From cf41002b11c14e4b5a14c1363988a533aa0a22f6 Mon Sep 17 00:00:00 2001 From: Adam Bronte Date: Mon, 20 Oct 2025 15:18:30 -0700 Subject: [PATCH 1/2] upload all filepaths referenced for checkmarx reports --- src/scanners/parsers/checkmarx.rs | 45 ++++++++++++++++++------------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/src/scanners/parsers/checkmarx.rs b/src/scanners/parsers/checkmarx.rs index f8d99ae..f8da40f 100644 --- a/src/scanners/parsers/checkmarx.rs +++ b/src/scanners/parsers/checkmarx.rs @@ -9,22 +9,22 @@ pub struct CheckmarxCliParser; impl ScanParser for CheckmarxCliParser { fn detect(&self, input: &str) -> bool { if let Ok(data) = serde_json::from_str::(input) { - data.get("totalCount").is_some() - && data.get("results").is_some() + data.get("totalCount").is_some() + && data.get("results").is_some() && data.get("scanID").is_some() } else { false } } - + fn parse(&self, input: &str) -> Option { debug("Detected checkmarx cli schema"); - + let data: Value = match serde_json::from_str(input) { Ok(data) => data, Err(_) => return None, }; - + let mut paths = Vec::new(); if let Some(results) = data.get("results").and_then(|v| v.as_array()) { for result in results { @@ -41,13 +41,13 @@ impl ScanParser for CheckmarxCliParser { } } } - + Some(ParseResult { paths, scanner: "checkmarx".to_string(), }) } - + fn scanner_name(&self) -> &str { "checkmarx-cli" } @@ -63,15 +63,15 @@ impl ScanParser for CheckmarxWebParser { false } } - + fn parse(&self, input: &str) -> Option { debug("Detected checkmarx web schema"); - + let data: Value = match serde_json::from_str(input) { Ok(data) => data, Err(_) => return None, }; - + let mut paths = Vec::new(); if let Some(scan_results) = data.get("scanResults") { if let Some(sast) = scan_results.get("sast") { @@ -98,13 +98,13 @@ impl ScanParser for CheckmarxWebParser { } } } - + Some(ParseResult { paths, scanner: "checkmarx".to_string(), }) } - + fn scanner_name(&self) -> &str { "checkmarx-web" } @@ -117,9 +117,9 @@ impl CheckmarxXmlParser { debug("Detected checkmarx xml schema"); let mut paths = Vec::new(); let mut reader = Reader::from_str(input); - + let mut buf = Vec::new(); - + loop { match reader.read_event_into(&mut buf) { Ok(Event::Start(ref e)) | Ok(Event::Empty(ref e)) => { @@ -136,6 +136,15 @@ impl CheckmarxXmlParser { } } } + } else if e.name().as_ref() == b"FileName" { + if let Ok(Event::Text(text)) = reader.read_event_into(&mut buf) { + if let Ok(file_name) = std::str::from_utf8(text.as_ref()) { + let clean_path = file_name.trim_start_matches('/').trim_start_matches('\\'); + if !clean_path.is_empty() { + paths.push(clean_path.to_string()); + } + } + } } } Ok(Event::Eof) => break, @@ -147,7 +156,7 @@ impl CheckmarxXmlParser { } buf.clear(); } - + Some(ParseResult { paths, scanner: "checkmarx".to_string(), @@ -159,14 +168,12 @@ impl ScanParser for CheckmarxXmlParser { fn detect(&self, input: &str) -> bool { input.trim().starts_with(" Option { self.parse_xml_content(input) } - + fn scanner_name(&self) -> &str { "checkmarx-xml" } } - - From 2fed442ee2cd3100fb3dc1aeeaa36d81d18d92e9 Mon Sep 17 00:00:00 2001 From: Adam Bronte Date: Mon, 20 Oct 2025 15:21:23 -0700 Subject: [PATCH 2/2] bump version --- Cargo.lock | 2 +- Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index acf297d..bc77206 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -311,7 +311,7 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" [[package]] name = "corgea" -version = "1.7.0" +version = "1.7.1" dependencies = [ "chrono", "clap", diff --git a/Cargo.toml b/Cargo.toml index 559611e..7424851 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "corgea" -version = "1.7.0" +version = "1.7.1" edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html