use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class AssertCalculation method isFilteringFindingsTo.
public AssertCalculation isFilteringFindingsTo(TrafficLight wanted, SecHubFinding... findings) {
List<SecHubFinding> filtered = calculator.filterFindingsFor(currentResult.getResult(), wanted);
// never null!
assertNotNull(filtered);
for (SecHubFinding finding : findings) {
// just same object. equals not custom implemented
assertTrue("Finding missing:" + finding, filtered.contains(finding));
}
assertEquals(findings.length, filtered.size());
return this;
}
use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class ScanSecHubReportTest method scanreport_result_by_report_model_does_not_recalculates_traffic_light_but_uses_report_traffic_light.
@Test
void scanreport_result_by_report_model_does_not_recalculates_traffic_light_but_uses_report_traffic_light() {
/* prepare */
SecHubResult result = new SecHubResult();
SecHubFinding finding = new SecHubFinding();
finding.setName("finding1");
finding.setSeverity(Severity.CRITICAL);
result.getFindings().add(finding);
ScanReport report = new ScanReport();
report.setResult(result.toJSON());
report.setTrafficLight(TrafficLight.GREEN);
report.setResultType(ScanReportResultType.MODEL);
/* execute */
ScanSecHubReport createdReport = new ScanSecHubReport(report);
// now we also check if the JSON deserialization /serialization works as
// expected
String json = createdReport.toJSON();
ScanSecHubReport reportToTest = ScanSecHubReport.fromJSONString(json);
/* test */
assertEquals(TrafficLight.GREEN, reportToTest.getTrafficLight());
}
use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class ScanSecHubReportTest method scanreport_result_recaclulates_count.
@Test
void scanreport_result_recaclulates_count() {
/* prepare */
SecHubResult result = new SecHubResult();
SecHubFinding finding1 = new SecHubFinding();
finding1.setName("finding1");
SecHubFinding finding2 = new SecHubFinding();
finding2.setName("finding2");
List<SecHubFinding> findings = result.getFindings();
findings.add(finding1);
findings.add(finding2);
result.setCount(1000);
ScanReport report = new ScanReport();
report.setResult(result.toJSON());
/* execute */
ScanSecHubReport reportToTest = new ScanSecHubReport(report);
/* test */
assertEquals(2, reportToTest.getResult().getCount());
}
use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class ScanSecHubReportTest method scanreport_result_with_report_containing_sechub_result_init_and_json_parts_work.
@Test
void scanreport_result_with_report_containing_sechub_result_init_and_json_parts_work() {
/* prepare */
SecHubResult result = new SecHubResult();
SecHubFinding finding = new SecHubFinding();
finding.setName("finding1");
result.getFindings().add(finding);
ScanReport report = new ScanReport();
report.setResult(result.toJSON());
report.setTrafficLight(TrafficLight.YELLOW);
report.setResultType(ScanReportResultType.RESULT);
/* execute */
ScanSecHubReport createdReport = new ScanSecHubReport(report);
// now we also check if the JSON deserialization /serialization works as
// expected
String json = createdReport.toJSON();
ScanSecHubReport reportToTest = ScanSecHubReport.fromJSONString(json);
/* test */
// no status available from simple result, expecting OK
assertEquals(SecHubStatus.SUCCESS, reportToTest.getStatus());
assertEquals(TrafficLight.YELLOW, reportToTest.getTrafficLight());
assertEquals(0, reportToTest.getMessages().size());
assertEquals(1, reportToTest.getResult().getFindings().size());
assertEquals(1, reportToTest.getResult().getCount());
}
use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class FalsePositiveMetaDataFactoryTest method code_scan_finding_transformed_to_relevant_code_metadata.
@Test
void code_scan_finding_transformed_to_relevant_code_metadata() {
SecHubFinding codeScanfinding = createCodeFinding();
/* execute */
FalsePositiveMetaData metaData = factoryToTest.createMetaData(codeScanfinding);
/* test */
assertEquals(4211, metaData.getCweId());
// we do not expect a CVE id here, even when set in report
assertNull(metaData.getCveId());
assertEquals(ScanType.CODE_SCAN, metaData.getScanType());
assertNull(metaData.getWeb());
FalsePositiveCodeMetaData code = metaData.getCode();
assertNotNull(code);
// relevant code snippets and call hierarchy check:
FalsePositiveCodePartMetaData start = code.getStart();
assertEquals("relevant-part-start", start.getRelevantPart());
assertEquals("location-start", start.getLocation());
assertEquals("source-start", start.getSourceCode());
FalsePositiveCodePartMetaData end = code.getEnd();
assertEquals("relevant-part-end", end.getRelevantPart());
assertEquals("location-end", end.getLocation());
assertEquals("source-end", end.getSourceCode());
}
Aggregations