Improve traffic light severity handling #2894

sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLight.java

@@ -1,6 +1,11 @@
 // SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.commons.model;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
 /**
  * A simple type representing "GREEN", "YELLOW", "RED"
  *
@@ -9,15 +14,32 @@
  */
 public enum TrafficLight {
 
-    GREEN,
+    GREEN(Severity.LOW, Severity.UNCLASSIFIED, Severity.INFO),
 
-    YELLOW,
+    YELLOW(Severity.MEDIUM),
 
-    RED,
+    RED(Severity.CRITICAL, Severity.HIGH),
 
     /* Traffic light is "turned off" */
     OFF;
 
+
+    private List<Severity> severities;
+
+    private TrafficLight(Severity ...severities) {
+        List<Severity> target = new ArrayList<>(3);
+        target.addAll(Arrays.asList(severities));
+
+        this.severities=Collections.unmodifiableList(target);
+    }
+
+    /**
+     * @return severities which are represented by this traffic light
+     */
+    public List<Severity> getSeverities() {
+        return severities;
+    }
+
     /**
      * Tries to identify traffic light from string.
      *

sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/TrafficLightSupport.java

@@ -32,16 +32,12 @@ TrafficLight resolveTrafficLightWhenOneEntryWithSuchSeverity(SecHubResult result
     }
 
     TrafficLight mapToTrafficLight(Severity severity) {
-        if (Severity.CRITICAL.equals(severity)) {
-            return TrafficLight.RED;
-        }
-        if (Severity.HIGH.equals(severity)) {
-            return TrafficLight.RED;
-        }
-        if (Severity.MEDIUM.equals(severity)) {
-            return TrafficLight.YELLOW;
+        for (TrafficLight light: TrafficLight.values()) {
+            if (light.getSeverities().contains(severity)) {
+                return light;
+            }
         }
-        return TrafficLight.GREEN;
+        throw new IllegalStateException("Severity: "+severity+" is not found by any trafficlight - may not happen.");
     }
 
     public List<SecHubFinding> filterFindingsFor(SecHubResult result, TrafficLight searched) {

sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/TrafficLightTest.java

@@ -3,9 +3,16 @@
 
 import static org.junit.jupiter.api.Assertions.*;
 
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.EmptySource;
 import org.junit.jupiter.params.provider.EnumSource;
+import org.junit.jupiter.params.provider.EnumSource.Mode;
 import org.junit.jupiter.params.provider.NullSource;
 import org.junit.jupiter.params.provider.ValueSource;
 
@@ -30,4 +37,86 @@ void fromString_lowercased_values_are_supported(TrafficLight light) {
     void fromString_unknown_values_returns_null(String string) {
         assertNull(TrafficLight.fromString(string));
     }
+
+    @Test
+    void red_trafficlight_has_2_severities_critical_and_high() {
+
+        List<Severity> severities = TrafficLight.RED.getSeverities();
+
+        assertTrue(severities.contains(Severity.HIGH));
+        assertTrue(severities.contains(Severity.CRITICAL));
+
+        assertEquals(2, severities.size());
+    }
+
+    @Test
+    void yellow_trafficlight_has_1_severitiy_medium() {
+
+        List<Severity> severities = TrafficLight.YELLOW.getSeverities();
+
+        assertTrue(severities.contains(Severity.MEDIUM));
+
+        assertEquals(1, severities.size());
+    }
+
+    @Test
+    void green_trafficlight_has_3_severities_low_unclassified_info() {
+
+        List<Severity> severities = TrafficLight.GREEN.getSeverities();
+
+        assertTrue(severities.contains(Severity.LOW));
+        assertTrue(severities.contains(Severity.UNCLASSIFIED));
+        assertTrue(severities.contains(Severity.INFO));
+
+        assertEquals(3, severities.size());
+    }
+
+    @Test
+    void off_trafficlight_has_no_severities() {
+
+        List<Severity> severities = TrafficLight.OFF.getSeverities();
+
+        assertEquals(0, severities.size());
+    }
+
+    /*
+     * the test is more a sanity test - if somebody adds a traffic light field -
+     * which should not happen ... but.. - this would check the field has at least
+     * one severity.
+     */
+    @ParameterizedTest()
+    @EnumSource(value = TrafficLight.class, mode = Mode.EXCLUDE, names = "OFF")
+    void traffic_light_has_at_least_one_severity(TrafficLight light) {
+        if (light.getSeverities().size() < 1) {
+            fail("Traffic light " + light + " has an empty severities list! This may not happen");
+        }
+    }
+
+    @Test
+    void no_traffic_light_severity_cross_over() {
+        List<Severity> severitiesAll = new ArrayList<>();
+        for (TrafficLight trafficLight: TrafficLight.values()) {
+            List<Severity> severities = trafficLight.getSeverities();
+            for (Severity severity: severities) {
+                if (severitiesAll.contains(severity)) {
+                    fail("Severity cross over detected: "+ severity +" is defined in "+trafficLight+" but also in at least one other traffic light");
+                }
+                severitiesAll.add(severity);
+            }
+        }
+    }
+
+    @Test
+    void traffic_lights_contain_all_severities() {
+        Set<Severity> severitiesAll = new HashSet<>();
+        for (TrafficLight trafficLight: TrafficLight.values()) {
+            List<Severity> severities = trafficLight.getSeverities();
+            for (Severity severity: severities) {
+                severitiesAll.add(severity);
+            }
+        }
+        assertEquals(Severity.values().length, severitiesAll.size());
+    }
+
+
 }

sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanReportRestControllerMockTest.java

@@ -117,7 +117,7 @@ void get_html_report_with_cwe_id() throws Exception {
 
         Integer cweId = Integer.valueOf(77);
 
-        HTMLSecHubFinding finding = new HTMLSecHubFinding();
+        HTMLCodeScanEntriesSecHubFindingData finding = new HTMLCodeScanEntriesSecHubFindingData();
         finding.setCweId(cweId);
         finding.setSeverity(Severity.HIGH);
         finding.setType(ScanType.CODE_SCAN);