Feature 1436 load api defintion from url

sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/SecHubWebScanApiConfiguration.java

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.commons.model;
 
+import java.net.URL;
 import java.util.LinkedHashSet;
 import java.util.Set;
 
@@ -10,8 +11,12 @@
 public class SecHubWebScanApiConfiguration implements SecHubDataConfigurationUsageByName {
 
     public static final String PROPERTY_TYPE = "type";
+    public static final String PROPERTY_API_DEFINITION_URL = "apiDefinitionUrl";
 
     private SecHubWebScanApiType type;
+    private Set<String> namesOfUsedDataConfigurationObjects = new LinkedHashSet<>();
+
+    private URL apiDefinitionUrl;
 
     public SecHubWebScanApiType getType() {
         return type;
@@ -21,10 +26,17 @@ public void setType(SecHubWebScanApiType type) {
         this.type = type;
     }
 
-    private Set<String> namesOfUsedDataConfigurationObjects = new LinkedHashSet<>();
-
     @Override
     public Set<String> getNamesOfUsedDataConfigurationObjects() {
         return namesOfUsedDataConfigurationObjects;
     }
+
+    public URL getApiDefinitionUrl() {
+        return apiDefinitionUrl;
+    }
+
+    public void setApiDefinitionUrl(URL apiDefinitionUrl) {
+        this.apiDefinitionUrl = apiDefinitionUrl;
+    }
+
 }

sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/SecHubWebScanApiConfigurationTest.java

@@ -1,8 +1,12 @@
 // SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.commons.model;
 
-import static org.junit.jupiter.api.Assertions.*;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.Set;
 
 import org.junit.jupiter.api.Test;
@@ -36,6 +40,7 @@ void json_attribute_use_is_handled_correctly_by_from_json() {
      */
     @Test
     void json_attribute_use_is_handled_correctly_by_to_json() {
+        /* prepare */
         SecHubWebScanApiConfiguration config = new SecHubWebScanApiConfiguration();
         config.getNamesOfUsedDataConfigurationObjects().add("ref1");
         config.getNamesOfUsedDataConfigurationObjects().add("ref2");
@@ -48,4 +53,40 @@ void json_attribute_use_is_handled_correctly_by_to_json() {
         assertEquals(expected, json);
     }
 
-}
+    @Test
+    void api_definition_url_is_handled_correctly() throws MalformedURLException {
+        /* prepare */
+        SecHubWebScanApiConfiguration expectedConfig = new SecHubWebScanApiConfiguration();
+        URL apiDefinitionUrl = new URL("https://example.com/api/v1/swagger/");
+        expectedConfig.setApiDefinitionUrl(apiDefinitionUrl);
+
+        /* execute */
+        String json = JSONConverter.get().toJSON(expectedConfig);
+        SecHubWebScanApiConfiguration loadedConfig = JSONConverter.get().fromJSON(SecHubWebScanApiConfiguration.class, json);
+
+        /* test */
+        String expected = "{\"apiDefinitionUrl\":\"https://example.com/api/v1/swagger/\",\"use\":[]}";
+        assertEquals(expected, json);
+        assertEquals(expectedConfig.getApiDefinitionUrl(), loadedConfig.getApiDefinitionUrl());
+    }
+
+    @Test
+    void full_openapi_definition_is_handled_correctly() throws MalformedURLException {
+        /* prepare */
+        SecHubWebScanApiConfiguration expectedConfig = new SecHubWebScanApiConfiguration();
+        URL apiDefinitionUrl = new URL("https://example.com/api/v1/swagger/");
+        expectedConfig.setApiDefinitionUrl(apiDefinitionUrl);
+        expectedConfig.setType(SecHubWebScanApiType.OPEN_API);
+        expectedConfig.getNamesOfUsedDataConfigurationObjects().add("open-api-file-reference");
+
+        /* execute */
+        String json = JSONConverter.get().toJSON(expectedConfig);
+        SecHubWebScanApiConfiguration loadedConfig = JSONConverter.get().fromJSON(SecHubWebScanApiConfiguration.class, json);
+
+        /* test */
+        String expected = "{\"type\":\"OPEN_API\",\"apiDefinitionUrl\":\"https://example.com/api/v1/swagger/\",\"use\":[\"open-api-file-reference\"]}";
+        assertEquals(expected, json);
+        assertEquals(expectedConfig.getApiDefinitionUrl(), loadedConfig.getApiDefinitionUrl());
+    }
+
+}

sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config.adoc

@@ -306,6 +306,8 @@ include::sechub_config_example8_web_scan_openapi_with_data_reference.json[]
 <2> web scan uses "openApi" as API type
 <3> web scan uses the referenced <<sechub-config-data-section,data>> configuration "open-api-file-reference"
     to obtain the open api configuration file
+<4> you can also use `apiDefinitionUrl` to specify an URL to read the API definition from.
+Currently you can combine importing openApi definitions from files and URLs, but most of the time it does not make sense to combine this two options.
 
 [[sechub-config-openAPI-and-client-certificate]]
 ====== Example combination of openAPI definition and client certificate authentication

sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config_example8_web_scan_openapi_with_data_reference.json

@@ -12,7 +12,8 @@
     "url" : "https://productfailure.demo.example.org",
     "api" : {
       "type" : "openApi", //<2>
-      "use" : [ "open-api-file-reference" ] //<3>
+      "use" : [ "open-api-file-reference" ], //<3>
+      "apiDefinitionUrl" : "https://productfailure.demo.example.org/api/v1/swagger/?format=openapi" //<4>
     }
   }
 }

sechub-doc/src/test/java/com/mercedesbenz/sechub/restdoc/SchedulerRestControllerRestDocTest.java

@@ -17,6 +17,7 @@
 
 import java.io.InputStream;
 import java.lang.annotation.Annotation;
+import java.net.URL;
 import java.time.LocalDateTime;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -569,6 +570,8 @@ public void restDoc_userCreatesNewJob_webscan_with_api_definition() throws Excep
         SecHubWebScanApiConfiguration apiConfig = new SecHubWebScanApiConfiguration();
         apiConfig.setType(SecHubWebScanApiType.OPEN_API);
         apiConfig.getNamesOfUsedDataConfigurationObjects().add("openApi-file-reference");
+        URL apiDefinitionUrl = new URL("https://www.example.org/api/v1/swagger/");
+        apiConfig.setApiDefinitionUrl(apiDefinitionUrl);
 
         when(mockedScheduleCreateJobService.createJob(any(), any(SecHubConfiguration.class))).thenReturn(mockResult);
 
@@ -579,7 +582,7 @@ public void restDoc_userCreatesNewJob_webscan_with_api_definition() throws Excep
                     content(configureSecHub().
                             api("1.0").
                             webConfig().
-                                addURI("https://localhost/mywebapp/login").
+                                addURI("https://www.example.org/").
                                 addApiConfig(apiConfig).
                             build().
                             toJSON())
@@ -605,7 +608,8 @@ public void restDoc_userCreatesNewJob_webscan_with_api_definition() throws Excep
                                                 fieldWithPath(PROPERTY_WEB_SCAN).description("Webscan configuration block").optional(),
                                                 fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_URL).description("Webscan URI to scan for").optional(),
                                                 fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_API+"."+SecHubWebScanApiConfiguration.PROPERTY_TYPE).description("Type of the API definition files that will be provided").optional(),
-                                                fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_API+"."+SecHubDataConfigurationUsageByName.PROPERTY_USE).description("Reference to the data section containing the API definition files. Always use 'sources' with 'files' instead 'folders'.").optional()
+                                                fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_API+"."+SecHubDataConfigurationUsageByName.PROPERTY_USE).description("Reference to the data section containing the API definition files. Always use 'sources' with 'files' instead 'folders'.").optional(),
+                                                fieldWithPath(PROPERTY_WEB_SCAN+"."+SecHubWebScanConfiguration.PROPERTY_API+"."+SecHubWebScanApiConfiguration.PROPERTY_API_DEFINITION_URL).description("Specifies an URL to read the API definition from.").optional()
                                         ),
                                         responseFields(
                                                 fieldWithPath(SchedulerResult.PROPERTY_JOBID).description("A unique job id")