Search in sources :

Example 1 with SecHubScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.

the class PDSWebScanJobScenario12IntTest method pds_web_scan_has_expected_info_finding_with_given_target_url_and_product2_level_information_and_sechub_web_config_parts.

@Test
public void pds_web_scan_has_expected_info_finding_with_given_target_url_and_product2_level_information_and_sechub_web_config_parts() {
    /* @formatter:off */
    /* prepare */
    String configurationAsJson = IntegrationTestFileSupport.getTestfileSupport().loadTestFile("sechub-integrationtest-webscanconfig-all-options.json");
    SecHubScanConfiguration configuration = SecHubScanConfiguration.createFromJSON(configurationAsJson);
    configuration.setProjectId("myTestProject");
    TestProject project = PROJECT_1;
    String targetURL = configuration.getWebScan().get().getUri().toString();
    as(SUPER_ADMIN).updateWhiteListForProject(project, Arrays.asList(targetURL));
    UUID jobUUID = as(USER_1).createJobAndReturnJobUUID(project, configuration);
    /* execute */
    as(USER_1).approveJob(project, jobUUID);
    waitForJobDone(project, jobUUID, 30, true);
    /* test */
    String sechubReport = as(USER_1).getJobReport(project, jobUUID);
    // IMPORTANT: The 'integrationtest-webscan.sh' returns the configuration file as part of the resulting report.
    // It is necessary to start a PDS and SecHub in integration mode. The web scan will be created on the
    // SecHub server and SecHub calls the PDS. The PDS in return calls the 'integrationtest-webscan.sh',
    // which produces the report.
    // 
    // Workflow:
    // This test -- sends webscan config to -> SecHub -- calls -> PDS -- calls -> 'integrationtest-webscan.sh' -- returns -> Report
    // 
    // look at 'integrationtest-webscan.sh' for implementation details
    // finding 1: contains target url and more
    // finding 2: contains sechub configuration (only web parts)
    String descriptionFinding2WithDataInside = assertReport(sechubReport).finding(0).hasSeverity(Severity.INFO).hasDescriptionContaining(// this comes from custom mandatory parameter from PDS config
    "PRODUCT2_LEVEL=4711").hasDescriptionContaining(// this is a default generated parameter which will always be sent by SecHub without being defined in PDS config!
    "PDS_SCAN_TARGET_URL=" + targetURL).finding(1).hasDescriptionContaining("PDS_SCAN_CONFIGURATION={").getDescription();
    String returndPdsScanConfigurationJSON = descriptionFinding2WithDataInside.substring("PDS_SCAN_CONFIGURATION=".length());
    /* @formatter:on */
    // the returned JSON must be a valid sechub scan configuration
    SecHubScanConfiguration returnedConfiguration = SecHubScanConfiguration.createFromJSON(returndPdsScanConfigurationJSON);
    assertEquals("ProjectId not as expected", project.getProjectId(), returnedConfiguration.getProjectId());
    assertFalse(targetURL, returnedConfiguration.getCodeScan().isPresent());
    assertFalse(targetURL, returnedConfiguration.getInfraScan().isPresent());
    assertTrue(targetURL, returnedConfiguration.getWebScan().isPresent());
    SecHubWebScanConfiguration webConfiguration = returnedConfiguration.getWebScan().get();
    assertNotNull(webConfiguration.getUri());
    assertEquals(JSONConverter.get().toJSON(configuration, true), JSONConverter.get().toJSON(returnedConfiguration, true));
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) UUID(java.util.UUID) SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration) Test(org.junit.Test)

Example 2 with SecHubScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.

the class PDSLicenseScanJobScenario13IntTest method test_the_license_scan_module__start_a_new_scan_and_run_pds_license_scan_and_download_report_via_rest.

@Test
public void test_the_license_scan_module__start_a_new_scan_and_run_pds_license_scan_and_download_report_via_rest() {
    /* prepare */
    String configurationAsJson = IntegrationTestFileSupport.getTestfileSupport().loadTestFile("sechub-integrationtest-licensescanconfig.json");
    SecHubScanConfiguration configuration = SecHubScanConfiguration.createFromJSON(configurationAsJson);
    configuration.setProjectId("myTestProject");
    TestProject project = PROJECT_1;
    UUID jobUUID = as(USER_1).createJobAndReturnJobUUID(project, configuration);
    /* execute */
    as(USER_1).uploadSourcecode(project, jobUUID, PATH).approveJob(project, jobUUID);
    waitForJobDone(project, jobUUID, 30, true);
    /* test */
    String spdxReport = as(USER_1).getSpdxReport(project, jobUUID);
    /* @formatter:off */
    assertTrue(spdxReport.contains("  \"packages\": [\n" + "    {\n" + "      \"packageName\": \"go1.16.4.linux-amd64\",\n" + "      \"SPDXID\": \"SPDXRef-golang-dist\",\n" + "      \"downloadLocation\": \"https://golang.org/dl/go1.16.4.linux-amd64.tar.gz\",\n" + "      \"packageVersion\": \"1.16.4\",\n" + "      \"filesAnalyzed\": \"false\",\n" + "      \"checksums\": [\n" + "        {\n" + "          \"algorithm\": \"SHA256\",\n" + "          \"checksumValue\": \"7154e88f5a8047aad4b80ebace58a059e36e7e2e4eb3b383127a28c711b4ff59\"\n" + "        }\n" + "      ],\n" + "      \"packageLicenseConcluded\": \"NOASSERTION\",\n" + "      \"packageLicenseDeclared\": \"LicenseRef-Golang-BSD-plus-Patents\",\n" + "      \"packageCopyrightText\": \"Copyright (c) 2009 The Go Authors. All rights reserved.\"\n" + "    }"));
/* @formatter:on */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) UUID(java.util.UUID) SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration) Test(org.junit.Test)

Example 3 with SecHubScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.

the class PDSJobConfigurationSupportTest method resolve_sechub_model_returns_model_when_parameter_defined.

@Test
void resolve_sechub_model_returns_model_when_parameter_defined() {
    /* prepare */
    SecHubScanConfiguration config = new SecHubScanConfiguration();
    config.setProjectId("a-cool-project-id");
    String json = config.toJSON();
    addParameter(PDSDefaultParameterKeyConstants.PARAM_KEY_PDS_SCAN_CONFIGURATION, json);
    /* execute */
    SecHubConfigurationModel model = supportToTest.resolveSecHubConfigurationModel();
    /* test */
    assertNotNull(model);
    assertEquals("a-cool-project-id", model.getProjectId());
}
Also used : SecHubConfigurationModel(com.mercedesbenz.sechub.commons.model.SecHubConfigurationModel) SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration) Test(org.junit.jupiter.api.Test)

Example 4 with SecHubScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.

the class SecHubWebScanConfigurationHelperTest method determines_AuthenticationType_sechub_config_has_basic_auth.

@Test
void determines_AuthenticationType_sechub_config_has_basic_auth() {
    /* prepare */
    File file = new File("src/test/resources/sechub-config-examples/basic-auth.json");
    String sechubConfigJSON = TestFileReader.loadTextFile(file);
    SecHubScanConfiguration sechubConfig = SecHubScanConfiguration.createFromJSON(sechubConfigJSON);
    SecHubWebScanConfiguration secHubWebScanConfiguration = sechubConfig.getWebScan().get();
    /* execute */
    AuthenticationType authenticationType = helperToTest.determineAuthenticationType(secHubWebScanConfiguration);
    /* test */
    assertEquals(authenticationType, AuthenticationType.HTTP_BASIC_AUTHENTICATION);
}
Also used : SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) File(java.io.File) SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration) AuthenticationType(com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType) Test(org.junit.jupiter.api.Test)

Example 5 with SecHubScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration in project sechub by mercedes-benz.

the class SechubWebConfigProvider method getSecHubWebConfiguration.

public SecHubWebScanConfiguration getSecHubWebConfiguration(File secHubConfigFile) {
    TextFileReader fileReader = new TextFileReader();
    if (secHubConfigFile == null) {
        // can happen when an unauthenticated scan is started with only the target URL
        return new SecHubWebScanConfiguration();
    }
    String sechubConfigJson;
    SecHubScanConfiguration sechubConfig;
    try {
        sechubConfigJson = fileReader.loadTextFile(secHubConfigFile);
        sechubConfig = SecHubScanConfiguration.createFromJSON(sechubConfigJson);
    } catch (IOException e) {
        throw new MustExitRuntimeException("Was not able to read sechub config file: " + secHubConfigFile, e, MustExitCode.SECHUB_CONFIGURATION_INVALID);
    }
    return getSecHubWebConfiguration(sechubConfig);
}
Also used : SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) MustExitRuntimeException(com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException) IOException(java.io.IOException) SecHubScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration) TextFileReader(com.mercedesbenz.sechub.commons.TextFileReader)

Aggregations

SecHubScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration)5 SecHubWebScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration)3 TestProject (com.mercedesbenz.sechub.integrationtest.api.TestProject)2 UUID (java.util.UUID)2 Test (org.junit.Test)2 Test (org.junit.jupiter.api.Test)2 TextFileReader (com.mercedesbenz.sechub.commons.TextFileReader)1 SecHubConfigurationModel (com.mercedesbenz.sechub.commons.model.SecHubConfigurationModel)1 MustExitRuntimeException (com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException)1 AuthenticationType (com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType)1 File (java.io.File)1 IOException (java.io.IOException)1