Search in sources :

Example 1 with ContrastSDK

use of com.contrastsecurity.sdk.ContrastSDK in project contrast-continuous-application-security-plugin by jenkinsci.

the class VulnerabilityTrendStepTest method testSuccessfulBuild.

@Test
public void testSuccessfulBuild() throws Exception {
    VulnerabilityTrendStep.Execution stepExecution = spy(new VulnerabilityTrendStep.Execution());
    stepExecution.step = new VulnerabilityTrendStep("local", 10, null, null);
    when(Jenkins.getInstance()).thenReturn(jenkins);
    stepExecution.taskListener = taskListenerMock;
    when(taskListenerMock.getLogger()).thenReturn(printStreamMock);
    doNothing().when(printStreamMock).println();
    Traces tracesMock = mock(Traces.class);
    when(tracesMock.getCount()).thenReturn(0);
    ContrastSDK contrastSDKMock = mock(ContrastSDK.class);
    doReturn("test").when(stepExecution).getBuildName();
    given(VulnerabilityTrendHelper.createSDK(anyString(), anyString(), anyString(), anyString())).willReturn(contrastSDKMock);
    TeamServerProfile profile = new TeamServerProfile("local", "contrast", "demo", "demo", "www.google.com", "org-uuid", "Jenkins", false);
    given(VulnerabilityTrendHelper.getProfile(anyString())).willReturn(profile);
    when(contrastSDKMock.getTracesInOrg(anyString(), any(TraceFilterForm.class))).thenReturn(tracesMock);
    assertNull(stepExecution.run());
}
Also used : ContrastSDK(com.contrastsecurity.sdk.ContrastSDK) Traces(com.contrastsecurity.models.Traces) TraceFilterForm(com.contrastsecurity.http.TraceFilterForm) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 2 with ContrastSDK

use of com.contrastsecurity.sdk.ContrastSDK in project contrast-continuous-application-security-plugin by jenkinsci.

the class VulnerabilityTrendHelper method createSDK.

public static ContrastSDK createSDK(String username, String serviceKey, String apiKey, String teamServerUrl) {
    ContrastSDK contrastSDK;
    Jenkins jenkinsInstance = Jenkins.getInstance();
    ProxyConfiguration proxyConfig = null;
    if (jenkinsInstance != null) {
        proxyConfig = jenkinsInstance.proxy;
    }
    URL url = null;
    Proxy proxyToUse = Proxy.NO_PROXY;
    try {
        url = new URL(teamServerUrl);
    } catch (MalformedURLException e) {
        e.printStackTrace();
    }
    if (proxyConfig != null && url != null) {
        Proxy proxy = proxyConfig.createProxy(url.getHost());
        if (proxy != null && proxy.type() == Proxy.Type.HTTP) {
            proxyToUse = proxy;
        }
    }
    contrastSDK = new ContrastSDK(username, serviceKey, apiKey, teamServerUrl, proxyToUse);
    return contrastSDK;
}
Also used : Jenkins(jenkins.model.Jenkins) ContrastSDK(com.contrastsecurity.sdk.ContrastSDK) Proxy(java.net.Proxy) MalformedURLException(java.net.MalformedURLException) ProxyConfiguration(hudson.ProxyConfiguration) URL(java.net.URL)

Example 3 with ContrastSDK

use of com.contrastsecurity.sdk.ContrastSDK in project contrast-continuous-application-security-plugin by jenkinsci.

the class VulnerabilityTrendRecorder method perform.

@Override
public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, final BuildListener listener) throws IOException {
    if (!build.isBuilding()) {
        return false;
    }
    VulnerabilityTrendHelper.logMessage(listener, "Checking the number of vulnerabilities for this application.");
    ContrastSDK contrastSDK;
    Traces traces;
    Set<Trace> resultTraces = new HashSet<>();
    TeamServerProfile profile = getProfile();
    contrastSDK = VulnerabilityTrendHelper.createSDK(profile.getUsername(), profile.getServiceKey(), profile.getApiKey(), profile.getTeamServerUrl());
    String applicationId = getApplicationId(contrastSDK, profile.getOrgUuid(), build.getParent().getDisplayName());
    if (applicationId.equals("")) {
        VulnerabilityTrendHelper.logMessage(listener, "Application with name '" + build.getParent().getDisplayName() + "' not found.");
        if (profile.isFailOnWrongApplicationName()) {
            throw new AbortException("Application with name '" + build.getParent().getDisplayName() + "' not found.");
        }
    }
    // iterate over conditions; fail on first
    for (ThresholdCondition condition : conditions) {
        VulnerabilityTrendHelper.logMessage(listener, "Checking the threshold condition where " + condition.toString());
        try {
            TraceFilterForm filterForm = new TraceFilterForm();
            filterForm.setAppVersionTags(Collections.singletonList(VulnerabilityTrendHelper.buildAppVersionTag(build)));
            if (condition.getThresholdSeverity() != null) {
                filterForm.setSeverities(VulnerabilityTrendHelper.getSeverityList(condition.getThresholdSeverity()));
            }
            if (condition.getThresholdVulnType() != null) {
                filterForm.setVulnTypes(Collections.singletonList(condition.getThresholdVulnType()));
            }
            traces = contrastSDK.getTracesInOrg(profile.getOrgUuid(), filterForm);
        } catch (Exception e) {
            VulnerabilityTrendHelper.logMessage(listener, e.getMessage());
            throw new AbortException("Unable to retrieve vulnerability information from TeamServer.");
        }
        resultTraces.addAll(traces.getTraces());
        // Integer.parseInt(condition.getThresholdCount());
        int thresholdCount = condition.getThresholdCount();
        if (traces.getCount() > thresholdCount) {
            // save results before failing build
            buildResult(resultTraces, build);
            throw new AbortException("Failed on the threshold condition where " + condition.toString());
        }
    }
    buildResult(resultTraces, build);
    VulnerabilityTrendHelper.logMessage(listener, "This build passes all vulnerability threshold conditions!");
    return true;
}
Also used : Trace(com.contrastsecurity.models.Trace) ContrastSDK(com.contrastsecurity.sdk.ContrastSDK) Traces(com.contrastsecurity.models.Traces) TraceFilterForm(com.contrastsecurity.http.TraceFilterForm) UnauthorizedException(com.contrastsecurity.exceptions.UnauthorizedException) AbortException(hudson.AbortException) IOException(java.io.IOException) HashSet(java.util.HashSet) AbortException(hudson.AbortException)

Example 4 with ContrastSDK

use of com.contrastsecurity.sdk.ContrastSDK in project contrast-continuous-application-security-plugin by jenkinsci.

the class VulnerabilityTrendStepTest method testUnsuccessfulBuild.

@Test(expected = AbortException.class)
public void testUnsuccessfulBuild() throws Exception {
    VulnerabilityTrendStep.Execution stepExecution = spy(new VulnerabilityTrendStep.Execution());
    stepExecution.step = new VulnerabilityTrendStep("local", 10, "xss", "High");
    when(Jenkins.getInstance()).thenReturn(jenkins);
    stepExecution.taskListener = taskListenerMock;
    when(taskListenerMock.getLogger()).thenReturn(printStreamMock);
    doNothing().when(printStreamMock).println();
    Traces tracesMock = mock(Traces.class);
    when(tracesMock.getCount()).thenReturn(11);
    ContrastSDK contrastSDKMock = mock(ContrastSDK.class);
    doReturn("test").when(stepExecution).getBuildName();
    given(VulnerabilityTrendHelper.createSDK(anyString(), anyString(), anyString(), anyString())).willReturn(contrastSDKMock);
    TeamServerProfile profile = new TeamServerProfile("local", "contrast", "demo", "demo", "www.google.com", "org-uuid", "Jenkins", false);
    given(VulnerabilityTrendHelper.getProfile(anyString())).willReturn(profile);
    when(contrastSDKMock.getTracesInOrg(anyString(), any(TraceFilterForm.class))).thenReturn(tracesMock);
    assertNull(stepExecution.run());
}
Also used : ContrastSDK(com.contrastsecurity.sdk.ContrastSDK) Traces(com.contrastsecurity.models.Traces) TraceFilterForm(com.contrastsecurity.http.TraceFilterForm) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Aggregations

ContrastSDK (com.contrastsecurity.sdk.ContrastSDK)4 TraceFilterForm (com.contrastsecurity.http.TraceFilterForm)3 Traces (com.contrastsecurity.models.Traces)3 Test (org.junit.Test)2 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)2 UnauthorizedException (com.contrastsecurity.exceptions.UnauthorizedException)1 Trace (com.contrastsecurity.models.Trace)1 AbortException (hudson.AbortException)1 ProxyConfiguration (hudson.ProxyConfiguration)1 IOException (java.io.IOException)1 MalformedURLException (java.net.MalformedURLException)1 Proxy (java.net.Proxy)1 URL (java.net.URL)1 HashSet (java.util.HashSet)1 Jenkins (jenkins.model.Jenkins)1