use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.
the class FalsePositiveMetaDataFactory method createMetaData.
/**
* Creates meta data for given finding
*
* @param finding
* @return meta data, never <code>null</code>
*/
public FalsePositiveMetaData createMetaData(SecHubFinding finding) {
ScanType type = finding.getType();
if (type == null) {
/* hmm.. maybe an old report where type was not set */
SecHubCodeCallStack callstack = finding.getCode();
if (callstack == null) {
throw new IllegalStateException("Sorry, cannot determine scan type which is necessary for false positive handling. Please start a new scanjob and use this job UUID and retry.");
}
type = ScanType.CODE_SCAN;
LOG.warn("scan type was not given - fallback to {}", type);
}
switch(type) {
case CODE_SCAN:
return createCodeScan(finding);
case WEB_SCAN:
return createWebScan(finding);
default:
throw new NotAcceptableException("A false positive handling for type " + type + " is currently not implemented!");
}
}
use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.
the class ScanTypeBasedProductExecutorFilterTest method addUnwantedProductExecutors.
private void addUnwantedProductExecutors(ScanType wantedType, List<ProductExecutor> list) {
for (ScanType type : ScanType.values()) {
if (type.equals(wantedType)) {
continue;
}
ProductExecutor unwanted = mock(ProductExecutor.class);
list.add(unwanted);
}
}
use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.
the class SerecoFalsePositiveMarker method isFalsePositive.
private boolean isFalsePositive(SerecoVulnerability vulnerability, FalsePositiveEntry entry) {
FalsePositiveMetaData metaData = entry.getMetaData();
ScanType scanType = metaData.getScanType();
if (scanType != vulnerability.getScanType()) {
/* not same type - fast exit */
return false;
}
if (scanType == null) {
/* just in case ... */
return false;
}
switch(scanType) {
case CODE_SCAN:
case WEB_SCAN:
return falsePositiveFinder.isFound(vulnerability, metaData);
default:
LOG.error("Cannot handle scan type {} - not implemented!", scanType);
return false;
}
}
use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.
the class SerecoProductResultTransformer method transform.
@Override
public ReportTransformationResult transform(ProductResult serecoProductResult) throws SecHubExecutionException {
String origin = serecoProductResult.getResult();
String projectId = serecoProductResult.getProjectId();
UUID sechubJobUUID = serecoProductResult.getSecHubJobUUID();
SerecoMetaData data = JSONConverter.get().fromJSON(SerecoMetaData.class, origin);
falsePositiveMarker.markFalsePositives(projectId, data.getVulnerabilities());
ReportTransformationResult transformerResult = new ReportTransformationResult();
transformerResult.setReportVersion(SecHubReportVersion.VERSION_1_0.getVersionAsString());
transformerResult.setJobUUID(sechubJobUUID);
List<SecHubFinding> findings = transformerResult.getResult().getFindings();
int findingId = 0;
for (SerecoVulnerability vulnerability : data.getVulnerabilities()) {
findingId++;
if (vulnerability.isFalsePositive()) {
/*
* we do not add false positives to report - so we store only real positives.
* False positive data is still available in SeReCo results and so in admin scan
* logs,
*/
continue;
}
SecHubFinding finding = new SecHubFinding();
handleClassifications(finding, vulnerability, serecoProductResult.getSecHubJobUUID());
finding.setDescription(vulnerability.getDescription());
finding.setName(vulnerability.getType());
finding.setSolution(vulnerability.getSolution());
finding.setId(findingId);
finding.setSeverity(transformSeverity(vulnerability.getSeverity()));
if (showProductLineResultLink) {
finding.setProductResultLink(vulnerability.getProductResultLink());
}
ScanType scanType = vulnerability.getScanType();
finding.setType(scanType);
if (scanType == null) {
// this should normally only happen for artificial vulnerability which
// were added for SecHub failures (a legacy feature which will be removed in
// future).
scanType = ScanType.UNKNOWN;
LOG.debug("Finding:{} '{}' has no scan type set. Use {} as fallback.", findingId, vulnerability.getType(), scanType);
}
switch(scanType) {
case CODE_SCAN:
finding.setCode(convert(vulnerability.getCode()));
break;
case INFRA_SCAN:
break;
case WEB_SCAN:
appendWebData(sechubJobUUID, vulnerability, finding);
break;
default:
break;
}
findings.add(finding);
}
handleAnnotations(sechubJobUUID, data, transformerResult);
/* when status is not set already, no failure has appeared and we mark as OK */
if (transformerResult.getStatus() == null) {
transformerResult.setStatus(SecHubStatus.SUCCESS);
}
return transformerResult;
}
use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.
the class ScanTypeTest method scantypes_pds_ids_are_all_found_in_sechub_scantypes.
@Test
public void scantypes_pds_ids_are_all_found_in_sechub_scantypes() {
// check every pds scan type is recognized in sechub
for (PDSScanType scantype : PDSScanType.values()) {
ScanType scanType = ScanType.valueOf(scantype.name());
assertNotNull("Should not happen - because of valueOf should throw exception in this case", scanType);
assertEquals("scan type ids differ!", scantype.getId(), scanType.getId());
}
}
Aggregations