Search in sources :

Example 1 with ReportTransformationResult

use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.

the class SerecoProductResultTransformerTest method transformation_of_solution_is_done.

@Test
public void transformation_of_solution_is_done() throws Exception {
    /* prepare */
    String converted = createMetaDataWithOneVulnerabilityFound();
    /* execute */
    ReportTransformationResult result = transformerToTest.transform(createProductResult(converted));
    /* test */
    /* @formatter:off */
    AssertSecHubResult.assertSecHubResult(result.getResult()).hasFindingWithId(1).hasSolution("solution1");
/* @formatter:on */
}
Also used : ReportTransformationResult(com.mercedesbenz.sechub.domain.scan.ReportTransformationResult) Test(org.junit.Test)

Example 2 with ReportTransformationResult

use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.

the class SerecoProductResultTransformerTest method one_vulnerability_as_code_in_meta_results_in_one_finding.

@Test
public void one_vulnerability_as_code_in_meta_results_in_one_finding() throws Exception {
    /* prepare */
    String converted = createMetaDataWithOneVulnerabilityAsCodeFound();
    /* execute */
    ReportTransformationResult result = transformerToTest.transform(createProductResult(converted));
    /* test */
    SecHubResult sechubResult = result.getResult();
    for (SecHubFinding finding : sechubResult.getFindings()) {
        assertEquals(ScanType.CODE_SCAN, finding.getType());
    }
    AssertSecHubResult.assertSecHubResult(sechubResult).hasFindings(1);
    SecHubFinding finding1 = sechubResult.getFindings().get(0);
    SecHubCodeCallStack code1 = finding1.getCode();
    assertNotNull(code1);
    assertEquals(Integer.valueOf(1), code1.getLine());
    assertEquals(Integer.valueOf(2), code1.getColumn());
    assertEquals("Location1", code1.getLocation());
    assertEquals("source1", code1.getSource());
    assertEquals("relevantPart1", code1.getRelevantPart());
    SecHubCodeCallStack code2 = code1.getCalls();
    assertNotNull(code2);
    assertEquals(Integer.valueOf(3), code2.getLine());
    assertEquals(Integer.valueOf(4), code2.getColumn());
    assertEquals("Location2", code2.getLocation());
    assertEquals("source2", code2.getSource());
    assertEquals("relevantPart2", code2.getRelevantPart());
}
Also used : SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) ReportTransformationResult(com.mercedesbenz.sechub.domain.scan.ReportTransformationResult) AssertSecHubResult(com.mercedesbenz.sechub.domain.scan.AssertSecHubResult) SecHubResult(com.mercedesbenz.sechub.commons.model.SecHubResult) SecHubCodeCallStack(com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack) Test(org.junit.Test)

Example 3 with ReportTransformationResult

use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.

the class CreateScanReportService method createReport.

/**
 * Creates a report based on product results. There is no security check because
 * its only called internally from system.
 *
 * @param context
 * @return report, never <code>null</code>
 * @throws ScanReportException
 */
public ScanReport createReport(SecHubExecutionContext context) throws ScanReportException {
    notNull(context, "Context may not be null!");
    UUID sechubJobUUID = context.getSechubJobUUID();
    if (sechubJobUUID == null) {
        throw new ScanReportException("Cannot create a report for Job UUID:null");
    }
    LOG.info("Creating report for {}, will delete former reports if existing", traceLogID(sechubJobUUID));
    /* we allow only one report for one job */
    scanReportTransactionService.deleteAllReportsForSecHubJobUUIDinOwnTransaction(sechubJobUUID);
    /*
         * create report - project id in configuration was set on job creation time and
         * is always correct/valid and will differ between api parameter and config..!
         */
    ScanReport scanReport = new ScanReport(sechubJobUUID, context.getConfiguration().getProjectId());
    scanReport.setStarted(LocalDateTime.now());
    /* execute report products */
    try {
        reportProductExecutionService.executeProductsAndStoreResults(context);
    } catch (SecHubExecutionException e) {
        throw new ScanReportException("Report product execution failed", e);
    }
    /* transform */
    ReportTransformationResult reportTransformerResult;
    try {
        reportTransformerResult = reportTransformerService.createResult(context);
        scanReport.setResultType(ScanReportResultType.MODEL);
        scanReport.setResult(reportTransformerResult.toJSON());
    } catch (Exception e) {
        throw new ScanReportException("Was not able to build sechub result", e);
    }
    /* create and set the traffic light */
    TrafficLight trafficLight = trafficLightCalculator.calculateTrafficLight(reportTransformerResult);
    scanReport.setTrafficLight(trafficLight);
    /* update time stamp */
    scanReport.setEnded(LocalDateTime.now());
    /* persist */
    return reportRepository.save(scanReport);
}
Also used : SecHubExecutionException(com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionException) ReportTransformationResult(com.mercedesbenz.sechub.domain.scan.ReportTransformationResult) TrafficLight(com.mercedesbenz.sechub.commons.model.TrafficLight) UUID(java.util.UUID) SecHubExecutionException(com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionException)

Example 4 with ReportTransformationResult

use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.

the class ReportServiceTest method before.

@Before
public void before() throws Exception {
    serviceToTest = new CreateScanReportService();
    secHubJobUUID = UUID.randomUUID();
    context = mock(SecHubExecutionContext.class);
    configuration = mock(SecHubConfiguration.class);
    when(context.getConfiguration()).thenReturn(configuration);
    when(context.getSechubJobUUID()).thenReturn(secHubJobUUID);
    when(configuration.getProjectId()).thenReturn("project1");
    reportRepository = mock(ScanReportRepository.class);
    /* just return report as given to save method... */
    when(reportRepository.save(any(ScanReport.class))).thenAnswer(new Answer<ScanReport>() {

        @Override
        public ScanReport answer(InvocationOnMock invocation) throws Throwable {
            return (ScanReport) invocation.getArguments()[0];
        }
    });
    scanReportTransactionService = mock(ScanReportTransactionService.class);
    reportProductExecutionService = mock(ReportProductExecutionService.class);
    reportTransformationResult = mock(ReportTransformationResult.class);
    SecHubResult sechubResult = mock(SecHubResult.class);
    when(reportTransformationResult.getResult()).thenReturn(sechubResult);
    secHubResultService = mock(SecHubReportProductTransformerService.class);
    when(secHubResultService.createResult(context)).thenReturn(reportTransformationResult);
    trafficLightCalculator = mock(ScanReportTrafficLightCalculator.class);
    serviceToTest.reportProductExecutionService = reportProductExecutionService;
    serviceToTest.reportTransformerService = secHubResultService;
    serviceToTest.trafficLightCalculator = trafficLightCalculator;
    serviceToTest.reportRepository = reportRepository;
    serviceToTest.scanReportTransactionService = scanReportTransactionService;
}
Also used : ReportTransformationResult(com.mercedesbenz.sechub.domain.scan.ReportTransformationResult) SecHubExecutionContext(com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionContext) SecHubConfiguration(com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration) InvocationOnMock(org.mockito.invocation.InvocationOnMock) SecHubResult(com.mercedesbenz.sechub.commons.model.SecHubResult) ReportProductExecutionService(com.mercedesbenz.sechub.domain.scan.product.ReportProductExecutionService) SecHubReportProductTransformerService(com.mercedesbenz.sechub.domain.scan.SecHubReportProductTransformerService) Before(org.junit.Before)

Example 5 with ReportTransformationResult

use of com.mercedesbenz.sechub.domain.scan.ReportTransformationResult in project sechub by mercedes-benz.

the class ReportTestHelper method transform.

private static ReportTransformationResult transform(String xml, ProductIdentifier productIdentifier, String sechubJobUUID, ProductResultImporter importer) throws IOException, SecHubExecutionException {
    ProductExecutorConfigInfo info = mock(ProductExecutorConfigInfo.class);
    when(info.getProductIdentifier()).thenReturn(productIdentifier);
    // import from SARIF to SERECO format
    SerecoMetaData serecoMetaData = importer.importResult(xml);
    String serecoJSon = JSONConverter.get().toJSON(serecoMetaData);
    // transform SERECO JSON to SecHub report transformation result
    ProductResult productResult = new ProductResult(UUID.fromString(sechubJobUUID), "project-1", info, serecoJSon);
    ReportTransformationResult result = transfomer.transform(productResult);
    return result;
}
Also used : ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) ProductExecutorConfigInfo(com.mercedesbenz.sechub.domain.scan.product.config.ProductExecutorConfigInfo) ReportTransformationResult(com.mercedesbenz.sechub.domain.scan.ReportTransformationResult) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)

Aggregations

ReportTransformationResult (com.mercedesbenz.sechub.domain.scan.ReportTransformationResult)8 Test (org.junit.Test)4 SecHubFinding (com.mercedesbenz.sechub.commons.model.SecHubFinding)3 SecHubResult (com.mercedesbenz.sechub.commons.model.SecHubResult)2 SerecoMetaData (com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)2 UUID (java.util.UUID)2 ScanType (com.mercedesbenz.sechub.commons.model.ScanType)1 SecHubCodeCallStack (com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack)1 TrafficLight (com.mercedesbenz.sechub.commons.model.TrafficLight)1 AssertSecHubResult (com.mercedesbenz.sechub.domain.scan.AssertSecHubResult)1 SecHubReportProductTransformerService (com.mercedesbenz.sechub.domain.scan.SecHubReportProductTransformerService)1 ProductResult (com.mercedesbenz.sechub.domain.scan.product.ProductResult)1 ReportProductExecutionService (com.mercedesbenz.sechub.domain.scan.product.ReportProductExecutionService)1 ProductExecutorConfigInfo (com.mercedesbenz.sechub.domain.scan.product.config.ProductExecutorConfigInfo)1 SerecoVulnerability (com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability)1 SecHubConfiguration (com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration)1 SecHubExecutionContext (com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionContext)1 SecHubExecutionException (com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionException)1 Before (org.junit.Before)1 InvocationOnMock (org.mockito.invocation.InvocationOnMock)1