Search in sources :

Example 6 with SecHubCodeCallStack

use of com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack in project sechub by mercedes-benz.

the class FalsePositiveMetaDataFactory method createCodeScan.

private FalsePositiveMetaData createCodeScan(SecHubFinding finding) {
    FalsePositiveMetaData metaData = createCommonMetaDataWithCweIdEnsured(finding);
    metaData.setScanType(ScanType.CODE_SCAN);
    FalsePositiveCodeMetaData code = new FalsePositiveCodeMetaData();
    SecHubCodeCallStack startCallStack = finding.getCode();
    if (startCallStack == null) {
        throw new IllegalStateException("Callstack must be given to create code scan meta data");
    }
    SecHubCodeCallStack endCallStack = startCallStack.getCalls();
    while (endCallStack != null && endCallStack.getCalls() != null) {
        endCallStack = endCallStack.getCalls();
    }
    code.setStart(importCallStackElement(startCallStack));
    code.setEnd(importCallStackElement(endCallStack));
    metaData.setCode(code);
    return metaData;
}
Also used : SecHubCodeCallStack(com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack)

Example 7 with SecHubCodeCallStack

use of com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack in project sechub by mercedes-benz.

the class HTMLScanResultReportModelBuilderTest method code_scan_entries_set_and_right_amount_of_call_stacks_populated.

@Test
public void code_scan_entries_set_and_right_amount_of_call_stacks_populated() {
    /* prepare */
    SecHubFinding finding = mock(SecHubFinding.class);
    SecHubCodeCallStack code1 = mock(SecHubCodeCallStack.class);
    SecHubCodeCallStack subCode = mock(SecHubCodeCallStack.class);
    when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED);
    when(scanSecHubReport.getResult()).thenReturn(result);
    when(result.getFindings()).thenReturn(Arrays.asList(finding));
    when(finding.getCode()).thenReturn(code1);
    when(code1.getCalls()).thenReturn(subCode);
    /* execute */
    Map<String, Object> buildResult = builderToTest.build(scanSecHubReport);
    /* test */
    assertNotNull(buildResult.get("codeScanEntries"));
    assertTrue(buildResult.get("codeScanEntries") instanceof Map<?, ?>);
    @SuppressWarnings("unchecked") Map<Integer, List<HTMLScanResultCodeScanEntry>> codeScanEntries = (Map<Integer, List<HTMLScanResultCodeScanEntry>>) buildResult.get("codeScanEntries");
    assertNotNull(codeScanEntries.get(0));
    List<HTMLScanResultCodeScanEntry> scanEntriesList = codeScanEntries.get(0);
    assertTrue(scanEntriesList.size() == 2);
}
Also used : SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) ArrayList(java.util.ArrayList) List(java.util.List) SecHubCodeCallStack(com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack) Map(java.util.Map) Test(org.junit.Test)

Example 8 with SecHubCodeCallStack

use of com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack in project sechub by mercedes-benz.

the class HtmlCodeScanDescriptionSupportTest method test_is_code_scan_with_code_scan_finding.

@Test
void test_is_code_scan_with_code_scan_finding() {
    /* prepare */
    SecHubFinding finding = new SecHubFinding();
    finding.setCode(new SecHubCodeCallStack());
    /* test */
    assertTrue(descriptionSupport.isCodeScan(finding));
}
Also used : SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) SecHubCodeCallStack(com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack) Test(org.junit.jupiter.api.Test)

Example 9 with SecHubCodeCallStack

use of com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack in project sechub by mercedes-benz.

the class FalsePositiveMetaDataFactory method createMetaData.

/**
 * Creates meta data for given finding
 *
 * @param finding
 * @return meta data, never <code>null</code>
 */
public FalsePositiveMetaData createMetaData(SecHubFinding finding) {
    ScanType type = finding.getType();
    if (type == null) {
        /* hmm.. maybe an old report where type was not set */
        SecHubCodeCallStack callstack = finding.getCode();
        if (callstack == null) {
            throw new IllegalStateException("Sorry, cannot determine scan type which is necessary for false positive handling. Please start a new scanjob and use this job UUID and retry.");
        }
        type = ScanType.CODE_SCAN;
        LOG.warn("scan type was not given - fallback to {}", type);
    }
    switch(type) {
        case CODE_SCAN:
            return createCodeScan(finding);
        case WEB_SCAN:
            return createWebScan(finding);
        default:
            throw new NotAcceptableException("A false positive handling for type " + type + " is currently not implemented!");
    }
}
Also used : ScanType(com.mercedesbenz.sechub.commons.model.ScanType) NotAcceptableException(com.mercedesbenz.sechub.sharedkernel.error.NotAcceptableException) SecHubCodeCallStack(com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack)

Example 10 with SecHubCodeCallStack

use of com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack in project sechub by mercedes-benz.

the class FalsePositiveMetaDataFactoryTest method createCodeFinding.

private SecHubFinding createCodeFinding() {
    SecHubFinding finding = createTestFinding();
    SecHubCodeCallStack codeStart = new SecHubCodeCallStack();
    codeStart.setRelevantPart("relevant-part-start");
    codeStart.setLocation("location-start");
    codeStart.setSource("source-start");
    codeStart.setSource("source-start");
    SecHubCodeCallStack codeMiddle = new SecHubCodeCallStack();
    codeMiddle.setRelevantPart("relevant-part-middle");
    SecHubCodeCallStack codeEnd = new SecHubCodeCallStack();
    codeEnd.setRelevantPart("relevant-part-end");
    codeEnd.setLocation("location-end");
    codeEnd.setSource("source-end");
    codeStart.setCalls(codeMiddle);
    codeMiddle.setCalls(codeEnd);
    finding.setCode(codeStart);
    finding.setType(ScanType.CODE_SCAN);
    return finding;
}
Also used : SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) SecHubCodeCallStack(com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack)

Aggregations

SecHubCodeCallStack (com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack)10 SecHubFinding (com.mercedesbenz.sechub.commons.model.SecHubFinding)6 Test (org.junit.jupiter.api.Test)3 ArrayList (java.util.ArrayList)2 Test (org.junit.Test)2 ScanType (com.mercedesbenz.sechub.commons.model.ScanType)1 SecHubResult (com.mercedesbenz.sechub.commons.model.SecHubResult)1 AssertSecHubResult (com.mercedesbenz.sechub.domain.scan.AssertSecHubResult)1 ReportTransformationResult (com.mercedesbenz.sechub.domain.scan.ReportTransformationResult)1 NotAcceptableException (com.mercedesbenz.sechub.sharedkernel.error.NotAcceptableException)1 List (java.util.List)1 Map (java.util.Map)1