Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature 1436 load api defintion from url #3059

Merged
merged 3 commits into from
May 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: MIT
package com.mercedesbenz.sechub.commons.model;

import java.net.URL;
import java.util.LinkedHashSet;
import java.util.Set;

Expand All @@ -10,8 +11,12 @@
public class SecHubWebScanApiConfiguration implements SecHubDataConfigurationUsageByName {

public static final String PROPERTY_TYPE = "type";
public static final String PROPERTY_API_DEFINITION_URL = "apiDefinitionUrl";

private SecHubWebScanApiType type;
private Set<String> namesOfUsedDataConfigurationObjects = new LinkedHashSet<>();

private URL apiDefinitionUrl;

public SecHubWebScanApiType getType() {
return type;
Expand All @@ -21,10 +26,17 @@ public void setType(SecHubWebScanApiType type) {
this.type = type;
}

private Set<String> namesOfUsedDataConfigurationObjects = new LinkedHashSet<>();

@Override
public Set<String> getNamesOfUsedDataConfigurationObjects() {
return namesOfUsedDataConfigurationObjects;
}

public URL getApiDefinitionUrl() {
return apiDefinitionUrl;
}

public void setApiDefinitionUrl(URL apiDefinitionUrl) {
this.apiDefinitionUrl = apiDefinitionUrl;
}

}
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
// SPDX-License-Identifier: MIT
package com.mercedesbenz.sechub.commons.model;

import static org.junit.jupiter.api.Assertions.*;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.Set;

import org.junit.jupiter.api.Test;
Expand Down Expand Up @@ -36,6 +40,7 @@ void json_attribute_use_is_handled_correctly_by_from_json() {
*/
@Test
void json_attribute_use_is_handled_correctly_by_to_json() {
/* prepare */
SecHubWebScanApiConfiguration config = new SecHubWebScanApiConfiguration();
config.getNamesOfUsedDataConfigurationObjects().add("ref1");
config.getNamesOfUsedDataConfigurationObjects().add("ref2");
Expand All @@ -48,4 +53,40 @@ void json_attribute_use_is_handled_correctly_by_to_json() {
assertEquals(expected, json);
}

}
@Test
void api_definition_url_is_handled_correctly() throws MalformedURLException {
winzj marked this conversation as resolved.
Show resolved Hide resolved
/* prepare */
SecHubWebScanApiConfiguration expectedConfig = new SecHubWebScanApiConfiguration();
URL apiDefinitionUrl = new URL("https://example.com/api/v1/swagger/");
expectedConfig.setApiDefinitionUrl(apiDefinitionUrl);

/* execute */
String json = JSONConverter.get().toJSON(expectedConfig);
SecHubWebScanApiConfiguration loadedConfig = JSONConverter.get().fromJSON(SecHubWebScanApiConfiguration.class, json);

/* test */
String expected = "{\"apiDefinitionUrl\":\"https://example.com/api/v1/swagger/\",\"use\":[]}";
assertEquals(expected, json);
assertEquals(expectedConfig.getApiDefinitionUrl(), loadedConfig.getApiDefinitionUrl());
}

@Test
void full_openapi_definition_is_handled_correctly() throws MalformedURLException {
/* prepare */
SecHubWebScanApiConfiguration expectedConfig = new SecHubWebScanApiConfiguration();
URL apiDefinitionUrl = new URL("https://example.com/api/v1/swagger/");
expectedConfig.setApiDefinitionUrl(apiDefinitionUrl);
expectedConfig.setType(SecHubWebScanApiType.OPEN_API);
expectedConfig.getNamesOfUsedDataConfigurationObjects().add("open-api-file-reference");

/* execute */
String json = JSONConverter.get().toJSON(expectedConfig);
SecHubWebScanApiConfiguration loadedConfig = JSONConverter.get().fromJSON(SecHubWebScanApiConfiguration.class, json);

/* test */
String expected = "{\"type\":\"OPEN_API\",\"apiDefinitionUrl\":\"https://example.com/api/v1/swagger/\",\"use\":[\"open-api-file-reference\"]}";
assertEquals(expected, json);
assertEquals(expectedConfig.getApiDefinitionUrl(), loadedConfig.getApiDefinitionUrl());
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,8 @@ include::sechub_config_example8_web_scan_openapi_with_data_reference.json[]
<2> web scan uses "openApi" as API type
<3> web scan uses the referenced <<sechub-config-data-section,data>> configuration "open-api-file-reference"
to obtain the open api configuration file
<4> you can also use `apiDefinitionUrl` to specify an URL to read the API definition from.
Currently you can combine importing openApi definitions from files and URLs, but most of the time it does not make sense to combine this two options.

[[sechub-config-openAPI-and-client-certificate]]
====== Example combination of openAPI definition and client certificate authentication
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
"url" : "https://productfailure.demo.example.org",
"api" : {
"type" : "openApi", //<2>
"use" : [ "open-api-file-reference" ] //<3>
"use" : [ "open-api-file-reference" ], //<3>
winzj marked this conversation as resolved.
Show resolved Hide resolved
"apiDefinitionUrl" : "https://productfailure.demo.example.org/api/v1/swagger/?format=openapi" //<4>
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@

import java.io.InputStream;
import java.lang.annotation.Annotation;
import java.net.URL;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Arrays;
Expand Down Expand Up @@ -569,6 +570,8 @@ public void restDoc_userCreatesNewJob_webscan_with_api_definition() throws Excep
SecHubWebScanApiConfiguration apiConfig = new SecHubWebScanApiConfiguration();
apiConfig.setType(SecHubWebScanApiType.OPEN_API);
apiConfig.getNamesOfUsedDataConfigurationObjects().add("openApi-file-reference");
URL apiDefinitionUrl = new URL("https://www.example.org/api/v1/swagger/");
apiConfig.setApiDefinitionUrl(apiDefinitionUrl);

when(mockedScheduleCreateJobService.createJob(any(), any(SecHubConfiguration.class))).thenReturn(mockResult);

Expand All @@ -579,7 +582,7 @@ public void restDoc_userCreatesNewJob_webscan_with_api_definition() throws Excep
content(configureSecHub().
api("1.0").
webConfig().
addURI("https://localhost/mywebapp/login").
addURI("https://www.example.org/").
addApiConfig(apiConfig).
build().
toJSON())
Expand All @@ -605,7 +608,8 @@ public void restDoc_userCreatesNewJob_webscan_with_api_definition() throws Excep
fieldWithPath(PROPERTY_WEB_SCAN).description("Webscan configuration block").optional(),
fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_URL).description("Webscan URI to scan for").optional(),
fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_API+"."+SecHubWebScanApiConfiguration.PROPERTY_TYPE).description("Type of the API definition files that will be provided").optional(),
fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_API+"."+SecHubDataConfigurationUsageByName.PROPERTY_USE).description("Reference to the data section containing the API definition files. Always use 'sources' with 'files' instead 'folders'.").optional()
fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_API+"."+SecHubDataConfigurationUsageByName.PROPERTY_USE).description("Reference to the data section containing the API definition files. Always use 'sources' with 'files' instead 'folders'.").optional(),
fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_API+"."+SecHubWebScanApiConfiguration.PROPERTY_API_DEFINITION_URL).description("Specifies an URL to read the API definition from.").optional()
),
responseFields(
fieldWithPath(SchedulerResult.PROPERTY_JOBID).description("A unique job id")
Expand Down
Loading
Loading