Added mapping labels capability like Jira (#1385)

* Added mapping labels capability like Jira * Update GitLabIssueTracker.java
checkmarx-ltd · Oct 3, 2024 · f678dfc · f678dfc
1 parent 6c895e0
commit f678dfc
Show file tree

Hide file tree

Showing 7 changed files with 702 additions and 18 deletions.
diff --git a/docs/Bug-Trackers-and-Feedback-Channels.md b/docs/Bug-Trackers-and-Feedback-Channels.md
@@ -497,14 +497,48 @@ azure:
 ## <a name="gitlab">GitLab Issues</a>
 * GitLab Issues leverages the same configuration as specified for WebHook listeners → API token (**token**) and valid urls are required
 
-```
+```yaml
 gitlab:
    webhook-token: XXXX
    token: xxx
    url: https://gitlab.com
    api-url: https://gitlab.com/api/v4/
    false-positive-label: false-positive
    block-merge: true
+   fields:
+    - type: result
+      name: application
+    - type: result
+      name: project
+```
+#### <a name="gitlabfields">Fields</a>
+Every value mentioned in fields will be added in Labels.
+* **type**
+  * **cx-scan**: Used to map specific Checkmarx Scan Custom Field values
+  * **cx-sca**: Used to map specific Checkmarx SCA Scan tags values
+  * **static**: Used for static values (specifically requires a default-value to be provided)
+  * **result**: Used to map known values from Checkmarx results or repository/scan request details.  Refer to the Result values below.
+
+* **name**: If cx-scan or cx-sca reflects the type, it is the name of the custom field within Checkmarx SAST or key of tag in case o SCA
+* **default-value** Static value if no value can be determined for the respective field (Optional)
+* If **result** is provided as type, the name must be one of the following:
+
+```
+application - Command line option --app
+project - Command line option --cx-project
+namespace - Command line option --namespace
+repo-name - Command line option --repo-name
+repo-url - Command line option --repo-url
+branch - Command line option --branch
+severity - Severity of issue in Checkmarx
+category - Category of issue in Checkmarx
+cwe - CWE of issue in Checkmarx
+recommendation - Recommendation details based on Mitre/Custom Wiki
+loc - csv of lines of code
+issue-link - Direct link to issue within Checkmarx
+filename - Filename provided by Checkmarx issue
+language - Language provided by Checkmarx issue
+similarity-id - Cx Similarity ID
 ```
 [[/Images/bug2.png|Screenshot of GitLab issue]]
 
@@ -591,6 +625,40 @@ github:
    api-url: https://api.github.com/repos/
    false-positive-label: false-positive
    block-merge: true
+   fields:
+    - type: result
+      name: application
+    - type: result
+      name: project
+```
+#### <a name="githubfields">Fields</a>
+Every value mentioned in fields will be added in Labels.
+* **type**
+  * **cx-scan**: Used to map specific Checkmarx Scan Custom Field values
+  * **cx-sca**: Used to map specific Checkmarx SCA Scan tags values
+  * **static**: Used for static values (specifically requires a default-value to be provided)
+  * **result**: Used to map known values from Checkmarx results or repository/scan request details.  Refer to the Result values below.
+
+* **name**: If cx-scan or cx-sca reflects the type, it is the name of the custom field within Checkmarx SAST or key of tag in case o SCA
+* **default-value** Static value if no value can be determined for the respective field (Optional)
+* If **result** is provided as type, the name must be one of the following:
+
+```
+application - Command line option --app
+project - Command line option --cx-project
+namespace - Command line option --namespace
+repo-name - Command line option --repo-name
+repo-url - Command line option --repo-url
+branch - Command line option --branch
+severity - Severity of issue in Checkmarx
+category - Category of issue in Checkmarx
+cwe - CWE of issue in Checkmarx
+recommendation - Recommendation details based on Mitre/Custom Wiki
+loc - csv of lines of code
+issue-link - Direct link to issue within Checkmarx
+filename - Filename provided by Checkmarx issue
+language - Language provided by Checkmarx issue
+similarity-id - Cx Similarity ID
 ```
 [[/Images/bug4.png|Screenshot of GitHub issue]]
 

diff --git a/docs/Configuration.md b/docs/Configuration.md
@@ -838,6 +838,11 @@ github:
   max-delay : <minimum value should be 3>
   comment-update: false
   zero-vulnerability-summary: true
+  fields:
+    - type: result
+      name: application
+    - type: result
+      name: project
 ```
 
 | Configuration                | Default        | Description                                                                                                                                                                                                       |
@@ -853,8 +858,10 @@ github:
 | `max-delay`                  |                | When Secondary rate limit is hit, it will delay each API call for issue creation(Mininum value should be 3)                                                                                                       |
 | `comment-update`             | true           | if false, will create a new comment for every scan                                                                                                                                                                |
 | `zero-vulnerability-summary` | false          | if true, will not comment in PR decoration any details for scans as vulnerabilities are zero.                                                                                                                     |
+| `fields`                     |                | Refer page: [Bug-Trackers-and-Feedback-Channels Chapter Github Fields](https://github.com/checkmarx-ltd/cx-flow/wiki/Bug-Trackers-and-Feedback-Channels#githubfields)                                             |
 **Note**: A service account is required with access to the repositories that will be scanned, pull requests that will be commented on, and GitHub issues that will be created/updated.
 
+
 ### <a name="gitlab">GitLab</a>
 ```yaml
 gitlab:
@@ -866,6 +873,11 @@ gitlab:
   block-merge: true
   comment-update: false
   zero-vulnerability-summary: true
+  fields:
+    - type: result
+      name: application
+    - type: result
+      name: project
 ```
 
 | Configuration                | Default        | Description                                                                                                                                                                         |
@@ -879,6 +891,7 @@ gitlab:
 | `scan-submitted-comment`     | true           | Comment on Merge Request with "Scan submitted (or not submitted) to Checkmarx ...".                                                                                                 |
 | `comment-update`             | true           | if false, will create a new comment for every scan                                                                                                                                  |
 | `zero-vulnerability-summary` | false          | if true, will not comment in PR decoration any details for scans as vulnerabilities are zero.                                                                                       |
+| `fields`                     |                | Refer page: [Bug-Trackers-and-Feedback-Channels Chapter Gitlab Fields](https://github.com/checkmarx-ltd/cx-flow/wiki/Bug-Trackers-and-Feedback-Channels#gitlabfields)               |
 
 **Note**: A service account is required with access to the repositories that are going to be scanned, pull requests that are commented on, and GitLab issues that are created/updated.
 

diff --git a/src/main/java/com/checkmarx/flow/config/GitHubProperties.java b/src/main/java/com/checkmarx/flow/config/GitHubProperties.java
@@ -1,11 +1,14 @@
 package com.checkmarx.flow.config;
 
+import com.checkmarx.flow.dto.Field;
+import com.checkmarx.flow.dto.LabelField;
 import lombok.Getter;
 import lombok.Setter;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.annotation.Validated;
 
+import java.util.List;
 import java.util.Map;
 
 @Component
@@ -40,6 +43,13 @@ public class GitHubProperties extends RepoProperties {
     @Setter
     private Map<FindingSeverity,String> issueslabel;
 
+    @Getter
+    @Setter
+    private boolean commentUpdate =true;
+    @Getter
+    @Setter
+    private List<LabelField> fields;
+
 
     public String getMergeNoteUri(String namespace, String repo, String mergeId){
         String format = "%s/%s/%s/issues/%s/comments";

diff --git a/src/main/java/com/checkmarx/flow/config/GitLabProperties.java b/src/main/java/com/checkmarx/flow/config/GitLabProperties.java
@@ -1,11 +1,13 @@
 package com.checkmarx.flow.config;
 
+import com.checkmarx.flow.dto.LabelField;
 import lombok.Getter;
 import lombok.Setter;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.annotation.Validated;
 
+import java.util.List;
 import java.util.Map;
 
 @Component
@@ -30,7 +32,9 @@ public class GitLabProperties extends RepoProperties {
     @Getter
     @Setter
     private boolean commentUpdate =true;
-
+    @Getter
+    @Setter
+    private List<LabelField> fields;
 
 
     public String getGitUri(String namespace, String repo){