[ADD] vulnerabilityFixResolutionText for get_vulnerabilities_risks_by_scan_id

HappyY19 · HappyY19 · commit 471f38db566f · 2025-01-14T14:54:19.000+08:00
diff --git a/CheckmarxPythonSDK/CxScaApiSDK/api.py b/CheckmarxPythonSDK/CxScaApiSDK/api.py
@@ -1965,12 +1965,55 @@ def get_vulnerabilities_risks_by_scan_id(self, scan_id, is_exploitable_path_enab
                  "cvss3 { attackComplexity, attackVector, availability, availabilityRequirement, baseScore, "
                  "confidentiality, confidentialityRequirement, exploitCodeMaturity, integrity, integrityRequirement, "
                  "privilegesRequired, remediationLevel, reportConfidence, scope, userInteraction }, "
+                 "vulnerabilityFixResolutionText,"
                  "pendingState, pendingChanges, packageState { type, value }, pendingScore, pendingSeverity,"
                  " isScoreOverridden } }"
                  " }")
         response = self.gql_request(relative_url=self.gql_relative_url, data=query)
         return response
 
+    def get_one_vulnerability(self, scan_id, vulnerability_id, package_id):
+        """
+            This is a GraphQL API
+        Args:
+            scan_id (str):
+            vulnerability_id (str):
+            package_id (str):
+
+        Returns:
+
+        """
+        query = ("query { "
+                 "vulnerability  ("      
+                 f"scanId:  \"{scan_id}\", "
+                 f"vulnerabilityId:  \"{vulnerability_id}\", "
+                 f"packageId:  \"{package_id}\""
+                 ")"
+                 "{ packageState { type, value }, assignedPolicies, violatedPolicies, pendingChanges, pendingState, "
+                 "state, score, pendingScore, pendingSeverity, isScoreOverridden, morEntityProfilesApplied, credit, "
+                 "notes, isIgnored, cve, cwe, description, packageId, severity, type, published, isKevDataExists, "
+                 "isExploitDbDataExists, isVulnerabilityNew, detectionDate, relation, vulnerabilityFixResolutionText, "
+                 "cweInfo { title }, packageInfo { name, packageRepository, version }, isExploitable, exploitablePath "
+                 "{ methodMatch { fullName, line, namespace, shortName, sourceFile }, methodSourceCall { fullName, "
+                 "line, namespace, shortName, sourceFile } }, "
+                 "vulnerablePackagePath { id, isDevelopment, isResolved, "
+                 "name, version, vulnerabilityRiskLevel }, "
+                 "references { comment, type, url }, "
+                 "cvss2 { attackComplexity, attackVector, authentication, availability, availabilityRequirement,"
+                 " baseScore, collateralDamagePotential, confidentiality, confidentialityRequirement,"
+                 " exploitCodeMaturity, integrityImpact, integrityRequirement, remediationLevel, reportConfidence, "
+                 "targetDistribution, severity }, cvss3 { attackComplexity, attackVector, availability,"
+                 " availabilityRequirement, baseScore, confidentiality, confidentialityRequirement, "
+                 "exploitCodeMaturity, integrity, integrityRequirement, privilegesRequired, remediationLevel, "
+                 "reportConfidence, scope, userInteraction, severity }, "
+                 "cvss4 { attackComplexity, attackVector, attackRequirements, privilegesRequired, userInteraction, "
+                 "vulnerableSystemConfidentiality, vulnerableSystemIntegrity, vulnerableSystemAvailability, "
+                 "subsequentSystemConfidentiality, subsequentSystemIntegrity, subsequentSystemAvailability, "
+                 "baseScore, severity }, isEpssDataExists, epssData { cve, date, epss, percentile } }"
+                 " }")
+        response = self.gql_request(relative_url=self.gql_relative_url, data=query)
+        return response
+
     def get_supply_chain_risks_by_scan_id(self, scan_id, take=10, skip=0):
         """
             This is a GraphQL API
@@ -2667,6 +2710,10 @@ def get_vulnerabilities_risks_by_scan_id(scan_id, is_exploitable_path_enabled=Fa
                                                       take=take, skip=skip)
 
 
+def get_one_vulnerability(scan_id, vulnerability_id, package_id):
+    return Sca().get_one_vulnerability(scan_id=scan_id, vulnerability_id=vulnerability_id, package_id=package_id)
+
+
 def get_supply_chain_risks_by_scan_id(scan_id, take=10, skip=0):
     return Sca().get_supply_chain_risks_by_scan_id(scan_id, take=take, skip=skip)
 
diff --git a/tests/CxOne/test_sca_api.py b/tests/CxOne/test_sca_api.py
@@ -36,6 +36,13 @@ def test_get_vulnerabilities_risks_by_scan_id():
     assert second_result is not None
 
 
+def test_get_one_vulnerability():
+    result = ScaAPI().get_one_vulnerability(scan_id="fd129816-5ef0-4111-959b-11f118e286fa",
+                                            vulnerability_id="CVE-2019-19919",
+                                            package_id="Npm-handlebars-4.0.5")
+    assert result is not None
+
+
 def test_get_supply_chain_risks_by_scan_id():
     result = ScaAPI().get_supply_chain_risks_by_scan_id(scan_id="d201a795-e2f0-44bf-8f5a-d6a5eb1c28b7",
                                                         take=10, skip=0)
