Search in sources :

Example 1 with ScanProjectConfig

use of com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfig in project sechub by mercedes-benz.

the class SerecoFalsePositiveMarker method markFalsePositives.

public void markFalsePositives(String projectId, List<SerecoVulnerability> all) {
    notEmpty(projectId, "project id may not be null or empty!");
    if (all == null || all.isEmpty()) {
        /* no vulnerabilities found */
        return;
    }
    ScanProjectConfig config = scanProjectConfigService.get(projectId, ScanProjectConfigID.FALSE_POSITIVE_CONFIGURATION, false);
    if (config == null) {
        /* nothing configured */
        return;
    }
    String data = config.getData();
    FalsePositiveProjectConfiguration falsePositiveConfig = FalsePositiveProjectConfiguration.fromJSONString(data);
    List<FalsePositiveEntry> falsePositives = falsePositiveConfig.getFalsePositives();
    for (SerecoVulnerability vulnerability : all) {
        handleVulnereability(falsePositives, vulnerability);
    }
}
Also used : FalsePositiveEntry(com.mercedesbenz.sechub.domain.scan.project.FalsePositiveEntry) SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) ScanProjectConfig(com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfig) FalsePositiveProjectConfiguration(com.mercedesbenz.sechub.domain.scan.project.FalsePositiveProjectConfiguration)

Example 2 with ScanProjectConfig

use of com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfig in project sechub by mercedes-benz.

the class ScanService method buildOptions.

private void buildOptions(SecHubExecutionContext executionContext) {
    /* project specific setup */
    String projectId = executionContext.getConfiguration().getProjectId();
    if (projectId == null) {
        throw new IllegalStateException("projectId not found in configuration - so cannot prepare context options!");
    }
    ScanProjectConfig scanProjectMockConfig = scanProjectConfigService.get(projectId, ScanProjectConfigID.MOCK_CONFIGURATION, false);
    if (scanProjectMockConfig != null) {
        String data = scanProjectMockConfig.getData();
        ScanProjectMockDataConfiguration mockDataConfig = ScanProjectMockDataConfiguration.fromString(data);
        executionContext.putData(ScanKey.PROJECT_MOCKDATA_CONFIGURATION, mockDataConfig);
    }
}
Also used : ScanProjectConfig(com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfig) ScanProjectMockDataConfiguration(com.mercedesbenz.sechub.domain.scan.project.ScanProjectMockDataConfiguration)

Example 3 with ScanProjectConfig

use of com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfig in project sechub by mercedes-benz.

the class ScanServiceTest method scan_service_fetches_mock_configuration_and_puts_mock_project_configuration_complete_in_execution_context.

@Test
public void scan_service_fetches_mock_configuration_and_puts_mock_project_configuration_complete_in_execution_context() throws Exception {
    /* prepare */
    SecHubConfiguration configNoProjectId = prepareValidConfiguration();
    DomainMessage request = prepareRequest(configNoProjectId);
    ScanProjectMockDataConfiguration projectMockDataConfig = new ScanProjectMockDataConfiguration();
    projectMockDataConfig.setCodeScan(new ScanMockData(TrafficLight.YELLOW));
    ScanProjectConfig projectConfig = new ScanProjectConfig(ScanProjectConfigID.MOCK_CONFIGURATION, TEST_PROJECT_ID1);
    projectConfig.setData(projectMockDataConfig.toJSON());
    when(scanProjectConfigService.get("test-project-id1", ScanProjectConfigID.MOCK_CONFIGURATION, false)).thenReturn(projectConfig);
    /* execute */
    simulateEventSend(request, serviceToTest);
    /* test */
    ArgumentCaptor<SecHubExecutionContext> contextCaptor = ArgumentCaptor.forClass(SecHubExecutionContext.class);
    verify(codeScanProductExecutionService).executeProductsAndStoreResults(contextCaptor.capture());
    SecHubExecutionContext context = contextCaptor.getValue();
    assertEquals(projectMockDataConfig, context.getData(ScanKey.PROJECT_MOCKDATA_CONFIGURATION));
}
Also used : SecHubConfiguration(com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration) ScanMockData(com.mercedesbenz.sechub.domain.scan.project.ScanMockData) SecHubExecutionContext(com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionContext) ScanProjectConfig(com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfig) ScanProjectMockDataConfiguration(com.mercedesbenz.sechub.domain.scan.project.ScanProjectMockDataConfiguration) DomainMessage(com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage) Test(org.junit.Test)

Example 4 with ScanProjectConfig

use of com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfig in project sechub by mercedes-benz.

the class SerecoFalsePositiveMarkerTest method before.

@Before
public void before() throws Exception {
    markerToTest = new SerecoFalsePositiveMarker();
    scanProjectConfigService = mock(ScanProjectConfigService.class);
    falsePositiveFinder = mock(SerecoFalsePositiveFinder.class);
    config = new ScanProjectConfig(ScanProjectConfigID.FALSE_POSITIVE_CONFIGURATION, PROJECT_ID);
    when(scanProjectConfigService.get(PROJECT_ID, ScanProjectConfigID.FALSE_POSITIVE_CONFIGURATION, false)).thenReturn(config);
    markerToTest.scanProjectConfigService = scanProjectConfigService;
    markerToTest.falsePositiveFinder = falsePositiveFinder;
    projectConfig = new FalsePositiveProjectConfiguration();
}
Also used : ScanProjectConfigService(com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfigService) ScanProjectConfig(com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfig) FalsePositiveProjectConfiguration(com.mercedesbenz.sechub.domain.scan.project.FalsePositiveProjectConfiguration) Before(org.junit.Before)

Aggregations

ScanProjectConfig (com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfig)4 FalsePositiveProjectConfiguration (com.mercedesbenz.sechub.domain.scan.project.FalsePositiveProjectConfiguration)2 ScanProjectMockDataConfiguration (com.mercedesbenz.sechub.domain.scan.project.ScanProjectMockDataConfiguration)2 FalsePositiveEntry (com.mercedesbenz.sechub.domain.scan.project.FalsePositiveEntry)1 ScanMockData (com.mercedesbenz.sechub.domain.scan.project.ScanMockData)1 ScanProjectConfigService (com.mercedesbenz.sechub.domain.scan.project.ScanProjectConfigService)1 SerecoVulnerability (com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability)1 SecHubConfiguration (com.mercedesbenz.sechub.sharedkernel.configuration.SecHubConfiguration)1 SecHubExecutionContext (com.mercedesbenz.sechub.sharedkernel.execution.SecHubExecutionContext)1 DomainMessage (com.mercedesbenz.sechub.sharedkernel.messaging.DomainMessage)1 Before (org.junit.Before)1 Test (org.junit.Test)1