Examples with SerecoMetaData com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData used on opensource projects

Example 1 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class SpdxV1JSONImporterTest method importResult__just_text_cannot_be_imported.

@Test
void importResult__just_text_cannot_be_imported() throws IOException {
    /* prepare */
    String spdx = "I am a long text …";
    /* execute */
    SerecoMetaData metaData = importerToTest.importResult(spdx);
    /* test */
    assertTrue(metaData.getLicenseDocuments().isEmpty());
}

Example 2 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class SpdxV1JSONImporterTest method importResult__import_spdx_2_2_scancode.

@Test
void importResult__import_spdx_2_2_scancode() throws IOException {
    /* prepare */
    String spdx = spdx_2_2_scancode;
    /* execute */
    SerecoMetaData metaData = importerToTest.importResult(spdx);
    /* test */
    assertNotNull(metaData.getLicenseDocuments().get(0).getSpdx());
}

Example 3 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class IntegrationTestPDSCodeScanImporterTest method when_data_contains_critical_medium_low_info__exact_this_ones_will_be_imported.

@Test
public void when_data_contains_critical_medium_low_info__exact_this_ones_will_be_imported() throws Exception {
    /* prepare */
    /* @formatter:off */
    String data = "#PDS_INTTEST_PRODUCT_CODESCAN\n" + "\n" + "\n" + "CRITICAL:i am a critical error\n" + "MEDIUM:i am a medium error\n" + "LOW:i am just a low error\n" + "INFO:i am just an information";
    /* @formatter:on */
    /* execute */
    SerecoMetaData result = importerToTest.importResult(data);
    /* test */
    List<SerecoVulnerability> v = result.getVulnerabilities();
    assertEquals(4, v.size());
    Iterator<SerecoVulnerability> it = v.iterator();
    check(SerecoSeverity.CRITICAL, 4, "i am a critical error", it.next());
    check(SerecoSeverity.MEDIUM, 5, "i am a medium error", it.next());
    check(SerecoSeverity.LOW, 6, "i am just a low error", it.next());
    check(SerecoSeverity.INFO, 7, "i am just an information", it.next());
}

Example 4 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class CheckmarxV1XMLImporterTest method xmlReportFromCheckmarxVhasNoDescriptionButCodeInfo.

@Test
public void xmlReportFromCheckmarxVhasNoDescriptionButCodeInfo() throws Exception {
    /* prepare */
    String xml = SerecoTestFileSupport.INSTANCE.loadTestFile("checkmarx/sechub-continous-integration-with-false-positive.xml");
    /* execute */
    SerecoMetaData result = importerToTest.importResult(xml);
    /* test */
    List<SerecoVulnerability> vulnerabilities = result.getVulnerabilities();
    SerecoVulnerability v1 = fetchFirstNonFalsePositive(vulnerabilities);
    assertEquals(SerecoSeverity.MEDIUM, v1.getSeverity());
    assertEquals("", v1.getDescription());
    assertEquals(ScanType.CODE_SCAN, v1.getScanType());
    SerecoCodeCallStackElement codeInfo = v1.getCode();
    assertNotNull(codeInfo);
    /*
         * v1 is not first entry, because first entry was a false positive which was
         * already filtered
         */
    assertEquals("com/mercedesbenz/sechub/server/IntegrationTestServerRestController.java", codeInfo.getLocation());
    assertEquals(Integer.valueOf(86), codeInfo.getLine());
    assertEquals(Integer.valueOf(37), codeInfo.getColumn());
    assertEquals("			@PathVariable(\"fileName\") String fileName) throws IOException {", codeInfo.getSource());
    assertEquals("fileName", codeInfo.getRelevantPart());
    SerecoCodeCallStackElement calls1 = codeInfo.getCalls();
    assertNotNull(calls1);
    SerecoCodeCallStackElement calls2 = calls1.getCalls();
    assertNotNull(calls2);
    assertEquals("com/mercedesbenz/sechub/sharedkernel/storage/JobStorage.java", calls2.getLocation());
    assertEquals(Integer.valueOf(139), calls2.getLine());
    assertEquals(Integer.valueOf(39), calls2.getColumn());
    assertEquals("	public String getAbsolutePath(String fileName) {", calls2.getSource());
    assertEquals("fileName", codeInfo.getRelevantPart());
}

Example 5 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class CheckmarxV1XMLImporterTest method xmlReportFromCheckmarxV8_with_false_positive_canBeImported_and_contains_not_false_positive.

@Test
public void xmlReportFromCheckmarxV8_with_false_positive_canBeImported_and_contains_not_false_positive() throws IOException {
    /* prepare */
    String xml = SerecoTestFileSupport.INSTANCE.loadTestFile("checkmarx/sechub-continous-integration-with-false-positive.xml");
    /* execute */
    SerecoMetaData data = importerToTest.importResult(xml);
    /* test @formatter:off */
    assertVulnerabilities(data.getVulnerabilities()).vulnerability().withSeverity(SerecoSeverity.HIGH).isNotContained(true).hasVulnerabilities(240).hasVulnerabilities(230, true);
/* inside xml there are 240 vulnerabilities, but 10 are false positives */
/* @formatter:on */
}