Refactoring package name and adding test for oss and mcp flag

cx-atish-jadhav · cx-atish-jadhav · commit fa9f1b52f77b · 2025-10-16T19:37:57.000+05:30
diff --git a/src/main/java/com/checkmarx/ast/containersrealtime/ContainersRealtimeImage.java b/src/main/java/com/checkmarx/ast/containersrealtime/ContainersRealtimeImage.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.containersRealtime;
+package com.checkmarx.ast.containersrealtime;
 
 import com.checkmarx.ast.realtime.RealtimeLocation;
 import com.fasterxml.jackson.annotation.JsonCreator;
@@ -37,4 +37,4 @@ public ContainersRealtimeImage(@JsonProperty("ImageName") String imageName,
         this.status = status;
         this.vulnerabilities = vulnerabilities == null ? Collections.emptyList() : vulnerabilities;
     }
-}
+}
diff --git a/src/main/java/com/checkmarx/ast/containersrealtime/ContainersRealtimeResults.java b/src/main/java/com/checkmarx/ast/containersrealtime/ContainersRealtimeResults.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.containersRealtime;
+package com.checkmarx.ast.containersrealtime;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
@@ -51,4 +51,3 @@ private static boolean isValidJSON(String json) {
         }
     }
 }
-
diff --git a/src/main/java/com/checkmarx/ast/containersrealtime/ContainersRealtimeVulnerability.java b/src/main/java/com/checkmarx/ast/containersrealtime/ContainersRealtimeVulnerability.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.containersRealtime;
+package com.checkmarx.ast.containersrealtime;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
@@ -21,4 +21,4 @@ public ContainersRealtimeVulnerability(@JsonProperty("CVE") String cve,
         this.cve = cve;
         this.severity = severity;
     }
-}
+}
diff --git a/src/main/java/com/checkmarx/ast/iacrealtime/IacRealtimeResults.java b/src/main/java/com/checkmarx/ast/iacrealtime/IacRealtimeResults.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.iacRealtime;
+package com.checkmarx.ast.iacrealtime;
 
 import com.checkmarx.ast.realtime.RealtimeLocation;
 import com.fasterxml.jackson.annotation.JsonCreator;
@@ -95,4 +95,4 @@ private static boolean isValidJSON(String json) {
             return false;
         }
     }
-}
+}
diff --git a/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeResults.java b/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeResults.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.ossRealtime;
+package com.checkmarx.ast.ossrealtime;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
@@ -12,6 +12,7 @@
 import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
+import java.util.Collections;
 import java.util.List;
 
 @Value
@@ -20,12 +21,12 @@
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class OssRealtimeResults {
     private static final Logger log = LoggerFactory.getLogger(OssRealtimeResults.class);
-    @JsonProperty("Packages")
-    List<OssRealtimeScanPackage> packages;
+
+    @JsonProperty("Packages") List<OssRealtimeScanPackage> packages;
 
     @JsonCreator
     public OssRealtimeResults(@JsonProperty("Packages") List<OssRealtimeScanPackage> packages) {
-        this.packages = packages;
+        this.packages = packages == null ? Collections.emptyList() : packages;
     }
 
     public static OssRealtimeResults fromLine(String line) {
@@ -51,3 +52,4 @@ private static boolean isValidJSON(String json) {
         }
     }
 }
+
diff --git a/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeScanPackage.java b/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeScanPackage.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.ossRealtime;
+package com.checkmarx.ast.ossrealtime;
 
 import com.checkmarx.ast.realtime.RealtimeLocation;
 import com.fasterxml.jackson.annotation.JsonCreator;
@@ -16,20 +16,13 @@
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class OssRealtimeScanPackage {
-    @JsonProperty("PackageManager")
-    String packageManager;
-    @JsonProperty("PackageName")
-    String packageName;
-    @JsonProperty("PackageVersion")
-    String packageVersion;
-    @JsonProperty("FilePath")
-    String filePath;
-    @JsonProperty("Locations")
-    List<RealtimeLocation> locations;
-    @JsonProperty("Status")
-    String status;
-    @JsonProperty("Vulnerabilities")
-    List<OssRealtimeVulnerability> vulnerabilities;
+    @JsonProperty("PackageManager") String packageManager;
+    @JsonProperty("PackageName") String packageName;
+    @JsonProperty("PackageVersion") String packageVersion;
+    @JsonProperty("FilePath") String filePath;
+    @JsonProperty("Locations") List<RealtimeLocation> locations;
+    @JsonProperty("Status") String status;
+    @JsonProperty("Vulnerabilities") List<OssRealtimeVulnerability> vulnerabilities;
 
     @JsonCreator
     public OssRealtimeScanPackage(@JsonProperty("PackageManager") String packageManager,
@@ -48,3 +41,4 @@ public OssRealtimeScanPackage(@JsonProperty("PackageManager") String packageMana
         this.vulnerabilities = vulnerabilities == null ? Collections.emptyList() : vulnerabilities;
     }
 }
+
diff --git a/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeVulnerability.java b/src/main/java/com/checkmarx/ast/ossrealtime/OssRealtimeVulnerability.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.ossRealtime;
+package com.checkmarx.ast.ossrealtime;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
@@ -11,7 +11,6 @@
 @JsonDeserialize
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonIgnoreProperties(ignoreUnknown = true)
-
 public class OssRealtimeVulnerability {
     @JsonProperty("Id") String id;
     @JsonProperty("Severity") String severity;
@@ -29,3 +28,4 @@ public OssRealtimeVulnerability(@JsonProperty("Id") String id,
         this.fixVersion = fixVersion;
     }
 }
+
diff --git a/src/main/java/com/checkmarx/ast/secretsrealtime/SecretsRealtimeResults.java b/src/main/java/com/checkmarx/ast/secretsrealtime/SecretsRealtimeResults.java
@@ -1,4 +1,4 @@
-package com.checkmarx.ast.secretsRealtime;
+package com.checkmarx.ast.secretsrealtime;
 
 import com.checkmarx.ast.realtime.RealtimeLocation;
 import com.fasterxml.jackson.annotation.JsonCreator;
@@ -23,8 +23,7 @@
 public class SecretsRealtimeResults {
     private static final Logger log = LoggerFactory.getLogger(SecretsRealtimeResults.class);
 
-    @JsonProperty("Secrets")
-    List<Secret> secrets; // Normalized list (array or single object from CLI)
+    @JsonProperty("Secrets") List<Secret> secrets;
 
     @JsonCreator
     public SecretsRealtimeResults(@JsonProperty("Secrets") List<Secret> secrets) {
@@ -61,20 +60,19 @@ public Secret(@JsonProperty("Title") String title,
 
     public static SecretsRealtimeResults fromLine(String line) {
         if (StringUtils.isBlank(line)) {
-            return null; // skip blank
+            return null;
         }
         try {
             if (!isValidJSON(line)) {
                 return null;
             }
             ObjectMapper mapper = new ObjectMapper();
             String trimmed = line.trim();
-            if (trimmed.startsWith("[")) { // array form
-                List<Secret> list = mapper.readValue(trimmed,
-                        mapper.getTypeFactory().constructCollectionType(List.class, Secret.class));
+            if (trimmed.startsWith("[")) {
+                List<Secret> list = mapper.readValue(trimmed, mapper.getTypeFactory().constructCollectionType(List.class, Secret.class));
                 return new SecretsRealtimeResults(list);
             }
-            if (trimmed.startsWith("{")) { // single object form
+            if (trimmed.startsWith("{")) {
                 Secret single = mapper.readValue(trimmed, Secret.class);
                 return new SecretsRealtimeResults(Collections.singletonList(single));
             }
@@ -93,3 +91,4 @@ private static boolean isValidJSON(String json) {
         }
     }
 }
+
diff --git a/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java b/src/main/java/com/checkmarx/ast/wrapper/CxWrapper.java
@@ -4,10 +4,10 @@
 import com.checkmarx.ast.codebashing.CodeBashing;
 import com.checkmarx.ast.kicsRealtimeResults.KicsRealtimeResults;
 import com.checkmarx.ast.learnMore.LearnMore;
-import com.checkmarx.ast.ossRealtime.OssRealtimeResults;
-import com.checkmarx.ast.secretsRealtime.SecretsRealtimeResults;
-import com.checkmarx.ast.iacRealtime.IacRealtimeResults;
-import com.checkmarx.ast.containersRealtime.ContainersRealtimeResults;
+import com.checkmarx.ast.ossrealtime.OssRealtimeResults;
+import com.checkmarx.ast.secretsrealtime.SecretsRealtimeResults;
+import com.checkmarx.ast.iacrealtime.IacRealtimeResults;
+import com.checkmarx.ast.containersrealtime.ContainersRealtimeResults;
 import com.checkmarx.ast.predicate.CustomState;
 import com.checkmarx.ast.predicate.Predicate;
 import com.checkmarx.ast.project.Project;
@@ -399,7 +399,7 @@ public KicsRealtimeResults kicsRealtimeScan(@NonNull String fileSources, String
         arguments.add(fileSources);
         arguments.add(CxConstants.ADDITONAL_PARAMS);
         arguments.add(additionalParams);
-        if (engine.length() > 0) {
+        if (!engine.isEmpty()) {
             arguments.add(CxConstants.ENGINE);
             arguments.add(engine);
         }
@@ -461,11 +461,11 @@ public KicsRemediation kicsRemediate(@NonNull String resultsFile, String kicsFil
         arguments.add(resultsFile);
         arguments.add(CxConstants.KICS_REMEDIATION_KICS_FILE);
         arguments.add(kicsFile);
-        if (engine.length() > 0) {
+        if (!engine.isEmpty()) {
             arguments.add(CxConstants.ENGINE);
             arguments.add(engine);
         }
-        if (similarityIds.length() > 0) {
+        if (!similarityIds.isEmpty()) {
             arguments.add(CxConstants.KICS_REMEDIATION_SIMILARITY);
             arguments.add(similarityIds);
         }
diff --git a/src/test/java/com/checkmarx/ast/ScanTest.java b/src/test/java/com/checkmarx/ast/ScanTest.java
@@ -3,7 +3,9 @@
 import com.checkmarx.ast.asca.ScanDetail;
 import com.checkmarx.ast.asca.ScanResult;
 import com.checkmarx.ast.kicsRealtimeResults.KicsRealtimeResults;
+import com.checkmarx.ast.ossrealtime.OssRealtimeResults;
 import com.checkmarx.ast.scan.Scan;
+import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
@@ -92,4 +94,17 @@ void testKicsRealtimeScan() throws Exception {
         Assertions.assertTrue(scan.getResults().size() >= 1);
     }
 
+    @Test
+    void testOssRealtimeScanWithIgnoredFile() throws Exception {
+        Assumptions.assumeTrue(getConfig().getPathToExecutable() != null && !getConfig().getPathToExecutable().isEmpty(), "PATH_TO_EXECUTABLE not set");
+
+        String source = "pom.xml";
+        String ignoreFile = "src/test/resources/ignored-packages.json";
+
+        OssRealtimeResults results = wrapper.ossRealtimeScan(source, ignoreFile);
+
+        Assertions.assertNotNull(results);
+        Assertions.assertNotNull(results.getPackages());
+    }
+
 }
diff --git a/src/test/java/com/checkmarx/ast/TenantTest.java b/src/test/java/com/checkmarx/ast/TenantTest.java
@@ -11,11 +11,17 @@ public class TenantTest extends BaseTest {
     @Test
     void testTenantSettings() throws Exception {
         List<TenantSetting> tenantSettings = wrapper.tenantSettings();
-        Assertions.assertTrue(tenantSettings.size() > 0);
+        Assertions.assertFalse(tenantSettings.isEmpty());
     }
 
     @Test
     void testIdeScansEnabled() {
         Assertions.assertDoesNotThrow(() -> wrapper.ideScansEnabled());
     }
+
+    @Test
+    void testAiMcpServerEnabled() throws Exception {
+        boolean enabled = Assertions.assertDoesNotThrow(() -> wrapper.aiMcpServerEnabled());
+        Assertions.assertTrue(enabled, "AI MCP Server flag expected to be true");
+    }
 }
diff --git a/src/test/java/com/checkmarx/ast/unit/OssRealtimeParsingTest.java b/src/test/java/com/checkmarx/ast/unit/OssRealtimeParsingTest.java
diff --git a/src/test/resources/ignored-packages.json b/src/test/resources/ignored-packages.json

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package com.checkmarx.ast.containersRealtime;`
	`1`	`+package com.checkmarx.ast.containersrealtime;`
`2`	`2`
`3`	`3`	`import com.fasterxml.jackson.annotation.JsonCreator;`
`4`	`4`	`import com.fasterxml.jackson.annotation.JsonIgnoreProperties;`
`@@ -51,4 +51,3 @@ private static boolean isValidJSON(String json) {`
`51`	`51`	`}`
`52`	`52`	`}`
`53`	`53`	`}`
`54`		`-`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package com.checkmarx.ast.iacRealtime;`
	`1`	`+package com.checkmarx.ast.iacrealtime;`
`2`	`2`
`3`	`3`	`import com.checkmarx.ast.realtime.RealtimeLocation;`
`4`	`4`	`import com.fasterxml.jackson.annotation.JsonCreator;`
`@@ -95,4 +95,4 @@ private static boolean isValidJSON(String json) {`
`95`	`95`	`return false;`
`96`	`96`	`}`
`97`	`97`	`}`
`98`		`-}`
	`98`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package com.checkmarx.ast.secretsRealtime;`
	`1`	`+package com.checkmarx.ast.secretsrealtime;`
`2`	`2`
`3`	`3`	`import com.checkmarx.ast.realtime.RealtimeLocation;`
`4`	`4`	`import com.fasterxml.jackson.annotation.JsonCreator;`
`@@ -23,8 +23,7 @@`
`23`	`23`	`public class SecretsRealtimeResults {`
`24`	`24`	`private static final Logger log = LoggerFactory.getLogger(SecretsRealtimeResults.class);`
`25`	`25`
`26`		`- @JsonProperty("Secrets")`
`27`		`- List<Secret> secrets; // Normalized list (array or single object from CLI)`
	`26`	`+ @JsonProperty("Secrets") List<Secret> secrets;`
`28`	`27`
`29`	`28`	`@JsonCreator`
`30`	`29`	`public SecretsRealtimeResults(@JsonProperty("Secrets") List<Secret> secrets) {`
`@@ -61,20 +60,19 @@ public Secret(@JsonProperty("Title") String title,`
`61`	`60`
`62`	`61`	`public static SecretsRealtimeResults fromLine(String line) {`
`63`	`62`	`if (StringUtils.isBlank(line)) {`
`64`		`- return null; // skip blank`
	`63`	`+ return null;`
`65`	`64`	`}`
`66`	`65`	`try {`
`67`	`66`	`if (!isValidJSON(line)) {`
`68`	`67`	`return null;`
`69`	`68`	`}`
`70`	`69`	`ObjectMapper mapper = new ObjectMapper();`
`71`	`70`	`String trimmed = line.trim();`
`72`		`- if (trimmed.startsWith("[")) { // array form`
`73`		`- List<Secret> list = mapper.readValue(trimmed,`
`74`		`- mapper.getTypeFactory().constructCollectionType(List.class, Secret.class));`
	`71`	`+ if (trimmed.startsWith("[")) {`
	`72`	`+ List<Secret> list = mapper.readValue(trimmed, mapper.getTypeFactory().constructCollectionType(List.class, Secret.class));`
`75`	`73`	`return new SecretsRealtimeResults(list);`
`76`	`74`	`}`
`77`		`- if (trimmed.startsWith("{")) { // single object form`
	`75`	`+ if (trimmed.startsWith("{")) {`
`78`	`76`	`Secret single = mapper.readValue(trimmed, Secret.class);`
`79`	`77`	`return new SecretsRealtimeResults(Collections.singletonList(single));`
`80`	`78`	`}`
`@@ -93,3 +91,4 @@ private static boolean isValidJSON(String json) {`
`93`	`91`	`}`
`94`	`92`	`}`
`95`	`93`	`}`
	`94`	`+`