Search in sources :

Example 6 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class FalsePositivesScenario3IntTest method REST_API_direct_mark_20_false_positives_with_comments_is_accepted.

@Test
public void REST_API_direct_mark_20_false_positives_with_comments_is_accepted() throws Exception {
    /* @formatter:off */
    /**
     ********
     */
    /* prepare */
    /**
     ********
     */
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    UUID jobUUID = result.getSechubJobUUID();
    /**
     ********
     */
    /* execute */
    /**
     ********
     */
    ProjectFalsePositivesDefinition def = as(USER_1).startFalsePositiveDefinition(project);
    int loops = 20;
    for (int i = 1; i < loops; i++) {
        def.add(i, jobUUID, "comment for loop:" + i);
    }
    def.markAsFalsePositive();
    /**
     *****
     */
    /* test */
    /**
     *****
     */
    ProjectFalsePositivesDefinition configuration = as(USER_1).getFalsePositiveConfigurationOfProject(project);
    configuration.isContaining(loops - 1, jobUUID);
/* @formatter:on */
}
Also used : IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) ProjectFalsePositivesDefinition(com.mercedesbenz.sechub.integrationtest.api.AsUser.ProjectFalsePositivesDefinition) UUID(java.util.UUID) Test(org.junit.Test)

Example 7 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class ProjectChangeAccessLevelScenario3IntTest method get_job_report__existing_job_read_access_level_changing_test_different_access_levels.

/* @formatter:on */
/* @formatter:off */
@Test
public void get_job_report__existing_job_read_access_level_changing_test_different_access_levels() throws Exception {
    /* prepare + test preconditions */
    TestProject project = PROJECT_1;
    // we start a job by USER1 - at this moment, this is possible, because project access level is "FULL"
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
    UUID jobUUID = result.getSechubJobUUID();
    /* execute */
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.READ_ONLY);
    /* test 1 */
    as(USER_1).getJobReport(project, jobUUID);
    /* execute */
    // we reuse the test, so we have not to create another job etc (reduce time cost)
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.NONE);
    /* test 2 */
    expectHttpFailure(() -> {
        as(USER_1).getJobReport(project, jobUUID);
    }, HttpStatus.FORBIDDEN);
    // even as an administrator, using same rest api
    // the report cannot be fetched
    expectHttpFailure(() -> {
        as(SUPER_ADMIN).getJobReport(project, jobUUID);
    }, new JSonMessageHttpStatusExceptionTestValidator(HttpStatus.FORBIDDEN, "Project " + project.getProjectId() + " does currently not allow read access."));
    /* execute */
    // we reuse the test, so we have not to create another job etc (reduce time cost)
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.FULL);
    /* test 1 */
    as(USER_1).getJobReport(project, jobUUID);
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) UUID(java.util.UUID) JSonMessageHttpStatusExceptionTestValidator(com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator) Test(org.junit.Test)

Example 8 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class FalsePositivesScenario3IntTest method REST_API_direct_mark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_yellow_to_green.

@Test
public void REST_API_direct_mark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_yellow_to_green() throws Exception {
    /* @formatter:off */
    /**
     ********
     */
    /* prepare */
    /**
     ********
     */
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
    UUID jobUUID = result.getSechubJobUUID();
    /**
     ********
     */
    /* execute */
    /**
     ********
     */
    as(USER_1).startFalsePositiveDefinition(project).add(1, jobUUID).markAsFalsePositive();
    /**
     *****
     */
    /* test */
    /**
     *****
     */
    ExecutionResult result2 = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result2).finding().id(1).name("Absolute Path Traversal").isNotContained().hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used : IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) UUID(java.util.UUID) Test(org.junit.Test)

Example 9 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class SecHubExecutionScenarioSecHubClientIntTest method a_project_having_no_metadata_but_no_problems_can_be_executed_as_codescan_and_results_green.

// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void a_project_having_no_metadata_but_no_problems_can_be_executed_as_codescan_and_results_green() {
    /* @formatter:off */
    /* prepare */
    TestProject project = PROJECT_3;
    TestUser user = USER_1;
    assertProject(project).hasNoMetaData();
    as(SUPER_ADMIN).assignUserToProject(user, project);
    /* execute */
    IntegrationTestJSONLocation location = CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT;
    UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location).assertFileUploaded(project).assertJobTriggered().getJobUUID();
    waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
    as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) UUID(java.util.UUID) TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser) Test(org.junit.Test)

Example 10 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class SecHubExecutionScenarioSecHubClientIntTest method a_project_having_metadata_updated_no_problems_can_be_executed_as_codescan_and_results_green.

// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void a_project_having_metadata_updated_no_problems_can_be_executed_as_codescan_and_results_green() {
    /* @formatter:off */
    /* prepare */
    TestProject project = PROJECT_3;
    TestUser user = USER_1;
    assertProject(project).hasNoMetaData();
    Map<String, String> metaData = new HashMap<>();
    metaData.put("key1", "value1");
    // add first metaDataEntry
    as(SUPER_ADMIN).assignUserToProject(user, project).updateMetaDataForProject(project, metaData);
    assertProject(project).hasMetaData(metaData);
    // add additional entry
    metaData.put("key2", "value2");
    as(SUPER_ADMIN).updateMetaDataForProject(project, metaData);
    assertProject(project).hasMetaData(metaData);
    // update one entry
    metaData.put("key1", "updatedValue");
    as(SUPER_ADMIN).updateMetaDataForProject(project, metaData);
    assertProject(project).hasMetaData(metaData);
    // remove all entries
    metaData.clear();
    as(SUPER_ADMIN).updateMetaDataForProject(project, metaData);
    assertProject(project).hasNoMetaData();
    /* execute */
    IntegrationTestJSONLocation location = CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT;
    UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location).assertFileUploaded(project).assertJobTriggered().getJobUUID();
    waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
    as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) UUID(java.util.UUID) TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser) Test(org.junit.Test)

Aggregations

IntegrationTestJSONLocation (com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)17 Test (org.junit.Test)17 UUID (java.util.UUID)16 TestProject (com.mercedesbenz.sechub.integrationtest.api.TestProject)10 ExecutionResult (com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)9 TestUser (com.mercedesbenz.sechub.integrationtest.api.TestUser)8 LinkedHashMap (java.util.LinkedHashMap)4 ProjectFalsePositivesDefinition (com.mercedesbenz.sechub.integrationtest.api.AsUser.ProjectFalsePositivesDefinition)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)2 JSonMessageHttpStatusExceptionTestValidator (com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator)1