use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class FalsePositiveMetaDataFactoryTest method web_scan_finding_transformed_to_relevant_web_metadata.
@Test
void web_scan_finding_transformed_to_relevant_web_metadata() {
SecHubFinding webScanfinding = createWebFinding();
/* execute */
FalsePositiveMetaData metaData = factoryToTest.createMetaData(webScanfinding);
/* test */
assertEquals(ScanType.WEB_SCAN, metaData.getScanType());
assertEquals(4211, metaData.getCweId());
// most times a CVE makes more sense in infrastructure scans, but maybe possible
assertEquals("CVE-4211", metaData.getCveId());
assertNull(metaData.getCode());
FalsePositiveWebMetaData web = metaData.getWeb();
assertNotNull(web);
FalsePositiveWebRequestMetaData request = web.getRequest();
assertEquals("attack-vector1", request.getAttackVector());
assertEquals("method1", request.getMethod());
assertEquals("protocol1", request.getProtocol());
assertEquals("target1", request.getTarget());
assertEquals("version1", request.getVersion());
FalsePositiveWebResponseMetaData response = web.getResponse();
assertEquals("evidence-snippet1", response.getEvidence());
assertEquals(4211, response.getStatusCode());
}
use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class AssertReport method assertFindings.
private List<SecHubFinding> assertFindings(SecHubReportData report) {
assertNotNull("Report may not be null", report);
SecHubResult result = report.getResult();
assertNotNull(result);
List<SecHubFinding> findings = result.getFindings();
assertNotNull(findings);
return findings;
}
use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class SerecoProductResultTransformerTest method one_vulnerability_as_code_in_meta_results_in_one_finding.
@Test
public void one_vulnerability_as_code_in_meta_results_in_one_finding() throws Exception {
/* prepare */
String converted = createMetaDataWithOneVulnerabilityAsCodeFound();
/* execute */
ReportTransformationResult result = transformerToTest.transform(createProductResult(converted));
/* test */
SecHubResult sechubResult = result.getResult();
for (SecHubFinding finding : sechubResult.getFindings()) {
assertEquals(ScanType.CODE_SCAN, finding.getType());
}
AssertSecHubResult.assertSecHubResult(sechubResult).hasFindings(1);
SecHubFinding finding1 = sechubResult.getFindings().get(0);
SecHubCodeCallStack code1 = finding1.getCode();
assertNotNull(code1);
assertEquals(Integer.valueOf(1), code1.getLine());
assertEquals(Integer.valueOf(2), code1.getColumn());
assertEquals("Location1", code1.getLocation());
assertEquals("source1", code1.getSource());
assertEquals("relevantPart1", code1.getRelevantPart());
SecHubCodeCallStack code2 = code1.getCalls();
assertNotNull(code2);
assertEquals(Integer.valueOf(3), code2.getLine());
assertEquals(Integer.valueOf(4), code2.getColumn());
assertEquals("Location2", code2.getLocation());
assertEquals("source2", code2.getSource());
assertEquals("relevantPart2", code2.getRelevantPart());
}
use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class AssertSecHubResult method hasFindingWithId.
public AssertSecHubFinding hasFindingWithId(int id) {
List<SecHubFinding> vulnerabilities = result.getFindings();
for (SecHubFinding v : vulnerabilities) {
if (v.getId() == id) {
return new AssertSecHubFinding(v);
}
}
fail("No Finding with ID:" + id + " found!");
return null;
}
use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.
the class HTMLScanResultReportModelBuilder method build.
public Map<String, Object> build(ScanSecHubReport report) {
TrafficLight trafficLight = report.getTrafficLight();
String styleRed = HIDE_LIGHT;
String styleYellow = HIDE_LIGHT;
String styleGreen = HIDE_LIGHT;
if (trafficLight == null) {
throw new IllegalStateException("No traffic light defined");
}
switch(trafficLight) {
case RED:
styleRed = SHOW_LIGHT;
break;
case YELLOW:
styleYellow = SHOW_LIGHT;
break;
case GREEN:
styleGreen = SHOW_LIGHT;
break;
default:
}
HtmlCodeScanDescriptionSupport codeScanSupport = new HtmlCodeScanDescriptionSupport();
SecHubResult result = report.getResult();
Map<Integer, List<HTMLScanResultCodeScanEntry>> codeScanEntries = new HashMap<>();
for (SecHubFinding finding : result.getFindings()) {
codeScanEntries.put(finding.getId(), codeScanSupport.buildEntries(finding));
}
Map<String, Object> model = new HashMap<>();
model.put("result", report.getResult());
model.put("redList", trafficLightCalculator.filterFindingsFor(result, TrafficLight.RED));
model.put("yellowList", trafficLightCalculator.filterFindingsFor(result, TrafficLight.YELLOW));
model.put("greenList", trafficLightCalculator.filterFindingsFor(result, TrafficLight.GREEN));
model.put("trafficlight", trafficLight.name());
model.put("styleRed", styleRed);
model.put("styleYellow", styleYellow);
model.put("styleGreen", styleGreen);
model.put("isWebDesignMode", webDesignMode);
model.put("codeScanEntries", codeScanEntries);
model.put("codeScanSupport", codeScanSupport);
model.put("reportHelper", HTMLReportHelper.DEFAULT);
if (webDesignMode) {
File file;
try {
if (cssResource == null) {
LOG.error("CSS resource not set:{}", cssResource);
} else {
file = cssResource.getFile();
String absolutePathToCSSFile = file.getAbsolutePath();
LOG.info("Web design mode activate, using not embedded css but ref to:{}", absolutePathToCSSFile);
model.put("includedCSSRef", absolutePathToCSSFile);
}
} catch (Exception e) {
LOG.error("Was not able get file from resource:{}", cssResource, e);
}
}
UUID jobUUID = report.getJobUUID();
if (jobUUID != null) {
model.put("jobuuid", jobUUID.toString());
} else {
model.put("jobuuid", "none");
}
return model;
}
Aggregations