Examples with AuthenticationType com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType used on opensource projects

Example 1 with AuthenticationType

use of com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType in project sechub by mercedes-benz.

the class OwaspZapScanConfigurationFactoryTest method authentication_type_from_config_is_in_result.

@Test
void authentication_type_from_config_is_in_result() {
    /* prepare */
    CommandLineSettings settings = createSettingsMockWithNecessaryParts();
    SecHubWebScanConfiguration config = simulateProvidedSecHubConfiguration(settings);
    AuthenticationType type = AuthenticationType.FORM_BASED_AUTHENTICATION;
    when(sechubWebConfigHelper.determineAuthenticationType(config)).thenReturn(type);
    /* execute */
    OwaspZapScanConfiguration result = factoryToTest.create(settings);
    /* test */
    assertEquals(result.getAuthenticationType(), type);
}

Example 2 with AuthenticationType

use of com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType in project sechub by mercedes-benz.

the class SecHubWebScanConfigurationHelperTest method determines_AuthenticationType_sechub_config_is_null.

@Test
void determines_AuthenticationType_sechub_config_is_null() {
    /* execute */
    AuthenticationType authTypeFromNull = helperToTest.determineAuthenticationType(null);
    /* test */
    assertEquals(authTypeFromNull, AuthenticationType.UNAUTHENTICATED);
}

Example 3 with AuthenticationType

use of com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType in project sechub by mercedes-benz.

the class OwaspZapScanResolver method resolveScanImplementation.

public OwaspZapScan resolveScanImplementation(OwaspZapScanConfiguration scanConfig, ClientApi clientApi) {
    LOG.info("Resolve scan implementation.");
    OwaspZapScan scan;
    AuthenticationType authenticationType = scanConfig.getAuthenticationType();
    if (authenticationType == null) {
        throw new MustExitRuntimeException("No matching scan type could be found.", MustExitCode.AUTHENTICATIONTYPE_CONFIGURATION_INVALID);
    }
    switch(authenticationType) {
        case UNAUTHENTICATED:
            scan = new UnauthenticatedScan(clientApi, scanConfig);
            LOG.info("Using unauthenticated scan");
            break;
        case HTTP_BASIC_AUTHENTICATION:
            scan = new HTTPBasicAuthScan(clientApi, scanConfig);
            LOG.info("Using http basic authentication scan");
            break;
        default:
            throw new MustExitRuntimeException("No matching scan type could be found.", MustExitCode.AUTHENTICATIONTYPE_CONFIGURATION_INVALID);
    }
    return scan;
}

Example 4 with AuthenticationType

use of com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType in project sechub by mercedes-benz.

the class OwaspZapScanConfigurationFactory method create.

public OwaspZapScanConfiguration create(CommandLineSettings settings) {
    if (settings == null) {
        throw new MustExitRuntimeException("Command line settings must not be null!", MustExitCode.COMMANDLINE_CONFIGURATION_INVALID);
    }
    /* Wrapper settings */
    OwaspZapServerConfiguration serverConfig = createOwaspZapServerConfig(settings);
    ProxyInformation proxyInformation = createProxyInformation(settings);
    /* SecHub settings */
    URI targetUri = targetUriFactory.create(settings.getTargetURL());
    SecHubWebScanConfiguration sechubWebConfig = webConfigProvider.getSecHubWebConfiguration(settings.getSecHubConfigFile());
    long maxScanDurationInMillis = sechubWebConfigHelper.fetchMaxScanDurationInMillis(sechubWebConfig);
    AuthenticationType authType = sechubWebConfigHelper.determineAuthenticationType(sechubWebConfig);
    /* we always use the SecHub job UUID as OWASP Zap context name */
    String contextName = settings.getJobUUID();
    if (contextName == null) {
        contextName = UUID.randomUUID().toString();
        LOG.warn("The job UUID was not set. Using randomly generated UUID: {} as fallback.", contextName);
    }
    /* @formatter:off */
    OwaspZapScanConfiguration scanConfig = OwaspZapScanConfiguration.builder().setTargetUri(targetUri).setVerboseOutput(settings.isVerboseEnabled()).setReportFile(settings.getReportFile()).setContextName(contextName).setAjaxSpiderEnabled(settings.isAjaxSpiderEnabled()).setActiveScanEnabled(settings.isActiveScanEnabled()).setServerConfig(serverConfig).setAuthenticationType(authType).setMaxScanDurationInMillis(maxScanDurationInMillis).setSecHubWebScanConfiguration(sechubWebConfig).setProxyInformation(proxyInformation).build();
    /* @formatter:on */
    return scanConfig;
}

Example 5 with AuthenticationType

use of com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType in project sechub by mercedes-benz.

the class SecHubWebScanConfigurationHelperTest method determines_AuthenticationType_sechub_config_has_basic_auth.

@Test
void determines_AuthenticationType_sechub_config_has_basic_auth() {
    /* prepare */
    File file = new File("src/test/resources/sechub-config-examples/basic-auth.json");
    String sechubConfigJSON = TestFileReader.loadTextFile(file);
    SecHubScanConfiguration sechubConfig = SecHubScanConfiguration.createFromJSON(sechubConfigJSON);
    SecHubWebScanConfiguration secHubWebScanConfiguration = sechubConfig.getWebScan().get();
    /* execute */
    AuthenticationType authenticationType = helperToTest.determineAuthenticationType(secHubWebScanConfiguration);
    /* test */
    assertEquals(authenticationType, AuthenticationType.HTTP_BASIC_AUTHENTICATION);
}