Search in sources :

Example 1 with Action

use of com.mercedesbenz.sechub.commons.model.login.Action in project sechub by mercedes-benz.

the class SecHubConfigurationTest method webscan_login_form_script_json_has_webconfig_as_expected.

@Test
public void webscan_login_form_script_json_has_webconfig_as_expected() throws Exception {
    /* prepare */
    String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_login_form_script.json");
    /* execute */
    SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
    /* test */
    Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
    assertTrue("webscan config must be present", webScanOption.isPresent());
    SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
    Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
    assertTrue("login config must be present", loginOption.isPresent());
    WebLoginConfiguration loginConfiguration = loginOption.get();
    assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
    Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
    assertFalse("basic login config must NOT be present", basic.isPresent());
    /*-- form --*/
    Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
    assertTrue("form login config must be present", form.isPresent());
    /*-- form: script --*/
    Optional<Script> script = form.get().getScript();
    assertTrue("script config must be present", script.isPresent());
    Optional<List<Page>> pages = script.get().getPages();
    assertTrue("pages must be present", pages.isPresent());
    assertEquals("must have 1 pages", 1, pages.get().size());
    /*-- page 1 --*/
    Optional<List<Action>> page1 = pages.get().get(0).getActions();
    assertTrue("actions must be present", page1.isPresent());
    assertEquals("must have 3 action entries", 3, page1.get().size());
    Action action1 = page1.get().get(0);
    Action action2 = page1.get().get(1);
    Action action3 = page1.get().get(2);
    assertEquals(ActionType.USERNAME, action1.getType());
    assertEquals("#example_login_userid", action1.getSelector().get());
    assertEquals("user2", action1.getValue().get());
    assertEquals(ActionType.PASSWORD, action2.getType());
    assertEquals("#example_login_pwd", action2.getSelector().get());
    assertEquals("pwd2", action2.getValue().get());
    assertEquals(ActionType.CLICK, action3.getType());
    assertEquals("#example_login_login_button", action3.getSelector().get());
}
Also used : Script(com.mercedesbenz.sechub.commons.model.login.Script) Action(com.mercedesbenz.sechub.commons.model.login.Action) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) URL(java.net.URL) BasicLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration) WebLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration) FormLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration) LinkedList(java.util.LinkedList) List(java.util.List) Test(org.junit.Test)

Example 2 with Action

use of com.mercedesbenz.sechub.commons.model.login.Action in project sechub by mercedes-benz.

the class SecHubConfigurationTest method webscan_alloptions_json_has_webconfig_with_all_examples.

@Test
public void webscan_alloptions_json_has_webconfig_with_all_examples() throws Exception {
    /* prepare */
    String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_alloptions.json");
    /* execute */
    SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
    /* test */
    Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
    assertTrue("webscan config must be present", webScanOption.isPresent());
    SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
    assertEquals(URI.create("https://productfailure.demo.example.org"), secHubWebScanConfiguration.getUri());
    Optional<List<String>> includes = secHubWebScanConfiguration.getIncludes();
    assertTrue("includes must be present", includes.isPresent());
    List<String> expectedIncludes = Arrays.asList("/portal/admin", "/abc.html", "/hidden");
    assertEquals(expectedIncludes, includes.get());
    Optional<List<String>> excludes = secHubWebScanConfiguration.getExcludes();
    assertTrue("excludes must be present", excludes.isPresent());
    List<String> expectedExcludes = Arrays.asList("/public/media", "/contact.html", "/static");
    assertEquals(expectedExcludes, excludes.get());
    Optional<WebScanDurationConfiguration> maxScanDuration = secHubWebScanConfiguration.getMaxScanDuration();
    assertTrue("max san duration config must be present", maxScanDuration.isPresent());
    assertEquals(2, maxScanDuration.get().getDuration());
    assertEquals(SecHubTimeUnit.HOUR, maxScanDuration.get().getUnit());
    Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
    assertTrue("login config must be present", loginOption.isPresent());
    WebLoginConfiguration loginConfiguration = loginOption.get();
    assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
    /*-- basic --*/
    Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
    assertTrue("basic login config must be present", basic.isPresent());
    assertEquals("realm0", basic.get().getRealm().get());
    assertEquals("user0", new String(basic.get().getUser()));
    assertEquals("pwd0", new String(basic.get().getPassword()));
    /*-- form --*/
    Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
    assertTrue("form login config must be present", form.isPresent());
    /*-- form : script --*/
    Optional<Script> script = form.get().getScript();
    assertTrue("script config must be present", script.isPresent());
    Optional<List<Page>> pages = script.get().getPages();
    assertTrue("pages must be present", pages.isPresent());
    assertEquals("must have 2 pages", 2, pages.get().size());
    /*-- page 1 --*/
    Optional<List<Action>> page1 = pages.get().get(0).getActions();
    assertTrue("actions must be present", page1.isPresent());
    assertEquals("must have 2 action entries", 2, page1.get().size());
    Action action1 = page1.get().get(0);
    Action action2 = page1.get().get(1);
    assertEquals(ActionType.USERNAME, action1.getType());
    assertEquals("#example_login_userid", action1.getSelector().get());
    assertEquals("user2", action1.getValue().get());
    assertEquals("This is an example description", action1.getDescription().get());
    assertEquals(ActionType.CLICK, action2.getType());
    assertEquals("#next_button", action2.getSelector().get());
    assertEquals("Click the next button to go to the password field", action2.getDescription().get());
    /*-- page 2 --*/
    Optional<List<Action>> page2 = pages.get().get(1).getActions();
    assertTrue("actions must be present", page2.isPresent());
    assertEquals("must have 4 action entries", 4, page2.get().size());
    Action action3 = page2.get().get(0);
    Action action4 = page2.get().get(1);
    Action action5 = page2.get().get(2);
    Action action6 = page2.get().get(3);
    assertEquals(ActionType.WAIT, action3.getType());
    assertEquals("3200", action3.getValue().get());
    assertEquals(SecHubTimeUnit.MILLISECOND, action3.getUnit().get());
    assertEquals(ActionType.INPUT, action4.getType());
    assertEquals("#email_field", action4.getSelector().get());
    assertEquals("user@example.org", action4.getValue().get());
    assertEquals("The user's email address.", action4.getDescription().get());
    assertEquals(ActionType.PASSWORD, action5.getType());
    assertEquals("#example_login_pwd", action5.getSelector().get());
    assertEquals("pwd2", action5.getValue().get());
    assertEquals(ActionType.CLICK, action6.getType());
    assertEquals("#example_login_login_button", action6.getSelector().get());
}
Also used : Script(com.mercedesbenz.sechub.commons.model.login.Script) Action(com.mercedesbenz.sechub.commons.model.login.Action) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) URL(java.net.URL) BasicLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration) WebLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration) FormLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration) WebScanDurationConfiguration(com.mercedesbenz.sechub.commons.model.WebScanDurationConfiguration) LinkedList(java.util.LinkedList) List(java.util.List) Test(org.junit.Test)

Example 3 with Action

use of com.mercedesbenz.sechub.commons.model.login.Action in project sechub by mercedes-benz.

the class WebConfigBuilderStrategy method configureScriptAuth.

/* ------------------------ */
/* +---- FORM:SCRIPT -----+ */
/* ------------------------ */
@SuppressWarnings("rawtypes")
private <C extends AbstractWebScanAdapterConfig, B extends AbstractWebScanAdapterConfigBuilder<B, C>> void configureScriptAuth(B configBuilder, URL loginUrl, Script script) {
    AbstractWebScanAdapterConfigBuilder<B, C>.LoginBuilder.FormScriptLoginBuilder scriptBuilder = configBuilder.login().url(loginUrl).form().script();
    Optional<List<Page>> optPages = script.getPages();
    if (!optPages.isPresent()) {
        return;
    }
    List<Page> pages = optPages.get();
    for (Page page : pages) {
        FormScriptLoginPageBuilder pageBuilder = scriptBuilder.addPage();
        Optional<List<Action>> optActions = page.getActions();
        if (optActions.isPresent()) {
            List<Action> actions = optActions.get();
            for (Action action : actions) {
                /* @formatter:off */
                pageBuilder.addAction(action.getType()).select(action.getSelector().orElse(null)).enterValue(action.getValue().orElse(null)).description(action.getDescription().orElse(null)).unit(action.getUnit().orElse(null)).endStep();
            /* @formatter:on */
            }
            pageBuilder.doEndPage();
        }
    }
    scriptBuilder.endLogin();
}
Also used : Action(com.mercedesbenz.sechub.commons.model.login.Action) FormScriptLoginPageBuilder(com.mercedesbenz.sechub.adapter.AbstractWebScanAdapterConfigBuilder.LoginBuilder.FormScriptLoginBuilder.FormScriptLoginPageBuilder) List(java.util.List) Page(com.mercedesbenz.sechub.commons.model.login.Page)

Example 4 with Action

use of com.mercedesbenz.sechub.commons.model.login.Action in project sechub by mercedes-benz.

the class SecHubConfigurationTest method webscan_login_form_script_with_wait_json_has_webconfig_as_expected.

@Test
public void webscan_login_form_script_with_wait_json_has_webconfig_as_expected() throws Exception {
    /* prepare */
    String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_login_form_script_with_wait.json");
    /* execute */
    SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
    /* test */
    Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
    assertTrue("webscan config must be present", webScanOption.isPresent());
    SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
    Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
    assertTrue("login config must be present", loginOption.isPresent());
    WebLoginConfiguration loginConfiguration = loginOption.get();
    assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
    Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
    assertFalse("basic login config must NOT be present", basic.isPresent());
    /*-- form --*/
    Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
    assertTrue("form login config must be present", form.isPresent());
    /*-- form : script --*/
    Optional<Script> script = form.get().getScript();
    assertTrue("script config must be present", script.isPresent());
    Optional<List<Page>> pages = script.get().getPages();
    assertTrue("pages must be present", pages.isPresent());
    assertEquals("must have 1 pages", 1, pages.get().size());
    /*-- page 1 --*/
    Optional<List<Action>> page1 = pages.get().get(0).getActions();
    assertTrue("actions must be present", page1.isPresent());
    assertEquals("must have 4 action entries", 4, page1.get().size());
    Action action1 = page1.get().get(0);
    Action action2 = page1.get().get(1);
    Action action3 = page1.get().get(2);
    Action action4 = page1.get().get(3);
    assertEquals(ActionType.INPUT, action1.getType());
    assertEquals("#example_login_userid", action1.getSelector().get());
    assertEquals("user2", action1.getValue().get());
    assertEquals(ActionType.WAIT, action2.getType());
    assertEquals("1458", action2.getValue().get());
    assertEquals(SecHubTimeUnit.MILLISECOND, action2.getUnit().get());
    assertEquals(ActionType.INPUT, action3.getType());
    assertEquals("#example_login_pwd", action3.getSelector().get());
    assertEquals("pwd2", action3.getValue().get());
    assertEquals(ActionType.CLICK, action4.getType());
    assertEquals("#example_login_login_button", action4.getSelector().get());
}
Also used : Script(com.mercedesbenz.sechub.commons.model.login.Script) Action(com.mercedesbenz.sechub.commons.model.login.Action) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) URL(java.net.URL) BasicLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration) WebLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration) FormLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration) LinkedList(java.util.LinkedList) List(java.util.List) Test(org.junit.Test)

Example 5 with Action

use of com.mercedesbenz.sechub.commons.model.login.Action in project sechub by mercedes-benz.

the class SecHubConfigurationTest method webscan_login_form_script_with_descriptions_json_has_webconfig_as_expected.

@Test
public void webscan_login_form_script_with_descriptions_json_has_webconfig_as_expected() throws Exception {
    /* prepare */
    String json = SharedKernelTestFileSupport.getTestfileSupport().loadTestFile("webscan/webscan_login_form_script_with_descriptions.json");
    /* execute */
    SecHubConfiguration result = SECHUB_CONFIG.fromJSON(json);
    /* test */
    Optional<SecHubWebScanConfiguration> webScanOption = result.getWebScan();
    assertTrue("webscan config must be present", webScanOption.isPresent());
    SecHubWebScanConfiguration secHubWebScanConfiguration = webScanOption.get();
    Optional<WebLoginConfiguration> loginOption = secHubWebScanConfiguration.getLogin();
    assertTrue("login config must be present", loginOption.isPresent());
    WebLoginConfiguration loginConfiguration = loginOption.get();
    assertEquals(new URL("https://productfailure.demo.example.org/login"), loginConfiguration.getUrl());
    Optional<BasicLoginConfiguration> basic = loginConfiguration.getBasic();
    assertFalse("basic login config must NOT be present", basic.isPresent());
    /*-- form --*/
    Optional<FormLoginConfiguration> form = loginConfiguration.getForm();
    assertTrue("form login config must be present", form.isPresent());
    /*-- form: script --*/
    Optional<Script> script = form.get().getScript();
    assertTrue("script config must be present", script.isPresent());
    Optional<List<Page>> pages = script.get().getPages();
    assertTrue("pages must be present", pages.isPresent());
    assertEquals("must have 1 pages", 1, pages.get().size());
    /*-- page 1 --*/
    Optional<List<Action>> page1 = pages.get().get(0).getActions();
    assertTrue("actions must be present", page1.isPresent());
    assertEquals("must have 4 action entries", 4, page1.get().size());
    Action action1 = page1.get().get(0);
    Action action2 = page1.get().get(1);
    Action action3 = page1.get().get(2);
    Action action4 = page1.get().get(3);
    assertEquals(ActionType.USERNAME, action1.getType());
    assertEquals("#example_login_userid", action1.getSelector().get());
    assertEquals("user2", action1.getValue().get());
    assertEquals("The username is different from the email address", action1.getDescription().get());
    assertEquals(ActionType.INPUT, action2.getType());
    assertEquals("#example_login_email", action2.getSelector().get());
    assertEquals("user2@example.com", action2.getValue().get());
    assertEquals("The website has a separate field for the email address", action2.getDescription().get());
    assertEquals(ActionType.PASSWORD, action3.getType());
    assertEquals("#example_login_pwd", action3.getSelector().get());
    assertEquals("pwd2", action3.getValue().get());
    assertEquals(ActionType.CLICK, action4.getType());
    assertEquals("#example_login_login_button", action4.getSelector().get());
}
Also used : Script(com.mercedesbenz.sechub.commons.model.login.Script) Action(com.mercedesbenz.sechub.commons.model.login.Action) SecHubWebScanConfiguration(com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration) URL(java.net.URL) BasicLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration) WebLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration) FormLoginConfiguration(com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration) LinkedList(java.util.LinkedList) List(java.util.List) Test(org.junit.Test)

Aggregations

Action (com.mercedesbenz.sechub.commons.model.login.Action)5 List (java.util.List)5 SecHubWebScanConfiguration (com.mercedesbenz.sechub.commons.model.SecHubWebScanConfiguration)4 BasicLoginConfiguration (com.mercedesbenz.sechub.commons.model.login.BasicLoginConfiguration)4 FormLoginConfiguration (com.mercedesbenz.sechub.commons.model.login.FormLoginConfiguration)4 Script (com.mercedesbenz.sechub.commons.model.login.Script)4 WebLoginConfiguration (com.mercedesbenz.sechub.commons.model.login.WebLoginConfiguration)4 URL (java.net.URL)4 LinkedList (java.util.LinkedList)4 Test (org.junit.Test)4 FormScriptLoginPageBuilder (com.mercedesbenz.sechub.adapter.AbstractWebScanAdapterConfigBuilder.LoginBuilder.FormScriptLoginBuilder.FormScriptLoginPageBuilder)1 WebScanDurationConfiguration (com.mercedesbenz.sechub.commons.model.WebScanDurationConfiguration)1 Page (com.mercedesbenz.sechub.commons.model.login.Page)1