Search in sources :

Example 16 with ToolVersionScanResult

use of com.epam.pipeline.entity.scan.ToolVersionScanResult in project cloud-pipeline by epam.

the class ToolManagerTest method testUpdateToolScanStatus.

@Test()
@Transactional(propagation = Propagation.REQUIRES_NEW, rollbackFor = Exception.class)
public void testUpdateToolScanStatus() {
    Tool tool = generateTool(TEST_GROUP_ID1);
    tool.setToolGroupId(firstToolGroup.getId());
    toolManager.create(tool, true);
    String layerRef = "layerref";
    String digest = "digest";
    Date now = new Date();
    ToolScanStatus status = ToolScanStatus.COMPLETED;
    toolManager.updateToolVersionScanStatus(tool.getId(), status, now, LATEST_TAG, layerRef, digest);
    toolManager.updateWhiteListWithToolVersionStatus(tool.getId(), LATEST_TAG, true);
    ToolVersionScanResult versionScan = toolManager.loadToolVersionScan(tool.getId(), LATEST_TAG).get();
    Assert.assertEquals(status, versionScan.getStatus());
    Assert.assertEquals(now, versionScan.getScanDate());
    Assert.assertEquals(now, versionScan.getSuccessScanDate());
    Assert.assertEquals(layerRef, versionScan.getLastLayerRef());
    layerRef = "newlayerref";
    digest = "newdigest";
    now = new Date();
    toolManager.updateToolVersionScanStatus(tool.getId(), status, now, LATEST_TAG, layerRef, digest);
    Assert.assertEquals(1, toolManager.loadToolScanResult(tool).getToolVersionScanResults().values().size());
    versionScan = toolManager.loadToolVersionScan(tool.getId(), LATEST_TAG).get();
    Assert.assertEquals(now, versionScan.getScanDate());
    Assert.assertEquals(now, versionScan.getSuccessScanDate());
    Assert.assertEquals(layerRef, versionScan.getLastLayerRef());
    Assert.assertFalse(versionScan.isFromWhiteList());
}
Also used : ToolVersionScanResult(com.epam.pipeline.entity.scan.ToolVersionScanResult) Matchers.anyString(org.mockito.Matchers.anyString) AbstractManagerTest(com.epam.pipeline.manager.AbstractManagerTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 17 with ToolVersionScanResult

use of com.epam.pipeline.entity.scan.ToolVersionScanResult in project cloud-pipeline by epam.

the class ToolManagerTest method testLoadToolScanResult.

@Test()
@Transactional(propagation = Propagation.REQUIRES_NEW, rollbackFor = Exception.class)
public void testLoadToolScanResult() {
    String latestVersion = "latest", testRef = "testRef", prevVersion = "prev";
    Date scanDate = new Date();
    Mockito.doReturn(Arrays.asList(latestVersion, prevVersion)).when(dockerClient).getImageTags(any(), anyString());
    Tool tool = generateTool(TEST_GROUP_ID1);
    tool.setToolGroupId(firstToolGroup.getId());
    toolManager.create(tool, true);
    toolManager.updateToolVersionScanStatus(tool.getId(), ToolScanStatus.COMPLETED, scanDate, latestVersion, testRef, testRef);
    ToolScanResult loaded = toolManager.loadToolScanResult(tool);
    Assert.assertEquals(ToolScanStatus.COMPLETED, loaded.getToolVersionScanResults().get(latestVersion).getStatus());
    Assert.assertEquals(scanDate, loaded.getToolVersionScanResults().get(latestVersion).getSuccessScanDate());
    Assert.assertEquals(scanDate, loaded.getToolVersionScanResults().get(latestVersion).getScanDate());
    Optional<String> loadedRef = toolManager.loadToolVersionScan(tool.getId(), latestVersion).map(ToolVersionScanResult::getLastLayerRef);
    Assert.assertTrue(loadedRef.isPresent());
    Assert.assertEquals(testRef, loadedRef.get());
    Optional<String> loadedDigest = toolManager.loadToolVersionScan(tool.getId(), latestVersion).map(ToolVersionScanResult::getDigest);
    Assert.assertTrue(loadedDigest.isPresent());
    Assert.assertEquals(testRef, loadedDigest.get());
    // check that we will get empty ToolVersionScanResult for not scanned version
    Assert.assertEquals(ToolScanStatus.NOT_SCANNED, loaded.getToolVersionScanResults().get(prevVersion).getStatus());
    Assert.assertEquals(null, loaded.getToolVersionScanResults().get(prevVersion).getSuccessScanDate());
}
Also used : ToolScanResult(com.epam.pipeline.entity.scan.ToolScanResult) ToolVersionScanResult(com.epam.pipeline.entity.scan.ToolVersionScanResult) Matchers.anyString(org.mockito.Matchers.anyString) AbstractManagerTest(com.epam.pipeline.manager.AbstractManagerTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 18 with ToolVersionScanResult

use of com.epam.pipeline.entity.scan.ToolVersionScanResult in project cloud-pipeline by epam.

the class TestUtils method generateScanResult.

public static ToolVersionScanResult generateScanResult(int criticalVulnerabilitiesCount, int highVulnerabilitiesCount, int mediumVulnerabilitiesCount) {
    ToolVersionScanResult result = new ToolVersionScanResult();
    generateScanResult(criticalVulnerabilitiesCount, highVulnerabilitiesCount, mediumVulnerabilitiesCount, result);
    return result;
}
Also used : ToolVersionScanResult(com.epam.pipeline.entity.scan.ToolVersionScanResult)

Example 19 with ToolVersionScanResult

use of com.epam.pipeline.entity.scan.ToolVersionScanResult in project cloud-pipeline by epam.

the class TestUtils method generateScanResult.

public static void generateScanResult(int criticalVulnerabilitiesCount, int highVulnerabilitiesCount, int mediumVulnerabilitiesCount, ToolVersionScanResult versionScanResult) {
    List<Vulnerability> testVulnerabilities = IntStream.range(0, criticalVulnerabilitiesCount).mapToObj(i -> createVulnerability(VulnerabilitySeverity.Critical)).collect(Collectors.toList());
    testVulnerabilities.addAll(IntStream.range(0, highVulnerabilitiesCount).mapToObj(i -> createVulnerability(VulnerabilitySeverity.High)).collect(Collectors.toList()));
    testVulnerabilities.addAll(IntStream.range(0, mediumVulnerabilitiesCount).mapToObj(i -> createVulnerability(VulnerabilitySeverity.Medium)).collect(Collectors.toList()));
    versionScanResult.setVulnerabilities(testVulnerabilities);
    versionScanResult.setScanDate(new Date());
    versionScanResult.setSuccessScanDate(new Date());
    versionScanResult.setStatus(ToolScanStatus.COMPLETED);
}
Also used : IntStream(java.util.stream.IntStream) Date(java.util.Date) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ManifestV2(com.epam.pipeline.entity.docker.ManifestV2) Vulnerability(com.epam.pipeline.entity.scan.Vulnerability) Collectors(java.util.stream.Collectors) Matchers.anyString(org.mockito.Matchers.anyString) Matchers.any(org.mockito.Matchers.any) Mockito(org.mockito.Mockito) List(java.util.List) ToolVersionScanResult(com.epam.pipeline.entity.scan.ToolVersionScanResult) Map(java.util.Map) Optional(java.util.Optional) VulnerabilitySeverity(com.epam.pipeline.entity.scan.VulnerabilitySeverity) DockerClientFactory(com.epam.pipeline.manager.docker.DockerClientFactory) Assert(org.junit.Assert) Collections(java.util.Collections) DockerClient(com.epam.pipeline.manager.docker.DockerClient) ToolVersion(com.epam.pipeline.entity.docker.ToolVersion) ToolScanStatus(com.epam.pipeline.entity.pipeline.ToolScanStatus) Vulnerability(com.epam.pipeline.entity.scan.Vulnerability) Date(java.util.Date)

Aggregations

ToolVersionScanResult (com.epam.pipeline.entity.scan.ToolVersionScanResult)19 DockerClient (com.epam.pipeline.manager.docker.DockerClient)6 DockerRegistry (com.epam.pipeline.entity.pipeline.DockerRegistry)5 Tool (com.epam.pipeline.entity.pipeline.Tool)5 ToolScanStatus (com.epam.pipeline.entity.pipeline.ToolScanStatus)5 ToolScanExternalServiceException (com.epam.pipeline.exception.ToolScanExternalServiceException)5 List (java.util.List)5 Transactional (org.springframework.transaction.annotation.Transactional)5 ManifestV2 (com.epam.pipeline.entity.docker.ManifestV2)4 Vulnerability (com.epam.pipeline.entity.scan.Vulnerability)4 AbstractManagerTest (com.epam.pipeline.manager.AbstractManagerTest)4 Date (java.util.Date)4 Matchers.anyString (org.mockito.Matchers.anyString)4 MessageConstants (com.epam.pipeline.common.MessageConstants)3 MessageHelper (com.epam.pipeline.common.MessageHelper)3 ToolDependency (com.epam.pipeline.entity.scan.ToolDependency)3 ToolScanResult (com.epam.pipeline.entity.scan.ToolScanResult)3 VulnerabilitySeverity (com.epam.pipeline.entity.scan.VulnerabilitySeverity)3 DateUtils (com.epam.pipeline.entity.utils.DateUtils)3 DockerClientFactory (com.epam.pipeline.manager.docker.DockerClientFactory)3