Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove direct Checkmarx adapter usage - provide only PDS adapter #1320

Open
de-jcup opened this issue May 9, 2022 · 1 comment
Open

Remove direct Checkmarx adapter usage - provide only PDS adapter #1320

de-jcup opened this issue May 9, 2022 · 1 comment
Assignees
@de-jcup
Labels
3rd-party-integration checkmarx data enhancement New feature or request epic pds pds-solutions server
Milestone
Server 2.4.0

Comments

@de-jcup
Copy link
Member

de-jcup commented May 9, 2022
edited
Loading

Situation

With

we created a possiblity to define source code data inside the codeScan element but also inside the new data section.
As described in #1313 the architve structure does contain __data__/$referenceName .

Currently the Checkmarx product executor will send the created zip content without any further treatment to checkmarx.
The problem here: It will contain __data__/$referenceName and use this as the reference pathes inside its findings!
So e.g. when using sechub plugins to open a finding the path would not be correct. Also reading checkmarx findings inside
HTML reports would be difficult.

Wanted

Checkmarx adapter shall send a ZIP file which does not contain data section pathes inside

Solution

There are two possible solutions

Variant A

We move the Checkmarx product adapter to a PDS solution. This will use #1319 automatically and only necessary stuff will be inside the zip file.

Variant B

The mechanism inside

  • PDS: handle sourcecode.zip with data section parts on PDS server side #1319
    will be written in a very reusable way and is also available inside SecHub server (via library). Then the checkmarx product executor will
  • Check if model needs an archive transformation
  • When no transformation necessary than old behaviour
  • When transformation is necessary, the file will be temporarily stored, transformed and the transformed content will be used by
    checkmarx product adapter.

Additional

For #1164 only PDS does support the filtering.
When we use Variant B we must also introduce sechub.productexecutor.filefilter.excludes and sechub.productexecutor.filefilter.includes to handle this on sechub side as well. This will done by #1395
@de-jcup de-jcup self-assigned this May 9, 2022
@de-jcup de-jcup added this to the Server 0.32.0 milestone May 9, 2022
This was referenced May 9, 2022
Merged
Closed
Closed
de-jcup added a commit that referenced this issue May 9, 2022
@de-jcup
Moved gradle sub parts to gradle folder #1321 + introduce archive
4403785 
- all gradle sub files from rootfolder are now moved
  to `gradle` subfolder
- introduced `sechub-commons-archive` gradle submodule for handling
  issues #1320, #1319 and #1167
@sven-dmlr sven-dmlr modified the milestones: Server 0.33.0, Server 0.34.0 Jun 2, 2022
@de-jcup de-jcup mentioned this issue Jun 14, 2022
Closed
@de-jcup de-jcup added the epic label Jun 22, 2022
This was referenced Jun 22, 2022
Closed
Open
@de-jcup
Copy link
Member Author

de-jcup commented Jun 22, 2022
edited
Loading

Decided to use Variant A.

But we do this in three steps.

  1. Implement Checkmarx wrapper for PDS usage #1415 (so we can use adapter variant + old variant parallel)
  2. Create checkmarx-pds-solution with Checkmarx-wrapper #1467 (provide a ready to use pds-solution)
  3. Drop Checkmarx product executor + make integration tests work with pds-solution for checkmarx #1416 (wen pds solution works as exxpected, we drop the old approach + change integration tests)

@de-jcup de-jcup mentioned this issue Jul 6, 2022
Closed
@de-jcup de-jcup changed the title Checkmarx product executor must handle data section Remove direct Checkmarx adapter usage - provide only PDS adapter Nov 14, 2022
@sven-dmlr sven-dmlr modified the milestones: Server 1.0.0, Server 1.1.0 Aug 1, 2023
@sven-dmlr sven-dmlr modified the milestones: Server 1.1.0, Server 1.2.0 Aug 14, 2023
@sven-dmlr sven-dmlr modified the milestones: Server 1.2.0, Server 1.3.0 Oct 30, 2023
@sven-dmlr sven-dmlr modified the milestones: Server 1.3.0, Server 1.4.0 Nov 24, 2023
@sven-dmlr sven-dmlr modified the milestones: Server 1.4.0, Server 1.5.0 Jan 4, 2024
@sven-dmlr sven-dmlr modified the milestones: Server 1.7.0, Server 1.8.0 Mar 5, 2024
@sven-dmlr sven-dmlr modified the milestones: Server 1.8.0, Server 1.9.0 Mar 15, 2024
@sven-dmlr sven-dmlr modified the milestones: Server 1.9.0, Server 1.10.0 Apr 30, 2024
@sven-dmlr sven-dmlr modified the milestones: Server 2.0.0, Server 2.1.0 Aug 8, 2024
@sven-dmlr sven-dmlr modified the milestones: Server 2.1.0, Server 2.2.0 Aug 23, 2024
@sven-dmlr sven-dmlr modified the milestones: Server 2.2.0, Server 2.3.0 Sep 6, 2024
@sven-dmlr sven-dmlr modified the milestones: Server 2.3.0, Server 2.4.0 Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@de-jcup de-jcup

Labels
3rd-party-integration checkmarx data enhancement New feature or request epic pds pds-solutions server
Projects
None yet
Milestone
Server 2.4.0
Development

No branches or pull requests
3 participants
@de-jcup @sven-dmlr @haerter-tss