Examples with FalsePositiveMetaData com.mercedesbenz.sechub.domain.scan.project.FalsePositiveMetaData used on opensource projects

Example 6 with FalsePositiveMetaData

use of com.mercedesbenz.sechub.domain.scan.project.FalsePositiveMetaData in project sechub by mercedes-benz.

the class SerecoFalsePositiveCodeScanStrategyTest method vulnerability_having_no_relevant_part_will_use_relevant_part_resolver_on_start_and_end.

@Test
public void vulnerability_having_no_relevant_part_will_use_relevant_part_resolver_on_start_and_end() {
    /* prepare */
    /* @formatter:off */
    SerecoVulnerability vulnerability = TestSerecoVulnerabilityBuilder.builder().name("name1").cwe(1).codeScan().location(// here different to false-positive meta data! So may not be found!
    "location1").source("source1").callsCode().callsCode().callsCode().location("location2").source("source2").end().build();
    /* @formatter:on */
    FalsePositiveMetaData metaData = fetchFirstEntryMetaDataOfExample3();
    when(relevantPartResolver.toRelevantPart("source1")).thenReturn("relevant1");
    when(relevantPartResolver.toRelevantPart("source2")).thenReturn("relevant2");
    /* execute */
    boolean isFalsePositive = strategyToTest.isFalsePositive(vulnerability, metaData);
    /* test */
    verify(relevantPartResolver).toRelevantPart("source1");
    verify(relevantPartResolver).toRelevantPart("source2");
    assertTrue(isFalsePositive);
}

Example 7 with FalsePositiveMetaData

use of com.mercedesbenz.sechub.domain.scan.project.FalsePositiveMetaData in project sechub by mercedes-benz.

the class SerecoFalsePositiveCodeScanStrategyTest method fetchFirstEntryMetaDataOfExample3.

private FalsePositiveMetaData fetchFirstEntryMetaDataOfExample3() {
    String json = ScanProductSerecoTestFileSupport.getTestfileSupport().loadTestFile("false_positives/scan_false_positive_config_example3.json");
    FalsePositiveProjectConfiguration config = FalsePositiveProjectConfiguration.fromJSONString(json);
    FalsePositiveEntry entry = config.getFalsePositives().get(0);
    // sanity check, means correct entry...
    assertEquals("entry-1", entry.getJobData().getComment());
    FalsePositiveMetaData metaData = entry.getMetaData();
    return metaData;
}

Example 8 with FalsePositiveMetaData

use of com.mercedesbenz.sechub.domain.scan.project.FalsePositiveMetaData in project sechub by mercedes-benz.

the class SerecoFalsePositiveCodeScanStrategyTest method vulnerability_is_NOT_found_when_locations_and_relevant_parts_are_same_but_cwe_differs.

@Test
public void vulnerability_is_NOT_found_when_locations_and_relevant_parts_are_same_but_cwe_differs() {
    /* prepare */
    /* @formatter:off */
    SerecoVulnerability vulnerability = TestSerecoVulnerabilityBuilder.builder().name("name1").cwe(4711).codeScan().location("location1").source("source1").relevantPart("relevant1").callsCode().callsCode().callsCode().location("location2").source("source2").relevantPart("relevant2").end().build();
    /* @formatter:on */
    FalsePositiveMetaData metaData = fetchFirstEntryMetaDataOfExample3();
    when(relevantPartResolver.toRelevantPart(any())).thenReturn("");
    /* execute + test */
    assertFalse(strategyToTest.isFalsePositive(vulnerability, metaData));
}

Example 9 with FalsePositiveMetaData

use of com.mercedesbenz.sechub.domain.scan.project.FalsePositiveMetaData in project sechub by mercedes-benz.

the class SerecoFalsePositiveCodeScanStrategyTest method vulnerability_is_NOT_found_when_start_location_differs_and_relevant_parts_are_same.

@Test
public void vulnerability_is_NOT_found_when_start_location_differs_and_relevant_parts_are_same() {
    /* prepare */
    /* @formatter:off */
    SerecoVulnerability vulnerability = TestSerecoVulnerabilityBuilder.builder().name("name1").cwe(1).codeScan().location(// here different to false-positive meta data! So may not be found!
    "location-other-1").source("source1").relevantPart("relevant1").callsCode().callsCode().callsCode().location("location2").source("source2").relevantPart("relevant2").end().build();
    /* @formatter:on */
    FalsePositiveMetaData metaData = fetchFirstEntryMetaDataOfExample3();
    when(relevantPartResolver.toRelevantPart(any())).thenReturn("");
    /* execute + test */
    assertFalse(strategyToTest.isFalsePositive(vulnerability, metaData));
}

Example 10 with FalsePositiveMetaData

use of com.mercedesbenz.sechub.domain.scan.project.FalsePositiveMetaData in project sechub by mercedes-benz.

the class SerecoFalsePositiveCodeScanStrategyTest method vulnerability_is_found_when_locations_and_relevant_parts_are_same.

@Test
public void vulnerability_is_found_when_locations_and_relevant_parts_are_same() {
    /* prepare */
    /* @formatter:off */
    SerecoVulnerability vulnerability = TestSerecoVulnerabilityBuilder.builder().name("name1").cwe(1).codeScan().location("location1").source("source1").relevantPart("relevant1").callsCode().callsCode().callsCode().location("location2").source("source2").relevantPart("relevant2").end().build();
    /* @formatter:on */
    FalsePositiveMetaData metaData = fetchFirstEntryMetaDataOfExample3();
    when(relevantPartResolver.toRelevantPart(any())).thenReturn("");
    /* execute + test */
    assertTrue(strategyToTest.isFalsePositive(vulnerability, metaData));
}