Search in sources :

Example 1 with SecHubAdapterOptionsBuilderStrategy

use of com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy in project sechub by mercedes-benz.

the class CheckmarxProductExecutor method executeByAdapter.

@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
    LOG.debug("Trigger checkmarx adapter execution");
    UUID jobUUID = data.getSechubExecutionContext().getSechubJobUUID();
    String projectId = data.getSechubExecutionContext().getConfiguration().getProjectId();
    JobStorage storage = storageService.getJobStorage(projectId, jobUUID);
    CheckmarxExecutorConfigSuppport configSupport = CheckmarxExecutorConfigSuppport.createSupportAndAssertConfigValid(data.getProductExecutorContext().getExecutorConfig(), systemEnvironment);
    CheckmarxResilienceCallback callback = new CheckmarxResilienceCallback(configSupport, data.getProductExecutorContext());
    /* start resilient */
    ProductResult result = resilientActionExecutor.executeResilient(() -> {
        AdapterMetaData metaDataOrNull = data.getProductExecutorContext().getCurrentMetaDataOrNull();
        try (InputStream sourceCodeZipFileInputStream = fetchInputStreamIfNecessary(storage, metaDataOrNull)) {
            /* @formatter:off */
            @SuppressWarnings("deprecation") CheckmarxAdapterConfig checkMarxConfig = CheckmarxConfig.builder().configure(new SecHubAdapterOptionsBuilderStrategy(data, getScanType())).setTrustAllCertificates(installSetup.isHavingUntrustedCertificate()).setUser(configSupport.getUser()).setPasswordOrAPIToken(configSupport.getPasswordOrAPIToken()).setProductBaseUrl(configSupport.getProductBaseURL()).setAlwaysFullScan(callback.isAlwaysFullScanEnabled()).setTimeToWaitForNextCheckOperationInMinutes(scanResultCheckPeriodInMinutes).setTimeOutInMinutes(scanResultCheckTimeOutInMinutes).setFileSystemSourceFolders(// to support mocked Checkmarx adapters we MUST use still the deprecated method!
            data.getCodeUploadFileSystemFolders()).setSourceCodeZipFileInputStream(sourceCodeZipFileInputStream).setTeamIdForNewProjects(configSupport.getTeamIdForNewProjects(projectId)).setClientSecret(configSupport.getClientSecret()).setEngineConfigurationName(configSupport.getEngineConfigurationName()).setPresetIdForNewProjects(configSupport.getPresetIdForNewProjects(projectId)).setProjectId(projectId).setTraceID(data.getSechubExecutionContext().getTraceLogIdAsString()).build();
            /* @formatter:on */
            /* inspect */
            MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.CHECKMARX.name());
            inspection.notice(MetaDataInspection.TRACE_ID, checkMarxConfig.getTraceID());
            inspection.notice("presetid", checkMarxConfig.getPresetIdForNewProjectsOrNull());
            inspection.notice("engineconfigurationname", checkMarxConfig.getEngineConfigurationName());
            inspection.notice("teamid", checkMarxConfig.getTeamIdForNewProjects());
            inspection.notice("alwaysFullScanEnabled", checkMarxConfig.isAlwaysFullScanEnabled());
            /* execute checkmarx by adapter and update product result */
            String xml = checkmarxAdapter.start(checkMarxConfig, data.getProductExecutorContext().getCallback());
            // product result is set by callback
            ProductResult productResult = data.getProductExecutorContext().getCurrentProductResult();
            productResult.setResult(xml);
            return productResult;
        }
    }, callback);
    return Collections.singletonList(result);
}
Also used : MetaDataInspection(com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection) SecHubAdapterOptionsBuilderStrategy(com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy) ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) InputStream(java.io.InputStream) CheckmarxAdapterConfig(com.mercedesbenz.sechub.adapter.checkmarx.CheckmarxAdapterConfig) UUID(java.util.UUID) JobStorage(com.mercedesbenz.sechub.storage.core.JobStorage) AdapterMetaData(com.mercedesbenz.sechub.adapter.AdapterMetaData)

Example 2 with SecHubAdapterOptionsBuilderStrategy

use of com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy in project sechub by mercedes-benz.

the class NessusProductExecutor method executeByAdapter.

@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
    NetworkTargetInfo info = data.getCurrentNetworkTargetInfo();
    if (info.getURIs().isEmpty() && info.getIPs().isEmpty()) {
        LOG.debug("{} Nessus scan not possible, because no uri or ip defined", data.getTraceLogId());
        return Collections.emptyList();
    }
    NetworkTargetType targetType = info.getTargetType();
    LOG.debug("Trigger Nessus adapter execution for target type {}", targetType);
    /* @formatter:off */
    NessusAdapterConfig nessusConfig = NessusConfig.builder().configure(new SecHubAdapterOptionsBuilderStrategy(data, getScanType())).configure(new NetworkTargetProductServerDataAdapterConfigurationStrategy(installSetup, targetType)).setTimeToWaitForNextCheckOperationInMinutes(scanResultCheckPeriodInMinutes).setTimeOutInMinutes(scanResultCheckTimeOutInMinutes).setProxyHostname(proxyHostname).setProxyPort(proxyPort).setTraceID(data.getTraceLogIdAsString()).setPolicyID(installSetup.getDefaultPolicyId()).setTargetIPs(info.getIPs()).setTargetURIs(info.getURIs()).build();
    /* @formatter:on */
    /* execute NESSUS by adapter and return product result */
    ProductExecutorContext productExecutorContext = data.getProductExecutorContext();
    String xml = nessusAdapter.start(nessusConfig, productExecutorContext.getCallback());
    // product result is set by callback
    ProductResult productResult = productExecutorContext.getCurrentProductResult();
    productResult.setResult(xml);
    return Collections.singletonList(productResult);
}
Also used : NessusAdapterConfig(com.mercedesbenz.sechub.adapter.nessus.NessusAdapterConfig) NetworkTargetType(com.mercedesbenz.sechub.domain.scan.NetworkTargetType) SecHubAdapterOptionsBuilderStrategy(com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy) ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) NetworkTargetProductServerDataAdapterConfigurationStrategy(com.mercedesbenz.sechub.domain.scan.NetworkTargetProductServerDataAdapterConfigurationStrategy) ProductExecutorContext(com.mercedesbenz.sechub.domain.scan.product.ProductExecutorContext) NetworkTargetInfo(com.mercedesbenz.sechub.domain.scan.NetworkTargetRegistry.NetworkTargetInfo)

Example 3 with SecHubAdapterOptionsBuilderStrategy

use of com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy in project sechub by mercedes-benz.

the class NetsparkerProductExecutor method executeByAdapter.

@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
    NetworkTargetInfo info = data.getCurrentNetworkTargetInfo();
    URI targetURI = info.getURI();
    if (targetURI == null) {
        /* no targets defined */
        return Collections.emptyList();
    }
    NetworkTargetType targetType = info.getTargetType();
    LOG.debug("Trigger netsparker adapter execution for target {}", targetType);
    List<ProductResult> results = new ArrayList<>();
    /* NETSPARKER is not able to scan multiple targets */
    /*
         * special behavior, because having multiple results here, we must find former
         * result corresponding to target URI.
         */
    /* @formatter:off */
    ProductExecutorContext productExecutorContext = data.getProductExecutorContext();
    productExecutorContext.useFirstFormerResultHavingMetaData(NetsparkerMetaDataID.KEY_TARGET_URI, targetURI);
    NetsparkerAdapterConfig netsparkerConfig = NetsparkerConfig.builder().configure(new SecHubAdapterOptionsBuilderStrategy(data, getScanType())).configure(new WebConfigBuilderStrategy(data.getSechubExecutionContext())).configure(new NetworkTargetProductServerDataAdapterConfigurationStrategy(installSetup, targetType)).setTimeToWaitForNextCheckOperationInMinutes(installSetup.getScanResultCheckPeriodInMinutes()).setTimeOutInMinutes(installSetup.getScanResultCheckTimeOutInMinutes()).setTraceID(data.getTraceLogIdAsString()).setAgentName(installSetup.getAgentName()).setAgentGroupName(data.getNetworkTargetProductServerDataSupport().getIdentifier(targetType)).setPolicyID(installSetup.getDefaultPolicyId()).setLicenseID(installSetup.getNetsparkerLicenseId()).setTargetType(info.getTargetType().name()).setTargetURI(targetURI).build();
    /* @formatter:on */
    /* execute NETSPARKER by adapter and return product result */
    String xml = netsparkerAdapter.start(netsparkerConfig, productExecutorContext.getCallback());
    ProductResult currentProductResult = productExecutorContext.getCurrentProductResult();
    currentProductResult.setResult(xml);
    results.add(currentProductResult);
    return results;
}
Also used : NetworkTargetType(com.mercedesbenz.sechub.domain.scan.NetworkTargetType) SecHubAdapterOptionsBuilderStrategy(com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy) ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) NetworkTargetProductServerDataAdapterConfigurationStrategy(com.mercedesbenz.sechub.domain.scan.NetworkTargetProductServerDataAdapterConfigurationStrategy) ArrayList(java.util.ArrayList) ProductExecutorContext(com.mercedesbenz.sechub.domain.scan.product.ProductExecutorContext) WebConfigBuilderStrategy(com.mercedesbenz.sechub.domain.scan.WebConfigBuilderStrategy) URI(java.net.URI) NetworkTargetInfo(com.mercedesbenz.sechub.domain.scan.NetworkTargetRegistry.NetworkTargetInfo) NetsparkerAdapterConfig(com.mercedesbenz.sechub.adapter.netsparker.NetsparkerAdapterConfig)

Aggregations

SecHubAdapterOptionsBuilderStrategy (com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy)3 ProductResult (com.mercedesbenz.sechub.domain.scan.product.ProductResult)3 NetworkTargetProductServerDataAdapterConfigurationStrategy (com.mercedesbenz.sechub.domain.scan.NetworkTargetProductServerDataAdapterConfigurationStrategy)2 NetworkTargetInfo (com.mercedesbenz.sechub.domain.scan.NetworkTargetRegistry.NetworkTargetInfo)2 NetworkTargetType (com.mercedesbenz.sechub.domain.scan.NetworkTargetType)2 ProductExecutorContext (com.mercedesbenz.sechub.domain.scan.product.ProductExecutorContext)2 AdapterMetaData (com.mercedesbenz.sechub.adapter.AdapterMetaData)1 CheckmarxAdapterConfig (com.mercedesbenz.sechub.adapter.checkmarx.CheckmarxAdapterConfig)1 NessusAdapterConfig (com.mercedesbenz.sechub.adapter.nessus.NessusAdapterConfig)1 NetsparkerAdapterConfig (com.mercedesbenz.sechub.adapter.netsparker.NetsparkerAdapterConfig)1 WebConfigBuilderStrategy (com.mercedesbenz.sechub.domain.scan.WebConfigBuilderStrategy)1 MetaDataInspection (com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection)1 JobStorage (com.mercedesbenz.sechub.storage.core.JobStorage)1 InputStream (java.io.InputStream)1 URI (java.net.URI)1 ArrayList (java.util.ArrayList)1 UUID (java.util.UUID)1