use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.
the class SecHubConfigurationTest method webscan_login_form_script_json_has_webconfig_as_expected.
@Test
public void webscan_login_form_script_json_has_webconfig_as_expected() throws Exception {
/* prepare */
String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_login_form_script.json");
/* execute */
SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
/* test */
Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
assertTrue("webscan config must be present", webScanOption.isPresent());
SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
assertTrue("login config must be present", loginOption.isPresent());
WebLoginConfiguration loginConfiguration = loginOption.get();
assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
assertFalse("basic login config must NOT be present", basic.isPresent());
/*-- form --*/
Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
assertTrue("form login config must be present", form.isPresent());
/*-- form: script --*/
Optional<Script> script = form.get().getScript();
assertTrue("script config must be present", script.isPresent());
Optional<List<Page>> pages = script.get().getPages();
assertTrue("pages must be present", pages.isPresent());
assertEquals("must have 1 pages", 1, pages.get().size());
/*-- page 1 --*/
Optional<List<Action>> page1 = pages.get().get(0).getActions();
assertTrue("actions must be present", page1.isPresent());
assertEquals("must have 3 action entries", 3, page1.get().size());
Action action1 = page1.get().get(0);
Action action2 = page1.get().get(1);
Action action3 = page1.get().get(2);
assertEquals(ActionType.USERNAME, action1.getType());
assertEquals("#example_login_userid", action1.getSelector().get());
assertEquals("user2", action1.getValue().get());
assertEquals(ActionType.PASSWORD, action2.getType());
assertEquals("#example_login_pwd", action2.getSelector().get());
assertEquals("pwd2", action2.getValue().get());
assertEquals(ActionType.CLICK, action3.getType());
assertEquals("#example_login_login_button", action3.getSelector().get());
}
use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.
the class SecHubConfigurationTest method webscan_alloptions_json_has_webconfig_with_all_examples.
@Test
public void webscan_alloptions_json_has_webconfig_with_all_examples() throws Exception {
/* prepare */
String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_alloptions.json");
/* execute */
SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
/* test */
Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
assertTrue("webscan config must be present", webScanOption.isPresent());
SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
assertEquals(URI.create("https://productfailure.demo.example.org"), secHubWebScanConfiguration.getUri());
Optional<List<String>> includes = secHubWebScanConfiguration.getIncludes();
assertTrue("includes must be present", includes.isPresent());
List<String> expectedIncludes = Arrays.asList("/portal/admin", "/abc.html", "/hidden");
assertEquals(expectedIncludes, includes.get());
Optional<List<String>> excludes = secHubWebScanConfiguration.getExcludes();
assertTrue("excludes must be present", excludes.isPresent());
List<String> expectedExcludes = Arrays.asList("/public/media", "/contact.html", "/static");
assertEquals(expectedExcludes, excludes.get());
Optional<WebScanDurationConfiguration> maxScanDuration = secHubWebScanConfiguration.getMaxScanDuration();
assertTrue("max san duration config must be present", maxScanDuration.isPresent());
assertEquals(2, maxScanDuration.get().getDuration());
assertEquals(SecHubTimeUnit.HOUR, maxScanDuration.get().getUnit());
Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
assertTrue("login config must be present", loginOption.isPresent());
WebLoginConfiguration loginConfiguration = loginOption.get();
assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
/*-- basic --*/
Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
assertTrue("basic login config must be present", basic.isPresent());
assertEquals("realm0", basic.get().getRealm().get());
assertEquals("user0", new String(basic.get().getUser()));
assertEquals("pwd0", new String(basic.get().getPassword()));
/*-- form --*/
Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
assertTrue("form login config must be present", form.isPresent());
/*-- form : script --*/
Optional<Script> script = form.get().getScript();
assertTrue("script config must be present", script.isPresent());
Optional<List<Page>> pages = script.get().getPages();
assertTrue("pages must be present", pages.isPresent());
assertEquals("must have 2 pages", 2, pages.get().size());
/*-- page 1 --*/
Optional<List<Action>> page1 = pages.get().get(0).getActions();
assertTrue("actions must be present", page1.isPresent());
assertEquals("must have 2 action entries", 2, page1.get().size());
Action action1 = page1.get().get(0);
Action action2 = page1.get().get(1);
assertEquals(ActionType.USERNAME, action1.getType());
assertEquals("#example_login_userid", action1.getSelector().get());
assertEquals("user2", action1.getValue().get());
assertEquals("This is an example description", action1.getDescription().get());
assertEquals(ActionType.CLICK, action2.getType());
assertEquals("#next_button", action2.getSelector().get());
assertEquals("Click the next button to go to the password field", action2.getDescription().get());
/*-- page 2 --*/
Optional<List<Action>> page2 = pages.get().get(1).getActions();
assertTrue("actions must be present", page2.isPresent());
assertEquals("must have 4 action entries", 4, page2.get().size());
Action action3 = page2.get().get(0);
Action action4 = page2.get().get(1);
Action action5 = page2.get().get(2);
Action action6 = page2.get().get(3);
assertEquals(ActionType.WAIT, action3.getType());
assertEquals("3200", action3.getValue().get());
assertEquals(SecHubTimeUnit.MILLISECOND, action3.getUnit().get());
assertEquals(ActionType.INPUT, action4.getType());
assertEquals("#email_field", action4.getSelector().get());
assertEquals("user@example.org", action4.getValue().get());
assertEquals("The user's email address.", action4.getDescription().get());
assertEquals(ActionType.PASSWORD, action5.getType());
assertEquals("#example_login_pwd", action5.getSelector().get());
assertEquals("pwd2", action5.getValue().get());
assertEquals(ActionType.CLICK, action6.getType());
assertEquals("#example_login_login_button", action6.getSelector().get());
}
use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.
the class OwaspZapScanConfigurationFactoryTest method authentication_type_from_config_is_in_result.
@Test
void authentication_type_from_config_is_in_result() {
/* prepare */
CommandLineSettings settings = createSettingsMockWithNecessaryParts();
SecHubWebScanConfiguration config = simulateProvidedSecHubConfiguration(settings);
AuthenticationType type = AuthenticationType.FORM_BASED_AUTHENTICATION;
when(sechubWebConfigHelper.determineAuthenticationType(config)).thenReturn(type);
/* execute */
OwaspZapScanConfiguration result = factoryToTest.create(settings);
/* test */
assertEquals(result.getAuthenticationType(), type);
}
use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.
the class OwaspZapScanConfigurationFactoryTest method configuration_returned_by_provider_is_inside_result.
@Test
void configuration_returned_by_provider_is_inside_result() {
/* prepare */
CommandLineSettings settings = createSettingsMockWithNecessaryParts();
SecHubWebScanConfiguration config = simulateProvidedSecHubConfiguration(settings);
/* execute */
OwaspZapScanConfiguration result = factoryToTest.create(settings);
/* test */
assertEquals(result.getSecHubWebScanConfiguration(), config);
}
use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.
the class OwaspZapScanConfigurationFactoryTest method simulateProvidedSecHubConfiguration.
private SecHubWebScanConfiguration simulateProvidedSecHubConfiguration(CommandLineSettings settings) {
File file = new File("not-existing-just-placeholder");
when(settings.getSecHubConfigFile()).thenReturn(file);
SecHubWebScanConfiguration config = new SecHubWebScanConfiguration();
when(webConfigProvider.getSecHubWebConfiguration(file)).thenReturn(config);
return config;
}
Aggregations