Merge pull request #381 from Daimler/develop

PR for merging develop into master for next release

.gitignore

@@ -30,5 +30,6 @@ build/
 *.bak
 *.zip
 sechub_report*.json
+sechub-false-positives*.json
 #!sechub.json
 

build.gradle

@@ -19,27 +19,36 @@ buildscript{
 	dependencies{
 		classpath gradleApi()
 		classpath "org.springframework.boot:spring-boot-gradle-plugin:${libraryVersion.springBoot}"
-        classpath "org.asciidoctor:asciidoctor-gradle-plugin:1.5.3"
-		classpath "org.asciidoctor:asciidoctorj-diagram:1.5.4.1"
-		classpath "org.asciidoctor:asciidoctorj-pdf:1.5.0-alpha.16"
 		classpath "org.ajoberstar.grgit:grgit-gradle:4.0.1" // necessary for version calculation
+		classpath "com.epages:restdocs-api-spec-gradle-plugin:${libraryVersion.restDocsApiSpec}"
 
 	}
 }
+plugins {
+    id 'org.asciidoctor.jvm.convert' version '3.1.0'
+    id 'org.asciidoctor.jvm.pdf' version '3.1.0'
+    id 'org.openapi.generator' version '4.2.3'
+}
 
 ext {
     git = org.ajoberstar.grgit.Grgit.open(currentDir: project.rootDir) // necessary for version calculation
 }
 
 /* own clean task - we need this because root project has not included a module providing the task */
-task clean(type: Delete){
-    def rootBuildFolder = file("${project.projectDir}/build")
-    if (! rootBuildFolder.exists()){
-        rootBuildFolder.mkdirs();
-    } 
-    delete rootBuildFolder.listFiles() // so we do NOT clear buildSrc/build here!
+task internalCleanRootBuildFolder(type: Delete){
+
+    doFirst {
+        def rootBuildFolder = file("${project.projectDir}/build")
+        if (! rootBuildFolder.exists()){
+            rootBuildFolder.mkdirs();
+        } 
+        delete rootBuildFolder.listFiles() // so we do NOT clear buildSrc/build here!
+    }
+
 }
 
+tasks.clean.dependsOn.internalCleanRootBuildFolder
+
 allprojects {
 
     def customMavenRepoURL = System.getenv('CUST_MVN_URL')

continous-integration-multibranch-pipeline.jenkins

@@ -55,7 +55,7 @@ pipeline {
                    * Reason: because we do NOT want to have the integration tests executed, otherwise gradle will not execute them
                    * on integration phase again (because nothing has changed, so gradle will cache the results which are ignored ...
                    */
-                  callGradleWrapper("clean ensureLocalhostCertificate build -x :sechub-integrationtest:test -x :sechub-cli:build -Psechub.test.wiremock.https_port=${env.SECHUB_TEST_WIREMOCK_HTTPS_PORT} -Psechub.test.wiremock.http_port=${env.SECHUB_TEST_WIREMOCK_HTTP_PORT}")
+                  callGradleWrapper("clean ensureLocalhostCertificate build openapi3 :sechub-client-java:openApiGenerate -x :sechub-integrationtest:test -x :sechub-cli:build -Psechub.test.wiremock.https_port=${env.SECHUB_TEST_WIREMOCK_HTTPS_PORT} -Psechub.test.wiremock.http_port=${env.SECHUB_TEST_WIREMOCK_HTTP_PORT}")
 
                }
             }

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: MIT
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.5.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.4-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

libraries.gradle

@@ -12,7 +12,10 @@
 ext {
 
    libraryVersion= [
-      springBoot:   "2.2.6.RELEASE"
+      springBoot:   "2.2.6.RELEASE",
+
+      // openapi3-generator, releases see https://github.com/ePages-de/restdocs-api-spec/releases
+      restDocsApiSpec: "0.10.0"
    ]
 
    library = [
@@ -56,13 +59,20 @@ ext {
          database_h2:                           "com.h2database:h2", //:1.4.196",
          database_postgres:                     "org.postgresql:postgresql:42.2.2",
 
-         jackson_JDK8:                          "com.fasterxml.jackson.datatype:jackson-datatype-jdk8",
+         /* jackson libraries - please keep in sync with used ones by spring boot!*/
+         jackson_JDK8:                          "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.3",
+         // https://mvnrepository.com/artifact/com.fasterxml.jackson.jr/jackson-jr-all
+         jackson_jr_all:                        "com.fasterxml.jackson.jr:jackson-jr-all:2.11.0",
+         jackson_core:                          "com.fasterxml.jackson.core:jackson-core:2.10.1",
+         jackson_databind:                      "com.fasterxml.jackson.core:jackson-databind:2.10.1",
 
          webjars_jquery:                        "org.webjars:jquery:2.2.4",
          webjars_bootstrap:                     "org.webjars:bootstrap:3.3.7",
 
+         /* apache commons */
          apache_httpcomponents_core:            "org.apache.httpcomponents:httpcore:4.4.9",
-         apache_httpcomponents_client:          "org.apache.httpcomponents:httpclient:4.5.5",
+         // https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient
+         apache_httpcomponents_client:          "org.apache.httpcomponents:httpclient:4.5.10",
          apache_commons_validator:              "commons-validator:commons-validator:1.6",
          apache_commons_io:                     "commons-io:commons-io:2.6",
          apache_commons_cli:					"commons-cli:commons-cli:1.4",
@@ -71,13 +81,30 @@ ext {
 
          flyway:                                "org.flywaydb:flyway-core:5.2.1",
 
+         /* logback */
+         // https://mvnrepository.com/artifact/ch.qos.logback/logback-classic
+         logback_classic:                       "ch.qos.logback:logback-classic:1.2.3",
          logstashLogbackEncoder        :        "net.logstash.logback:logstash-logback-encoder:6.2",
 
          // JDK 10 build problems handling
          // https://stackoverflow.com/questions/43574426/how-to-resolve-java-langnoclassdeffounderror-javax-xml-bind-jaxbexception-in-j
          jdk_missing_jaxb_api:                  "javax.xml.bind:jaxb-api:2.3.1",
          jdk_missing_activation:                "javax.activation:activation:1.1.1",
          jdk_missing_jaxb_impl:                 "javax.xml.bind:com.springsource.javax.xml.bind:2.2.0",
+
+         /*
+          * RE2 
+          * is a regular expression engine that runs in time linear in the size of the input.
+          * RE2 is the default RegularExpression engine of Go
+          * 
+          * Link: https://github.com/google/re2j
+          */
+         // https://mvnrepository.com/artifact/com.google.re2j/re2j
+         google_re2j:                           "com.google.re2j:re2j:1.4",
+
+         /* epages - see https://github.com/ePages-de/restdocs-api-spec */
+         epages_restdoc_api_spec_mockmvc:       "com.epages:restdocs-api-spec-mockmvc:${libraryVersion.restDocsApiSpec}"
+
    ]
 
 }

projects.gradle

@@ -8,6 +8,9 @@ projectType = [
  			javaProjects: [
                project(':sechub-testframework'),
                project(':sechub-analyzer-cli'),
+               project(':sechub-client-java'),
+               project(':sechub-commons-core'),
+               project(':sechub-commons-model'),
             ],
 
             /* any project using spring parts but not already in other spring boot group must be defined here*/
@@ -79,6 +82,7 @@ projectType = [
             eclipseProjects: [
                     project(':sechub-doc'),
                     project(':sechub-other'),
+                    project(':sechub-client-java'),
             ],
 
             asciiDoctorProjects: [

sechub-adapter-checkmarx/src/test/java/com/daimler/sechub/adapter/checkmarx/support/CheckmarxProjectSupportTest.java

@@ -1,28 +1,24 @@
 // SPDX-License-Identifier: MIT
 package com.daimler.sechub.adapter.checkmarx.support;
 
+import static org.hamcrest.Matchers.*;
 import static org.junit.Assert.*;
-import static org.hamcrest.Matchers.hasItem;
-import static org.hamcrest.Matchers.not;
-import static org.hamcrest.Matchers.empty;
-import static org.hamcrest.Matchers.hasSize;
-import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.notNullValue;
 
 import java.util.LinkedList;
 import java.util.List;
 
 import org.junit.Before;
 import org.junit.Test;
+
 import com.daimler.sechub.adapter.AdapterException;
-import com.daimler.sechub.adapter.checkmarx.CheckmarxSessionData;
-import com.daimler.sechub.adapter.checkmarx.support.CheckmarxProjectSupport.InternalUpdateContext;
-import com.daimler.sechub.adapter.checkmarx.CheckmarxConfig.CheckmarxConfigBuilder;
-import com.daimler.sechub.adapter.support.JSONAdapterSupport;
 import com.daimler.sechub.adapter.checkmarx.CheckmarxConfig;
-import com.daimler.sechub.adapter.checkmarx.CheckmarxEngineConfiguration;
+import com.daimler.sechub.adapter.checkmarx.CheckmarxConfig.CheckmarxConfigBuilder;
 import com.daimler.sechub.adapter.checkmarx.CheckmarxConstants;
+import com.daimler.sechub.adapter.checkmarx.CheckmarxEngineConfiguration;
 import com.daimler.sechub.adapter.checkmarx.CheckmarxSastScanSettings;
+import com.daimler.sechub.adapter.checkmarx.CheckmarxSessionData;
+import com.daimler.sechub.adapter.checkmarx.support.CheckmarxProjectSupport.InternalUpdateContext;
+import com.daimler.sechub.adapter.support.JSONAdapterSupport;
 
 public class CheckmarxProjectSupportTest {
 	private CheckmarxProjectSupport supportToTest;

sechub-adapter/build.gradle

@@ -8,5 +8,6 @@
 dependencies {
     compile library.apache_httpcomponents_core
     compile library.apache_httpcomponents_client
+    compile project(':sechub-commons-core')
 }
 

sechub-adapter/src/main/java/com/daimler/sechub/adapter/AbstractAdapterConfig.java

@@ -11,6 +11,8 @@
 
 import javax.crypto.SealedObject;
 
+import com.daimler.sechub.commons.core.security.CryptoAccess;
+
 public abstract class AbstractAdapterConfig implements AdapterConfig {
 
 	String productBaseURL;

sechub-adapter/src/main/java/com/daimler/sechub/adapter/AbstractAdapterConfigBuilder.java

@@ -15,6 +15,7 @@
 import org.slf4j.LoggerFactory;
 
 import com.daimler.sechub.adapter.support.URIShrinkSupport;
+import com.daimler.sechub.commons.core.security.CryptoAccess;
 
 public abstract class AbstractAdapterConfigBuilder<B extends AbstractAdapterConfigBuilder<B, C>, C extends AdapterConfig> {
 

sechub-adapter/src/main/java/com/daimler/sechub/adapter/LoginConfig.java

@@ -5,6 +5,8 @@
 
 import javax.crypto.SealedObject;
 
+import com.daimler.sechub.commons.core.security.CryptoAccess;
+
 public interface LoginConfig {
 
 	default boolean isBasic() {

sechub-adapter/src/main/java/com/daimler/sechub/adapter/LoginScriptStep.java

@@ -3,6 +3,8 @@
 
 import javax.crypto.SealedObject;
 
+import com.daimler.sechub.commons.core.security.CryptoAccess;
+
 public class LoginScriptStep {
 
 	String type;

sechub-adapter/src/test/java/com/daimler/sechub/adapter/mock/AbstractMockedAdapterTest.java

@@ -1,13 +1,13 @@
 // SPDX-License-Identifier: MIT
 package com.daimler.sechub.adapter.mock;
 
-import com.daimler.sechub.adapter.AdapterConfig;
-
 import static org.junit.Assert.*;
 
 import org.junit.Before;
 import org.junit.Test;
 
+import com.daimler.sechub.adapter.AdapterConfig;
+
 public class AbstractMockedAdapterTest {
 
 	private TestAbstractMockedAdapter testAdapter;

sechub-adapter/src/test/java/com/daimler/sechub/adapter/mock/MockedAdapterSetupServiceTest.java

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: MIT
 package com.daimler.sechub.adapter.mock;
-import static org.mockito.Mockito.*;
 import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
 
 import java.io.File;
 import java.util.HashMap;

sechub-administration/src/main/java/com/daimler/sechub/domain/administration/project/ProjectJsonInput.java

@@ -6,8 +6,8 @@
 import java.util.List;
 import java.util.Optional;
 
+import com.daimler.sechub.commons.model.JSONable;
 import com.daimler.sechub.sharedkernel.MustBeKeptStable;
-import com.daimler.sechub.sharedkernel.util.JSONable;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 
 /**

sechub-administration/src/main/java/com/daimler/sechub/domain/administration/signup/SignupJsonInput.java

@@ -1,8 +1,8 @@
 // SPDX-License-Identifier: MIT
 package com.daimler.sechub.domain.administration.signup;
 
+import com.daimler.sechub.commons.model.JSONable;
 import com.daimler.sechub.sharedkernel.MustBeKeptStable;
-import com.daimler.sechub.sharedkernel.util.JSONable;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 
 @JsonIgnoreProperties(ignoreUnknown = true) // we do ignore to avoid problems from wrong configured values!

sechub-administration/src/test/java/com/daimler/sechub/domain/administration/signup/SignupJsonInputTestMain.java

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: MIT
 package com.daimler.sechub.domain.administration.signup;
 
-import com.daimler.sechub.sharedkernel.util.JSONConverterException;
+import com.daimler.sechub.commons.model.JSONConverterException;
 
 public class SignupJsonInputTestMain {
 

sechub-analyzer-cli/Comments_In_Programming_Languages.adoc

@@ -134,6 +134,10 @@ a|
 |`%`
 |`%{ %}`
 
+|Nim
+|`#`
+|`#[ ]#`, `##[ ]##`
+
 |Objective-C
 |`//`
 |`/* */`
@@ -174,6 +178,10 @@ a|
 |`#`
 |`""" """`
 
+|Q#
+|`//`
+|
+
 |R
 |`#`
 |

sechub-analyzer-cli/build.gradle

@@ -6,24 +6,11 @@
  * ============================================================================
  */
 dependencies {
-	compile library.apache_commons_cli
 	compile library.slf4j
-
-	// https://mvnrepository.com/artifact/com.fasterxml.jackson.jr/jackson-jr-all
-	compile group: 'com.fasterxml.jackson.jr', name: 'jackson-jr-all', version: '2.11.0'
-
-	// https://mvnrepository.com/artifact/ch.qos.logback/logback-classic
-	compile group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.3'
-
-	/*
-	 * RE2 is a regular expression engine that runs in time linear in the size of the input.
-	 *
-	 * RE2 is the default RegularExpression engine of Go
-	 * 
-	 * Link: https://github.com/google/re2j
-	 */
-	// https://mvnrepository.com/artifact/com.google.re2j/re2j
-	compile group: 'com.google.re2j', name: 're2j', version: '1.4'
+	compile library.logback_classic
+	compile library.apache_commons_cli
+	compile library.jackson_jr_all
+	compile library.google_re2j
 
 	testCompile library.junit
 	testCompile library.mockito

sechub-analyzer-cli/src/main/java/com/daimler/analyzer/model/AnalyzerResult.java

@@ -7,12 +7,11 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
+import java.util.Objects;
 
 import com.fasterxml.jackson.jr.ob.JSON;
-import com.fasterxml.jackson.jr.ob.JSONObjectException;
 import com.fasterxml.jackson.jr.ob.JSON.Feature;
-
-import java.util.Objects;
+import com.fasterxml.jackson.jr.ob.JSONObjectException;
 
 /**
  * A container class for the analysis result.

sechub-analyzer-cli/src/test/java/com/daimler/sechub/analyzer/core/AnalyzerTest.java

@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: MIT
 package com.daimler.sechub.analyzer.core;
 
-import static org.hamcrest.Matchers.is;
 import static org.hamcrest.MatcherAssert.assertThat;
-import static org.junit.Assert.fail;
+import static org.hamcrest.Matchers.*;
+import static org.junit.Assert.*;
 
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -17,10 +17,10 @@
 import org.junit.Before;
 import org.junit.Test;
 
+import com.daimler.analyzer.model.AnalyzerResult;
 import com.daimler.analyzer.model.Marker;
 import com.daimler.analyzer.model.MarkerPair;
 import com.daimler.analyzer.model.MarkerType;
-import com.daimler.analyzer.model.AnalyzerResult;
 
 /**
  * Integration Tests
@@ -307,8 +307,8 @@ public void test_getFiles__file_not_found() {
      * @return a marker pair
      */
     private static List<MarkerPair> getMarkers() {
-        Marker start = new Marker(MarkerType.START, 3, 3);
-        Marker end = new Marker(MarkerType.END, 9, 3);
+        Marker start = new Marker(MarkerType.START, 5, 3);
+        Marker end = new Marker(MarkerType.END, 11, 3);
         MarkerPair pair = new MarkerPair();
         pair.setEnd(end);
         pair.setStart(start);