corgea-cli 1.3.0__tar.gz → 1.3.2__tar.gz

{corgea_cli-1.3.0 → corgea_cli-1.3.2}/Cargo.lock

@@ -195,7 +195,7 @@ checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f"
 
 [[package]]
 name = "corgea"
-version = "1.3.0"
+version = "1.3.2"
 dependencies = [
  "clap",
  "dirs",

{corgea_cli-1.3.0 → corgea_cli-1.3.2}/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "corgea"
-version = "1.3.0"
+version = "1.3.2"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

{corgea_cli-1.3.0 → corgea_cli-1.3.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: corgea-cli
-Version: 1.3.0
+Version: 1.3.2
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Developers
@@ -36,3 +36,19 @@ Corgea one-line command to upload SAST results. This command will run your scann
 
 </Card>
 
+## Installation
+
+### Using pip
+```
+pip install corgea-cli
+```
+
+### Manual Installation
+You can get the latest binaries for your OS from https://github.com/Corgea/cli/releases.
+
+### Setup
+Once the binary is installed, login with your token from the Corgea app.
+```
+corgea login <token>
+```
+

{corgea_cli-1.3.0 → corgea_cli-1.3.2}/README.md

@@ -9,3 +9,19 @@ Corgea one-line command to upload SAST results. This command will run your scann
 [![](https://cdn.loom.com/sessions/thumbnails/0d3ed94d1f01401a86906fc9713ee709-with-play.gif)](https://www.loom.com/share/0d3ed94d1f01401a86906fc9713ee709?sid=b11c1f5a-66ff-4dbf-a83a-c9bea15a5d7b)
 
 </Card>
+
+## Installation
+
+### Using pip
+```
+pip install corgea-cli
+```
+
+### Manual Installation
+You can get the latest binaries for your OS from https://github.com/Corgea/cli/releases.
+
+### Setup
+Once the binary is installed, login with your token from the Corgea app.
+```
+corgea login <token>
+```

corgea_cli-1.3.2/src/log.rs

@@ -0,0 +1,7 @@
+use std::env;
+
+pub fn debug(input: &str) {
+    if env::var("DEBUG").is_ok() {
+        println!("DEBUG: {}", input);
+    }
+}

{corgea_cli-1.3.0 → corgea_cli-1.3.2}/src/login.rs

@@ -1,9 +1,11 @@
 use reqwest;
 use std::collections::HashMap;
 use std::error::Error;
+use crate::log::debug;
 
 pub fn verify_token(token: &str, corgea_url: &str) -> Result<bool, Box<dyn Error>> {
     let url = format!("{}/api/cli/verify/{}", corgea_url, token);
+    debug(&format!("GET: {}", url));
     let response = reqwest::blocking::get(url)?;
 
     if response.status().is_success() {

{corgea_cli-1.3.0 → corgea_cli-1.3.2}/src/main.rs

@@ -2,6 +2,7 @@ mod login;
 mod config;
 mod scan;
 mod cicd;
+mod log;
 
 use std::str::FromStr;
 use clap::{Parser, Subcommand};

{corgea_cli-1.3.0 → corgea_cli-1.3.2}/src/scan.rs

@@ -7,6 +7,7 @@ use uuid::Uuid;
 use std::path::Path;
 use std::process::Command;
 use crate::cicd::{*};
+use crate::log::debug;
 
 pub fn run_command(base_cmd: &String, mut command: Command) -> String {
     match which::which(base_cmd) {
@@ -90,6 +91,8 @@ pub fn read_file_report(config: &Config, file_path: &str) {
 }
 
 pub fn parse_scan(config: &Config, input: String, save_to_file: bool) {
+    debug("Parsing the scan report json");
+
     let mut paths: Vec<String> = Vec::new();
     let mut scanner = String::new();
     let data: std::result::Result<Value, _> = serde_json::from_str(&input);
@@ -99,6 +102,7 @@ pub fn parse_scan(config: &Config, input: String, save_to_file: bool) {
             let schema = data.get("$schema").and_then(|v| v.as_str()).unwrap_or("unknown");
 
             if input.contains("semgrep.dev") {
+                debug("Detected semgrep schema");
                 scanner = "semgrep".to_string();
                 if let Some(results) = data.get("results").and_then(|v| v.as_array()) {
                     for result in results {
@@ -108,13 +112,16 @@ pub fn parse_scan(config: &Config, input: String, save_to_file: bool) {
                     }
                 }
             } else if schema.contains("sarif") {
+                debug("Detected sarif schema");
                 let run = data.get("runs").and_then(|v| v.as_array()).and_then(|v| v.get(0));
                 let driver = run.and_then(|v| v.get("tool")).and_then(|v| v.get("driver")).and_then(|v| v.get("name"));
                 let tool = driver.and_then(|v| v.as_str()).unwrap_or("unknown");
 
                 if tool == "SnykCode" {
+                    debug("Detected snyk version of sarif schema");
                     scanner = "snyk".to_string();
                 } else if tool == "CodeQL" {
+                    debug("Detected codeql version of sarif schema");
                     scanner = "codeql".to_string();
                 } else {
                     eprintln!("{} is not supported as this time.", tool);
@@ -136,8 +143,9 @@ pub fn parse_scan(config: &Config, input: String, save_to_file: bool) {
                         }
                     }
                 }
-                // checkmarx
-            } else if input.contains("Cx") && data.get("results").is_some() && data.get("scanID").is_some() {
+            // checkmarx report generated by CLI
+            } else if data.get("totalCount").is_some() && data.get("results").is_some() && data.get("scanID").is_some() {
+                debug("Detected checkmarx cli schema");
                 scanner = "checkmarx".to_string();
                 if let Some(results) = data.get("results").and_then(|v| v.as_array()) {
                     for result in results {
@@ -154,6 +162,37 @@ pub fn parse_scan(config: &Config, input: String, save_to_file: bool) {
                         }
                     }
                 }
+            // for checkmarx report generated by web
+            } else if data.get("scanResults").is_some() && data.get("reportId").is_some() {
+                debug("Detected checkmarx web schema");
+                scanner = "checkmarx".to_string();
+                if let Some(scan_results) = data.get("scanResults") {
+                    if let Some(sast) = scan_results.get("sast") {
+                        if let Some(languges) = sast.get("languages").and_then(|v| v.as_array()) {
+                            for language in languges {
+                                if let Some(queries) = language.get("queries").and_then(|v| v.as_array()) {
+                                    for query in queries {
+                                        if let Some(vulns) = query.get("vulnerabilities").and_then(|v| v.as_array()) {
+                                            for vuln in vulns {
+                                                if let Some(nodes) = vuln.get("nodes").and_then(|v| v.as_array()) {
+                                                    for node in nodes {
+                                                        if let Some(path) = node.get("fileName") {
+                                                            if let Some(truncated_path) = path.as_str() {
+                                                                paths.push(truncated_path.get(1..).unwrap_or("").to_string());
+                                                            }
+                                                        }
+                                                    }
+                                                }
+                                            }
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            } else {
+                debug("Couldn't detect what kind of report this is.")
             }
         }
         Err(e) => {
@@ -183,6 +222,7 @@ fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input: Stri
     let project;
 
     if in_ci {
+        debug("Running in CI");
         project = format!("{}-{}",
                           github_env_vars.get("GITHUB_REPOSITORY").expect("Failed to get GITHUB_REPOSITORY").to_string(),
                           github_env_vars.get("GITHUB_PR").expect("Failed to get GITHUB_REPOSITORY").to_string())
@@ -196,11 +236,16 @@ fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input: Stri
     let git_config_upload_url = format!(
         "{}/api/cli/git-config-upload?token={}&run_id={}", base_url, token, run_id
     );
-    let client = reqwest::blocking::Client::new();
+    let client = reqwest::blocking::Client::builder()
+        .timeout(std::time::Duration::from_secs(5 * 60))
+        .build()
+        .expect("Failed to build client");
 
     println!("Uploading required files for the scan...");
 
     let mut uploaded_paths = HashSet::new();
+    let mut uploaded_count = 0;
+    let mut upload_error_count = 0;
 
     for path in &paths {
         if !Path::new(&path).exists() {
@@ -215,36 +260,56 @@ fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input: Stri
         let src_upload_url = format!(
             "{}/api/cli/code-upload?token={}&run_id={}&path={}", base_url, token, run_id, path
         );
+        debug(&format!("Uploading file: {}", path));
         let fp = Path::new(&path);
 
-        let form = reqwest::blocking::multipart::Form::new()
-            .file("file", fp)
-            .expect("Failed to read file");
-
-        let client = reqwest::blocking::Client::new();
-        let res = client.post(&src_upload_url)
-            .multipart(form)
-            .send();
-
-        match res {
-            Ok(response) => {
-                if !response.status().is_success() {
-                    eprintln!("Failed to upload file: {}", response.status());
+        let mut attempts = 0;
+        let mut success = false;
+
+        while attempts < 3 && !success {
+            let form = reqwest::blocking::multipart::Form::new()
+                .file("file", fp)
+                .expect("Failed to read file");
+
+            debug(&format!("POST: {}", src_upload_url));
+            let res = client.post(&src_upload_url)
+                .multipart(form)
+                .send();
+
+            match res {
+                Ok(response) => {
+                    if !response.status().is_success() {
+                        eprintln!("Failed to upload file {} {}... retrying", response.status(), path);
+                        std::thread::sleep(std::time::Duration::from_secs(1));
+                        upload_error_count = upload_error_count + 1;
+                        attempts += 1;
+                    } else {
+                        uploaded_count += 1;
+                        success = true;
+                        uploaded_paths.insert(path.clone());
+                    }
+                }
+                Err(e) => {
+                    eprintln!("Failed to send request: {}", e);
                     std::process::exit(1);
-                } else {
-                    uploaded_paths.insert(path.clone());
                 }
             }
-            Err(e) => {
-                eprintln!("Failed to send request: {}", e);
-                std::process::exit(1);
-            }
         }
+
+        if attempts == 3 && !success {
+            eprintln!("Failed to upload file: {} after 3 attempts. skipping...", path);
+        }
+    }
+
+    if uploaded_count == 0 {
+        eprintln!("Failed to upload any files for the scan, exiting.");
+        std::process::exit(1);
     }
 
     println!("Uploading the scan...");
 
     // main scan upload
+    debug(&format!("POST: {}", scan_upload_url));
     let res = client.post(scan_upload_url)
         .header(header::CONTENT_TYPE, "application/json")
         .body(input.clone())
@@ -267,11 +332,12 @@ fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input: Stri
     let git_config_path = Path::new(".git/config");
 
     if git_config_path.exists() {
+        debug("Uploading .git/config");
         let form = reqwest::blocking::multipart::Form::new()
             .file("file", git_config_path)
             .expect("Failed to read file");
 
-        let client = reqwest::blocking::Client::new();
+        debug(&format!("POST: {}", git_config_upload_url));
         let res = client.post(&git_config_upload_url)
             .multipart(form)
             .send();
@@ -306,6 +372,7 @@ fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input: Stri
             }
         };
 
+        debug(&format!("POST: {}", ci_data_upload_url));
         let _res = client.post(ci_data_upload_url)
             .header(header::CONTENT_TYPE, "application/json")
             .body(github_env_vars_json_string)
@@ -323,5 +390,10 @@ fn upload_scan(config: &Config, paths: Vec<String>, scanner: String, input: Stri
     }
 
     println!("Successfully scanned using {} and uploaded to Corgea.", scanner);
+
+    if upload_error_count > 0 {
+        println!("Failed to upload {} files, you may not see all fixes in Corgea.", upload_error_count);
+    }
+
     println!("Go to {base_url} to see results.");
 }