diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/InitialAdminInitializer.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/InitialAdminInitializer.java index 3fd6dfe2e1..682f3531dc 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/InitialAdminInitializer.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/InitialAdminInitializer.java @@ -24,7 +24,7 @@ public class InitialAdminInitializer { @Value("${sechub.initialadmin.email}") @MustBeDocumented(value = "Mail of initial administrator") - String initialAdminEmailAdress; + String initialAdminEmailAddress; @Value("${sechub.initialadmin.apitoken:}") // : so default is empty, making this optional. @MustBeDocumented(value = "An apitoken for initial admin, will only be used in DEV and INTEGRATIONTEST profiles and is optional!") @@ -44,7 +44,7 @@ public CommandLineRunner initialIntegrationTestAdmin(InternalInitialDataService * production data and also run only on a non productive system, so in this case * the usage is okay, because automated integration tests run much faster. */ - internalService.createInitialAdmin(initialAdminUserid, initialAdminEmailAdress, "{noop}" + initialAdminApiToken); + internalService.createInitialAdmin(initialAdminUserid, initialAdminEmailAddress, "{noop}" + initialAdminApiToken); /* * an additional test user, has no rights initial. Only for integration tests, * so password here plain and not configurable @@ -58,7 +58,7 @@ public CommandLineRunner initialIntegrationTestAdmin(InternalInitialDataService @Profile({ Profiles.INITIAL_ADMIN_PREDEFINED }) // used in DEV profile public CommandLineRunner initialSecHubAdmDevelopmentOnly(InternalInitialDataService internalService) { return args -> { - internalService.createInitialAdmin(initialAdminUserid, initialAdminEmailAdress, initialAdminApiToken); + internalService.createInitialAdmin(initialAdminUserid, initialAdminEmailAddress, initialAdminApiToken); }; } @@ -67,7 +67,7 @@ public CommandLineRunner initialSecHubAdmDevelopmentOnly(InternalInitialDataServ @Profile({ Profiles.INITIAL_ADMIN_CREATED }) // used inside PROD profile public CommandLineRunner initialSecHubAdm(InternalInitialDataService internalService) { return args -> { - internalService.createInitialAdmin(initialAdminUserid, initialAdminEmailAdress, UUID.randomUUID().toString()); // uses SecureRandom + internalService.createInitialAdmin(initialAdminUserid, initialAdminEmailAddress, UUID.randomUUID().toString()); // uses SecureRandom }; } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobCancelService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobCancelService.java index 6fcd7b7d27..841581a2b0 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobCancelService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobCancelService.java @@ -79,7 +79,7 @@ private JobMessage buildMessage(UUID jobUUID) { return message; } message.setOwner(jobInfo.owner); - message.setOwnerEmailAddress(optUser.get().getEmailAdress()); + message.setOwnerEmailAddress(optUser.get().getEmailAddress()); return message; } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobInformation.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobInformation.java index 1a916fca83..7145c732da 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobInformation.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobInformation.java @@ -27,7 +27,7 @@ public class JobInformation { /* +-----------------------------------------------------------------------+ */ public static final String TABLE_NAME = "ADM_JOB_INFORMATION"; /** - * Email adress is also the primary key. So no duplicates + * Email address is also the primary key. So no duplicates */ public static final String COLUMN_UUID = "UUID"; public static final String COLUMN_JOB_UUID = "JOB_UUID"; diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobRestartRequestService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobRestartRequestService.java index 3b385dee8c..f33ef36bb5 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobRestartRequestService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/job/JobRestartRequestService.java @@ -97,7 +97,7 @@ private JobMessage buildMessage(UUID jobUUID) { return message; } message.setOwner(jobInfo.owner); - message.setOwnerEmailAddress(optUser.get().getEmailAdress()); + message.setOwnerEmailAddress(optUser.get().getEmailAddress()); return message; } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerService.java index eb59080094..8991f0466e 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectChangeOwnerService.java @@ -102,11 +102,11 @@ private void sendOwnerChangedForProjectEvent(Project project, User previousOwner DomainMessage request = new DomainMessage(MessageID.PROJECT_OWNER_CHANGED); ProjectMessage projectData = new ProjectMessage(); projectData.setProjectId(project.id); - projectData.setPreviousProjectOwnerEmailAddress(previousOwner.getEmailAdress()); - projectData.setProjectOwnerEmailAddress(newOwner.getEmailAdress()); + projectData.setPreviousProjectOwnerEmailAddress(previousOwner.getEmailAddress()); + projectData.setProjectOwnerEmailAddress(newOwner.getEmailAddress()); project.users.forEach(user -> { - projectData.addUserEmailAddress(user.getEmailAdress()); + projectData.addUserEmailAddress(user.getEmailAddress()); }); request.set(MessageDataKeys.PROJECT_OWNER_CHANGE_DATA, projectData); diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteService.java index 1e6bbd5820..019c0afa45 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/project/ProjectDeleteService.java @@ -73,12 +73,12 @@ public void deleteProject(String projectId) { if (owner == null) { LOG.warn("No owner found for project {} while deleting", project.getId()); } else { - message.setProjectOwnerEmailAddress(owner.getEmailAdress()); + message.setProjectOwnerEmailAddress(owner.getEmailAddress()); owner.getOwnedProjects().remove(project); // handle ORM mapping. Avoid cache conflicts } for (User user : project.getUsers()) { - message.addUserEmailAddress(user.getEmailAdress()); + message.addUserEmailAddress(user.getEmailAddress()); user.getProjects().remove(project); // handle ORM mapping. Avoid cache conflicts } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupCreateService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupCreateService.java index e89d1806e8..b6458ca161 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupCreateService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupCreateService.java @@ -54,23 +54,23 @@ public class AnonymousSignupCreateService { @UseCaseUserSignup(@Step(number = 2, name = "Persistence", description = "Valid self registration input will be persisted to database.")) public void register(@Valid SignupJsonInput userSelfRegistrationInput) { String userId = userSelfRegistrationInput.getUserId(); - String emailAdress = userSelfRegistrationInput.getEmailAdress(); + String emailAddress = userSelfRegistrationInput.getEmailAddress(); - LOG.debug("user tries to register himself:{},mail:{}", userId, emailAdress); + LOG.debug("user tries to register himself:{},mail:{}", userId, emailAddress); assertion.assertIsValidUserId(userId); - assertion.assertIsValidEmailAddress(emailAdress); + assertion.assertIsValidEmailAddress(emailAddress); - assertNotAlreadySignedIn(userId, emailAdress); - assertUsernameNotUsedAlready(userId, emailAdress); - assertEmailAdressNotUsedAlready(userId, emailAdress); + assertNotAlreadySignedIn(userId, emailAddress); + assertUsernameNotUsedAlready(userId, emailAddress); + assertEmailAddressNotUsedAlready(userId, emailAddress); Signup entity = new Signup(); - entity.setEmailAdress(emailAdress); + entity.setEmailAddress(emailAddress); entity.setUserId(userId); userSelfRegistrationRepository.save(entity); - LOG.debug("Added registration entry for user:{},mail:{}", entity.getUserId(), entity.getEmailAdress()); + LOG.debug("Added registration entry for user:{},mail:{}", entity.getUserId(), entity.getEmailAddress()); /* trigger event */ informAboutSignupRequest(entity); @@ -81,7 +81,7 @@ private void informAboutSignupRequest(Signup signup) { DomainMessage infoRequest = new DomainMessage(MessageID.USER_SIGNUP_REQUESTED); UserMessage userMessage = new UserMessage(); - userMessage.setEmailAdress(signup.getEmailAdress()); + userMessage.setEmailAddress(signup.getEmailAddress()); userMessage.setUserId(signup.getUserId()); infoRequest.set(MessageDataKeys.USER_SIGNUP_DATA, userMessage); @@ -89,29 +89,29 @@ private void informAboutSignupRequest(Signup signup) { eventBusService.sendAsynchron(infoRequest); } - private void assertEmailAdressNotUsedAlready(String userId, String emailAdress) { - Optional foundUserByMail = userRepository.findByEmailAdress(emailAdress); + private void assertEmailAddressNotUsedAlready(String userId, String emailAddress) { + Optional foundUserByMail = userRepository.findByEmailAddress(emailAddress); if (foundUserByMail.isPresent()) { - LOG.warn("Self registration coming in for emailadress:{} and user:{} but an existing user does already have this email adress. So not accepted", - emailAdress, userId); + LOG.warn("Self registration coming in for email address:{} and user:{} but an existing user does already have this email address. So not accepted", + emailAddress, userId); handleRegistrationNotPossible(); } } - private void assertUsernameNotUsedAlready(String userId, String emailAdress) { + private void assertUsernameNotUsedAlready(String userId, String emailAddress) { Optional foundUser = userRepository.findById(userId); if (foundUser.isPresent()) { - LOG.warn("Self registration coming in for emailadress:{} and user:{} but existing user found by name. So not accepted", emailAdress, userId); + LOG.warn("Self registration coming in for email address:{} and user:{} but existing user found by name. So not accepted", emailAddress, userId); handleRegistrationNotPossible(); } } - private void assertNotAlreadySignedIn(String userId, String emailAdress) { + private void assertNotAlreadySignedIn(String userId, String emailAddress) { Optional found = userSelfRegistrationRepository.findById(userId); if (found.isPresent()) { - LOG.warn("Self registration coming in for emailadress:{} and user:{} but signup already exists. So not accepted", emailAdress, userId); + LOG.warn("Self registration coming in for email address:{} and user:{} but signup already exists. So not accepted", emailAddress, userId); handleRegistrationNotPossible(); } } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/Signup.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/Signup.java index 1ae5683dd4..031b8359ae 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/Signup.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/Signup.java @@ -19,9 +19,9 @@ public class Signup { public static final String TABLE_NAME = "ADM_USER_SELFREGISTRATION"; /** - * Email adress is also the primary key. So no duplicates + * Email address is also the primary key. So no duplicates */ - public static final String COLUMN_EMAIL_ADRESS = "EMAIL_ADRESS"; + public static final String COLUMN_EMAIL_ADDRESS = "EMAIL_ADDRESS"; public static final String COLUMN_USER_ID = "USER_ID"; /* +-----------------------------------------------------------------------+ */ @@ -33,23 +33,23 @@ public class Signup { @Column(name = COLUMN_USER_ID) String userId; - @Column(name = COLUMN_EMAIL_ADRESS, nullable = false) - String emailAdress; + @Column(name = COLUMN_EMAIL_ADDRESS, nullable = false) + String emailAddress; @Version @Column(name = "VERSION") Integer version; - public void setEmailAdress(String emailAdress) { - this.emailAdress = emailAdress; + public void setEmailAddress(String emailAddress) { + this.emailAddress = emailAddress; } public void setUserId(String userId) { this.userId = userId; } - public String getEmailAdress() { - return emailAdress; + public String getEmailAddress() { + return emailAddress; } public String getUserId() { diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupJsonInput.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupJsonInput.java index c840cd8668..7cd20467f4 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupJsonInput.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupJsonInput.java @@ -11,11 +11,11 @@ public class SignupJsonInput implements JSONable { public static final String PROPERTY_API_VERSION = "apiVersion"; public static final String PROPERTY_USER_ID = "userId"; - public static final String PROPERTY_EMAIL_ADRESS = "emailAdress"; + public static final String PROPERTY_EMAIL_ADDRESS = "emailAddress"; private String apiVersion; private String userId; - private String emailAdress; + private String emailAddress; @Override public Class getJSONTargetClass() { @@ -38,12 +38,17 @@ public void setUserId(String userId) { this.userId = userId; } - public String getEmailAdress() { - return emailAdress; + public String getEmailAddress() { + return emailAddress; } - public void setEmailAdress(String emailAdress) { - this.emailAdress = emailAdress; + @Deprecated // This method is only for backward compatibility + public void setEmailAdress(String emailAddress) { + this.setEmailAddress(emailAddress); + } + + public void setEmailAddress(String emailAddress) { + this.emailAddress = emailAddress; } } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupJsonInputValidator.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupJsonInputValidator.java index 7d73dd9201..54399062c5 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupJsonInputValidator.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/signup/SignupJsonInputValidator.java @@ -62,9 +62,9 @@ public void validate(Object target, Errors errors) { return; } - ValidationResult emailValidationResult = emailValidation.validate(selfRegistration.getEmailAdress()); + ValidationResult emailValidationResult = emailValidation.validate(selfRegistration.getEmailAddress()); if (!emailValidationResult.isValid()) { - errors.rejectValue(PROPERTY_EMAIL_ADRESS, "api.error.email.invalid", "Invalid email adress"); + errors.rejectValue(PROPERTY_EMAIL_ADDRESS, "api.error.email.invalid", "Invalid email address"); return; } LOG.debug("Selfregistration of {} was accepted", selfRegistration.getUserId()); diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserGetAPITokenByOneTimeTokenService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserGetAPITokenByOneTimeTokenService.java index 624b576111..801981257f 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserGetAPITokenByOneTimeTokenService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserGetAPITokenByOneTimeTokenService.java @@ -103,7 +103,7 @@ public String createNewAPITokenForUserByOneTimeToken(String oneTimeToken) { private void sendUserAPITokenChanged(User user) { DomainMessage request = new DomainMessage(MessageID.USER_API_TOKEN_CHANGED); UserMessage message = new UserMessage(); - message.setEmailAdress(user.getEmailAdress()); + message.setEmailAddress(user.getEmailAddress()); message.setUserId(user.getName()); message.setHashedApiToken(user.getHashedApiToken()); diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestNewApiTokenRestController.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestNewApiTokenRestController.java index d1847996a4..0522f1f264 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestNewApiTokenRestController.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestNewApiTokenRestController.java @@ -30,9 +30,9 @@ public class AnonymousUserRequestNewApiTokenRestController { @CrossOrigin /* to allow call from getsechub.detss and maybe other sites using javascript */ @UseCaseUserRequestsNewApiToken(@Step(number=1, name="Rest API call",description="Rest api called to request new user api token. Normally done by user itself",needsRestDoc=true)) @RequestMapping(path = AdministrationAPIConstants.API_REQUEST_NEW_APITOKEN, method = RequestMethod.POST) - public void anonymousRequestToGetNewApiTokenForUserMailAdress(@PathVariable(name="emailAddress") String emailAdress) { + public void anonymousRequestToGetNewApiTokenForUserEmailAddress(@PathVariable(name="emailAddress") String emailAddress) { /* @formatter:on */ - newApiTokenService.anonymousRequestToGetNewApiTokenForUserMailAdress(emailAdress); + newApiTokenService.anonymousRequestToGetNewApiTokenForUserEmailAddress(emailAddress); } } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenService.java index 8b20499210..61924c2110 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenService.java @@ -44,12 +44,12 @@ public class AnonymousUserRequestsNewApiTokenService { @Autowired UserInputAssertion assertion; - public void anonymousRequestToGetNewApiTokenForUserMailAdress(String userEmail) { + public void anonymousRequestToGetNewApiTokenForUserEmailAddress(String userEmail) { LOG.info("New api token requested for email address: {})", logSanitizer.sanitize(userEmail, 50)); assertion.assertIsValidEmailAddress(userEmail); - Optional found = userRepository.findByEmailAdress(userEmail); + Optional found = userRepository.findByEmailAddress(userEmail); if (!found.isPresent()) { /* we just do nothing here - prevent user enumeration by hacking... */ LOG.warn("Anonymous request to get new api token, but user unknown: {})", logSanitizer.sanitize(userEmail, 50)); @@ -66,7 +66,7 @@ private void sendUserNewApiTokenRequested(String userEmail, User user) { /* we just send info about new api token */ DomainMessage infoRequest = new DomainMessage(MessageID.USER_NEW_API_TOKEN_REQUESTED); UserMessage userMessage = new UserMessage(); - userMessage.setEmailAdress(userEmail); + userMessage.setEmailAddress(userEmail); /* * Security: we do NOT use userid inside this link - if some body got diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/InternalInitialDataService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/InternalInitialDataService.java index 3396addcaf..7ad635289c 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/InternalInitialDataService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/InternalInitialDataService.java @@ -47,23 +47,23 @@ public class InternalInitialDataService { * gained administrator rights * * @param userId - * @param emailAdress - * @param fixApiToken - use "{nooop}" as prefix to prevent token encryption + * @param emailAddress + * @param fixApiToken - use "{nooop}" as prefix to prevent token encryption */ - public void createInitialAdmin(String userId, String emailAdress, String fixApiToken) { - internalCreateInitialUser(userId, emailAdress, fixApiToken, true); + public void createInitialAdmin(String userId, String emailAddress, String fixApiToken) { + internalCreateInitialUser(userId, emailAddress, fixApiToken, true); } /** * Creates an initial test user * * @param userId - * @param emailAdress + * @param emailAddress * @param unencryptedAPItoken - use "{nooop}" as prefix to prevent token * encryption */ - public void createInitialTestUser(String userId, String emailAdress, String unencryptedAPItoken) { - internalCreateInitialUser(userId, emailAdress, unencryptedAPItoken, false); + public void createInitialTestUser(String userId, String emailAddress, String unencryptedAPItoken) { + internalCreateInitialUser(userId, emailAddress, unencryptedAPItoken, false); } private void internalCreateInitialUser(String userId, String emailAddress, String unencryptedAPItoken, boolean createAsSuperAdmin) { @@ -121,7 +121,7 @@ private User createUser(String userId, String emailAddress, String fixApiToken, } else { user.hashedApiToken = encryptPassword(fixApiToken); } - user.emailAdress = emailAddress; + user.emailAddress = emailAddress; user.superAdmin = superAdmin; userRepository.save(user); @@ -174,7 +174,7 @@ private UserMessage createInitialUserAuthData(User user) { UserMessage authDataHashed = new UserMessage(); authDataHashed.setUserId(user.getName()); - authDataHashed.setEmailAdress(user.getEmailAdress()); + authDataHashed.setEmailAddress(user.getEmailAddress()); return authDataHashed; } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/User.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/User.java index de3d168d06..26f178b4a0 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/User.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/User.java @@ -37,7 +37,7 @@ public class User { public static final String COLUMN_USER_ONE_TIME_TOKEN_CREATED = "USER_OTT_CREATED"; public static final String COLUMN_USER_ENABLED = "USER_ENABLED"; - public static final String COLUMN_EMAIL_ADRESS = "USER_EMAIL_ADRESS"; + public static final String COLUMN_EMAIL_ADDRESS = "USER_EMAIL_ADDRESS"; public static final String COLUMN_USER_ROLES = "USER_ROLES"; public static final String COLUMN_USER_SUPERADMIN = "USER_SUPERADMIN"; public static final String COLUMN_USER_DEACTIVATED = "USER_DEACTIVATED"; @@ -54,8 +54,8 @@ public class User { @Column(name = COLUMN_USER_ID, unique = true, nullable = false) String name; - @Column(name = COLUMN_EMAIL_ADRESS, unique = true, nullable = false) - String emailAdress; + @Column(name = COLUMN_EMAIL_ADDRESS, unique = true, nullable = false) + String emailAddress; @Column(name = COLUMN_USER_HASHED_API_TOKEN, nullable = false) String hashedApiToken; @@ -100,8 +100,8 @@ public boolean isDeactivated() { return deactivated; } - public String getEmailAdress() { - return emailAdress; + public String getEmailAddress() { + return emailAddress; } public String getName() { diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java index fd5ae0be1c..2208d9849f 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java @@ -81,14 +81,14 @@ public void createUserFromSelfRegistration(String userId) { return; } - String emailAdress = selfRegistration.get().getEmailAdress(); - assertion.assertIsValidEmailAddress(emailAdress); + String emailAddress = selfRegistration.get().getEmailAddress(); + assertion.assertIsValidEmailAddress(emailAddress); - found = userRepository.findByEmailAdress(emailAdress); + found = userRepository.findByEmailAddress(emailAddress); if (found.isPresent()) { - LOG.warn("Self registration coming in for user:{} but mailadress {} already exists. So just removing self registration entry", sanitizedLogUserId, - emailAdress); + LOG.warn("Self registration coming in for user:{} but email address {} already exists. So just removing self registration entry", + sanitizedLogUserId, emailAddress); selfRegistrationRepository.deleteById(userId); return; } @@ -99,7 +99,7 @@ public void createUserFromSelfRegistration(String userId) { user.name = userId; user.hashedApiToken = "";// leave it empty, so API auth is disabled - will be filled later after user has // clicked to link - user.emailAdress = emailAdress; + user.emailAddress = emailAddress; user.oneTimeToken = oneTimeToken; user.oneTimeTokenDate = new Date(); @@ -132,7 +132,7 @@ private void informUserAboutSignupAccepted(User user) { /* we just send info about new api token */ DomainMessage infoRequest = new DomainMessage(MessageID.USER_NEW_API_TOKEN_REQUESTED); UserMessage userMessage = new UserMessage(); - userMessage.setEmailAdress(user.getEmailAdress()); + userMessage.setEmailAddress(user.getEmailAddress()); /* * Security: we do NOT use userid inside this link - if some body got @@ -153,7 +153,7 @@ private UserMessage createInitialUserAuthData(User user) { UserMessage authDataHashed = new UserMessage(); authDataHashed.setUserId(user.getName()); - authDataHashed.setEmailAdress(user.getEmailAdress()); + authDataHashed.setEmailAddress(user.getEmailAddress()); return authDataHashed; } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteService.java index 424b702d8f..3d9fe39669 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDeleteService.java @@ -68,7 +68,7 @@ public void deleteUser(String userId) { /* create message containing data before user is deleted */ UserMessage message = new UserMessage(); message.setUserId(user.getName()); - message.setEmailAdress(user.getEmailAdress()); + message.setEmailAddress(user.getEmailAddress()); userRepository.deleteUserWithAssociations(user.getName()); diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformation.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformation.java index 54b97eea3d..46fab0a603 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformation.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformation.java @@ -32,7 +32,7 @@ public class UserDetailInformation { public UserDetailInformation(User user) { this.userId = user.getName(); - this.email = user.getEmailAdress(); + this.email = user.getEmailAddress(); for (Project project : user.getProjects()) { this.projects.add(project.getId()); diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformationService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformationService.java index e9c4b405bd..76115c02d2 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformationService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserDetailInformationService.java @@ -63,7 +63,7 @@ public UserDetailInformation fetchDetailsByEmailAddress(String emailAddress) { assertion.assertIsValidEmailAddress(emailAddress); - User user = userRepository.findOrFailUserByEmailAdress(emailAddress); + User user = userRepository.findOrFailUserByEmailAddress(emailAddress); return new UserDetailInformation(user); } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateService.java index 464bd5f14d..5e27aa8170 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateService.java @@ -56,20 +56,20 @@ public void updateUserEmailAddress(String userId, String newEmailAddress) { assertion.assertIsValidEmailAddress(newEmailAddress); User user = userRepository.findOrFailUser(userId); - String formerEmailAddress = user.getEmailAdress(); + String formerEmailAddress = user.getEmailAddress(); if (newEmailAddress.equalsIgnoreCase(formerEmailAddress)) { throw new NotAcceptableException("User has already this email address"); } /* parameters valid, we audit log the change */ - auditLogService.log("Changed email adress of user {}", logSanitizer.sanitize(userId, 30)); + auditLogService.log("Changed email address of user {}", logSanitizer.sanitize(userId, 30)); - user.emailAdress = newEmailAddress; + user.emailAddress = newEmailAddress; /* create message containing data before user email has changed */ UserMessage message = new UserMessage(); message.setUserId(user.getName()); - message.setEmailAdress(user.getEmailAdress()); + message.setEmailAddress(user.getEmailAddress()); message.setFormerEmailAddress(formerEmailAddress); message.setSubject("A SecHub administrator has changed your email address"); diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserGrantSuperAdminRightsService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserGrantSuperAdminRightsService.java index b66e0f88a6..c522b58efd 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserGrantSuperAdminRightsService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserGrantSuperAdminRightsService.java @@ -76,7 +76,7 @@ public void grantSuperAdminRightsFor(String userId) { @IsSendingAsyncMessage(MessageID.USER_BECOMES_SUPERADMIN) private void informUserBecomesSuperadmin(User user) { eventBusService - .sendAsynchron(DomainMessageFactory.createUserBecomesSuperAdmin(user.getName(), user.getEmailAdress(), sechubEnvironment.getServerBaseUrl())); + .sendAsynchron(DomainMessageFactory.createUserBecomesSuperAdmin(user.getName(), user.getEmailAddress(), sechubEnvironment.getServerBaseUrl())); } @IsSendingAsyncMessage(MessageID.REQUEST_USER_ROLE_RECALCULATION) diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRepository.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRepository.java index 5b5bf9ade3..b529ec74c5 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRepository.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRepository.java @@ -19,10 +19,10 @@ public default User findOrFailUser(String userId) { return foundUser.get(); } - Optional findByEmailAdress(String emailAdress); + Optional findByEmailAddress(String emailAddress); - public default User findOrFailUserByEmailAdress(String emailAddress) { - Optional foundUser = findByEmailAdress(emailAddress); + public default User findOrFailUserByEmailAddress(String emailAddress) { + Optional foundUser = findByEmailAddress(emailAddress); if (!foundUser.isPresent()) { throw new NotFoundException("No user with email address '" + emailAddress + "' found!"); } diff --git a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRevokeSuperAdminRightsService.java b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRevokeSuperAdminRightsService.java index 02823e682a..d337209910 100644 --- a/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRevokeSuperAdminRightsService.java +++ b/sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/user/UserRevokeSuperAdminRightsService.java @@ -90,7 +90,7 @@ private void assertNotLastSuperAdmin() { @IsSendingAsyncMessage(MessageID.USER_NO_LONGER_SUPERADMIN) private void informUserNoLongerSuperadmin(User user) { eventBusService - .sendAsynchron(DomainMessageFactory.createUserNoLongerSuperAdmin(user.getName(), user.getEmailAdress(), secHubEnvironment.getServerBaseUrl())); + .sendAsynchron(DomainMessageFactory.createUserNoLongerSuperAdmin(user.getName(), user.getEmailAddress(), secHubEnvironment.getServerBaseUrl())); } @IsSendingAsyncMessage(MessageID.REQUEST_USER_ROLE_RECALCULATION) diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/UserRepositoryDBTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/UserRepositoryDBTest.java index fb7093cd2b..855c23d026 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/UserRepositoryDBTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/UserRepositoryDBTest.java @@ -60,19 +60,19 @@ public void before() { } @Test - public void findOrFailUserByEmailAdress_user_found_by_email_address() { + public void findOrFailUserByEmailAddress_user_found_by_email_address() { /* execute */ - User user = userRepository.findOrFailUserByEmailAdress("db_test_testuser1@example.org"); + User user = userRepository.findOrFailUserByEmailAddress("db_test_testuser1@example.org"); /* test */ assertEquals(user1, user); } @Test - public void findOrFailUserByEmailAdress_user_NOT_found_by_email_address() { + public void findOrFailUserByEmailAddress_user_NOT_found_by_email_address() { /* execute */ NotFoundException exception = assertThrows(NotFoundException.class, - () -> userRepository.findOrFailUserByEmailAdress("db_test_testuser_not_existing@example.org")); + () -> userRepository.findOrFailUserByEmailAddress("db_test_testuser_not_existing@example.org")); /* test */ assertEquals("No user with email address 'db_test_testuser_not_existing@example.org' found!", exception.getMessage()); diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java index bf591fc69e..2610e42d2f 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java @@ -65,7 +65,7 @@ public void calling_with_api_1_0_and_valid_userid_and_email_calls_signup_create_ this.mockMvc.perform( post(https(PORT_USED).buildUserSignUpUrl()). contentType(MediaType.APPLICATION_JSON_VALUE). - content("{\"apiVersion\":\"1.0\",\"userId\":\"valid_userid\",\"emailAdress\":\"valid_mailadress@test.com\"}") + content("{\"apiVersion\":\"1.0\",\"userId\":\"valid_userid\",\"emailAddress\":\"valid_emailaddress@example.org\"}") ). andExpect(status().isOk() ); @@ -82,7 +82,7 @@ public void calling_with_api_X_0_and_valid_userid_and_email_returns_HTTP_400_BAD this.mockMvc.perform( post(https(PORT_USED).buildUserSignUpUrl()). contentType(MediaType.APPLICATION_JSON_VALUE). - content("{\"apiVersion\":\"X.0\",\"userId\":\"\",\"emailAdress\":\"test@test.com\"}") + content("{\"apiVersion\":\"X.0\",\"userId\":\"\",\"emailAddress\":\"test@example.org\"}") ). andExpect(status().isBadRequest() ); @@ -128,7 +128,7 @@ public void calling_with_api_1_0_and_userid_not_set_but_valid_email_returns_HTTP this.mockMvc.perform( post(https(PORT_USED).buildUserSignUpUrl()). contentType(MediaType.APPLICATION_JSON_VALUE). - content(createUserSelfRegistration("X.0", "test@test.com", null).toJSON()) + content(createUserSelfRegistration("X.0", "test@example.org", null).toJSON()) ). andExpect(status().isBadRequest() ); @@ -163,7 +163,7 @@ private SignupJsonInput createUserSelfRegistration(String api, String email, Str SignupJsonInput created = new SignupJsonInput(); created.setApiVersion(api); - created.setEmailAdress(email); + created.setEmailAddress(email); created.setUserId(name); return created; } diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java index d5eec56574..bfe18f5c7e 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java @@ -69,11 +69,11 @@ public void listUserSignups_results_in_a_filled_list_when_2_signups_exist() thro /* prepare */ List list = new ArrayList<>(); Signup signup1 = new Signup(); - signup1.setEmailAdress("sechub.test1@example.org"); + signup1.setEmailAddress("sechub.test1@example.org"); signup1.setUserId("sechub.test1"); Signup signup2 = new Signup(); - signup2.setEmailAdress("sechub.test2@example.org"); + signup2.setEmailAddress("sechub.test2@example.org"); signup2.setUserId("sechub.test2"); list.add(signup1); @@ -86,10 +86,10 @@ public void listUserSignups_results_in_a_filled_list_when_2_signups_exist() thro ). andExpect(status().isOk()). andExpect(jsonPath("$.[0].userId", equalTo("sechub.test1"))). - andExpect(jsonPath("$.[0].emailAdress", equalTo("sechub.test1@example.org"))). + andExpect(jsonPath("$.[0].emailAddress", equalTo("sechub.test1@example.org"))). andExpect(jsonPath("$.[1].userId", equalTo("sechub.test2"))). - andExpect(jsonPath("$.[1].emailAdress", equalTo("sechub.test2@example.org")) + andExpect(jsonPath("$.[1].emailAddress", equalTo("sechub.test2@example.org")) ); diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupCreateServiceTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupCreateServiceTest.java index fdf4d22896..10fc554851 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupCreateServiceTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/signup/SignupCreateServiceTest.java @@ -36,8 +36,8 @@ public void before() { public void a_created_signup_sends_event_containing_userid_and_email() { /* prepare */ SignupJsonInput userSelfRegistrationInput = mock(SignupJsonInput.class); - when(userSelfRegistrationInput.getUserId()).thenReturn("schlaubi"); - when(userSelfRegistrationInput.getEmailAdress()).thenReturn("schlaubi@schlumpfhausen.de"); + when(userSelfRegistrationInput.getUserId()).thenReturn("adam42"); + when(userSelfRegistrationInput.getEmailAddress()).thenReturn("adam42@example.org"); /* execute */ serviceToTest.register(userSelfRegistrationInput); @@ -51,8 +51,8 @@ public void a_created_signup_sends_event_containing_userid_and_email() { UserMessage signupDataInMessage = messageSendByService.get(MessageDataKeys.USER_SIGNUP_DATA); assertNotNull("no signup data inside message!", signupDataInMessage); // check event contains expected data - assertEquals("schlaubi", signupDataInMessage.getUserId()); - assertEquals("schlaubi@schlumpfhausen.de", signupDataInMessage.getEmailAdress()); + assertEquals("adam42", signupDataInMessage.getUserId()); + assertEquals("adam42@example.org", signupDataInMessage.getEmailAddress()); } } diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenServiceTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenServiceTest.java index b127d1e383..758cfa58a3 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenServiceTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenServiceTest.java @@ -50,35 +50,35 @@ public void before() { @Test public void service_uses_assertion_validate_mail() throws Exception { /* execute */ - serviceToTest.anonymousRequestToGetNewApiTokenForUserMailAdress("user@test.com"); + serviceToTest.anonymousRequestToGetNewApiTokenForUserEmailAddress("user@example.org"); /* test */ - verify(mockedUserAssertion).assertIsValidEmailAddress("user@test.com"); + verify(mockedUserAssertion).assertIsValidEmailAddress("user@example.org"); } @Test - public void when_emailadress_not_found_no_exception_is_thrown() throws Exception { + public void when_emailaddress_not_found_no_exception_is_thrown() throws Exception { /* prepare */ - when(mockedUserRepository.findByEmailAdress("user@test.com")).thenReturn(Optional.empty()); + when(mockedUserRepository.findByEmailAddress("user@example.org")).thenReturn(Optional.empty()); /* execute */ - serviceToTest.anonymousRequestToGetNewApiTokenForUserMailAdress("user@test.com"); + serviceToTest.anonymousRequestToGetNewApiTokenForUserEmailAddress("user@example.org"); } @Test - public void when_emailadress_found_a_new_async_event_is_sent_eventbus() throws Exception { + public void when_emailaddress_found_a_new_async_event_is_sent_eventbus() throws Exception { User user = new User(); - user.emailAdress = "user@test.com"; + user.emailAddress = "user@example.org"; user.name = "testuser"; /* prepare */ - when(mockedUserRepository.findByEmailAdress("user@test.com")).thenReturn(Optional.of(user)); + when(mockedUserRepository.findByEmailAddress("user@example.org")).thenReturn(Optional.of(user)); /* execute */ - serviceToTest.anonymousRequestToGetNewApiTokenForUserMailAdress("user@test.com"); + serviceToTest.anonymousRequestToGetNewApiTokenForUserEmailAddress("user@example.org"); /* test */ ArgumentCaptor domainMessageCaptor = ArgumentCaptor.forClass(DomainMessage.class); @@ -90,22 +90,22 @@ public void when_emailadress_found_a_new_async_event_is_sent_eventbus() throws E assertNotNull("no refersh api key data inside message!", refreshApiKeyMessage); // check event contains expected data assertNull(refreshApiKeyMessage.getUserId()); // user id not inside - assertEquals("user@test.com", refreshApiKeyMessage.getEmailAdress()); + assertEquals("user@example.org", refreshApiKeyMessage.getEmailAddress()); } @Test - public void when_emailadress_found__onetimetoken_created_and_persisted() throws Exception { + public void when_emailaddress_found__onetimetoken_created_and_persisted() throws Exception { User user = new User(); - user.emailAdress = "user@test.com"; + user.emailAddress = "user@example.org"; user.name = "testuser"; /* prepare */ - when(mockedUserRepository.findByEmailAdress("user@test.com")).thenReturn(Optional.of(user)); + when(mockedUserRepository.findByEmailAddress("user@example.org")).thenReturn(Optional.of(user)); /* execute */ - serviceToTest.anonymousRequestToGetNewApiTokenForUserMailAdress("user@test.com"); + serviceToTest.anonymousRequestToGetNewApiTokenForUserEmailAddress("user@example.org"); /* test */ assertEquals(FAKE_ONE_TIME_TOKEN, user.oneTimeToken); diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/TestUserCreationFactory.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/TestUserCreationFactory.java index 70b6a744bf..f357f7535f 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/TestUserCreationFactory.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/TestUserCreationFactory.java @@ -6,7 +6,7 @@ public class TestUserCreationFactory { public static User createUser(String userId) { User user = new User(); user.name = userId; - user.emailAdress = userId + "@example.org"; + user.emailAddress = userId + "@example.org"; user.hashedApiToken = "12345678"; return user; } diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java index cedb0a665f..0949286721 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java @@ -94,7 +94,7 @@ public void show_user_details_returns_result_of_detail_service() throws Exceptio /* prepare */ User user = mock(User.class); when(user.getName()).thenReturn("user1"); - when(user.getEmailAdress()).thenReturn("user1@example.org"); + when(user.getEmailAddress()).thenReturn("user1@example.org"); Set projects = new LinkedHashSet<>(); Project project1 = mock(Project.class); @@ -126,7 +126,7 @@ public void show_user_details_for_email_address_returns_result_of_detail_service User user = mock(User.class); when(user.getName()).thenReturn(userId); - when(user.getEmailAdress()).thenReturn(emailAddress); + when(user.getEmailAddress()).thenReturn(emailAddress); Set projects = new LinkedHashSet<>(); Project project1 = mock(Project.class); diff --git a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateServiceTest.java b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateServiceTest.java index 2d8c2c30d3..93659e6932 100644 --- a/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateServiceTest.java +++ b/sechub-administration/src/test/java/com/mercedesbenz/sechub/domain/administration/user/UserEmailAddressUpdateServiceTest.java @@ -116,7 +116,7 @@ void asserts_email_parameter_before_user_is_fetched_from_db() { doThrow(TestCanaryException.class).when(assertion).assertIsValidEmailAddress(any()); /* execute + test */ - assertThrows(TestCanaryException.class, () -> serviceToTest.updateUserEmailAddress("notfound", "not-a-valid-email-adress")); + assertThrows(TestCanaryException.class, () -> serviceToTest.updateUserEmailAddress("notfound", "not-a-valid-email-address")); } @Test @@ -138,7 +138,7 @@ void when_assertions_do_not_handle_null_email_user_repository_would_be_called_wi } @Test - void throws_not_acceptable_when_same_mail_adress_as_before() { + void throws_not_acceptable_when_same_email_address_as_before() { /* prepare */ User knownUser1 = createKnownUser1(); when(userRepository.findOrFailUser(KNOWN_USER1)).thenReturn(knownUser1); @@ -169,7 +169,7 @@ void saves_user_when_parameters_are_valid() { // check the user object has new mail address when saved: ArgumentCaptor userCaptor = ArgumentCaptor.forClass(User.class); verify(userRepository).save(userCaptor.capture()); - assertEquals("new.user1@example.com", userCaptor.getValue().getEmailAdress()); + assertEquals("new.user1@example.com", userCaptor.getValue().getEmailAddress()); } @Test @@ -189,14 +189,14 @@ void sends_event_with_user_data_when_parameters_are_valid() { assertNotNull(userMessage); assertEquals(KNOWN_USER1, userMessage.getUserId()); - assertEquals("new.user1@example.com", userMessage.getEmailAdress()); + assertEquals("new.user1@example.com", userMessage.getEmailAddress()); assertEquals("former.user1@example.com", userMessage.getFormerEmailAddress()); } private User createKnownUser1() { User user = new User(); user.name = KNOWN_USER1; - user.emailAdress = "former.user1@example.com"; + user.emailAddress = "former.user1@example.com"; return user; } diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/MockedSecHubClient.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/MockedSecHubClient.java index 7e613a31ce..16ff427e2e 100644 --- a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/MockedSecHubClient.java +++ b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/MockedSecHubClient.java @@ -130,7 +130,7 @@ public void createSignup(UserSignup signUp) throws SecHubClientException { throw new SecHubClientException("User already exists!"); } OpenUserSignup openSignup = new OpenUserSignup(); - openSignup.setEmailAdress(signUp.getEmailAdress()); + openSignup.setEmailAddress(signUp.getEmailAddress()); openSignup.setUserId(userId); openSignups.put(userId, openSignup); } @@ -272,7 +272,7 @@ public Path downloadFullScanLog(UUID sechubJobUUID, Path downloadFilePath) throw } private User createUser(OpenUserSignup found) { - return new User(found.getUserId(), found.getEmailAdress()); + return new User(found.getUserId(), found.getEmailAddress()); } private String createUserToProjectUniqueIdentifier(String user, String projectId) { diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/OpenUserSignup.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/OpenUserSignup.java index 1cc3a0e4c6..f130bf1c27 100644 --- a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/OpenUserSignup.java +++ b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/OpenUserSignup.java @@ -50,16 +50,16 @@ com.mercedesbenz.sechub.api.internal.gen.model.OpenApiListOfSignupsInner getDele return internalAccess.getDelegate(); } - public String getEmailAdress() { - return internalAccess.getEmailAdress(); + public String getEmailAddress() { + return internalAccess.getEmailAddress(); } public String getUserId() { return internalAccess.getUserId(); } - public void setEmailAdress(String emailAdress) { - internalAccess.setEmailAdress(emailAdress); + public void setEmailAddress(String emailAddress) { + internalAccess.setEmailAddress(emailAddress); } public void setUserId(String userId) { diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/UserSignup.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/UserSignup.java index e835e38bee..9091c6bd80 100644 --- a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/UserSignup.java +++ b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/UserSignup.java @@ -54,8 +54,8 @@ public String getApiVersion() { return internalAccess.getApiVersion(); } - public String getEmailAdress() { - return internalAccess.getEmailAdress(); + public String getEmailAddress() { + return internalAccess.getEmailAddress(); } public String getUserId() { @@ -66,8 +66,8 @@ public void setApiVersion(String apiVersion) { internalAccess.setApiVersion(apiVersion); } - public void setEmailAdress(String emailAdress) { - internalAccess.setEmailAdress(emailAdress); + public void setEmailAddress(String emailAddress) { + internalAccess.setEmailAddress(emailAddress); } public void setUserId(String userId) { diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/model/InternalAccessOpenUserSignup.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/model/InternalAccessOpenUserSignup.java index 7a9f062cfd..bfa0380bc2 100644 --- a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/model/InternalAccessOpenUserSignup.java +++ b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/model/InternalAccessOpenUserSignup.java @@ -31,16 +31,16 @@ protected void initDelegateWithDefaults() { /* child classes can override this */ } - public String getEmailAdress() { - return delegate.getEmailAdress(); + public String getEmailAddress() { + return delegate.getEmailAddress(); } public String getUserId() { return delegate.getUserId(); } - public void setEmailAdress(String emailAdress) { - delegate.setEmailAdress(emailAdress); + public void setEmailAddress(String emailAddress) { + delegate.setEmailAddress(emailAddress); } public void setUserId(String userId) { diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/model/InternalAccessUserSignup.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/model/InternalAccessUserSignup.java index 9daf521f73..2064cc2ff6 100644 --- a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/model/InternalAccessUserSignup.java +++ b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/model/InternalAccessUserSignup.java @@ -35,8 +35,8 @@ public String getApiVersion() { return delegate.getApiVersion(); } - public String getEmailAdress() { - return delegate.getEmailAdress(); + public String getEmailAddress() { + return delegate.getEmailAddress(); } public String getUserId() { @@ -47,8 +47,8 @@ public void setApiVersion(String apiVersion) { delegate.setApiVersion(apiVersion); } - public void setEmailAdress(String emailAdress) { - delegate.setEmailAdress(emailAdress); + public void setEmailAddress(String emailAddress) { + delegate.setEmailAddress(emailAddress); } public void setUserId(String userId) { diff --git a/sechub-api-java/src/main/resources/reduced-openapi3.json b/sechub-api-java/src/main/resources/reduced-openapi3.json index 2c197c4e89..cae5c4df20 100644 --- a/sechub-api-java/src/main/resources/reduced-openapi3.json +++ b/sechub-api-java/src/main/resources/reduced-openapi3.json @@ -539,7 +539,7 @@ "items": { "type": "object", "properties": { - "emailAdress": { + "emailAddress": { "type": "string", "description": "The email address" }, @@ -1184,7 +1184,7 @@ }, "email": { "type": "string", - "description": "The mail adress of the user" + "description": "The mail address of the user" }, "ownedProjects": { "type": "array", @@ -1199,13 +1199,13 @@ "title": "UserSignup", "type": "object", "properties": { - "apiVersion": { + "emailAddress": { "type": "string", - "description": "The api version, currently only 1.0 is supported" + "description": "Email address" }, - "emailAdress": { + "apiVersion": { "type": "string", - "description": "Email adress" + "description": "The api version, currently only 1.0 is supported" }, "userId": { "type": "string", @@ -2825,7 +2825,7 @@ { "name": "userId", "in": "path", - "description": "The userId of the user whose email adress will be changed", + "description": "The userId of the user whose email address will be changed", "required": true, "schema": { "type": "string" diff --git a/sechub-api-java/src/test/java/com/mercedesbenz/sechub/api/MockedSecHubClientTest.java b/sechub-api-java/src/test/java/com/mercedesbenz/sechub/api/MockedSecHubClientTest.java index 05639da7bb..74d4effb9d 100644 --- a/sechub-api-java/src/test/java/com/mercedesbenz/sechub/api/MockedSecHubClientTest.java +++ b/sechub-api-java/src/test/java/com/mercedesbenz/sechub/api/MockedSecHubClientTest.java @@ -68,7 +68,7 @@ void mock_user_signup() throws Exception { /* execute */ UserSignup signup = new UserSignup(); signup.setUserId("somebody"); - signup.setEmailAdress("somebody@example.org"); + signup.setEmailAddress("somebody@example.org"); clientToTest.createSignup(signup); diff --git a/sechub-api-java/src/test/resources/test_sechub_report-1.json b/sechub-api-java/src/test/resources/test_sechub_report-1.json index 9d956dd9de..e891430b93 100644 --- a/sechub-api-java/src/test/resources/test_sechub_report-1.json +++ b/sechub-api-java/src/test/resources/test_sechub_report-1.json @@ -1138,7 +1138,7 @@ "location": "com/mercedesbenz/sechub/domain/notification/email/MockEmailRestController.java", "line": 41, "column": 4, - "source": "\t\t\tpath = APIConstants.API_ANONYMOUS+\"integrationtest/mock/emails/to/{emailAdress}\", ", + "source": "\t\t\tpath = APIConstants.API_ANONYMOUS+\"integrationtest/mock/emails/to/{emailAddress}\", ", "relevantPart": "path" }, "type": "codeScan", @@ -4449,37 +4449,37 @@ "location": "com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestNewApiTokenRestController.java", "line": 35, "column": 106, - "source": "\tpublic void anonymousRequestToGetNewApiTokenForUserMailAdress(@PathVariable(name=\"emailAddress\") String emailAdress) {", - "relevantPart": "emailAdress", + "source": "\tpublic void anonymousRequestToGetNewApiTokenForUserMailAddress(@PathVariable(name=\"emailAddress\") String emailAddress) {", + "relevantPart": "emailAddress", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestNewApiTokenRestController.java", "line": 37, "column": 72, - "source": "\t\tnewApiTokenService.anonymousRequestToGetNewApiTokenForUserMailAdress(emailAdress);", - "relevantPart": "emailAdress", + "source": "\t\tnewApiTokenService.anonymousRequestToGetNewApiTokenForUserMailAddress(emailAddress);", + "relevantPart": "emailAddress", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenService.java", "line": 47, "column": 71, - "source": "\tpublic void anonymousRequestToGetNewApiTokenForUserMailAdress(String userEmail) {", + "source": "\tpublic void anonymousRequestToGetNewApiTokenForUserMailAddress(String userEmail) {", "relevantPart": "userEmail", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenService.java", "line": 52, "column": 59, - "source": "\t\tOptional found = userRepository.findByEmailAdress(userEmail);", + "source": "\t\tOptional found = userRepository.findByEmailAddress(userEmail);", "relevantPart": "userEmail", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenService.java", "line": 52, "column": 58, - "source": "\t\tOptional found = userRepository.findByEmailAdress(userEmail);", - "relevantPart": "findByEmailAdress", + "source": "\t\tOptional found = userRepository.findByEmailAddress(userEmail);", + "relevantPart": "findByEmailAddress", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenService.java", "line": 52, "column": 18, - "source": "\t\tOptional found = userRepository.findByEmailAdress(userEmail);", + "source": "\t\tOptional found = userRepository.findByEmailAddress(userEmail);", "relevantPart": "found", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/AnonymousUserRequestsNewApiTokenService.java", @@ -4610,32 +4610,32 @@ "location": "com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java", "line": 87, "column": 24, - "source": "\t\tString emailAdress = selfRegistration.get().getEmailAdress();", + "source": "\t\tString emailAddress = selfRegistration.get().getEmailAddress();", "relevantPart": "selfRegistration", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java", "line": 87, "column": 44, - "source": "\t\tString emailAdress = selfRegistration.get().getEmailAdress();", + "source": "\t\tString emailAddress = selfRegistration.get().getEmailAddress();", "relevantPart": "get", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java", "line": 87, "column": 61, - "source": "\t\tString emailAdress = selfRegistration.get().getEmailAdress();", - "relevantPart": "getEmailAdress", + "source": "\t\tString emailAddress = selfRegistration.get().getEmailAddress();", + "relevantPart": "getEmailAddress", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java", "line": 87, "column": 10, - "source": "\t\tString emailAdress = selfRegistration.get().getEmailAdress();", - "relevantPart": "emailAdress", + "source": "\t\tString emailAddress = selfRegistration.get().getEmailAddress();", + "relevantPart": "emailAddress", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java", "line": 95, "column": 26, - "source": "\t\t\t\t\tsanitizedLogUserId, emailAdress);", - "relevantPart": "emailAdress", + "source": "\t\t\t\t\tsanitizedLogUserId, emailAddress);", + "relevantPart": "emailAddress", "calls": { "location": "com/mercedesbenz/sechub/domain/administration/user/UserCreationService.java", "line": 93, diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanType.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanType.java index 7cc547849a..2534c5c52d 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanType.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanType.java @@ -5,34 +5,36 @@ public enum ScanType { - CODE_SCAN("codeScan", "Scans the code for potential vulnerabilities (weaknesses). Also known as SAST or static source code analysis"), + CODE_SCAN("codeScan", "Code scan", "Scans the code for potential vulnerabilities (weaknesses). Also known as SAST or static source code analysis"), - WEB_SCAN("webScan", "Scans a deployed web application for vulnerabilities. Also known as DAST."), + WEB_SCAN("webScan", "Web scan", "Scans a deployed web application for vulnerabilities. Also known as DAST."), - INFRA_SCAN("infraScan", "Scans infrastructure for vulnerabilities."), + INFRA_SCAN("infraScan", "Infra scan", "Scans infrastructure for vulnerabilities."), - LICENSE_SCAN("licenseScan", "Scans code or artifacts for license information"), + LICENSE_SCAN("licenseScan", "License scan", "Scans code or artifacts for license information"), - SECRET_SCAN("secretScan", "Scans code or artifacts for secrets"), + SECRET_SCAN("secretScan", "Secret scan", "Scans code or artifacts for secrets"), - REPORT("report", "Internal scan type for reporting", true), + REPORT("report", "Report", "Internal scan type for reporting", true), - ANALYTICS("analytics", "Internal scan type for analytic phase", true), + ANALYTICS("analytics", "Analytics", "Internal scan type for analytic phase", true), - UNKNOWN("unknown", "Internal scan type for unknown types", true), + UNKNOWN("unknown", "Unknown", "Internal scan type for unknown types", true), ; private String id; private boolean internalScanType; private String description; + private String text; - private ScanType(String id, String description) { - this(id, description, false); + private ScanType(String id, String text, String description) { + this(id, text, description, false); } - private ScanType(String id, String description, boolean internalScanType) { + private ScanType(String id, String text, String description, boolean internalScanType) { this.id = id; + this.text = text; this.internalScanType = internalScanType; this.description = description; } @@ -42,6 +44,10 @@ public String getId() { return id; } + public String getText() { + return text; + } + public String getDescription() { return description; } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanTypeSummaryDetailData.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanTypeSummaryDetailData.java new file mode 100644 index 0000000000..6ab8a8308a --- /dev/null +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanTypeSummaryDetailData.java @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.commons.model; + +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; + +@JsonInclude(JsonInclude.Include.NON_EMPTY) +@JsonIgnoreProperties(ignoreUnknown = true) +public class ScanTypeSummaryDetailData { + + private List critical = new ArrayList<>(); + private List high = new ArrayList<>(); + private List medium = new ArrayList<>(); + private List low = new ArrayList<>(); + private List unclassified = new ArrayList<>(); + private List info = new ArrayList<>(); + + public List getCritical() { + return critical; + } + + public List getHigh() { + return high; + } + + public List getMedium() { + return medium; + } + + public List getLow() { + return low; + } + + public List getUnclassified() { + return unclassified; + } + + public List getInfo() { + return info; + } + +} diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanTypeSummaryFindingOverviewData.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanTypeSummaryFindingOverviewData.java new file mode 100644 index 0000000000..e8a9a70947 --- /dev/null +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/ScanTypeSummaryFindingOverviewData.java @@ -0,0 +1,49 @@ +package com.mercedesbenz.sechub.commons.model; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class ScanTypeSummaryFindingOverviewData { + private Integer cweId; + private String name; + private long count; + + public ScanTypeSummaryFindingOverviewData() { + /* for serialization */ + } + + public ScanTypeSummaryFindingOverviewData(Integer cweId, String name) { + this.cweId = cweId; + this.name = name; + } + + public void incrementCount() { + this.count++; + } + + public void setCweId(Integer cweId) { + this.cweId = cweId; + } + + public void setName(String name) { + this.name = name; + } + + public Integer getCweId() { + return cweId; + } + + public String getName() { + return name; + } + + public long getCount() { + return count; + } + + @Override + public String toString() { + return "ScanTypeSummaryFindingOverviewData [" + (cweId != null ? "cweId=" + cweId + ", " : "") + (name != null ? "name=" + name + ", " : "") + "count=" + + count + "]"; + } +} \ No newline at end of file diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubFinding.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubFinding.java index a0dfc3cbbd..7499f807f0 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubFinding.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubFinding.java @@ -261,8 +261,19 @@ public void setTarget(String target) { this.target = target; } - public boolean hasScanType(String type) { - if (type == null) { + public boolean hasScanType(ScanType scanType) { + String typeAsString = null; + if (scanType != null) { + typeAsString = scanType.getId(); + } + return hasScanType(typeAsString); + } + + public boolean hasScanType(String scanTypeId) { + if (scanTypeId == null || scanTypeId.isEmpty()) { + if (this.type == null) { + return true; + } return false; } if (this.type == null) { @@ -270,7 +281,7 @@ public boolean hasScanType(String type) { } String typeId = this.type.getId(); - return type.equalsIgnoreCase(typeId); + return scanTypeId.equalsIgnoreCase(typeId); } @Override diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java index 12a94ef465..fefc5ac99a 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java @@ -11,7 +11,18 @@ public class SecHubReportMetaData { private Map labels = new LinkedHashMap<>(); + private SecHubReportSummary summary = new SecHubReportSummary(); + public Map getLabels() { return labels; } + + public SecHubReportSummary getSummary() { + return summary; + } + + public void setSummary(SecHubReportSummary summary) { + this.summary = summary; + } + } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanTypeSummary.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanTypeSummary.java new file mode 100644 index 0000000000..8b3297067c --- /dev/null +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanTypeSummary.java @@ -0,0 +1,109 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.commons.model; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +/** + * Represents the report summary for one dedicated scan type. Just a data + * representation + * + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class SecHubReportScanTypeSummary { + + private long total; + + private long critical; + private long high; + private long medium; + private long low; + private long unclassified; + private long info; + + private ScanTypeSummaryDetailData details = new ScanTypeSummaryDetailData(); + + public ScanTypeSummaryDetailData getDetails() { + return details; + } + + public long getTotal() { + return total; + } + + public void setTotal(long total) { + this.total = total; + } + + public long getCritical() { + return critical; + } + + public void setCritical(long critical) { + this.critical = critical; + } + + public long getHigh() { + return high; + } + + public void setHigh(long high) { + this.high = high; + } + + public long getMedium() { + return medium; + } + + public void setMedium(long medium) { + this.medium = medium; + } + + public long getLow() { + return low; + } + + public void setLow(long low) { + this.low = low; + } + + public long getUnclassified() { + return unclassified; + } + + public void setUnclassified(long unclassified) { + this.unclassified = unclassified; + } + + public long getInfo() { + return info; + } + + public void setInfo(long info) { + this.info = info; + } + + public void incrementCritical() { + this.critical++; + } + + public void incrementHigh() { + this.high++; + } + + public void incrementMedium() { + this.medium++; + } + + public void incrementLow() { + this.low++; + } + + public void incrementUnclassified() { + this.unclassified++; + } + + public void incrementInfo() { + this.info++; + } + +} diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java new file mode 100644 index 0000000000..3cc6085891 --- /dev/null +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java @@ -0,0 +1,60 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.commons.model; + +import java.util.Optional; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class SecHubReportSummary { + + private Optional codeScan = Optional.ofNullable(null); + private Optional infraScan = Optional.ofNullable(null); + private Optional licenseScan = Optional.ofNullable(null); + private Optional secretScan = Optional.ofNullable(null); + private Optional webScan = Optional.ofNullable(null); + + public SecHubReportSummary() { + } + + public Optional getCodeScan() { + return codeScan; + } + + public Optional getInfraScan() { + return infraScan; + } + + public Optional getWebScan() { + return webScan; + } + + public Optional getLicenseScan() { + return licenseScan; + } + + public Optional getSecretScan() { + return secretScan; + } + + public void setCodeScan(SecHubReportScanTypeSummary codeScan) { + this.codeScan = Optional.ofNullable(codeScan); + } + + public void setInfraScan(SecHubReportScanTypeSummary infraScan) { + this.infraScan = Optional.ofNullable(infraScan); + } + + public void setLicenseScan(SecHubReportScanTypeSummary licenseScan) { + this.licenseScan = Optional.ofNullable(licenseScan); + } + + public void setSecretScan(SecHubReportScanTypeSummary secretScan) { + this.secretScan = Optional.ofNullable(secretScan); + } + + public void setWebScan(SecHubReportScanTypeSummary webScan) { + this.webScan = Optional.ofNullable(webScan); + } + +} diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/Severity.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/Severity.java index 14fc2ab461..a6d5fe9a30 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/Severity.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/Severity.java @@ -3,28 +3,34 @@ public enum Severity implements Comparable { - INFO(10), + INFO(10, "Info"), - UNCLASSIFIED(0), + UNCLASSIFIED(0, "Unclassified"), - LOW(20), + LOW(20, "Low"), - MEDIUM(30), + MEDIUM(30, "Medium"), - HIGH(40), + HIGH(40, "High"), - CRITICAL(50), + CRITICAL(50, "Critical"), ; private int level; + private String text; - private Severity(int level) { + private Severity(int level, String text) { this.level = level; + this.text = text; } public int getLevel() { return level; } + public String getText() { + return text; + } + } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLight.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLight.java index ed6c032a25..b9a64a0816 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLight.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLight.java @@ -1,6 +1,11 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.commons.model; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + /** * A simple type representing "GREEN", "YELLOW", "RED" * @@ -9,14 +14,37 @@ */ public enum TrafficLight { - GREEN, + GREEN("Green", Severity.LOW, Severity.UNCLASSIFIED, Severity.INFO), - YELLOW, + YELLOW("Yellow", Severity.MEDIUM), - RED, + RED("Red", Severity.CRITICAL, Severity.HIGH), /* Traffic light is "turned off" */ - OFF; + OFF("Off"); + + private List severities; + private String text; + + private TrafficLight(String text, Severity... severities) { + this.text = text; + + List target = new ArrayList<>(3); + target.addAll(Arrays.asList(severities)); + + this.severities = Collections.unmodifiableList(target); + } + + public String getText() { + return text; + } + + /** + * @return severities which are represented by this traffic light + */ + public List getSeverities() { + return severities; + } /** * Tries to identify traffic light from string. diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLightSupport.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLightSupport.java index 62e3646983..a089861070 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLightSupport.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLightSupport.java @@ -32,16 +32,12 @@ TrafficLight resolveTrafficLightWhenOneEntryWithSuchSeverity(SecHubResult result } TrafficLight mapToTrafficLight(Severity severity) { - if (Severity.CRITICAL.equals(severity)) { - return TrafficLight.RED; - } - if (Severity.HIGH.equals(severity)) { - return TrafficLight.RED; - } - if (Severity.MEDIUM.equals(severity)) { - return TrafficLight.YELLOW; + for (TrafficLight light : TrafficLight.values()) { + if (light.getSeverities().contains(severity)) { + return light; + } } - return TrafficLight.GREEN; + throw new IllegalStateException("Severity: " + severity + " is not found by any trafficlight - may not happen."); } public List filterFindingsFor(SecHubResult result, TrafficLight searched) { diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubFindingTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubFindingTest.java index da6a1bed89..011e89d557 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubFindingTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubFindingTest.java @@ -10,11 +10,85 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.EmptySource; import org.junit.jupiter.params.provider.EnumSource; import org.junit.jupiter.params.provider.NullSource; class SecHubFindingTest { + @ParameterizedTest + @EnumSource(ScanType.class) + void hasScanType(ScanType scanTypeToCheck) { + /* prepare */ + SecHubFinding finding = new SecHubFinding(); + finding.setType(scanTypeToCheck); + + /* test */ + assertTrue(finding.hasScanType(scanTypeToCheck)); + + for (ScanType scanType : ScanType.values()) { + if (!scanType.equals(scanTypeToCheck)) { + assertFalse(finding.hasScanType(scanType)); + } + } + + } + + @ParameterizedTest + @EnumSource(ScanType.class) + void hasScanTypeId(ScanType scanTypeToCheck) { + /* prepare */ + SecHubFinding finding = new SecHubFinding(); + finding.setType(scanTypeToCheck); + + /* test */ + assertTrue(finding.hasScanType(scanTypeToCheck.getId())); + + for (ScanType scanType : ScanType.values()) { + if (!scanType.equals(scanTypeToCheck)) { + assertFalse(finding.hasScanType(scanType.getId())); + } + } + } + + @Test + void hasScanType_null() { + /* prepare */ + SecHubFinding finding = new SecHubFinding(); + finding.setType(null); + + /* test */ + assertTrue(finding.hasScanType((ScanType) null)); + + for (ScanType scanType : ScanType.values()) { + assertFalse(finding.hasScanType(scanType)); + } + } + + @ParameterizedTest + @NullSource + @EmptySource + void hasScanTypeId_empty_or_null_when_finding_has_no_type(String scanTypeId) { + /* prepare */ + SecHubFinding finding = new SecHubFinding(); + finding.setType(null); + + /* test */ + assertTrue(finding.hasScanType(scanTypeId)); + } + + @ParameterizedTest + @NullSource + @EmptySource + void hasScanTypeId_empty_or_null_when_finding_has_type(String scanTypeId) { + /* prepare */ + SecHubFinding finding = new SecHubFinding(); + finding.setType(ScanType.CODE_SCAN); + + /* test */ + assertFalse(finding.hasScanType(scanTypeId)); + } + @Test void compare_to__an_array_list_containing_findings_can_be_sorted_by_collections_for_severity() { /* prepare */ @@ -180,11 +254,7 @@ void initial_finding_has_scan_type_null() { /* test */ assertNull(finding.getType()); - assertFalse(finding.hasScanType(null)); - for (ScanType otherScanType : ScanType.values()) { - assertHasScanTypeReturnsFalseForAnyVariantOf(finding, otherScanType.getId()); - } } @ParameterizedTest diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanTypeSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanTypeSummaryTest.java new file mode 100644 index 0000000000..aaf1790164 --- /dev/null +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanTypeSummaryTest.java @@ -0,0 +1,90 @@ +package com.mercedesbenz.sechub.commons.model; + +import static org.junit.jupiter.api.Assertions.*; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; + +class SecHubReportScanTypeSummaryTest { + + private SecHubReportScanTypeSummary summaryToTest; + + @BeforeEach + void beforeEach() { + summaryToTest = new SecHubReportScanTypeSummary(); + } + + @ParameterizedTest + @ValueSource(ints = { 0, 1, 10 }) + void increment_critical(int incrementions) { + /* execute */ + for (int i = 0; i < incrementions; i++) { + summaryToTest.incrementCritical(); + } + + /* test */ + assertEquals(incrementions, summaryToTest.getCritical()); + } + + @ParameterizedTest + @ValueSource(ints = { 0, 1, 10 }) + void increment_high(int incrementions) { + /* execute */ + for (int i = 0; i < incrementions; i++) { + summaryToTest.incrementHigh(); + } + + /* test */ + assertEquals(incrementions, summaryToTest.getHigh()); + } + + @ParameterizedTest + @ValueSource(ints = { 0, 1, 10 }) + void increment_medium(int incrementions) { + /* execute */ + for (int i = 0; i < incrementions; i++) { + summaryToTest.incrementMedium(); + } + + /* test */ + assertEquals(incrementions, summaryToTest.getMedium()); + } + + @ParameterizedTest + @ValueSource(ints = { 0, 1, 10 }) + void increment_low(int incrementions) { + /* execute */ + for (int i = 0; i < incrementions; i++) { + summaryToTest.incrementLow(); + } + + /* test */ + assertEquals(incrementions, summaryToTest.getLow()); + } + + @ParameterizedTest + @ValueSource(ints = { 0, 1, 10 }) + void increment_unclassified(int incrementions) { + /* execute */ + for (int i = 0; i < incrementions; i++) { + summaryToTest.incrementUnclassified(); + } + + /* test */ + assertEquals(incrementions, summaryToTest.getUnclassified()); + } + + @ParameterizedTest + @ValueSource(ints = { 0, 1, 10 }) + void increment_info(int incrementions) { + /* execute */ + for (int i = 0; i < incrementions; i++) { + summaryToTest.incrementInfo(); + } + + /* test */ + assertEquals(incrementions, summaryToTest.getInfo()); + } + +} diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummaryTest.java new file mode 100644 index 0000000000..e3317a8d0d --- /dev/null +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummaryTest.java @@ -0,0 +1,31 @@ +package com.mercedesbenz.sechub.commons.model; + +import static org.junit.jupiter.api.Assertions.*; + +import org.junit.jupiter.api.Test; + +class SecHubReportSummaryTest { + + /** + * The test is not needless: It is important inside + * ScanReportToSecHubReportModelWithSummariesTransformer that the scan type + * summaries are empty on creation time. + * + * As well as for JSON serialization. + */ + @Test + void intially_optionals_are_all_empty() { + + /* execute */ + SecHubReportSummary summary = new SecHubReportSummary(); + + /* test */ + assertTrue(summary.getCodeScan().isEmpty()); + assertTrue(summary.getSecretScan().isEmpty()); + assertTrue(summary.getWebScan().isEmpty()); + assertTrue(summary.getLicenseScan().isEmpty()); + assertTrue(summary.getInfraScan().isEmpty()); + + } + +} diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/TrafficLightTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/TrafficLightTest.java index 42dc4074ac..f768f2c87b 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/TrafficLightTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/TrafficLightTest.java @@ -3,9 +3,16 @@ import static org.junit.jupiter.api.Assertions.*; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.EmptySource; import org.junit.jupiter.params.provider.EnumSource; +import org.junit.jupiter.params.provider.EnumSource.Mode; import org.junit.jupiter.params.provider.NullSource; import org.junit.jupiter.params.provider.ValueSource; @@ -30,4 +37,85 @@ void fromString_lowercased_values_are_supported(TrafficLight light) { void fromString_unknown_values_returns_null(String string) { assertNull(TrafficLight.fromString(string)); } + + @Test + void red_trafficlight_has_2_severities_critical_and_high() { + + List severities = TrafficLight.RED.getSeverities(); + + assertTrue(severities.contains(Severity.HIGH)); + assertTrue(severities.contains(Severity.CRITICAL)); + + assertEquals(2, severities.size()); + } + + @Test + void yellow_trafficlight_has_1_severitiy_medium() { + + List severities = TrafficLight.YELLOW.getSeverities(); + + assertTrue(severities.contains(Severity.MEDIUM)); + + assertEquals(1, severities.size()); + } + + @Test + void green_trafficlight_has_3_severities_low_unclassified_info() { + + List severities = TrafficLight.GREEN.getSeverities(); + + assertTrue(severities.contains(Severity.LOW)); + assertTrue(severities.contains(Severity.UNCLASSIFIED)); + assertTrue(severities.contains(Severity.INFO)); + + assertEquals(3, severities.size()); + } + + @Test + void off_trafficlight_has_no_severities() { + + List severities = TrafficLight.OFF.getSeverities(); + + assertEquals(0, severities.size()); + } + + /* + * the test is more a sanity test - if somebody adds a traffic light field - + * which should not happen ... but.. - this would check the field has at least + * one severity. + */ + @ParameterizedTest() + @EnumSource(value = TrafficLight.class, mode = Mode.EXCLUDE, names = "OFF") + void traffic_light_has_at_least_one_severity(TrafficLight light) { + if (light.getSeverities().size() < 1) { + fail("Traffic light " + light + " has an empty severities list! This may not happen"); + } + } + + @Test + void no_traffic_light_severity_cross_over() { + List severitiesAll = new ArrayList<>(); + for (TrafficLight trafficLight : TrafficLight.values()) { + List severities = trafficLight.getSeverities(); + for (Severity severity : severities) { + if (severitiesAll.contains(severity)) { + fail("Severity cross over detected: " + severity + " is defined in " + trafficLight + " but also in at least one other traffic light"); + } + severitiesAll.add(severity); + } + } + } + + @Test + void traffic_lights_contain_all_severities() { + Set severitiesAll = new HashSet<>(); + for (TrafficLight trafficLight : TrafficLight.values()) { + List severities = trafficLight.getSeverities(); + for (Severity severity : severities) { + severitiesAll.add(severity); + } + } + assertEquals(Severity.values().length, severitiesAll.size()); + } + } diff --git a/sechub-developertools/scripts/sechub-api.sh b/sechub-developertools/scripts/sechub-api.sh index fc7e8f18b9..a09e69ec1c 100755 --- a/sechub-developertools/scripts/sechub-api.sh +++ b/sechub-developertools/scripts/sechub-api.sh @@ -799,7 +799,7 @@ function generate_sechub_user_signup_data { { "apiVersion":"$SECHUB_API_VERSION", "userId":"$1", - "emailAdress":"$2" + "emailAddress":"$2" } EOF } diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/DeveloperAdministration.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/DeveloperAdministration.java index 436e72da63..0f8e48ca60 100644 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/DeveloperAdministration.java +++ b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/DeveloperAdministration.java @@ -340,7 +340,7 @@ public String revokeAddminRightsFrom(String targetUser) { public String createNewUserSignup(String name, String email) { - String json = "{\"apiVersion\":\"1.0\",\r\n" + " \"userId\":\"" + name + "\",\r\n" + " \"emailAdress\":\"" + email + "\"}"; + String json = "{\"apiVersion\":\"1.0\",\r\n" + " \"userId\":\"" + name + "\",\r\n" + " \"emailAddress\":\"" + email + "\"}"; return getRestHelper().postJson(getUrlBuilder().buildUserSignUpUrl(), json); } diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/integrationtestserver/FetchMockMailsAction.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/integrationtestserver/FetchMockMailsAction.java index 126eef0afb..8c940b7df1 100644 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/integrationtestserver/FetchMockMailsAction.java +++ b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/integrationtestserver/FetchMockMailsAction.java @@ -19,11 +19,11 @@ public FetchMockMailsAction(UIContext context) { @Override protected void executeImplAfterRestHelperSwitched(ActionEvent e) { - Optional emailAdress = getUserInput("Please enter userid to fetch mock mails", InputCacheIdentifier.EMAILADRESS); - if (!emailAdress.isPresent()) { + Optional emailAddress = getUserInput("Please enter userid to fetch mock mails", InputCacheIdentifier.EMAILADDRESS); + if (!emailAddress.isPresent()) { return; } - List data = IntegrationTestContext.get().emailAccess().getMockMailListFor(emailAdress.get()); + List data = IntegrationTestContext.get().emailAccess().getMockMailListFor(emailAddress.get()); for (MockEmailEntry entry : data) { outputAsTextOnSuccess(entry.fullToString()); } diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/project/CreateOverviewCSVExportAction.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/project/CreateOverviewCSVExportAction.java index ccd9ec37df..899f146bef 100644 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/project/CreateOverviewCSVExportAction.java +++ b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/project/CreateOverviewCSVExportAction.java @@ -114,10 +114,10 @@ private List loadSignupUserIds() { while (iditerator.hasNext()) { JsonNode dNode = iditerator.next(); String userId = dNode.get("userId").asText(); - String emailAdress = dNode.get("emailAdress").asText(); - ids.add(userId + " <" + emailAdress + ">"); + String emailAddress = dNode.get("emailAddress").asText(); + ids.add(userId + " <" + emailAddress + ">"); } - outputAsTextOnSuccess("Found " + ids.size() + " watting signups."); + outputAsTextOnSuccess("Found " + ids.size() + " waiting signups."); return ids; } diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/AnonymousRequestNewAPITokenUserAction.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/AnonymousRequestNewAPITokenUserAction.java index adf910d3d9..7413682f92 100644 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/AnonymousRequestNewAPITokenUserAction.java +++ b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/AnonymousRequestNewAPITokenUserAction.java @@ -17,7 +17,7 @@ public AnonymousRequestNewAPITokenUserAction(UIContext context) { @Override public void execute(ActionEvent e) { - Optional email = getUserInput("Email of user requesting new API token", InputCacheIdentifier.EMAILADRESS); + Optional email = getUserInput("Email of user requesting new API token", InputCacheIdentifier.EMAILADDRESS); if (!email.isPresent()) { return; } diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/AnonymousSigninNewUserAction.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/AnonymousSigninNewUserAction.java index 6e569a9245..f01f6623f2 100644 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/AnonymousSigninNewUserAction.java +++ b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/AnonymousSigninNewUserAction.java @@ -22,7 +22,7 @@ public void execute(ActionEvent e) { return; } - Optional email = getUserInput("Give Email of new user", InputCacheIdentifier.EMAILADRESS); + Optional email = getUserInput("Give Email of new user", InputCacheIdentifier.EMAILADDRESS); if (!email.isPresent()) { return; } diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/ShowUserDetailForEmailAddressAction.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/ShowUserDetailForEmailAddressAction.java index 08b7f8f9a1..86a9f2fe5d 100644 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/ShowUserDetailForEmailAddressAction.java +++ b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/action/user/ShowUserDetailForEmailAddressAction.java @@ -17,7 +17,7 @@ public ShowUserDetailForEmailAddressAction(UIContext context) { @Override public void execute(ActionEvent e) { - Optional emailAddress = getUserInput("Please enter email address", InputCacheIdentifier.EMAILADRESS); + Optional emailAddress = getUserInput("Please enter email address", InputCacheIdentifier.EMAILADDRESS); if (!emailAddress.isPresent()) { return; } diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/cache/InputCache.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/cache/InputCache.java index d63fe0addc..5e76ce830b 100644 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/cache/InputCache.java +++ b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/cache/InputCache.java @@ -47,7 +47,7 @@ private void createDefaults() { set(InputCacheIdentifier.PDS_SECHUB_JOBUUID, UUID.randomUUID().toString()); set(InputCacheIdentifier.PDS_PRODUCT_ID, "PDS_INTTEST_PRODUCT_CODESCAN"); - set(InputCacheIdentifier.EMAILADRESS, "sechub@example.org"); + set(InputCacheIdentifier.EMAILADDRESS, "sechub@example.org"); set(InputCacheIdentifier.PROJECT_MOCK_CONFIG_JSON, "{ \n" + " \"apiVersion\" : \"1.0\",\n" + "\n" + " \"codeScan\" : {\n" + " \"result\" : \"yellow\" \n" + " },\n" + " \"webScan\" : {\n" + " \"result\" : \"green\" \n" + " },\n" + " \"infraScan\" : {\n" diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/cache/InputCacheIdentifier.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/cache/InputCacheIdentifier.java index cc6d05e87e..e6a9238208 100644 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/cache/InputCacheIdentifier.java +++ b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/admin/ui/cache/InputCacheIdentifier.java @@ -6,7 +6,7 @@ public enum InputCacheIdentifier { USERNAME, - EMAILADRESS, + EMAILADDRESS, WHITELIST_URI, diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/generator/HTMLReportCSSFragementGenerator.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/generator/HTMLReportCSSFragementGenerator.java deleted file mode 100644 index 6b18a0c50b..0000000000 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/generator/HTMLReportCSSFragementGenerator.java +++ /dev/null @@ -1,54 +0,0 @@ -// SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.developertools.generator; - -import java.io.File; -import java.io.IOException; - -import com.mercedesbenz.sechub.test.CSSFileToFragementMerger; - -/** - * How to use ? Why this generator? - * - * 1. As a web designer I want to change my CSS files and style the report - * without always restarting the server + fetching new reports etc. - * - * Remark: To avoid starting a server at all, it is also possible to start only - * the `ThymeLeafHTMLReportingTest` and inspect the results! This generator is - * only necessary when we have to change the CSS styling. - * - * 2. Change the CSS styles - how to ? Enable the web developer mode - see - * HTMLScanResultReportModelBuilder.java and start the server. Generate some - * testdata and download a HTML report. - * - * 3. The report does not look well, because the css file cannot be loaded (same - * origin policy...) - * - * 4. Store the report as local html file and load again css does now apply and - * you can design... - * - * 5. After css file is as wanted... --> Start this generator. --> will adopt - * css data into fragement file. - * - * 6. Commit push done... - * - * @author Albert Tregnaghi - * - */ -public class HTMLReportCSSFragementGenerator { - - public static void main(String[] args) throws Exception { - new HTMLReportCSSFragementGenerator().generate(); - } - - public void generate() throws IOException { - File scanHTMLFolder = new File("./../sechub-scan/src/main/resources/templates/report/html"); - - File cssFile = new File(scanHTMLFolder, "scanresult.css"); - File fragmentsFile = new File(scanHTMLFolder, "fragments.html"); - - CSSFileToFragementMerger merger = new CSSFileToFragementMerger(); - merger.merge(cssFile, fragmentsFile); - - } - -} diff --git a/sechub-doc/src/docs/asciidoc/diagrams/diagram_report_data_model.puml b/sechub-doc/src/docs/asciidoc/diagrams/diagram_report_data_model.puml new file mode 100644 index 0000000000..d5bfbfb578 --- /dev/null +++ b/sechub-doc/src/docs/asciidoc/diagrams/diagram_report_data_model.puml @@ -0,0 +1,108 @@ +'Hide empty parts: +hide empty fields +hide empty methods + +note as N1 + This is a reduced class model and is just for easier + understanding and overview of the structure of the model. + + It does not claim to be complete +end note + +interface ReportData { + SecHubReportMetaData getMetaData() + Set getMessages() + SecHubStatus getStatus() + TrafficLight getTrafficLight() + SecHubResult getResult() + UUID getJobUUID() +} + +class SecHubResult{ + List findings + List falsePositives + int count +} + +class SecHubFinding { + int id + String description + String name + ... +} + +class SecHubReportSummary { + + Optional codeScan + Optional infraScan + Optional licenseScan + Optional secretScan + Optional webScan +} +class SecHubReportMetaData { + Map labels + SecHubReportSummary summary +} +class SecHubReportModel implements ReportData + +class SecHubReportScanTypeSummary{ + int total + int critical + int high + int medium + int low + int unclassified + int info + ... + ScanTypeSummaryDetailData getDetails() + +} + +class ScanTypeSummaryDetailData{ + + List getCritical() + List getHigh() + List getMedium() + List getLow() + List getUnclassified() + List getInfo() +} + +class ScanTypeSummaryFindingOverviewData{ + Integer cweId; + String name; + long count; +} + +enum SecHubStatus { + SUCCESS, + FAILED +} + +enum TrafficLight{ + GREEN, + YELLOW, + RED, + OFF, +} + +SecHubReportModel o-- SecHubResult +SecHubReportModel o-- TrafficLight +SecHubReportModel o-- SecHubStatus +SecHubReportModel o-- SecHubReportMetaData +SecHubReportMetaData o-- SecHubReportSummary + +SecHubResult *-- SecHubFinding + +SecHubReportSummary "1..5" *- SecHubReportScanTypeSummary +SecHubReportScanTypeSummary o-- ScanTypeSummaryDetailData +ScanTypeSummaryDetailData *-- ScanTypeSummaryFindingOverviewData + + + +note top of SecHubReportScanTypeSummary + +This class represents a summary for one dedicated +scan type - e.g. "WebScan". + +end note diff --git a/sechub-doc/src/docs/asciidoc/documents/code2doc/usecases/user/request_new_api_token_description.adoc b/sechub-doc/src/docs/asciidoc/documents/code2doc/usecases/user/request_new_api_token_description.adoc index 2bda0b648f..b4747a1971 100644 --- a/sechub-doc/src/docs/asciidoc/documents/code2doc/usecases/user/request_new_api_token_description.adoc +++ b/sechub-doc/src/docs/asciidoc/documents/code2doc/usecases/user/request_new_api_token_description.adoc @@ -1,7 +1,7 @@ // SPDX-License-Identifier: MIT [[sechub-doclink-uc-user-requests-new-apittoken]] It shall be possible to achieve this by calling REST API and also by just visiting -static sechub website and entering mail adress and post request by simple web form. +static sechub website and entering email address and post request by simple web form. When user exists a new one time token will be created and sent to user per email - so same way as done when a new user signup is accepted by admin. diff --git a/sechub-doc/src/docs/asciidoc/documents/shared/concepts/concept_report_dataflow.adoc b/sechub-doc/src/docs/asciidoc/documents/shared/concepts/concept_report_dataflow.adoc index e5c1a54dd4..1669c9d25d 100644 --- a/sechub-doc/src/docs/asciidoc/documents/shared/concepts/concept_report_dataflow.adoc +++ b/sechub-doc/src/docs/asciidoc/documents/shared/concepts/concept_report_dataflow.adoc @@ -2,6 +2,11 @@ [[section-shared-concepts-report-dataflow]] ==== Report data flow +===== Report model +Here a reduced class model of the report data model: + +plantuml::./diagrams/diagram_report_data_model.puml[format=svg, title="Report data model"] + ===== Creation of ScanReport entities Here a graphical overview how the report data is created by the `ScanService` and finally written as `ScanReport` entity into the database: diff --git a/sechub-doc/src/docs/asciidoc/documents/techdoc/03_coding_conventions.adoc b/sechub-doc/src/docs/asciidoc/documents/techdoc/03_coding_conventions.adoc index 152eace5ca..e4234befe7 100644 --- a/sechub-doc/src/docs/asciidoc/documents/techdoc/03_coding_conventions.adoc +++ b/sechub-doc/src/docs/asciidoc/documents/techdoc/03_coding_conventions.adoc @@ -24,7 +24,7 @@ Please make sure that the SQL statements work with both of them. * We are using PostgreSQL which does automatically use lower_case names * Numbering starts at `01`; maximum is `99` * Naming scheme for constraints: `c__` + - Example: `c01_adm_user_emailadress` + Example: `c01_adm_user_emailaddress` * Naming scheme for indices: `i_
_` + Example: `i01_statistic_job_run_data_filter` diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousSignupRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousSignupRestControllerRestDocTest.java index 03dba165fc..8c74262147 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousSignupRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousSignupRestControllerRestDocTest.java @@ -69,7 +69,7 @@ public void calling_with_api_1_0_and_valid_userid_and_email_returns_HTTP_200() t this.mockMvc.perform( post(apiEndpoint). contentType(MediaType.APPLICATION_JSON_VALUE). - content("{\"apiVersion\":\"1.0\",\"userId\":\"valid_userid\",\"emailAdress\":\"valid_mailadress@test.com\"}") + content("{\"apiVersion\":\"1.0\",\"userId\":\"valid_userid\",\"emailAddress\":\"valid_mailaddress@example.org\"}") )./*andDo(print()).*/ andExpect(status().isOk()). andDo(defineRestService(). @@ -84,7 +84,7 @@ public void calling_with_api_1_0_and_valid_userid_and_email_returns_HTTP_200() t requestFields( fieldWithPath("apiVersion").description("The api version, currently only 1.0 is supported"), fieldWithPath("userId").description("Wanted userid, the userid must be lowercase only!"), - fieldWithPath("emailAdress").description("Email adress") + fieldWithPath("emailAddress").description("Email address") ) ) diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserRequestsNewApiTokenRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserRequestsNewApiTokenRestDocTest.java index dd2d5ad534..4423c99b07 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserRequestsNewApiTokenRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/AnonymousUserRequestsNewApiTokenRestDocTest.java @@ -64,7 +64,7 @@ public void calling_with_api_1_0_and_valid_userid_and_email_returns_HTTP_200() t /* execute */ /* @formatter:off */ this.mockMvc.perform( - post(apiEndpoint,"emailAdress@test.com"). + post(apiEndpoint,"emailAddress@example.com"). contentType(MediaType.APPLICATION_JSON_VALUE) ). andExpect(status().isOk()). diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanReportRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanReportRestControllerRestDocTest.java index fa26528402..d021e8a323 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanReportRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanReportRestControllerRestDocTest.java @@ -17,7 +17,6 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.Map; -import java.util.Optional; import java.util.UUID; import org.junit.Before; @@ -37,9 +36,9 @@ import com.mercedesbenz.sechub.commons.model.TrafficLight; import com.mercedesbenz.sechub.docgen.util.RestDocFactory; -import com.mercedesbenz.sechub.domain.scan.HTMLScanResultReportModelBuilder; import com.mercedesbenz.sechub.domain.scan.report.DownloadScanReportService; import com.mercedesbenz.sechub.domain.scan.report.DownloadSpdxScanReportService; +import com.mercedesbenz.sechub.domain.scan.report.HTMLScanResultReportModelBuilder; import com.mercedesbenz.sechub.domain.scan.report.ScanReport; import com.mercedesbenz.sechub.domain.scan.report.ScanReportRestController; import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; @@ -237,11 +236,9 @@ public void before() throws Exception { map.put("styleRed", "theRedStyle"); map.put("styleGreen", "display:none"); map.put("styleYellow", "display:none"); - map.put("redList", new ArrayList<>()); - map.put("yellowList", new ArrayList<>()); - map.put("greenList", new ArrayList<>()); map.put("isWebDesignMode", false); - map.put("metaData", Optional.ofNullable(null)); + map.put("metaData", null); + map.put("scanTypeSummaries", new ArrayList<>()); when(modelBuilder.build(any())).thenReturn(map); } diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java index bc8f25c7fa..9b646168ad 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SignupAdministrationRestControllerRestDocTest.java @@ -78,11 +78,11 @@ public void restdoc_list_user_signups() throws Exception { Class useCase = UseCaseAdminListsOpenUserSignups.class; Signup signup1 = new Signup(); - signup1.setEmailAdress("john.smith@example.com"); + signup1.setEmailAddress("john.smith@example.com"); signup1.setUserId("johnsmith"); Signup signup2 = new Signup(); - signup2.setEmailAdress("jane.smith@example.com"); + signup2.setEmailAddress("jane.smith@example.com"); signup2.setUserId("janesmith"); List signupList = new ArrayList<>(); @@ -97,7 +97,7 @@ public void restdoc_list_user_signups() throws Exception { header(AuthenticationHelper.HEADER_NAME, AuthenticationHelper.getHeaderValue()) ). andExpect(status().isOk()). - andExpect(content().json("[{\"userId\":\"johnsmith\",\"emailAdress\":\"john.smith@example.com\"},{\"userId\":\"janesmith\",\"emailAdress\":\"jane.smith@example.com\"}]")). + andExpect(content().json("[{\"userId\":\"johnsmith\",\"emailAddress\":\"john.smith@example.com\"},{\"userId\":\"janesmith\",\"emailAddress\":\"jane.smith@example.com\"}]")). andDo(defineRestService(). with(). useCaseData(useCase). @@ -111,7 +111,7 @@ public void restdoc_list_user_signups() throws Exception { responseFields( fieldWithPath("[]").description("List of user signups").optional(), fieldWithPath("[]."+RestDocPathParameter.USER_ID.paramName()).type(JsonFieldType.STRING).description("The user id"), - fieldWithPath("[].emailAdress").type(JsonFieldType.STRING).description("The email address") + fieldWithPath("[].emailAddress").type(JsonFieldType.STRING).description("The email address") ) ) ); diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/UserAdministrationRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/UserAdministrationRestControllerRestDocTest.java index 8002437b2c..5cdfb5f552 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/UserAdministrationRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/UserAdministrationRestControllerRestDocTest.java @@ -127,7 +127,7 @@ public void restdoc_admin_updates_user_email_address() throws Exception { ), pathParameters( - parameterWithName(USER_ID.paramName()).description("The userId of the user whose email adress will be changed"), + parameterWithName(USER_ID.paramName()).description("The userId of the user whose email address will be changed"), parameterWithName(EMAIL_ADDRESS.paramName()).description("The new email address") ) @@ -336,7 +336,7 @@ public void restdoc_show_user_details() throws Exception { User user = mock(User.class); when(user.getName()).thenReturn("user1"); - when(user.getEmailAdress()).thenReturn("user1@example.org"); + when(user.getEmailAddress()).thenReturn("user1@example.org"); Set projects = new LinkedHashSet<>(); Project project1 = mock(Project.class); @@ -368,7 +368,7 @@ public void restdoc_show_user_details() throws Exception { ), responseFields( fieldWithPath(UserDetailInformation.PROPERTY_USERNAME).description("The name of the user"), - fieldWithPath(UserDetailInformation.PROPERTY_EMAIL).description("The mail adress of the user"), + fieldWithPath(UserDetailInformation.PROPERTY_EMAIL).description("The email address of the user"), fieldWithPath(UserDetailInformation.PROPERTY_SUPERADMIN).description("True, when this user is a super administrator"), fieldWithPath(UserDetailInformation.PROPERTY_PROJECTS).description("The projects the user has access to"), fieldWithPath(UserDetailInformation.PROPERTY_OWNED_PROJECTS).description("The projects the user is owner of") @@ -392,7 +392,7 @@ public void restdoc_show_user_details_for_email_address() throws Exception { User user = mock(User.class); when(user.getName()).thenReturn(userId); - when(user.getEmailAdress()).thenReturn(emailAddress); + when(user.getEmailAddress()).thenReturn(emailAddress); Set projects = new LinkedHashSet<>(); Project project1 = mock(Project.class); @@ -424,7 +424,7 @@ public void restdoc_show_user_details_for_email_address() throws Exception { ), responseFields( fieldWithPath(UserDetailInformation.PROPERTY_USERNAME).description("The name of the user"), - fieldWithPath(UserDetailInformation.PROPERTY_EMAIL).description("The mail adress of the user"), + fieldWithPath(UserDetailInformation.PROPERTY_EMAIL).description("The mail address of the user"), fieldWithPath(UserDetailInformation.PROPERTY_SUPERADMIN).description("True, when this user is a super administrator"), fieldWithPath(UserDetailInformation.PROPERTY_PROJECTS).description("The projects the user has access to"), fieldWithPath(UserDetailInformation.PROPERTY_OWNED_PROJECTS).description("The projects the user is owner of") diff --git a/sechub-examples/example-sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/java/demo/playground/AdminApiPlayground.java b/sechub-examples/example-sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/java/demo/playground/AdminApiPlayground.java index 55810bec67..7b7fb30272 100644 --- a/sechub-examples/example-sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/java/demo/playground/AdminApiPlayground.java +++ b/sechub-examples/example-sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/java/demo/playground/AdminApiPlayground.java @@ -148,7 +148,7 @@ private void signupNewUser() throws SecHubClientException { UserSignup signUp = new UserSignup(); signUp.setApiVersion("1.0"); - signUp.setEmailAdress(userName + "@example.com"); + signUp.setEmailAddress(userName + "@example.com"); signUp.setUserId(userName); client.createSignup(signUp); diff --git a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AsUser.java b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AsUser.java index 4e12ab44f9..177680a9e7 100644 --- a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AsUser.java +++ b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AsUser.java @@ -167,7 +167,7 @@ private TestRestHelper getRestHelper() { */ public AsUser signUpAs(TestUser user) { - String json = "{\"apiVersion\":\"1.0\",\r\n" + " \"userId\":\"" + user.getUserId() + "\",\r\n" + " \"emailAdress\":\"" + user.getEmail() + String json = "{\"apiVersion\":\"1.0\",\r\n" + " \"userId\":\"" + user.getUserId() + "\",\r\n" + " \"emailAddress\":\"" + user.getEmail() + "\"}"; getRestHelper().postJson(getUrlBuilder().buildUserSignUpUrl(), json); return this; diff --git a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java index 1e48d6e989..6b75eeb489 100644 --- a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java +++ b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java @@ -12,15 +12,23 @@ public class AssertHTMLReport { private String html; + private String htmlLocation; public static AssertHTMLReport assertHTMLReport(String html) { - return new AssertHTMLReport(html); + return new AssertHTMLReport(html, "HTML from memory"); } - private AssertHTMLReport(String html) { + public static AssertHTMLReport assertHTMLReport(String html, String filePath) { + return new AssertHTMLReport(html, "HTML from file: " + filePath); + } + + private AssertHTMLReport(String html, String htmlLocation) { assertNotNull("Report may not be null", html); + assertNotNull("HTML location may not be null", htmlLocation); this.html = html; + this.htmlLocation = htmlLocation; + if (!html.contains(" " + message + "\n" + html); } public AssertHTMLReport hasMetaDataLabel(String key, String value) { @@ -52,4 +60,10 @@ public AssertHTMLReport hasMetaDataLabel(String key, String value) { return this; } + public AssertHTMLReport hasHTMLString(String value) { + if (!html.contains(value)) { + failWithDump("The report does not contain expected HTML string ':" + value + "'"); + } + return this; + } } diff --git a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java index dc3e6c43f7..029b4bbf24 100644 --- a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java +++ b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java @@ -12,19 +12,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.mercedesbenz.sechub.commons.model.ScanType; -import com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack; -import com.mercedesbenz.sechub.commons.model.SecHubFinding; -import com.mercedesbenz.sechub.commons.model.SecHubMessage; -import com.mercedesbenz.sechub.commons.model.SecHubMessageType; -import com.mercedesbenz.sechub.commons.model.SecHubReportData; -import com.mercedesbenz.sechub.commons.model.SecHubReportMetaData; -import com.mercedesbenz.sechub.commons.model.SecHubReportModel; -import com.mercedesbenz.sechub.commons.model.SecHubReportVersion; -import com.mercedesbenz.sechub.commons.model.SecHubResult; -import com.mercedesbenz.sechub.commons.model.SecHubStatus; -import com.mercedesbenz.sechub.commons.model.Severity; -import com.mercedesbenz.sechub.commons.model.TrafficLight; +import com.mercedesbenz.sechub.commons.model.*; import com.mercedesbenz.sechub.integrationtest.internal.SecHubJobAutoDumper; public class AssertReport { @@ -328,6 +316,100 @@ public AssertReport hasMetaDataLabel(String key, String value) { return this; } + private Optional getMetaDataSummary(ScanType scanType) { + if (scanType == null) { + throw new IllegalArgumentException("Integration test corrupt: scanType may not be null!"); + } + Optional metaDataOpt = report.getMetaData(); + if (metaDataOpt.isEmpty()) { + fail("Meta data not found inside report"); + } + SecHubReportMetaData metaData = metaDataOpt.get(); + SecHubReportSummary summary = metaData.getSummary(); + + switch (scanType) { + case CODE_SCAN: + return summary.getCodeScan(); + case INFRA_SCAN: + return summary.getInfraScan(); + case LICENSE_SCAN: + return summary.getLicenseScan(); + case SECRET_SCAN: + return summary.getSecretScan(); + case WEB_SCAN: + return summary.getWebScan(); + case REPORT: + case UNKNOWN: + case ANALYTICS: + default: + throw new IllegalArgumentException("Integration test corrupt: " + scanType + " may not be used here!"); + } + + } + + public AssertReport hasNoMetaDataSummaryFor(ScanType scanType) { + if (getMetaDataSummary(scanType).isPresent()) { + fail("Meta data summary for scan type: " + scanType + " found!"); + } + return this; + } + + public AssertReport hasMetaDataSummaryTotal(ScanType scanType, long expectedTotal) { + + SecHubReportScanTypeSummary summary = assertSummaryForScanTypeExists(scanType); + assertSummary(expectedTotal, summary.getTotal(), "total"); + + return this; + } + + public AssertReport hasMetaDataSummaryCritical(ScanType scanType, long expectedCritical) { + + SecHubReportScanTypeSummary summary = assertSummaryForScanTypeExists(scanType); + assertSummary(expectedCritical, summary.getCritical(), "critical"); + + return this; + } + + public AssertReport hasMetaDataSummaryHigh(ScanType scanType, long expectedHigh) { + + SecHubReportScanTypeSummary summary = assertSummaryForScanTypeExists(scanType); + assertSummary(expectedHigh, summary.getHigh(), "high"); + + return this; + } + + public AssertReport hasMetaDataSummaryMedium(ScanType scanType, long expectedMedium) { + + SecHubReportScanTypeSummary summary = assertSummaryForScanTypeExists(scanType); + assertSummary(expectedMedium, summary.getMedium(), "medium"); + + return this; + } + + public AssertReport hasMetaDataSummaryLow(ScanType scanType, long expectedLow) { + + SecHubReportScanTypeSummary summary = assertSummaryForScanTypeExists(scanType); + assertSummary(expectedLow, summary.getLow(), "low"); + + return this; + } + + public AssertReport hasMetaDataSummaryUnclassified(ScanType scanType, long expectedUnclassified) { + + SecHubReportScanTypeSummary summary = assertSummaryForScanTypeExists(scanType); + assertSummary(expectedUnclassified, summary.getUnclassified(), "unclassified"); + + return this; + } + + public AssertReport hasMetaDataSummaryInfo(ScanType scanType, long expectedInfo) { + + SecHubReportScanTypeSummary summary = assertSummaryForScanTypeExists(scanType); + assertSummary(expectedInfo, summary.getInfo(), "info"); + + return this; + } + public AssertReport dump() { LOG.info("-----------------------------------------------------------"); LOG.info("----------------------------DUMP---------------------------"); @@ -337,4 +419,19 @@ public AssertReport dump() { return this; } + private SecHubReportScanTypeSummary assertSummaryForScanTypeExists(ScanType scanType) { + Optional summaryOpt = getMetaDataSummary(scanType); + if (summaryOpt.isEmpty()) { + fail("No summary for scan type:" + scanType + " found in report!"); + } + SecHubReportScanTypeSummary summary = summaryOpt.get(); + return summary; + } + + private void assertSummary(long expected, long value, String summaryType) { + if (expected != value) { + fail("Summary " + summaryType + " failure. Expected :" + expected + " but was: " + value + ". "); + } + } + } diff --git a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/IntegrationTestJSONLocation.java b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/IntegrationTestJSONLocation.java index ce9c73db9b..2f3a1af19f 100644 --- a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/IntegrationTestJSONLocation.java +++ b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/IntegrationTestJSONLocation.java @@ -35,8 +35,16 @@ public enum IntegrationTestJSONLocation { CLIENT_JSON_WEBSCAN_PRODUCTFAILURE_ZERO_WAIT("sechub-integrationtest-webscanconfig-scenario3-productfailure.json"), + /** + * Returns web scan result with one criticial finding. + */ CLIENT_JSON_WEBSCAN_RED_ZERO_WAIT("sechub-integrationtest-webscanconfig-red-result.json"), + /** + * Returns web scan result with multiple findings: low, medium, high, criticial + */ + CLIENT_JSON_WEBSCAN_RED_MANYFINDINGS_ZERO_WAIT("sechub-integrationtest-webscanconfig-manyfindings-red-result.json"), + CLIENT_JSON_SECRET_SCAN_YELLOW_ZERO_WAIT("sechub-integrationtest-secretscanconfig.json"); private String path; diff --git a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/TestAPI.java b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/TestAPI.java index 77cd98cbc1..04b4be0c86 100644 --- a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/TestAPI.java +++ b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/TestAPI.java @@ -137,15 +137,27 @@ public static AssertReport assertReport(String json) { } /** - * Asserts given report HTML + * Asserts given report HTML (in memory) * - * @param html + * @param html string representation * @return assert object */ public static AssertHTMLReport assertHTMLReport(String html) { return AssertHTMLReport.assertHTMLReport(html); } + /** + * Asserts given report HTML (from a file). When the html report has failures, + * the failure text will provide the file path inside the failure output. + * + * @param html string representation + * @param filePath the file path where the HTML report comes from + * @return assert object + */ + public static AssertHTMLReport assertHTMLReport(String html, String filePath) { + return AssertHTMLReport.assertHTMLReport(html, filePath); + } + public static AssertFullScanData assertFullScanDataZipFile(File file) { return AssertFullScanData.assertFullScanDataZipFile(file); } @@ -1079,7 +1091,7 @@ public static SortedMap listSignups() { @Override public void accept(JsonNode node) { JsonNode userAsKey = node.get("userId"); - JsonNode emailAsValue = node.get("emailAdress"); + JsonNode emailAsValue = node.get("emailAddress"); String keyText = userAsKey.textValue(); String valueText = emailAsValue.textValue(); map.put(keyText, valueText); diff --git a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java index 2b10314e7c..ea8be55a3d 100644 --- a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java +++ b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java @@ -50,13 +50,12 @@ public void a_user_can_start_a_pds_sarif_scan_and_get_the_sarif_results_transfor TestProject project = PROJECT_1; UUID jobUUID = as(USER_1).createCodeScan(project,NOT_MOCKED);// scenario10 uses really integration test pds server! but WITHOUT reusage of sechub storage - /* execute */ as(USER_1). uploadSourcecode(project, jobUUID, PATH). approveJob(project, jobUUID); - waitForJobDone(project, jobUUID,10, true); + waitForJobDone(project, jobUUID, 10, true); /* test */ // test storage is a sechub storage and no PDS storage @@ -73,11 +72,25 @@ public void a_user_can_start_a_pds_sarif_scan_and_get_the_sarif_results_transfor hasStatus(SecHubStatus.SUCCESS). hasMessages(0). hasJobUUID(jobUUID). + + /* check labels are returned */ hasMetaDataLabel("quality-level", "high"). hasMetaDataLabel("test-label1", "Something special"). hasMetaDataLabel("test-label2", ""). hasMetaDataLabel("test-label3_with_html", "HTML is allowed, but must always be escaped in reports!"). hasMetaDataLabel("test-label4_with_special_chars", "Line1\nLine2\tLine3"). + + /* check summaries are calculated as expected */ + hasMetaDataSummaryTotal(ScanType.CODE_SCAN, 32). + hasMetaDataSummaryHigh(ScanType.CODE_SCAN, 28). + hasMetaDataSummaryMedium(ScanType.CODE_SCAN, 2). + hasMetaDataSummaryLow(ScanType.CODE_SCAN, 2). + + hasNoMetaDataSummaryFor(ScanType.WEB_SCAN). + hasNoMetaDataSummaryFor(ScanType.INFRA_SCAN). + hasNoMetaDataSummaryFor(ScanType.LICENSE_SCAN). + hasNoMetaDataSummaryFor(ScanType.SECRET_SCAN). + hasTrafficLight(RED). finding(0). hasSeverity(Severity.HIGH). @@ -100,11 +113,21 @@ public void a_user_can_start_a_pds_sarif_scan_and_get_the_sarif_results_transfor assertHTMLReport(htmlReport). containsAtLeastOneOpenDetailsBlock(). + hasMetaDataLabel("quality-level", "high"). hasMetaDataLabel("test-label1", "Something special"). hasMetaDataLabel("test-label2", ""). hasMetaDataLabel("test-label3_with_html", "<html>HTML is allowed, but must always be escaped in reports!</html>"). - hasMetaDataLabel("test-label4_with_special_chars", "Line1\nLine2\tLine3"); + hasMetaDataLabel("test-label4_with_special_chars", "Line1\nLine2\tLine3"). + + hasHTMLString("28"). + hasHTMLString("a href=\"#first_code_scan_medium\">2"). + hasHTMLString("2"). + hasHTMLString("BRAKE0000"). + hasHTMLString("
BRAKE0000
"). + hasHTMLString("Red findings"). + hasHTMLString("Yellow findings"). + hasHTMLString("Green findings"); // try to restart SecHub (will reuse existing PDS job because already done ) assertSecHubRestartWillNotStartNewJobButReusesExistingBecausePDSJobWasAlreadyDone(project,jobUUID); diff --git a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/SecHubExecutionScenarioSecHubClientIntTest.java b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/SecHubExecutionScenario2SecHubClientIntTest.java similarity index 82% rename from sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/SecHubExecutionScenarioSecHubClientIntTest.java rename to sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/SecHubExecutionScenario2SecHubClientIntTest.java index 2ac8878697..4849bd49c4 100644 --- a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/SecHubExecutionScenarioSecHubClientIntTest.java +++ b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/SecHubExecutionScenario2SecHubClientIntTest.java @@ -28,7 +28,26 @@ import com.mercedesbenz.sechub.integrationtest.internal.IntegrationTestExampleConstants; import com.mercedesbenz.sechub.integrationtest.internal.SecHubClientExecutor.ExecutionResult; -public class SecHubExecutionScenarioSecHubClientIntTest { +public class SecHubExecutionScenario2SecHubClientIntTest { + + private static final String EXTENSION_JSON = ".json"; + private static final String EXTENSION_HTML = ".html"; + + private static final String REPORT_CLIENT_TEST_1_CODESCAN_GREEN = "report_client-test-1-codescan-green"; + private static final String REPORT_CLIENT_TEST_1_CODESCAN_GREEN_HTML = REPORT_CLIENT_TEST_1_CODESCAN_GREEN + EXTENSION_HTML; + private static final String REPORT_CLIENT_TEST_1_CODESCAN_GREEN_JSON = REPORT_CLIENT_TEST_1_CODESCAN_GREEN + EXTENSION_JSON; + + private static final String REPORT_CLIENT_TEST_2_CODESCAN_YELLOW = "report_client-test-2-codescan-yellow"; + private static final String REPORT_CLIENT_TEST_2_CODESCAN_YELLOW_JSON = REPORT_CLIENT_TEST_2_CODESCAN_YELLOW + EXTENSION_JSON; + private static final String REPORT_CLIENT_TEST_2_CODESCAN_YELLOW_HTML = REPORT_CLIENT_TEST_2_CODESCAN_YELLOW + EXTENSION_HTML; + + private static final String REPORT_CLIENT_TEST_3_WEBSCAN_RED_ONE_FINDING = "report_client-test-3-webscan-red-one-finding"; + private static final String REPORT_CLIENT_TEST_3_WEBSCAN_RED_ONE_FINDING_JSON = REPORT_CLIENT_TEST_3_WEBSCAN_RED_ONE_FINDING + EXTENSION_JSON; + private static final String REPORT_CLIENT_TEST_3_WEBSCAN_RED_ONE_FINDING_HTML = REPORT_CLIENT_TEST_3_WEBSCAN_RED_ONE_FINDING + EXTENSION_HTML; + + private static final String REPORT_CLIENT_TEST_4_WEBSCAN_RED_MULTIPLE_FINDINGS = "report_client-test-4-webscan-red-multiple-findings"; + private static final String REPORT_CLIENT_TEST_4_WEBSCAN_RED_MULTIPLE_FINDINGS_HTML = REPORT_CLIENT_TEST_4_WEBSCAN_RED_MULTIPLE_FINDINGS + EXTENSION_HTML; + private static final String REPORT_CLIENT_TEST_4_WEBSCAN_RED_MULTIPLE_FINDINGS_JSON = REPORT_CLIENT_TEST_4_WEBSCAN_RED_MULTIPLE_FINDINGS + EXTENSION_JSON; @Rule public IntegrationTestSetup setup = IntegrationTestSetup.forScenario(Scenario2.class); @@ -191,10 +210,10 @@ public void a_project_having_metadata_no_problems_can_be_executed_as_codescan_an /* store webscan reports as example */ String jsonReport = as(user).getJobReport(project, jobUUID); - storeTestReport("report_webscan-1-green.json", jsonReport); + storeTestReport(REPORT_CLIENT_TEST_1_CODESCAN_GREEN_JSON, jsonReport); String htmlReport = as(user).getHTMLJobReport(project, jobUUID); - storeTestReport("report_webscan-1-green.html", htmlReport); + storeTestReport(REPORT_CLIENT_TEST_1_CODESCAN_GREEN_HTML, htmlReport); /* @formatter:on */ } @@ -518,10 +537,10 @@ public void sechub_client_is_able_to_handle_synchronous_and_result_has_trafficli /* store webscan reports as example */ String jsonReport = as(USER_1).getJobReport(project, result.getSechubJobUUID()); - storeTestReport("report_webscan-2-yellow.json", jsonReport); + storeTestReport(REPORT_CLIENT_TEST_2_CODESCAN_YELLOW_JSON, jsonReport); String htmlReport = as(USER_1).getHTMLJobReport(project, result.getSechubJobUUID()); - storeTestReport("report_webscan-2-yellow.html", htmlReport); + storeTestReport(REPORT_CLIENT_TEST_2_CODESCAN_YELLOW_HTML, htmlReport); /* @formatter:on */ } @@ -550,14 +569,36 @@ public void sechub_client_is_able_to_handle_synchronous_and_result_has_trafficli isRed(). hasExitCode(1); - /* store webscan reports as example */ String jsonReport = as(USER_1).getJobReport(project, result.getSechubJobUUID()); - storeTestReport("report_webscan-3-red.json", jsonReport); + storeTestReport(REPORT_CLIENT_TEST_3_WEBSCAN_RED_ONE_FINDING_JSON, jsonReport); String htmlReport = as(USER_1).getHTMLJobReport(project, result.getSechubJobUUID()); - storeTestReport("report_webscan-3-red.html", htmlReport); - /* @formatter:on */ + storeTestReport(REPORT_CLIENT_TEST_3_WEBSCAN_RED_ONE_FINDING_HTML, htmlReport); + + /* execute 2 - same setup, but result will have no mutiple entries inside (low, medium, high, criticial )*/ + result = as(USER_1). + withSecHubClient(). + startSynchronScanFor(project, CLIENT_JSON_WEBSCAN_RED_MANYFINDINGS_ZERO_WAIT); + + /* test 2 */ + assertResult(result). + isRed(). + hasExitCode(1); + + + /* store webscan reports as example */ + String jsonReport2 = as(USER_1).getJobReport(project, result.getSechubJobUUID()); + storeTestReport(REPORT_CLIENT_TEST_4_WEBSCAN_RED_MULTIPLE_FINDINGS_JSON, jsonReport2); + + String htmlReport2 = as(USER_1).getHTMLJobReport(project, result.getSechubJobUUID()); + storeTestReport(REPORT_CLIENT_TEST_4_WEBSCAN_RED_MULTIPLE_FINDINGS_HTML, htmlReport2); + + /* test 3 - check content is as expected */ + assertHTMLReport(htmlReport2, REPORT_CLIENT_TEST_4_WEBSCAN_RED_MULTIPLE_FINDINGS_HTML).containsAtLeastOneOpenDetailsBlock(); + assertHTMLReport(htmlReport, REPORT_CLIENT_TEST_3_WEBSCAN_RED_ONE_FINDING_HTML).containsAtLeastOneOpenDetailsBlock(); + + /* @formatter:on */ } diff --git a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/UserAdministrationScenario2IntTest.java b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/UserAdministrationScenario2IntTest.java index 7197069696..0ef0b4c776 100644 --- a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/UserAdministrationScenario2IntTest.java +++ b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/UserAdministrationScenario2IntTest.java @@ -53,7 +53,7 @@ public void superadmin_can_fetch_user_list_and_list_contains_user1_and_user2() { } @Test - public void superadmin_can_change_user_email_adress_of_user2() { + public void superadmin_can_change_user_email_address_of_user2() { /* prepare */ TestUserDetailInformation details = as(SUPER_ADMIN).fetchUserDetails(USER_2); String formerEmailAddress = details.getEmail(); diff --git a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/UserRequestsNewAPITokenIntTest.java b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/UserRequestsNewAPITokenIntTest.java index 9544f6768f..42fa607ba2 100644 --- a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/UserRequestsNewAPITokenIntTest.java +++ b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario2/UserRequestsNewAPITokenIntTest.java @@ -16,7 +16,7 @@ public class UserRequestsNewAPITokenIntTest { public IntegrationTestSetup setup = IntegrationTestSetup.forScenario(Scenario2.class); @Test - public void an_anonymous_user_can_trigger_new_api_token_request_for_existing_user_email_adress_leads_to_mail_with_link_to_fetch_new_apitoken() { + public void an_anonymous_user_can_trigger_new_api_token_request_for_existing_user_email_address_leads_to_email_with_link_to_fetch_new_apitoken() { /* check preconditions */ String email = USER_1.getEmail(); assertTrue(email.endsWith("_user1@example.org")); diff --git a/sechub-integrationtest/src/test/resources/sechub-integrationtest-webscanconfig-manyfindings-red-result.json b/sechub-integrationtest/src/test/resources/sechub-integrationtest-webscanconfig-manyfindings-red-result.json new file mode 100644 index 0000000000..a0f09915a1 --- /dev/null +++ b/sechub-integrationtest/src/test/resources/sechub-integrationtest-webscanconfig-manyfindings-red-result.json @@ -0,0 +1,8 @@ +{ + + "apiVersion": "1.0", + + "webScan" : { + "url": "https://netsparker.manyfindings.demo.example.org" + } +} diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/NotificationConfiguration.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/NotificationConfiguration.java index 8d97bf3f6f..73d850df00 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/NotificationConfiguration.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/NotificationConfiguration.java @@ -15,15 +15,15 @@ @Component public class NotificationConfiguration { - @MustBeDocumented(value = "Single mail adress used for emails to administrators. This should an NPM (non personalized mailbox)") + @MustBeDocumented(value = "Single email address used for emails to administrators. This should be a NPM (non personalized mailbox)") @Value("${sechub.notification.email.administrators}") private String emailAdministrators; - @MustBeDocumented(value = "Adress used for emails sent by sechub system") + @MustBeDocumented(value = "Address used for emails sent by sechub system") @Value("${sechub.notification.email.from}") private String emailFrom; - @MustBeDocumented(value = "Adress used for reply when email was sent by sechub system") + @MustBeDocumented(value = "Address used for reply when email was sent by sechub system") @Value("${sechub.notification.email.replyto:}") private String emailReplyTo; diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/email/MockEmailRestController.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/email/MockEmailRestController.java index a2a14220cb..dff3fd3099 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/email/MockEmailRestController.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/email/MockEmailRestController.java @@ -39,13 +39,13 @@ public class MockEmailRestController { /* @formatter:off */ @RequestMapping( - path = APIConstants.API_ANONYMOUS+"integrationtest/mock/emails/to/{emailAdress}", + path = APIConstants.API_ANONYMOUS+"integrationtest/mock/emails/to/{emailAddress}", method = RequestMethod.GET, produces= {MediaType.APPLICATION_JSON_VALUE}) @ResponseStatus(HttpStatus.OK) - public List getMailsFor(@PathVariable(name="emailAdress") String emailAdress) { + public List getMailsFor(@PathVariable(name="emailAddress") String emailAddress) { /* @formatter:on */ - return mockMailService.getMailsFor(emailAdress); + return mockMailService.getMailsFor(emailAddress); } /* @formatter:off */ diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/owner/InformThatProjectHasNewOwnerNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/owner/InformThatProjectHasNewOwnerNotificationService.java index be348297c7..cf1a7342f8 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/owner/InformThatProjectHasNewOwnerNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/owner/InformThatProjectHasNewOwnerNotificationService.java @@ -44,7 +44,7 @@ public void notify(ProjectMessage projectMessage, String baseUrl) { return; } - Set ccMailsSet = projectMessage.getUserEmailAdresses(); + Set ccMailsSet = projectMessage.getUserEmailAddresses(); ccMailsSet.add(previousOwnerEmailAddress); String[] ccAddresses = ccMailsSet.stream().toArray(String[]::new); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/superadmin/InformAdminsThatUserBecomesAdminNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/superadmin/InformAdminsThatUserBecomesAdminNotificationService.java index c73616b837..ec7191c37b 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/superadmin/InformAdminsThatUserBecomesAdminNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/superadmin/InformAdminsThatUserBecomesAdminNotificationService.java @@ -40,7 +40,7 @@ private String createEmailContent(UserMessage userMessage, String baseUrl) { StringBuilder emailContent = new StringBuilder(); emailContent.append("Please welcome \n " + userMessage.getUserId() + "\n"); emailContent.append("as a new administrator of SecHub for environment (base url): " + baseUrl + "\n\n"); - emailContent.append("Email address of new colleague is: " + userMessage.getEmailAdress() + "\n"); + emailContent.append("Email address of new colleague is: " + userMessage.getEmailAddress() + "\n"); emailContent.append("Don't forget to add that email address to NPM (SecHub administrators) as well.\n"); String text = emailContent.toString(); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/superadmin/InformAdminsThatUserNoLongerAdminNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/superadmin/InformAdminsThatUserNoLongerAdminNotificationService.java index 719e38501e..f70f1d0b79 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/superadmin/InformAdminsThatUserNoLongerAdminNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/superadmin/InformAdminsThatUserNoLongerAdminNotificationService.java @@ -41,7 +41,7 @@ private String createEmailContent(UserMessage userMessage, String baseUrl) { StringBuilder emailContent = new StringBuilder(); emailContent.append("User " + userMessage.getUserId() + " left the group of SecHub administrators.\n"); emailContent.append("She/He will be no longer admin for environment (base url): " + baseUrl + "\n\n"); - emailContent.append("Email address of colleague was: " + userMessage.getEmailAdress() + "\n"); + emailContent.append("Email address of colleague was: " + userMessage.getEmailAddress() + "\n"); emailContent.append("Don't forget to remove that email address from NPM (SecHub administrators) as well.\n"); String text = emailContent.toString(); return text; diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUserThatUserBecomesAdminNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUserThatUserBecomesAdminNotificationService.java index 3606d9bfd3..37b091dcbe 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUserThatUserBecomesAdminNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUserThatUserBecomesAdminNotificationService.java @@ -25,7 +25,7 @@ public void notify(UserMessage userMessage, String baseUrl) { SimpleMailMessage message = factory.createMessage("SecHub administrator privileges granted"); - message.setTo(userMessage.getEmailAdress()); + message.setTo(userMessage.getEmailAddress()); message.setText(createEmailContent(userMessage, baseUrl)); emailService.send(message); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUserThatUserNoLongerAdminNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUserThatUserNoLongerAdminNotificationService.java index 58f14f4cff..83a41f840d 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUserThatUserNoLongerAdminNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUserThatUserNoLongerAdminNotificationService.java @@ -25,7 +25,7 @@ public void notify(UserMessage userMessage, String baseUrl) { SimpleMailMessage message = factory.createMessage("SecHub administrator privileges revoked"); - message.setTo(userMessage.getEmailAdress()); + message.setTo(userMessage.getEmailAddress()); message.setText(createEmailContent(userMessage, baseUrl)); emailService.send(message); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUsersThatProjectHasBeenDeletedNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUsersThatProjectHasBeenDeletedNotificationService.java index 2926b16ad7..24d5d99a6a 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUsersThatProjectHasBeenDeletedNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/InformUsersThatProjectHasBeenDeletedNotificationService.java @@ -32,9 +32,9 @@ public class InformUsersThatProjectHasBeenDeletedNotificationService { public void notify(ProjectMessage projectMessage, String baseUrl) { requireNonNull(projectMessage); - Set mailAdresses = projectMessage.getUserEmailAdresses(); - if (mailAdresses == null || mailAdresses.isEmpty()) { - LOG.info("No users found for project {} so ignore sending info mail about delete", projectMessage.getProjectId()); + Set emailAddresses = projectMessage.getUserEmailAddresses(); + if (emailAddresses == null || emailAddresses.isEmpty()) { + LOG.info("No users found for project {} so ignore sending info email about delete", projectMessage.getProjectId()); return; } SimpleMailMessage message = factory.createMessage("A SecHub project where you have been a user was deleted: " + projectMessage.getProjectId()); @@ -44,10 +44,10 @@ public void notify(ProjectMessage projectMessage, String baseUrl) { emailContent.append("has been deleted.\n\n"); emailContent.append("This means that all report data has been deleted, and thus sechub scans for this project are no longer accessible.\n"); - String[] userAdresses = projectMessage.getUserEmailAdresses().toArray(new String[mailAdresses.size()]); + String[] userAddresses = projectMessage.getUserEmailAddresses().toArray(new String[emailAddresses.size()]); - message.setBcc(userAdresses); // we do send per BCC so users do not get other email addresses. Maybe necessary - // because of data protection + message.setBcc(userAddresses); // we do send per BCC so users do not get other email addresses. Maybe necessary + // because of data protection message.setText(emailContent.toString()); emailService.send(message); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/NewAPITokenAppliedUserNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/NewAPITokenAppliedUserNotificationService.java index d3fe6fd5e6..e9e2765216 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/NewAPITokenAppliedUserNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/NewAPITokenAppliedUserNotificationService.java @@ -30,7 +30,7 @@ public void notify(UserMessage userMessage) { emailContent.append("If you have not triggered an api token change please inform administrators.\n"); SimpleMailMessage message1 = factory.createMessage("SecHub API token changed"); - message1.setTo(userMessage.getEmailAdress()); + message1.setTo(userMessage.getEmailAddress()); message1.setText(emailContent.toString()); emailService.send(message1); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/NewApiTokenRequestedUserNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/NewApiTokenRequestedUserNotificationService.java index ef10596128..d87181d629 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/NewApiTokenRequestedUserNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/NewApiTokenRequestedUserNotificationService.java @@ -44,7 +44,7 @@ public void notify(UserMessage userMessage) { emailContent.append("\n"); SimpleMailMessage message1 = factory.createMessage(userMessage.getSubject()); - message1.setTo(userMessage.getEmailAdress()); + message1.setTo(userMessage.getEmailAddress()); message1.setText(emailContent.toString()); emailService.send(message1); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedAdminNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedAdminNotificationService.java index 3ff474464f..31e221d71a 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedAdminNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedAdminNotificationService.java @@ -32,7 +32,7 @@ public void notify(UserMessage userMessage) { emailContent.append("A user requested access to SecHub:\n"); emailContent.append("- Requested user id: " + userMessage.getUserId() + "\n"); - emailContent.append("- Email address: " + userMessage.getEmailAdress() + "\n"); + emailContent.append("- Email address: " + userMessage.getEmailAddress() + "\n"); /* send mail */ SimpleMailMessage message1 = factory.createMessage("SecHub signup requested: " + userMessage.getUserId()); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedUserNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedUserNotificationService.java index 357c6d81a6..3bec9e6ac3 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedUserNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedUserNotificationService.java @@ -31,7 +31,7 @@ public void notify(UserMessage userMessage) { /* send mail */ SimpleMailMessage message1 = factory.createMessage("Successful registration in SecHub"); - message1.setTo(userMessage.getEmailAdress()); + message1.setTo(userMessage.getEmailAddress()); message1.setText(emailContent.toString()); emailService.send(message1); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/UserDeletedNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/UserDeletedNotificationService.java index deadd90b56..722b2620bc 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/UserDeletedNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/UserDeletedNotificationService.java @@ -32,7 +32,7 @@ public void notify(UserMessage userMessage) { emailContent.append("\nhas been removed by an administrator.\n"); SimpleMailMessage message = factory.createMessage("SecHub account removed"); - message.setTo(userMessage.getEmailAdress()); + message.setTo(userMessage.getEmailAddress()); message.setText(emailContent.toString()); emailService.send(message); diff --git a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/UserEmailAddressChangedNotificationService.java b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/UserEmailAddressChangedNotificationService.java index a0a2f9ae4b..abe62a0831 100644 --- a/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/UserEmailAddressChangedNotificationService.java +++ b/sechub-notification/src/main/java/com/mercedesbenz/sechub/domain/notification/user/UserEmailAddressChangedNotificationService.java @@ -50,11 +50,11 @@ private void sendEmailToNewUserEmailAddress(UserMessage userMessage) { emailContent.append(" from "); emailContent.append(userMessage.getFormerEmailAddress()); emailContent.append(" to "); - emailContent.append(userMessage.getEmailAdress()); + emailContent.append(userMessage.getEmailAddress()); emailContent.append(". \nYour old email address is not used in SecHub any longer."); SimpleMailMessage message = factory.createMessage(EMAIL_SUBJECT_NEW_ADDRESS); - message.setTo(userMessage.getEmailAdress()); + message.setTo(userMessage.getEmailAddress()); message.setText(emailContent.toString()); emailService.send(message); diff --git a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/owner/InformThatProjectHasNewOwnerNotificationServiceTest.java b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/owner/InformThatProjectHasNewOwnerNotificationServiceTest.java index b9b7439d4b..505226e5cf 100644 --- a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/owner/InformThatProjectHasNewOwnerNotificationServiceTest.java +++ b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/owner/InformThatProjectHasNewOwnerNotificationServiceTest.java @@ -59,7 +59,7 @@ public void sends_email_to_former_project_owner_new_project_owner_and_users_cont Set userMails = new HashSet<>(); userMails.add("user1@example.org"); - when(message.getUserEmailAdresses()).thenReturn(userMails); + when(message.getUserEmailAddresses()).thenReturn(userMails); /* execute */ serviceToTest.notify(message, "base1"); diff --git a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/InformUsersThatProjectHasBeenDeletedNotificationServiceTest.java b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/InformUsersThatProjectHasBeenDeletedNotificationServiceTest.java index 086024817e..8f9873ba33 100644 --- a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/InformUsersThatProjectHasBeenDeletedNotificationServiceTest.java +++ b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/InformUsersThatProjectHasBeenDeletedNotificationServiceTest.java @@ -45,7 +45,7 @@ public void sends_NO_email_when_no_users_where_defined_at_a_project() throws Exc when(message.getProjectId()).thenReturn("projectId1"); Set emptyUserList = new LinkedHashSet<>(); - when(message.getUserEmailAdresses()).thenReturn(emptyUserList); + when(message.getUserEmailAddresses()).thenReturn(emptyUserList); /* execute */ serviceToTest.notify(message, "base1"); @@ -69,7 +69,7 @@ public void sends_email_to_all_former_project_users_as_bcc_containing_projectid( userList.add("test1@example.org"); userList.add("test2@example.org"); - when(message.getUserEmailAdresses()).thenReturn(userList); + when(message.getUserEmailAddresses()).thenReturn(userList); /* execute */ serviceToTest.notify(message, "base1"); diff --git a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedAdminNotificationServiceTest.java b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedAdminNotificationServiceTest.java index f7fced5c86..b2887c1430 100644 --- a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedAdminNotificationServiceTest.java +++ b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedAdminNotificationServiceTest.java @@ -45,8 +45,8 @@ public void sends_email_to_admins_containing_userid_and_email_from_event() throw // message to receive from event bus UserMessage message = mock(UserMessage.class); - when(message.getUserId()).thenReturn("schlaubi"); - when(message.getEmailAdress()).thenReturn("schlau.schlumpf@schlumpfhausen.de"); + when(message.getUserId()).thenReturn("adam42"); + when(message.getEmailAddress()).thenReturn("new.user@example.org"); /* execute */ serviceToTest.notify(message); @@ -62,8 +62,8 @@ public void sends_email_to_admins_containing_userid_and_email_from_event() throw ArgumentCaptor stringMessageCaptor = ArgumentCaptor.forClass(String.class); verify(mockedMailMessage).setText(stringMessageCaptor.capture()); String textInMessageBody = stringMessageCaptor.getValue(); - assertTrue(textInMessageBody.contains("schlaubi")); - assertTrue(textInMessageBody.contains("schlau.schlumpf@schlumpfhausen.de")); + assertTrue(textInMessageBody.contains("adam42")); + assertTrue(textInMessageBody.contains("new.user@example.org")); } } diff --git a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedUserNotificationServiceTest.java b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedUserNotificationServiceTest.java index 4e56f4f2ed..7cdd7cc5e1 100644 --- a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedUserNotificationServiceTest.java +++ b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/SignUpRequestedUserNotificationServiceTest.java @@ -40,7 +40,7 @@ public void sends_email_to_user_from_event() throws Exception { // message to receive from event bus UserMessage message = mock(UserMessage.class); - when(message.getEmailAdress()).thenReturn("schlau.schlumpf@schlumpfhausen.de"); + when(message.getEmailAddress()).thenReturn("new.user@example.org"); /* execute */ serviceToTest.notify(message); @@ -50,7 +50,7 @@ public void sends_email_to_user_from_event() throws Exception { ArgumentCaptor mailMessageCaptor = ArgumentCaptor.forClass(SimpleMailMessage.class); verify(mockedEmailService).send(mailMessageCaptor.capture()); assertSame(mockedMailMessage, mailMessageCaptor.getValue()); - verify(mockedMailMessage).setTo("schlau.schlumpf@schlumpfhausen.de"); + verify(mockedMailMessage).setTo("new.user@example.org"); // check content ArgumentCaptor stringMessageCaptor = ArgumentCaptor.forClass(String.class); diff --git a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/UserEmailAddressChangedNotificationServiceTest.java b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/UserEmailAddressChangedNotificationServiceTest.java index 6e666efc42..474672570d 100644 --- a/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/UserEmailAddressChangedNotificationServiceTest.java +++ b/sechub-notification/src/test/java/com/mercedesbenz/sechub/domain/notification/user/UserEmailAddressChangedNotificationServiceTest.java @@ -35,13 +35,13 @@ void beforeEach() { @Test void sends_emails_to_former_and_new_mail_address_containing_expected_content() { /* prepare */ - String emailAddress = "email.adress@example.org"; - String formerEmailAddress = "former_email.adress@example.org"; + String emailAddress = "email.address@example.org"; + String formerEmailAddress = "former_email.address@example.org"; UserMessage userMessage = new UserMessage(); - userMessage.setEmailAdress(emailAddress); + userMessage.setEmailAddress(emailAddress); userMessage.setFormerEmailAddress(formerEmailAddress); - userMessage.setSubject("Your mail adress has changed by a test"); + userMessage.setSubject("Your email address has been changed by a test"); SimpleMailMessage simpleMailmessageFormer = new SimpleMailMessage(); simpleMailmessageFormer.setSubject(""); @@ -68,18 +68,18 @@ void sends_emails_to_former_and_new_mail_address_containing_expected_content() { String receivedFormerText = mails.receivedFormer.getText(); String receivedNewText = mails.receivedNew.getText(); - assertEquals("Your mail adress has changed by a test and it will not be used any longer for SecHub.\n" + assertEquals("Your email address has been changed by a test and it will not be used any longer for SecHub.\n" + "\n" + "In case you do not receive a follow up notification to the new email address, please inform your SecHub administrator!", receivedFormerText); - assertEquals("Your mail adress has changed by a test from former_email.adress@example.org to email.adress@example.org. \n" + assertEquals("Your email address has been changed by a test from former_email.address@example.org to email.address@example.org. \n" + "Your old email address is not used in SecHub any longer.", receivedNewText); /* @formatter:on */ } - private Mails fetchSentMailsFromMockObjects(String emailAdress, String formerEmailAdress) { + private Mails fetchSentMailsFromMockObjects(String emailAddress, String formerEmailAddress) { ArgumentCaptor messageCaptor = ArgumentCaptor.forClass(SimpleMailMessage.class); verify(emailService, times(2)).send(messageCaptor.capture()); List messagesSent = messageCaptor.getAllValues(); @@ -87,10 +87,10 @@ private Mails fetchSentMailsFromMockObjects(String emailAdress, String formerEma assertEquals(2, messagesSent.size()); Mails data = new Mails(); for (SimpleMailMessage message : messagesSent) { - if (emailAdress.equals(message.getTo()[0])) { + if (emailAddress.equals(message.getTo()[0])) { data.receivedNew = message; } - if (formerEmailAdress.equals(message.getTo()[0])) { + if (formerEmailAddress.equals(message.getTo()[0])) { data.receivedFormer = message; } } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java deleted file mode 100644 index 9fb59dfdc2..0000000000 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java +++ /dev/null @@ -1,116 +0,0 @@ -// SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.domain.scan; - -import java.io.File; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.UUID; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.core.io.Resource; -import org.springframework.stereotype.Component; - -import com.mercedesbenz.sechub.commons.model.SecHubFinding; -import com.mercedesbenz.sechub.commons.model.SecHubResult; -import com.mercedesbenz.sechub.commons.model.SecHubResultTrafficLightFilter; -import com.mercedesbenz.sechub.commons.model.TrafficLight; -import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; -import com.mercedesbenz.sechub.sharedkernel.MustBeDocumented; - -@Component -public class HTMLScanResultReportModelBuilder { - - static final String SHOW_LIGHT = "opacity: 1.0"; - static final String HIDE_LIGHT = "opacity: 0.25"; - - private static final Logger LOG = LoggerFactory.getLogger(HTMLScanResultReportModelBuilder.class); - - @Value("${sechub.development.webdesignmode.enabled:false}") - @MustBeDocumented(scope = "development", value = "Developers can turn on this mode to have reports creating with external css. Normally the html model builder will create embedded css content") - boolean webDesignMode; - - @Value("classpath:templates/report/html/scanresult.css") - Resource cssResource; - - String embeddedCSS; - - @Autowired - SecHubResultTrafficLightFilter trafficLightFilter; - - public Map build(ScanSecHubReport report) { - TrafficLight trafficLight = report.getTrafficLight(); - - String styleRed = HIDE_LIGHT; - String styleYellow = HIDE_LIGHT; - String styleGreen = HIDE_LIGHT; - - if (trafficLight == null) { - throw new IllegalStateException("No traffic light defined"); - } - - switch (trafficLight) { - case RED: - styleRed = SHOW_LIGHT; - break; - case YELLOW: - styleYellow = SHOW_LIGHT; - break; - case GREEN: - styleGreen = SHOW_LIGHT; - break; - default: - } - HtmlCodeScanDescriptionSupport codeScanSupport = new HtmlCodeScanDescriptionSupport(); - SecHubResult result = report.getResult(); - - Map> codeScanEntries = new HashMap<>(); - for (SecHubFinding finding : result.getFindings()) { - codeScanEntries.put(finding.getId(), codeScanSupport.buildEntries(finding)); - } - - Map model = new HashMap<>(); - model.put("result", report.getResult()); - model.put("redList", trafficLightFilter.filterFindingsFor(result, TrafficLight.RED)); - model.put("yellowList", trafficLightFilter.filterFindingsFor(result, TrafficLight.YELLOW)); - model.put("greenList", trafficLightFilter.filterFindingsFor(result, TrafficLight.GREEN)); - - model.put("trafficlight", trafficLight.name()); - - model.put("styleRed", styleRed); - model.put("styleYellow", styleYellow); - model.put("styleGreen", styleGreen); - model.put("isWebDesignMode", webDesignMode); - model.put("codeScanEntries", codeScanEntries); - model.put("codeScanSupport", codeScanSupport); - model.put("reportHelper", HTMLReportHelper.DEFAULT); - model.put("messages", report.getMessages()); - model.put("metaData", report.getMetaData()); - - if (webDesignMode) { - File file; - try { - if (cssResource == null) { - LOG.error("CSS resource not set:{}", cssResource); - } else { - file = cssResource.getFile(); - String absolutePathToCSSFile = file.getAbsolutePath(); - LOG.info("Web design mode activate, using not embedded css but ref to:{}", absolutePathToCSSFile); - model.put("includedCSSRef", absolutePathToCSSFile); - } - } catch (Exception e) { - LOG.error("Was not able get file from resource:{}", cssResource, e); - } - } - UUID jobUUID = report.getJobUUID(); - if (jobUUID != null) { - model.put("jobuuid", jobUUID.toString()); - } else { - model.put("jobuuid", "none"); - } - return model; - } -} diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/InfraScanNetworkLocationProvider.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/InfraScanNetworkLocationProvider.java index 5dc4941e34..2fc7220450 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/InfraScanNetworkLocationProvider.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/InfraScanNetworkLocationProvider.java @@ -35,7 +35,7 @@ public List getURIs() { } @Override - public List getInetAdresses() { + public List getInetAddresses() { if (config == null) { return Collections.emptyList(); } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/NetworkLocationProvider.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/NetworkLocationProvider.java index 77d2b3605f..3bdb77d542 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/NetworkLocationProvider.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/NetworkLocationProvider.java @@ -9,6 +9,6 @@ public interface NetworkLocationProvider { List getURIs(); - List getInetAdresses(); + List getInetAddresses(); } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/NetworkTargetInfoFactory.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/NetworkTargetInfoFactory.java index 3615ec7854..aed69432a6 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/NetworkTargetInfoFactory.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/NetworkTargetInfoFactory.java @@ -34,7 +34,7 @@ public NetworkTargetInfo createInfo(NetworkTargetType targetType, UUIDTraceLogID List uris = networkLocationProvider.getURIs(); registerURIs(traceLogId, support, registry, uris); - List inetAdresses = networkLocationProvider.getInetAdresses(); + List inetAdresses = networkLocationProvider.getInetAddresses(); registerInetAdresses(traceLogId, support, registry, inetAdresses); } else { diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/WebScanNetworkLocationProvider.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/WebScanNetworkLocationProvider.java index 4735169ec4..55bc0806cf 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/WebScanNetworkLocationProvider.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/WebScanNetworkLocationProvider.java @@ -39,7 +39,7 @@ public List getURIs() { } @Override - public List getInetAdresses() { + public List getInetAddresses() { /* * SecHubWebScanConfiguration configuration currently has no IPs inside, so we * do not provide this diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HtmlCodeScanDescriptionSupport.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLCodeScanDescriptionSupport.java similarity index 95% rename from sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HtmlCodeScanDescriptionSupport.java rename to sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLCodeScanDescriptionSupport.java index 34c73d65f6..33e4ea1d8b 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HtmlCodeScanDescriptionSupport.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLCodeScanDescriptionSupport.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.domain.scan; +package com.mercedesbenz.sechub.domain.scan.report; import static java.util.Objects.*; @@ -16,7 +16,7 @@ * @author Albert Tregnaghi * */ -public class HtmlCodeScanDescriptionSupport { +public class HTMLCodeScanDescriptionSupport { public boolean isCodeScan(SecHubFinding finding) { SecHubCodeCallStack code = finding.getCode(); diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLFirstLinkToSeveritySupport.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLFirstLinkToSeveritySupport.java new file mode 100644 index 0000000000..a45238e502 --- /dev/null +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLFirstLinkToSeveritySupport.java @@ -0,0 +1,18 @@ +package com.mercedesbenz.sechub.domain.scan.report; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.Severity; + +public class HTMLFirstLinkToSeveritySupport { + + public static HTMLFirstLinkToSeveritySupport DEFAULT = new HTMLFirstLinkToSeveritySupport(); + + public String createLinkToFirstOf(ScanType scanType, Severity severity) { + return "#" + createAnkerFirstOf(scanType, severity); + } + + public String createAnkerFirstOf(ScanType scanType, Severity severity) { + String anker = "first_" + scanType + "_" + severity; + return anker.toLowerCase(); + } +} diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLReportHelper.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLReportHelper.java similarity index 65% rename from sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLReportHelper.java rename to sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLReportHelper.java index a5ad35a407..f086fc50ee 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLReportHelper.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLReportHelper.java @@ -1,9 +1,11 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.domain.scan; +package com.mercedesbenz.sechub.domain.scan.report; import org.springframework.http.HttpStatus; import com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils; +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack; import com.mercedesbenz.sechub.commons.model.SecHubFinding; import com.mercedesbenz.sechub.commons.model.SecHubMessageType; import com.mercedesbenz.sechub.commons.model.web.SecHubReportWeb; @@ -19,6 +21,7 @@ public class HTMLReportHelper { private static final String EMPTY_STRING = ""; private static final int SHORT_VECTOR_SIZE = 80; private static final int SHORT_EVIDENCE_SIZE = 80; + private static final int MAX_LOCATION_INFO_STRING_LENTH = 180; public static HTMLReportHelper DEFAULT = new HTMLReportHelper(); @@ -30,6 +33,39 @@ public boolean hasSolution(SecHubFinding finding) { return SimpleStringUtils.isNotEmpty(getSolution(finding)); } + public String createShortLocationInfo(SecHubFinding finding) { + + if (finding == null) { + return EMPTY_STRING; + } + ScanType scanType = finding.getType(); + if (scanType == null) { + return EMPTY_STRING; + } + + String locationInfo = ""; + switch (scanType) { + case LICENSE_SCAN: + case SECRET_SCAN: + case CODE_SCAN: + SecHubCodeCallStack code = finding.getCode(); + if (code != null) { + locationInfo = code.getLocation() + ", line:" + code.getLine() + ", column:" + code.getColumn(); + } + break; + case INFRA_SCAN: + locationInfo = finding.getDescription(); + break; + case WEB_SCAN: + locationInfo = createShortTargetLocation(finding.getWeb()); + break; + default: + break; + } + return SimpleStringUtils.truncateWhenTooLong(locationInfo, MAX_LOCATION_INFO_STRING_LENTH); + + } + public String getDescription(SecHubFinding finding) { if (finding == null) { return EMPTY_STRING; @@ -104,6 +140,9 @@ public boolean hasEvidenceContent(SecHubReportWebAttack attack) { } public String createShortTargetLocation(SecHubReportWeb web) { + if (web == null) { + return EMPTY_STRING; + } String target = getTargetLocation(web); int questionMarkIndex = target.indexOf('?'); if (questionMarkIndex != LINE_NOT_FOUND) { @@ -113,6 +152,9 @@ public String createShortTargetLocation(SecHubReportWeb web) { } public String getTargetLocation(SecHubReportWeb web) { + if (web == null) { + return EMPTY_STRING; + } String target = web.getRequest().getTarget(); if (target == null) { return EMPTY_STRING; @@ -121,6 +163,9 @@ public String getTargetLocation(SecHubReportWeb web) { } public String createShortEvidence(SecHubReportWebAttack attack) { + if (attack == null) { + return EMPTY_STRING; + } String snippet = getEvidence(attack); return SimpleStringUtils.truncateWhenTooLong(snippet, SHORT_EVIDENCE_SIZE); } @@ -140,6 +185,49 @@ public String createShortVector(SecHubReportWebAttack attack) { return SimpleStringUtils.truncateWhenTooLong(getVector(attack), SHORT_VECTOR_SIZE); } + public String createFindingLink(SecHubFinding finding) { + return "#" + createFindingAnkerId(finding); + } + + public String createFindingAnkerId(SecHubFinding finding) { + if (finding == null) { + return EMPTY_STRING; + } + return "finding_" + finding.getId(); + } + + public String createFirstFindingAnkerId(SecHubFinding finding) { + return getLinkSupport().createAnkerFirstOf(finding.getType(), finding.getSeverity()); + } + + public String createCweLink(SecHubFinding finding) { + if (finding == null) { + return EMPTY_STRING; + } + return createCweLink(finding.getCweId()); + } + + public String createCweLink(Integer cweId) { + if (cweId == null) { + return EMPTY_STRING; + } + return "https://cwe.mitre.org/data/definitions/" + cweId + ".html"; + } + + public String createCweText(SecHubFinding finding) { + if (finding == null) { + return EMPTY_STRING; + } + return createCweText(finding.getCweId()); + } + + public String createCweText(Integer cweId) { + if (cweId == null) { + return EMPTY_STRING; + } + return "CWE-" + cweId; + } + public String getVector(SecHubReportWebAttack attack) { if (attack == null) { return EMPTY_STRING; @@ -160,7 +248,11 @@ public String getMessageTypeAsHTMLIcon(SecHubMessageType type) { } } /* fallback always "no icon" */ - return ""; + return EMPTY_STRING; + } + + private HTMLFirstLinkToSeveritySupport getLinkSupport() { + return HTMLFirstLinkToSeveritySupport.DEFAULT; } } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultCodeScanEntry.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanResultCodeScanEntry.java similarity index 85% rename from sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultCodeScanEntry.java rename to sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanResultCodeScanEntry.java index 31fefeaeb6..69253c24e4 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultCodeScanEntry.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanResultCodeScanEntry.java @@ -1,6 +1,11 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.domain.scan; +package com.mercedesbenz.sechub.domain.scan.report; +/** + * A helper object to render a code callstack element in HTML + * + * + */ public class HTMLScanResultCodeScanEntry { String location; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanResultReportModelBuilder.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanResultReportModelBuilder.java new file mode 100644 index 0000000000..9288ca422a --- /dev/null +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanResultReportModelBuilder.java @@ -0,0 +1,140 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.domain.scan.report; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; + +import org.springframework.stereotype.Component; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.SecHubFinding; +import com.mercedesbenz.sechub.commons.model.SecHubResult; +import com.mercedesbenz.sechub.commons.model.TrafficLight; + +@Component +public class HTMLScanResultReportModelBuilder { + + static final String SHOW_LIGHT = "opacity: 1.0"; + static final String HIDE_LIGHT = "opacity: 0.25"; + + public Map build(ScanSecHubReport report) { + TrafficLight trafficLight = report.getTrafficLight(); + + String styleRed = HIDE_LIGHT; + String styleYellow = HIDE_LIGHT; + String styleGreen = HIDE_LIGHT; + + if (trafficLight == null) { + throw new IllegalStateException("No traffic light defined"); + } + + switch (trafficLight) { + case RED: + styleRed = SHOW_LIGHT; + break; + case YELLOW: + styleYellow = SHOW_LIGHT; + break; + case GREEN: + styleGreen = SHOW_LIGHT; + break; + default: + } + HTMLCodeScanDescriptionSupport codeScanSupport = new HTMLCodeScanDescriptionSupport(); + SecHubResult result = report.getResult(); + + Map> codeScanEntries = new HashMap<>(); + List findings = result.getFindings(); + for (SecHubFinding finding : findings) { + codeScanEntries.put(finding.getId(), codeScanSupport.buildEntries(finding)); + } + + List scanTypeSummaries = createScanTypeSummaries(findings); + + List trafficLightGroups = createTrafficLightFindingGroups(findings); + + Map model = new HashMap<>(); + model.put("result", report.getResult()); + + model.put("trafficlight", trafficLight.name()); + + model.put("styleRed", styleRed); + model.put("styleYellow", styleYellow); + model.put("styleGreen", styleGreen); + model.put("codeScanEntries", codeScanEntries); + model.put("codeScanSupport", codeScanSupport); + model.put("scanTypeSummaries", scanTypeSummaries); + model.put("trafficLightGroups", trafficLightGroups); + model.put("reportHelper", HTMLReportHelper.DEFAULT); + model.put("messages", report.getMessages()); + model.put("metaData", report.getMetaData()); + + UUID jobUUID = report.getJobUUID(); + if (jobUUID != null) { + model.put("jobuuid", jobUUID.toString()); + } else { + model.put("jobuuid", "none"); + } + + return model; + } + + /** + * Creates a list with scan type summary elements for given findings - used for + * rendering summary + * + * @param findings + * @return a list with elements of {@link HTMLScanTypeSummary}, sorted by scan + * type + * + */ + public List createScanTypeSummaries(List findings) { + + Map temporaryMap = new LinkedHashMap<>(); + + for (SecHubFinding finding : findings) { + + ScanType type = finding.getType(); + HTMLScanTypeSummary scanTypeSummary = temporaryMap.computeIfAbsent(type, scanType -> new HTMLScanTypeSummary(scanType)); + scanTypeSummary.add(finding); + + } + List summaries = new ArrayList<>(); + summaries.addAll(temporaryMap.values()); + return summaries; + } + + /** + * Creates a list of traffic light finding groups - used for rendering findings + * + * @param findings + * @return list + */ + public List createTrafficLightFindingGroups(List findings) { + + List groups = new ArrayList<>(); + + /* attention: the list is also the ordering, so please keep RED,YELLOW,GREEN */ + groups.add(new HTMLTrafficlightFindingGroup(TrafficLight.RED)); + groups.add(new HTMLTrafficlightFindingGroup(TrafficLight.YELLOW)); + groups.add(new HTMLTrafficlightFindingGroup(TrafficLight.GREEN)); + + /* add findings for each traffic light */ + for (HTMLTrafficlightFindingGroup group : groups) { + TrafficLight trafficLight = group.getTrafficLight(); + + for (SecHubFinding finding : findings) { + if (trafficLight.getSeverities().contains(finding.getSeverity())) { + group.add(finding); + } + } + } + + return groups; + } + +} \ No newline at end of file diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanTypeSummary.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanTypeSummary.java new file mode 100644 index 0000000000..07647b80b3 --- /dev/null +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanTypeSummary.java @@ -0,0 +1,316 @@ +package com.mercedesbenz.sechub.domain.scan.report; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.SortedSet; +import java.util.TreeMap; +import java.util.TreeSet; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.SecHubFinding; +import com.mercedesbenz.sechub.commons.model.Severity; + +/** + * Class and its subclasses to hold HTML finding overview data for different + * severities for one scan type + * + * For easier maintenance, this is a completely separate data model that is only + * used for is used to render HTML reports and has very few dependencies on the + * JSON model. + * + * Example: + * + * 
+ * Summary
+ *                        Critical High Medium Low Unclassified Info
+ * -------------------------------------------------------------------------------------------------
+ * ScanType: Web scan   |     0     1     0     1      0        0  <- HTMLScanTypeSummary
+ * -------------------------------------------------------------------------------------------------
+ * v WebScan overview   <------------ HTMLScanTypeSummary instance (here scanType: WebScan)
+ *   ----------------
+ *   High                             <---- HTMLScanTypeSeveritySummary
+ *     CWE          Name                        count
+ *     --------------------------------------------------------
+ *      CWE-89      v SQL-Injection SQLite        2    <--- HTMLFindingSummary
+ *                    -----------------------------------------
+ *                     Id                 Location
+ *                     1                  https://localhost:3000  <--- additional
+ *                     2                  https://localhost:3000
+ *   Medium
+ *      ...
+ *
+ *   Low
+ *      ...
+ *   Unclassified
+ *      ...
+ *
+ */ +public class HTMLScanTypeSummary { + + private Map severityOverviewMap = new TreeMap<>(); + + private ScanType scanType; + + public HTMLScanTypeSummary(ScanType scanType) { + this.scanType = scanType; + } + + public String getScanTypeName() { + return scanType.getText(); + } + + public ScanType getScanType() { + return scanType; + } + + public HTMLScanTypeSeveritySummary ensureSeveritySummary(Severity severity) { + return severityOverviewMap.computeIfAbsent(severity, s -> new HTMLScanTypeSeveritySummary(s)); + } + + /** + * Resolves all severity summaries for this scan type in a sorted way + * + * @return unmodifiable sorted collection with + * {@link HTMLScanTypeSeveritySummary} elements + */ + public SortedSet getSeveritySummaries() { + return new TreeSet<>(severityOverviewMap.values()); + } + + public String getHeadline() { + return getScanTypeName() + " overview"; + } + + public long getTotalCount() { + return count(Severity.values()); + } + + public long getCriticalSeverityCount() { + return count(Severity.CRITICAL); + } + + public long getHighSeverityCount() { + return count(Severity.HIGH); + } + + public long getMediumSeverityCount() { + return count(Severity.MEDIUM); + } + + public long getLowSeverityCount() { + return count(Severity.LOW); + } + + public long getUnclassifiedSeverityCount() { + return count(Severity.UNCLASSIFIED); + } + + public long getInfoSeverityCount() { + return count(Severity.INFO); + } + + public String getLinkToFirstCritical() { + return getLinkSupport().createLinkToFirstOf(scanType, Severity.CRITICAL); + } + + public String getLinkToFirstHigh() { + return getLinkSupport().createLinkToFirstOf(scanType, Severity.HIGH); + } + + public String getLinkToFirstMedium() { + return getLinkSupport().createLinkToFirstOf(scanType, Severity.MEDIUM); + } + + public String getLinkToFirstLow() { + return getLinkSupport().createLinkToFirstOf(scanType, Severity.LOW); + } + + public String getLinkToFirstUnclassified() { + return getLinkSupport().createLinkToFirstOf(scanType, Severity.UNCLASSIFIED); + } + + public String getLinkToFirstInfo() { + return getLinkSupport().createLinkToFirstOf(scanType, Severity.INFO); + } + + private HTMLFirstLinkToSeveritySupport getLinkSupport() { + return HTMLFirstLinkToSeveritySupport.DEFAULT; + } + + @Override + public String toString() { + return getClass().getSimpleName() + ": scanType=" + getScanType(); + } + + private long count(Severity... severities) { + long count = 0; + for (Severity severity : severities) { + HTMLScanTypeSeveritySummary severitySummary = severityOverviewMap.get(severity); + if (severitySummary != null) { + count += severitySummary.calculateSeverityCount(); + } + } + return count; + + } + + public class HTMLScanTypeSeveritySummary implements Comparable { + private Severity severity; + + public HTMLScanTypeSeveritySummary(Severity severity) { + this.severity = severity; + } + + private Map findingNameToFindingSummary = new TreeMap<>(); + + public Severity getSeverity() { + return severity; + } + + /** + * @return unmodifiable collection of finding summaries + */ + public Collection getFindingSummaries() { + return Collections.unmodifiableCollection(findingNameToFindingSummary.values()); + } + + public long calculateSeverityCount() { + long allEntriesCount = 0; + Iterator it = findingNameToFindingSummary.values().iterator(); + while (it.hasNext()) { + HTMLFindingSummary entry = it.next(); + allEntriesCount += entry.getCount(); + } + + return allEntriesCount; + } + + /** + * Adds finding to corresponding finding summary - if no summary exists it will + * be created. + * + * @param finding finding to add + */ + void addFinding(SecHubFinding finding) { + String name = finding.getName(); + if (name == null) { + name = ""; + } + Integer cweId = finding.getCweId(); + + HTMLFindingSummary findingSummary = findingNameToFindingSummary.computeIfAbsent(name, n -> new HTMLFindingSummary(n, cweId)); + + findingSummary.getRelatedFindings().add(finding); + } + + @Override + public int compareTo(HTMLScanTypeSeveritySummary other) { + if (other == null) { + return 1; + } + if (other.severity == severity) { + return 0; + } + if (other.severity == null) { + return 1; + } + if (severity == null) { + return -1; + } + /* CRITICAL --> HIGH --> ... ---> INFO */ + return other.severity.getLevel() - severity.getLevel(); + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + getEnclosingInstance().hashCode(); + result = prime * result + Objects.hash(severity); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + HTMLScanTypeSeveritySummary other = (HTMLScanTypeSeveritySummary) obj; + if (!getEnclosingInstance().equals(other.getEnclosingInstance())) { + return false; + } + return severity == other.severity; + } + + private HTMLScanTypeSummary getEnclosingInstance() { + return HTMLScanTypeSummary.this; + } + + } + + public class HTMLFindingSummary { + + private String name; + + private Integer cweId; + + public HTMLFindingSummary(String name, Integer cweId) { + this.name = name; + this.cweId = cweId; + } + + public void setCweId(Integer cweId) { + this.cweId = cweId; + } + + public Integer getCweId() { + return cweId; + } + + public String getName() { + return name; + } + + public String getCweText() { + if (cweId == null) { + return ""; + } + return "CWE-" + cweId; + } + + public long getCount() { + return relatedFindings.size(); + } + + // we use a tree set to get the findings sorted automatically + private List relatedFindings = new ArrayList<>(); + + public List getRelatedFindings() { + return relatedFindings; + } + } + + public void add(SecHubFinding finding) { + if (finding == null) { + return; + } + Severity severity = finding.getSeverity(); + if (severity == null) { + severity = Severity.UNCLASSIFIED; + } + HTMLScanTypeSeveritySummary scanTypeSeveritySummary = ensureSeveritySummary(severity); + scanTypeSeveritySummary.addFinding(finding); + + } +} \ No newline at end of file diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLTrafficlightFindingGroup.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLTrafficlightFindingGroup.java new file mode 100644 index 0000000000..059e6a6246 --- /dev/null +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLTrafficlightFindingGroup.java @@ -0,0 +1,91 @@ +package com.mercedesbenz.sechub.domain.scan.report; + +import java.util.Collection; +import java.util.Collections; +import java.util.Map; +import java.util.Objects; +import java.util.TreeMap; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.SecHubFinding; +import com.mercedesbenz.sechub.commons.model.TrafficLight; + +/** + * Represents a group containing findings for one traffic light - e.g. RED + * + * Inside the HTML report it looks like + * + * 
+ *  -----------------------
+ *  Red findings            <---HTMLTrafficlightFindingGroup
+ *  -----------------------
+ *
+ *  CodeSCan                    <--- HTMLTrafficlightScanTypeFindingData
+ *     | ID | Severity | Description
+ *     |----------------------------------------
+ *     | 1     Critical    xxx      <---- SecHubFinding
+ *     | 11     High    xxx      <---- SecHubFinding
+ *
+ *  SecretSCan
+ *     | ID | Severity | Description
+ *     |----------------------------------------
+ *     | 2      High   | yyyy <---- SecHubFinding
+ *
+ *
+ *
+ * + * + * @author Albert Tregnaghi + * + */ +public class HTMLTrafficlightFindingGroup { + + private TrafficLight trafficLight; + private Map scanTypeToFindingDataMap = new TreeMap<>(); + + public HTMLTrafficlightFindingGroup(TrafficLight trafficLight) { + Objects.requireNonNull(trafficLight, "TrafficLight may not be null!"); + this.trafficLight = trafficLight; + } + + public String getFindingHeadlineCssClass() { + return trafficLight.name().toLowerCase() + "FindingHeadline"; + } + + public String getFindingsTableCssClass() { + return trafficLight.name().toLowerCase() + "FindingsTable'"; + } + + public String getFindingHeadlineText() { + return trafficLight.getText() + " findings"; + } + + public boolean hasEntries() { + return !scanTypeToFindingDataMap.isEmpty(); + } + + void add(SecHubFinding finding) { + if (finding == null) { + return; + } + HTMLTrafficlightScanTypeFindingData scanTypeFindingData = scanTypeToFindingDataMap.computeIfAbsent(finding.getType(), + scanType -> new HTMLTrafficlightScanTypeFindingData(scanType)); + + scanTypeFindingData.addRelatedFinding(finding); + } + + public Collection getScanTypeFindingDataList() { + return Collections.unmodifiableCollection(scanTypeToFindingDataMap.values()); + } + + public TrafficLight getTrafficLight() { + return trafficLight; + } + + @Override + public String toString() { + return "HTMLTrafficlightFindingGroup [" + (trafficLight != null ? "trafficLight=" + trafficLight + ", " : "") + + (scanTypeToFindingDataMap != null ? "scanTypeToFindingDataMap=" + scanTypeToFindingDataMap : "") + "]"; + } + +} diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLTrafficlightScanTypeFindingData.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLTrafficlightScanTypeFindingData.java new file mode 100644 index 0000000000..eb1ffeb83e --- /dev/null +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/HTMLTrafficlightScanTypeFindingData.java @@ -0,0 +1,107 @@ +package com.mercedesbenz.sechub.domain.scan.report; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.Comparator; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.SecHubFinding; +import com.mercedesbenz.sechub.commons.model.Severity; + +/** + * Represents an entry inside a HTMLTrafficlightFindingGroup + * + * 
+ *
+ *  CodeSCan                    <--- HTMLTrafficlightScanTypeFindingData
+ *     | ID | Severity | Description
+ *     |----------------------------------------
+ *     | 1     Critical    xxx      <---- SecHubFinding
+ *     | 11     High    xxx      <---- SecHubFinding
+ *
+ *
+ * + */ +public class HTMLTrafficlightScanTypeFindingData implements Comparable { + private static SecHubFindingByIdComparator SEVERITY_THEN_FINDING_ID_COMPARATOR = new SecHubFindingByIdComparator(); + private ScanType scanType; + private List relatedFindings = new ArrayList<>(); + private Map firstOfSeverityMap = new LinkedHashMap<>(Severity.values().length); + + HTMLTrafficlightScanTypeFindingData(ScanType scanType) { + Objects.requireNonNull(scanType, "ScanType may not be null!"); + this.scanType = scanType; + } + + public ScanType getScanType() { + return scanType; + } + + public List getRelatedFindings() { + List sortedFindingsById = new ArrayList<>(relatedFindings); + Collections.sort(sortedFindingsById, SEVERITY_THEN_FINDING_ID_COMPARATOR); + return sortedFindingsById; + } + + @Override + public int compareTo(HTMLTrafficlightScanTypeFindingData o) { + return scanType.compareTo(o.scanType); + } + + @Override + public String toString() { + return "HTMLTrafficlightScanTypeFindingData [" + (scanType != null ? "scanType=" + scanType + ", " : "") + + (relatedFindings != null ? "relatedFindings=" + relatedFindings : "") + "]"; + } + + void addRelatedFinding(SecHubFinding finding) { + if (finding == null) { + return; + } + relatedFindings.add(finding); + + Severity severity = finding.getSeverity(); + if (severity == null) { + return; + } + SecHubFinding firstEntry = firstOfSeverityMap.computeIfAbsent(severity, s -> finding); + if (firstEntry.getId() > finding.getId()) { + firstOfSeverityMap.put(severity, finding); + } + } + + public boolean isNotFirstLinkItem(SecHubFinding finding) { + return !isFirstLinkItem(finding); + } + + public boolean isFirstLinkItem(SecHubFinding finding) { + return firstOfSeverityMap.containsValue(finding); + } + + private static class SecHubFindingByIdComparator implements Comparator { + + @Override + public int compare(SecHubFinding o1, SecHubFinding o2) { + if (o1 == null) { + return -1; + } + if (o2 == null) { + return 1; + } + /* compare severity reverse (CRITICAL on top) */ + int result = o2.getSeverity().compareTo(o1.getSeverity()); + if (result != 0) { + return result; + } + /* ids top down */ + result = o1.getId() - o2.getId(); + return result; + } + + } + +} \ No newline at end of file diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportRestController.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportRestController.java index 92454cb77a..34fbebe515 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportRestController.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportRestController.java @@ -16,7 +16,6 @@ import org.springframework.web.bind.annotation.RestController; import org.springframework.web.servlet.ModelAndView; -import com.mercedesbenz.sechub.domain.scan.HTMLScanResultReportModelBuilder; import com.mercedesbenz.sechub.sharedkernel.APIConstants; import com.mercedesbenz.sechub.sharedkernel.RoleConstants; import com.mercedesbenz.sechub.sharedkernel.Step; @@ -71,7 +70,7 @@ public ModelAndView getScanSecHubReportAsHTML( ScanSecHubReport scanSecHubReport = fetchScanSecHubReport(projectId, jobUUID); Map model = htmlModelBuilder.build(scanSecHubReport); - return new ModelAndView("report/html/scanresult", model); + return new ModelAndView("report/html/report", model); } /* @formatter:off */ diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportToSecHubReportModelWithSummariesTransformer.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportToSecHubReportModelWithSummariesTransformer.java new file mode 100644 index 0000000000..7806a6dfbb --- /dev/null +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportToSecHubReportModelWithSummariesTransformer.java @@ -0,0 +1,352 @@ +package com.mercedesbenz.sechub.domain.scan.report; + +import static com.mercedesbenz.sechub.sharedkernel.util.Assert.*; + +import java.util.Collection; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.mercedesbenz.sechub.commons.model.JSONConverterException; +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.ScanTypeSummaryDetailData; +import com.mercedesbenz.sechub.commons.model.ScanTypeSummaryFindingOverviewData; +import com.mercedesbenz.sechub.commons.model.SecHubFinding; +import com.mercedesbenz.sechub.commons.model.SecHubMessage; +import com.mercedesbenz.sechub.commons.model.SecHubMessageType; +import com.mercedesbenz.sechub.commons.model.SecHubReportMetaData; +import com.mercedesbenz.sechub.commons.model.SecHubReportModel; +import com.mercedesbenz.sechub.commons.model.SecHubReportScanTypeSummary; +import com.mercedesbenz.sechub.commons.model.SecHubReportSummary; +import com.mercedesbenz.sechub.commons.model.SecHubResult; +import com.mercedesbenz.sechub.commons.model.SecHubStatus; +import com.mercedesbenz.sechub.commons.model.Severity; +import com.mercedesbenz.sechub.commons.model.TrafficLight; +import com.mercedesbenz.sechub.sharedkernel.UUIDTraceLogID; + +/** + * This class contains all logic to transform a scan report (summary data is + * always recreated) to a report model containing summaries + * + */ +public class ScanReportToSecHubReportModelWithSummariesTransformer { + + private static final Logger LOG = LoggerFactory.getLogger(ScanReportToSecHubReportModelWithSummariesTransformer.class); + + public ScanReportToSecHubReportModelWithSummariesTransformer() { + + } + + private class Context { + private SecHubReportModel model; + + private Map overviewContainerMap = new HashMap<>(); + + public ScanReport report; + + private Context() { + for (ScanType scantype : ScanType.values()) { + overviewContainerMap.put(scantype, new ScanTypeFindingOverviewContainer(scantype)); + } + } + } + + public SecHubReportModel transform(ScanReport report) { + notNull(report, "Report may not be null!"); + + Context context = new Context(); + context.report = report; + + ScanReportResultType resultType = report.getResultType(); + if (resultType == null) { + resultType = ScanReportResultType.RESULT; + LOG.warn("In scan report for job:{} was no result type set, fallback set to:{}", report.getSecHubJobUUID(), resultType); + } + if (ScanReportResultType.MODEL.equals(resultType)) { + try { + context.model = SecHubReportModel.fromJSONString(report.getResult()); + if (context.model.getJobUUID() == null) { + // Fallback for problems when model did not contain job uuid - see + // https://github.com/mercedes-benz/sechub/issues/864 + LOG.warn("Job uuid not found inside report result JSON, will set Job UUID from entity data"); + context.model.setJobUUID(report.getSecHubJobUUID()); + } + } catch (JSONConverterException e) { + LOG.error("FATAL PROBLEM! Failed to create sechub result by model for job:{}", report.getSecHubJobUUID(), e); + + context.model.getMessages().add(new SecHubMessage(SecHubMessageType.ERROR, "Internal SecHub failure happend.")); + context.model.setJobUUID(report.getSecHubJobUUID()); + context.model.setStatus(SecHubStatus.FAILED); + } + } else if (ScanReportResultType.RESULT.equals(resultType)) { + LOG.debug("Found old report result, will create artificial model"); + + context.model = new SecHubReportModel(); + context.model.setJobUUID(report.getSecHubJobUUID()); + + try { + context.model.setResult(SecHubResult.fromJSONString(report.getResult())); + context.model.setStatus(SecHubStatus.SUCCESS); + + } catch (JSONConverterException e) { + LOG.error("{} FATAL PROBLEM! Failed to set sechub result because of JSON conversion problems. Tried to convert:\n{}", + UUIDTraceLogID.traceLogID(report.getSecHubJobUUID()), report.getResult(), e); + + String info = "Origin result data problems! Please inform administrators about this problem."; + SecHubMessage message = new SecHubMessage(SecHubMessageType.ERROR, info); + context.model.getMessages().add(message); + + context.model.getMessages().add(new SecHubMessage(SecHubMessageType.ERROR, "Internal SecHub failure happend.")); + context.model.setStatus(SecHubStatus.FAILED); + } + } else { + throw new IllegalStateException("Unsupported report result type:" + resultType); + } + + if (context.model.getMetaData().isEmpty()) { + SecHubReportMetaData reportMetaData = new SecHubReportMetaData(); + context.model.setMetaData(reportMetaData); + } + + /* calculate data */ + buildCalculatedData(context); + + return context.model; + } + + private void buildCalculatedData(Context context) { + context.model.setTrafficLight(TrafficLight.fromString(context.report.getTrafficLightAsString())); + context.model.getResult().setCount(context.model.getResult().getFindings().size()); + + calculateSummary(context); + } + + /** + * Internal object while calculation is running - works as a bridge between scan + * type and summary until calculation is done. Not part of the JSON result. + * + * @author Albert Tregnaghi + * + */ + private class ScanTypeSummaryCalculationData { + private SecHubReportScanTypeSummary summary; + private ScanType scanType; + + public ScanTypeSummaryCalculationData(ScanType scanType, SecHubReportScanTypeSummary summary) { + super(); + this.scanType = scanType; + this.summary = summary; + } + + public ScanType getScanType() { + return scanType; + } + + public SecHubReportScanTypeSummary getSummary() { + return summary; + } + } + + protected void calculateSummary(Context context) { + + Map calculationMap = createInitialCalculationMap(); + + List findings = context.model.getResult().getFindings(); + + for (SecHubFinding finding : findings) { + ScanType scanType = finding.getType(); + if (scanType == null) { + LOG.warn("Finding: {} has no scan type!", finding); + continue; + } + ScanTypeSummaryCalculationData scanTypeSummaryCalculationData = calculationMap.get(scanType); + if (scanTypeSummaryCalculationData == null) { + continue; + } + add(context, scanTypeSummaryCalculationData.getSummary(), finding); + } + + calculateTotals(calculationMap.values()); + calculateOverviewData(context, calculationMap.values()); + + /* + * we always replace the summary - means if there was a summary before, it is + * new clean calculated here + */ + SecHubReportSummary summary = createSummaryContainingOnlyScanTypeDataWithTotalNotZero(calculationMap); + SecHubReportMetaData metaData = ensureMetaDataInModel(context); + metaData.setSummary(summary); + } + + private Map createInitialCalculationMap() { + Map tempScanTypeToCalculationDataMap = new LinkedHashMap<>(6); + for (ScanType scanType : ScanType.values()) { + if (scanType.isInternalScanType()) { + continue; + } + initForCalculation(tempScanTypeToCalculationDataMap, scanType); + } + return tempScanTypeToCalculationDataMap; + } + + private SecHubReportSummary createSummaryContainingOnlyScanTypeDataWithTotalNotZero( + Map tempScanTypeToCalculationMap) { + SecHubReportSummary summary = new SecHubReportSummary(); + + for (ScanType scanType : tempScanTypeToCalculationMap.keySet()) { + ScanTypeSummaryCalculationData data = tempScanTypeToCalculationMap.get(scanType); + if (data == null) { + continue; + } + SecHubReportScanTypeSummary scanTypeSummary = data.getSummary(); + if (scanTypeSummary.getTotal() == 0) { + /* + * means we have only empty entries - in this case we keep the origin data + * (which is initially Optional.ofNullable(null) ) + */ + continue; + } + + switch (scanType) { + case CODE_SCAN: + summary.setCodeScan(scanTypeSummary); + break; + case INFRA_SCAN: + summary.setInfraScan(scanTypeSummary); + break; + case LICENSE_SCAN: + summary.setLicenseScan(scanTypeSummary); + break; + case SECRET_SCAN: + summary.setSecretScan(scanTypeSummary); + break; + case WEB_SCAN: + summary.setWebScan(scanTypeSummary); + break; + case UNKNOWN: + case REPORT: + case ANALYTICS: + default: + /* sanity check */ + if (!scanType.isInternalScanType()) { + throw new IllegalStateException("The non internal scan type: " + scanType + " is not handled."); + } + break; + } + } + return summary; + } + + private SecHubReportMetaData ensureMetaDataInModel(Context context) { + Optional metaDataOpt = context.model.getMetaData(); + + SecHubReportMetaData metaData = null; + if (metaDataOpt.isPresent()) { + metaData = metaDataOpt.get(); + } else { + metaData = new SecHubReportMetaData(); + context.model.setMetaData(metaData); + } + return metaData; + } + + private void initForCalculation(Map map, ScanType scanType) { + map.put(scanType, new ScanTypeSummaryCalculationData(scanType, new SecHubReportScanTypeSummary())); + + } + + private void calculateTotals(Collection scanTypeSummaryCalculationDatas) { + for (ScanTypeSummaryCalculationData scanTypeSummaryCalculationData : scanTypeSummaryCalculationDatas) { + SecHubReportScanTypeSummary summary = scanTypeSummaryCalculationData.getSummary(); + + int total = 0; + + total += summary.getCritical(); + total += summary.getHigh(); + total += summary.getMedium(); + total += summary.getLow(); + total += summary.getUnclassified(); + total += summary.getInfo(); + + summary.setTotal(total); + } + } + + private void calculateOverviewData(Context context, Collection scanTypeSummaryCalculationDatas) { + for (ScanTypeSummaryCalculationData scanTypeSummaryCalculationData : scanTypeSummaryCalculationDatas) { + + ScanType scanType = scanTypeSummaryCalculationData.getScanType(); + ScanTypeFindingOverviewContainer overviewContainer = context.overviewContainerMap.get(scanType); + + for (Severity severity : Severity.values()) { + Map map = overviewContainer.getMapForSeverity(severity); + Collection overviewDataEntries = map.values(); + if (overviewDataEntries.isEmpty()) { + continue; + } + SecHubReportScanTypeSummary summary = scanTypeSummaryCalculationData.getSummary(); + ScanTypeSummaryDetailData details = summary.getDetails(); + + switch (severity) { + case CRITICAL -> details.getCritical().addAll(overviewDataEntries); + case HIGH -> details.getHigh().addAll(overviewDataEntries); + case INFO -> details.getInfo().addAll(overviewDataEntries); + case LOW -> details.getLow().addAll(overviewDataEntries); + case MEDIUM -> details.getMedium().addAll(overviewDataEntries); + case UNCLASSIFIED -> details.getUnclassified().addAll(overviewDataEntries); + default -> throw new IllegalStateException("Unhandled severity: " + severity); + } + } + } + } + + protected void add(Context context, SecHubReportScanTypeSummary scanTypeSummary, SecHubFinding finding) { + incrementSummaryCounts(scanTypeSummary, finding); + addToOverview(context, finding); + } + + private void incrementSummaryCounts(SecHubReportScanTypeSummary scanTypeSummary, SecHubFinding finding) { + Severity severity = finding.getSeverity(); + + switch (severity) { + case CRITICAL -> scanTypeSummary.incrementCritical(); + case HIGH -> scanTypeSummary.incrementHigh(); + case MEDIUM -> scanTypeSummary.incrementMedium(); + case LOW -> scanTypeSummary.incrementLow(); + case UNCLASSIFIED -> scanTypeSummary.incrementUnclassified(); + case INFO -> scanTypeSummary.incrementInfo(); + } + } + + /* + * Adds given finding to calculation data. Be aware: there is no duplication + * check + */ + private void addToOverview(Context context, SecHubFinding finding) { + Map map = fetchOverviewContainerMapForScanTypeAndSeverity(context, finding); + + Integer cweId = finding.getCweId(); + String name = finding.getName() != null ? finding.getName() : "no_name"; + + ScanTypeSummaryFindingOverviewData summaryDetailData = map.computeIfAbsent(name, key -> new ScanTypeSummaryFindingOverviewData(cweId, name)); + + summaryDetailData.incrementCount(); + } + + private Map fetchOverviewContainerMapForScanTypeAndSeverity(Context context, SecHubFinding finding) { + Severity severity = finding.getSeverity(); + ScanTypeFindingOverviewContainer scanTypeFindingOverviewContainer = fetchOverviewContainer(context, finding.getType()); + + return scanTypeFindingOverviewContainer.getMapForSeverity(severity); + } + + private ScanTypeFindingOverviewContainer fetchOverviewContainer(Context context, ScanType type) { + return context.overviewContainerMap.computeIfAbsent(type, key -> new ScanTypeFindingOverviewContainer(type)); + } + +} diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java index 8f8f5e6d0f..a82b5383be 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java @@ -1,28 +1,20 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.domain.scan.report; -import static com.mercedesbenz.sechub.sharedkernel.util.Assert.*; - import java.util.Optional; import java.util.Set; import java.util.UUID; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.mercedesbenz.sechub.commons.core.MustBeKeptStable; -import com.mercedesbenz.sechub.commons.model.JSONConverterException; import com.mercedesbenz.sechub.commons.model.JSONable; import com.mercedesbenz.sechub.commons.model.SecHubMessage; -import com.mercedesbenz.sechub.commons.model.SecHubMessageType; import com.mercedesbenz.sechub.commons.model.SecHubReportData; import com.mercedesbenz.sechub.commons.model.SecHubReportMetaData; import com.mercedesbenz.sechub.commons.model.SecHubReportModel; import com.mercedesbenz.sechub.commons.model.SecHubResult; import com.mercedesbenz.sechub.commons.model.SecHubStatus; import com.mercedesbenz.sechub.commons.model.TrafficLight; -import com.mercedesbenz.sechub.sharedkernel.UUIDTraceLogID; @JsonIgnoreProperties(ignoreUnknown = true) @MustBeKeptStable("This is the result returend from REST API to cli and other systems. So has to be stable") @@ -33,8 +25,6 @@ public class ScanSecHubReport implements SecHubReportData, JSONable> severityToMapMap = new TreeMap<>(); + + private ScanType scanType; + + public ScanTypeFindingOverviewContainer(ScanType scanType) { + this.scanType = scanType; + + /* initialize mapping for all severities */ + for (Severity severity : Severity.values()) { + Map nameToOverviewDataMap = new TreeMap<>(); + severityToMapMap.put(severity, nameToOverviewDataMap); + } + + } + + public ScanType getScanType() { + return scanType; + } + + public Map getMapForSeverity(Severity severity) { + return severityToMapMap.get(severity); + } + + @Override + public String toString() { + return getClass().getSimpleName() + ": scanType=" + getScanType(); + } +} \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/details_footer.html b/sechub-scan/src/main/resources/templates/report/html/details_footer.html deleted file mode 100644 index cd7caab935..0000000000 --- a/sechub-scan/src/main/resources/templates/report/html/details_footer.html +++ /dev/null @@ -1,18 +0,0 @@ - -

Description

-
Description1
-
-
A full description of "
-
Finding name
-
" can be found at 
-
-
.
-
- -

Solution

-
Solution
-
-

There is no dedicated solution. Please have a look at the proposed solutions and examples at - and adapt them to your situation.

-
- \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/findings.html b/sechub-scan/src/main/resources/templates/report/html/findings.html new file mode 100644 index 0000000000..980004f0a6 --- /dev/null +++ b/sechub-scan/src/main/resources/templates/report/html/findings.html @@ -0,0 +1,197 @@ + + + + +
+
+

Red findings

+
+
+

Code scan

+
+ + + + + + + + + + +
+ + +
IdSeverityTypeDescription
+ + + + + + +4711 +High + +
Command injection
+
Command injection
+
+ + +
+ +
+
Description1
+
+ +
+
+
+
Call
+
Location
+
Line
+
Column
+
Relevant part
+
Source
+
+
+
1
+
the location
+
101
+
54
+
execute
+
result= evalCode.execute()
+
+
+
+ +
+
+
+
+
Location
+
Attack vector
+
Evidence
+
+
+
1
+
the location
+
101
+
+
+
+
+ +
+
+ +
+
+
Call
+
Location
+
Line
+
Column
+
Relevant part
+
Source
+
+
+
1
+
the location
+
101
+
54
+
execute
+
result= evalCode.execute()
+
+
+
+
+
+ +
+
+ + +

Request

+
+
+
+
+
/
+
+

Attack vector

+ +
+

Body

+
No body content
+ + + +

Response

+
+
/
+
 
+
+

Evidence

+ +
+
Found in response body. Start line:
+
+
+

Body

+
No body content
+ + +
+
+ + + + + + +

Description

+
Description1
+
+
A full description of "
+
Finding name
+
" can be found at 
+
+
.
+
+ +

Solution

+
Solution
+
+

There is no dedicated solution. Please have a look at the proposed solutions and examples at + and adapt them to your situation.

+
+ diff --git a/sechub-scan/src/main/resources/templates/report/html/fragments.html b/sechub-scan/src/main/resources/templates/report/html/fragments.html deleted file mode 100644 index ef19b93c55..0000000000 --- a/sechub-scan/src/main/resources/templates/report/html/fragments.html +++ /dev/null @@ -1,508 +0,0 @@ - - - - - - - -4711 -HIGH - -
Command Injection
-
- - -
Description1
-
-
-
Call
-
Location
-
Line
-
Column
-
Relevant part
-
Source
-
-
-
1
-
the location
-
101
-
54
-
execute
-
result= evalCode.execute()
-
-
-
-
-
-
Location
-
Attack vector
-
Evidence
-
-
-
1
-
the location
-
101
-
-
-
-
- -
-
-
Call
-
Location
-
Line
-
Column
-
Relevant part
-
Source
-
-
-
1
-
the location
-
101
-
54
-
execute
-
result= evalCode.execute()
-
-
-
-
-
- - - -

Request

-
-
-
-
-
/
-
-

Attack vector

- - -
- -

Body

-
No body content
- - - - -

Response

-
-
/
-
 
-
-

Evidence

- -
-
Found in response body. Start line:
-
- -
-

Body

-
No body content
- - - -
- -
- - - \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/headers.html b/sechub-scan/src/main/resources/templates/report/html/headers.html index 56ebefe8ab..8da961f3e9 100644 --- a/sechub-scan/src/main/resources/templates/report/html/headers.html +++ b/sechub-scan/src/main/resources/templates/report/html/headers.html @@ -1,3 +1,4 @@ +
diff --git a/sechub-scan/src/main/resources/templates/report/html/links.html b/sechub-scan/src/main/resources/templates/report/html/links.html index b0f36415cb..683c462e1f 100644 --- a/sechub-scan/src/main/resources/templates/report/html/links.html +++ b/sechub-scan/src/main/resources/templates/report/html/links.html @@ -1,3 +1,4 @@ + - CWE-77 + CWE-77 diff --git a/sechub-scan/src/main/resources/templates/report/html/messages.html b/sechub-scan/src/main/resources/templates/report/html/messages.html new file mode 100644 index 0000000000..5124fe6f82 --- /dev/null +++ b/sechub-scan/src/main/resources/templates/report/html/messages.html @@ -0,0 +1,26 @@ + + +
+

Messages

+ + + + + + + + + + + + + + + + + + + +
🛇This is an error message text
âš This is a warning message text
🛈This is an info message text
This is a message where message type is null
+
+& \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/report.html b/sechub-scan/src/main/resources/templates/report/html/report.html new file mode 100644 index 0000000000..db9e198694 --- /dev/null +++ b/sechub-scan/src/main/resources/templates/report/html/report.html @@ -0,0 +1,169 @@ + + + + + + SecHub scan result + + + + + +
+ +
+
+
+
+ +
+ + +
+ + +
+ +
+ +
+
+
+ + + + + + + + + + + + + + +
+ + + SecHub
Scan result Report for Job:job-uuid +
+ + + + + +
keyvalue
+
+
+
+ + +
+ +

Summary

+ + + + + + + + + + + + + + + +
+ +
+
+ + +
TotalCriticalHighMediumLowUnclassifiedInfo
+
+
+ +
+ +
+
+
+ +
+
+
+ +
+
+
+ + \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html deleted file mode 100644 index b234130e02..0000000000 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ /dev/null @@ -1,207 +0,0 @@ - - - - -SecHub scan result - - - - - -
-
-
-
-
-
-
-
-
-
-
- -
- - - - - - - - - - - - - -
- - SecHub
Scan result Report for Job:job-uuid -
- - - - - -
keyvalue
-
-
-
-
-

Red findings

- - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - -
IdSeverityTypeDescription
1UNCLASSIFIEDName 2Description 2
2HIGHName 3Description 3
3CRITICALName 4Description 5
-
-
-

Yellow findings

- - - - - - - - - - - - - -
- - - - - - - - - -
IdSeverityTypeDescription
4MEDIUMName 2Description 2
-
-
-

Green findings

- - - - - - - - - - - - -
- - - - - - - - - -
IdSeverityTypeDescription
5INFOName 2Description 2
-
-
-
-

Messages

- - - - - - - - - - - - - - - - - - - - - - -
🛇This is an error message text
This is a warning message text
🛈This is an info message text
This is a message where message type is null
-
-
- - - - \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.css b/sechub-scan/src/main/resources/templates/report/html/styles.html similarity index 79% rename from sechub-scan/src/main/resources/templates/report/html/scanresult.css rename to sechub-scan/src/main/resources/templates/report/html/styles.html index d4a463c8df..8b62c3db5d 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.css +++ b/sechub-scan/src/main/resources/templates/report/html/styles.html @@ -1,3 +1,5 @@ + + \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/summary.html b/sechub-scan/src/main/resources/templates/report/html/summary.html new file mode 100644 index 0000000000..973cbc69fa --- /dev/null +++ b/sechub-scan/src/main/resources/templates/report/html/summary.html @@ -0,0 +1,107 @@ + + + + + + + + + + + + +
+ + Scan type summary headline +
+ +

+ + + + + + + + + + + + + + + +
Identifier(s)CountName
+ CWE-77 + + +
+ Finding name + + + + + + + + + + + + + +
IDLocation
+ 1 + location
+
+
+

+
+ \ No newline at end of file diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java deleted file mode 100644 index 6951a68ab1..0000000000 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java +++ /dev/null @@ -1,246 +0,0 @@ -// SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.domain.scan; - -import static org.junit.jupiter.api.Assertions.*; -import static org.mockito.Mockito.*; - -import java.io.ByteArrayInputStream; -import java.io.File; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import java.util.UUID; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.springframework.core.io.Resource; - -import com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack; -import com.mercedesbenz.sechub.commons.model.SecHubFinding; -import com.mercedesbenz.sechub.commons.model.SecHubReportMetaData; -import com.mercedesbenz.sechub.commons.model.SecHubResult; -import com.mercedesbenz.sechub.commons.model.SecHubResultTrafficLightFilter; -import com.mercedesbenz.sechub.commons.model.TrafficLight; -import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; - -class HTMLScanResultReportModelBuilderTest { - - /* - * we use own variables here and not the constants from class to test, to - * separate test from impl... - */ - private static final String SHOW_LIGHT = "opacity: 1.0"; - private static final String HIDE_LIGHT = "opacity: 0.25"; - - private HTMLScanResultReportModelBuilder builderToTest; - private ScanSecHubReport scanSecHubReport; - private SecHubResultTrafficLightFilter trafficLightFilter; - private SecHubResult result; - private List greenList; - private List redList; - private List yellowList; - - @BeforeEach - void beforeEach() throws Exception { - builderToTest = new HTMLScanResultReportModelBuilder(); - - trafficLightFilter = mock(SecHubResultTrafficLightFilter.class); - Resource cssResource = mock(Resource.class); - when(cssResource.getInputStream()).thenReturn(new ByteArrayInputStream("csscontentfromstream".getBytes())); - - builderToTest.cssResource = cssResource; - builderToTest.trafficLightFilter = trafficLightFilter; - - result = mock(SecHubResult.class); - - scanSecHubReport = mock(ScanSecHubReport.class); - when(scanSecHubReport.getResult()).thenReturn(result); - - greenList = new ArrayList<>(); - redList = new ArrayList<>(); - yellowList = new ArrayList<>(); - - when(trafficLightFilter.filterFindingsFor(result, TrafficLight.RED)).thenReturn(redList); - when(trafficLightFilter.filterFindingsFor(result, TrafficLight.YELLOW)).thenReturn(yellowList); - when(trafficLightFilter.filterFindingsFor(result, TrafficLight.GREEN)).thenReturn(greenList); - } - - @Test - void metaData_set_as_optional_not_present_when_configuration_has_metadata_optional_null() { - /* prepare */ - when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); // traffic light necessary to avoid illegal state exception - when(scanSecHubReport.getMetaData()).thenReturn(Optional.ofNullable(null)); - - /* execute */ - Map map = builderToTest.build(scanSecHubReport); - - /* test */ - @SuppressWarnings("unchecked") - Optional metaData = (Optional) map.get("metaData"); - assertNotNull(metaData); - assertFalse(metaData.isPresent()); - } - - @Test - void metaData_set_as_optional_not_present_when_configuration_has_metadata_optional_defined() { - /* prepare */ - when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); // traffic light necessary to avoid illegal state exception - SecHubReportMetaData reportMetaData = mock(SecHubReportMetaData.class); - when(scanSecHubReport.getMetaData()).thenReturn(Optional.ofNullable(reportMetaData)); - - /* execute */ - Map map = builderToTest.build(scanSecHubReport); - - /* test */ - @SuppressWarnings("unchecked") - Optional metaData = (Optional) map.get("metaData"); - assertNotNull(metaData); - assertTrue(metaData.isPresent()); - } - - @Test - void all_parameters_build_webdesignmode_false() { - /* prepare */ - UUID uuid = UUID.randomUUID(); - - when(scanSecHubReport.getJobUUID()).thenReturn(uuid); - when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); - - builderToTest.webDesignMode = false; - builderToTest.embeddedCSS = "embeddedCssContent"; - - /* execute */ - Map map = builderToTest.build(scanSecHubReport); - - /* test */ - assertSame(result, map.get("result")); - assertSame(greenList, map.get("greenList")); - assertSame(redList, map.get("redList")); - assertSame(yellowList, map.get("yellowList")); - assertEquals(false, map.get("isWebDesignMode")); - assertNull(map.get("${includedCSSRef}")); - - assertEquals("RED", map.get("trafficlight")); - assertEquals(uuid.toString(), map.get("jobuuid")); - assertEquals(SHOW_LIGHT, map.get("styleRed")); - assertEquals(HIDE_LIGHT, map.get("styleYellow")); - assertEquals(HIDE_LIGHT, map.get("styleGreen")); - } - - @Test - void all_parameters_build_webdesignmode_true() throws Exception { - /* prepare */ - UUID uuid = UUID.randomUUID(); - - when(scanSecHubReport.getJobUUID()).thenReturn(uuid); - when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); - builderToTest.webDesignMode = true; - builderToTest.embeddedCSS = "embeddedCssContent"; - Resource cssResource = mock(Resource.class); - File expectedFile = ScanDomainTestFileSupport.getTestfileSupport() - .createFileFromRoot("sechub-scan/src/main/resources/templates/report/html/scanresult.css"); - when(cssResource.getFile()).thenReturn(expectedFile); - builderToTest.cssResource = cssResource; - - /* execute */ - Map map = builderToTest.build(scanSecHubReport); - - /* test */ - assertSame(result, map.get("result")); - assertSame(greenList, map.get("greenList")); - assertSame(redList, map.get("redList")); - assertSame(yellowList, map.get("yellowList")); - assertEquals(true, map.get("isWebDesignMode")); - - // check css ref for webdesign mode - assertNotNull(map.get("includedCSSRef")); - String path = (String) map.get("includedCSSRef"); - File foundFile = new File(path); - - assertEquals(expectedFile.getCanonicalPath(), foundFile.getCanonicalPath()); - - assertEquals("YELLOW", map.get("trafficlight")); - assertEquals(uuid.toString(), map.get("jobuuid")); - assertEquals(HIDE_LIGHT, map.get("styleRed")); - assertEquals(SHOW_LIGHT, map.get("styleYellow")); - assertEquals(HIDE_LIGHT, map.get("styleGreen")); - } - - @Test - void trafficlight_red_set_display_block__others_are_none() { - when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); - - Map map = builderToTest.build(scanSecHubReport); - assertEquals(SHOW_LIGHT, map.get("styleRed")); - assertEquals(HIDE_LIGHT, map.get("styleYellow")); - assertEquals(HIDE_LIGHT, map.get("styleGreen")); - } - - @Test - public void trafficlight_yellow_set_display_block__others_are_none() { - when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); - - Map map = builderToTest.build(scanSecHubReport); - assertEquals(HIDE_LIGHT, map.get("styleRed")); - assertEquals(SHOW_LIGHT, map.get("styleYellow")); - assertEquals(HIDE_LIGHT, map.get("styleGreen")); - } - - @Test - void trafficlight_green_set_display_block__others_are_none() { - when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.GREEN); - - Map map = builderToTest.build(scanSecHubReport); - assertEquals(HIDE_LIGHT, map.get("styleRed")); - assertEquals(HIDE_LIGHT, map.get("styleYellow")); - assertEquals(SHOW_LIGHT, map.get("styleGreen")); - } - - @Test - void code_scan_entries_set_and_right_amount_of_call_stacks_populated() { - - /* prepare */ - SecHubFinding finding = mock(SecHubFinding.class); - SecHubCodeCallStack code1 = mock(SecHubCodeCallStack.class); - SecHubCodeCallStack subCode = mock(SecHubCodeCallStack.class); - - when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); - when(scanSecHubReport.getResult()).thenReturn(result); - when(result.getFindings()).thenReturn(Arrays.asList(finding)); - when(finding.getCode()).thenReturn(code1); - when(code1.getCalls()).thenReturn(subCode); - - /* execute */ - Map buildResult = builderToTest.build(scanSecHubReport); - - /* test */ - assertNotNull(buildResult.get("codeScanEntries")); - - assertTrue(buildResult.get("codeScanEntries") instanceof Map); - - @SuppressWarnings("unchecked") - Map> codeScanEntries = (Map>) buildResult.get("codeScanEntries"); - assertNotNull(codeScanEntries.get(0)); - - List scanEntriesList = codeScanEntries.get(0); - assertTrue(scanEntriesList.size() == 2); - } - - @Test - void code_scan_support_set_and_not_null() { - /* prepare */ - when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); - - /* execute */ - Map map = builderToTest.build(scanSecHubReport); - - /* test */ - - assertNotNull(map.get("codeScanSupport")); - assertTrue(map.get("codeScanSupport") instanceof HtmlCodeScanDescriptionSupport); - - } - -} diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanReportRestControllerMockTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanReportRestControllerMockTest.java index e33d083fee..46ab545116 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanReportRestControllerMockTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanReportRestControllerMockTest.java @@ -9,12 +9,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.Map; -import java.util.Optional; -import java.util.UUID; +import java.util.*; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -30,17 +25,9 @@ import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.MockMvc; -import com.mercedesbenz.sechub.commons.model.SecHubFinding; -import com.mercedesbenz.sechub.commons.model.TrafficLight; -import com.mercedesbenz.sechub.commons.model.TrafficLightCalculator; +import com.mercedesbenz.sechub.commons.model.*; import com.mercedesbenz.sechub.domain.scan.product.ReportProductExecutionService; -import com.mercedesbenz.sechub.domain.scan.report.CreateScanReportService; -import com.mercedesbenz.sechub.domain.scan.report.DownloadScanReportService; -import com.mercedesbenz.sechub.domain.scan.report.DownloadSpdxScanReportService; -import com.mercedesbenz.sechub.domain.scan.report.ScanReport; -import com.mercedesbenz.sechub.domain.scan.report.ScanReportRepository; -import com.mercedesbenz.sechub.domain.scan.report.ScanReportRestController; -import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; +import com.mercedesbenz.sechub.domain.scan.report.*; import com.mercedesbenz.sechub.test.TestPortProvider; @ExtendWith(SpringExtension.class) @@ -131,23 +118,43 @@ void get_html_report_with_cwe_id() throws Exception { Integer cweId = Integer.valueOf(77); SecHubFinding finding = new SecHubFinding(); + finding.setCweId(cweId); + finding.setSeverity(Severity.HIGH); + finding.setType(ScanType.CODE_SCAN); + finding.setDescription("Potential file inclusion via variable"); - reportModelBuilderResult.put("redList", Arrays.asList(finding)); - reportModelBuilderResult.put("codeScanEntries", new ArrayList<>()); + /* + * its too complex to mock all parts - so we use simply the real model builder + * output here + */ + HTMLScanResultReportModelBuilder realBuilder = new HTMLScanResultReportModelBuilder(); - when(modelBuilder.build(any())).thenReturn(reportModelBuilderResult); + SecHubReportModel model = new SecHubReportModel(); + model.getResult().getFindings().add(finding); + + ScanReport scanReport = new ScanReport(randomUUID, "project1"); + scanReport.setTrafficLight(TrafficLight.YELLOW); + scanReport.setResultType(ScanReportResultType.MODEL); + scanReport.setResult(JSONConverter.get().toJSON(model)); + + ScanSecHubReport report = new ScanSecHubReport(scanReport); + Map realModelBuilderResult = realBuilder.build(report); + + when(modelBuilder.build(any())).thenReturn(realModelBuilderResult); /* execute + test @formatter:off */ this.mockMvc.perform( get(https(PORT_USED).buildGetJobReportUrl(PROJECT1_ID,randomUUID)).accept(MediaType.TEXT_HTML). contentType(MediaType.APPLICATION_JSON_VALUE) - ). andDo(print()). + ). andExpect(status().isOk()). andExpect(content().contentType("text/html;charset=UTF-8")). andExpect(content().encoding("UTF-8")). andExpect(content().string(containsString(randomUUID.toString()))). - andExpect(content().string(containsString("CWE-" + cweId.toString()))). + andExpect(content().string(containsString("CWE-" + cweId.toString()))). /* finding + summary */ + andExpect(content().string(containsString("Count"))). /* summary only */ + andExpect(content().string(containsString("Potential file inclusion via variable"))). /* finding info */ andExpect(content().string(containsString("href=\"https://cwe.mitre.org/data/definitions/" + cweId.toString() + ".html\"")) ); @@ -168,7 +175,7 @@ void get_html_report_without_cwe_id() throws Exception { this.mockMvc.perform( get(https(PORT_USED).buildGetJobReportUrl(PROJECT1_ID,randomUUID)).accept(MediaType.TEXT_HTML). contentType(MediaType.APPLICATION_JSON_VALUE) - ). andDo(print()). + ). andExpect(status().isOk()). andExpect(content().contentType("text/html;charset=UTF-8")). andExpect(content().encoding("UTF-8")). @@ -231,7 +238,7 @@ private void internalTestAcceptedAndReturnsHTML(MediaType acceptedType) throws E this.mockMvc.perform( get(https(PORT_USED).buildGetJobReportUrl(PROJECT1_ID,randomUUID)).accept(acceptedType). contentType(MediaType.APPLICATION_JSON_VALUE) - ). andDo(print()). + ). andExpect(status().isOk()). andExpect(content().contentType("text/html;charset=UTF-8")). andExpect(content().encoding("UTF-8")). @@ -264,8 +271,9 @@ void beforeEach() throws Exception { reportModelBuilderResult.put("yellowList", new ArrayList<>()); reportModelBuilderResult.put("greenList", new ArrayList<>()); reportModelBuilderResult.put("isWebDesignMode", false); - reportModelBuilderResult.put("metaData", Optional.ofNullable(null)); - reportModelBuilderResult.put("codeScanSupport", new HtmlCodeScanDescriptionSupport()); + reportModelBuilderResult.put("metaData", null); + reportModelBuilderResult.put("codeScanSupport", new HTMLCodeScanDescriptionSupport()); + reportModelBuilderResult.put("scanTypeSummaries", new ArrayList<>()); when(modelBuilder.build(any())).thenReturn(reportModelBuilderResult); } diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLFirstLinkToSeveritySupportTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLFirstLinkToSeveritySupportTest.java new file mode 100644 index 0000000000..076f6c4e4b --- /dev/null +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLFirstLinkToSeveritySupportTest.java @@ -0,0 +1,44 @@ +package com.mercedesbenz.sechub.domain.scan.report; + +import static org.junit.jupiter.api.Assertions.*; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.EnumSource; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.Severity; + +class HTMLFirstLinkToSeveritySupportTest { + + private HTMLFirstLinkToSeveritySupport helperToTest; + + @BeforeEach + void beforeEach() { + helperToTest = new HTMLFirstLinkToSeveritySupport(); + } + + @ParameterizedTest + @EnumSource(ScanType.class) + void createAnkerFirstOf_not_null_not_empty_and_starts_with_character(ScanType scanType) { + for (Severity severity : Severity.values()) { + + String ankerName = helperToTest.createAnkerFirstOf(scanType, severity); + + assertNotNull(ankerName); + + assertFalse(ankerName.isEmpty()); + assertFalse(ankerName.startsWith("#")); + assertTrue(ankerName.length() > 5); + assertTrue(Character.isAlphabetic(ankerName.charAt(0))); + } + } + + @ParameterizedTest + @EnumSource(ScanType.class) + void createLinkToFirstOf_works_with_anker(ScanType scanType) { + for (Severity severity : Severity.values()) { + assertEquals("#" + helperToTest.createAnkerFirstOf(scanType, severity), helperToTest.createLinkToFirstOf(scanType, severity)); + } + } +} diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLReportHelperTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLReportHelperTest.java similarity index 96% rename from sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLReportHelperTest.java rename to sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLReportHelperTest.java index c603985c2e..439187579c 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLReportHelperTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLReportHelperTest.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.domain.scan; +package com.mercedesbenz.sechub.domain.scan.report; import static org.junit.jupiter.api.Assertions.*; diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanResultReportModelBuilderTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanResultReportModelBuilderTest.java new file mode 100644 index 0000000000..0a640d6a88 --- /dev/null +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanResultReportModelBuilderTest.java @@ -0,0 +1,436 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.domain.scan.report; + +import static org.junit.jupiter.api.Assertions.*; +import static org.mockito.Mockito.*; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import java.util.UUID; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.EnumSource; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack; +import com.mercedesbenz.sechub.commons.model.SecHubFinding; +import com.mercedesbenz.sechub.commons.model.SecHubReportMetaData; +import com.mercedesbenz.sechub.commons.model.SecHubResult; +import com.mercedesbenz.sechub.commons.model.Severity; +import com.mercedesbenz.sechub.commons.model.TrafficLight; + +class HTMLScanResultReportModelBuilderTest { + + /* + * we use own variables here and not the constants from class to test, to + * separate test from impl... + */ + private static final String SHOW_LIGHT = "opacity: 1.0"; + private static final String HIDE_LIGHT = "opacity: 0.25"; + + private HTMLScanResultReportModelBuilder builderToTest; + private ScanSecHubReport scanSecHubReport; + private SecHubResult result; + + @BeforeEach + void beforeEach() throws Exception { + builderToTest = new HTMLScanResultReportModelBuilder(); + + result = mock(SecHubResult.class); + + scanSecHubReport = mock(ScanSecHubReport.class); + when(scanSecHubReport.getResult()).thenReturn(result); + } + + @Test + void metaData_set_as_optional_not_present_when_configuration_has_metadata_optional_null() { + /* prepare */ + when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); // traffic light necessary to avoid illegal state exception + when(scanSecHubReport.getMetaData()).thenReturn(Optional.ofNullable(null)); + + /* execute */ + Map map = builderToTest.build(scanSecHubReport); + + /* test */ + @SuppressWarnings("unchecked") + Optional metaData = (Optional) map.get("metaData"); + assertNotNull(metaData); + assertFalse(metaData.isPresent()); + } + + @Test + void metaData_set_as_optional_not_present_when_configuration_has_metadata_optional_defined() { + /* prepare */ + when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); // traffic light necessary to avoid illegal state exception + SecHubReportMetaData reportMetaData = mock(SecHubReportMetaData.class); + when(scanSecHubReport.getMetaData()).thenReturn(Optional.ofNullable(reportMetaData)); + + /* execute */ + Map map = builderToTest.build(scanSecHubReport); + + /* test */ + @SuppressWarnings("unchecked") + Optional metaData = (Optional) map.get("metaData"); + assertNotNull(metaData); + assertTrue(metaData.isPresent()); + } + + @Test + void all_parameters_build() { + /* prepare */ + UUID uuid = UUID.randomUUID(); + + when(scanSecHubReport.getJobUUID()).thenReturn(uuid); + when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); + + /* execute */ + Map map = builderToTest.build(scanSecHubReport); + + /* test */ + assertSame(result, map.get("result")); + assertNull(map.get("${includedCSSRef}")); + + assertEquals("RED", map.get("trafficlight")); + assertEquals(uuid.toString(), map.get("jobuuid")); + assertEquals(SHOW_LIGHT, map.get("styleRed")); + assertEquals(HIDE_LIGHT, map.get("styleYellow")); + assertEquals(HIDE_LIGHT, map.get("styleGreen")); + } + + @Test + void trafficlight_red_set_display_block__others_are_none() { + when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); + + Map map = builderToTest.build(scanSecHubReport); + assertEquals(SHOW_LIGHT, map.get("styleRed")); + assertEquals(HIDE_LIGHT, map.get("styleYellow")); + assertEquals(HIDE_LIGHT, map.get("styleGreen")); + } + + @Test + void trafficlight_yellow_set_display_block__others_are_none() { + when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); + + Map map = builderToTest.build(scanSecHubReport); + assertEquals(HIDE_LIGHT, map.get("styleRed")); + assertEquals(SHOW_LIGHT, map.get("styleYellow")); + assertEquals(HIDE_LIGHT, map.get("styleGreen")); + } + + @Test + void trafficlight_green_set_display_block__others_are_none() { + when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.GREEN); + + Map map = builderToTest.build(scanSecHubReport); + assertEquals(HIDE_LIGHT, map.get("styleRed")); + assertEquals(HIDE_LIGHT, map.get("styleYellow")); + assertEquals(SHOW_LIGHT, map.get("styleGreen")); + } + + @Test + void trafficlight_off_set_all_display_none() { + when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.OFF); + + Map map = builderToTest.build(scanSecHubReport); + assertEquals(HIDE_LIGHT, map.get("styleRed")); + assertEquals(HIDE_LIGHT, map.get("styleYellow")); + assertEquals(HIDE_LIGHT, map.get("styleGreen")); + } + + @Test + void code_scan_entries_set_and_right_amount_of_call_stacks_populated() { + + /* prepare */ + SecHubFinding finding = mock(SecHubFinding.class); + SecHubCodeCallStack code1 = mock(SecHubCodeCallStack.class); + SecHubCodeCallStack subCode = mock(SecHubCodeCallStack.class); + + when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); + when(scanSecHubReport.getResult()).thenReturn(result); + when(result.getFindings()).thenReturn(Arrays.asList(finding)); + when(finding.getCode()).thenReturn(code1); + when(finding.getType()).thenReturn(ScanType.CODE_SCAN); + when(finding.getSeverity()).thenReturn(Severity.HIGH); + when(finding.getName()).thenReturn("some_vulnerability_name"); + when(code1.getCalls()).thenReturn(subCode); + + /* execute */ + Map buildResult = builderToTest.build(scanSecHubReport); + + /* test */ + assertNotNull(buildResult.get("codeScanEntries")); + + assertTrue(buildResult.get("codeScanEntries") instanceof Map); + + @SuppressWarnings("unchecked") + Map> codeScanEntries = (Map>) buildResult.get("codeScanEntries"); + assertNotNull(codeScanEntries.get(0)); + + List scanEntriesList = codeScanEntries.get(0); + assertTrue(scanEntriesList.size() == 2); + } + + @Test + void code_scan_support_set_and_not_null() { + /* prepare */ + when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); + + /* execute */ + Map map = builderToTest.build(scanSecHubReport); + + /* test */ + assertNotNull(map.get("codeScanSupport")); + assertTrue(map.get("codeScanSupport") instanceof HTMLCodeScanDescriptionSupport); + } + + @Test + void createTrafficLightFindingGroups_empty_findings_3_groups_added_which_are_empty() { + /* prepare */ + List findings = new ArrayList<>(); + + /* execute */ + List created = builderToTest.createTrafficLightFindingGroups(findings); + + /* test */ + assertFalse(created.isEmpty()); + assertEquals(3, created.size()); + + for (HTMLTrafficlightFindingGroup group : created) { + assertTrue(group.getScanTypeFindingDataList().isEmpty()); + } + } + + @Test + void createTrafficLightFindingGroups_empty_findings_groups_contains_red_yellow_green_traffic_light_in_order() { + /* prepare */ + List findings = new ArrayList<>(); + + /* execute */ + List created = builderToTest.createTrafficLightFindingGroups(findings); + + /* test */ + assertFalse(created.isEmpty()); + assertEquals(3, created.size()); + + Set set = new LinkedHashSet<>(); + for (HTMLTrafficlightFindingGroup group : created) { + set.add(group.getTrafficLight()); + } + + assertEquals(3, set.size()); + Iterator it = set.iterator(); + TrafficLight light1 = it.next(); + TrafficLight light2 = it.next(); + TrafficLight light3 = it.next(); + + assertEquals(TrafficLight.RED, light1); + assertEquals(TrafficLight.YELLOW, light2); + assertEquals(TrafficLight.GREEN, light3); + + } + + @Test + void createTrafficLightFindingGroups_3_findings_groups_contains_findings_grouped_and_sorted() { + /* prepare */ + List findings = new ArrayList<>(); + SecHubFinding finding1 = new SecHubFinding(); + finding1.setId(0); + finding1.setType(ScanType.CODE_SCAN); + finding1.setSeverity(Severity.LOW); + findings.add(finding1); + + SecHubFinding finding2 = new SecHubFinding(); + finding2.setId(1); + finding2.setType(ScanType.CODE_SCAN); + finding2.setSeverity(Severity.MEDIUM); + findings.add(finding2); + + SecHubFinding finding3 = new SecHubFinding(); + finding3.setId(2); + finding3.setType(ScanType.SECRET_SCAN); + finding3.setSeverity(Severity.HIGH); + findings.add(finding3); + + SecHubFinding finding4 = new SecHubFinding(); + finding4.setId(3); + finding4.setType(ScanType.LICENSE_SCAN); + finding4.setSeverity(Severity.INFO); + findings.add(finding4); + + SecHubFinding finding5 = new SecHubFinding(); + finding5.setId(4); + finding5.setType(ScanType.LICENSE_SCAN); + finding5.setSeverity(Severity.LOW); + findings.add(finding5); + + /* execute */ + List created = builderToTest.createTrafficLightFindingGroups(findings); + + /* test */ + for (HTMLTrafficlightFindingGroup group : created) { + Collection findingDataList = group.getScanTypeFindingDataList(); + TrafficLight trafficLight = group.getTrafficLight(); + + Iterator findingDataIt = findingDataList.iterator(); + if (TrafficLight.RED.equals(trafficLight)) { + + assertEquals(1, findingDataList.size()); + HTMLTrafficlightScanTypeFindingData entry = findingDataIt.next(); + assertEquals(ScanType.SECRET_SCAN, entry.getScanType()); + + List relatedFindings = entry.getRelatedFindings(); + assertEquals(1, relatedFindings.size()); + assertEquals(finding3, relatedFindings.get(0)); + + } else if (TrafficLight.YELLOW.equals(trafficLight)) { + assertEquals(1, findingDataList.size()); + HTMLTrafficlightScanTypeFindingData entry = findingDataIt.next(); + + assertEquals(ScanType.CODE_SCAN, entry.getScanType()); + + List relatedFindings = entry.getRelatedFindings(); + assertEquals(1, relatedFindings.size()); + assertEquals(finding2, relatedFindings.get(0)); + + } else if (TrafficLight.GREEN.equals(trafficLight)) { + assertEquals(2, findingDataList.size()); + + HTMLTrafficlightScanTypeFindingData entry1 = findingDataIt.next(); + List relatedFindings1 = entry1.getRelatedFindings(); + assertEquals(1, relatedFindings1.size()); + assertEquals(finding1, relatedFindings1.get(0)); + assertEquals(ScanType.CODE_SCAN, entry1.getScanType()); + + HTMLTrafficlightScanTypeFindingData entry2 = findingDataIt.next(); + List relatedFindings2 = entry2.getRelatedFindings(); + + assertEquals(ScanType.LICENSE_SCAN, entry2.getScanType()); + assertEquals(2, relatedFindings2.size()); + /* @formatter:off + * check sorting: + * + * - finding 5 added last, scan type:low + * - finding 4 added before finding 5, scan type: info + * + * Scan type "info" is less important than "low" -> finding 4 must be at the end + * @formatter:on + */ + assertEquals(finding4, relatedFindings2.get(1)); + assertEquals(finding5, relatedFindings2.get(0)); + + } else { + fail("Unexpected value: " + trafficLight); + } + } + + } + + @Test + void createScanTypeSummaries_empty_findings() { + /* prepare */ + List findings = new ArrayList<>(); + + /* execute */ + List created = builderToTest.createScanTypeSummaries(findings); + + /* test */ + assertTrue(created.isEmpty()); + + } + + @ParameterizedTest + @EnumSource(ScanType.class) + void createScanTypeSummaries_same_scan_type_3_codescan_findings_creates_summary(ScanType scanType) { + /* prepare */ + List findings = new ArrayList<>(); + SecHubFinding finding1 = new SecHubFinding(); + finding1.setId(0); + finding1.setType(scanType); + finding1.setSeverity(Severity.LOW); + findings.add(finding1); + + SecHubFinding finding2 = new SecHubFinding(); + finding2.setId(1); + finding2.setType(scanType); + finding2.setSeverity(Severity.MEDIUM); + findings.add(finding2); + + SecHubFinding finding3 = new SecHubFinding(); + finding3.setId(2); + finding3.setType(scanType); + finding3.setSeverity(Severity.HIGH); + findings.add(finding3); + + /* execute */ + List created = builderToTest.createScanTypeSummaries(findings); + + /* test */ + assertEquals(1, created.size()); + Iterator iterator = created.iterator(); + HTMLScanTypeSummary summary1 = iterator.next(); + + assertEquals(scanType, summary1.getScanType()); + + assertEquals(0, summary1.getCriticalSeverityCount()); + assertEquals(1, summary1.getHighSeverityCount()); + assertEquals(1, summary1.getMediumSeverityCount()); + assertEquals(1, summary1.getLowSeverityCount()); + assertEquals(0, summary1.getUnclassifiedSeverityCount()); + assertEquals(0, summary1.getInfoSeverityCount()); + } + + @Test + void createScanTypeSummaries_3_codescan_findings_same_name_creates_summary() { + /* prepare */ + ScanType scanType = ScanType.CODE_SCAN; + List findings = new ArrayList<>(); + SecHubFinding finding1 = new SecHubFinding(); + finding1.setId(0); + finding1.setName("name1"); + finding1.setType(scanType); + finding1.setSeverity(Severity.LOW); + findings.add(finding1); + + SecHubFinding finding2 = new SecHubFinding(); + finding2.setId(1); + finding2.setName("name1"); + finding2.setType(scanType); + finding2.setSeverity(Severity.LOW); + findings.add(finding2); + + SecHubFinding finding3 = new SecHubFinding(); + finding3.setId(2); + finding3.setName("name1"); + finding3.setType(scanType); + finding3.setSeverity(Severity.LOW); + findings.add(finding3); + + /* execute */ + List created = builderToTest.createScanTypeSummaries(findings); + + /* test */ + assertEquals(1, created.size()); + Iterator iterator = created.iterator(); + HTMLScanTypeSummary summary1 = iterator.next(); + + assertEquals(scanType, summary1.getScanType()); + + assertEquals(0, summary1.getCriticalSeverityCount()); + assertEquals(0, summary1.getHighSeverityCount()); + assertEquals(0, summary1.getMediumSeverityCount()); + assertEquals(3, summary1.getLowSeverityCount()); + assertEquals(0, summary1.getUnclassifiedSeverityCount()); + assertEquals(0, summary1.getInfoSeverityCount()); + assertEquals(3, summary1.getTotalCount()); + } + +} diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanTypeSummaryTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanTypeSummaryTest.java new file mode 100644 index 0000000000..a046eb9939 --- /dev/null +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLScanTypeSummaryTest.java @@ -0,0 +1,190 @@ +package com.mercedesbenz.sechub.domain.scan.report; + +import static org.junit.jupiter.api.Assertions.*; +import static org.mockito.Mockito.*; + +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.EnumSource; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.SecHubFinding; +import com.mercedesbenz.sechub.commons.model.Severity; +import com.mercedesbenz.sechub.domain.scan.report.HTMLScanTypeSummary.HTMLScanTypeSeveritySummary; + +class HTMLScanTypeSummaryTest { + + @ParameterizedTest + @EnumSource(ScanType.class) + void scantype_from_constructor_is_used(ScanType scanType) { + /* execute */ + HTMLScanTypeSummary summary = new HTMLScanTypeSummary(scanType); + + /* test */ + assertEquals(scanType, summary.getScanType()); + assertEquals(scanType.getText(), summary.getScanTypeName()); + + } + + @ParameterizedTest + @EnumSource(Severity.class) + void getSeveritySummary_returns_never_null_for_severity(Severity severity) { + /* prepare */ + HTMLScanTypeSummary summary = new HTMLScanTypeSummary(ScanType.CODE_SCAN); + + /* execute */ + HTMLScanTypeSeveritySummary severitySummary = summary.ensureSeveritySummary(severity); + + /* test */ + assertNotNull(severitySummary); + + } + + @Test + void summary_critical_with_3_finding_summaries_has_correct_counts() { + /* prepare */ + HTMLScanTypeSummary summary = new HTMLScanTypeSummary(ScanType.CODE_SCAN); + + SecHubFinding finding1 = mock(SecHubFinding.class); + when(finding1.getName()).thenReturn("name1"); + when(finding1.getCweId()).thenReturn(Integer.valueOf(4711)); + when(finding1.getSeverity()).thenReturn(Severity.CRITICAL); + + SecHubFinding finding2 = mock(SecHubFinding.class); + when(finding2.getName()).thenReturn("name1"); + when(finding2.getCweId()).thenReturn(Integer.valueOf(4711)); + when(finding2.getSeverity()).thenReturn(Severity.CRITICAL); + + SecHubFinding finding3 = mock(SecHubFinding.class); + when(finding3.getName()).thenReturn("name-other"); + when(finding3.getCweId()).thenReturn(Integer.valueOf(815)); + when(finding3.getSeverity()).thenReturn(Severity.CRITICAL); + + /* execute */ + summary.add(finding1); + summary.add(finding2); + summary.add(finding3); + + /* test */ + assertEquals(3, summary.getCriticalSeverityCount()); + assertEquals(0, summary.getHighSeverityCount()); + assertEquals(0, summary.getMediumSeverityCount()); + assertEquals(0, summary.getLowSeverityCount()); + assertEquals(0, summary.getUnclassifiedSeverityCount()); + assertEquals(0, summary.getInfoSeverityCount()); + assertEquals(3, summary.getTotalCount()); + } + + @Test + void summary_low_with_4_finding_summaries_has_correct_counts() { + /* prepare */ + HTMLScanTypeSummary summary = new HTMLScanTypeSummary(ScanType.WEB_SCAN); + + SecHubFinding finding1 = mock(SecHubFinding.class); + when(finding1.getName()).thenReturn("name1"); + when(finding1.getCweId()).thenReturn(Integer.valueOf(4711)); + when(finding1.getSeverity()).thenReturn(Severity.LOW); + + SecHubFinding finding2 = mock(SecHubFinding.class); + when(finding2.getName()).thenReturn("name1"); + when(finding2.getCweId()).thenReturn(Integer.valueOf(4711)); + when(finding2.getSeverity()).thenReturn(Severity.LOW); + + SecHubFinding finding3 = mock(SecHubFinding.class); + when(finding3.getName()).thenReturn("name-other"); + when(finding3.getCweId()).thenReturn(Integer.valueOf(815)); + when(finding3.getSeverity()).thenReturn(Severity.LOW); + + SecHubFinding finding4 = mock(SecHubFinding.class); + when(finding4.getName()).thenReturn("name-other"); + when(finding4.getCweId()).thenReturn(Integer.valueOf(815)); + when(finding4.getSeverity()).thenReturn(Severity.HIGH); + + /* execute */ + summary.add(finding1); + summary.add(finding2); + summary.add(finding3); + summary.add(finding4); + + /* test */ + assertEquals(0, summary.getCriticalSeverityCount()); + assertEquals(1, summary.getHighSeverityCount()); + assertEquals(0, summary.getMediumSeverityCount()); + assertEquals(3, summary.getLowSeverityCount()); + assertEquals(0, summary.getUnclassifiedSeverityCount()); + assertEquals(0, summary.getInfoSeverityCount()); + assertEquals(4, summary.getTotalCount()); + + } + + @Test + void summary_low_with_3_but_same_findingnames_summaries_has_correct_counts() { + /* prepare */ + HTMLScanTypeSummary summary = new HTMLScanTypeSummary(ScanType.WEB_SCAN); + + SecHubFinding finding1 = mock(SecHubFinding.class); + when(finding1.getName()).thenReturn("name1"); + when(finding1.getCweId()).thenReturn(Integer.valueOf(4711)); + when(finding1.getSeverity()).thenReturn(Severity.LOW); + + SecHubFinding finding2 = mock(SecHubFinding.class); + when(finding2.getName()).thenReturn("name1"); + when(finding2.getCweId()).thenReturn(Integer.valueOf(4711)); + when(finding2.getSeverity()).thenReturn(Severity.LOW); + + SecHubFinding finding3 = mock(SecHubFinding.class); + when(finding3.getName()).thenReturn("name1"); + when(finding3.getCweId()).thenReturn(Integer.valueOf(4711)); + when(finding3.getSeverity()).thenReturn(Severity.LOW); + + /* execute */ + summary.add(finding1); + summary.add(finding2); + summary.add(finding3); + + /* test */ + assertEquals(0, summary.getCriticalSeverityCount()); + assertEquals(0, summary.getHighSeverityCount()); + assertEquals(0, summary.getMediumSeverityCount()); + assertEquals(3, summary.getLowSeverityCount()); + assertEquals(0, summary.getUnclassifiedSeverityCount()); + assertEquals(0, summary.getInfoSeverityCount()); + assertEquals(3, summary.getTotalCount()); + + } + + @Test + void summary_with_different_severities_and_counts() { + /* prepare */ + HTMLScanTypeSummary summary = new HTMLScanTypeSummary(ScanType.WEB_SCAN); + + createAndAppendFindings(summary, Severity.CRITICAL, 1); + createAndAppendFindings(summary, Severity.HIGH, 2); + createAndAppendFindings(summary, Severity.MEDIUM, 3); + createAndAppendFindings(summary, Severity.LOW, 4); + createAndAppendFindings(summary, Severity.UNCLASSIFIED, 5); + createAndAppendFindings(summary, Severity.INFO, 6); + + /* execute + test */ + assertEquals(1, summary.getCriticalSeverityCount()); + assertEquals(2, summary.getHighSeverityCount()); + assertEquals(3, summary.getMediumSeverityCount()); + assertEquals(4, summary.getLowSeverityCount()); + assertEquals(5, summary.getUnclassifiedSeverityCount()); + assertEquals(6, summary.getInfoSeverityCount()); + assertEquals(21, summary.getTotalCount()); + + } + + private void createAndAppendFindings(HTMLScanTypeSummary summary, Severity severity, int amount) { + for (int i = 0; i < amount; i++) { + SecHubFinding finding = mock(SecHubFinding.class); + + when(finding.getName()).thenReturn("name1"); + when(finding.getCweId()).thenReturn(Integer.valueOf(4711)); + when(finding.getSeverity()).thenReturn(severity); + summary.add(finding); + } + } + +} diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLTrafficlightScanTypeFindingDataTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLTrafficlightScanTypeFindingDataTest.java new file mode 100644 index 0000000000..74d2559013 --- /dev/null +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HTMLTrafficlightScanTypeFindingDataTest.java @@ -0,0 +1,141 @@ +package com.mercedesbenz.sechub.domain.scan.report; + +import static org.junit.jupiter.api.Assertions.*; + +import java.util.Iterator; + +import org.junit.jupiter.api.Test; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.SecHubFinding; +import com.mercedesbenz.sechub.commons.model.Severity; + +class HTMLTrafficlightScanTypeFindingDataTest { + + @Test + void isFirstLinkItem_null_finding() { + /* prepare */ + ScanType scanType = ScanType.CODE_SCAN; + HTMLTrafficlightScanTypeFindingData data = new HTMLTrafficlightScanTypeFindingData(scanType); + + /* test */ + assertFalse(data.isFirstLinkItem(null)); + } + + @Test + void isFirstLinkItem_other_finding() { + /* prepare */ + ScanType scanType = ScanType.CODE_SCAN; + HTMLTrafficlightScanTypeFindingData data = new HTMLTrafficlightScanTypeFindingData(scanType); + + SecHubFinding finding1 = new SecHubFinding(); + finding1.setId(0); + finding1.setName("name1"); + finding1.setType(scanType); + finding1.setSeverity(Severity.LOW); + + /* test */ + assertFalse(data.isFirstLinkItem(finding1)); + } + + @Test + void isFirstLinkItem_two_low_findings_one_high() { + /* prepare */ + ScanType scanType = ScanType.CODE_SCAN; + HTMLTrafficlightScanTypeFindingData data = new HTMLTrafficlightScanTypeFindingData(scanType); + + SecHubFinding finding1 = new SecHubFinding(); + finding1.setId(0); + finding1.setName("name1"); + finding1.setType(scanType); + finding1.setSeverity(Severity.LOW); + + SecHubFinding finding2 = new SecHubFinding(); + finding2.setId(1); + finding2.setName("name1"); + finding2.setType(scanType); + finding2.setSeverity(Severity.LOW); + + SecHubFinding finding3 = new SecHubFinding(); + finding3.setId(2); + finding3.setName("name1"); + finding3.setType(scanType); + finding3.setSeverity(Severity.HIGH); + + /* execute */ + data.addRelatedFinding(finding1); /* first low finding */ + data.addRelatedFinding(finding2); + data.addRelatedFinding(finding3); /* first high finding */ + + /* test */ + assertTrue(data.isFirstLinkItem(finding1)); + assertFalse(data.isFirstLinkItem(finding2)); + assertTrue(data.isFirstLinkItem(finding3)); + } + + @Test + void getRelatedItems_ordering_in_synch_with_first_item() { + /* prepare */ + ScanType scanType = ScanType.CODE_SCAN; + HTMLTrafficlightScanTypeFindingData data = new HTMLTrafficlightScanTypeFindingData(scanType); + + SecHubFinding finding1 = new SecHubFinding(); + finding1.setId(1); + finding1.setName("name1"); + finding1.setType(scanType); + finding1.setSeverity(Severity.LOW); + + SecHubFinding finding2 = new SecHubFinding(); + finding2.setId(2); + finding2.setName("name1"); + finding2.setType(scanType); + finding2.setSeverity(Severity.LOW); + + /* execute */ + data.addRelatedFinding(finding2); // finding 2 first added + data.addRelatedFinding(finding1); + + /* test */ + assertTrue(data.isFirstLinkItem(finding1)); + } + + @Test + void getRelatedItems_is_ordered_by_severity_and_id() { + /* prepare */ + ScanType scanType = ScanType.CODE_SCAN; + HTMLTrafficlightScanTypeFindingData data = new HTMLTrafficlightScanTypeFindingData(scanType); + + SecHubFinding finding1 = new SecHubFinding(); + finding1.setId(1); + finding1.setName("name1"); + finding1.setType(scanType); + finding1.setSeverity(Severity.HIGH); + + SecHubFinding finding2 = new SecHubFinding(); + finding2.setId(2); + finding2.setName("name1"); + finding2.setType(scanType); + finding2.setSeverity(Severity.HIGH); + + SecHubFinding finding3 = new SecHubFinding(); + finding3.setId(3); + finding3.setName("name1"); + finding3.setType(scanType); + finding3.setSeverity(Severity.CRITICAL); + + /* execute */ + data.addRelatedFinding(finding2); // finding 2 first added + data.addRelatedFinding(finding3); + data.addRelatedFinding(finding1); + + /* test */ + Iterator it = data.getRelatedFindings().iterator(); + SecHubFinding related1 = it.next(); + SecHubFinding related2 = it.next(); + SecHubFinding related3 = it.next(); + + assertEquals(finding3, related1); // critical: finding id: 3 + assertEquals(finding1, related2); // high, finding id: 1 + assertEquals(finding2, related3); // high, finding id:2 + } +} diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HtmlCodeScanDescriptionSupportTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HtmlCodeScanDescriptionSupportTest.java similarity index 95% rename from sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HtmlCodeScanDescriptionSupportTest.java rename to sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HtmlCodeScanDescriptionSupportTest.java index 56567cd659..279b05996f 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HtmlCodeScanDescriptionSupportTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/HtmlCodeScanDescriptionSupportTest.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.domain.scan; +package com.mercedesbenz.sechub.domain.scan.report; import static org.junit.jupiter.api.Assertions.*; @@ -12,7 +12,7 @@ public class HtmlCodeScanDescriptionSupportTest { - private HtmlCodeScanDescriptionSupport descriptionSupport = new HtmlCodeScanDescriptionSupport(); + private HTMLCodeScanDescriptionSupport descriptionSupport = new HTMLCodeScanDescriptionSupport(); @Test void test_is_code_scan_with_code_scan_finding() { diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportToSecHubReportModelWithSummariesTransformerTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportToSecHubReportModelWithSummariesTransformerTest.java new file mode 100644 index 0000000000..e4d789d2b6 --- /dev/null +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanReportToSecHubReportModelWithSummariesTransformerTest.java @@ -0,0 +1,366 @@ +package com.mercedesbenz.sechub.domain.scan.report; + +import static org.junit.jupiter.api.Assertions.*; + +import java.util.Iterator; +import java.util.List; +import java.util.Optional; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import com.mercedesbenz.sechub.commons.model.ScanType; +import com.mercedesbenz.sechub.commons.model.ScanTypeSummaryFindingOverviewData; +import com.mercedesbenz.sechub.commons.model.SecHubFinding; +import com.mercedesbenz.sechub.commons.model.SecHubReportMetaData; +import com.mercedesbenz.sechub.commons.model.SecHubReportModel; +import com.mercedesbenz.sechub.commons.model.SecHubReportScanTypeSummary; +import com.mercedesbenz.sechub.commons.model.SecHubReportSummary; +import com.mercedesbenz.sechub.commons.model.Severity; + +class ScanReportToSecHubReportModelWithSummariesTransformerTest { + + private static boolean DEBUG = Boolean.valueOf(System.getProperty("sechub.test.debug")); + + private static final int CRITICAL_FINDING1_CWEID = 1; + private static final int HIGH_FINDING_CWEID = 2; + private static final int MEDIUM_FINDING_CWEID = 3; + private static final int LOW_FINDING_CWEID = 4; + private static final int INFO_FINDING_CWEID = 5; + private static final int UNCLASSIFIED_FINDING_CWEID = 6; + private static final int CRITICAL_FINDING2_CWEID = 7; + + private static final String CRITICAL_FINDING1_NAME = "Critical name1"; + private static final String CRITICAL_FINDING2_NAME = "Critical name2"; + private static final String HIGH_FINDING_NAME = "Cross Site Scripting (Reflected)"; + private static final String MEDIUM_FINDING_NAME = "CSP: Wildcard Directive"; + private static final String LOW_FINDING_NAME = "Cookie Without Secure Flag"; + private static final String INFO_FINDING_NAME = "Info name"; + private static final String UNCLASSIFIED_FINDING_NAME = "Unclassified name"; + + private SecHubFinding criticalCodeScanFinding1; + private SecHubFinding criticalCodeScanFinding2; + + private SecHubFinding highSecretScanFinding; + private SecHubFinding mediumWebScanFinding; + private SecHubFinding lowInfraScanFinding; + private SecHubFinding infoLicenseFinding; + private SecHubFinding unclassifiedFinding; + private ScanReportToSecHubReportModelWithSummariesTransformer transformerToTest; + + private SecHubFinding criticalWebScanFinding1; + + private SecHubFinding lowCodeScanFinding; + + @BeforeEach + void beforeEach() { + + transformerToTest = new ScanReportToSecHubReportModelWithSummariesTransformer(); + + criticalCodeScanFinding1 = new SecHubFinding(); + criticalCodeScanFinding1.setCweId(CRITICAL_FINDING1_CWEID); + criticalCodeScanFinding1.setSeverity(Severity.CRITICAL); + criticalCodeScanFinding1.setName(CRITICAL_FINDING1_NAME); + criticalCodeScanFinding1.setType(ScanType.CODE_SCAN); + + criticalWebScanFinding1 = new SecHubFinding(); + criticalWebScanFinding1.setCweId(CRITICAL_FINDING1_CWEID); + criticalWebScanFinding1.setSeverity(Severity.CRITICAL); + criticalWebScanFinding1.setName(CRITICAL_FINDING1_NAME); + criticalWebScanFinding1.setType(ScanType.WEB_SCAN); + + criticalCodeScanFinding2 = new SecHubFinding(); + criticalCodeScanFinding2.setCweId(CRITICAL_FINDING2_CWEID); + criticalCodeScanFinding2.setSeverity(Severity.CRITICAL); + criticalCodeScanFinding2.setName(CRITICAL_FINDING2_NAME); + criticalCodeScanFinding2.setType(ScanType.CODE_SCAN); + + highSecretScanFinding = new SecHubFinding(); + highSecretScanFinding.setCweId(HIGH_FINDING_CWEID); + highSecretScanFinding.setSeverity(Severity.HIGH); + highSecretScanFinding.setName(HIGH_FINDING_NAME); + highSecretScanFinding.setType(ScanType.SECRET_SCAN); + + mediumWebScanFinding = new SecHubFinding(); + mediumWebScanFinding.setCweId(MEDIUM_FINDING_CWEID); + mediumWebScanFinding.setSeverity(Severity.MEDIUM); + mediumWebScanFinding.setName(MEDIUM_FINDING_NAME); + mediumWebScanFinding.setType(ScanType.WEB_SCAN); + + lowInfraScanFinding = new SecHubFinding(); + lowInfraScanFinding.setCweId(LOW_FINDING_CWEID); + lowInfraScanFinding.setSeverity(Severity.LOW); + lowInfraScanFinding.setName(LOW_FINDING_NAME); + lowInfraScanFinding.setType(ScanType.INFRA_SCAN); + + lowCodeScanFinding = new SecHubFinding(); + lowCodeScanFinding.setCweId(LOW_FINDING_CWEID); + lowCodeScanFinding.setSeverity(Severity.LOW); + lowCodeScanFinding.setName(LOW_FINDING_NAME); + lowCodeScanFinding.setType(ScanType.CODE_SCAN); + + infoLicenseFinding = new SecHubFinding(); + infoLicenseFinding.setCweId(INFO_FINDING_CWEID); + infoLicenseFinding.setSeverity(Severity.INFO); + infoLicenseFinding.setName(INFO_FINDING_NAME); + infoLicenseFinding.setType(ScanType.LICENSE_SCAN); + + unclassifiedFinding = new SecHubFinding(); + unclassifiedFinding.setCweId(UNCLASSIFIED_FINDING_CWEID); + unclassifiedFinding.setSeverity(Severity.UNCLASSIFIED); + unclassifiedFinding.setName(UNCLASSIFIED_FINDING_NAME); + + } + + @Test + void report_with_3_finding_is_transformed_to_model_with_3_findings() { + /* prepare */ + ScanReport report = buildReport(criticalCodeScanFinding1, criticalWebScanFinding1, lowCodeScanFinding); + + /* execute */ + SecHubReportModel result = transformerToTest.transform(report); + + /* test */ + if (DEBUG) { + String asJson = result.toFormattedJSON(); + System.out.println(asJson); + } + List findings = result.getResult().getFindings(); + assertEquals(3, findings.size()); + } + + @Test + void report_with_no_finding_is_transformed_with_meta_data_but_no_findings() { + /* prepare */ + ScanReport report = buildReport(); + + /* execute */ + SecHubReportModel result = transformerToTest.transform(report); + + /* test */ + if (DEBUG) { + String asJson = result.toFormattedJSON(); + System.out.println(asJson); + } + assertEquals(0, result.getResult().getCount()); + + Optional metaDataOpt = result.getMetaData(); + assertTrue(metaDataOpt.isPresent()); + + SecHubReportSummary summary = metaDataOpt.get().getSummary(); + assertTrue(summary.getCodeScan().isEmpty()); + assertTrue(summary.getInfraScan().isEmpty()); + assertTrue(summary.getSecretScan().isEmpty()); + assertTrue(summary.getLicenseScan().isEmpty()); + assertTrue(summary.getWebScan().isEmpty()); + } + + @Test + void report_with_1_critical_codescan_finding_is_transformed_with_meta_data_details() { + + /* prepare */ + ScanReport report = buildReport(criticalCodeScanFinding1); + + /* execute */ + SecHubReportModel result = transformerToTest.transform(report); + + /* test */ + if (DEBUG) { + String asJson = result.toFormattedJSON(); + System.out.println(asJson); + } + SecHubReportSummary summary = result.getMetaData().get().getSummary(); + List critical = summary.getCodeScan().get().getDetails().getCritical(); + assertEquals(1, critical.size()); + ScanTypeSummaryFindingOverviewData criticalCodeScanDetails = critical.iterator().next(); + assertNotNull(criticalCodeScanDetails); + assertEquals(1, criticalCodeScanDetails.getCount()); + assertEquals(CRITICAL_FINDING1_NAME, criticalCodeScanDetails.getName()); + assertEquals(CRITICAL_FINDING1_CWEID, criticalCodeScanDetails.getCweId()); + } + + @Test + void report_with_4_same_critical_codescan_finding_is_transformed_with_meta_data_details() { + + /* prepare */ + ScanReport report = buildReport(criticalCodeScanFinding1, criticalCodeScanFinding1, criticalCodeScanFinding1, criticalCodeScanFinding1); + + /* execute */ + SecHubReportModel result = transformerToTest.transform(report); + + /* test */ + if (DEBUG) { + String asJson = result.toFormattedJSON(); + System.out.println(asJson); + } + SecHubReportSummary summary = result.getMetaData().get().getSummary(); + List critical = summary.getCodeScan().get().getDetails().getCritical(); + assertEquals(1, critical.size()); + ScanTypeSummaryFindingOverviewData criticalCodeScanDetails = critical.iterator().next(); + assertNotNull(criticalCodeScanDetails); + assertEquals(4, criticalCodeScanDetails.getCount()); + assertEquals(CRITICAL_FINDING1_CWEID, criticalCodeScanDetails.getCweId()); + assertEquals(CRITICAL_FINDING1_NAME, criticalCodeScanDetails.getName()); + } + + @Test + void report_with_5_critical_codescan_finding_2_different_is_transformed_with_meta_data_details() { + + /* prepare */ + ScanReport report = buildReport(criticalCodeScanFinding2, criticalCodeScanFinding1, criticalCodeScanFinding2, criticalCodeScanFinding2, + criticalCodeScanFinding1); + + /* execute */ + SecHubReportModel result = transformerToTest.transform(report); + + /* test */ + if (DEBUG) { + String asJson = result.toFormattedJSON(); + System.out.println(asJson); + } + SecHubReportSummary summary = result.getMetaData().get().getSummary(); + List critical = summary.getCodeScan().get().getDetails().getCritical(); + assertEquals(2, critical.size()); + + Iterator iterator = critical.iterator(); + ScanTypeSummaryFindingOverviewData criticalCodeScanDetails1 = iterator.next(); + assertEquals(2, criticalCodeScanDetails1.getCount()); + assertEquals(CRITICAL_FINDING1_NAME, criticalCodeScanDetails1.getName()); // finding1 first because name sorted... + assertEquals(CRITICAL_FINDING1_CWEID, criticalCodeScanDetails1.getCweId()); + + ScanTypeSummaryFindingOverviewData criticalCodeScanDetails2 = iterator.next(); + assertEquals(3, criticalCodeScanDetails2.getCount()); + assertEquals(CRITICAL_FINDING2_NAME, criticalCodeScanDetails2.getName()); + assertEquals(CRITICAL_FINDING2_CWEID, criticalCodeScanDetails2.getCweId()); + } + + @Test + void report_with_5_critical_codescan_finding_2_different_is_transformed_with_meta_data_counts() { + + /* prepare */ + ScanReport report = buildReport(criticalCodeScanFinding2, criticalCodeScanFinding1, criticalCodeScanFinding2, criticalCodeScanFinding2, + criticalCodeScanFinding1); + + /* execute */ + SecHubReportModel result = transformerToTest.transform(report); + + /* test */ + if (DEBUG) { + String asJson = result.toFormattedJSON(); + System.out.println(asJson); + } + SecHubReportSummary summary = result.getMetaData().get().getSummary(); + SecHubReportScanTypeSummary codeScan = summary.getCodeScan().get(); + assertEquals(5, codeScan.getCritical()); + assertEquals(0, codeScan.getHigh()); + assertEquals(0, codeScan.getMedium()); + assertEquals(0, codeScan.getLow()); + assertEquals(0, codeScan.getUnclassified()); + assertEquals(0, codeScan.getInfo()); + + assertEquals(5, codeScan.getTotal()); + } + + @Test + void report_with_different_findings_and_severities_is_transformed_with_meta_data_counts() { + + /* prepare */ + /* @formatter:off */ + ScanReport report = buildReport( + criticalCodeScanFinding2, + lowCodeScanFinding, + mediumWebScanFinding, + mediumWebScanFinding, + criticalWebScanFinding1, + highSecretScanFinding, + infoLicenseFinding, + lowInfraScanFinding, + criticalCodeScanFinding1, + criticalCodeScanFinding2, + criticalCodeScanFinding2, + criticalCodeScanFinding1); + /* @formatter:on */ + + /* execute */ + SecHubReportModel result = transformerToTest.transform(report); + + /* test */ + if (DEBUG) { + String asJson = result.toFormattedJSON(); + System.out.println(asJson); + } + SecHubReportSummary summary = result.getMetaData().get().getSummary(); + SecHubReportScanTypeSummary codeScan = summary.getCodeScan().get(); + assertEquals(5, codeScan.getCritical()); + assertEquals(1, codeScan.getLow()); + assertEquals(6, codeScan.getTotal()); + + assertEquals(0, codeScan.getHigh()); + assertEquals(0, codeScan.getMedium()); + assertEquals(0, codeScan.getUnclassified()); + assertEquals(0, codeScan.getInfo()); + + SecHubReportScanTypeSummary webScan = summary.getWebScan().get(); + assertEquals(1, webScan.getCritical()); + assertEquals(2, webScan.getMedium()); + assertEquals(3, webScan.getTotal()); + + assertEquals(0, webScan.getHigh()); + assertEquals(0, webScan.getLow()); + assertEquals(0, webScan.getUnclassified()); + assertEquals(0, webScan.getInfo()); + + SecHubReportScanTypeSummary secretScan = summary.getSecretScan().get(); + assertEquals(1, secretScan.getHigh()); + assertEquals(1, secretScan.getTotal()); + + assertEquals(0, secretScan.getCritical()); + assertEquals(0, secretScan.getMedium()); + assertEquals(0, secretScan.getLow()); + assertEquals(0, secretScan.getUnclassified()); + assertEquals(0, secretScan.getInfo()); + + SecHubReportScanTypeSummary infraScan = summary.getInfraScan().get(); + assertEquals(1, infraScan.getLow()); + assertEquals(1, infraScan.getTotal()); + + assertEquals(0, infraScan.getCritical()); + assertEquals(0, infraScan.getHigh()); + assertEquals(0, infraScan.getMedium()); + assertEquals(0, infraScan.getUnclassified()); + assertEquals(0, infraScan.getInfo()); + + SecHubReportScanTypeSummary licenseScan = summary.getLicenseScan().get(); + assertEquals(1, licenseScan.getInfo()); + assertEquals(1, licenseScan.getTotal()); + + assertEquals(0, licenseScan.getCritical()); + assertEquals(0, licenseScan.getHigh()); + assertEquals(0, licenseScan.getMedium()); + assertEquals(0, licenseScan.getLow()); + assertEquals(0, licenseScan.getUnclassified()); + + assertEquals(12, result.getResult().getCount()); + } + + private ScanReport buildReport(SecHubFinding... findingsForReport) { + + ScanReport report; + List findings; + SecHubReportModel model; + + report = new ScanReport(); + report.setResultType(ScanReportResultType.MODEL); + model = new SecHubReportModel(); + findings = model.getResult().getFindings(); + + for (SecHubFinding finding : findingsForReport) { + findings.add(finding); + } + + String json = model.toJSON(); + report.setResult(json); + return report; + } + +} diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReportTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReportTest.java index 1772d9c83c..d088c0d0b9 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReportTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReportTest.java @@ -1,6 +1,7 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.domain.scan.report; +import static com.mercedesbenz.sechub.commons.model.ScanType.*; import static org.junit.jupiter.api.Assertions.*; import static org.mockito.Mockito.*; @@ -14,6 +15,7 @@ import com.mercedesbenz.sechub.commons.model.SecHubMessage; import com.mercedesbenz.sechub.commons.model.SecHubMessageType; import com.mercedesbenz.sechub.commons.model.SecHubReportModel; +import com.mercedesbenz.sechub.commons.model.SecHubReportSummary; import com.mercedesbenz.sechub.commons.model.SecHubResult; import com.mercedesbenz.sechub.commons.model.SecHubStatus; import com.mercedesbenz.sechub.commons.model.Severity; @@ -287,4 +289,143 @@ void scanreport_result_with_report_containing_sechub_report_model_init_and_json_ assertEquals(1, reportToTest.getResult().getCount()); } + @Test + void when_finding_is_CODE_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(CODE_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + SecHubReportSummary summary = scanSecHubReport.getMetaData().get().getSummary(); + assertTrue(summary.getCodeScan().isPresent()); + assertEquals(1, summary.getCodeScan().get().getTotal()); + + assertTrue(summary.getInfraScan().isEmpty()); + assertTrue(summary.getLicenseScan().isEmpty()); + assertTrue(summary.getSecretScan().isEmpty()); + assertTrue(summary.getWebScan().isEmpty()); + } + + @Test + void when_finding_is_INFRA_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(INFRA_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + SecHubReportSummary summary = scanSecHubReport.getMetaData().get().getSummary(); + assertTrue(summary.getInfraScan().isPresent()); + assertEquals(1, summary.getInfraScan().get().getTotal()); + + assertTrue(summary.getCodeScan().isEmpty()); + assertTrue(summary.getLicenseScan().isEmpty()); + assertTrue(summary.getSecretScan().isEmpty()); + assertTrue(summary.getWebScan().isEmpty()); + } + + @Test + void when_finding_is_LICENSE_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(LICENSE_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + SecHubReportSummary summary = scanSecHubReport.getMetaData().get().getSummary(); + assertTrue(summary.getLicenseScan().isPresent()); + assertEquals(1, summary.getLicenseScan().get().getTotal()); + + assertTrue(summary.getCodeScan().isEmpty()); + assertTrue(summary.getInfraScan().isEmpty()); + assertTrue(summary.getSecretScan().isEmpty()); + assertTrue(summary.getWebScan().isEmpty()); + } + + @Test + void when_finding_is_SECRET_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(SECRET_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + SecHubReportSummary summary = scanSecHubReport.getMetaData().get().getSummary(); + assertTrue(summary.getSecretScan().isPresent()); + assertEquals(1, summary.getSecretScan().get().getTotal()); + + assertTrue(summary.getCodeScan().isEmpty()); + assertTrue(summary.getInfraScan().isEmpty()); + assertTrue(summary.getLicenseScan().isEmpty()); + assertTrue(summary.getWebScan().isEmpty()); + } + + @Test + void when_finding_is_WEB_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(WEB_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + SecHubReportSummary summary = scanSecHubReport.getMetaData().get().getSummary(); + assertTrue(summary.getWebScan().isPresent()); + assertEquals(1, summary.getWebScan().get().getTotal()); + + assertTrue(summary.getCodeScan().isEmpty()); + assertTrue(summary.getInfraScan().isEmpty()); + assertTrue(summary.getLicenseScan().isEmpty()); + assertTrue(summary.getSecretScan().isEmpty()); + } } diff --git a/sechub-sereco/src/test/resources/checkmarx/sechub-continous-integration-with-false-positive.xml b/sechub-sereco/src/test/resources/checkmarx/sechub-continous-integration-with-false-positive.xml index afea15b708..1079573c40 100644 --- a/sechub-sereco/src/test/resources/checkmarx/sechub-continous-integration-with-false-positive.xml +++ b/sechub-sereco/src/test/resources/checkmarx/sechub-continous-integration-with-false-positive.xml @@ -5776,13 +5776,13 @@ 34 106 1 - emailAdress + emailAddress 11 34 - public void anonymousRequestToGetNewApiTokenForUserMailAdress(@PathVariable(name="emailAddress") String emailAdress) { + public void anonymousRequestToGetNewApiTokenForUserMailAddress(@PathVariable(name="emailAddress") String emailAddress) { @@ -5791,13 +5791,13 @@ 36 72 2 - emailAdress + emailAddress 11 36 - newApiTokenService.anonymousRequestToGetNewApiTokenForUserMailAdress(emailAdress); + newApiTokenService.anonymousRequestToGetNewApiTokenForUserMailAddress(emailAddress); @@ -5812,7 +5812,7 @@ 39 - public void anonymousRequestToGetNewApiTokenForUserMailAdress(String userEmail) { + public void anonymousRequestToGetNewApiTokenForUserMailAddress(String userEmail) { @@ -5855,13 +5855,13 @@ 34 106 1 - emailAdress + emailAddress 11 34 - public void anonymousRequestToGetNewApiTokenForUserMailAdress(@PathVariable(name="emailAddress") String emailAdress) { + public void anonymousRequestToGetNewApiTokenForUserMailAddress(@PathVariable(name="emailAddress") String emailAddress) { @@ -5870,13 +5870,13 @@ 36 72 2 - emailAdress + emailAddress 11 36 - newApiTokenService.anonymousRequestToGetNewApiTokenForUserMailAdress(emailAdress); + newApiTokenService.anonymousRequestToGetNewApiTokenForUserMailAddress(emailAddress); @@ -5891,7 +5891,7 @@ 39 - public void anonymousRequestToGetNewApiTokenForUserMailAdress(String userEmail) { + public void anonymousRequestToGetNewApiTokenForUserMailAddress(String userEmail) { @@ -5906,7 +5906,7 @@ 41 - Optional<User> found = userRepository.findByEmailAdress(userEmail); + Optional<User> found = userRepository.findByemailAddress(userEmail); @@ -5915,13 +5915,13 @@ 41 58 5 - findByEmailAdress + findByemailAddress 1 41 - Optional<User> found = userRepository.findByEmailAdress(userEmail); + Optional<User> found = userRepository.findByemailAddress(userEmail); @@ -5936,7 +5936,7 @@ 41 - Optional<User> found = userRepository.findByEmailAdress(userEmail); + Optional<User> found = userRepository.findByemailAddress(userEmail); @@ -6308,7 +6308,7 @@ 82 - userId, emailAdress); + userId, emailAddress); @@ -7869,13 +7869,13 @@ 44 86 1 - emailAdress + emailAddress 11 44 - public List<SimpleMailMessage> getMailsFor(@PathVariable(name="emailAdress") String emailAdress) { + public List<SimpleMailMessage> getMailsFor(@PathVariable(name="emailAddress") String emailAddress) { @@ -7884,13 +7884,13 @@ 46 38 2 - emailAdress + emailAddress 11 46 - return mockMailService.getMailsFor(emailAdress); + return mockMailService.getMailsFor(emailAddress); @@ -7899,13 +7899,13 @@ 49 52 3 - emailAdress + emailAddress 11 49 - public List<SimpleMailMessage> getMailsFor(String emailAdress) { + public List<SimpleMailMessage> getMailsFor(String emailAddress) { @@ -7914,13 +7914,13 @@ 51 90 4 - emailAdress + emailAddress 11 51 - LOG.info("cache eimals is disabled, so returning empty mails list for emailAdress:{}",emailAdress); + LOG.info("cache eimals is disabled, so returning empty mails list for emailAddress:{}",emailAddress); @@ -7935,7 +7935,7 @@ 51 - LOG.info("cache eimals is disabled, so returning empty mails list for emailAdress:{}",emailAdress); + LOG.info("cache eimals is disabled, so returning empty mails list for emailAddress:{}",emailAddress); @@ -7948,13 +7948,13 @@ 44 86 1 - emailAdress + emailAddress 11 44 - public List<SimpleMailMessage> getMailsFor(@PathVariable(name="emailAdress") String emailAdress) { + public List<SimpleMailMessage> getMailsFor(@PathVariable(name="emailAddress") String emailAddress) { @@ -7963,13 +7963,13 @@ 46 38 2 - emailAdress + emailAddress 11 46 - return mockMailService.getMailsFor(emailAdress); + return mockMailService.getMailsFor(emailAddress); @@ -7978,13 +7978,13 @@ 49 52 3 - emailAdress + emailAddress 11 49 - public List<SimpleMailMessage> getMailsFor(String emailAdress) { + public List<SimpleMailMessage> getMailsFor(String emailAddress) { @@ -7993,13 +7993,13 @@ 54 27 4 - emailAdress + emailAddress 11 54 - return getMailsInternal(emailAdress); + return getMailsInternal(emailAddress); @@ -8008,13 +8008,13 @@ 57 58 5 - emailAdress + emailAddress 11 57 - private List<SimpleMailMessage> getMailsInternal(String emailAdress) { + private List<SimpleMailMessage> getMailsInternal(String emailAddress) { @@ -8023,13 +8023,13 @@ 59 59 6 - emailAdress + emailAddress 11 59 - LOG.info("resolved messages:{} for user:{}",list.size(),emailAdress); + LOG.info("resolved messages:{} for user:{}",list.size(),emailAddress); @@ -8044,7 +8044,7 @@ 59 - LOG.info("resolved messages:{} for user:{}",list.size(),emailAdress); + LOG.info("resolved messages:{} for user:{}",list.size(),emailAddress); @@ -13929,7 +13929,7 @@ 40 - path = APIConstants.API_ANONYMOUS+"integrationtest/mock/emails/to/{emailAdress}", + path = APIConstants.API_ANONYMOUS+"integrationtest/mock/emails/to/{emailAddress}", diff --git a/sechub-sereco/src/test/resources/checkmarx/sechub-continous-integration.xml b/sechub-sereco/src/test/resources/checkmarx/sechub-continous-integration.xml index 9723ab5595..8f94eb7ee8 100644 --- a/sechub-sereco/src/test/resources/checkmarx/sechub-continous-integration.xml +++ b/sechub-sereco/src/test/resources/checkmarx/sechub-continous-integration.xml @@ -6783,7 +6783,7 @@ 40 - path = APIConstants.API_ANONYMOUS+"integrationtest/mock/emails/to/{emailAdress}", + path = APIConstants.API_ANONYMOUS+"integrationtest/mock/emails/to/{emailAddress}", @@ -19192,13 +19192,13 @@ 44 86 1 - emailAdress + emailAddress 11 44 - public List<SimpleMailMessage> getMailsFor(@PathVariable(name="emailAdress") String emailAdress) { + public List<SimpleMailMessage> getMailsFor(@PathVariable(name="emailAddress") String emailAddress) { @@ -19207,13 +19207,13 @@ 46 38 2 - emailAdress + emailAddress 11 46 - return mockMailService.getMailsFor(emailAdress); + return mockMailService.getMailsFor(emailAddress); @@ -19222,13 +19222,13 @@ 49 52 3 - emailAdress + emailAddress 11 49 - public List<SimpleMailMessage> getMailsFor(String emailAdress) { + public List<SimpleMailMessage> getMailsFor(String emailAddress) { @@ -19237,13 +19237,13 @@ 51 90 4 - emailAdress + emailAddress 11 51 - LOG.info("cache eimals is disabled, so returning empty mails list for emailAdress:{}",emailAdress); + LOG.info("cache eimals is disabled, so returning empty mails list for emailAddress:{}",emailAddress); @@ -19258,7 +19258,7 @@ 51 - LOG.info("cache eimals is disabled, so returning empty mails list for emailAdress:{}",emailAdress); + LOG.info("cache eimals is disabled, so returning empty mails list for emailAddress:{}",emailAddress); @@ -19271,13 +19271,13 @@ 44 86 1 - emailAdress + emailAddress 11 44 - public List<SimpleMailMessage> getMailsFor(@PathVariable(name="emailAdress") String emailAdress) { + public List<SimpleMailMessage> getMailsFor(@PathVariable(name="emailAddress") String emailAddress) { @@ -19286,13 +19286,13 @@ 46 38 2 - emailAdress + emailAddress 11 46 - return mockMailService.getMailsFor(emailAdress); + return mockMailService.getMailsFor(emailAddress); @@ -19301,13 +19301,13 @@ 49 52 3 - emailAdress + emailAddress 11 49 - public List<SimpleMailMessage> getMailsFor(String emailAdress) { + public List<SimpleMailMessage> getMailsFor(String emailAddress) { @@ -19316,13 +19316,13 @@ 54 27 4 - emailAdress + emailAddress 11 54 - return getMailsInternal(emailAdress); + return getMailsInternal(emailAddress); @@ -19331,13 +19331,13 @@ 57 58 5 - emailAdress + emailAddress 11 57 - private List<SimpleMailMessage> getMailsInternal(String emailAdress) { + private List<SimpleMailMessage> getMailsInternal(String emailAddress) { @@ -19346,13 +19346,13 @@ 59 59 6 - emailAdress + emailAddress 11 59 - LOG.info("resolved messages:{} for user:{}",list.size(),emailAdress); + LOG.info("resolved messages:{} for user:{}",list.size(),emailAddress); @@ -19367,7 +19367,7 @@ 59 - LOG.info("resolved messages:{} for user:{}",list.size(),emailAdress); + LOG.info("resolved messages:{} for user:{}",list.size(),emailAddress); diff --git a/sechub-server/src/main/resources/db/migration/U27__rename_emailAdress_column.sql b/sechub-server/src/main/resources/db/migration/U27__rename_emailAdress_column.sql new file mode 100644 index 0000000000..9a70074970 --- /dev/null +++ b/sechub-server/src/main/resources/db/migration/U27__rename_emailAdress_column.sql @@ -0,0 +1,8 @@ +-- SPDX-License-Identifier: MIT +ALTER TABLE adm_user_selfregistration + RENAME COLUMN email_address TO email_adress; +ALTER TABLE adm_user + RENAME COLUMN user_email_address TO user_email_adress; + +ALTER TABLE adm_user RENAME CONSTRAINT c01_adm_user_emailaddress TO c01_adm_user_emailadress; + diff --git a/sechub-server/src/main/resources/db/migration/V27__rename_emailAdress_column.sql b/sechub-server/src/main/resources/db/migration/V27__rename_emailAdress_column.sql new file mode 100644 index 0000000000..315c717429 --- /dev/null +++ b/sechub-server/src/main/resources/db/migration/V27__rename_emailAdress_column.sql @@ -0,0 +1,7 @@ +-- SPDX-License-Identifier: MIT +ALTER TABLE adm_user_selfregistration + RENAME COLUMN email_adress TO email_address; +ALTER TABLE adm_user + RENAME COLUMN user_email_adress TO user_email_address; + +ALTER TABLE adm_user RENAME CONSTRAINT c01_adm_user_emailadress TO c01_adm_user_emailaddress; diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/DomainMessageFactory.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/DomainMessageFactory.java index 4844840b4d..d00333db79 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/DomainMessageFactory.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/DomainMessageFactory.java @@ -34,7 +34,7 @@ public static DomainMessage createUserBecomesSuperAdmin(String userId, String em DomainMessage userBecomesSuperAdminInfo = new DomainMessage(MessageID.USER_BECOMES_SUPERADMIN); UserMessage userMessage = new UserMessage(); userMessage.setUserId(userId); - userMessage.setEmailAdress(email); + userMessage.setEmailAddress(email); userBecomesSuperAdminInfo.set(MessageDataKeys.USER_CONTACT_DATA, userMessage); userBecomesSuperAdminInfo.set(MessageDataKeys.ENVIRONMENT_BASE_URL, envbaseURL); @@ -45,7 +45,7 @@ public static DomainMessage createUserNoLongerSuperAdmin(String userId, String e DomainMessage userBecomesSuperAdminInfo = new DomainMessage(MessageID.USER_NO_LONGER_SUPERADMIN); UserMessage userMessage = new UserMessage(); userMessage.setUserId(userId); - userMessage.setEmailAdress(email); + userMessage.setEmailAddress(email); userBecomesSuperAdminInfo.set(MessageDataKeys.USER_CONTACT_DATA, userMessage); userBecomesSuperAdminInfo.set(MessageDataKeys.ENVIRONMENT_BASE_URL, envbaseURL); diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/JobMessage.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/JobMessage.java index e62af5bb9a..eaafdf361b 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/JobMessage.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/JobMessage.java @@ -96,8 +96,8 @@ public UUID getJobUUID() { return jobUUID; } - public void setOwnerEmailAddress(String emailAdress) { - this.ownerEmailAddress = emailAdress; + public void setOwnerEmailAddress(String emailAddress) { + this.ownerEmailAddress = emailAddress; } public String getOwnerEmailAddress() { diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/MessageDataKeys.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/MessageDataKeys.java index 10b291fed4..9854d242ae 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/MessageDataKeys.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/MessageDataKeys.java @@ -65,26 +65,26 @@ private MessageDataKeys() { public static final MessageDataKey SCHEDULER_JOB_STATUS = createKey("sechub.scheduler.job.status", SCHEDULER_JOB_MESSAGE_DATA_PROVIDER); /** - * Must contain userid, mail adress + * Must contain userid, email address */ public static final MessageDataKey USER_CONTACT_DATA = createUserMessageKey("user.signup.data"); /** - * Must contain userid, mail adress + * Must contain userid, email address */ public static final MessageDataKey USER_SIGNUP_DATA = createUserMessageKey("user.signup.data"); /** - * Must contain userid, mail adress and initial roles + * Must contain userid, email address and initial roles */ public static final MessageDataKey USER_CREATION_DATA = createUserMessageKey("user.creation.data"); /** - * Must contain userid, hashed api token and email adress + * Must contain userid, hashed api token and email address */ public static final MessageDataKey USER_API_TOKEN_DATA = createUserMessageKey("user.apitoken.data"); /** - * Must contain userid and email adress + * Must contain userid and email address */ public static final MessageDataKey USER_DELETE_DATA = createUserMessageKey("user.delete.data"); diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/ProjectMessage.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/ProjectMessage.java index 3ddd7bbc34..0ea2d10eab 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/ProjectMessage.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/ProjectMessage.java @@ -31,7 +31,7 @@ public class ProjectMessage implements JSONable { // applicable if owner was changed private String previousOwnerEmailAddress; - private Set userEmailAdresses = new LinkedHashSet<>(2); + private Set userEmailAddresses = new LinkedHashSet<>(2); private String projectActionTriggeredBy; @@ -50,7 +50,7 @@ public Class getJSONTargetClass() { * @param emailAddress */ public void addUserEmailAddress(String emailAddress) { - userEmailAdresses.add(emailAddress); + userEmailAddresses.add(emailAddress); } /** @@ -60,8 +60,8 @@ public void addUserEmailAddress(String emailAddress) { * * @return email addresses for this project message. never null */ - public Set getUserEmailAdresses() { - return userEmailAdresses; + public Set getUserEmailAddresses() { + return userEmailAddresses; } public void setProjectOwnerEmailAddress(String emailAddress) { diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/UserMessage.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/UserMessage.java index 7665537f12..95999aed90 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/UserMessage.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/messaging/UserMessage.java @@ -22,7 +22,7 @@ @MustBeKeptStable("This configuration is used by communication between (api) authorization domain and administration - and maybe others") public class UserMessage implements JSONable { - private String emailAdress; + private String emailAddress; private String userId; @@ -47,16 +47,16 @@ public String getUserId() { return userId; } - public void setEmailAdress(String emailAdress) { - this.emailAdress = emailAdress; + public void setEmailAddress(String emailAddress) { + this.emailAddress = emailAddress; } public List getProjectIds() { return projectIds; } - public String getEmailAdress() { - return emailAdress; + public String getEmailAddress() { + return emailAddress; } public void setUserId(String userId) { @@ -135,8 +135,8 @@ public String getFormerEmailAddress() { /** * Set the former email address of an user. Should only be called for user - * events when an email address has changed. The {@link #getEmailAdress()} shall - * contain the new mail adress in this case. + * events when an email address has changed. The {@link #getEmailAddress()} + * shall contain the new email address in this case. * * @param formerEmailAddress */ diff --git a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/validation/UserInputAssertion.java b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/validation/UserInputAssertion.java index 329e6883fd..ecc62726de 100644 --- a/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/validation/UserInputAssertion.java +++ b/sechub-shared-kernel/src/main/java/com/mercedesbenz/sechub/sharedkernel/validation/UserInputAssertion.java @@ -97,8 +97,8 @@ public void assertIsValidUserId(String userId) { * * @param userId */ - public void assertIsValidEmailAddress(String emailAdress) { - assertValid(emailAdress, emailValidation, "Email address is not valid"); + public void assertIsValidEmailAddress(String emailAddress) { + assertValid(emailAddress, emailValidation, "Email address is not valid"); } /** diff --git a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/validation/EmailValidationImplTest.java b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/validation/EmailValidationImplTest.java index 3ec4e22057..d0e4d31e98 100644 --- a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/validation/EmailValidationImplTest.java +++ b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/validation/EmailValidationImplTest.java @@ -16,7 +16,7 @@ public void before() { } @Test - public void somebody_at_gmail_adress_is_valid() { + public void somebody_at_gmail_address_is_valid() { assertTrue(validationToTest.validate("somebody@gmail.com").isValid()); } diff --git a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/validation/UserInputAssertionTest.java b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/validation/UserInputAssertionTest.java index 3c568b22b5..4d4b71f949 100644 --- a/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/validation/UserInputAssertionTest.java +++ b/sechub-shared-kernel/src/test/java/com/mercedesbenz/sechub/sharedkernel/validation/UserInputAssertionTest.java @@ -24,17 +24,17 @@ public void before() { @Test public void only_emailvalidation_is_used_when_email_is_asserted() { /* prepare */ - String validMailAdress = "mymail@example.com"; + String validEmailAddress = "myemail@example.com"; EmailValidation mockedEmailValidation = mock(EmailValidation.class); - when(mockedEmailValidation.validate(validMailAdress)).thenReturn(new ValidationResult()); + when(mockedEmailValidation.validate(validEmailAddress)).thenReturn(new ValidationResult()); assertToTest.emailValidation = mockedEmailValidation; /* execute */ - assertToTest.assertIsValidEmailAddress(validMailAdress); + assertToTest.assertIsValidEmailAddress(validEmailAddress); /* test */ - verify(mockedEmailValidation).validate(validMailAdress); + verify(mockedEmailValidation).validate(validEmailAddress); } } diff --git a/sechub-systemtest/src/test/resources/additional-resources/expected-output/sechub-result1.json b/sechub-systemtest/src/test/resources/additional-resources/expected-output/sechub-result1.json index 13c6ffdd76..3b48e3543c 100644 --- a/sechub-systemtest/src/test/resources/additional-resources/expected-output/sechub-result1.json +++ b/sechub-systemtest/src/test/resources/additional-resources/expected-output/sechub-result1.json @@ -1,4 +1,4 @@ -{ +{ "jobUUID" : "{sechub.jobuuid}", "trafficLight" : "YELLOW", "result" : { @@ -55,6 +55,34 @@ }, "status" : "SUCCESS", "reportVersion" : "1.0", + "metaData" : { + "labels" : { }, + "summary" : { + "codeScan" : { + "total" : 4, + "critical" : 0, + "high" : 0, + "medium" : 1, + "low" : 1, + "unclassified" : 0, + "info" : 2, + "details" : { + "medium" : [ { + "name" : "no_name", + "count" : 1 + } ], + "low" : [ { + "name" : "no_name", + "count" : 1 + } ], + "info" : [ { + "name" : "no_name", + "count" : 2 + } ] + } + } + } + }, "messages" : [ { "type" : "ERROR", "text" : "error for PDS job: {*:36} but with\n a multine ....\n " diff --git a/sechub-test/src/test/java/com/mercedesbenz/sechub/domain/scan/TestHTMLScanResultReportModelBuilder.java b/sechub-test/src/test/java/com/mercedesbenz/sechub/domain/scan/TestHTMLScanResultReportModelBuilder.java deleted file mode 100644 index 486a2643bf..0000000000 --- a/sechub-test/src/test/java/com/mercedesbenz/sechub/domain/scan/TestHTMLScanResultReportModelBuilder.java +++ /dev/null @@ -1,12 +0,0 @@ -// SPDX-License-Identifier: MIT -package com.mercedesbenz.sechub.domain.scan; - -import com.mercedesbenz.sechub.commons.model.SecHubResultTrafficLightFilter; - -public class TestHTMLScanResultReportModelBuilder extends HTMLScanResultReportModelBuilder { - - public TestHTMLScanResultReportModelBuilder(SecHubResultTrafficLightFilter trafficLightFilter) { - this.trafficLightFilter = trafficLightFilter; - } - -} diff --git a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java index a5fbe7ce43..58d57fe6a6 100644 --- a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java +++ b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java @@ -10,6 +10,7 @@ import java.time.LocalDateTime; import java.util.Locale; import java.util.Map; +import java.util.Optional; import java.util.TreeMap; import org.junit.jupiter.api.BeforeAll; @@ -28,26 +29,19 @@ import com.mercedesbenz.sechub.commons.model.TrafficLightSupport; import com.mercedesbenz.sechub.docgen.util.TextFileWriter; import com.mercedesbenz.sechub.domain.scan.SecHubExecutionException; -import com.mercedesbenz.sechub.domain.scan.TestHTMLScanResultReportModelBuilder; +import com.mercedesbenz.sechub.domain.scan.report.HTMLScanResultReportModelBuilder; import com.mercedesbenz.sechub.domain.scan.report.ScanReport; import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; import com.mercedesbenz.sechub.sharedkernel.ProductIdentifier; -import com.mercedesbenz.sechub.test.CSSFileToFragementMerger; +import com.mercedesbenz.sechub.test.TestFileWriter; import com.mercedesbenz.sechub.test.TestUtil; /** * A special reporting test: Will create "real life" HTML reports very fast (no * server or spring boot container start necessary) and test output rudimentary. - *
- *
- * Does automatically load sarif test data from - * "src/test/resources/report/input". Also able to store temporary JSON and HTML - * output files to build when {@link TestUtil#isDeletingTempFiles()} returns - * true (this is interesting when designing or debugging - * reporting). * - * When {@link TestUtil#isDeletingTempFiles()} returns true the - * fragements file will be automatically updated by data from "scanresult.css" + * After the tests are executed, you can open the created files in your browser + * and check the results. This is very convenient for report development. * * @author Albert Tregnaghi * @@ -74,18 +68,6 @@ private static void beforAll() throws IOException { thymeleafTemplateEngine.setTemplateResolver(templateResolver); - if (TestUtil.isAutoCSSFragementGenerationEnabled()) { - - File scanHTMLFolder = new File("./../sechub-scan/src/main/resources/templates/report/html"); - - File cssFile = new File(scanHTMLFolder, "scanresult.css"); - File fragmentsFile = new File(scanHTMLFolder, "fragments.html"); - - CSSFileToFragementMerger merger = new CSSFileToFragementMerger(); - merger.merge(cssFile, fragmentsFile); - } else { - LOG.info("Skipping CSS auto generation/merging"); - } } @Test @@ -102,9 +84,11 @@ void example1_owasp_zap_sarif_report_is_transformed_to_expected_sechub_report_HT /* test */ assertNotNull(htmlResult); + storeHTMLOutputAsFile(htmlResult, "example1"); assertTrue(htmlResult.contains(context.sechubJobUUID)); assertTrue(htmlResult.contains("XSS"), "The report must at least contain a cross site scripting vulnerability!"); + assertTrue(htmlResult.contains("CWE-614"), "The report must at least contain the CWE-614 vulnerability!"); assertTrue(htmlResult.contains("Cross Site Scripting (Reflected)"), "The report must at least contain a cross site scripting reflected vulnerability!"); assertTrue(htmlResult.contains("Red findings")); @@ -126,6 +110,7 @@ void example2_artifical_data_is_transformed_to_expected_sechub_report_HTML_with_ /* test */ assertNotNull(htmlResult); + storeHTMLOutputAsFile(htmlResult, "example2"); assertTrue(htmlResult.contains(context.sechubJobUUID)); assertTrue(htmlResult.contains("testdata.rule1.shortdescription.text")); @@ -147,6 +132,7 @@ void example3_covertiy_sarif_is_transformed_to_expected_sechub_report_HTML_with_ /* test */ assertNotNull(htmlResult); + storeHTMLOutputAsFile(htmlResult, "example3"); assertTrue(htmlResult.contains(context.sechubJobUUID)); assertTrue(htmlResult.contains("Aliasing3.java")); @@ -170,6 +156,7 @@ void example4_checkmarx_xml_is_transformed_to_expected_sechub_report_HTML_with_c /* test */ assertNotNull(htmlResult); + storeHTMLOutputAsFile(htmlResult, "example4"); assertTrue(htmlResult.contains(context.sechubJobUUID)); assertTrue(htmlResult.contains("java/com/mercedesbenz/sechub/docgen/util/TextFileWriter.java")); @@ -191,7 +178,7 @@ void example5_gosec_sarif_is_transformed_to_expected_sechub_report_HTML_with_cod /* test */ assertNotNull(htmlResult); - + storeHTMLOutputAsFile(htmlResult, "example5"); assertTrue(htmlResult.contains(context.sechubJobUUID)); assertTrue(htmlResult.contains("Red findings")); @@ -212,6 +199,7 @@ void example6_sechub_report_json_file_would_be_shown_as_expected_report_HTML_wit /* test */ assertNotNull(htmlResult); + storeHTMLOutputAsFile(htmlResult, "example6"); assertTrue(htmlResult.contains(context.sechubJobUUID)); assertTrue(htmlResult.contains("Job execution failed because of an internal problem!")); @@ -224,8 +212,13 @@ void example6_sechub_report_json_file_would_be_shown_as_expected_report_HTML_wit } + private void storeHTMLOutputAsFile(String htmlResult, String name) throws IOException { + TestFileWriter writer = new TestFileWriter(); + writer.save(new File("./build/test-data/thymeleaf-test/" + name + ".html"), htmlResult, true); + } + private String processThymeLeafTemplates(TestReportContext context) throws IOException, SecHubExecutionException { - String htmlResult = thymeleafTemplateEngine.process("report/html/scanresult", context.convertToThymeLeafContext()); + String htmlResult = thymeleafTemplateEngine.process("report/html/report", context.convertToThymeLeafContext()); storeAsHTMLFileForReportDesignWhenTempFilesAreKept(htmlResult, context); @@ -334,7 +327,7 @@ private Map createThymeLeafReportData() throws IOException, SecH } TrafficLightSupport trafficLightSupport = new TrafficLightSupport(); - TestHTMLScanResultReportModelBuilder reportModelBuilder = new TestHTMLScanResultReportModelBuilder(trafficLightSupport); + HTMLScanResultReportModelBuilder reportModelBuilder = new HTMLScanResultReportModelBuilder(); String sechubReportAsJson = report.getResult(); SecHubReportModel reportModel = SecHubReportModel.fromJSONString(sechubReportAsJson); @@ -344,9 +337,9 @@ private Map createThymeLeafReportData() throws IOException, SecH ScanSecHubReport scanReport = new ScanSecHubReport(report); if (getMetaData().isMetaDataNecessaryForReport()) { - SecHubReportMetaData reportMetaData = new SecHubReportMetaData(); - reportMetaData.getLabels().putAll(getMetaData().labels); - scanReport.setMetaData(reportMetaData); + Optional reportMetaData = scanReport.getMetaData(); + reportMetaData.get().getLabels().putAll(getMetaData().labels); + scanReport.setMetaData(reportMetaData.get()); } storeAsJSONFileForDebuggingWhenTempFilesAreKept(JSONConverter.get().toJSON(scanReport, true), this); Map tyhmeleafMap = reportModelBuilder.build(scanReport); diff --git a/sechub-testframework/src/main/java/com/mercedesbenz/sechub/test/SecHubTestURLBuilder.java b/sechub-testframework/src/main/java/com/mercedesbenz/sechub/test/SecHubTestURLBuilder.java index 8915cc5470..d49e100b39 100644 --- a/sechub-testframework/src/main/java/com/mercedesbenz/sechub/test/SecHubTestURLBuilder.java +++ b/sechub-testframework/src/main/java/com/mercedesbenz/sechub/test/SecHubTestURLBuilder.java @@ -472,8 +472,8 @@ public String buildCountProjectScanReports(String projectId) { return buildUrl(API_ANONYMOUS, "integrationtest/project/" + projectId + "/scan/report/count"); } - public String buildFetchEmailsFromMockMailServiceUrl(String emailAdress) { - return buildUrl(API_ANONYMOUS, "integrationtest/mock/emails/to", emailAdress); + public String buildFetchEmailsFromMockMailServiceUrl(String emailAddress) { + return buildUrl(API_ANONYMOUS, "integrationtest/mock/emails/to", emailAddress); } public String buildResetAllMockMailsUrl() { diff --git a/sechub-testframework/src/main/java/com/mercedesbenz/sechub/test/TestUtil.java b/sechub-testframework/src/main/java/com/mercedesbenz/sechub/test/TestUtil.java index 35334e763c..f242a941ab 100644 --- a/sechub-testframework/src/main/java/com/mercedesbenz/sechub/test/TestUtil.java +++ b/sechub-testframework/src/main/java/com/mercedesbenz/sechub/test/TestUtil.java @@ -26,7 +26,6 @@ public class TestUtil { private static final String SECHUB_KEEP_TEMPFILES = "SECHUB_KEEP_TEMPFILES"; private static final String SECHUB_TEST_TRACEMODE = "SECHUB_TEST_TRACEMODE"; - private static final String SECHUB_AUTO_GENERATE_CSS_FRAGMENTS_ON_HTML_TESTS = "SECHUB_AUTO_GENERATE_CSS_FRAGMENTS_ON_HTML_TESTS"; public static FailUntilAmountOfRunsReached createFailUntil(int amount, E failure, R result) { return new FailUntilAmountOfRunsReached<>(amount, failure, result); @@ -124,16 +123,6 @@ public static void waitMilliseconds(long milliseconds) { } - /** - * - * * @return true when environment variable - * {@value TestUtil#SECHUB_AUTO_GENERATE_CSS_FRAGMENTS_ON_HTML_TESTS} is set to - * `true` otherwise false - */ - public static boolean isAutoCSSFragementGenerationEnabled() { - return Boolean.parseBoolean(System.getenv(SECHUB_AUTO_GENERATE_CSS_FRAGMENTS_ON_HTML_TESTS)); - } - /** * In some situations a developer wants to enable special tracing (without * changing any log levels etc.). Dedicated points in test code can use this diff --git a/sechub-webui/src/main/java/com/mercedesbenz/sechub/webui/NewApiTokenService.java b/sechub-webui/src/main/java/com/mercedesbenz/sechub/webui/NewApiTokenService.java index 2d7ba45410..514bac00c0 100644 --- a/sechub-webui/src/main/java/com/mercedesbenz/sechub/webui/NewApiTokenService.java +++ b/sechub-webui/src/main/java/com/mercedesbenz/sechub/webui/NewApiTokenService.java @@ -22,7 +22,7 @@ public class NewApiTokenService { * * 
      *  curl
-     * 'https://sechub.example.com/api/anonymous/refresh/apitoken/emailAdress@test.
+     * 'https://sechub.example.com/api/anonymous/refresh/apitoken/emailAddress@test.
      * com' -i -X POST -H 'Content-Type: application/json;charset=UTF-8'
      *
*/