Examples with SecHubWebScanConfiguration com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration used on opensource projects

Search in sources :

Example 16 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class SecHubConfigurationTest method webscan_login_form_script_with_wait_json_has_webconfig_as_expected.

@Test
public void webscan_login_form_script_with_wait_json_has_webconfig_as_expected() throws Exception {
    /* prepare */
    String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_login_form_script_with_wait.json");
    /* execute */
    SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
    /* test */
    Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
    assertTrue("webscan config must be present", webScanOption.isPresent());
    SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
    Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
    assertTrue("login config must be present", loginOption.isPresent());
    WebLoginConfiguration loginConfiguration = loginOption.get();
    assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
    Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
    assertFalse("basic login config must NOT be present", basic.isPresent());
    /*-- form --*/
    Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
    assertTrue("form login config must be present", form.isPresent());
    /*-- form : script --*/
    Optional<Script> script = form.get().getScript();
    assertTrue("script config must be present", script.isPresent());
    Optional<List<Page>> pages = script.get().getPages();
    assertTrue("pages must be present", pages.isPresent());
    assertEquals("must have 1 pages", 1, pages.get().size());
    /*-- page 1 --*/
    Optional<List<Action>> page1 = pages.get().get(0).getActions();
    assertTrue("actions must be present", page1.isPresent());
    assertEquals("must have 4 action entries", 4, page1.get().size());
    Action action1 = page1.get().get(0);
    Action action2 = page1.get().get(1);
    Action action3 = page1.get().get(2);
    Action action4 = page1.get().get(3);
    assertEquals(ActionType.INPUT, action1.getType());
    assertEquals("#example_login_userid", action1.getSelector().get());
    assertEquals("user2", action1.getValue().get());
    assertEquals(ActionType.WAIT, action2.getType());
    assertEquals("1458", action2.getValue().get());
    assertEquals(SecHubTimeUnit.MILLISECOND, action2.getUnit().get());
    assertEquals(ActionType.INPUT, action3.getType());
    assertEquals("#example_login_pwd", action3.getSelector().get());
    assertEquals("pwd2", action3.getValue().get());
    assertEquals(ActionType.CLICK, action4.getType());
    assertEquals("#example_login_login_button", action4.getSelector().get());
}
Also used : Script(com.mercedesbenz.sechub.commons.model.login.Script) Action(com.mercedesbenz.sechub.commons.model.login.Action) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) URL(java.net.URL) BasicLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration) WebLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration) FormLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration) LinkedList(java.util.LinkedList) List(java.util.List) Test(org.junit.Test)

Example 17 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class SecHubConfigurationTest method webscan_login_form_script_with_descriptions_json_has_webconfig_as_expected.

@Test
public void webscan_login_form_script_with_descriptions_json_has_webconfig_as_expected() throws Exception {
    /* prepare */
    String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_login_form_script_with_descriptions.json");
    /* execute */
    SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
    /* test */
    Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
    assertTrue("webscan config must be present", webScanOption.isPresent());
    SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
    Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
    assertTrue("login config must be present", loginOption.isPresent());
    WebLoginConfiguration loginConfiguration = loginOption.get();
    assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
    Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
    assertFalse("basic login config must NOT be present", basic.isPresent());
    /*-- form --*/
    Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
    assertTrue("form login config must be present", form.isPresent());
    /*-- form: script --*/
    Optional<Script> script = form.get().getScript();
    assertTrue("script config must be present", script.isPresent());
    Optional<List<Page>> pages = script.get().getPages();
    assertTrue("pages must be present", pages.isPresent());
    assertEquals("must have 1 pages", 1, pages.get().size());
    /*-- page 1 --*/
    Optional<List<Action>> page1 = pages.get().get(0).getActions();
    assertTrue("actions must be present", page1.isPresent());
    assertEquals("must have 4 action entries", 4, page1.get().size());
    Action action1 = page1.get().get(0);
    Action action2 = page1.get().get(1);
    Action action3 = page1.get().get(2);
    Action action4 = page1.get().get(3);
    assertEquals(ActionType.USERNAME, action1.getType());
    assertEquals("#example_login_userid", action1.getSelector().get());
    assertEquals("user2", action1.getValue().get());
    assertEquals("The username is different from the email address", action1.getDescription().get());
    assertEquals(ActionType.INPUT, action2.getType());
    assertEquals("#example_login_email", action2.getSelector().get());
    assertEquals("user2@example.com", action2.getValue().get());
    assertEquals("The website has a separate field for the email address", action2.getDescription().get());
    assertEquals(ActionType.PASSWORD, action3.getType());
    assertEquals("#example_login_pwd", action3.getSelector().get());
    assertEquals("pwd2", action3.getValue().get());
    assertEquals(ActionType.CLICK, action4.getType());
    assertEquals("#example_login_login_button", action4.getSelector().get());
}
Also used : Script(com.mercedesbenz.sechub.commons.model.login.Script) Action(com.mercedesbenz.sechub.commons.model.login.Action) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) URL(java.net.URL) BasicLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration) WebLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration) FormLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration) LinkedList(java.util.LinkedList) List(java.util.List) Test(org.junit.Test)

Example 18 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class SecHubConfigurationTest method webscan_login_basic_json_has_webconfig_as_expected.

@Test
public void webscan_login_basic_json_has_webconfig_as_expected() throws Exception {
    /* prepare */
    String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_login_basic.json");
    /* execute */
    SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
    /* test */
    Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
    assertTrue("webscan config must be present", webScanOption.isPresent());
    SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
    Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
    assertTrue("login config must be present", loginOption.isPresent());
    WebLoginConfiguration loginConfiguration = loginOption.get();
    assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
    /*-- basic --*/
    Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
    assertTrue("basic login config must be present", basic.isPresent());
    assertEquals("realm0", basic.get().getRealm().get());
    assertEquals("user0", new String(basic.get().getUser()));
    assertEquals("pwd0", new String(basic.get().getPassword()));
    /*-- form --*/
    Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
    assertFalse("form login config must NOT be present", form.isPresent());
}
Also used : WebLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) FormLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration) URL(java.net.URL) BasicLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration) Test(org.junit.Test)

Example 19 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class SecHubFileStructureDataProviderBuilder method build.

public SecHubFileStructureDataProvider build() {
    if (scanType == null) {
        throw new IllegalStateException("scanType is not set");
    }
    if (model == null) {
        throw new IllegalStateException("model is not set");
    }
    MutableSecHubFileStructureDataProvider data = new MutableSecHubFileStructureDataProvider();
    switch(scanType) {
        case CODE_SCAN:
            data.setRootFolderAccepted(true);
            addAllUsages(data, model.getCodeScan(), false);
            break;
        case INFRA_SCAN:
            break;
        case LICENSE_SCAN:
            addAllUsages(data, model.getLicenseScan(), true);
            break;
        case REPORT:
            break;
        case UNKNOWN:
            break;
        case WEB_SCAN:
            Optional<SecHubWebScanConfiguration> webScanOpt = model.getWebScan();
            if (!webScanOpt.isPresent()) {
                throw new IllegalStateException("No webscan present but it is a " + scanType);
            }
            SecHubWebScanConfiguration webScan = webScanOpt.get();
            Optional<SecHubWebScanApiConfiguration> apiOpt = webScan.getApi();
            addAllUsages(data, apiOpt, false);
            break;
        default:
            break;
    }
    return data;
}
Also used : SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) SecHubWebScanApiConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanApiConfiguration)

Example 20 with SecHubWebScanConfiguration

use of com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration in project sechub by mercedes-benz.

the class OwaspZapScanConfigurationFactoryTest method created_configuration_has_max_scan_duration_from_sechub_webconfig.

@Test
void created_configuration_has_max_scan_duration_from_sechub_webconfig() {
    /* prepare */
    CommandLineSettings settings = createSettingsMockWithNecessaryParts();
    SecHubWebScanConfiguration config = simulateProvidedSecHubConfiguration(settings);
    long maxScanDueration = 4711L;
    when(sechubWebConfigHelper.fetchMaxScanDurationInMillis(config)).thenReturn(maxScanDueration);
    /* execute */
    OwaspZapScanConfiguration result = factoryToTest.create(settings);
    /* test */
    assertEquals(result.getMaxScanDurationInMillis(), maxScanDueration);
}
Also used : SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) CommandLineSettings(com.mercedesbenz.sechub.owaspzapwrapper.cli.CommandLineSettings) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

SecHubWebScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration)28 URI (java.net.URI)11 Test (org.junit.Test)11 BasicLoginConfiguration (com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration)7 WebLoginConfiguration (com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration)7 FormLoginConfiguration (com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration)6 URL (java.net.URL)6 Test (org.junit.jupiter.api.Test)6 LinkedList (java.util.LinkedList)5 List (java.util.List)5 Action (com.mercedesbenz.sechub.commons.model.login.Action)4 Script (com.mercedesbenz.sechub.commons.model.login.Script)4 AuthenticationType (com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType)4 SecHubScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubScanConfiguration)3 CommandLineSettings (com.mercedesbenz.sechub.owaspzapwrapper.cli.CommandLineSettings)3 File (java.io.File)3 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3 MustExitRuntimeException (com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException)2 TextFileReader (com.mercedesbenz.sechub.commons.TextFileReader)1 SecHubInfrastructureScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubInfrastructureScanConfiguration)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial