oss-realtime scanner changes

cx-atish-jadhav · cx-atish-jadhav · commit 994bec49661c · 2025-10-14T17:11:07.000+05:30
diff --git a/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeLocation.java b/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeLocation.java
@@ -0,0 +1,31 @@
+package com.checkmarx.ast.ossrealtime;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class OssRealtimeLocation {
+    @JsonProperty("Line")
+    int line;
+    @JsonProperty("StartIndex")
+    int startIndex;
+    @JsonProperty("EndIndex")
+    int endIndex;
+
+    @JsonCreator
+    public OssRealtimeLocation(@JsonProperty("Line") int line,
+                               @JsonProperty("StartIndex") int startIndex,
+                               @JsonProperty("EndIndex") int endIndex) {
+        this.line = line;
+        this.startIndex = startIndex;
+        this.endIndex = endIndex;
+    }
+}
+
diff --git a/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeResults.java b/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeResults.java
@@ -0,0 +1,50 @@
+package com.checkmarx.ast.ossrealtime;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+import org.apache.commons.lang3.StringUtils;
+
+import java.io.IOException;
+import java.util.List;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class OssRealtimeResults {
+    @JsonProperty("Packages")
+    List<OssRealtimeScanPackage> packages;
+
+    @JsonCreator
+    public OssRealtimeResults(@JsonProperty("Packages") List<OssRealtimeScanPackage> packages) {
+        this.packages = packages;
+    }
+
+    public static OssRealtimeResults fromLine(String line) {
+        if (StringUtils.isBlank(line)) {
+            return null;
+        }
+        try {
+            if (isValidJSON(line) && line.contains("\"Packages\"")) {
+                return new ObjectMapper().readValue(line, OssRealtimeResults.class);
+            }
+        } catch (IOException ignored) {
+        }
+        return null;
+    }
+
+    private static boolean isValidJSON(String json) {
+        try {
+            new ObjectMapper().readTree(json);
+            return true;
+        } catch (IOException e) {
+            return false;
+        }
+    }
+}
+
diff --git a/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeScanPackage.java b/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeScanPackage.java
@@ -0,0 +1,49 @@
+package com.checkmarx.ast.ossrealtime;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Value;
+
+import java.util.List;
+
+@Value
+@JsonDeserialize
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class OssRealtimeScanPackage {
+    @JsonProperty("PackageManager")
+    String packageManager;
+    @JsonProperty("PackageName")
+    String packageName;
+    @JsonProperty("PackageVersion")
+    String packageVersion;
+    @JsonProperty("FilePath")
+    String filePath;
+    @JsonProperty("Locations")
+    List<OssRealtimeLocation> locations;
+    @JsonProperty("Status")
+    String status;
+    @JsonProperty("Vulnerabilities")
+    List<OssRealtimeVulnerability> vulnerabilities;
+
+    @JsonCreator
+    public OssRealtimeScanPackage(@JsonProperty("PackageManager") String packageManager,
+                                  @JsonProperty("PackageName") String packageName,
+                                  @JsonProperty("PackageVersion") String packageVersion,
+                                  @JsonProperty("FilePath") String filePath,
+                                  @JsonProperty("Locations") List<OssRealtimeLocation> locations,
+                                  @JsonProperty("Status") String status,
+                                  @JsonProperty("Vulnerabilities") List<OssRealtimeVulnerability> vulnerabilities) {
+        this.packageManager = packageManager;
+        this.packageName = packageName;
+        this.packageVersion = packageVersion;
+        this.filePath = filePath;
+        this.locations = locations;
+        this.status = status;
+        this.vulnerabilities = vulnerabilities;
+    }
+}
+
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java b/src/main/java/com/checkmarx/ast/wrapper/CxConstants.java
@@ -61,8 +61,6 @@ public final class CxConstants {
     static final String ADDITONAL_PARAMS = "--additional-params";
     static final String ENGINE = "--engine";
     static final String SUB_CMD_KICS_REALTIME = "kics-realtime";
-    static final String SUB_CMD_OSS_REALTIME = "oss-realtime";
-    static final String IGNORED_FILE_PATH = "--ignored-file-path";
     static final String SCA_REMEDIATION_PACKAGE_FILES = "--package-files";
     static final String SCA_REMEDIATION_PACKAGE = "--package";
     static final String SCA_REMEDIATION_PACKAGE_VERSION = "--package-version";
@@ -77,4 +75,9 @@ public final class CxConstants {
     static final String SUB_CMD_TENANT = "tenant";
     static final String IDE_SCANS_KEY = "scan.config.plugins.ideScans";
     static final String AI_MCP_SERVER_KEY = "scan.config.plugins.aiMcpServer";
+    static final String IGNORED_FILE_PATH = "--ignored-file-path";
+    static final String SUB_CMD_OSS_REALTIME = "oss-realtime";
+    static final String SUB_CMD_IAC_REALTIME = "iac-realtime";
+    static final String SUB_CMD_SECRETS_REALTIME = "secrets-realtime";
+    static final String SUB_CMD_CONTAINERS_REALTIME = "containers-realtime";
 }
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java
@@ -4,6 +4,7 @@
 import com.checkmarx.ast.codebashing.CodeBashing;
 import com.checkmarx.ast.kicsRealtimeResults.KicsRealtimeResults;
 import com.checkmarx.ast.learnMore.LearnMore;
+import com.checkmarx.ast.ossrealtime.OssRealtimeResults;
 import com.checkmarx.ast.predicate.CustomState;
 import com.checkmarx.ast.predicate.Predicate;
 import com.checkmarx.ast.project.Project;
@@ -404,26 +405,46 @@ public KicsRealtimeResults kicsRealtimeScan(@NonNull String fileSources, String
         return Execution.executeCommand(withConfigArguments(arguments), logger, KicsRealtimeResults::fromLine);
     }
 
-    public String ossRealtimeScan(@NonNull String sourcePath, String ignoredFilePath)
+    public <T> T realtimeScan(@NonNull String subCommand, @NonNull String sourcePath, String ignoredFilePath, java.util.function.Function<String, T> resultParser)
             throws IOException, InterruptedException, CxException {
-        this.logger.info("Executing 'scan oss-realtime' command using the CLI.");
+        this.logger.info("Executing 'scan {}' command using the CLI.", subCommand);
         this.logger.info("Source: {} IgnoredFilePath: {}", sourcePath, ignoredFilePath);
         List<String> arguments = new ArrayList<>();
         arguments.add(CxConstants.CMD_SCAN);
-        arguments.add(CxConstants.SUB_CMD_OSS_REALTIME);
+        arguments.add(subCommand);
         arguments.add(CxConstants.SOURCE);
         arguments.add(sourcePath);
         if (StringUtils.isNotBlank(ignoredFilePath)) {
             arguments.add(CxConstants.IGNORED_FILE_PATH);
             arguments.add(ignoredFilePath);
         }
-        return Execution.executeCommand(withConfigArguments(arguments), logger, line -> line);
+        return Execution.executeCommand(withConfigArguments(arguments), logger, resultParser);
+    }
+
+    // OSS Realtime
+    public OssRealtimeResults ossRealtimeScan(@NonNull String sourcePath, String ignoredFilePath)
+            throws IOException, InterruptedException, CxException {
+        return realtimeScan(CxConstants.SUB_CMD_OSS_REALTIME, sourcePath, ignoredFilePath, OssRealtimeResults::fromLine);
     }
 
-    public String ossRealtimeScan(@NonNull String sourcePath)
+    // IAC Realtime
+    public String iacRealtimeScan(@NonNull String sourcePath, String ignoredFilePath)
             throws IOException, InterruptedException, CxException {
-        return ossRealtimeScan(sourcePath, null);
+        return realtimeScan(CxConstants.SUB_CMD_IAC_REALTIME, sourcePath, ignoredFilePath, line -> line);
     }
+
+    // Secrets Realtime
+    public String secretsRealtimeScan(@NonNull String sourcePath, String ignoredFilePath)
+            throws IOException, InterruptedException, CxException {
+        return realtimeScan(CxConstants.SUB_CMD_SECRETS_REALTIME, sourcePath, ignoredFilePath, line -> line);
+    }
+
+    // Containers Realtime
+    public String containersRealtimeScan(@NonNull String sourcePath, String ignoredFilePath)
+            throws IOException, InterruptedException, CxException {
+        return realtimeScan(CxConstants.SUB_CMD_CONTAINERS_REALTIME, sourcePath, ignoredFilePath, line -> line);
+    }
+
     public KicsRemediation kicsRemediate(@NonNull String resultsFile, String kicsFile, String engine,String similarityIds)
             throws IOException, InterruptedException, CxException {
         this.logger.info("Executing 'remediation kics' command using the CLI.");
