Example 1 with SecHubScanConfiguration
use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.
the class PDSWebScanJobScenario12IntTest method pds_web_scan_has_expected_info_finding_with_given_target_url_and_product2_level_information_and_sechub_web_config_parts.
@Test
public void pds_web_scan_has_expected_info_finding_with_given_target_url_and_product2_level_information_and_sechub_web_config_parts() {
/* @formatter:off */
/* prepare */
String configurationAsJson = IntegrationTestFileSupport.getTestfileSupport().loadTestFile("sechub-integrationtest-webscanconfig-all-options.json");
SecHubScanConfiguration configuration = SecHubScanConfiguration.createFromJSON(configurationAsJson);
configuration.setProjectId("myTestProject");
TestProject project = PROJECT_1;
String targetURL = configuration.getWebScan().get().getUri().toString();
as(SUPER_ADMIN).updateWhiteListForProject(project, Arrays.asList(targetURL));
UUID jobUUID = as(USER_1).createJobAndReturnJobUUID(project, configuration);
/* execute */
as(USER_1).approveJob(project, jobUUID);
waitForJobDone(project, jobUUID, 30, true);
/* test */
String sechubReport = as(USER_1).getJobReport(project, jobUUID);
// IMPORTANT: The 'integrationtest-webscan.sh' returns the configuration file as part of the resulting report.
// It is necessary to start a PDS and SecHub in integration mode. The web scan will be created on the
// SecHub server and SecHub calls the PDS. The PDS in return calls the 'integrationtest-webscan.sh',
// which produces the report.
//
// Workflow:
// This test -- sends webscan config to -> SecHub -- calls -> PDS -- calls -> 'integrationtest-webscan.sh' -- returns -> Report
//
// look at 'integrationtest-webscan.sh' for implementation details
// finding 1: contains target url and more
// finding 2: contains sechub configuration (only web parts)
String descriptionFinding2WithDataInside = assertReport(sechubReport).finding(0).hasSeverity(Severity.INFO).hasDescriptionContaining(// this comes from custom mandatory parameter from PDS config
"PRODUCT2_LEVEL=4711").hasDescriptionContaining(// this is a default generated parameter which will always be sent by SecHub without being defined in PDS config!
"PDS_SCAN_TARGET_URL=" + targetURL).finding(1).hasDescriptionContaining("PDS_SCAN_CONFIGURATION={").getDescription();
String returndPdsScanConfigurationJSON = descriptionFinding2WithDataInside.substring("PDS_SCAN_CONFIGURATION=".length());
/* @formatter:on */
// the returned JSON must be a valid sechub scan configuration
SecHubScanConfiguration returnedConfiguration = SecHubScanConfiguration.createFromJSON(returndPdsScanConfigurationJSON);
assertEquals("ProjectId not as expected", project.getProjectId(), returnedConfiguration.getProjectId());
assertFalse(targetURL, returnedConfiguration.getCodeScan().isPresent());
assertFalse(targetURL, returnedConfiguration.getInfraScan().isPresent());
assertTrue(targetURL, returnedConfiguration.getWebScan().isPresent());
SecHubWebScanConfiguration webConfiguration = returnedConfiguration.getWebScan().get();
assertNotNull(webConfiguration.getUri());
assertEquals(JSONConverter.get().toJSON(configuration, true), JSONConverter.get().toJSON(returnedConfiguration, true));
}
Also used :
TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject)
SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration)
UUID(java.util.UUID)
SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration)
Test(org.junit.Test)
Example 2 with SecHubScanConfiguration
use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.
the class PDSLicenseScanJobScenario13IntTest method test_the_license_scan_module__start_a_new_scan_and_run_pds_license_scan_and_download_report_via_rest.
@Test
public void test_the_license_scan_module__start_a_new_scan_and_run_pds_license_scan_and_download_report_via_rest() {
/* prepare */
String configurationAsJson = IntegrationTestFileSupport.getTestfileSupport().loadTestFile("sechub-integrationtest-licensescanconfig.json");
SecHubScanConfiguration configuration = SecHubScanConfiguration.createFromJSON(configurationAsJson);
configuration.setProjectId("myTestProject");
TestProject project = PROJECT_1;
UUID jobUUID = as(USER_1).createJobAndReturnJobUUID(project, configuration);
/* execute */
as(USER_1).uploadSourcecode(project, jobUUID, PATH).approveJob(project, jobUUID);
waitForJobDone(project, jobUUID, 30, true);
/* test */
String spdxReport = as(USER_1).getSpdxReport(project, jobUUID);
/* @formatter:off */
assertTrue(spdxReport.contains(" \"packages\": [\n" + " {\n" + " \"packageName\": \"go1.16.4.linux-amd64\",\n" + " \"SPDXID\": \"SPDXRef-golang-dist\",\n" + " \"downloadLocation\": \"https://golang.org/dl/go1.16.4.linux-amd64.tar.gz\",\n" + " \"packageVersion\": \"1.16.4\",\n" + " \"filesAnalyzed\": \"false\",\n" + " \"checksums\": [\n" + " {\n" + " \"algorithm\": \"SHA256\",\n" + " \"checksumValue\": \"7154e88f5a8047aad4b80ebace58a059e36e7e2e4eb3b383127a28c711b4ff59\"\n" + " }\n" + " ],\n" + " \"packageLicenseConcluded\": \"NOASSERTION\",\n" + " \"packageLicenseDeclared\": \"LicenseRef-Golang-BSD-plus-Patents\",\n" + " \"packageCopyrightText\": \"Copyright (c) 2009 The Go Authors. All rights reserved.\"\n" + " }"));
/* @formatter:on */
}
Also used :
TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject)
UUID(java.util.UUID)
SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration)
Test(org.junit.Test)
Example 3 with SecHubScanConfiguration
use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.
the class PDSJobConfigurationSupportTest method resolve_sechub_model_returns_model_when_parameter_defined.
@Test
void resolve_sechub_model_returns_model_when_parameter_defined() {
/* prepare */
SecHubScanConfiguration config = new SecHubScanConfiguration();
config.setProjectId("a-cool-project-id");
String json = config.toJSON();
addParameter(PDSDefaultParameterKeyConstants.PARAM_KEY_PDS_SCAN_CONFIGURATION, json);
/* execute */
SecHubConfigurationModel model = supportToTest.resolveSecHubConfigurationModel();
/* test */
assertNotNull(model);
assertEquals("a-cool-project-id", model.getProjectId());
}
Also used :
SecHubConfigurationModel(com.mercedesbenz.sechub.commons.model.SecHubConfigurationModel)
SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration)
Test(org.junit.jupiter.api.Test)
Example 4 with SecHubScanConfiguration
use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.
the class SecHubWebScanConfigurationHelperTest method determines_AuthenticationType_sechub_config_has_basic_auth.
@Test
void determines_AuthenticationType_sechub_config_has_basic_auth() {
/* prepare */
File file = new File("src/test/resources/sechub-config-examples/basic-auth.json");
String sechubConfigJSON = TestFileReader.loadTextFile(file);
SecHubScanConfiguration sechubConfig = SecHubScanConfiguration.createFromJSON(sechubConfigJSON);
SecHubWebScanConfiguration secHubWebScanConfiguration = sechubConfig.getWebScan().get();
/* execute */
AuthenticationType authenticationType = helperToTest.determineAuthenticationType(secHubWebScanConfiguration);
/* test */
assertEquals(authenticationType, AuthenticationType.HTTP_BASIC_AUTHENTICATION);
}
Also used :
SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration)
File(java.io.File)
SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration)
AuthenticationType(com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType)
Test(org.junit.jupiter.api.Test)
Example 5 with SecHubScanConfiguration
use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.
the class SechubWebConfigProvider method getSecHubWebConfiguration.
public SecHubWebScanConfiguration getSecHubWebConfiguration(File secHubConfigFile) {
TextFileReader fileReader = new TextFileReader();
if (secHubConfigFile == null) {
// can happen when an unauthenticated scan is started with only the target URL
return new SecHubWebScanConfiguration();
}
String sechubConfigJson;
SecHubScanConfiguration sechubConfig;
try {
sechubConfigJson = fileReader.loadTextFile(secHubConfigFile);
sechubConfig = SecHubScanConfiguration.createFromJSON(sechubConfigJson);
} catch (IOException e) {
throw new MustExitRuntimeException("Was not able to read sechub config file: " + secHubConfigFile, e, MustExitCode.SECHUB_CONFIGURATION_INVALID);
}
return getSecHubWebConfiguration(sechubConfig);
}
Also used :
SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration)
MustExitRuntimeException(com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException)
IOException(java.io.IOException)
SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration)
TextFileReader(com.mercedesbenz.sechub.commons.TextFileReader)
Aggregations
SecHubScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration)5
SecHubWebScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration)3
TestProject (com.mercedesbenz.sechub.integrationtest.api.TestProject)2
UUID (java.util.UUID)2
Test (org.junit.Test)2
Test (org.junit.jupiter.api.Test)2
TextFileReader (com.mercedesbenz.sechub.commons.TextFileReader)1
SecHubConfigurationModel (com.mercedesbenz.sechub.commons.model.SecHubConfigurationModel)1
MustExitRuntimeException (com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException)1
AuthenticationType (com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType)1
File (java.io.File)1
IOException (java.io.IOException)1
