Search in sources :

Example 6 with ScanType

use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.

the class FalsePositiveMetaDataFactory method createMetaData.

/**
 * Creates meta data for given finding
 *
 * @param finding
 * @return meta data, never <code>null</code>
 */
public FalsePositiveMetaData createMetaData(SecHubFinding finding) {
    ScanType type = finding.getType();
    if (type == null) {
        /* hmm.. maybe an old report where type was not set */
        SecHubCodeCallStack callstack = finding.getCode();
        if (callstack == null) {
            throw new IllegalStateException("Sorry, cannot determine scan type which is necessary for false positive handling. Please start a new scanjob and use this job UUID and retry.");
        }
        type = ScanType.CODE_SCAN;
        LOG.warn("scan type was not given - fallback to {}", type);
    }
    switch(type) {
        case CODE_SCAN:
            return createCodeScan(finding);
        case WEB_SCAN:
            return createWebScan(finding);
        default:
            throw new NotAcceptableException("A false positive handling for type " + type + " is currently not implemented!");
    }
}
Also used : ScanType(com.mercedesbenz.sechub.commons.model.ScanType) NotAcceptableException(com.mercedesbenz.sechub.sharedkernel.error.NotAcceptableException) SecHubCodeCallStack(com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack)

Example 7 with ScanType

use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.

the class ScanTypeBasedProductExecutorFilterTest method addUnwantedProductExecutors.

private void addUnwantedProductExecutors(ScanType wantedType, List<ProductExecutor> list) {
    for (ScanType type : ScanType.values()) {
        if (type.equals(wantedType)) {
            continue;
        }
        ProductExecutor unwanted = mock(ProductExecutor.class);
        list.add(unwanted);
    }
}
Also used : ScanType(com.mercedesbenz.sechub.commons.model.ScanType)

Example 8 with ScanType

use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.

the class SerecoFalsePositiveMarker method isFalsePositive.

private boolean isFalsePositive(SerecoVulnerability vulnerability, FalsePositiveEntry entry) {
    FalsePositiveMetaData metaData = entry.getMetaData();
    ScanType scanType = metaData.getScanType();
    if (scanType != vulnerability.getScanType()) {
        /* not same type - fast exit */
        return false;
    }
    if (scanType == null) {
        /* just in case ... */
        return false;
    }
    switch(scanType) {
        case CODE_SCAN:
        case WEB_SCAN:
            return falsePositiveFinder.isFound(vulnerability, metaData);
        default:
            LOG.error("Cannot handle scan type {} - not implemented!", scanType);
            return false;
    }
}
Also used : FalsePositiveMetaData(com.mercedesbenz.sechub.domain.scan.project.FalsePositiveMetaData) ScanType(com.mercedesbenz.sechub.commons.model.ScanType)

Example 9 with ScanType

use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.

the class SerecoProductResultTransformer method transform.

@Override
public ReportTransformationResult transform(ProductResult serecoProductResult) throws SecHubExecutionException {
    String origin = serecoProductResult.getResult();
    String projectId = serecoProductResult.getProjectId();
    UUID sechubJobUUID = serecoProductResult.getSecHubJobUUID();
    SerecoMetaData data = JSONConverter.get().fromJSON(SerecoMetaData.class, origin);
    falsePositiveMarker.markFalsePositives(projectId, data.getVulnerabilities());
    ReportTransformationResult transformerResult = new ReportTransformationResult();
    transformerResult.setReportVersion(SecHubReportVersion.VERSION_1_0.getVersionAsString());
    transformerResult.setJobUUID(sechubJobUUID);
    List<SecHubFinding> findings = transformerResult.getResult().getFindings();
    int findingId = 0;
    for (SerecoVulnerability vulnerability : data.getVulnerabilities()) {
        findingId++;
        if (vulnerability.isFalsePositive()) {
            /*
                 * we do not add false positives to report - so we store only real positives.
                 * False positive data is still available in SeReCo results and so in admin scan
                 * logs,
                 */
            continue;
        }
        SecHubFinding finding = new SecHubFinding();
        handleClassifications(finding, vulnerability, serecoProductResult.getSecHubJobUUID());
        finding.setDescription(vulnerability.getDescription());
        finding.setName(vulnerability.getType());
        finding.setSolution(vulnerability.getSolution());
        finding.setId(findingId);
        finding.setSeverity(transformSeverity(vulnerability.getSeverity()));
        if (showProductLineResultLink) {
            finding.setProductResultLink(vulnerability.getProductResultLink());
        }
        ScanType scanType = vulnerability.getScanType();
        finding.setType(scanType);
        if (scanType == null) {
            // this should normally only happen for artificial vulnerability which
            // were added for SecHub failures (a legacy feature which will be removed in
            // future).
            scanType = ScanType.UNKNOWN;
            LOG.debug("Finding:{} '{}' has no scan type set. Use {} as fallback.", findingId, vulnerability.getType(), scanType);
        }
        switch(scanType) {
            case CODE_SCAN:
                finding.setCode(convert(vulnerability.getCode()));
                break;
            case INFRA_SCAN:
                break;
            case WEB_SCAN:
                appendWebData(sechubJobUUID, vulnerability, finding);
                break;
            default:
                break;
        }
        findings.add(finding);
    }
    handleAnnotations(sechubJobUUID, data, transformerResult);
    /* when status is not set already, no failure has appeared and we mark as OK */
    if (transformerResult.getStatus() == null) {
        transformerResult.setStatus(SecHubStatus.SUCCESS);
    }
    return transformerResult;
}
Also used : ScanType(com.mercedesbenz.sechub.commons.model.ScanType) SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) ReportTransformationResult(com.mercedesbenz.sechub.domain.scan.ReportTransformationResult) UUID(java.util.UUID) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)

Example 10 with ScanType

use of com.mercedesbenz.sechub.commons.model.ScanType in project sechub by mercedes-benz.

the class ScanTypeTest method scantypes_pds_ids_are_all_found_in_sechub_scantypes.

@Test
public void scantypes_pds_ids_are_all_found_in_sechub_scantypes() {
    // check every pds scan type is recognized in sechub
    for (PDSScanType scantype : PDSScanType.values()) {
        ScanType scanType = ScanType.valueOf(scantype.name());
        assertNotNull("Should not happen - because of valueOf should throw exception in this case", scanType);
        assertEquals("scan type ids differ!", scantype.getId(), scanType.getId());
    }
}
Also used : PDSScanType(com.mercedesbenz.sechub.pds.config.PDSScanType) ScanType(com.mercedesbenz.sechub.commons.model.ScanType) PDSScanType(com.mercedesbenz.sechub.pds.config.PDSScanType) Test(org.junit.Test)

Aggregations

ScanType (com.mercedesbenz.sechub.commons.model.ScanType)10 PDSProductSetup (com.mercedesbenz.sechub.pds.config.PDSProductSetup)3 SecHubFileStructureDataProvider (com.mercedesbenz.sechub.commons.archive.SecHubFileStructureDataProvider)2 PDSScanType (com.mercedesbenz.sechub.pds.config.PDSScanType)2 Test (org.junit.Test)2 SecHubCodeCallStack (com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack)1 SecHubConfigurationModel (com.mercedesbenz.sechub.commons.model.SecHubConfigurationModel)1 SecHubFinding (com.mercedesbenz.sechub.commons.model.SecHubFinding)1 ReportTransformationResult (com.mercedesbenz.sechub.domain.scan.ReportTransformationResult)1 ProductExecutorConfig (com.mercedesbenz.sechub.domain.scan.product.config.ProductExecutorConfig)1 FalsePositiveMetaData (com.mercedesbenz.sechub.domain.scan.project.FalsePositiveMetaData)1 SerecoMetaData (com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)1 SerecoVulnerability (com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability)1 SecHubConfiguration (com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration)1 NotAcceptableException (com.mercedesbenz.sechub.sharedkernel.error.NotAcceptableException)1 UUID (java.util.UUID)1