PR - 2026-06-23#206
Merged
Merged
Conversation
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- sastQueriesAPI: add scan_id/tenant_id to get_sast_query_description - sastResultsPredicatesAPI: add offset/limit to get_all_predicates_for_similarity_id - api_client: enable follow_redirects on httpx.Client for S3-based file retrieval Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- update_project_preset: batch-update SAST preset for API projects from CSV - trigger_scm_project_scans_on_main_branch: trigger scans on main branch for SCM-integrated projects via repos-manager endpoint - export_sast_state_counts: export SAST state counts per project as CSV - export_sast_state_by_query: export SAST results by project, query, severity, language, and state for FP-rate analysis - get_project_sast_exclusions: get/update SAST recommended exclusions - get_audit_events: retrieve audit events Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Add PredicateInitialValues, PredicateHistoryResponse DTOs - Add from_dict to CommentJSON, PredicateWithCommentJSON, PredicateHistory - Update SastResultsPredicatesAPI to return typed PredicateHistoryResponse - Add offset/limit params to get_all_predicates_for_similarity_id Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- triage_workflow.py: guided 9-step triage for SAST findings - Add *.har to .gitignore Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Work around server-side issue where /cxrestapi/sast/results returns duplicate data on the last page. Add diagnostic tests to detect the bug. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The server-side pagination bug in /cxrestapi/sast/results occurs when limit exceeds the number of remaining results — the last page wraps around and returns earlier data instead of the actual trailing results. Instead of always using the full page size, compute remaining = total_count - offset and use min(limit, remaining) as the actual limit for each request after the first. This ensures the final request asks for exactly the right number of results, avoiding the server boundary condition. Dedup is kept as an additional safety net. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…esults The CxSAST /cxrestapi/sast/results endpoint interprets the 'offset' parameter as a page number (records skipped = offset * limit), not as a record count. The previous implementation incremented offset by the page size each iteration, causing it to skip most results. Increment offset by 1 per page instead, and keep path_id dedup as a safety net. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The operation exists in the WSDL but CxSAST 9.x returns "This action is no longer supported." Use CxAuditWebService's get_source_code_for_scan as the replacement. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
GetSourceByScanID (singular) is deprecated in CxSAST 9.x, but the plural GetSourcesByScanID returns per-file source content for requested file paths. GetFileNamesForPath returns file names associated with a path_id. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Portal SOAP (40 new methods): get_preset_details, update_preset, get_result_state_list, get_scan_report, get_scan_report_status, cancel_scan_report, get_results, get_result_summary, get_query_collection_for_language, get_query_description, get_query_short_description, get_scans_display_data_for_all_projects, get_scan_summary, get_server_license_basic, get_server_license_data_extended, get_custom_fields, get_custom_field_values, get_result_paths_for_query, get_results_for_query, get_queries_for_scan, get_scan_properties, get_status_of_single_scan, get_scans_statuses, get_scan_logs, update_result_state, update_result_comment, update_scan_comment, is_valid_preset_name, get_server_language_list, get_executable_list, count_lines, is_alive, is_smtp_host_configured, is_private_cloud, get_cwe_description, get_result_state_flags, cancel_scan, delete_scan, delete_scans, get_child_nodes, get_projects_with_scans, get_configuration_set_list Audit SOAP (24 new methods): get_results, get_result_summary, get_result_state_list, update_result_state, update_scan_comment, get_project_scans, get_projects_with_scans, get_query_collection, get_query_collection_for_language, get_query_description, get_query_description_by_query_id, get_queries_categories, get_preset_details, get_preset_list, get_path_comments_history, get_project_configuration, get_license_details, get_engine_configuration, get_hierarchy_group_tree, get_ancestry_group_tree, keep_alive, import_queries, get_cache All methods include module-level convenience functions, __init__.py exports, and pytest tests (55 Portal + 20 Audit = 75 tests passing). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…rt_sast_state_counts Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…st.md Convert CxSAST_and_CxOSA_REST_API_List.md, CxSAST_Portal_SOAP_API_List.md, and CxSAST_ODATA_API.md to consistent markdown table format with columns for class, method, HTTP/query pattern, and endpoint path. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…mber
- Replace `item["status"]["id"] == 2` with status name extraction via
`status.get("value")`, returning "Started"/"Completed"/"Failed" strings
- Handle both dict and plain-string status formats from the API
- Add proper docstring with known status values
- Update test to create a real branch, poll, and display all statuses
- Update CxCliPy.py to use latest SDK OData API and add --branch_project support
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…n Windows Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…cConstraints ssl.create_default_context() enables VERIFY_X509_STRICT, which requires certificates loaded as CAs to have the BasicConstraints:CA:TRUE extension. Self-signed server certs (like IIS self-signed certs) typically lack this, causing "invalid CA certificate" errors. Switch to ssl.SSLContext with PROTOCOL_TLS_CLIENT (matching urllib3's approach), which does not enforce this strict check. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
Great job! No new security vulnerabilities introduced in this pull request |
cx-james-bostock
approved these changes
Jun 23, 2026
cx-james-bostock
left a comment
cx-james-bostock
left a comment
Contributor
There was a problem hiding this comment.
Hi @cx-happy-yang,
These changes look fine to me.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix SSL context creation for self-signed CA certificates