From 3fff337706ba54df1ba9143a8c5f2566c69ece06 Mon Sep 17 00:00:00 2001 From: mattmurp Date: Tue, 11 Jun 2024 16:38:22 -0400 Subject: [PATCH] V4 update (#38) * update to ASoC v4 api * fix filter --- src/asoc.js | 7 ++++--- src/constants.js | 12 ++++++------ test/testResultsProcessor.js | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 9 deletions(-) create mode 100644 test/testResultsProcessor.js diff --git a/src/asoc.js b/src/asoc.js index 910f0ba..97c8c58 100644 --- a/src/asoc.js +++ b/src/asoc.js @@ -1,5 +1,5 @@ /* -Copyright 2022, 2023 HCL America, Inc. +Copyright 2022, 2024 HCL America, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -63,11 +63,12 @@ function getScanResults(scanId) { function getNonCompliantIssues(scanId) { return new Promise((resolve, reject) => { - let url = settings.getServiceUrl() + constants.API_SCAN_COUNT_BY_SEVERITY + scanId + '?applyPolicies=All'; + let queryString = '?applyPolicies=All&%24top=100&%24apply=filter%28Status%20eq%20%27Open%27%20or%20Status%20eq%20%27InProgress%27%20or%20Status%20eq%20%27Reopened%27%20or%20Status%20eq%20%27New%27%29%2Fgroupby%28%28Severity%29%2Caggregate%28%24count%20as%20Count%29%29'; + let url = settings.getServiceUrl() + constants.API_ISSUES + scanId + queryString; got.get(url, { headers: getRequestHeaders(), retry: { limit: 3, methods: ['GET', 'POST'] } }) .then((response) => { let responseJson = JSON.parse(response.body); - return resultProcessor.processResults(responseJson); + return resultProcessor.processResults(responseJson.Items); }) .then((result) => { resolve(result); diff --git a/src/constants.js b/src/constants.js index 5175476..00fe9e3 100644 --- a/src/constants.js +++ b/src/constants.js @@ -1,5 +1,5 @@ /* -Copyright 2022, 2023 HCL America, Inc. +Copyright 2022, 2024 HCL America, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,19 +14,19 @@ See the License for the specific language governing permissions and limitations under the License. */ -const CURRENT_VERSION = '1.0.3'; +const CURRENT_VERSION = '1.0.4'; const _CURRENT_VERSION = CURRENT_VERSION; export { _CURRENT_VERSION as CURRENT_VERSION }; //Service url and endpoints: const _SERVICE_URL = 'https://cloud.appscan.com'; export { _SERVICE_URL as SERVICE_URL }; -const _SACLIENT_PATH = '/api/SCX/StaticAnalyzer/SAClientUtil?os='; +const _SACLIENT_PATH = '/api/v4/Tools/SAClientUtil?os='; export { _SACLIENT_PATH as SACLIENT_PATH }; -const _API_LOGIN = '/api/V2/Account/ApiKeyLogin'; +const _API_LOGIN = '/api/v4/Account/ApiKeyLogin'; export { _API_LOGIN as API_LOGIN }; -const _API_SCAN_COUNT_BY_SEVERITY = '/api/v2/Issues/CountBySeverity/scan/'; -export { _API_SCAN_COUNT_BY_SEVERITY as API_SCAN_COUNT_BY_SEVERITY }; +const _API_ISSUES = '/api/v4/Issues/Scan/'; +export { _API_ISSUES as API_ISSUES }; const _CLIENT_TYPE = 'github-sast'; export { _CLIENT_TYPE as CLIENT_TYPE }; diff --git a/test/testResultsProcessor.js b/test/testResultsProcessor.js new file mode 100644 index 0000000..d5a59b9 --- /dev/null +++ b/test/testResultsProcessor.js @@ -0,0 +1,36 @@ +import resultProcessor from '../src/resultProcessor.js'; + +let jsonString ='\ +{\ + "Items": [\ + {\ + "Severity": "Informational",\ + "Count": 1\ + },\ + {\ + "Severity": "Low",\ + "Count": 1\ + },\ + {\ + "Severity": "Medium",\ + "Count": 28\ + },\ + {\ + "Severity": "High",\ + "Count": 93\ + },\ + {\ + "Severity": "Critical",\ + "Count": 1\ + }\ + ]\ +}' + +let responseJson = JSON.parse(jsonString); +resultProcessor.processResults(responseJson.Items) +.then((result)=> { + console.log(result); +}) +.catch((error) => { + console.log(error); +})