Example 6 with IntegrationTestJSONLocation
use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.
the class FalsePositivesScenario3IntTest method REST_API_direct_mark_20_false_positives_with_comments_is_accepted.
@Test
public void REST_API_direct_mark_20_false_positives_with_comments_is_accepted() throws Exception {
/* @formatter:off */
/**
********
*/
/* prepare */
/**
********
*/
IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
UUID jobUUID = result.getSechubJobUUID();
/**
********
*/
/* execute */
/**
********
*/
ProjectFalsePositivesDefinition def = as(USER_1).startFalsePositiveDefinition(project);
int loops = 20;
for (int i = 1; i < loops; i++) {
def.add(i, jobUUID, "comment for loop:" + i);
}
def.markAsFalsePositive();
/**
*****
*/
/* test */
/**
*****
*/
ProjectFalsePositivesDefinition configuration = as(USER_1).getFalsePositiveConfigurationOfProject(project);
configuration.isContaining(loops - 1, jobUUID);
/* @formatter:on */
}
Also used :
IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)
ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)
ProjectFalsePositivesDefinition(com.mercedesbenz.sechub.integrationtest.api.AsUser.ProjectFalsePositivesDefinition)
UUID(java.util.UUID)
Test(org.junit.Test)
Example 7 with IntegrationTestJSONLocation
use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.
the class ProjectChangeAccessLevelScenario3IntTest method get_job_report__existing_job_read_access_level_changing_test_different_access_levels.
/* @formatter:on */
/* @formatter:off */
@Test
public void get_job_report__existing_job_read_access_level_changing_test_different_access_levels() throws Exception {
/* prepare + test preconditions */
TestProject project = PROJECT_1;
// we start a job by USER1 - at this moment, this is possible, because project access level is "FULL"
IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
UUID jobUUID = result.getSechubJobUUID();
/* execute */
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.READ_ONLY);
/* test 1 */
as(USER_1).getJobReport(project, jobUUID);
/* execute */
// we reuse the test, so we have not to create another job etc (reduce time cost)
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.NONE);
/* test 2 */
expectHttpFailure(() -> {
as(USER_1).getJobReport(project, jobUUID);
}, HttpStatus.FORBIDDEN);
// even as an administrator, using same rest api
// the report cannot be fetched
expectHttpFailure(() -> {
as(SUPER_ADMIN).getJobReport(project, jobUUID);
}, new JSonMessageHttpStatusExceptionTestValidator(HttpStatus.FORBIDDEN, "Project " + project.getProjectId() + " does currently not allow read access."));
/* execute */
// we reuse the test, so we have not to create another job etc (reduce time cost)
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.FULL);
/* test 1 */
as(USER_1).getJobReport(project, jobUUID);
}
Also used :
TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject)
IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)
ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)
UUID(java.util.UUID)
JSonMessageHttpStatusExceptionTestValidator(com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator)
Test(org.junit.Test)
Example 8 with IntegrationTestJSONLocation
use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.
the class FalsePositivesScenario3IntTest method REST_API_direct_mark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_yellow_to_green.
@Test
public void REST_API_direct_mark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_yellow_to_green() throws Exception {
/* @formatter:off */
/**
********
*/
/* prepare */
/**
********
*/
IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
UUID jobUUID = result.getSechubJobUUID();
/**
********
*/
/* execute */
/**
********
*/
as(USER_1).startFalsePositiveDefinition(project).add(1, jobUUID).markAsFalsePositive();
/**
*****
*/
/* test */
/**
*****
*/
ExecutionResult result2 = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
assertReportUnordered(result2).finding().id(1).name("Absolute Path Traversal").isNotContained().hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used :
IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)
ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)
UUID(java.util.UUID)
Test(org.junit.Test)
Example 9 with IntegrationTestJSONLocation
use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.
the class SecHubExecutionScenarioSecHubClientIntTest method a_project_having_no_metadata_but_no_problems_can_be_executed_as_codescan_and_results_green.
// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void a_project_having_no_metadata_but_no_problems_can_be_executed_as_codescan_and_results_green() {
/* @formatter:off */
/* prepare */
TestProject project = PROJECT_3;
TestUser user = USER_1;
assertProject(project).hasNoMetaData();
as(SUPER_ADMIN).assignUserToProject(user, project);
/* execute */
IntegrationTestJSONLocation location = CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT;
UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location).assertFileUploaded(project).assertJobTriggered().getJobUUID();
waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used :
TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject)
IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)
UUID(java.util.UUID)
TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser)
Test(org.junit.Test)
Example 10 with IntegrationTestJSONLocation
use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.
the class SecHubExecutionScenarioSecHubClientIntTest method a_project_having_metadata_updated_no_problems_can_be_executed_as_codescan_and_results_green.
// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void a_project_having_metadata_updated_no_problems_can_be_executed_as_codescan_and_results_green() {
/* @formatter:off */
/* prepare */
TestProject project = PROJECT_3;
TestUser user = USER_1;
assertProject(project).hasNoMetaData();
Map<String, String> metaData = new HashMap<>();
metaData.put("key1", "value1");
// add first metaDataEntry
as(SUPER_ADMIN).assignUserToProject(user, project).updateMetaDataForProject(project, metaData);
assertProject(project).hasMetaData(metaData);
// add additional entry
metaData.put("key2", "value2");
as(SUPER_ADMIN).updateMetaDataForProject(project, metaData);
assertProject(project).hasMetaData(metaData);
// update one entry
metaData.put("key1", "updatedValue");
as(SUPER_ADMIN).updateMetaDataForProject(project, metaData);
assertProject(project).hasMetaData(metaData);
// remove all entries
metaData.clear();
as(SUPER_ADMIN).updateMetaDataForProject(project, metaData);
assertProject(project).hasNoMetaData();
/* execute */
IntegrationTestJSONLocation location = CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT;
UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location).assertFileUploaded(project).assertJobTriggered().getJobUUID();
waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used :
TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject)
IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
UUID(java.util.UUID)
TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser)
Test(org.junit.Test)
Aggregations
IntegrationTestJSONLocation (com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)17
Test (org.junit.Test)17
UUID (java.util.UUID)16
TestProject (com.mercedesbenz.sechub.integrationtest.api.TestProject)10
ExecutionResult (com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)9
TestUser (com.mercedesbenz.sechub.integrationtest.api.TestUser)8
LinkedHashMap (java.util.LinkedHashMap)4
ProjectFalsePositivesDefinition (com.mercedesbenz.sechub.integrationtest.api.AsUser.ProjectFalsePositivesDefinition)3
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)2
JSonMessageHttpStatusExceptionTestValidator (com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator)1
