Skip to content

Commit

Permalink
fix: remove oss-index warning and show tabs at the end
Browse files Browse the repository at this point in the history 
Signed-off-by: Ruben Romero Montes <rromerom@redhat.com>
  • Loading branch information
@ruromero
ruromero committed Dec 5, 2023
1 parent 2e44a57 commit 9925fd6
Show file tree
Hide file tree
Showing 9 changed files with 252 additions and 164 deletions.
2 changes: 1 addition & 1 deletion src/main/java/com/redhat/exhort/integration/providers/snyk/SnykResponseHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ public class SnykResponseHandler extends ProviderResponseHandler {

private static final String SNYK_PRIVATE_VULNERABILITY_ID = "SNYK-PRIVATE-VULNERABILITY";
private static final String SNYK_PRIVATE_VULNERABILITY_TITLE =
"Sign up for a Snyk account to learn aboutn the vulnerabilities found";
"Sign up for a Snyk account to learn about the vulnerabilities found";
@Inject ObjectMapper mapper = ObjectMapperProducer.newInstance();

public ProviderResponse responseToIssues(
Expand Down
2 changes: 1 addition & 1 deletion src/main/resources/freemarker/templates/generated/main.js
View file

Large diffs are not rendered by default.

40 changes: 10 additions & 30 deletions src/test/java/com/redhat/exhort/integration/HtmlReportTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ public void testHtmlWithoutToken() throws IOException {
page = ossIndexSourceBtn.click();

HtmlHeading2 heading = page.getFirstByXPath("//div[@class='pf-v5-c-empty-state__title']/h2");
assertEquals("Oss-Index Set up", heading.getTextContent());
assertEquals("Set up oss-index", heading.getTextContent());

verifySnykRequest(null);
}
Expand Down Expand Up @@ -203,21 +203,11 @@ public void testHtmlUnauthorized() throws IOException {
.asString();

HtmlPage page = extractPage(body);
List<HtmlHeading4> headings = page.getByXPath("//div[@class='pf-v5-c-alert pf-m-warning']/h4");

boolean foundHeading = false;
for (HtmlHeading4 heading : headings) {
String headingText = heading.getTextContent();
if (headingText.contains("Snyk")) {
foundHeading = true;
assertEquals(
"Warning alert:Snyk: Unauthorized: Verify the provided credentials are valid.",
headingText);
break;
}
}
HtmlHeading4 heading = page.getFirstByXPath("//div[@class='pf-v5-c-alert pf-m-warning']/h4");
assertEquals(
"Warning alert:Snyk: Unauthorized: Verify the provided credentials are valid.",
heading.getTextContent());

assertTrue(foundHeading, "No heading with 'Snyk' found for unauthorized html");
// Select the Snyk Source
HtmlButton snykSourceBtn = page.getFirstByXPath("//button[@aria-label='snyk source']");
assertNotNull(snykSourceBtn);
Expand Down Expand Up @@ -250,22 +240,12 @@ public void testHtmlForbidden() throws IOException {
.asString();

HtmlPage page = extractPage(body);
List<HtmlHeading4> headings = page.getByXPath("//div[@class='pf-v5-c-alert pf-m-warning']/h4");

boolean foundHeading = false;
for (HtmlHeading4 heading : headings) {
String headingText = heading.getTextContent();
if (headingText.contains("Snyk")) {
foundHeading = true;
assertEquals(
"Warning alert:Snyk: Forbidden: The provided credentials don't have the required"
+ " permissions.",
headingText);
break;
}
}
HtmlHeading4 heading = page.getFirstByXPath("//div[@class='pf-v5-c-alert pf-m-warning']/h4");
assertEquals(
"Warning alert:Snyk: Forbidden: The provided credentials don't have the required"
+ " permissions.",
heading.getTextContent());

assertTrue(foundHeading, "No heading with 'Snyk' found");
// Select the Snyk Source
HtmlButton snykSourceBtn = page.getFirstByXPath("//button[@aria-label='snyk source']");
assertNotNull(snykSourceBtn);
Expand Down
2 changes: 1 addition & 1 deletion src/test/resources/__files/reports/report_all_no_snyk_token.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@
},
{
"id": "SNYK-PRIVATE-VULNERABILITY",
"title": "Sign up for a Snyk account to learn aboutn the vulnerabilities found",
"title": "Sign up for a Snyk account to learn about the vulnerabilities found",
"source": "snyk",
"cvssScore": 5.9,
"severity": "MEDIUM",
Expand Down
190 changes: 131 additions & 59 deletions src/test/resources/__files/reports/v3/report_all_token.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,13 @@
},
"vulnerabilities": {
"direct": 0,
"total": 7,
"total": 4,
"critical": 0,
"high": 4,
"high": 1,
"medium": 3,
"low": 0
},
"providerStatuses": [
{
"ok": true,
"provider": "oss-index",
"status": 200,
"message": "OK"
},
{
"ok": true,
"provider": "snyk",
Expand All @@ -35,9 +29,9 @@
"ref": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1",
"issues": [
{
"id": "CVE-2020-36518",
"title": "[CVE-2020-36518] CWE-787: Out-of-bounds Write",
"source": "oss-index",
"id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244",
"title": "Denial of Service (DoS)",
"source": "snyk",
"cvss": {
"attackVector": "Network",
"attackComplexity": "Low",
Expand All @@ -57,54 +51,42 @@
"unique": false
},
{
"id": "CVE-2022-42003",
"title": "[CVE-2022-42003] CWE-502: Deserialization of Untrusted Data",
"source": "oss-index",
"cvss": {
"attackVector": "Network",
"attackComplexity": "Low",
"privilegesRequired": "None",
"userInteraction": "None",
"scope": "Unchanged",
"confidentialityImpact": "None",
"integrityImpact": "None",
"availabilityImpact": "High",
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
"cvssScore": 7.5,
"severity": "HIGH",
"cves": [
"CVE-2022-42003"
],
"unique": false
"id": "SNYK-PRIVATE-VULNERABILITY",
"title": "Sign up for a Snyk account to learn aboutn the vulnerabilities found",
"source": "snyk",
"cvssScore": 5.9,
"severity": "MEDIUM",
"unique": true
},
{
"id": "CVE-2022-42004",
"title": "[CVE-2022-42004] CWE-502: Deserialization of Untrusted Data",
"source": "oss-index",
"id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426",
"title": "Denial of Service (DoS)",
"source": "snyk",
"cvss": {
"attackVector": "Network",
"attackComplexity": "Low",
"attackComplexity": "High",
"privilegesRequired": "None",
"userInteraction": "None",
"scope": "Unchanged",
"confidentialityImpact": "None",
"integrityImpact": "None",
"availabilityImpact": "High",
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
"exploitCodeMaturity": "Proof of concept code",
"cvss": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"

},
"cvssScore": 7.5,
"severity": "HIGH",
"cvssScore": 5.9,
"severity": "MEDIUM",
"cves": [
"CVE-2022-42004"
"CVE-2022-42003"
],
"unique": false
}
],
"highestVulnerability": {
"id": "CVE-2020-36518",
"title": "[CVE-2020-36518] CWE-787: Out-of-bounds Write",
"source": "oss-index",
"id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244",
"title": "Denial of Service (DoS)",
"source": "snyk",
"cvss": {
"attackVector": "Network",
"attackComplexity": "Low",
Expand All @@ -126,9 +108,9 @@
}
],
"highestVulnerability": {
"id": "CVE-2020-36518",
"title": "[CVE-2020-36518] CWE-787: Out-of-bounds Write",
"source": "oss-index",
"id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244",
"title": "Denial of Service (DoS)",
"source": "snyk",
"cvss": {
"attackVector": "Network",
"attackComplexity": "Low",
Expand All @@ -148,6 +130,108 @@
"unique": false
}
},
{
"ref": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.5.Final",
"transitive": [
{
"ref": "pkg:maven/org.postgresql/postgresql@42.5.0",
"issues": [
{
"id": "SNYK-JAVA-ORGPOSTGRESQL-3146847",
"title": "Information Exposure",
"source": "snyk",
"cvss": {
"attackVector": "Local",
"attackComplexity": "High",
"privilegesRequired": "Low",
"userInteraction": "None",
"scope": "Unchanged",
"confidentialityImpact": "High",
"integrityImpact": "None",
"availabilityImpact": "None",
"cvss": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"cvssScore": 4.7,
"severity": "MEDIUM",
"cves": [
"CVE-2022-41946"
],
"unique": false
}
],
"highestVulnerability": {
"id": "SNYK-JAVA-ORGPOSTGRESQL-3146847",
"title": "Information Exposure",
"source": "snyk",
"cvss": {
"attackVector": "Local",
"attackComplexity": "High",
"privilegesRequired": "Low",
"userInteraction": "None",
"scope": "Unchanged",
"confidentialityImpact": "High",
"integrityImpact": "None",
"availabilityImpact": "None",
"cvss": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"cvssScore": 4.7,
"severity": "MEDIUM",
"cves": [
"CVE-2022-41946"
],
"unique": false
}
}
],
"highestVulnerability": {
"id": "SNYK-JAVA-ORGPOSTGRESQL-3146847",
"title": "Information Exposure",
"source": "snyk",
"cvss": {
"attackVector": "Local",
"attackComplexity": "High",
"privilegesRequired": "Low",
"userInteraction": "None",
"scope": "Unchanged",
"confidentialityImpact": "High",
"integrityImpact": "None",
"availabilityImpact": "None",
"cvss": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
},
"cvssScore": 4.7,
"severity": "MEDIUM",
"cves": [
"CVE-2022-41946"
],
"unique": false
}
}
]
}
Got: {
"summary": {
"dependencies": {
"scanned": 2,
"transitive": 7
},
"vulnerabilities": {
"direct": 0,
"total": 4,
"critical": 0,
"high": 1,
"medium": 3,
"low": 0
},
"providerStatuses": [
{
"ok": true,
"provider": "snyk",
"status": 200,
"message": "OK"
}
]
},
"dependencies": [
{
"ref": "pkg:maven/io.quarkus/quarkus-hibernate-orm@2.13.5.Final",
"transitive": [
Expand Down Expand Up @@ -177,21 +261,9 @@
"unique": false
},
{
"id": "SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424",
"title": "Denial of Service (DoS)",
"id": "SNYK-PRIVATE-VULNERABILITY",
"title": "Sign up for a Snyk account to learn about the vulnerabilities found",
"source": "snyk",
"cvss": {
"attackVector": "Network",
"attackComplexity": "High",
"privilegesRequired": "None",
"userInteraction": "None",
"scope": "Unchanged",
"confidentialityImpact": "None",
"integrityImpact": "None",
"availabilityImpact": "High",
"exploitCodeMaturity": "Proof of concept code",
"cvss": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"
},
"cvssScore": 5.9,
"severity": "MEDIUM",
"unique": true
Expand Down
Loading

0 comments on commit 9925fd6

Please sign in to comment.