use of com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement in project sechub by mercedes-benz.
the class FullScanDataScenario3SecHubClientIntTest method product_failure_results_in_downloadable_scan_log.
/**
* product failure results in downloadable fullscan product result is empty and
* report contains vulnerability 1 about sechub failure
*/
@Test
public void product_failure_results_in_downloadable_scan_log() throws IOException {
/* check preconditions */
assertUser(USER_1).isAssignedToProject(PROJECT_1).hasOwnerRole().hasUserRole();
as(SUPER_ADMIN).updateWhiteListForProject(PROJECT_1, Collections.singletonList("https://netsparker.productfailure.demo.example.org"));
/* prepare - just execute a job */
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_WEBSCAN_PRODUCTFAILURE_ZERO_WAIT);
UUID sechubJobUUID = result.getSechubJobUUID();
assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
/* execute */
File scanDataZipFile = as(SUPER_ADMIN).downloadFullScanDataFor(sechubJobUUID);
/* test @formatter:off*/
AssertFullScanData assertFullScanData = assertFullScanDataZipFile(scanDataZipFile);
// .txt because just empty text for failed parts
String netsparkerFileName = "NETSPARKER_" + IntegrationTestDefaultExecutorConfigurations.NETSPARKER_V1.uuid + ".txt";
assertFullScanData.dumpDownloadFilePath().containsFile(netsparkerFileName).containsFile("metadata_NETSPARKER_" + IntegrationTestDefaultExecutorConfigurations.NETSPARKER_V1.uuid + ".json").containsFile("SERECO.json").containsFile("metadata_SERECO.json").containsFiles(5);
FullScanDataElement netsparker = assertFullScanData.resolveFile(netsparkerFileName);
assertEquals("", netsparker.content);
FullScanDataElement sereco = assertFullScanData.resolveFile("SERECO.json");
assertTrue(sereco.content.contains("\"type\":\"SecHub failure\""));
assertTrue(sereco.content.contains("Security product 'NETSPARKER' failed"));
/* @formatter:on*/
}
use of com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement in project sechub by mercedes-benz.
the class FullScanDataScenario3SecHubClientIntTest method user_1_starts_job_but_only_admin_can_download_scanlog_or_fullscan_data.
@Test
public void user_1_starts_job_but_only_admin_can_download_scanlog_or_fullscan_data() throws IOException {
/* prepare - just execute a job */
TestUser user = USER_1;
TestProject project = PROJECT_1;
ExecutionResult result = as(user).withSecHubClient().startSynchronScanFor(project, CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT);
UUID sechubJobUUID = result.getSechubJobUUID();
assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
/* exeucte (1) - admin can download scan logs */
String json = as(SUPER_ADMIN).getScanLogsForProject(project);
/* test */
assertNotNull(json);
assertTrue(json.contains(sechubJobUUID.toString()));
assertTrue(json.contains(user.getUserId()));
/* execute (2) - admin can download full scan data */
File scanDataZipFile = as(SUPER_ADMIN).downloadFullScanDataFor(sechubJobUUID);
/* execute */
AssertFullScanData assertFullScanData = assertFullScanDataZipFile(scanDataZipFile);
/* test @formatter:off*/
assertFullScanData.dumpDownloadFilePath().containsFile("CHECKMARX_" + IntegrationTestDefaultExecutorConfigurations.CHECKMARX_V1.uuid + ".xml").containsFile("metadata_CHECKMARX_" + IntegrationTestDefaultExecutorConfigurations.CHECKMARX_V1.uuid + ".json").containsFile("metadata_SERECO.json").containsFile("SERECO.json").containsFiles(5);
FullScanDataElement log = assertFullScanData.resolveFileStartingWith("log_");
assertTrue(log.content.contains("executedBy=" + user.getUserId()));
assertTrue(log.content.contains("projectId=" + project.getProjectId()));
/* execute (3) + test - user cannot donload logs or full scan data*/
expectHttpFailure(() -> as(user).getScanLogsForProject(project), HttpStatus.FORBIDDEN);
expectHttpFailure(() -> as(user).downloadFullScanDataFor(sechubJobUUID), HttpStatus.FORBIDDEN);
/* execute */
}
use of com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement in project sechub by mercedes-benz.
the class FullScanDataScenario3SecHubClientIntTest method when_job_was_executed__admin_is_able_to_download_fullscan_zip_file_for_this_sechub_job.
@Test
public void when_job_was_executed__admin_is_able_to_download_fullscan_zip_file_for_this_sechub_job() throws IOException {
/* check preconditions */
assertUser(USER_1).isAssignedToProject(PROJECT_1).hasOwnerRole().hasUserRole();
/* prepare - just execute a job */
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_SOURCESCAN_GREEN);
UUID sechubJobUUID = result.getSechubJobUUID();
assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
File scanDataZipFile = as(SUPER_ADMIN).downloadFullScanDataFor(sechubJobUUID);
/* execute */
AssertFullScanData assertFullScanData = assertFullScanDataZipFile(scanDataZipFile);
/* test @formatter:off*/
assertFullScanData.dumpDownloadFilePath().containsFile("CHECKMARX_" + IntegrationTestDefaultExecutorConfigurations.CHECKMARX_V1.uuid + ".xml").containsFile("metadata_CHECKMARX_" + IntegrationTestDefaultExecutorConfigurations.CHECKMARX_V1.uuid + ".json").containsFile("metadata_SERECO.json").containsFile("SERECO.json").containsFiles(5);
FullScanDataElement log = assertFullScanData.resolveFileStartingWith("log_");
assertTrue(log.content.contains("executedBy=" + USER_1.getUserId()));
assertTrue(log.content.contains("projectId=" + PROJECT_1.getProjectId()));
/* @formatter:on*/
}
Aggregations