Examples with OwaspZapScan com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan used on opensource projects

Search in sources :

Example 1 with OwaspZapScan

use of com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan in project sechub by mercedes-benz.

the class OwaspZapScanExecutorTest method the_result_from_resolver_returned_is_executed.

@Test
void the_result_from_resolver_returned_is_executed() throws Exception {
    /* prepare */
    OwaspZapScanConfiguration scanConfig = mock(OwaspZapScanConfiguration.class);
    ClientApi clientApi = mock(ClientApi.class);
    URI targetUri = new URI("http://www.example.com");
    when(scanConfig.getTargetUri()).thenReturn(targetUri);
    OwaspZapScan scan = mock(OwaspZapScan.class);
    when(resolver.resolveScanImplementation(eq(scanConfig), any())).thenReturn(scan);
    when(clientApiFactory.create(scanConfig.getServerConfig())).thenReturn(clientApi);
    when(connectionChecker.isTargetReachable(targetUri, null)).thenReturn(true);
    /* execute */
    executorToTest.execute(scanConfig);
    /* test */
    verify(connectionChecker).isTargetReachable(targetUri, null);
    verify(clientApiFactory).create(scanConfig.getServerConfig());
    verify(resolver).resolveScanImplementation(scanConfig, clientApi);
    verify(scan).scan();
}
Also used : OwaspZapScanConfiguration(com.mercedesbenz.sechub.owaspzapwrapper.config.OwaspZapScanConfiguration) ClientApi(org.zaproxy.clientapi.core.ClientApi) URI(java.net.URI) OwaspZapScan(com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan) Test(org.junit.jupiter.api.Test)

Example 2 with OwaspZapScan

use of com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan in project sechub by mercedes-benz.

the class OwaspZapScanResolverTest method http_basic_authentication_scan_is_resolved_correctly.

@Test
void http_basic_authentication_scan_is_resolved_correctly() {
    /* prepare */
    OwaspZapScanConfiguration scanConfig = mock(OwaspZapScanConfiguration.class);
    when(scanConfig.getAuthenticationType()).thenReturn(AuthenticationType.HTTP_BASIC_AUTHENTICATION);
    ClientApi clientApi = mock(ClientApi.class);
    /* execute */
    OwaspZapScan scan = resolverToTest.resolveScanImplementation(scanConfig, clientApi);
    /* test */
    assertTrue(scan instanceof HTTPBasicAuthScan);
}
Also used : OwaspZapScanConfiguration(com.mercedesbenz.sechub.owaspzapwrapper.config.OwaspZapScanConfiguration) HTTPBasicAuthScan(com.mercedesbenz.sechub.owaspzapwrapper.scan.auth.HTTPBasicAuthScan) ClientApi(org.zaproxy.clientapi.core.ClientApi) OwaspZapScan(com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 3 with OwaspZapScan

use of com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan in project sechub by mercedes-benz.

the class OwaspZapScanResolver method resolveScanImplementation.

public OwaspZapScan resolveScanImplementation(OwaspZapScanConfiguration scanConfig, ClientApi clientApi) {
    LOG.info("Resolve scan implementation.");
    OwaspZapScan scan;
    AuthenticationType authenticationType = scanConfig.getAuthenticationType();
    if (authenticationType == null) {
        throw new MustExitRuntimeException("No matching scan type could be found.", MustExitCode.AUTHENTICATIONTYPE_CONFIGURATION_INVALID);
    }
    switch(authenticationType) {
        case UNAUTHENTICATED:
            scan = new UnauthenticatedScan(clientApi, scanConfig);
            LOG.info("Using unauthenticated scan");
            break;
        case HTTP_BASIC_AUTHENTICATION:
            scan = new HTTPBasicAuthScan(clientApi, scanConfig);
            LOG.info("Using http basic authentication scan");
            break;
        default:
            throw new MustExitRuntimeException("No matching scan type could be found.", MustExitCode.AUTHENTICATIONTYPE_CONFIGURATION_INVALID);
    }
    return scan;
}
Also used : UnauthenticatedScan(com.mercedesbenz.sechub.owaspzapwrapper.scan.UnauthenticatedScan) HTTPBasicAuthScan(com.mercedesbenz.sechub.owaspzapwrapper.scan.auth.HTTPBasicAuthScan) OwaspZapScan(com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan) AuthenticationType(com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType)

Example 4 with OwaspZapScan

use of com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan in project sechub by mercedes-benz.

the class OwaspZapScanExecutorTest method target_is_not_reachable_throws_mustexitruntimeexception.

@Test
void target_is_not_reachable_throws_mustexitruntimeexception() throws Exception {
    /* prepare */
    OwaspZapScanConfiguration scanConfig = mock(OwaspZapScanConfiguration.class);
    ClientApi clientApi = mock(ClientApi.class);
    URI targetUri = new URI("http://www.my-url.com");
    when(scanConfig.getTargetUri()).thenReturn(targetUri);
    OwaspZapScan scan = mock(OwaspZapScan.class);
    when(resolver.resolveScanImplementation(eq(scanConfig), any())).thenReturn(scan);
    when(clientApiFactory.create(scanConfig.getServerConfig())).thenReturn(clientApi);
    when(connectionChecker.isTargetReachable(targetUri, null)).thenReturn(false);
    /* execute + test */
    assertThrows(MustExitRuntimeException.class, () -> executorToTest.execute(scanConfig));
    verify(connectionChecker).isTargetReachable(targetUri, null);
    verify(scan, never()).scan();
    verify(clientApiFactory, never()).create(scanConfig.getServerConfig());
    verify(resolver, never()).resolveScanImplementation(scanConfig, clientApi);
}
Also used : OwaspZapScanConfiguration(com.mercedesbenz.sechub.owaspzapwrapper.config.OwaspZapScanConfiguration) ClientApi(org.zaproxy.clientapi.core.ClientApi) URI(java.net.URI) OwaspZapScan(com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan) Test(org.junit.jupiter.api.Test)

Example 5 with OwaspZapScan

use of com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan in project sechub by mercedes-benz.

the class OwaspZapScanResolverTest method unauthenticated_scan_is_resolved_correctly.

@Test
void unauthenticated_scan_is_resolved_correctly() {
    /* prepare */
    OwaspZapScanConfiguration scanConfig = mock(OwaspZapScanConfiguration.class);
    when(scanConfig.getAuthenticationType()).thenReturn(AuthenticationType.UNAUTHENTICATED);
    ClientApi clientApi = mock(ClientApi.class);
    /* execute */
    OwaspZapScan scan = resolverToTest.resolveScanImplementation(scanConfig, clientApi);
    /* test */
    assertTrue(scan instanceof UnauthenticatedScan);
}
Also used : UnauthenticatedScan(com.mercedesbenz.sechub.owaspzapwrapper.scan.UnauthenticatedScan) OwaspZapScanConfiguration(com.mercedesbenz.sechub.owaspzapwrapper.config.OwaspZapScanConfiguration) ClientApi(org.zaproxy.clientapi.core.ClientApi) OwaspZapScan(com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

OwaspZapScan (com.mercedesbenz.sechub.owaspzapwrapper.scan.OwaspZapScan)6 ClientApi (org.zaproxy.clientapi.core.ClientApi)5 OwaspZapScanConfiguration (com.mercedesbenz.sechub.owaspzapwrapper.config.OwaspZapScanConfiguration)4 Test (org.junit.jupiter.api.Test)4 UnauthenticatedScan (com.mercedesbenz.sechub.owaspzapwrapper.scan.UnauthenticatedScan)2 HTTPBasicAuthScan (com.mercedesbenz.sechub.owaspzapwrapper.scan.auth.HTTPBasicAuthScan)2 URI (java.net.URI)2 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)2 AuthenticationType (com.mercedesbenz.sechub.owaspzapwrapper.config.auth.AuthenticationType)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial