Examples with MustExitRuntimeException com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException used on opensource projects

Example 1 with MustExitRuntimeException

use of com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException in project sechub by mercedes-benz.

the class AbstractScan method resolveParentDirectoryPath.

private String resolveParentDirectoryPath(Path reportFile) {
    if (reportFile == null) {
        throw new MustExitRuntimeException("For scan: " + scanConfig.getContextName() + ". Report file not set.", MustExitCode.REPORT_FILE_ERROR);
    }
    if (Files.isDirectory(reportFile)) {
        throw new MustExitRuntimeException("For scan: " + scanConfig.getContextName() + ". Report file must not be a directory!", MustExitCode.REPORT_FILE_ERROR);
    }
    Path parent = reportFile.getParent();
    Path absolutePath = parent.toAbsolutePath();
    return absolutePath.toString();
}

Example 2 with MustExitRuntimeException

use of com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException in project sechub by mercedes-benz.

the class AbstractScan method renameReportFileIfFileExtensionIsNotJSON.

/**
 * This method is used to rename the file back to the specified name in case the
 * file did not end with .json.
 *
 * The reason for this method is that the Owasp Zap appends ".json" to the
 * result file if we generate a report in json format. The PDS result.txt will
 * then be called result.txt.json. Because of this behaviour the file will be
 * renamed.
 */
private void renameReportFileIfFileExtensionIsNotJSON() {
    String specifiedReportFile = scanConfig.getReportFile().toAbsolutePath().toFile().getAbsolutePath();
    // If the Owasp Zap creates the file below, it will be renamed to the originally
    // specified name
    File owaspZapCreatedFile = new File(specifiedReportFile + ".json");
    if (owaspZapCreatedFile.exists()) {
        try {
            Path owaspzapReport = Paths.get(specifiedReportFile + ".json");
            Files.move(owaspzapReport, owaspzapReport.resolveSibling(scanConfig.getReportFile().toAbsolutePath()), StandardCopyOption.REPLACE_EXISTING);
        } catch (IOException e) {
            throw new MustExitRuntimeException("For scan: " + scanConfig.getContextName() + ". An error occurred renaming the report file", e, MustExitCode.REPORT_FILE_ERROR);
        }
    }
}

Example 3 with MustExitRuntimeException

use of com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException in project sechub by mercedes-benz.

the class OwaspZapScanConfigurationFactory method create.

public OwaspZapScanConfiguration create(CommandLineSettings settings) {
    if (settings == null) {
        throw new MustExitRuntimeException("Command line settings must not be null!", MustExitCode.COMMANDLINE_CONFIGURATION_INVALID);
    }
    /* Wrapper settings */
    OwaspZapServerConfiguration serverConfig = createOwaspZapServerConfig(settings);
    ProxyInformation proxyInformation = createProxyInformation(settings);
    /* SecHub settings */
    URI targetUri = targetUriFactory.create(settings.getTargetURL());
    SecHubWebScanConfiguration sechubWebConfig = webConfigProvider.getSecHubWebConfiguration(settings.getSecHubConfigFile());
    long maxScanDurationInMillis = sechubWebConfigHelper.fetchMaxScanDurationInMillis(sechubWebConfig);
    AuthenticationType authType = sechubWebConfigHelper.determineAuthenticationType(sechubWebConfig);
    /* we always use the SecHub job UUID as OWASP Zap context name */
    String contextName = settings.getJobUUID();
    if (contextName == null) {
        contextName = UUID.randomUUID().toString();
        LOG.warn("The job UUID was not set. Using randomly generated UUID: {} as fallback.", contextName);
    }
    /* @formatter:off */
    OwaspZapScanConfiguration scanConfig = OwaspZapScanConfiguration.builder().setTargetUri(targetUri).setVerboseOutput(settings.isVerboseEnabled()).setReportFile(settings.getReportFile()).setContextName(contextName).setAjaxSpiderEnabled(settings.isAjaxSpiderEnabled()).setActiveScanEnabled(settings.isActiveScanEnabled()).setServerConfig(serverConfig).setAuthenticationType(authType).setMaxScanDurationInMillis(maxScanDurationInMillis).setSecHubWebScanConfiguration(sechubWebConfig).setProxyInformation(proxyInformation).build();
    /* @formatter:on */
    return scanConfig;
}

Example 4 with MustExitRuntimeException

use of com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException in project sechub by mercedes-benz.

the class TargetConnectionChecker method isTargetReachable.

/**
 * Tests if site is reachable - no matter if certificate is self signed or not
 * trusted!
 *
 * @param targetUri
 * @param proxyInformation
 * @return <code>true</code> when reachable otherwise <code>false</code>
 */
public boolean isTargetReachable(URI targetUri, ProxyInformation proxyInformation) {
    URL urlToCheckConnection;
    try {
        urlToCheckConnection = targetUri.toURL();
    } catch (MalformedURLException e) {
        throw new MustExitRuntimeException("Target URI " + targetUri + " could not be converted to URL!", null);
    }
    TrustManager pseudoTrustManager = createTrustManagerWhichTrustsEveryBody();
    SSLContext sslContext = createSSLContextForTrustManager(pseudoTrustManager);
    try {
        LOG.info("Trying to reach target URL: {}", urlToCheckConnection.toExternalForm());
        HttpURLConnection connection;
        if (proxyInformation == null) {
            connection = (HttpURLConnection) urlToCheckConnection.openConnection();
        } else {
            Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyInformation.getHost(), proxyInformation.getPort()));
            connection = (HttpURLConnection) urlToCheckConnection.openConnection(proxy);
        }
        if (connection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsUrlConnection = (HttpsURLConnection) connection;
            httpsUrlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
            httpsUrlConnection.setHostnameVerifier(new AllowAllHostnameVerifier());
        }
        int responseCode = connection.getResponseCode();
        if (isReponseCodeValid(responseCode)) {
            LOG.info("Target is reachable.");
            return true;
        } else {
            LOG.error("Target is NOT reachable. Aborting Scan...");
        }
    } catch (IOException e) {
        LOG.error("An exception occurred while checking if target URL is reachable: {} because: {}", urlToCheckConnection.toExternalForm(), e.getMessage());
    }
    return false;
}

Example 5 with MustExitRuntimeException

use of com.mercedesbenz.sechub.owaspzapwrapper.cli.MustExitRuntimeException in project sechub by mercedes-benz.

the class SechubWebConfigProvider method getSecHubWebConfiguration.

public SecHubWebScanConfiguration getSecHubWebConfiguration(File secHubConfigFile) {
    TextFileReader fileReader = new TextFileReader();
    if (secHubConfigFile == null) {
        // can happen when an unauthenticated scan is started with only the target URL
        return new SecHubWebScanConfiguration();
    }
    String sechubConfigJson;
    SecHubScanConfiguration sechubConfig;
    try {
        sechubConfigJson = fileReader.loadTextFile(secHubConfigFile);
        sechubConfig = SecHubScanConfiguration.createFromJSON(sechubConfigJson);
    } catch (IOException e) {
        throw new MustExitRuntimeException("Was not able to read sechub config file: " + secHubConfigFile, e, MustExitCode.SECHUB_CONFIGURATION_INVALID);
    }
    return getSecHubWebConfiguration(sechubConfig);
}