Checkmarx

.github/workflows/cx.yml

@@ -0,0 +1,39 @@
+on: [pull_request]
+permissions:
+      actions: write
+      checks: write
+      contents: write
+      pull-requests: write
+      statuses: write
+
+jobs:
+  test_cx:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download and configure Checkmarx CLI
+        run: |
+          mkdir -p /tmp/cx
+          cd /tmp/cx
+          wget https://github.com/Checkmarx/ast-cli/releases/download/2.0.54/ast-cli_2.0.54_linux_x64.tar.gz -O checkmarx.tar.gz
+          tar -xf checkmarx.tar.gz
+          ./cx configure set --prop-name cx_apikey --prop-value ${{ secrets.CX_API_KEY }}
+          ./cx configure set --prop-name cx_base_auth_uri --prop-value ${{ secrets.CX_BASE_AUTH_URI }}
+          ./cx configure set --prop-name cx_base_uri --prop-value ${{ secrets.CX_BASE_URI }}
+          ./cx configure set --prop-name cx_tenant --prop-value ${{ secrets.CX_TENANT }}
+
+      - name: Checkout repo to get code
+        uses: actions/checkout@v3
+
+      - name: Run Cx SAST scan
+        run: /tmp/cx/cx scan create --project-name my-test-project -s ./ --file-filter '!.github' --report-format json --scan-types sast --branch nobranch   --threshold "sast-high=1"
+
+        shell: bash -l {0}
+      - name: Run Mobb on the findings and get fixes
+        if: always()
+        uses: mobb-dev/action@beta0.0.5
+        with:
+          report-file: "cx_result.json"
+          api-key: ${{ secrets.MOBB_API_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          scanner: checkmarx
+          mobb-project-name: Action

pom.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>testgroup</groupId>
+    <artifactId>testartifact</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+    <name>testproj</name>
+
+    <properties>
+        <maven.test.skip>true</maven.test.skip>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <version>3.0.1</version>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.5.1</version>
+                <configuration>
+                    <source>17</source>
+                    <target>17</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

src/main/java/SQLInjectionExample.java

@@ -1,14 +1,23 @@
-import java.sql.*;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.Statement;
 
-public class SQLInjectionExample {
-    public static void main(String[] args) throws SQLException {
-        String userInputA = args[1];
 
-        Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
-
+public class SQLInjectionExample extends HttpServlet {
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException {
+        try {
+            Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
 
-        String query = "SELECT * FROM users WHERE username = '" + userInputA + "';";
-        Statement stmt = con.createStatement();
-        ResultSet rs = stmt.executeQuery(query);
+            String query = "SELECT * FROM users WHERE user name = '" + request.getParameter("username") + "';";
+            Statement stmt = con.createStatement();
+
+            stmt.executeQuery(query);
+        } catch (Exception e) {
+            throw new ServletException(e);
+        }
     }
 }

xss-example.js

@@ -0,0 +1,5 @@
+var urlParams = new URLSearchParams(window.location.search);
+var name = urlParams.get('name');
+
+var unsafe_div = window.document.getElementById("vulnerable-div");
+unsafe_div.innerHTML = "Hello " + name;