[ADD] CxOne API

checkmarx-ts · Jul 20, 2023 · ef214b1 · ef214b1
1 parent d215342
commit ef214b1
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 55 deletions.
diff --git a/CheckmarxPythonSDK/CxOne/AccessControlAPI/api.py b/CheckmarxPythonSDK/CxOne/AccessControlAPI/api.py
@@ -12,7 +12,9 @@
     construct_ast_user,
 )
 
-# PIP
+"""
+PIP
+"""
 
 
 def get_groups(realm, group_name=None, limit=None, ids=None) -> List[AstIdWithName]:
@@ -78,5 +80,3 @@ def get_users_by_groups(realm, group_id) -> List[AstUser]:
     response = get_request(relative_url=relative_url, is_iam=True)
     item_list = response.json()
     return [construct_ast_user(item) for item in item_list]
-
-
diff --git a/CheckmarxPythonSDK/CxOne/KeycloakAPI/ClientsAPI.py b/CheckmarxPythonSDK/CxOne/KeycloakAPI/ClientsAPI.py
@@ -3,11 +3,13 @@
 from CheckmarxPythonSDK.CxOne.KeycloakAPI.url import api_url
 import time
 
+
 def get_all_oauth_clients(realm):
     relative_url = api_url + f"/{realm}/clients??first=0&max=999999&search=True"
     response = get_request(relative_url=relative_url, is_iam=True)
     return response
 
+
 def get_oauth_client_by_name(realm, client_name):
     relative_url = api_url + f"/{realm}/clients??first=0&max=999999&search=True"
     response = get_request(relative_url=relative_url, is_iam=True)
@@ -18,11 +20,12 @@ def get_oauth_client_by_name(realm, client_name):
 
     return response
 
+
 def create_oauth_client(realm, client_name):
     relative_url = api_url + f"/{realm}/clients"
     post_data = json.dumps(
         {
-            'enabled' : True,
+            'enabled': True,
             'attributes': {},
             'redirectUris': [],
             'clientId': client_name,
@@ -32,6 +35,7 @@ def create_oauth_client(realm, client_name):
     response = post_request(relative_url=relative_url, data=post_data, is_iam=True)
     return response
 
+
 def edit_auth_client(realm, client_id, client_name, name, description):
     relative_url = api_url + f"/{realm}/clients/{client_id}"
     current_time = int(time.time())
@@ -69,43 +73,43 @@ def edit_auth_client(realm, client_id, client_name, name, description):
             "nodeReRegistrationTimeout": -1,
             "protocolMappers": [
                 {
-                "name": "Client IP Address",
-                "protocol": "openid-connect",
-                "protocolMapper": "oidc-usersessionmodel-note-mapper",
-                "consentRequired": False,
-                "config": {
-                    "user.session.note": "clientAddress",
-                    "id.token.claim": "True",
-                    "access.token.claim": "True",
-                    "claim.name": "clientAddress",
-                    "jsonType.label": "String"
-                }
+                    "name": "Client IP Address",
+                    "protocol": "openid-connect",
+                    "protocolMapper": "oidc-usersessionmodel-note-mapper",
+                    "consentRequired": False,
+                    "config": {
+                        "user.session.note": "clientAddress",
+                        "id.token.claim": "True",
+                        "access.token.claim": "True",
+                        "claim.name": "clientAddress",
+                        "jsonType.label": "String"
+                    }
                 },
                 {
-                "name": "Client ID",
-                "protocol": "openid-connect",
-                "protocolMapper": "oidc-usersessionmodel-note-mapper",
-                "consentRequired": False,
-                "config": {
-                    "user.session.note": "clientId",
-                    "id.token.claim": "True",
-                    "access.token.claim": "True",
-                    "claim.name": "clientId",
-                    "jsonType.label": "String"
-                }
+                    "name": "Client ID",
+                    "protocol": "openid-connect",
+                    "protocolMapper": "oidc-usersessionmodel-note-mapper",
+                    "consentRequired": False,
+                    "config": {
+                        "user.session.note": "clientId",
+                        "id.token.claim": "True",
+                        "access.token.claim": "True",
+                        "claim.name": "clientId",
+                        "jsonType.label": "String"
+                    }
                 },
                 {
-                "name": "Client Host",
-                "protocol": "openid-connect",
-                "protocolMapper": "oidc-usersessionmodel-note-mapper",
-                "consentRequired": False,
-                "config": {
-                    "user.session.note": "clientHost",
-                    "id.token.claim": "True",
-                    "access.token.claim": "True",
-                    "claim.name": "clientHost",
-                    "jsonType.label": "String"
-                }
+                    "name": "Client Host",
+                    "protocol": "openid-connect",
+                    "protocolMapper": "oidc-usersessionmodel-note-mapper",
+                    "consentRequired": False,
+                    "config": {
+                        "user.session.note": "clientHost",
+                        "id.token.claim": "True",
+                        "access.token.claim": "True",
+                        "claim.name": "clientHost",
+                        "jsonType.label": "String"
+                    }
                 }
             ],
             "defaultClientScopes": [
@@ -134,19 +138,21 @@ def edit_auth_client(realm, client_id, client_name, name, description):
     response = put_request(relative_url=relative_url, data=put_data, is_iam=True)
     return response
 
+
 def get_oauth_service_account_user(realm, client_id):
     relative_url = api_url + f"/{realm}/clients/{client_id}/service-account-user"
     response = get_request(relative_url=relative_url, is_iam=True)
     return response.json()
 
+
 def add_group_to_oauth_client(realm, service_account_user_id, group_id):
     relative_url = api_url + f"/{realm}/users/{service_account_user_id}/groups/{group_id}"
-    
+
     put_data = json.dumps(
         {
-            "realm":f"{realm}",
-            "userId":f"{service_account_user_id}",
-            "groupId":f"{group_id}"
+            "realm": f"{realm}",
+            "userId": f"{service_account_user_id}",
+            "groupId": f"{group_id}"
         }
     )
     response = put_request(relative_url=relative_url, data=put_data, is_iam=True)

diff --git a/CheckmarxPythonSDK/CxOne/KeycloakAPI/RoleMapperAPI.py b/CheckmarxPythonSDK/CxOne/KeycloakAPI/RoleMapperAPI.py
@@ -0,0 +1,16 @@
+import json
+from ...utilities.compat import CREATED, NO_CONTENT
+from ..httpRequests import get_request, post_request, put_request, delete_request
+from typing import List
+from ..utilities import get_url_param, type_check
+from .url import api_url
+
+
+def get_role_mappings(realm, group_id):
+    type_check(realm, str)
+    type_check(group_id, str)
+
+    relative_url = api_url + f"/{realm}/groups/{group_id}/role-mappings"
+    response = get_request(relative_url=relative_url, is_iam=True)
+    response = response.json()
+    return response
diff --git a/CheckmarxPythonSDK/CxOne/KeycloakAPI/__init__.py b/CheckmarxPythonSDK/CxOne/KeycloakAPI/__init__.py
@@ -18,3 +18,7 @@
     get_group_members,
     create_group,
 )
+
+from .RoleMapperAPI import (
+    get_role_mappings,
+)
diff --git a/CheckmarxPythonSDK/CxOne/reportAPI → CheckmarxPythonSDK/CxOne/reportAPI.py b/CheckmarxPythonSDK/CxOne/reportAPI → CheckmarxPythonSDK/CxOne/reportAPI.py
@@ -8,30 +8,31 @@
 
 base_url = config.get("server")
 
+
 def create_scan_report(file_format, scan_id, project_id):
     report_url = f"{base_url}/api/reports"
 
     post_data = json.dumps({
-            "fileFormat": file_format,
-            "reportType": "ui",
-            "reportName": "scan-report",
-            "data": {
-                "scanId": scan_id,
-                "projectId": project_id,
-                "branchName": ".unknown",
-                "sections": [
+        "fileFormat": file_format,
+        "reportType": "ui",
+        "reportName": "scan-report",
+        "data": {
+            "scanId": scan_id,
+            "projectId": project_id,
+            "branchName": ".unknown",
+            "sections": [
                 "ScanSummary",
                 "ExecutiveSummary",
                 "ScanResults"
-                ],
-                "scanners": [
+            ],
+            "scanners": [
                 "SAST",
                 "SCA",
                 "KICS"
-                ],
-                "host": ""
-                }
-            })
+            ],
+            "host": ""
+        }
+    })
 
     headers = authHeaders.auth_headers.copy()
 
@@ -54,6 +55,7 @@ def create_scan_report(file_format, scan_id, project_id):
             time.sleep(2)
     return report_id
 
+
 def get_scan_report(report_id):
     relative_url = f"/api/reports/{report_id}/download"