Search in sources :

Example 11 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class SecHubExecutionScenarioSecHubClientIntTest method a_project_having_no_white_list_entries_but_some_problems_can_be_executed_as_codescan_and_results_yellow.

// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void a_project_having_no_white_list_entries_but_some_problems_can_be_executed_as_codescan_and_results_yellow() {
    /* @formatter:off */
    /* prepare */
    TestProject project = PROJECT_3;
    TestUser user = USER_1;
    assertProject(project).hasNoWhiteListEntries();
    as(SUPER_ADMIN).assignUserToProject(user, project);
    /* execute */
    IntegrationTestJSONLocation location = CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location).assertFileUploaded(project).assertJobTriggered().getJobUUID();
    waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
    as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasTrafficLight(TrafficLight.YELLOW);
/* @formatter:on */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) UUID(java.util.UUID) TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser) Test(org.junit.Test)

Example 12 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class SecHubExecutionScenarioSecHubClientIntTest method a_project_having_metadata_no_problems_can_be_executed_as_codescan_and_results_green.

// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void a_project_having_metadata_no_problems_can_be_executed_as_codescan_and_results_green() {
    /* @formatter:off */
    /* prepare */
    TestProject project = PROJECT_3;
    TestUser user = USER_1;
    assertProject(project).hasNoMetaData();
    Map<String, String> metaData = new HashMap<>();
    metaData.put("key1", "value1");
    as(SUPER_ADMIN).assignUserToProject(user, project).updateMetaDataForProject(project, metaData);
    assertProject(project).hasMetaData(metaData);
    /* execute */
    IntegrationTestJSONLocation location = CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT;
    UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location).assertFileUploaded(project).assertJobTriggered().getJobUUID();
    waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
    as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) UUID(java.util.UUID) TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser) Test(org.junit.Test)

Example 13 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class SecHubExecutionScenarioSecHubClientIntTest method a_project_having_no_problems_can_be_executed_as_codescan_and_results_green.

// we use startDownloadJobReport here - old implementation okay here
@SuppressWarnings("deprecation")
@Test
public void a_project_having_no_problems_can_be_executed_as_codescan_and_results_green() {
    /* @formatter:off */
    /* prepare */
    TestProject project = PROJECT_3;
    TestUser user = USER_1;
    assertProject(project).hasNoWhiteListEntries();
    List<String> list = new ArrayList<>();
    as(SUPER_ADMIN).updateWhiteListForProject(project, list).assignUserToProject(user, project);
    /* execute */
    IntegrationTestJSONLocation location = CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT;
    UUID jobUUID = as(user).withSecHubClient().startAsynchronScanFor(project, location).assertFileUploaded(project).assertJobTriggered().getJobUUID();
    waitForJobDoneAndFailWhenJobIsFailing(project, jobUUID);
    as(user).withSecHubClient().startDownloadJobReport(project, jobUUID, location).hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ArrayList(java.util.ArrayList) UUID(java.util.UUID) TestUser(com.mercedesbenz.sechub.integrationtest.api.TestUser) Test(org.junit.Test)

Example 14 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class FalsePositivesScenario3IntTest method with_sechubclient_unmark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_gren_to_yellow.

@Test
public void with_sechubclient_unmark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_gren_to_yellow() throws Exception {
    /* @formatter:off */
    /**
     ********
     */
    /* prepare */
    /**
     ********
     */
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    UUID jobUUID = result.getSechubJobUUID();
    as(USER_1).startFalsePositiveDefinition(project).add(1, jobUUID).markAsFalsePositive();
    // create scan + fetch report again (check filtering of false positive works as a precondition */
    ExecutionResult result2 = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result2).finding().id(1).name("Absolute Path Traversal").isNotContained().hasTrafficLight(TrafficLight.GREEN);
    /**
     ********
     */
    /* execute */
    /**
     ********
     */
    as(USER_1).withSecHubClient().startFalsePositiveDefinition(project, location).add(1, jobUUID).unmarkFalsePositive();
    /**
     *****
     */
    /* test */
    /**
     *****
     */
    // create scan + fetch report again
    ExecutionResult result3 = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result3).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
/* @formatter:on */
}
Also used : IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) UUID(java.util.UUID) Test(org.junit.Test)

Example 15 with IntegrationTestJSONLocation

use of com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation in project sechub by mercedes-benz.

the class FalsePositivesScenario3IntTest method with_sechubclient_mark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_yellow_to_green.

@Test
public void with_sechubclient_mark_falsepositives_of_only_existing_medium_will_result_in_report_without_defined__And_trafficlight_changes_from_yellow_to_green() throws Exception {
    /* @formatter:off */
    /**
     ********
     */
    /* prepare */
    /**
     ********
     */
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
    UUID jobUUID = result.getSechubJobUUID();
    /**
     ********
     */
    /* execute */
    /**
     ********
     */
    as(USER_1).withSecHubClient().startFalsePositiveDefinition(project, location).add(1, jobUUID).markAsFalsePositive();
    /**
     *****
     */
    /* test */
    /**
     *****
     */
    ExecutionResult result2 = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result2).finding().id(1).name("Absolute Path Traversal").isNotContained().hasTrafficLight(TrafficLight.GREEN);
/* @formatter:on */
}
Also used : IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) UUID(java.util.UUID) Test(org.junit.Test)

Aggregations

IntegrationTestJSONLocation (com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)17 Test (org.junit.Test)17 UUID (java.util.UUID)16 TestProject (com.mercedesbenz.sechub.integrationtest.api.TestProject)10 ExecutionResult (com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)9 TestUser (com.mercedesbenz.sechub.integrationtest.api.TestUser)8 LinkedHashMap (java.util.LinkedHashMap)4 ProjectFalsePositivesDefinition (com.mercedesbenz.sechub.integrationtest.api.AsUser.ProjectFalsePositivesDefinition)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)2 JSonMessageHttpStatusExceptionTestValidator (com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator)1