Fixed some inaccuracies. #345

sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java

@@ -150,16 +150,16 @@ protected void incrementScanCount(Severity severity, ScanTypeCount scanTypeCount
 
     public Map<String, List<SecHubFinding>> filterFindingsForWebScan(List<SecHubFinding> findings, List<Severity> severities) {
         Map<String, List<SecHubFinding>> groupedFindingsByName = findings.stream().filter(finding -> severities.contains(finding.getSeverity()))
-                .filter(finding -> finding.hasScanType("webScan")).collect(groupingBy(SecHubFinding::getName));
+                .filter(finding -> finding.hasScanType(ScanType.WEB_SCAN.getId())).collect(groupingBy(SecHubFinding::getName));
         Map<String, List<SecHubFinding>> groupedAndSortedFindingsByName = new TreeMap<>();
         groupedAndSortedFindingsByName.putAll(groupedFindingsByName);
         return groupedAndSortedFindingsByName;
     }
 
     public List<HTMLSecHubFinding> filterFindingsForGeneralScan(List<SecHubFinding> findings, Map<Integer, List<HTMLScanResultCodeScanEntry>> codeScanEntries,
-            List<Severity> severities) {
+            List<Severity> severitiesToShow) {
         List<HTMLSecHubFinding> htmlSecHubFindings = new LinkedList<>();
-        Map<String, List<SecHubFinding>> groupedFindingsByName = findings.stream().filter(finding -> severities.contains(finding.getSeverity()))
+        Map<String, List<SecHubFinding>> groupedFindingsByName = findings.stream().filter(finding -> severitiesToShow.contains(finding.getSeverity()))
                 .collect(groupingBy(SecHubFinding::getName));
 
         Map<String, List<SecHubFinding>> groupedAndSortedFindingsByName = new TreeMap<>();
@@ -174,7 +174,7 @@ public List<HTMLSecHubFinding> filterFindingsForGeneralScan(List<SecHubFinding>
                 htmlSecHubFinding.setId(0);
                 List<HTMLScanResultCodeScanEntry> entryList = htmlSecHubFinding.getEntryList();
                 for (SecHubFinding finding : findingList) {
-                    if (!finding.hasScanType("webScan")) {
+                    if (!finding.hasScanType(ScanType.WEB_SCAN.getId())) {
                         List<HTMLScanResultCodeScanEntry> codeScanEntryList = codeScanEntries.get(finding.getId());
                         for (HTMLScanResultCodeScanEntry htmlScanResultCodeScanEntry : codeScanEntryList) {
                             entryList.add(htmlScanResultCodeScanEntry);

sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java

@@ -107,11 +107,12 @@ private void buildCalculatedData(ScanReport report) {
     }
 
     protected void calculateSummary() {
-        SecHubReportMetaDataSummary codeScan = model.getMetaData().get().getSummary().getCodeScan();
-        SecHubReportMetaDataSummary infraScan = model.getMetaData().get().getSummary().getInfraScan();
-        SecHubReportMetaDataSummary licenseScan = model.getMetaData().get().getSummary().getLicenseScan();
-        SecHubReportMetaDataSummary secretScan = model.getMetaData().get().getSummary().getSecretScan();
-        SecHubReportMetaDataSummary webScan = model.getMetaData().get().getSummary().getWebScan();
+        var summary = model.getMetaData().get().getSummary();
+        SecHubReportMetaDataSummary codeScan = summary.getCodeScan();
+        SecHubReportMetaDataSummary infraScan = summary.getInfraScan();
+        SecHubReportMetaDataSummary licenseScan = summary.getLicenseScan();
+        SecHubReportMetaDataSummary secretScan = summary.getSecretScan();
+        SecHubReportMetaDataSummary webScan = summary.getWebScan();
 
         for (SecHubFinding finding : model.getResult().getFindings()) {
             ScanType scanType = finding.getType();

sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java

@@ -111,6 +111,7 @@ void example1_owasp_zap_sarif_report_is_transformed_to_expected_sechub_report_HT
         assertNotNull(htmlResult);
 
         assertTrue(htmlResult.contains(context.sechubJobUUID));
+        assertTrue(htmlResult.contains("XSS"), "The report must at least contain a cross site scripting vulnerability!");
         assertTrue(htmlResult.contains("CWE-614"), "The report must at least contain the CWE-614 vulnerability!");
         assertTrue(htmlResult.contains("Cross Site Scripting (Reflected)"), "The report must at least contain a cross site scripting reflected vulnerability!");