Displaying and managing custom states in Eclipse IDE

Author: cx-atish-jadhav

checkmarx-ast-eclipse-plugin-tests/src/test/java/checkmarx/ast/eclipse/plugin/tests/integration/CustomStateIntegrationTest.java

@@ -0,0 +1,79 @@
+package checkmarx.ast.eclipse.plugin.tests.integration;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+
+import org.junit.Test;
+
+import com.checkmarx.eclipse.views.DataProvider;
+import com.checkmarx.eclipse.views.filters.FilterState;
+
+public class CustomStateIntegrationTest extends BaseIntegrationTest {
+
+	private final DataProvider provider = DataProvider.getInstance();
+
+	// 1. SAST includes at least one custom state
+	@Test
+	public void testSastIncludesAtLeastOneCustomState() {
+		List<String> sastStates = provider.getStatesForEngine("SAST");
+
+		boolean hasCustomState = sastStates.stream()
+				.anyMatch(s -> !FilterState.PREDEFINED_STATE_SET.contains(s.toUpperCase()));
+
+		assertTrue("SAST should include at least one custom state", hasCustomState);
+	}
+
+	// 2. Check that KICS and SCA contain only predefined states
+	@Test
+	public void testNonSastEnginesIncludeOnlyPredefinedStates() {
+		List<String> kicsStates = provider.getStatesForEngine("KICS");
+		List<String> scaStates = provider.getStatesForEngine("SCA");
+		//
+		assertEquals("KICS should include only predefined states", FilterState.PREDEFINED_STATES.size(),
+				kicsStates.size());
+		assertEquals("SCA should include only predefined states", FilterState.PREDEFINED_STATES.size(),
+				scaStates.size());
+
+		for (String kics : kicsStates) {
+			assertTrue("KICS state must be predefined", FilterState.PREDEFINED_STATE_SET.contains(kics.toUpperCase()));
+		}
+
+		for (String sca : scaStates) {
+			assertTrue("SCA state must be predefined", FilterState.PREDEFINED_STATE_SET.contains(sca.toUpperCase()));
+		}
+	}
+
+	// 3. No duplicates in SAST
+	@Test
+	public void testNoDuplicateStatesInSast() {
+		List<String> sastStates = provider.getStatesForEngine("SAST");
+
+		Set<String> deduplicated = new HashSet<>(sastStates);
+
+		assertEquals("SAST states should not contain duplicates", sastStates.size(), deduplicated.size());
+	}
+
+	// 4. Optional: See if a custom state disappears on next fetch
+	@Test
+	public void testCustomStateStillExistsAfterRefetch() {
+		List<String> initialStates = provider.getStatesForEngine("SAST");
+
+		Optional<String> firstCustom = initialStates.stream()
+				.filter(s -> !FilterState.PREDEFINED_STATE_SET.contains(s.toUpperCase())).findFirst();
+
+		if (!firstCustom.isPresent()) {
+			System.out.println("No custom state found in SAST — skipping recheck.");
+			return;
+		}
+
+		String custom = firstCustom.get();
+		List<String> refetched = provider.getStatesForEngine("SAST");
+
+		assertTrue("Custom state should still exist after re-fetch", refetched.contains(custom));
+	}
+}

checkmarx-ast-eclipse-plugin-tests/src/test/java/checkmarx/ast/eclipse/plugin/tests/ui/TestFilterState.java

@@ -47,7 +47,7 @@ public void testGroupByActionsInToolBar() throws TimeoutException {
 
 		SWTBotTreeItem ll = getFirstResultNode();
 		ArrayList<String> severityFilters = new ArrayList<>(Arrays.asList(Severity.HIGH.name(), Severity.MEDIUM.name(),Severity.LOW.name(),Severity.INFO.name()));
-		ArrayList<String> stateFilters = new ArrayList<>(Arrays.asList(State.CONFIRMED.name(),State.IGNORED.name(),State.NOT_EXPLOITABLE.name(),State.NOT_IGNORED.name(),State.PROPOSED_NOT_EXPLOITABLE.name(),State.TO_VERIFY.name(),State.URGENT.name()));
+		ArrayList<String> stateFilters = new ArrayList<>(Arrays.asList(State.CONFIRMED.getName(),State.IGNORED.getName(),State.NOT_EXPLOITABLE.getName(),State.NOT_IGNORED.getName(),State.PROPOSED_NOT_EXPLOITABLE.getName(),State.TO_VERIFY.getName(),State.URGENT.getName()));
 		assertTrue(!severityFilters.contains(ll.getText()));
 
 		//enable group by severity (1st level group)

checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/enums/State.java

@@ -1,16 +1,47 @@
 package com.checkmarx.eclipse.enums;
 
-public enum State {
-
-	TO_VERIFY,
-	NOT_EXPLOITABLE,
-	PROPOSED_NOT_EXPLOITABLE,
-	CONFIRMED,
-	NOT_IGNORED,
-	IGNORED,
-	URGENT;
-	
-	public static State getState(String state) {
-		return State.valueOf(state);
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+public class State {
+
+	private static final Map<String, State> STATES = new LinkedHashMap<>();
+
+	// Predefined states
+	public static final State TO_VERIFY = new State("TO_VERIFY");
+	public static final State NOT_EXPLOITABLE = new State("NOT_EXPLOITABLE");
+	public static final State PROPOSED_NOT_EXPLOITABLE = new State("PROPOSED_NOT_EXPLOITABLE");
+	public static final State CONFIRMED = new State("CONFIRMED");
+	public static final State NOT_IGNORED = new State("NOT_IGNORED");
+	public static final State IGNORED = new State("IGNORED");
+	public static final State URGENT = new State("URGENT");
+
+	private final String name;
+
+	private State(String name) {
+		this.name = name;
+		STATES.put(name, this);
+	}
+
+	public String getName() {
+		return name;
+	}
+
+	public static State of(String name) {
+		return STATES.computeIfAbsent(name, State::new); // register custom states dynamically
+	}
+
+	public static State getState(String name) {
+		return STATES.get(name);
+	}
+
+	public static Map<String, State> values() {
+		return Collections.unmodifiableMap(STATES);
+	}
+
+	@Override
+	public String toString() {
+		return name;
 	}
 }

checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/CheckmarxView.java

@@ -1330,7 +1330,8 @@ public void selectionChanged(SelectionChangedEvent event) {
 		String currentState = selectedItem.getState();
 		selectedState = selectedItem.getResult().getState();
 
-		String[] state = { "TO_VERIFY", "NOT_EXPLOITABLE", "PROPOSED_NOT_EXPLOITABLE", "CONFIRMED", "URGENT" };
+		// Fetch dynamic states from DataProvider
+		List<String> state = DataProvider.getInstance().getStatesForEngine(selectedItem.getType());
 
 			triageStateComboViewer.setContentProvider(ArrayContentProvider.getInstance());
 			triageStateComboViewer.setInput(state);
@@ -1952,6 +1953,22 @@ protected IStatus run(IProgressMonitor arg0) {
 							 addLearnMoreSectionsToComposite(learnMoreComposite, PluginConstants.LEARN_MORE_CAUSE, learnMore.getCause().trim());
 							 addLearnMoreSectionsToComposite(learnMoreComposite, PluginConstants.LEARN_MORE_GENERAL_RECOMMENDATIONS, learnMore.getGeneralRecommendations().trim());
 
+							// Adding CWE link in Learn More section of SAST vulnerability
+							String cweId = selectedItem.getResult().getVulnerabilityDetails().getCweId();
+							if (cweId != null && !cweId.isEmpty()) {
+								String cweUrl = "https://cwe.mitre.org/data/definitions/" + cweId + ".html";
+								Link cweLink = new Link(learnMoreComposite, SWT.NONE);
+								cweLink.setText("<a>CWE-" + cweId + "</a>");
+								cweLink.addListener(SWT.Selection, e -> {
+									try {
+										PlatformUI.getWorkbench().getBrowserSupport().getExternalBrowser()
+												.openURL(new java.net.URL(cweUrl));
+									} catch (Exception ex) {
+										CxLogger.error("Failed to open CWE link: " + ex.getMessage(), ex);
+									}
+								});
+							}
+
 				             learnMoreScrolledComposite.setMinSize(learnMoreComposite.computeSize(SWT.DEFAULT, SWT.DEFAULT));
 				             learnMoreComposite.layout();
 						}

checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/DataProvider.java

@@ -20,6 +20,7 @@
 
 import com.checkmarx.ast.codebashing.CodeBashing;
 import com.checkmarx.ast.learnMore.LearnMore;
+import com.checkmarx.ast.predicate.CustomState;
 import com.checkmarx.ast.predicate.Predicate;
 import com.checkmarx.ast.project.Project;
 import com.checkmarx.ast.results.ReportFormat;
@@ -57,6 +58,7 @@ public class DataProvider {
 	private String currentScanId;
 	private String projectId;
 	private List<DisplayModel> currentResultsTransformed;
+	private List<String> platformStates = new ArrayList<>();
 
 	/**
 	 * Singleton data provider instance
@@ -201,6 +203,12 @@ public List<DisplayModel> getResultsForScanId(String scanId) {
 
 		setCurrentScanId(scanId);
 
+		try {
+			platformStates = getAllStatesFromPlatform();
+		} catch (Exception e) {
+			CxLogger.warning("Failed to fetch all platform states on scan load: " + e.getMessage());
+		}
+
 		try {						
 			CxLogger.info(String.format(PluginConstants.INFO_FETCHING_RESULTS, scanId));
 			CxWrapper cxWrapper = getWrapper();
@@ -239,6 +247,18 @@ public Scan getScanInformation(String scanId) throws Exception {
 		return scan;
 	}
 
+	public List<String> getAvailableStates() {
+		return platformStates != null ? platformStates : Collections.emptyList();
+	}
+
+	public List<String> getStatesForEngine(String engineType) {
+		if ("SAST".equalsIgnoreCase(engineType)) {
+			return platformStates != null ? platformStates : Collections.emptyList();
+		} else {
+			return new ArrayList<>(com.checkmarx.eclipse.enums.State.values().keySet());
+		}
+	}
+
 	/**
 	 * Process results to be displayed in the tree
 	 * 
@@ -771,4 +791,26 @@ public void cancelScan(String scanId) throws IOException, InterruptedException,
 	public boolean isScanAllowed() throws CxException, IOException, InterruptedException, Exception {
 		return authenticateWithAST().ideScansEnabled();
 	}
+
+	/**
+	 * Fetch ALL platform states (predefined + custom) irrespective of
+	 * vulnerabilities.
+	 */
+	private List<String> getAllStatesFromPlatform() throws Exception {
+		if (currentScanId == null || projectId == null) {
+			return Collections.emptyList();
+		}
+
+		CxWrapper cxWrapper = authenticateWithAST();
+		List<String> allStates = new ArrayList<>();
+
+		try {
+			List<CustomState> customStates = cxWrapper.triageGetStates(false);
+			allStates = customStates.stream().map(CustomState::getName).collect(Collectors.toList());
+		} catch (Exception e) {
+			CxLogger.warning("Could not fetch platform states: " + e.getMessage());
+		}
+
+		return allStates;
+	}
 }

checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/actions/ActionFilterStatePreference.java

@@ -82,6 +82,19 @@ public Menu getMenu(final Control parent) {
 		createMenuItem(menu, FILTER_IGNORED, FilterState.ignored, State.IGNORED);
 		createMenuItem(menu, FILTER_NOT_IGNORED, FilterState.not_ignored, State.NOT_IGNORED);
 
+		// Add CUSTOM STATE filter option
+		MenuItem customItem = new MenuItem(menu, SWT.CHECK);
+		customItem.setText("CUSTOM STATE");
+		customItem.setSelection(FilterState.customState);
+		customItem.addSelectionListener(new SelectionAdapter() {
+			@Override
+			public void widgetSelected(SelectionEvent e) {
+				FilterState.setCustomStateFilter();
+				pluginEventBus.post(new PluginListenerDefinition(PluginListenerType.FILTER_CHANGED,
+						DataProvider.getInstance().sortResults()));
+			}
+		});
+
 		return menu;
 	}
 
@@ -94,6 +107,7 @@ private void createMenuItem(Menu menu, String filterText, boolean filterState, S
 
 	private SelectionListener StateFilterSectionListener(State state) {
 		return new SelectionAdapter() {
+			@Override
 			public void widgetSelected(SelectionEvent e) {
 				FilterState.setFilterState(state);
 				pluginEventBus.post(new PluginListenerDefinition(PluginListenerType.FILTER_CHANGED,