Project name cleansing removes valid characters

[nleach999]

Description

When having CxFlow create project names from a script, if the output string is such that it is like "[foo][bar][master]" it will replace the brackets with dashes like "-foo-bar-master-".

Expected Behavior

Characters that are valid in SAST project names should not be replaced.

Actual Behavior

Valid characters are replaced with dashes.

cxflow-webhook_1  | ************SCRIPT***********
cxflow-webhook_1  | EXTERNAL SCRIPT projectName: [GITHUB][nleach999][SimplyVulnerable][demo-master]
cxflow-webhook_1  | ************SCRIPT***********
cxflow-webhook_1  | 2020-10-15 17:07:56.415  INFO 15 --- [      flow-web1] c.c.f.s.ProjectNameGenerator              [s8zueMHU] : Project name being 
used: -GITHUB-nleach999-SimplyVulnerable-demo-master-

Reproduction

Use this repo name script:

println ("************SCRIPT***********")

def projectName = "[${request.repoType}][${request.namespace}][${request.application}][${request.branch}]"
println ("EXTERNAL SCRIPT projectName: ${projectName}")

println ("************SCRIPT***********")

return projectName.toString ()

Environment Details

CxFlow docker checkmarx/cx-flow:1.6.10-11

[kmcdon83]

@nleach999 , what works for SAST will not work for CxFlow. We eliminate anything that isn't alphanumeric, -_. Everything else is stripped and replaced with a dash. This was as designed, and not a bug. If we add more special characters we will need to work with CxGo/AST/CxSCA to align (but these teams don't currently align on project names and special characters that are allowed).

[armtumanyan]

For anyone still want to fix this, just add env variable:

CX_FLOW_PRESERVE_PROJECT_NAME=true

Works for me while integration GitlabCI with Checkmarx SAST.