use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.
the class CheckmarxProductExecutor method executeByAdapter.
@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
LOG.debug("Trigger checkmarx adapter execution");
UUID jobUUID = data.getSechubExecutionContext().getSechubJobUUID();
String projectId = data.getSechubExecutionContext().getConfiguration().getProjectId();
JobStorage storage = storageService.getJobStorage(projectId, jobUUID);
CheckmarxExecutorConfigSuppport configSupport = CheckmarxExecutorConfigSuppport.createSupportAndAssertConfigValid(data.getProductExecutorContext().getExecutorConfig(), systemEnvironment);
CheckmarxResilienceCallback callback = new CheckmarxResilienceCallback(configSupport, data.getProductExecutorContext());
/* start resilient */
ProductResult result = resilientActionExecutor.executeResilient(() -> {
AdapterMetaData metaDataOrNull = data.getProductExecutorContext().getCurrentMetaDataOrNull();
try (InputStream sourceCodeZipFileInputStream = fetchInputStreamIfNecessary(storage, metaDataOrNull)) {
/* @formatter:off */
@SuppressWarnings("deprecation") CheckmarxAdapterConfig checkMarxConfig = CheckmarxConfig.builder().configure(new SecHubAdapterOptionsBuilderStrategy(data, getScanType())).setTrustAllCertificates(installSetup.isHavingUntrustedCertificate()).setUser(configSupport.getUser()).setPasswordOrAPIToken(configSupport.getPasswordOrAPIToken()).setProductBaseUrl(configSupport.getProductBaseURL()).setAlwaysFullScan(callback.isAlwaysFullScanEnabled()).setTimeToWaitForNextCheckOperationInMinutes(scanResultCheckPeriodInMinutes).setTimeOutInMinutes(scanResultCheckTimeOutInMinutes).setFileSystemSourceFolders(// to support mocked Checkmarx adapters we MUST use still the deprecated method!
data.getCodeUploadFileSystemFolders()).setSourceCodeZipFileInputStream(sourceCodeZipFileInputStream).setTeamIdForNewProjects(configSupport.getTeamIdForNewProjects(projectId)).setClientSecret(configSupport.getClientSecret()).setEngineConfigurationName(configSupport.getEngineConfigurationName()).setPresetIdForNewProjects(configSupport.getPresetIdForNewProjects(projectId)).setProjectId(projectId).setTraceID(data.getSechubExecutionContext().getTraceLogIdAsString()).build();
/* @formatter:on */
/* inspect */
MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.CHECKMARX.name());
inspection.notice(MetaDataInspection.TRACE_ID, checkMarxConfig.getTraceID());
inspection.notice("presetid", checkMarxConfig.getPresetIdForNewProjectsOrNull());
inspection.notice("engineconfigurationname", checkMarxConfig.getEngineConfigurationName());
inspection.notice("teamid", checkMarxConfig.getTeamIdForNewProjects());
inspection.notice("alwaysFullScanEnabled", checkMarxConfig.isAlwaysFullScanEnabled());
/* execute checkmarx by adapter and update product result */
String xml = checkmarxAdapter.start(checkMarxConfig, data.getProductExecutorContext().getCallback());
// product result is set by callback
ProductResult productResult = data.getProductExecutorContext().getCurrentProductResult();
productResult.setResult(xml);
return productResult;
}
}, callback);
return Collections.singletonList(result);
}
use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.
the class PDSCodeScanProductExecutor method executeByAdapter.
@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
LOG.debug("Trigger PDS adapter execution");
ProductExecutorContext executorContext = data.getProductExecutorContext();
PDSExecutorConfigSuppport configSupport = PDSExecutorConfigSuppport.createSupportAndAssertConfigValid(executorContext.getExecutorConfig(), systemEnvironment);
SecHubExecutionContext context = data.getSechubExecutionContext();
PDSStorageContentProvider contentProvider = contentProviderFactory.createContentProvider(context, configSupport, getScanType());
ProductResult result = resilientActionExecutor.executeResilient(() -> {
try (InputStream sourceCodeZipFileInputStreamOrNull = contentProvider.getSourceZipFileInputStreamOrNull();
InputStream binariesTarFileInputStreamOrNull = contentProvider.getBinariesTarFileInputStreamOrNull()) {
/* @formatter:off */
PDSCodeScanConfig pdsCodeScanConfig = PDSCodeScanConfigImpl.builder().configure(PDSAdapterConfigurationStrategy.builder().setScanType(getScanType()).setProductExecutorData(data).setConfigSupport(configSupport).setSourceCodeZipFileInputStreamOrNull(sourceCodeZipFileInputStreamOrNull).setBinariesTarFileInputStreamOrNull(binariesTarFileInputStreamOrNull).setContentProvider(contentProvider).setInstallSetup(installSetup).build()).build();
/* @formatter:on */
/* inspect */
MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.PDS_CODESCAN.name());
inspection.notice(MetaDataInspection.TRACE_ID, pdsCodeScanConfig.getTraceID());
/* execute PDS by adapter and update product result */
String pdsResult = pdsAdapter.start(pdsCodeScanConfig, executorContext.getCallback());
// product result is set by callback
ProductResult productResult = executorContext.getCurrentProductResult();
productResult.setResult(pdsResult);
return productResult;
}
});
return Collections.singletonList(result);
}
use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.
the class PDSLicenseScanProductExecutor method executeByAdapter.
@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
LOG.debug("Trigger PDS adapter execution");
ProductExecutorContext executorContext = data.getProductExecutorContext();
PDSExecutorConfigSuppport configSupport = PDSExecutorConfigSuppport.createSupportAndAssertConfigValid(executorContext.getExecutorConfig(), systemEnvironment);
SecHubExecutionContext context = data.getSechubExecutionContext();
PDSStorageContentProvider contentProvider = contentProviderFactory.createContentProvider(context, configSupport, getScanType());
ProductResult result = resilientActionExecutor.executeResilient(() -> {
try (InputStream sourceCodeZipFileInputStreamOrNull = contentProvider.getSourceZipFileInputStreamOrNull();
InputStream binariesTarFileInputStreamOrNull = contentProvider.getBinariesTarFileInputStreamOrNull()) {
/* @formatter:off */
PDSLicenseScanConfig pdsLicenseScanConfig = PDSLicenseScanConfigImpl.builder().configure(PDSAdapterConfigurationStrategy.builder().setScanType(getScanType()).setProductExecutorData(data).setConfigSupport(configSupport).setSourceCodeZipFileInputStreamOrNull(sourceCodeZipFileInputStreamOrNull).setBinariesTarFileInputStreamOrNull(binariesTarFileInputStreamOrNull).setContentProvider(contentProvider).setInstallSetup(installSetup).build()).build();
/* @formatter:on */
/* inspect */
MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.PDS_LICENSESCAN.name());
inspection.notice(MetaDataInspection.TRACE_ID, pdsLicenseScanConfig.getTraceID());
/* execute PDS by adapter and update product result */
String pdsResult = pdsAdapter.start(pdsLicenseScanConfig, executorContext.getCallback());
// product result is set by callback
ProductResult productResult = executorContext.getCurrentProductResult();
productResult.setResult(pdsResult);
return productResult;
}
});
return Collections.singletonList(result);
}
use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.
the class DownloadSpdxScanReportServiceTest method service_throws_not_found_exception_when_spdx_json_resolver_result_is_null_for_sereco_productresult.
@Test
void service_throws_not_found_exception_when_spdx_json_resolver_result_is_null_for_sereco_productresult() {
/* prepare */
UUID sechubJobUUID = UUID.randomUUID();
ProductResult result = mock(ProductResult.class);
List<ProductResult> results = new ArrayList<>();
results.add(result);
when(productResultRepository.findAllProductResults(eq(sechubJobUUID), eq(ProductIdentifier.SERECO))).thenReturn(results);
when(spdxJsonResolver.resolveSpdxJson(eq(result))).thenReturn(null);
/* execute + test */
assertThrows(NotFoundException.class, () -> serviceToTest.getScanSpdxJsonReport("project_1", sechubJobUUID));
}
use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.
the class DownloadSpdxScanReportServiceTest method audit_log_contains_spdx_json_report_with_job_uuid.
@Test
void audit_log_contains_spdx_json_report_with_job_uuid() {
/* prepare */
UUID sechubJobUUID = UUID.randomUUID();
ProductResult result = mock(ProductResult.class);
List<ProductResult> results = new ArrayList<>();
results.add(result);
when(productResultRepository.findAllProductResults(eq(sechubJobUUID), eq(ProductIdentifier.SERECO))).thenReturn(results);
when(spdxJsonResolver.resolveSpdxJson(eq(result))).thenReturn("{}");
/* execute */
serviceToTest.getScanSpdxJsonReport("project_1", sechubJobUUID);
/* test */
ArgumentCaptor<String> message = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<Object> param1 = ArgumentCaptor.forClass(Object.class);
verify(auditLogService).log(message.capture(), param1.capture());
String logMessage = message.getValue();
Object logParam1 = param1.getValue();
assertTrue(logMessage.contains("SPDX Json report"));
assertEquals(sechubJobUUID, logParam1);
}
Aggregations