	convertCxResultToGlVulnerability(results, glSast)
+
+	resultsJSON, err := json.Marshal(glSast)
+	if err != nil {
+		return errors.Wrapf(err, "%s: failed to serialize gl sast report ", failedListingResults)
 	}
 	f, err := os.Create(targetFile)
 	if err != nil {
-		return errors.Wrapf(err, "%s: failed to create target file  ", failedGettingAll)
+		return errors.Wrapf(err, "%s: failed to create target file  ", failedListingResults)
 	}
 	_, _ = fmt.Fprintln(f, string(resultsJSON))
 	defer f.Close()
 	return nil
 }
-func addStatus(summary *wrappers.ResultSummary, glSastResults *wrappers.GlSastResultsCollection) *wrappers.GlSastResultsCollection {
-	glSastResults.Scan.Status = summary.Status
-	return glSastResults
+func addScanToGlSastReport(summary *wrappers.ResultSummary, glSast *wrappers.GlSastResultsCollection) error {
+	createdAt, err := time.Parse(summaryCreatedAtLayout, summary.CreatedAt)
+	if err != nil {
+		return err
+	}
+
+	glSast.Scan = wrappers.ScanGlReport{}
+	glSast.Schema = "https://gitlab.com/gitlab-org/gitlab/-/raw/master/lib/gitlab/ci/parsers/security/validators/schemas/15.0.0/sast-report-format.jsonn"
+	glSast.Version = "15.0.0"
+	glSast.Scan.Analyzer.URL = wrappers.AnalyzerURL
+	glSast.Scan.Analyzer.Name = wrappers.VendorName
+	glSast.Scan.Analyzer.Vendor.Name = wrappers.VendorName
+	glSast.Scan.Analyzer.ID = wrappers.AnalyzerID
+	glSast.Scan.Scanner.ID = wrappers.AnalyzerID
+	glSast.Scan.Scanner.Name = wrappers.VendorName
+	glSast.Scan.Status = commonParams.Success
+	glSast.Scan.Type = commonParams.SastType
+	glSast.Scan.StartTime = createdAt.Format(glTimeFormat)
+	glSast.Scan.EndTime = createdAt.Format(glTimeFormat)
+	glSast.Scan.Scanner.Vendor.Name = wrappers.VendorName
+	glSast.Scan.Scanner.Version = commonParams.Version
+	glSast.Scan.Analyzer.Version = commonParams.Version
+
+	return nil
 }
 func exportSonarResults(targetFile string, results *wrappers.ScanResultsCollection) error {
 	var err error
@@ -1227,23 +1251,13 @@ func convertCxResultsToSarif(results *wrappers.ScanResultsCollection) *wrappers.
 	sarif.Runs = append(sarif.Runs, createSarifRun(results))
 	return sarif
 }
-func convertCxResultsToGLSast(results *wrappers.ScanResultsCollection) *wrappers.GlSastResultsCollection {
-	var glSast = new(wrappers.GlSastResultsCollection)
-	glSast.Scan = wrappers.ScanGlReport{}
-	glSast = setConstValueGlReport(glSast)
-	glVulnra := convertCxResultToGlVulnerability(results, glSast)
-	glSast.Vulnerabilities = glVulnra
-	return glSast
-}
 
-func convertCxResultToGlVulnerability(results *wrappers.ScanResultsCollection, glSast *wrappers.GlSastResultsCollection) []wrappers.GlVulnerabilities {
+func convertCxResultToGlVulnerability(results *wrappers.ScanResultsCollection, glSast *wrappers.GlSastResultsCollection) {
 	for _, result := range results.Results {
-		engineType := strings.TrimSpace(result.Type)
-		if engineType == commonParams.SastType {
+		if strings.TrimSpace(result.Type) == commonParams.SastType {
 			glSast = parseGlSastVulnerability(result, glSast)
 		}
 	}
-	return glSast.Vulnerabilities
 }
 
 func parseGlSastVulnerability(result *wrappers.ScanResult, glSast *wrappers.GlSastResultsCollection) *wrappers.GlSastResultsCollection {
@@ -1263,27 +1277,35 @@ func parseGlSastVulnerability(result *wrappers.ScanResult, glSast *wrappers.GlSa
 		Message:     message,
 		Description: result.Description,
 		CVE:         ID,
-		Severity:    result.Severity,
-		Confidence:  result.Severity,
+		Severity:    cases.Title(language.English).String(result.Severity),
+		Confidence:  cases.Title(language.English).String(result.Severity),
 		Solution:    "",
+
 		Scanner: wrappers.GlScanner{
 			ID:   category,
 			Name: category,
 		},
-		Links: nil,
-		Tracking: wrappers.Tracking{Items: wrappers.Item{
-			Signatures: wrappers.Signature{
-				Algorithm: result.Type + "-Algorithm ",
-				Value:     "NA"},
-			File:      fileName,
-			EndLine:   endLine,
-			StartLine: startLine},
+		Identifiers: []wrappers.Identifier{
+			{
+				Type:  "similarityId",
+				Name:  "Similarity Id ",
+				URL:   wrappers.AnalyzerURL,
+				Value: result.ID,
+			},
 		},
-		Flags: wrappers.Flag{
-			Type:        "",
-			Origin:      result.Type,
-			Description: result.Description,
+		Links: make([]string, 0),
+		Tracking: wrappers.Tracking{
+			Type: "source",
+			Items: []wrappers.Item{
+				{
+					Signatures: []wrappers.Signature{{Algorithm: result.Type + "-Algorithm ", Value: "NA"}},
+					File:       fileName,
+					EndLine:    endLine,
+					StartLine:  startLine,
+				},
+			},
 		},
+		Flags: make([]wrappers.Flag, 0),
 		Location: wrappers.Location{
 			File:      fileName,
 			StartLine: startLine,
@@ -1294,18 +1316,6 @@ func parseGlSastVulnerability(result *wrappers.ScanResult, glSast *wrappers.GlSa
 	return glSast
 }
 
-func setConstValueGlReport(glSast *wrappers.GlSastResultsCollection) *wrappers.GlSastResultsCollection {
-	glSast.Schema = "https://gitlab.com/gitlab-org/gitlab/-/blob/8a42b7e8ab41ec2920f02fb4b36f244bbbb4bfb8/lib/gitlab/ci/parsers/security/validators/schemas/14.1.2/sast-report-format.json"
-	glSast.Version = "14.1.2"
-	glSast.Scan.Analyzer.URL = wrappers.AnalyzerURL
-	glSast.Scan.Analyzer.Name = wrappers.VendorName
-	glSast.Scan.Analyzer.Vendor.Name = wrappers.VendorName
-	glSast.Scan.Analyzer.ID = wrappers.AnalyzerID
-	glSast.Scan.Scanner.ID = wrappers.AnalyzerID
-	glSast.Scan.Scanner.Name = wrappers.VendorName
-	return glSast
-}
-
 func convertCxResultsToSonar(results *wrappers.ScanResultsCollection) *wrappers.ScanResultsSonar {
 	var sonar = new(wrappers.ScanResultsSonar)
 	sonar.Results = parseResultsSonar(results)

@@ -528,6 +528,7 @@ func scanCreateSubCommand(
 		printer.FormatSbom,
 		printer.FormatPDF,
 		printer.FormatSummaryMarkdown,
+		printer.FormatGL,
 	)
 	createScanCmd.PersistentFlags().String(commonParams.APIDocumentationFlag, "", apiDocumentationFlagDescription)
 	createScanCmd.PersistentFlags().String(commonParams.ExploitablePathFlag, "", exploitablePathFlagDescription)
@@ -912,7 +913,7 @@ func addScaScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) map[string
 }
 
 func addAPISecScan(cmd *cobra.Command) map[string]interface{} {
-	if scanTypeEnabled(commonParams.SastType) && scanTypeEnabled(commonParams.APISecurityType) {
+	if scanTypeEnabled(commonParams.APISecurityType) {
 		apiSecMapConfig := make(map[string]interface{})
 		apiSecConfig := wrappers.APISecConfig{}
 		apiSecMapConfig[resultsMapType] = commonParams.APISecType

@@ -220,6 +220,7 @@ const (
 	APISecurityLabel     = "API Security"
 	ScaType              = "sca"
 	APISecType           = "apisec"
+	Success              = "success"
 )
 
 // ScaAgent AST Role

@@ -27,7 +27,7 @@ type GlVulnerabilities struct {
 	Identifiers []Identifier `json:"identifiers"`
 	Links       []string     `json:"links"`
 	Tracking    Tracking     `json:"tracking"`
-	Flags       Flag         `json:"flags"`
+	Flags       []Flag       `json:"flags"`
 	Location    Location     `json:"location"`
 }
 type Identifier struct {
@@ -49,13 +49,14 @@ type Location struct {
 }
 
 type Tracking struct {
-	Items Item `json:"items"`
+	Type  string `json:"type"`
+	Items []Item `json:"items"`
 }
 type Item struct {
-	Signatures Signature `json:"signatures"`
-	File       string    `json:"file"`
-	EndLine    uint      `json:"end_line"`
-	StartLine  uint      `json:"start_line"`
+	Signatures []Signature `json:"signatures"`
+	File       string      `json:"file"`
+	EndLine    uint        `json:"end_line"`
+	StartLine  uint        `json:"start_line"`
 }
 type Signature struct {
 	Algorithm string `json:"algorithm"`
@@ -78,8 +79,10 @@ type Analyzer struct {
 	Version string `json:"version"`
 }
 type GlScanner struct {
-	ID   string `json:"id"`
-	Name string `json:"name"`
+	ID      string `json:"id"`
+	Name    string `json:"name"`
+	Vendor  Vendor `json:"vendor"`
+	Version string `json:"version"`
 }
 type Vendor struct {
 	Name string `json:"name"`

@@ -31,7 +31,7 @@ func TestAuthValidate(t *testing.T) {
 }
 
 func TestAuthValidateClientAndSecret(t *testing.T) {
-	err, buffer := executeCommand(t, "auth", "validate", "--apikey", "")
+	err, buffer := executeCommand(t, "auth", "validate", "--debug", "--apikey", "")
 	assertSuccessAuthentication(t, err, buffer, defaultSuccessValidationMessage)
 }
 
@@ -57,7 +57,7 @@ func TestAuthValidateWithBaseAuthURI(t *testing.T) {
 
 	avoidCachedToken()
 
-	err := execute(validateCommand, "auth", "validate", "--apikey", "")
+	err := execute(validateCommand, "auth", "validate", "--debug", "--apikey", "")
 	assertSuccessAuthentication(t, err, buffer, "")
 
 	// valid authentication passing an empty base-auth-uri once it will be picked from environment variables