Example 1 with VulnerabilityDescription
use of com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription in project cx-flow by checkmarx-ltd.
the class IastCliSteps method mockIastServiceRequestsApiScansScanTagFinish.
@SneakyThrows
private Scan mockIastServiceRequestsApiScansScanTagFinish(String scanTag) {
Scan scan = new Scan();
scan.setScanId(1443L);
scan.setStartTime(new Date().toInstant());
scan.setProjectId(734L);
scan.setProjectName("bank-gateway");
scan.setRiskScore(0);
scan.setTag(scanTag);
scan.setCoverage(0.585);
scan.setApiCoverage(5.56);
when(iastServiceRequests.apiScansScanTagFinish(scanTag)).thenReturn(scan);
VulnerabilityDescription vulnerabilityDescription = mock(VulnerabilityDescription.class);
when(iastServiceRequests.apiVulnerabilitiesDescription(any(), any())).thenReturn(vulnerabilityDescription);
when(vulnerabilityDescription.getRisk()).thenReturn("MOCK_RISK");
return scan;
}
Also used :
VulnerabilityDescription(com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription)
SneakyThrows(lombok.SneakyThrows)
Example 2 with VulnerabilityDescription
use of com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription in project cx-flow by checkmarx-ltd.
the class IastService method generateDescription.
private String generateDescription(VulnerabilityInfo vulnerability, Scan scan, boolean htmlDescription) {
StringBuilder result = new StringBuilder();
String lineSeparator = System.lineSeparator();
if (htmlDescription) {
lineSeparator = "<br>";
}
try {
VulnerabilityDescription vulnerabilityDescription = iastServiceRequests.apiVulnerabilitiesDescription(vulnerability.getId(), DEFAULT_LANG);
result.append(vulnerabilityDescription.getRisk()).append(lineSeparator);
} catch (IOException | RuntimeException e) {
log.error("Can't get information about vulnerability", e);
}
result.append("Scan Tag: ").append(scan.getTag());
return result.toString();
}
Also used :
IOException(java.io.IOException)
VulnerabilityDescription(com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription)
Example 3 with VulnerabilityDescription
use of com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription in project cx-flow by checkmarx-ltd.
the class IastCliSteps method mockIastServiceRequestsApiScanResults.
private void mockIastServiceRequestsApiScanResults(Scan scan, VulnerabilityInfo vulnerabilityInfo) throws IOException {
List<ResultInfo> scansResultsQuery = new ArrayList<>();
ResultInfo scansResultQuery = new ResultInfo();
scansResultQuery.setResultId(vulnerabilityInfo.getId());
scansResultQuery.setName("SSRF");
scansResultQuery.setUrl("bank-gateway/name?name=test_CheckBalance");
scansResultQuery.setDate(new Date().toInstant());
if (vulnerabilityInfo.getId() == 73L) {
scansResultQuery.setSeverity(Severity.MEDIUM);
} else {
scansResultQuery.setSeverity(Severity.LOW);
}
scansResultQuery.setHttpMethod(HttpMethod.GET);
scansResultQuery.setNewResult(true);
scansResultQuery.setResolved(ResolutionStatus.NOT_RESOLVED);
scansResultQuery.setCorrelated(false);
scansResultQuery.setResultState(ManagementResultState.TO_VERIFY);
scansResultQuery.setCwe(918);
scansResultQuery.setAssignedToUser(false);
scansResultsQuery.add(scansResultQuery);
when(iastServiceRequests.apiScanResults(scan.getScanId(), vulnerabilityInfo.getId())).thenReturn(scansResultsQuery);
VulnerabilityDescription vulnerabilityDescription = mock(VulnerabilityDescription.class);
when(iastServiceRequests.apiVulnerabilitiesDescription(any(), any())).thenReturn(vulnerabilityDescription);
when(vulnerabilityDescription.getRisk()).thenReturn("MOCK_RISK");
}
Also used :
VulnerabilityDescription(com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription)
Aggregations
VulnerabilityDescription (com.checkmarx.flow.dto.iast.manager.dto.description.VulnerabilityDescription)3
IOException (java.io.IOException)1
SneakyThrows (lombok.SneakyThrows)1
