Examples with UseCaseRestDoc com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc used on opensource projects

Example 26 with UseCaseRestDoc

use of com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc in project sechub by mercedes-benz.

the class ConfigAdministrationRestControllerRestDocTest method restdoc_admin_updates_auto_cleanup_configuration.

@Test
@UseCaseRestDoc(useCase = UseCaseAdminUpdatesAutoCleanupConfiguration.class)
public void restdoc_admin_updates_auto_cleanup_configuration() throws Exception {
    /* prepare */
    String apiEndpoint = https(PORT_USED).buildAdminUpdatesAutoCleanupConfigurationUrl();
    Class<? extends Annotation> useCase = UseCaseAdminUpdatesAutoCleanupConfiguration.class;
    AdministrationAutoCleanupConfig config = new AdministrationAutoCleanupConfig();
    /* execute + test @formatter:off */
    this.mockMvc.perform(put(apiEndpoint).content(config.toJSON()).contentType(MediaType.APPLICATION_JSON_VALUE)).andExpect(status().isAccepted()).andDo(defineRestService().with().useCaseData(useCase).tag(RestDocFactory.extractTag(apiEndpoint)).and().document());
/* @formatter:on */
}

Example 27 with UseCaseRestDoc

use of com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc in project sechub by mercedes-benz.

the class FalsePositiveRestControllerRestDocTest method user_fetches_false_positive_configuration.

@Test
@UseCaseRestDoc(useCase = UseCaseUserFetchesFalsePositiveConfigurationOfProject.class)
public void user_fetches_false_positive_configuration() throws Exception {
    /* prepare */
    String apiEndpoint = https(PORT_USED).buildUserFetchesFalsePositiveConfigurationOfProject(PROJECT_ID.pathElement());
    Class<? extends Annotation> useCase = UseCaseUserFetchesFalsePositiveConfigurationOfProject.class;
    int findingId = 42;
    UUID jobUUID = UUID.fromString("f1d02a9d-5e1b-4f52-99e5-401854ccf936");
    FalsePositiveProjectConfiguration config = new FalsePositiveProjectConfiguration();
    List<FalsePositiveEntry> fpList = config.getFalsePositives();
    FalsePositiveEntry entry = new FalsePositiveEntry();
    entry.setAuthor("developer1");
    entry.setCreated(new Date(1591962795187L));
    FalsePositiveJobData jobData1 = new FalsePositiveJobData();
    jobData1.setComment("Only used in documentation build not in deployment");
    jobData1.setJobUUID(jobUUID);
    jobData1.setFindingId(findingId);
    entry.setJobData(jobData1);
    FalsePositiveMetaData metaData = new FalsePositiveMetaData();
    metaData.setCweId(Integer.valueOf(36));
    FalsePositiveCodeMetaData code = new FalsePositiveCodeMetaData();
    FalsePositiveCodePartMetaData start = new FalsePositiveCodePartMetaData();
    start.setLocation("java/com/mercedesbenz/sechub/docgen/AsciidocGenerator.java");
    start.setRelevantPart("args");
    start.setSourceCode("\tpublic static void main(String[] args) throws Exception {");
    code.setStart(start);
    FalsePositiveCodePartMetaData end = new FalsePositiveCodePartMetaData();
    end.setLocation("java/com/mercedesbenz/sechub/docgen/AsciidocGenerator.java");
    end.setRelevantPart("File");
    end.setSourceCode("\t\tFile documentsGenFolder = new File(path);");
    code.setEnd(end);
    metaData.setCode(code);
    metaData.setScanType(ScanType.CODE_SCAN);
    metaData.setSeverity(Severity.MEDIUM);
    metaData.setName("Absolute Path Traversal");
    entry.setMetaData(metaData);
    fpList.add(entry);
    when(falsePositiveJobDataService.fetchFalsePositivesProjectConfiguration(PROJECT1_ID)).thenReturn(config);
    /* execute + test @formatter:off */
    String metaDataPath = PROPERTY_FALSE_POSITIVES + "[]." + FalsePositiveEntry.PROPERTY_METADATA;
    String codeMetaDataPath = metaDataPath + "." + FalsePositiveMetaData.PROPERTY_CODE;
    this.mockMvc.perform(get(apiEndpoint, PROJECT1_ID)).andExpect(status().isOk()).andDo(defineRestService().with().useCaseData(useCase).tag(RestDocFactory.extractTag(apiEndpoint)).responseSchema(OpenApiSchema.FALSE_POSITVES.getSchema()).and().document(responseFields(fieldWithPath(PROPERTY_FALSE_POSITIVES).description("Job data list containing false positive setup based on former jobs"), fieldWithPath(PROPERTY_FALSE_POSITIVES + "[]." + FalsePositiveEntry.PROPERTY_AUTHOR).description("User id of author who created false positive"), fieldWithPath(PROPERTY_FALSE_POSITIVES + "[]." + FalsePositiveEntry.PROPERTY_CREATED).description("Creation timestamp"), fieldWithPath(metaDataPath).description("Meta data for this false positive"), fieldWithPath(metaDataPath + "." + FalsePositiveMetaData.PROPERTY_SCANTYPE).description("Scan type - e.g. codeScan"), fieldWithPath(metaDataPath + "." + FalsePositiveMetaData.PROPERTY_NAME).description("Name of origin finding marked as false positive"), fieldWithPath(metaDataPath + "." + FalsePositiveMetaData.PROPERTY_CWE_ID).type(JsonFieldType.NUMBER).optional().description("CWE (common weakness enumeration). For code scans this is always set."), fieldWithPath(metaDataPath + "." + FalsePositiveMetaData.PROPERTY_CVE_ID).type(JsonFieldType.STRING).optional().description("CVE (common vulnerability and exposures). For infra scans this is always set."), fieldWithPath(metaDataPath + "." + FalsePositiveMetaData.PROPERTY_OWASP).type(JsonFieldType.STRING).optional().description("OWASP At least this field must be set for web scans when no cwe identifier is defined."), fieldWithPath(metaDataPath + "." + FalsePositiveMetaData.PROPERTY_SEVERITY).description("Severity of origin report entry marked as false positive"), fieldWithPath(codeMetaDataPath).optional().description("Code part. Only available for scan type 'codeScan'"), fieldWithPath(codeMetaDataPath + "." + FalsePositiveCodeMetaData.PROPERTY_START).description("entry point"), fieldWithPath(codeMetaDataPath + "." + FalsePositiveCodeMetaData.PROPERTY_START + "." + FalsePositiveCodePartMetaData.PROPERTY_LOCATION).description("location of code"), fieldWithPath(codeMetaDataPath + "." + FalsePositiveCodeMetaData.PROPERTY_START + "." + FalsePositiveCodePartMetaData.PROPERTY_RELEVANT_PART).description("relevant part of source vulnerability"), fieldWithPath(codeMetaDataPath + "." + FalsePositiveCodeMetaData.PROPERTY_START + "." + FalsePositiveCodePartMetaData.PROPERTY_SOURCE_CODE).description("source code"), fieldWithPath(codeMetaDataPath + "." + FalsePositiveCodeMetaData.PROPERTY_END).optional().description("end point (sink)"), fieldWithPath(codeMetaDataPath + "." + FalsePositiveCodeMetaData.PROPERTY_END + "." + FalsePositiveCodePartMetaData.PROPERTY_LOCATION).description("location of code"), fieldWithPath(codeMetaDataPath + "." + FalsePositiveCodeMetaData.PROPERTY_END + "." + FalsePositiveCodePartMetaData.PROPERTY_RELEVANT_PART).description("relevant part of source vulnerability"), fieldWithPath(codeMetaDataPath + "." + FalsePositiveCodeMetaData.PROPERTY_END + "." + FalsePositiveCodePartMetaData.PROPERTY_SOURCE_CODE).description("source code"), fieldWithPath(PROPERTY_FALSE_POSITIVES + "[]." + FalsePositiveEntry.PROPERTY_JOBDATA).description("Job data parts, can be used as key to identify false positives"), fieldWithPath(PROPERTY_FALSE_POSITIVES + "[]." + FalsePositiveEntry.PROPERTY_JOBDATA + "." + PROPERTY_JOBUUID).description("SecHub job uuid where finding was"), fieldWithPath(PROPERTY_FALSE_POSITIVES + "[]." + FalsePositiveEntry.PROPERTY_JOBDATA + "." + PROPERTY_FINDINGID).description("SecHub finding identifier - identifies problem inside the job which shall be markeda as a false positive. *ATTENTION*: at the moment only code scan false positive handling is supported. Infra and web scan findings will lead to a non accepted error!"), fieldWithPath(PROPERTY_FALSE_POSITIVES + "[]." + FalsePositiveEntry.PROPERTY_JOBDATA + "." + PROPERTY_COMMENT).optional().description("A comment from author describing why this was marked as a false positive")), pathParameters(parameterWithName(PROJECT_ID.paramName()).description("The project id"))));
/* @formatter:on */
}

Example 28 with UseCaseRestDoc

use of com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc in project sechub by mercedes-benz.

the class FalsePositiveRestControllerRestDocTest method restdoc_unmark_false_positives.

@Test
@UseCaseRestDoc(useCase = UseCaseUserUnmarksFalsePositives.class)
public void restdoc_unmark_false_positives() throws Exception {
    /* prepare */
    String apiEndpoint = https(PORT_USED).buildUserRemovesFalsePositiveEntryFromProject(PROJECT_ID.pathElement(), JOB_UUID.pathElement(), FINDING_ID.pathElement());
    Class<? extends Annotation> useCase = UseCaseUserUnmarksFalsePositives.class;
    int findingId = 42;
    UUID jobUUID = UUID.fromString("f1d02a9d-5e1b-4f52-99e5-401854ccf936");
    /* execute + test @formatter:off */
    this.mockMvc.perform(delete(apiEndpoint, PROJECT1_ID, jobUUID, findingId)).andExpect(status().isOk()).andDo(defineRestService().with().useCaseData(useCase).tag(RestDocFactory.extractTag(apiEndpoint)).and().document(pathParameters(parameterWithName(PROJECT_ID.paramName()).description("The project id"), parameterWithName(JOB_UUID.paramName()).description("Job uuid"), parameterWithName(FINDING_ID.paramName()).description("Finding id - in combination with job UUID this defines the false positive to remove"))));
/* @formatter:on */
}

Example 29 with UseCaseRestDoc

use of com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc in project sechub by mercedes-benz.

the class JobAdministrationRestControllerRestDocTest method restdoc_cancel_job.

@Test
@UseCaseRestDoc(useCase = UseCaseAdminCancelsJob.class)
public void restdoc_cancel_job() throws Exception {
    /* prepare */
    String apiEndpoint = https(PORT_USED).buildAdminCancelsJob(JOB_UUID.pathElement());
    Class<? extends Annotation> useCase = UseCaseAdminCancelsJob.class;
    /* execute + test @formatter:off */
    UUID jobUUID = UUID.randomUUID();
    this.mockMvc.perform(post(apiEndpoint, jobUUID).contentType(MediaType.APPLICATION_JSON_VALUE)).andExpect(status().isOk()).andDo(defineRestService().with().useCaseData(useCase).tag(RestDocFactory.extractTag(apiEndpoint)).and().document(pathParameters(parameterWithName(JOB_UUID.paramName()).description("The job UUID"))));
/* @formatter:on */
}

Example 30 with UseCaseRestDoc

use of com.mercedesbenz.sechub.sharedkernel.usecases.UseCaseRestDoc in project sechub by mercedes-benz.

the class ProjectAdministrationRestControllerRestDocTest method restdoc_change_project_description.

@Test
@UseCaseRestDoc(useCase = UseCaseAdminChangesProjectDescription.class)
public void restdoc_change_project_description() throws Exception {
    /* prepare */
    String apiEndpoint = https(PORT_USED).buildAdminChangesProjectDescriptionUrl(PROJECT_ID.pathElement());
    Class<? extends Annotation> useCase = UseCaseAdminChangesProjectDescription.class;
    Project project = mock(Project.class);
    when(project.getId()).thenReturn("projectId1");
    when(project.getAccessLevel()).thenReturn(ProjectAccessLevel.FULL);
    Set<User> users = new LinkedHashSet<>();
    User user1 = mock(User.class);
    when(user1.getName()).thenReturn("name1");
    User user2 = mock(User.class);
    when(user2.getName()).thenReturn("name2");
    users.add(user1);
    users.add(user2);
    when(project.getUsers()).thenReturn(users);
    when(project.getOwner()).thenReturn(user1);
    Set<URI> whiteList = new LinkedHashSet<>();
    whiteList.add(new URI("http://www.sechub.example.org"));
    when(project.getWhiteList()).thenReturn(whiteList);
    Set<ProjectMetaDataEntity> metaData = new LinkedHashSet<>();
    ProjectMetaDataEntity entry = new ProjectMetaDataEntity("projectId1", "key1", "value1");
    metaData.add(entry);
    when(project.getMetaData()).thenReturn(metaData);
    when(project.getDescription()).thenReturn("description");
    ProjectDetailInformation detailInformation = new ProjectDetailInformation(project);
    when(detailsChangeService.changeProjectDescription(any(), any())).thenReturn(detailInformation);
    /* execute + test @formatter:off */
    this.mockMvc.perform(post(apiEndpoint, "projectId1").content("{\n" + "  \"description\" : \"new description\"\n" + "}").contentType(MediaType.APPLICATION_JSON_VALUE)).andDo(print()).andExpect(status().isOk()).andDo(defineRestService().with().useCaseData(useCase).tag(RestDocFactory.extractTag(apiEndpoint)).responseSchema(OpenApiSchema.PROJECT_DETAILS.getSchema()).and().document(pathParameters(parameterWithName(PROJECT_ID.paramName()).description("The id for project to change details for")), responseFields(fieldWithPath(ProjectDetailInformation.PROPERTY_PROJECT_ID).description("The name of the project."), fieldWithPath(ProjectDetailInformation.PROPERTY_USERS).description("A list of all users having access to the project."), fieldWithPath(ProjectDetailInformation.PROPERTY_OWNER).description("Username of the owner of this project. An owner is the person in charge."), fieldWithPath(ProjectDetailInformation.PROPERTY_WHITELIST).description("A list of all whitelisted URIs. Only these ones can be scanned for the project!"), fieldWithPath(ProjectDetailInformation.PROPERTY_METADATA).description("An JSON object containing metadata key-value pairs defined for this project."), fieldWithPath(ProjectDetailInformation.PROPERTY_METADATA + ".key1").description("An arbitrary metadata key."), fieldWithPath(ProjectDetailInformation.PROPERTY_ACCESSLEVEL).description("The project access level"), fieldWithPath(ProjectDetailInformation.PROPERTY_DESCRIPTION).description("The project description."))));
/* @formatter:on */
}