From 5100a67e2cc36cc6bb1ff04256fc8d375163105c Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Mon, 10 Apr 2023 14:12:56 +0300 Subject: [PATCH 01/44] Add summary table #345 --- .../templates/report/html/scanresult.css | 35 +++++++++++++++++++ .../templates/report/html/scanresult.html | 34 ++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.css b/sechub-scan/src/main/resources/templates/report/html/scanresult.css index d4a463c8df..d24bee5638 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.css +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.css @@ -385,3 +385,38 @@ rTableSourceHead, display:flex; } +.summaryHeadline { + /*color: #248f24;*/ + font-family: monospace; +} + +.summaryTable { + width: 20%; + padding-bottom: 16px; + padding-top: 10px; + border-collapse: separate; + border: solid #cccccc 1px; + border-radius: 16px; + border-spacing: 0px; +} + +.summaryTable th { + padding: 8px; + vertical-align: center; + text-align: center; +} + +.summaryTable td { + padding: 8px; + font-family: monospace; + vertical-align: center; + text-align: center; +} + +.summaryTable td:nth-child(2) { + border-left: 1px solid #cccccc; +} + +.summaryTable td:nth-child(3) { + border-left: 1px solid #cccccc; +} \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html index b234130e02..b455197e80 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.html @@ -81,6 +81,40 @@
+
+

Summary

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Code ScanSecret Scan
Total[Total number of Elements]
Red[Number red of Elements]
Yellow[Number of yellow Elements]
Green[Number of green Elements]
+

Red findings

From 1899d2521580e07d3861f7cb6233a2670dcd7564 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Mon, 10 Apr 2023 16:03:49 +0300 Subject: [PATCH 02/44] Add possibility to click on results in the summary table #345 --- .../templates/report/html/scanresult.css | 1 - .../templates/report/html/scanresult.html | 27 ++++++++++++------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.css b/sechub-scan/src/main/resources/templates/report/html/scanresult.css index d24bee5638..f81eb9b542 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.css +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.css @@ -386,7 +386,6 @@ rTableSourceHead, } .summaryHeadline { - /*color: #248f24;*/ font-family: monospace; } diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html index b455197e80..208620e8ac 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.html @@ -93,30 +93,39 @@

Summary

 - - - + + + - + - + - +
Total[Total number of Elements]Total[Total number of Elements]
Red[Number red of Elements] + + +
Yellow[Number of yellow Elements] + + +
Green[Number of green Elements] + + +
-

Red findings

+

Red findings

@@ -155,7 +164,7 @@

Red findings

-

Yellow findings

+

Yellow findings

@@ -182,7 +191,7 @@

Yellow findings

-

Green findings

+

Green findings

From d4d1a83b71be14f8255b3245f46d1e4dba1515b9 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 27 Apr 2023 16:05:15 +0300 Subject: [PATCH 03/44] The draft summary table in a HTML report #345 --- .../HTMLScanResultReportModelBuilder.java | 65 ++++++++++++++----- .../sechub/domain/scan/ScanTypeCount.java | 64 ++++++++++++++++++ .../templates/report/html/fragments.html | 34 ++++++++++ .../templates/report/html/scanresult.html | 55 +++++----------- 4 files changed, 161 insertions(+), 57 deletions(-) create mode 100644 sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java index 9fb59dfdc2..369f85cc60 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java @@ -2,10 +2,7 @@ package com.mercedesbenz.sechub.domain.scan; import java.io.File; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.UUID; +import java.util.*; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -14,10 +11,7 @@ import org.springframework.core.io.Resource; import org.springframework.stereotype.Component; -import com.mercedesbenz.sechub.commons.model.SecHubFinding; -import com.mercedesbenz.sechub.commons.model.SecHubResult; -import com.mercedesbenz.sechub.commons.model.SecHubResultTrafficLightFilter; -import com.mercedesbenz.sechub.commons.model.TrafficLight; +import com.mercedesbenz.sechub.commons.model.*; import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; import com.mercedesbenz.sechub.sharedkernel.MustBeDocumented; @@ -53,16 +47,16 @@ public Map build(ScanSecHubReport report) { } switch (trafficLight) { - case RED: - styleRed = SHOW_LIGHT; - break; - case YELLOW: - styleYellow = SHOW_LIGHT; - break; - case GREEN: - styleGreen = SHOW_LIGHT; - break; - default: + case RED: + styleRed = SHOW_LIGHT; + break; + case YELLOW: + styleYellow = SHOW_LIGHT; + break; + case GREEN: + styleGreen = SHOW_LIGHT; + break; + default: } HtmlCodeScanDescriptionSupport codeScanSupport = new HtmlCodeScanDescriptionSupport(); SecHubResult result = report.getResult(); @@ -111,6 +105,41 @@ public Map build(ScanSecHubReport report) { } else { model.put("jobuuid", "none"); } + + Map scanSummaryMap = new HashMap<>(); + for (SecHubFinding finding : result.getFindings()) { + ScanType scanType = finding.getType(); + ScanTypeCount scanTypeCount; + if (scanSummaryMap.containsKey(scanType)) { + scanTypeCount = scanSummaryMap.get(scanType); + } else { + scanTypeCount = new ScanTypeCount(scanType); + scanSummaryMap.put(scanType, scanTypeCount); + } + incrementScanCount(finding.getSeverity(), scanTypeCount); + } + List scanTypeCountList = new ArrayList<>(); + extractScanTypeCountListFromMap(scanTypeCountList, scanSummaryMap); + model.put("scanTypeCountList", scanTypeCountList); + return model; } + + private void incrementScanCount(Severity severity, ScanTypeCount scanTypeCount) { + if (Severity.HIGH.equals(severity)) { + scanTypeCount.incrementHighSeverityCount(); + } + if (Severity.MEDIUM.equals(severity)) { + scanTypeCount.incrementMediumSeverityCount(); + } + if (Severity.LOW.equals(severity)) { + scanTypeCount.incrementLowSeverityCount(); + } + } + + private void extractScanTypeCountListFromMap(List scanTypeCountList, Map scanSummary) { + for (ScanTypeCount scanTypeCount : scanSummary.values()) { + scanTypeCountList.add(scanTypeCount); + } + } } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java new file mode 100644 index 0000000000..0e6f49ddcc --- /dev/null +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java @@ -0,0 +1,64 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.domain.scan; + +import com.mercedesbenz.sechub.commons.model.ScanType; + +public class ScanTypeCount { + + private ScanType scanType; + private int highSeverityCount; + private int mediumSeverityCount; + private int lowSeverityCount; + + ScanTypeCount(ScanType scanType){ + this.scanType = scanType; + highSeverityCount = 0; + mediumSeverityCount = 0; + lowSeverityCount = 0; + } + + public ScanType getScanType() { + return scanType; + } + + public void setScanType(ScanType scanType) { + this.scanType = scanType; + } + + public int getHighSeverityCount() { + return highSeverityCount; + } + + public void setHighSeverityCount(int highSeverityCount) { + this.highSeverityCount = highSeverityCount; + } + + public int getMediumSeverityCount() { + return mediumSeverityCount; + } + + public void setMediumSeverityCount(int mediumSeverityCount) { + this.mediumSeverityCount = mediumSeverityCount; + } + + public int getLowSeverityCount() { + return lowSeverityCount; + } + + public void setLowSeverityCount(int lowSeverityCount) { + this.lowSeverityCount = lowSeverityCount; + } + + public void incrementHighSeverityCount(){ + this.highSeverityCount++; + } + + public void incrementMediumSeverityCount(){ + this.mediumSeverityCount++; + } + + public void incrementLowSeverityCount(){ + this.lowSeverityCount++; + } + +} diff --git a/sechub-scan/src/main/resources/templates/report/html/fragments.html b/sechub-scan/src/main/resources/templates/report/html/fragments.html index ef19b93c55..9610593f55 100644 --- a/sechub-scan/src/main/resources/templates/report/html/fragments.html +++ b/sechub-scan/src/main/resources/templates/report/html/fragments.html @@ -395,6 +395,40 @@ display:flex; } +.summaryHeadline { + font-family: monospace; +} + +.summaryTable { + width: 20%; + padding-bottom: 16px; + padding-top: 10px; + border-collapse: separate; + border: solid #cccccc 1px; + border-radius: 16px; + border-spacing: 0px; +} + +.summaryTable th { + padding: 8px; + vertical-align: center; + text-align: center; +} + +.summaryTable td { + padding: 8px; + font-family: monospace; + vertical-align: center; + text-align: center; +} + +.summaryTable td:nth-child(2) { + border-left: 1px solid #cccccc; +} + +.summaryTable td:nth-child(3) { + border-left: 1px solid #cccccc; +} diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html index 208620e8ac..50a4060d22 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.html @@ -3,12 +3,12 @@ SecHub scan result - @@ -28,7 +28,6 @@
-
@@ -81,46 +80,26 @@
-
+

Summary

- - + + + + - - - - - - - - - - - - - - - - - - - - + + +
Code ScanSecret ScanTotalRedYellowGreen
Total[Total number of Elements]
Red - - -
Yellow - - -
Green - - -
+ + + +
@@ -243,8 +222,6 @@

Messages

-
- \ No newline at end of file From 8c8badde5a16d215685112e8331152adc7ac3d1a Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Tue, 16 May 2023 17:21:20 +0300 Subject: [PATCH 04/44] Some improvements and fixes #345: - changed model's scanTypeCount List to Set in the HTMLScanResultReportModelBuilder; - added tests in the HTMLScanResultReportModelBuilderTest; - cleaned and added improvements in the ScanTypeCount; - created tests for the ScanTypeCount; - modified scanresult.html because of new set from the HTMLScanResultReportModelBuilder. --- .../HTMLScanResultReportModelBuilder.java | 15 +-- .../sechub/domain/scan/ScanTypeCount.java | 36 ++--- .../templates/report/html/scanresult.html | 4 +- .../HTMLScanResultReportModelBuilderTest.java | 37 +++++- .../sechub/domain/scan/ScanTypeCountTest.java | 123 ++++++++++++++++++ 5 files changed, 178 insertions(+), 37 deletions(-) create mode 100644 sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java index 369f85cc60..e265183b32 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java @@ -113,19 +113,19 @@ public Map build(ScanSecHubReport report) { if (scanSummaryMap.containsKey(scanType)) { scanTypeCount = scanSummaryMap.get(scanType); } else { - scanTypeCount = new ScanTypeCount(scanType); + scanTypeCount = ScanTypeCount.of(scanType); scanSummaryMap.put(scanType, scanTypeCount); } incrementScanCount(finding.getSeverity(), scanTypeCount); } - List scanTypeCountList = new ArrayList<>(); - extractScanTypeCountListFromMap(scanTypeCountList, scanSummaryMap); - model.put("scanTypeCountList", scanTypeCountList); + Set scanTypeCountSet = new TreeSet<>(); + scanTypeCountSet.addAll(scanSummaryMap.values()); + model.put("scanTypeCountSet", scanTypeCountSet); return model; } - private void incrementScanCount(Severity severity, ScanTypeCount scanTypeCount) { + protected void incrementScanCount(Severity severity, ScanTypeCount scanTypeCount) { if (Severity.HIGH.equals(severity)) { scanTypeCount.incrementHighSeverityCount(); } @@ -137,9 +137,4 @@ private void incrementScanCount(Severity severity, ScanTypeCount scanTypeCount) } } - private void extractScanTypeCountListFromMap(List scanTypeCountList, Map scanSummary) { - for (ScanTypeCount scanTypeCount : scanSummary.values()) { - scanTypeCountList.add(scanTypeCount); - } - } } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java index 0e6f49ddcc..db850a0cd5 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java @@ -3,52 +3,43 @@ import com.mercedesbenz.sechub.commons.model.ScanType; -public class ScanTypeCount { +public class ScanTypeCount implements Comparable { private ScanType scanType; private int highSeverityCount; private int mediumSeverityCount; private int lowSeverityCount; - ScanTypeCount(ScanType scanType){ + private ScanTypeCount(ScanType scanType){ this.scanType = scanType; highSeverityCount = 0; mediumSeverityCount = 0; lowSeverityCount = 0; } - public ScanType getScanType() { - return scanType; + public static ScanTypeCount of(ScanType scanType) { + if (scanType == null) { + throw new IllegalArgumentException("ScanType argument must exist"); + } + return new ScanTypeCount(scanType); } - public void setScanType(ScanType scanType) { - this.scanType = scanType; + public ScanType getScanType() { + return scanType; } public int getHighSeverityCount() { return highSeverityCount; } - public void setHighSeverityCount(int highSeverityCount) { - this.highSeverityCount = highSeverityCount; - } - public int getMediumSeverityCount() { return mediumSeverityCount; } - public void setMediumSeverityCount(int mediumSeverityCount) { - this.mediumSeverityCount = mediumSeverityCount; - } - public int getLowSeverityCount() { return lowSeverityCount; } - public void setLowSeverityCount(int lowSeverityCount) { - this.lowSeverityCount = lowSeverityCount; - } - public void incrementHighSeverityCount(){ this.highSeverityCount++; } @@ -61,4 +52,13 @@ public void incrementLowSeverityCount(){ this.lowSeverityCount++; } + @Override + public int compareTo(ScanTypeCount o) { + if (o == null) { + return 1; + } + String descriptionA = this.scanType.getDescription(); + String descriptionB = o.scanType.getDescription(); + return descriptionA.compareTo(descriptionB); + } } diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html index 50a4060d22..54ce0611bb 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.html @@ -80,7 +80,7 @@
-
+

Summary

@@ -93,7 +93,7 @@

Summary

- + + + + \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/fragment-generic-scan-table.html b/sechub-scan/src/main/resources/templates/report/html/fragment-generic-scan-table.html new file mode 100644 index 0000000000..8ecc248a9e --- /dev/null +++ b/sechub-scan/src/main/resources/templates/report/html/fragment-generic-scan-table.html @@ -0,0 +1,497 @@ + + + + + + +

scan_type

+
diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java index 6951a68ab1..c162181048 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java @@ -13,16 +13,11 @@ import java.util.Optional; import java.util.UUID; +import com.mercedesbenz.sechub.commons.model.*; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.springframework.core.io.Resource; -import com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack; -import com.mercedesbenz.sechub.commons.model.SecHubFinding; -import com.mercedesbenz.sechub.commons.model.SecHubReportMetaData; -import com.mercedesbenz.sechub.commons.model.SecHubResult; -import com.mercedesbenz.sechub.commons.model.SecHubResultTrafficLightFilter; -import com.mercedesbenz.sechub.commons.model.TrafficLight; import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; class HTMLScanResultReportModelBuilderTest { @@ -41,6 +36,7 @@ class HTMLScanResultReportModelBuilderTest { private List greenList; private List redList; private List yellowList; + private ScanTypeCount scanTypeCount; @BeforeEach void beforeEach() throws Exception { @@ -65,6 +61,8 @@ void beforeEach() throws Exception { when(trafficLightFilter.filterFindingsFor(result, TrafficLight.RED)).thenReturn(redList); when(trafficLightFilter.filterFindingsFor(result, TrafficLight.YELLOW)).thenReturn(yellowList); when(trafficLightFilter.filterFindingsFor(result, TrafficLight.GREEN)).thenReturn(greenList); + + scanTypeCount = ScanTypeCount.of(ScanType.CODE_SCAN); } @Test @@ -210,6 +208,7 @@ void code_scan_entries_set_and_right_amount_of_call_stacks_populated() { when(scanSecHubReport.getResult()).thenReturn(result); when(result.getFindings()).thenReturn(Arrays.asList(finding)); when(finding.getCode()).thenReturn(code1); + when(finding.getType()).thenReturn(ScanType.CODE_SCAN); when(code1.getCalls()).thenReturn(subCode); /* execute */ @@ -237,10 +236,34 @@ void code_scan_support_set_and_not_null() { Map map = builderToTest.build(scanSecHubReport); /* test */ - assertNotNull(map.get("codeScanSupport")); assertTrue(map.get("codeScanSupport") instanceof HtmlCodeScanDescriptionSupport); + } + + @Test + void when_severity_is_high_then_highSeverityCount_should_be_incremented(){ + /* execute */ + builderToTest.incrementScanCount(Severity.HIGH, scanTypeCount); + + /* test */ + assertEquals(1, scanTypeCount.getHighSeverityCount()); + } + @Test + void when_severity_is_medium_then_mediumSeverityCount_should_be_incremented(){ + /* execute */ + builderToTest.incrementScanCount(Severity.MEDIUM, scanTypeCount); + + /* test */ + assertEquals(1, scanTypeCount.getMediumSeverityCount()); } + @Test + void when_severity_is_low_then_lowSeverityCount_should_be_incremented(){ + /* execute */ + builderToTest.incrementScanCount(Severity.LOW, scanTypeCount); + + /* test */ + assertEquals(1, scanTypeCount.getLowSeverityCount()); + } } diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java new file mode 100644 index 0000000000..4068238b62 --- /dev/null +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java @@ -0,0 +1,123 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.domain.scan; + +import static org.junit.jupiter.api.Assertions.*; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import com.mercedesbenz.sechub.commons.model.ScanType; + +public class ScanTypeCountTest { + + private ScanTypeCount scanTypeCount; + + @BeforeEach + void beforeEach() { + scanTypeCount = ScanTypeCount.of(ScanType.CODE_SCAN); + } + + @Test + void of_constructor_creates_right_object() { + /* prepare + execute */ + scanTypeCount = ScanTypeCount.of(ScanType.CODE_SCAN); + + /* test */ + assertEquals(scanTypeCount.getScanType(), ScanType.CODE_SCAN); + assertEquals(scanTypeCount.getHighSeverityCount(), 0); + assertEquals(scanTypeCount.getMediumSeverityCount(), 0); + assertEquals(scanTypeCount.getLowSeverityCount(), 0); + } + + @Test + void when_ScanType_is_null_then_of_constructor_throws_IllegalArgumentException() { + /* prepare + execute */ + Exception exception = assertThrows(IllegalArgumentException.class, () -> { + ScanTypeCount.of(null); + }); + String expectedMessage = "ScanType argument must exist"; + String actualMessage = exception.getMessage(); + + /* test */ + assertTrue(actualMessage.contains(expectedMessage)); + } + + @Test + void incrementHighSeverityCount_do_increment_highSeverityCount_value_by_one() { + /* execute */ + scanTypeCount.incrementHighSeverityCount(); + + /* test */ + assertEquals(scanTypeCount.getHighSeverityCount(), 1); + } + + @Test + void incrementMediumSeverityCount_do_increment_mediumSeverityCount_value_by_one() { + /* execute */ + scanTypeCount.incrementMediumSeverityCount(); + + /* test */ + assertEquals(scanTypeCount.getMediumSeverityCount(), 1); + } + + @Test + void incrementLowSeverityCount_do_increment_lowSeverityCount_value_by_one() { + /* execute */ + scanTypeCount.incrementLowSeverityCount(); + + /* test */ + assertEquals(scanTypeCount.getLowSeverityCount(), 1); + } + + @Test + void compareTo_must_return_positive_on_scanTypeCount_is_null() { + /* prepare */ + ScanTypeCount scanTypeCountA = ScanTypeCount.of(ScanType.CODE_SCAN); + ScanTypeCount scanTypeCountB = null; + + /* execute */ + int compareResult = scanTypeCountA.compareTo(scanTypeCountB); + + /* test */ + assertTrue(0 < compareResult); + } + + @Test + void compareTo_must_return_zero_on_equals_scanTypeCounts() { + /* prepare */ + ScanTypeCount scanTypeCountA = ScanTypeCount.of(ScanType.CODE_SCAN); + ScanTypeCount scanTypeCountB = ScanTypeCount.of(ScanType.CODE_SCAN); + + /* execute */ + int compareResult = scanTypeCountA.compareTo(scanTypeCountB); + + /* test */ + assertEquals(0, compareResult); + } + + @Test + void compareTo_must_return_positive_value_because_scanTypeCountA_smaller_scanTypeCountB() { + /* prepare */ + ScanTypeCount scanTypeCountA = ScanTypeCount.of(ScanType.CODE_SCAN); + ScanTypeCount scanTypeCountB = ScanTypeCount.of(ScanType.WEB_SCAN); + + /* execute */ + int compareResult = scanTypeCountA.compareTo(scanTypeCountB); + + /* test */ + assertTrue(0 < compareResult); + } + + @Test + void compareTo_must_return_negative_value_bacause_scanTypeCountA_bigger_scanTypeCountB() { + /* prepare */ + ScanTypeCount scanTypeCountA = ScanTypeCount.of(ScanType.WEB_SCAN); + ScanTypeCount scanTypeCountB = ScanTypeCount.of(ScanType.CODE_SCAN); + + /* execute */ + int compareResult = scanTypeCountA.compareTo(scanTypeCountB); + + /* test */ + assertTrue(0 > compareResult); + } +} From 3b7d863b1adfdef590faf21e2913eb3a038549ec Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Wed, 24 May 2023 09:03:39 +0300 Subject: [PATCH 05/44] Added summary section into report #345 --- .../commons/model/SecHubReportMetaData.java | 6 ++++ .../commons/model/SecHubReportScan.java | 28 +++++++++++++++++++ .../commons/model/SecHubReportSummary.java | 26 +++++++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java create mode 100644 sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java index 12a94ef465..585b160bbe 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java @@ -11,7 +11,13 @@ public class SecHubReportMetaData { private Map labels = new LinkedHashMap<>(); + private SecHubReportSummary summary = new SecHubReportSummary(); + public Map getLabels() { return labels; } + + public SecHubReportSummary getSummary() { + return summary; + } } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java new file mode 100644 index 0000000000..f5551f5c11 --- /dev/null +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java @@ -0,0 +1,28 @@ +package com.mercedesbenz.sechub.commons.model; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class SecHubReportScan { + + private long total = 0; + private long red = 0; + private long yellow = 0; + private long green = 0; + + public long getTotal() { + return total; + } + + public long getRed() { + return red; + } + + public long getYellow() { + return yellow; + } + + public long getGreen() { + return green; + } +} diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java new file mode 100644 index 0000000000..6a3a0e207a --- /dev/null +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java @@ -0,0 +1,26 @@ +package com.mercedesbenz.sechub.commons.model; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class SecHubReportSummary { + + SecHubReportScan codeScan = new SecHubReportScan(); + SecHubReportScan infraScan = new SecHubReportScan(); + + public SecHubReportScan getCodeScan() { + return codeScan; + } + + public void setCodeScan(SecHubReportScan codeScan) { + this.codeScan = codeScan; + } + + public SecHubReportScan getInfraScan() { + return infraScan; + } + + public void setInfraScan(SecHubReportScan infraScan) { + this.infraScan = infraScan; + } +} From 70ea329cfc62f3f1c99facff0c30e944e8aef7da Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Fri, 26 May 2023 10:33:05 +0300 Subject: [PATCH 06/44] Added a details section the child of summary section into report #345 --- .../commons/model/SecHubReportMetaData.java | 4 + .../commons/model/SecHubReportScan.java | 37 +++++++++ .../model/SecHubReportScanDetails.java | 79 +++++++++++++++++++ .../commons/model/SecHubReportSummary.java | 10 +++ .../domain/scan/report/ScanSecHubReport.java | 33 +++++--- .../report/ThymeLeafHTMLReportingTest.java | 7 +- 6 files changed, 156 insertions(+), 14 deletions(-) create mode 100644 sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanDetails.java diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java index 585b160bbe..0db161188b 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java @@ -20,4 +20,8 @@ public Map getLabels() { public SecHubReportSummary getSummary() { return summary; } + + public void setSummary(SecHubReportSummary summary) { + this.summary = summary; + } } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java index f5551f5c11..caf584b8c8 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.commons.model; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; @@ -9,6 +10,38 @@ public class SecHubReportScan { private long red = 0; private long yellow = 0; private long green = 0; + private SecHubReportScanDetails details = new SecHubReportScanDetails(); + + public void reportScanHelper(SecHubFinding finding) { + incrementColors(finding); + details.detailsHelper(finding); + } + + public void incrementColors(SecHubFinding finding) { + Severity severity = finding.getSeverity(); + switch (severity) { + case HIGH -> incrementRedCount(); + case MEDIUM -> incrementYellowCount(); + case LOW, INFO -> incrementGreenCount(); + } + incrementTotalCount(); + } + + protected void incrementRedCount() { + this.red++; + } + + protected void incrementYellowCount() { + this.yellow++; + } + + protected void incrementGreenCount() { + this.green++; + } + + protected void incrementTotalCount() { + this.total++; + } public long getTotal() { return total; @@ -25,4 +58,8 @@ public long getYellow() { public long getGreen() { return green; } + + public SecHubReportScanDetails getDetails() { + return details; + } } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanDetails.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanDetails.java new file mode 100644 index 0000000000..6f04785af6 --- /dev/null +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanDetails.java @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.commons.model; + +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class SecHubReportScanDetails { + private List high = new ArrayList<>(); + private List medium = new ArrayList<>(); + private List low = new ArrayList<>(); + + public void detailsHelper(SecHubFinding finding) { + switch (finding.getSeverity()) { + case HIGH -> detailsFiller(high, finding); + case MEDIUM -> detailsFiller(medium, finding); + case LOW, INFO -> detailsFiller(low, finding); + } + } + + private void detailsFiller(List severityDetailsList, SecHubFinding finding) { + boolean fl = false; + int i = 0; + while (fl == false && i < severityDetailsList.size()) { + SeverityDetails details = severityDetailsList.get(i); + if (details.getCweId().equals(finding.getCweId())) { + details.incrementCount(); + fl = true; + } + i++; + } + if (fl == false) { + severityDetailsList.add(new SeverityDetails(finding.getCweId(), finding.getName())); + } + } + + public List getHigh() { + return high; + } + + public List getMedium() { + return medium; + } + + public List getLow() { + return low; + } + + @JsonIgnoreProperties(ignoreUnknown = true) + private class SeverityDetails { + private Integer cweId; + private String name; + private long count; + + SeverityDetails(Integer cweId, String name) { + this.cweId = cweId; + this.name = name; + this.count = 1; + } + + public void incrementCount() { + this.count++; + } + + public Integer getCweId() { + return cweId; + } + + public String getName() { + return name; + } + + public long getCount() { + return count; + } + } +} diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java index 6a3a0e207a..b889c41f3c 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.commons.model; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; @@ -7,6 +8,7 @@ public class SecHubReportSummary { SecHubReportScan codeScan = new SecHubReportScan(); SecHubReportScan infraScan = new SecHubReportScan(); + SecHubReportScan webScan = new SecHubReportScan(); public SecHubReportScan getCodeScan() { return codeScan; @@ -23,4 +25,12 @@ public SecHubReportScan getInfraScan() { public void setInfraScan(SecHubReportScan infraScan) { this.infraScan = infraScan; } + + public SecHubReportScan getWebScan() { + return webScan; + } + + public void setWebScan(SecHubReportScan webScan) { + this.webScan = webScan; + } } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java index 8f8f5e6d0f..bba683c097 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java @@ -12,16 +12,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.mercedesbenz.sechub.commons.core.MustBeKeptStable; -import com.mercedesbenz.sechub.commons.model.JSONConverterException; -import com.mercedesbenz.sechub.commons.model.JSONable; -import com.mercedesbenz.sechub.commons.model.SecHubMessage; -import com.mercedesbenz.sechub.commons.model.SecHubMessageType; -import com.mercedesbenz.sechub.commons.model.SecHubReportData; -import com.mercedesbenz.sechub.commons.model.SecHubReportMetaData; -import com.mercedesbenz.sechub.commons.model.SecHubReportModel; -import com.mercedesbenz.sechub.commons.model.SecHubResult; -import com.mercedesbenz.sechub.commons.model.SecHubStatus; -import com.mercedesbenz.sechub.commons.model.TrafficLight; +import com.mercedesbenz.sechub.commons.model.*; import com.mercedesbenz.sechub.sharedkernel.UUIDTraceLogID; @JsonIgnoreProperties(ignoreUnknown = true) @@ -68,6 +59,12 @@ public ScanSecHubReport(ScanReport report) { model.setJobUUID(report.getSecHubJobUUID()); } + SecHubReportMetaData reportMetaData = new SecHubReportMetaData(); + setMetaData(reportMetaData); + + SecHubReportSummary secHubReportSummary = new SecHubReportSummary(); + reportMetaData.setSummary(secHubReportSummary); + } catch (JSONConverterException e) { LOG.error("FATAL PROBLEM! Failed to create sechub result by model for job:{}", report.getSecHubJobUUID(), e); @@ -105,9 +102,23 @@ public ScanSecHubReport(ScanReport report) { } private void buildCalculatedData(ScanReport report) { - model.setTrafficLight(TrafficLight.fromString(report.getTrafficLightAsString())); model.getResult().setCount(model.getResult().getFindings().size()); + calculateSummary(); + } + + private void calculateSummary() { + SecHubReportScan codeScan = model.getMetaData().get().getSummary().getCodeScan(); + SecHubReportScan infraScan = model.getMetaData().get().getSummary().getInfraScan(); + SecHubReportScan webScan = model.getMetaData().get().getSummary().getWebScan(); + for (SecHubFinding finding : model.getResult().getFindings()) { + ScanType scanType = finding.getType(); + switch (scanType) { + case CODE_SCAN -> codeScan.reportScanHelper(finding); + case INFRA_SCAN -> infraScan.reportScanHelper(finding); + case WEB_SCAN -> webScan.reportScanHelper(finding); + } + } } @Override diff --git a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java index a5fbe7ce43..dbc6d8bbca 100644 --- a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java +++ b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java @@ -10,6 +10,7 @@ import java.time.LocalDateTime; import java.util.Locale; import java.util.Map; +import java.util.Optional; import java.util.TreeMap; import org.junit.jupiter.api.BeforeAll; @@ -344,9 +345,9 @@ private Map createThymeLeafReportData() throws IOException, SecH ScanSecHubReport scanReport = new ScanSecHubReport(report); if (getMetaData().isMetaDataNecessaryForReport()) { - SecHubReportMetaData reportMetaData = new SecHubReportMetaData(); - reportMetaData.getLabels().putAll(getMetaData().labels); - scanReport.setMetaData(reportMetaData); + Optional reportMetaData = scanReport.getMetaData(); + reportMetaData.get().getLabels().putAll(getMetaData().labels); + scanReport.setMetaData(reportMetaData.get()); } storeAsJSONFileForDebuggingWhenTempFilesAreKept(JSONConverter.get().toJSON(scanReport, true), this); Map tyhmeleafMap = reportModelBuilder.build(scanReport); From 6446141b56d4cd7fa3d6bdd4617c5e0aab05f3f8 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Wed, 19 Jul 2023 14:03:18 +0300 Subject: [PATCH 07/44] Improvement of html and json reports #345 --- ....java => SecHubReportMetaDataSummary.java} | 8 +- ...> SecHubReportMetaDataSummaryDetails.java} | 43 +- .../commons/model/SecHubReportSummary.java | 37 +- ...ecHubReportMetaDataSummaryDetailsTest.java | 190 +++++++ .../SecHubReportMetaDataSummaryTest.java | 116 ++++ .../HTMLReportCSSFragementGenerator.java | 13 +- .../HTMLScanResultReportModelBuilder.java | 93 +++- .../sechub/domain/scan/HTMLSecHubFinding.java | 15 + .../domain/scan/HTMLWebSecHubFinding.java | 15 + .../sechub/domain/scan/ScanTypeCount.java | 14 +- .../domain/scan/report/ScanSecHubReport.java | 36 +- .../templates/report/html/details_footer.html | 32 +- .../html/fragment-cwe-summary-table.html | 498 +++++++++++++++++ .../html/fragment-generic-scan-table-row.html | 509 +++++++++++++++++ .../html/fragment-generic-scan-table.html | 497 +++++++++++++++++ .../html/fragment-summary-table-row.html | 527 ++++++++++++++++++ ...ents.html => fragment-web-scan-table.html} | 212 +++---- .../templates/report/html/links.html | 6 +- .../templates/report/html/scanresult.css | 46 ++ .../templates/report/html/scanresult.html | 483 +++++++++------- .../HTMLScanResultReportModelBuilderTest.java | 236 +++++++- .../sechub/domain/scan/ScanTypeCountTest.java | 87 ++- .../scan/report/ScanSecHubReportTest.java | 125 +++++ .../report/ThymeLeafHTMLReportingTest.java | 16 +- 24 files changed, 3404 insertions(+), 450 deletions(-) rename sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/{SecHubReportScan.java => SecHubReportMetaDataSummary.java} (82%) rename sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/{SecHubReportScanDetails.java => SecHubReportMetaDataSummaryDetails.java} (56%) create mode 100644 sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java create mode 100644 sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java create mode 100644 sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLSecHubFinding.java create mode 100644 sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLWebSecHubFinding.java create mode 100644 sechub-scan/src/main/resources/templates/report/html/fragment-cwe-summary-table.html create mode 100644 sechub-scan/src/main/resources/templates/report/html/fragment-generic-scan-table-row.html create mode 100644 sechub-scan/src/main/resources/templates/report/html/fragment-generic-scan-table.html create mode 100644 sechub-scan/src/main/resources/templates/report/html/fragment-summary-table-row.html rename sechub-scan/src/main/resources/templates/report/html/{fragments.html => fragment-web-scan-table.html} (54%) diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummary.java similarity index 82% rename from sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java rename to sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummary.java index caf584b8c8..04fd80018f 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScan.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummary.java @@ -4,20 +4,20 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; @JsonIgnoreProperties(ignoreUnknown = true) -public class SecHubReportScan { +public class SecHubReportMetaDataSummary { private long total = 0; private long red = 0; private long yellow = 0; private long green = 0; - private SecHubReportScanDetails details = new SecHubReportScanDetails(); + private SecHubReportMetaDataSummaryDetails details = new SecHubReportMetaDataSummaryDetails(); public void reportScanHelper(SecHubFinding finding) { incrementColors(finding); details.detailsHelper(finding); } - public void incrementColors(SecHubFinding finding) { + protected void incrementColors(SecHubFinding finding) { Severity severity = finding.getSeverity(); switch (severity) { case HIGH -> incrementRedCount(); @@ -59,7 +59,7 @@ public long getGreen() { return green; } - public SecHubReportScanDetails getDetails() { + public SecHubReportMetaDataSummaryDetails getDetails() { return details; } } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanDetails.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java similarity index 56% rename from sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanDetails.java rename to sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java index 6f04785af6..30803d38d8 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportScanDetails.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java @@ -1,16 +1,18 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.commons.model; -import java.util.ArrayList; -import java.util.List; +import java.util.*; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +@JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonIgnoreProperties(ignoreUnknown = true) -public class SecHubReportScanDetails { - private List high = new ArrayList<>(); - private List medium = new ArrayList<>(); - private List low = new ArrayList<>(); +public class SecHubReportMetaDataSummaryDetails { + + Map high = new TreeMap<>(); + Map medium = new TreeMap<>(); + Map low = new TreeMap<>(); public void detailsHelper(SecHubFinding finding) { switch (finding.getSeverity()) { @@ -20,36 +22,31 @@ public void detailsHelper(SecHubFinding finding) { } } - private void detailsFiller(List severityDetailsList, SecHubFinding finding) { - boolean fl = false; - int i = 0; - while (fl == false && i < severityDetailsList.size()) { - SeverityDetails details = severityDetailsList.get(i); - if (details.getCweId().equals(finding.getCweId())) { - details.incrementCount(); - fl = true; - } - i++; - } - if (fl == false) { - severityDetailsList.add(new SeverityDetails(finding.getCweId(), finding.getName())); + protected void detailsFiller(Map helperMap, SecHubFinding finding) { + Integer cweId = finding.getCweId(); + String name = finding.getName(); + SeverityDetails severityDetails = helperMap.get(name); + if (severityDetails != null) { + severityDetails.incrementCount(); + } else { + helperMap.put(name, new SeverityDetails(cweId, name)); } } public List getHigh() { - return high; + return new ArrayList<>(high.values()); } public List getMedium() { - return medium; + return new ArrayList<>(medium.values()); } public List getLow() { - return low; + return new ArrayList<>(low.values()); } @JsonIgnoreProperties(ignoreUnknown = true) - private class SeverityDetails { + protected class SeverityDetails { private Integer cweId; private String name; private long count; diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java index b889c41f3c..f9bec1c5e1 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportSummary.java @@ -6,31 +6,50 @@ @JsonIgnoreProperties(ignoreUnknown = true) public class SecHubReportSummary { - SecHubReportScan codeScan = new SecHubReportScan(); - SecHubReportScan infraScan = new SecHubReportScan(); - SecHubReportScan webScan = new SecHubReportScan(); + SecHubReportMetaDataSummary codeScan = new SecHubReportMetaDataSummary(); + SecHubReportMetaDataSummary infraScan = new SecHubReportMetaDataSummary(); + SecHubReportMetaDataSummary licenseScan = new SecHubReportMetaDataSummary(); + SecHubReportMetaDataSummary secretScan = new SecHubReportMetaDataSummary(); + SecHubReportMetaDataSummary webScan = new SecHubReportMetaDataSummary(); - public SecHubReportScan getCodeScan() { + public SecHubReportMetaDataSummary getCodeScan() { return codeScan; } - public void setCodeScan(SecHubReportScan codeScan) { + public void setCodeScan(SecHubReportMetaDataSummary codeScan) { this.codeScan = codeScan; } - public SecHubReportScan getInfraScan() { + public SecHubReportMetaDataSummary getInfraScan() { return infraScan; } - public void setInfraScan(SecHubReportScan infraScan) { + public void setInfraScan(SecHubReportMetaDataSummary infraScan) { this.infraScan = infraScan; } - public SecHubReportScan getWebScan() { + public SecHubReportMetaDataSummary getWebScan() { return webScan; } - public void setWebScan(SecHubReportScan webScan) { + public void setWebScan(SecHubReportMetaDataSummary webScan) { this.webScan = webScan; } + + public SecHubReportMetaDataSummary getLicenseScan() { + return licenseScan; + } + + public void setLicenseScan(SecHubReportMetaDataSummary licenseScan) { + this.licenseScan = licenseScan; + } + + public SecHubReportMetaDataSummary getSecretScan() { + return secretScan; + } + + public void setSecretScan(SecHubReportMetaDataSummary secretScan) { + this.secretScan = secretScan; + } + } diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java new file mode 100644 index 0000000000..a883f48e46 --- /dev/null +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -0,0 +1,190 @@ +// SPDX-License-Identifier: MIT +package com.mercedesbenz.sechub.commons.model; + +import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; + +import java.util.List; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +public class SecHubReportMetaDataSummaryDetailsTest { + + static final int HIGH_FINDING_CWEID = 123; + static final int MEDIUM_FINDING_CWEID = 456; + static final int LOW_FINDING_CWEID = 789; + + SecHubReportMetaDataSummaryDetails secHubReportMetaDataSummaryDetails; + SecHubFinding highFinding; + SecHubFinding mediumFinding; + SecHubFinding lowFinding; + + @BeforeEach + void beforeEach() { + secHubReportMetaDataSummaryDetails = new SecHubReportMetaDataSummaryDetails(); + + highFinding = new SecHubFinding(); + highFinding.setCweId(HIGH_FINDING_CWEID); + highFinding.setSeverity(Severity.HIGH); + highFinding.setName("Cross Site Scripting (Reflected)"); + + mediumFinding = new SecHubFinding(); + mediumFinding.setCweId(MEDIUM_FINDING_CWEID); + mediumFinding.setSeverity(Severity.MEDIUM); + mediumFinding.setName("CSP: Wildcard Directive"); + + lowFinding = new SecHubFinding(); + lowFinding.setCweId(LOW_FINDING_CWEID); + lowFinding.setSeverity(Severity.LOW); + lowFinding.setName("Cookie Without Secure Flag"); + } + + @Test + void new_element_in_high_map_must_be_created() { + /* execute */ + secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); + + /* test */ + assertNotNull(secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_CWEID)); + } + + @Test + void new_element_in_medium_map_must_be_created() { + /* execute */ + secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); + + /* test */ + assertNotNull(secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_CWEID)); + } + + @Test + void new_element_in_low_map_must_be_created() { + /* execute */ + secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); + + /* test */ + assertNotNull(secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_CWEID)); + } + + @Test + void instance_variables_of_new_element_in_high_map_initialized_correctly() { + /* execute */ + secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_CWEID); + + /* test */ + assertEquals(HIGH_FINDING_CWEID, severityDetails.getCweId()); + assertEquals("Cross Site Scripting (Reflected)", severityDetails.getName()); + assertEquals(1, severityDetails.getCount()); + } + + @Test + void instance_variables_of_new_element_in_medium_map_initialized_correctly() { + /* execute */ + secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_CWEID); + + /* test */ + assertEquals(MEDIUM_FINDING_CWEID, severityDetails.getCweId()); + assertEquals("CSP: Wildcard Directive", severityDetails.getName()); + assertEquals(1, severityDetails.getCount()); + } + + @Test + void instance_variables_of_new_element_in_low_map_initialized_correctly() { + /* execute */ + secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_CWEID); + + /* test */ + assertEquals(LOW_FINDING_CWEID, severityDetails.getCweId()); + assertEquals("Cookie Without Secure Flag", severityDetails.getName()); + assertEquals(1, severityDetails.getCount()); + } + + @Test + void if_adding_multiple_similar_findings_into_high_map_counter_contains_correct_value() { + /* execute */ + for (int i = 0; i < 101; i++) { + secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); + } + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_CWEID); + + /* test */ + assertEquals(101, severityDetails.getCount()); + } + + @Test + void if_adding_multiple_similar_findings_into_medium_map_counter_contains_correct_value() { + /* execute */ + for (int i = 0; i < 101; i++) { + secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); + } + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_CWEID); + + /* test */ + assertEquals(101, severityDetails.getCount()); + } + + @Test + void if_adding_multiple_similar_findings_into_low_map_counter_contains_correct_value() { + /* execute */ + for (int i = 0; i < 101; i++) { + secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); + } + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_CWEID); + + /* test */ + assertEquals(101, severityDetails.getCount()); + } + + @Test + void correct_list_must_be_get_from_high_map() { + /* prepare */ + secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); + + /* execute */ + List list = secHubReportMetaDataSummaryDetails.getHigh(); + + /* test */ + assertTrue(!list.isEmpty()); + assertTrue(1 == list.size()); + assertEquals(highFinding.getCweId(), list.get(0).getCweId()); + assertEquals(highFinding.getName(), list.get(0).getName()); + assertEquals(1, list.get(0).getCount()); + } + + @Test + void correct_list_must_be_get_from_medium_map() { + /* prepare */ + secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); + + /* execute */ + List list = secHubReportMetaDataSummaryDetails.getMedium(); + + /* test */ + assertTrue(!list.isEmpty()); + assertTrue(1 == list.size()); + assertEquals(mediumFinding.getCweId(), list.get(0).getCweId()); + assertEquals(mediumFinding.getName(), list.get(0).getName()); + assertEquals(1, list.get(0).getCount()); + } + + @Test + void correct_list_must_be_get_from_low_map() { + /* prepare */ + secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); + + /* execute */ + List list = secHubReportMetaDataSummaryDetails.getLow(); + + /* test */ + assertTrue(!list.isEmpty()); + assertTrue(1 == list.size()); + assertEquals(lowFinding.getCweId(), list.get(0).getCweId()); + assertEquals(lowFinding.getName(), list.get(0).getName()); + assertEquals(1, list.get(0).getCount()); + } +} diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java new file mode 100644 index 0000000000..26b6347c96 --- /dev/null +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -0,0 +1,116 @@ +package com.mercedesbenz.sechub.commons.model; + +import static org.junit.Assert.assertEquals; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +public class SecHubReportMetaDataSummaryTest { + + SecHubReportMetaDataSummary secHubReportMetaDataSummary; + SecHubFinding highFinding; + SecHubFinding mediumFinding; + SecHubFinding lowFinding; + + @BeforeEach + void beforeEach() { + secHubReportMetaDataSummary = new SecHubReportMetaDataSummary(); + + highFinding = new SecHubFinding(); + highFinding.setSeverity(Severity.HIGH); + + mediumFinding = new SecHubFinding(); + mediumFinding.setSeverity(Severity.MEDIUM); + + lowFinding = new SecHubFinding(); + lowFinding.setSeverity(Severity.LOW); + } + + @Test + void when_add_new_high_finding_then_only_red_and_total_counters_must_be_increased() { + /* execute */ + secHubReportMetaDataSummary.reportScanHelper(highFinding); + + /* test */ + assertEquals(1, secHubReportMetaDataSummary.getTotal()); + assertEquals(1, secHubReportMetaDataSummary.getRed()); + assertEquals(0, secHubReportMetaDataSummary.getYellow()); + assertEquals(0, secHubReportMetaDataSummary.getGreen()); + } + + @Test + void when_add_new_medium_finding_then_only_yellow_and_total_counters_must_be_increased() { + /* execute */ + secHubReportMetaDataSummary.reportScanHelper(mediumFinding); + + /* test */ + assertEquals(1, secHubReportMetaDataSummary.getTotal()); + assertEquals(0, secHubReportMetaDataSummary.getRed()); + assertEquals(1, secHubReportMetaDataSummary.getYellow()); + assertEquals(0, secHubReportMetaDataSummary.getGreen()); + } + + @Test + void when_add_new_medium_finding_then_only_green_and_total_counters_must_be_increased() { + /* execute */ + secHubReportMetaDataSummary.reportScanHelper(lowFinding); + + /* test */ + assertEquals(1, secHubReportMetaDataSummary.getTotal()); + assertEquals(0, secHubReportMetaDataSummary.getRed()); + assertEquals(0, secHubReportMetaDataSummary.getYellow()); + assertEquals(1, secHubReportMetaDataSummary.getGreen()); + } + + @Test + void when_add_multiple_high_findings_then_red_and_total_counters_must_be_increased() { + /* execute */ + for (int i = 0; i < 101; i++) { + secHubReportMetaDataSummary.reportScanHelper(highFinding); + } + + /* test */ + assertEquals(101, secHubReportMetaDataSummary.getTotal()); + assertEquals(101, secHubReportMetaDataSummary.getRed()); + } + + @Test + void when_add_multiple_medium_findings_then_yellow_and_total_counters_must_be_increased() { + /* execute */ + for (int i = 0; i < 101; i++) { + secHubReportMetaDataSummary.reportScanHelper(mediumFinding); + } + + /* test */ + assertEquals(101, secHubReportMetaDataSummary.getTotal()); + assertEquals(101, secHubReportMetaDataSummary.getYellow()); + } + + @Test + void when_add_multiple_low_findings_then_green_and_total_counters_must_be_increased() { + /* execute */ + for (int i = 0; i < 101; i++) { + secHubReportMetaDataSummary.reportScanHelper(lowFinding); + } + + /* test */ + assertEquals(101, secHubReportMetaDataSummary.getTotal()); + assertEquals(101, secHubReportMetaDataSummary.getGreen()); + } + + @Test + void when_add_multiple_high_medium_low_findings_then_red_yellow_green_and_total_counters_must_be_increased() { + /* execute */ + for (int i = 0; i < 101; i++) { + secHubReportMetaDataSummary.reportScanHelper(highFinding); + secHubReportMetaDataSummary.reportScanHelper(mediumFinding); + secHubReportMetaDataSummary.reportScanHelper(lowFinding); + } + + /* test */ + assertEquals(303, secHubReportMetaDataSummary.getTotal()); + assertEquals(101, secHubReportMetaDataSummary.getRed()); + assertEquals(101, secHubReportMetaDataSummary.getYellow()); + assertEquals(101, secHubReportMetaDataSummary.getGreen()); + } +} diff --git a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/generator/HTMLReportCSSFragementGenerator.java b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/generator/HTMLReportCSSFragementGenerator.java index 6b18a0c50b..8a05abfa76 100644 --- a/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/generator/HTMLReportCSSFragementGenerator.java +++ b/sechub-developertools/src/main/java/com/mercedesbenz/sechub/developertools/generator/HTMLReportCSSFragementGenerator.java @@ -44,11 +44,18 @@ public void generate() throws IOException { File scanHTMLFolder = new File("./../sechub-scan/src/main/resources/templates/report/html"); File cssFile = new File(scanHTMLFolder, "scanresult.css"); - File fragmentsFile = new File(scanHTMLFolder, "fragments.html"); - CSSFileToFragementMerger merger = new CSSFileToFragementMerger(); - merger.merge(cssFile, fragmentsFile); + File fragmentsFile = new File(scanHTMLFolder, "fragment-cwe-summary-table.html"); + merger.merge(cssFile, fragmentsFile); + fragmentsFile = new File(scanHTMLFolder, "fragment-generic-scan-table.html"); + merger.merge(cssFile, fragmentsFile); + fragmentsFile = new File(scanHTMLFolder, "fragment-generic-scan-table-row.html"); + merger.merge(cssFile, fragmentsFile); + fragmentsFile = new File(scanHTMLFolder, "fragment-summary-table-row.html"); + merger.merge(cssFile, fragmentsFile); + fragmentsFile = new File(scanHTMLFolder, "fragment-web-scan-table.html"); + merger.merge(cssFile, fragmentsFile); } } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java index e265183b32..75e18084dc 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java @@ -1,11 +1,14 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.domain.scan; +import static java.util.stream.Collectors.groupingBy; + import java.io.File; import java.util.*; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.io.Resource; @@ -47,16 +50,16 @@ public Map build(ScanSecHubReport report) { } switch (trafficLight) { - case RED: - styleRed = SHOW_LIGHT; - break; - case YELLOW: - styleYellow = SHOW_LIGHT; - break; - case GREEN: - styleGreen = SHOW_LIGHT; - break; - default: + case RED: + styleRed = SHOW_LIGHT; + break; + case YELLOW: + styleYellow = SHOW_LIGHT; + break; + case GREEN: + styleGreen = SHOW_LIGHT; + break; + default: } HtmlCodeScanDescriptionSupport codeScanSupport = new HtmlCodeScanDescriptionSupport(); SecHubResult result = report.getResult(); @@ -106,8 +109,22 @@ public Map build(ScanSecHubReport report) { model.put("jobuuid", "none"); } + model.put("scanTypeCountSet", prepareScanTypesForModel(result.getFindings())); + + model.put("redHTMLSecHubFindingList", filterFindingsForGeneralScan(result.getFindings(), codeScanEntries, List.of(Severity.HIGH))); + model.put("yellowHTMLSecHubFindingList", filterFindingsForGeneralScan(result.getFindings(), codeScanEntries, List.of(Severity.MEDIUM))); + model.put("greenHTMLSecHubFindingList", filterFindingsForGeneralScan(result.getFindings(), codeScanEntries, List.of(Severity.INFO, Severity.LOW))); + + model.put("redHTMLWebScanMap", filterFindingsForWebScan(result.getFindings(), List.of(Severity.HIGH))); + model.put("yellowHTMLWebScanMap", filterFindingsForWebScan(result.getFindings(), List.of(Severity.MEDIUM))); + model.put("greenHTMLWebScanMap", filterFindingsForWebScan(result.getFindings(), List.of(Severity.INFO, Severity.LOW))); + + return model; + } + + protected Set prepareScanTypesForModel(List findings) { Map scanSummaryMap = new HashMap<>(); - for (SecHubFinding finding : result.getFindings()) { + for (SecHubFinding finding : findings) { ScanType scanType = finding.getType(); ScanTypeCount scanTypeCount; if (scanSummaryMap.containsKey(scanType)) { @@ -120,21 +137,53 @@ public Map build(ScanSecHubReport report) { } Set scanTypeCountSet = new TreeSet<>(); scanTypeCountSet.addAll(scanSummaryMap.values()); - model.put("scanTypeCountSet", scanTypeCountSet); - - return model; + return scanTypeCountSet; } protected void incrementScanCount(Severity severity, ScanTypeCount scanTypeCount) { - if (Severity.HIGH.equals(severity)) { - scanTypeCount.incrementHighSeverityCount(); - } - if (Severity.MEDIUM.equals(severity)) { - scanTypeCount.incrementMediumSeverityCount(); - } - if (Severity.LOW.equals(severity)) { - scanTypeCount.incrementLowSeverityCount(); + switch (severity) { + case HIGH -> scanTypeCount.incrementHighSeverityCount(); + case MEDIUM -> scanTypeCount.incrementMediumSeverityCount(); + case LOW, INFO -> scanTypeCount.incrementLowSeverityCount(); } } + public Map> filterFindingsForWebScan(List findings, List severities) { + Map> groupedFindingsByName = findings.stream().filter(finding -> severities.contains(finding.getSeverity())) + .filter(finding -> finding.hasScanType("webScan")).collect(groupingBy(SecHubFinding::getName)); + Map> groupedAndSortedFindingsByName = new TreeMap<>(); + groupedAndSortedFindingsByName.putAll(groupedFindingsByName); + return groupedAndSortedFindingsByName; + } + + public List filterFindingsForGeneralScan(List findings, Map> codeScanEntries, + List severities) { + List htmlSecHubFindings = new ArrayList<>(); + Map> groupedFindingsByName = findings.stream().filter(finding -> severities.contains(finding.getSeverity())) + .collect(groupingBy(SecHubFinding::getName)); + + Map> groupedAndSortedFindingsByName = new TreeMap<>(); + groupedAndSortedFindingsByName.putAll(groupedFindingsByName); + + groupedAndSortedFindingsByName.entrySet().stream().forEach(entry -> { + List findingList = entry.getValue(); + if (!findingList.isEmpty()) { + SecHubFinding firstFinding = findingList.get(0); + HTMLSecHubFinding htmlSecHubFinding = new HTMLSecHubFinding(); + BeanUtils.copyProperties(firstFinding, htmlSecHubFinding); + htmlSecHubFinding.setId(0); + List entryList = htmlSecHubFinding.getEntryList(); + for (SecHubFinding finding : findingList) { + if (!finding.hasScanType("webScan")) { + List codeScanEntryList = codeScanEntries.get(finding.getId()); + for (HTMLScanResultCodeScanEntry htmlScanResultCodeScanEntry : codeScanEntryList) { + entryList.add(htmlScanResultCodeScanEntry); + } + } + } + htmlSecHubFindings.add(htmlSecHubFinding); + } + }); + return htmlSecHubFindings; + } } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLSecHubFinding.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLSecHubFinding.java new file mode 100644 index 0000000000..b4e1d6cf99 --- /dev/null +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLSecHubFinding.java @@ -0,0 +1,15 @@ +package com.mercedesbenz.sechub.domain.scan; + +import java.util.ArrayList; +import java.util.List; + +import com.mercedesbenz.sechub.commons.model.SecHubFinding; + +public class HTMLSecHubFinding extends SecHubFinding { + + private List entryList = new ArrayList<>(); + + public List getEntryList() { + return entryList; + } +} diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLWebSecHubFinding.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLWebSecHubFinding.java new file mode 100644 index 0000000000..2da5fb24cc --- /dev/null +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLWebSecHubFinding.java @@ -0,0 +1,15 @@ +package com.mercedesbenz.sechub.domain.scan; + +import java.util.ArrayList; +import java.util.List; + +import com.mercedesbenz.sechub.commons.model.SecHubFinding; + +public class HTMLWebSecHubFinding extends SecHubFinding { + + private List entryList = new ArrayList<>(); + + public List getEntryList() { + return entryList; + } +} diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java index db850a0cd5..a6d384e47b 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java @@ -6,11 +6,11 @@ public class ScanTypeCount implements Comparable { private ScanType scanType; - private int highSeverityCount; - private int mediumSeverityCount; - private int lowSeverityCount; + protected int highSeverityCount; + protected int mediumSeverityCount; + protected int lowSeverityCount; - private ScanTypeCount(ScanType scanType){ + private ScanTypeCount(ScanType scanType) { this.scanType = scanType; highSeverityCount = 0; mediumSeverityCount = 0; @@ -40,15 +40,15 @@ public int getLowSeverityCount() { return lowSeverityCount; } - public void incrementHighSeverityCount(){ + public void incrementHighSeverityCount() { this.highSeverityCount++; } - public void incrementMediumSeverityCount(){ + public void incrementMediumSeverityCount() { this.mediumSeverityCount++; } - public void incrementLowSeverityCount(){ + public void incrementLowSeverityCount() { this.lowSeverityCount++; } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java index bba683c097..6bc5318030 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java @@ -58,13 +58,6 @@ public ScanSecHubReport(ScanReport report) { LOG.warn("Job uuid not found inside report result JSON, will set Job UUID from entity data"); model.setJobUUID(report.getSecHubJobUUID()); } - - SecHubReportMetaData reportMetaData = new SecHubReportMetaData(); - setMetaData(reportMetaData); - - SecHubReportSummary secHubReportSummary = new SecHubReportSummary(); - reportMetaData.setSummary(secHubReportSummary); - } catch (JSONConverterException e) { LOG.error("FATAL PROBLEM! Failed to create sechub result by model for job:{}", report.getSecHubJobUUID(), e); @@ -97,6 +90,12 @@ public ScanSecHubReport(ScanReport report) { throw new IllegalStateException("Unsupported report result type:" + resultType); } + SecHubReportMetaData reportMetaData = new SecHubReportMetaData(); + setMetaData(reportMetaData); + + SecHubReportSummary secHubReportSummary = new SecHubReportSummary(); + reportMetaData.setSummary(secHubReportSummary); + /* calculate data */ buildCalculatedData(report); } @@ -107,16 +106,23 @@ private void buildCalculatedData(ScanReport report) { calculateSummary(); } - private void calculateSummary() { - SecHubReportScan codeScan = model.getMetaData().get().getSummary().getCodeScan(); - SecHubReportScan infraScan = model.getMetaData().get().getSummary().getInfraScan(); - SecHubReportScan webScan = model.getMetaData().get().getSummary().getWebScan(); + protected void calculateSummary() { + SecHubReportMetaDataSummary codeScan = model.getMetaData().get().getSummary().getCodeScan(); + SecHubReportMetaDataSummary infraScan = model.getMetaData().get().getSummary().getInfraScan(); + SecHubReportMetaDataSummary licenseScan = model.getMetaData().get().getSummary().getLicenseScan(); + SecHubReportMetaDataSummary secretScan = model.getMetaData().get().getSummary().getSecretScan(); + SecHubReportMetaDataSummary webScan = model.getMetaData().get().getSummary().getWebScan(); + for (SecHubFinding finding : model.getResult().getFindings()) { ScanType scanType = finding.getType(); - switch (scanType) { - case CODE_SCAN -> codeScan.reportScanHelper(finding); - case INFRA_SCAN -> infraScan.reportScanHelper(finding); - case WEB_SCAN -> webScan.reportScanHelper(finding); + if (scanType != null) { + switch (scanType) { + case CODE_SCAN -> codeScan.reportScanHelper(finding); + case INFRA_SCAN -> infraScan.reportScanHelper(finding); + case WEB_SCAN -> webScan.reportScanHelper(finding); + case LICENSE_SCAN -> licenseScan.reportScanHelper(finding); + case SECRET_SCAN -> secretScan.reportScanHelper(finding); + } } } } diff --git a/sechub-scan/src/main/resources/templates/report/html/details_footer.html b/sechub-scan/src/main/resources/templates/report/html/details_footer.html index cd7caab935..213c36e309 100644 --- a/sechub-scan/src/main/resources/templates/report/html/details_footer.html +++ b/sechub-scan/src/main/resources/templates/report/html/details_footer.html @@ -1,18 +1,18 @@ -

Description

-
Description1
-
-
A full description of "
-
Finding name
-
" can be found at 
-
-
.
-
- -

Solution

-
Solution
-
-

There is no dedicated solution. Please have a look at the proposed solutions and examples at - and adapt them to your situation.

-
+

Description

+
Description1
+
+
A full description of "
+
Finding name
+
" can be found at 
+
+
.
+
+ +

Solution

+
Solution
+
+

There is no dedicated solution. Please have a look at the proposed solutions and examples at + and adapt them to your situation.

+
\ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/fragment-cwe-summary-table.html b/sechub-scan/src/main/resources/templates/report/html/fragment-cwe-summary-table.html new file mode 100644 index 0000000000..091b8a13ce --- /dev/null +++ b/sechub-scan/src/main/resources/templates/report/html/fragment-cwe-summary-table.html @@ -0,0 +1,498 @@ + + + + + + +

+ + + + + + + + + + + + +
CWENameCount
+ + +
+ \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/fragment-generic-scan-table-row.html b/sechub-scan/src/main/resources/templates/report/html/fragment-generic-scan-table-row.html new file mode 100644 index 0000000000..ab213461b9 --- /dev/null +++ b/sechub-scan/src/main/resources/templates/report/html/fragment-generic-scan-table-row.html @@ -0,0 +1,509 @@ + + + + + + +

HIGH +
Command Injection
+
+ 		+
Description1
+
+
+
Location
+
Line
+
Column
+
Source
+
+
+
the location
+
101
+
54
+
result= evalCode.execute()
+
+
+ +
+ +
+
+ +
+ + + + + + + + + +
+ + +
SeverityTypeDescription
+ + \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/fragment-summary-table-row.html b/sechub-scan/src/main/resources/templates/report/html/fragment-summary-table-row.html new file mode 100644 index 0000000000..899717dce3 --- /dev/null +++ b/sechub-scan/src/main/resources/templates/report/html/fragment-summary-table-row.html @@ -0,0 +1,527 @@ + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/fragments.html b/sechub-scan/src/main/resources/templates/report/html/fragment-web-scan-table.html similarity index 54% rename from sechub-scan/src/main/resources/templates/report/html/fragments.html rename to sechub-scan/src/main/resources/templates/report/html/fragment-web-scan-table.html index 9610593f55..77f9472c66 100644 --- a/sechub-scan/src/main/resources/templates/report/html/fragments.html +++ b/sechub-scan/src/main/resources/templates/report/html/fragment-web-scan-table.html @@ -429,114 +429,122 @@ .summaryTable td:nth-child(3) { border-left: 1px solid #cccccc; } + +.summaryScanType { + font-family: monospace; + font-size: 1.5em; + font-weight: bold; +} + +.summarySeverity { + font-family: monospace; +} + +.summaryScanTypeTable { + width: 40%; + padding-bottom: 16px; + padding-top: 10px; + border-collapse: separate; + border: solid #cccccc 1px; + border-radius: 16px; + border-spacing: 0px; +} + +.summaryScanTypeTable th { + padding: 8px; + vertical-align: center; + text-align: left; +} + +.summaryScanTypeTable td { + padding: 8px; + font-family: monospace; + vertical-align: center; + text-align: left; +} + +.summaryScanTypeTable td:nth-child(2) { + border-left: 1px solid #cccccc; +} + +.summaryScanTypeTable td:nth-child(3) { + border-left: 1px solid #cccccc; +} + +.scanTypeHeadline { + /*color: #cc0000;*/ + font-family: monospace; +} - - -4711 -HIGH - -
Command Injection
-
- - -
Description1
-
-
-
Call
-
Location
-
Line
-
Column
-
Relevant part
-
Source
-
-
-
1
-
the location
-
101
-
54
-
execute
-
result= evalCode.execute()
-
-
-
+ + HIGH + +
Command Injection
+
+ +
-
Location
-
Attack vector
-
Evidence
+
Location
+
Attack vector
+
Evidence
-
-
1
-
the location
-
101
+
+
location
+
attack_vector
+
evidence
-
-
- -
-
-
Call
-
Location
-
Line
-
Column
-
Relevant part
-
Source
-
-
-
1
-
the location
-
101
-
54
-
execute
-
result= evalCode.execute()
-
-
-
-
-
- - - -

Request

-
-
-
-
-
/
-
-

Attack vector

- - -
- -

Body

-
No body content
- - - - -

Response

-
-
/
-
 
-
-

Evidence

- -
-
Found in response body. Start line:
-
- -
-

Body

-
No body content
- - - -
- -
- +
+ + + +

Request

+
+
+ +
+
+
+
/
+
+
+

Attack vector

+ + +
+ +

Body

+
No body content
+ + + + +

Response

+
+
+
/
+
+
 
+
+
+

Evidence

+ +
+
Found in response body. Start line:
+
+
+ +
+

Body

+
No body content
+ + + +
+
+ \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/links.html b/sechub-scan/src/main/resources/templates/report/html/links.html index b0f36415cb..a0a857309a 100644 --- a/sechub-scan/src/main/resources/templates/report/html/links.html +++ b/sechub-scan/src/main/resources/templates/report/html/links.html @@ -1,3 +1,7 @@ - + CWE-77 + + + CWE-77 + \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.css b/sechub-scan/src/main/resources/templates/report/html/scanresult.css index f81eb9b542..441763548d 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.css +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.css @@ -418,4 +418,50 @@ rTableSourceHead, .summaryTable td:nth-child(3) { border-left: 1px solid #cccccc; +} + +.summaryScanType { + font-family: monospace; + font-size: 1.5em; + font-weight: bold; +} + +.summarySeverity { + font-family: monospace; +} + +.summaryScanTypeTable { + width: 40%; + padding-bottom: 16px; + padding-top: 10px; + border-collapse: separate; + border: solid #cccccc 1px; + border-radius: 16px; + border-spacing: 0px; +} + +.summaryScanTypeTable th { + padding: 8px; + vertical-align: center; + text-align: left; +} + +.summaryScanTypeTable td { + padding: 8px; + font-family: monospace; + vertical-align: center; + text-align: left; +} + +.summaryScanTypeTable td:nth-child(2) { + border-left: 1px solid #cccccc; +} + +.summaryScanTypeTable td:nth-child(3) { + border-left: 1px solid #cccccc; +} + +.scanTypeHeadline { + /*color: #cc0000;*/ + font-family: monospace; } \ No newline at end of file diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html index 54ce0611bb..bfbd315633 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.html @@ -1,227 +1,292 @@ - -SecHub scan result - - - + */--> + + -
-
-
-
-
-
-
-
-
-
-
-
- - - - - - - - - - -
-
4MEDIUMName 2Description 2
-
-
-

Green findings

- - - - - - - - - - - +
+

Summary

+
IdSeverityTypeDescription
+ + + + + + + + + + + +
+ + +
TotalRedYellowGreen
+
-
+
+ CodeScan +
+
+
+
+
+
+
+
+
+
+
+ InfraScan +
+
+
+
+
+
+
+
+
+
+
+ LicenseScan +
+
+
+
+
+
+
+
+
+
+
+ SecretScan +
+
+
+
+
+
+
+
+
+
+
+ WebScan +
+
+
+
+
+
+
+
+
+
- - - 5 - INFO - Name 2 - Description 2 - - - -
-
-
-

Messages

- +
+

+
+ +
+
+
+ +
+
+
+ +
+
+
+ +

Web Scan

+

+ + + + + + + - - - - - - - - - - - - - - - - - - - + +
+ + +
SeverityTypeDescription
🛇This is an error message text
This is a warning message text
🛈This is an info message text
This is a message where message type is null
+
+
+
+

+
+ +
+
+
+ +
+
+
+ +
+
+
+ +

Web Scan

+ + + + + + + + + + +
+ + +
SeverityTypeDescription
+
+

+
+

+
+ +
+
+
+ +
+
+
+ +
+
+
+ +

Web Scan

+ + + + + + + + + + +
+
SeverityTypeDescription
-
-

+
+
+ + + +
+

Messages

+ + + + + + + + + + + + + + + + + + + +
🛇This is an error message text
This is a warning message text
🛈This is an info message text
This is a message where message type is null
+
+ \ No newline at end of file diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java index c162181048..a807eb20f4 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java @@ -6,18 +6,13 @@ import java.io.ByteArrayInputStream; import java.io.File; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import java.util.UUID; +import java.util.*; -import com.mercedesbenz.sechub.commons.model.*; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.springframework.core.io.Resource; +import com.mercedesbenz.sechub.commons.model.*; import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; class HTMLScanResultReportModelBuilderTest { @@ -65,8 +60,7 @@ void beforeEach() throws Exception { scanTypeCount = ScanTypeCount.of(ScanType.CODE_SCAN); } - @Test - void metaData_set_as_optional_not_present_when_configuration_has_metadata_optional_null() { + @Test void metaData_set_as_optional_not_present_when_configuration_has_metadata_optional_null() { /* prepare */ when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); // traffic light necessary to avoid illegal state exception when(scanSecHubReport.getMetaData()).thenReturn(Optional.ofNullable(null)); @@ -75,14 +69,12 @@ void metaData_set_as_optional_not_present_when_configuration_has_metadata_option Map map = builderToTest.build(scanSecHubReport); /* test */ - @SuppressWarnings("unchecked") - Optional metaData = (Optional) map.get("metaData"); + @SuppressWarnings("unchecked") Optional metaData = (Optional) map.get("metaData"); assertNotNull(metaData); assertFalse(metaData.isPresent()); } - @Test - void metaData_set_as_optional_not_present_when_configuration_has_metadata_optional_defined() { + @Test void metaData_set_as_optional_not_present_when_configuration_has_metadata_optional_defined() { /* prepare */ when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); // traffic light necessary to avoid illegal state exception SecHubReportMetaData reportMetaData = mock(SecHubReportMetaData.class); @@ -92,8 +84,7 @@ void metaData_set_as_optional_not_present_when_configuration_has_metadata_option Map map = builderToTest.build(scanSecHubReport); /* test */ - @SuppressWarnings("unchecked") - Optional metaData = (Optional) map.get("metaData"); + @SuppressWarnings("unchecked") Optional metaData = (Optional) map.get("metaData"); assertNotNull(metaData); assertTrue(metaData.isPresent()); } @@ -166,8 +157,7 @@ void all_parameters_build_webdesignmode_true() throws Exception { assertEquals(HIDE_LIGHT, map.get("styleGreen")); } - @Test - void trafficlight_red_set_display_block__others_are_none() { + @Test void trafficlight_red_set_display_block__others_are_none() { when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); Map map = builderToTest.build(scanSecHubReport); @@ -176,8 +166,7 @@ void trafficlight_red_set_display_block__others_are_none() { assertEquals(HIDE_LIGHT, map.get("styleGreen")); } - @Test - public void trafficlight_yellow_set_display_block__others_are_none() { + @Test public void trafficlight_yellow_set_display_block__others_are_none() { when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.YELLOW); Map map = builderToTest.build(scanSecHubReport); @@ -186,8 +175,7 @@ public void trafficlight_yellow_set_display_block__others_are_none() { assertEquals(HIDE_LIGHT, map.get("styleGreen")); } - @Test - void trafficlight_green_set_display_block__others_are_none() { + @Test void trafficlight_green_set_display_block__others_are_none() { when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.GREEN); Map map = builderToTest.build(scanSecHubReport); @@ -209,6 +197,8 @@ void code_scan_entries_set_and_right_amount_of_call_stacks_populated() { when(result.getFindings()).thenReturn(Arrays.asList(finding)); when(finding.getCode()).thenReturn(code1); when(finding.getType()).thenReturn(ScanType.CODE_SCAN); + when(finding.getSeverity()).thenReturn(Severity.HIGH); + when(finding.getName()).thenReturn("some_vulnerability_name"); when(code1.getCalls()).thenReturn(subCode); /* execute */ @@ -227,8 +217,7 @@ void code_scan_entries_set_and_right_amount_of_call_stacks_populated() { assertTrue(scanEntriesList.size() == 2); } - @Test - void code_scan_support_set_and_not_null() { + @Test void code_scan_support_set_and_not_null() { /* prepare */ when(scanSecHubReport.getTrafficLight()).thenReturn(TrafficLight.RED); @@ -241,7 +230,7 @@ void code_scan_support_set_and_not_null() { } @Test - void when_severity_is_high_then_highSeverityCount_should_be_incremented(){ + void when_severity_is_high_then_highSeverityCount_should_be_incremented() { /* execute */ builderToTest.incrementScanCount(Severity.HIGH, scanTypeCount); @@ -250,7 +239,7 @@ void when_severity_is_high_then_highSeverityCount_should_be_incremented(){ } @Test - void when_severity_is_medium_then_mediumSeverityCount_should_be_incremented(){ + void when_severity_is_medium_then_mediumSeverityCount_should_be_incremented() { /* execute */ builderToTest.incrementScanCount(Severity.MEDIUM, scanTypeCount); @@ -259,11 +248,206 @@ void when_severity_is_medium_then_mediumSeverityCount_should_be_incremented(){ } @Test - void when_severity_is_low_then_lowSeverityCount_should_be_incremented(){ + void when_severity_is_low_then_lowSeverityCount_should_be_incremented() { /* execute */ builderToTest.incrementScanCount(Severity.LOW, scanTypeCount); /* test */ assertEquals(1, scanTypeCount.getLowSeverityCount()); } + + @Test + void when_findings_list_is_empty_then_prepareScanTypesForModel_returns_empty_set() { + /* prepare */ + List findings = new ArrayList<>(); + + /* execute */ + Set scanTypeCountSet = builderToTest.prepareScanTypesForModel(findings); + + /* test */ + assertTrue(scanTypeCountSet.isEmpty()); + } + + @Test + void when_findings_list_contains_multiple_CODE_SCAN_findings_only_then_prepareScanTypesForModel_returns_set_with_one_appropriate_element_only() { + /* prepare */ + List findings = new ArrayList<>(); + SecHubFinding finding = new SecHubFinding(); + finding.setId(0); + finding.setType(ScanType.CODE_SCAN); + finding.setSeverity(Severity.LOW); + findings.add(finding); + finding = new SecHubFinding(); + finding.setId(1); + finding.setType(ScanType.CODE_SCAN); + finding.setSeverity(Severity.MEDIUM); + findings.add(finding); + finding = new SecHubFinding(); + finding.setId(2); + finding.setType(ScanType.CODE_SCAN); + finding.setSeverity(Severity.HIGH); + findings.add(finding); + + /* execute */ + Set scanTypeCountSet = builderToTest.prepareScanTypesForModel(findings); + Iterator iterator = scanTypeCountSet.iterator(); + ScanTypeCount scanTypeCount = iterator.next(); + + /* test */ + assertTrue(scanTypeCountSet.size() == 1); + assertEquals(ScanType.CODE_SCAN, scanTypeCount.getScanType()); + assertEquals(1, scanTypeCount.getLowSeverityCount()); + assertEquals(1, scanTypeCount.getMediumSeverityCount()); + assertEquals(1, scanTypeCount.getHighSeverityCount()); + } + + @Test + void when_findings_list_contains_multiple_findings_of_differernt_ScanType_then_prepareScanTypesForModel_returns_appropriate_set() { + /* prepare */ + List findings = new ArrayList<>(); + SecHubFinding finding = new SecHubFinding(); + finding.setId(0); + finding.setType(ScanType.CODE_SCAN); + finding.setSeverity(Severity.LOW); + findings.add(finding); + finding = new SecHubFinding(); + finding.setId(1); + finding.setType(ScanType.INFRA_SCAN); + finding.setSeverity(Severity.MEDIUM); + findings.add(finding); + finding = new SecHubFinding(); + finding.setId(2); + finding.setType(ScanType.SECRET_SCAN); + finding.setSeverity(Severity.HIGH); + findings.add(finding); + + /* execute */ + Set scanTypeCountSet = builderToTest.prepareScanTypesForModel(findings); + Iterator iterator = scanTypeCountSet.iterator(); + + /* execute + test */ + assertTrue(scanTypeCountSet.size() == 3); + + while (iterator.hasNext()) { + ScanTypeCount scanTypeCount = iterator.next(); + switch (scanTypeCount.getScanType()) { + case CODE_SCAN -> assertEquals(1, scanTypeCount.getLowSeverityCount()); + case INFRA_SCAN -> assertEquals(1, scanTypeCount.getMediumSeverityCount()); + case SECRET_SCAN -> assertEquals(1, scanTypeCount.getHighSeverityCount()); + } + } + } + + @Test + void when_findings_list_is_empty_then_filterFindingsForWebScan_must_return_empty_map() { + /* prepare */ + List findings = new ArrayList<>(); + List severities = List.of(Severity.HIGH); + + /* execute */ + Map> groupedAndSortedFindingsByName = builderToTest.filterFindingsForWebScan(findings, severities); + + /* test */ + assertTrue(groupedAndSortedFindingsByName.isEmpty()); + } + + @Test + void when_findings_list_contains_3_WEB_SCAN_HIGH_findings_then_filterFindingsForWebScan_must_return_appropriate_map() { + /* prepare */ + List findings = new ArrayList<>(); + SecHubFinding finding = new SecHubFinding(); + finding.setId(0); + finding.setType(ScanType.WEB_SCAN); + finding.setSeverity(Severity.HIGH); + finding.setName("Cross Site Scripting (Reflected)"); + findings.add(finding); + finding = new SecHubFinding(); + finding.setId(1); + finding.setType(ScanType.WEB_SCAN); + finding.setSeverity(Severity.HIGH); + finding.setName("Cross Site Scripting (Reflected)"); + findings.add(finding); + finding = new SecHubFinding(); + finding.setId(2); + finding.setType(ScanType.WEB_SCAN); + finding.setSeverity(Severity.HIGH); + finding.setName("Cross Site Scripting (Reflected)"); + findings.add(finding); + + List severities = List.of(Severity.HIGH); + + /* execute */ + Map> groupedAndSortedFindingsByName = builderToTest.filterFindingsForWebScan(findings, severities); + List findingList = groupedAndSortedFindingsByName.get("Cross Site Scripting (Reflected)"); + + /* test */ + assertEquals(1, groupedAndSortedFindingsByName.size()); + assertTrue(groupedAndSortedFindingsByName.containsKey("Cross Site Scripting (Reflected)")); + assertEquals(3, findingList.size()); + for (SecHubFinding secHubFinding : findingList) { + assertEquals(ScanType.WEB_SCAN, secHubFinding.getType()); + assertEquals(Severity.HIGH, secHubFinding.getSeverity()); + assertEquals("Cross Site Scripting (Reflected)", secHubFinding.getName()); + } + } + + @Test + void when_findings_list_is_empty_then_filterFindingsForGeneralScan_must_return_empty_list() { + /* prepare */ + List findings = new ArrayList<>(); + Map> codeScanEntries = new HashMap<>(); + List severities = List.of(Severity.HIGH); + + /* execute */ + List htmlSecHubFindingList = builderToTest.filterFindingsForGeneralScan(findings, codeScanEntries, severities); + + /* test */ + assertTrue(htmlSecHubFindingList.isEmpty()); + } + + @Test + void when_findings_list_contains_1_CODE_SCAN_HIGH_findings_then_filterFindingsForGeneralScan_must_return_appropriate_list() { + /* prepare */ + List findings = new ArrayList<>(); + SecHubFinding finding = new SecHubFinding(); + finding.setId(0); + finding.setType(ScanType.CODE_SCAN); + finding.setSeverity(Severity.HIGH); + finding.setName("Deferring unsafe method \"Close\" on type \"*os.File\""); + findings.add(finding); + finding = new SecHubFinding(); + finding.setId(1); + finding.setType(ScanType.CODE_SCAN); + finding.setSeverity(Severity.HIGH); + finding.setName("Deferring unsafe method \"Close\" on type \"*os.File\""); + findings.add(finding); + finding = new SecHubFinding(); + finding.setId(2); + finding.setType(ScanType.CODE_SCAN); + finding.setSeverity(Severity.HIGH); + finding.setName("Deferring unsafe method \"Close\" on type \"*os.File\""); + findings.add(finding); + + Map> codeScanEntries = new HashMap<>(); + List list = new ArrayList<>(); + list.add(new HTMLScanResultCodeScanEntry()); + codeScanEntries.put(0, list); + list = new ArrayList<>(); + list.add(new HTMLScanResultCodeScanEntry()); + codeScanEntries.put(1, list); + list = new ArrayList<>(); + list.add(new HTMLScanResultCodeScanEntry()); + codeScanEntries.put(2, list); + + List severities = List.of(Severity.HIGH); + + /* execute */ + List htmlSecHubFindingList = builderToTest.filterFindingsForGeneralScan(findings, codeScanEntries, severities); + + /* test */ + assertEquals(1, htmlSecHubFindingList.size()); + assertEquals("Deferring unsafe method \"Close\" on type \"*os.File\"", htmlSecHubFindingList.get(0).getName()); + assertEquals(3, htmlSecHubFindingList.get(0).getEntryList().size()); + } + } diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java index 4068238b62..9b092b63a3 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java @@ -31,19 +31,21 @@ void of_constructor_creates_right_object() { @Test void when_ScanType_is_null_then_of_constructor_throws_IllegalArgumentException() { - /* prepare + execute */ + /* prepare */ + String expectedMessage = "ScanType argument must exist"; + + /* execute */ Exception exception = assertThrows(IllegalArgumentException.class, () -> { ScanTypeCount.of(null); }); - String expectedMessage = "ScanType argument must exist"; - String actualMessage = exception.getMessage(); /* test */ + String actualMessage = exception.getMessage(); assertTrue(actualMessage.contains(expectedMessage)); } @Test - void incrementHighSeverityCount_do_increment_highSeverityCount_value_by_one() { + void execute_incrementHighSeverityCount_once_increment_highSeverityCount_value_by_one() { /* execute */ scanTypeCount.incrementHighSeverityCount(); @@ -52,7 +54,18 @@ void incrementHighSeverityCount_do_increment_highSeverityCount_value_by_one() { } @Test - void incrementMediumSeverityCount_do_increment_mediumSeverityCount_value_by_one() { + void executing_incrementHighSeverityCount_101_times_increases_highSeverityCount_value_by_101() { + /* execute */ + for (int i = 0; i < 101; i++) { + scanTypeCount.incrementHighSeverityCount(); + } + + /* test */ + assertEquals(scanTypeCount.getHighSeverityCount(), 101); + } + + @Test + void execute_incrementMediumSeverityCount_once_increment_mediumSeverityCount_value_by_one() { /* execute */ scanTypeCount.incrementMediumSeverityCount(); @@ -61,7 +74,18 @@ void incrementMediumSeverityCount_do_increment_mediumSeverityCount_value_by_one( } @Test - void incrementLowSeverityCount_do_increment_lowSeverityCount_value_by_one() { + void executing_incrementMediumSeverityCount_101_times_increases_mediumSeverityCount_value_by_101() { + /* execute */ + for (int i = 0; i < 101; i++) { + scanTypeCount.incrementMediumSeverityCount(); + } + + /* test */ + assertEquals(scanTypeCount.getMediumSeverityCount(), 101); + } + + @Test + void execute_incrementLowSeverityCount_once_increment_lowSeverityCount_value_by_one() { /* execute */ scanTypeCount.incrementLowSeverityCount(); @@ -69,6 +93,17 @@ void incrementLowSeverityCount_do_increment_lowSeverityCount_value_by_one() { assertEquals(scanTypeCount.getLowSeverityCount(), 1); } + @Test + void executing_incrementLowSeverityCount_101_times_increases_lowSeverityCount_value_by_101() { + /* execute */ + for (int i = 0; i < 101; i++) { + scanTypeCount.incrementLowSeverityCount(); + } + + /* test */ + assertEquals(scanTypeCount.getLowSeverityCount(), 101); + } + @Test void compareTo_must_return_positive_on_scanTypeCount_is_null() { /* prepare */ @@ -96,7 +131,7 @@ void compareTo_must_return_zero_on_equals_scanTypeCounts() { } @Test - void compareTo_must_return_positive_value_because_scanTypeCountA_smaller_scanTypeCountB() { + void compareTo_must_return_positive_value_because_scanTypeCountA_different_from_scanTypeCountB() { /* prepare */ ScanTypeCount scanTypeCountA = ScanTypeCount.of(ScanType.CODE_SCAN); ScanTypeCount scanTypeCountB = ScanTypeCount.of(ScanType.WEB_SCAN); @@ -109,7 +144,7 @@ void compareTo_must_return_positive_value_because_scanTypeCountA_smaller_scanTyp } @Test - void compareTo_must_return_negative_value_bacause_scanTypeCountA_bigger_scanTypeCountB() { + void compareTo_must_return_negative_value_because_scanTypeCountA_different_from_scanTypeCountB() { /* prepare */ ScanTypeCount scanTypeCountA = ScanTypeCount.of(ScanType.WEB_SCAN); ScanTypeCount scanTypeCountB = ScanTypeCount.of(ScanType.CODE_SCAN); @@ -120,4 +155,40 @@ void compareTo_must_return_negative_value_bacause_scanTypeCountA_bigger_scanType /* test */ assertTrue(0 > compareResult); } + + @Test + void when_highSeverityCount_equals_MAX_VALUE_then_after_increasing_it_must_be_less_than_0() { + /* prepare */ + scanTypeCount.highSeverityCount = Integer.MAX_VALUE; + + /* execute */ + scanTypeCount.incrementHighSeverityCount(); + + /* test */ + assertTrue(0 > scanTypeCount.getHighSeverityCount()); + } + + @Test + void when_mediumSeverityCount_equals_MAX_VALUE_then_after_increasing_it_must_be_less_than_0() { + /* prepare */ + scanTypeCount.mediumSeverityCount = Integer.MAX_VALUE; + + /* execute */ + scanTypeCount.incrementMediumSeverityCount(); + + /* test */ + assertTrue(0 > scanTypeCount.getMediumSeverityCount()); + } + + @Test + void when_lowSeverityCount_equals_MAX_VALUE_then_after_increasing_it_must_be_less_than_0() { + /* prepare */ + scanTypeCount.lowSeverityCount = Integer.MAX_VALUE; + + /* execute */ + scanTypeCount.incrementLowSeverityCount(); + + /* test */ + assertTrue(0 > scanTypeCount.getLowSeverityCount()); + } } diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReportTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReportTest.java index 1772d9c83c..20e8c04f4a 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReportTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReportTest.java @@ -1,6 +1,7 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.domain.scan.report; +import static com.mercedesbenz.sechub.commons.model.ScanType.*; import static org.junit.jupiter.api.Assertions.*; import static org.mockito.Mockito.*; @@ -287,4 +288,128 @@ void scanreport_result_with_report_containing_sechub_report_model_init_and_json_ assertEquals(1, reportToTest.getResult().getCount()); } + @Test + void when_finding_is_CODE_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(CODE_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + assertTrue(1 == scanSecHubReport.getMetaData().get().getSummary().getCodeScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getInfraScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getLicenseScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getSecretScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getWebScan().getTotal()); + } + + @Test + void when_finding_is_INFRA_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(INFRA_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getCodeScan().getTotal()); + assertTrue(1 == scanSecHubReport.getMetaData().get().getSummary().getInfraScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getLicenseScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getSecretScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getWebScan().getTotal()); + } + + @Test + void when_finding_is_LICENSE_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(LICENSE_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getCodeScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getInfraScan().getTotal()); + assertTrue(1 == scanSecHubReport.getMetaData().get().getSummary().getLicenseScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getSecretScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getWebScan().getTotal()); + } + + @Test + void when_finding_is_SECRET_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(SECRET_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getCodeScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getInfraScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getLicenseScan().getTotal()); + assertTrue(1 == scanSecHubReport.getMetaData().get().getSummary().getSecretScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getWebScan().getTotal()); + } + + @Test + void when_finding_is_WEB_SCAN_then_only_relevant_reports_metadata_total_value_should_be_increased() { + /* prepare */ + SecHubReportModel reportModel = new SecHubReportModel(); + SecHubFinding finding = new SecHubFinding(); + finding.setName("finding1"); + finding.setType(WEB_SCAN); + finding.setSeverity(Severity.HIGH); + reportModel.getResult().getFindings().add(finding); + + ScanReport report = new ScanReport(); + report.setResult(reportModel.toJSON()); + report.setResultType(ScanReportResultType.MODEL); + + /* execute */ + ScanSecHubReport scanSecHubReport = new ScanSecHubReport(report); + + /* test */ + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getCodeScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getInfraScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getLicenseScan().getTotal()); + assertTrue(0 == scanSecHubReport.getMetaData().get().getSummary().getSecretScan().getTotal()); + assertTrue(1 == scanSecHubReport.getMetaData().get().getSummary().getWebScan().getTotal()); + } } diff --git a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java index dbc6d8bbca..251d92bfcd 100644 --- a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java +++ b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java @@ -76,13 +76,19 @@ private static void beforAll() throws IOException { thymeleafTemplateEngine.setTemplateResolver(templateResolver); if (TestUtil.isAutoCSSFragementGenerationEnabled()) { - File scanHTMLFolder = new File("./../sechub-scan/src/main/resources/templates/report/html"); - File cssFile = new File(scanHTMLFolder, "scanresult.css"); - File fragmentsFile = new File(scanHTMLFolder, "fragments.html"); - CSSFileToFragementMerger merger = new CSSFileToFragementMerger(); + + File fragmentsFile = new File(scanHTMLFolder, "fragment-cwe-summary-table.html"); + merger.merge(cssFile, fragmentsFile); + fragmentsFile = new File(scanHTMLFolder, "fragment-generic-scan-table.html"); + merger.merge(cssFile, fragmentsFile); + fragmentsFile = new File(scanHTMLFolder, "fragment-generic-scan-table-row.html"); + merger.merge(cssFile, fragmentsFile); + fragmentsFile = new File(scanHTMLFolder, "fragment-summary-table-row.html"); + merger.merge(cssFile, fragmentsFile); + fragmentsFile = new File(scanHTMLFolder, "fragment-web-scan-table.html"); merger.merge(cssFile, fragmentsFile); } else { LOG.info("Skipping CSS auto generation/merging"); @@ -105,7 +111,7 @@ void example1_owasp_zap_sarif_report_is_transformed_to_expected_sechub_report_HT assertNotNull(htmlResult); assertTrue(htmlResult.contains(context.sechubJobUUID)); - assertTrue(htmlResult.contains("XSS"), "The report must at least contain a cross site scripting vulnerability!"); + assertTrue(htmlResult.contains("CWE-614"), "The report must at least contain the CWE-614 vulnerability!"); assertTrue(htmlResult.contains("Cross Site Scripting (Reflected)"), "The report must at least contain a cross site scripting reflected vulnerability!"); assertTrue(htmlResult.contains("Red findings")); From 0fe8d856d28e5c833d92390cc18e3f544f7bc338 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Fri, 4 Aug 2023 18:15:09 +0300 Subject: [PATCH 08/44] Minor fixes and improvements #345 --- .../scan/HTMLScanResultReportModelBuilder.java | 2 +- .../sechub/domain/scan/ScanTypeCount.java | 12 ++++++------ .../sechub/domain/scan/ScanTypeCountTest.java | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java index 75e18084dc..16d37c5381 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java @@ -158,7 +158,7 @@ public Map> filterFindingsForWebScan(List filterFindingsForGeneralScan(List findings, Map> codeScanEntries, List severities) { - List htmlSecHubFindings = new ArrayList<>(); + List htmlSecHubFindings = new LinkedList<>(); Map> groupedFindingsByName = findings.stream().filter(finding -> severities.contains(finding.getSeverity())) .collect(groupingBy(SecHubFinding::getName)); diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java index a6d384e47b..423a44ab5b 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCount.java @@ -6,9 +6,9 @@ public class ScanTypeCount implements Comparable { private ScanType scanType; - protected int highSeverityCount; - protected int mediumSeverityCount; - protected int lowSeverityCount; + protected long highSeverityCount; + protected long mediumSeverityCount; + protected long lowSeverityCount; private ScanTypeCount(ScanType scanType) { this.scanType = scanType; @@ -28,15 +28,15 @@ public ScanType getScanType() { return scanType; } - public int getHighSeverityCount() { + public long getHighSeverityCount() { return highSeverityCount; } - public int getMediumSeverityCount() { + public long getMediumSeverityCount() { return mediumSeverityCount; } - public int getLowSeverityCount() { + public long getLowSeverityCount() { return lowSeverityCount; } diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java index 9b092b63a3..64ae8c40c1 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java @@ -159,7 +159,7 @@ void compareTo_must_return_negative_value_because_scanTypeCountA_different_from_ @Test void when_highSeverityCount_equals_MAX_VALUE_then_after_increasing_it_must_be_less_than_0() { /* prepare */ - scanTypeCount.highSeverityCount = Integer.MAX_VALUE; + scanTypeCount.highSeverityCount = Long.MAX_VALUE; /* execute */ scanTypeCount.incrementHighSeverityCount(); @@ -171,7 +171,7 @@ void when_highSeverityCount_equals_MAX_VALUE_then_after_increasing_it_must_be_le @Test void when_mediumSeverityCount_equals_MAX_VALUE_then_after_increasing_it_must_be_less_than_0() { /* prepare */ - scanTypeCount.mediumSeverityCount = Integer.MAX_VALUE; + scanTypeCount.mediumSeverityCount = Long.MAX_VALUE; /* execute */ scanTypeCount.incrementMediumSeverityCount(); @@ -183,7 +183,7 @@ void when_mediumSeverityCount_equals_MAX_VALUE_then_after_increasing_it_must_be_ @Test void when_lowSeverityCount_equals_MAX_VALUE_then_after_increasing_it_must_be_less_than_0() { /* prepare */ - scanTypeCount.lowSeverityCount = Integer.MAX_VALUE; + scanTypeCount.lowSeverityCount = Long.MAX_VALUE; /* execute */ scanTypeCount.incrementLowSeverityCount(); From d57c6eec7bbb3bab45cf1696ce0f2762ea9c7f45 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Sun, 6 Aug 2023 02:25:28 +0300 Subject: [PATCH 09/44] Enabled github's workflow test #345 --- .../com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java | 1 + 1 file changed, 1 insertion(+) diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java index 64ae8c40c1..6955aebde4 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java @@ -191,4 +191,5 @@ void when_lowSeverityCount_equals_MAX_VALUE_then_after_increasing_it_must_be_les /* test */ assertTrue(0 > scanTypeCount.getLowSeverityCount()); } + } From a039d3560825afa35f7f4c87c639e0b628635bba Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Wed, 16 Aug 2023 16:51:46 +0300 Subject: [PATCH 10/44] Fixed some tests and html templates #345 --- .../src/main/resources/reduced-openapi3.json | 98 +++++++------- ...ecHubReportMetaDataSummaryDetailsTest.java | 34 ++--- .../SecHubReportMetaDataSummaryTest.java | 3 + .../ScanReportRestControllerRestDocTest.java | 10 +- .../templates/report/html/details_footer.html | 2 +- .../templates/report/html/scanresult.html | 124 +++++++++--------- .../ScanReportRestControllerMockTest.java | 31 ++--- 7 files changed, 150 insertions(+), 152 deletions(-) diff --git a/sechub-api-java/src/main/resources/reduced-openapi3.json b/sechub-api-java/src/main/resources/reduced-openapi3.json index 9c6c59e04f..f196b8b20d 100644 --- a/sechub-api-java/src/main/resources/reduced-openapi3.json +++ b/sechub-api-java/src/main/resources/reduced-openapi3.json @@ -3185,6 +3185,55 @@ } } }, + "ExecutionProfileFetch": { + "title": "ExecutionProfileFetch", + "type": "object", + "properties": { + "configurations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "productIdentifier": { + "type": "string", + "description": "executed product" + }, + "name": { + "type": "string", + "description": "name of configuration" + }, + "executorVersion": { + "type": "number", + "description": "executor version" + }, + "uuid": { + "type": "string", + "description": "uuid of configuration" + }, + "enabled": { + "type": "boolean", + "description": "enabled state of this config" + } + } + } + }, + "description": { + "type": "string", + "description": "A short description for the profile" + }, + "projectIds": { + "type": "array", + "description": "Projects can be linked by their ids here", + "items": { + "type": "string" + } + }, + "enabled": { + "type": "boolean", + "description": "Enabled state of profile, default is false" + } + } + }, "FalsePositives": { "title": "FalsePositives", "type": "object", @@ -3298,55 +3347,6 @@ } } }, - "ExecutionProfileFetch": { - "title": "ExecutionProfileFetch", - "type": "object", - "properties": { - "configurations": { - "type": "array", - "items": { - "type": "object", - "properties": { - "productIdentifier": { - "type": "string", - "description": "executed product" - }, - "name": { - "type": "string", - "description": "name of configuration" - }, - "executorVersion": { - "type": "number", - "description": "executor version" - }, - "uuid": { - "type": "string", - "description": "uuid of configuration" - }, - "enabled": { - "type": "boolean", - "description": "enabled state of this config" - } - } - } - }, - "description": { - "type": "string", - "description": "A short description for the profile" - }, - "projectIds": { - "type": "array", - "description": "Projects can be linked by their ids here", - "items": { - "type": "string" - } - }, - "enabled": { - "type": "boolean", - "description": "Enabled state of profile, default is false" - } - } - }, "FullScanDataZIP": { "title": "FullScanDataZIP", "type": "object" diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index a883f48e46..0b691f41f6 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -16,6 +16,10 @@ public class SecHubReportMetaDataSummaryDetailsTest { static final int MEDIUM_FINDING_CWEID = 456; static final int LOW_FINDING_CWEID = 789; + static final String HIGH_FINDING_NAME = "Cross Site Scripting (Reflected)"; + static final String MEDIUM_FINDING_NAME = "CSP: Wildcard Directive"; + static final String LOW_FINDING_NAME = "Cookie Without Secure Flag"; + SecHubReportMetaDataSummaryDetails secHubReportMetaDataSummaryDetails; SecHubFinding highFinding; SecHubFinding mediumFinding; @@ -28,17 +32,17 @@ void beforeEach() { highFinding = new SecHubFinding(); highFinding.setCweId(HIGH_FINDING_CWEID); highFinding.setSeverity(Severity.HIGH); - highFinding.setName("Cross Site Scripting (Reflected)"); + highFinding.setName(HIGH_FINDING_NAME); mediumFinding = new SecHubFinding(); mediumFinding.setCweId(MEDIUM_FINDING_CWEID); mediumFinding.setSeverity(Severity.MEDIUM); - mediumFinding.setName("CSP: Wildcard Directive"); + mediumFinding.setName(MEDIUM_FINDING_NAME); lowFinding = new SecHubFinding(); lowFinding.setCweId(LOW_FINDING_CWEID); lowFinding.setSeverity(Severity.LOW); - lowFinding.setName("Cookie Without Secure Flag"); + lowFinding.setName(LOW_FINDING_NAME); } @Test @@ -47,7 +51,7 @@ void new_element_in_high_map_must_be_created() { secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); /* test */ - assertNotNull(secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_CWEID)); + assertNotNull(secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_NAME)); } @Test @@ -56,7 +60,7 @@ void new_element_in_medium_map_must_be_created() { secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); /* test */ - assertNotNull(secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_CWEID)); + assertNotNull(secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_NAME)); } @Test @@ -65,18 +69,18 @@ void new_element_in_low_map_must_be_created() { secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); /* test */ - assertNotNull(secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_CWEID)); + assertNotNull(secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_NAME)); } @Test void instance_variables_of_new_element_in_high_map_initialized_correctly() { /* execute */ secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); - SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_CWEID); + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_NAME); /* test */ assertEquals(HIGH_FINDING_CWEID, severityDetails.getCweId()); - assertEquals("Cross Site Scripting (Reflected)", severityDetails.getName()); + assertEquals(HIGH_FINDING_NAME, severityDetails.getName()); assertEquals(1, severityDetails.getCount()); } @@ -84,11 +88,11 @@ void instance_variables_of_new_element_in_high_map_initialized_correctly() { void instance_variables_of_new_element_in_medium_map_initialized_correctly() { /* execute */ secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); - SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_CWEID); + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_NAME); /* test */ assertEquals(MEDIUM_FINDING_CWEID, severityDetails.getCweId()); - assertEquals("CSP: Wildcard Directive", severityDetails.getName()); + assertEquals(MEDIUM_FINDING_NAME, severityDetails.getName()); assertEquals(1, severityDetails.getCount()); } @@ -96,11 +100,11 @@ void instance_variables_of_new_element_in_medium_map_initialized_correctly() { void instance_variables_of_new_element_in_low_map_initialized_correctly() { /* execute */ secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); - SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_CWEID); + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_NAME); /* test */ assertEquals(LOW_FINDING_CWEID, severityDetails.getCweId()); - assertEquals("Cookie Without Secure Flag", severityDetails.getName()); + assertEquals(LOW_FINDING_NAME, severityDetails.getName()); assertEquals(1, severityDetails.getCount()); } @@ -110,7 +114,7 @@ void if_adding_multiple_similar_findings_into_high_map_counter_contains_correct_ for (int i = 0; i < 101; i++) { secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); } - SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_CWEID); + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_NAME); /* test */ assertEquals(101, severityDetails.getCount()); @@ -122,7 +126,7 @@ void if_adding_multiple_similar_findings_into_medium_map_counter_contains_correc for (int i = 0; i < 101; i++) { secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); } - SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_CWEID); + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_NAME); /* test */ assertEquals(101, severityDetails.getCount()); @@ -134,7 +138,7 @@ void if_adding_multiple_similar_findings_into_low_map_counter_contains_correct_v for (int i = 0; i < 101; i++) { secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); } - SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_CWEID); + SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_NAME); /* test */ assertEquals(101, severityDetails.getCount()); diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 26b6347c96..3ac12ba3c9 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -18,12 +18,15 @@ void beforeEach() { highFinding = new SecHubFinding(); highFinding.setSeverity(Severity.HIGH); + highFinding.setName("Cross Site Scripting (Reflected)"); mediumFinding = new SecHubFinding(); mediumFinding.setSeverity(Severity.MEDIUM); + mediumFinding.setName("CSP: Wildcard Directive"); lowFinding = new SecHubFinding(); lowFinding.setSeverity(Severity.LOW); + lowFinding.setName("Cookie Without Secure Flag"); } @Test diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanReportRestControllerRestDocTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanReportRestControllerRestDocTest.java index fa26528402..ca44eb0139 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanReportRestControllerRestDocTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/ScanReportRestControllerRestDocTest.java @@ -14,11 +14,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; import java.lang.annotation.Annotation; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Map; -import java.util.Optional; -import java.util.UUID; +import java.util.*; import org.junit.Before; import org.junit.Test; @@ -38,6 +34,7 @@ import com.mercedesbenz.sechub.commons.model.TrafficLight; import com.mercedesbenz.sechub.docgen.util.RestDocFactory; import com.mercedesbenz.sechub.domain.scan.HTMLScanResultReportModelBuilder; +import com.mercedesbenz.sechub.domain.scan.ScanTypeCount; import com.mercedesbenz.sechub.domain.scan.report.DownloadScanReportService; import com.mercedesbenz.sechub.domain.scan.report.DownloadSpdxScanReportService; import com.mercedesbenz.sechub.domain.scan.report.ScanReport; @@ -241,7 +238,8 @@ public void before() throws Exception { map.put("yellowList", new ArrayList<>()); map.put("greenList", new ArrayList<>()); map.put("isWebDesignMode", false); - map.put("metaData", Optional.ofNullable(null)); + map.put("metaData", null); + map.put("scanTypeCountSet", new TreeSet()); when(modelBuilder.build(any())).thenReturn(map); } diff --git a/sechub-scan/src/main/resources/templates/report/html/details_footer.html b/sechub-scan/src/main/resources/templates/report/html/details_footer.html index 213c36e309..69daa8e677 100644 --- a/sechub-scan/src/main/resources/templates/report/html/details_footer.html +++ b/sechub-scan/src/main/resources/templates/report/html/details_footer.html @@ -1,4 +1,4 @@ - +

Description

Description1
diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html index bfbd315633..38d4880139 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.html @@ -66,7 +66,7 @@ Scan result Report for Job:job-uuid - + @@ -101,66 +101,68 @@

Summary

-
- CodeScan -
-
-
-
-
-
-
-
-
-
-
- InfraScan -
-
-
-
-
-
-
-
-
-
-
- LicenseScan -
-
-
-
-
-
-
-
-
-
-
- SecretScan -
-
-
-
-
-
-
-
-
-
-
- WebScan -
-
-
-
-
-
-
-
-
-
+
+
+ CodeScan +
+
+
+
+
+
+
+
+
+
+
+ InfraScan +
+
+
+
+
+
+
+
+
+
+
+ LicenseScan +
+
+
+
+
+
+
+
+
+
+
+ SecretScan +
+
+
+
+
+
+
+
+
+
+
+ WebScan +
+
+
+
+
+
+
+
+
+
+

diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanReportRestControllerMockTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanReportRestControllerMockTest.java index e33d083fee..63b3709c5c 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanReportRestControllerMockTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanReportRestControllerMockTest.java @@ -9,12 +9,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.Map; -import java.util.Optional; -import java.util.UUID; +import java.util.*; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -30,17 +25,9 @@ import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.MockMvc; -import com.mercedesbenz.sechub.commons.model.SecHubFinding; -import com.mercedesbenz.sechub.commons.model.TrafficLight; -import com.mercedesbenz.sechub.commons.model.TrafficLightCalculator; +import com.mercedesbenz.sechub.commons.model.*; import com.mercedesbenz.sechub.domain.scan.product.ReportProductExecutionService; -import com.mercedesbenz.sechub.domain.scan.report.CreateScanReportService; -import com.mercedesbenz.sechub.domain.scan.report.DownloadScanReportService; -import com.mercedesbenz.sechub.domain.scan.report.DownloadSpdxScanReportService; -import com.mercedesbenz.sechub.domain.scan.report.ScanReport; -import com.mercedesbenz.sechub.domain.scan.report.ScanReportRepository; -import com.mercedesbenz.sechub.domain.scan.report.ScanReportRestController; -import com.mercedesbenz.sechub.domain.scan.report.ScanSecHubReport; +import com.mercedesbenz.sechub.domain.scan.report.*; import com.mercedesbenz.sechub.test.TestPortProvider; @ExtendWith(SpringExtension.class) @@ -130,11 +117,14 @@ void get_html_report_with_cwe_id() throws Exception { Integer cweId = Integer.valueOf(77); - SecHubFinding finding = new SecHubFinding(); + HTMLSecHubFinding finding = new HTMLSecHubFinding(); finding.setCweId(cweId); + finding.setSeverity(Severity.HIGH); + finding.setType(ScanType.CODE_SCAN); + finding.setDescription("Potential file inclusion via variable"); - reportModelBuilderResult.put("redList", Arrays.asList(finding)); - reportModelBuilderResult.put("codeScanEntries", new ArrayList<>()); + reportModelBuilderResult.put("reportHelper", HTMLReportHelper.DEFAULT); + reportModelBuilderResult.put("redHTMLSecHubFindingList", Arrays.asList(finding)); when(modelBuilder.build(any())).thenReturn(reportModelBuilderResult); @@ -264,8 +254,9 @@ void beforeEach() throws Exception { reportModelBuilderResult.put("yellowList", new ArrayList<>()); reportModelBuilderResult.put("greenList", new ArrayList<>()); reportModelBuilderResult.put("isWebDesignMode", false); - reportModelBuilderResult.put("metaData", Optional.ofNullable(null)); + reportModelBuilderResult.put("metaData", null); reportModelBuilderResult.put("codeScanSupport", new HtmlCodeScanDescriptionSupport()); + reportModelBuilderResult.put("scanTypeCountSet", new TreeSet()); when(modelBuilder.build(any())).thenReturn(reportModelBuilderResult); } From 3efa782b24547ff35f8b25a36b4702b965cf1161 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Fri, 27 Oct 2023 18:52:13 +0300 Subject: [PATCH 11/44] Modified tests for the new report from #345 --- .../src/main/resources/reduced-openapi3.json | 20 +- .../commons/model/SecHubReportMetaData.java | 22 +-- .../SecHubReportMetaDataSummaryDetails.java | 172 +++++++++++------- .../integrationtest/api/AssertHTMLReport.java | 6 + .../integrationtest/api/AssertReport.java | 57 ++++-- .../PDSCodeScanSarifJobScenario10IntTest.java | 25 ++- .../expected-output/sechub-result1.json | 40 ++++ 7 files changed, 235 insertions(+), 107 deletions(-) diff --git a/sechub-api-java/src/main/resources/reduced-openapi3.json b/sechub-api-java/src/main/resources/reduced-openapi3.json index f196b8b20d..cdf522bca8 100644 --- a/sechub-api-java/src/main/resources/reduced-openapi3.json +++ b/sechub-api-java/src/main/resources/reduced-openapi3.json @@ -3387,16 +3387,6 @@ "title": "ServerVersion", "type": "object" }, - "JobId": { - "title": "JobId", - "type": "object", - "properties": { - "jobId": { - "type": "string", - "description": "A unique job id" - } - } - }, "ExecutionProfileCreate": { "title": "ExecutionProfileCreate", "type": "object", @@ -3447,6 +3437,16 @@ } } }, + "JobId": { + "title": "JobId", + "type": "object", + "properties": { + "jobId": { + "type": "string", + "description": "A unique job id" + } + } + }, "JobStatus": { "title": "JobStatus", "type": "object", diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java index 0db161188b..d8873db07e 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java @@ -9,19 +9,19 @@ @JsonIgnoreProperties(ignoreUnknown = true) public class SecHubReportMetaData { - private Map labels = new LinkedHashMap<>(); + private Map labels = new LinkedHashMap<>(); - private SecHubReportSummary summary = new SecHubReportSummary(); + private SecHubReportSummary summary = new SecHubReportSummary(); - public Map getLabels() { - return labels; - } + public Map getLabels() { + return labels; + } - public SecHubReportSummary getSummary() { - return summary; - } + public SecHubReportSummary getSummary() { + return summary; + } - public void setSummary(SecHubReportSummary summary) { - this.summary = summary; - } + public void setSummary(SecHubReportSummary summary) { + this.summary = summary; + } } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java index 30803d38d8..4f0dd01a6f 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java @@ -1,76 +1,122 @@ // SPDX-License-Identifier: MIT package com.mercedesbenz.sechub.commons.model; +import java.io.IOException; import java.util.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.fasterxml.jackson.databind.DeserializationContext; @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonIgnoreProperties(ignoreUnknown = true) public class SecHubReportMetaDataSummaryDetails { + + private static final Logger LOG = LoggerFactory.getLogger(SecHubReportMetaDataSummaryDetails.class); + + @JsonDeserialize(using = TreeMapDeserializer.class) + Map high = new TreeMap<>(); + + @JsonDeserialize(using = TreeMapDeserializer.class) + Map medium = new TreeMap<>(); + + @JsonDeserialize(using = TreeMapDeserializer.class) + Map low = new TreeMap<>(); + + public void detailsHelper(SecHubFinding finding) { + switch (finding.getSeverity()) { + case HIGH -> detailsFiller(high, finding); + case MEDIUM -> detailsFiller(medium, finding); + case LOW, INFO -> detailsFiller(low, finding); + } + } + + protected void detailsFiller(Map helperMap, SecHubFinding finding) { + Integer cweId = finding.getCweId(); + String name = finding.getName(); + SeverityDetails severityDetails = helperMap.get(name); + if (severityDetails != null) { + severityDetails.incrementCount(); + } else { + helperMap.put(name, new SeverityDetails(cweId, name)); + } + } + + public List getHigh() { + return new ArrayList<>(high.values()); + } + + public List getMedium() { + return new ArrayList<>(medium.values()); + } + + public List getLow() { + return new ArrayList<>(low.values()); + } + + @JsonIgnoreProperties(ignoreUnknown = true) + public class SeverityDetails { + private Integer cweId; + private String name; + private long count; + + SeverityDetails(Integer cweId, String name) { + this.cweId = cweId; + this.name = name; + this.count = 1; + } + + public void incrementCount() { + this.count++; + } + + public Integer getCweId() { + return cweId; + } + + public String getName() { + return name; + } + + public long getCount() { + return count; + } + } + + private static class TreeMapDeserializer extends StdDeserializer> { + + public TreeMapDeserializer() { + this(null); + } + + protected TreeMapDeserializer(Class vc) { + super(vc); + } - Map high = new TreeMap<>(); - Map medium = new TreeMap<>(); - Map low = new TreeMap<>(); - - public void detailsHelper(SecHubFinding finding) { - switch (finding.getSeverity()) { - case HIGH -> detailsFiller(high, finding); - case MEDIUM -> detailsFiller(medium, finding); - case LOW, INFO -> detailsFiller(low, finding); - } - } - - protected void detailsFiller(Map helperMap, SecHubFinding finding) { - Integer cweId = finding.getCweId(); - String name = finding.getName(); - SeverityDetails severityDetails = helperMap.get(name); - if (severityDetails != null) { - severityDetails.incrementCount(); - } else { - helperMap.put(name, new SeverityDetails(cweId, name)); - } - } - - public List getHigh() { - return new ArrayList<>(high.values()); - } - - public List getMedium() { - return new ArrayList<>(medium.values()); - } - - public List getLow() { - return new ArrayList<>(low.values()); - } - - @JsonIgnoreProperties(ignoreUnknown = true) - protected class SeverityDetails { - private Integer cweId; - private String name; - private long count; - - SeverityDetails(Integer cweId, String name) { - this.cweId = cweId; - this.name = name; - this.count = 1; - } - - public void incrementCount() { - this.count++; - } - - public Integer getCweId() { - return cweId; - } - - public String getName() { - return name; - } - - public long getCount() { - return count; - } - } + @Override + public TreeMap deserialize(JsonParser jsonParser, + DeserializationContext deserializationContext) throws IOException, JsonProcessingException { + TreeMap treeMap = new TreeMap<>(); + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + node.fields().forEachRemaining(entry -> { + try { + String key = entry.getKey(); + SeverityDetails value = entry.getValue().traverse(jsonParser.getCodec()) + .readValueAs(SeverityDetails.class); + treeMap.put(key, value); + } catch (IOException e) { + LOG.debug("JSON deserialization failed \n" + e); + } + }); + return treeMap; + } + } } diff --git a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java index 1e48d6e989..42e20b7a8e 100644 --- a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java +++ b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java @@ -52,4 +52,10 @@ public AssertHTMLReport hasMetaDataLabel(String key, String value) { return this; } + public AssertHTMLReport hasHTMLString(String value) { + if (!html.contains(value)) { + failWithDump("The report does not contain expected HTML string ':" + value + "'"); + } + return this; + } } diff --git a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java index dc3e6c43f7..3755021535 100644 --- a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java +++ b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java @@ -12,19 +12,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.mercedesbenz.sechub.commons.model.ScanType; -import com.mercedesbenz.sechub.commons.model.SecHubCodeCallStack; -import com.mercedesbenz.sechub.commons.model.SecHubFinding; -import com.mercedesbenz.sechub.commons.model.SecHubMessage; -import com.mercedesbenz.sechub.commons.model.SecHubMessageType; -import com.mercedesbenz.sechub.commons.model.SecHubReportData; -import com.mercedesbenz.sechub.commons.model.SecHubReportMetaData; -import com.mercedesbenz.sechub.commons.model.SecHubReportModel; -import com.mercedesbenz.sechub.commons.model.SecHubReportVersion; -import com.mercedesbenz.sechub.commons.model.SecHubResult; -import com.mercedesbenz.sechub.commons.model.SecHubStatus; -import com.mercedesbenz.sechub.commons.model.Severity; -import com.mercedesbenz.sechub.commons.model.TrafficLight; +import com.mercedesbenz.sechub.commons.model.*; +import com.mercedesbenz.sechub.commons.model.SecHubReportMetaDataSummaryDetails.SeverityDetails; import com.mercedesbenz.sechub.integrationtest.internal.SecHubJobAutoDumper; public class AssertReport { @@ -327,6 +316,48 @@ public AssertReport hasMetaDataLabel(String key, String value) { return this; } + + public SecHubReportMetaDataSummary getMetaDataSummaryCodeScan() { + Optional metaDataOpt = report.getMetaData(); + if (metaDataOpt.isEmpty()) { + fail("Meta data not found inside report!"); + } + SecHubReportMetaData metaData = metaDataOpt.get(); + + return metaData.getSummary().getCodeScan(); + } + + public AssertReport hasMetaDataSummaryCodeScanTotal(long value) { + SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); + + assertEquals(value, metaDataSummary.getTotal()); + + return this; + } + + public AssertReport hasMetaDataSummaryCodeScanRed(long value) { + SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); + + assertEquals(value, metaDataSummary.getRed()); + + return this; + } + + public AssertReport hasMetaDataSummaryCodeScanYellow(long value) { + SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); + + assertEquals(value, metaDataSummary.getYellow()); + + return this; + } + + public AssertReport hasMetaDataSummaryCodeScanGreen(long value) { + SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); + + assertEquals(value, metaDataSummary.getGreen()); + + return this; + } public AssertReport dump() { LOG.info("-----------------------------------------------------------"); diff --git a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java index fc0efbe2ce..81bda0519b 100644 --- a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java +++ b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java @@ -72,11 +72,10 @@ public void a_user_can_start_a_pds_sarif_scan_and_get_the_sarif_results_transfor hasStatus(SecHubStatus.SUCCESS). hasMessages(0). hasJobUUID(jobUUID). - hasMetaDataLabel("quality-level", "high"). - hasMetaDataLabel("test-label1", "Something special"). - hasMetaDataLabel("test-label2", ""). - hasMetaDataLabel("test-label3_with_html", "HTML is allowed, but must always be escaped in reports!"). - hasMetaDataLabel("test-label4_with_special_chars", "Line1\nLine2\tLine3"). + hasMetaDataSummaryCodeScanTotal(32). + hasMetaDataSummaryCodeScanRed(28). + hasMetaDataSummaryCodeScanYellow(2). + hasMetaDataSummaryCodeScanGreen(2). hasTrafficLight(RED). finding(0). hasSeverity(Severity.HIGH). @@ -98,11 +97,17 @@ public void a_user_can_start_a_pds_sarif_scan_and_get_the_sarif_results_transfor assertHTMLReport(htmlReport). containsAtLeastOneOpenDetailsBlock(). - hasMetaDataLabel("quality-level", "high"). - hasMetaDataLabel("test-label1", "Something special"). - hasMetaDataLabel("test-label2", ""). - hasMetaDataLabel("test-label3_with_html", "<html>HTML is allowed, but must always be escaped in reports!</html>"). - hasMetaDataLabel("test-label4_with_special_chars", "Line1\nLine2\tLine3"); + hasHTMLString("28"). + hasHTMLString("2"). + hasHTMLString("2"). + hasHTMLString(" \n" + + " CWE-null\n" + + " BRAKE0000\n" + + " 2\n" + + " "). + hasHTMLString("Red findings (Count: 28)"). + hasHTMLString("Yellow findings (Count: 2)"). + hasHTMLString("Green findings (Count: 2)"); // try to restart SecHub (will reuse existing PDS job because already done ) assertSecHubRestartWillNotStartNewJobButReusesExistingBecausePDSJobWasAlreadyDone(project,jobUUID); diff --git a/sechub-systemtest/src/test/resources/additional-resources/expected-output/sechub-result1.json b/sechub-systemtest/src/test/resources/additional-resources/expected-output/sechub-result1.json index 13c6ffdd76..8aa236c453 100644 --- a/sechub-systemtest/src/test/resources/additional-resources/expected-output/sechub-result1.json +++ b/sechub-systemtest/src/test/resources/additional-resources/expected-output/sechub-result1.json @@ -55,6 +55,46 @@ }, "status" : "SUCCESS", "reportVersion" : "1.0", + "metaData" : { + "labels" : { }, + "summary" : { + "codeScan" : { + "total" : 4, + "red" : 0, + "yellow" : 1, + "green" : 3, + "details" : { } + }, + "infraScan" : { + "total" : 0, + "red" : 0, + "yellow" : 0, + "green" : 0, + "details" : { } + }, + "licenseScan" : { + "total" : 0, + "red" : 0, + "yellow" : 0, + "green" : 0, + "details" : { } + }, + "secretScan" : { + "total" : 0, + "red" : 0, + "yellow" : 0, + "green" : 0, + "details" : { } + }, + "webScan" : { + "total" : 0, + "red" : 0, + "yellow" : 0, + "green" : 0, + "details" : { } + } + } + }, "messages" : [ { "type" : "ERROR", "text" : "error for PDS job: {*:36} but with\n a multine ....\n " From 983f58d2c3b6d0ec55793094801ae201adc3cd59 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 14:38:15 +0200 Subject: [PATCH 12/44] Fixed some tests and html templates #345 --- .../src/main/resources/reduced-openapi3.json | 20 +- .../commons/model/SecHubReportMetaData.java | 22 +- .../SecHubReportMetaDataSummaryDetails.java | 201 +++++++++--------- .../integrationtest/api/AssertHTMLReport.java | 6 +- .../integrationtest/api/AssertReport.java | 63 +++--- .../PDSCodeScanSarifJobScenario10IntTest.java | 2 +- 6 files changed, 156 insertions(+), 158 deletions(-) diff --git a/sechub-api-java/src/main/resources/reduced-openapi3.json b/sechub-api-java/src/main/resources/reduced-openapi3.json index cdf522bca8..f196b8b20d 100644 --- a/sechub-api-java/src/main/resources/reduced-openapi3.json +++ b/sechub-api-java/src/main/resources/reduced-openapi3.json @@ -3387,6 +3387,16 @@ "title": "ServerVersion", "type": "object" }, + "JobId": { + "title": "JobId", + "type": "object", + "properties": { + "jobId": { + "type": "string", + "description": "A unique job id" + } + } + }, "ExecutionProfileCreate": { "title": "ExecutionProfileCreate", "type": "object", @@ -3437,16 +3447,6 @@ } } }, - "JobId": { - "title": "JobId", - "type": "object", - "properties": { - "jobId": { - "type": "string", - "description": "A unique job id" - } - } - }, "JobStatus": { "title": "JobStatus", "type": "object", diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java index d8873db07e..0db161188b 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaData.java @@ -9,19 +9,19 @@ @JsonIgnoreProperties(ignoreUnknown = true) public class SecHubReportMetaData { - private Map labels = new LinkedHashMap<>(); + private Map labels = new LinkedHashMap<>(); - private SecHubReportSummary summary = new SecHubReportSummary(); + private SecHubReportSummary summary = new SecHubReportSummary(); - public Map getLabels() { - return labels; - } + public Map getLabels() { + return labels; + } - public SecHubReportSummary getSummary() { - return summary; - } + public SecHubReportSummary getSummary() { + return summary; + } - public void setSummary(SecHubReportSummary summary) { - this.summary = summary; - } + public void setSummary(SecHubReportSummary summary) { + this.summary = summary; + } } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java index 4f0dd01a6f..56fd1ec473 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java @@ -11,112 +11,111 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; -import com.fasterxml.jackson.databind.DeserializationContext; @JsonInclude(JsonInclude.Include.NON_EMPTY) @JsonIgnoreProperties(ignoreUnknown = true) public class SecHubReportMetaDataSummaryDetails { - - private static final Logger LOG = LoggerFactory.getLogger(SecHubReportMetaDataSummaryDetails.class); - - @JsonDeserialize(using = TreeMapDeserializer.class) - Map high = new TreeMap<>(); - - @JsonDeserialize(using = TreeMapDeserializer.class) - Map medium = new TreeMap<>(); - - @JsonDeserialize(using = TreeMapDeserializer.class) - Map low = new TreeMap<>(); - - public void detailsHelper(SecHubFinding finding) { - switch (finding.getSeverity()) { - case HIGH -> detailsFiller(high, finding); - case MEDIUM -> detailsFiller(medium, finding); - case LOW, INFO -> detailsFiller(low, finding); - } - } - - protected void detailsFiller(Map helperMap, SecHubFinding finding) { - Integer cweId = finding.getCweId(); - String name = finding.getName(); - SeverityDetails severityDetails = helperMap.get(name); - if (severityDetails != null) { - severityDetails.incrementCount(); - } else { - helperMap.put(name, new SeverityDetails(cweId, name)); - } - } - - public List getHigh() { - return new ArrayList<>(high.values()); - } - - public List getMedium() { - return new ArrayList<>(medium.values()); - } - - public List getLow() { - return new ArrayList<>(low.values()); - } - - @JsonIgnoreProperties(ignoreUnknown = true) - public class SeverityDetails { - private Integer cweId; - private String name; - private long count; - - SeverityDetails(Integer cweId, String name) { - this.cweId = cweId; - this.name = name; - this.count = 1; - } - - public void incrementCount() { - this.count++; - } - - public Integer getCweId() { - return cweId; - } - - public String getName() { - return name; - } - - public long getCount() { - return count; - } - } - - private static class TreeMapDeserializer extends StdDeserializer> { - - public TreeMapDeserializer() { - this(null); - } - - protected TreeMapDeserializer(Class vc) { - super(vc); - } - - @Override - public TreeMap deserialize(JsonParser jsonParser, - DeserializationContext deserializationContext) throws IOException, JsonProcessingException { - TreeMap treeMap = new TreeMap<>(); - JsonNode node = jsonParser.getCodec().readTree(jsonParser); - node.fields().forEachRemaining(entry -> { - try { - String key = entry.getKey(); - SeverityDetails value = entry.getValue().traverse(jsonParser.getCodec()) - .readValueAs(SeverityDetails.class); - treeMap.put(key, value); - } catch (IOException e) { - LOG.debug("JSON deserialization failed \n" + e); - } - }); - return treeMap; - } - } + + private static final Logger LOG = LoggerFactory.getLogger(SecHubReportMetaDataSummaryDetails.class); + + @JsonDeserialize(using = TreeMapDeserializer.class) + Map high = new TreeMap<>(); + + @JsonDeserialize(using = TreeMapDeserializer.class) + Map medium = new TreeMap<>(); + + @JsonDeserialize(using = TreeMapDeserializer.class) + Map low = new TreeMap<>(); + + public void detailsHelper(SecHubFinding finding) { + switch (finding.getSeverity()) { + case HIGH -> detailsFiller(high, finding); + case MEDIUM -> detailsFiller(medium, finding); + case LOW, INFO -> detailsFiller(low, finding); + } + } + + protected void detailsFiller(Map helperMap, SecHubFinding finding) { + Integer cweId = finding.getCweId(); + String name = finding.getName() != null ? finding.getName() : "no_name"; + SeverityDetails severityDetails = helperMap.get(name); + if (severityDetails != null) { + severityDetails.incrementCount(); + } else { + helperMap.put(name, new SeverityDetails(cweId, name)); + } + } + + public List getHigh() { + return new ArrayList<>(high.values()); + } + + public List getMedium() { + return new ArrayList<>(medium.values()); + } + + public List getLow() { + return new ArrayList<>(low.values()); + } + + @JsonIgnoreProperties(ignoreUnknown = true) + public class SeverityDetails { + private Integer cweId; + private String name; + private long count; + + SeverityDetails(Integer cweId, String name) { + this.cweId = cweId; + this.name = name; + this.count = 1; + } + + public void incrementCount() { + this.count++; + } + + public Integer getCweId() { + return cweId; + } + + public String getName() { + return name; + } + + public long getCount() { + return count; + } + } + + private static class TreeMapDeserializer extends StdDeserializer> { + + public TreeMapDeserializer() { + this(null); + } + + protected TreeMapDeserializer(Class vc) { + super(vc); + } + + @Override + public TreeMap deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) + throws IOException, JsonProcessingException { + TreeMap treeMap = new TreeMap<>(); + JsonNode node = jsonParser.getCodec().readTree(jsonParser); + node.fields().forEachRemaining(entry -> { + try { + String key = entry.getKey(); + SeverityDetails value = entry.getValue().traverse(jsonParser.getCodec()).readValueAs(SeverityDetails.class); + treeMap.put(key, value); + } catch (IOException e) { + LOG.debug("JSON deserialization failed \n" + e); + } + }); + return treeMap; + } + } } diff --git a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java index 42e20b7a8e..fdd9154aea 100644 --- a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java +++ b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertHTMLReport.java @@ -53,9 +53,9 @@ public AssertHTMLReport hasMetaDataLabel(String key, String value) { } public AssertHTMLReport hasHTMLString(String value) { - if (!html.contains(value)) { + if (!html.contains(value)) { failWithDump("The report does not contain expected HTML string ':" + value + "'"); - } - return this; + } + return this; } } diff --git a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java index 3755021535..88f41d773d 100644 --- a/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java +++ b/sechub-integrationtest/src/main/java/com/mercedesbenz/sechub/integrationtest/api/AssertReport.java @@ -13,7 +13,6 @@ import org.slf4j.LoggerFactory; import com.mercedesbenz.sechub.commons.model.*; -import com.mercedesbenz.sechub.commons.model.SecHubReportMetaDataSummaryDetails.SeverityDetails; import com.mercedesbenz.sechub.integrationtest.internal.SecHubJobAutoDumper; public class AssertReport { @@ -316,47 +315,47 @@ public AssertReport hasMetaDataLabel(String key, String value) { return this; } - + public SecHubReportMetaDataSummary getMetaDataSummaryCodeScan() { - Optional metaDataOpt = report.getMetaData(); - if (metaDataOpt.isEmpty()) { - fail("Meta data not found inside report!"); - } - SecHubReportMetaData metaData = metaDataOpt.get(); + Optional metaDataOpt = report.getMetaData(); + if (metaDataOpt.isEmpty()) { + fail("Meta data not found inside report!"); + } + SecHubReportMetaData metaData = metaDataOpt.get(); - return metaData.getSummary().getCodeScan(); + return metaData.getSummary().getCodeScan(); } - + public AssertReport hasMetaDataSummaryCodeScanTotal(long value) { - SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); - - assertEquals(value, metaDataSummary.getTotal()); - - return this; + SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); + + assertEquals(value, metaDataSummary.getTotal()); + + return this; } - + public AssertReport hasMetaDataSummaryCodeScanRed(long value) { - SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); - - assertEquals(value, metaDataSummary.getRed()); - - return this; + SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); + + assertEquals(value, metaDataSummary.getRed()); + + return this; } - + public AssertReport hasMetaDataSummaryCodeScanYellow(long value) { - SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); - - assertEquals(value, metaDataSummary.getYellow()); - - return this; + SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); + + assertEquals(value, metaDataSummary.getYellow()); + + return this; } - + public AssertReport hasMetaDataSummaryCodeScanGreen(long value) { - SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); - - assertEquals(value, metaDataSummary.getGreen()); - - return this; + SecHubReportMetaDataSummary metaDataSummary = getMetaDataSummaryCodeScan(); + + assertEquals(value, metaDataSummary.getGreen()); + + return this; } public AssertReport dump() { diff --git a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java index 81bda0519b..17fbc5c9c4 100644 --- a/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java +++ b/sechub-integrationtest/src/test/java/com/mercedesbenz/sechub/integrationtest/scenario10/PDSCodeScanSarifJobScenario10IntTest.java @@ -99,7 +99,7 @@ public void a_user_can_start_a_pds_sarif_scan_and_get_the_sarif_results_transfor containsAtLeastOneOpenDetailsBlock(). hasHTMLString("28"). hasHTMLString("2"). - hasHTMLString("2"). + hasHTMLString("2"). hasHTMLString(" \n" + " CWE-null\n" + " BRAKE0000\n" From 560b6d40bf00bb8daa83eea90e7982e07c57ed58 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 18:44:36 +0200 Subject: [PATCH 13/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java Co-authored-by: Jeeppler --- .../commons/model/SecHubReportMetaDataSummaryDetailsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index 0b691f41f6..f48b893616 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -111,7 +111,7 @@ void instance_variables_of_new_element_in_low_map_initialized_correctly() { @Test void if_adding_multiple_similar_findings_into_high_map_counter_contains_correct_value() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 0; i < 8; i++) { secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); } SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_NAME); From 2119dd01c3f30c99aab25bdbfecccf52a3859856 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 18:45:07 +0200 Subject: [PATCH 14/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java Co-authored-by: Jeeppler --- .../commons/model/SecHubReportMetaDataSummaryDetailsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index f48b893616..69f0a1d58a 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -123,7 +123,7 @@ void if_adding_multiple_similar_findings_into_high_map_counter_contains_correct_ @Test void if_adding_multiple_similar_findings_into_medium_map_counter_contains_correct_value() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 0; i < 4; i++) { secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); } SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_NAME); From de9a510ed68447d524250fca6218c880a3fe33b6 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 18:45:38 +0200 Subject: [PATCH 15/44] Update sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java Co-authored-by: Jeeppler --- .../com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java index 6955aebde4..af5faad148 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java @@ -96,7 +96,7 @@ void execute_incrementLowSeverityCount_once_increment_lowSeverityCount_value_by_ @Test void executing_incrementLowSeverityCount_101_times_increases_lowSeverityCount_value_by_101() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 93; i < 101; i++) { scanTypeCount.incrementLowSeverityCount(); } From 145b073cde97f571e309c04e8ce993c58d1b6a32 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 18:45:57 +0200 Subject: [PATCH 16/44] Update sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java Co-authored-by: Jeeppler --- .../com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java index af5faad148..203224820a 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java @@ -76,7 +76,7 @@ void execute_incrementMediumSeverityCount_once_increment_mediumSeverityCount_val @Test void executing_incrementMediumSeverityCount_101_times_increases_mediumSeverityCount_value_by_101() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 97; i < 101; i++) { scanTypeCount.incrementMediumSeverityCount(); } From a9af1db78a61ca82408499ee40e53d6892c9f030 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 18:47:47 +0200 Subject: [PATCH 17/44] Update sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java Co-authored-by: Jeeppler --- .../com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java index 203224820a..0410cf8be4 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java @@ -56,7 +56,7 @@ void execute_incrementHighSeverityCount_once_increment_highSeverityCount_value_b @Test void executing_incrementHighSeverityCount_101_times_increases_highSeverityCount_value_by_101() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 97; i < 101; i++) { scanTypeCount.incrementHighSeverityCount(); } From fa7fed82d9d41e5936affa8e1d3e5ff2a435fa9c Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 18:50:40 +0200 Subject: [PATCH 18/44] Update sechub-scan/src/main/resources/templates/report/html/scanresult.html Co-authored-by: Jeeppler --- .../src/main/resources/templates/report/html/scanresult.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html index 38d4880139..7b3689dad5 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.html @@ -279,7 +279,7 @@

Messages

This is a warning message text - 🛈 + 🛈 This is an info message text From 1b33a6819125010e658d0eee4774586074f2c2c6 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 18:50:55 +0200 Subject: [PATCH 19/44] Update sechub-scan/src/main/resources/templates/report/html/scanresult.html Co-authored-by: Jeeppler --- .../src/main/resources/templates/report/html/scanresult.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html index 7b3689dad5..e510ab5a74 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.html @@ -275,7 +275,7 @@

Messages

This is an error message text - ⚠ + âš  This is a warning message text From 8c5a8b0bccca3dc3cb74db05dba8a005bdca18a9 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 18:51:29 +0200 Subject: [PATCH 20/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java Co-authored-by: Jeeppler --- .../commons/model/SecHubReportMetaDataSummaryDetailsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index 69f0a1d58a..4892cac0a7 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -161,7 +161,7 @@ void correct_list_must_be_get_from_high_map() { } @Test - void correct_list_must_be_get_from_medium_map() { + void must_get_correct_list_from_medium_map() { /* prepare */ secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); From 7f791c962885799713ced46628d1809e6e4d809f Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:41:15 +0200 Subject: [PATCH 21/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java Co-authored-by: Jeeppler --- .../commons/model/SecHubReportMetaDataSummaryDetailsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index 4892cac0a7..be3036e7e3 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -154,7 +154,7 @@ void correct_list_must_be_get_from_high_map() { /* test */ assertTrue(!list.isEmpty()); - assertTrue(1 == list.size()); + assertEquals(1, list.size()); assertEquals(highFinding.getCweId(), list.get(0).getCweId()); assertEquals(highFinding.getName(), list.get(0).getName()); assertEquals(1, list.get(0).getCount()); From 30c719cdd6cc40e22f4758523cc8a69d7f192b45 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:42:20 +0200 Subject: [PATCH 22/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java Co-authored-by: Jeeppler --- .../commons/model/SecHubReportMetaDataSummaryDetailsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index be3036e7e3..a32f55d417 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -135,7 +135,7 @@ void if_adding_multiple_similar_findings_into_medium_map_counter_contains_correc @Test void if_adding_multiple_similar_findings_into_low_map_counter_contains_correct_value() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 0; i < 11; i++) { secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); } SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_NAME); From 01d06c5fe150744e13f4787a7a647ed7a409551b Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:42:56 +0200 Subject: [PATCH 23/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java Co-authored-by: Jeeppler --- .../commons/model/SecHubReportMetaDataSummaryDetailsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index a32f55d417..14a56cd0a8 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -145,7 +145,7 @@ void if_adding_multiple_similar_findings_into_low_map_counter_contains_correct_v } @Test - void correct_list_must_be_get_from_high_map() { + void must_get_correct_list_must_from_high_map() { /* prepare */ secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); From c6fcc7549f97188493d22a5646372da28af4c535 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:44:30 +0200 Subject: [PATCH 24/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java Co-authored-by: Jeeppler --- .../commons/model/SecHubReportMetaDataSummaryDetailsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index 14a56cd0a8..bd74819d83 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -170,7 +170,7 @@ void must_get_correct_list_from_medium_map() { /* test */ assertTrue(!list.isEmpty()); - assertTrue(1 == list.size()); + assertEquals(1, list.size()); assertEquals(mediumFinding.getCweId(), list.get(0).getCweId()); assertEquals(mediumFinding.getName(), list.get(0).getName()); assertEquals(1, list.get(0).getCount()); From 5b226302879af5e9cfba4506e0d3176992a5a4dd Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:45:00 +0200 Subject: [PATCH 25/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java Co-authored-by: Jeeppler --- .../commons/model/SecHubReportMetaDataSummaryDetailsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index bd74819d83..9cf773bf59 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -177,7 +177,7 @@ void must_get_correct_list_from_medium_map() { } @Test - void correct_list_must_be_get_from_low_map() { + void must_get_correct_list_from_low_map() { /* prepare */ secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); From f4cbf11e407399d4c5b5548c496d5e95cffa1562 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:46:08 +0200 Subject: [PATCH 26/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 3ac12ba3c9..a0c1797269 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -114,6 +114,6 @@ void when_add_multiple_high_medium_low_findings_then_red_yellow_green_and_total_ assertEquals(303, secHubReportMetaDataSummary.getTotal()); assertEquals(101, secHubReportMetaDataSummary.getRed()); assertEquals(101, secHubReportMetaDataSummary.getYellow()); - assertEquals(101, secHubReportMetaDataSummary.getGreen()); + assertEquals(4, secHubReportMetaDataSummary.getGreen()); } } From fc221ff3bb26fb9c689fb8a8283b75d8275d00eb Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:46:51 +0200 Subject: [PATCH 27/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java Co-authored-by: Jeeppler --- .../commons/model/SecHubReportMetaDataSummaryDetailsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index 9cf773bf59..62d7be767c 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -186,7 +186,7 @@ void must_get_correct_list_from_low_map() { /* test */ assertTrue(!list.isEmpty()); - assertTrue(1 == list.size()); + assertEquals(1, list.size()); assertEquals(lowFinding.getCweId(), list.get(0).getCweId()); assertEquals(lowFinding.getName(), list.get(0).getName()); assertEquals(1, list.get(0).getCount()); From 8c6fad0a8f321f79e0e90c4b2515e5a6c8f14929 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:47:25 +0200 Subject: [PATCH 28/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index a0c1797269..6d0a38ed37 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -68,7 +68,7 @@ void when_add_new_medium_finding_then_only_green_and_total_counters_must_be_incr @Test void when_add_multiple_high_findings_then_red_and_total_counters_must_be_increased() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 0; i < 11; i++) { secHubReportMetaDataSummary.reportScanHelper(highFinding); } From 2e32976f5f486b278e39af94f8f62ebf0dde9db2 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:48:06 +0200 Subject: [PATCH 29/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 6d0a38ed37..8bb2910676 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -73,7 +73,7 @@ void when_add_multiple_high_findings_then_red_and_total_counters_must_be_increas } /* test */ - assertEquals(101, secHubReportMetaDataSummary.getTotal()); + assertEquals(10, secHubReportMetaDataSummary.getTotal()); assertEquals(101, secHubReportMetaDataSummary.getRed()); } From 72b4d82f183b78fb824c52fe989249ce3f8bc0a0 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:48:35 +0200 Subject: [PATCH 30/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 8bb2910676..b77ba72e18 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -74,7 +74,7 @@ void when_add_multiple_high_findings_then_red_and_total_counters_must_be_increas /* test */ assertEquals(10, secHubReportMetaDataSummary.getTotal()); - assertEquals(101, secHubReportMetaDataSummary.getRed()); + assertEquals(10, secHubReportMetaDataSummary.getRed()); } @Test From 106ed2f156c0845457da47e432d6437a2bea9b84 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:53:24 +0200 Subject: [PATCH 31/44] Update sechub-scan/src/main/resources/templates/report/html/scanresult.html Co-authored-by: Jeeppler --- .../src/main/resources/templates/report/html/scanresult.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-scan/src/main/resources/templates/report/html/scanresult.html b/sechub-scan/src/main/resources/templates/report/html/scanresult.html index e510ab5a74..a058ee5a8e 100644 --- a/sechub-scan/src/main/resources/templates/report/html/scanresult.html +++ b/sechub-scan/src/main/resources/templates/report/html/scanresult.html @@ -271,7 +271,7 @@

Messages

- + From 9b83ae7bb60b0aafb67151b840ded22944956461 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:53:52 +0200 Subject: [PATCH 32/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index b77ba72e18..0e71b96474 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -113,7 +113,7 @@ void when_add_multiple_high_medium_low_findings_then_red_yellow_green_and_total_ /* test */ assertEquals(303, secHubReportMetaDataSummary.getTotal()); assertEquals(101, secHubReportMetaDataSummary.getRed()); - assertEquals(101, secHubReportMetaDataSummary.getYellow()); + assertEquals(4, secHubReportMetaDataSummary.getYellow()); assertEquals(4, secHubReportMetaDataSummary.getGreen()); } } From 48b0359247e663dad9bb56c0c6fb5ebcd5bf0afa Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:54:27 +0200 Subject: [PATCH 33/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 0e71b96474..32aaa16854 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -112,7 +112,7 @@ void when_add_multiple_high_medium_low_findings_then_red_yellow_green_and_total_ /* test */ assertEquals(303, secHubReportMetaDataSummary.getTotal()); - assertEquals(101, secHubReportMetaDataSummary.getRed()); + assertEquals(4, secHubReportMetaDataSummary.getRed()); assertEquals(4, secHubReportMetaDataSummary.getYellow()); assertEquals(4, secHubReportMetaDataSummary.getGreen()); } From 6472fce021f39a8deb4ca72ee0bacaa86e0234f8 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:54:52 +0200 Subject: [PATCH 34/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 32aaa16854..87f7968c0d 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -111,7 +111,7 @@ void when_add_multiple_high_medium_low_findings_then_red_yellow_green_and_total_ } /* test */ - assertEquals(303, secHubReportMetaDataSummary.getTotal()); + assertEquals(12, secHubReportMetaDataSummary.getTotal()); assertEquals(4, secHubReportMetaDataSummary.getRed()); assertEquals(4, secHubReportMetaDataSummary.getYellow()); assertEquals(4, secHubReportMetaDataSummary.getGreen()); From 8d49cc846c3f599c2a09e028047afa7583ef9be4 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:55:16 +0200 Subject: [PATCH 35/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 87f7968c0d..3bec5e0c12 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -104,7 +104,7 @@ void when_add_multiple_low_findings_then_green_and_total_counters_must_be_increa @Test void when_add_multiple_high_medium_low_findings_then_red_yellow_green_and_total_counters_must_be_increased() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 1; i <= 4 ; i++) { secHubReportMetaDataSummary.reportScanHelper(highFinding); secHubReportMetaDataSummary.reportScanHelper(mediumFinding); secHubReportMetaDataSummary.reportScanHelper(lowFinding); From a9bdd222ec114f87efc83e1bead2a4e62f441ac3 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:55:41 +0200 Subject: [PATCH 36/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 3bec5e0c12..3aa0d65d66 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -98,7 +98,7 @@ void when_add_multiple_low_findings_then_green_and_total_counters_must_be_increa /* test */ assertEquals(101, secHubReportMetaDataSummary.getTotal()); - assertEquals(101, secHubReportMetaDataSummary.getGreen()); + assertEquals(3, secHubReportMetaDataSummary.getGreen()); } @Test From d1295a9dc6ae4914fb0ff71a8903b6be0f7d14bf Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:56:17 +0200 Subject: [PATCH 37/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 3aa0d65d66..9a69038def 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -80,7 +80,7 @@ void when_add_multiple_high_findings_then_red_and_total_counters_must_be_increas @Test void when_add_multiple_medium_findings_then_yellow_and_total_counters_must_be_increased() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 0; i < 6; i++) { secHubReportMetaDataSummary.reportScanHelper(mediumFinding); } From a9e8bdb794c13e66cbbc0435282c72ef2223ca50 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:56:37 +0200 Subject: [PATCH 38/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 9a69038def..7bc6e24080 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -85,7 +85,7 @@ void when_add_multiple_medium_findings_then_yellow_and_total_counters_must_be_in } /* test */ - assertEquals(101, secHubReportMetaDataSummary.getTotal()); + assertEquals(5, secHubReportMetaDataSummary.getTotal()); assertEquals(101, secHubReportMetaDataSummary.getYellow()); } From 708ee9571d04fddbd8a6ccd3bf76ccf38134a5ba Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:56:58 +0200 Subject: [PATCH 39/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 7bc6e24080..7e03195f33 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -86,7 +86,7 @@ void when_add_multiple_medium_findings_then_yellow_and_total_counters_must_be_in /* test */ assertEquals(5, secHubReportMetaDataSummary.getTotal()); - assertEquals(101, secHubReportMetaDataSummary.getYellow()); + assertEquals(5, secHubReportMetaDataSummary.getYellow()); } @Test From 98e646477b8269bf759e2a5dc993d67f19567d83 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:57:26 +0200 Subject: [PATCH 40/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 7e03195f33..d15be31bc4 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -97,7 +97,7 @@ void when_add_multiple_low_findings_then_green_and_total_counters_must_be_increa } /* test */ - assertEquals(101, secHubReportMetaDataSummary.getTotal()); + assertEquals(3, secHubReportMetaDataSummary.getTotal()); assertEquals(3, secHubReportMetaDataSummary.getGreen()); } From 2888d061e3aeb56bef845dbef706453d308a2eec Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 19:58:03 +0200 Subject: [PATCH 41/44] Update sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java Co-authored-by: Jeeppler --- .../sechub/commons/model/SecHubReportMetaDataSummaryTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index d15be31bc4..a6c97e4970 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -92,7 +92,7 @@ void when_add_multiple_medium_findings_then_yellow_and_total_counters_must_be_in @Test void when_add_multiple_low_findings_then_green_and_total_counters_must_be_increased() { /* execute */ - for (int i = 0; i < 101; i++) { + for (int i = 0; i < 4; i++) { secHubReportMetaDataSummary.reportScanHelper(lowFinding); } From 02fdfa55c3465f4e3c671807ecc553874ca9f4b0 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Thu, 2 Nov 2023 21:55:33 +0200 Subject: [PATCH 42/44] Minor modifications in some tests #345 --- ...SecHubReportMetaDataSummaryDetailsTest.java | 6 +++--- .../model/SecHubReportMetaDataSummaryTest.java | 14 +++++++------- .../sechub/domain/scan/ScanTypeCountTest.java | 18 +++++++++--------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index 62d7be767c..241c53ace0 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -117,7 +117,7 @@ void if_adding_multiple_similar_findings_into_high_map_counter_contains_correct_ SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.high.get(HIGH_FINDING_NAME); /* test */ - assertEquals(101, severityDetails.getCount()); + assertEquals(8, severityDetails.getCount()); } @Test @@ -129,7 +129,7 @@ void if_adding_multiple_similar_findings_into_medium_map_counter_contains_correc SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.medium.get(MEDIUM_FINDING_NAME); /* test */ - assertEquals(101, severityDetails.getCount()); + assertEquals(4, severityDetails.getCount()); } @Test @@ -141,7 +141,7 @@ void if_adding_multiple_similar_findings_into_low_map_counter_contains_correct_v SecHubReportMetaDataSummaryDetails.SeverityDetails severityDetails = secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_NAME); /* test */ - assertEquals(101, severityDetails.getCount()); + assertEquals(11, severityDetails.getCount()); } @Test diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index a6c97e4970..6478ffee7d 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -73,8 +73,8 @@ void when_add_multiple_high_findings_then_red_and_total_counters_must_be_increas } /* test */ - assertEquals(10, secHubReportMetaDataSummary.getTotal()); - assertEquals(10, secHubReportMetaDataSummary.getRed()); + assertEquals(11, secHubReportMetaDataSummary.getTotal()); + assertEquals(11, secHubReportMetaDataSummary.getRed()); } @Test @@ -85,8 +85,8 @@ void when_add_multiple_medium_findings_then_yellow_and_total_counters_must_be_in } /* test */ - assertEquals(5, secHubReportMetaDataSummary.getTotal()); - assertEquals(5, secHubReportMetaDataSummary.getYellow()); + assertEquals(6, secHubReportMetaDataSummary.getTotal()); + assertEquals(6, secHubReportMetaDataSummary.getYellow()); } @Test @@ -97,14 +97,14 @@ void when_add_multiple_low_findings_then_green_and_total_counters_must_be_increa } /* test */ - assertEquals(3, secHubReportMetaDataSummary.getTotal()); - assertEquals(3, secHubReportMetaDataSummary.getGreen()); + assertEquals(4, secHubReportMetaDataSummary.getTotal()); + assertEquals(4, secHubReportMetaDataSummary.getGreen()); } @Test void when_add_multiple_high_medium_low_findings_then_red_yellow_green_and_total_counters_must_be_increased() { /* execute */ - for (int i = 1; i <= 4 ; i++) { + for (int i = 1; i <= 4; i++) { secHubReportMetaDataSummary.reportScanHelper(highFinding); secHubReportMetaDataSummary.reportScanHelper(mediumFinding); secHubReportMetaDataSummary.reportScanHelper(lowFinding); diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java index 0410cf8be4..2048e83959 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/ScanTypeCountTest.java @@ -54,14 +54,14 @@ void execute_incrementHighSeverityCount_once_increment_highSeverityCount_value_b } @Test - void executing_incrementHighSeverityCount_101_times_increases_highSeverityCount_value_by_101() { + void executing_incrementHighSeverityCount_4_times_increases_highSeverityCount_value_by_4() { /* execute */ - for (int i = 97; i < 101; i++) { + for (int i = 0; i < 4; i++) { scanTypeCount.incrementHighSeverityCount(); } /* test */ - assertEquals(scanTypeCount.getHighSeverityCount(), 101); + assertEquals(scanTypeCount.getHighSeverityCount(), 4); } @Test @@ -74,14 +74,14 @@ void execute_incrementMediumSeverityCount_once_increment_mediumSeverityCount_val } @Test - void executing_incrementMediumSeverityCount_101_times_increases_mediumSeverityCount_value_by_101() { + void executing_incrementMediumSeverityCount_5_times_increases_mediumSeverityCount_value_by_5() { /* execute */ - for (int i = 97; i < 101; i++) { + for (int i = 0; i < 5; i++) { scanTypeCount.incrementMediumSeverityCount(); } /* test */ - assertEquals(scanTypeCount.getMediumSeverityCount(), 101); + assertEquals(scanTypeCount.getMediumSeverityCount(), 5); } @Test @@ -94,14 +94,14 @@ void execute_incrementLowSeverityCount_once_increment_lowSeverityCount_value_by_ } @Test - void executing_incrementLowSeverityCount_101_times_increases_lowSeverityCount_value_by_101() { + void executing_incrementLowSeverityCount_7_times_increases_lowSeverityCount_value_by_7() { /* execute */ - for (int i = 93; i < 101; i++) { + for (int i = 0; i < 7; i++) { scanTypeCount.incrementLowSeverityCount(); } /* test */ - assertEquals(scanTypeCount.getLowSeverityCount(), 101); + assertEquals(scanTypeCount.getLowSeverityCount(), 7); } @Test From 6999d6a505e2f04afa9ebd1c511d2b59025ebfef Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Sun, 26 Nov 2023 23:33:13 +0200 Subject: [PATCH 43/44] Fixed bug when critical, info and unclassified findings shown incorrectly in the reports. #345 --- .../src/main/resources/reduced-openapi3.json | 124 +++++++++--------- .../model/SecHubReportMetaDataSummary.java | 4 +- .../SecHubReportMetaDataSummaryDetails.java | 4 +- ...ecHubReportMetaDataSummaryDetailsTest.java | 65 ++++++++- .../SecHubReportMetaDataSummaryTest.java | 103 +++++++++++++-- .../HTMLScanResultReportModelBuilder.java | 4 +- .../HTMLScanResultReportModelBuilderTest.java | 27 ++++ 7 files changed, 248 insertions(+), 83 deletions(-) diff --git a/sechub-api-java/src/main/resources/reduced-openapi3.json b/sechub-api-java/src/main/resources/reduced-openapi3.json index dd10836526..d58f642882 100644 --- a/sechub-api-java/src/main/resources/reduced-openapi3.json +++ b/sechub-api-java/src/main/resources/reduced-openapi3.json @@ -2919,55 +2919,6 @@ } } }, - "ExecutionProfileFetch": { - "title": "ExecutionProfileFetch", - "type": "object", - "properties": { - "configurations": { - "type": "array", - "items": { - "type": "object", - "properties": { - "productIdentifier": { - "type": "string", - "description": "executed product" - }, - "name": { - "type": "string", - "description": "name of configuration" - }, - "executorVersion": { - "type": "number", - "description": "executor version" - }, - "uuid": { - "type": "string", - "description": "uuid of configuration" - }, - "enabled": { - "type": "boolean", - "description": "enabled state of this config" - } - } - } - }, - "description": { - "type": "string", - "description": "A short description for the profile" - }, - "projectIds": { - "type": "array", - "description": "Projects can be linked by their ids here", - "items": { - "type": "string" - } - }, - "enabled": { - "type": "boolean", - "description": "Enabled state of profile, default is false" - } - } - }, "FalsePositives": { "title": "FalsePositives", "type": "object", @@ -3081,6 +3032,55 @@ } } }, + "ExecutionProfileFetch": { + "title": "ExecutionProfileFetch", + "type": "object", + "properties": { + "configurations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "productIdentifier": { + "type": "string", + "description": "executed product" + }, + "name": { + "type": "string", + "description": "name of configuration" + }, + "executorVersion": { + "type": "number", + "description": "executor version" + }, + "uuid": { + "type": "string", + "description": "uuid of configuration" + }, + "enabled": { + "type": "boolean", + "description": "enabled state of this config" + } + } + } + }, + "description": { + "type": "string", + "description": "A short description for the profile" + }, + "projectIds": { + "type": "array", + "description": "Projects can be linked by their ids here", + "items": { + "type": "string" + } + }, + "enabled": { + "type": "boolean", + "description": "Enabled state of profile, default is false" + } + } + }, "FullScanDataZIP": { "title": "FullScanDataZIP", "type": "object" @@ -3251,19 +3251,6 @@ "webScan": { "type": "object", "properties": { - "maxScanDuration": { - "type": "object", - "properties": { - "duration": { - "type": "number", - "description": "Duration of the scan as integer" - }, - "unit": { - "type": "string", - "description": "Unit of the duration. Possible values are: millisecond(s), second(s), minute(s), hour(s), day(s)" - } - } - }, "headers": { "type": "array", "description": "List of HTTP headers. Can be used for authentication or anything else.", @@ -3292,6 +3279,19 @@ } } }, + "maxScanDuration": { + "type": "object", + "properties": { + "duration": { + "type": "number", + "description": "Duration of the scan as integer" + }, + "unit": { + "type": "string", + "description": "Unit of the duration. Possible values are: millisecond(s), second(s), minute(s), hour(s), day(s)" + } + } + }, "clientCertificate": { "type": "object", "properties": { diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummary.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummary.java index 04fd80018f..934fcb14f7 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummary.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummary.java @@ -20,9 +20,9 @@ public void reportScanHelper(SecHubFinding finding) { protected void incrementColors(SecHubFinding finding) { Severity severity = finding.getSeverity(); switch (severity) { - case HIGH -> incrementRedCount(); + case HIGH, CRITICAL -> incrementRedCount(); case MEDIUM -> incrementYellowCount(); - case LOW, INFO -> incrementGreenCount(); + case UNCLASSIFIED, INFO, LOW -> incrementGreenCount(); } incrementTotalCount(); } diff --git a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java index 56fd1ec473..c157268bc9 100644 --- a/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java +++ b/sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetails.java @@ -33,9 +33,9 @@ public class SecHubReportMetaDataSummaryDetails { public void detailsHelper(SecHubFinding finding) { switch (finding.getSeverity()) { - case HIGH -> detailsFiller(high, finding); + case HIGH, CRITICAL -> detailsFiller(high, finding); case MEDIUM -> detailsFiller(medium, finding); - case LOW, INFO -> detailsFiller(low, finding); + case UNCLASSIFIED, LOW, INFO -> detailsFiller(low, finding); } } diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java index 241c53ace0..81fd40435d 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryDetailsTest.java @@ -12,23 +12,37 @@ public class SecHubReportMetaDataSummaryDetailsTest { - static final int HIGH_FINDING_CWEID = 123; - static final int MEDIUM_FINDING_CWEID = 456; - static final int LOW_FINDING_CWEID = 789; - + static final int CRITICAL_FINDING_CWEID = 1; + static final int HIGH_FINDING_CWEID = 2; + static final int MEDIUM_FINDING_CWEID = 3; + static final int LOW_FINDING_CWEID = 4; + static final int INFO_FINDING_CWEID = 5; + static final int UNCLASSIFIED_FINDING_CWEID = 6; + + static final String CRITICAL_FINDING_NAME = "Critical name"; static final String HIGH_FINDING_NAME = "Cross Site Scripting (Reflected)"; static final String MEDIUM_FINDING_NAME = "CSP: Wildcard Directive"; static final String LOW_FINDING_NAME = "Cookie Without Secure Flag"; + static final String INFO_FINDING_NAME = "Info name"; + static final String UNCLASSIFIED_FINDING_NAME = "Unclassified name"; SecHubReportMetaDataSummaryDetails secHubReportMetaDataSummaryDetails; + SecHubFinding criticalFinding; SecHubFinding highFinding; SecHubFinding mediumFinding; SecHubFinding lowFinding; + SecHubFinding infoFinding; + SecHubFinding unclassifiedFinding; @BeforeEach void beforeEach() { secHubReportMetaDataSummaryDetails = new SecHubReportMetaDataSummaryDetails(); + criticalFinding = new SecHubFinding(); + criticalFinding.setCweId(CRITICAL_FINDING_CWEID); + criticalFinding.setSeverity(Severity.CRITICAL); + criticalFinding.setName(CRITICAL_FINDING_NAME); + highFinding = new SecHubFinding(); highFinding.setCweId(HIGH_FINDING_CWEID); highFinding.setSeverity(Severity.HIGH); @@ -43,10 +57,29 @@ void beforeEach() { lowFinding.setCweId(LOW_FINDING_CWEID); lowFinding.setSeverity(Severity.LOW); lowFinding.setName(LOW_FINDING_NAME); + + infoFinding = new SecHubFinding(); + infoFinding.setCweId(INFO_FINDING_CWEID); + infoFinding.setSeverity(Severity.INFO); + infoFinding.setName(INFO_FINDING_NAME); + + unclassifiedFinding = new SecHubFinding(); + unclassifiedFinding.setCweId(UNCLASSIFIED_FINDING_CWEID); + unclassifiedFinding.setSeverity(Severity.UNCLASSIFIED); + unclassifiedFinding.setName(UNCLASSIFIED_FINDING_NAME); } @Test - void new_element_in_high_map_must_be_created() { + void new_element_for_critical_finding_in_high_map_must_be_created() { + /* execute */ + secHubReportMetaDataSummaryDetails.detailsHelper(criticalFinding); + + /* test */ + assertNotNull(secHubReportMetaDataSummaryDetails.high.get(CRITICAL_FINDING_NAME)); + } + + @Test + void new_element_for_high_finding_in_high_map_must_be_created() { /* execute */ secHubReportMetaDataSummaryDetails.detailsHelper(highFinding); @@ -55,7 +88,7 @@ void new_element_in_high_map_must_be_created() { } @Test - void new_element_in_medium_map_must_be_created() { + void new_element_for_medium_finding_in_medium_map_must_be_created() { /* execute */ secHubReportMetaDataSummaryDetails.detailsHelper(mediumFinding); @@ -64,7 +97,7 @@ void new_element_in_medium_map_must_be_created() { } @Test - void new_element_in_low_map_must_be_created() { + void new_element_for_low_finding_in_low_map_must_be_created() { /* execute */ secHubReportMetaDataSummaryDetails.detailsHelper(lowFinding); @@ -72,6 +105,24 @@ void new_element_in_low_map_must_be_created() { assertNotNull(secHubReportMetaDataSummaryDetails.low.get(LOW_FINDING_NAME)); } + @Test + void new_element_for_info_finding_in_low_map_must_be_created() { + /* execute */ + secHubReportMetaDataSummaryDetails.detailsHelper(infoFinding); + + /* test */ + assertNotNull(secHubReportMetaDataSummaryDetails.low.get(INFO_FINDING_NAME)); + } + + @Test + void new_element_for_unclassified_finding_in_low_map_must_be_created() { + /* execute */ + secHubReportMetaDataSummaryDetails.detailsHelper(unclassifiedFinding); + + /* test */ + assertNotNull(secHubReportMetaDataSummaryDetails.low.get(UNCLASSIFIED_FINDING_NAME)); + } + @Test void instance_variables_of_new_element_in_high_map_initialized_correctly() { /* execute */ diff --git a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java index 6478ffee7d..80cdbdddcf 100644 --- a/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java +++ b/sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubReportMetaDataSummaryTest.java @@ -8,14 +8,18 @@ public class SecHubReportMetaDataSummaryTest { SecHubReportMetaDataSummary secHubReportMetaDataSummary; - SecHubFinding highFinding; + SecHubFinding highFinding, criticalFinding; SecHubFinding mediumFinding; - SecHubFinding lowFinding; + SecHubFinding infoFinding, unclassifiedFinding, lowFinding; @BeforeEach void beforeEach() { secHubReportMetaDataSummary = new SecHubReportMetaDataSummary(); + criticalFinding = new SecHubFinding(); + criticalFinding.setSeverity(Severity.CRITICAL); + criticalFinding.setName("Critical name"); + highFinding = new SecHubFinding(); highFinding.setSeverity(Severity.HIGH); highFinding.setName("Cross Site Scripting (Reflected)"); @@ -27,6 +31,26 @@ void beforeEach() { lowFinding = new SecHubFinding(); lowFinding.setSeverity(Severity.LOW); lowFinding.setName("Cookie Without Secure Flag"); + + infoFinding = new SecHubFinding(); + infoFinding.setSeverity(Severity.INFO); + infoFinding.setName("Info name"); + + unclassifiedFinding = new SecHubFinding(); + unclassifiedFinding.setSeverity(Severity.UNCLASSIFIED); + unclassifiedFinding.setName("Unclassified name"); + } + + @Test + void when_add_new_critical_finding_then_only_red_and_total_counters_must_be_increased() { + /* execute */ + secHubReportMetaDataSummary.reportScanHelper(criticalFinding); + + /* test */ + assertEquals(1, secHubReportMetaDataSummary.getTotal()); + assertEquals(1, secHubReportMetaDataSummary.getRed()); + assertEquals(0, secHubReportMetaDataSummary.getYellow()); + assertEquals(0, secHubReportMetaDataSummary.getGreen()); } @Test @@ -54,7 +78,7 @@ void when_add_new_medium_finding_then_only_yellow_and_total_counters_must_be_inc } @Test - void when_add_new_medium_finding_then_only_green_and_total_counters_must_be_increased() { + void when_add_new_low_finding_then_only_green_and_total_counters_must_be_increased() { /* execute */ secHubReportMetaDataSummary.reportScanHelper(lowFinding); @@ -65,6 +89,42 @@ void when_add_new_medium_finding_then_only_green_and_total_counters_must_be_incr assertEquals(1, secHubReportMetaDataSummary.getGreen()); } + @Test + void when_add_new_info_finding_then_only_green_and_total_counters_must_be_increased() { + /* execute */ + secHubReportMetaDataSummary.reportScanHelper(infoFinding); + + /* test */ + assertEquals(1, secHubReportMetaDataSummary.getTotal()); + assertEquals(0, secHubReportMetaDataSummary.getRed()); + assertEquals(0, secHubReportMetaDataSummary.getYellow()); + assertEquals(1, secHubReportMetaDataSummary.getGreen()); + } + + @Test + void when_add_new_unclassified_finding_then_only_green_and_total_counters_must_be_increased() { + /* execute */ + secHubReportMetaDataSummary.reportScanHelper(unclassifiedFinding); + + /* test */ + assertEquals(1, secHubReportMetaDataSummary.getTotal()); + assertEquals(0, secHubReportMetaDataSummary.getRed()); + assertEquals(0, secHubReportMetaDataSummary.getYellow()); + assertEquals(1, secHubReportMetaDataSummary.getGreen()); + } + + @Test + void when_add_multiple_critical_findings_then_red_and_total_counters_must_be_increased() { + /* execute */ + for (int i = 0; i < 9; i++) { + secHubReportMetaDataSummary.reportScanHelper(criticalFinding); + } + + /* test */ + assertEquals(9, secHubReportMetaDataSummary.getTotal()); + assertEquals(9, secHubReportMetaDataSummary.getRed()); + } + @Test void when_add_multiple_high_findings_then_red_and_total_counters_must_be_increased() { /* execute */ @@ -102,18 +162,45 @@ void when_add_multiple_low_findings_then_green_and_total_counters_must_be_increa } @Test - void when_add_multiple_high_medium_low_findings_then_red_yellow_green_and_total_counters_must_be_increased() { + void when_add_multiple_info_findings_then_green_and_total_counters_must_be_increased() { + /* execute */ + for (int i = 0; i < 3; i++) { + secHubReportMetaDataSummary.reportScanHelper(infoFinding); + } + + /* test */ + assertEquals(3, secHubReportMetaDataSummary.getTotal()); + assertEquals(3, secHubReportMetaDataSummary.getGreen()); + } + + @Test + void when_add_multiple_unclassified_findings_then_green_and_total_counters_must_be_increased() { + /* execute */ + for (int i = 0; i < 5; i++) { + secHubReportMetaDataSummary.reportScanHelper(unclassifiedFinding); + } + + /* test */ + assertEquals(5, secHubReportMetaDataSummary.getTotal()); + assertEquals(5, secHubReportMetaDataSummary.getGreen()); + } + + @Test + void when_add_multiple_critical_high_medium_low_info_unclassified_findings_then_red_yellow_green_and_total_counters_must_be_increased() { /* execute */ - for (int i = 1; i <= 4; i++) { + for (int i = 0; i < 4; i++) { + secHubReportMetaDataSummary.reportScanHelper(criticalFinding); secHubReportMetaDataSummary.reportScanHelper(highFinding); secHubReportMetaDataSummary.reportScanHelper(mediumFinding); secHubReportMetaDataSummary.reportScanHelper(lowFinding); + secHubReportMetaDataSummary.reportScanHelper(infoFinding); + secHubReportMetaDataSummary.reportScanHelper(unclassifiedFinding); } /* test */ - assertEquals(12, secHubReportMetaDataSummary.getTotal()); - assertEquals(4, secHubReportMetaDataSummary.getRed()); + assertEquals(24, secHubReportMetaDataSummary.getTotal()); + assertEquals(8, secHubReportMetaDataSummary.getRed()); assertEquals(4, secHubReportMetaDataSummary.getYellow()); - assertEquals(4, secHubReportMetaDataSummary.getGreen()); + assertEquals(12, secHubReportMetaDataSummary.getGreen()); } } diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java index 16d37c5381..b9106bf815 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java @@ -142,9 +142,9 @@ protected Set prepareScanTypesForModel(List findin protected void incrementScanCount(Severity severity, ScanTypeCount scanTypeCount) { switch (severity) { - case HIGH -> scanTypeCount.incrementHighSeverityCount(); + case HIGH, CRITICAL -> scanTypeCount.incrementHighSeverityCount(); case MEDIUM -> scanTypeCount.incrementMediumSeverityCount(); - case LOW, INFO -> scanTypeCount.incrementLowSeverityCount(); + case UNCLASSIFIED, INFO, LOW -> scanTypeCount.incrementLowSeverityCount(); } } diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java index a807eb20f4..f12a2942a1 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilderTest.java @@ -229,6 +229,15 @@ void code_scan_entries_set_and_right_amount_of_call_stacks_populated() { assertTrue(map.get("codeScanSupport") instanceof HtmlCodeScanDescriptionSupport); } + @Test + void when_severity_is_critical_then_highSeverityCount_should_be_incremented() { + /* execute */ + builderToTest.incrementScanCount(Severity.CRITICAL, scanTypeCount); + + /* test */ + assertEquals(1, scanTypeCount.getHighSeverityCount()); + } + @Test void when_severity_is_high_then_highSeverityCount_should_be_incremented() { /* execute */ @@ -256,6 +265,24 @@ void when_severity_is_low_then_lowSeverityCount_should_be_incremented() { assertEquals(1, scanTypeCount.getLowSeverityCount()); } + @Test + void when_severity_is_info_then_lowSeverityCount_should_be_incremented() { + /* execute */ + builderToTest.incrementScanCount(Severity.INFO, scanTypeCount); + + /* test */ + assertEquals(1, scanTypeCount.getLowSeverityCount()); + } + + @Test + void when_severity_is_unclassified_then_lowSeverityCount_should_be_incremented() { + /* execute */ + builderToTest.incrementScanCount(Severity.UNCLASSIFIED, scanTypeCount); + + /* test */ + assertEquals(1, scanTypeCount.getLowSeverityCount()); + } + @Test void when_findings_list_is_empty_then_prepareScanTypesForModel_returns_empty_set() { /* prepare */ From 59f4918b2748203d8d1dbacb983f31559578c681 Mon Sep 17 00:00:00 2001 From: Valentyn Grygoriev Date: Tue, 28 Nov 2023 22:30:27 +0200 Subject: [PATCH 44/44] Fixed some inaccuracies. #345 --- .../scan/HTMLScanResultReportModelBuilder.java | 8 ++++---- .../sechub/domain/scan/HTMLWebSecHubFinding.java | 15 --------------- .../domain/scan/report/ScanSecHubReport.java | 11 ++++++----- .../test/report/ThymeLeafHTMLReportingTest.java | 1 + 4 files changed, 11 insertions(+), 24 deletions(-) delete mode 100644 sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLWebSecHubFinding.java diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java index b9106bf815..b7ea1acf38 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLScanResultReportModelBuilder.java @@ -150,16 +150,16 @@ protected void incrementScanCount(Severity severity, ScanTypeCount scanTypeCount public Map> filterFindingsForWebScan(List findings, List severities) { Map> groupedFindingsByName = findings.stream().filter(finding -> severities.contains(finding.getSeverity())) - .filter(finding -> finding.hasScanType("webScan")).collect(groupingBy(SecHubFinding::getName)); + .filter(finding -> finding.hasScanType(ScanType.WEB_SCAN.getId())).collect(groupingBy(SecHubFinding::getName)); Map> groupedAndSortedFindingsByName = new TreeMap<>(); groupedAndSortedFindingsByName.putAll(groupedFindingsByName); return groupedAndSortedFindingsByName; } public List filterFindingsForGeneralScan(List findings, Map> codeScanEntries, - List severities) { + List severitiesToShow) { List htmlSecHubFindings = new LinkedList<>(); - Map> groupedFindingsByName = findings.stream().filter(finding -> severities.contains(finding.getSeverity())) + Map> groupedFindingsByName = findings.stream().filter(finding -> severitiesToShow.contains(finding.getSeverity())) .collect(groupingBy(SecHubFinding::getName)); Map> groupedAndSortedFindingsByName = new TreeMap<>(); @@ -174,7 +174,7 @@ public List filterFindingsForGeneralScan(List htmlSecHubFinding.setId(0); List entryList = htmlSecHubFinding.getEntryList(); for (SecHubFinding finding : findingList) { - if (!finding.hasScanType("webScan")) { + if (!finding.hasScanType(ScanType.WEB_SCAN.getId())) { List codeScanEntryList = codeScanEntries.get(finding.getId()); for (HTMLScanResultCodeScanEntry htmlScanResultCodeScanEntry : codeScanEntryList) { entryList.add(htmlScanResultCodeScanEntry); diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLWebSecHubFinding.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLWebSecHubFinding.java deleted file mode 100644 index 2da5fb24cc..0000000000 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/HTMLWebSecHubFinding.java +++ /dev/null @@ -1,15 +0,0 @@ -package com.mercedesbenz.sechub.domain.scan; - -import java.util.ArrayList; -import java.util.List; - -import com.mercedesbenz.sechub.commons.model.SecHubFinding; - -public class HTMLWebSecHubFinding extends SecHubFinding { - - private List entryList = new ArrayList<>(); - - public List getEntryList() { - return entryList; - } -} diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java index 6bc5318030..27198712b4 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/report/ScanSecHubReport.java @@ -107,11 +107,12 @@ private void buildCalculatedData(ScanReport report) { } protected void calculateSummary() { - SecHubReportMetaDataSummary codeScan = model.getMetaData().get().getSummary().getCodeScan(); - SecHubReportMetaDataSummary infraScan = model.getMetaData().get().getSummary().getInfraScan(); - SecHubReportMetaDataSummary licenseScan = model.getMetaData().get().getSummary().getLicenseScan(); - SecHubReportMetaDataSummary secretScan = model.getMetaData().get().getSummary().getSecretScan(); - SecHubReportMetaDataSummary webScan = model.getMetaData().get().getSummary().getWebScan(); + var summary = model.getMetaData().get().getSummary(); + SecHubReportMetaDataSummary codeScan = summary.getCodeScan(); + SecHubReportMetaDataSummary infraScan = summary.getInfraScan(); + SecHubReportMetaDataSummary licenseScan = summary.getLicenseScan(); + SecHubReportMetaDataSummary secretScan = summary.getSecretScan(); + SecHubReportMetaDataSummary webScan = summary.getWebScan(); for (SecHubFinding finding : model.getResult().getFindings()) { ScanType scanType = finding.getType(); diff --git a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java index 251d92bfcd..119ef8d1d2 100644 --- a/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java +++ b/sechub-test/src/test/java/com/mercedesbenz/sechub/test/report/ThymeLeafHTMLReportingTest.java @@ -111,6 +111,7 @@ void example1_owasp_zap_sarif_report_is_transformed_to_expected_sechub_report_HT assertNotNull(htmlResult); assertTrue(htmlResult.contains(context.sechubJobUUID)); + assertTrue(htmlResult.contains("XSS"), "The report must at least contain a cross site scripting vulnerability!"); assertTrue(htmlResult.contains("CWE-614"), "The report must at least contain the CWE-614 vulnerability!"); assertTrue(htmlResult.contains("Cross Site Scripting (Reflected)"), "The report must at least contain a cross site scripting reflected vulnerability!");
🛇🛇 This is an error message text