Search in sources :

Example 11 with ExecutionResult

use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.

the class FalsePositivesScenario3IntTest method REST_API_direct_mark_20_false_positives_with_comments_is_accepted.

@Test
public void REST_API_direct_mark_20_false_positives_with_comments_is_accepted() throws Exception {
    /* @formatter:off */
    /**
     ********
     */
    /* prepare */
    /**
     ********
     */
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    UUID jobUUID = result.getSechubJobUUID();
    /**
     ********
     */
    /* execute */
    /**
     ********
     */
    ProjectFalsePositivesDefinition def = as(USER_1).startFalsePositiveDefinition(project);
    int loops = 20;
    for (int i = 1; i < loops; i++) {
        def.add(i, jobUUID, "comment for loop:" + i);
    }
    def.markAsFalsePositive();
    /**
     *****
     */
    /* test */
    /**
     *****
     */
    ProjectFalsePositivesDefinition configuration = as(USER_1).getFalsePositiveConfigurationOfProject(project);
    configuration.isContaining(loops - 1, jobUUID);
/* @formatter:on */
}
Also used : IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) ProjectFalsePositivesDefinition(com.mercedesbenz.sechub.integrationtest.api.AsUser.ProjectFalsePositivesDefinition) UUID(java.util.UUID) Test(org.junit.Test)

Example 12 with ExecutionResult

use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.

the class FullScanDataScenario3SecHubClientIntTest method product_failure_results_in_downloadable_scan_log.

/**
 * product failure results in downloadable fullscan product result is empty and
 * report contains vulnerability 1 about sechub failure
 */
@Test
public void product_failure_results_in_downloadable_scan_log() throws IOException {
    /* check preconditions */
    assertUser(USER_1).isAssignedToProject(PROJECT_1).hasOwnerRole().hasUserRole();
    as(SUPER_ADMIN).updateWhiteListForProject(PROJECT_1, Collections.singletonList("https://netsparker.productfailure.demo.example.org"));
    /* prepare - just execute a job */
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_WEBSCAN_PRODUCTFAILURE_ZERO_WAIT);
    UUID sechubJobUUID = result.getSechubJobUUID();
    assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
    /* execute */
    File scanDataZipFile = as(SUPER_ADMIN).downloadFullScanDataFor(sechubJobUUID);
    /* test @formatter:off*/
    AssertFullScanData assertFullScanData = assertFullScanDataZipFile(scanDataZipFile);
    // .txt because just empty text for failed parts
    String netsparkerFileName = "NETSPARKER_" + IntegrationTestDefaultExecutorConfigurations.NETSPARKER_V1.uuid + ".txt";
    assertFullScanData.dumpDownloadFilePath().containsFile(netsparkerFileName).containsFile("metadata_NETSPARKER_" + IntegrationTestDefaultExecutorConfigurations.NETSPARKER_V1.uuid + ".json").containsFile("SERECO.json").containsFile("metadata_SERECO.json").containsFiles(5);
    FullScanDataElement netsparker = assertFullScanData.resolveFile(netsparkerFileName);
    assertEquals("", netsparker.content);
    FullScanDataElement sereco = assertFullScanData.resolveFile("SERECO.json");
    assertTrue(sereco.content.contains("\"type\":\"SecHub failure\""));
    assertTrue(sereco.content.contains("Security product 'NETSPARKER' failed"));
/* @formatter:on*/
}
Also used : AssertFullScanData(com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) FullScanDataElement(com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement) UUID(java.util.UUID) File(java.io.File) Test(org.junit.Test)

Example 13 with ExecutionResult

use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.

the class MappingScenario3IntTest method checkmarx_executor_config_mapping_for_checkmarx_preset_changed_is_used_in_next_checkmarx_scan.

/* @formatter:off */
@Test
public void checkmarx_executor_config_mapping_for_checkmarx_preset_changed_is_used_in_next_checkmarx_scan() throws IOException {
    /* prepare */
    String projectId = PROJECT_1.getProjectId();
    /* add new parameters before default for execution:*/
    MappingData teamIdMapping = new MappingData();
    List<MappingEntry> teamIdMappingEntries = teamIdMapping.getEntries();
    teamIdMappingEntries.add(new MappingEntry(projectId, "replacedTeamId", ""));
    teamIdMappingEntries.add(IntegrationTestDefaultExecutorConfigurations.CHECKMARX_TEAMID_MAPPING_DEFAULT_MAPPING);
    MappingData presetMapping = new MappingData();
    List<MappingEntry> presetIdMappingEntries = presetMapping.getEntries();
    presetIdMappingEntries.add(new MappingEntry(projectId, "123456", ""));
    presetIdMappingEntries.add(IntegrationTestDefaultExecutorConfigurations.CHECKMARX_PRESETID_MAPPING_DEFAULT_MAPPING);
    /* execute */
    as(SUPER_ADMIN).changeProductExecutorJobParameter(CHECKMARX_V1, MappingIdentifier.CHECKMARX_NEWPROJECT_TEAM_ID.getId(), teamIdMapping.toJSON()).changeProductExecutorJobParameter(CHECKMARX_V1, MappingIdentifier.CHECKMARX_NEWPROJECT_PRESET_ID.getId(), presetMapping.toJSON());
    clearMetaDataInspection();
    assertMetaDataInspections().hasAmountOfInspections(0);
    /* test */
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT);
    UUID sechubJobUUID = result.getSechubJobUUID();
    assertNotNull("No sechub jobUUId found-maybe client call failed?", sechubJobUUID);
    assertMetaDataInspections().hasAmountOfInspections(1).inspectionNr(0).hasId("CHECKMARX").hasNotice("presetid", // scenario3_project1 -> replacedPresetId
    "123456").hasNotice("teamid", // scenario3_project1 -> replacedTeamId
    "replacedTeamId");
/* @formatter:on */
}
Also used : MappingEntry(com.mercedesbenz.sechub.sharedkernel.mapping.MappingEntry) MappingData(com.mercedesbenz.sechub.sharedkernel.mapping.MappingData) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) UUID(java.util.UUID) Test(org.junit.Test)

Example 14 with ExecutionResult

use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.

the class ProjectChangeAccessLevelScenario3IntTest method get_job_report__existing_job_read_access_level_changing_test_different_access_levels.

/* @formatter:on */
/* @formatter:off */
@Test
public void get_job_report__existing_job_read_access_level_changing_test_different_access_levels() throws Exception {
    /* prepare + test preconditions */
    TestProject project = PROJECT_1;
    // we start a job by USER1 - at this moment, this is possible, because project access level is "FULL"
    IntegrationTestJSONLocation location = IntegrationTestJSONLocation.CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT;
    ExecutionResult result = as(USER_1).withSecHubClient().startSynchronScanFor(project, location);
    assertReportUnordered(result).finding().id(1).name("Absolute Path Traversal").isContained().hasTrafficLight(TrafficLight.YELLOW);
    UUID jobUUID = result.getSechubJobUUID();
    /* execute */
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.READ_ONLY);
    /* test 1 */
    as(USER_1).getJobReport(project, jobUUID);
    /* execute */
    // we reuse the test, so we have not to create another job etc (reduce time cost)
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.NONE);
    /* test 2 */
    expectHttpFailure(() -> {
        as(USER_1).getJobReport(project, jobUUID);
    }, HttpStatus.FORBIDDEN);
    // even as an administrator, using same rest api
    // the report cannot be fetched
    expectHttpFailure(() -> {
        as(SUPER_ADMIN).getJobReport(project, jobUUID);
    }, new JSonMessageHttpStatusExceptionTestValidator(HttpStatus.FORBIDDEN, "Project " + project.getProjectId() + " does currently not allow read access."));
    /* execute */
    // we reuse the test, so we have not to create another job etc (reduce time cost)
    as(SUPER_ADMIN).changeProjectAccessLevel(project, ProjectAccessLevel.FULL);
    /* test 1 */
    as(USER_1).getJobReport(project, jobUUID);
}
Also used : TestProject(com.mercedesbenz.sechub.integrationtest.api.TestProject) IntegrationTestJSONLocation(com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation) ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) UUID(java.util.UUID) JSonMessageHttpStatusExceptionTestValidator(com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator) Test(org.junit.Test)

Example 15 with ExecutionResult

use of com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult in project sechub by mercedes-benz.

the class ProjectDeleteScenario3IntTest method super_admin_deletes_project__deletes_also_all_scan_and_product_results.

/* @formatter:on */
/* @formatter:off */
@Test
public void super_admin_deletes_project__deletes_also_all_scan_and_product_results() throws Exception {
    /* check preconditions*/
    assertUser(USER_1).isAssignedToProject(PROJECT_1);
    /* prepare - just execute two jobs */
    ExecutionResult result1 = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_SOURCESCAN_GREEN_ZERO_WAIT);
    UUID sechubJobUUID1 = result1.getSechubJobUUID();
    ExecutionResult result2 = as(USER_1).withSecHubClient().startSynchronScanFor(PROJECT_1, CLIENT_JSON_SOURCESCAN_YELLOW_ZERO_WAIT);
    UUID sechubJobUUID2 = result2.getSechubJobUUID();
    /* check preconditions */
    assertNotNull(sechubJobUUID1);
    assertNotNull(sechubJobUUID2);
    assertProject(PROJECT_1).doesExist().hasProductResultsInDomainScan(// 2 x 2(means SERECO + SOURCSCAN RESULT for each job))
    4).hasScanReportsInDomainScan(// 2 x 1 result
    2);
    /* execute */
    as(SUPER_ADMIN).deleteProject(PROJECT_1);
    /* test */
    wait2SecondsSoAsyncDeleteEventsDone();
    assertProject(PROJECT_1).doesNotExist().hasProductResultsInDomainScan(0).hasScanReportsInDomainScan(0);
}
Also used : ExecutionResult(com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult) UUID(java.util.UUID) Test(org.junit.Test)

Aggregations

ExecutionResult (com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult)31 Test (org.junit.Test)25 UUID (java.util.UUID)19 File (java.io.File)11 IntegrationTestJSONLocation (com.mercedesbenz.sechub.integrationtest.api.IntegrationTestJSONLocation)9 AssertFullScanData (com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData)6 AssertExecutionResult (com.mercedesbenz.sechub.integrationtest.api.AssertExecutionResult)5 TestProject (com.mercedesbenz.sechub.integrationtest.api.TestProject)4 SecHubClientExecutor (com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor)4 AdapterMetaData (com.mercedesbenz.sechub.adapter.AdapterMetaData)3 ProjectFalsePositivesDefinition (com.mercedesbenz.sechub.integrationtest.api.AsUser.ProjectFalsePositivesDefinition)3 FullScanDataElement (com.mercedesbenz.sechub.integrationtest.api.AssertFullScanData.FullScanDataElement)3 JSonMessageHttpStatusExceptionTestValidator (com.mercedesbenz.sechub.integrationtest.api.JSonMessageHttpStatusExceptionTestValidator)1 TestUser (com.mercedesbenz.sechub.integrationtest.api.TestUser)1 WithSecHubClient (com.mercedesbenz.sechub.integrationtest.api.WithSecHubClient)1 MappingData (com.mercedesbenz.sechub.sharedkernel.mapping.MappingData)1 MappingEntry (com.mercedesbenz.sechub.sharedkernel.mapping.MappingEntry)1 HashMap (java.util.HashMap)1