From 48d4fbab5e674b9ae7c4ff731f8d418ffa5b0994 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 11 Aug 2023 10:14:27 +0200 Subject: [PATCH 1/4] Remove deprecated userId Signed-off-by: Heiko Kiesel --- .../strategies/VersionedEngagementsStrategy.java | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategy.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategy.java index 3d7ef0debf..b11778e331 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategy.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategy.java @@ -72,19 +72,14 @@ public void init(Config defectDojoConfig, PersistenceProviderConfig persistenceP @Override public List run(Scan scan, ScanFile scanResultFile) throws Exception { - Long userId = null; - if (this.config.getUserId() != null) { - LOG.debug("Using configured User Id"); - userId = this.config.getUserId(); - } else { - LOG.debug("Getting DefectDojo User Id via user profile API"); - List userProfiles = userProfileService.search(); - if (userProfiles.isEmpty()) { + LOG.debug("Getting DefectDojo User Id via user profile API"); + Long userId = null; + List userProfiles = userProfileService.search(); + if (userProfiles.isEmpty()) { throw new DefectDojoPersistenceException("UserProfileService did return empty list. Expected current user to be in list"); - } else { + } else { userId = userProfiles.get(0).getUser().getId(); - } } LOG.info("Running with DefectDojo User Id: {}", userId); From 6162a9a9bfce94e33a442e3bb4b215dc7eb2b8ca Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 11 Aug 2023 10:15:42 +0200 Subject: [PATCH 2/4] Adjust tests to work independently of Config class Signed-off-by: Heiko Kiesel --- .../mapping/DefectDojoFindingToSecureCodeBoxMapperTest.java | 4 +++- .../strategies/VersionedEngagementsStrategyTest.java | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/DefectDojoFindingToSecureCodeBoxMapperTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/DefectDojoFindingToSecureCodeBoxMapperTest.java index 17dece33e7..20e0bcb3f6 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/DefectDojoFindingToSecureCodeBoxMapperTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/DefectDojoFindingToSecureCodeBoxMapperTest.java @@ -37,11 +37,13 @@ class DefectDojoFindingToSecureCodeBoxMapperTest { @Mock FindingService findingService; + @Mock + Config config; + Finding exampleFinding; @BeforeEach public void setup(){ - var config = new Config("http://example.defectdojo.com", "placeholder", "placeholder", 1000); this.mapper = new DefectDojoFindingToSecureCodeBoxMapper(config, endpointService, findingService); this.exampleFinding = Finding.builder() diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategyTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategyTest.java index 9492bc1091..cc94ca3031 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategyTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategyTest.java @@ -52,11 +52,14 @@ public class VersionedEngagementsStrategyTest { @Mock ImportScanService importScanService; + @Mock + Config config; + Scan scan; @BeforeEach public void setup() throws Exception { - versionedEngagementsStrategy.config = new Config("https://defectdojo.example.com", "", "foobar", 1000); + versionedEngagementsStrategy.config = config; versionedEngagementsStrategy.persistenceProviderConfig = new PersistenceProviderConfig(new String[]{"http://example.com","http://example.com"}); scan = new Scan(); From a121809354a92339d596ba65cd232cd4893fdfd7 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 11 Aug 2023 10:16:42 +0200 Subject: [PATCH 3/4] Refactoring Signed-off-by: Heiko Kiesel --- ...fectDojoFindingToSecureCodeBoxMapperTest.java | 16 +++++++--------- .../VersionedEngagementsStrategyTest.java | 6 ++---- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/DefectDojoFindingToSecureCodeBoxMapperTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/DefectDojoFindingToSecureCodeBoxMapperTest.java index 20e0bcb3f6..6a017acdde 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/DefectDojoFindingToSecureCodeBoxMapperTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/DefectDojoFindingToSecureCodeBoxMapperTest.java @@ -18,12 +18,12 @@ import org.mockito.junit.jupiter.MockitoExtension; import java.time.Instant; -import java.time.LocalDateTime; import java.time.OffsetDateTime; import java.time.ZoneId; import java.util.List; -import static org.junit.jupiter.api.Assertions.*; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.mockito.Mockito.when; @ExtendWith(MockitoExtension.class) @@ -43,7 +43,7 @@ class DefectDojoFindingToSecureCodeBoxMapperTest { Finding exampleFinding; @BeforeEach - public void setup(){ + public void setup() { this.mapper = new DefectDojoFindingToSecureCodeBoxMapper(config, endpointService, findingService); this.exampleFinding = Finding.builder() @@ -61,7 +61,7 @@ public void setup(){ } @Test - public void shouldMapBasicFindings(){ + public void shouldMapBasicFindings() { // Typical ZAP Finding in DefectDojo var ddFinding = exampleFinding; @@ -96,7 +96,7 @@ public void shouldMapBasicFindings(){ } @Test - public void shouldIncludeOriginalDuplicateFindingInAttributes(){ + public void shouldIncludeOriginalDuplicateFindingInAttributes() { // Typical ZAP Finding in DefectDojo var ddFinding = exampleFinding; @@ -136,7 +136,7 @@ public void shouldIncludeOriginalDuplicateFindingInAttributes(){ } @Test - public void shouldNotBeStuckInARecursiveLoop(){ + public void shouldNotBeStuckInARecursiveLoop() { // Typical ZAP Finding in DefectDojo var ddFinding = exampleFinding; @@ -161,9 +161,7 @@ public void shouldNotBeStuckInARecursiveLoop(){ when(findingService.get(7L)).thenReturn(originalFinding); - var exception = Assertions.assertThrows(RuntimeException.class, () -> { - this.mapper.fromDefectDojoFinding(ddFinding); - }); + var exception = Assertions.assertThrows(RuntimeException.class, () -> this.mapper.fromDefectDojoFinding(ddFinding)); assertEquals( "Duplicate finding does not point to the actual original finding, as the original finding (id: 7) is also a duplicate. This should never happen.", diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategyTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategyTest.java index cc94ca3031..87ce520cb6 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategyTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/strategies/VersionedEngagementsStrategyTest.java @@ -24,9 +24,7 @@ import java.util.ArrayList; import java.util.List; -import java.util.Optional; -import static org.mockito.Mockito.any; import static org.mockito.Mockito.when; @ExtendWith(MockitoExtension.class) @@ -58,7 +56,7 @@ public class VersionedEngagementsStrategyTest { Scan scan; @BeforeEach - public void setup() throws Exception { + public void setup() { versionedEngagementsStrategy.config = config; versionedEngagementsStrategy.persistenceProviderConfig = new PersistenceProviderConfig(new String[]{"http://example.com","http://example.com"}); @@ -77,7 +75,7 @@ public void setup() throws Exception { @Test @DisplayName("Fails when Configured User can not be looked up in the DefectDojo API") void requiresUserToBeFound() throws Exception { - when(userProfileService.search()).thenReturn(new ArrayList()); + when(userProfileService.search()).thenReturn(new ArrayList<>()); Assertions.assertThrows(DefectDojoPersistenceException.class, () -> { versionedEngagementsStrategy.run(scan, new ScanFile("nmap.xml","")); From 2cd8c942008cacc12059186f268abccd20b96945 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 11 Aug 2023 10:17:15 +0200 Subject: [PATCH 4/4] Bump defectdojo-client version from 1.0.0-SNAPSHOT to 1.0.0 Signed-off-by: Heiko Kiesel --- hooks/persistence-defectdojo/hook/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/persistence-defectdojo/hook/build.gradle b/hooks/persistence-defectdojo/hook/build.gradle index 2a09866751..4b41cd7a6f 100644 --- a/hooks/persistence-defectdojo/hook/build.gradle +++ b/hooks/persistence-defectdojo/hook/build.gradle @@ -24,7 +24,7 @@ repositories { dependencies { implementation 'io.kubernetes:client-java:18.0.1' - implementation 'io.securecodebox:defectdojo-client:1.0.0-SNAPSHOT' + implementation 'io.securecodebox:defectdojo-client:1.0.0' implementation group: 'org.springframework', name: 'spring-web', version: '5.3.28' implementation 'com.fasterxml.jackson.core:jackson-core:2.15.2'