search

checkmarx-ltd / cx-flow

Checkmarx Scan and Result Orchestration
Apache License 2.0
88 stars 87 forks source link

BitBucket creates parent branch project with malformed name #1085

Closed nleach999 closed 1 year ago

nleach999 commented 2 years ago

Description

When a push is made to a non-root protected branch using Bitbucket cloud, BitBucket server with native webhooks, or BitBucket server with Postwebhooks, a "root" project is created with a malformed name.

Expected Behavior

The "root" project name should have the correct branch name, as is observed when using GitHub, ADO, or GitLab:

image

Actual Behavior

The root project name is malformed; it omits the root branch name: image

Reproduction

  1. Ensure there are no projects that match the name of the projects that are to be created with CxFlow.

  2. Create a branch named "demo-master" from the root branch in a repo.

  3. Commit a config as code file to demo-master like:

    {
"version": 1.0,
"project" : "SimplyVulnerable-React-${branch}",
"team": "/CxServer",
"sast": {
    "preset": "High and Medium",
    "engineConfiguration": "Default Configuration",
},
"additionalProperties": {
    "cxFlow": {
        "application": "Simply Vulnerable React",
        "branches": ["demo-master"],
        "jira": {
            "project": "SV"
        }
    }
},
"sca" : {
  "team": "/CxServer/SCA-PM/Champions/NA-Partners"
}
}

  4. Observe that the project created is malformed, similar to:

[
  {
    "id": 256,
    "teamId": 1,
    "name": "SimplyVulnerable-React-",
    "isPublic": true,
    "customFields": [],
    "links": [
      {
        "rel": "self",
        "uri": "/projects/256"
      },
      {
        "rel": "teams",
        "uri": "/auth/teams/"
      },
      {
        "rel": "latestscan",
        "uri": "/sast/scans?projectId=256&last=1"
      },
      {
        "rel": "allscans",
        "uri": "/sast/scans?projectId=256"
      },
      {
        "rel": "scansettings",
        "uri": "/sast/scanSettings/256"
      },
      {
        "type": "local",
        "rel": "source",
        "uri": null
      }
    ],
    "owner": "admin",
    "isDeprecated": false,
    "projectQueueSettings": {
      "queueKeepMode": "KeepAll",
      "scansType": "All",
      "includeScansInProcess": false,
      "identicalCodeOnly": false
    },
    "isBranched": false,
    "originalProjectId": "",
    "branchedOnScanId": "",
    "relatedProjects": []
  }
]
  1. Observe that the branch project is created correctly and references the malformed project as the original project:
[
  {
    "id": 257,
    "teamId": 1,
    "name": "SimplyVulnerable-React-demo-master",
    "isPublic": true,
    "customFields": [],
    "links": [
      {
        "rel": "self",
        "uri": "/projects/257"
      },
      {
        "rel": "teams",
        "uri": "/auth/teams/"
      },
      {
        "rel": "latestscan",
        "uri": "/sast/scans?projectId=257&last=1"
      },
      {
        "rel": "allscans",
        "uri": "/sast/scans?projectId=257"
      },
      {
        "rel": "scansettings",
        "uri": "/sast/scanSettings/257"
      },
      {
        "type": "git",
        "rel": "source",
        "uri": "/projects/257/sourceCode/remoteSettings/git"
      }
    ],
    "owner": "admin",
    "isDeprecated": false,
    "projectQueueSettings": {
      "queueKeepMode": "KeepAll",
      "scansType": "All",
      "includeScansInProcess": false,
      "identicalCodeOnly": false
    },
    "isBranched": true,
    "originalProjectId": "256",
    "branchedOnScanId": "-1",
    "relatedProjects": []
  }
]

Environment Details

CxFlow 1.6.35 BitBucket server with Postwebhooks and/or native webhooks BitBucket cloud

itsKedar commented 1 year ago

Fixed in 1.6.37 CXFLW-572