we created a possiblity to define source code data inside the codeScan element but also inside the new data section.
As described in #1313 the architve structure does contain __data__/$referenceName .
Currently the Checkmarx product executor will send the created zip content without any further treatment to checkmarx.
The problem here: It will contain __data__/$referenceName and use this as the reference pathes inside its findings!
So e.g. when using sechub plugins to open a finding the path would not be correct. Also reading checkmarx findings inside
HTML reports would be difficult.
Wanted
Checkmarx adapter shall send a ZIP file which does not contain data section pathes inside
Solution
There are two possible solutions
Variant A
We move the Checkmarx product adapter to a PDS solution. This will use #1319 automatically and only necessary stuff will be inside the zip file.
Variant B
The mechanism inside
1319
will be written in a very reusable way and is also available inside SecHub server (via library). Then the checkmarx product executor will
Check if model needs an archive transformation
When no transformation necessary than old behaviour
When transformation is necessary, the file will be temporarily stored, transformed and the transformed content will be used by
checkmarx product adapter.
Additional
For #1164 only PDS does support the filtering.
When we use Variant B we must also introduce sechub.productexecutor.filefilter.excludes and sechub.productexecutor.filefilter.includes to handle this on sechub side as well. This will done by #1395
Situation
With
1098
we created a possiblity to define source code data inside the
codeScan
element but also inside the new data section. As described in #1313 the architve structure does contain__data__/$referenceName
.Currently the Checkmarx product executor will send the created zip content without any further treatment to checkmarx. The problem here: It will contain
__data__/$referenceName
and use this as the reference pathes inside its findings! So e.g. when using sechub plugins to open a finding the path would not be correct. Also reading checkmarx findings inside HTML reports would be difficult.Wanted
Checkmarx adapter shall send a ZIP file which does not contain data section pathes inside
Solution
There are two possible solutions
Variant A
We move the Checkmarx product adapter to a PDS solution. This will use #1319 automatically and only necessary stuff will be inside the zip file.
Variant B
The mechanism inside
1319
will be written in a very reusable way and is also available inside SecHub server (via library). Then the checkmarx product executor will
Additional
For #1164 only PDS does support the filtering. When we use Variant B we must also introduce
sechub.productexecutor.filefilter.excludes
andsechub.productexecutor.filefilter.includes
to handle this on sechub side as well. This will done by #1395