[BCE-29145] add cdk framework support

gradle.properties

@@ -3,7 +3,7 @@
 
 pluginGroup = com.github.bridgecrewio.prismajetbrainsidea
 pluginName = prismacloud-jetbrains-idea
-pluginVersion = 1.0.14
+pluginVersion = 1.0.15
 pluginSinceBuild = 203
 # Plugin Verifier integration -> https://github.com/JetBrains/gradle-intellij-plugin#plugin-verifier-dsl
 # See https://jb.gg/intellij-platform-builds-list for available build versions

src/main/kotlin/com/bridgecrew/CheckovResult.kt

@@ -45,8 +45,8 @@ data class CheckovResult(
         val code_block: List<List<Any>>,
         var check_type: String,
         val fixed_definition: String = "",
-        val cwe: ArrayList<String> = ArrayList(),
-        val owasp: List<String> = ArrayList(),
+        val cwe: ArrayList<String>? = ArrayList(),
+        val owasp: ArrayList<String>? = ArrayList(),
         val metadata: Metadata? = null
 )
 

src/main/kotlin/com/bridgecrew/results/BaseCheckovResult.kt

@@ -26,7 +26,8 @@ enum class CheckType(checkType: String) {
     SERVERLESS("serverless"),
     TERRAFORM("terraform"),
     TERRAFORM_PLAN("terraform_plan"),
-    SAST("sast")
+    SAST("sast"),
+    CDK("cdk")
 }
 
 enum class Severity {

src/main/kotlin/com/bridgecrew/results/WeaknessCheckovResult.kt

@@ -16,8 +16,8 @@ class WeaknessCheckovResult(
         fixDefinition: String?,
         codeBlock: List<List<Any>>,
         val checkName: String,
-        val cwe: List<String>,
-        val owasp: List<String>,
+        val cwe: List<String>?,
+        val owasp: List<String>?,
         val metadata: Metadata?) :
         BaseCheckovResult(
                 category = Category.WEAKNESSES,

src/main/kotlin/com/bridgecrew/services/ResultsCacheService.kt

@@ -73,10 +73,17 @@ class ResultsCacheService(val project: Project) {
 
     private fun getCheckType(checkType: String): CheckType {
         val typePart = checkType.split("_").first().uppercase()
-
-        return if (typePart == CheckType.SAST.toString())
-            CheckType.SAST
-            else CheckType.valueOf(checkType.uppercase())
+        when {
+            typePart == CheckType.SAST.toString() -> {
+                return CheckType.SAST
+            }
+            typePart == CheckType.CDK.toString() -> {
+                return CheckType.CDK
+            }
+            else -> {
+                return CheckType.valueOf(checkType.uppercase())
+            }
+        }
     }
 
     fun setCheckovResultsFromResultsList(results: List<CheckovResult>) {
@@ -88,7 +95,7 @@ class ResultsCacheService(val project: Project) {
                 val checkType = this.getCheckType(result.check_type)
                 val resource: String = CheckovUtils.extractResource(result, category, checkType)
                 val name: String = getResourceName(result, category)
-                val severity = Severity.valueOf(result.severity.uppercase())
+                val severity = runCatching { Severity.valueOf(result.severity.uppercase()) }.getOrDefault(Severity.INFO)
                 val description = if(!result.description.isNullOrEmpty()) result.description else result.short_description
                 val filePath = result.file_abs_path.replace(baseDir, "").replace("//", "/")
                 val fileAbsPath = if (!result.file_abs_path.contains(baseDir)) Paths.get(baseDir, File.separator, result.file_abs_path).toString() else result.file_abs_path
@@ -190,7 +197,7 @@ class ResultsCacheService(val project: Project) {
                 }
             }
 
-            checkType.startsWith("sast_") -> {
+            checkType.startsWith("cdk_") || checkType.startsWith("sast_") -> {
                 return Category.WEAKNESSES
             }
         }

src/main/kotlin/com/bridgecrew/ui/rightPanel/dictionaryDetails/WeaknessDictionaryPanel.kt

@@ -31,17 +31,26 @@ class WeaknessDictionaryPanel(private val result: WeaknessCheckovResult, private
     override var fieldsMap: MutableMap<String, Any?> = mutableMapOf(
             "Description" to result.description,
             "Code" to extractCode(result),
-            "CWE(s)" to result.cwe.joinToString(", "),
-            "OWASP Top 10" to result.owasp.joinToString(", "),
             "Data flow" to extractDataFlow(result)
     )
 
     init {
+        setFieldsMap(result)
         addCustomPolicyGuidelinesIfNeeded(result)
         createDictionaryLayout()
         createDataFlowLayout()
     }
 
+    private fun setFieldsMap(result: WeaknessCheckovResult){
+        if (!result.owasp.isNullOrEmpty()) {
+            fieldsMap["OWASP Top 10"] = result.owasp.joinToString(", ")
+        }
+
+        if (!result.cwe.isNullOrEmpty()) {
+            fieldsMap["CWE(s)"] = result.cwe.joinToString(", ")
+        }
+    }
+
     private fun extractCode(result: WeaknessCheckovResult): Any {
         return try {
             result.codeBlock[0][1].toString().trim()
@@ -123,7 +132,7 @@ class WeaknessDictionaryPanel(private val result: WeaknessCheckovResult, private
             // Add mouse listener to the key label
             keyLabel.addMouseListener(object : MouseAdapter() {
                 override fun mouseClicked(e: MouseEvent) {
-                    openFileAtLine(project, item.path, item.row, item.column)
+                    openFileAtLine(project, item.path, item.row - 1, item.column)
                 }
             })
 

src/main/kotlin/com/bridgecrew/utils/Constants.kt

@@ -19,7 +19,7 @@ const val GIT_DEFAULT_REPOSITORY_NAME = "jetbrains/extension"
 
 val FULL_SCAN_FRAMEWORKS = arrayListOf("ansible", "arm", "bicep", "cloudformation", "dockerfile", "helm", "json",
         "yaml", "kubernetes", "kustomize", "openapi", "sca_package", "sca_image", "secrets", "serverless", "terraform",
-        "terraform_plan", "sast")
+        "terraform_plan", "sast", "cdk")
 
 val FULL_SCAN_EXCLUDED_PATHS = arrayListOf("node_modules")
 val EXCLUDED_FILE_NAMES = arrayListOf("package-lock.json")

src/test/kotlin/com/bridgecrew/fixtures/CheckovResultFixture.kt

@@ -44,3 +44,25 @@ fun createSastCheckovResult(): CheckovResult {
             fixed_definition = ""
     )
 }
+
+fun createCdkCheckovResult(): CheckovResult {
+    return CheckovResult(
+            check_type = "cdk_python",
+            check_id = "CKV2_AWS_6",
+            bc_check_id = "",
+            check_name = "Ensure that S3 bucket has a Public Access block",
+            file_path = "Assertions.fail.java",
+            repo_file_path = "/cdkgoat/cdkgoat_stack.py",
+            file_abs_path = "/Users/user/cdkgoat/cdkgoat/cdkgoat_stack.py",
+            file_line_range = ArrayList(listOf(1, 3)),
+            resource = "",
+            severity = "",
+            description = "",
+            short_description = "",
+            vulnerability_details = null,
+            guideline = "",
+            code_block = listOf(listOf(19, "s3.Bucket(self, bucket_name, removal_policy=RemovalPolicy.DESTROY)")),
+            cwe = null,
+            fixed_definition = ""
+    )
+}

src/test/kotlin/com/bridgecrew/services/ResultsCacheServiceTest.kt

@@ -4,6 +4,7 @@ import com.bridgecrew.fixtures.createSastCheckovResult
 import com.bridgecrew.results.Category
 import com.bridgecrew.results.CheckType
 import com.bridgecrew.fixtures.*
+import com.bridgecrew.results.Severity
 import com.intellij.mock.MockProject
 import com.intellij.openapi.util.Disposer
 import org.jetbrains.annotations.SystemIndependent
@@ -33,6 +34,20 @@ class ResultsCacheServiceTest {
         assertEquals(resultsCacheService.checkovResults.size, 1)
         assertEquals(resultsCacheService.checkovResults[0].checkType, CheckType.SAST)
         assertEquals(resultsCacheService.checkovResults[0].category, Category.WEAKNESSES)
+        assertEquals(resultsCacheService.checkovResults[0].severity, Severity.MEDIUM)
+    }
+
+    @Test
+    fun `setCheckovResultsFromResultsList should set WeaknessCheckovResult cdk framework`() {
+        val resultsCacheService = ResultsCacheService(project)
+
+        val checkovResult = createCdkCheckovResult()
+        resultsCacheService.setCheckovResultsFromResultsList(listOf(checkovResult));
+
+        assertEquals(resultsCacheService.checkovResults.size, 1)
+        assertEquals(resultsCacheService.checkovResults[0].checkType, CheckType.CDK)
+        assertEquals(resultsCacheService.checkovResults[0].category, Category.WEAKNESSES)
+        assertEquals(resultsCacheService.checkovResults[0].severity, Severity.INFO)
     }
 
     @Test
@@ -47,6 +62,7 @@ class ResultsCacheServiceTest {
         assertEquals(Category.LICENSES, method.invoke(resultsCacheService, "sca_package", "BC_LIC"))
         assertEquals(Category.VULNERABILITIES, method.invoke(resultsCacheService, "sca_package", "BC_VUL"))
         assertEquals(Category.WEAKNESSES, method.invoke(resultsCacheService, "sast_java", "BC_VUL"))
+        assertEquals(Category.WEAKNESSES, method.invoke(resultsCacheService, "cdk_python", "BC_VUL"))
     }
 
     @Test
@@ -57,6 +73,7 @@ class ResultsCacheServiceTest {
         method.setAccessible(true)
 
         assertEquals(CheckType.SAST, method.invoke(resultsCacheService, "sast_java"))
+        assertEquals(CheckType.CDK, method.invoke(resultsCacheService, "cdk_python"))
         assertEquals(CheckType.SCA_IMAGE, method.invoke(resultsCacheService, "sca_image"))
         assertEquals(CheckType.DOCKERFILE, method.invoke(resultsCacheService, "dockerfile"))
     }