Feature/externalize mongo schema (#224)

* dependency updates

* workflow update

* workflow update

* ignore config update

* tool created

* cleanup

* remove reference to wiki

* fixed an attribute name

* starting to remove schema creation

* removing schemas

* removed static schemas

* update supported platforms

* record suppression feature

* release notes update

* documenation updates

* package updates

* dependency updates

* action version update

* action version update

* documentdb compat

* MongoTool doc update

* minor logic update

.github/workflows/build-ci.yml

@@ -10,14 +10,18 @@ jobs:
 
   infer-csharp-pr-comment:
     runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request'
+    if: github.event_name == 'pull_request' && github.actor != 'dependabot'
     steps:
+      - name: Actor
+        run: |
+          echo GITHUB_ACTOR
+          echo ${{ github.actor }}
       - name: Dotnet Core Install
         uses: actions/setup-dotnet@v2
         with:
           dotnet-version: 6.*
       - name: Fetch Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Platform build win-x64
         run: dotnet publish --self-contained -c ReleaseWindows -o artifacts/win-x64 -r win-x64
       - name: Platform build linux-x64
@@ -58,7 +62,7 @@ jobs:
         with:
           dotnet-version: 6.*
       - name: Fetch Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Platform build win-x64
         run: dotnet publish --self-contained -c ReleaseWindows -o artifacts -r win-x64
 
@@ -71,7 +75,7 @@ jobs:
         with:
           dotnet-version: 6.*
       - name: Fetch Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Platform build linux-x64
         run: dotnet publish --self-contained -c ReleaseLinux -o artifacts -r linux-x64
 
@@ -85,9 +89,9 @@ jobs:
           dotnet-version: 6.*
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1          
+        uses: docker/setup-buildx-action@v2          
       - name: Fetch Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Platform build linux-x64
         run: dotnet publish --self-contained -c ReleaseLinux -o artifacts -r linux-x64
       - name: Build Docker Container
@@ -102,7 +106,7 @@ jobs:
         with:
           dotnet-version: 6.*
       - name: Fetch Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Run Tests
         run: dotnet test --verbosity q
 
@@ -111,7 +115,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Fetch Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Build Manual
         id: build_manual
         uses: xu-cheng/latex-action@v2
@@ -126,7 +130,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Fetch Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Build Release Notes
         id: build_release_notes
         uses: xu-cheng/latex-action@v2

.github/workflows/build-prerelease.yml

@@ -31,7 +31,7 @@ jobs:
     steps:
       - uses: technote-space/workflow-conclusion-action@v2
       - name: Fetch Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         if: env.WORKFLOW_CONCLUSION == 'failure'
       - name: Remove Prerelease Tag
         run: git push origin ':refs/tags/v${{ needs.create-tag.outputs.tag }}'

.github/workflows/publish-build.yml

@@ -26,7 +26,7 @@ jobs:
     steps:
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1          
+        uses: docker/setup-buildx-action@v2          
 
 
       - name: Login to GitHub Container Registry
@@ -43,7 +43,7 @@ jobs:
 
 
       - name: Fetch Code @ tag v${{ inputs.tag }}
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           ref: refs/tags/v${{ inputs.tag }}
 

.gitignore

@@ -16,4 +16,5 @@ artifacts/
 .build_tools/
 **/TestResults
 
-**/DELETE*
+**/DELETE*
+**/launchSettings.json

Applications/CxAnalytixCLI/CxAnalytixCLI.csproj

@@ -11,7 +11,7 @@
 		<Authors>Checkmarx</Authors>
 		<Version>0.0.0</Version>
 		<Description>CxAnalytix crawls and extracts vulnerability scan data from Checkmarx products.</Description>
-		<Copyright>Copyright (c) 2019-2022 Checkmarx.  All rights reserved.</Copyright>
+		<Copyright>Copyright (c) 2019-2023 Checkmarx.  All rights reserved.</Copyright>
 		<PackageProjectUrl>https://github.com/checkmarx-ts/CxAnalytix/wiki</PackageProjectUrl>
 		<PackageReadmeFile>$(SolutionDir)README.md</PackageReadmeFile>
 		<RepositoryUrl>https://github.com/checkmarx-ts/CxAnalytix</RepositoryUrl>

Applications/CxAnalytixDaemon/CxAnalytixDaemon.csproj

@@ -9,7 +9,7 @@
 		<Authors>Checkmarx</Authors>
 		<Version>0.0.0</Version>
 		<Description>CxAnalytix crawls and extracts vulnerability scan data from Checkmarx products.</Description>
-		<Copyright>Copyright (c) 2019-2022 Checkmarx.  All rights reserved.</Copyright>
+		<Copyright>Copyright (c) 2019-2023 Checkmarx.  All rights reserved.</Copyright>
 		<PackageProjectUrl>https://github.com/checkmarx-ts/CxAnalytix/wiki</PackageProjectUrl>
 		<PackageReadmeFile>$(SolutionDir)README.md</PackageReadmeFile>
 		<RepositoryUrl>https://github.com/checkmarx-ts/CxAnalytix</RepositoryUrl>
@@ -32,10 +32,9 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Microsoft.Extensions.Configuration" Version="6.0.1" />
-		<PackageReference Include="Microsoft.Extensions.Configuration.CommandLine" Version="6.0.0" />
-		<PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="6.0.1" />
-		<PackageReference Include="Microsoft.Extensions.Hosting" Version="6.0.1" />
+		<PackageReference Include="Microsoft.Extensions.Configuration.CommandLine" Version="7.0.0" />
+		<PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="7.0.0" />
+		<PackageReference Include="Microsoft.Extensions.Hosting" Version="7.0.1" />
 	</ItemGroup>
 
 	<ItemGroup>

Applications/CxAnalytixService/CxAnalytixService.csproj

@@ -12,7 +12,7 @@
 		<Authors>Checkmarx</Authors>
 		<Version>0.0.0</Version>
 		<Description>CxAnalytix crawls and extracts vulnerability scan data from Checkmarx products.</Description>
-		<Copyright>Copyright (c) 2019-2022 Checkmarx.  All rights reserved.</Copyright>
+		<Copyright>Copyright (c) 2019-2023 Checkmarx.  All rights reserved.</Copyright>
 		<PackageProjectUrl>https://github.com/checkmarx-ts/CxAnalytix/wiki</PackageProjectUrl>
 		<PackageReadmeFile>$(SolutionDir)README.md</PackageReadmeFile>
 		<RepositoryUrl>https://github.com/checkmarx-ts/CxAnalytix</RepositoryUrl>
@@ -40,8 +40,7 @@
 
 
 	<ItemGroup>
-		<PackageReference Include="Microsoft.Windows.Compatibility" Version="6.0.0" />
-		<PackageReference Include="System.Configuration.ConfigurationManager" Version="6.0.1" />
+		<PackageReference Include="Microsoft.Windows.Compatibility" Version="7.0.4" />
 	</ItemGroup>
 
 

CxAnalytix.sln

@@ -89,7 +89,11 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SastTransformer", "XForm\Sa
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Common", "XForm\Common\Common.csproj", "{BE71BE3E-7591-4D62-BFB3-F77D7B57F12A}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CxOneTransformer", "XForm\CxOneTransformer\CxOneTransformer.csproj", "{9F56B86B-C692-4D85-BABB-735B969D2D4E}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "CxOneTransformer", "XForm\CxOneTransformer\CxOneTransformer.csproj", "{9F56B86B-C692-4D85-BABB-735B969D2D4E}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Install", "Install", "{CDEFBA2F-FB11-44A9-AE7D-8317C42A830C}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "MongoTool", "MongoTool\MongoTool.csproj", "{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -891,6 +895,30 @@ Global
 		{9F56B86B-C692-4D85-BABB-735B969D2D4E}.ReleaseWindows|x64.Build.0 = Release|Any CPU
 		{9F56B86B-C692-4D85-BABB-735B969D2D4E}.ReleaseWindows|x86.ActiveCfg = Release|Any CPU
 		{9F56B86B-C692-4D85-BABB-735B969D2D4E}.ReleaseWindows|x86.Build.0 = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Debug|x64.Build.0 = Debug|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Debug|x86.Build.0 = Debug|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Release|x64.ActiveCfg = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Release|x64.Build.0 = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Release|x86.ActiveCfg = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.Release|x86.Build.0 = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseLinux|Any CPU.ActiveCfg = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseLinux|Any CPU.Build.0 = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseLinux|x64.ActiveCfg = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseLinux|x64.Build.0 = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseLinux|x86.ActiveCfg = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseLinux|x86.Build.0 = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseWindows|Any CPU.ActiveCfg = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseWindows|Any CPU.Build.0 = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseWindows|x64.ActiveCfg = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseWindows|x64.Build.0 = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseWindows|x86.ActiveCfg = Release|Any CPU
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2}.ReleaseWindows|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -930,6 +958,7 @@ Global
 		{0788985B-731F-4BA5-A7E3-5C7996074B54} = {203A826C-286F-442C-B7B9-E43F806B8778}
 		{BE71BE3E-7591-4D62-BFB3-F77D7B57F12A} = {203A826C-286F-442C-B7B9-E43F806B8778}
 		{9F56B86B-C692-4D85-BABB-735B969D2D4E} = {203A826C-286F-442C-B7B9-E43F806B8778}
+		{8DE4F60A-CD68-40D8-98F0-14E8C06406D2} = {CDEFBA2F-FB11-44A9-AE7D-8317C42A830C}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {103FD3A6-4F85-4DC0-B65F-7E974EA202FE}

Libs/Configuration/Configuration.csproj

@@ -8,7 +8,7 @@
 		<Authors>Checkmarx</Authors>
 		<Version>0.0.0</Version>
 		<Description>CxAnalytix crawls and extracts vulnerability scan data from Checkmarx products.</Description>
-		<Copyright>Copyright (c) 2019-2022 Checkmarx.  All rights reserved.</Copyright>
+		<Copyright>Copyright (c) 2019-2023 Checkmarx.  All rights reserved.</Copyright>
 		<PackageProjectUrl>https://github.com/checkmarx-ts/CxAnalytix/wiki</PackageProjectUrl>
 		<PackageReadmeFile>$(SolutionDir)README.md</PackageReadmeFile>
 		<RepositoryUrl>https://github.com/checkmarx-ts/CxAnalytix</RepositoryUrl>
@@ -31,9 +31,9 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Autofac" Version="6.4.0" />
+		<PackageReference Include="Autofac" Version="7.0.1" />
 		<PackageReference Include="log4net" Version="2.0.15" />
-		<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
+		<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
 		<PackageReference Include="System.Configuration.ConfigurationManager" Version="6.0.1" />
 	</ItemGroup>
 

Libs/Configuration/Impls/Config.cs

@@ -2,14 +2,18 @@
 using CxAnalytix.Configuration.Utils;
 using CxAnalytix.Exceptions;
 using log4net;
+using log4net.Util;
 using System;
+using System.Collections;
+using System.Collections.Generic;
 using System.Configuration;
 using System.IO;
 
 
+
 namespace CxAnalytix.Configuration.Impls
 {
-    public class Config
+    public static class Config
     {
         private static System.Configuration.Configuration _cfgManager;
         private static ILog _log = LogManager.GetLogger(typeof (Config) );
@@ -32,62 +36,77 @@ static Config()
 
 			_cfgManager = ConfigurationManager.OpenMappedExeConfiguration(map, ConfigurationUserLevel.None);
 
-			if (OperatingSystem.IsWindows())
+
+
+            if (OperatingSystem.IsWindows())
 				EncryptSensitiveSections();
 			else
 				_log.Warn("This platform does not support encrypting credentials in the configuration file.  Your credentials may be stored in plain text.");
 
 			var builder = new ContainerBuilder();
 
-			foreach(var sec in _cfgManager.Sections)
+			foreach(var sec in _cfgManager.Sections.OnlyValid() )
             {
 				builder.RegisterInstance(sec).As(sec.GetType()).ExternallyOwned();
             }
 			_configDI = builder.Build();
 
 		}
 
-		public static T GetConfig<T>()
+        private static IEnumerable<ConfigurationSection> OnlyValid(this ConfigurationSectionCollection elements)
         {
-			return _configDI.Resolve<T>();
+            List<ConfigurationSection> result = new();
+
+            for (int i = 0; i < elements.Count; i++)
+                try
+                {
+                    result.Add(elements[i]);
+                }
+                catch (ConfigurationErrorsException ex)
+                {
+                    _log.Warn($"Configuration error: {ex.Message}");
+                }
+
+            return result;
         }
 
+        public static T GetConfig<T>() => _configDI.Resolve<T>();
 
-		private static void EncryptSensitiveSections()
-		{
-			foreach (ConfigurationSection section in _cfgManager.Sections)
-			{
-				var attribs = section.GetType().GetCustomAttributes(typeof(SecureConfigSectionAttribute), true);
-
-				if (attribs != null && attribs.Length > 0)
-				{
-					bool found = false;
-					foreach (SecureConfigSectionAttribute attribInst in attribs)
-					{
-						if (attribInst.IsPropSet(section.GetType(), section))
-						{
-							found = true;
-							break;
-						}
-					}
-
-					if (!found)
-						continue;
-				}
-				else
-					continue;
-
-				if (!section.SectionInformation.IsProtected)
-				{
-					section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
-					section.SectionInformation.ForceSave = true;
-					section.SectionInformation.ForceDeclaration(true);
-				}
-			}
+        private static void EncryptSensitiveSections()
+        {
+            foreach (var section in _cfgManager.Sections.OnlyValid())
+            {
+                var attribs = section.GetType().GetCustomAttributes(typeof(SecureConfigSectionAttribute), true);
+
+                if (attribs != null && attribs.Length > 0)
+                {
+                    bool found = false;
+                    foreach (SecureConfigSectionAttribute attribInst in attribs)
+                    {
+                        if (attribInst.IsPropSet(section.GetType(), section))
+                        {
+                            found = true;
+                            break;
+                        }
+                    }
+
+                    if (!found)
+                        continue;
+                }
+                else
+                    continue;
+
+                if (!section.SectionInformation.IsProtected)
+                {
+                    section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
+                    section.SectionInformation.ForceSave = true;
+                    section.SectionInformation.ForceDeclaration(true);
+                }
+            }
 
             _cfgManager.Save(ConfigurationSaveMode.Modified);
-		}
+        }
+
 
-
     }
 }