Examples with SecHubFinding com.mercedesbenz.sechub.commons.model.SecHubFinding used on opensource projects

Example 1 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class AssertCalculation method isFilteringFindingsTo.

public AssertCalculation isFilteringFindingsTo(TrafficLight wanted, SecHubFinding... findings) {
    List<SecHubFinding> filtered = calculator.filterFindingsFor(currentResult.getResult(), wanted);
    // never null!
    assertNotNull(filtered);
    for (SecHubFinding finding : findings) {
        // just same object. equals not custom implemented
        assertTrue("Finding missing:" + finding, filtered.contains(finding));
    }
    assertEquals(findings.length, filtered.size());
    return this;
}

Example 2 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class ScanSecHubReportTest method scanreport_result_by_report_model_does_not_recalculates_traffic_light_but_uses_report_traffic_light.

@Test
void scanreport_result_by_report_model_does_not_recalculates_traffic_light_but_uses_report_traffic_light() {
    /* prepare */
    SecHubResult result = new SecHubResult();
    SecHubFinding finding = new SecHubFinding();
    finding.setName("finding1");
    finding.setSeverity(Severity.CRITICAL);
    result.getFindings().add(finding);
    ScanReport report = new ScanReport();
    report.setResult(result.toJSON());
    report.setTrafficLight(TrafficLight.GREEN);
    report.setResultType(ScanReportResultType.MODEL);
    /* execute */
    ScanSecHubReport createdReport = new ScanSecHubReport(report);
    // now we also check if the JSON deserialization /serialization works as
    // expected
    String json = createdReport.toJSON();
    ScanSecHubReport reportToTest = ScanSecHubReport.fromJSONString(json);
    /* test */
    assertEquals(TrafficLight.GREEN, reportToTest.getTrafficLight());
}

Example 3 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class ScanSecHubReportTest method scanreport_result_recaclulates_count.

@Test
void scanreport_result_recaclulates_count() {
    /* prepare */
    SecHubResult result = new SecHubResult();
    SecHubFinding finding1 = new SecHubFinding();
    finding1.setName("finding1");
    SecHubFinding finding2 = new SecHubFinding();
    finding2.setName("finding2");
    List<SecHubFinding> findings = result.getFindings();
    findings.add(finding1);
    findings.add(finding2);
    result.setCount(1000);
    ScanReport report = new ScanReport();
    report.setResult(result.toJSON());
    /* execute */
    ScanSecHubReport reportToTest = new ScanSecHubReport(report);
    /* test */
    assertEquals(2, reportToTest.getResult().getCount());
}

Example 4 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class ScanSecHubReportTest method scanreport_result_with_report_containing_sechub_result_init_and_json_parts_work.

@Test
void scanreport_result_with_report_containing_sechub_result_init_and_json_parts_work() {
    /* prepare */
    SecHubResult result = new SecHubResult();
    SecHubFinding finding = new SecHubFinding();
    finding.setName("finding1");
    result.getFindings().add(finding);
    ScanReport report = new ScanReport();
    report.setResult(result.toJSON());
    report.setTrafficLight(TrafficLight.YELLOW);
    report.setResultType(ScanReportResultType.RESULT);
    /* execute */
    ScanSecHubReport createdReport = new ScanSecHubReport(report);
    // now we also check if the JSON deserialization /serialization works as
    // expected
    String json = createdReport.toJSON();
    ScanSecHubReport reportToTest = ScanSecHubReport.fromJSONString(json);
    /* test */
    // no status available from simple result, expecting OK
    assertEquals(SecHubStatus.SUCCESS, reportToTest.getStatus());
    assertEquals(TrafficLight.YELLOW, reportToTest.getTrafficLight());
    assertEquals(0, reportToTest.getMessages().size());
    assertEquals(1, reportToTest.getResult().getFindings().size());
    assertEquals(1, reportToTest.getResult().getCount());
}

Example 5 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class FalsePositiveMetaDataFactoryTest method code_scan_finding_transformed_to_relevant_code_metadata.

@Test
void code_scan_finding_transformed_to_relevant_code_metadata() {
    SecHubFinding codeScanfinding = createCodeFinding();
    /* execute */
    FalsePositiveMetaData metaData = factoryToTest.createMetaData(codeScanfinding);
    /* test */
    assertEquals(4211, metaData.getCweId());
    // we do not expect a CVE id here, even when set in report
    assertNull(metaData.getCveId());
    assertEquals(ScanType.CODE_SCAN, metaData.getScanType());
    assertNull(metaData.getWeb());
    FalsePositiveCodeMetaData code = metaData.getCode();
    assertNotNull(code);
    // relevant code snippets and call hierarchy check:
    FalsePositiveCodePartMetaData start = code.getStart();
    assertEquals("relevant-part-start", start.getRelevantPart());
    assertEquals("location-start", start.getLocation());
    assertEquals("source-start", start.getSourceCode());
    FalsePositiveCodePartMetaData end = code.getEnd();
    assertEquals("relevant-part-end", end.getRelevantPart());
    assertEquals("location-end", end.getLocation());
    assertEquals("source-end", end.getSourceCode());
}