use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.
the class SpdxV1JSONImporterTest method importResult__just_text_cannot_be_imported.
@Test
void importResult__just_text_cannot_be_imported() throws IOException {
/* prepare */
String spdx = "I am a long text …";
/* execute */
SerecoMetaData metaData = importerToTest.importResult(spdx);
/* test */
assertTrue(metaData.getLicenseDocuments().isEmpty());
}
use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.
the class SpdxV1JSONImporterTest method importResult__import_spdx_2_2_scancode.
@Test
void importResult__import_spdx_2_2_scancode() throws IOException {
/* prepare */
String spdx = spdx_2_2_scancode;
/* execute */
SerecoMetaData metaData = importerToTest.importResult(spdx);
/* test */
assertNotNull(metaData.getLicenseDocuments().get(0).getSpdx());
}
use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.
the class IntegrationTestPDSCodeScanImporterTest method when_data_contains_critical_medium_low_info__exact_this_ones_will_be_imported.
@Test
public void when_data_contains_critical_medium_low_info__exact_this_ones_will_be_imported() throws Exception {
/* prepare */
/* @formatter:off */
String data = "#PDS_INTTEST_PRODUCT_CODESCAN\n" + "\n" + "\n" + "CRITICAL:i am a critical error\n" + "MEDIUM:i am a medium error\n" + "LOW:i am just a low error\n" + "INFO:i am just an information";
/* @formatter:on */
/* execute */
SerecoMetaData result = importerToTest.importResult(data);
/* test */
List<SerecoVulnerability> v = result.getVulnerabilities();
assertEquals(4, v.size());
Iterator<SerecoVulnerability> it = v.iterator();
check(SerecoSeverity.CRITICAL, 4, "i am a critical error", it.next());
check(SerecoSeverity.MEDIUM, 5, "i am a medium error", it.next());
check(SerecoSeverity.LOW, 6, "i am just a low error", it.next());
check(SerecoSeverity.INFO, 7, "i am just an information", it.next());
}
use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.
the class CheckmarxV1XMLImporterTest method xmlReportFromCheckmarxVhasNoDescriptionButCodeInfo.
@Test
public void xmlReportFromCheckmarxVhasNoDescriptionButCodeInfo() throws Exception {
/* prepare */
String xml = SerecoTestFileSupport.INSTANCE.loadTestFile("checkmarx/sechub-continous-integration-with-false-positive.xml");
/* execute */
SerecoMetaData result = importerToTest.importResult(xml);
/* test */
List<SerecoVulnerability> vulnerabilities = result.getVulnerabilities();
SerecoVulnerability v1 = fetchFirstNonFalsePositive(vulnerabilities);
assertEquals(SerecoSeverity.MEDIUM, v1.getSeverity());
assertEquals("", v1.getDescription());
assertEquals(ScanType.CODE_SCAN, v1.getScanType());
SerecoCodeCallStackElement codeInfo = v1.getCode();
assertNotNull(codeInfo);
/*
* v1 is not first entry, because first entry was a false positive which was
* already filtered
*/
assertEquals("com/mercedesbenz/sechub/server/IntegrationTestServerRestController.java", codeInfo.getLocation());
assertEquals(Integer.valueOf(86), codeInfo.getLine());
assertEquals(Integer.valueOf(37), codeInfo.getColumn());
assertEquals(" @PathVariable(\"fileName\") String fileName) throws IOException {", codeInfo.getSource());
assertEquals("fileName", codeInfo.getRelevantPart());
SerecoCodeCallStackElement calls1 = codeInfo.getCalls();
assertNotNull(calls1);
SerecoCodeCallStackElement calls2 = calls1.getCalls();
assertNotNull(calls2);
assertEquals("com/mercedesbenz/sechub/sharedkernel/storage/JobStorage.java", calls2.getLocation());
assertEquals(Integer.valueOf(139), calls2.getLine());
assertEquals(Integer.valueOf(39), calls2.getColumn());
assertEquals(" public String getAbsolutePath(String fileName) {", calls2.getSource());
assertEquals("fileName", codeInfo.getRelevantPart());
}
use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.
the class CheckmarxV1XMLImporterTest method xmlReportFromCheckmarxV8_with_false_positive_canBeImported_and_contains_not_false_positive.
@Test
public void xmlReportFromCheckmarxV8_with_false_positive_canBeImported_and_contains_not_false_positive() throws IOException {
/* prepare */
String xml = SerecoTestFileSupport.INSTANCE.loadTestFile("checkmarx/sechub-continous-integration-with-false-positive.xml");
/* execute */
SerecoMetaData data = importerToTest.importResult(xml);
/* test @formatter:off */
assertVulnerabilities(data.getVulnerabilities()).vulnerability().withSeverity(SerecoSeverity.HIGH).isNotContained(true).hasVulnerabilities(240).hasVulnerabilities(230, true);
/* inside xml there are 240 vulnerabilities, but 10 are false positives */
/* @formatter:on */
}
Aggregations