use of com.mercedesbenz.sechub.sarif.model.Report in project sechub by mercedes-benz.
the class SarifReportSupportTest method specification_properties_snippet_properties_contains_tags.
@Test
void specification_properties_snippet_properties_contains_tags() throws IOException {
/* prepare */
File folder = sarifSpecificationSnippetsFolder;
/* execute */
Report report = supportToTest.loadReport(new File(folder, "specification-properties-snippet.sarif.json"));
/* test */
List<Result> results = report.getRuns().iterator().next().getResults();
Result result = results.iterator().next();
PropertyBag properties = result.getProperties();
assertNotNull(properties);
Object tags = properties.get("tags");
assertEquals(Collections.singleton("openSource"), tags);
}
use of com.mercedesbenz.sechub.sarif.model.Report in project sechub by mercedes-benz.
the class SarifReportSupportTest method microsoft_sarif_tutorial_taxonomies_example__result_messages.
@Test
void microsoft_sarif_tutorial_taxonomies_example__result_messages() throws IOException {
/* prepare */
File codeFlowReportFile = new File(sarifTutorialSamplesFolder, "Taxonomies.sarif");
/* execute */
Report report = supportToTest.loadReport(codeFlowReportFile);
/* test */
List<Run> runs = report.getRuns();
assertEquals(1, runs.size(), "there must be ONE run!");
Run run = runs.iterator().next();
List<Result> results = run.getResults();
assertEquals(2, results.size(), "there must be two result!");
Iterator<Result> iterator = results.iterator();
// sort results by tree map, so we can fetch wanted ones
Map<String, Result> sortedMap = new TreeMap<>();
Result result = iterator.next();
sortedMap.put(result.getRuleId(), result);
result = iterator.next();
sortedMap.put(result.getRuleId(), result);
Result result1 = sortedMap.get("TUT1001");
assertNotNull(result1);
assertEquals("TUT1001", result1.getRuleId());
assertEquals("This result violates a rule that is classified as 'Required'.", result1.getMessage().getText());
Result result2 = sortedMap.get("TUT1002");
assertNotNull(result2);
assertEquals("TUT1002", result2.getRuleId());
assertEquals("This result violates a rule that is classified as 'Recommended'.", result2.getMessage().getText());
}
use of com.mercedesbenz.sechub.sarif.model.Report in project sechub by mercedes-benz.
the class SarifReportSupportTest method microsoft_sarif_tutorial_taxonomies_example_taxonomies_deserialized_correclty.
@Test
void microsoft_sarif_tutorial_taxonomies_example_taxonomies_deserialized_correclty() throws IOException {
/* prepare */
File codeFlowReportFile = new File(sarifTutorialSamplesFolder, "Taxonomies.sarif");
/* execute */
Report report = supportToTest.loadReport(codeFlowReportFile);
/* test */
List<Run> runs = report.getRuns();
assertEquals(1, runs.size(), "there must be ONE run!");
Run run = runs.iterator().next();
List<Taxonomy> taxonomies = run.getTaxonomies();
Map<String, Taxonomy> sortedTaxonomiesMap = new TreeMap<>();
for (Taxonomy taxonomy : taxonomies) {
sortedTaxonomiesMap.put(taxonomy.getGuid(), taxonomy);
}
Taxonomy taxonomy1 = sortedTaxonomiesMap.get("1A567403-868F-405E-92CF-771A9ECB03A1");
assertEquals("Requirement levels", taxonomy1.getName());
assertEquals(new Message("This taxonomy classifies rules according to whether their use is required or recommended by company policy."), taxonomy1.getShortDescription());
Map<String, Taxon> sortedTaxaMap = new TreeMap<>();
for (Taxon taxon : taxonomy1.getTaxa()) {
sortedTaxaMap.put(taxon.getId(), taxon);
}
Taxon taxon1 = sortedTaxaMap.get("RQL1001");
assertNotNull(taxon1);
assertEquals("Required", taxon1.getName());
assertEquals(new Message("Rules in this category are required by company policy. All violations must be fixed unless an exemption is granted."), taxon1.getShortDescription());
Taxon taxon2 = sortedTaxaMap.get("RQL1002");
assertNotNull(taxon2);
assertEquals("Recommended", taxon2.getName());
assertEquals(new Message("Rules in this category are recommended but not required by company policy. Violations should be fixed but an exemption is not required to suppress a result."), taxon2.getShortDescription());
}
use of com.mercedesbenz.sechub.sarif.model.Report in project sechub by mercedes-benz.
the class SarifReportSupportTest method testReports.
private void testReports(File folder, int expectedCount, String expectedSarifVersion) throws IOException {
int count = 0;
for (File file : folder.listFiles(sarifFileEndingFilter)) {
/* prepare */
LOG.info("Reading sarif report:{}", file);
count++;
String sarifJson = TestFileReader.loadTextFile(file);
assertNotNull(sarifJson);
/* execute */
Report report = supportToTest.loadReport(sarifJson);
/* test */
assertNotNull(report);
assertEquals(expectedSarifVersion, report.getVersion());
}
/* sanity check */
assertEquals(expectedCount, count, "Not amount of expected files were read as sarif report!");
}
use of com.mercedesbenz.sechub.sarif.model.Report in project sechub by mercedes-benz.
the class SarifReportSupportTest method microsoft_sarif_tutorial_codeflow_example.
@Test
void microsoft_sarif_tutorial_codeflow_example() throws IOException {
/* prepare */
File codeFlowReportFile = new File(sarifTutorialSamplesFolder, "CodeFlows.sarif");
/* execute */
Report report = supportToTest.loadReport(codeFlowReportFile);
/* test */
List<Run> runs = report.getRuns();
assertEquals(1, runs.size(), "there must be ONE run!");
Run run = runs.iterator().next();
List<Result> results = run.getResults();
assertEquals(1, results.size(), "there must be ONE result!");
Result result = results.iterator().next();
assertEquals("TUT1001", result.getRuleId());
assertEquals("Use of uninitialized variable.", result.getMessage().getText());
List<CodeFlow> codeFlows = result.getCodeFlows();
assertEquals(2, codeFlows.size());
}
Aggregations