Skip to content

Commit

Permalink
Added bitbucket cloud and server git clone (#1370)
Browse files Browse the repository at this point in the history 
* Added bitbucket cloud and server git clone

* Updated documentation
  • Loading branch information
@itsKedar
itsKedar authored Jul 26, 2024
1 parent b7fb0aa commit 14ddc07
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 6 deletions.
11 changes: 7 additions & 4 deletions docs/Configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,8 @@ gitlab:
bitbucket:
webhook-token: XXXXX
token: XXXXX
url: https://api.bitbucket.org
url: https://bitbucket.org
api-url: https://api.bitbucket.org
api-path: /2.0
false-positive-label: false-positive

Expand Down Expand Up @@ -911,17 +912,19 @@ azure:
### <a name="bitbucket">Bitbucket (Cloud and Server)</a>
```yaml
bitbucket:
webhook-token
webhook-token: xxx
token: <user>:xxx
url: http://api.bitbucket.org
url: http://bitbucket.org
api-url: http://api.bitbucket.org
api-path: /2.0
```

| Configuration | Default | Description |
|--------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `webhook-token` | | Token used as a shared secret when calling the CxFlow WebHook WebService. It authenticates users for the request. The Bitbucket cloud does not allow for a shared secret, therefore a URL parameter called token, must be provided in this case. |
| `token` | | This is the API token with access to the repository with at least Read only access to code and the ability to add comments to pull requests. BitBucket requires the **<user>:<token>** format in the configuration. <br />`userid:app password`(Format while using BitBucket Cloud) <br />`userid:password`(Format while using BitBucket Server) |
| `url` | | - [https://api.bitbucket.org](https://api.bitbucket.org) (URL for the Cloud BitBucket)<br />- [https://api.companyxyzbitbucket](https://api.companyxyzbitbucket) (URL for the BitBucket server is just the server hostname with `api.` prefixed) |
| `api-url` | | - [https://api.bitbucket.org](https://api.bitbucket.org) (URL for the Cloud BitBucket)<br />- [https://api.companyxyzbitbucket](https://api.companyxyzbitbucket) (URL for the BitBucket server is just the server hostname with `api.` prefixed) |
| `url` | | - [https://bitbucket.org](https://api.bitbucket.org) (URL for the Cloud BitBucket)<br />- [https://companyxyzbitbucket](https://api.companyxyzbitbucket)(URL for the BitBucket server is just the server hostname) |
| `api-path` | | The API URL path (appended to the URL) for BitBucket |
| 'scan-submitted-comment` | true | Comment on Merge Request with "Scan submitted (or not submitted) to Checkmarx ...". |

Expand Down
17 changes: 16 additions & 1 deletion src/main/java/com/checkmarx/flow/CxFlowRunner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ public class CxFlowRunner implements ApplicationRunner {
private final FlowProperties flowProperties;
private final CxScannerService cxScannerService;
private final JiraProperties jiraProperties;
private final BitBucketProperties bitBucketProperties;
private final GitHubProperties gitHubProperties;
private final GitLabProperties gitLabProperties;
private final IastService iastService;
Expand Down Expand Up @@ -490,7 +491,20 @@ else if (args.containsOption("gitlab") && !ScanUtils.anyEmpty(namespace, repoNam
gitAuthUrl = gitAuthUrl.replace(Constants.HTTP, Constants.HTTP_OAUTH2.concat(token).concat("@"));
scanRemoteRepo(request, repoUrl, gitAuthUrl, branch, ScanRequest.Repository.GITLAB, args);
} else if (args.containsOption("bitbucket") && containsRepoArgs(namespace, repoName, branch)) {
log.warn("Bitbucket git clone scan not implemented");

repoUrl = getNonEmptyRepoUrl(namespace, repoName, repoUrl, bitBucketProperties.getGitUri(namespace, repoName));
String token = bitBucketProperties.getToken();
gitAuthUrl = repoUrl.replace(Constants.HTTPS, Constants.HTTPS.concat(token).concat("@"));
gitAuthUrl = gitAuthUrl.replace(Constants.HTTP, Constants.HTTP.concat(token).concat("@"));

scanRemoteRepo(request, repoUrl, gitAuthUrl, branch, ScanRequest.Repository.BITBUCKET, args);
} else if (args.containsOption("bitbucket-server") && containsRepoArgs(namespace, repoName, branch)) {
repoUrl = getNonEmptyRepoUrl(namespace, repoName, repoUrl, bitBucketProperties.getGitUri(namespace, repoName));
String token = bitBucketProperties.getToken();
gitAuthUrl = repoUrl.replace(Constants.HTTPS, Constants.HTTPS.concat(token).concat("@"));
gitAuthUrl = gitAuthUrl.replace(Constants.HTTP, Constants.HTTP.concat(token).concat("@"));

scanRemoteRepo(request, repoUrl, gitAuthUrl, branch, ScanRequest.Repository.BITBUCKETSERVER, args);
} else if (args.containsOption("ado") && containsRepoArgs(namespace, repoName, branch)) {
if (!args.containsOption(IAST_OPTION)) {
if(adoProperties.getProjectName().isEmpty()){
Expand All @@ -503,6 +517,7 @@ else if (args.containsOption("gitlab") && !ScanUtils.anyEmpty(namespace, repoNam
gitAuthUrl = gitAuthUrl.replace(Constants.HTTP, Constants.HTTP.concat(token).concat("@"));
scanRemoteRepo(request, repoUrl, gitAuthUrl, branch, ScanRequest.Repository.ADO, args);
}

}
} else if (file != null) {
scanLocalPath(request, file);
Expand Down
5 changes: 5 additions & 0 deletions src/main/java/com/checkmarx/flow/config/BitBucketProperties.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,9 @@ public void setApiPath(String apiPath) {
public void setIpAddresses(List<String> ipAddresses) {
this.ipAddresses = ipAddresses;
}

public String getGitUri(String namespace, String repoName) {
String format = "%s/%s/%s.git";
return String.format(format, getUrl(), namespace, repoName);
}
}
3 changes: 2 additions & 1 deletion src/test/java/com/checkmarx/flow/cucumber/component/batch/BatchComponentSteps.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ public class BatchComponentSteps {
private final ThresholdValidator thresholdValidator;
private final BuildProperties buildProperties;
private final PDFProperties pdfProperties;

private final BitBucketProperties bitBucketProperties;
private CxFlowRunner cxFlowRunner;
private String projectName;
private String teamName;
Expand All @@ -71,6 +71,7 @@ public void sastClientIsMocked() throws CheckmarxException {
cxFlowRunner = new CxFlowRunner(flowProperties,
cxScannerService,
jiraProperties,
bitBucketProperties,
gitHubProperties,
gitLabProperties,
iastService,
Expand Down
2 changes: 2 additions & 0 deletions src/test/java/com/checkmarx/flow/cucumber/integration/cli/iast/IastCliSteps.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ public class IastCliSteps {
private final List<VulnerabilityScanner> scanners;
private final ThresholdValidator thresholdValidator;
private final PDFProperties pdfProperties;
private final BitBucketProperties bitBucketProperties;

private String urlRequest;
private HttpHeaders headers;
Expand All @@ -120,6 +121,7 @@ public void mockCliRunner(String scanTag, String bugTracker, String params) {
flowProperties,
cxScannerService,
jiraProperties,
bitBucketProperties,
gitHubProperties,
gitLabProperties,
iastService,
Expand Down

0 comments on commit 14ddc07

Please sign in to comment.