Search in sources :

Example 6 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class CheckmarxProductExecutor method executeByAdapter.

@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
    LOG.debug("Trigger checkmarx adapter execution");
    UUID jobUUID = data.getSechubExecutionContext().getSechubJobUUID();
    String projectId = data.getSechubExecutionContext().getConfiguration().getProjectId();
    JobStorage storage = storageService.getJobStorage(projectId, jobUUID);
    CheckmarxExecutorConfigSuppport configSupport = CheckmarxExecutorConfigSuppport.createSupportAndAssertConfigValid(data.getProductExecutorContext().getExecutorConfig(), systemEnvironment);
    CheckmarxResilienceCallback callback = new CheckmarxResilienceCallback(configSupport, data.getProductExecutorContext());
    /* start resilient */
    ProductResult result = resilientActionExecutor.executeResilient(() -> {
        AdapterMetaData metaDataOrNull = data.getProductExecutorContext().getCurrentMetaDataOrNull();
        try (InputStream sourceCodeZipFileInputStream = fetchInputStreamIfNecessary(storage, metaDataOrNull)) {
            /* @formatter:off */
            @SuppressWarnings("deprecation") CheckmarxAdapterConfig checkMarxConfig = CheckmarxConfig.builder().configure(new SecHubAdapterOptionsBuilderStrategy(data, getScanType())).setTrustAllCertificates(installSetup.isHavingUntrustedCertificate()).setUser(configSupport.getUser()).setPasswordOrAPIToken(configSupport.getPasswordOrAPIToken()).setProductBaseUrl(configSupport.getProductBaseURL()).setAlwaysFullScan(callback.isAlwaysFullScanEnabled()).setTimeToWaitForNextCheckOperationInMinutes(scanResultCheckPeriodInMinutes).setTimeOutInMinutes(scanResultCheckTimeOutInMinutes).setFileSystemSourceFolders(// to support mocked Checkmarx adapters we MUST use still the deprecated method!
            data.getCodeUploadFileSystemFolders()).setSourceCodeZipFileInputStream(sourceCodeZipFileInputStream).setTeamIdForNewProjects(configSupport.getTeamIdForNewProjects(projectId)).setClientSecret(configSupport.getClientSecret()).setEngineConfigurationName(configSupport.getEngineConfigurationName()).setPresetIdForNewProjects(configSupport.getPresetIdForNewProjects(projectId)).setProjectId(projectId).setTraceID(data.getSechubExecutionContext().getTraceLogIdAsString()).build();
            /* @formatter:on */
            /* inspect */
            MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.CHECKMARX.name());
            inspection.notice(MetaDataInspection.TRACE_ID, checkMarxConfig.getTraceID());
            inspection.notice("presetid", checkMarxConfig.getPresetIdForNewProjectsOrNull());
            inspection.notice("engineconfigurationname", checkMarxConfig.getEngineConfigurationName());
            inspection.notice("teamid", checkMarxConfig.getTeamIdForNewProjects());
            inspection.notice("alwaysFullScanEnabled", checkMarxConfig.isAlwaysFullScanEnabled());
            /* execute checkmarx by adapter and update product result */
            String xml = checkmarxAdapter.start(checkMarxConfig, data.getProductExecutorContext().getCallback());
            // product result is set by callback
            ProductResult productResult = data.getProductExecutorContext().getCurrentProductResult();
            productResult.setResult(xml);
            return productResult;
        }
    }, callback);
    return Collections.singletonList(result);
}
Also used : MetaDataInspection(com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection) SecHubAdapterOptionsBuilderStrategy(com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy) ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) InputStream(java.io.InputStream) CheckmarxAdapterConfig(com.mercedesbenz.sechub.adapter.checkmarx.CheckmarxAdapterConfig) UUID(java.util.UUID) JobStorage(com.mercedesbenz.sechub.storage.core.JobStorage) AdapterMetaData(com.mercedesbenz.sechub.adapter.AdapterMetaData)

Example 7 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class PDSCodeScanProductExecutor method executeByAdapter.

@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
    LOG.debug("Trigger PDS adapter execution");
    ProductExecutorContext executorContext = data.getProductExecutorContext();
    PDSExecutorConfigSuppport configSupport = PDSExecutorConfigSuppport.createSupportAndAssertConfigValid(executorContext.getExecutorConfig(), systemEnvironment);
    SecHubExecutionContext context = data.getSechubExecutionContext();
    PDSStorageContentProvider contentProvider = contentProviderFactory.createContentProvider(context, configSupport, getScanType());
    ProductResult result = resilientActionExecutor.executeResilient(() -> {
        try (InputStream sourceCodeZipFileInputStreamOrNull = contentProvider.getSourceZipFileInputStreamOrNull();
            InputStream binariesTarFileInputStreamOrNull = contentProvider.getBinariesTarFileInputStreamOrNull()) {
            /* @formatter:off */
            PDSCodeScanConfig pdsCodeScanConfig = PDSCodeScanConfigImpl.builder().configure(PDSAdapterConfigurationStrategy.builder().setScanType(getScanType()).setProductExecutorData(data).setConfigSupport(configSupport).setSourceCodeZipFileInputStreamOrNull(sourceCodeZipFileInputStreamOrNull).setBinariesTarFileInputStreamOrNull(binariesTarFileInputStreamOrNull).setContentProvider(contentProvider).setInstallSetup(installSetup).build()).build();
            /* @formatter:on */
            /* inspect */
            MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.PDS_CODESCAN.name());
            inspection.notice(MetaDataInspection.TRACE_ID, pdsCodeScanConfig.getTraceID());
            /* execute PDS by adapter and update product result */
            String pdsResult = pdsAdapter.start(pdsCodeScanConfig, executorContext.getCallback());
            // product result is set by callback
            ProductResult productResult = executorContext.getCurrentProductResult();
            productResult.setResult(pdsResult);
            return productResult;
        }
    });
    return Collections.singletonList(result);
}
Also used : MetaDataInspection(com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection) ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) SecHubExecutionContext(com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionContext) InputStream(java.io.InputStream) PDSCodeScanConfig(com.mercedesbenz.sechub.adapter.pds.PDSCodeScanConfig) ProductExecutorContext(com.mercedesbenz.sechub.domain.scan.product.ProductExecutorContext)

Example 8 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class PDSLicenseScanProductExecutor method executeByAdapter.

@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
    LOG.debug("Trigger PDS adapter execution");
    ProductExecutorContext executorContext = data.getProductExecutorContext();
    PDSExecutorConfigSuppport configSupport = PDSExecutorConfigSuppport.createSupportAndAssertConfigValid(executorContext.getExecutorConfig(), systemEnvironment);
    SecHubExecutionContext context = data.getSechubExecutionContext();
    PDSStorageContentProvider contentProvider = contentProviderFactory.createContentProvider(context, configSupport, getScanType());
    ProductResult result = resilientActionExecutor.executeResilient(() -> {
        try (InputStream sourceCodeZipFileInputStreamOrNull = contentProvider.getSourceZipFileInputStreamOrNull();
            InputStream binariesTarFileInputStreamOrNull = contentProvider.getBinariesTarFileInputStreamOrNull()) {
            /* @formatter:off */
            PDSLicenseScanConfig pdsLicenseScanConfig = PDSLicenseScanConfigImpl.builder().configure(PDSAdapterConfigurationStrategy.builder().setScanType(getScanType()).setProductExecutorData(data).setConfigSupport(configSupport).setSourceCodeZipFileInputStreamOrNull(sourceCodeZipFileInputStreamOrNull).setBinariesTarFileInputStreamOrNull(binariesTarFileInputStreamOrNull).setContentProvider(contentProvider).setInstallSetup(installSetup).build()).build();
            /* @formatter:on */
            /* inspect */
            MetaDataInspection inspection = scanMetaDataCollector.inspect(ProductIdentifier.PDS_LICENSESCAN.name());
            inspection.notice(MetaDataInspection.TRACE_ID, pdsLicenseScanConfig.getTraceID());
            /* execute PDS by adapter and update product result */
            String pdsResult = pdsAdapter.start(pdsLicenseScanConfig, executorContext.getCallback());
            // product result is set by callback
            ProductResult productResult = executorContext.getCurrentProductResult();
            productResult.setResult(pdsResult);
            return productResult;
        }
    });
    return Collections.singletonList(result);
}
Also used : MetaDataInspection(com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection) ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) SecHubExecutionContext(com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionContext) InputStream(java.io.InputStream) ProductExecutorContext(com.mercedesbenz.sechub.domain.scan.product.ProductExecutorContext) PDSLicenseScanConfig(com.mercedesbenz.sechub.adapter.pds.PDSLicenseScanConfig)

Example 9 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class DownloadSpdxScanReportServiceTest method service_throws_not_found_exception_when_spdx_json_resolver_result_is_null_for_sereco_productresult.

@Test
void service_throws_not_found_exception_when_spdx_json_resolver_result_is_null_for_sereco_productresult() {
    /* prepare */
    UUID sechubJobUUID = UUID.randomUUID();
    ProductResult result = mock(ProductResult.class);
    List<ProductResult> results = new ArrayList<>();
    results.add(result);
    when(productResultRepository.findAllProductResults(eq(sechubJobUUID), eq(ProductIdentifier.SERECO))).thenReturn(results);
    when(spdxJsonResolver.resolveSpdxJson(eq(result))).thenReturn(null);
    /* execute + test */
    assertThrows(NotFoundException.class, () -> serviceToTest.getScanSpdxJsonReport("project_1", sechubJobUUID));
}
Also used : ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) ArrayList(java.util.ArrayList) UUID(java.util.UUID) Test(org.junit.jupiter.api.Test)

Example 10 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class DownloadSpdxScanReportServiceTest method audit_log_contains_spdx_json_report_with_job_uuid.

@Test
void audit_log_contains_spdx_json_report_with_job_uuid() {
    /* prepare */
    UUID sechubJobUUID = UUID.randomUUID();
    ProductResult result = mock(ProductResult.class);
    List<ProductResult> results = new ArrayList<>();
    results.add(result);
    when(productResultRepository.findAllProductResults(eq(sechubJobUUID), eq(ProductIdentifier.SERECO))).thenReturn(results);
    when(spdxJsonResolver.resolveSpdxJson(eq(result))).thenReturn("{}");
    /* execute */
    serviceToTest.getScanSpdxJsonReport("project_1", sechubJobUUID);
    /* test */
    ArgumentCaptor<String> message = ArgumentCaptor.forClass(String.class);
    ArgumentCaptor<Object> param1 = ArgumentCaptor.forClass(Object.class);
    verify(auditLogService).log(message.capture(), param1.capture());
    String logMessage = message.getValue();
    Object logParam1 = param1.getValue();
    assertTrue(logMessage.contains("SPDX Json report"));
    assertEquals(sechubJobUUID, logParam1);
}
Also used : ProductResult(com.mercedesbenz.sechub.domain.scan.product.ProductResult) ArrayList(java.util.ArrayList) UUID(java.util.UUID) Test(org.junit.jupiter.api.Test)

Aggregations

ProductResult (com.mercedesbenz.sechub.domain.scan.product.ProductResult)30 ProductExecutorContext (com.mercedesbenz.sechub.domain.scan.product.ProductExecutorContext)10 ArrayList (java.util.ArrayList)10 SecHubExecutionContext (com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionContext)8 UUID (java.util.UUID)8 InputStream (java.io.InputStream)6 URI (java.net.URI)6 WithoutProductExecutorConfigInfo (com.mercedesbenz.sechub.domain.scan.product.config.WithoutProductExecutorConfigInfo)5 MetaDataInspection (com.mercedesbenz.sechub.sharedkernel.metadata.MetaDataInspection)5 NetworkTargetProductServerDataAdapterConfigurationStrategy (com.mercedesbenz.sechub.domain.scan.NetworkTargetProductServerDataAdapterConfigurationStrategy)4 NetworkTargetInfo (com.mercedesbenz.sechub.domain.scan.NetworkTargetRegistry.NetworkTargetInfo)4 NetworkTargetType (com.mercedesbenz.sechub.domain.scan.NetworkTargetType)4 TargetType (com.mercedesbenz.sechub.domain.scan.TargetType)4 WebConfigBuilderStrategy (com.mercedesbenz.sechub.domain.scan.WebConfigBuilderStrategy)4 Test (org.junit.Test)4 AdapterMetaData (com.mercedesbenz.sechub.adapter.AdapterMetaData)3 SecHubAdapterOptionsBuilderStrategy (com.mercedesbenz.sechub.domain.scan.SecHubAdapterOptionsBuilderStrategy)3 ProductExecutorConfig (com.mercedesbenz.sechub.domain.scan.product.config.ProductExecutorConfig)3 JobStorage (com.mercedesbenz.sechub.storage.core.JobStorage)3 Test (org.junit.jupiter.api.Test)3