Search in sources :

Example 1 with PropertyBag

use of com.mercedesbenz.sechub.sarif.model.PropertyBag in project sechub by mercedes-benz.

the class SarifReportSupportTest method specification_properties_snippet_properties_contains_tags.

@Test
void specification_properties_snippet_properties_contains_tags() throws IOException {
    /* prepare */
    File folder = sarifSpecificationSnippetsFolder;
    /* execute */
    Report report = supportToTest.loadReport(new File(folder, "specification-properties-snippet.sarif.json"));
    /* test */
    List<Result> results = report.getRuns().iterator().next().getResults();
    Result result = results.iterator().next();
    PropertyBag properties = result.getProperties();
    assertNotNull(properties);
    Object tags = properties.get("tags");
    assertEquals(Collections.singleton("openSource"), tags);
}
Also used : Report(com.mercedesbenz.sechub.sarif.model.Report) PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag) File(java.io.File) Result(com.mercedesbenz.sechub.sarif.model.Result) Test(org.junit.jupiter.api.Test)

Example 2 with PropertyBag

use of com.mercedesbenz.sechub.sarif.model.PropertyBag in project sechub by mercedes-benz.

the class SarifReportSupportTest method specification_properties_snippet_properties_contains_opensource_key_and_map_value.

@Test
void specification_properties_snippet_properties_contains_opensource_key_and_map_value() throws IOException {
    /* prepare */
    File folder = sarifSpecificationSnippetsFolder;
    /* execute */
    Report report = supportToTest.loadReport(new File(folder, "specification-properties-snippet.sarif.json"));
    /* test */
    List<Result> results = report.getRuns().iterator().next().getResults();
    Result result = results.iterator().next();
    PropertyBag properties = result.getProperties();
    assertNotNull(properties);
    openSourceData = properties.get("openSource");
    if (openSourceData instanceof Map) {
        @SuppressWarnings("unchecked") Map<String, Object> map = (Map<String, Object>) openSourceData;
        String informationUri = (String) map.get("informationUri");
        assertEquals("http://www.example.com/procedures/usingOpenSource.html", informationUri);
    } else {
        fail("expected map but found:" + openSourceData);
    }
}
Also used : Report(com.mercedesbenz.sechub.sarif.model.Report) PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag) File(java.io.File) Map(java.util.Map) TreeMap(java.util.TreeMap) Result(com.mercedesbenz.sechub.sarif.model.Result) Test(org.junit.jupiter.api.Test)

Example 3 with PropertyBag

use of com.mercedesbenz.sechub.sarif.model.PropertyBag in project sechub by mercedes-benz.

the class SarifReportSupportTest method specification_properties_snippet_properties_contains_opensource_key_and_map_value_and_can_be_written.

@Test
void specification_properties_snippet_properties_contains_opensource_key_and_map_value_and_can_be_written() throws IOException {
    /* prepare */
    File folder = sarifSpecificationSnippetsFolder;
    /* execute */
    Report report = supportToTest.loadReport(new File(folder, "specification-properties-snippet.sarif.json"));
    /* test */
    List<Result> results = report.getRuns().iterator().next().getResults();
    Result result = results.iterator().next();
    PropertyBag properties = result.getProperties();
    assertNotNull(properties);
    openSourceData = properties.get("openSource");
    if (openSourceData instanceof Map) {
        @SuppressWarnings("unchecked") Map<String, Object> map = (Map<String, Object>) openSourceData;
        String informationUri = (String) map.get("informationUri");
        assertEquals("http://www.example.com/procedures/usingOpenSource.html", informationUri);
    } else {
        fail("expected map but found:" + openSourceData);
    }
}
Also used : Report(com.mercedesbenz.sechub.sarif.model.Report) PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag) File(java.io.File) Map(java.util.Map) TreeMap(java.util.TreeMap) Result(com.mercedesbenz.sechub.sarif.model.Result) Test(org.junit.jupiter.api.Test)

Example 4 with PropertyBag

use of com.mercedesbenz.sechub.sarif.model.PropertyBag in project sechub by mercedes-benz.

the class SarifV1JSONImporter method resolveSolution.

private void resolveSolution(Rule rule, ResultData data, Run run) {
    PropertyBag ruleProperties = rule.getProperties();
    if (ruleProperties == null) {
        return;
    }
    Object solution = ruleProperties.get("solution");
    if (!(solution instanceof Map)) {
        return;
    }
    Map<?, ?> solutionAsMap = (Map<?, ?>) solution;
    Object solutionText = solutionAsMap.get("text");
    if (solutionText == null) {
        return;
    }
    data.solution = solutionText.toString();
}
Also used : PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag) Map(java.util.Map)

Example 5 with PropertyBag

use of com.mercedesbenz.sechub.sarif.model.PropertyBag in project sechub by mercedes-benz.

the class SarifV1JSONImporter method handleWebAttack.

private void handleWebAttack(Result result, SerecoWeb serecoWeb) {
    List<Location> sarifLocations = result.getLocations();
    if (sarifLocations.size() <= 0) {
        return;
    }
    Location sarifLocation = sarifLocations.iterator().next();
    PhysicalLocation sarifPhysicalLocation = sarifLocation.getPhysicalLocation();
    if (sarifPhysicalLocation == null) {
        return;
    }
    Region sarifRegion = sarifPhysicalLocation.getRegion();
    if (sarifRegion == null) {
        return;
    }
    /* evidence */
    SerecoWebEvidence serecoWebEvidence = new SerecoWebEvidence();
    SerecoWebBodyLocation bodyLocation = new SerecoWebBodyLocation();
    bodyLocation.setStartLine(sarifRegion.getStartLine());
    serecoWebEvidence.setBodyLocation(bodyLocation);
    ArtifactContent sarifSnippet = sarifRegion.getSnippet();
    if (sarifSnippet != null) {
        serecoWebEvidence.setSnippet(sarifSnippet.getText());
    }
    /* attack */
    SerecoWebAttack serecoAttack = serecoWeb.getAttack();
    PropertyBag locationProperties = sarifLocation.getProperties();
    if (locationProperties != null) {
        Object attack = locationProperties.get("attack");
        if (SimpleStringUtils.isNotEmpty(attack)) {
            serecoAttack.setVector(attack.toString());
        }
    }
    serecoAttack.setEvidence(serecoWebEvidence);
}
Also used : SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence) ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent) SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack) PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag) Region(com.mercedesbenz.sechub.sarif.model.Region) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation) Location(com.mercedesbenz.sechub.sarif.model.Location) ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)

Aggregations

PropertyBag (com.mercedesbenz.sechub.sarif.model.PropertyBag)5 Report (com.mercedesbenz.sechub.sarif.model.Report)3 Result (com.mercedesbenz.sechub.sarif.model.Result)3 File (java.io.File)3 Map (java.util.Map)3 Test (org.junit.jupiter.api.Test)3 TreeMap (java.util.TreeMap)2 ArtifactContent (com.mercedesbenz.sechub.sarif.model.ArtifactContent)1 ArtifactLocation (com.mercedesbenz.sechub.sarif.model.ArtifactLocation)1 Location (com.mercedesbenz.sechub.sarif.model.Location)1 PhysicalLocation (com.mercedesbenz.sechub.sarif.model.PhysicalLocation)1 Region (com.mercedesbenz.sechub.sarif.model.Region)1 SerecoWebAttack (com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)1 SerecoWebBodyLocation (com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)1 SerecoWebEvidence (com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)1