Search in sources :

Example 6 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class FalsePositiveMetaDataFactoryTest method web_scan_finding_transformed_to_relevant_web_metadata.

@Test
void web_scan_finding_transformed_to_relevant_web_metadata() {
    SecHubFinding webScanfinding = createWebFinding();
    /* execute */
    FalsePositiveMetaData metaData = factoryToTest.createMetaData(webScanfinding);
    /* test */
    assertEquals(ScanType.WEB_SCAN, metaData.getScanType());
    assertEquals(4211, metaData.getCweId());
    // most times a CVE makes more sense in infrastructure scans, but maybe possible
    assertEquals("CVE-4211", metaData.getCveId());
    assertNull(metaData.getCode());
    FalsePositiveWebMetaData web = metaData.getWeb();
    assertNotNull(web);
    FalsePositiveWebRequestMetaData request = web.getRequest();
    assertEquals("attack-vector1", request.getAttackVector());
    assertEquals("method1", request.getMethod());
    assertEquals("protocol1", request.getProtocol());
    assertEquals("target1", request.getTarget());
    assertEquals("version1", request.getVersion());
    FalsePositiveWebResponseMetaData response = web.getResponse();
    assertEquals("evidence-snippet1", response.getEvidence());
    assertEquals(4211, response.getStatusCode());
}
Also used : SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) Test(org.junit.jupiter.api.Test)

Example 7 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class AssertReport method assertFindings.

private List<SecHubFinding> assertFindings(SecHubReportData report) {
    assertNotNull("Report may not be null", report);
    SecHubResult result = report.getResult();
    assertNotNull(result);
    List<SecHubFinding> findings = result.getFindings();
    assertNotNull(findings);
    return findings;
}
Also used : SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) SecHubResult(com.mercedesbenz.sechub.commons.model.SecHubResult)

Example 8 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class SerecoProductResultTransformerTest method one_vulnerability_as_code_in_meta_results_in_one_finding.

@Test
public void one_vulnerability_as_code_in_meta_results_in_one_finding() throws Exception {
    /* prepare */
    String converted = createMetaDataWithOneVulnerabilityAsCodeFound();
    /* execute */
    ReportTransformationResult result = transformerToTest.transform(createProductResult(converted));
    /* test */
    SecHubResult sechubResult = result.getResult();
    for (SecHubFinding finding : sechubResult.getFindings()) {
        assertEquals(ScanType.CODE_SCAN, finding.getType());
    }
    AssertSecHubResult.assertSecHubResult(sechubResult).hasFindings(1);
    SecHubFinding finding1 = sechubResult.getFindings().get(0);
    SecHubCodeCallStack code1 = finding1.getCode();
    assertNotNull(code1);
    assertEquals(Integer.valueOf(1), code1.getLine());
    assertEquals(Integer.valueOf(2), code1.getColumn());
    assertEquals("Location1", code1.getLocation());
    assertEquals("source1", code1.getSource());
    assertEquals("relevantPart1", code1.getRelevantPart());
    SecHubCodeCallStack code2 = code1.getCalls();
    assertNotNull(code2);
    assertEquals(Integer.valueOf(3), code2.getLine());
    assertEquals(Integer.valueOf(4), code2.getColumn());
    assertEquals("Location2", code2.getLocation());
    assertEquals("source2", code2.getSource());
    assertEquals("relevantPart2", code2.getRelevantPart());
}
Also used : SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) ReportTransformationResult(com.mercedesbenz.sechub.domain.scan.ReportTransformationResult) AssertSecHubResult(com.mercedesbenz.sechub.domain.scan.AssertSecHubResult) SecHubResult(com.mercedesbenz.sechub.commons.model.SecHubResult) SecHubCodeCallStack(com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack) Test(org.junit.Test)

Example 9 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class AssertSecHubResult method hasFindingWithId.

public AssertSecHubFinding hasFindingWithId(int id) {
    List<SecHubFinding> vulnerabilities = result.getFindings();
    for (SecHubFinding v : vulnerabilities) {
        if (v.getId() == id) {
            return new AssertSecHubFinding(v);
        }
    }
    fail("No Finding with ID:" + id + " found!");
    return null;
}
Also used : SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding)

Example 10 with SecHubFinding

use of com.mercedesbenz.sechub.commons.model.SecHubFinding in project sechub by mercedes-benz.

the class HTMLScanResultReportModelBuilder method build.

public Map<String, Object> build(ScanSecHubReport report) {
    TrafficLight trafficLight = report.getTrafficLight();
    String styleRed = HIDE_LIGHT;
    String styleYellow = HIDE_LIGHT;
    String styleGreen = HIDE_LIGHT;
    if (trafficLight == null) {
        throw new IllegalStateException("No traffic light defined");
    }
    switch(trafficLight) {
        case RED:
            styleRed = SHOW_LIGHT;
            break;
        case YELLOW:
            styleYellow = SHOW_LIGHT;
            break;
        case GREEN:
            styleGreen = SHOW_LIGHT;
            break;
        default:
    }
    HtmlCodeScanDescriptionSupport codeScanSupport = new HtmlCodeScanDescriptionSupport();
    SecHubResult result = report.getResult();
    Map<Integer, List<HTMLScanResultCodeScanEntry>> codeScanEntries = new HashMap<>();
    for (SecHubFinding finding : result.getFindings()) {
        codeScanEntries.put(finding.getId(), codeScanSupport.buildEntries(finding));
    }
    Map<String, Object> model = new HashMap<>();
    model.put("result", report.getResult());
    model.put("redList", trafficLightCalculator.filterFindingsFor(result, TrafficLight.RED));
    model.put("yellowList", trafficLightCalculator.filterFindingsFor(result, TrafficLight.YELLOW));
    model.put("greenList", trafficLightCalculator.filterFindingsFor(result, TrafficLight.GREEN));
    model.put("trafficlight", trafficLight.name());
    model.put("styleRed", styleRed);
    model.put("styleYellow", styleYellow);
    model.put("styleGreen", styleGreen);
    model.put("isWebDesignMode", webDesignMode);
    model.put("codeScanEntries", codeScanEntries);
    model.put("codeScanSupport", codeScanSupport);
    model.put("reportHelper", HTMLReportHelper.DEFAULT);
    if (webDesignMode) {
        File file;
        try {
            if (cssResource == null) {
                LOG.error("CSS resource not set:{}", cssResource);
            } else {
                file = cssResource.getFile();
                String absolutePathToCSSFile = file.getAbsolutePath();
                LOG.info("Web design mode activate, using not embedded css but ref to:{}", absolutePathToCSSFile);
                model.put("includedCSSRef", absolutePathToCSSFile);
            }
        } catch (Exception e) {
            LOG.error("Was not able get file from resource:{}", cssResource, e);
        }
    }
    UUID jobUUID = report.getJobUUID();
    if (jobUUID != null) {
        model.put("jobuuid", jobUUID.toString());
    } else {
        model.put("jobuuid", "none");
    }
    return model;
}
Also used : HashMap(java.util.HashMap) SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) TrafficLight(com.mercedesbenz.sechub.commons.model.TrafficLight) SecHubResult(com.mercedesbenz.sechub.commons.model.SecHubResult) List(java.util.List) UUID(java.util.UUID) File(java.io.File)

Aggregations

SecHubFinding (com.mercedesbenz.sechub.commons.model.SecHubFinding)29 Test (org.junit.jupiter.api.Test)12 SecHubResult (com.mercedesbenz.sechub.commons.model.SecHubResult)8 SecHubCodeCallStack (com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack)6 Test (org.junit.Test)6 ReportTransformationResult (com.mercedesbenz.sechub.domain.scan.ReportTransformationResult)3 SecHubReportModel (com.mercedesbenz.sechub.commons.model.SecHubReportModel)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 List (java.util.List)2 UUID (java.util.UUID)2 ScanType (com.mercedesbenz.sechub.commons.model.ScanType)1 SecHubMessage (com.mercedesbenz.sechub.commons.model.SecHubMessage)1 Severity (com.mercedesbenz.sechub.commons.model.Severity)1 TrafficLight (com.mercedesbenz.sechub.commons.model.TrafficLight)1 SecHubReportWeb (com.mercedesbenz.sechub.commons.model.web.SecHubReportWeb)1 SecHubReportWebEvidence (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence)1 SecHubReportWebRequest (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebRequest)1 SecHubReportWebResponse (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebResponse)1 AssertSecHubResult (com.mercedesbenz.sechub.domain.scan.AssertSecHubResult)1