New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature 606 provide zap and improve report format #947
Feature 606 provide zap and improve report format #947
Conversation
- implemented web data parts (request and response) - changed toString and hashCode + equals implementations - enhanced assert object for vulnerabilities - changed also importerToTest to non static but normal field so having no side effects inside tests - added tests
- dropped some unused parts from sechub finding (website, method, ...O) - introduced new web json element - sereco web data now transformed to sechub report web element - added some overall tests (see Sarif2Sereco2SecHubReportTest) which are very fast. We already test if sarif reporting works generally in existing integration tests.
- renamed old,but unused, field/getters/setters from "resolution" to "solution" - sereco product transformer now transforms "solution" also into sechub report
- changed from "Open/Close Callstack" to "Open/Close details"
- fixed small bug #951 - Provide now a TestUtilmethod to create temporary files located inside "build/sechub/tmp/**" #651 - created ThymeLeafHTMLReportingTest to simplify HTML report designing: It uses real origin product data and generates HTML test output without a running SecHub server. Testfile names are fix and do not change
- improved output for web report data inside report
27ffe4e
to
15e1a48
Compare
- checkmarx thymeleaf example4 added - separated more thymeleaf fragements + created new fragement files - fallback messages (solution,description) implemented for #955
- Renamed asciidoc file to clarify content - purged unnecessary plantuml title - improved figure description - dropped accidently added png
- refactored false positive merger: separated meta data creation into own factory class - wrote tests - adopted tests
- improved PojoTester error output - purged duplicated test - SarifObject final method modifier removed, because mocking does not work this way
- we have now web attribute and so dropped field url and it setters, getters. same for assert methods - implemented netsparker url setting in new way (but only target url as before)
- example json has been moved so one test failed. fixed path - property bags are optional and can be null. The old implementations (before SarifObject) did some fallback mechanism. But to handle the optional part and also to keep getter/setter stupid, SarifObject just returns null when not defined. So upated teste - moved test of null handling of property bag key value combinations from ResultTest to PropertyBagTest
- after the changes on SARIF handling the brakeman result descriptions are used now instead of the generic rule descriptions. So the test failed - The result description are superior to the generic ones, so the handling is now better - Adopted test
- same as in former junit test: the description for brakeman is now containing the dedicated description instead the generic one. So okay and changed test
- fixed problem by handling scan type being null - improved TestAPI, introduced test sechub job status object - changed TestAPI.waitForJobDone so when job is failed the check will immediately break the test. So faster response with better output what was the real problem.
- keep PDS scan type and SecHub scan types in sync
- one restart integration test did fail - the others restart integration tests could be flaky when not explicit allowing to fail in the meantime - added additional parameter 'jobMayNeverFail' where caller can define if job failing is allowed or not in meantime - introduced 2 new methods to handle this convinient inside tests - changed TestExecutable and AbstractTestExecutable: the former run and runImpl methods had wrong javadoc and also it was not clear what the resulting boolean stood for
- comments changed - javadoc added/improved - fixed sechub repot web equals/hashCode impl - made some fields private - dropped unnecessary injections
- "positve" to "positive" #606 - "evicence" to "evidence"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comments.
...b-commons-core/src/test/java/com/daimler/sechub/commons/core/util/SimpleStringUtilsTest.java
Outdated
Show resolved
Hide resolved
...ommons-model/src/main/java/com/daimler/sechub/commons/model/web/SecHubReportWebResponse.java
Show resolved
Hide resolved
sechub-commons-model/src/test/java/com/daimler/sechub/commons/model/SecHubFindingTest.java
Show resolved
Hide resolved
sechub-doc/src/docs/asciidoc/documents/shared/concepts/concept_falsepositive_handling.adoc
Outdated
Show resolved
Hide resolved
sechub-doc/src/docs/asciidoc/documents/shared/concepts/concept_falsepositive_handling.adoc
Outdated
Show resolved
Hide resolved
sechub-scan/src/main/resources/templates/report/html/fragments.html
Outdated
Show resolved
Hide resolved
sechub-scan/src/main/resources/templates/report/html/headers.html
Outdated
Show resolved
Hide resolved
sechub-scan/src/main/resources/templates/report/html/headers.html
Outdated
Show resolved
Hide resolved
sechub-sereco/src/main/java/com/daimler/sechub/sereco/importer/SarifV1JSONImporter.java
Show resolved
Hide resolved
sechub-sereco/src/main/java/com/daimler/sechub/sereco/metadata/SerecoVulnerability.java
Outdated
Show resolved
Hide resolved
- fixed test - changed tests to parametrized - added junit params for commons sub project testing - improved documentation
- html formatted - removed unnecessary/duplicated parts from documentation - updated documentation - handled grammar issues
- changed html styles to dedicated css classes - changed css styling so HTML report uses full width where possible
- updated documentation - fixed typos - updated comments
# Conflicts: # libraries.gradle
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall it looks good. However, I still found a few small issues. Please have a look at the comments.
...n/java/com/daimler/sechub/domain/scan/product/sereco/SerecoFalsePositiveWebScanStrategy.java
Outdated
Show resolved
Hide resolved
sechub-scan/src/main/resources/templates/report/html/fragments.html
Outdated
Show resolved
Hide resolved
- fixed typos - dropped manufactor dependant css
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
This PR