Remove direct Checkmarx adapter usage - provide only PDS adapter

[de-jcup]

Situation

With

• 1098

we created a possiblity to define source code data inside the codeScan element but also inside the new data section. As described in #1313 the architve structure does contain __data__/$referenceName .

Currently the Checkmarx product executor will send the created zip content without any further treatment to checkmarx. The problem here: It will contain __data__/$referenceName and use this as the reference pathes inside its findings! So e.g. when using sechub plugins to open a finding the path would not be correct. Also reading checkmarx findings inside HTML reports would be difficult.

Wanted

Checkmarx adapter shall send a ZIP file which does not contain data section pathes inside

Solution

There are two possible solutions

Variant A

We move the Checkmarx product adapter to a PDS solution. This will use #1319 automatically and only necessary stuff will be inside the zip file.

Variant B

The mechanism inside

• 1319

  will be written in a very reusable way and is also available inside SecHub server (via library). Then the checkmarx product executor will

• Check if model needs an archive transformation
• When no transformation necessary than old behaviour
• When transformation is necessary, the file will be temporarily stored, transformed and the transformed content will be used by checkmarx product adapter.

Additional

For #1164 only PDS does support the filtering. When we use Variant B we must also introduce sechub.productexecutor.filefilter.excludes and sechub.productexecutor.filefilter.includes to handle this on sechub side as well. This will done by #1395

[de-jcup]

Decided to use Variant A.

But we do this in three steps.

1. 1415 (so we can use adapter variant + old variant parallel)

2. 1467 (provide a ready to use pds-solution)

3. 1416 (wen pds solution works as exxpected, we drop the old approach + change integration tests)