Unable to use action as cxAction rejects response from AWS ALB #45

raoganeshr · 2022-05-02T17:32:58Z

Description
We are hosting the CheckMarx server in AWS. As part of the authentication flow in cx-flow action, it tries to communicate with the Checkmarx Server.
We have sticky session enabled on the server and hence the AWS ALB returns which is in turned rejected by checkmarx-cxflow-github-action.

Expected Behavior
Cookie should be accepted and login succeed to allow the action to work.

Actual Behavior
Cookie is rejected, a warning is generated and then the flow fails.

Reproduction

Setup Checkmarx server on AWS.
Enable sticky sessions on AWS ALB and expose checkmarx url via ALB
Use checkmarx-cxflow-github-action.

Action fails with this call stack:
2022-05-02 16:07:47.083 INFO 7 --- [ main] c.c.s.s.CxAuthService [XNDH1cWD] : Logging into Checkmarx https://checkmarx.server.com/cxrestapi/auth/identity/connect/token
2022-05-02 16:07:48.064 WARN 7 --- [ main] o.a.h.c.p.ResponseProcessCookies [XNDH1cWD] : Invalid cookie header: "Set-Cookie: AWSALB=Bq2xYV4He/Mc8cKLapJtMCueprIW/IWcCnPlq/Bw8g89srK5OYsXByF1oVOWFT1WCJATXxMchOygF9307z7GOxp1+tWLZebWVL/EvuO6z5v7; Expires=Mon, 09 May 2022 16:07:47 GMT; Path=/". Invalid 'expires' attribute: Mon, 09 May 2022 16:07:47 GMT
2022-05-02 16:07:48.065 WARN 7 --- [ main] o.a.h.c.p.ResponseProcessCookies [XNDH1cWD] : Invalid cookie header: "Set-Cookie: AWSALBCORS=Bq2xY95V4He/Mc8cKLMOdCueprIW/IWcCnPlq/Bw8g89srK5OYsX9WCJATXxMchOygF9307z7GOxp1+tWLZebWVL/EvuOz5v7; Expires=Mon, 09 May 2022 16:07:47 GMT; Path=/; SameSite=None; Secure". Invalid 'expires' attribute: Mon, 09 May 2022 16:07:47 GMT
2022-05-02 16:07:48.085 ERROR 7 --- [ main] c.c.s.s.CxAuthService [XNDH1cWD] : Error occurred white obtaining Access Token. Possibly incorrect credentials
2022-05-02 16:07:48.088 ERROR 7 --- [ main] c.c.s.s.CxAuthService [XNDH1cWD] : org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: "{"error":"invalid_client"}"
at org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:101)
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:168)
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:122)
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:819)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:777)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:437)
at com.checkmarx.sdk.service.CxAuthService.getAuthToken(CxAuthService.java:99)
at com.checkmarx.sdk.service.CxAuthService.getAuthToken(CxAuthService.java:62)
at com.checkmarx.sdk.service.CxAuthService.createAuthHeaders(CxAuthService.java:237)
at com.checkmarx.sdk.service.CxService.getTeamId(CxService.java:1403)
at com.checkmarx.flow.sastscanning.ScanRequestConverter.determineOwnerId(ScanRequestConverter.java:123)
at com.checkmarx.flow.sastscanning.ScanRequestConverter.determineTeamAndOwnerID(ScanRequestConverter.java:87)
at com.checkmarx.flow.service.AbstractVulnerabilityScanner.executeCxScan(AbstractVulnerabilityScanner.java:246)
at com.checkmarx.flow.service.AbstractVulnerabilityScanner.scanLocalPath(AbstractVulnerabilityScanner.java:317)
at com.checkmarx.flow.service.AbstractVulnerabilityScanner.scanCli(AbstractVulnerabilityScanner.java:201)
at com.checkmarx.flow.CxFlowRunner.lambda$scanLocalPath$1(CxFlowRunner.java:590)
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1384)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:546)
at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:505)
at com.checkmarx.flow.CxFlowRunner.runOnActiveScanners(CxFlowRunner.java:649)
at com.checkmarx.flow.CxFlowRunner.scanLocalPath(CxFlowRunner.java:590)
at com.checkmarx.flow.CxFlowRunner.commandLineRunner(CxFlowRunner.java:463)
at com.checkmarx.flow.CxFlowRunner.run(CxFlowRunner.java:93)
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:768)
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:758)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:310)
at com.checkmarx.flow.CxFlowApplication.main(CxFlowApplication.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88)

2022-05-02 16:07:48.098 ERROR 7 --- [ main] c.c.f.CxFlowRunner [XNDH1cWD] : An error occurred while processing request

com.checkmarx.sdk.exception.InvalidCredentialsException: null
at com.checkmarx.sdk.service.CxAuthService.getAuthToken(CxAuthService.java:114)
at com.checkmarx.sdk.service.CxAuthService.getAuthToken(CxAuthService.java:62)
at com.checkmarx.sdk.service.CxAuthService.createAuthHeaders(CxAuthService.java:237)
at com.checkmarx.sdk.service.CxService.getTeamId(CxService.java:1403)
at com.checkmarx.flow.sastscanning.ScanRequestConverter.determineOwnerId(ScanRequestConverter.java:123)
at com.checkmarx.flow.sastscanning.ScanRequestConverter.determineTeamAndOwnerID(ScanRequestConverter.java:87)
at com.checkmarx.flow.service.AbstractVulnerabilityScanner.executeCxScan(AbstractVulnerabilityScanner.java:246)
at com.checkmarx.flow.service.AbstractVulnerabilityScanner.scanLocalPath(AbstractVulnerabilityScanner.java:317)
at com.checkmarx.flow.service.AbstractVulnerabilityScanner.scanCli(AbstractVulnerabilityScanner.java:201)
at com.checkmarx.flow.CxFlowRunner.lambda$scanLocalPath$1(CxFlowRunner.java:590)
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1384)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:546)
at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)
at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:505)
at com.checkmarx.flow.CxFlowRunner.runOnActiveScanners(CxFlowRunner.java:649)
at com.checkmarx.flow.CxFlowRunner.scanLocalPath(CxFlowRunner.java:590)
at com.checkmarx.flow.CxFlowRunner.commandLineRunner(CxFlowRunner.java:463)
at com.checkmarx.flow.CxFlowRunner.run(CxFlowRunner.java:93)
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:768)
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:758)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:310)
at com.checkmarx.flow.CxFlowApplication.main(CxFlowApplication.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88)

Environment Details
Checkmarx 9.4 server
Latest checkmarx-cxflow-github-action

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unable to use action as cxAction rejects response from AWS ALB #45

Unable to use action as cxAction rejects response from AWS ALB #45

raoganeshr commented May 2, 2022 •

edited

Loading

Unable to use action as cxAction rejects response from AWS ALB #45

Unable to use action as cxAction rejects response from AWS ALB #45

Comments

raoganeshr commented May 2, 2022 • edited Loading

raoganeshr commented May 2, 2022 •

edited

Loading