From 399cd8361f94cdb94d3b7f4ba0acb18254901cea Mon Sep 17 00:00:00 2001 From: Aniket Shinde Date: Mon, 20 Apr 2026 11:18:06 +0530 Subject: [PATCH 1/2] AST-146807: Create Cloud MD file for ast-cli-java-wrapper repository - Added comprehensive Cloud.md with all essential sections: - Project Overview - Architecture and design patterns - Repository structure - Technology stack (Maven, Java 8, Jackson, Lombok, etc.) - Development setup and prerequisites - Coding standards and guidelines - Project rules and conventions - Testing strategy with JUnit 5 and code coverage - Known issues and limitations - Included recommended sections: - Database schema (N/A for client library) - External integrations (AST Platform, Maven Central) - Deployment information - Performance considerations - API/Endpoints/Interfaces documentation - Security & Access controls - Logging configuration - Debugging steps and common issues - Documentation follows the standardization template from epic AST-146793 --- Claude.md | 598 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 598 insertions(+) create mode 100644 Claude.md diff --git a/Claude.md b/Claude.md new file mode 100644 index 00000000..c0c3be08 --- /dev/null +++ b/Claude.md @@ -0,0 +1,598 @@ +# Cloud.md - AST CLI Java Wrapper Repository + +## Project Overview + +The **ast-cli-java-wrapper** is a Java SDK/wrapper library that provides a shared infrastructure and abstraction layer for the Checkmarx Application Security Testing (AST) platform. It serves as a client library for integrating AST capabilities into Java-based applications and CI/CD pipelines. The wrapper offers technology-neutral repository interfaces and a metadata model for persisting Java classes, enabling developers to interact with the AST platform programmatically. + +**Repository:** https://github.com/CheckmarxDev/ast-cli-java-wrapper +**Package:** Published as Maven dependency (com.checkmarx.ast:ast-cli-java-wrapper) + +--- + +## Architecture + +The ast-cli-java-wrapper follows a modular architecture with clear separation of concerns: + +``` +ast-cli-java-wrapper/ +├── src/main/java/com/checkmarx/ast/ +│ ├── wrapper/ # Core wrapper utilities (CxConfig, CxException, CxConstants) +│ ├── asca/ # ASCA (Application Source Code Analysis) module +│ ├── codebashing/ # CodeBashing integration +│ ├── containersrealtime/ # Container scanning real-time results +│ ├── iacrealtime/ # IaC (Infrastructure as Code) real-time results +│ ├── kicsRealtimeResults/ # KICS (Kics Infrastructure Code Scanner) results +│ ├── ossrealtime/ # OSS (Open Source Software) real-time vulnerability scanning +│ ├── learnMore/ # Learning resources integration +│ ├── mask/ # Secret masking functionality +│ ├── project/ # Project management interfaces +│ ├── scan/ # Scan management +│ ├── results/ # Result handling and processing +│ ├── remediation/ # Remediation guidance +│ ├── predicate/ # Predicate-based filtering +│ └── tenant/ # Tenant management +├── src/test/java/ # Unit tests (JUnit 5) +└── src/main/resources/ # Configuration resources +``` + +**Design Pattern:** The wrapper uses a layered architecture with: +- **Interface Layer:** Technology-neutral interfaces for extensibility +- **Implementation Layer:** Concrete implementations for AST integration +- **Data Model Layer:** POJOs (Plain Old Java Objects) for data persistence and serialization +- **Utility Layer:** Configuration management (CxConfig), exception handling (CxException), and constants + +--- + +## Repository Structure + +``` +. +├── pom.xml # Maven configuration and dependencies +├── README.md # User-facing documentation +├── Cloud.md # This file - development/deployment documentation +├── src/ +│ ├── main/ +│ │ ├── java/ # Production source code +│ │ └── resources/ # Configuration files and resources +│ └── test/ +│ ├── java/ # Unit tests (JUnit 5 + Jupiter) +│ └── resources/ # Test configuration and fixtures +├── target/ # Build output (generated during maven clean install) +└── .github/ # GitHub Actions, workflows (if present) +``` + +**Key Files:** +- `pom.xml` - Defines Maven build configuration, dependencies, and JaCoCo code coverage plugin +- `src/main/java/com/checkmarx/ast/wrapper/CxConfig.java` - Core configuration class +- `src/main/java/com/checkmarx/ast/wrapper/CxException.java` - Custom exception handling +- `src/main/java/com/checkmarx/ast/wrapper/CxConstants.java` - Application constants + +--- + +## Technology Stack + +| Component | Technology | Version | +|-----------|-----------|---------| +| **Language** | Java | 8+ | +| **Build Tool** | Maven | 3+ | +| **JSON Processing** | Jackson | 2.21.1 | +| **JSON Serialization** | GSON | 2.12.1 | +| **Utilities** | Lombok | 1.18.32 | +| **Commons** | Apache Commons Lang3 | 3.18.0 | +| **JSON Parsing** | JSON-Simple | 1.1.1 | +| **Logging** | SLF4J | 2.0.12 | +| **Testing** | JUnit 5 (Jupiter) | 5.10.2 | +| **Code Coverage** | JaCoCo | 0.8.8 | + +**Key Dependencies:** +- **Jackson** - Primary JSON serialization/deserialization framework +- **GSON** - Alternative/supplementary JSON processing +- **Lombok** - Reduces boilerplate via annotations (@Data, @Getter, @Setter, etc.) +- **SLF4J** - Logging abstraction layer with slf4j-simple binding +- **JUnit 5** - Modern testing framework with parameterized tests and extensions + +--- + +## Development Setup + +### Prerequisites + +- **Java Development Kit (JDK):** Version 8 or higher + - Download from [Oracle JDK](https://www.oracle.com/java/technologies/downloads/) or use OpenJDK + - Verify: `java -version` and `javac -version` + +- **Maven:** Version 3.6.0 or higher + - Download from [Apache Maven](https://maven.apache.org/download.cgi) + - Verify: `mvn -version` + +- **Git:** For cloning and version control + +### Local Setup Steps + +1. **Clone the repository:** + ```bash + git clone https://github.com/CheckmarxDev/ast-cli-java-wrapper.git + cd ast-cli-java-wrapper + ``` + +2. **Build the project:** + ```bash + mvn clean install + ``` + - Compiles source code, runs tests, and generates JAR artifact + - Output: `target/ast-cli-java-wrapper-[version].jar` + +3. **Run tests:** + ```bash + mvn test + ``` + +4. **Generate code coverage report:** + ```bash + mvn test jacoco:report + ``` + - Coverage report available at: `target/site/jacoco/index.html` + +5. **Install to local Maven repository:** + ```bash + mvn install + ``` + +### Integration Tests Setup + +To run integration tests that interact with the AST platform, set environment variables: + +**Linux/macOS:** +```bash +export CX_CLIENT_ID="your_client_id" +export CX_CLIENT_SECRET="your_client_secret" +export CX_APIKEY="your_api_key" +export CX_BASE_URI="https://ast.checkmarx.net" +export CX_BASE_AUTH_URI="https://iam.checkmarx.net" +export CX_TENANT="your_tenant_name" +export PATH_TO_EXECUTABLE="/path/to/ast-cli-executable" +``` + +**Windows (PowerShell):** +```powershell +setx CX_CLIENT_ID "your_client_id" +setx CX_CLIENT_SECRET "your_client_secret" +setx CX_APIKEY "your_api_key" +setx CX_BASE_URI "https://ast.checkmarx.net" +setx CX_BASE_AUTH_URI "https://iam.checkmarx.net" +setx CX_TENANT "your_tenant_name" +setx PATH_TO_EXECUTABLE "path\to\ast-cli-executable" +``` + +### IDE Configuration + +- **IntelliJ IDEA:** Import project as Maven project, mark `src/main/java` as Sources Root, `src/test/java` as Tests Root +- **Eclipse:** Use `mvn eclipse:eclipse` or import via "Existing Maven Projects" +- **VS Code:** Install "Extension Pack for Java" and "Maven for Java" extensions + +--- + +## Coding Standards + +### Code Style Guidelines + +1. **Naming Conventions:** + - Classes: PascalCase (e.g., `CxConfig`, `ScanResult`) + - Methods/Variables: camelCase (e.g., `getScanId()`, `scanDetails`) + - Constants: UPPER_SNAKE_CASE (e.g., `MAX_TIMEOUT`, `DEFAULT_PORT`) + - Private fields: prefix with underscore or use Lombok annotations + +2. **Lombok Annotations:** + - Use `@Data` for POJOs (generates getters, setters, equals, hashCode, toString) + - Use `@Getter` / `@Setter` for selective generation + - Use `@AllArgsConstructor` / `@NoArgsConstructor` for constructors + - Avoid verbose getter/setter implementations + +3. **Jackson Annotations:** + - Use `@JsonProperty("fieldName")` for JSON serialization mapping + - Use `@JsonIgnore` for excluding fields from JSON + - Use `@JsonDeserialize` / `@JsonSerialize` for custom type handling + +4. **Documentation:** + - Add JavaDoc comments for public classes and methods + - Keep comments concise and explain the "why", not the "what" + - Include examples in JavaDoc for complex methods + +5. **Exception Handling:** + - Extend `CxException` for domain-specific exceptions + - Use try-catch only for exceptional conditions, not control flow + - Log exceptions with appropriate level (error, warn, debug) + +6. **Code Organization:** + - Keep classes focused on a single responsibility + - Group related methods and fields together + - Use access modifiers appropriately (private by default, public only when needed) + +### Code Quality Tools + +- **JaCoCo Code Coverage:** Minimum coverage target is maintained via `pom.xml` configuration + - Excluded packages (data models, generated code) specified in JaCoCo excludes + - Run: `mvn jacoco:report` to generate coverage report + +- **Maven Compiler:** Configured for Java 8 compatibility + - Source: Java 8 + - Target: Java 8 + - Encoding: UTF-8 + +--- + +## Project Rules + +1. **Branching Strategy:** + - Main development branch: `main` + - Feature branches: `feature/*` + - Bug fixes: `bugfix/*` + - Hotfixes: `hotfix/*` + - Delete merged branches to keep repository clean + +2. **Commit Standards:** + - Write clear, descriptive commit messages + - Reference Jira ticket IDs in commit messages (e.g., "AST-12345: Add feature description") + - Keep commits atomic and logically grouped + +3. **Pull Requests:** + - Create PR against `main` branch + - Include description and acceptance criteria + - Ensure all tests pass before merging + - Require code review from at least one team member + - Squash commits on merge for cleaner history + +4. **Version Management:** + - Versions defined in `pom.xml` as `${ast.wrapper.version}` + - Follow semantic versioning (MAJOR.MINOR.PATCH) + - Update version before release + - Tag releases in Git (e.g., `v1.0.14`) + +5. **Dependency Management:** + - Keep dependencies updated, especially security patches + - Use Maven Dependabot or similar tools for automatic updates + - Review dependency changes in PRs for breaking changes + - Exclude conflicting transitive dependencies if needed + +6. **Documentation:** + - Keep README.md and Cloud.md synchronized with changes + - Document API changes in PR descriptions + - Update environment variables list if new ones are required + +--- + +## Testing Strategy + +### Testing Pyramid + +``` + /\ + / \ Integration Tests (Integration with AST platform) + /____\ + / \ + / \ Unit Tests (JUnit 5 - ~80% of tests) + /________\ + / \ + / \ Manual Testing & E2E + /____________\ +``` + +### Unit Testing + +- **Framework:** JUnit 5 (Jupiter) +- **Location:** `src/test/java/` +- **Naming Convention:** `*Test.java` or `*Tests.java` +- **Coverage Target:** >70% for core modules +- **Execution:** `mvn test` + +**Example Unit Test Structure:** +```java +@DisplayName("ScanResult Tests") +class ScanResultTest { + @Test + @DisplayName("Should deserialize scan result from JSON") + void testDeserializeScanResult() { + // Test implementation + } +} +``` + +### Integration Tests + +- **Environment Setup:** Requires AST platform credentials (see Development Setup) +- **Credentials:** Use environment variables for sensitive data +- **Isolation:** Test data should be isolated and cleaned up after tests +- **Skip in CI:** Can be skipped in pull request CI if platform access is limited + +### Test Fixtures & Mocks + +- Use JSON files in `src/test/resources/` for sample data +- Mock external dependencies where appropriate +- Use parameterized tests (`@ParameterizedTest`) for multiple scenarios + +### Code Coverage + +- **Tool:** JaCoCo Maven Plugin +- **Report Location:** `target/site/jacoco/index.html` +- **Excluded from Coverage:** Data models, POJOs, generated code (as specified in pom.xml) +- **Run:** `mvn test jacoco:report` + +--- + +## Known Issues + +1. **Java 8 Compatibility:** The project targets Java 8 for compatibility with older systems, which limits access to newer Java features (records, text blocks, sealed classes, etc.) + +2. **Dual JSON Libraries:** Both Jackson and GSON are included as dependencies, which may lead to subtle differences in serialization behavior. Prefer Jackson for primary serialization unless GSON is specifically required. + +3. **SLF4J Simple Binding:** The `slf4j-simple` binding is basic and may not be suitable for production environments. Consider switching to Logback or Log4j2 for advanced features. + +4. **JaCoCo Excludes:** Large portions of the codebase are excluded from code coverage (data models, results, etc.), which may mask untested code paths. Review excludes periodically. + +5. **Maven Build Performance:** Large transitive dependency trees and full coverage analysis can slow down builds. Use `mvn clean install -DskipTests` for faster builds during development. + +--- + +## Database Schema + +Not applicable - this is a client library with no persistent storage or database dependencies. + +--- + +## External Integrations + +1. **Checkmarx AST Platform:** + - **Purpose:** Provides security scanning, remediation guidance, and vulnerability data + - **Integration Points:** REST API calls via HTTP clients + - **Authentication:** OAuth 2.0 via `CX_CLIENT_ID` and `CX_CLIENT_SECRET`, or API key via `CX_APIKEY` + - **Endpoints:** Configured via `CX_BASE_URI` and `CX_BASE_AUTH_URI` + +2. **Maven Central Repository:** + - **Artifact:** com.checkmarx.ast:ast-cli-java-wrapper + - **Distribution:** Published JAR for inclusion in other projects + +3. **GitHub:** + - **Repository:** CheckmarxDev/ast-cli-java-wrapper + - **CI/CD:** Likely uses GitHub Actions for automated builds and tests + +--- + +## Deployment Info + +### Publishing to Maven Central + +1. **Build Release:** + ```bash + mvn clean install + ``` + +2. **Create Release Tag:** + ```bash + git tag -a v1.0.14 -m "Release version 1.0.14" + git push origin v1.0.14 + ``` + +3. **Deploy to Maven Central (Checkmarx Process):** + - Typically handled by CI/CD pipeline or release manager + - Requires Sonatype credentials and GPG signing + - Uses `mvn deploy` with Maven settings.xml configuration + +### Artifact Coordinates + +```xml + + com.checkmarx.ast + ast-cli-java-wrapper + 1.0.14 + +``` + +### Versioning + +- Current version: Check `pom.xml` for `` property +- Increment version before release +- Use semantic versioning (MAJOR.MINOR.PATCH) + +--- + +## Performance Considerations + +1. **Serialization:** Jackson is the primary JSON serialization engine and is optimized for performance. Ensure large result sets are streamed rather than loaded entirely in memory. + +2. **HTTP Client Configuration:** Consider connection pooling and timeout configurations when making requests to the AST platform. + +3. **Memory Usage:** For large scan results (KICS, OSS, containers), implement pagination or streaming to avoid OutOfMemoryError. + +4. **Compilation:** Java 8 target ensures compatibility but limits optimization opportunities available in newer Java versions. + +5. **Build Optimization:** Use `mvn clean install -T 1C` for parallel build threads to speed up compilation. + +--- + +## API/Endpoints/Interfaces + +### Core Interfaces + +**CxConfig** - Configuration management +- `getClientId()` - OAuth client identifier +- `getClientSecret()` - OAuth client secret +- `getApiKey()` - API key for authentication +- `getBaseUri()` - AST platform base URL +- `getBaseAuthUri()` - Identity/authentication service URL +- `getTenant()` - Tenant identifier + +**CxException** - Custom exception for domain errors +- Extends RuntimeException +- Used for all AST-specific error conditions + +### Module-Specific Interfaces + +- **Scan Module:** Scan creation, retrieval, status management +- **Results Module:** Result parsing, filtering, and analysis +- **ASCA Module:** Application source code analysis results +- **OSS Module:** Open source software vulnerability data +- **KICS Module:** Infrastructure as code scanning results +- **Remediation Module:** Remediation guidance and solutions +- **CodeBashing Module:** Security training integration +- **Containers Module:** Container image scanning results + +--- + +## Security & Access + +### Authentication + +1. **OAuth 2.0:** + - Client ID: `CX_CLIENT_ID` + - Client Secret: `CX_CLIENT_SECRET` + - Token endpoint: `CX_BASE_AUTH_URI` + - Recommended for service-to-service integration + +2. **API Key:** + - API Key: `CX_APIKEY` + - Recommended for personal use and testing + - Less secure than OAuth, use with caution in production + +### Authorization + +- **Tenant-Based:** Access controlled at tenant level via `CX_TENANT` +- **Scope-Based:** Different operations may require different permissions in AST platform +- **Role-Based:** User roles in AST platform determine available operations + +### Secrets Management + +- **Never commit credentials** to version control +- Use environment variables for local development +- Use CI/CD secrets managers for automated deployments +- Rotate API keys and client secrets regularly +- Audit access logs for suspicious activity + +### Data Protection + +- Use HTTPS for all API communication +- Jackson's default serialization is safe from injection attacks +- Validate all external input before processing +- Sanitize output if displaying user data +- Review JaCoCo excludes to ensure security code is tested + +--- + +## Logging + +### Logging Framework + +- **Framework:** SLF4J with slf4j-simple binding +- **Configuration:** Can be customized via `simplelogger.properties` in classpath +- **Production Use:** Consider upgrading to Logback or Log4j2 for advanced features + +### Logger Usage + +```java +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +class MyClass { + private static final Logger log = LoggerFactory.getLogger(MyClass.class); + + public void myMethod() { + log.info("Operation started"); + log.debug("Debug information"); + log.warn("Warning message"); + log.error("Error occurred", exception); + } +} +``` + +### Log Levels + +- **DEBUG:** Detailed information for debugging +- **INFO:** General informational messages +- **WARN:** Warning messages for potentially problematic situations +- **ERROR:** Error messages for failures + +### Sensitive Data + +- Never log credentials, API keys, or secrets +- Mask sensitive information in logs (user IDs, tokens, etc.) +- Use `log.debug()` for development-only logging +- Review logs regularly for security issues + +--- + +## Debugging Steps + +### Local Debugging + +1. **Enable Debug Logging:** + ```bash + mvn test -Dorg.slf4j.simpleLogger.defaultLogLevel=debug + ``` + +2. **IDE Debugging:** + - Set breakpoints in IDE + - Run tests in debug mode: Right-click test → "Debug" + - Use IntelliJ Debugger or Eclipse Debug perspective + +3. **Maven Debug Output:** + ```bash + mvn -X clean install # Very verbose output + mvn -e test # Print stack traces + ``` + +### Common Issues + +| Issue | Cause | Solution | +|-------|-------|----------| +| Test failures | Missing environment variables | Set CX_* environment variables for integration tests | +| Build failures | Java version mismatch | Ensure JDK 8+ is installed and JAVA_HOME is set | +| Dependency conflicts | Transitive dependency issues | Check pom.xml for exclusions or use `mvn dependency:tree` | +| OOM errors | Large scan results | Increase heap size: `export MAVEN_OPTS="-Xmx2g"` | +| Slow builds | Parallel testing disabled | Use `mvn clean install -T 1C` for parallel builds | + +### Useful Maven Commands + +```bash +mvn dependency:tree # Show dependency hierarchy +mvn help:describe-mojo -Dplugin=org.apache.maven.plugins:maven-compiler-plugin # Plugin help +mvn clean install -o # Offline build (use cached dependencies) +mvn test -Dtest=ScanResultTest # Run specific test +mvn test -Dtest=*Integration # Run tests matching pattern +``` + +### Profiling & Analysis + +```bash +# Generate detailed build report +mvn clean install -Dmaven.compiler.verbose=true + +# Check for deprecated API usage +mvn compile -Werror:sunapi + +# Analyze code with SpotBugs (if configured) +mvn spotbugs:check +``` + +--- + +## Contributing + +- Follow coding standards outlined above +- Write unit tests for new functionality +- Ensure all tests pass: `mvn clean install` +- Update documentation for API changes +- Create pull request with clear description +- Respond to code review feedback +- Maintain backward compatibility where possible + +--- + +## Support & Contact + +**Team:** Checkmarx - AST Integrations Team +**Project Link:** https://github.com/CheckmarxDev/ast-cli-java-wrapper +**Issues:** GitHub Issues for bug reports and feature requests + +--- + +**Last Updated:** April 20, 2026 +**Status:** In Active Development From 472587fe27ac7abd7892f25d215b47c24bb018a3 Mon Sep 17 00:00:00 2001 From: atishj99 Date: Mon, 13 Jul 2026 13:49:33 +0530 Subject: [PATCH 2/2] Squashed commit of the following: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 8e107dc0222f47ca82e43df28c227bdf2d78379f Author: Atish Jadhav Date: Tue Jun 23 19:34:27 2026 +0530 security: fix SCA vulnerability for JUnit (#488) Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com> commit 06dafaa396c177baeab1ca2d592a592977f3380c Author: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com> Date: Mon Jun 22 12:37:18 2026 +0100 security: harden release workflow and declare workflow_call secrets (#487) * security: harden release workflow and declare workflow_call secrets - Replace actions/checkout v4.3.1 with v6.0.3 and switch from PERSONAL_ACCESS_TOKEN to GITHUB_TOKEN - Fix script injection in Download CLI, Tag, Update POM, Build artifactId, and Publish steps by moving inputs to env vars - Replace deprecated ::set-output with $GITHUB_OUTPUT in Tag step - Update actions/setup-java v4.3.0 to v5.2.0 - Add explicit secrets declaration for workflow_call (MAVEN_GPG_PASSPHRASE, MAVEN_GPG_PRIVATE_KEY, OSSRH_TOKEN, OSSRH_USERNAME) - Fix broken shell conditional in Build artifactId property step * chore(gha): harden GitHub Actions workflows security * chore(gha): disable nightly trigger and remove pr-labeler workflow * chore(gha): configure echo mirror for Maven dependency resolution commit 6661e6016c1aec3e711fb0afe763997fbaa68971 Author: Atish Jadhav <141334503+cx-atish-jadhav@users.noreply.github.com> Date: Thu Jun 18 22:49:44 2026 +0530 Updating ast-cli version and binaries 2.3.54 (#485) * Updating ast-cli version and binaries * Harden workflows: scope permissions, fix set-output, replace dev-drprasad, remove repository_dispatch, comment notify and spotbugs * Remove Maven cache from release and CI workflows * Add publish input to gate Maven Central deploy --------- Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com> commit 06b449c4f896e2d6ffc2f0ae24139ea8aa4d94ec Author: Alon Rosenhek <80337069+cx-alon-rosenhek@users.noreply.github.com> Date: Thu Jun 18 16:57:16 2026 +0300 chore: remove .github/workflows/dependabot-auto-merge.yml commit 6fb3166e7b397aa295f02b8bdc2d5e0d3fbe1d08 Author: Ohad Israeli <243351248+cx-ohad-israeli@users.noreply.github.com> Date: Wed Jun 10 17:39:51 2026 +0300 chore: remove Dependabot configuration commit 814a504d0ad8e2d219aee6742c7bea2b7c3f74a2 Author: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> Date: Fri May 29 21:25:57 2026 -0400 [StepSecurity] Apply security best practices (#481) Signed-off-by: StepSecurity Bot Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> --- .github/dependabot.yml | 17 --- .github/workflows/auto-merge-pr.yml | 20 ---- .github/workflows/checkmarx-one-scan.yml | 30 +++++ .github/workflows/ci.yml | 29 ++--- .github/workflows/dependabot-auto-merge.yml | 25 ---- .github/workflows/manual-tag.yml | 17 +-- .github/workflows/nightly.yml | 31 +++-- .github/workflows/pr-label.yml | 19 ---- .github/workflows/release.yml | 119 ++++++++++++-------- .github/workflows/update-cli.yml | 14 +-- checkmarx-ast-cli.version | 2 +- pom.xml | 12 ++ src/main/resources/cx-linux | 4 +- src/main/resources/cx-linux-arm | 4 +- src/main/resources/cx-mac | 4 +- src/main/resources/cx.exe | 4 +- 16 files changed, 176 insertions(+), 175 deletions(-) delete mode 100644 .github/dependabot.yml delete mode 100644 .github/workflows/auto-merge-pr.yml create mode 100644 .github/workflows/checkmarx-one-scan.yml delete mode 100644 .github/workflows/dependabot-auto-merge.yml delete mode 100644 .github/workflows/pr-label.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 0d227cdc..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,17 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - -version: 2 -updates: - - package-ecosystem: "maven" # See documentation for possible values - directory: "/" # Location of package manifests - schedule: - interval: "daily" - - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "daily" - diff --git a/.github/workflows/auto-merge-pr.yml b/.github/workflows/auto-merge-pr.yml deleted file mode 100644 index d215fd2d..00000000 --- a/.github/workflows/auto-merge-pr.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: Post-Check Actions -on: [pull_request] - -permissions: - contents: write - -jobs: - dependabot-merge: - runs-on: cx-public-ubuntu-x64 - if: contains(github.head_ref, 'feature/update_cli') - steps: - - name: Enable auto-merge for Dependabot PRs - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.PERSONAL_ACCESS_TOKEN }} - run: gh pr merge --auto --squash "$PR_URL" - - name: Auto approve dependabot PRs - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 #v4 - with: - github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} diff --git a/.github/workflows/checkmarx-one-scan.yml b/.github/workflows/checkmarx-one-scan.yml new file mode 100644 index 00000000..0c441b73 --- /dev/null +++ b/.github/workflows/checkmarx-one-scan.yml @@ -0,0 +1,30 @@ +name: Checkmarx One Scan +on: + workflow_dispatch: + pull_request: + push: + branches: + - main + schedule: + - cron: "00 7 * * *" # Every day at 07:00 + +permissions: + contents: read + +jobs: + cx-scan: + name: Checkmarx One Scan + permissions: + contents: read + runs-on: cx-public-ubuntu-x64 + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Checkmarx One CLI Action + uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc #v.2.3.19 + with: + base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }} + cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }} + cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }} + cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }} + additional_params: --tags sypher --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 145ea6f7..e1f15117 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,14 +2,19 @@ name: AST Java Wrapper CI on: [ pull_request ] +permissions: + contents: read + jobs: integration-tests: + permissions: + contents: read runs-on: cx-public-ubuntu-x64 steps: - name: Checkout uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: - token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} lfs: true - name: Install Git LFS @@ -21,20 +26,16 @@ jobs: - name: Checkout LFS objects run: git lfs checkout - - name: Cache local Maven repository - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - name: Set up JDK 11 uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 with: distribution: 'temurin' java-version: '11' + - name: Configure echo mirror for dependency resolution + run: | + sed -i 's||echocentralhttps://maven.echohq.com|' ~/.m2/settings.xml + - name: Check existence of cx-linux binary run: | if [ ! -f "src/main/resources/cx-linux" ]; then @@ -82,8 +83,8 @@ jobs: - name: Build with Maven run: mvn -B verify -DskipTests -Dgpg.skip --file pom.xml - - name: Run SpotBugs Analysis - if: ${{ github.actor != 'dependabot[bot]' }} - uses: jwgmeligmeyling/spotbugs-github-action@b8e2c3523acb34c87f14e18cbcd2d87db8c8584e #v1.2 - with: - path: '**/spotbugsXml.xml' + # - name: Run SpotBugs Analysis + # if: ${{ github.actor != 'dependabot[bot]' }} + # uses: jwgmeligmeyling/spotbugs-github-action@b8e2c3523acb34c87f14e18cbcd2d87db8c8584e #v1.2 + # with: + # path: '**/spotbugsXml.xml' diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml deleted file mode 100644 index 99bbfd66..00000000 --- a/.github/workflows/dependabot-auto-merge.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Dependabot auto-merge -on: pull_request - -permissions: - contents: write - -jobs: - dependabot-merge: - runs-on: cx-public-ubuntu-x64 - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 #v2.2.0 - with: - github-token: "${{ secrets.PERSONAL_ACCESS_TOKEN }}" - - name: Enable auto-merge for Dependabot PRs - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.PERSONAL_ACCESS_TOKEN }} - run: gh pr merge --auto --squash "$PR_URL" - - name: Auto approve dependabot PRs - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 #v4 - with: - github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} diff --git a/.github/workflows/manual-tag.yml b/.github/workflows/manual-tag.yml index 8fb056dc..57f0d508 100644 --- a/.github/workflows/manual-tag.yml +++ b/.github/workflows/manual-tag.yml @@ -19,14 +19,17 @@ jobs: - name: Checkout uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: - token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} - name: Tag + env: + INPUT_TAG: ${{ github.event.inputs.tag }} + PR_NUMBER: ${{ github.event.pull_request.number }} + PR_TITLE: ${{ github.event.pull_request.title }} run: | - echo ${{ github.event.inputs.tag }} - echo "NEXT_VERSION=${{ github.event.inputs.tag }}" >> $GITHUB_ENV - tag=${{ github.event.inputs.tag }} - message='${{ github.event.inputs.tag }}: PR #${{ github.event.pull_request.number }} ${{ github.event.pull_request.title }}' + echo "$INPUT_TAG" + echo "NEXT_VERSION=$INPUT_TAG" >> $GITHUB_ENV + message="$INPUT_TAG: PR #$PR_NUMBER $PR_TITLE" git config user.name "${GITHUB_ACTOR}" git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" - git tag -a "${tag}" -m "${message}" - git push origin "${tag}" + git tag -a "$INPUT_TAG" -m "$message" + git push origin "$INPUT_TAG" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 73efdc65..5a8b2c9f 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -1,26 +1,35 @@ name: Nightly Release on: - push: - branches: - - main + workflow_dispatch: # push disabled — re-enable when nightly is ready + # push: + # branches: + # - main + +permissions: + contents: read jobs: delete_tag: + permissions: + contents: write runs-on: cx-public-ubuntu-x64 steps: - - name: Delete release - uses: dev-drprasad/delete-tag-and-release@8cd619d00037e4aeb781909c9a6b03940507d0da # v1.0.1 + - name: Delete release and tag env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - delete_release: true - tag_name: 1.0.0-SNAPSHOT + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release delete "1.0.0-SNAPSHOT" --yes --cleanup-tag --repo ${{ github.repository }} || true + nightly: needs: delete_tag - uses: CheckmarxDev/ast-cli-java-wrapper/.github/workflows/release.yml@main + uses: ./.github/workflows/release.yml with: tag: "1.0.0-SNAPSHOT" dev: true cliTag: "2.0.0-nightly" - secrets: inherit + secrets: + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} + OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} + OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }} diff --git a/.github/workflows/pr-label.yml b/.github/workflows/pr-label.yml deleted file mode 100644 index 00dd428e..00000000 --- a/.github/workflows/pr-label.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: PR Labeler -on: - pull_request: - types: [opened] - -permissions: - contents: read - -jobs: - pr-labeler: - permissions: - pull-requests: write # for TimonVS/pr-labeler-action to add labels in PR - runs-on: cx-public-ubuntu-x64 - steps: - - uses: TimonVS/pr-labeler-action@f9c084306ce8b3f488a8f3ee1ccedc6da131d1af #v5 - with: - configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 40fc3593..81520b37 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,6 +16,11 @@ on: description: 'Version of the CLI to bundle' required: false type: string + publish: + description: 'Publish package to Maven Central' + required: false + default: false + type: boolean workflow_call: inputs: tag: @@ -31,25 +36,47 @@ on: description: 'Version of the CLI to bundle' required: false type: string + publish: + description: 'Publish package to Maven Central' + required: false + default: false + type: boolean + secrets: + MAVEN_GPG_PASSPHRASE: + required: true + MAVEN_GPG_PRIVATE_KEY: + required: true + OSSRH_TOKEN: + required: true + OSSRH_USERNAME: + required: true + +permissions: + contents: read jobs: release: + permissions: + id-token: write + contents: write runs-on: cx-public-ubuntu-x64 outputs: CLI_VERSION: ${{ steps.extract_cli_version.outputs.CLI_VERSION }} TAG_NAME: ${{ steps.set_tag_name.outputs.TAG_NAME }} steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: - token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} lfs: true - name: Download CLI if: inputs.cliTag + env: + INPUT_CLI_TAG: ${{ inputs.cliTag }} run: | chmod +x ./.github/scripts/update_cli.sh - ./.github/scripts/update_cli.sh ${{ inputs.cliTag }} + ./.github/scripts/update_cli.sh "$INPUT_CLI_TAG" - name: Extract CLI version id: extract_cli_version @@ -57,7 +84,7 @@ jobs: CLI_VERSION=$(./src/main/resources/cx-linux version | grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+') echo "CLI version being packed is $CLI_VERSION" echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_ENV - echo "::set-output name=CLI_VERSION::$CLI_VERSION" + echo "CLI_VERSION=$CLI_VERSION" >> $GITHUB_OUTPUT - name: Check if CLI version is latest if: ${{ github.event.inputs.dev == 'false' && !github.event.inputs.cliTag && github.ref == 'refs/heads/main' }} @@ -76,27 +103,19 @@ jobs: - name: Tag id: set_tag_name + env: + INPUT_TAG: ${{ inputs.tag }} run: | - echo ${{ inputs.tag }} - tag=${{ inputs.tag }} - echo "RELEASE_VERSION=${{ inputs.tag }}" >> $GITHUB_ENV - message='${{ inputs.tag }}' + echo "$INPUT_TAG" + echo "RELEASE_VERSION=$INPUT_TAG" >> $GITHUB_ENV git config user.name "${GITHUB_ACTOR}" git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" - git tag -a "${tag}" -m "${message}" - git push origin "${tag}" - echo "::set-output name=TAG_NAME::${{ inputs.tag }}" - - - name: Cache local Maven repository - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- + git tag -a "$INPUT_TAG" -m "$INPUT_TAG" + git push origin "$INPUT_TAG" + echo "TAG_NAME=$INPUT_TAG" >> $GITHUB_OUTPUT - name: Set up Maven Central Repository - uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '11' distribution: 'temurin' @@ -106,51 +125,59 @@ jobs: gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} gpg-passphrase: MAVEN_GPG_PASSPHRASE + - name: Configure echo mirror for dependency resolution + run: | + sed -i 's||echocentralhttps://maven.echohq.com|' ~/.m2/settings.xml + - name: Update the POM version. - run: mvn -B versions:set -DnewVersion='${{ env.RELEASE_VERSION }}' --file pom.xml -DskipTests + run: mvn -B versions:set -DnewVersion="$RELEASE_VERSION" --file pom.xml -DskipTests - name: Build artifactId property + env: + INPUT_DEV: ${{ inputs.dev }} + INPUT_TAG: ${{ inputs.tag }} run: | prop='' - if [ ${{ inputs.dev }} = true ] && ![ "${{ inputs.tag }}" = "1.0.0-SNAPSHOT" ]; then + if [ "$INPUT_DEV" = "true" ] && [ "$INPUT_TAG" != "1.0.0-SNAPSHOT" ]; then prop='-Dast.wrapper.id=ast-cli-java-wrapper-dev' fi echo "AID_PROP=${prop}" >> $GITHUB_ENV - name: Publish package - run: mvn --batch-mode deploy -DskipTests ${{ env.AID_PROP }} + if: inputs.publish == true + run: mvn --batch-mode deploy -DskipTests $AID_PROP env: MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} - name: Release - uses: softprops/action-gh-release@a6c7483a42ee9d5daced968f6c217562cd680f7f #v2 + uses: step-security/action-gh-release@277bfa82abcfdb73e5bbb19e213fd76532ee2be5 # v3.0.0 with: generate_release_notes: true tag_name: ${{ inputs.tag }} prerelease: ${{ inputs.dev }} - notify: - if: inputs.dev == false - needs: release - uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main - with: - product_name: Java Wrapper - release_version: ${{ needs.release.outputs.TAG_NAME }} - cli_release_version: ${{ needs.release.outputs.CLI_VERSION }} - release_author: "Sypher Team" - release_url: https://github.com/Checkmarx/ast-cli-java-wrapper/releases/tag/${{ needs.release.outputs.TAG_NAME }} - jira_product_name: JAVA_WRAPPER - secrets: inherit + # notify: + # if: inputs.dev == false + # needs: release + # uses: Checkmarx/plugins-release-workflow/.github/workflows/release-notify.yml@main + # with: + # product_name: Java Wrapper + # release_version: ${{ needs.release.outputs.TAG_NAME }} + # cli_release_version: ${{ needs.release.outputs.CLI_VERSION }} + # release_author: "Sypher Team" + # release_url: https://github.com/Checkmarx/ast-cli-java-wrapper/releases/tag/${{ needs.release.outputs.TAG_NAME }} + # jira_product_name: JAVA_WRAPPER + # secrets: inherit - dispatch_auto_release: - name: Update Jenkins/Jetbrains/Eclipse Extensions With new Wrapper Version - if: inputs.dev == false - needs: notify - uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main - with: - cli_version: ${{ needs.release.outputs.CLI_VERSION }} - is_cli_release: false - is_java_release: true - secrets: inherit + # dispatch_auto_release: + # name: Update Jenkins/Jetbrains/Eclipse Extensions With new Wrapper Version + # if: inputs.dev == false + # needs: notify + # uses: Checkmarx/plugins-release-workflow/.github/workflows/dispatch-workflow.yml@main + # with: + # cli_version: ${{ needs.release.outputs.CLI_VERSION }} + # is_cli_release: false + # is_java_release: true + # secrets: inherit diff --git a/.github/workflows/update-cli.yml b/.github/workflows/update-cli.yml index f50894e1..64037254 100644 --- a/.github/workflows/update-cli.yml +++ b/.github/workflows/update-cli.yml @@ -2,8 +2,6 @@ name: Update checkmarx ast cli on: workflow_dispatch: - repository_dispatch: - types: [cli-version-update] permissions: contents: read @@ -31,8 +29,8 @@ jobs: - name: Get Latest Checkmarx API version id: checkmarx-ast-cli run: | - echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/checkmarx/ast-cli/releases/latest | jq -r ".tag_name") - echo ::set-output name=current_tag::$(> $GITHUB_OUTPUT + echo "current_tag=$(> $GITHUB_OUTPUT - name: Update Checkmarx cli version if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag @@ -40,14 +38,16 @@ jobs: RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }} run: | # Update current release - echo ${{ steps.checkmarx-ast-cli.outputs.release_tag }} > checkmarx-ast-cli.version + echo "$RELEASE_TAG" > checkmarx-ast-cli.version - name: Download latest cli and update branch if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag + env: + RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }} run: | # Update binaries chmod +x ./.github/scripts/update_cli.sh - ./.github/scripts/update_cli.sh ${{ steps.checkmarx-ast-cli.outputs.release_tag }} + ./.github/scripts/update_cli.sh "$RELEASE_TAG" - name: Track large files with Git LFS if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag @@ -63,7 +63,7 @@ jobs: - name: Create Pull Request id: cretae_pull_request if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag - uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 #v6 + uses: step-security/create-pull-request@50c103da2b9ca12cd5bc013fc6931051a5aa872b # v8.1.1 with: token: ${{ secrets.AUTOMATION_TOKEN }} commit-message: Update checkmarx-ast-cli to ${{ steps.checkmarx-ast-cli.outputs.release_tag }} diff --git a/checkmarx-ast-cli.version b/checkmarx-ast-cli.version index aadd7fdc..fae17394 100644 --- a/checkmarx-ast-cli.version +++ b/checkmarx-ast-cli.version @@ -1 +1 @@ -2.3.48 +2.3.54 diff --git a/pom.xml b/pom.xml index 9e8faa71..a468a86c 100644 --- a/pom.xml +++ b/pom.xml @@ -30,6 +30,12 @@ com.googlecode.json-simple json-simple 1.1.1 + + + junit + junit + + com.fasterxml.jackson.core @@ -57,6 +63,12 @@ 5.10.2 test + + junit + junit + 4.13.1 + compile + diff --git a/src/main/resources/cx-linux b/src/main/resources/cx-linux index 1322d953..85f008ed 100755 --- a/src/main/resources/cx-linux +++ b/src/main/resources/cx-linux @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:f73e555c94ea77a10d31e37de49e40d3468ec2787e4e6d917539409210a8fe8d -size 81281208 +oid sha256:776d9864c0104e1d0023641ef931bd1c58478cf56768ce77f2bfbfd6e9e64493 +size 80568482 diff --git a/src/main/resources/cx-linux-arm b/src/main/resources/cx-linux-arm index 5b533e6d..10629171 100755 --- a/src/main/resources/cx-linux-arm +++ b/src/main/resources/cx-linux-arm @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:101acdd3d54073d9964986e279da786e527d0e649f5ae5473a79481bbb8389ef -size 76415160 +oid sha256:d40b3cfb9f930e96a9d6b494d4c7b9cd98e3bb857e55a0f55c92d764bb8c3c1a +size 75235490 diff --git a/src/main/resources/cx-mac b/src/main/resources/cx-mac index d016514b..e137bc67 100755 --- a/src/main/resources/cx-mac +++ b/src/main/resources/cx-mac @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:71a744df366cddf2312b2e4a51f1174ab785d06b48506e08c3c8ee9cde8f82cf -size 162260464 +oid sha256:df4a2d6b72936afa65df8730f0ee491f6d518286421063f50df2e48d3d5b56f9 +size 160422432 diff --git a/src/main/resources/cx.exe b/src/main/resources/cx.exe index 4d61a0c0..f2f6b695 100644 --- a/src/main/resources/cx.exe +++ b/src/main/resources/cx.exe @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:489659950e778b01bf66ba126cd52a1acf8f124db62407b190516c12648baf6b -size 83262400 +oid sha256:c7227ac9dd89f344c12629d367774a2428595b3daff0a2e710981d924f13dbf4 +size 82488128