Search in sources :

Example 6 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class SecHubConfigurationTest method webscan_login_form_script_json_has_webconfig_as_expected.

@Test
public void webscan_login_form_script_json_has_webconfig_as_expected() throws Exception {
    /* prepare */
    String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_login_form_script.json");
    /* execute */
    SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
    /* test */
    Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
    assertTrue("webscan config must be present", webScanOption.isPresent());
    SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
    Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
    assertTrue("login config must be present", loginOption.isPresent());
    WebLoginConfiguration loginConfiguration = loginOption.get();
    assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
    Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
    assertFalse("basic login config must NOT be present", basic.isPresent());
    /*-- form --*/
    Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
    assertTrue("form login config must be present", form.isPresent());
    /*-- form: script --*/
    Optional<Script> script = form.get().getScript();
    assertTrue("script config must be present", script.isPresent());
    Optional<List<Page>> pages = script.get().getPages();
    assertTrue("pages must be present", pages.isPresent());
    assertEquals("must have 1 pages", 1, pages.get().size());
    /*-- page 1 --*/
    Optional<List<Action>> page1 = pages.get().get(0).getActions();
    assertTrue("actions must be present", page1.isPresent());
    assertEquals("must have 3 action entries", 3, page1.get().size());
    Action action1 = page1.get().get(0);
    Action action2 = page1.get().get(1);
    Action action3 = page1.get().get(2);
    assertEquals(ActionType.USERNAME, action1.getType());
    assertEquals("#example_login_userid", action1.getSelector().get());
    assertEquals("user2", action1.getValue().get());
    assertEquals(ActionType.PASSWORD, action2.getType());
    assertEquals("#example_login_pwd", action2.getSelector().get());
    assertEquals("pwd2", action2.getValue().get());
    assertEquals(ActionType.CLICK, action3.getType());
    assertEquals("#example_login_login_button", action3.getSelector().get());
}
Also used : Script(com.mercedesbenz.sechub.commons.model.login.Script) Action(com.mercedesbenz.sechub.commons.model.login.Action) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) URL(java.net.URL) BasicLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration) WebLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration) FormLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration) LinkedList(java.util.LinkedList) List(java.util.List) Test(org.junit.Test)

Example 7 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class SecHubConfigurationTest method webscan_alloptions_json_has_webconfig_with_all_examples.

@Test
public void webscan_alloptions_json_has_webconfig_with_all_examples() throws Exception {
    /* prepare */
    String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_alloptions.json");
    /* execute */
    SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
    /* test */
    Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
    assertTrue("webscan config must be present", webScanOption.isPresent());
    SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
    assertEquals(URI.create("https://productfailure.demo.example.org"), secHubWebScanConfiguration.getUri());
    Optional<List<String>> includes = secHubWebScanConfiguration.getIncludes();
    assertTrue("includes must be present", includes.isPresent());
    List<String> expectedIncludes = Arrays.asList("/portal/admin", "/abc.html", "/hidden");
    assertEquals(expectedIncludes, includes.get());
    Optional<List<String>> excludes = secHubWebScanConfiguration.getExcludes();
    assertTrue("excludes must be present", excludes.isPresent());
    List<String> expectedExcludes = Arrays.asList("/public/media", "/contact.html", "/static");
    assertEquals(expectedExcludes, excludes.get());
    Optional<WebScanDurationConfiguration> maxScanDuration = secHubWebScanConfiguration.getMaxScanDuration();
    assertTrue("max san duration config must be present", maxScanDuration.isPresent());
    assertEquals(2, maxScanDuration.get().getDuration());
    assertEquals(SecHubTimeUnit.HOUR, maxScanDuration.get().getUnit());
    Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
    assertTrue("login config must be present", loginOption.isPresent());
    WebLoginConfiguration loginConfiguration = loginOption.get();
    assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
    /*-- basic --*/
    Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
    assertTrue("basic login config must be present", basic.isPresent());
    assertEquals("realm0", basic.get().getRealm().get());
    assertEquals("user0", new String(basic.get().getUser()));
    assertEquals("pwd0", new String(basic.get().getPassword()));
    /*-- form --*/
    Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
    assertTrue("form login config must be present", form.isPresent());
    /*-- form : script --*/
    Optional<Script> script = form.get().getScript();
    assertTrue("script config must be present", script.isPresent());
    Optional<List<Page>> pages = script.get().getPages();
    assertTrue("pages must be present", pages.isPresent());
    assertEquals("must have 2 pages", 2, pages.get().size());
    /*-- page 1 --*/
    Optional<List<Action>> page1 = pages.get().get(0).getActions();
    assertTrue("actions must be present", page1.isPresent());
    assertEquals("must have 2 action entries", 2, page1.get().size());
    Action action1 = page1.get().get(0);
    Action action2 = page1.get().get(1);
    assertEquals(ActionType.USERNAME, action1.getType());
    assertEquals("#example_login_userid", action1.getSelector().get());
    assertEquals("user2", action1.getValue().get());
    assertEquals("This is an example description", action1.getDescription().get());
    assertEquals(ActionType.CLICK, action2.getType());
    assertEquals("#next_button", action2.getSelector().get());
    assertEquals("Click the next button to go to the password field", action2.getDescription().get());
    /*-- page 2 --*/
    Optional<List<Action>> page2 = pages.get().get(1).getActions();
    assertTrue("actions must be present", page2.isPresent());
    assertEquals("must have 4 action entries", 4, page2.get().size());
    Action action3 = page2.get().get(0);
    Action action4 = page2.get().get(1);
    Action action5 = page2.get().get(2);
    Action action6 = page2.get().get(3);
    assertEquals(ActionType.WAIT, action3.getType());
    assertEquals("3200", action3.getValue().get());
    assertEquals(SecHubTimeUnit.MILLISECOND, action3.getUnit().get());
    assertEquals(ActionType.INPUT, action4.getType());
    assertEquals("#email_field", action4.getSelector().get());
    assertEquals("user@example.org", action4.getValue().get());
    assertEquals("The user's email address.", action4.getDescription().get());
    assertEquals(ActionType.PASSWORD, action5.getType());
    assertEquals("#example_login_pwd", action5.getSelector().get());
    assertEquals("pwd2", action5.getValue().get());
    assertEquals(ActionType.CLICK, action6.getType());
    assertEquals("#example_login_login_button", action6.getSelector().get());
}
Also used : Script(com.mercedesbenz.sechub.commons.model.login.Script) Action(com.mercedesbenz.sechub.commons.model.login.Action) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) URL(java.net.URL) BasicLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration) WebLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration) FormLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration) WebScanDurationConfiguration(com.mercedesbenz.sechub.commons.model.WebScanDurationConfiguration) LinkedList(java.util.LinkedList) List(java.util.List) Test(org.junit.Test)

Example 8 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class OwaspZapScanConfigurationFactoryTest method authentication_type_from_config_is_in_result.

@Test
void authentication_type_from_config_is_in_result() {
    /* prepare */
    CommandLineSettings settings = createSettingsMockWithNecessaryParts();
    SecHubWebScanConfiguration config = simulateProvidedSecHubConfiguration(settings);
    AuthenticationType type = AuthenticationType.FORM_BASED_AUTHENTICATION;
    when(sechubWebConfigHelper.determineAuthenticationType(config)).thenReturn(type);
    /* execute */
    OwaspZapScanConfiguration result = factoryToTest.create(settings);
    /* test */
    assertEquals(result.getAuthenticationType(), type);
}
Also used : SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) CommandLineSettings(com.mercedesbenz.sechub.owaspzapwrapper.cli.CommandLineSettings) AuthenticationType(com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 9 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class OwaspZapScanConfigurationFactoryTest method configuration_returned_by_provider_is_inside_result.

@Test
void configuration_returned_by_provider_is_inside_result() {
    /* prepare */
    CommandLineSettings settings = createSettingsMockWithNecessaryParts();
    SecHubWebScanConfiguration config = simulateProvidedSecHubConfiguration(settings);
    /* execute */
    OwaspZapScanConfiguration result = factoryToTest.create(settings);
    /* test */
    assertEquals(result.getSecHubWebScanConfiguration(), config);
}
Also used : SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) CommandLineSettings(com.mercedesbenz.sechub.owaspzapwrapper.cli.CommandLineSettings) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 10 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class OwaspZapScanConfigurationFactoryTest method simulateProvidedSecHubConfiguration.

private SecHubWebScanConfiguration simulateProvidedSecHubConfiguration(CommandLineSettings settings) {
    File file = new File("not-existing-just-placeholder");
    when(settings.getSecHubConfigFile()).thenReturn(file);
    SecHubWebScanConfiguration config = new SecHubWebScanConfiguration();
    when(webConfigProvider.getSecHubWebConfiguration(file)).thenReturn(config);
    return config;
}
Also used : SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) File(java.io.File)

Aggregations

SecHubWebScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration)28 URI (java.net.URI)11 Test (org.junit.Test)11 BasicLoginConfiguration (com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration)7 WebLoginConfiguration (com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration)7 FormLoginConfiguration (com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration)6 URL (java.net.URL)6 Test (org.junit.jupiter.api.Test)6 LinkedList (java.util.LinkedList)5 List (java.util.List)5 Action (com.mercedesbenz.sechub.commons.model.login.Action)4 Script (com.mercedesbenz.sechub.commons.model.login.Script)4 AuthenticationType (com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType)4 SecHubScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration)3 CommandLineSettings (com.mercedesbenz.sechub.owaspzapwrapper.cli.CommandLineSettings)3 File (java.io.File)3 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3 MustExitRuntimeException (com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException)2 TextFileReader (com.mercedesbenz.sechub.commons.TextFileReader)1 SecHubInfrastructureScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubInfrastructureScanConfiguration)1