Search in sources :

Example 1 with FullScanDataElement

use of com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement in project sechub by mercedes-benz.

the class FullScanDataScenario3SecHubClientIntTest method product_failure_results_in_downloadable_scan_log.

/**
 * product failure results in downloadable fullscan product result is empty and
 * report contains vulnerability 1 about sechub failure
 */
@Test
public void product_failure_results_in_downloadable_scan_log() throws IOException {
    /* check preconditions */
    assertUser(USER_1).isAssignedToProject(PROJECT_1).hasOwnerRole().hasUserRole();
    as(SUPER_ADMIN).updateWhiteListForProject(PROJECT_1, Collections.singletonList("https://netsparker.productfailure.demo.example.org"));
    /* prepare - just execute a job */
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_WEBSCAN_PRODUCTFAILURE_ZERO_WAIT);
    UUID sechubJobUUID = result.getSechubJobUUID();
    assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
    /* execute */
    File scanDataZipFile = as(SUPER_ADMIN).downloadFullScanDataFor(sechubJobUUID);
    /* test @formatter:off*/
    AssertFullScanData assertFullScanData = assertFullScanDataZipFile(scanDataZipFile);
    // .txt because just empty text for failed parts
    String netsparkerFileName = "NETSPARKER_" + IntegrationTestDefaultExecutorConfigurations.NETSPARKER_V1.uuid + ".txt";
    assertFullScanData.dumpDownloadFilePath().containsFile(netsparkerFileName).containsFile("metadata_NETSPARKER_" + IntegrationTestDefaultExecutorConfigurations.NETSPARKER_V1.uuid + ".json").containsFile("SERECO.json").containsFile("metadata_SERECO.json").containsFiles(5);
    FullScanDataElement netsparker = assertFullScanData.resolveFile(netsparkerFileName);
    assertEquals("", netsparker.content);
    FullScanDataElement sereco = assertFullScanData.resolveFile("SERECO.json");
    assertTrue(sereco.content.contains("\"type\":\"SecHub failure\""));
    assertTrue(sereco.content.contains("Security product 'NETSPARKER' failed"));
/* @formatter:on*/
}
Also used : AssertFullScanData(com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) FullScanDataElement(com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement) UUID(java.util.UUID) File(java.io.File) Test(org.junit.Test)

Example 2 with FullScanDataElement

use of com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement in project sechub by mercedes-benz.

the class FullScanDataScenario3SecHubClientIntTest method user_1_starts_job_but_only_admin_can_download_scanlog_or_fullscan_data.

@Test
public void user_1_starts_job_but_only_admin_can_download_scanlog_or_fullscan_data() throws IOException {
    /* prepare - just execute a job */
    TestUser user = USER_1;
    TestProject project = PROJECT_1;
    ExecutionResult result = as(user).withSecHubClient().startSynchronScanFor(project, CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT);
    UUID sechubJobUUID = result.getSechubJobUUID();
    assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
    /* exeucte (1) - admin can download scan logs */
    String json = as(SUPER_ADMIN).getScanLogsForProject(project);
    /* test */
    assertNotNull(json);
    assertTrue(json.contains(sechubJobUUID.toString()));
    assertTrue(json.contains(user.getUserId()));
    /* execute (2) - admin can download full scan data */
    File scanDataZipFile = as(SUPER_ADMIN).downloadFullScanDataFor(sechubJobUUID);
    /* execute */
    AssertFullScanData assertFullScanData = assertFullScanDataZipFile(scanDataZipFile);
    /* test @formatter:off*/
    assertFullScanData.dumpDownloadFilePath().containsFile("CHECKMARX_" + IntegrationTestDefaultExecutorConfigurations.CHECKMARX_V1.uuid + ".xml").containsFile("metadata_CHECKMARX_" + IntegrationTestDefaultExecutorConfigurations.CHECKMARX_V1.uuid + ".json").containsFile("metadata_SERECO.json").containsFile("SERECO.json").containsFiles(5);
    FullScanDataElement log = assertFullScanData.resolveFileStartingWith("log_");
    assertTrue(log.content.contains("executedBy=" + user.getUserId()));
    assertTrue(log.content.contains("projectId=" + project.getProjectId()));
    /* execute (3) + test - user cannot donload logs or full scan data*/
    expectHttpFailure(() -> as(user).getScanLogsForProject(project), HttpStatus.FORBIDDEN);
    expectHttpFailure(() -> as(user).downloadFullScanDataFor(sechubJobUUID), HttpStatus.FORBIDDEN);
/* execute */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) AssertFullScanData(com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) FullScanDataElement(com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement) UUID(java.util.UUID) TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser) File(java.io.File) Test(org.junit.Test)

Example 3 with FullScanDataElement

use of com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement in project sechub by mercedes-benz.

the class FullScanDataScenario3SecHubClientIntTest method when_job_was_executed__admin_is_able_to_download_fullscan_zip_file_for_this_sechub_job.

@Test
public void when_job_was_executed__admin_is_able_to_download_fullscan_zip_file_for_this_sechub_job() throws IOException {
    /* check preconditions */
    assertUser(USER_1).isAssignedToProject(PROJECT_1).hasOwnerRole().hasUserRole();
    /* prepare - just execute a job */
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_SOURCESCAN_GREEN);
    UUID sechubJobUUID = result.getSechubJobUUID();
    assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
    File scanDataZipFile = as(SUPER_ADMIN).downloadFullScanDataFor(sechubJobUUID);
    /* execute */
    AssertFullScanData assertFullScanData = assertFullScanDataZipFile(scanDataZipFile);
    /* test @formatter:off*/
    assertFullScanData.dumpDownloadFilePath().containsFile("CHECKMARX_" + IntegrationTestDefaultExecutorConfigurations.CHECKMARX_V1.uuid + ".xml").containsFile("metadata_CHECKMARX_" + IntegrationTestDefaultExecutorConfigurations.CHECKMARX_V1.uuid + ".json").containsFile("metadata_SERECO.json").containsFile("SERECO.json").containsFiles(5);
    FullScanDataElement log = assertFullScanData.resolveFileStartingWith("log_");
    assertTrue(log.content.contains("executedBy=" + USER_1.getUserId()));
    assertTrue(log.content.contains("projectId=" + PROJECT_1.getProjectId()));
/* @formatter:on*/
}
Also used : AssertFullScanData(com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) FullScanDataElement(com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement) UUID(java.util.UUID) File(java.io.File) Test(org.junit.Test)

Aggregations

AssertFullScanData (com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData)3 FullScanDataElement (com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement)3 ExecutionResult (com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)3 File (java.io.File)3 UUID (java.util.UUID)3 Test (org.junit.Test)3 TestProject (com.mercedesbenz.sechub.integrationtest.api.TestProject)1 TestUser (com.mercedesbenz.sechub.integrationtest.api.TestUser)1