Search in sources :

Example 1 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class SpdxV1JSONImporterTest method importResult__just_text_cannot_be_imported.

@Test
void importResult__just_text_cannot_be_imported() throws IOException {
    /* prepare */
    String spdx = "I am a long text …";
    /* execute */
    SerecoMetaData metaData = importerToTest.importResult(spdx);
    /* test */
    assertTrue(metaData.getLicenseDocuments().isEmpty());
}
Also used : SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) Test(org.junit.jupiter.api.Test)

Example 2 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class SpdxV1JSONImporterTest method importResult__import_spdx_2_2_scancode.

@Test
void importResult__import_spdx_2_2_scancode() throws IOException {
    /* prepare */
    String spdx = spdx_2_2_scancode;
    /* execute */
    SerecoMetaData metaData = importerToTest.importResult(spdx);
    /* test */
    assertNotNull(metaData.getLicenseDocuments().get(0).getSpdx());
}
Also used : SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) Test(org.junit.jupiter.api.Test)

Example 3 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class IntegrationTestPDSCodeScanImporterTest method when_data_contains_critical_medium_low_info__exact_this_ones_will_be_imported.

@Test
public void when_data_contains_critical_medium_low_info__exact_this_ones_will_be_imported() throws Exception {
    /* prepare */
    /* @formatter:off */
    String data = "#PDS_INTTEST_PRODUCT_CODESCAN\n" + "\n" + "\n" + "CRITICAL:i am a critical error\n" + "MEDIUM:i am a medium error\n" + "LOW:i am just a low error\n" + "INFO:i am just an information";
    /* @formatter:on */
    /* execute */
    SerecoMetaData result = importerToTest.importResult(data);
    /* test */
    List<SerecoVulnerability> v = result.getVulnerabilities();
    assertEquals(4, v.size());
    Iterator<SerecoVulnerability> it = v.iterator();
    check(SerecoSeverity.CRITICAL, 4, "i am a critical error", it.next());
    check(SerecoSeverity.MEDIUM, 5, "i am a medium error", it.next());
    check(SerecoSeverity.LOW, 6, "i am just a low error", it.next());
    check(SerecoSeverity.INFO, 7, "i am just an information", it.next());
}
Also used : SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) Test(org.junit.Test)

Example 4 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class CheckmarxV1XMLImporterTest method xmlReportFromCheckmarxVhasNoDescriptionButCodeInfo.

@Test
public void xmlReportFromCheckmarxVhasNoDescriptionButCodeInfo() throws Exception {
    /* prepare */
    String xml = SerecoTestFileSupport.INSTANCE.loadTestFile("checkmarx/sechub-continous-integration-with-false-positive.xml");
    /* execute */
    SerecoMetaData result = importerToTest.importResult(xml);
    /* test */
    List<SerecoVulnerability> vulnerabilities = result.getVulnerabilities();
    SerecoVulnerability v1 = fetchFirstNonFalsePositive(vulnerabilities);
    assertEquals(SerecoSeverity.MEDIUM, v1.getSeverity());
    assertEquals("", v1.getDescription());
    assertEquals(ScanType.CODE_SCAN, v1.getScanType());
    SerecoCodeCallStackElement codeInfo = v1.getCode();
    assertNotNull(codeInfo);
    /*
         * v1 is not first entry, because first entry was a false positive which was
         * already filtered
         */
    assertEquals("com/mercedesbenz/sechub/server/IntegrationTestServerRestController.java", codeInfo.getLocation());
    assertEquals(Integer.valueOf(86), codeInfo.getLine());
    assertEquals(Integer.valueOf(37), codeInfo.getColumn());
    assertEquals("			@PathVariable(\"fileName\") String fileName) throws IOException {", codeInfo.getSource());
    assertEquals("fileName", codeInfo.getRelevantPart());
    SerecoCodeCallStackElement calls1 = codeInfo.getCalls();
    assertNotNull(calls1);
    SerecoCodeCallStackElement calls2 = calls1.getCalls();
    assertNotNull(calls2);
    assertEquals("com/mercedesbenz/sechub/sharedkernel/storage/JobStorage.java", calls2.getLocation());
    assertEquals(Integer.valueOf(139), calls2.getLine());
    assertEquals(Integer.valueOf(39), calls2.getColumn());
    assertEquals("	public String getAbsolutePath(String fileName) {", calls2.getSource());
    assertEquals("fileName", codeInfo.getRelevantPart());
}
Also used : SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) Test(org.junit.Test)

Example 5 with SerecoMetaData

use of com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData in project sechub by mercedes-benz.

the class CheckmarxV1XMLImporterTest method xmlReportFromCheckmarxV8_with_false_positive_canBeImported_and_contains_not_false_positive.

@Test
public void xmlReportFromCheckmarxV8_with_false_positive_canBeImported_and_contains_not_false_positive() throws IOException {
    /* prepare */
    String xml = SerecoTestFileSupport.INSTANCE.loadTestFile("checkmarx/sechub-continous-integration-with-false-positive.xml");
    /* execute */
    SerecoMetaData data = importerToTest.importResult(xml);
    /* test @formatter:off */
    assertVulnerabilities(data.getVulnerabilities()).vulnerability().withSeverity(SerecoSeverity.HIGH).isNotContained(true).hasVulnerabilities(240).hasVulnerabilities(230, true);
/* inside xml there are 240 vulnerabilities, but 10 are false positives */
/* @formatter:on */
}
Also used : SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) Test(org.junit.Test)

Aggregations

SerecoMetaData (com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)42 SerecoVulnerability (com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability)31 Test (org.junit.jupiter.api.Test)16 Test (org.junit.Test)12 SerecoCodeCallStackElement (com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement)6 IOException (java.io.IOException)5 SerecoClassification (com.mercedesbenz.sechub.sereco.metadata.SerecoClassification)4 Document (org.dom4j.Document)3 DocumentException (org.dom4j.DocumentException)3 Element (org.dom4j.Element)3 ReportTransformationResult (com.mercedesbenz.sechub.domain.scan.ReportTransformationResult)2 ImportParameter (com.mercedesbenz.sechub.sereco.ImportParameter)2 SerecoLicenseDocument (com.mercedesbenz.sechub.sereco.metadata.SerecoLicenseDocument)2 SerecoLicenseSpdx (com.mercedesbenz.sechub.sereco.metadata.SerecoLicenseSpdx)2 ScanType (com.mercedesbenz.sechub.commons.model.ScanType)1 SecHubFinding (com.mercedesbenz.sechub.commons.model.SecHubFinding)1 ProductIdentifier (com.mercedesbenz.sechub.domain.scan.product.ProductIdentifier)1 ProductResult (com.mercedesbenz.sechub.domain.scan.product.ProductResult)1 ProductExecutorConfigInfo (com.mercedesbenz.sechub.domain.scan.product.config.ProductExecutorConfigInfo)1 Report (com.mercedesbenz.sechub.sarif.model.Report)1