Checkmarx · tamarleviCm · Mar 20, 2024 · Mar 20, 2024 · Mar 20, 2024 · Mar 20, 2024
@@ -52,6 +52,11 @@ const (
 	lowCx                     = "LOW"
 	mediumCx                  = "MEDIUM"
 	highCx                    = "HIGH"
+	tableResultsFormat        = "              | %-10s   %4d   %6d   %4d   %4d   %-9s  |\n"
+	stringTableResultsFormat  = "              | %-10s   %4s   %6s   %4s   %4s   %5s      |\n"
+	TableTitleFormat          = "              | %-11s   %4s    %6s  %4s   %4s   %6s    |\n"
+	twoNewLines               = "\n\n"
+	tableLine                 = "              ---------------------------------------------------------     "
 	codeBashingKey            = "cb-url"
 	failedGettingBfl          = "Failed getting BFL"
 	notAvailableString        = "-"
@@ -138,6 +143,10 @@ var sonarSeverities = map[string]string{
 	highCx:   highSonar,
 }
 
+var containerSupportedAgents = []string{
+	commonParams.DefaultAgent,
+}
+
 func NewResultsCommand(
 	resultsWrapper wrappers.ResultsWrapper,
 	scanWrapper wrappers.ScansWrapper,
@@ -199,6 +208,7 @@ func resultShowSubCommand(
 		printer.FormatPDF,
 		printer.FormatSummaryMarkdown,
 		printer.FormatGL,
+		// printer.FormatSonar ??
 	)
 	resultShowCmd.PersistentFlags().String(commonParams.ReportFormatPdfToEmailFlag, "", pdfToEmailFlagDescription)
 	resultShowCmd.PersistentFlags().String(commonParams.ReportSbomFormatFlag, defaultSbomOption, sbomReportFlagDescription)
@@ -356,12 +366,18 @@ func convertScanToResultsSummary(scanInfo *wrappers.ScanResponseModel, resultsWr
 	sastIssues := 0
 	scaIssues := 0
 	kicsIssues := 0
+	var containersIssues *int
 	enginesStatusCode := map[string]int{
 		commonParams.SastType:   0,
 		commonParams.ScaType:    0,
 		commonParams.KicsType:   0,
 		commonParams.APISecType: 0,
 	}
+	if wrappers.IsContainersEnabled {
+		containersIssues = new(int)
+		*containersIssues = 0
+		enginesStatusCode[commonParams.ContainersType] = 0
+	}
 
 	if len(scanInfo.StatusDetails) > 0 {
 		for _, statusDetailItem := range scanInfo.StatusDetails {
@@ -372,6 +388,8 @@ func convertScanToResultsSummary(scanInfo *wrappers.ScanResponseModel, resultsWr
 					scaIssues = notAvailableNumber
 				} else if statusDetailItem.Name == commonParams.KicsType {
 					kicsIssues = notAvailableNumber
+				} else if statusDetailItem.Name == commonParams.ContainersType && wrappers.IsContainersEnabled {
+					*containersIssues = notAvailableNumber
 				}
 			}
 			switch statusDetailItem.Status {
@@ -383,31 +401,34 @@ func convertScanToResultsSummary(scanInfo *wrappers.ScanResponseModel, resultsWr
 		}
 	}
 	summary := &wrappers.ResultSummary{
-		ScanID:         scanInfo.ID,
-		Status:         string(scanInfo.Status),
-		CreatedAt:      scanInfo.CreatedAt.Format("2006-01-02, 15:04:05"),
-		ProjectID:      scanInfo.ProjectID,
-		RiskStyle:      "",
-		RiskMsg:        "",
-		HighIssues:     0,
-		MediumIssues:   0,
-		LowIssues:      0,
-		InfoIssues:     0,
-		SastIssues:     sastIssues,
-		KicsIssues:     kicsIssues,
-		ScaIssues:      scaIssues,
-		Tags:           scanInfo.Tags,
-		ProjectName:    scanInfo.ProjectName,
-		BranchName:     scanInfo.Branch,
-		EnginesEnabled: scanInfo.Engines,
+		ScanID:           scanInfo.ID,
+		Status:           string(scanInfo.Status),
+		CreatedAt:        scanInfo.CreatedAt.Format("2006-01-02, 15:04:05"),
+		ProjectID:        scanInfo.ProjectID,
+		RiskStyle:        "",
+		RiskMsg:          "",
+		HighIssues:       0,
+		MediumIssues:     0,
+		LowIssues:        0,
+		InfoIssues:       0,
+		SastIssues:       sastIssues,
+		KicsIssues:       kicsIssues,
+		ScaIssues:        scaIssues,
+		ContainersIssues: containersIssues,
+		Tags:             scanInfo.Tags,
+		ProjectName:      scanInfo.ProjectName,
+		BranchName:       scanInfo.Branch,
+		EnginesEnabled:   scanInfo.Engines,
 		EnginesResult: map[string]*wrappers.EngineResultSummary{
 			commonParams.SastType:   {StatusCode: enginesStatusCode[commonParams.SastType]},
 			commonParams.ScaType:    {StatusCode: enginesStatusCode[commonParams.ScaType]},
 			commonParams.KicsType:   {StatusCode: enginesStatusCode[commonParams.KicsType]},
 			commonParams.APISecType: {StatusCode: enginesStatusCode[commonParams.APISecType]},
 		},
 	}
-
+	if wrappers.IsContainersEnabled {
+		summary.EnginesResult[commonParams.ContainersType] = &wrappers.EngineResultSummary{StatusCode: enginesStatusCode[commonParams.ContainersType]}
+	}
 	baseURI, err := resultsWrapper.GetResultsURL(summary.ProjectID)
 	if err != nil {
 		return nil, err
@@ -451,6 +472,9 @@ func summaryReport(
 	setNotAvailableNumberIfZero(summary, &summary.SastIssues, commonParams.SastType)
 	setNotAvailableNumberIfZero(summary, &summary.ScaIssues, commonParams.ScaType)
 	setNotAvailableNumberIfZero(summary, &summary.KicsIssues, commonParams.KicsType)
+	if wrappers.IsContainersEnabled {
+		setNotAvailableNumberIfZero(summary, summary.ContainersIssues, commonParams.ContainersType)
+	}
 	setRiskMsgAndStyle(summary)
 	setNotAvailableEnginesStatusCode(summary)
 
@@ -494,6 +518,9 @@ func enhanceWithScanSummary(summary *wrappers.ResultSummary, results *wrappers.S
 		summary.EnginesResult[commonParams.APISecType].High = summary.APISecurity.Risks[1]
 	}
 	summary.TotalIssues = summary.SastIssues + summary.ScaIssues + summary.KicsIssues + summary.GetAPISecurityDocumentationTotal()
+	if wrappers.IsContainersEnabled {
+		summary.TotalIssues += *summary.ContainersIssues
+	}
 }
 
 func writeHTMLSummary(targetFile string, summary *wrappers.ResultSummary) error {
@@ -559,7 +586,7 @@ func writeConsoleSummary(summary *wrappers.ResultSummary) error {
 }
 
 func printPoliciesSummary(summary *wrappers.ResultSummary) {
-	fmt.Printf("              --------------------------------------     \n")
+	fmt.Printf(tableLine + "\n")
 	if summary.Policies.BreakBuild {
 		fmt.Printf("            Policy Management Violation - Break Build Enabled:                     \n")
 	} else {
@@ -585,22 +612,19 @@ func printAPIsSecuritySummary(summary *wrappers.ResultSummary) {
 	if summary.HasAPISecurityDocumentation() {
 		fmt.Printf("              APIS DOCUMENTATION: %*d \n", defaultPaddingSize, summary.GetAPISecurityDocumentationTotal())
 	}
-	fmt.Printf("              --------------------------------------------------     \n\n")
+	fmt.Printf(tableLine + twoNewLines)
 }
 
 func printTableRow(title string, counts *wrappers.EngineResultSummary, statusNumber int) {
-	formatString := "              | %-4s   %4d   %6d   %4d   %4d   %-9s  |\n"
-	notAvailableFormatString := "              | %-4s   %4s   %6s   %4s   %4s   %5s      |\n"
-
 	switch statusNumber {
 	case notAvailableNumber:
-		fmt.Printf(notAvailableFormatString, title, notAvailableString, notAvailableString, notAvailableString, notAvailableString, notAvailableString)
+		fmt.Printf(stringTableResultsFormat, title, notAvailableString, notAvailableString, notAvailableString, notAvailableString, notAvailableString)
 	case scanFailedNumber:
-		fmt.Printf(formatString, title, counts.High, counts.Medium, counts.Low, counts.Info, scanFailedString)
+		fmt.Printf(tableResultsFormat, title, counts.High, counts.Medium, counts.Low, counts.Info, scanFailedString)
 	case scanCanceledNumber:
-		fmt.Printf(formatString, title, counts.High, counts.Medium, counts.Low, counts.Info, scanCanceledString)
+		fmt.Printf(tableResultsFormat, title, counts.High, counts.Medium, counts.Low, counts.Info, scanCanceledString)
 	default:
-		fmt.Printf(formatString, title, counts.High, counts.Medium, counts.Low, counts.Info, scanSuccessString)
+		fmt.Printf(tableResultsFormat, title, counts.High, counts.Medium, counts.Low, counts.Info, scanSuccessString)
 	}
 }
 
@@ -609,20 +633,23 @@ func printResultsSummaryTable(summary *wrappers.ResultSummary) {
 	totalMediumIssues := summary.EnginesResult.GetMediumIssues()
 	totalLowIssues := summary.EnginesResult.GetLowIssues()
 	totalInfoIssues := summary.EnginesResult.GetInfoIssues()
-	fmt.Printf("              ---------------------------------------------------     \n\n")
+	fmt.Printf(tableLine + twoNewLines)
 	fmt.Printf("              Total Results: %d                       \n", summary.TotalIssues)
-	fmt.Println("              ---------------------------------------------------     ")
-	fmt.Println("              |          High   Medium   Low   Info   Status    |")
+	fmt.Println(tableLine)
+	fmt.Printf(TableTitleFormat, "   ", "High", "Medium", "Low", "Info", "Status")
 
 	printTableRow("APIs", summary.EnginesResult[commonParams.APISecType], summary.EnginesResult[commonParams.APISecType].StatusCode)
 	printTableRow("IAC", summary.EnginesResult[commonParams.KicsType], summary.EnginesResult[commonParams.KicsType].StatusCode)
 	printTableRow("SAST", summary.EnginesResult[commonParams.SastType], summary.EnginesResult[commonParams.SastType].StatusCode)
 	printTableRow("SCA", summary.EnginesResult[commonParams.ScaType], summary.EnginesResult[commonParams.ScaType].StatusCode)
+	if wrappers.IsContainersEnabled {
+		printTableRow("CONTAINERS", summary.EnginesResult[commonParams.ContainersType], summary.EnginesResult[commonParams.ContainersType].StatusCode)
+	}
 
-	fmt.Println("              ---------------------------------------------------     ")
-	fmt.Printf("              | %-4s  %4d   %6d   %4d   %4d   %-9s  |\n",
-		fmt.Sprintf(boldFormat, "TOTAL"), totalHighIssues, totalMediumIssues, totalLowIssues, totalInfoIssues, summary.Status)
-	fmt.Printf("              ---------------------------------------------------     \n\n")
+	fmt.Println(tableLine)
+	fmt.Printf(tableResultsFormat,
+		fmt.Sprintf(boldFormat, "TOTAL     "), totalHighIssues, totalMediumIssues, totalLowIssues, totalInfoIssues, summary.Status)
+	fmt.Printf(tableLine + twoNewLines)
 }
 
 func generateScanSummaryURL(summary *wrappers.ResultSummary) string {
@@ -651,6 +678,7 @@ func runGetResultCommand(
 		useSCALocalFlow, _ := cmd.Flags().GetBool(commonParams.ReportSbomFormatLocalFlowFlag)
 		retrySBOM, _ := cmd.Flags().GetInt(commonParams.RetrySBOMFlag)
 		sastRedundancy, _ := cmd.Flags().GetBool(commonParams.SastRedundancyFlag)
+		agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)
 
 		scanID, _ := cmd.Flags().GetString(commonParams.ScanIDFlag)
 		if scanID == "" {
@@ -683,7 +711,6 @@ func runGetResultCommand(
 		} else {
 			logger.PrintIfVerbose("Skipping policy evaluation")
 		}
-
 		if sastRedundancy {
 			params[commonParams.SastRedundancyFlag] = ""
 		}
@@ -703,6 +730,7 @@ func runGetResultCommand(
 			formatSbomOptions,
 			targetFile,
 			targetPath,
+			agent,
 			params)
 	}
 }
@@ -746,7 +774,10 @@ func runGetCodeBashingCommand(
 		return nil
 	}
 }
-
+func setIsContainersEnabled(agent string) {
+	agentSupported := contains(containerSupportedAgents, agent)
+	wrappers.IsContainersEnabled = wrappers.FeatureFlags[wrappers.ContainerEngineCLIEnabled] && agentSupported
+}
 func CreateScanReport(
 	resultsWrapper wrappers.ResultsWrapper,
 	risksOverviewWrapper wrappers.RisksOverviewWrapper,
@@ -762,11 +793,12 @@ func CreateScanReport(
 	formatSbomOptions,
 	targetFile,
 	targetPath string,
+	agent string,
 	params map[string]string,
 ) error {
 	reportList := strings.Split(reportTypes, ",")
 	results := &wrappers.ScanResultsCollection{}
-
+	setIsContainersEnabled(agent)
 	summary, err := convertScanToResultsSummary(scan, resultsWrapper)
 	if err != nil {
 		return err
@@ -814,14 +846,22 @@ func countResult(summary *wrappers.ResultSummary, result *wrappers.ScanResult) {
 		} else if engineType == commonParams.KicsType {
 			summary.KicsIssues++
 			summary.TotalIssues++
+		} else if engineType == commonParams.ContainersType {
+			if wrappers.IsContainersEnabled {
+				*summary.ContainersIssues++
+				summary.TotalIssues++
+			} else {
+				return
+			}
 		}
-		if severity == highLabel {
+		switch severity {
+		case highLabel:
 			summary.HighIssues++
-		} else if severity == lowLabel {
-			summary.LowIssues++
-		} else if severity == mediumLabel {
+		case mediumLabel:
 			summary.MediumIssues++
-		} else if severity == infoLabel {
+		case lowLabel:
+			summary.LowIssues++
+		case infoLabel:
 			summary.InfoIssues++
 		}
 		summary.UpdateEngineResultSummary(engineType, severity)
@@ -1039,9 +1079,24 @@ func enrichScaResults(
 		// Compute SAST results redundancy
 		resultsModel = ComputeRedundantSastResults(resultsModel)
 	}
+	if util.Contains(scan.Engines, commonParams.ContainersType) && !wrappers.IsContainersEnabled {
+		resultsModel = removeContainerResults(resultsModel)
+	}
 	return resultsModel, nil
 }
 
+func removeContainerResults(model *wrappers.ScanResultsCollection) *wrappers.ScanResultsCollection {
+	var newResults []*wrappers.ScanResult
+	for _, result := range model.Results {
+		if result.Type != commonParams.ContainersType {
+			newResults = append(newResults, result)
+		}
+	}
+	model.Results = newResults
+	model.TotalCount = uint(len(newResults))
+	return model
+}
+
 func exportSarifResults(targetFile string, results *wrappers.ScanResultsCollection) error {
 	var err error
 	var resultsJSON []byte
@@ -1446,12 +1501,28 @@ func parseResultsSonar(results *wrappers.ScanResultsCollection) []wrappers.Sonar
 			} else if engineType == commonParams.ScaType {
 				sonarIssuesByLocation := parseScaSonarLocations(result)
 				sonarIssues = append(sonarIssues, sonarIssuesByLocation...)
+			} else if wrappers.IsContainersEnabled && engineType == commonParams.ContainersType {
+				auxIssue.PrimaryLocation = parseContainersSonar(result)
+				sonarIssues = append(sonarIssues, auxIssue)
 			}
 		}
 	}
 	return sonarIssues
 }
 
+func parseContainersSonar(result *wrappers.ScanResult) wrappers.SonarLocation {
+	var auxLocation wrappers.SonarLocation
+	auxLocation.FilePath = result.ScanResultData.ImageFilePath
+	auxLocation.Message = result.Description
+	var textRange wrappers.SonarTextRange
+	textRange.StartColumn = 1
+	textRange.EndColumn = 2
+	textRange.StartLine = 1
+	textRange.EndLine = 2
+	auxLocation.TextRange = textRange
+	return auxLocation
+}
+
 func initSonarIssue(result *wrappers.ScanResult) wrappers.SonarIssues {
 	var sonarIssue wrappers.SonarIssues
 	sonarIssue.Severity = sonarSeverities[result.Severity]
@@ -1645,6 +1716,8 @@ func findResult(result *wrappers.ScanResult) []wrappers.SarifScanResult {
 		scanResults = parseSarifResultKics(result, scanResults)
 	} else if result.Type == commonParams.ScaType {
 		scanResults = parseSarifResultsSca(result, scanResults)
+	} else if result.Type == commonParams.ContainersType && wrappers.IsContainersEnabled {
+		scanResults = parseSarifResultsContainers(result, scanResults)
 	}
 
 	if len(scanResults) > 0 {
@@ -1653,6 +1726,21 @@ func findResult(result *wrappers.ScanResult) []wrappers.SarifScanResult {
 	return nil
 }
 
+func parseSarifResultsContainers(result *wrappers.ScanResult, scanResults []wrappers.SarifScanResult) []wrappers.SarifScanResult {
+	var scanResult = initSarifResult(result)
+	var scanLocation wrappers.SarifLocation
+
+	scanLocation.PhysicalLocation.ArtifactLocation.URI = result.ScanResultData.ImageFilePath
+	scanLocation.PhysicalLocation.Region = &wrappers.SarifRegion{}
+	scanLocation.PhysicalLocation.Region.StartLine = 1
+	scanLocation.PhysicalLocation.Region.StartColumn = 1
+	scanLocation.PhysicalLocation.Region.EndColumn = 2
+	scanResult.Locations = append(scanResult.Locations, scanLocation)
+
+	scanResults = append(scanResults, scanResult)
+	return scanResults
+}
+
 func parseSarifResultsSca(result *wrappers.ScanResult, scanResults []wrappers.SarifScanResult) []wrappers.SarifScanResult {
 	if result == nil || result.ScanResultData.ScaPackageCollection == nil || result.ScanResultData.ScaPackageCollection.Locations == nil {
 		return scanResults
@@ -1728,6 +1816,8 @@ func convertNotAvailableNumberToZero(summary *wrappers.ResultSummary) {
 		summary.SastIssues = 0
 	} else if summary.ScaIssues == notAvailableNumber {
 		summary.ScaIssues = 0
+	} else if wrappers.IsContainersEnabled && *summary.ContainersIssues == notAvailableNumber {
+		*summary.ContainersIssues = 0
 	}
 }