Examples with ProductResult com.mercedesbenz.sechub.domain.scan.product.ProductResult used on opensource projects

Example 16 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class PDSInfraScanProductExecutor method executeByAdapter.

@Override
protected List<ProductResult> executeByAdapter(ProductExecutorData data) throws Exception {
    NetworkTargetInfo info = data.getCurrentNetworkTargetInfo();
    Set<URI> targetURIs = info.getURIs();
    if (targetURIs.isEmpty()) {
        /* no targets defined */
        return Collections.emptyList();
    }
    NetworkTargetType targetType = info.getTargetType();
    ProductExecutorContext executorContext = data.getProductExecutorContext();
    /* we reuse config support created inside customize method */
    PDSExecutorConfigSuppport configSupport = (PDSExecutorConfigSuppport) data.getNetworkTargetDataProvider();
    if (configSupport.isTargetTypeForbidden(targetType)) {
        LOG.info("pds adapter does not accept target type:{} so cancel execution");
        return Collections.emptyList();
    }
    LOG.debug("Trigger pds infra scan adapter execution for target {}", targetType);
    List<ProductResult> results = new ArrayList<>();
    SecHubExecutionContext context = data.getSechubExecutionContext();
    PDSStorageContentProvider contentProvider = contentProviderFactory.createContentProvider(context, configSupport, getScanType());
    for (URI targetURI : targetURIs) {
        /* @formatter:off */
        /* special behavior, because having multiple results here, we must find former result corresponding to
             * target URI.
             */
        executorContext.useFirstFormerResultHavingMetaData(PDSMetaDataID.KEY_TARGET_URI, targetURI);
        PDSInfraScanConfig pdsInfraScanConfig = PDSInfraScanConfigImpl.builder().configure(PDSAdapterConfigurationStrategy.builder().setScanType(getScanType()).setProductExecutorData(data).setConfigSupport(configSupport).setContentProvider(contentProvider).setInstallSetup(installSetup).build()).configure(new NetworkTargetProductServerDataAdapterConfigurationStrategy(configSupport, data.getCurrentNetworkTargetInfo().getTargetType())).setTargetIPs(info.getIPs()).setTargetURIs(info.getURIs()).build();
        /* @formatter:on */
        /* execute PDS by adapter and return product result */
        String xml = pdsAdapter.start(pdsInfraScanConfig, executorContext.getCallback());
        ProductResult currentProductResult = executorContext.getCurrentProductResult();
        currentProductResult.setResult(xml);
        results.add(currentProductResult);
    }
    return results;
}

Example 17 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class DownloadSpdxScanReportService method getScanSpdxJsonReport.

public String getScanSpdxJsonReport(String projectId, UUID jobUUID) {
    /* validate */
    assertion.assertIsValidProjectId(projectId);
    assertion.assertIsValidJobUUID(jobUUID);
    scanAssertService.assertUserHasAccessToProject(projectId);
    scanAssertService.assertProjectAllowsReadAccess(projectId);
    /* audit */
    auditLogService.log("starts download of SPDX Json report for job: {}", jobUUID);
    List<ProductResult> productResults = productResultRepository.findAllProductResults(jobUUID, ProductIdentifier.SERECO);
    if (productResults.size() != 1) {
        throw new SecHubRuntimeException("Did not found exactly one SERECO product result. Instead, " + productResults.size() + " product results were found.");
    }
    ProductResult productResult = productResults.iterator().next();
    String spdxJson = spdxJsonResolver.resolveSpdxJson(productResult);
    if (spdxJson == null) {
        throw new NotFoundException("There was no JSON SPDX report available for job: " + jobUUID);
    }
    return spdxJson;
}

Example 18 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class ReportTestHelper method transform.

private static ReportTransformationResult transform(String xml, ProductIdentifier productIdentifier, String sechubJobUUID, ProductResultImporter importer) throws IOException, SecHubExecutionException {
    ProductExecutorConfigInfo info = mock(ProductExecutorConfigInfo.class);
    when(info.getProductIdentifier()).thenReturn(productIdentifier);
    // import from SARIF to SERECO format
    SerecoMetaData serecoMetaData = importer.importResult(xml);
    String serecoJSon = JSONConverter.get().toJSON(serecoMetaData);
    // transform SERECO JSON to SecHub report transformation result
    ProductResult productResult = new ProductResult(UUID.fromString(sechubJobUUID), "project-1", info, serecoJSon);
    ReportTransformationResult result = transfomer.transform(productResult);
    return result;
}

Example 19 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class SerecoReportProductExecutor method createReport.

private ProductResult createReport(SecHubExecutionContext context, ProductExecutorContext executorContext) {
    if (context == null) {
        throw new IllegalArgumentException("context may not be null!");
    }
    String projectId = context.getConfiguration().getProjectId();
    UUID secHubJobUUID = context.getSechubJobUUID();
    UUIDTraceLogID traceLogId = UUIDTraceLogID.traceLogID(secHubJobUUID);
    LOG.debug("{} start sereco execution", traceLogId);
    /* load the results by job uuid */
    ProductIdentifier[] supportedProducts = getSupportedProducts();
    List<ProductResult> foundProductResults = productResultRepository.findAllProductResults(secHubJobUUID, supportedProducts);
    if (foundProductResults.isEmpty()) {
        LOG.warn("{} no product results for {} found, will return an empty sereco JSON as result! ", traceLogId, getSupportedProducts());
        return new ProductResult(secHubJobUUID, projectId, executorContext.getExecutorConfig(), "{}");
    }
    return createReport(projectId, secHubJobUUID, traceLogId, executorContext, foundProductResults);
}

Example 20 with ProductResult

use of com.mercedesbenz.sechub.domain.scan.product.ProductResult in project sechub by mercedes-benz.

the class SerecoReportProductExecutor method createReport.

private ProductResult createReport(String projectId, UUID secHubJobUUID, UUIDTraceLogID traceLogId, ProductExecutorContext executorContext, List<ProductResult> foundProductResults) {
    Workspace workspace = sechubReportCollector.createWorkspace(projectId);
    for (ProductResult productResult : foundProductResults) {
        importProductResult(traceLogId, workspace, productResult);
    }
    String json = workspace.createReport();
    /* fetch + return all vulnerabilities as JSON */
    return new ProductResult(secHubJobUUID, projectId, executorContext.getExecutorConfig(), json);
}