use of com.mercedesbenz.sechub.commons.model.WebScanDurationConfiguration in project sechub by mercedes-benz.
the class SecHubConfigurationTest method webscan_alloptions_json_has_webconfig_with_all_examples.
@Test
public void webscan_alloptions_json_has_webconfig_with_all_examples() throws Exception {
/* prepare */
String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_alloptions.json");
/* execute */
SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
/* test */
Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
assertTrue("webscan config must be present", webScanOption.isPresent());
SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
assertEquals(URI.create("https://productfailure.demo.example.org"), secHubWebScanConfiguration.getUri());
Optional<List<String>> includes = secHubWebScanConfiguration.getIncludes();
assertTrue("includes must be present", includes.isPresent());
List<String> expectedIncludes = Arrays.asList("/portal/admin", "/abc.html", "/hidden");
assertEquals(expectedIncludes, includes.get());
Optional<List<String>> excludes = secHubWebScanConfiguration.getExcludes();
assertTrue("excludes must be present", excludes.isPresent());
List<String> expectedExcludes = Arrays.asList("/public/media", "/contact.html", "/static");
assertEquals(expectedExcludes, excludes.get());
Optional<WebScanDurationConfiguration> maxScanDuration = secHubWebScanConfiguration.getMaxScanDuration();
assertTrue("max san duration config must be present", maxScanDuration.isPresent());
assertEquals(2, maxScanDuration.get().getDuration());
assertEquals(SecHubTimeUnit.HOUR, maxScanDuration.get().getUnit());
Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
assertTrue("login config must be present", loginOption.isPresent());
WebLoginConfiguration loginConfiguration = loginOption.get();
assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
/*-- basic --*/
Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
assertTrue("basic login config must be present", basic.isPresent());
assertEquals("realm0", basic.get().getRealm().get());
assertEquals("user0", new String(basic.get().getUser()));
assertEquals("pwd0", new String(basic.get().getPassword()));
/*-- form --*/
Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
assertTrue("form login config must be present", form.isPresent());
/*-- form : script --*/
Optional<Script> script = form.get().getScript();
assertTrue("script config must be present", script.isPresent());
Optional<List<Page>> pages = script.get().getPages();
assertTrue("pages must be present", pages.isPresent());
assertEquals("must have 2 pages", 2, pages.get().size());
/*-- page 1 --*/
Optional<List<Action>> page1 = pages.get().get(0).getActions();
assertTrue("actions must be present", page1.isPresent());
assertEquals("must have 2 action entries", 2, page1.get().size());
Action action1 = page1.get().get(0);
Action action2 = page1.get().get(1);
assertEquals(ActionType.USERNAME, action1.getType());
assertEquals("#example_login_userid", action1.getSelector().get());
assertEquals("user2", action1.getValue().get());
assertEquals("This is an example description", action1.getDescription().get());
assertEquals(ActionType.CLICK, action2.getType());
assertEquals("#next_button", action2.getSelector().get());
assertEquals("Click the next button to go to the password field", action2.getDescription().get());
/*-- page 2 --*/
Optional<List<Action>> page2 = pages.get().get(1).getActions();
assertTrue("actions must be present", page2.isPresent());
assertEquals("must have 4 action entries", 4, page2.get().size());
Action action3 = page2.get().get(0);
Action action4 = page2.get().get(1);
Action action5 = page2.get().get(2);
Action action6 = page2.get().get(3);
assertEquals(ActionType.WAIT, action3.getType());
assertEquals("3200", action3.getValue().get());
assertEquals(SecHubTimeUnit.MILLISECOND, action3.getUnit().get());
assertEquals(ActionType.INPUT, action4.getType());
assertEquals("#email_field", action4.getSelector().get());
assertEquals("user@example.org", action4.getValue().get());
assertEquals("The user's email address.", action4.getDescription().get());
assertEquals(ActionType.PASSWORD, action5.getType());
assertEquals("#example_login_pwd", action5.getSelector().get());
assertEquals("pwd2", action5.getValue().get());
assertEquals(ActionType.CLICK, action6.getType());
assertEquals("#example_login_login_button", action6.getSelector().get());
}
use of com.mercedesbenz.sechub.commons.model.WebScanDurationConfiguration in project sechub by mercedes-benz.
the class WebConfigBuilderStrategy method handleMaxScanDuration.
private <B extends AbstractWebScanAdapterConfigBuilder<B, ?>> void handleMaxScanDuration(B configBuilder, SecHubWebScanConfiguration webscanConfig) {
Optional<WebScanDurationConfiguration> optMaxScanDuration = webscanConfig.getMaxScanDuration();
if (!optMaxScanDuration.isPresent()) {
return;
}
int duration = optMaxScanDuration.get().getDuration();
SecHubTimeUnit unit = optMaxScanDuration.get().getUnit();
SecHubTimeUnitData maxScanDuration = SecHubTimeUnitData.of(duration, unit);
configBuilder.setMaxScanDuration(maxScanDuration);
}
use of com.mercedesbenz.sechub.commons.model.WebScanDurationConfiguration in project sechub by mercedes-benz.
the class SchedulerRestControllerRestDocTest method restDoc_userCreatesNewJob_webscan_anonymous.
@Test
@UseCaseRestDoc(useCase = UseCaseUserCreatesNewJob.class, variant = "Web scan anonymous")
public void restDoc_userCreatesNewJob_webscan_anonymous() throws Exception {
/* prepare */
String apiEndpoint = https(PORT_USED).buildAddJobUrl(PROJECT_ID.pathElement());
Class<? extends Annotation> useCase = UseCaseUserCreatesNewJob.class;
UUID randomUUID = UUID.randomUUID();
SchedulerResult mockResult = new SchedulerResult(randomUUID);
WebScanDurationConfiguration maxScanDuration = new WebScanDurationConfiguration();
maxScanDuration.setDuration(1);
maxScanDuration.setUnit(SecHubTimeUnit.HOUR);
List<String> includes = Arrays.asList("/admin", "/hidden", "/admin.html");
List<String> excludes = Arrays.asList("/public/media", "/static", "/contaxt.html");
when(mockedScheduleCreateJobService.createJob(any(), any(SecHubConfiguration.class))).thenReturn(mockResult);
/* execute + test @formatter:off */
this.mockMvc.perform(post(apiEndpoint, PROJECT1_ID).contentType(MediaType.APPLICATION_JSON_VALUE).content(configureSecHub().api("1.0").webConfig().addURI("https://localhost/mywebapp/login").maxScanDuration(maxScanDuration).addIncludes(includes).addExcludes(excludes).build().toJSON())).andExpect(status().isOk()).andExpect(content().json("{jobId:" + randomUUID.toString() + "}")).andDo(defineRestService().with().useCaseData(useCase, "Web Scan anonymous").tag(RestDocFactory.extractTag(apiEndpoint)).requestSchema(OpenApiSchema.SCAN_JOB.getSchema()).responseSchema(OpenApiSchema.JOB_ID.getSchema()).and().document(pathParameters(parameterWithName(PROJECT_ID.paramName()).description("The unique id of the project id where a new sechub job shall be created")), requestFields(fieldWithPath(PROPERTY_API_VERSION).description("The api version, currently only 1.0 is supported"), fieldWithPath(PROPERTY_WEB_SCAN).description("Webscan configuration block").optional(), fieldWithPath(PROPERTY_WEB_SCAN + "." + SecHubWebScanConfiguration.PROPERTY_URI).description("Webscan URI to scan for").optional(), fieldWithPath(PROPERTY_WEB_SCAN + "." + SecHubWebScanConfiguration.PROPERTY_MAX_SCAN_DURATION + "." + WebScanDurationConfiguration.PROPERTY_DURATION).description("Duration of the scan as integer").optional(), fieldWithPath(PROPERTY_WEB_SCAN + "." + SecHubWebScanConfiguration.PROPERTY_MAX_SCAN_DURATION + "." + WebScanDurationConfiguration.PROPERTY_UNIT).description("Unit of the duration. Possible values are: millisecond(s), second(s), minute(s), hour(s), day(s)").optional(), fieldWithPath(PROPERTY_WEB_SCAN + "." + SecHubWebScanConfiguration.PROPERTY_INCLUDES + "[]").description("Include URL sub-paths to scan. Example: /hidden").optional(), fieldWithPath(PROPERTY_WEB_SCAN + "." + SecHubWebScanConfiguration.PROPERTY_EXCLUDES + "[]").description("Exclude URL sub-paths to scan. Example: /admin").optional()), responseFields(fieldWithPath(SchedulerResult.PROPERTY_JOBID).description("A unique job id"))));
/* @formatter:on */
}
Aggregations