Q4 integration branch 2023 (#44)

Release 2023 Q4 - 9.00.27

Author: cx-rahul-pidde

Common/Code/Constants.cs

@@ -61,7 +61,7 @@ public class Constants
 		public const string TOKEN_ENDPOINT = SAST_PREFIX + "/identity/connect/token";
 		public const string SAVE_SAST_SCAN = "save-sast-scan";
 		public const string MANAGE_RESULTS_COMMENT = "manage-result-comment";
-		public const string MANAGE_RESULTS_EXPLOITABILITY = "manage-result-exploitability";
+		public const string MANAGE_RESULTS_EXPLOITABILITY = "set-result-state-notexploitable";
 
 	}
 }

CxActionShared/CxActionShared.projitems

@@ -111,6 +111,7 @@
     <Compile Include="$(MSBuildThisFileDirectory)Services\WinCookieHelper.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\OidcLoginResult.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\RESTApi\CxAppSecCodbashing.cs" />
+    <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\RESTApi\CxProjectDetails.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\RESTApi\CxQueryDescription.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\RESTApi\CxRESTApiLoginResponse.cs" />
     <Compile Include="$(MSBuildThisFileDirectory)ValueObjects\Results.cs" />

CxActionShared/Entities/LoginData.cs

@@ -64,6 +64,7 @@ public class LoginData : IEntity
         private bool _manageResultsComment;
         private bool _manageResultsExploitability;
         private int _bindProjectCount = -1;
+        private bool _enableTLSOrSSLServerCertificateValidation = true;
 
         #endregion
 
@@ -277,6 +278,9 @@ public bool DisableConnectionOptimizations
         public bool ManageResultsExploitability { get => _manageResultsExploitability; set => _manageResultsExploitability = value; }
 
         public int BindProjectCount { get { return _bindProjectCount; } set { _bindProjectCount = value; } }
+
+        public bool EnableTLSOrSSLServerCertificateValidation { get => _enableTLSOrSSLServerCertificateValidation; set => _enableTLSOrSSLServerCertificateValidation = value; }
+
         #endregion [ Properties ]
 
         #region [ Public Methods ]

CxActionShared/Helpers/HttpHelper.cs

@@ -24,7 +24,8 @@ public static string Get(string url)
             try
             {
                 HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url);
-                ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };
+                //This class is not in use. To avoid SSL_Verification_ByPass vulnarability by default SSL certificate validation enabled
+                ServicePointManager.ServerCertificateValidationCallback += delegate (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return false; };
                 response = (HttpWebResponse)request.GetResponse();
 
                 using (StreamReader responseStream = new StreamReader(response.GetResponseStream()))

CxActionShared/Helpers/LoginHelper.cs

@@ -14,6 +14,7 @@
 using CxViewerAction.Views;
 using CxViewerAction.WebPortal;
 using CefSharp;
+using CxViewerAction.MenuLogic;
 
 namespace CxViewerAction.Helpers
 {
@@ -469,6 +470,8 @@ internal static void DoLogout()
             LoginData login = LoadSaved();
             Logger.Create().Info("Logging out, clearing authentication data.");
             OidcLoginData oidcLoginData = OidcLoginData.GetOidcLoginDataInstance();
+            BindProjectLogic _logic = new BindProjectLogic();
+            _logic.UnBindProject(true);
             oidcLoginData.AccessToken = null;
             oidcLoginData.RefreshToken = null;
             oidcLoginData.AccessTokenExpiration = -1;

CxActionShared/Helpers/ScanHelper.cs

@@ -13,6 +13,11 @@
 using System.Threading;
 using CxViewerAction.CxVSWebService;
 using Common;
+using System.Net;
+using System.IO;
+using System.Text;
+using CxViewerAction.ValueObjects;
+using System.Web.Script.Serialization;
 
 namespace CxViewerAction.Helpers
 {
@@ -27,7 +32,7 @@ internal class ScanHelper : IScanHelper
         static bool _cancelPressed;
         static Upload _uploadSettings;
         readonly IConfigurationHelper _configurationHelper;
-
+        private string _apiProjectDetails = "projects/{0}";
 
         public ScanHelper(IConfigurationHelper configurationHelper)
         {
@@ -427,8 +432,9 @@ private void ShowScanData(ref CxWSQueryVulnerabilityData[] scanData, ref long sc
 
                 bindProject.BindedProjectId = scanStatus.ProjectId;
                 CommonData.ProjectId = scanStatus.ProjectId;
-                CommonData.IsProjectPublic = scanStatus.IsPublic;
-                bindProject.IsPublic = scanStatus.IsPublic;
+                bool isPublic= GetProjectDetails(scanStatus.ProjectId);
+                CommonData.IsProjectPublic = isPublic;
+                bindProject.IsPublic = isPublic;
                 bindProject.IsBound = true;
             }
             bindProject.SelectedScanId = id;
@@ -471,6 +477,30 @@ private void ShowScanData(ref CxWSQueryVulnerabilityData[] scanData, ref long sc
             bgWork.DoWork();
         }
 
+        private bool GetProjectDetails(long projectId)
+        {
+            string responseText = string.Empty;
+
+            CxRESTApiCommon rESTApiPortalConfiguration = new CxRESTApiCommon(string.Format(_apiProjectDetails, projectId));
+            HttpWebResponse response = rESTApiPortalConfiguration.InitPortalBaseUrl();
+
+            if (response != null && response.StatusCode == HttpStatusCode.OK)
+            {
+                using (StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.UTF8))
+                {
+                    responseText = reader.ReadToEnd();
+                }
+            }
+
+            if (!string.IsNullOrEmpty(responseText))
+            {
+                CxProjectDetails projectDetails = new CxProjectDetails();
+                JavaScriptSerializer javaScriptSerializer = new JavaScriptSerializer();
+                projectDetails = (CxProjectDetails)javaScriptSerializer.Deserialize(responseText, typeof(CxProjectDetails));
+                return projectDetails.isPublic;
+            }
+            return false;
+        }
         private StatusScanResult UpdateScanStatus(ref bool bCancel, bool backgroundMode, IScanView view, BackgroundWorkerHelper bg, CxWebServiceClient client, ref bool isIISStoped)
         {
             // Get current scan status

CxActionShared/Helpers/ZipHelper.cs

@@ -135,7 +135,7 @@ private static byte[] Compress(Project[] projects, string sExcludeFile, string s
                             {
                                 foreach (string filePath in p.FilePathList) // scan only the file selected
                                 {
-                                    if (Directory.Exists(p.RootPath))
+                                    if (Directory.Exists(p.RootPath) && !oZip.ContainsEntry(filePath))
                                     {
                                         Logger.Create().Debug("Zip file: " + p.FilePathList);
                                         WriteEntryToZip(oZip, Path.GetFileName(filePath), filePath);
@@ -222,9 +222,12 @@ public static bool WriteDirectoryToZip(ZipOutputStream zipStream, string inputFo
 
             foreach (string file in filesToZip)
             {
-                WriteEntryToZip(zipStream, file.Remove(0, trimLength), file);
-
-                entryCounter++;
+                bool isEntryExists = zipStream.ContainsEntry(file.Remove(0, trimLength)); // checking is entry already exists in zipoutputsteam or not 
+                if (!isEntryExists)
+                {
+                    WriteEntryToZip(zipStream, file.Remove(0, trimLength), file);
+                    entryCounter++;
+                }
 
                 // Flush every 20 entries
                 if (entryCounter % 20 == 0)

CxActionShared/MenuLogic/BindProjectLogic.cs

@@ -99,47 +99,52 @@ void DoRetrieveResults(Entities.Project project)
             }
         }
 
-        public CommandStatus GetStatus()
+        public void UnBindProject(bool unBindAllData = false)
         {
-            Logger.Create().Info("Bind operation getting status.");
-            CommandStatus status = CommandStatus.CommandStatusNull;
-            _isBinded = false;
-            bool currentBind = false;
-            status = (CommandStatus)CommandStatus.CommandStatusSupported |
-                         CommandStatus.CommandStatusEnabled;
             LoginData login = LoginHelper.LoadSaved();
-            Logger.Create().Debug("For bind operation saved login data loaded.");
-            ///<summary>
-            /// Changes for Plug-488 clear bound project when switching to another solution 
-            ///</summary>
-            ///Start
+            LoginData.BindProject unBindProject = null;
             if (login.BindedProjects != null)
             {
-                Logger.Create().Info("GetSatus():Checking bound projects not empty.");
-                Entities.Project selectedProject2 = CommonActionsInstance.getInstance().GetSelectedProject();
-                foreach (LoginData.BindProject project in login.BindedProjects)
-                {
-                    Logger.Create().Info("Checking for current solution bound projects.");
-                    if (selectedProject2.RootPath == project.RootPath && selectedProject2.ProjectName == project.ProjectName)
-                    {
-                        currentBind = true;
-                    }
-                }
-                CommonData.IsWorkingOffline = false;
-                LoginHelper.Save(login);
-
-                if (!currentBind)
+                if (unBindAllData)
                 {
-                    Logger.Create().Info("Checking for current solution bound projects false.");
                     login.BindedProjects.Clear();
-                    Logger.Create().Info("Clearing for current solution bound projects.");
                     CommonData.IsProjectBound = false;
                     LoginHelper.IsLogged = false;
-                    LoginHelper.Save(login);
-                    Logger.Create().Info("Saving data in conf file.");
+                    CommonData.IsWorkingOffline = false;
+                    Logger.Create().Info("Clearing for current solution bound projects.");
                 }
+                else
+                {
+                    Logger.Create().Info("GetSatus():Checking bound projects not empty.");
+                    Entities.Project selectedProject2 = CommonActionsInstance.getInstance().GetSelectedProject();
+                    foreach (LoginData.BindProject project in login.BindedProjects)
+                    {
+                        Logger.Create().Info("Checking for current solution bound projects.");
+                        if (selectedProject2.RootPath == project.RootPath && selectedProject2.ProjectName == project.ProjectName)
+                        {
+                            unBindProject = project;
+                        }
+                    }
+
+                    if (unBindProject != null)
+                    {
+                        login.BindedProjects.Remove(unBindProject);
+                    }
+                }
+                LoginHelper.Save(login);
+                Logger.Create().Info("Saving data in conf file.");
             }
-            ///End
+        }
+
+        public CommandStatus GetStatus()
+        {
+            Logger.Create().Info("Bind operation getting status.");
+            CommandStatus status = CommandStatus.CommandStatusNull;
+            _isBinded = false;
+            status = (CommandStatus)CommandStatus.CommandStatusSupported |
+                         CommandStatus.CommandStatusEnabled;
+            LoginData login = LoginHelper.LoadSaved();
+            Logger.Create().Debug("For bind operation saved login data loaded.");
             Logger.Create().Info("Bind logic getting selected project.");
             Entities.Project selectedProject = CommonActionsInstance.getInstance().GetSelectedProject();
             if (selectedProject == null)

CxActionShared/Services/CxWebServiceClient.cs

@@ -6,6 +6,7 @@
 using System.Net.Security;
 using CxViewerAction.CxVSWebService;
 using CxViewerAction.Entities.WebServiceEntity;
+using Common;
 
 namespace CxViewerAction.Services
 {
@@ -61,7 +62,21 @@ public class CxWebServiceClient
         /// <param name="server">server url</param>
         public CxWebServiceClient(LoginData pLogin)
         {
-            ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };
+            ServicePointManager. ServerCertificateValidationCallback += delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) 
+            {
+                // No SSL policy errors, certificate is considered valid Or Certificate validation is disabled
+                if (!pLogin.EnableTLSOrSSLServerCertificateValidation || sslPolicyErrors == SslPolicyErrors.None)
+                    return true;
+                else
+                {
+                    // Log or handle SSL policy errors
+                    Logger.Create().Error("Certificate error: " + sslPolicyErrors.ToString());
+
+                    // Example: Check if the certificate is issued by a specific CA or meets specific criteria
+                    // Return false to reject the certificate
+                    return false;
+                }
+            };
 
             CxViewerAction.Services.CxWSResolverWrapper resolver = new CxViewerAction.Services.CxWSResolverWrapper { Url = pLogin.Server };
             resolver.DisableConnectionOptimizations = pLogin.DisableConnectionOptimizations;

CxActionShared/ValueObjects/RESTApi/CxProjectDetails.cs

@@ -0,0 +1,10 @@
+namespace CxViewerAction.ValueObjects
+{
+    public class CxProjectDetails
+    {
+        public long id { get; set; }
+        public string name { get; set; }
+        public bool isPublic { get; set; }
+        public long teamId { get; set; }
+    }
+}