Examples with Rule com.mercedesbenz.sechub.sarif.model.Rule used on opensource projects

Search in sources :

Example 1 with Rule

use of com.mercedesbenz.sechub.sarif.model.Rule in project sechub by mercedes-benz.

the class SarifReportSupport method fetchRuleForResult.

public Rule fetchRuleForResult(Result result, Run run) {
    // Each run has ONE tool, multiple results and taxonomies
    Tool tool = run.getTool();
    Driver driver = tool.getDriver();
    List<Rule> rules = driver.getRules();
    String ruleId = result.getRuleId();
    /* @formatter:off */
    Rule ruleFound = rules.stream().filter(rule -> rule.getId().equals(ruleId)).findFirst().orElse(null);
    /* @formatter:on */
    return ruleFound;
}
Also used : Driver(com.mercedesbenz.sechub.sarif.model.Driver) Rule(com.mercedesbenz.sechub.sarif.model.Rule) Tool(com.mercedesbenz.sechub.sarif.model.Tool)

Example 2 with Rule

use of com.mercedesbenz.sechub.sarif.model.Rule in project sechub by mercedes-benz.

the class SarifReportSupportTest method microsoft_sarif_tutorial_taxonomies_example__result_defaultocnfiguraiton_level.

@Test
void microsoft_sarif_tutorial_taxonomies_example__result_defaultocnfiguraiton_level() throws IOException {
    /* prepare */
    File codeFlowReportFile = new File(sarifTutorialSamplesFolder, "Taxonomies.sarif");
    /* execute */
    Report report = supportToTest.loadReport(codeFlowReportFile);
    /* test */
    List<Run> runs = report.getRuns();
    assertEquals(1, runs.size(), "there must be ONE run!");
    Run run = runs.iterator().next();
    List<Rule> rules = run.getTool().getDriver().getRules();
    Map<String, Rule> sortedMap = new TreeMap<>();
    for (Rule rule : rules) {
        sortedMap.put(rule.getId(), rule);
    }
    Rule rule1 = sortedMap.get("TUT0001");
    assertNotNull(rule1);
    ReportingConfiguration defaultConfig1 = rule1.getDefaultConfiguration();
    assertNotNull(defaultConfig1);
    assertEquals(Level.ERROR, defaultConfig1.getLevel());
    Rule rule2 = sortedMap.get("TUT0002");
    assertNotNull(rule2);
    ReportingConfiguration defaultConfig2 = rule2.getDefaultConfiguration();
    assertNotNull(defaultConfig2);
    assertEquals(Level.WARNING, defaultConfig2.getLevel());
}
Also used : Report(com.mercedesbenz.sechub.sarif.model.Report) Run(com.mercedesbenz.sechub.sarif.model.Run) Rule(com.mercedesbenz.sechub.sarif.model.Rule) TreeMap(java.util.TreeMap) File(java.io.File) ReportingConfiguration(com.mercedesbenz.sechub.sarif.model.ReportingConfiguration) Test(org.junit.jupiter.api.Test)

Example 3 with Rule

use of com.mercedesbenz.sechub.sarif.model.Rule in project sechub by mercedes-benz.

the class SarifReportSupportTest method brakeman_sarif_example_with_tags__tags_can_be_fetched.

@Test
void brakeman_sarif_example_with_tags__tags_can_be_fetched() throws IOException {
    /* prepare */
    File codeFlowReportFile = new File(sarifBrakemanFolder, "sarif_2_1_0__brakeman_testfile_with_tags.sarif.json");
    /* execute */
    Report report = supportToTest.loadReport(codeFlowReportFile);
    /* test */
    List<Run> runs = report.getRuns();
    assertEquals(1, runs.size(), "there must be ONE run!");
    Run run = runs.iterator().next();
    List<Result> results = run.getResults();
    assertEquals(32, results.size(), "there must be 32 results!");
    Result result = results.iterator().next();
    Rule rule = supportToTest.fetchRuleForResult(result, run);
    Set<String> tags = rule.getProperties().fetchTags();
    assertNotNull(tags);
    Set<String> expected = new LinkedHashSet<>();
    expected.add("ContentTag");
    expected.add("Tag2");
    expected.add("Tag3");
    assertEquals(expected, tags);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) Report(com.mercedesbenz.sechub.sarif.model.Report) Run(com.mercedesbenz.sechub.sarif.model.Run) Rule(com.mercedesbenz.sechub.sarif.model.Rule) File(java.io.File) Result(com.mercedesbenz.sechub.sarif.model.Result) Test(org.junit.jupiter.api.Test)

Example 4 with Rule

use of com.mercedesbenz.sechub.sarif.model.Rule in project sechub by mercedes-benz.

the class SarifV1JSONImporter method createSerecoVulnerability.

private SerecoVulnerability createSerecoVulnerability(Run run, Result result) {
    if (result == null) {
        return null;
    }
    SerecoVulnerability vulnerability = new SerecoVulnerability();
    Rule ruleFound = sarifSupport.fetchRuleForResult(result, run);
    ResultData resultData = resolveData(ruleFound, run, result);
    vulnerability.setType(resultData.identifiedType);
    vulnerability.setDescription(resultData.description);
    vulnerability.setSolution(resultData.solution);
    vulnerability.setSeverity(resolveSeverity(result, run));
    vulnerability.getClassification().setCwe(resultData.cweId);
    detectScanTypeAndInspectOnDemand(result, vulnerability);
    return vulnerability;
}
Also used : SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) Rule(com.mercedesbenz.sechub.sarif.model.Rule)

Example 5 with Rule

use of com.mercedesbenz.sechub.sarif.model.Rule in project sechub by mercedes-benz.

the class SarifReportSupport method resolveLevel.

/**
 * Tries first the result level. If not set, the level will be obtained by
 * default configuration if available. If not found {@link Level#NONE} is
 * returned
 *
 * @param result
 * @param run
 * @return level, never null
 */
public Level resolveLevel(Result result, Run run) {
    Level level = result.getLevel();
    if (level != null) {
        return level;
    }
    Rule rule = fetchRuleForResult(result, run);
    if (rule != null) {
        /* @formatter:off

               first fetch default from rule
               see https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317850

               @formatter:on */
        ReportingConfiguration defaultConfiguration = rule.getDefaultConfiguration();
        if (defaultConfiguration != null) {
            level = defaultConfiguration.getLevel();
        }
    }
    if (level == null) {
        level = Level.NONE;
    }
    return level;
}
Also used : Level(com.mercedesbenz.sechub.sarif.model.Level) Rule(com.mercedesbenz.sechub.sarif.model.Rule) ReportingConfiguration(com.mercedesbenz.sechub.sarif.model.ReportingConfiguration)

Aggregations

Rule (com.mercedesbenz.sechub.sarif.model.Rule)5 Report (com.mercedesbenz.sechub.sarif.model.Report)2 ReportingConfiguration (com.mercedesbenz.sechub.sarif.model.ReportingConfiguration)2 Run (com.mercedesbenz.sechub.sarif.model.Run)2 File (java.io.File)2 Test (org.junit.jupiter.api.Test)2 Driver (com.mercedesbenz.sechub.sarif.model.Driver)1 Level (com.mercedesbenz.sechub.sarif.model.Level)1 Result (com.mercedesbenz.sechub.sarif.model.Result)1 Tool (com.mercedesbenz.sechub.sarif.model.Tool)1 SerecoVulnerability (com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability)1 LinkedHashSet (java.util.LinkedHashSet)1 TreeMap (java.util.TreeMap)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial