Example 1 with CodeFlow
use of com.mercedesbenz.sechub.sarif.model.CodeFlow in project sechub by mercedes-benz.
the class SarifReportSupportTest method microsoft_sarif_tutorial_codeflow_example.
@Test
void microsoft_sarif_tutorial_codeflow_example() throws IOException {
/* prepare */
File codeFlowReportFile = new File(sarifTutorialSamplesFolder, "CodeFlows.sarif");
/* execute */
Report report = supportToTest.loadReport(codeFlowReportFile);
/* test */
List<Run> runs = report.getRuns();
assertEquals(1, runs.size(), "there must be ONE run!");
Run run = runs.iterator().next();
List<Result> results = run.getResults();
assertEquals(1, results.size(), "there must be ONE result!");
Result result = results.iterator().next();
assertEquals("TUT1001", result.getRuleId());
assertEquals("Use of uninitialized variable.", result.getMessage().getText());
List<CodeFlow> codeFlows = result.getCodeFlows();
assertEquals(2, codeFlows.size());
}Example 2 with CodeFlow
use of com.mercedesbenz.sechub.sarif.model.CodeFlow in project sechub by mercedes-benz.
the class SarifV1JSONImporter method resolveCodeInfoFromCodeFlow.
private SerecoCodeCallStackElement resolveCodeInfoFromCodeFlow(Result result) {
Optional<CodeFlow> codeFlows = result.getCodeFlows().stream().findFirst();
if (!codeFlows.isPresent()) {
return null;
}
Optional<ThreadFlow> optFlow = codeFlows.get().getThreadFlows().stream().findFirst();
if (!optFlow.isPresent()) {
return null;
}
ThreadFlow flow = optFlow.get();
List<Location> locations = flow.getLocations().stream().map(location -> location.getLocation()).collect(Collectors.toList());
return resolveCodeInfoFromLocations(locations);
}
Also used :
Message(com.mercedesbenz.sechub.sarif.model.Message)
PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)
Run(com.mercedesbenz.sechub.sarif.model.Run)
LoggerFactory(org.slf4j.LoggerFactory)
Region(com.mercedesbenz.sechub.sarif.model.Region)
SerecoWebRequest(com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest)
Location(com.mercedesbenz.sechub.sarif.model.Location)
ArrayList(java.util.ArrayList)
Rule(com.mercedesbenz.sechub.sarif.model.Rule)
WebRequest(com.mercedesbenz.sechub.sarif.model.WebRequest)
ImportParameter(com.mercedesbenz.sechub.sereco.ImportParameter)
Level(com.mercedesbenz.sechub.sarif.model.Level)
Map(java.util.Map)
CodeFlow(com.mercedesbenz.sechub.sarif.model.CodeFlow)
WebResponse(com.mercedesbenz.sechub.sarif.model.WebResponse)
ThreadFlow(com.mercedesbenz.sechub.sarif.model.ThreadFlow)
SerecoSeverity(com.mercedesbenz.sechub.sereco.metadata.SerecoSeverity)
ToolComponentReference(com.mercedesbenz.sechub.sarif.model.ToolComponentReference)
SarifReportSupport(com.mercedesbenz.sechub.sarif.SarifReportSupport)
Result(com.mercedesbenz.sechub.sarif.model.Result)
SerecoWeb(com.mercedesbenz.sechub.sereco.metadata.SerecoWeb)
Logger(org.slf4j.Logger)
SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)
SerecoWebBody(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBody)
ScanType(com.mercedesbenz.sechub.commons.model.ScanType)
SimpleStringUtils(com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils)
ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent)
SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)
ReportingDescriptorRelationship(com.mercedesbenz.sechub.sarif.model.ReportingDescriptorRelationship)
IOException(java.io.IOException)
Collectors(java.util.stream.Collectors)
ReportingDescriptorReference(com.mercedesbenz.sechub.sarif.model.ReportingDescriptorReference)
SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability)
List(java.util.List)
Component(org.springframework.stereotype.Component)
ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation)
SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement)
Report(com.mercedesbenz.sechub.sarif.model.Report)
SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)
PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag)
SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)
SerecoWebResponse(com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse)
Optional(java.util.Optional)
ThreadFlow(com.mercedesbenz.sechub.sarif.model.ThreadFlow)
CodeFlow(com.mercedesbenz.sechub.sarif.model.CodeFlow)
PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)
Location(com.mercedesbenz.sechub.sarif.model.Location)
ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation)
SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)
Aggregations
CodeFlow (com.mercedesbenz.sechub.sarif.model.CodeFlow)2
Report (com.mercedesbenz.sechub.sarif.model.Report)2
Result (com.mercedesbenz.sechub.sarif.model.Result)2
Run (com.mercedesbenz.sechub.sarif.model.Run)2
SimpleStringUtils (com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils)1
ScanType (com.mercedesbenz.sechub.commons.model.ScanType)1
SarifReportSupport (com.mercedesbenz.sechub.sarif.SarifReportSupport)1
ArtifactContent (com.mercedesbenz.sechub.sarif.model.ArtifactContent)1
ArtifactLocation (com.mercedesbenz.sechub.sarif.model.ArtifactLocation)1
Level (com.mercedesbenz.sechub.sarif.model.Level)1
Location (com.mercedesbenz.sechub.sarif.model.Location)1
Message (com.mercedesbenz.sechub.sarif.model.Message)1
PhysicalLocation (com.mercedesbenz.sechub.sarif.model.PhysicalLocation)1
PropertyBag (com.mercedesbenz.sechub.sarif.model.PropertyBag)1
Region (com.mercedesbenz.sechub.sarif.model.Region)1
ReportingDescriptorReference (com.mercedesbenz.sechub.sarif.model.ReportingDescriptorReference)1
ReportingDescriptorRelationship (com.mercedesbenz.sechub.sarif.model.ReportingDescriptorRelationship)1
Rule (com.mercedesbenz.sechub.sarif.model.Rule)1
ThreadFlow (com.mercedesbenz.sechub.sarif.model.ThreadFlow)1
ToolComponentReference (com.mercedesbenz.sechub.sarif.model.ToolComponentReference)1
