use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.
the class SerecoProductResultTransformerTest method transformation_of_solution_is_done.
@Test
public void transformation_of_solution_is_done() throws Exception {
/* prepare */
String converted = createMetaDataWithOneVulnerabilityFound();
/* execute */
ReportTransformationResult result = transformerToTest.transform(createProductResult(converted));
/* test */
/* @formatter:off */
AssertSecHubResult.assertSecHubResult(result.getResult()).hasFindingWithId(1).hasSolution("solution1");
/* @formatter:on */
}
use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.
the class SerecoProductResultTransformerTest method one_vulnerability_as_code_in_meta_results_in_one_finding.
@Test
public void one_vulnerability_as_code_in_meta_results_in_one_finding() throws Exception {
/* prepare */
String converted = createMetaDataWithOneVulnerabilityAsCodeFound();
/* execute */
ReportTransformationResult result = transformerToTest.transform(createProductResult(converted));
/* test */
SecHubResult sechubResult = result.getResult();
for (SecHubFinding finding : sechubResult.getFindings()) {
assertEquals(ScanType.CODE_SCAN, finding.getType());
}
AssertSecHubResult.assertSecHubResult(sechubResult).hasFindings(1);
SecHubFinding finding1 = sechubResult.getFindings().get(0);
SecHubCodeCallStack code1 = finding1.getCode();
assertNotNull(code1);
assertEquals(Integer.valueOf(1), code1.getLine());
assertEquals(Integer.valueOf(2), code1.getColumn());
assertEquals("Location1", code1.getLocation());
assertEquals("source1", code1.getSource());
assertEquals("relevantPart1", code1.getRelevantPart());
SecHubCodeCallStack code2 = code1.getCalls();
assertNotNull(code2);
assertEquals(Integer.valueOf(3), code2.getLine());
assertEquals(Integer.valueOf(4), code2.getColumn());
assertEquals("Location2", code2.getLocation());
assertEquals("source2", code2.getSource());
assertEquals("relevantPart2", code2.getRelevantPart());
}
use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.
the class CreateScanReportService method createReport.
/**
* Creates a report based on product results. There is no security check because
* its only called internally from system.
*
* @param context
* @return report, never <code>null</code>
* @throws ScanReportException
*/
public ScanReport createReport(SecHubExecutionContext context) throws ScanReportException {
notNull(context, "Context may not be null!");
UUID sechubJobUUID = context.getSechubJobUUID();
if (sechubJobUUID == null) {
throw new ScanReportException("Cannot create a report for Job UUID:null");
}
LOG.info("Creating report for {}, will delete former reports if existing", traceLogID(sechubJobUUID));
/* we allow only one report for one job */
scanReportTransactionService.deleteAllReportsForSecHubJobUUIDinOwnTransaction(sechubJobUUID);
/*
* create report - project id in configuration was set on job creation time and
* is always correct/valid and will differ between api parameter and config..!
*/
ScanReport scanReport = new ScanReport(sechubJobUUID, context.getConfiguration().getProjectId());
scanReport.setStarted(LocalDateTime.now());
/* execute report products */
try {
reportProductExecutionService.executeProductsAndStoreResults(context);
} catch (SecHubExecutionException e) {
throw new ScanReportException("Report product execution failed", e);
}
/* transform */
ReportTransformationResult reportTransformerResult;
try {
reportTransformerResult = reportTransformerService.createResult(context);
scanReport.setResultType(ScanReportResultType.MODEL);
scanReport.setResult(reportTransformerResult.toJSON());
} catch (Exception e) {
throw new ScanReportException("Was not able to build sechub result", e);
}
/* create and set the traffic light */
TrafficLight trafficLight = trafficLightCalculator.calculateTrafficLight(reportTransformerResult);
scanReport.setTrafficLight(trafficLight);
/* update time stamp */
scanReport.setEnded(LocalDateTime.now());
/* persist */
return reportRepository.save(scanReport);
}
use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.
the class ReportServiceTest method before.
@Before
public void before() throws Exception {
serviceToTest = new CreateScanReportService();
secHubJobUUID = UUID.randomUUID();
context = mock(SecHubExecutionContext.class);
configuration = mock(SecHubConfiguration.class);
when(context.getConfiguration()).thenReturn(configuration);
when(context.getSechubJobUUID()).thenReturn(secHubJobUUID);
when(configuration.getProjectId()).thenReturn("project1");
reportRepository = mock(ScanReportRepository.class);
/* just return report as given to save method... */
when(reportRepository.save(any(ScanReport.class))).thenAnswer(new Answer<ScanReport>() {
@Override
public ScanReport answer(InvocationOnMock invocation) throws Throwable {
return (ScanReport) invocation.getArguments()[0];
}
});
scanReportTransactionService = mock(ScanReportTransactionService.class);
reportProductExecutionService = mock(ReportProductExecutionService.class);
reportTransformationResult = mock(ReportTransformationResult.class);
SecHubResult sechubResult = mock(SecHubResult.class);
when(reportTransformationResult.getResult()).thenReturn(sechubResult);
secHubResultService = mock(SecHubReportProductTransformerService.class);
when(secHubResultService.createResult(context)).thenReturn(reportTransformationResult);
trafficLightCalculator = mock(ScanReportTrafficLightCalculator.class);
serviceToTest.reportProductExecutionService = reportProductExecutionService;
serviceToTest.reportTransformerService = secHubResultService;
serviceToTest.trafficLightCalculator = trafficLightCalculator;
serviceToTest.reportRepository = reportRepository;
serviceToTest.scanReportTransactionService = scanReportTransactionService;
}
use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.
the class ReportTestHelper method transform.
private static ReportTransformationResult transform(String xml, ProductIdentifier productIdentifier, String sechubJobUUID, ProductResultImporter importer) throws IOException, SecHubExecutionException {
ProductExecutorConfigInfo info = mock(ProductExecutorConfigInfo.class);
when(info.getProductIdentifier()).thenReturn(productIdentifier);
// import from SARIF to SERECO format
SerecoMetaData serecoMetaData = importer.importResult(xml);
String serecoJSon = JSONConverter.get().toJSON(serecoMetaData);
// transform SERECO JSON to SecHub report transformation result
ProductResult productResult = new ProductResult(UUID.fromString(sechubJobUUID), "project-1", info, serecoJSon);
ReportTransformationResult result = transfomer.transform(productResult);
return result;
}
Aggregations