├── gradle-plugin ├── settings.gradle ├── gradle │ └── wrapper │ │ ├── gradle-wrapper.jar │ │ └── gradle-wrapper.properties ├── src │ └── test │ │ ├── resources │ │ ├── api-responses │ │ │ ├── noTracesResponse.json │ │ │ └── serversResponse.json │ │ └── expectedOutput.txt │ │ └── java │ │ └── com │ │ └── contrastsecurity │ │ └── gradle │ │ └── plugin │ │ ├── GradleRunnerTest.java │ │ ├── util │ │ ├── TestHandler.java │ │ └── EnvironmentUtils.java │ │ └── e2e │ │ └── EndToEndTests.java └── greclipse.properties ├── maven-plugin ├── unset-contrast.sh ├── src │ ├── site │ │ ├── resources │ │ │ └── images │ │ │ │ └── contrast-logo.png │ │ ├── markdown │ │ │ ├── index.md │ │ │ └── troubleshooting │ │ │ │ └── artifact-not-set.md │ │ └── site.xml │ ├── main │ │ └── java-templates │ │ │ └── com │ │ │ └── contrastsecurity │ │ │ └── maven │ │ │ └── plugin │ │ │ └── Version.java │ └── test │ │ ├── resources │ │ └── it │ │ │ └── spring-boot │ │ │ └── src │ │ │ └── main │ │ │ └── java │ │ │ └── com │ │ │ └── contrastsecurity │ │ │ └── test │ │ │ └── Application.java │ │ └── java │ │ └── com │ │ └── contrastsecurity │ │ └── maven │ │ └── plugin │ │ ├── it │ │ └── stub │ │ │ ├── ContrastAPI.java │ │ │ ├── ExternalContrastAPI.java │ │ │ ├── ContrastAPIStub.java │ │ │ └── package-info.java │ │ ├── AbstractContrastMojoTest.java │ │ └── Resources.java ├── LICENSE ├── .mvn │ └── wrapper │ │ └── maven-wrapper.properties └── release-settings.xml ├── .github └── workflows │ ├── manual.yml │ ├── build-gradle-plugin.yml │ ├── publish-gradle-plugin.yml │ ├── build-sdk.yml │ └── build-maven-plugin.yml ├── .editorconfig ├── README.md ├── LICENSE ├── sdk ├── src │ ├── main │ │ ├── java │ │ │ └── com │ │ │ │ └── contrastsecurity │ │ │ │ ├── models │ │ │ │ ├── TraceTimestampField.java │ │ │ │ ├── TracesWithResponse.java │ │ │ │ ├── ApplicationImportance.java │ │ │ │ ├── MakeRequestResponse.java │ │ │ │ ├── JobOutcomePolicySeverity.java │ │ │ │ ├── AgentType.java │ │ │ │ ├── TraceListing.java │ │ │ │ ├── EventModel.java │ │ │ │ ├── NameValuePair.java │ │ │ │ ├── TraceNotesResponse.java │ │ │ │ ├── MetadataFilterResponse.java │ │ │ │ ├── License.java │ │ │ │ ├── Servers.java │ │ │ │ ├── NumericMetadata.java │ │ │ │ ├── FreeformMetadata.java │ │ │ │ ├── VulnerabilityQuickFilterType.java │ │ │ │ ├── Coverage.java │ │ │ │ ├── NotificationResource.java │ │ │ │ ├── RouteCoverageResponse.java │ │ │ │ ├── MetadataFilterValue.java │ │ │ │ ├── Parameter.java │ │ │ │ ├── GenericResponse.java │ │ │ │ ├── Stacktrace.java │ │ │ │ ├── PropertyResource.java │ │ │ │ ├── TraceResponse.java │ │ │ │ ├── Applications.java │ │ │ │ ├── Users.java │ │ │ │ ├── Traces.java │ │ │ │ ├── Tag.java │ │ │ │ ├── ServerTagsResponse.java │ │ │ │ ├── RouteCoverageMetadataLabelValues.java │ │ │ │ ├── RouteCoverageBySessionIDAndMetadataRequest.java │ │ │ │ ├── NotificationsResponse.java │ │ │ │ ├── SignUp.java │ │ │ │ ├── Libraries.java │ │ │ │ ├── MetadataFilterGroup.java │ │ │ │ ├── Story.java │ │ │ │ ├── EventDetails.java │ │ │ │ ├── Organizations.java │ │ │ │ ├── StoryResponse.java │ │ │ │ ├── dtm │ │ │ │ │ └── ApplicationCreateRequest.java │ │ │ │ ├── TagsResponse.java │ │ │ │ ├── URLEntry.java │ │ │ │ ├── Risk.java │ │ │ │ ├── SessionMetadata.java │ │ │ │ ├── TraceMetadataFilter.java │ │ │ │ ├── TraceNote.java │ │ │ │ ├── Recommendation.java │ │ │ │ ├── RuleReferences.java │ │ │ │ ├── CustomRuleReferences.java │ │ │ │ ├── CustomRecommendation.java │ │ │ │ ├── PointOfContactMetadata.java │ │ │ │ ├── TraceEvent.java │ │ │ │ ├── EventItem.java │ │ │ │ ├── Login.java │ │ │ │ ├── Organization.java │ │ │ │ ├── Scores.java │ │ │ │ ├── TraceFilterBody.java │ │ │ │ ├── MetadataItem.java │ │ │ │ ├── HttpRequestResponse.java │ │ │ │ ├── TraceFilter.java │ │ │ │ ├── TraceNoteResource.java │ │ │ │ ├── CodeObject.java │ │ │ │ ├── LibraryScores.java │ │ │ │ ├── GlobalProperties.java │ │ │ │ ├── HttpRequest.java │ │ │ │ ├── EventSummaryResponse.java │ │ │ │ ├── Card.java │ │ │ │ ├── AssessLicenseOverview.java │ │ │ │ ├── TraceBreakdown.java │ │ │ │ ├── Tags.java │ │ │ │ └── SecurityCheck.java │ │ │ │ ├── http │ │ │ │ ├── HttpMethod.java │ │ │ │ ├── MediaType.java │ │ │ │ ├── SecurityCheckResponse.java │ │ │ │ ├── ServerEnvironment.java │ │ │ │ ├── RuleSeverity.java │ │ │ │ ├── JobOutcomePolicyListResponse.java │ │ │ │ ├── RequestUrlConstants.java │ │ │ │ ├── TraceFilterType.java │ │ │ │ ├── TraceFilterKeycode.java │ │ │ │ ├── RequestConstants.java │ │ │ │ └── SecurityCheckFilter.java │ │ │ │ ├── sdk │ │ │ │ ├── scan │ │ │ │ │ ├── ScanStatus.java │ │ │ │ │ ├── package-info.java │ │ │ │ │ ├── ScanManager.java │ │ │ │ │ ├── ScanException.java │ │ │ │ │ ├── ScanCreate.java │ │ │ │ │ ├── CodeArtifact.java │ │ │ │ │ ├── ScanSummary.java │ │ │ │ │ ├── CodeArtifactsImpl.java │ │ │ │ │ ├── Projects.java │ │ │ │ │ ├── CodeArtifactImpl.java │ │ │ │ │ ├── ProjectsQuery.java │ │ │ │ │ └── ScansImpl.java │ │ │ │ └── internal │ │ │ │ │ ├── Nullable.java │ │ │ │ │ ├── Refreshable.java │ │ │ │ │ └── Lists.java │ │ │ │ └── exceptions │ │ │ │ ├── InvalidConversionException.java │ │ │ │ ├── ConfigurationException.java │ │ │ │ ├── ContrastException.java │ │ │ │ ├── ServerResponseException.java │ │ │ │ └── ApplicationCreateException.java │ │ └── java-templates │ │ │ └── com │ │ │ └── contrastsecurity │ │ │ └── sdk │ │ │ └── Version.java │ └── test │ │ └── java │ │ └── com │ │ └── contrastsecurity │ │ ├── PactConstants.java │ │ ├── TestDataConstants.java │ │ └── sdk │ │ └── scan │ │ ├── ScanManagerImplTest.java │ │ ├── ScanAssert.java │ │ ├── CodeArtifactAssert.java │ │ ├── ScanSummaryImplTest.java │ │ └── CodeArtifactClientImplTest.java ├── .mvn │ └── wrapper │ │ └── maven-wrapper.properties └── release-settings.xml └── security.md /gradle-plugin/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'gradle-plugin' 2 | -------------------------------------------------------------------------------- /maven-plugin/unset-contrast.sh: -------------------------------------------------------------------------------- 1 | unset CONTRAST__API__URL CONTRAST__API__USER_NAME CONTRAST__API__API_KEY CONTRAST__API__SERVICE_KEY CONTRAST__API__ORGANIZATION_ID 2 | -------------------------------------------------------------------------------- /gradle-plugin/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Contrast-Security-OSS/contrast-sdk-java/main/gradle-plugin/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /maven-plugin/src/site/resources/images/contrast-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Contrast-Security-OSS/contrast-sdk-java/main/maven-plugin/src/site/resources/images/contrast-logo.png -------------------------------------------------------------------------------- /.github/workflows/manual.yml: -------------------------------------------------------------------------------- 1 | name: manual 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | hello: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Say Hello 11 | run: echo "hello world" 12 | -------------------------------------------------------------------------------- /gradle-plugin/src/test/resources/api-responses/noTracesResponse.json: -------------------------------------------------------------------------------- 1 | { 2 | "success" : true, 3 | "messages" : [ "Application Vulnerabilities loaded successfully" ], 4 | "traces" : [], 5 | "count" : 0, 6 | "licensedCount" : 0, 7 | "links" : [ ] 8 | } 9 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # Unix-style newlines with a newline ending every file 2 | # Corresponds to general Spotless rules configured in pom.xml 3 | [*] 4 | end_of_line = lf 5 | insert_final_newline = true 6 | 7 | [*.{xml,xsd}] 8 | indent_size = 2 9 | indent_style = space 10 | -------------------------------------------------------------------------------- /gradle-plugin/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Tue Oct 08 09:50:29 EDT 2024 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip 5 | zipStoreBase=GRADLE_USER_HOME 6 | zipStorePath=wrapper/dists 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Contrast SDK Repo 2 | 3 | Root repository for the Contrast SDK, Contrast Gradle Plugin, and Contrast Maven Plugin 4 | 5 | Each sub-project is a standalone build, with their own maven/gradle builds. 6 | 7 | 8 | [SDK](sdk/README.md) 9 | 10 | [Maven Plugin](maven-plugin/README.md) 11 | 12 | [Gradle Plugin](gradle-plugin/README.md) 13 | 14 | 15 | -------------------------------------------------------------------------------- /gradle-plugin/greclipse.properties: -------------------------------------------------------------------------------- 1 | # Configures groovy-eclipse, which is used by Spotless 2 | 3 | #Whether to use 'space', 'tab' or 'mixed' (both) characters for indentation. 4 | #The default value is 'tab'. 5 | org.eclipse.jdt.core.formatter.tabulation.char=space 6 | 7 | #Remove unnecessary semicolons. The default value is 'false'. 8 | groovy.formatter.remove.unnecessary.semicolons=true 9 | -------------------------------------------------------------------------------- /gradle-plugin/src/test/java/com/contrastsecurity/gradle/plugin/GradleRunnerTest.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.gradle.plugin; 2 | 3 | import java.io.File; 4 | import org.junit.jupiter.api.io.TempDir; 5 | 6 | /** Boilerplate for tests using the {@link org.gradle.testkit.runner.GradleRunner} */ 7 | public abstract class GradleRunnerTest { 8 | 9 | @TempDir public File projectDir; 10 | 11 | public File getBuildFile() { 12 | return new File(projectDir, "build.gradle"); 13 | } 14 | 15 | public File getSettingsFile() { 16 | return new File(projectDir, "settings.gradle"); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2022 Contrast Security, Inc. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /maven-plugin/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2021 Contrast Security, Inc. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /gradle-plugin/src/test/java/com/contrastsecurity/gradle/plugin/util/TestHandler.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.gradle.plugin.util; 2 | 3 | import com.sun.net.httpserver.HttpExchange; 4 | import com.sun.net.httpserver.HttpHandler; 5 | import java.io.IOException; 6 | import java.io.OutputStream; 7 | 8 | public class TestHandler implements HttpHandler { 9 | 10 | final byte[] response; 11 | 12 | public TestHandler(final byte[] response) { 13 | this.response = response; 14 | } 15 | 16 | @Override 17 | public void handle(final HttpExchange exchange) throws IOException { 18 | exchange.sendResponseHeaders(200, response.length); 19 | OutputStream os = exchange.getResponseBody(); 20 | os.write(response); 21 | os.close(); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /.github/workflows/build-gradle-plugin.yml: -------------------------------------------------------------------------------- 1 | name: build-gradle-plugin 2 | 3 | on: 4 | workflow_call: 5 | workflow_dispatch: 6 | push: 7 | branches: 8 | - main 9 | pull_request: 10 | 11 | jobs: 12 | build: 13 | name: Build 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Checkout 17 | uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 18 | 19 | - name: Setup Java 20 | uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 # v2.4.2 21 | with: 22 | java-version: 11 23 | distribution: temurin 24 | 25 | - name: 🐘 Setup Gradle 26 | uses: gradle/actions/setup-gradle@v4 27 | 28 | - name: Build Gradle Plugin 29 | run: cd gradle-plugin/ && ./gradlew build 30 | -------------------------------------------------------------------------------- /gradle-plugin/src/test/java/com/contrastsecurity/gradle/plugin/util/EnvironmentUtils.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.gradle.plugin.util; 2 | 3 | /** Utility class for retrieving Contrast API credentials for testing from Environment vars */ 4 | public class EnvironmentUtils { 5 | 6 | public static String getUsername() { 7 | return System.getenv("CONTRAST__API__USER_NAME"); 8 | } 9 | 10 | public static String getApiUrl() { 11 | return System.getenv("CONTRAST__API__URL"); 12 | } 13 | 14 | public static String getServiceKey() { 15 | return System.getenv("CONTRAST__API__SERVICE_KEY"); 16 | } 17 | 18 | public static String getApiKey() { 19 | return System.getenv("CONTRAST__API__API_KEY"); 20 | } 21 | 22 | public static String getOrgUuid() { 23 | return System.getenv("CONTRAST__API__ORGANIZATION_ID"); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /gradle-plugin/src/test/resources/expectedOutput.txt: -------------------------------------------------------------------------------- 1 | Trace: 'SHA' hash algorithm used at ExceptionPlaceholder.java 2 | Trace Uuid: LSXQ-V0NC-VFB3-FY9D 3 | Trace Severity: Medium 4 | Trace Likelihood: Medium 5 | 6 | Trace: Unchecked Spring Autobinding in org.springframework.samples.petclinic.owner.Pet class 7 | Trace Uuid: BWU6-DL8W-VKGR-C84B 8 | Trace Severity: Medium 9 | Trace Likelihood: Low 10 | 11 | Trace: Insecure Authentication Protocol 12 | Trace Uuid: 2GQM-8U67-V7IZ-DUXK 13 | Trace Severity: Medium 14 | Trace Likelihood: Medium 15 | 16 | Trace: 'SHA' hash algorithm used at SessionIdGeneratorBase.java 17 | Trace Uuid: RSEZ-LQX1-MH4A-SX6Q 18 | Trace Severity: Medium 19 | Trace Likelihood: Medium 20 | 21 | Trace: Application Disables 'secure' Flag on Cookies observed at Response.java (JSESSIONID) 22 | Trace Uuid: 6GDQ-DJFZ-4P4W-NL69 23 | Trace Severity: Medium 24 | Trace Likelihood: High 25 | 26 | -------------------------------------------------------------------------------- /maven-plugin/src/site/markdown/index.md: -------------------------------------------------------------------------------- 1 | ## Contrast Maven Plugin 2 | 3 | The Contrast Maven Plugin helps users include one or more Contrast Security analysis features in 4 | their Java web application Maven projects. 5 | 6 | ### Goals Overview 7 | 8 | * [contrast:install](install-mojo.html) includes the Contrast Java agent in integration testing to 9 | provide Contrast Assess runtime security analysis. 10 | * [contrast:verify](verify-mojo.html) verifies that none of the vulnerabilities found by Contrast 11 | Assess during integration testing violate the project's security policy (fails the build when 12 | violations are detected). 13 | * [contrast:scan](scan-mojo.html) analyzes the Maven project's artifact with Contrast Scan to find 14 | vulnerabilities using static analysis. 15 | 16 | 17 | ### Usage 18 | 19 | General instructions for how to use the Contrast Maven Plugin may be found on 20 | the [usage page](usage.html). -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceTimestampField.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public enum TraceTimestampField { 24 | FIRST, 25 | LAST 26 | } 27 | -------------------------------------------------------------------------------- /security.md: -------------------------------------------------------------------------------- 1 | # Reporting Security Issues 2 | 3 | Contrast takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. 4 | 5 | To report a security issue, please see our official [Vulnerability Disclosure Policy 6 | ](https://www.contrastsecurity.com/disclosure-policy) 7 | 8 | Contrast will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. 9 | 10 | Report security bugs in third-party modules to the person or team maintaining the module. 11 | 12 | ## Learning More About Security 13 | 14 | To learn more about securing your applications with Contrast, please see the [our docs](https://docs.contrastsecurity.com/?lang=en). 15 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TracesWithResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class TracesWithResponse { 24 | public Traces t; 25 | public int rc; 26 | } 27 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/HttpMethod.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public enum HttpMethod { 24 | DELETE, 25 | HEAD, 26 | GET, 27 | OPTIONS, 28 | POST, 29 | PUT, 30 | TRACE 31 | } 32 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/ApplicationImportance.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public enum ApplicationImportance { 24 | UNIMPORTANT, 25 | LOW, 26 | MEDIUM, 27 | HIGH, 28 | CRITICAL 29 | } 30 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/MakeRequestResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.io.InputStream; 24 | 25 | public class MakeRequestResponse { 26 | public InputStream is; 27 | public int rc; 28 | } 29 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/ScanStatus.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** Describes the possible states that a scan can have */ 24 | public enum ScanStatus { 25 | WAITING, 26 | RUNNING, 27 | CANCELLED, 28 | COMPLETED, 29 | FAILED 30 | } 31 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/JobOutcomePolicySeverity.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.http.RuleSeverity; 24 | 25 | public class JobOutcomePolicySeverity { 26 | private RuleSeverity severity; 27 | private int quantity; 28 | } 29 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/AgentType.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** Enumerate the agent downloads. */ 24 | public enum AgentType { 25 | JAVA, 26 | JAVA1_5, 27 | DOTNET, 28 | NODE, 29 | RUBY, 30 | PROXY, 31 | PYTHON, 32 | DOTNET_CORE 33 | } 34 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceListing.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | public class TraceListing { 26 | 27 | private List filters; 28 | 29 | public List getFilters() { 30 | return filters; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/EventModel.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class EventModel { 24 | 25 | Object parent; 26 | 27 | public Object getParent() { 28 | return parent; 29 | } 30 | 31 | public void setParent(Object parent) { 32 | this.parent = parent; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/exceptions/InvalidConversionException.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.exceptions; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class InvalidConversionException extends Exception { 24 | 25 | public InvalidConversionException(String from, String to) { 26 | super("Cannot convert metadata from " + from + ", to " + to); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/MediaType.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public enum MediaType { 24 | JSON("application/json; charset=UTF-8"); 25 | 26 | private final String type; 27 | 28 | MediaType(String type) { 29 | this.type = type; 30 | } 31 | 32 | public String getType() { 33 | return type; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /sdk/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.5/apache-maven-3.8.5-bin.zip 18 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 19 | -------------------------------------------------------------------------------- /sdk/src/main/java-templates/com/contrastsecurity/sdk/Version.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** Constants that describe this artifact. */ 24 | public final class Version { 25 | 26 | /** Version of this Contrast Java SDK */ 27 | public static final String VERSION = "${project.version}"; 28 | 29 | /** static members only */ 30 | private Version() {} 31 | } 32 | -------------------------------------------------------------------------------- /maven-plugin/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.5/apache-maven-3.8.5-bin.zip 18 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 19 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/NameValuePair.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** HTTP name=value pair model. */ 24 | public class NameValuePair { 25 | 26 | public String getName() { 27 | return name; 28 | } 29 | 30 | private String name; 31 | 32 | public String getValue() { 33 | return value; 34 | } 35 | 36 | private String value; 37 | } 38 | -------------------------------------------------------------------------------- /sdk/release-settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 8 | 9 | central 10 | ${env.OSSRH_USERNAME} 11 | ${env.OSSRH_PASSWORD} 12 | 13 | 14 | 15 | 16 | 17 | central 18 | 19 | true 20 | 21 | 22 | ${env.MAVEN_GPG_PASSPHRASE} 23 | --pinentry-mode,loopback 24 | 25 | 26 | 27 | 28 | 29 | central 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /maven-plugin/release-settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 8 | 9 | central 10 | ${env.OSSRH_USERNAME} 11 | ${env.OSSRH_PASSWORD} 12 | 13 | 14 | 15 | 16 | 17 | central 18 | 19 | true 20 | 21 | 22 | ${env.MAVEN_GPG_PASSPHRASE} 23 | --pinentry-mode,loopback 24 | 25 | 26 | 27 | 28 | 29 | central 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /maven-plugin/src/main/java-templates/com/contrastsecurity/maven/plugin/Version.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.maven.plugin; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Maven Plugin 6 | * %% 7 | * Copyright (C) 2021 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** Constants that describe this artifact. */ 24 | public final class Version { 25 | 26 | /** Version of this contrast-maven-plugin */ 27 | public static final String VERSION = "${project.version}"; 28 | 29 | /** static members only */ 30 | private Version() {} 31 | } 32 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceNotesResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class TraceNotesResponse { 27 | 28 | public List getNotes() { 29 | return notes; 30 | } 31 | 32 | @SerializedName("notes") 33 | private List notes; 34 | } 35 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * Contrast SDK package for integrating with Contrast Scan (SAST) service. Users should obtain an 3 | * entrypoint to the Contrast Scan manager using {@link com.contrastsecurity.sdk.ContrastSDK#scan}. 4 | * 5 | *

Sample: 6 | * 7 | *

{@codesnippet scan-sample} 8 | * 9 | * @since 3.2 10 | */ 11 | package com.contrastsecurity.sdk.scan; 12 | 13 | /*- 14 | * #%L 15 | * Contrast Java SDK 16 | * %% 17 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 18 | * %% 19 | * Licensed under the Apache License, Version 2.0 (the "License"); 20 | * you may not use this file except in compliance with the License. 21 | * You may obtain a copy of the License at 22 | * 23 | * http://www.apache.org/licenses/LICENSE-2.0 24 | * 25 | * Unless required by applicable law or agreed to in writing, software 26 | * distributed under the License is distributed on an "AS IS" BASIS, 27 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 28 | * See the License for the specific language governing permissions and 29 | * limitations under the License. 30 | * #L% 31 | */ 32 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/MetadataFilterResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class MetadataFilterResponse { 27 | 28 | public List getFilters() { 29 | return filters; 30 | } 31 | 32 | @SerializedName("filters") 33 | private List filters; 34 | } 35 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/License.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class License { 24 | 25 | public long getStart() { 26 | return start; 27 | } 28 | 29 | private long start; 30 | 31 | public long getEnd() { 32 | return end; 33 | } 34 | 35 | private long end; 36 | 37 | public String getLevel() { 38 | return level; 39 | } 40 | 41 | private String level; 42 | } 43 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Servers.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | /** Base class for api calls with servers */ 26 | public class Servers { 27 | /** 28 | * Return the servers objects 29 | * 30 | * @return a list of servers 31 | */ 32 | public List getServers() { 33 | return servers; 34 | } 35 | 36 | private List servers; 37 | } 38 | -------------------------------------------------------------------------------- /.github/workflows/publish-gradle-plugin.yml: -------------------------------------------------------------------------------- 1 | name: publish-gradle-plugin 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | publish: 8 | name: Publish to Gradle Plugin Portal 9 | runs-on: ubuntu-latest 10 | environment: Gradle Plugin Portal 11 | steps: 12 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 13 | 14 | - name: Setup Java 15 | uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 16 | with: 17 | java-version: 11 18 | distribution: temurin 19 | 20 | - name: 🐘 Setup Gradle 21 | uses: gradle/actions/setup-gradle@v4 22 | 23 | 24 | - name: Gradle Release 25 | env: 26 | ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSPHRASE }} 27 | ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }} 28 | GRADLE_PUBLISH_KEY: ${{ secrets.GRADLE_PUBLISH_KEY }} 29 | GRADLE_PUBLISH_SECRET: ${{ secrets.GRADLE_PUBLISH_SECRET }} 30 | 31 | run: | 32 | cd gradle-plugin/ && ./gradlew publishPlugins -Pgradle.publish.key=$GRADLE_PUBLISH_KEY -Pgradle.publish.secret=$GRADLE_PUBLISH_SECRET 33 | 34 | -------------------------------------------------------------------------------- /maven-plugin/src/test/resources/it/spring-boot/src/main/java/com/contrastsecurity/test/Application.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.test; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Maven Plugin 6 | * %% 7 | * Copyright (C) 2021 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import org.springframework.boot.SpringApplication; 24 | import org.springframework.boot.autoconfigure.SpringBootApplication; 25 | 26 | @SpringBootApplication 27 | public final class Application { 28 | public static void main(final String[] args) { 29 | SpringApplication.run(Application.class, args); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/NumericMetadata.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class NumericMetadata extends MetadataEntity { 26 | 27 | public NumericMetadata() { 28 | type = MetadataType.NUMERIC; 29 | } 30 | 31 | @SerializedName("fieldValue") 32 | private Long fieldValue; 33 | 34 | public Long getFieldValue() { 35 | return fieldValue; 36 | } 37 | ; 38 | } 39 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/FreeformMetadata.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class FreeformMetadata extends MetadataEntity { 26 | 27 | public FreeformMetadata() { 28 | type = MetadataType.STRING; 29 | } 30 | 31 | @SerializedName("fieldValue") 32 | protected String fieldValue; 33 | 34 | public String getFieldValue() { 35 | return fieldValue; 36 | } 37 | ; 38 | } 39 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/internal/Nullable.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.internal; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.lang.annotation.ElementType; 24 | import java.lang.annotation.Retention; 25 | import java.lang.annotation.RetentionPolicy; 26 | import java.lang.annotation.Target; 27 | 28 | /** Indicates that a property may be null for AutoValue. */ 29 | @Target({ElementType.PARAMETER, ElementType.METHOD}) 30 | @Retention(RetentionPolicy.SOURCE) 31 | public @interface Nullable {} 32 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/VulnerabilityQuickFilterType.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public enum VulnerabilityQuickFilterType { 26 | @SerializedName("all") 27 | ALL, 28 | @SerializedName("open") 29 | OPEN, 30 | @SerializedName("high-confidence") 31 | HIGH_CONFIDENCE, 32 | @SerializedName("violation") 33 | VIOLATION, 34 | @SerializedName("pending-review") 35 | PENDING_REVIEW; 36 | } 37 | -------------------------------------------------------------------------------- /sdk/src/test/java/com/contrastsecurity/PactConstants.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** Constants to reuse in Pact tests. */ 24 | public final class PactConstants { 25 | 26 | /** 27 | * Datetime format string to use for Pact datetime matchers. Matches both ISO8601 datetime formats 28 | * returned by the scan API. 29 | */ 30 | public static final String DATETIME_FORMAT = "yyyy-MM-dd'T'HH:mm:ss[.SSS]XXX"; 31 | 32 | /** static members only */ 33 | private PactConstants() {} 34 | } 35 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Coverage.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | /** A model of an application's sitemap coverage. */ 26 | public class Coverage { 27 | 28 | /** 29 | * The class coverage model if the language is class-oriented 30 | * 31 | * @return the classes in the application, if there are any 32 | */ 33 | public List getUrls() { 34 | return urls; 35 | } 36 | 37 | private List urls; 38 | } 39 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/NotificationResource.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class NotificationResource { 26 | @SerializedName("message") 27 | protected String message; 28 | 29 | public String getMessage() { 30 | return message; 31 | } 32 | ; 33 | 34 | @SerializedName("read") 35 | protected boolean read; 36 | 37 | public boolean getRead() { 38 | return read; 39 | } 40 | ; 41 | } 42 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/RouteCoverageResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class RouteCoverageResponse { 26 | public Integer getCount() { 27 | return count; 28 | } 29 | 30 | @SerializedName("count") 31 | private int count; 32 | 33 | public Integer getExercisedCount() { 34 | return exercisedCount; 35 | } 36 | 37 | @SerializedName("exercised_count") 38 | private int exercisedCount; 39 | } 40 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/exceptions/ConfigurationException.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.exceptions; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class ConfigurationException extends Exception { 24 | public ConfigurationException() {} 25 | 26 | public ConfigurationException(String s) { 27 | super(s); 28 | } 29 | 30 | public ConfigurationException(String s, Throwable throwable) { 31 | super(s, throwable); 32 | } 33 | 34 | public ConfigurationException(Throwable throwable) { 35 | super(throwable); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/MetadataFilterValue.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class MetadataFilterValue { 26 | 27 | @SerializedName("count") 28 | protected int count = 0; 29 | 30 | public int getCount() { 31 | return count; 32 | } 33 | ; 34 | 35 | // sub field values? 36 | 37 | @SerializedName("value") 38 | protected String value; 39 | 40 | public String getValue() { 41 | return value; 42 | } 43 | ; 44 | } 45 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Parameter.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class Parameter { 24 | private String parameter; 25 | private boolean tracked; 26 | 27 | public String getParameter() { 28 | return parameter; 29 | } 30 | 31 | public void setParameter(String parameter) { 32 | this.parameter = parameter; 33 | } 34 | 35 | public boolean isTracked() { 36 | return tracked; 37 | } 38 | 39 | public void setTracked(boolean tracked) { 40 | this.tracked = tracked; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/GenericResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class GenericResponse { 27 | 28 | @SerializedName("success") 29 | protected String success; 30 | 31 | public String getSuccess() { 32 | return success; 33 | } 34 | ; 35 | 36 | public List getMessages() { 37 | return messages; 38 | } 39 | 40 | @SerializedName("messages") 41 | private List messages; 42 | } 43 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Stacktrace.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class Stacktrace { 24 | private String description; 25 | private String type; 26 | 27 | public String getDescription() { 28 | return this.description; 29 | } 30 | 31 | public void setDescription(String description) { 32 | this.description = description; 33 | } 34 | 35 | public String getType() { 36 | return this.type; 37 | } 38 | 39 | public void setType(String type) { 40 | this.type = type; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/PropertyResource.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class PropertyResource { 24 | 25 | private String name; 26 | private String value; 27 | 28 | public PropertyResource() {} 29 | 30 | public String getName() { 31 | return name; 32 | } 33 | 34 | public void setName(String name) { 35 | this.name = name; 36 | } 37 | 38 | public String getValue() { 39 | return value; 40 | } 41 | 42 | public void setValue(String value) { 43 | this.value = value; 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | /** Response wrapper for single trace API endpoint. */ 26 | public class TraceResponse { 27 | 28 | private boolean success; 29 | private List messages; 30 | private Trace trace; 31 | 32 | public boolean isSuccess() { 33 | return success; 34 | } 35 | 36 | public List getMessages() { 37 | return messages; 38 | } 39 | 40 | public Trace getTrace() { 41 | return trace; 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /maven-plugin/src/test/java/com/contrastsecurity/maven/plugin/it/stub/ContrastAPI.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.maven.plugin.it.stub; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Maven Plugin 6 | * %% 7 | * Copyright (C) 2021 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** Describes a test instance of Contrast API to which tests may requests */ 24 | public interface ContrastAPI { 25 | 26 | /** starts the Contrast API instance */ 27 | void start(); 28 | 29 | /** 30 | * @return connection configuration necessary for making requests to this Contrast API instance 31 | */ 32 | ConnectionParameters connection(); 33 | 34 | /** stops the Contrast API instance */ 35 | void stop(); 36 | } 37 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/SecurityCheckResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.models.SecurityCheck; 24 | import com.google.gson.annotations.SerializedName; 25 | import lombok.Getter; 26 | 27 | /** A wrapper object for the response of a security check request */ 28 | @Getter 29 | public class SecurityCheckResponse { 30 | /** 31 | * The resulting security check 32 | * 33 | * @return the security check 34 | */ 35 | @SerializedName("security_check") 36 | private SecurityCheck securityCheck; 37 | } 38 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/ServerEnvironment.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public enum ServerEnvironment { 24 | DEVELOPMENT("Development"), 25 | QA("QA"), 26 | PRODUCTION("Production"); 27 | 28 | private final String label; 29 | 30 | public String getLabel() { 31 | return label; 32 | } 33 | 34 | ServerEnvironment(String label) { 35 | this.label = label; 36 | } 37 | 38 | public String toURIString() { 39 | return name(); 40 | } 41 | 42 | @Override 43 | public String toString() { 44 | return toURIString(); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/RuleSeverity.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public enum RuleSeverity { 24 | NOTE("Note"), 25 | LOW("Low"), 26 | MEDIUM("Medium"), 27 | HIGH("High"), 28 | CRITICAL("Critical"); 29 | 30 | private final String label; 31 | 32 | public String getLabel() { 33 | return label; 34 | } 35 | 36 | RuleSeverity(String label) { 37 | this.label = label; 38 | } 39 | 40 | public String toURIString() { 41 | return name(); 42 | } 43 | 44 | @Override 45 | public String toString() { 46 | return toURIString(); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /.github/workflows/build-sdk.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | on: 4 | workflow_call: 5 | workflow_dispatch: 6 | push: 7 | branches: 8 | - main 9 | pull_request: 10 | 11 | jobs: 12 | build: 13 | name: Verify 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Checkout 17 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 18 | 19 | - name: Setup Java 20 | uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 21 | with: 22 | java-version: 11 23 | distribution: temurin 24 | 25 | - name: Cache Maven Wrapper 26 | uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 27 | with: 28 | path: cd sdk/ ./.mvn/wrapper/maven-wrapper.jar 29 | key: ${{ runner.os }}-maven-wrapper-${{ hashFiles('./.mvn/wrapper/maven-wrapper.properties') }} 30 | restore-keys: ${{ runner.os }}-maven-wrapper 31 | 32 | - name: Cache Maven Packages 33 | uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 34 | with: 35 | path: ~/.m2/repository 36 | key: ${{ runner.os }}-m2-repository-${{ hashFiles('**/pom.xml') }} 37 | restore-keys: ${{ runner.os }}-m2-repository 38 | 39 | - name: Maven Verify 40 | run: cd sdk/ && ./mvnw --batch-mode verify 41 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/JobOutcomePolicyListResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.models.JobOutcomePolicy; 24 | import com.google.gson.annotations.SerializedName; 25 | import java.util.List; 26 | import lombok.Getter; 27 | 28 | /** Wrapper for the response object returned by Contrast */ 29 | @Getter 30 | public class JobOutcomePolicyListResponse { 31 | 32 | /** 33 | * List of job outcome policies 34 | * 35 | * @return The list of job outcome policies 36 | */ 37 | @SerializedName("policies") 38 | private List policies; 39 | } 40 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/RequestUrlConstants.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class RequestUrlConstants { 24 | static final String SERVICE_APP_LIST_URL = "/Contrast/s/api/app/list"; 25 | static final String SERVICE_APP_DATA_URL = "/Contrast/s/api/app/stats/"; 26 | static final String SERVICE_APP_TRACES_URL = "/Contrast/s/api/traces/"; 27 | static final String SERVICE_COVERAGE_URL = "/Contrast/s/api/app/coverage/"; 28 | static final String SERVICE_TRACE_DETAIL_URL = "/Contrast/s/api/traces/trace/"; 29 | static final String SERVICE_QUEUE_STATUS_URL = "/Contrast/s/api/status/"; 30 | } 31 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Applications.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | /** Base class for api calls returning one or more method */ 26 | public class Applications { 27 | 28 | public Integer getCount() { 29 | return count; 30 | } 31 | 32 | private Integer count = null; 33 | 34 | public List getApplications() { 35 | return applications; 36 | } 37 | 38 | private List applications; 39 | 40 | public Application getApplication() { 41 | return application; 42 | } 43 | 44 | private Application application; 45 | } 46 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Users.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | /** Base class for api calls with users */ 26 | public class Users { 27 | 28 | /** 29 | * Return the number of users 30 | * 31 | * @return the count of users 32 | */ 33 | public Integer getCount() { 34 | return count; 35 | } 36 | 37 | private Integer count; 38 | 39 | /** 40 | * Return the user objects 41 | * 42 | * @return a list of users 43 | */ 44 | public List getUsers() { 45 | return users; 46 | } 47 | 48 | private List users; 49 | } 50 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/exceptions/ContrastException.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.exceptions; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** Generic {@link RuntimeException} thrown by Contrast code. */ 24 | public class ContrastException extends RuntimeException { 25 | 26 | /** 27 | * @see RuntimeException#RuntimeException(String) 28 | */ 29 | public ContrastException(final String message) { 30 | super(message); 31 | } 32 | 33 | /** 34 | * @see RuntimeException#RuntimeException(String, Throwable) 35 | */ 36 | public ContrastException(final String message, final Throwable inner) { 37 | super(message, inner); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Traces.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | /** Base class for api calls with traces */ 26 | public class Traces { 27 | 28 | /** 29 | * Return the number of traces 30 | * 31 | * @return the count of traces 32 | */ 33 | public Integer getCount() { 34 | return count; 35 | } 36 | 37 | private Integer count; 38 | 39 | /** 40 | * Return the trace objects 41 | * 42 | * @return a list of traces 43 | */ 44 | public List getTraces() { 45 | return traces; 46 | } 47 | 48 | private List traces; 49 | } 50 | -------------------------------------------------------------------------------- /sdk/src/test/java/com/contrastsecurity/TestDataConstants.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.time.Instant; 24 | import java.time.OffsetDateTime; 25 | import java.time.ZoneOffset; 26 | 27 | /** Constants to reuse in Pact tests. */ 28 | public final class TestDataConstants { 29 | 30 | /** 31 | * Timestamp to use in Pact testing examples. Uses a date far in the past to easily distinguish 32 | * this from production data. 33 | */ 34 | public static final Instant TIMESTAMP_EXAMPLE = 35 | OffsetDateTime.of(1955, 11, 12, 22, 4, 0, 0, ZoneOffset.UTC).toInstant(); 36 | 37 | private TestDataConstants() {} 38 | } 39 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/TraceFilterType.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import lombok.Getter; 24 | 25 | public enum TraceFilterType { 26 | MODULES("modules"), 27 | WORKFLOW("workflow"), 28 | SERVERS("servers"), 29 | TIME("time"), 30 | URL("url"), 31 | VULNTYPE("vulntype"), 32 | SERVER_ENVIRONMENT("server-environment"), 33 | APP_VERSION_TAGS("appversiontags"); 34 | 35 | @Getter private String label; 36 | 37 | TraceFilterType(String label) { 38 | this.label = label; 39 | } 40 | 41 | @Override 42 | public String toString() { 43 | return this.label.toLowerCase(); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Tag.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | /** An Tag to delete. */ 26 | public class Tag { 27 | @SerializedName("tag") 28 | private String name; 29 | 30 | public String getName() { 31 | if (name != null) { 32 | return name; 33 | } else { 34 | return "testFailure"; 35 | } 36 | } 37 | 38 | public void setName(String name) { 39 | this.name = name; 40 | } 41 | 42 | public Tag(String name) { 43 | this.name = name; 44 | } 45 | 46 | public Tag() { 47 | this.name = ""; 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/TraceFilterKeycode.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import lombok.Getter; 24 | 25 | public enum TraceFilterKeycode { 26 | ALL_ISSUES("00001"), 27 | CRITICAL_HIGH_SEVERITIES("00002"), 28 | CURRENT_WEEK("00003"), 29 | HIGH_CONFIDENCE("00004"), 30 | OPEN_TRACES("00005"), 31 | APP_ID("appId"), 32 | SERVER_ID("serverId"), 33 | URL("url"), 34 | RULE_NAME("ruleName"); 35 | 36 | @Getter private String label; 37 | 38 | TraceFilterKeycode(String label) { 39 | this.label = label; 40 | } 41 | 42 | @Override 43 | public String toString() { 44 | return this.label.toLowerCase(); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/exceptions/ServerResponseException.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.exceptions; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** Thrown when the Contrast API returns a response that the SDK does not understand. */ 24 | public class ServerResponseException extends ContrastException { 25 | 26 | /** 27 | * @see RuntimeException#RuntimeException(String) 28 | */ 29 | public ServerResponseException(final String message) { 30 | super(message); 31 | } 32 | 33 | /** 34 | * @see RuntimeException#RuntimeException(String, Throwable) 35 | */ 36 | public ServerResponseException(final String message, final Throwable inner) { 37 | super(message, inner); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /.github/workflows/build-maven-plugin.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | on: [push] 4 | 5 | jobs: 6 | changelog: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - uses: dangoslen/changelog-enforcer@v3 10 | build: 11 | name: Verify 12 | runs-on: ubuntu-latest 13 | steps: 14 | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 15 | 16 | - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 17 | with: 18 | java-version: 11 19 | distribution: temurin 20 | 21 | - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 22 | with: 23 | java-version: 17 24 | distribution: temurin 25 | 26 | - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 27 | with: 28 | java-version: 21 29 | distribution: temurin 30 | 31 | - name: Maven Verify 32 | env: 33 | CONTRAST__API__URL: ${{ secrets.CONTRAST__API__URL }} 34 | CONTRAST__API__USER_NAME: ${{ secrets.CONTRAST__API__USER_NAME }} 35 | CONTRAST__API__API_KEY: ${{ secrets.CONTRAST__API__API_KEY }} 36 | CONTRAST__API__SERVICE_KEY: ${{ secrets.CONTRAST__API__SERVICE_KEY }} 37 | CONTRAST__API__ORGANIZATION_ID: ${{ secrets.CONTRAST__API__ORGANIZATION_ID }} 38 | run: cd maven-plugin/ && ./mvnw --batch-mode -Pend-to-end-test verify 39 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/exceptions/ApplicationCreateException.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.exceptions; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import lombok.AccessLevel; 24 | import lombok.Getter; 25 | 26 | @Getter 27 | public class ApplicationCreateException extends Exception { 28 | private final int rc; 29 | private final String responseMessage; 30 | 31 | public ApplicationCreateException(int rc, String responseMessage) { 32 | super("Recieved Response code: " + rc + " with message: " + responseMessage); 33 | this.rc = rc; 34 | this.responseMessage = responseMessage; 35 | } 36 | 37 | @Getter(AccessLevel.NONE) 38 | private static final long serialVersionUID = -9049287248312255189L; 39 | } 40 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/ServerTagsResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class ServerTagsResponse { 27 | 28 | @SerializedName("success") 29 | protected String success; 30 | 31 | public String getSuccess() { 32 | return success; 33 | } 34 | ; 35 | 36 | public List getMessages() { 37 | return messages; 38 | } 39 | 40 | @SerializedName("messages") 41 | private List messages; 42 | 43 | public List getTags() { 44 | return tags; 45 | } 46 | 47 | @SerializedName("tags") 48 | private List tags; 49 | } 50 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/ScanManager.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** Manager for Contrast Scan resource collections. */ 24 | public interface ScanManager { 25 | 26 | /** 27 | * @return {@link Projects} resource collection 28 | */ 29 | Projects projects(); 30 | 31 | /** 32 | * @param projectId project ID in which to manage code artifacts 33 | * @return {@link CodeArtifacts} resource collection 34 | */ 35 | CodeArtifacts codeArtifacts(String projectId); 36 | 37 | /** 38 | * @param projectId project ID in which to manage code artifacts 39 | * @return {@link Scans} resource collection 40 | */ 41 | Scans scans(String projectId); 42 | } 43 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/RouteCoverageMetadataLabelValues.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.ArrayList; 25 | import java.util.List; 26 | 27 | public class RouteCoverageMetadataLabelValues { 28 | 29 | @SerializedName("label") 30 | protected String label; 31 | 32 | public String getLabel() { 33 | return label; 34 | } 35 | ; 36 | 37 | public void setLabel(String label) { 38 | this.label = label; 39 | } 40 | ; 41 | 42 | public List getValues() { 43 | return values; 44 | } 45 | 46 | @SerializedName("values") 47 | private List values = new ArrayList(); 48 | } 49 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/RequestConstants.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class RequestConstants { 24 | public static final String AUTHORIZATION = "Authorization"; 25 | public static final String API_KEY = "API-Key"; 26 | public static final String TELEMETRY_INTEGRATION_NAME = "Telemetry-Integration-Name"; 27 | public static final String TELEMETRY_INTEGRATION_VERSION = "Telemetry-Integration-Version"; 28 | 29 | public static final String EXPAND_PARAM = "expand"; 30 | public static final String COMMA_DELIMITER = ","; 31 | public static final String QUERY_SEPARATOR = "?"; 32 | public static final String EQUALS_SEPARATOR = "="; 33 | public static final String AND_SEPARATOR = "&"; 34 | } 35 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/RouteCoverageBySessionIDAndMetadataRequest.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.ArrayList; 25 | import java.util.List; 26 | 27 | public class RouteCoverageBySessionIDAndMetadataRequest { 28 | 29 | @SerializedName("sessionID") 30 | protected String sessionID; 31 | 32 | public String getSessionID() { 33 | return sessionID; 34 | } 35 | ; 36 | 37 | public List getValues() { 38 | return metadata; 39 | } 40 | 41 | @SerializedName("metadata") 42 | private List metadata = 43 | new ArrayList(); 44 | } 45 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/http/SecurityCheckFilter.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.http; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | import lombok.Getter; 26 | import lombok.Setter; 27 | 28 | @Getter 29 | @Setter 30 | public class SecurityCheckFilter { 31 | public enum QueryBy { 32 | APP_VERSION_TAG, 33 | START_DATE 34 | } 35 | 36 | /** The criteria to query vulnerabilities by */ 37 | @SerializedName("query_by") 38 | private QueryBy queryBy; 39 | 40 | /** AppVersionTags to match */ 41 | @SerializedName("app_version_tags") 42 | private List appVersionTags; 43 | 44 | /** startDate to match */ 45 | @SerializedName("start_date") 46 | private Long startDate; 47 | } 48 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/NotificationsResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class NotificationsResponse { 27 | 28 | @SerializedName("success") 29 | protected String success; 30 | 31 | public String getSuccess() { 32 | return success; 33 | } 34 | ; 35 | 36 | public List getMessages() { 37 | return messages; 38 | } 39 | 40 | @SerializedName("messages") 41 | private List messages; 42 | 43 | public List getNotifications() { 44 | return notifications; 45 | } 46 | 47 | @SerializedName("notifications") 48 | private List notifications; 49 | } 50 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/SignUp.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class SignUp { 26 | 27 | /** 28 | * Return the signup time for this user, e.g.: 29 | * 30 | * @return the signUp date for this user 31 | */ 32 | public long getDate() { 33 | return date; 34 | } 35 | 36 | @SerializedName("signup_date") 37 | private long date; 38 | 39 | /** 40 | * Return the signup accepted terms for this user, e.g.: 41 | * 42 | * @return the acceptedTerms for this user 43 | */ 44 | public boolean getAcceptedTerms() { 45 | return acceptedTerms; 46 | } 47 | 48 | @SerializedName("accept_terms") 49 | private boolean acceptedTerms; 50 | } 51 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Libraries.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | /** Base class for api calls for libraries. */ 26 | public class Libraries { 27 | 28 | public String getAverageScoreLetter() { 29 | return averageScoreLetter; 30 | } 31 | 32 | private String averageScoreLetter = null; 33 | 34 | public Integer getAverageScore() { 35 | return averageScore; 36 | } 37 | 38 | private Integer averageScore = null; 39 | 40 | public Integer getAverageMonths() { 41 | return averageMonths; 42 | } 43 | 44 | private Integer averageMonths = null; 45 | 46 | public List getLibraries() { 47 | return libraries; 48 | } 49 | 50 | private List libraries; 51 | } 52 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/MetadataFilterGroup.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class MetadataFilterGroup { 27 | 28 | @SerializedName("label") 29 | protected String label; 30 | 31 | public String getLabel() { 32 | return label; 33 | } 34 | ; 35 | 36 | @SerializedName("id") 37 | protected String id; 38 | 39 | public String getId() { 40 | return id; 41 | } 42 | ; 43 | 44 | // fieldType STRING,NUMERIC,CONTACT_NAME,PHONE,EMAIL,PERSON_OF_CONTACT 45 | 46 | public List getValues() { 47 | return values; 48 | } 49 | 50 | @SerializedName("values") 51 | private List values; 52 | } 53 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Story.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | public class Story { 26 | private String traceId; 27 | private List chapters; 28 | private Risk risk; 29 | 30 | public Story() {} 31 | 32 | public String getTraceId() { 33 | return traceId; 34 | } 35 | 36 | public void setTraceId(String traceId) { 37 | this.traceId = traceId; 38 | } 39 | 40 | public List getChapters() { 41 | return chapters; 42 | } 43 | 44 | public void setChapters(List chapters) { 45 | this.chapters = chapters; 46 | } 47 | 48 | public Risk getRisk() { 49 | return risk; 50 | } 51 | 52 | public void setRisk(Risk risk) { 53 | this.risk = risk; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/EventDetails.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | public class EventDetails { 26 | private boolean success; 27 | private List messages; 28 | private Event event; 29 | 30 | public void setSuccess(boolean success) { 31 | this.success = success; 32 | } 33 | 34 | public boolean getSuccess() { 35 | return this.success; 36 | } 37 | 38 | public void setMessages(List messages) { 39 | this.messages = messages; 40 | } 41 | 42 | public List getMessages() { 43 | return this.messages; 44 | } 45 | 46 | public void setEvent(Event event) { 47 | this.event = event; 48 | } 49 | 50 | public Event getEvent() { 51 | return this.event; 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Organizations.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class Organizations { 27 | public Long getCount() { 28 | return count; 29 | } 30 | 31 | private Long count = null; 32 | 33 | public List getOrganizations() { 34 | return organizations; 35 | } 36 | 37 | private List organizations; 38 | 39 | public Organization getOrganization() { 40 | return organization; 41 | } 42 | 43 | private Organization organization; 44 | 45 | public List getOrgDisabled() { 46 | return orgDisabled; 47 | } 48 | 49 | @SerializedName("org_disabled") 50 | private List orgDisabled; 51 | } 52 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/ScanException.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.exceptions.ContrastException; 24 | import java.util.Objects; 25 | 26 | /** Indicates a condition that prevents Contrast Scan from completing an analysis */ 27 | public class ScanException extends ContrastException { 28 | 29 | private final Scan scan; 30 | 31 | /** 32 | * @param scan the scan that cannot be completed 33 | * @param message exception message 34 | */ 35 | public ScanException(final Scan scan, final String message) { 36 | super(message); 37 | this.scan = Objects.requireNonNull(scan); 38 | } 39 | 40 | /** 41 | * @return the scan that cannot be completed 42 | */ 43 | public final Scan scan() { 44 | return scan; 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/StoryResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | public class StoryResponse { 26 | private String success; 27 | private List messages; 28 | private Story story; 29 | 30 | public StoryResponse() {} 31 | 32 | public String getSuccess() { 33 | return success; 34 | } 35 | 36 | public void setSuccess(String success) { 37 | this.success = success; 38 | } 39 | 40 | public List getMessages() { 41 | return messages; 42 | } 43 | 44 | public void setMessages(List messages) { 45 | this.messages = messages; 46 | } 47 | 48 | public Story getStory() { 49 | return story; 50 | } 51 | 52 | public void setStory(Story story) { 53 | this.story = story; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /gradle-plugin/src/test/resources/api-responses/serversResponse.json: -------------------------------------------------------------------------------- 1 | { 2 | "success" : true, 3 | "messages" : [ "Servers loaded successfully" ], 4 | "servers" : [ { 5 | "environment" : "DEVELOPMENT", 6 | "status" : "OFFLINE", 7 | "noPending" : false, 8 | "tags" : [ ], 9 | "logLevel" : "WARN", 10 | "logPath" : null, 11 | "assess" : true, 12 | "assessPending" : false, 13 | "defend" : true, 14 | "defendPending" : true, 15 | "logEnhancerPending" : false, 16 | "language" : "Java", 17 | "server_id" : 83694, 18 | "last_startup" : 1740082260000, 19 | "last_activity" : 1740082260000, 20 | "name" : "serverTestName", 21 | "hostname" : "serverTestName", 22 | "path" : "foo/bar", 23 | "type" : "Other", 24 | "agent_version" : "6.14.0.2136", 25 | "out_of_date" : false, 26 | "latest_agent_version" : "6.14.0.2136", 27 | "assess_sensors" : true, 28 | "assess_last_update" : 1740081279000, 29 | "defend_sensors" : true, 30 | "defense_last_update" : 1740081279000, 31 | "diagnostic_collection_enabled" : false, 32 | "syslog_enabled" : false, 33 | "is_assess_status_locked" : null, 34 | "is_protect_status_locked" : null, 35 | "config_source_assess" : "CONTRAST_UI", 36 | "config_source_protect" : "CONTRAST_UI", 37 | "protect_enable_property_name" : "protect.enable", 38 | "assess_enable_property_name" : "assess.enable", 39 | "protect_enable_location" : "the Contrast UI", 40 | "assess_enable_location" : "the Contrast UI" 41 | } ], 42 | "count" : 1 43 | } 44 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/dtm/ApplicationCreateRequest.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models.dtm; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.models.AgentType; 24 | import com.google.gson.annotations.SerializedName; 25 | import lombok.Getter; 26 | import lombok.NonNull; 27 | import lombok.Setter; 28 | 29 | @Getter 30 | @Setter 31 | public class ApplicationCreateRequest { 32 | @SerializedName("name") 33 | @NonNull 34 | private String appName; 35 | 36 | @SerializedName("language") 37 | @NonNull 38 | private AgentType appLanguage; 39 | 40 | @SerializedName("path") 41 | private String appPath; 42 | 43 | @SerializedName("short_name") 44 | private String appShortName; 45 | 46 | public ApplicationCreateRequest(String appName, AgentType appLanguage) { 47 | this.appName = appName; 48 | this.appLanguage = appLanguage; 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TagsResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class TagsResponse { 27 | private String success; 28 | private List messages; 29 | 30 | @SerializedName("tags") 31 | private List tags; 32 | 33 | public String getSuccess() { 34 | return success; 35 | } 36 | 37 | public void setSuccess(String success) { 38 | this.success = success; 39 | } 40 | 41 | public List getMessages() { 42 | return messages; 43 | } 44 | 45 | public void setMessages(List messages) { 46 | this.messages = messages; 47 | } 48 | 49 | public List getTags() { 50 | return tags; 51 | } 52 | 53 | public void setTags(List tags) { 54 | this.tags = tags; 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/ScanCreate.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.auto.value.AutoValue; 24 | 25 | /** Models the JSON body of a "create scan" request. */ 26 | @AutoValue 27 | abstract class ScanCreate { 28 | 29 | /** 30 | * @param codeArtifactId ID of the code artifact to scan 31 | * @param label label that distinguishes this scan from others in the project 32 | * @return new {@link ScanCreate} 33 | */ 34 | static ScanCreate of(final String codeArtifactId, final String label) { 35 | return new AutoValue_ScanCreate(codeArtifactId, label); 36 | } 37 | 38 | /** 39 | * @return ID of the code artifact to scan 40 | */ 41 | abstract String codeArtifactId(); 42 | 43 | /** 44 | * @return label that distinguishes this scan from others in the project 45 | */ 46 | abstract String label(); 47 | } 48 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/URLEntry.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | /** A URI that's been observed under monitoring. */ 26 | public class URLEntry { 27 | 28 | /** 29 | * Return the URL 30 | * 31 | * @return the URL 32 | */ 33 | public String getUrl() { 34 | return url; 35 | } 36 | 37 | private String url; 38 | 39 | public boolean getVulnerable() { 40 | return vulnerable; 41 | } 42 | 43 | private boolean vulnerable = false; 44 | 45 | /** 46 | * Return the last time this URI was observed under monitoring. 47 | * 48 | * @return the last time this URI was observed under monitoring 49 | */ 50 | public Long getLastTimeSeen() { 51 | return lastTimeSeen; 52 | } 53 | 54 | @SerializedName("last_time_seen") 55 | private Long lastTimeSeen; 56 | } 57 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/CodeArtifact.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.time.Instant; 24 | 25 | /** 26 | * Describes the Contrast Scan code artifact resource. Code artifacts are applications uploaded to 27 | * Contrast Scan for analysis. 28 | */ 29 | public interface CodeArtifact { 30 | 31 | /** 32 | * @return ID of this code artifact 33 | */ 34 | String id(); 35 | 36 | /** 37 | * @return ID of the project to which this code artifact belongs 38 | */ 39 | String projectId(); 40 | 41 | /** 42 | * @return ID of the organization to which this code artifact belongs 43 | */ 44 | String organizationId(); 45 | 46 | /** 47 | * @return filename 48 | */ 49 | String filename(); 50 | 51 | /** 52 | * @return time at which the code artifact was uploaded to Contrast Scan 53 | */ 54 | Instant createdTime(); 55 | } 56 | -------------------------------------------------------------------------------- /maven-plugin/src/site/markdown/troubleshooting/artifact-not-set.md: -------------------------------------------------------------------------------- 1 | ## Troubleshooting: Artifact Not Set 2 | 3 | This error occurs when there is no project artifact available for the `scan` goal to analyze. This 4 | typically indicates that the `scan` goal has been: 5 | 6 | 1. included in a module that does not produce an artifact (e.g. a module of type `pom`). 7 | 2. configured to run before the project's artifact has been built. 8 | 9 | 10 | ### Only Include in Modules that Produce Artifacts 11 | 12 | The `scan` goal should only be included in modules that produce a build artifact (e.g. a module that 13 | produces a `jar` or `war` file). 14 | 15 | When configuring a [multi-module](https://maven.apache.org/guides/mini/guide-multiple-modules.html) 16 | build, users may erroneously include the `scan` goal in the build of a parent pom, and parent poms 17 | do not produce build artifacts. In a multi-module project, verify that the `scan` goal is only 18 | included in projects that produce a `war` or `jar` artifact. Reference 19 | the [multi-module example](../examples/multi-module-projects.html). 20 | 21 | 22 | ### Configure Scan to Run After the Build Produces an Artifact 23 | 24 | Maven typically generates an artifact during the `package` phase. By default, the `scan` goal runs 25 | after the `package` phase during the `verify` phase. 26 | 27 | You may have overridden the plugin's default phase so that the `scan` goal runs during an earlier 28 | phase before the artifact has been built (e.g. the `test` phase). In this case, the `scan` goal will 29 | not be able to find an artifact to scan. Make sure to attach the scan goal to a later phase (such as 30 | the default `verify` phase). 31 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Risk.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.Map; 24 | 25 | public class Risk { 26 | private String text; 27 | private String formattedText; 28 | private Map formattedTextVariables; 29 | 30 | public Risk() {} 31 | 32 | public String getText() { 33 | return text; 34 | } 35 | 36 | public void setText(String text) { 37 | this.text = text; 38 | } 39 | 40 | public String getFormattedText() { 41 | return formattedText; 42 | } 43 | 44 | public void setFormattedText(String formattedText) { 45 | this.formattedText = formattedText; 46 | } 47 | 48 | public Map getFormattedTextVariables() { 49 | return formattedTextVariables; 50 | } 51 | 52 | public void setFormattedTextVariables(Map formattedTextVariables) { 53 | this.formattedTextVariables = formattedTextVariables; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/SessionMetadata.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | /** 27 | * Session metadata associated with a trace. Contains metadata items collected during the session 28 | * when the vulnerability was detected. 29 | */ 30 | public class SessionMetadata { 31 | 32 | /** 33 | * Return the session ID for this metadata. 34 | * 35 | * @return the session identifier 36 | */ 37 | public String getSessionId() { 38 | return sessionId; 39 | } 40 | 41 | @SerializedName("session_id") 42 | private String sessionId; 43 | 44 | /** 45 | * Return the list of metadata items for this session. 46 | * 47 | * @return list of metadata items 48 | */ 49 | public List getMetadata() { 50 | return metadata; 51 | } 52 | 53 | private List metadata; 54 | } 55 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceMetadataFilter.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.Arrays; 24 | import java.util.List; 25 | 26 | public class TraceMetadataFilter { 27 | private String fieldID; 28 | private List values; 29 | 30 | public TraceMetadataFilter(String fieldID, String... values) { 31 | this.fieldID = fieldID; 32 | this.values = Arrays.asList(values); 33 | } 34 | 35 | public TraceMetadataFilter(String fieldID, List values) { 36 | this.fieldID = fieldID; 37 | this.values = values; 38 | } 39 | 40 | public String getFieldID() { 41 | return this.fieldID; 42 | } 43 | 44 | public void setFieldID(String fieldID) { 45 | this.fieldID = fieldID; 46 | } 47 | 48 | public List getValues() { 49 | return this.values; 50 | } 51 | 52 | public void setValues(List values) { 53 | this.values = values; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceNote.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class TraceNote { 26 | 27 | public long getCreation() { 28 | return creation; 29 | } 30 | 31 | private long creation; 32 | 33 | public String getCreator() { 34 | return creator; 35 | } 36 | 37 | private String creator; 38 | 39 | public long getLastModification() { 40 | return lastModification; 41 | } 42 | 43 | @SerializedName("last_modification") 44 | private long lastModification; 45 | 46 | public String getLastUpdater() { 47 | return lastUpdater; 48 | } 49 | 50 | @SerializedName("last_updater") 51 | private String lastUpdater; 52 | 53 | public String getNote() { 54 | return note; 55 | } 56 | 57 | private String note; 58 | 59 | public String getId() { 60 | return id; 61 | } 62 | 63 | private String id; 64 | } 65 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Recommendation.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.Map; 24 | 25 | public class Recommendation { 26 | 27 | private String text; 28 | private String formattedText; 29 | private Map formattedTextVariables; 30 | 31 | public Recommendation() {} 32 | 33 | public String getText() { 34 | return text; 35 | } 36 | 37 | public void setText(String text) { 38 | this.text = text; 39 | } 40 | 41 | public String getFormattedText() { 42 | return formattedText; 43 | } 44 | 45 | public void setFormattedText(String formattedText) { 46 | this.formattedText = formattedText; 47 | } 48 | 49 | public Map getFormattedTextVariables() { 50 | return formattedTextVariables; 51 | } 52 | 53 | public void setFormattedTextVariables(Map formattedTextVariables) { 54 | this.formattedTextVariables = formattedTextVariables; 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/RuleReferences.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.Map; 24 | 25 | public class RuleReferences { 26 | 27 | private String text; 28 | private String formattedText; 29 | private Map formattedTextVariables; 30 | 31 | public RuleReferences() {} 32 | 33 | public String getText() { 34 | return text; 35 | } 36 | 37 | public void setText(String text) { 38 | this.text = text; 39 | } 40 | 41 | public String getFormattedText() { 42 | return formattedText; 43 | } 44 | 45 | public void setFormattedText(String formattedText) { 46 | this.formattedText = formattedText; 47 | } 48 | 49 | public Map getFormattedTextVariables() { 50 | return formattedTextVariables; 51 | } 52 | 53 | public void setFormattedTextVariables(Map formattedTextVariables) { 54 | this.formattedTextVariables = formattedTextVariables; 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /maven-plugin/src/test/java/com/contrastsecurity/maven/plugin/it/stub/ExternalContrastAPI.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.maven.plugin.it.stub; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Maven Plugin 6 | * %% 7 | * Copyright (C) 2021 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.Objects; 24 | 25 | /** 26 | * {@link ContrastAPI} implementation that represents an external system. Methods that affect the 27 | * system such as {@code start()} and {@code stop()} are no-ops. 28 | */ 29 | final class ExternalContrastAPI implements ContrastAPI { 30 | 31 | private final ConnectionParameters connection; 32 | 33 | /** 34 | * @param connection the connection parameters constant to provide to users 35 | */ 36 | public ExternalContrastAPI(final ConnectionParameters connection) { 37 | this.connection = Objects.requireNonNull(connection); 38 | } 39 | 40 | /** nop */ 41 | @Override 42 | public void start() {} 43 | 44 | @Override 45 | public ConnectionParameters connection() { 46 | return connection; 47 | } 48 | 49 | /** nop */ 50 | @Override 51 | public void stop() {} 52 | } 53 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/CustomRuleReferences.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.Map; 24 | 25 | public class CustomRuleReferences { 26 | private String text; 27 | private String formattedText; 28 | private Map formattedTextVariables; 29 | 30 | public CustomRuleReferences() {} 31 | 32 | public String getText() { 33 | return text; 34 | } 35 | 36 | public void setText(String text) { 37 | this.text = text; 38 | } 39 | 40 | public String getFormattedText() { 41 | return formattedText; 42 | } 43 | 44 | public void setFormattedText(String formattedText) { 45 | this.formattedText = formattedText; 46 | } 47 | 48 | public Map getFormattedTextVariables() { 49 | return formattedTextVariables; 50 | } 51 | 52 | public void setFormattedTextVariables(Map formattedTextVariables) { 53 | this.formattedTextVariables = formattedTextVariables; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/CustomRecommendation.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.Map; 24 | 25 | public class CustomRecommendation { 26 | 27 | private String text; 28 | private String formattedText; 29 | private Map formattedTextVariables; 30 | 31 | public CustomRecommendation() {} 32 | 33 | public String getText() { 34 | return text; 35 | } 36 | 37 | public void setText(String text) { 38 | this.text = text; 39 | } 40 | 41 | public String getFormattedText() { 42 | return formattedText; 43 | } 44 | 45 | public void setFormattedText(String formattedText) { 46 | this.formattedText = formattedText; 47 | } 48 | 49 | public Map getFormattedTextVariables() { 50 | return formattedTextVariables; 51 | } 52 | 53 | public void setFormattedTextVariables(Map formattedTextVariables) { 54 | this.formattedTextVariables = formattedTextVariables; 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /maven-plugin/src/test/java/com/contrastsecurity/maven/plugin/it/stub/ContrastAPIStub.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.maven.plugin.it.stub; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Maven Plugin 6 | * %% 7 | * Copyright (C) 2021 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.lang.annotation.Documented; 24 | import java.lang.annotation.ElementType; 25 | import java.lang.annotation.Retention; 26 | import java.lang.annotation.RetentionPolicy; 27 | import java.lang.annotation.Target; 28 | import org.junit.jupiter.api.extension.ExtendWith; 29 | 30 | /** 31 | * Provides a JUnit test with a {@link ContrastAPI} stub for testing. Starts the {@code ContrastAPI} 32 | * instance before starting the test, and handles gracefully terminating the Contrast API instance 33 | * at the conclusion of the test. 34 | * 35 | * 

36 |  *   @ContrastAPIStub
37 |  *   @Test
38 |  *   public void test(final ContrastAPI contrast) { ... }
39 |  *
40 | */ 41 | @Documented 42 | @Target(ElementType.TYPE) 43 | @Retention(RetentionPolicy.RUNTIME) 44 | @ExtendWith(ContrastAPIStubExtension.class) 45 | public @interface ContrastAPIStub {} 46 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/PointOfContactMetadata.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class PointOfContactMetadata extends MetadataEntity { 24 | 25 | public PointOfContactMetadata() { 26 | type = MetadataType.POINT_OF_CONTACT; 27 | } 28 | 29 | public void setFieldName(String fieldName) { 30 | this.fieldName = fieldName; 31 | } 32 | 33 | private String contactName; 34 | 35 | public String getContactName() { 36 | return contactName; 37 | } 38 | 39 | public void setContactName(String contactName) { 40 | this.contactName = contactName; 41 | } 42 | 43 | private String email; 44 | 45 | public String getEmail() { 46 | return email; 47 | } 48 | 49 | public void setEmail(String email) { 50 | this.email = email; 51 | } 52 | 53 | private String phoneNo; 54 | 55 | public String getPhoneNo() { 56 | return phoneNo; 57 | } 58 | 59 | public void setPhoneNo(String phoneNo) { 60 | this.phoneNo = phoneNo; 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceEvent.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** 24 | * Several TraceEvents make up a vulnerability, or, "trace". They represent a method invocation that 25 | * Contrast monitored. 26 | */ 27 | public class TraceEvent { 28 | 29 | /** 30 | * Return the id for the event in the trace 31 | * 32 | * @return the id of the event 33 | */ 34 | public long getEventId() { 35 | return eventId; 36 | } 37 | 38 | private long eventId; 39 | 40 | /** 41 | * Return the code context for the event 42 | * 43 | * @return code context for the event 44 | */ 45 | private String codeContext; 46 | 47 | public String getCodeContext() { 48 | return codeContext; 49 | } 50 | 51 | /** 52 | * Return the type of event this is, e.g., Creation, P2O, Trigger, etc. 53 | * 54 | * @return the type of event this is 55 | */ 56 | public String getType() { 57 | return type; 58 | } 59 | 60 | private String type; 61 | } 62 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/EventItem.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class EventItem extends EventModel { 24 | 25 | private String type; 26 | private String value; 27 | private boolean isStacktrace; 28 | 29 | public EventItem() {} 30 | 31 | public EventItem(EventResource parent, String type, String value, boolean isStacktrace) { 32 | super(); 33 | this.type = type; 34 | this.value = value; 35 | this.isStacktrace = isStacktrace; 36 | this.parent = parent; 37 | } 38 | 39 | public String getValue() { 40 | return value; 41 | } 42 | 43 | public void setValue(String value) { 44 | this.value = value; 45 | } 46 | 47 | public void setType(String type) { 48 | this.type = type; 49 | } 50 | 51 | public String getType() { 52 | return this.type; 53 | } 54 | 55 | public boolean isStacktrace() { 56 | return isStacktrace; 57 | } 58 | 59 | public void setStacktrace(boolean isStacktrace) { 60 | this.isStacktrace = isStacktrace; 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Login.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class Login { 26 | 27 | /** 28 | * Return the host address for this login, e.g.: 29 | * 30 | * @return the host of this login 31 | */ 32 | public String getHost() { 33 | return host; 34 | } 35 | 36 | @SerializedName("last_host_address") 37 | private String host; 38 | 39 | /** 40 | * Return the last login time for this login, e.g.: 41 | * 42 | * @return the lastLogin of this login 43 | */ 44 | public long getLastLogin() { 45 | return lastLogin; 46 | } 47 | 48 | @SerializedName("last_login_time") 49 | private long lastLogin; 50 | 51 | /** 52 | * Return the number of failed attempts for this login, e.g.: 53 | * 54 | * @return the failedAttempts of this login 55 | */ 56 | public int getFailedAttempts() { 57 | return failedAttempts; 58 | } 59 | 60 | @SerializedName("failed_attempts") 61 | private int failedAttempts; 62 | } 63 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Organization.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class Organization { 26 | 27 | public String getDateFormat() { 28 | return dateFormat; 29 | } 30 | 31 | @SerializedName("date_format") 32 | private String dateFormat; 33 | 34 | public String getName() { 35 | return name; 36 | } 37 | 38 | private String name; 39 | 40 | public String getOrgUuid() { 41 | return orgUuid; 42 | } 43 | 44 | @SerializedName("organization_uuid") 45 | private String orgUuid; 46 | 47 | public String getShortName() { 48 | return shortName; 49 | } 50 | 51 | @SerializedName("shortname") 52 | private String shortName; 53 | 54 | public String getTimeFormat() { 55 | return timeFormat; 56 | } 57 | 58 | @SerializedName("time_format") 59 | private String timeFormat; 60 | 61 | public String getTimeZone() { 62 | return timeZone; 63 | } 64 | 65 | @SerializedName("timezone") 66 | private String timeZone; 67 | } 68 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Scores.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class Scores { 26 | 27 | public Integer getGrade() { 28 | return this.grade; 29 | } 30 | 31 | private Integer grade = 0; 32 | 33 | public String getLetterGrade() { 34 | return this.letterGrade; 35 | } 36 | 37 | @SerializedName("letter_grade") 38 | private String letterGrade = ""; 39 | 40 | public ScoreMetric getPlatformScore() { 41 | return this.platform; 42 | } 43 | 44 | private ScoreMetric platform = null; 45 | 46 | public ScoreMetric getSecurityScore() { 47 | return this.security; 48 | } 49 | 50 | private ScoreMetric security = null; 51 | 52 | class ScoreMetric { 53 | public Integer getGrade() { 54 | return this.grade; 55 | } 56 | 57 | private Integer grade = 0; 58 | 59 | public String getLetterGrade() { 60 | return this.letterGrade; 61 | } 62 | 63 | @SerializedName("letter_grade") 64 | private String letterGrade = ""; 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/internal/Refreshable.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.internal; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.exceptions.HttpResponseException; 24 | import com.contrastsecurity.exceptions.ResourceNotFoundException; 25 | import com.contrastsecurity.exceptions.UnauthorizedException; 26 | import java.io.IOException; 27 | 28 | /** 29 | * Describes a resource that may be refreshed by requesting a new representation. 30 | * 31 | * @param resource type 32 | */ 33 | public interface Refreshable { 34 | 35 | /** 36 | * Retrieves a fresh copy of this immutable resource. 37 | * 38 | * @return new, refreshed copy of this resource 39 | * @throws IOException when an IO error occurs while making the request to the Contrast API 40 | * @throws UnauthorizedException when Contrast rejects the credentials used to send the request 41 | * @throws ResourceNotFoundException when the requested resource does not exist 42 | * @throws HttpResponseException when Contrast rejects this request with an error code 43 | */ 44 | T refresh() throws IOException; 45 | } 46 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceFilterBody.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.http.RuleSeverity; 24 | import com.contrastsecurity.http.ServerEnvironment; 25 | import java.util.Date; 26 | import java.util.List; 27 | import lombok.Getter; 28 | import lombok.Setter; 29 | 30 | @Getter 31 | @Setter 32 | public class TraceFilterBody { 33 | private List appVersionTags; 34 | private String applicationId; 35 | private Date startDate; 36 | private Date endDate; 37 | private List environments; 38 | private List filterTags; 39 | private String filterText; 40 | private List metadataFilters; 41 | private List modules; 42 | private VulnerabilityQuickFilterType quickFilter; 43 | private List servers; 44 | private List severities; 45 | private TraceTimestampField timestampFilter; 46 | private boolean tracked; 47 | private boolean untracked; 48 | private List urls; 49 | private List vulnTypes; 50 | private String agentSessionId; 51 | } 52 | -------------------------------------------------------------------------------- /maven-plugin/src/test/java/com/contrastsecurity/maven/plugin/AbstractContrastMojoTest.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.maven.plugin; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Maven Plugin 6 | * %% 7 | * Copyright (C) 2021 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import static org.assertj.core.api.Assertions.assertThat; 24 | 25 | import com.contrastsecurity.sdk.UserAgentProduct; 26 | import org.junit.jupiter.api.Test; 27 | 28 | /** Unit tests for {@link AbstractContrastMojo}. */ 29 | final class AbstractContrastMojoTest { 30 | 31 | @Test 32 | void creates_user_agent_product_with_expected_values() { 33 | // GIVEN some AbstractContrastMojo with the mavenVersion property injected 34 | final AbstractContrastMojo mojo = 35 | new AbstractContrastMojo() { 36 | @Override 37 | public void execute() {} 38 | }; 39 | mojo.setMavenVersion("3.8.1"); 40 | 41 | // WHEN build User-Agent product 42 | final UserAgentProduct ua = mojo.getUserAgentProduct(); 43 | 44 | // THEN has expected values 45 | assertThat(ua.name()).isEqualTo("contrast-maven-plugin"); 46 | assertThat(ua.version()).matches("\\d+\\.\\d+(\\.\\d+)?(-SNAPSHOT)?"); 47 | assertThat(ua.comment()).isEqualTo("Apache Maven 3.8.1"); 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/internal/Lists.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.internal; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.ArrayList; 24 | import java.util.Collection; 25 | import java.util.Collections; 26 | import java.util.List; 27 | import java.util.Objects; 28 | 29 | /** Static utility methods for operating on {@link List}. */ 30 | public final class Lists { 31 | 32 | /** 33 | * Static helper for creating an immutable copy of the given collection. 34 | * 35 | * @param original collection to copy 36 | * @param type of elements in the collection 37 | * @return new, immutable copy 38 | */ 39 | public static List copy(final Collection original) { 40 | Objects.requireNonNull(original); 41 | if (original.isEmpty()) { 42 | return Collections.emptyList(); 43 | } 44 | if (original.size() == 1) { 45 | final T item = original.iterator().next(); 46 | return Collections.singletonList(item); 47 | } 48 | final List copy = new ArrayList<>(original); 49 | return Collections.unmodifiableList(copy); 50 | } 51 | 52 | /** static members only */ 53 | private Lists() {} 54 | } 55 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/MetadataItem.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | /** A single metadata item within session metadata. */ 26 | public class MetadataItem { 27 | 28 | /** 29 | * Return the value of this metadata item. 30 | * 31 | * @return the metadata value 32 | */ 33 | public String getValue() { 34 | return value; 35 | } 36 | 37 | private String value; 38 | 39 | /** 40 | * Return the display label for this metadata item. This is the human-readable label shown in the 41 | * Contrast UI. 42 | * 43 | * @return the display label 44 | */ 45 | public String getDisplayLabel() { 46 | return displayLabel; 47 | } 48 | 49 | @SerializedName("display_label") 50 | private String displayLabel; 51 | 52 | /** 53 | * Return the agent label for this metadata item. This is the internal label used by the Contrast 54 | * agent. 55 | * 56 | * @return the agent label 57 | */ 58 | public String getAgentLabel() { 59 | return agentLabel; 60 | } 61 | 62 | @SerializedName("agent_label") 63 | private String agentLabel; 64 | } 65 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/HttpRequestResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class HttpRequestResponse { 27 | private String success; 28 | private List messages; 29 | 30 | @SerializedName("http_request") 31 | private HttpRequest httpRequest; 32 | 33 | private String reason; 34 | 35 | public HttpRequestResponse() {} 36 | 37 | public String getSuccess() { 38 | return success; 39 | } 40 | 41 | public void setSuccess(String success) { 42 | this.success = success; 43 | } 44 | 45 | public List getMessages() { 46 | return messages; 47 | } 48 | 49 | public void setMessages(List messages) { 50 | this.messages = messages; 51 | } 52 | 53 | public HttpRequest getHttpRequest() { 54 | return httpRequest; 55 | } 56 | 57 | public void setHttpRequest(HttpRequest httpRequest) { 58 | this.httpRequest = httpRequest; 59 | } 60 | 61 | public String getReason() { 62 | return reason; 63 | } 64 | 65 | public void setReason(String reason) { 66 | this.reason = reason; 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /maven-plugin/src/test/java/com/contrastsecurity/maven/plugin/it/stub/package-info.java: -------------------------------------------------------------------------------- 1 | /** 2 | * JUnit extension for stubbing the Contrast API for integration testing. Before a test, the 3 | * extension starts a new web server that simulates the subset of the Contrast API that the plugin 4 | * needs. At the conclusion of the test, the extension terminates the web server. 5 | * 6 | *

Some tests may be compatible with an external Contrast API system (that has already been 7 | * configured to be in the right state) instead of a stub. In this case, test authors can configure 8 | * this extension (using standard JUnit configuration) to provide connection parameters to the 9 | * external system instead of starting a stub system. 10 | * 11 | *

Set the following configuration parameters to configure the extension to use an external 12 | * Contrast API system instead of starting a stub: 13 | * 14 | *

    15 | *
  • {@code contrast.api.url} 16 | *
  • {@code contrast.api.user_name} 17 | *
  • {@code contrast.api.api_key} 18 | *
  • {@code contrast.api.service_key} 19 | *
  • {@code contrast.api.organization} 20 | *
21 | */ 22 | package com.contrastsecurity.maven.plugin.it.stub; 23 | 24 | /*- 25 | * #%L 26 | * Contrast Maven Plugin 27 | * %% 28 | * Copyright (C) 2021 Contrast Security, Inc. 29 | * %% 30 | * Licensed under the Apache License, Version 2.0 (the "License"); 31 | * you may not use this file except in compliance with the License. 32 | * You may obtain a copy of the License at 33 | * 34 | * http://www.apache.org/licenses/LICENSE-2.0 35 | * 36 | * Unless required by applicable law or agreed to in writing, software 37 | * distributed under the License is distributed on an "AS IS" BASIS, 38 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 39 | * See the License for the specific language governing permissions and 40 | * limitations under the License. 41 | * #L% 42 | */ 43 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceFilter.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class TraceFilter { 26 | 27 | public String getKeycode() { 28 | return keycode; 29 | } 30 | 31 | public void setKeycode(String keycode) { 32 | this.keycode = keycode; 33 | } 34 | 35 | private String keycode; 36 | 37 | public String getLabel() { 38 | return label; 39 | } 40 | 41 | public void setLabel(String label) { 42 | this.label = label; 43 | } 44 | 45 | private String label; 46 | 47 | public Object getDetails() { 48 | return details; 49 | } 50 | 51 | private Object details; 52 | 53 | public long getCount() { 54 | return count; 55 | } 56 | 57 | public void setCount(int count) { 58 | this.count = count; 59 | } 60 | 61 | private long count; 62 | 63 | @SerializedName("new_group") 64 | private boolean newGroup; 65 | 66 | public boolean getNewGroup() { 67 | return newGroup; 68 | } 69 | 70 | public void setNewGroup(boolean newGroup) { 71 | this.newGroup = newGroup; 72 | } 73 | 74 | @Override 75 | public String toString() { 76 | return keycode; 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /sdk/src/test/java/com/contrastsecurity/sdk/scan/ScanManagerImplTest.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import static org.assertj.core.api.Assertions.assertThat; 24 | 25 | import com.contrastsecurity.sdk.ContrastSDK; 26 | import com.contrastsecurity.sdk.ContrastSDK.Builder; 27 | import com.contrastsecurity.sdk.internal.GsonFactory; 28 | import com.google.gson.Gson; 29 | import org.junit.jupiter.api.Test; 30 | 31 | /** Unit tests for {@link ScanManagerImpl} */ 32 | final class ScanManagerImplTest { 33 | 34 | /** 35 | * {@code ScanManagerImpl} simply initializes resource collections and provides access to them. 36 | * This test verifies that this happens without errors. 37 | */ 38 | @Test 39 | void initialization_smoke_test() { 40 | final ContrastSDK contrast = new Builder("username", "service-key", "api-key").build(); 41 | final Gson gson = GsonFactory.create(); 42 | final ScanManagerImpl manager = new ScanManagerImpl(contrast, gson, "organization-id"); 43 | final Scans scans = manager.scans("project-id"); 44 | assertThat(scans).isNotNull(); 45 | final CodeArtifacts codeArtifacts = manager.codeArtifacts("project-id"); 46 | assertThat(codeArtifacts).isNotNull(); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceNoteResource.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class TraceNoteResource { 27 | 28 | @SerializedName("note") 29 | protected String note; 30 | 31 | public String getNote() { 32 | return note; 33 | } 34 | ; 35 | 36 | @SerializedName("creator") 37 | protected String creator; 38 | 39 | public String getCreator() { 40 | return creator; 41 | } 42 | ; 43 | 44 | @SerializedName("creation") 45 | protected String creation; 46 | 47 | public String getCreation() { 48 | return creation; 49 | } 50 | ; 51 | 52 | public List getProperties() { 53 | return properties; 54 | } 55 | 56 | @SerializedName("properties") 57 | private List properties; 58 | 59 | public class NgTraceNoteReadOnlyPropertyResource { 60 | 61 | @SerializedName("name") 62 | protected String name; 63 | 64 | public String getName() { 65 | return name; 66 | } 67 | ; 68 | 69 | @SerializedName("value") 70 | protected String value; 71 | 72 | public String getValue() { 73 | return value; 74 | } 75 | ; 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/CodeObject.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | /** 24 | * Represents a primitive/object in a method invocation. The parameters, "this", and return value 25 | * are modeled with this object. 26 | * 27 | * @deprecated because this object contains accessors for fields that can never be set. At best it's 28 | * not useful and at worst it produces {@code NullPointerException}. It was drafted 7 years ago 29 | * and never used. 30 | */ 31 | @Deprecated 32 | public class CodeObject { 33 | 34 | /** 35 | * Return the identity hash code of this object. 36 | * 37 | * @return the identity hash code of this object 38 | */ 39 | public String getHashCode() { 40 | return hashCode; 41 | } 42 | 43 | private String hashCode; 44 | 45 | /** 46 | * Return whether or not the object is tracked. 47 | * 48 | * @return whether or not the object is tracked 49 | */ 50 | public boolean isTracked() { 51 | return tracked; 52 | } 53 | 54 | private boolean tracked; 55 | 56 | /** 57 | * Return the value of the object. 58 | * 59 | * @return the value of the object 60 | */ 61 | public String getValue() { 62 | throw new NullPointerException("value is always null"); 63 | } 64 | 65 | private String value; 66 | } 67 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/ScanSummary.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.time.Duration; 24 | import java.time.Instant; 25 | 26 | /** Summary of a Scan and its results. */ 27 | public interface ScanSummary { 28 | 29 | /** 30 | * @return ID of this summary 31 | */ 32 | String id(); 33 | 34 | /** 35 | * @return ID of the scan 36 | */ 37 | String scanId(); 38 | 39 | /** 40 | * @return ID of the scan project 41 | */ 42 | String projectId(); 43 | 44 | /** 45 | * @return ID of the Contrast organization 46 | */ 47 | String organizationId(); 48 | 49 | /** 50 | * @return duration of the scan 51 | */ 52 | Duration duration(); 53 | 54 | /** 55 | * @return number of vulnerabilities detected in this scan 56 | */ 57 | int totalResults(); 58 | 59 | /** 60 | * @return number of vulnerabilities detected in this scan that have not been previously detected 61 | * in an earlier scan 62 | */ 63 | int totalNewResults(); 64 | 65 | /** 66 | * @return number of vulnerabilities that are no longer detected but were detected in previous 67 | * scans 68 | */ 69 | int totalFixedResults(); 70 | 71 | /** 72 | * @return time at which this scan summary was created 73 | */ 74 | Instant createdDate(); 75 | } 76 | -------------------------------------------------------------------------------- /sdk/src/test/java/com/contrastsecurity/sdk/scan/ScanAssert.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import org.assertj.core.api.AbstractAssert; 24 | import org.assertj.core.api.Assertions; 25 | 26 | /** Custom assertions for {@link Scan} */ 27 | final class ScanAssert extends AbstractAssert { 28 | 29 | /** 30 | * @param scan object to make assertions on 31 | * @return new {@link ScanAssert} 32 | */ 33 | static ScanAssert assertThat(final Scan scan) { 34 | return new ScanAssert(scan); 35 | } 36 | 37 | private ScanAssert(final Scan scan) { 38 | super(scan, ScanAssert.class); 39 | } 40 | 41 | /** 42 | * Verifies that this scan has the same values as its internal representation. 43 | * 44 | * @param inner internal representation of a scan 45 | * @return this 46 | */ 47 | public ScanAssert hasSameValuesAsInner(final ScanInner inner) { 48 | Assertions.assertThat(actual.id()).isEqualTo(inner.id()); 49 | Assertions.assertThat(actual.projectId()).isEqualTo(inner.projectId()); 50 | Assertions.assertThat(actual.organizationId()).isEqualTo(inner.organizationId()); 51 | Assertions.assertThat(actual.status()).isEqualTo(inner.status()); 52 | Assertions.assertThat(actual.errorMessage()).isEqualTo(inner.errorMessage()); 53 | return this; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /maven-plugin/src/site/site.xml: -------------------------------------------------------------------------------- 1 | 2 | 21 | 22 | 25 | 26 | org.apache.maven.skins 27 | maven-fluido-skin 28 | 1.9 29 | 30 | 31 | 32 | 33 | Contrast-Security-OSS/contrast-maven-plugin 34 | right 35 | green 36 | 37 | 38 | 39 | 40 | images/contrast-logo.png 41 | / 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/LibraryScores.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | public class LibraryScores { 27 | 28 | // Inner Class for Scores 29 | public class Score { 30 | 31 | public String getGrade() { 32 | return this.grade; 33 | } 34 | 35 | @SerializedName("grade") 36 | private String grade; 37 | 38 | public int getGradeCount() { 39 | return this.count; 40 | } 41 | 42 | @SerializedName("count") 43 | private int count; 44 | } 45 | 46 | /** 47 | * The average grade of libraries 48 | * 49 | * @return average grade of libraries 50 | */ 51 | public String getAverageGrade() { 52 | return this.averageGrade; 53 | } 54 | 55 | @SerializedName("average_grade") 56 | private String averageGrade; 57 | 58 | /** 59 | * The average score of libraries 60 | * 61 | * @return the average score of libraries 62 | */ 63 | public int getAverageScore() { 64 | return this.averageScore; 65 | } 66 | 67 | @SerializedName("average_score") 68 | private int averageScore = 0; 69 | 70 | /** 71 | * Return the library stats 72 | * 73 | * @return the library stats 74 | */ 75 | public List getScores() { 76 | return scores; 77 | } 78 | 79 | @SerializedName("breakdown") 80 | private List scores; 81 | } 82 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/CodeArtifactsImpl.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.io.IOException; 24 | import java.nio.file.Path; 25 | import java.util.Objects; 26 | 27 | /** Implementation of {@link CodeArtifacts} */ 28 | final class CodeArtifactsImpl implements CodeArtifacts { 29 | 30 | /** Implementation of {@link CodeArtifacts.Factory */ 31 | static final class Factory implements CodeArtifacts.Factory { 32 | 33 | private final CodeArtifactClient client; 34 | 35 | Factory(final CodeArtifactClient client) { 36 | this.client = Objects.requireNonNull(client); 37 | } 38 | 39 | @Override 40 | public CodeArtifacts create(final String projectId) { 41 | return new CodeArtifactsImpl(client, projectId); 42 | } 43 | } 44 | 45 | private final CodeArtifactClient client; 46 | private final String projectId; 47 | 48 | CodeArtifactsImpl(final CodeArtifactClient client, final String projectId) { 49 | this.client = client; 50 | this.projectId = projectId; 51 | } 52 | 53 | @Override 54 | public CodeArtifact upload(final Path file, final String name) throws IOException { 55 | final CodeArtifactInner inner = client.upload(projectId, file); 56 | return new CodeArtifactImpl(inner); 57 | } 58 | 59 | @Override 60 | public CodeArtifact upload(final Path file) throws IOException { 61 | return upload(file, file.getFileName().toString()); 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/GlobalProperties.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class GlobalProperties { 26 | private String version; 27 | 28 | private String mode; 29 | 30 | private String build; 31 | 32 | @SerializedName("internal_version") 33 | private String internalVersion; 34 | 35 | @SerializedName("max_failed_attempts") 36 | private int maxFailedAttempts; 37 | 38 | private String timezone; 39 | 40 | @SerializedName("date_format") 41 | private String dateFormat; 42 | 43 | @SerializedName("time_format") 44 | private String timeFormat; 45 | 46 | @SerializedName("teamserver_url") 47 | private String teamServerUrl; 48 | 49 | public String getVersion() { 50 | return version; 51 | } 52 | 53 | public String getMode() { 54 | return mode; 55 | } 56 | 57 | public String getBuild() { 58 | return build; 59 | } 60 | 61 | public String getInternalVersion() { 62 | return internalVersion; 63 | } 64 | 65 | public int getMaxFailedAttempts() { 66 | return maxFailedAttempts; 67 | } 68 | 69 | public String getTimezone() { 70 | return timezone; 71 | } 72 | 73 | public String getDateFormat() { 74 | return dateFormat; 75 | } 76 | 77 | public String getTimeFormat() { 78 | return timeFormat; 79 | } 80 | 81 | public String getTeamServerUrl() { 82 | return teamServerUrl; 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/Projects.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.exceptions.HttpResponseException; 24 | import com.contrastsecurity.exceptions.ResourceNotFoundException; 25 | import com.contrastsecurity.exceptions.ServerResponseException; 26 | import com.contrastsecurity.exceptions.UnauthorizedException; 27 | import java.io.IOException; 28 | import java.util.Optional; 29 | 30 | /** Project resource collection. */ 31 | public interface Projects { 32 | 33 | /** Factory for {@link Projects} */ 34 | interface Factory { 35 | Projects create(); 36 | } 37 | 38 | /** 39 | * Starts the definition for a new project resource. 40 | * 41 | * @return new definition builder 42 | */ 43 | Project.Definition define(); 44 | 45 | /** 46 | * @param name project name 47 | * @return project, or empty if no such project exists 48 | * @throws IOException when an IO error occurs while making the request to the Contrast API 49 | * @throws UnauthorizedException when Contrast rejects the credentials used to send the request 50 | * @throws ResourceNotFoundException when the requested resource does not exist 51 | * @throws HttpResponseException when Contrast rejects this request with an error code 52 | * @throws ServerResponseException when Contrast API returns a response that cannot be understood 53 | */ 54 | Optional findByName(final String name) throws IOException; 55 | } 56 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/CodeArtifactImpl.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.time.Instant; 24 | import java.util.Objects; 25 | 26 | /** Implementation of the {@link CodeArtifact} resource. */ 27 | final class CodeArtifactImpl implements CodeArtifact { 28 | 29 | private final CodeArtifactInner inner; 30 | 31 | CodeArtifactImpl(final CodeArtifactInner inner) { 32 | this.inner = Objects.requireNonNull(inner); 33 | } 34 | 35 | @Override 36 | public String id() { 37 | return inner.id(); 38 | } 39 | 40 | @Override 41 | public String projectId() { 42 | return inner.projectId(); 43 | } 44 | 45 | @Override 46 | public String organizationId() { 47 | return inner.organizationId(); 48 | } 49 | 50 | @Override 51 | public String filename() { 52 | return inner.filename(); 53 | } 54 | 55 | @Override 56 | public Instant createdTime() { 57 | return inner.createdTime(); 58 | } 59 | 60 | @Override 61 | public boolean equals(final Object o) { 62 | if (this == o) { 63 | return true; 64 | } 65 | if (o == null || getClass() != o.getClass()) { 66 | return false; 67 | } 68 | final CodeArtifactImpl that = (CodeArtifactImpl) o; 69 | return inner.equals(that.inner); 70 | } 71 | 72 | @Override 73 | public int hashCode() { 74 | return Objects.hash(inner); 75 | } 76 | 77 | @Override 78 | public String toString() { 79 | return inner.toString(); 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /sdk/src/test/java/com/contrastsecurity/sdk/scan/CodeArtifactAssert.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import org.assertj.core.api.AbstractAssert; 24 | import org.assertj.core.api.Assertions; 25 | 26 | /** Custom assertions for {@link CodeArtifact} */ 27 | final class CodeArtifactAssert extends AbstractAssert { 28 | 29 | /** 30 | * @param codeArtifact object to make assertions on 31 | * @return new {@link CodeArtifactAssert} 32 | */ 33 | static CodeArtifactAssert assertThat(final CodeArtifact codeArtifact) { 34 | return new CodeArtifactAssert(codeArtifact); 35 | } 36 | 37 | private CodeArtifactAssert(final CodeArtifact CodeArtifact) { 38 | super(CodeArtifact, CodeArtifactAssert.class); 39 | } 40 | 41 | /** 42 | * Verifies that this code artifact has the same values as its internal representation. 43 | * 44 | * @param inner internal representation of a CodeArtifact 45 | * @return this 46 | */ 47 | public CodeArtifactAssert hasSameValuesAsInner(final CodeArtifactInner inner) { 48 | Assertions.assertThat(actual.id()).isEqualTo(inner.id()); 49 | Assertions.assertThat(actual.projectId()).isEqualTo(inner.projectId()); 50 | Assertions.assertThat(actual.organizationId()).isEqualTo(inner.organizationId()); 51 | Assertions.assertThat(actual.filename()).isEqualTo(inner.filename()); 52 | Assertions.assertThat(actual.createdTime()).isEqualTo(inner.createdTime()); 53 | return this; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/HttpRequest.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.List; 25 | 26 | /** An HTTP request. */ 27 | public class HttpRequest { 28 | 29 | public int getPort() { 30 | return port; 31 | } 32 | 33 | private int port; 34 | 35 | public String getProtocol() { 36 | return protocol; 37 | } 38 | 39 | private String protocol; 40 | 41 | public String getMethod() { 42 | return method; 43 | } 44 | 45 | private String method; 46 | 47 | public String getUri() { 48 | return uri; 49 | } 50 | 51 | private String uri; 52 | 53 | public String getUrl() { 54 | return url; 55 | } 56 | 57 | private String url; 58 | 59 | public String getVersion() { 60 | return version; 61 | } 62 | 63 | private String version; 64 | 65 | public String getQueryString() { 66 | return queryString; 67 | } 68 | 69 | @SerializedName("query_string") 70 | private String queryString; 71 | 72 | public List getHeaders() { 73 | return headers; 74 | } 75 | 76 | private List headers; 77 | 78 | public List getParameters() { 79 | return parameters; 80 | } 81 | 82 | private List parameters; 83 | 84 | public String getText() { 85 | return text; 86 | } 87 | 88 | public void setText(String text) { 89 | this.text = text; 90 | } 91 | 92 | private String text; 93 | } 94 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/EventSummaryResponse.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.util.List; 24 | 25 | public class EventSummaryResponse { 26 | private boolean success; 27 | private List messages; 28 | private String risk; 29 | private boolean showEvidence; 30 | private boolean showEvents; 31 | private List events; 32 | 33 | public void setSuccess(boolean success) { 34 | this.success = success; 35 | } 36 | 37 | public boolean getSuccess() { 38 | return this.success; 39 | } 40 | 41 | public void setMessages(List messages) { 42 | this.messages = messages; 43 | } 44 | 45 | public List getMessages() { 46 | return this.messages; 47 | } 48 | 49 | public void setRisk(String risk) { 50 | this.risk = risk; 51 | } 52 | 53 | public String getRisk() { 54 | return this.risk; 55 | } 56 | 57 | public void setShowEvidence(boolean showEvidence) { 58 | this.showEvidence = showEvidence; 59 | } 60 | 61 | public boolean getShowEvidence() { 62 | return this.showEvidence; 63 | } 64 | 65 | public void setShowEvents(boolean showEvents) { 66 | this.showEvents = showEvents; 67 | } 68 | 69 | public boolean getShowEvents() { 70 | return this.showEvents; 71 | } 72 | 73 | public void setEvents(List events) { 74 | this.events = events; 75 | } 76 | 77 | public List getEvents() { 78 | return this.events; 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Card.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class Card { 26 | 27 | /** 28 | * Returns the Card body snippet as a LinkedTreeMap 29 | * 30 | * @return Snippet as LinkedTreeMap 31 | */ 32 | public Object getBody() { 33 | return body; 34 | } 35 | 36 | private Object body; 37 | 38 | /** 39 | * Returns the Card header snippet as a LinkedTreeMap 40 | * 41 | * @return Snippet as LinkedTreeMap 42 | */ 43 | public Object getHeader() { 44 | return header; 45 | } 46 | 47 | private Object header; 48 | 49 | /** 50 | * Hidden status of the Card 51 | * 52 | * @return hidden status 53 | */ 54 | public boolean getIsHidden() { 55 | return isHidden; 56 | } 57 | 58 | @SerializedName("is_hidden") 59 | private boolean isHidden; 60 | 61 | /** 62 | * Severity level of the Card 63 | * 64 | * @return severity level 65 | */ 66 | public String getSeverity() { 67 | return severity; 68 | } 69 | 70 | private String severity; 71 | 72 | /** 73 | * Card title 74 | * 75 | * @return title 76 | */ 77 | public String getTitle() { 78 | return title; 79 | } 80 | 81 | private String title; 82 | 83 | /** 84 | * Trace id the Card belongs to 85 | * 86 | * @return Trace id 87 | */ 88 | public String getTraceId() { 89 | return traceId; 90 | } 91 | // @SerializedName("trace_id") 92 | private String traceId; 93 | } 94 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/ProjectsQuery.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.sdk.internal.Nullable; 24 | import com.google.auto.value.AutoValue; 25 | 26 | /** Value type that describes a projects resource collection query predicate. */ 27 | @AutoValue 28 | abstract class ProjectsQuery { 29 | 30 | /** 31 | * @return new {@link Builder} 32 | */ 33 | static Builder builder() { 34 | return new AutoValue_ProjectsQuery.Builder(); 35 | } 36 | 37 | /** 38 | * @return project name, or {@code null} to accept API default behavior. 39 | */ 40 | @Nullable 41 | abstract String name(); 42 | 43 | /** 44 | * @return true if the query will include archived projects, or {@code null} to accept API default 45 | * behavior. 46 | */ 47 | @Nullable 48 | abstract Boolean archived(); 49 | 50 | /** 51 | * @return true if the projects resources should use exact string matching on the project name 52 | * instead of a "contains" comparison, or {@code null} to accept the API default behavior. 53 | */ 54 | @Nullable 55 | abstract Boolean unique(); 56 | 57 | /** Builder for {@link ProjectsQuery}. */ 58 | @AutoValue.Builder 59 | abstract static class Builder { 60 | 61 | abstract Builder name(String value); 62 | 63 | abstract Builder archived(Boolean value); 64 | 65 | abstract Builder unique(Boolean value); 66 | 67 | /** 68 | * @return new {@code ProjectsQuery} 69 | */ 70 | abstract ProjectsQuery build(); 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/sdk/scan/ScansImpl.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.contrastsecurity.sdk.scan.Scan.Definition; 24 | import java.io.IOException; 25 | import java.util.Objects; 26 | 27 | /** Implementation of the {@link Scans} resource collection. */ 28 | final class ScansImpl implements Scans { 29 | 30 | /** Implementation of {@link Scans.Factory} */ 31 | static final class Factory implements Scans.Factory { 32 | 33 | private final ScanClient client; 34 | 35 | Factory(final ScanClient client) { 36 | this.client = Objects.requireNonNull(client); 37 | } 38 | 39 | @Override 40 | public Scans create(final String projectId) { 41 | return new ScansImpl(client, projectId); 42 | } 43 | } 44 | 45 | private final ScanClient client; 46 | private final String projectId; 47 | 48 | ScansImpl(final ScanClient client, final String projectId) { 49 | this.client = Objects.requireNonNull(client); 50 | this.projectId = Objects.requireNonNull(projectId); 51 | } 52 | 53 | @Override 54 | public Definition define() { 55 | return new ScanImpl.Definition(client, projectId); 56 | } 57 | 58 | @Override 59 | public Scan get(final String id) throws IOException { 60 | final ScanInner inner = client.get(projectId, id); 61 | return new ScanImpl(client, inner); 62 | } 63 | 64 | @Override 65 | public ScanSummary summary(final String id) throws IOException { 66 | final ScanSummaryInner inner = client.getSummary(projectId, id); 67 | return new ScanSummaryImpl(inner); 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /sdk/src/test/java/com/contrastsecurity/sdk/scan/ScanSummaryImplTest.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import static com.contrastsecurity.sdk.scan.ScanSummaryAssert.assertThat; 24 | 25 | import com.contrastsecurity.EqualsAndHashcodeContract; 26 | import com.contrastsecurity.TestDataConstants; 27 | import org.junit.jupiter.api.Test; 28 | 29 | /** Unit tests for {@link ScanSummaryImpl} */ 30 | final class ScanSummaryImplTest implements EqualsAndHashcodeContract { 31 | 32 | @Test 33 | void delegates_to_inner() { 34 | final ScanSummaryInner inner = builder().build(); 35 | final ScanSummaryImpl summary = new ScanSummaryImpl(inner); 36 | 37 | assertThat(summary).hasSameValuesAsInner(inner); 38 | } 39 | 40 | @Override 41 | public ScanSummaryImpl createValue() { 42 | final ScanSummaryInner inner = builder().build(); 43 | return new ScanSummaryImpl(inner); 44 | } 45 | 46 | @Override 47 | public ScanSummaryImpl createNotEqualValue() { 48 | final ScanSummaryInner inner = builder().scanId("other-scan-id").build(); 49 | return new ScanSummaryImpl(inner); 50 | } 51 | 52 | private static ScanSummaryInner.Builder builder() { 53 | return ScanSummaryInner.builder() 54 | .id("summary-id") 55 | .scanId("scan-id") 56 | .projectId("project-id") 57 | .organizationId("organization-id") 58 | .duration(100) 59 | .createdDate(TestDataConstants.TIMESTAMP_EXAMPLE) 60 | .lastModifiedDate(TestDataConstants.TIMESTAMP_EXAMPLE) 61 | .totalFixedResults(0) 62 | .totalNewResults(0) 63 | .totalResults(0); 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/AssessLicenseOverview.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | 25 | public class AssessLicenseOverview { 26 | 27 | // Inner Class with the actual details returned for a Group 28 | public class Details { 29 | private int total; 30 | private int used; 31 | private int unused; 32 | 33 | @SerializedName("max_expiration_date") 34 | private long maxExpirationDate; 35 | 36 | /** 37 | * The total number of Assess licenses for an organization. 38 | * 39 | * @return the total number of Assess licenses for an organization 40 | */ 41 | public int getTotal() { 42 | return total; 43 | } 44 | 45 | /** 46 | * The total number of used Assess licenses for an organization. 47 | * 48 | * @return the total number of used Assess licenses for an organization 49 | */ 50 | public int getUsed() { 51 | return used; 52 | } 53 | 54 | /** 55 | * The total number of unused Assess licenses for an organization. 56 | * 57 | * @return the total number of unused Assess licenses for an organization. 58 | */ 59 | public int getUnused() { 60 | return unused; 61 | } 62 | 63 | public long getMaxExpirationDate() { 64 | return maxExpirationDate; 65 | } 66 | } 67 | 68 | /** 69 | * Return the details of the Licensing 70 | * 71 | * @return details of the Licensing 72 | */ 73 | public Details getDetails() { 74 | return details; 75 | } 76 | 77 | @SerializedName("breakdown") 78 | private Details details; 79 | } 80 | -------------------------------------------------------------------------------- /gradle-plugin/src/test/java/com/contrastsecurity/gradle/plugin/e2e/EndToEndTests.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.gradle.plugin.e2e; 2 | 3 | import static org.junit.jupiter.api.Assertions.assertEquals; 4 | import static org.junit.jupiter.api.Assertions.assertTrue; 5 | 6 | import com.contrastsecurity.gradle.plugin.GradleRunnerTest; 7 | import com.contrastsecurity.gradle.plugin.util.ConfigurationExtensionValues; 8 | import com.contrastsecurity.gradle.plugin.util.EnvironmentUtils; 9 | import java.io.IOException; 10 | import java.nio.file.Files; 11 | import org.gradle.testkit.runner.BuildResult; 12 | import org.gradle.testkit.runner.GradleRunner; 13 | import org.gradle.testkit.runner.TaskOutcome; 14 | import org.junit.jupiter.api.Test; 15 | 16 | /** End-To-End tests for the gradle plugin for interacting with TeamServer */ 17 | public class EndToEndTests extends GradleRunnerTest { 18 | 19 | @Test 20 | void verify_plugin_retrieves_agent_from_TS() throws IOException { 21 | Files.writeString(getSettingsFile().toPath(), ""); 22 | Files.writeString(getBuildFile().toPath(), config.buildContrastBuildFile()); 23 | 24 | final GradleRunner testRunner = GradleRunner.create(); 25 | testRunner.forwardOutput(); 26 | testRunner.withPluginClasspath(); 27 | // run with debug args to log statements we can check for in the output 28 | testRunner.withArguments("resolveAgent", "--debug"); 29 | testRunner.withProjectDir(projectDir); 30 | final BuildResult result = testRunner.build(); 31 | 32 | result 33 | .getTasks() 34 | .forEach( 35 | buildTask -> { 36 | assertEquals(buildTask.getOutcome(), TaskOutcome.SUCCESS); 37 | }); 38 | 39 | assertTrue(result.getOutput().contains("Agent successfully retrieved from TeamServer")); 40 | } 41 | 42 | private static final ConfigurationExtensionValues config = 43 | new ConfigurationExtensionValues.Builder() 44 | .setUsername(EnvironmentUtils.getUsername()) 45 | .setApiUrl(EnvironmentUtils.getApiUrl()) 46 | .setApiKey(EnvironmentUtils.getApiKey()) 47 | .setServiceKey(EnvironmentUtils.getServiceKey()) 48 | .setOrgUuid(EnvironmentUtils.getOrgUuid()) 49 | .setAppVersion("0.0.1") 50 | .setAppName("gradle-end-to-end-test") 51 | .setServerName("server1") 52 | .setMinSeverity("Medium") 53 | .build(); 54 | } 55 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/TraceBreakdown.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | public class TraceBreakdown { 24 | 25 | public int getSafes() { 26 | return safes; 27 | } 28 | 29 | private int safes = 0; 30 | 31 | public int getCriticals() { 32 | return criticals; 33 | } 34 | 35 | private int criticals = 0; 36 | 37 | public int getHighs() { 38 | return highs; 39 | } 40 | 41 | private int highs = 0; 42 | 43 | public int getMeds() { 44 | return meds; 45 | } 46 | 47 | private int meds = 0; 48 | 49 | public int getLows() { 50 | return lows; 51 | } 52 | 53 | private int lows = 0; 54 | 55 | public int getNotes() { 56 | return notes; 57 | } 58 | 59 | private int notes = 0; 60 | 61 | public int getTriaged() { 62 | return triaged; 63 | } 64 | 65 | private int triaged = 0; 66 | 67 | public int getTraceCount() { 68 | return traceCount; 69 | } 70 | 71 | private int traceCount = 0; 72 | 73 | public int getConfirmed() { 74 | return confirmed; 75 | } 76 | 77 | private int confirmed = 0; 78 | 79 | public int getSuspicious() { 80 | return suspicious; 81 | } 82 | 83 | private int suspicious = 0; 84 | 85 | public int getNotProblem() { 86 | return notProblem; 87 | } 88 | 89 | private int notProblem = 0; 90 | 91 | public int getRemediated() { 92 | return remediated; 93 | } 94 | 95 | private int remediated = 0; 96 | 97 | public int getReported() { 98 | return reported; 99 | } 100 | 101 | private int reported = 0; 102 | } 103 | -------------------------------------------------------------------------------- /sdk/src/test/java/com/contrastsecurity/sdk/scan/CodeArtifactClientImplTest.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.sdk.scan; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import static org.assertj.core.api.Assertions.assertThat; 24 | 25 | import java.io.IOException; 26 | import java.nio.file.Path; 27 | import java.nio.file.Paths; 28 | import org.junit.jupiter.api.Test; 29 | import org.junit.jupiter.params.ParameterizedTest; 30 | import org.junit.jupiter.params.provider.ValueSource; 31 | 32 | /** Unit tests for {@link CodeArtifactClientImpl} */ 33 | final class CodeArtifactClientImplTest { 34 | /** 35 | * Verifies that all well-known Java archive types are identified as a Java archive mime type 36 | * 37 | *
    38 | *
  • https://en.wikipedia.org/wiki/JAR_(file_format) 39 | *
  • https://en.wikipedia.org/wiki/WAR_(file_format) 40 | *
  • https://en.wikipedia.org/wiki/EAR_(file_format) 41 | *
42 | * 43 | * @param name file name 44 | */ 45 | @ValueSource(strings = {"foo.jar", "foo.war", "foo.ear"}) 46 | @ParameterizedTest 47 | void determine_content_type_java_archive(final String name) throws IOException { 48 | final Path file = Paths.get(name); 49 | final String mime = CodeArtifactClientImpl.determineMime(file); 50 | assertThat(mime).isEqualTo("application/java-archive"); 51 | } 52 | 53 | /** Verifies that unknown file extensions use the generic application/octet-stream mime type */ 54 | @Test 55 | void determine_content_type_unknown() throws IOException { 56 | final Path file = Paths.get("foo"); 57 | final String mime = CodeArtifactClientImpl.determineMime(file); 58 | assertThat(mime).isEqualTo("application/octet-stream"); 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /maven-plugin/src/test/java/com/contrastsecurity/maven/plugin/Resources.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.maven.plugin; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Maven Plugin 6 | * %% 7 | * Copyright (C) 2021 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import java.io.File; 24 | import java.io.InputStream; 25 | import java.net.URISyntaxException; 26 | import java.net.URL; 27 | import java.nio.file.Path; 28 | import java.nio.file.Paths; 29 | 30 | /** static utilities for retrieving test resources */ 31 | public final class Resources { 32 | 33 | /** 34 | * Retrieves the given test resources as a {@link File}. Fails if the resource does not exist 35 | * 36 | * @param name resource name 37 | * @return {@link File} which refers to the resource 38 | * @throws NullPointerException when resource does not exist 39 | */ 40 | public static Path file(final String name) { 41 | final URL resource = Resources.class.getResource(name); 42 | if (resource == null) { 43 | throw new NullPointerException(name + " resource not found"); 44 | } 45 | try { 46 | return Paths.get(resource.toURI()); 47 | } catch (final URISyntaxException e) { 48 | throw new AssertionError("This should never happen", e); 49 | } 50 | } 51 | 52 | /** 53 | * Retrieves the given test resource as an {@link InputStream}. Fails if the resource does not 54 | * exist 55 | * 56 | * @param name resource name 57 | * @return {@link InputStream} for reading the resource 58 | * @throws NullPointerException when resource does not exist 59 | */ 60 | public static InputStream stream(final String name) { 61 | final InputStream stream = Resources.class.getResourceAsStream(name); 62 | if (stream == null) { 63 | throw new NullPointerException(name + " resource not found"); 64 | } 65 | return stream; 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/Tags.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import java.util.ArrayList; 25 | import java.util.List; 26 | import java.util.stream.Collectors; 27 | 28 | public class Tags { 29 | private List links; 30 | private transient List tagsObject; 31 | 32 | @SerializedName("tags") 33 | private List tagNames; 34 | 35 | @SerializedName("traces_id") 36 | private List tracesId; 37 | 38 | public Tags() { 39 | this.tagsObject = new ArrayList(); 40 | } 41 | 42 | public Tags(List tags) { 43 | this.tagsObject = new ArrayList(); 44 | tags.forEach( 45 | tag -> { 46 | this.tagsObject.add(new Tag(tag)); 47 | }); 48 | } 49 | 50 | public Tags(List tags, List tracesId) { 51 | this.tagsObject = tags; 52 | this.tracesId = tracesId; 53 | } 54 | 55 | public List getLinks() { 56 | return links; 57 | } 58 | 59 | public void setLinks(List links) { 60 | this.links = links; 61 | } 62 | 63 | public List getTags() { 64 | return tagsObject; 65 | } 66 | 67 | public Tags setTagNamesAndGetTagObject() { 68 | this.tagNames = this.tagsObject.stream().map(Tag::getName).collect(Collectors.toList()); 69 | return this; 70 | } 71 | 72 | public void setTags(List tags) { 73 | this.tagsObject = tags; 74 | } 75 | 76 | public void addTag(Tag tag) { 77 | this.tagsObject.add(tag); 78 | } 79 | 80 | public List getTracesId() { 81 | return tracesId; 82 | } 83 | 84 | public void setTracesId(List tracesId) { 85 | this.tracesId = tracesId; 86 | } 87 | } 88 | -------------------------------------------------------------------------------- /sdk/src/main/java/com/contrastsecurity/models/SecurityCheck.java: -------------------------------------------------------------------------------- 1 | package com.contrastsecurity.models; 2 | 3 | /*- 4 | * #%L 5 | * Contrast Java SDK 6 | * %% 7 | * Copyright (C) 2022 - 2025 Contrast Security, Inc. 8 | * %% 9 | * Licensed under the Apache License, Version 2.0 (the "License"); 10 | * you may not use this file except in compliance with the License. 11 | * You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, software 16 | * distributed under the License is distributed on an "AS IS" BASIS, 17 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | * See the License for the specific language governing permissions and 19 | * limitations under the License. 20 | * #L% 21 | */ 22 | 23 | import com.google.gson.annotations.SerializedName; 24 | import lombok.Getter; 25 | 26 | @Getter 27 | public class SecurityCheck { 28 | 29 | /** 30 | * The ID of the security check 31 | * 32 | * @return the ID of the security check. 33 | */ 34 | @SerializedName("id") 35 | private Long id; 36 | 37 | /** 38 | * The name of the application verified. 39 | * 40 | * @return the name of the application 41 | */ 42 | @SerializedName("application_name") 43 | private String applicationName; 44 | 45 | /** 46 | * The ID of the application verified. 47 | * 48 | * @return the ID of the application. 49 | */ 50 | @SerializedName("application_id") 51 | private String applicationId; 52 | 53 | /** 54 | * The origin of where the security check was made from. 55 | * 56 | * @return the origin of the security check. 57 | */ 58 | @SerializedName("origin") 59 | private String origin; 60 | 61 | /** 62 | * The result of the security check true = the application passed all job outcome policies. false 63 | * = the application failed a job outcome policy. null = no applicable job outcome policy for 64 | * application. 65 | * 66 | * @return the result of the security check. 67 | */ 68 | @SerializedName("result") 69 | private Boolean result; 70 | 71 | /** 72 | * The job outcome policy that the application failed. null if the application passed all job 73 | * outcome policies. 74 | * 75 | * @reutnr The job outcome policy that the application failed. 76 | */ 77 | @SerializedName("job_outcome_policy") 78 | private JobOutcomePolicy jobOutcomePolicy; 79 | } 80 | --------------------------------------------------------------------------------