Examples with SerecoCodeCallStackElement com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement used on opensource projects

Search in sources :

Example 1 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class CheckmarxV1XMLImporterTest method xmlReportFromCheckmarxVhasNoDescriptionButCodeInfo.

@Test
public void xmlReportFromCheckmarxVhasNoDescriptionButCodeInfo() throws Exception {
    /* prepare */
    String xml = SerecoTestFileSupport.INSTANCE.loadTestFile("checkmarx/sechub-continous-integration-with-false-positive.xml");
    /* execute */
    SerecoMetaData result = importerToTest.importResult(xml);
    /* test */
    List<SerecoVulnerability> vulnerabilities = result.getVulnerabilities();
    SerecoVulnerability v1 = fetchFirstNonFalsePositive(vulnerabilities);
    assertEquals(SerecoSeverity.MEDIUM, v1.getSeverity());
    assertEquals("", v1.getDescription());
    assertEquals(ScanType.CODE_SCAN, v1.getScanType());
    SerecoCodeCallStackElement codeInfo = v1.getCode();
    assertNotNull(codeInfo);
    /*
         * v1 is not first entry, because first entry was a false positive which was
         * already filtered
         */
    assertEquals("com/mercedesbenz/sechub/server/IntegrationTestServerRestController.java", codeInfo.getLocation());
    assertEquals(Integer.valueOf(86), codeInfo.getLine());
    assertEquals(Integer.valueOf(37), codeInfo.getColumn());
    assertEquals("			@PathVariable(\"fileName\") String fileName) throws IOException {", codeInfo.getSource());
    assertEquals("fileName", codeInfo.getRelevantPart());
    SerecoCodeCallStackElement calls1 = codeInfo.getCalls();
    assertNotNull(calls1);
    SerecoCodeCallStackElement calls2 = calls1.getCalls();
    assertNotNull(calls2);
    assertEquals("com/mercedesbenz/sechub/sharedkernel/storage/JobStorage.java", calls2.getLocation());
    assertEquals(Integer.valueOf(139), calls2.getLine());
    assertEquals(Integer.valueOf(39), calls2.getColumn());
    assertEquals("	public String getAbsolutePath(String fileName) {", calls2.getSource());
    assertEquals("fileName", codeInfo.getRelevantPart());
}
Also used : SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) Test(org.junit.Test)

Example 2 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class SarifV1JSONImporterTest method sarif_report_threadflow_locations.

@Test
void sarif_report_threadflow_locations() throws Exception {
    /* prepare */
    SerecoMetaData result = importerToTest.importResult(sarif_2_1_0_pythonscanner_thread_flows);
    /* execute */
    List<SerecoVulnerability> vulnerabilities = result.getVulnerabilities();
    SerecoVulnerability vulnerability = fetchFirstNonFalsePositive(vulnerabilities);
    SerecoCodeCallStackElement codeInfo = vulnerability.getCode();
    /* test */
    // was not able to detect from this data
    assertEquals("Undefined", vulnerability.getType());
    assertNotNull(codeInfo);
    assertEquals("3-Beyond-basics/bad-eval-with-code-flow.py", codeInfo.getLocation());
    assertEquals(3, codeInfo.getLine().intValue());
    assertEquals(1, vulnerabilities.size());
    SerecoCodeCallStackElement subCodeInfo = codeInfo.getCalls();
    assertNotNull(subCodeInfo);
    assertEquals("3-Beyond-basics/bad-eval-with-code-flow.py", subCodeInfo.getLocation());
    assertEquals(4, subCodeInfo.getLine().intValue());
}
Also used : SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) Test(org.junit.jupiter.api.Test)

Example 3 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class SarifV1JSONImporter method resolveCodeInfoFromLocations.

private SerecoCodeCallStackElement resolveCodeInfoFromLocations(List<Location> locations) {
    List<SerecoCodeCallStackElement> callstack = callStackListFromLocations(locations);
    SerecoCodeCallStackElement firstElement = null;
    SerecoCodeCallStackElement prevElement = null;
    for (SerecoCodeCallStackElement code : callstack) {
        if (firstElement == null) {
            firstElement = code;
        } else if (prevElement == null) {
            firstElement.setCalls(code);
            prevElement = code;
        } else {
            prevElement.setCalls(code);
            prevElement = code;
        }
    }
    return firstElement;
}
Also used : SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement)

Example 4 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class IntegrationTestPDSCodeScanImporter method importResult.

@Override
public SerecoMetaData importResult(String simpleText) throws IOException {
    String[] lines = simpleText.split("\n");
    SerecoMetaData metaData = new SerecoMetaData();
    List<SerecoVulnerability> vulnerabilities = metaData.getVulnerabilities();
    int pseudoLineNumber = 0;
    for (String line : lines) {
        // we just reuse result line...
        pseudoLineNumber++;
        if (line.startsWith("#")) {
            continue;
        }
        String[] splitted = line.split(":");
        if (splitted.length < 2) {
            continue;
        }
        int pos = 0;
        String severity = splitted[pos++];
        String message = splitted[pos++];
        SerecoCodeCallStackElement code = new SerecoCodeCallStackElement();
        code.setColumn(123);
        code.setLine(pseudoLineNumber);
        code.setLocation("data.txt");
        code.setRelevantPart("integrationtest");
        code.setSource("integration test code only!");
        SerecoVulnerability vulnerability = new SerecoVulnerability();
        vulnerability.setDescription(message);
        vulnerability.setScanType(ScanType.CODE_SCAN);
        vulnerability.setCode(code);
        vulnerability.setSeverity(SerecoSeverity.fromString(severity));
        vulnerabilities.add(vulnerability);
    }
    return metaData;
}
Also used : SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)

Example 5 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class CheckmarxV1XMLImporter method fillPathNodeInfo.

private void fillPathNodeInfo(SerecoCodeCallStackElement info, Element pathNode) {
    Element filename = pathNode.element("FileName");
    if (filename != null) {
        info.setLocation(filename.getStringValue());
    }
    Element line = pathNode.element("Line");
    if (line != null) {
        info.setLine(safeGetInteger(line));
    }
    Element column = pathNode.element("Column");
    if (column != null) {
        info.setColumn(safeGetInteger(column));
    }
    Element name = pathNode.element("Name");
    if (name != null) {
        info.setRelevantPart(name.getStringValue());
    }
    addSource(info, pathNode);
}
Also used : SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) Element(org.dom4j.Element)

Aggregations

SerecoCodeCallStackElement (com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement)17 SerecoVulnerability (com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability)8 SerecoMetaData (com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)7 Element (org.dom4j.Element)4 ArrayList (java.util.ArrayList)3 ArtifactContent (com.mercedesbenz.sechub.sarif.model.ArtifactContent)2 ArtifactLocation (com.mercedesbenz.sechub.sarif.model.ArtifactLocation)2 PhysicalLocation (com.mercedesbenz.sechub.sarif.model.PhysicalLocation)2 Region (com.mercedesbenz.sechub.sarif.model.Region)2 SerecoClassification (com.mercedesbenz.sechub.sereco.metadata.SerecoClassification)2 SerecoWeb (com.mercedesbenz.sechub.sereco.metadata.SerecoWeb)2 SerecoWebAttack (com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)2 SerecoWebRequest (com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest)2 SerecoWebResponse (com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse)2 IOException (java.io.IOException)2 List (java.util.List)2 SimpleStringUtils (com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils)1 ScanType (com.mercedesbenz.sechub.commons.model.ScanType)1 FalsePositiveCodeMetaData (com.mercedesbenz.sechub.domain.scan.project.FalsePositiveCodeMetaData)1 FalsePositiveCodePartMetaData (com.mercedesbenz.sechub.domain.scan.project.FalsePositiveCodePartMetaData)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial