diff --git a/src/main/wrapper/CxConstants.ts b/src/main/wrapper/CxConstants.ts index 4a71554..3f9450f 100644 --- a/src/main/wrapper/CxConstants.ts +++ b/src/main/wrapper/CxConstants.ts @@ -1,4 +1,5 @@ export enum CxConstants { + VULNERABILITIES = "--vulnerability-identifiers", IGNORE__FILE_PATH = "--ignored-file-path", SOURCE = "-s", VERBOSE = "-v", diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts index d5eab11..c271e18 100644 --- a/src/main/wrapper/CxWrapper.ts +++ b/src/main/wrapper/CxWrapper.ts @@ -298,6 +298,34 @@ export class CxWrapper { return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE); } + async triageSCAShow(projectId: string, vulnerabilities: string, scanType: string): Promise { + const commands: string[] = [ + CxConstants.CMD_TRIAGE, + CxConstants.SUB_CMD_SHOW, + CxConstants.SCAN_TYPES_SUB_CMD, scanType, + CxConstants.VULNERABILITIES, vulnerabilities, + CxConstants.PROJECT_ID, projectId + ]; + commands.push(...this.initializeCommands(true)); + const exec = new ExecutionService(); + return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.PREDICATE_TYPE); + } + + async triageSCAUpdate(projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string): Promise { + const commands: string[] = [ + CxConstants.CMD_TRIAGE, + CxConstants.SUB_CMD_UPDATE, + CxConstants.SCAN_TYPES_SUB_CMD, scanType, + CxConstants.VULNERABILITIES, vulnerabilities, + CxConstants.STATE, state, + CxConstants.COMMENT, comment, + CxConstants.PROJECT_ID, projectId + ]; + commands.push(...this.initializeCommands(false)); + const exec = new ExecutionService(); + return await exec.executeCommands(this.config.pathToExecutable, commands); + } + async triageUpdate(projectId: string, similarityId: string, scanType: string, state: string, comment: string, severity: string, stateId: number | null = null): Promise { const commands: string[] = [CxConstants.CMD_TRIAGE, CxConstants.SUB_CMD_UPDATE, CxConstants.PROJECT_ID, projectId, CxConstants.SIMILARITY_ID, similarityId, CxConstants.SCAN_TYPES_SUB_CMD, scanType, CxConstants.STATE, state, CxConstants.COMMENT, comment, CxConstants.SEVERITY, severity]; if (stateId) { diff --git a/src/tests/PredicateTest.test.ts b/src/tests/PredicateTest.test.ts index ffa7b70..a9e977d 100644 --- a/src/tests/PredicateTest.test.ts +++ b/src/tests/PredicateTest.test.ts @@ -39,6 +39,19 @@ describe("Triage cases", () => { ); expect(cxUpdate.exitCode).toEqual(0); }; + + // Helper for SCA triage show + const handleTriageSCAShow = async (projectId: string, vulnerabilities: string, scanType: string) => { + const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType); + expect(cxShow.exitCode).toEqual(0); + }; + + // Helper for SCA triage update + const handleTriageSCAUpdate = async (projectId: string, vulnerabilities: string, scanType: string, state: string, comment: string) => { + const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment); + expect(cxUpdate.exitCode).toEqual(0); + }; + const handlegetStates = async () => { const cxCommandOutput: CxCommandOutput = await auth.triageGetStates(false); console.log("Json object from states successful case: " + JSON.stringify(cxCommandOutput)); @@ -47,12 +60,57 @@ describe("Triage cases", () => { return cxCommandOutput }; + it('SCA Triage Show and Update Successful case', async () => { + const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8"; + const vulnerabilities = "packagename=Maven-org.apache.tomcat.embed:tomcat-embed-core,packageversion=9.0.14,vulnerabilityId=CVE-2024-56337,packagemanager=maven"; + const scanType = "sca"; + const state = "To_verify"; + const comment = "comment1"; + await handleTriageSCAShow(projectId, vulnerabilities, scanType); + await handleTriageSCAUpdate(projectId, vulnerabilities, scanType, state, comment); + }); + + it('SCA Triage Show and Update Failure case', async () => { + const projectId = "invalid-project-id"; + const vulnerabilities = "invalid-vulnerability-string"; + const scanType = "invalid"; + const state = "invalid_state"; + const comment = "invalid_comment"; + + const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType); + expect(cxShow.exitCode).not.toEqual(0); + + const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment); + expect(cxUpdate.exitCode).not.toEqual(0); + }); + + it('SCA Triage Show and Update with empty vulnerabilities', async () => { + const projectId = "d4d7f382-8dee-48c7-ac8f-67fab2c313a8"; + const vulnerabilities = ""; + const scanType = "sca"; + const state = "To_verify"; + const comment = "comment1"; + const cxShow: CxCommandOutput = await auth.triageSCAShow(projectId, vulnerabilities, scanType); + expect(cxShow.exitCode).not.toEqual(0); + + const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(projectId, vulnerabilities, scanType, state, comment); + expect(cxUpdate.exitCode).not.toEqual(0); + }); + + it('SCA Triage Show and Update with null/undefined arguments', async () => { + const cxShow: CxCommandOutput = await auth.triageSCAShow(undefined, undefined, undefined); + expect(cxShow.exitCode).not.toEqual(0); + const cxUpdate: CxCommandOutput = await auth.triageSCAUpdate(undefined, undefined, undefined, undefined, undefined); + expect(cxUpdate.exitCode).not.toEqual(0); + }); + it('Triage Successful case', async () => { const { scan, result } = await getScanAndResult(); await handleTriageShow(scan, result); await handleTriageUpdate(scan, result, result.state, result.severity.toLowerCase() === "high" ? CxConstants.SEVERITY_MEDIUM : CxConstants.SEVERITY_HIGH); }); + it.skip('Triage with custom state Successful case', async () => { const { scan, result } = await getScanAndResult();