Search in sources :

Example 1 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class SecHubExecutionScenarioSecHubClientIntTest method sechub_client_can_execute_a_config_file_which_uses_template_variables_of_environment_entries.

// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void sechub_client_can_execute_a_config_file_which_uses_template_variables_of_environment_entries() {
    /* @formatter:off */
    /* prepare */
    TestProject project = PROJECT_3;
    TestUser user = USER_1;
    assertProject(project).hasNoWhiteListEntries();
    List<String> list = new ArrayList<>();
    as(SUPER_ADMIN).updateWhiteListForProject(project, list).assignUserToProject(user, project);
    Map<String, String> envEntries = new LinkedHashMap<>();
    envEntries.put("SHTEST_VERSION", "1.0");
    envEntries.put("SHTEST_FOLDERS1", IntegrationTestMockMode.CODE_SCAN__CHECKMARX__GREEN__FAST.getTarget());
    /* execute */
    IntegrationTestJSONLocation location = CLIENT_JSON_SOURCESCAN_GENERIC_TEMPLATE;
    UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location, envEntries).assertFileUploaded(project).assertJobTriggered().getJobUUID();
    waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
    /* why test green result ? Because we set test folders in a way we
		 * will expect green traffic light - which is only the case when
		 * we have an explicit path set by the environment entry inside
		 * template... We could also rely on server validation of version
		 * but this way is better, because we rely on test environment /mocked
		 * adapter behavior which is well known.
		 */
    as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ArrayList(java.util.ArrayList) UUID(java.util.UUID) TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.Test)

Example 2 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class SecHubExecutionScenarioSecHubClientIntTest method sechub_client_can_execute_a_config_file_which_uses_template_variables_of_environment_entries_but_no_data_section.

// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void sechub_client_can_execute_a_config_file_which_uses_template_variables_of_environment_entries_but_no_data_section() {
    /* @formatter:off */
    /* prepare */
    TestProject project = PROJECT_3;
    TestUser user = USER_1;
    assertProject(project).hasNoWhiteListEntries();
    List<String> list = new ArrayList<>();
    as(SUPER_ADMIN).updateWhiteListForProject(project, list).assignUserToProject(user, project);
    Map<String, String> envEntries = new LinkedHashMap<>();
    envEntries.put("SHTEST_VERSION", "1.0");
    envEntries.put("SHTEST_FOLDERS1", IntegrationTestMockMode.CODE_SCAN__CHECKMARX__GREEN__1_SECOND_WAITING.getTarget());
    /* execute */
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_GENERIC_TEMPLATE_NO_DATA_SECTION;
    UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location, envEntries).assertFileUploaded(project).assertJobTriggered().getJobUUID();
    waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
    /* why test green result ? Because we set test folders in a way we
		 * will expect green traffic light - which is only the case when
		 * we have an explicit path set by the environment entry inside
		 * template... We could also rely on server validation of version
		 * but this way is better, because we rely on test environment /mocked
		 * adapter behavior which is well known.
		 */
    as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ArrayList(java.util.ArrayList) UUID(java.util.UUID) TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.Test)

Example 3 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class SecHubExecutionScenarioSecHubClientIntTest method a_project_having_no_white_list_entries_but_no_problems_can_be_executed_as_codescan_and_results_green.

// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void a_project_having_no_white_list_entries_but_no_problems_can_be_executed_as_codescan_and_results_green() {
    /* @formatter:off */
    /* prepare */
    TestProject project = PROJECT_3;
    TestUser user = USER_1;
    assertProject(project).hasNoWhiteListEntries();
    as(SUPER_ADMIN).assignUserToProject(user, project);
    /* execute */
    IntegrationTestJSONLocation location = CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT;
    UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location).assertFileUploaded(project).assertJobTriggered().getJobUUID();
    waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
    as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasStatus(SecHubStatus.SUCCESS).hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) UUID(java.util.UUID) TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser) Test(org.junit.Test)

Example 4 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class FalsePositivesScenario3IntTest method REST_API_direct_unmark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_gren_to_yellow.

@Test
public void REST_API_direct_unmark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_gren_to_yellow() throws Exception {
    /* @formatter:off */
    /**
     ********
     */
    /* prepare */
    /**
     ********
     */
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    UUID jobUUID = result.getSechubJobUUID();
    as(USER_1).startFalsePositiveDefinition(project).add(1, jobUUID).markAsFalsePositive();
    // create scan + fetch report again (check filtering of false positive works as a precondition */
    ExecutionResult result2 = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result2).finding().id(1).name("Absolute Path Traversal").isNotContained().hasTrafficLight(TrafficLight.GREEN);
    /**
     ********
     */
    /* execute */
    /**
     ********
     */
    as(USER_1).startFalsePositiveDefinition(project).add(1, jobUUID).unmarkFalsePositive();
    /**
     *****
     */
    /* test */
    /**
     *****
     */
    // create scan + fetch report again
    ExecutionResult result3 = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result3).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
/* @formatter:on */
}
Also used : IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) UUID(java.util.UUID) Test(org.junit.Test)

Example 5 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class FalsePositivesScenario3IntTest method with_sechubclient_fetch_fp_config_when_one_entry_added.

@Test
public void with_sechubclient_fetch_fp_config_when_one_entry_added() throws Exception {
    /* @formatter:off */
    /**
     ********
     */
    /* prepare */
    /**
     ********
     */
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
    UUID jobUUID = result.getSechubJobUUID();
    as(USER_1).startFalsePositiveDefinition(project).add(1, jobUUID).markAsFalsePositive();
    /**
     ********
     */
    /* execute */
    /**
     ********
     */
    ProjectFalsePositivesDefinition configuration = as(USER_1).withSecHubClient().getFalsePositiveConfigurationOfProject(project, location);
    /**
     *****
     */
    /* test */
    /**
     *****
     */
    assertTrue(configuration.isContaining(1, jobUUID));
/* @formatter:on */
}
Also used : IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) ProjectFalsePositivesDefinition(com.mercedesbenz.sechub.integrationtest.api.AsUser.ProjectFalsePositivesDefinition) UUID(java.util.UUID) Test(org.junit.Test)

Aggregations

IntegrationTestJSONLocation (com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)17 Test (org.junit.Test)17 UUID (java.util.UUID)16 TestProject (com.mercedesbenz.sechub.integrationtest.api.TestProject)10 ExecutionResult (com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)9 TestUser (com.mercedesbenz.sechub.integrationtest.api.TestUser)8 LinkedHashMap (java.util.LinkedHashMap)4 ProjectFalsePositivesDefinition (com.mercedesbenz.sechub.integrationtest.api.AsUser.ProjectFalsePositivesDefinition)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)2 JSonMessageHttpStatusExceptionTestValidator (com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator)1