From 14ddc07e825cec22f45b26b91978b65cb4eca1f9 Mon Sep 17 00:00:00 2001 From: itsKedar <37594766+itsKedar@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:19:43 +0530 Subject: [PATCH] Added bitbucket cloud and server git clone (#1370) * Added bitbucket cloud and server git clone * Updated documentation --- docs/Configuration.md | 11 +++++++---- .../java/com/checkmarx/flow/CxFlowRunner.java | 17 ++++++++++++++++- .../flow/config/BitBucketProperties.java | 5 +++++ .../component/batch/BatchComponentSteps.java | 3 ++- .../integration/cli/iast/IastCliSteps.java | 2 ++ 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/docs/Configuration.md b/docs/Configuration.md index ea668f321..ebfeb11fb 100644 --- a/docs/Configuration.md +++ b/docs/Configuration.md @@ -182,7 +182,8 @@ gitlab: bitbucket: webhook-token: XXXXX token: XXXXX - url: https://api.bitbucket.org + url: https://bitbucket.org + api-url: https://api.bitbucket.org api-path: /2.0 false-positive-label: false-positive @@ -911,9 +912,10 @@ azure: ### Bitbucket (Cloud and Server) ```yaml bitbucket: - webhook-token + webhook-token: xxx token: :xxx - url: http://api.bitbucket.org + url: http://bitbucket.org + api-url: http://api.bitbucket.org api-path: /2.0 ``` @@ -921,7 +923,8 @@ bitbucket: |--------------------------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `webhook-token` | | Token used as a shared secret when calling the CxFlow WebHook WebService. It authenticates users for the request. The Bitbucket cloud does not allow for a shared secret, therefore a URL parameter called token, must be provided in this case. | | `token` | | This is the API token with access to the repository with at least Read only access to code and the ability to add comments to pull requests. BitBucket requires the **:** format in the configuration.
`userid:app password`(Format while using BitBucket Cloud)
`userid:password`(Format while using BitBucket Server) | -| `url` | | - [https://api.bitbucket.org](https://api.bitbucket.org) (URL for the Cloud BitBucket)
- [https://api.companyxyzbitbucket](https://api.companyxyzbitbucket) (URL for the BitBucket server is just the server hostname with `api.` prefixed) | +| `api-url` | | - [https://api.bitbucket.org](https://api.bitbucket.org) (URL for the Cloud BitBucket)
- [https://api.companyxyzbitbucket](https://api.companyxyzbitbucket) (URL for the BitBucket server is just the server hostname with `api.` prefixed) | +| `url` | | - [https://bitbucket.org](https://api.bitbucket.org) (URL for the Cloud BitBucket)
- [https://companyxyzbitbucket](https://api.companyxyzbitbucket)(URL for the BitBucket server is just the server hostname) | | `api-path` | | The API URL path (appended to the URL) for BitBucket | | 'scan-submitted-comment` | true | Comment on Merge Request with "Scan submitted (or not submitted) to Checkmarx ...". | diff --git a/src/main/java/com/checkmarx/flow/CxFlowRunner.java b/src/main/java/com/checkmarx/flow/CxFlowRunner.java index e7e452506..546ab446f 100644 --- a/src/main/java/com/checkmarx/flow/CxFlowRunner.java +++ b/src/main/java/com/checkmarx/flow/CxFlowRunner.java @@ -62,6 +62,7 @@ public class CxFlowRunner implements ApplicationRunner { private final FlowProperties flowProperties; private final CxScannerService cxScannerService; private final JiraProperties jiraProperties; + private final BitBucketProperties bitBucketProperties; private final GitHubProperties gitHubProperties; private final GitLabProperties gitLabProperties; private final IastService iastService; @@ -490,7 +491,20 @@ else if (args.containsOption("gitlab") && !ScanUtils.anyEmpty(namespace, repoNam gitAuthUrl = gitAuthUrl.replace(Constants.HTTP, Constants.HTTP_OAUTH2.concat(token).concat("@")); scanRemoteRepo(request, repoUrl, gitAuthUrl, branch, ScanRequest.Repository.GITLAB, args); } else if (args.containsOption("bitbucket") && containsRepoArgs(namespace, repoName, branch)) { - log.warn("Bitbucket git clone scan not implemented"); + + repoUrl = getNonEmptyRepoUrl(namespace, repoName, repoUrl, bitBucketProperties.getGitUri(namespace, repoName)); + String token = bitBucketProperties.getToken(); + gitAuthUrl = repoUrl.replace(Constants.HTTPS, Constants.HTTPS.concat(token).concat("@")); + gitAuthUrl = gitAuthUrl.replace(Constants.HTTP, Constants.HTTP.concat(token).concat("@")); + + scanRemoteRepo(request, repoUrl, gitAuthUrl, branch, ScanRequest.Repository.BITBUCKET, args); + } else if (args.containsOption("bitbucket-server") && containsRepoArgs(namespace, repoName, branch)) { + repoUrl = getNonEmptyRepoUrl(namespace, repoName, repoUrl, bitBucketProperties.getGitUri(namespace, repoName)); + String token = bitBucketProperties.getToken(); + gitAuthUrl = repoUrl.replace(Constants.HTTPS, Constants.HTTPS.concat(token).concat("@")); + gitAuthUrl = gitAuthUrl.replace(Constants.HTTP, Constants.HTTP.concat(token).concat("@")); + + scanRemoteRepo(request, repoUrl, gitAuthUrl, branch, ScanRequest.Repository.BITBUCKETSERVER, args); } else if (args.containsOption("ado") && containsRepoArgs(namespace, repoName, branch)) { if (!args.containsOption(IAST_OPTION)) { if(adoProperties.getProjectName().isEmpty()){ @@ -503,6 +517,7 @@ else if (args.containsOption("gitlab") && !ScanUtils.anyEmpty(namespace, repoNam gitAuthUrl = gitAuthUrl.replace(Constants.HTTP, Constants.HTTP.concat(token).concat("@")); scanRemoteRepo(request, repoUrl, gitAuthUrl, branch, ScanRequest.Repository.ADO, args); } + } } else if (file != null) { scanLocalPath(request, file); diff --git a/src/main/java/com/checkmarx/flow/config/BitBucketProperties.java b/src/main/java/com/checkmarx/flow/config/BitBucketProperties.java index d79ac1536..c601146df 100644 --- a/src/main/java/com/checkmarx/flow/config/BitBucketProperties.java +++ b/src/main/java/com/checkmarx/flow/config/BitBucketProperties.java @@ -28,4 +28,9 @@ public void setApiPath(String apiPath) { public void setIpAddresses(List ipAddresses) { this.ipAddresses = ipAddresses; } + + public String getGitUri(String namespace, String repoName) { + String format = "%s/%s/%s.git"; + return String.format(format, getUrl(), namespace, repoName); + } } diff --git a/src/test/java/com/checkmarx/flow/cucumber/component/batch/BatchComponentSteps.java b/src/test/java/com/checkmarx/flow/cucumber/component/batch/BatchComponentSteps.java index b1f13721b..1a43f539d 100644 --- a/src/test/java/com/checkmarx/flow/cucumber/component/batch/BatchComponentSteps.java +++ b/src/test/java/com/checkmarx/flow/cucumber/component/batch/BatchComponentSteps.java @@ -51,7 +51,7 @@ public class BatchComponentSteps { private final ThresholdValidator thresholdValidator; private final BuildProperties buildProperties; private final PDFProperties pdfProperties; - + private final BitBucketProperties bitBucketProperties; private CxFlowRunner cxFlowRunner; private String projectName; private String teamName; @@ -71,6 +71,7 @@ public void sastClientIsMocked() throws CheckmarxException { cxFlowRunner = new CxFlowRunner(flowProperties, cxScannerService, jiraProperties, + bitBucketProperties, gitHubProperties, gitLabProperties, iastService, diff --git a/src/test/java/com/checkmarx/flow/cucumber/integration/cli/iast/IastCliSteps.java b/src/test/java/com/checkmarx/flow/cucumber/integration/cli/iast/IastCliSteps.java index 86057bd39..0f07126c3 100644 --- a/src/test/java/com/checkmarx/flow/cucumber/integration/cli/iast/IastCliSteps.java +++ b/src/test/java/com/checkmarx/flow/cucumber/integration/cli/iast/IastCliSteps.java @@ -105,6 +105,7 @@ public class IastCliSteps { private final List scanners; private final ThresholdValidator thresholdValidator; private final PDFProperties pdfProperties; + private final BitBucketProperties bitBucketProperties; private String urlRequest; private HttpHeaders headers; @@ -120,6 +121,7 @@ public void mockCliRunner(String scanTag, String bugTracker, String params) { flowProperties, cxScannerService, jiraProperties, + bitBucketProperties, gitHubProperties, gitLabProperties, iastService,