Introduce data section inside sechub configuration file #1098
Assignees
Labels
Milestone
Comments
|
This was referenced Mar 21, 2022
Closed
|
Remark: This issue is a precondition for #1152 |
This was referenced Mar 24, 2022
de-jcup
added a commit
that referenced
this issue
Mar 30, 2022
- introducing new classes, changed code scan configuration so same as before, but extending other class - introduced openApi definition #1149 - added default handling for createReducedScanConfigurationCloneJSON . Unsupported clone types have now at least a warning inside logs. - introduce sechub configuration model validator in commons model - changed SechubConfigurationValidator to use commons model validator inside. Rewrote unit tests - added more checks inside commons model validator - added files to SecHubFileSystemConfiguration
de-jcup
added a commit
that referenced
this issue
Mar 30, 2022
de-jcup
added a commit
that referenced
this issue
Mar 30, 2022
- fixed typos (broke one test) - improved one rest doc test #1098 - fixed injection problem
de-jcup
added a commit
that referenced
this issue
Apr 1, 2022
- simplified product execution - removed unnecessary tests - added new tests - removed marker interfaces for different product executors
de-jcup
added a commit
that referenced
this issue
Apr 5, 2022
- renamed "*NetworkTargetData" parts to "*NetworkTargetProductServerData" so it is more clear that the data contains not information about a target but instead target specifici product server information.
This was referenced Apr 5, 2022
de-jcup
added a commit
that referenced
this issue
Apr 5, 2022
- changed ont test inside SecHubExecutionScenarioSecHubClientIntTest to use CLIENT_JSON_SOURCESCAN_GENERIC_TEMPLATE_NO_DATA_SECTION because client does currently not support upload by data-section correctly the sechub client based test does now use only the old approach. - updated #1161 to make it clear that this must implemented for client and tested as well on server side
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Situation
We currently provide only source code uploads inside
codeScanconfiguration areas.But we have planned to support also
Which contains binary content as well - and this is currently not possible inside the configuration.
Also it is not possible to reuse an upload for all kind of scan types (e.g. when defining a secretScan and a codeScan in same configuration file )
Wanted
As a SecHub user I want to define a configuration file where I define my data (binary and/or source content), upload it once and use this for different kind of scans in ONE job.
Existing job configurations for users currently only performing code scans shall still work.
Solution
Codescan can be defined as before
We will provide following as before:
{ "apiVersion": "1.0", "server" : "https://sechub.example.org", "project" : "gamechanger", "codeScan": { "fileSystem": { "folders": ["gamechanger-android/src/main/java", "gamechanger-server/src/main/java"] }, "excludes": ["**/mytestcode/**","**/documentation/**"], "additionalFilenameExtensions": [".cplusplus",".py9"] } }But the segment for code scan ("fileSystem" ) is only a shortcut for:
{ "apiVersion": "1.0", "server" : "https://sechub.example.org", "project" : "gamechanger", "data" : { "sources": [ { "fileSystem": { "folders": ["gamechanger-android/src/main/java", "gamechanger-server/src/main/java"] }, "excludes": ["**/mytestcode/**","**/documentation/**"], "additionalFilenameExtensions": [".cplusplus",".py9"] } ] }, "codeScan": { } }New possiblities for multiple scans for same upload or binary content
While introducing "data" as new element inside our json configuration, we will also
nameattribute inside data object elementsfilesinsidefileSystemso we can define also single filesHere a full blown example (with massive configurations):
{ "apiVersion" : "1.0", "server" : "https://sechub.example.org", "project" : "gamechanger", "data" : { // contains the different kind of data objects ( sources, binaries) "sources" : [ { "name" : "android-sources", "fileSystem" : { "folders" : [ "gamechanger-android/src/main/java", "gamechanger-server/src/main/java" ] }, "excludes" : [ "**/mytestcode/**", "**/documentation/**" ], "additionalFilenameExtensions" : [ ".cplusplus", ".py9" ] }, { "name" : "openapi-reference", "fileSystem" : { "files" : [ "gamechanger-webapp/src/main/resources/openapi3.json" ] } }, { "name" : "secret-scanner-config", "fileSystem" : { "files" : [ "gamechanger-data/src/main/resources/secret-scanner-dictionary.json" ] // new: files } } ], "binaries" : [ { // new: binaries! "name" : "android-libraries", "fileSystem" : { "folders" : [ "gamechanger-android/lib/dlls", "gamechanger-server/lib/so" ] }, "excludes" : [ "**/*.jpg", "myimages/**" ] } ] }, // Define wanted scan and reference - if wanted the named data object "codeScan" : { "use" : [ "android-sources","android-libraries","openapi-reference"] }, "dependencyScan" : { // fictional: currently this scan type does not exist, just an example "use" : [ "android-sources", "android-libraries" ] }, "secretScan" : {// fictional: currently this scan type does not exist, just an example "use" : [ "secret-scanner-config" ], "featureToggle" : { "entropy" : "off" } }, "licenseScan" : {// fictional: currently this scan type does not exist, just an example "use" : [ "android-sources","android-libraries" ] }, "webScan" : { "url" : "https://example.com", "openApi" : { "use" : [ "openapi-reference"] } } }The text was updated successfully, but these errors were encountered: