Examples with SerecoCodeCallStackElement com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement used on opensource projects

Search in sources :

Example 6 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class CheckmarxV1XMLImporter method addSource.

private void addSource(SerecoCodeCallStackElement info, Element pathNode) {
    if (pathNode == null) {
        return;
    }
    /* add source snippet */
    Element snippet = pathNode.element("Snippet");
    if (snippet == null) {
        return;
    }
    Element snippetLine = snippet.element("Line");
    if (snippetLine == null) {
        return;
    }
    Element snippetCode = snippetLine.element("Code");
    if (snippetCode == null) {
        return;
    }
    info.setSource(snippetCode.getStringValue());
}
Also used : SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) Element(org.dom4j.Element)

Example 7 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class SerecoProductResultTransformerTest method createMetaDataWithOneVulnerabilityAsCodeFound.

private String createMetaDataWithOneVulnerabilityAsCodeFound() {
    SerecoMetaData data = new SerecoMetaData();
    List<SerecoVulnerability> vulnerabilities = data.getVulnerabilities();
    SerecoVulnerability v1 = new SerecoVulnerability();
    v1.setSeverity(SerecoSeverity.MEDIUM);
    v1.setType("type1");
    v1.setScanType(ScanType.CODE_SCAN);
    SerecoCodeCallStackElement serecoCode1 = new SerecoCodeCallStackElement();
    serecoCode1.setLine(1);
    serecoCode1.setColumn(2);
    serecoCode1.setLocation("Location1");
    serecoCode1.setSource("source1");
    serecoCode1.setRelevantPart("relevantPart1");
    v1.setCode(serecoCode1);
    SerecoCodeCallStackElement serecoCode2 = new SerecoCodeCallStackElement();
    serecoCode2.setLine(3);
    serecoCode2.setColumn(4);
    serecoCode2.setLocation("Location2");
    serecoCode2.setSource("source2");
    serecoCode2.setRelevantPart("relevantPart2");
    serecoCode1.setCalls(serecoCode2);
    SerecoClassification cl = v1.getClassification();
    cl.setCapec("capec1");
    vulnerabilities.add(v1);
    String converted = JSONConverter.get().toJSON(data);
    return converted;
}
Also used : SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) SerecoClassification(com.mercedesbenz.sechub.sereco.metadata.SerecoClassification)

Example 8 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class SarifV1JSONImporter method resolveCodeInfoFromResult.

private SerecoCodeCallStackElement resolveCodeInfoFromResult(Result result) {
    boolean firstElementfromResultLocation = false;
    SerecoCodeCallStackElement firstElement = resolveCodeInfoFromCodeFlow(result);
    if (firstElement == null) {
        // if no CodeFlow available, try to extract callstack directly from locations
        firstElement = resolveCodeInfoFromLocations(result.getLocations());
        firstElementfromResultLocation = true;
    }
    if (!firstElementfromResultLocation && firstElement != null) {
        /* check source is set at least at first element */
        String source = firstElement.getSource();
        if (source == null || source.trim().isEmpty()) {
            /* not set - last fallback to location */
            SerecoCodeCallStackElement fallbackElement = resolveCodeInfoFromLocations(result.getLocations());
            source = fallbackElement.getSource();
            firstElement.setSource(source);
        }
    }
    return firstElement;
}
Also used : SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement)

Example 9 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class SarifV1JSONImporter method callStackListFromLocations.

private List<SerecoCodeCallStackElement> callStackListFromLocations(List<Location> locations) {
    List<SerecoCodeCallStackElement> callstack = new ArrayList<>();
    if (locations == null) {
        return callstack;
    }
    locations.forEach(location -> {
        PhysicalLocation physicalLocation = location.getPhysicalLocation();
        if (physicalLocation != null) {
            SerecoCodeCallStackElement subCode = new SerecoCodeCallStackElement();
            ArtifactLocation artifactLocation = physicalLocation.getArtifactLocation();
            if (artifactLocation != null) {
                subCode.setLocation(artifactLocation.getUri());
            }
            Region region = physicalLocation.getRegion();
            if (region != null) {
                subCode.setLine(region.getStartLine());
                subCode.setColumn(region.getStartColumn());
                ArtifactContent snippet = region.getSnippet();
                if (snippet != null) {
                    String text = snippet.getText();
                    if (text != null) {
                        text = text.trim();
                    }
                    subCode.setSource(text);
                }
            }
            callstack.add(subCode);
        }
    });
    return callstack;
}
Also used : ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent) SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) ArrayList(java.util.ArrayList) ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation) Region(com.mercedesbenz.sechub.sarif.model.Region) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)

Example 10 with SerecoCodeCallStackElement

use of com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement in project sechub by mercedes-benz.

the class SarifV1JSONImporter method resolveCodeInfoFromCodeFlow.

private SerecoCodeCallStackElement resolveCodeInfoFromCodeFlow(Result result) {
    Optional<CodeFlow> codeFlows = result.getCodeFlows().stream().findFirst();
    if (!codeFlows.isPresent()) {
        return null;
    }
    Optional<ThreadFlow> optFlow = codeFlows.get().getThreadFlows().stream().findFirst();
    if (!optFlow.isPresent()) {
        return null;
    }
    ThreadFlow flow = optFlow.get();
    List<Location> locations = flow.getLocations().stream().map(location -> location.getLocation()).collect(Collectors.toList());
    return resolveCodeInfoFromLocations(locations);
}
Also used : Message(com.mercedesbenz.sechub.sarif.model.Message) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation) Run(com.mercedesbenz.sechub.sarif.model.Run) LoggerFactory(org.slf4j.LoggerFactory) Region(com.mercedesbenz.sechub.sarif.model.Region) SerecoWebRequest(com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest) Location(com.mercedesbenz.sechub.sarif.model.Location) ArrayList(java.util.ArrayList) Rule(com.mercedesbenz.sechub.sarif.model.Rule) WebRequest(com.mercedesbenz.sechub.sarif.model.WebRequest) ImportParameter(com.mercedesbenz.sechub.sereco.ImportParameter) Level(com.mercedesbenz.sechub.sarif.model.Level) Map(java.util.Map) CodeFlow(com.mercedesbenz.sechub.sarif.model.CodeFlow) WebResponse(com.mercedesbenz.sechub.sarif.model.WebResponse) ThreadFlow(com.mercedesbenz.sechub.sarif.model.ThreadFlow) SerecoSeverity(com.mercedesbenz.sechub.sereco.metadata.SerecoSeverity) ToolComponentReference(com.mercedesbenz.sechub.sarif.model.ToolComponentReference) SarifReportSupport(com.mercedesbenz.sechub.sarif.SarifReportSupport) Result(com.mercedesbenz.sechub.sarif.model.Result) SerecoWeb(com.mercedesbenz.sechub.sereco.metadata.SerecoWeb) Logger(org.slf4j.Logger) SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence) SerecoWebBody(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBody) ScanType(com.mercedesbenz.sechub.commons.model.ScanType) SimpleStringUtils(com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils) ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent) SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack) ReportingDescriptorRelationship(com.mercedesbenz.sechub.sarif.model.ReportingDescriptorRelationship) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) ReportingDescriptorReference(com.mercedesbenz.sechub.sarif.model.ReportingDescriptorReference) SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) List(java.util.List) Component(org.springframework.stereotype.Component) ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation) SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) Report(com.mercedesbenz.sechub.sarif.model.Report) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation) SerecoWebResponse(com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse) Optional(java.util.Optional) ThreadFlow(com.mercedesbenz.sechub.sarif.model.ThreadFlow) CodeFlow(com.mercedesbenz.sechub.sarif.model.CodeFlow) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation) Location(com.mercedesbenz.sechub.sarif.model.Location) ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)

Aggregations

SerecoCodeCallStackElement (com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement)17 SerecoVulnerability (com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability)8 SerecoMetaData (com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)7 Element (org.dom4j.Element)4 ArrayList (java.util.ArrayList)3 ArtifactContent (com.mercedesbenz.sechub.sarif.model.ArtifactContent)2 ArtifactLocation (com.mercedesbenz.sechub.sarif.model.ArtifactLocation)2 PhysicalLocation (com.mercedesbenz.sechub.sarif.model.PhysicalLocation)2 Region (com.mercedesbenz.sechub.sarif.model.Region)2 SerecoClassification (com.mercedesbenz.sechub.sereco.metadata.SerecoClassification)2 SerecoWeb (com.mercedesbenz.sechub.sereco.metadata.SerecoWeb)2 SerecoWebAttack (com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)2 SerecoWebRequest (com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest)2 SerecoWebResponse (com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse)2 IOException (java.io.IOException)2 List (java.util.List)2 SimpleStringUtils (com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils)1 ScanType (com.mercedesbenz.sechub.commons.model.ScanType)1 FalsePositiveCodeMetaData (com.mercedesbenz.sechub.domain.scan.project.FalsePositiveCodeMetaData)1 FalsePositiveCodePartMetaData (com.mercedesbenz.sechub.domain.scan.project.FalsePositiveCodePartMetaData)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial