Feature 606 provide zap and improve report format #947
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- implemented web data parts (request and response) - changed toString and hashCode + equals implementations - enhanced assert object for vulnerabilities - changed also importerToTest to non static but normal field so having no side effects inside tests - added tests
- dropped some unused parts from sechub finding (website, method, ...O) - introduced new web json element - sereco web data now transformed to sechub report web element - added some overall tests (see Sarif2Sereco2SecHubReportTest) which are very fast. We already test if sarif reporting works generally in existing integration tests.
- renamed old,but unused, field/getters/setters from "resolution" to "solution" - sereco product transformer now transforms "solution" also into sechub report
- changed from "Open/Close Callstack" to "Open/Close details"
- fixed small bug #951 - Provide now a TestUtilmethod to create temporary files located inside "build/sechub/tmp/**" #651 - created ThymeLeafHTMLReportingTest to simplify HTML report designing: It uses real origin product data and generates HTML test output without a running SecHub server. Testfile names are fix and do not change
- improved output for web report data inside report
de-jcup
force-pushed
the
feature-606-provide-zap-and-improve-report-format
branch
from
27ffe4e
to
15e1a48
Compare
- checkmarx thymeleaf example4 added - separated more thymeleaf fragements + created new fragement files - fallback messages (solution,description) implemented for #955
- Renamed asciidoc file to clarify content - purged unnecessary plantuml title - improved figure description - dropped accidently added png
- refactored false positive merger: separated meta data creation into own factory class - wrote tests - adopted tests
- improved PojoTester error output - purged duplicated test - SarifObject final method modifier removed, because mocking does not work this way
- we have now web attribute and so dropped field url and it setters, getters. same for assert methods - implemented netsparker url setting in new way (but only target url as before)
- example json has been moved so one test failed. fixed path - property bags are optional and can be null. The old implementations (before SarifObject) did some fallback mechanism. But to handle the optional part and also to keep getter/setter stupid, SarifObject just returns null when not defined. So upated teste - moved test of null handling of property bag key value combinations from ResultTest to PropertyBagTest
- after the changes on SARIF handling the brakeman result descriptions are used now instead of the generic rule descriptions. So the test failed - The result description are superior to the generic ones, so the handling is now better - Adopted test
- same as in former junit test: the description for brakeman is now containing the dedicated description instead the generic one. So okay and changed test
- fixed problem by handling scan type being null - improved TestAPI, introduced test sechub job status object - changed TestAPI.waitForJobDone so when job is failed the check will immediately break the test. So faster response with better output what was the real problem.
- keep PDS scan type and SecHub scan types in sync
- one restart integration test did fail - the others restart integration tests could be flaky when not explicit allowing to fail in the meantime - added additional parameter 'jobMayNeverFail' where caller can define if job failing is allowed or not in meantime - introduced 2 new methods to handle this convinient inside tests - changed TestExecutable and AbstractTestExecutable: the former run and runImpl methods had wrong javadoc and also it was not clear what the resulting boolean stood for
- comments changed - javadoc added/improved - fixed sechub repot web equals/hashCode impl - made some fields private - dropped unnecessary injections
- "positve" to "positive" #606 - "evicence" to "evidence"
Jeeppler
requested changes
Feb 4, 2022
...b-commons-core/src/test/java/com/daimler/sechub/commons/core/util/SimpleStringUtilsTest.java
Outdated
Show resolved
Hide resolved
...ommons-model/src/main/java/com/daimler/sechub/commons/model/web/SecHubReportWebResponse.java
Show resolved
Hide resolved
sechub-commons-model/src/test/java/com/daimler/sechub/commons/model/SecHubFindingTest.java
Show resolved
Hide resolved
sechub-doc/src/docs/asciidoc/documents/shared/concepts/concept_falsepositive_handling.adoc
Outdated
Show resolved
Hide resolved
sechub-doc/src/docs/asciidoc/documents/shared/concepts/concept_falsepositive_handling.adoc
Outdated
Show resolved
Hide resolved
sechub-scan/src/main/resources/templates/report/html/fragments.html
Outdated
Show resolved
Hide resolved
sechub-scan/src/main/resources/templates/report/html/headers.html
Outdated
Show resolved
Hide resolved
sechub-scan/src/main/resources/templates/report/html/headers.html
Outdated
Show resolved
Hide resolved
sechub-sereco/src/main/java/com/daimler/sechub/sereco/importer/SarifV1JSONImporter.java
Show resolved
Hide resolved
sechub-sereco/src/main/java/com/daimler/sechub/sereco/metadata/SerecoVulnerability.java
Outdated
Show resolved
Hide resolved
- fixed test - changed tests to parametrized - added junit params for commons sub project testing - improved documentation
- html formatted - removed unnecessary/duplicated parts from documentation - updated documentation - handled grammar issues
- changed html styles to dedicated css classes - changed css styling so HTML report uses full width where possible
- updated documentation - fixed typos - updated comments
# Conflicts: # libraries.gradle
Jeeppler
requested changes
Feb 11, 2022
...n/java/com/daimler/sechub/domain/scan/product/sereco/SerecoFalsePositiveWebScanStrategy.java
Outdated
Show resolved
Hide resolved
sechub-scan/src/main/resources/templates/report/html/fragments.html
Outdated
Show resolved
Hide resolved
- fixed typos - dropped manufactor dependant css
de-jcup
deleted the
feature-606-provide-zap-and-improve-report-format
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR