use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.
the class FalsePositivesScenario3IntTest method REST_API_direct_mark_20_false_positives_with_comments_is_accepted.
@Test
public void REST_API_direct_mark_20_false_positives_with_comments_is_accepted() throws Exception {
/* @formatter:off */
/**
********
*/
/* prepare */
/**
********
*/
IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
UUID jobUUID = result.getSechubJobUUID();
/**
********
*/
/* execute */
/**
********
*/
ProjectFalsePositivesDefinition def = as(USER_1).startFalsePositiveDefinition(project);
int loops = 20;
for (int i = 1; i < loops; i++) {
def.add(i, jobUUID, "comment for loop:" + i);
}
def.markAsFalsePositive();
/**
*****
*/
/* test */
/**
*****
*/
ProjectFalsePositivesDefinition configuration = as(USER_1).getFalsePositiveConfigurationOfProject(project);
configuration.isContaining(loops - 1, jobUUID);
/* @formatter:on */
}
use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.
the class FullScanDataScenario3SecHubClientIntTest method product_failure_results_in_downloadable_scan_log.
/**
* product failure results in downloadable fullscan product result is empty and
* report contains vulnerability 1 about sechub failure
*/
@Test
public void product_failure_results_in_downloadable_scan_log() throws IOException {
/* check preconditions */
assertUser(USER_1).isAssignedToProject(PROJECT_1).hasOwnerRole().hasUserRole();
as(SUPER_ADMIN).updateWhiteListForProject(PROJECT_1, Collections.singletonList("https://netsparker.productfailure.demo.example.org"));
/* prepare - just execute a job */
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_WEBSCAN_PRODUCTFAILURE_ZERO_WAIT);
UUID sechubJobUUID = result.getSechubJobUUID();
assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
/* execute */
File scanDataZipFile = as(SUPER_ADMIN).downloadFullScanDataFor(sechubJobUUID);
/* test @formatter:off*/
AssertFullScanData assertFullScanData = assertFullScanDataZipFile(scanDataZipFile);
// .txt because just empty text for failed parts
String netsparkerFileName = "NETSPARKER_" + IntegrationTestDefaultExecutorConfigurations.NETSPARKER_V1.uuid + ".txt";
assertFullScanData.dumpDownloadFilePath().containsFile(netsparkerFileName).containsFile("metadata_NETSPARKER_" + IntegrationTestDefaultExecutorConfigurations.NETSPARKER_V1.uuid + ".json").containsFile("SERECO.json").containsFile("metadata_SERECO.json").containsFiles(5);
FullScanDataElement netsparker = assertFullScanData.resolveFile(netsparkerFileName);
assertEquals("", netsparker.content);
FullScanDataElement sereco = assertFullScanData.resolveFile("SERECO.json");
assertTrue(sereco.content.contains("\"type\":\"SecHub failure\""));
assertTrue(sereco.content.contains("Security product 'NETSPARKER' failed"));
/* @formatter:on*/
}
use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.
the class MappingScenario3IntTest method checkmarx_executor_config_mapping_for_checkmarx_preset_changed_is_used_in_next_checkmarx_scan.
/* @formatter:off */
@Test
public void checkmarx_executor_config_mapping_for_checkmarx_preset_changed_is_used_in_next_checkmarx_scan() throws IOException {
/* prepare */
String projectId = PROJECT_1.getProjectId();
/* add new parameters before default for execution:*/
MappingData teamIdMapping = new MappingData();
List<MappingEntry> teamIdMappingEntries = teamIdMapping.getEntries();
teamIdMappingEntries.add(new MappingEntry(projectId, "replacedTeamId", ""));
teamIdMappingEntries.add(IntegrationTestDefaultExecutorConfigurations.CHECKMARX_TEAMID_MAPPING_DEFAULT_MAPPING);
MappingData presetMapping = new MappingData();
List<MappingEntry> presetIdMappingEntries = presetMapping.getEntries();
presetIdMappingEntries.add(new MappingEntry(projectId, "123456", ""));
presetIdMappingEntries.add(IntegrationTestDefaultExecutorConfigurations.CHECKMARX_PRESETID_MAPPING_DEFAULT_MAPPING);
/* execute */
as(SUPER_ADMIN).changeProductExecutorJobParameter(CHECKMARX_V1, MappingIdentifier.CHECKMARX_NEWPROJECT_TEAM_ID.getId(), teamIdMapping.toJSON()).changeProductExecutorJobParameter(CHECKMARX_V1, MappingIdentifier.CHECKMARX_NEWPROJECT_PRESET_ID.getId(), presetMapping.toJSON());
clearMetaDataInspection();
assertMetaDataInspections().hasAmountOfInspections(0);
/* test */
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT);
UUID sechubJobUUID = result.getSechubJobUUID();
assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
assertMetaDataInspections().hasAmountOfInspections(1).inspectionNr(0).hasId("CHECKMARX").hasNotice("presetid", // scenario3_project1 -> replacedPresetId
"123456").hasNotice("teamid", // scenario3_project1 -> replacedTeamId
"replacedTeamId");
/* @formatter:on */
}
use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.
the class ProjectChangeAccessLevelScenario3IntTest method get_job_report__existing_job_read_access_level_changing_test_different_access_levels.
/* @formatter:on */
/* @formatter:off */
@Test
public void get_job_report__existing_job_read_access_level_changing_test_different_access_levels() throws Exception {
/* prepare + test preconditions */
TestProject project = PROJECT_1;
// we start a job by USER1 - at this moment, this is possible, because project access level is "FULL"
IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
UUID jobUUID = result.getSechubJobUUID();
/* execute */
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.READ_ONLY);
/* test 1 */
as(USER_1).getJobReport(project, jobUUID);
/* execute */
// we reuse the test, so we have not to create another job etc (reduce time cost)
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.NONE);
/* test 2 */
expectHttpFailure(() -> {
as(USER_1).getJobReport(project, jobUUID);
}, HttpStatus.FORBIDDEN);
// even as an administrator, using same rest api
// the report cannot be fetched
expectHttpFailure(() -> {
as(SUPER_ADMIN).getJobReport(project, jobUUID);
}, new JSonMessageHttpStatusExceptionTestValidator(HttpStatus.FORBIDDEN, "Project " + project.getProjectId() + " does currently not allow read access."));
/* execute */
// we reuse the test, so we have not to create another job etc (reduce time cost)
as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.FULL);
/* test 1 */
as(USER_1).getJobReport(project, jobUUID);
}
use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.
the class ProjectDeleteScenario3IntTest method super_admin_deletes_project__deletes_also_all_scan_and_product_results.
/* @formatter:on */
/* @formatter:off */
@Test
public void super_admin_deletes_project__deletes_also_all_scan_and_product_results() throws Exception {
/* check preconditions*/
assertUser(USER_1).isAssignedToProject(PROJECT_1);
/* prepare - just execute two jobs */
ExecutionResult result1 = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT);
UUID sechubJobUUID1 = result1.getSechubJobUUID();
ExecutionResult result2 = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT);
UUID sechubJobUUID2 = result2.getSechubJobUUID();
/* check preconditions */
assertNotNull(sechubJobUUID1);
assertNotNull(sechubJobUUID2);
assertProject(PROJECT_1).doesExist().hasProductResultsInDomainScan(// 2 x 2(means SERECO + SOURCSCAN RESULT for each job))
4).hasScanReportsInDomainScan(// 2 x 1 result
2);
/* execute */
as(SUPER_ADMIN).deleteProject(PROJECT_1);
/* test */
wait2SecondsSoAsyncDeleteEventsDone();
assertProject(PROJECT_1).doesNotExist().hasProductResultsInDomainScan(0).hasScanReportsInDomainScan(0);
}
Aggregations