use of com.contrastsecurity.sdk.ContrastSDK in project contrast-continuous-application-security-plugin by jenkinsci.
the class VulnerabilityTrendStepTest method testSuccessfulBuild.
@Test
public void testSuccessfulBuild() throws Exception {
VulnerabilityTrendStep.Execution stepExecution = spy(new VulnerabilityTrendStep.Execution());
stepExecution.step = new VulnerabilityTrendStep("local", 10, null, null);
when(Jenkins.getInstance()).thenReturn(jenkins);
stepExecution.taskListener = taskListenerMock;
when(taskListenerMock.getLogger()).thenReturn(printStreamMock);
doNothing().when(printStreamMock).println();
Traces tracesMock = mock(Traces.class);
when(tracesMock.getCount()).thenReturn(0);
ContrastSDK contrastSDKMock = mock(ContrastSDK.class);
doReturn("test").when(stepExecution).getBuildName();
given(VulnerabilityTrendHelper.createSDK(anyString(), anyString(), anyString(), anyString())).willReturn(contrastSDKMock);
TeamServerProfile profile = new TeamServerProfile("local", "contrast", "demo", "demo", "www.google.com", "org-uuid", "Jenkins", false);
given(VulnerabilityTrendHelper.getProfile(anyString())).willReturn(profile);
when(contrastSDKMock.getTracesInOrg(anyString(), any(TraceFilterForm.class))).thenReturn(tracesMock);
assertNull(stepExecution.run());
}
use of com.contrastsecurity.sdk.ContrastSDK in project contrast-continuous-application-security-plugin by jenkinsci.
the class VulnerabilityTrendHelper method createSDK.
public static ContrastSDK createSDK(String username, String serviceKey, String apiKey, String teamServerUrl) {
ContrastSDK contrastSDK;
Jenkins jenkinsInstance = Jenkins.getInstance();
ProxyConfiguration proxyConfig = null;
if (jenkinsInstance != null) {
proxyConfig = jenkinsInstance.proxy;
}
URL url = null;
Proxy proxyToUse = Proxy.NO_PROXY;
try {
url = new URL(teamServerUrl);
} catch (MalformedURLException e) {
e.printStackTrace();
}
if (proxyConfig != null && url != null) {
Proxy proxy = proxyConfig.createProxy(url.getHost());
if (proxy != null && proxy.type() == Proxy.Type.HTTP) {
proxyToUse = proxy;
}
}
contrastSDK = new ContrastSDK(username, serviceKey, apiKey, teamServerUrl, proxyToUse);
return contrastSDK;
}
use of com.contrastsecurity.sdk.ContrastSDK in project contrast-continuous-application-security-plugin by jenkinsci.
the class VulnerabilityTrendRecorder method perform.
@Override
public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, final BuildListener listener) throws IOException {
if (!build.isBuilding()) {
return false;
}
VulnerabilityTrendHelper.logMessage(listener, "Checking the number of vulnerabilities for this application.");
ContrastSDK contrastSDK;
Traces traces;
Set<Trace> resultTraces = new HashSet<>();
TeamServerProfile profile = getProfile();
contrastSDK = VulnerabilityTrendHelper.createSDK(profile.getUsername(), profile.getServiceKey(), profile.getApiKey(), profile.getTeamServerUrl());
String applicationId = getApplicationId(contrastSDK, profile.getOrgUuid(), build.getParent().getDisplayName());
if (applicationId.equals("")) {
VulnerabilityTrendHelper.logMessage(listener, "Application with name '" + build.getParent().getDisplayName() + "' not found.");
if (profile.isFailOnWrongApplicationName()) {
throw new AbortException("Application with name '" + build.getParent().getDisplayName() + "' not found.");
}
}
// iterate over conditions; fail on first
for (ThresholdCondition condition : conditions) {
VulnerabilityTrendHelper.logMessage(listener, "Checking the threshold condition where " + condition.toString());
try {
TraceFilterForm filterForm = new TraceFilterForm();
filterForm.setAppVersionTags(Collections.singletonList(VulnerabilityTrendHelper.buildAppVersionTag(build)));
if (condition.getThresholdSeverity() != null) {
filterForm.setSeverities(VulnerabilityTrendHelper.getSeverityList(condition.getThresholdSeverity()));
}
if (condition.getThresholdVulnType() != null) {
filterForm.setVulnTypes(Collections.singletonList(condition.getThresholdVulnType()));
}
traces = contrastSDK.getTracesInOrg(profile.getOrgUuid(), filterForm);
} catch (Exception e) {
VulnerabilityTrendHelper.logMessage(listener, e.getMessage());
throw new AbortException("Unable to retrieve vulnerability information from TeamServer.");
}
resultTraces.addAll(traces.getTraces());
// Integer.parseInt(condition.getThresholdCount());
int thresholdCount = condition.getThresholdCount();
if (traces.getCount() > thresholdCount) {
// save results before failing build
buildResult(resultTraces, build);
throw new AbortException("Failed on the threshold condition where " + condition.toString());
}
}
buildResult(resultTraces, build);
VulnerabilityTrendHelper.logMessage(listener, "This build passes all vulnerability threshold conditions!");
return true;
}
use of com.contrastsecurity.sdk.ContrastSDK in project contrast-continuous-application-security-plugin by jenkinsci.
the class VulnerabilityTrendStepTest method testUnsuccessfulBuild.
@Test(expected = AbortException.class)
public void testUnsuccessfulBuild() throws Exception {
VulnerabilityTrendStep.Execution stepExecution = spy(new VulnerabilityTrendStep.Execution());
stepExecution.step = new VulnerabilityTrendStep("local", 10, "xss", "High");
when(Jenkins.getInstance()).thenReturn(jenkins);
stepExecution.taskListener = taskListenerMock;
when(taskListenerMock.getLogger()).thenReturn(printStreamMock);
doNothing().when(printStreamMock).println();
Traces tracesMock = mock(Traces.class);
when(tracesMock.getCount()).thenReturn(11);
ContrastSDK contrastSDKMock = mock(ContrastSDK.class);
doReturn("test").when(stepExecution).getBuildName();
given(VulnerabilityTrendHelper.createSDK(anyString(), anyString(), anyString(), anyString())).willReturn(contrastSDKMock);
TeamServerProfile profile = new TeamServerProfile("local", "contrast", "demo", "demo", "www.google.com", "org-uuid", "Jenkins", false);
given(VulnerabilityTrendHelper.getProfile(anyString())).willReturn(profile);
when(contrastSDKMock.getTracesInOrg(anyString(), any(TraceFilterForm.class))).thenReturn(tracesMock);
assertNull(stepExecution.run());
}
Aggregations