diff --git a/sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/ConfigurationFailureException.java b/sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/ConfigurationFailureException.java index 1c1919643..c089e29f3 100644 --- a/sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/ConfigurationFailureException.java +++ b/sechub-commons-core/src/main/java/com/mercedesbenz/sechub/commons/core/ConfigurationFailureException.java @@ -3,6 +3,8 @@ public class ConfigurationFailureException extends Exception { + private static final long serialVersionUID = -384180667154600386L; + public ConfigurationFailureException(String message) { super(message); } @@ -11,6 +13,4 @@ public ConfigurationFailureException(String message, Throwable cause) { super(message, cause); } - private static final long serialVersionUID = -384180667154600386L; - } \ No newline at end of file diff --git a/sechub-doc/src/docs/asciidoc/documents/shared/snippet/pds-param-template-metadata-syntax.json b/sechub-doc/src/docs/asciidoc/documents/shared/snippet/pds-param-template-metadata-syntax.json index 13346713f..85e400cf1 100644 --- a/sechub-doc/src/docs/asciidoc/documents/shared/snippet/pds-param-template-metadata-syntax.json +++ b/sechub-doc/src/docs/asciidoc/documents/shared/snippet/pds-param-template-metadata-syntax.json @@ -1,7 +1,7 @@ [ //<1> { "templateId" : "templateId", //<2> - "tempplateType": "WEBSCAN_LOGIN", //<3> + "templateType": "WEBSCAN_LOGIN", //<3> "assetData" : { //<4> "assetId" : "assetId", //<5> diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFile.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFile.java index 36bac1cf8..55e691b30 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFile.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFile.java @@ -41,6 +41,7 @@ public enum ExampleFile { WEBSCAN_FORM_BASED_SCRIPT_AUTH_WITH_TOTP("src/docs/asciidoc/documents/shared/configuration/sechub_config_example21_webscan_login_form_with_totp.json"), + PDS_PARAM_TEMPLATE_META_DATA_SYNTAX("src/docs/asciidoc/documents/shared/snippet/pds-param-template-metadata-syntax.json"); ; private String path; diff --git a/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFilesValidTest.java b/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFilesValidTest.java index 786c247b7..16efbcbd7 100644 --- a/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFilesValidTest.java +++ b/sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFilesValidTest.java @@ -13,7 +13,10 @@ import com.mercedesbenz.sechub.commons.model.*; import com.mercedesbenz.sechub.commons.model.login.*; +import com.mercedesbenz.sechub.commons.model.template.TemplateType; import com.mercedesbenz.sechub.commons.pds.PDSDefaultParameterKeyConstants; +import com.mercedesbenz.sechub.commons.pds.data.PDSTemplateMetaData; +import com.mercedesbenz.sechub.commons.pds.data.PDSTemplateMetaData.PDSAssetData; import com.mercedesbenz.sechub.pds.commons.core.config.PDSProductParameterDefinition; import com.mercedesbenz.sechub.pds.commons.core.config.PDSProductParameterSetup; import com.mercedesbenz.sechub.pds.commons.core.config.PDSProductSetup; @@ -310,6 +313,28 @@ void webscan_form_based_script_auth_with_totp_can_be_read_and_contains_expected_ assertEquals(EncodingType.BASE64, totp.getEncodingType()); } + @Test + void pds_param_template_metadata_array_syntax_example_is_valid() { + /* prepare */ + String json = TestFileReader.readTextFromFile(ExampleFile.PDS_PARAM_TEMPLATE_META_DATA_SYNTAX.getPath()); + + /* execute */ + List result = JSONConverter.get().fromJSONtoListOf(PDSTemplateMetaData.class, json); + + /* test */ + assertEquals(1, result.size()); + PDSTemplateMetaData data = result.iterator().next(); + assertEquals("templateId", data.getTemplateId()); + assertEquals(TemplateType.WEBSCAN_LOGIN, data.getTemplateType()); + + PDSAssetData assetData = data.getAssetData(); + assertNotNull(assetData); + assertEquals("assetId", assetData.getAssetId()); + assertEquals("fileChecksum", assetData.getChecksum()); + assertEquals("fileName", assetData.getFileName()); + + } + private void assertDefaultValue(PDSProductSetup setup, boolean isMandatory, String parameterKey, String expectedDefault) { PDSProductParameterSetup parameters = setup.getParameters(); List list = null; diff --git a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/asset/AssetService.java b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/asset/AssetService.java index 87ae96193..38e4306b3 100644 --- a/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/asset/AssetService.java +++ b/sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/asset/AssetService.java @@ -66,30 +66,34 @@ public class AssetService { } /* @formatter:on */ - @UseCaseAdminUploadsAssetFile(@Step(number = 2, name = "Service tries to upload file for asset", description = "Uploaded file will be stored in database and in storage")) - public void uploadAssetFile(String assetId, MultipartFile multipartFile, String checkSum) { + @UseCaseAdminDeletesAssetCompletely(@Step(number = 2, name = "Services deletes all asset parts")) + @Transactional + public void deleteAsset(String assetId) throws IOException { inputAssertion.assertIsValidAssetId(assetId); - inputAssertion.assertIsValidSha256Checksum(checkSum); + repository.deleteAssetFilesHavingAssetId(assetId); + storageService.createAssetStorage(assetId).deleteAll(); + } - String fileName = assertAssetFile(multipartFile); + @UseCaseAdminDeletesOneFileFromAsset(@Step(number = 2, name = "Services deletes file from asset")) + public void deleteAssetFile(String assetId, String fileName) throws IOException { + inputAssertion.assertIsValidAssetId(assetId); + inputAssertion.assertIsValidAssetFileName(fileName); - handleChecksumValidation(fileName, multipartFile, checkSum, assetId); + repository.deleteById(AssetFileCompositeKey.builder().assetId(assetId).fileName(fileName).build()); + storageService.createAssetStorage(assetId).delete(fileName); + } - try { - /* now store */ - byte[] bytes = multipartFile.getBytes(); - persistFileAndChecksumInDatabase(fileName, bytes, checkSum, assetId); + @UseCaseAdminDownloadsAssetFile(@Step(number = 2, name = "Service downloads asset file from database")) + public void downloadAssetFile(String assetId, String fileName, ServletOutputStream outputStream) throws IOException { + inputAssertion.assertIsValidAssetId(assetId); + inputAssertion.assertIsValidAssetFileName(fileName); - ensureAssetFileInStorageAvailableAndHasSameChecksumAsInDatabase(fileName, assetId); + notNull(outputStream, "output stream may not be null!"); - LOG.info("Successfully uploaded file '{}' for asset '{}'", fileName, assetId); + AssetFile assetFile = assertAssetFileFromDatabase(assetId, fileName); + outputStream.write(assetFile.getData()); - } catch (IOException e) { - throw new SecHubRuntimeException("Was not able to upload file '" + fileName + "' for asset '" + assetId + "'", e); - } catch (ConfigurationFailureException e) { - throw new IllegalStateException("A configuration failure should not happen at this point!", e); - } } /** @@ -143,16 +147,63 @@ public void ensureAssetFileInStorageAvailableAndHasSameChecksumAsInDatabase(Stri } - private void persistFileAndChecksumInDatabase(String fileName, byte[] bytes, String checkSum, String assetId) throws IOException { - /* delete if exists */ - AssetFileCompositeKey key = AssetFileCompositeKey.builder().assetId(assetId).fileName(fileName).build(); - repository.deleteById(key); + @UseCaseAdminFetchesAssetIds(@Step(number = 2, name = "Service fetches all asset ids from database")) + public List fetchAllAssetIds() { + return repository.fetchAllAssetIds(); + } - AssetFile assetFile = new AssetFile(key); - assetFile.setChecksum(checkSum); - assetFile.setData(bytes); + /** + * Fetches asset details (from database) + * + * @param assetId asset identifier + * @return detail data + * @throws NotFoundException when no asset exists for given identifier + */ + @UseCaseAdminFetchesAssetDetails(@Step(number = 2, name = "Service fetches asset details for given asset id")) + public AssetDetailData fetchAssetDetails(String assetId) { + inputAssertion.assertIsValidAssetId(assetId); - repository.save(assetFile); + List assetFiles = repository.fetchAllAssetFilesWithAssetId(assetId); + if (assetFiles.isEmpty()) { + throw new NotFoundException("No asset data available for asset id:" + assetId); + } + + AssetDetailData data = new AssetDetailData(); + data.setAssetId(assetId); + for (AssetFile assetFile : assetFiles) { + AssetFileData information = new AssetFileData(); + information.setFileName(assetFile.getKey().getFileName()); + information.setChecksum(assetFile.getChecksum()); + data.getFiles().add(information); + } + + return data; + } + + @UseCaseAdminUploadsAssetFile(@Step(number = 2, name = "Service tries to upload file for asset", description = "Uploaded file will be stored in database and in storage")) + public void uploadAssetFile(String assetId, MultipartFile multipartFile, String checkSum) { + inputAssertion.assertIsValidAssetId(assetId); + + inputAssertion.assertIsValidSha256Checksum(checkSum); + + String fileName = assertAssetFile(multipartFile); + + handleChecksumValidation(fileName, multipartFile, checkSum, assetId); + + try { + /* now store */ + byte[] bytes = multipartFile.getBytes(); + persistFileAndChecksumInDatabase(fileName, bytes, checkSum, assetId); + + ensureAssetFileInStorageAvailableAndHasSameChecksumAsInDatabase(fileName, assetId); + + LOG.info("Successfully uploaded file '{}' for asset '{}'", fileName, assetId); + + } catch (IOException e) { + throw new SecHubRuntimeException("Was not able to upload file '" + fileName + "' for asset '" + assetId + "'", e); + } catch (ConfigurationFailureException e) { + throw new IllegalStateException("A configuration failure should not happen at this point!", e); + } } private String assertAssetFile(MultipartFile file) { @@ -169,15 +220,14 @@ private String assertAssetFile(MultipartFile file) { return fileName; } - private void handleChecksumValidation(String fileName, MultipartFile file, String checkSum, String assetid) { - try (InputStream inputStream = file.getInputStream()) { - /* validate */ - assertCheckSumCorrect(checkSum, inputStream); - - } catch (IOException e) { - LOG.error("Was not able to validate uploaded file checksum for file '{}' in asset '{}'", fileName, assetid, e); - throw new SecHubRuntimeException("Was not able to validate uploaded asset checksum"); + private AssetFile assertAssetFileFromDatabase(String assetId, String fileName) { + AssetFileCompositeKey key = AssetFileCompositeKey.builder().assetId(assetId).fileName(fileName).build(); + Optional result = repository.findById(key); + if (result.isEmpty()) { + throw new NotFoundException("For asset:" + assetId + " no file with name:" + fileName + " exists!"); } + AssetFile assetFile = result.get(); + return assetFile; } private void assertCheckSumCorrect(String checkSum, InputStream inputStream) { @@ -187,88 +237,38 @@ private void assertCheckSumCorrect(String checkSum, InputStream inputStream) { } } - private void storeStream(String fileName, String checkSum, AssetStorage assetStorage, long fileSize, InputStream inputStream) throws IOException { - assetStorage.store(fileName, inputStream, fileSize); - - long checksumSizeInBytes = checkSum.getBytes().length; - assetStorage.store(createFileNameForChecksum(fileName), new StringInputStream(checkSum), checksumSizeInBytes); - } - private String createFileNameForChecksum(String fileName) { return fileName + DOT_CHECKSUM; } - @UseCaseAdminDownloadsAssetFile(@Step(number = 2, name = "Service downloads asset file from database")) - public void downloadAssetFile(String assetId, String fileName, ServletOutputStream outputStream) throws IOException { - inputAssertion.assertIsValidAssetId(assetId); - inputAssertion.assertIsValidAssetFileName(fileName); - - notNull(outputStream, "output stream may not be null!"); - - AssetFile assetFile = assertAssetFileFromDatabase(assetId, fileName); - outputStream.write(assetFile.getData()); - - } + private void handleChecksumValidation(String fileName, MultipartFile file, String checkSum, String assetid) { + try (InputStream inputStream = file.getInputStream()) { + /* validate */ + assertCheckSumCorrect(checkSum, inputStream); - private AssetFile assertAssetFileFromDatabase(String assetId, String fileName) { - AssetFileCompositeKey key = AssetFileCompositeKey.builder().assetId(assetId).fileName(fileName).build(); - Optional result = repository.findById(key); - if (result.isEmpty()) { - throw new NotFoundException("For asset:" + assetId + " no file with name:" + fileName + " exists!"); + } catch (IOException e) { + LOG.error("Was not able to validate uploaded file checksum for file '{}' in asset '{}'", fileName, assetid, e); + throw new SecHubRuntimeException("Was not able to validate uploaded asset checksum"); } - AssetFile assetFile = result.get(); - return assetFile; } - @UseCaseAdminFetchesAssetIds(@Step(number = 2, name = "Service fetches all asset ids from database")) - public List fetchAllAssetIds() { - return repository.fetchAllAssetIds(); - } - - /** - * Fetches asset details (from database) - * - * @param assetId asset identifier - * @return detail data - * @throws NotFoundException when no asset exists for given identifier - */ - @UseCaseAdminFetchesAssetDetails(@Step(number = 2, name = "Service fetches asset details for given asset id")) - public AssetDetailData fetchAssetDetails(String assetId) { - inputAssertion.assertIsValidAssetId(assetId); - - List assetFiles = repository.fetchAllAssetFilesWithAssetId(assetId); - if (assetFiles.isEmpty()) { - throw new NotFoundException("No asset data available for asset id:" + assetId); - } - - AssetDetailData data = new AssetDetailData(); - data.setAssetId(assetId); - for (AssetFile assetFile : assetFiles) { - AssetFileData information = new AssetFileData(); - information.setFileName(assetFile.getKey().getFileName()); - information.setChecksum(assetFile.getChecksum()); - data.getFiles().add(information); - } - - return data; - } + private void persistFileAndChecksumInDatabase(String fileName, byte[] bytes, String checkSum, String assetId) throws IOException { + /* delete if exists */ + AssetFileCompositeKey key = AssetFileCompositeKey.builder().assetId(assetId).fileName(fileName).build(); + repository.deleteById(key); - @UseCaseAdminDeletesOneFileFromAsset(@Step(number = 2, name = "Services deletes file from asset")) - public void deleteAssetFile(String assetId, String fileName) throws IOException { - inputAssertion.assertIsValidAssetId(assetId); - inputAssertion.assertIsValidAssetFileName(fileName); + AssetFile assetFile = new AssetFile(key); + assetFile.setChecksum(checkSum); + assetFile.setData(bytes); - repository.deleteById(AssetFileCompositeKey.builder().assetId(assetId).fileName(fileName).build()); - storageService.createAssetStorage(assetId).delete(fileName); + repository.save(assetFile); } - @UseCaseAdminDeletesAssetCompletely(@Step(number = 2, name = "Services deletes all asset parts")) - @Transactional - public void deleteAsset(String assetId) throws IOException { - inputAssertion.assertIsValidAssetId(assetId); + private void storeStream(String fileName, String checkSum, AssetStorage assetStorage, long fileSize, InputStream inputStream) throws IOException { + assetStorage.store(fileName, inputStream, fileSize); - repository.deleteAssetFilesHavingAssetId(assetId); - storageService.createAssetStorage(assetId).deleteAll(); + long checksumSizeInBytes = checkSum.getBytes().length; + assetStorage.store(createFileNameForChecksum(fileName), new StringInputStream(checkSum), checksumSizeInBytes); } } diff --git a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/asset/AssetFileInformationTest.java b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/asset/AssetFileInformationTest.java index 05d571091..f30f66348 100644 --- a/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/asset/AssetFileInformationTest.java +++ b/sechub-scan/src/test/java/com/mercedesbenz/sechub/domain/scan/asset/AssetFileInformationTest.java @@ -59,7 +59,7 @@ void equals_returns_false_when_checksums_are_NOT_same() { info1.setFileName(sameFileName); AssetFileData info2 = new AssetFileData(); - info1.setChecksum("cecksum-2"); + info2.setChecksum("checksum-2"); info2.setFileName(sameFileName); /* execute + test */ @@ -76,7 +76,7 @@ void equals_returns_false_when_checksums_and_filename_are_NOT_same() { info1.setFileName("file-1"); AssetFileData info2 = new AssetFileData(); - info1.setChecksum("cecksum-2"); + info2.setChecksum("checksum-2"); info2.setFileName("file-2"); /* execute + test */ diff --git a/sechub-storage-sharedvolume-spring/src/main/java/com/mercedesbenz/sechub/storage/sharevolume/spring/AbstractSharedVolumeStorage.java b/sechub-storage-sharedvolume-spring/src/main/java/com/mercedesbenz/sechub/storage/sharevolume/spring/AbstractSharedVolumeStorage.java index 6b30cdcff..8b75a9845 100644 --- a/sechub-storage-sharedvolume-spring/src/main/java/com/mercedesbenz/sechub/storage/sharevolume/spring/AbstractSharedVolumeStorage.java +++ b/sechub-storage-sharedvolume-spring/src/main/java/com/mercedesbenz/sechub/storage/sharevolume/spring/AbstractSharedVolumeStorage.java @@ -52,7 +52,7 @@ public AbstractSharedVolumeStorage(Path rootLocation, String rootStoragePath, Ob } this.relativePath = volumePath.relativize(rootLocation).toAbsolutePath().normalize(); - LOG.debug("Created {} with releative path:{}, volumePath: {}", getClass().getSimpleName(), relativePath, volumePath); + LOG.debug("Created {} with relative path:{}, volumePath: {}", getClass().getSimpleName(), relativePath, volumePath); } @Override @@ -114,7 +114,7 @@ public void delete(String name) throws IOException { Path path = getPathToFile(name); if (!Files.exists(path)) { - LOG.debug("File '{}' did not exis in volumePatht: {}, skip deletion", name, volumePath); + LOG.debug("File '{}' did not exist in volumePath: {}, skip deletion", name, volumePath); return; } Files.delete(path);