search

checkmarx-ltd / cx-flow

Checkmarx Scan and Result Orchestration
Apache License 2.0
88 stars 87 forks source link

Cxflow fails when analyze a web.xml with certain data #1062

Closed bvmanuelpaillafil closed 4 months ago

bvmanuelpaillafil commented 2 years ago

Description

When Cxflow analyze a spring-java project and it contain a web.xml with certain data it fail.

Expected Behavior

Cxflow will never fails in this cases

Actual Behavior

Cxflow fails with "java.lang.NullPointerException: null"

Reproduction

Create a simple(or fake) project with a certain data inside a web.xml and execute cxflow on this folder.

java -Xmx4024m -jar /app/cx-flow.jar --spring.config.location=/app/cxflow-application.yml --scan --cx-team="CxServer" --cx-project="asdadsad" --app="asdadsad" --branch="asdadsad" --repo-name="asdadsad" --namespace="asdadsad" --cx-fl
ow.break-build=false --cx-flow.enabled-vulnerability-scanners=sast --bug-tracker="Csv" --incremental=false --f=./
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/app/cx-flow.jar!/BOOT-INF/lib/logback-classic-1.2.3.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/app/cx-flow.jar!/BOOT-INF/lib/log4j-slf4j-impl-2.16.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [ch.qos.logback.classic.util.ContextSelectorStaticBinder]
   ___             ___ _
  / __\_  __      / __\ | _____      __
 / /  \ \/ /____ / _\ | |/ _ \ \ /\ / /
/ /___ >  <_____/ /   | | (_) \ V  V /
\____//_/\_\    \/    |_|\___/ \_/\_/

2022-07-15 05:21:01.624  INFO 275 --- [           main] com.checkmarx.flow.CxFlowApplication     : Starting CxFlowApplication on d9d766e4ebbe with PID 275 (/app/cx-flow.jar started by root in /root/cxtest)
2022-07-15 05:21:01.656  INFO 275 --- [           main] com.checkmarx.flow.CxFlowApplication     : No active profile set, falling back to default profiles: default
2022-07-15 05:21:27.295  INFO 275 --- [           main] ptablePropertiesBeanFactoryPostProcessor : Post-processing PropertySource instances
2022-07-15 05:21:28.670  INFO 275 --- [           main] c.u.j.EncryptablePropertySourceConverter : Converting PropertySource configurationProperties [org.springframework.boot.context.properties.source.ConfigurationPropertySourcesPropertySource] to AOP Proxy
2022-07-15 05:21:28.683  INFO 275 --- [           main] c.u.j.EncryptablePropertySourceConverter : Converting PropertySource commandLineArgs [org.springframework.core.env.SimpleCommandLinePropertySource] to EncryptableEnumerablePropertySourceWrapper
2022-07-15 05:21:28.685  INFO 275 --- [           main] c.u.j.EncryptablePropertySourceConverter : Converting PropertySource systemProperties [org.springframework.core.env.PropertiesPropertySource] to EncryptableMapPropertySourceWrapper
2022-07-15 05:21:28.686  INFO 275 --- [           main] c.u.j.EncryptablePropertySourceConverter : Converting PropertySource systemEnvironment [org.springframework.boot.env.SystemEnvironmentPropertySourceEnvironmentPostProcessor$OriginAwareSystemEnvironmentPropertySource] to EncryptableSystemEnvironmentPropertySourceWrapper
2022-07-15 05:21:28.688  INFO 275 --- [           main] c.u.j.EncryptablePropertySourceConverter : Converting PropertySource random [org.springframework.boot.env.RandomValuePropertySource] to EncryptablePropertySourceWrapper
2022-07-15 05:21:28.689  INFO 275 --- [           main] c.u.j.EncryptablePropertySourceConverter : Converting PropertySource applicationConfig: [file:/app/cxflow-application.yml] [org.springframework.boot.env.OriginTrackedMapPropertySource] to EncryptableMapPropertySourceWrapper
2022-07-15 05:21:34.220  INFO 275 --- [           main] c.u.j.filter.DefaultLazyPropertyFilter   : Property Filter custom Bean not found with name 'encryptablePropertyFilter'. Initializing Default Property Filter
2022-07-15 05:21:34.378  INFO 275 --- [           main] c.u.j.r.DefaultLazyPropertyResolver      : Property Resolver custom Bean not found with name 'encryptablePropertyResolver'. Initializing Default Property Resolver
2022-07-15 05:21:34.464  INFO 275 --- [           main] c.u.j.d.DefaultLazyPropertyDetector      : Property Detector custom Bean not found with name 'encryptablePropertyDetector'. Initializing Default Property Detector
2022-07-15 05:21:37.767  WARN 275 --- [           main] javax.persistence.spi                    : javax.persistence.spi::No valid providers found.
2022-07-15 05:21:37.829  INFO 275 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.hibernate.validator.internal.constraintvalidators.bv.NotBlankValidator' of type [org.hibernate.validator.internal.constraintvalidators.bv.NotBlankValidator] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2022-07-15 05:21:37.866  INFO 275 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.hibernate.validator.internal.constraintvalidators.bv.NotNullValidator' of type [org.hibernate.validator.internal.constraintvalidators.bv.NotNullValidator] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2022-07-15 05:21:37.924  INFO 275 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'flowProperties' of type [com.checkmarx.flow.config.FlowProperties] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2022-07-15 05:21:37.996  INFO 275 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'flowAsyncConfig' of type [com.checkmarx.flow.config.FlowAsyncConfig$$EnhancerBySpringCGLIB$$ab76c485] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2022-07-15 05:22:08.693  INFO 275 --- [           main] o.s.ws.soap.saaj.SaajSoapMessageFactory  : Creating SAAJ 1.3 MessageFactory with SOAP 1.1 Protocol
2022-07-15 05:22:14.417  INFO 275 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService
2022-07-15 05:22:14.445  INFO 275 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'scanRequest'
2022-07-15 05:22:14.513  INFO 275 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService
2022-07-15 05:22:14.516  INFO 275 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'webHook'
2022-07-15 05:22:16.812  INFO 275 --- [           main] com.checkmarx.flow.CxFlowRunner          : =======BUILD INFO=======
2022-07-15 05:22:16.823  INFO 275 --- [           main] com.checkmarx.flow.CxFlowRunner          : Version: cx-flow-1.6.28
2022-07-15 05:22:16.844  INFO 275 --- [           main] com.checkmarx.flow.CxFlowRunner          : Time: 2021-12-15T14:19:21.198Z
2022-07-15 05:22:16.845  INFO 275 --- [           main] com.checkmarx.flow.CxFlowRunner          : =======================
2022-07-15 05:22:27.225  INFO 275 --- [           main] com.checkmarx.flow.CxFlowApplication     : Started CxFlowApplication in 98.651 seconds (JVM running for 107.07)
2022-07-15 05:22:27.367  INFO 275 --- [           main] com.checkmarx.flow.CxFlowRunner          : Using custom bean implementation  for bug tracking
2022-07-15 05:22:28.141  INFO 275 --- [           main] c.c.flow.service.ScaFilterFactory        : Initializing SCA filters.
2022-07-15 05:22:28.157  INFO 275 --- [           main] com.checkmarx.flow.CxFlowRunner          : Executing scan process
2022-07-15 05:22:28.219  INFO 275 --- [           main] c.c.flow.service.ScaFilterFactory        : Initializing SCA filters.
2022-07-15 05:22:28.354  INFO 275 --- [           main] c.c.flow.service.ProjectNameGenerator    : Project name being used: asdadsad
2022-07-15 05:22:28.387  INFO 275 --- [           main] com.checkmarx.flow.utils.ZipUtils        : Creating zip file /root/cxtest/cx.95b22643-6bd2-4507-82f9-590523e0fe1f.zip from contents of path .
2022-07-15 05:22:28.470  INFO 275 --- [           main] com.checkmarx.flow.utils.ZipUtils        : Successfully created /root/cxtest/cx.95b22643-6bd2-4507-82f9-590523e0fe1f.zip
2022-07-15 05:22:28.478  INFO 275 --- [           main] c.c.f.sastscanning.ScanRequestConverter  : Overriding team with /CxServer
2022-07-15 05:22:28.626  INFO 275 --- [           main] com.checkmarx.sdk.service.CxAuthService  : Logging into Checkmarx https://admsast.bicevida.cl/CxRestAPI/auth/identity/connect/token
2022-07-15 05:22:33.719  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Retrieving Cx teams
2022-07-15 05:22:34.077  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Found team /CxServer with ID 1
2022-07-15 05:22:34.320  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Creating scan...
2022-07-15 05:22:34.349  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Updating Source details for project Id 475
2022-07-15 05:22:35.003  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Finding last Scan Id for project Id 475
2022-07-15 05:22:35.230  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Last scanDate does not meet the threshold for an incremental scan.
2022-07-15 05:22:35.247  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Creating Scan for project Id 475
2022-07-15 05:22:35.621  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Scan created with Id 1024937 for project Id 475
2022-07-15 05:22:36.062  INFO 275 --- [           main] jsonLogger                               :
2022-07-15 05:23:37.292  INFO 275 --- [           main] jsonLogger                               :
2022-07-15 05:23:37.315  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Creating report for xml Id 1024937
2022-07-15 05:23:37.508  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Report with Id 5740 created
2022-07-15 05:23:42.531  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Retrieving report status of report Id 5740
2022-07-15 05:23:43.846  INFO 275 --- [           main] com.checkmarx.sdk.service.CxAuthService  : Logging into Checkmarx for SOAP token https://admsast.bicevida.cl/CxRestAPI/auth/identity/connect/token
2022-07-15 05:23:44.186  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Retrieving report contents of report Id 5740 in XML format
2022-07-15 05:23:44.438  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Report downloaded for report Id 5740
2022-07-15 05:23:47.154  WARN 275 --- [           main] com.checkmarx.sdk.service.CxService      : Problem grabbing snippet.  Snippet may not exist for finding for Node ID
2022-07-15 05:23:47.165  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Fetching Scan data for Id 1024937
2022-07-15 05:23:47.362  INFO 275 --- [           main] com.checkmarx.sdk.service.CxService      : Fetching custom fields from project ID 475
2022-07-15 05:23:47.971  INFO 275 --- [           main] c.checkmarx.flow.service.ResultsService  : Issue tracking is custom bean implementation
2022-07-15 05:23:48.203  INFO 275 --- [           main] c.checkmarx.flow.custom.CsvIssueTracker  : Creating file ./tmp/cxflow/CxServer-asdadsad-20220715.052348.csv, Deleting if already exists
2022-07-15 05:23:48.283  INFO 275 --- [           main] c.c.flow.service.CodeBashingService      : not using CodeBashing lessons integration - one or more of the mandatory properties is missing
2022-07-15 05:23:48.285  INFO 275 --- [           main] com.checkmarx.flow.service.IssueService  : Processing Issues with custom bean Csv
2022-07-15 05:23:48.300  INFO 275 --- [           main] com.checkmarx.flow.service.IssueService  : Creating new issue with key src/main/webapp/WEB-INF/web.xml1004
2022-07-15 05:23:48.342 ERROR 275 --- [           main] com.checkmarx.flow.CxFlowRunner          : An error occurred while processing request

java.lang.NullPointerException: null
    at java.util.Objects.requireNonNull(Objects.java:203)
    at java.util.Optional.<init>(Optional.java:96)
    at java.util.Optional.of(Optional.java:108)
    at com.checkmarx.flow.custom.CsvIssueTracker.createSASTIssue(CsvIssueTracker.java:211)
    at com.checkmarx.flow.custom.CsvIssueTracker.createIssue(CsvIssueTracker.java:72)
    at com.checkmarx.flow.service.IssueService.process(IssueService.java:160)
    at com.checkmarx.flow.service.IssueService$$FastClassBySpringCGLIB$$bcade21c.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
    at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:56)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)
    at com.checkmarx.flow.service.IssueService$$EnhancerBySpringCGLIB$$abdc220b.process(<generated>)
    at com.checkmarx.flow.service.ResultsService.handleCustomIssueTracker(ResultsService.java:219)
    at com.checkmarx.flow.service.ResultsService.processResults(ResultsService.java:172)
    at com.checkmarx.flow.service.ResultsService$$FastClassBySpringCGLIB$$2328645f.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
    at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:95)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)
    at com.checkmarx.flow.service.ResultsService$$EnhancerBySpringCGLIB$$b6e6725d.processResults(<generated>)
    at com.checkmarx.flow.CxFlowRunner.processResults(CxFlowRunner.java:594)
    at com.checkmarx.flow.CxFlowRunner.scanLocalPath(CxFlowRunner.java:571)
    at com.checkmarx.flow.CxFlowRunner.commandLineRunner(CxFlowRunner.java:443)
    at com.checkmarx.flow.CxFlowRunner.run(CxFlowRunner.java:93)
    at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:786)
    at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:776)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:322)
    at com.checkmarx.flow.CxFlowApplication.main(CxFlowApplication.java:21)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:107)
    at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
    at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88)

2022-07-15 05:23:48.353  INFO 275 --- [           main] com.checkmarx.flow.CxFlowRunner          : Finished with exit code: 10
2022-07-15 05:23:48.452  INFO 275 --- [extShutdownHook] o.s.s.concurrent.ThreadPoolTaskExecutor  : Shutting down ExecutorService 'webHook'
2022-07-15 05:23:48.483  INFO 275 --- [extShutdownHook] o.s.s.concurrent.ThreadPoolTaskExecutor  : Shutting down ExecutorService 'scanRequest'

Environment Details

This fails on standalone server using official container image of cxflow (1.6.28 to 1.6.34). javasrc-example-failcxflow-app.zip

cx-leonelsanches commented 2 years ago

Hi @bvmanuelpaillafil,

I tested your code against version 1.6.35 (released yesterday) and the processing worked with no errors. Here's my log example using your codebase as the scanned project:

   ___             ___ _
  / __\_  __      / __\ | _____      __
 / /  \ \/ /____ / _\ | |/ _ \ \ /\ / /
/ /___ >  <_____/ /   | | (_) \ V  V /
\____//_/\_\    \/    |_|\___/ \_/\_/

2022-07-26 14:12:52.040  INFO 3500 --- [  restartedMain] c.c.f.CxFlowApplication                   [] : Starting CxFlowApplication using Java 1.8.0_292 on LEONEL-WS2016-94 with PID 3500
2022-07-26 14:12:52.055  INFO 3500 --- [  restartedMain] c.c.f.CxFlowApplication                   [] : No active profile set, falling back to 1 default profile: "default"
2022-07-26 14:12:52.877  INFO 3500 --- [  restartedMain] .e.DevToolsPropertyDefaultsPostProcessor  [] : Devtools property defaults active! Set 'spring.devtools.add-properties' to 'false' to disable
2022-07-26 14:12:55.378  INFO 3500 --- [  restartedMain] ptablePropertiesBeanFactoryPostProcessor  [] : Post-processing PropertySource instances
2022-07-26 14:12:55.500  INFO 3500 --- [  restartedMain] c.u.j.EncryptablePropertySourceConverter  [] : Converting PropertySource configurationProperties [org.springframework.boot.context.properties.source.ConfigurationPropertySourcesPropertySource] to AOP Proxy
2022-07-26 14:12:55.503  INFO 3500 --- [  restartedMain] c.u.j.EncryptablePropertySourceConverter  [] : Converting PropertySource commandLineArgs [org.springframework.core.env.SimpleCommandLinePropertySource] to EncryptableEnumerablePropertySourceWrapper
2022-07-26 14:12:55.504  INFO 3500 --- [  restartedMain] c.u.j.EncryptablePropertySourceConverter  [] : Converting PropertySource systemProperties [org.springframework.core.env.PropertiesPropertySource] to EncryptableMapPropertySourceWrapper
2022-07-26 14:12:55.505  INFO 3500 --- [  restartedMain] c.u.j.EncryptablePropertySourceConverter  [] : Converting PropertySource systemEnvironment [org.springframework.boot.env.SystemEnvironmentPropertySourceEnvironmentPostProcessor$OriginAwareSystemEnvironmentPropertySource] to EncryptableSystemEnvironmentPropertySourceWrapper
2022-07-26 14:12:55.506  INFO 3500 --- [  restartedMain] c.u.j.EncryptablePropertySourceConverter  [] : Converting PropertySource random [org.springframework.boot.env.RandomValuePropertySource] to EncryptablePropertySourceWrapper
2022-07-26 14:12:55.506  INFO 3500 --- [  restartedMain] c.u.j.EncryptablePropertySourceConverter  [] : Converting PropertySource Config resource 'class path resource [application.yml]' via location 'optional:classpath:/' [org.springframework.boot.env.OriginTrackedMapPropertySource] to EncryptableMapPropertySourceWrapper
2022-07-26 14:12:55.506  INFO 3500 --- [  restartedMain] c.u.j.EncryptablePropertySourceConverter  [] : Converting PropertySource devtools [org.springframework.core.env.MapPropertySource] to EncryptableMapPropertySourceWrapper
2022-07-26 14:12:55.677  INFO 3500 --- [  restartedMain] c.u.j.f.DefaultLazyPropertyFilter         [] : Property Filter custom Bean not found with name 'encryptablePropertyFilter'. Initializing Default Property Filter
2022-07-26 14:12:56.073  INFO 3500 --- [  restartedMain] c.u.j.r.DefaultLazyPropertyResolver       [] : Property Resolver custom Bean not found with name 'encryptablePropertyResolver'. Initializing Default Property Resolver
2022-07-26 14:12:56.079  INFO 3500 --- [  restartedMain] c.u.j.d.DefaultLazyPropertyDetector       [] : Property Detector custom Bean not found with name 'encryptablePropertyDetector'. Initializing Default Property Detector
2022-07-26 14:12:58.852  INFO 3500 --- [  restartedMain] o.s.w.s.s.SaajSoapMessageFactory          [] : Creating SAAJ 1.3 MessageFactory with SOAP 1.1 Protocol
2022-07-26 14:12:59.328  WARN 3500 --- [  restartedMain] j.p.spi                                   [] : javax.persistence.spi::No valid providers found.
2022-07-26 14:12:59.995  INFO 3500 --- [  restartedMain] c.c.f.CxFlowRunner                        [] : =======BUILD INFO=======
2022-07-26 14:12:59.996  INFO 3500 --- [  restartedMain] c.c.f.CxFlowRunner                        [] : Version: cx-flow-1.6.35
2022-07-26 14:12:59.998  INFO 3500 --- [  restartedMain] c.c.f.CxFlowRunner                        [] : Time: 2022-07-26T21:12:13.212Z
2022-07-26 14:12:59.998  INFO 3500 --- [  restartedMain] c.c.f.CxFlowRunner                        [] : =======================
2022-07-26 14:13:02.272  INFO 3500 --- [  restartedMain] o.s.b.d.a.OptionalLiveReloadServer        [] : LiveReload server is running on port 35729
2022-07-26 14:13:02.332  INFO 3500 --- [  restartedMain] c.c.f.CxFlowApplication                   [] : Started CxFlowApplication in 11.856 seconds (JVM running for 12.739)
2022-07-26 14:13:02.352  INFO 3500 --- [  restartedMain] c.c.f.CxFlowRunner                        [a6ZXZFpo] : Using custom bean implementation  for bug tracking
2022-07-26 14:13:02.433  INFO 3500 --- [  restartedMain] c.c.f.s.ScaFilterFactory                  [a6ZXZFpo] : Initializing SCA filters.
2022-07-26 14:13:02.437  INFO 3500 --- [  restartedMain] c.c.f.CxFlowRunner                        [a6ZXZFpo] : Executing scan process
2022-07-26 14:13:02.440  INFO 3500 --- [  restartedMain] c.c.f.s.ScaFilterFactory                  [a6ZXZFpo] : Initializing SCA filters.
2022-07-26 14:13:02.449  INFO 3500 --- [  restartedMain] c.c.f.s.ProjectNameGenerator              [a6ZXZFpo] : Project name being used: asdadsad
2022-07-26 14:13:02.451  INFO 3500 --- [  restartedMain] c.c.f.u.ZipUtils                          [a6ZXZFpo] : Creating zip file C:\Users\Administrator\IdeaProjects\cx-flow\cx.8d22ee05-98c0-415d-977a-fae806bb69d4.zip from contents of path C:\Users\Administrator\Documents\Bicevida
2022-07-26 14:13:02.463  INFO 3500 --- [  restartedMain] c.c.f.u.ZipUtils                          [a6ZXZFpo] : Successfully created C:\Users\Administrator\IdeaProjects\cx-flow\cx.8d22ee05-98c0-415d-977a-fae806bb69d4.zip 
2022-07-26 14:13:02.465  INFO 3500 --- [  restartedMain] c.c.f.s.ScanRequestConverter              [a6ZXZFpo] : Overriding team with /CxServer
2022-07-26 14:13:02.472  INFO 3500 --- [  restartedMain] c.c.s.s.CxAuthService                     [a6ZXZFpo] : Logging into Checkmarx http://localhost/cxrestapi/auth/identity/connect/token
2022-07-26 14:13:04.027  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Retrieving Cx teams
2022-07-26 14:13:04.052  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Found team /CxServer with ID 1
2022-07-26 14:13:07.822  INFO 3500 --- [  restartedMain] c.c.f.s.AbstractVulnerabilityScanner      [a6ZXZFpo] : Checking if there is any existing scan for Project: -1
2022-07-26 14:13:07.887  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : No scans in the queue that are in progress
2022-07-26 14:13:07.887  INFO 3500 --- [  restartedMain] c.c.f.s.AbstractVulnerabilityScanner      [a6ZXZFpo] : ----------existingScanId---------: -1
2022-07-26 14:13:07.887  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Creating scan...
2022-07-26 14:13:07.902  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Creating Project asdadsad for ownerId 1
2022-07-26 14:13:08.153  INFO 3500 --- [  restartedMain] c.c.s.s.ScanSettingsClientImpl            [a6ZXZFpo] : Retrieving Cx presets
2022-07-26 14:13:08.200  INFO 3500 --- [  restartedMain] c.c.s.s.ScanSettingsClientImpl            [a6ZXZFpo] : Found preset 'Checkmarx Default' with ID 36
2022-07-26 14:13:08.201  INFO 3500 --- [  restartedMain] c.c.s.s.ScanSettingsClientImpl            [a6ZXZFpo] : Retrieving Cx engineConfigurations
2022-07-26 14:13:08.237  INFO 3500 --- [  restartedMain] c.c.s.s.ScanSettingsClientImpl            [a6ZXZFpo] : Found xml/engine configuration Default Configuration with ID 1
2022-07-26 14:13:08.238  INFO 3500 --- [  restartedMain] c.c.s.s.ScanSettingsClientImpl            [a6ZXZFpo] : Creating ScanSettings for project Id 7
2022-07-26 14:13:08.394  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Updating Project folder and file exclusion details for project Id 7
2022-07-26 14:13:08.433  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Updating Source details for project Id 7
2022-07-26 14:13:08.617  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Scan will be Full Scan
2022-07-26 14:13:08.620  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Creating Scan for project Id 7
2022-07-26 14:13:08.723  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Scan created with Id 1000009 for project Id 7
2022-07-26 14:13:08.831  INFO 3500 --- [  restartedMain] jsonLogger                                [a6ZXZFpo] : 
2022-07-26 14:14:48.998  INFO 3500 --- [  restartedMain] jsonLogger                                [a6ZXZFpo] : 
2022-07-26 14:14:49.002  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Creating report for xml Id 1000009
2022-07-26 14:14:49.234  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Report with Id 2 created
2022-07-26 14:14:54.235  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Retrieving report status of report Id 2
2022-07-26 14:14:55.275  INFO 3500 --- [  restartedMain] c.c.s.s.CxAuthService                     [a6ZXZFpo] : Logging into Checkmarx for SOAP token http://localhost/cxrestapi/auth/identity/connect/token
2022-07-26 14:14:55.437  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Retrieving report contents of report Id 2 in XML format
2022-07-26 14:14:55.475  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Report downloaded for report Id 2
2022-07-26 14:14:55.632  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Fetching Scan data for Id 1000009
2022-07-26 14:14:55.646  INFO 3500 --- [  restartedMain] c.c.s.s.CxService                         [a6ZXZFpo] : Fetching custom fields from project ID 7
2022-07-26 14:14:55.832  INFO 3500 --- [  restartedMain] c.c.f.s.ResultsService                    [a6ZXZFpo] : Issue tracking is custom bean implementation
2022-07-26 14:14:55.859  INFO 3500 --- [  restartedMain] c.c.f.c.CsvIssueTracker                   [a6ZXZFpo] : Creating file /tmp/cxflow/CxServer-asdadsad-20220726.141455.csv, Deleting if already exists
2022-07-26 14:14:55.867  INFO 3500 --- [  restartedMain] c.c.f.s.CodeBashingService                [a6ZXZFpo] : not using CodeBashing lessons integration - one or more of the mandatory properties is missing
2022-07-26 14:14:55.868  INFO 3500 --- [  restartedMain] c.c.f.s.IssueService                      [a6ZXZFpo] : Processing Issues with custom bean Csv
2022-07-26 14:14:55.869  INFO 3500 --- [  restartedMain] c.c.f.c.CsvIssueTracker                   [a6ZXZFpo] : Finalizing CSV output
2022-07-26 14:14:55.870  INFO 3500 --- [  restartedMain] c.c.f.s.ResultsService                    [a6ZXZFpo] : ####Checkmarx Scan Results Summary####
2022-07-26 14:14:55.870  INFO 3500 --- [  restartedMain] c.c.f.s.ResultsService                    [a6ZXZFpo] : Team: CxServer, Project: asdadsad, Scan-Id: 1000009
2022-07-26 14:14:55.870  INFO 3500 --- [  restartedMain] c.c.f.s.ResultsService                    [a6ZXZFpo] : The vulnerabilities found for the scan are: high: 0, medium: 1, low: 0, info: 0
2022-07-26 14:14:55.871  INFO 3500 --- [  restartedMain] c.c.f.s.ResultsService                    [a6ZXZFpo] : To view results use following link: http://leonel-ws2016-94/CxWebClient/ViewerMain.aspx?scanid=1000009&projectid=7
2022-07-26 14:14:55.871  INFO 3500 --- [  restartedMain] c.c.f.s.ResultsService                    [a6ZXZFpo] : ######################################
2022-07-26 14:14:55.872  INFO 3500 --- [  restartedMain] c.c.f.s.ThresholdValidatorImpl            [a6ZXZFpo] : Checking Thresholds exists. sast thresholds: false. sca thresholds: false
2022-07-26 14:14:55.872  INFO 3500 --- [  restartedMain] c.c.f.CxFlowRunner                        [a6ZXZFpo] : Build succeeded. all checks passed
2022-07-26 14:14:55.872  INFO 3500 --- [  restartedMain] c.c.f.CxFlowRunner                        [a6ZXZFpo] : Completed Successfully
2022-07-26 14:14:55.872  INFO 3500 --- [  restartedMain] c.c.f.CxFlowRunner                        [a6ZXZFpo] : Finished with exit code: 0

Could you please repeat the test using this jar? https://github.com/checkmarx-ltd/cx-flow/releases/download/1.6.35/cx-flow-1.6.35.jar

satyamchaurasiapersistent commented 1 year ago

Hi @bvmanuelpaillafil can you please confirm are still facing this issue with latest version of cx-flow

itsKedar commented 4 months ago

Please check on our latest version 1.7.0 . If does not work please reopen issue.