From 25f21fbff096adb54a688ff5895ac6863c57c2eb Mon Sep 17 00:00:00 2001
From: Prathmesh Borle <65400885+cx-prathmesh-borle@users.noreply.github.com>
Date: Tue, 24 Jun 2025 17:18:12 +0530
Subject: [PATCH 1/2] fix project branch limit and xml special characters

---
 ...nclude_f60f0ee047131110328ca368436d43ba.js |  20 +--
 ...nclude_891d8fed471f1110328ca368436d4334.js |   4 +-
 ...nclude_d7f2d2e447131110328ca368436d4321.js | 144 +++++++++---------
 ...nclude_1980bcb147935110328ca368436d435a.js |  80 ++++++----
 4 files changed, 136 insertions(+), 112 deletions(-)

diff --git a/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.js b/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.js
index 3c67649..ed99463 100644
--- a/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.js
+++ b/CheckmarxOneAppListIntegration_sys_script_include_f60f0ee047131110328ca368436d43ba.js
@@ -79,16 +79,16 @@ CheckmarxOneAppListIntegration.prototype = Object.extendsObject(sn_vul.Applicati
                     if (null != projects[item].mainBranch && projects[item].mainBranch.length > 0)
                         primaryBranch = projects[item].mainBranch.toString();
 
-					var currentGroupVal = (groups.length == 0) ? groupval : projects[item].groups.toString();
-
-					appListAll += '<project id="' + this.UTIL.escapeXmlChars(projects[item].id) + '"' +
-						' createdAt="' + this.UTIL.escapeXmlChars(projects[item].createdAt) + '"' +
-						' applicationIds="' + this.UTIL.escapeXmlChars(applicationIds) + '"' +
-						' groups="' + this.UTIL.escapeXmlChars(currentGroupVal) + '">' +
-						'<primaryBranch>' + this.UTIL.escapeCDATA(primaryBranch) + '</primaryBranch>' +
-						'<projectTags>' + this.UTIL.escapeCDATA(projectTags) + '</projectTags>' +
-						'<name>' + this.UTIL.escapeCDATA(projects[item].name) + '</name>' +
-						'</project>';
+                    var currentGroupVal = (groups.length == 0) ? groupval : projects[item].groups.toString();
+
+                    appListAll += '<project id="' + this.UTIL.escapeXmlChars(projects[item].id) + '"' +
+                        ' createdAt="' + this.UTIL.escapeXmlChars(projects[item].createdAt) + '"' +
+                        ' applicationIds="' + this.UTIL.escapeXmlChars(applicationIds) + '"' +
+                        ' groups="' + this.UTIL.escapeXmlChars(currentGroupVal) + '">' +
+                        '<primaryBranch>' + this.UTIL.escapeCDATA(primaryBranch) + '</primaryBranch>' +
+                        '<projectTags>' + this.UTIL.escapeCDATA(projectTags) + '</projectTags>' +
+                        '<name>' + this.UTIL.escapeCDATA(projects[item].name) + '</name>' +
+                        '</project>';
 
                 }
                 if (appListAll == '' && createdDate > projects[item].createdAt) {
diff --git a/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.js b/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.js
index 0e3bde5..e256b76 100644
--- a/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.js
+++ b/CheckmarxOneAppVulItemIntegration_sys_script_include_891d8fed471f1110328ca368436d4334.js
@@ -774,8 +774,8 @@ CheckmarxOneAppVulItemIntegration.prototype = Object.extendsObject(sn_vul.Applic
                                     include_scan = 'true';
                                 }
                                 if (include_scan == 'true') {
-
-                                    if (jsonLastScanSummResp.scans[item].engines.toString().indexOf("microengines") != -1 &&
+                                    if (jsonLastScanSummResp.scans[item].engines.toString().indexOf("microengines") != -1 && jsonLastScanSummResp.scans[item].metadata && jsonLastScanSummResp.scans[item].metadata.length > 0 &&
+                                        jsonLastScanSummResp.scans[item].metadata.configs &&
                                         jsonLastScanSummResp.scans[item].metadata.configs[item].type == 'microengines') {
                                         var secretDetetction = jsonLastScanSummResp.scans[item].metadata.configs[item].value;
                                         if ('2ms' in secretDetetction && engineList.indexOf('SecretDetection') == -1) {
diff --git a/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.js b/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.js
index bb5d857..d61d81a 100644
--- a/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.js
+++ b/CheckmarxOneScanSummaryIntegration_sys_script_include_d7f2d2e447131110328ca368436d4321.js
@@ -249,17 +249,17 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
                             else
                                 prvScaScanBranch = '' + jsonLastScanSummResp.scans[item].branch;
                         }
-						scaScanSummaryAll += '<scan id="' + this.UTIL.escapeXmlChars('sca' + jsonLastScanSummResp.scans[item].id) + '"' +
-							' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
-							' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
-							' total_no_flaws="' + this.UTIL.escapeXmlChars(scaresponsevul) + '"' +
-							' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
-							' prvScanId="' + this.UTIL.escapeXmlChars(scaPrvScanId) + '"' +
-							' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
-							' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
-							' scan_type="' + this.UTIL.escapeXmlChars(scaScanType) + '"' +
-							' prvBranch="' + this.UTIL.escapeXmlChars(prvScaScanBranch) + '"' +
-							' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
+                        scaScanSummaryAll += '<scan id="' + this.UTIL.escapeXmlChars('sca' + jsonLastScanSummResp.scans[item].id) + '"' +
+                            ' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
+                            ' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
+                            ' total_no_flaws="' + this.UTIL.escapeXmlChars(scaresponsevul) + '"' +
+                            ' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
+                            ' prvScanId="' + this.UTIL.escapeXmlChars(scaPrvScanId) + '"' +
+                            ' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
+                            ' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
+                            ' scan_type="' + this.UTIL.escapeXmlChars(scaScanType) + '"' +
+                            ' prvBranch="' + this.UTIL.escapeXmlChars(prvScaScanBranch) + '"' +
+                            ' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
                     }
                 }
 
@@ -289,17 +289,17 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
                         }
                         var loc = this._getLOCforSAST(jsonLastScanSummResp.scans[item].statusDetails);
                         sastScanSummaryAll += '<scan id="' + this.UTIL.escapeXmlChars('sast' + jsonLastScanSummResp.scans[item].id) + '"' +
-							' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
-							' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
-							' total_no_flaws="' + this.UTIL.escapeXmlChars(sastresponsevul) + '"' +
-							' loc="' + this.UTIL.escapeXmlChars(loc) + '"' +
-							' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
-							' prvScanId="' + this.UTIL.escapeXmlChars(sastPrvScanId) + '"' +
-							' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
-							' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
-							' scan_type="' + this.UTIL.escapeXmlChars(sastScanType) + '"' +
-							' prvBranch="' + this.UTIL.escapeXmlChars(prvSastScanBranch) + '"' +
-							' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
+                            ' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
+                            ' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
+                            ' total_no_flaws="' + this.UTIL.escapeXmlChars(sastresponsevul) + '"' +
+                            ' loc="' + this.UTIL.escapeXmlChars(loc) + '"' +
+                            ' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
+                            ' prvScanId="' + this.UTIL.escapeXmlChars(sastPrvScanId) + '"' +
+                            ' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
+                            ' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
+                            ' scan_type="' + this.UTIL.escapeXmlChars(sastScanType) + '"' +
+                            ' prvBranch="' + this.UTIL.escapeXmlChars(prvSastScanBranch) + '"' +
+                            ' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
                     }
                 }
 
@@ -317,16 +317,16 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
                                 prvKicsScanBranch = '' + jsonLastScanSummResp.scans[item].branch;
                         }
                         kicsScanSummaryAll += '<scan id="' + this.UTIL.escapeXmlChars('IaC' + jsonLastScanSummResp.scans[item].id) + '"' +
-							' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
-							' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
-							' total_no_flaws="' + this.UTIL.escapeXmlChars(kicsresponsevul) + '"' +
-							' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
-							' prvScanId="' + this.UTIL.escapeXmlChars(kicsPrvScanId) + '"' +
-							' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
-							' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
-							' scan_type="' + this.UTIL.escapeXmlChars(scanType) + '"' +
-							' prvBranch="' + this.UTIL.escapeXmlChars(prvKicsScanBranch) + '"' +
-							' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
+                            ' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
+                            ' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
+                            ' total_no_flaws="' + this.UTIL.escapeXmlChars(kicsresponsevul) + '"' +
+                            ' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
+                            ' prvScanId="' + this.UTIL.escapeXmlChars(kicsPrvScanId) + '"' +
+                            ' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
+                            ' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
+                            ' scan_type="' + this.UTIL.escapeXmlChars(scanType) + '"' +
+                            ' prvBranch="' + this.UTIL.escapeXmlChars(prvKicsScanBranch) + '"' +
+                            ' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
                     }
                 }
 
@@ -344,16 +344,16 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
                                 prvConSecScanBranch = '' + jsonLastScanSummResp.scans[item].branch;
                         }
                         containerSecurityScanSummaryAll += '<scan id="' + this.UTIL.escapeXmlChars('CS' + jsonLastScanSummResp.scans[item].id) + '"' +
-							' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
-							' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
-							' total_no_flaws="' + this.UTIL.escapeXmlChars(containerSecurityResponseVul) + '"' +
-							' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
-							' prvScanId="' + this.UTIL.escapeXmlChars(conSecPrvScanId) + '"' +
-							' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
-							' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
-							' scan_type="' + this.UTIL.escapeXmlChars(container_scanType) + '"' +
-							' prvBranch="' + this.UTIL.escapeXmlChars(prvConSecScanBranch) + '"' +
-							' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
+                            ' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
+                            ' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
+                            ' total_no_flaws="' + this.UTIL.escapeXmlChars(containerSecurityResponseVul) + '"' +
+                            ' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
+                            ' prvScanId="' + this.UTIL.escapeXmlChars(conSecPrvScanId) + '"' +
+                            ' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
+                            ' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
+                            ' scan_type="' + this.UTIL.escapeXmlChars(container_scanType) + '"' +
+                            ' prvBranch="' + this.UTIL.escapeXmlChars(prvConSecScanBranch) + '"' +
+                            ' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
                     }
                 }
 
@@ -367,16 +367,16 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
                             prvApiSecScanBranch = apiSecPrvScanId ? jsonLastScanSummResp.scans[item].branch : '';
                         }
                         apiSecurityScanSummaryAll += '<scan id="' + this.UTIL.escapeXmlChars('apisec' + jsonLastScanSummResp.scans[item].id) + '"' +
-							' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
-							' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
-							' total_no_flaws="' + this.UTIL.escapeXmlChars(apiSecResponseVul) + '"' +
-							' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
-							' prvScanId="' + this.UTIL.escapeXmlChars(apiSecPrvScanId) + '"' +
-							' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
-							' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
-							' scan_type="' + this.UTIL.escapeXmlChars(api_scanType) + '"' +
-							' prvBranch="' + this.UTIL.escapeXmlChars(prvApiSecScanBranch) + '"' +
-							' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
+                            ' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
+                            ' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
+                            ' total_no_flaws="' + this.UTIL.escapeXmlChars(apiSecResponseVul) + '"' +
+                            ' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
+                            ' prvScanId="' + this.UTIL.escapeXmlChars(apiSecPrvScanId) + '"' +
+                            ' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
+                            ' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
+                            ' scan_type="' + this.UTIL.escapeXmlChars(api_scanType) + '"' +
+                            ' prvBranch="' + this.UTIL.escapeXmlChars(prvApiSecScanBranch) + '"' +
+                            ' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
                     }
                 }
                 //OSSF Scorecard scan summary
@@ -393,16 +393,16 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
                                 prvScoreCardScanBranch = '' + jsonLastScanSummResp.scans[item].branch;
                         }
                         scoreCardScanSummaryAll += '<scan id="' + this.UTIL.escapeXmlChars('ScoreCard' + jsonLastScanSummResp.scans[item].id) + '"' +
-							' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
-							' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
-							' total_no_flaws="' + this.UTIL.escapeXmlChars(scorecardResponseVul) + '"' +
-							' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
-							' prvScanId="' + this.UTIL.escapeXmlChars(scorecardPrvScanId) + '"' +
-							' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
-							' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
-							' scan_type="' + this.UTIL.escapeXmlChars(scorecard_scanType) + '"' +
-							' prvBranch="' + this.UTIL.escapeXmlChars(prvScoreCardScanBranch) + '"' +
-							' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
+                            ' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
+                            ' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
+                            ' total_no_flaws="' + this.UTIL.escapeXmlChars(scorecardResponseVul) + '"' +
+                            ' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
+                            ' prvScanId="' + this.UTIL.escapeXmlChars(scorecardPrvScanId) + '"' +
+                            ' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
+                            ' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
+                            ' scan_type="' + this.UTIL.escapeXmlChars(scorecard_scanType) + '"' +
+                            ' prvBranch="' + this.UTIL.escapeXmlChars(prvScoreCardScanBranch) + '"' +
+                            ' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
                     }
                 }
 
@@ -421,16 +421,16 @@ CheckmarxOneScanSummaryIntegration.prototype = Object.extendsObject(sn_vul.Appli
                                 prvSecretDetectionScanBranch = '' + jsonLastScanSummResp.scans[item].branch;
                         }
                         secretDetectionScanSummaryAll += '<scan id="' + this.UTIL.escapeXmlChars('SecretDetection' + jsonLastScanSummResp.scans[item].id) + '"' +
-							' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
-							' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
-							' total_no_flaws="' + this.UTIL.escapeXmlChars(secretDetectionResponseVul) + '"' +
-							' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
-							' prvScanId="' + this.UTIL.escapeXmlChars(secretDetectionPrvScanId) + '"' +
-							' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
-							' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
-							' scan_type="' + this.UTIL.escapeXmlChars(secretDetection_scanType) + '"' +
-							' prvBranch="' + this.UTIL.escapeXmlChars(prvSecretDetectionScanBranch) + '"' +
-							' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
+                            ' app_id="' + this.UTIL.escapeXmlChars(appId) + '"' +
+                            ' last_scan_date="' + this.UTIL.escapeXmlChars(this.UTIL.parseDate(jsonLastScanSummResp.scans[item].updatedAt)) + '"' +
+                            ' total_no_flaws="' + this.UTIL.escapeXmlChars(secretDetectionResponseVul) + '"' +
+                            ' branch="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].branch) + '"' +
+                            ' prvScanId="' + this.UTIL.escapeXmlChars(secretDetectionPrvScanId) + '"' +
+                            ' scan_origin="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceOrigin) + '"' +
+                            ' scan_source="' + this.UTIL.escapeXmlChars(jsonLastScanSummResp.scans[item].sourceType) + '"' +
+                            ' scan_type="' + this.UTIL.escapeXmlChars(secretDetection_scanType) + '"' +
+                            ' prvBranch="' + this.UTIL.escapeXmlChars(prvSecretDetectionScanBranch) + '"' +
+                            ' app_name="' + this.UTIL.escapeXmlChars(appId) + '"/>';
                     }
                 }
 
diff --git a/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.js b/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.js
index acad696..7bb74c0 100644
--- a/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.js
+++ b/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.js
@@ -439,7 +439,7 @@ CheckmarxOneUtilBase.prototype = {
         return projectJSON;
     },
 
-    //get Project Branch List
+    // Get Project Branch List with pagination
     getProjectBranchList: function(configId, projectId) {
         try {
             var request = new sn_ws.RESTMessageV2();
@@ -447,17 +447,44 @@ CheckmarxOneUtilBase.prototype = {
             var accesscontrolbaseUrl = config.checkmarxone_server_url;
             var apibaseurl = config.checkmarxone_api_base_url;
             var method = "post";
+
             var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId);
-            var query = '/api/projects/branches?project-id=' + projectId;
-            var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get");
-            var body = resp.getBody();
-            var projectJSON = JSON.parse(body);
+
+            var limit = 1000;
+            var offset = 0;
+            var allBranches = [];
+
+            while (true) {
+                var query = '/api/projects/branches?project-id=' + projectId +
+                    '&limit=' + limit + '&offset=' + offset;
+
+                var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get");
+                var body = resp.getBody();
+                var batch = JSON.parse(body);
+
+                // Check if it's an array
+                if (!Array.isArray(batch)) {
+                    throw 'Expected API response to be a list/array';
+                }
+
+                // Append to the result array
+                allBranches = allBranches.concat(batch);
+
+                // If less than limit, we are done
+                if (batch.length < limit) {
+                    break;
+                }
+
+                // Otherwise, increase offset and keep going
+                offset += limit;
+            }
+
+            return allBranches;
 
         } catch (err) {
             gs.error(this.MSG + " getProjectBranchList: Error while getting the project info: " + err);
             throw err;
         }
-        return projectJSON;
     },
 
     //get Project By Name
@@ -572,14 +599,11 @@ CheckmarxOneUtilBase.prototype = {
             var apibaseurl = config.checkmarxone_api_base_url;
             var method = "post";
             var token = this.getAccessToken(accesscontrolbaseUrl, config, method, request, configId);
-            for (var item in branches) {
-                branch += '&branches=' + encodeURIComponent(branches[item]);
-            }
-
-            var query = '/api/scans/?statuses=Completed&project-id=' + projectId + '&from-date=' + last_run_date + '&sort=-created_at&sort=%2Bstatus&field=scan-ids' + branch;
 
-            var resp = this._makeRestApiCall(apibaseurl, configId, token, query, "get");
-            var jsonLastScanSummResp = JSON.parse(resp.getBody());
+            // Define base query without offset/limit
+            var baseQuery = '/api/scans/?statuses=Completed&project-id=' + projectId + '&from-date=' + last_run_date + '&sort=-created_at&sort=%2Bstatus&field=scan-ids';
+            // Use pagination helper
+            var jsonLastScanSummResp = this._makePaginatedScansApiCall(apibaseurl, configId, token, baseQuery, "get", 'scans');
         } catch (err) {
             gs.error(this.MSG + " :getScanListFilterByMultipleBranch :Error in getting the scan details with branch filter: " + err);
             return -1;
@@ -2049,28 +2073,28 @@ CheckmarxOneUtilBase.prototype = {
 
     },
 
-	// Helper function to escape CDATA content
+    // Helper function to escape CDATA content
     escapeCDATA: function(str) {
         if (str === null || typeof str === 'undefined' || str == '') {
-			return '';
-		}
+            return '';
+        }
         // When ]]> appears in content, replace it with ]]]]><![CDATA[>
         var escaped = str.toString().replace(/]]>/g, ']]]]><![CDATA[>');
         return '<![CDATA[' + escaped + ']]>';
     },
 
-	// Helper function to escape xml special characters
-	escapeXmlChars: function(str) {
-		if (str === null || typeof str === 'undefined' || str == '') {
-			return '';
-		}
-		str = String(str); 
-		return str.replace(/&/g, '&amp;')
-				.replace(/</g, '&lt;')
-				.replace(/>/g, '&gt;')
-				.replace(/"/g, '&quot;')
-				.replace(/'/g, '&apos;');
-	},
+    // Helper function to escape xml special characters
+    escapeXmlChars: function(str) {
+        if (str === null || typeof str === 'undefined' || str == '') {
+            return '';
+        }
+        str = String(str);
+        return str.replace(/&/g, '&amp;')
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&apos;');
+    },
 
     //value of sca checkbox
     importScaFlaw: function(configId) {

From b9f986f742b949b40bc14ffb4f048379614f94cd Mon Sep 17 00:00:00 2001
From: Prathmesh Borle <65400885+cx-prathmesh-borle@users.noreply.github.com>
Date: Wed, 9 Jul 2025 12:25:39 +0530
Subject: [PATCH 2/2] enhancement: modified check condition in escapeXmlChars
 and escapeCDATA to avoid failure for 0

---
 ...nclude_1980bcb147935110328ca368436d435a.js | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.js b/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.js
index 7bb74c0..057f099 100644
--- a/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.js
+++ b/CheckmarxOneUtilBase_sys_script_include_1980bcb147935110328ca368436d435a.js
@@ -2075,26 +2075,26 @@ CheckmarxOneUtilBase.prototype = {
 
     // Helper function to escape CDATA content
     escapeCDATA: function(str) {
-        if (str === null || typeof str === 'undefined' || str == '') {
-            return '';
-        }
+        if (str === null || typeof str === 'undefined' || str === '') {
+			return '';
+		}
         // When ]]> appears in content, replace it with ]]]]><![CDATA[>
         var escaped = str.toString().replace(/]]>/g, ']]]]><![CDATA[>');
         return '<![CDATA[' + escaped + ']]>';
     },
 
-    // Helper function to escape xml special characters
-    escapeXmlChars: function(str) {
-        if (str === null || typeof str === 'undefined' || str == '') {
-            return '';
-        }
-        str = String(str);
-        return str.replace(/&/g, '&amp;')
-            .replace(/</g, '&lt;')
-            .replace(/>/g, '&gt;')
-            .replace(/"/g, '&quot;')
-            .replace(/'/g, '&apos;');
-    },
+	// Helper function to escape xml special characters
+	escapeXmlChars: function(str) {
+		if (str === null || typeof str === 'undefined' || str === '') {
+			return '';
+		}
+		str = String(str); 
+		return str.replace(/&/g, '&amp;')
+				.replace(/</g, '&lt;')
+				.replace(/>/g, '&gt;')
+				.replace(/"/g, '&quot;')
+				.replace(/'/g, '&apos;');
+	},
 
     //value of sca checkbox
     importScaFlaw: function(configId) {