Description
An exception is thrown when the CxAnalytixExportState.json
file is empty which is likely to occur when users want to "restart" CxAnalytix from the beginning.
Expected Behavior
An empty state file will be treated the same as if the file does not exist and begin extracting all data available.
Actual Behavior
An exception is thrown and the extraction stops when the state file is empty.
Reproduction
Installed CxAnalytix using the Getting Started w/the CLI steps.
dotnet.exe.config file contents:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="CxCredentials" type="CxAnalytix.Configuration.CxCredentials, Configuration" />
<section name="CxConnection" type="CxAnalytix.Configuration.CxConnection, Configuration" />
<section name="CxAnalyticsService" type="CxAnalytix.Configuration.CxAnalyticsService, Configuration" />
<section name="CxLogOutput" type="CxAnalytix.Out.Log4NetOutput.LogOutputConfig, Log4NetOutput" />
</configSections>
<!-- Common config parameters -->
<CxConnection URL="http://localhost"
mnoURL=""
TimeoutSeconds="600" ValidateCertificates="true" />
<CxCredentials configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAD+Yfz3TTtkuNUwiA2mnaNQQAAAACAAAAAAAQZgAAAAEAACAAAABEFil6yJornAfayWri4jhnYx8ZcVKlCbdK0MKf0OYbPQAAAAAOgAAAAAIAACAAAAAoSneyAzYRay+umoLa1CEvdb/54SM3v6CwWl8QMcgPOZAAAADSspNbRLZr9vwTmqOeZhm05gVNs3yONMWuKvhfwodTOF7jGtg9uHVbc5lH8cpNxU7Qb072JAjiiCYrAjy1aCjMO5NH0ibJViL0n9euH2jJz6mibUo0VNoNfid8KQhRZqogivlzpL/rEOSOdX0qEzu3ABu35g9knhcCb8wL2kwawXAIn3vYYE8vAszERfZ8fbpAAAAACU6pegd1dCoitWECWzFd5oPxW2BLsCRkJqG30yqFsmwD0jKEh8WWyK5QPVxZ9x8TURIliyJdtMhLK/yHGKiq6Q==</CipherValue>
</CipherData>
</EncryptedData>
</CxCredentials>
<CxAnalyticsService ConcurrentThreads="2" StateDataStoragePath=""
ProcessPeriodMinutes="120"
OutputFactoryClassPath="CxAnalytix.Out.Log4NetOutput.LoggerOutFactory, Log4NetOutput"
SASTScanSummaryRecordName="RECORD_SAST_Scan_Summary"
SASTScanDetailRecordName="RECORD_SAST_Scan_Detail"
SCAScanSummaryRecordName="RECORD_SCA_Scan_Summary"
SCAScanDetailRecordName="RECORD_SCA_Scan_Detail"
ProjectInfoRecordName="RECORD_Project_Info"
PolicyViolationsRecordName="RECORD_Policy_Violations"
/>
<!-- Specific output method configuration parameters -->
<CxLogOutput DataRetentionDays="3" OutputRoot="logs\">
<PurgeSpecs>
<spec MatchSpec="*.log.*" />
</PurgeSpecs>
</CxLogOutput>
</configuration>
Run CxAnalytix one time. Your state file will be populated. For example:
{"1":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":1,"ProjectName":"dvna_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"2":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":2,"ProjectName":"WebGoat_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"3":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":3,"ProjectName":"NodeGoat_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"4":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":4,"ProjectName":"NAudio_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"5":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":5,"ProjectName":"dvna_sandbox","TeamId":"11c02153-343a-4629-bd01-6aa51c28fd33","TeamName":"\\CxServer\\serviceprovider\\company\\dvna","PresetId":36},"6":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":6,"ProjectName":"WebGoat_sandbox","TeamId":"d84ae381-3bdf-4e23-b57b-a754662957cd","TeamName":"\\CxServer\\serviceprovider\\company\\WebGoat","PresetId":36},"7":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":7,"ProjectName":"NodeGoat_sandbox","TeamId":"6d6b6dd4-0205-415d-8fd1-102e02490c90","TeamName":"\\CxServer\\serviceprovider\\company\\NodeGoat","PresetId":36},"8":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":8,"ProjectName":"NAudio_sandbox","TeamId":"af6336f4-7913-44a3-aa3a-2dc3e3dd2eb1","TeamName":"\\CxServer\\serviceprovider\\company\\NAudio","PresetId":36},"9":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":9,"ProjectName":"nopCommerce_sandbox","TeamId":"74935482-3e41-4d61-8eb8-8f7db42d6245","TeamName":"\\CxServer\\serviceprovider\\company\\nopCommerce","PresetId":36},"10":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":10,"ProjectName":"FluentEmail_sandbox","TeamId":"225fb029-0589-4a22-83ac-8d5b8a5222ab","TeamName":"\\CxServer\\serviceprovider\\company\\FluentEmail","PresetId":36},"11":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":11,"ProjectName":"DVWA_sandbox","TeamId":"13bc700b-e3a2-4d9a-95a1-131919ccf0b6","TeamName":"\\CxServer\\serviceprovider\\company\\DVWA","PresetId":36},"12":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":12,"ProjectName":"notepad-plus-plus_sandbox","TeamId":"af7e5264-6963-490b-9b63-7fbe2d8f94af","TeamName":"\\CxServer\\serviceprovider\\company\\notepad-plus-plus","PresetId":36},"13":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":13,"ProjectName":"dvja_sandbox","TeamId":"50fa5d73-0311-47b7-85fc-9599a765f830","TeamName":"\\CxServer\\serviceprovider\\company\\dvja","PresetId":36},"14":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":14,"ProjectName":"JavaVulnerableLab_sandbox","TeamId":"4b0d6b0d-f552-49d7-ac27-ad468dbd6b4c","TeamName":"\\CxServer\\serviceprovider\\company\\JavaVulnerableLab","PresetId":36},"15":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":15,"ProjectName":"OWASP-GoatDroid-Project_sandbox","TeamId":"9ed648cf-0bfd-4abb-bc7e-6b37e8cbfc57","TeamName":"\\CxServer\\serviceprovider\\company\\OWASP-GoatDroid-Project","PresetId":36},"16":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":16,"ProjectName":"DVWS_sandbox","TeamId":"011aa991-9203-454b-b0b9-349e0d652ecf","TeamName":"\\CxServer\\serviceprovider\\company\\DVWS","PresetId":36},"17":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":17,"ProjectName":"dvws-node_sandbox","TeamId":"eebd2236-f487-4c8e-9008-395d2016661f","TeamName":"\\CxServer\\serviceprovider\\company\\dvws-node","PresetId":36},"18":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":18,"ProjectName":"pivaa_sandbox","TeamId":"8d2048b1-f189-4a16-85f0-020bf447f9b0","TeamName":"\\CxServer\\serviceprovider\\company\\pivaa","PresetId":36},"19":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":19,"ProjectName":"diva-android_sandbox","TeamId":"af0dfef0-165b-4b8a-ac2f-d78466111ebc","TeamName":"\\CxServer\\serviceprovider\\company\\diva-android","PresetId":36},"20":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":20,"ProjectName":"DodoVulnerableBank_sandbox","TeamId":"5a52624e-317a-458e-b074-674b0e12687b","TeamName":"\\CxServer\\serviceprovider\\company\\DodoVulnerableBank","PresetId":36},"21":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":21,"ProjectName":"Android-InsecureBankv2_sandbox","TeamId":"be5a8d1b-da8e-44e2-ba62-9f85adb5bffe","TeamName":"\\CxServer\\serviceprovider\\company\\Android-InsecureBankv2","PresetId":36},"22":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":22,"ProjectName":"VulnerableAndroidAppOracle_sandbox","TeamId":"aa1c180c-aacf-4f36-9041-ed98b6f16b6d","TeamName":"\\CxServer\\serviceprovider\\company\\VulnerableAndroidAppOracle","PresetId":36},"23":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":23,"ProjectName":"Digitalbank_sandbox","TeamId":"99595f9d-822d-4910-8ea6-8d2866929389","TeamName":"\\CxServer\\serviceprovider\\company\\Digitalbank","PresetId":36},"24":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":24,"ProjectName":"DVHMA_sandbox","TeamId":"f5e04c11-573f-49fd-ab2d-74553b1b37c6","TeamName":"\\CxServer\\serviceprovider\\company\\DVHMA","PresetId":36},"25":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":25,"ProjectName":"juice-shop_sandbox","TeamId":"95f00e80-737a-4f16-b4d5-8758c056daae","TeamName":"\\CxServer\\serviceprovider\\company\\juice-shop","PresetId":36},"26":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":26,"ProjectName":"DVIA_sandbox","TeamId":"48745f59-80cc-48d2-9126-e23ea90e614a","TeamName":"\\CxServer\\serviceprovider\\company\\DVIA","PresetId":36},"27":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":27,"ProjectName":"DVIA-v2_sandbox","TeamId":"4f0c4656-0061-449c-9fc8-657d8df49aab","TeamName":"\\CxServer\\serviceprovider\\company\\DVIA-v2","PresetId":36},"28":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":28,"ProjectName":"AltoroJ_sandbox","TeamId":"1c0d6132-d2ac-45ab-835a-66b35212320a","TeamName":"\\CxServer\\serviceprovider\\company\\AltoroJ","PresetId":36},"29":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":29,"ProjectName":"nopCommerce_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"30":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":30,"ProjectName":"FluentEmail_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"31":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":31,"ProjectName":"DVWA_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"32":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":32,"ProjectName":"notepad-plus-plus_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"33":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":33,"ProjectName":"dvja_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"34":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":34,"ProjectName":"JavaVulnerableLab_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"35":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":35,"ProjectName":"OWASP-GoatDroid-Project_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"36":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":36,"ProjectName":"DVWS_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"37":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":37,"ProjectName":"dvws-node_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"38":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":38,"ProjectName":"pivaa_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"39":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":39,"ProjectName":"diva-android_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"40":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":40,"ProjectName":"DodoVulnerableBank_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"41":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":41,"ProjectName":"Android-InsecureBankv2_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"42":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":42,"ProjectName":"VulnerableAndroidAppOracle_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"43":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":43,"ProjectName":"Digitalbank_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"44":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":44,"ProjectName":"DVHMA_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"45":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":45,"ProjectName":"juice-shop_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"46":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":46,"ProjectName":"DVIA_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"47":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":47,"ProjectName":"DVIA-v2_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36},"48":{"LastScanCheckDate":"2020-08-11T20:26:24.5533576+00:00","ProjectId":48,"ProjectName":"AltoroJ_policy","TeamId":"26af7de0-042e-43b0-ad7c-48fabb038b0d","TeamName":"\\CxServer\\serviceprovider\\company","PresetId":36}}
Run the CLI again to verify that there is no more data to extract.
PS C:\programdata\checkmarx\cxanalytix\artifacts\Release> dotnet CxAnalytixCLI.dll
[2020-08-11 20:29:39,797] INFO [1] [CxAnalytixCLI.Program] (?:?) - Start
[2020-08-11 20:29:39,809] INFO [1] [CxAnalytixCLI.Program] (?:?) - CWD: C:\programdata\checkmarx\cxanalytix\artifacts\Release
[2020-08-11 20:29:40,143] WARN [1] [CxAnalytix.TransformLogic.Transformer] (?:?) - Policy data is not available.
System.InvalidOperationException: Unable to retrieve policies.
at CxRestClient.CxMnoPolicies.GetAllPolicies(CxRestContext ctx, CancellationToken token) in c:\programdata\checkmarx\CxAnalytix\CxRestClient\CxMnoPolicies.cs:line 128
at CxAnalytix.TransformLogic.Transformer..ctor(CxRestContext ctx, CancellationToken token, String previousStatePath) in c:\programdata\checkmarx\CxAnalytix\TransformLogic\Transformer.cs:line 260
[2020-08-11 20:29:40,577] INFO [1] [CxAnalytix.TransformLogic.ProjectResolver] (?:?) - 48 projects are targets for check for new scans. Since last scan: 0 projects removed, 0 new projects.
[2020-08-11 20:29:41,138] INFO [1] [CxAnalytix.TransformLogic.ScanResolver] (?:?) - Resolved 0 scans to check in 0 projects since 8/11/2020 8:29:40 PM.
[2020-08-11 20:29:41,142] INFO [1] [CxAnalytixCLI.Program] (?:?) - End
**Delete the state file content using a text editor so that the file still exists but is empty.
Run the CLI again and note an exception occurs.**
PS C:\programdata\checkmarx\cxanalytix\artifacts\Release> dotnet CxAnalytixCLI.dll
[2020-08-11 20:30:45,196] INFO [1] [CxAnalytixCLI.Program] (?:?) - Start
[2020-08-11 20:30:45,210] INFO [1] [CxAnalytixCLI.Program] (?:?) - CWD: C:\programdata\checkmarx\cxanalytix\artifacts\Release
[2020-08-11 20:30:45,571] WARN [1] [CxAnalytix.TransformLogic.Transformer] (?:?) - Policy data is not available.
System.InvalidOperationException: Unable to retrieve policies.
at CxRestClient.CxMnoPolicies.GetAllPolicies(CxRestContext ctx, CancellationToken token) in c:\programdata\checkmarx\CxAnalytix\CxRestClient\CxMnoPolicies.cs:line 128
at CxAnalytix.TransformLogic.Transformer..ctor(CxRestContext ctx, CancellationToken token, String previousStatePath) in c:\programdata\checkmarx\CxAnalytix\TransformLogic\Transformer.cs:line 260
Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object.
at CxAnalytix.TransformLogic.ProjectResolver.Resolve(Dictionary`2 productAction) in c:\programdata\checkmarx\CxAnalytix\TransformLogic\ProjectResolver.cs:line 125
at CxAnalytix.TransformLogic.Transformer..ctor(CxRestContext ctx, CancellationToken token, String previousStatePath) in c:\programdata\checkmarx\CxAnalytix\TransformLogic\Transformer.cs:line 314
at CxAnalytix.TransformLogic.Transformer.DoTransform(Int32 concurrentThreads, String previousStatePath, String instanceId, CxRestContext ctx, IOutputFactory outFactory, RecordNames records, CancellationToken token) in c:\programdata\checkmarx\CxAnalytix\TransformLogic\Transformer.cs:line 406
at CxAnalytixCLI.Program.Main(String[] args) in c:\programdata\checkmarx\CxAnalytix\CxAnalytixCLI\Program.cs:line 41
Environment Details
I built from source, but it was building version 1.1.3
PS C:\programdata\checkmarx\cxanalytix> git describe --tags
v1.1.3
PS C:\programdata\checkmarx\cxanalytix> git rev-parse HEAD
9c7725e6075524f0c9b2ba405e163c0faa989456
PS C:\programdata\checkmarx\cxanalytix>
OS Environment is server 2016.