public static ScanSummary GetReport(CxRestContext ctx, CancellationToken token,
String scanId)
{
try
{
String url = CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX, new Dictionary <String, String>()
{
{ "scanId", Convert.ToString(scanId) }
});
using (var client = ctx.Json.CreateSastClient())
using (var scanSummary = client.GetAsync(url, token).Result)
{
if (!scanSummary.IsSuccessStatusCode)
{
throw new InvalidOperationException(scanSummary.ReasonPhrase);
}
using (var sr = new StreamReader
(scanSummary.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(ParseScanSummary(jt));
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static ViolatedPolicyCollection GetViolations(CxRestContext ctx,
CancellationToken token, int projectId, PolicyCollection policies)
{
try
{
using (var client = ctx.Json.CreateMnoClient())
using (var violationsPayload = client.GetAsync(CxRestContext.MakeUrl(ctx.MnoUrl,
String.Format(URL_SUFFIX, projectId)), token).Result)
{
if (!violationsPayload.IsSuccessStatusCode)
{
throw new InvalidOperationException
($"Unable to retrieve rule violations for project {projectId}.");
}
using (var sr = new StreamReader
(violationsPayload.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(ParseViolatedRules(policies, projectId, jt));
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static String GetGeneratedReportId(CxRestContext ctx, CancellationToken token,
String scanId, ReportTypes type)
{
var dict = new Dictionary <String, String>()
{
{ "reportType", type.ToString() },
{ "scanId", scanId }
};
return(WebOperation.ExecutePost <String>(
ctx.Json.CreateSastClient
, (response) =>
{
using (var sr = new StreamReader(response.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return ReadReportId(jt);
}
}
, CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX)
, () => new FormUrlEncodedContent(dict)
, ctx
, token));
}
public static PolicyCollection GetAllPolicies(CxRestContext ctx,
CancellationToken token)
{
try
{
using (var client = ctx.Json.CreateMnoClient())
using (var policyPayload = client.GetAsync(CxRestContext.MakeUrl(ctx.MnoUrl,
POLICY_LIST_URL_SUFFIX), token).Result)
{
if (!policyPayload.IsSuccessStatusCode)
{
throw new InvalidOperationException
("Unable to retrieve policies.");
}
JToken jt = JToken.Load(new JsonTextReader(new StreamReader
(policyPayload.Content.ReadAsStreamAsync().Result)));
return(ParsePolicies(ctx, token, jt));
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static Stream GetVulnerabilities(CxRestContext ctx,
CancellationToken token, String reportId)
{
return(WebOperation.ExecuteGet <Stream>(
ctx.Xml.CreateSastClient
, (response) =>
{
var report = response.Content.ReadAsStreamAsync().Result;
var mem = new SharedMemoryStream(response.Content.Headers.ContentLength.Value);
int readAmount = 0;
byte[] buffer = new byte[BUFFER_SIZE];
do
{
readAmount = report.Read(buffer, 0, BUFFER_SIZE);
mem.Write(buffer, 0, readAmount);
if (readAmount < BUFFER_SIZE)
{
mem.Seek(0, SeekOrigin.Begin);
}
} while (readAmount == BUFFER_SIZE);
return mem;
}
, CxRestContext.MakeUrl(ctx.Url, String.Format(URL_SUFFIX, reportId))
, ctx
, token));
}
public static IEnumerable <int> GetPolicyIdsForProject(CxRestContext ctx,
CancellationToken token, int projectId)
{
try
{
using (var client = ctx.Json.CreateMnoClient())
using (var policyPayload = client.GetAsync(CxRestContext.MakeUrl(ctx.MnoUrl,
String.Format(PROJECT_POLICY_URL_SUFFIX, projectId)), token).Result)
{
if (!policyPayload.IsSuccessStatusCode)
{
throw new InvalidOperationException
($"Unable to retrieve policies for project {projectId}.");
}
JToken jt = JToken.Load(new JsonTextReader(new StreamReader
(policyPayload.Content.ReadAsStreamAsync().Result)));
LinkedList <int> policyIds = new LinkedList <int>();
using (JTokenReader reader = new JTokenReader(jt))
while (JsonUtils.MoveToNextProperty(reader, "id"))
{
policyIds.AddLast(Convert.ToInt32(((JProperty)reader.CurrentToken).Value));
}
return(policyIds);
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static GenStatus GetReportGenerationStatus(CxRestContext ctx,
CancellationToken token, String reportId)
{
try
{
using (var client = ctx.Json.CreateSastClient())
{
using (var scanReportStatus = client.GetAsync(
CxRestContext.MakeUrl(ctx.Url,
String.Format(URL_SUFFIX, reportId)), token).Result)
{
if (!scanReportStatus.IsSuccessStatusCode)
{
return(GenStatus.None);
}
using (var sr = new StreamReader
(scanReportStatus.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(ReadStatus(jt));
}
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static PolicyCollection GetAllPolicies(CxRestContext ctx,
CancellationToken token)
{
return(WebOperation.ExecuteGet <PolicyCollection>(
ctx.Json.CreateMnoClient
, (response) =>
{
JToken jt = JToken.Load(new JsonTextReader(new StreamReader
(response.Content.ReadAsStreamAsync().Result)));
return ParsePolicies(ctx, token, jt);
}
, CxRestContext.MakeUrl(ctx.MnoUrl, POLICY_LIST_URL_SUFFIX)
, ctx
, token
, exceptionErrorLogic: (ex) =>
{
if (ex is System.AggregateException)
{
foreach (var x in (ex as System.AggregateException).InnerExceptions)
{
if (x is System.Net.Http.HttpRequestException)
{
return false;
}
}
}
return true;
}));
}
public static IEnumerable <Project> GetProjects(CxRestContext ctx, CancellationToken token)
{
try
{
using (var client = ctx.Json.CreateSastClient())
using (var projects = client.GetAsync(
CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX), token).Result)
{
if (token.IsCancellationRequested)
{
return(null);
}
if (!projects.IsSuccessStatusCode)
{
throw new InvalidOperationException(projects.ReasonPhrase);
}
using (var sr = new StreamReader
(projects.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(new ProjectReader(jt, ctx, token));
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static IEnumerable <RuleDescriptor> GetRulesForPolicy(CxRestContext ctx,
CancellationToken token, int policyId)
{
try
{
using (var client = ctx.Json.CreateMnoClient())
using (var rulePayload = client.GetAsync(CxRestContext.MakeUrl(ctx.MnoUrl,
String.Format(URL_SUFFIX, policyId)), token).Result)
{
if (!rulePayload.IsSuccessStatusCode)
{
throw new InvalidOperationException
($"Unable to retrieve rules for policy {policyId}.");
}
using (var sr = new StreamReader
(rulePayload.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(ParseRules(ctx, token, jt));
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static IEnumerable <Library> GetLibraries(CxRestContext ctx, CancellationToken token,
String scanId)
{
int curPage = 1;
List <Library> returnLibs = new List <Library>();
try
{
Func <int, String> url = (pg) => CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX, new Dictionary <String, String>()
{
{ "scanId", Convert.ToString(scanId) },
{ "page", Convert.ToString(pg) },
{ "itemsPerPage", PAGE_SIZE }
});
while (true)
{
using (var client = ctx.Json.CreateSastClient())
using (var libraryResponse = client.GetAsync(url(curPage++), token).Result)
{
if (token.IsCancellationRequested)
{
return(null);
}
if (!libraryResponse.IsSuccessStatusCode)
{
throw new InvalidOperationException(libraryResponse.ReasonPhrase);
}
using (var sr = new StreamReader
(libraryResponse.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
var beforeCount = returnLibs.Count;
returnLibs.AddRange(new LibrariesReader(jt));
if (returnLibs.Count == beforeCount)
{
break;
}
}
}
}
return(returnLibs);
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static bool CalculateViolations(CxRestContext ctx,
CancellationToken token, int projectId)
{
return(WebOperation.ExecutePost <bool>(
ctx.Json.CreateMnoClient
, (response) => response.StatusCode == HttpStatusCode.Created
, CxRestContext.MakeUrl(ctx.MnoUrl, String.Format(URL_SUFFIX, projectId))
, null
, ctx
, token));
}
public static bool CalculateViolations(CxRestContext ctx,
CancellationToken token, int projectId)
{
try
{
using (var client = ctx.Json.CreateMnoClient())
using (var calculationResponse = client.PostAsync(CxRestContext.MakeUrl(ctx.MnoUrl,
String.Format(URL_SUFFIX, projectId)), null, token).Result)
return(calculationResponse.StatusCode == HttpStatusCode.Created);
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static String GetProjectPoliciesSingleField(CxRestContext ctx,
CancellationToken token, int projectId)
{
return(WebOperation.ExecuteGet <String>(
ctx.Json.CreateMnoClient
, (response) =>
{
JToken jt = JToken.Load(new JsonTextReader(new StreamReader
(response.Content.ReadAsStreamAsync().Result)));
return GetFlatPolicyNames(jt);
}
, CxRestContext.MakeUrl(ctx.MnoUrl, String.Format(PROJECT_POLICY_URL_SUFFIX, projectId))
, ctx
, token));
}
public static IEnumerable <Vulnerability> GetVulnerabilities
(CxRestContext ctx, CancellationToken token, String scanId)
{
int curPage = 1;
List <Vulnerability> returnVulns = new List <Vulnerability>();
Func <int, String> url = (pg) => CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX, new Dictionary <String, String>()
{
{ "scanId", Convert.ToString(scanId) },
{ "page", Convert.ToString(pg) },
{ "itemsPerPage", PAGE_SIZE }
});
while (true)
{
if (token.IsCancellationRequested)
{
return(null);
}
var beforeCount = returnVulns.Count;
returnVulns.AddRange(WebOperation.ExecuteGet <IEnumerable <Vulnerability> >(
ctx.Json.CreateSastClient
, (response) =>
{
using (var sr = new StreamReader(response.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(new VulnerabilityReader(jt));
}
}
, url(curPage++)
, ctx
, token));
if (returnVulns.Count == beforeCount)
{
break;
}
}
return(returnVulns);
}
public static IEnumerable <Preset> GetPresets(CxRestContext ctx, CancellationToken token)
{
return(WebOperation.ExecuteGet <PresetReader>(
ctx.Json.CreateSastClient
, (response) =>
{
using (var sr = new StreamReader(response.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return new PresetReader(jt);
}
}
, CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX)
, ctx
, token));
}
public static IEnumerable <Scan> GetScans(CxRestContext ctx, CancellationToken token,
int projectId)
{
try
{
String url = CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX, new Dictionary <String, String>()
{
{ "projectId", Convert.ToString(projectId) },
{ "itemsPerPage", "5000" }
});
using (var client = ctx.Json.CreateSastClient())
using (var scans = client.GetAsync(url, token).Result)
{
if (token.IsCancellationRequested)
{
return(null);
}
// If no OSA license, result is 403. Return an empty set of scans.
if (scans.StatusCode == System.Net.HttpStatusCode.Forbidden)
{
return(new ScansReader());
}
if (!scans.IsSuccessStatusCode)
{
throw new InvalidOperationException(scans.ReasonPhrase);
}
using (var sr = new StreamReader
(scans.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(new ScansReader(jt, projectId));
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static GenStatus GetReportGenerationStatus(CxRestContext ctx,
CancellationToken token, String reportId)
{
return(WebOperation.ExecuteGet <GenStatus>(
ctx.Json.CreateSastClient
, (response) =>
{
using (var sr = new StreamReader(response.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return ReadStatus(jt);
}
}
, CxRestContext.MakeUrl(ctx.Url, String.Format(URL_SUFFIX, reportId))
, ctx
, token));
}
public static ViolatedPolicyCollection GetViolations(CxRestContext ctx,
CancellationToken token, int projectId, PolicyCollection policies)
{
return(WebOperation.ExecuteGet <ViolatedPolicyCollection>(
ctx.Json.CreateMnoClient
, (response) =>
{
using (var sr = new StreamReader(response.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return ParseViolatedRules(policies, projectId, jt);
}
}
, CxRestContext.MakeUrl(ctx.MnoUrl, String.Format(URL_SUFFIX, projectId))
, ctx
, token));
}
public static IEnumerable <RuleDescriptor> GetRulesForPolicy(CxRestContext ctx,
CancellationToken token, int policyId)
{
return(WebOperation.ExecuteGet <IEnumerable <RuleDescriptor> >(
ctx.Json.CreateMnoClient
, (response) =>
{
using (var sr = new StreamReader(response.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return ParseRules(ctx, token, jt);
}
}
, CxRestContext.MakeUrl(ctx.MnoUrl, String.Format(URL_SUFFIX, policyId))
, ctx
, token));
}
public static ScanSettings GetScanSettings(CxRestContext ctx, CancellationToken token, int projectId)
{
String restUrl = CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX);
return(WebOperation.ExecuteGet <ScanSettings>(
ctx.Json.CreateSastClient
, (response) =>
{
using (var sr = new StreamReader(response.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return new ScanSettings(jt);
}
}
, CxRestContext.MakeUrl(restUrl, Convert.ToString(projectId))
, ctx
, token));
}
public static String GetGeneratedReportId(CxRestContext ctx, CancellationToken token,
String scanId, ReportTypes type)
{
try
{
using (var client = ctx.Json.CreateSastClient())
{
var dict = new Dictionary <String, String>()
{
{ "reportType", type.ToString() },
{ "scanId", scanId }
};
using (var payload = new FormUrlEncodedContent(dict))
{
using (var scanReportTicket = client.PostAsync(
CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX), payload, token).Result)
{
if (!scanReportTicket.IsSuccessStatusCode)
{
throw new InvalidOperationException
($"Scan report generation request for scan {scanId} returned " +
$"{scanReportTicket.StatusCode}");
}
using (var sr = new StreamReader
(scanReportTicket.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(ReadReportId(jt));
}
}
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static String GetProjectPoliciesSingleField(CxRestContext ctx,
CancellationToken token, int projectId)
{
using (var client = ctx.Json.CreateMnoClient())
{
using (var policyPayload = client.GetAsync(CxRestContext.MakeUrl(ctx.MnoUrl,
String.Format(PROJECT_POLICY_URL_SUFFIX, projectId)), token).Result)
{
if (!policyPayload.IsSuccessStatusCode)
{
throw new InvalidOperationException
($"Unable to retrieve policies for project {projectId}.");
}
JToken jt = JToken.Load(new JsonTextReader(new StreamReader
(policyPayload.Content.ReadAsStreamAsync().Result)));
return(GetFlatPolicyNames(jt));
}
}
}
public static IEnumerable <License> GetLicenses(CxRestContext ctx, CancellationToken token,
String scanId)
{
try
{
String url = CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX, new Dictionary <String, String>()
{
{ "scanId", Convert.ToString(scanId) }
});
using (var client = ctx.Json.CreateSastClient())
using (var licenses = client.GetAsync(url, token).Result)
{
if (token.IsCancellationRequested)
{
return(null);
}
if (!licenses.IsSuccessStatusCode)
{
throw new InvalidOperationException(licenses.ReasonPhrase);
}
using (var sr = new StreamReader
(licenses.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(new LicensesReader(jt));
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static ScanSummary GetReport(CxRestContext ctx, CancellationToken token,
String scanId)
{
String url = CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX, new Dictionary <String, String>()
{
{ "scanId", Convert.ToString(scanId) }
});
return(WebOperation.ExecuteGet <ScanSummary>(
ctx.Json.CreateSastClient
, (response) =>
{
using (var sr = new StreamReader(response.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return ParseScanSummary(jt);
}
}
, url
, ctx
, token));
}
public static ScanSettings GetScanSettings(CxRestContext ctx, CancellationToken token, int projectId)
{
try
{
String restUrl = CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX);
using (var client = ctx.Json.CreateSastClient())
using (var settings = client.GetAsync(CxRestContext.MakeUrl(restUrl,
Convert.ToString(projectId)), token).Result)
{
if (token.IsCancellationRequested)
{
return(null);
}
if (!settings.IsSuccessStatusCode)
{
throw new InvalidOperationException(settings.ReasonPhrase);
}
using (var sr = new StreamReader
(settings.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(new ScanSettings(jt));
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
}
public static IEnumerable <int> GetPolicyIdsForProject(CxRestContext ctx,
CancellationToken token, int projectId)
{
return(WebOperation.ExecuteGet <IEnumerable <int> >(
ctx.Json.CreateMnoClient
, (response) =>
{
JToken jt = JToken.Load(new JsonTextReader(new StreamReader
(response.Content.ReadAsStreamAsync().Result)));
LinkedList <int> policyIds = new LinkedList <int>();
using (JTokenReader reader = new JTokenReader(jt))
while (JsonUtils.MoveToNextProperty(reader, "id"))
{
policyIds.AddLast(Convert.ToInt32(((JProperty)reader.CurrentToken).Value));
}
return policyIds;
}
, CxRestContext.MakeUrl(ctx.MnoUrl, String.Format(PROJECT_POLICY_URL_SUFFIX, projectId))
, ctx
, token));
}
public static IEnumerable <Scan> GetScans(CxRestContext ctx, CancellationToken token,
int projectId)
{
int curPage = 1;
List <Scan> osaScans = new List <Scan>();
Func <int, String> url = (pg) => CxRestContext.MakeUrl(ctx.Url, URL_SUFFIX, new Dictionary <String, String>()
{
{ "projectId", Convert.ToString(projectId) },
{ "page", Convert.ToString(pg) },
{ "itemsPerPage", PAGE_SIZE }
});
while (true)
{
if (token.IsCancellationRequested)
{
return(null);
}
var beforeCount = osaScans.Count;
var scans = WebOperation.ExecuteGet <IEnumerable <Scan> >(ctx.Json.CreateSastClient
, (response) =>
{
using (var sr = new StreamReader(response.Content.ReadAsStreamAsync().Result))
using (var jtr = new JsonTextReader(sr))
{
JToken jt = JToken.Load(jtr);
return(new ScansReader(jt, projectId));
}
}
, url(curPage++)
, ctx
, token
, (response) =>
{
if (response.StatusCode == System.Net.HttpStatusCode.Forbidden)
{
_log.Debug("403 response indicates OSA is not licensed for this instance.");
return(false);
}
return(true);
});
if (scans != null)
{
osaScans.AddRange(scans);
}
if (osaScans.Count == beforeCount)
{
break;
}
}
return(osaScans);
}
public static Stream GetVulnerabilities(CxRestContext ctx,
CancellationToken token, String reportId)
{
try
{
int retryCount = 0;
while (retryCount < RETRY_MAX)
{
using (var client = ctx.Xml.CreateSastClient())
{
if (retryCount > 0)
{
int delay = RETRY_DELAY_MS * retryCount;
_log.Info($"Waiting {delay}ms before retrying download of report {reportId}");
Task.Delay(delay, token);
}
try
{
var reportPayload = client.GetAsync(CxRestContext.MakeUrl(ctx.Url,
String.Format(URL_SUFFIX, reportId)), token).Result;
if (!reportPayload.IsSuccessStatusCode)
{
_log.Warn($"Unable to retrieve XML report {reportId}. Response status [{reportPayload.StatusCode}:{reportPayload.ReasonPhrase}]." +
$" Attempt #{retryCount + 1} of {RETRY_MAX}.");
retryCount++;
continue;
}
return(reportPayload.Content.ReadAsStreamAsync().Result);
}
catch (AggregateException aex)
{
_log.Warn($"Multiple exceptions caught attempting to retrieve XML report {reportId} during " +
$"attempt #{retryCount + 1} of {RETRY_MAX}.");
_log.Warn("BEGIN exception report");
int exCount = 0;
aex.Handle((x) =>
{
_log.Warn($"Exception #{++exCount}", x);
return(true);
});
_log.Warn("END exception report");
retryCount++;
}
catch (Exception ex)
{
_log.Warn($"Exception caught attempting to retrieve XML report {reportId} during " +
$"attempt #{retryCount + 1} of {RETRY_MAX}.", ex);
retryCount++;
}
}
}
}
catch (HttpRequestException hex)
{
_log.Error("Communication error.", hex);
throw hex;
}
throw new InvalidOperationException($"Unable to retrieve XML report {reportId}.");
}