Unify realtime scan wrappers; consolidate Secrets/IaC models; deprecate and stub obsolete result classes

cx-atish-jadhav · cx-atish-jadhav · commit 1551319d1fe7 · 2025-10-15T13:50:57.000+05:30
diff --git a/src/main/java/com/checkmarx/ast/containersRealtime/ContainersRealtimeImage.java b/src/main/java/com/checkmarx/ast/containersRealtime/ContainersRealtimeImage.java
@@ -0,0 +1,40 @@
+package com.checkmarx.ast.containersRealtime;
+
+import com.checkmarx.ast.realtime.RealtimeLocation;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+
+import java.util.Collections;
+import java.util.List;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class ContainersRealtimeImage {
+    @JsonProperty("ImageName") String imageName;
+    @JsonProperty("ImageTag") String imageTag;
+    @JsonProperty("FilePath") String filePath;
+    @JsonProperty("Locations") List<RealtimeLocation> locations;
+    @JsonProperty("Status") String status;
+    @JsonProperty("Vulnerabilities") List<ContainersRealtimeVulnerability> vulnerabilities;
+
+    @JsonCreator
+    public ContainersRealtimeImage(@JsonProperty("ImageName") String imageName,
+                                   @JsonProperty("ImageTag") String imageTag,
+                                   @JsonProperty("FilePath") String filePath,
+                                   @JsonProperty("Locations") List<RealtimeLocation> locations,
+                                   @JsonProperty("Status") String status,
+                                   @JsonProperty("Vulnerabilities") List<ContainersRealtimeVulnerability> vulnerabilities) {
+        this.imageName = imageName;
+        this.imageTag = imageTag;
+        this.filePath = filePath;
+        this.locations = locations == null ? Collections.emptyList() : locations;
+        this.status = status;
+        this.vulnerabilities = vulnerabilities == null ? Collections.emptyList() : vulnerabilities;
+    }
+}
diff --git a/src/main/java/com/checkmarx/ast/containersRealtime/ContainersRealtimeResults.java b/src/main/java/com/checkmarx/ast/containersRealtime/ContainersRealtimeResults.java
@@ -0,0 +1,54 @@
+package com.checkmarx.ast.containersRealtime;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.List;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class ContainersRealtimeResults {
+    private static final Logger log = LoggerFactory.getLogger(ContainersRealtimeResults.class);
+
+    @JsonProperty("Images") List<ContainersRealtimeImage> images;
+
+    @JsonCreator
+    public ContainersRealtimeResults(@JsonProperty("Images") List<ContainersRealtimeImage> images) {
+        this.images = images;
+    }
+
+    public static ContainersRealtimeResults fromLine(String line) {
+        if (StringUtils.isBlank(line)) {
+            return null;
+        }
+        try {
+            if (line.contains("\"Images\"") && isValidJSON(line)) {
+                return new ObjectMapper().readValue(line, ContainersRealtimeResults.class);
+            }
+        } catch (IOException e) {
+            log.debug("Failed to parse containers realtime line: {}", line, e);
+        }
+        return null;
+    }
+
+    private static boolean isValidJSON(String json) {
+        try {
+            new ObjectMapper().readTree(json);
+            return true;
+        } catch (IOException e) {
+            return false;
+        }
+    }
+}
+
diff --git a/src/main/java/com/checkmarx/ast/containersRealtime/ContainersRealtimeVulnerability.java b/src/main/java/com/checkmarx/ast/containersRealtime/ContainersRealtimeVulnerability.java
diff --git a/src/main/java/com/checkmarx/ast/iacRealtime/IacRealtimeResults.java b/src/main/java/com/checkmarx/ast/iacRealtime/IacRealtimeResults.java
@@ -0,0 +1,98 @@
+package com.checkmarx.ast.iacRealtime;
+
+import com.checkmarx.ast.realtime.RealtimeLocation;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class IacRealtimeResults {
+    private static final Logger log = LoggerFactory.getLogger(IacRealtimeResults.class);
+    @JsonProperty("Results") List<Issue> results; // Normalized list (array or single object)
+
+    @JsonCreator
+    public IacRealtimeResults(@JsonProperty("Results") List<Issue> results) {
+        this.results = results == null ? Collections.emptyList() : results;
+    }
+
+    @Value
+    @JsonDeserialize
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    @JsonIgnoreProperties(ignoreUnknown = true)
+    public static class Issue {
+        @JsonProperty("Title") String title;
+        @JsonProperty("Description") String description;
+        @JsonProperty("SimilarityID") String similarityId;
+        @JsonProperty("FilePath") String filePath;
+        @JsonProperty("Severity") String severity;
+        @JsonProperty("ExpectedValue") String expectedValue;
+        @JsonProperty("ActualValue") String actualValue;
+        @JsonProperty("Locations") List<RealtimeLocation> locations;
+
+        @JsonCreator
+        public Issue(@JsonProperty("Title") String title,
+                     @JsonProperty("Description") String description,
+                     @JsonProperty("SimilarityID") String similarityId,
+                     @JsonProperty("FilePath") String filePath,
+                     @JsonProperty("Severity") String severity,
+                     @JsonProperty("ExpectedValue") String expectedValue,
+                     @JsonProperty("ActualValue") String actualValue,
+                     @JsonProperty("Locations") List<RealtimeLocation> locations) {
+            this.title = title;
+            this.description = description;
+            this.similarityId = similarityId;
+            this.filePath = filePath;
+            this.severity = severity;
+            this.expectedValue = expectedValue;
+            this.actualValue = actualValue;
+            this.locations = locations == null ? Collections.emptyList() : locations;
+        }
+    }
+
+    public static IacRealtimeResults fromLine(String line) {
+        if (StringUtils.isBlank(line)) {
+            return null;
+        }
+        try {
+            if (!isValidJSON(line)) {
+                return null;
+            }
+            ObjectMapper mapper = new ObjectMapper();
+            String trimmed = line.trim();
+            if (trimmed.startsWith("[")) {
+                List<Issue> list = mapper.readValue(trimmed, mapper.getTypeFactory().constructCollectionType(List.class, Issue.class));
+                return new IacRealtimeResults(list == null ? Collections.emptyList() : list);
+            }
+            if (trimmed.startsWith("{")) {
+                Issue single = mapper.readValue(trimmed, Issue.class);
+                return new IacRealtimeResults(Collections.singletonList(single));
+            }
+        } catch (IOException e) {
+            log.debug("Failed to parse iac realtime JSON line: {}", line, e);
+        }
+        return null;
+    }
+
+    private static boolean isValidJSON(String json) {
+        try {
+            new ObjectMapper().readTree(json);
+            return true;
+        } catch (IOException e) {
+            return false;
+        }
+    }
+}
diff --git a/src/main/java/com/checkmarx/ast/ossRealtime/OssRealtimeResults.java b/src/main/java/com/checkmarx/ast/ossRealtime/OssRealtimeResults.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.ossrealtime;
+package com.checkmarx.ast.ossRealtime;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
@@ -8,6 +8,8 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import lombok.Value;
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 import java.util.List;
@@ -17,6 +19,7 @@
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class OssRealtimeResults {
+    private static final Logger log = LoggerFactory.getLogger(OssRealtimeResults.class);
     @JsonProperty("Packages")
     List<OssRealtimeScanPackage> packages;
 
@@ -33,7 +36,8 @@ public static OssRealtimeResults fromLine(String line) {
             if (isValidJSON(line) && line.contains("\"Packages\"")) {
                 return new ObjectMapper().readValue(line, OssRealtimeResults.class);
             }
-        } catch (IOException ignored) {
+        } catch (IOException e) {
+            log.debug("Failed to parse oss realtime line: {}", line, e);
         }
         return null;
     }
@@ -47,4 +51,3 @@ private static boolean isValidJSON(String json) {
         }
     }
 }
-
diff --git a/src/main/java/com/checkmarx/ast/ossRealtime/OssRealtimeScanPackage.java b/src/main/java/com/checkmarx/ast/ossRealtime/OssRealtimeScanPackage.java
@@ -1,12 +1,14 @@
-package com.checkmarx.ast.ossrealtime;
+package com.checkmarx.ast.ossRealtime;
 
+import com.checkmarx.ast.realtime.RealtimeLocation;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import lombok.Value;
 
+import java.util.Collections;
 import java.util.List;
 
 @Value
@@ -23,7 +25,7 @@ public class OssRealtimeScanPackage {
     @JsonProperty("FilePath")
     String filePath;
     @JsonProperty("Locations")
-    List<OssRealtimeLocation> locations;
+    List<RealtimeLocation> locations;
     @JsonProperty("Status")
     String status;
     @JsonProperty("Vulnerabilities")
@@ -34,16 +36,15 @@ public OssRealtimeScanPackage(@JsonProperty("PackageManager") String packageMana
                                   @JsonProperty("PackageName") String packageName,
                                   @JsonProperty("PackageVersion") String packageVersion,
                                   @JsonProperty("FilePath") String filePath,
-                                  @JsonProperty("Locations") List<OssRealtimeLocation> locations,
+                                  @JsonProperty("Locations") List<RealtimeLocation> locations,
                                   @JsonProperty("Status") String status,
                                   @JsonProperty("Vulnerabilities") List<OssRealtimeVulnerability> vulnerabilities) {
         this.packageManager = packageManager;
         this.packageName = packageName;
         this.packageVersion = packageVersion;
         this.filePath = filePath;
-        this.locations = locations;
+        this.locations = locations == null ? Collections.emptyList() : locations;
         this.status = status;
-        this.vulnerabilities = vulnerabilities;
+        this.vulnerabilities = vulnerabilities == null ? Collections.emptyList() : vulnerabilities;
     }
 }
-
diff --git a/src/main/java/com/checkmarx/ast/ossRealtime/OssRealtimeVulnerability.java b/src/main/java/com/checkmarx/ast/ossRealtime/OssRealtimeVulnerability.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.ossrealtime;
+package com.checkmarx.ast.ossRealtime;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
diff --git a/src/main/java/com/checkmarx/ast/realtime/RealtimeLocation.java b/src/main/java/com/checkmarx/ast/realtime/RealtimeLocation.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.ossrealtime;
+package com.checkmarx.ast.realtime;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
@@ -11,18 +11,15 @@
 @JsonDeserialize
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class OssRealtimeLocation {
-    @JsonProperty("Line")
-    int line;
-    @JsonProperty("StartIndex")
-    int startIndex;
-    @JsonProperty("EndIndex")
-    int endIndex;
+public class RealtimeLocation {
+    @JsonProperty("Line") int line;
+    @JsonProperty("StartIndex") int startIndex;
+    @JsonProperty("EndIndex") int endIndex;
 
     @JsonCreator
-    public OssRealtimeLocation(@JsonProperty("Line") int line,
-                               @JsonProperty("StartIndex") int startIndex,
-                               @JsonProperty("EndIndex") int endIndex) {
+    public RealtimeLocation(@JsonProperty("Line") int line,
+                             @JsonProperty("StartIndex") int startIndex,
+                             @JsonProperty("EndIndex") int endIndex) {
         this.line = line;
         this.startIndex = startIndex;
         this.endIndex = endIndex;
diff --git a/src/main/java/com/checkmarx/ast/secretsRealtime/SecretsRealtimeResults.java b/src/main/java/com/checkmarx/ast/secretsRealtime/SecretsRealtimeResults.java
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package com.checkmarx.ast.ossrealtime;`
	`1`	`+package com.checkmarx.ast.ossRealtime;`
`2`	`2`
`3`	`3`	`import com.fasterxml.jackson.annotation.JsonCreator;`
`4`	`4`	`import com.fasterxml.jackson.annotation.JsonIgnoreProperties;`
`@@ -8,6 +8,8 @@`
`8`	`8`	`import com.fasterxml.jackson.databind.annotation.JsonDeserialize;`
`9`	`9`	`import lombok.Value;`
`10`	`10`	`import org.apache.commons.lang3.StringUtils;`
	`11`	`+import org.slf4j.Logger;`
	`12`	`+import org.slf4j.LoggerFactory;`
`11`	`13`
`12`	`14`	`import java.io.IOException;`
`13`	`15`	`import java.util.List;`
`@@ -17,6 +19,7 @@`
`17`	`19`	`@JsonInclude(JsonInclude.Include.NON_NULL)`
`18`	`20`	`@JsonIgnoreProperties(ignoreUnknown = true)`
`19`	`21`	`public class OssRealtimeResults {`
	`22`	`+ private static final Logger log = LoggerFactory.getLogger(OssRealtimeResults.class);`
`20`	`23`	`@JsonProperty("Packages")`
`21`	`24`	`List<OssRealtimeScanPackage> packages;`
`22`	`25`
`@@ -33,7 +36,8 @@ public static OssRealtimeResults fromLine(String line) {`
`33`	`36`	`if (isValidJSON(line) && line.contains("\"Packages\"")) {`
`34`	`37`	`return new ObjectMapper().readValue(line, OssRealtimeResults.class);`
`35`	`38`	`}`
`36`		`- } catch (IOException ignored) {`
	`39`	`+ } catch (IOException e) {`
	`40`	`+ log.debug("Failed to parse oss realtime line: {}", line, e);`
`37`	`41`	`}`
`38`	`42`	`return null;`
`39`	`43`	`}`
`@@ -47,4 +51,3 @@ private static boolean isValidJSON(String json) {`
`47`	`51`	`}`
`48`	`52`	`}`
`49`	`53`	`}`
`50`		`-`