ArchUnit tests for SecHub

- added archUnit tests for sechub project
- fixed rule violations in existing code

gradle/libraries.gradle

@@ -88,13 +88,16 @@ ext {
       cycloneDX_core:                          "8.0.0",
       cyclonedx_gradle_plugin:                 "1.7.4",
 
-      /* Prepare wrapper */
-      jgit_core:                                "6.9.0.202403050737-r",
-
+     /* Prepare wrapper */
+     jgit_core:                                "6.9.0.202403050737-r",
+
+     /* ArchUnit */
+     arch_unit:                                "1.3.0",
+
       /* encryption */
       // https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on
       bouncy_castle_bcprov_jdk8:                "1.78.1"
-    
+
    ]    
 
    library = [
@@ -192,9 +195,11 @@ ext {
         cycloneDX_core:                         "org.cyclonedx:cyclonedx-core-java:${libraryVersion.cycloneDX_core}",
 
         jgit_core:                              "org.eclipse.jgit:org.eclipse.jgit:${libraryVersion.jgit_core}",
-
+
+        arch_unit:                             "com.tngtech.archunit:archunit-junit5:${libraryVersion.arch_unit}",
+
         bouncy_castle_bcprov_jdk8:              "org.bouncycastle:bcprov-jdk18on:${libraryVersion.bouncy_castle_bcprov_jdk8}"
-       
+
    ]
 
 

gradle/projects.gradle

@@ -53,8 +53,11 @@ projectType = [
                        to have dependency injection and access to some other spring boot parts */
                     project(':sechub-wrapper-checkmarx'),
                     project(':sechub-wrapper-prepare'),
-                    
+
                     project(':sechub-wrapper-secret-validator'),
+
+                    /* archUnit */
+                    project(':sechub-archunit-test')
             ],
 
             /* adapter projects - have simple spring dependencies, but know only sechub-adapter as base */
@@ -129,6 +132,10 @@ projectType = [
                     project(':sechub-doc'),
             ],
 
+            archUnitProjects: [
+                    // will be filled automatically in code below
+            ],
+
             noSpotless : [
                     project('sechub-examples:example-sechub-api-java'),
                     project('sechub-openapi-java-client')
@@ -153,3 +160,7 @@ projectType.javaProjects.addAll(projectType.springBootProjects)
 /* dynamically add all java projects as eclipse projects:*/
 projectType.eclipseProjects.addAll(projectType.javaProjects)
 projectType.eclipseProjects.addAll(projectType.goProjects)
+
+/* archUnit */
+projectType.archUnitProjects.addAll(projectType.javaProjects)
+projectType.archUnitProjects.remove(project(':sechub-archunit-test'))

sechub-adapter-checkmarx/src/main/java/com/mercedesbenz/sechub/adapter/checkmarx/CheckmarxResilienceConsultant.java

@@ -57,7 +57,7 @@ public ResilienceProposal consultFor(ResilienceContext context) {
 
         if (rootCause instanceof HttpClientErrorException) {
             HttpClientErrorException hce = (HttpClientErrorException) rootCause;
-            int statusCode = hce.getRawStatusCode();
+            int statusCode = hce.getStatusCode().value();
             if (statusCode == 400) {
                 /*
                  * BAD request - this can happen for same project scans put to queue because

sechub-adapter-checkmarx/src/main/java/com/mercedesbenz/sechub/adapter/checkmarx/support/CheckmarxProjectSupport.java

@@ -52,7 +52,7 @@ public void ensureProjectExists(CheckmarxContext context) throws AdapterExceptio
             context.setNewProject(false);
             return;
         } catch (HttpStatusCodeException e) {
-            if (e.getRawStatusCode() != 404) {
+            if (e.getStatusCode().value() != 404) {
                 /* only 404 - not found is accepted */
                 throw context.asAdapterException(
                         CheckmarxAdapter.CHECKMARX_MESSAGE_PREFIX + "HTTP status=" + e.getStatusCode() + " (expected was only 404 for non existing project)",

sechub-scan-product-checkmarx/src/test/java/com/mercedesbenz/sechub/domain/scan/product/checkmarx/CheckmarxResilienceCallbackTest.java → sechub-adapter-checkmarx/src/test/java/com/mercedesbenz/sechub/adapter/checkmarx/CheckmarxResilienceCallbackTest.java

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-package com.mercedesbenz.sechub.domain.scan.product.checkmarx;
+package com.mercedesbenz.sechub.adapter.checkmarx;
 
 import static org.junit.Assert.*;
 import static org.mockito.ArgumentMatchers.*;
@@ -10,9 +10,6 @@
 
 import com.mercedesbenz.sechub.adapter.AdapterMetaData;
 import com.mercedesbenz.sechub.adapter.AdapterMetaDataCallback;
-import com.mercedesbenz.sechub.adapter.checkmarx.CheckmarxMetaDataID;
-import com.mercedesbenz.sechub.adapter.checkmarx.CheckmarxResilienceCallback;
-import com.mercedesbenz.sechub.adapter.checkmarx.CheckmarxResilienceConsultant;
 import com.mercedesbenz.sechub.commons.core.resilience.ResilienceContext;
 
 public class CheckmarxResilienceCallbackTest {

sechub-adapter/src/test/java/com/mercedesbenz/sechub/adapter/APIURLSupportTest.java → sechub-adapter/src/test/java/com/mercedesbenz/sechub/adapter/support/APIURLSupportTest.java

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-package com.mercedesbenz.sechub.adapter;
+package com.mercedesbenz.sechub.adapter.support;
 
 import static org.junit.Assert.*;
 import static org.mockito.Mockito.*;
@@ -10,7 +10,7 @@
 import org.junit.Before;
 import org.junit.Test;
 
-import com.mercedesbenz.sechub.adapter.support.APIURLSupport;
+import com.mercedesbenz.sechub.adapter.AdapterConfig;
 
 public class APIURLSupportTest {
     private APIURLSupport supportToTest;

sechub-adapter/src/test/java/com/mercedesbenz/sechub/adapter/JSONAdapterSupportTest.java → sechub-adapter/src/test/java/com/mercedesbenz/sechub/adapter/support/JSONAdapterSupportTest.java

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-package com.mercedesbenz.sechub.adapter;
+package com.mercedesbenz.sechub.adapter.support;
 
 import static org.junit.Assert.*;
 import static org.mockito.ArgumentMatchers.*;
@@ -17,7 +17,10 @@
 import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.github.tomakehurst.wiremock.client.WireMock;
 import com.github.tomakehurst.wiremock.matching.StringValuePattern;
-import com.mercedesbenz.sechub.adapter.support.JSONAdapterSupport;
+import com.mercedesbenz.sechub.adapter.Adapter;
+import com.mercedesbenz.sechub.adapter.AdapterException;
+import com.mercedesbenz.sechub.adapter.AdapterLogId;
+import com.mercedesbenz.sechub.adapter.TraceIdProvider;
 import com.mercedesbenz.sechub.test.junit4.ExpectedExceptionFactory;
 
 public class JSONAdapterSupportTest {

sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/APITokenGenerator.java

@@ -4,9 +4,9 @@
 import java.util.Base64;
 import java.util.UUID;
 
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Component;
 
-@Service
+@Component
 public class APITokenGenerator {
 
     public String generateNewAPIToken() {

sechub-administration/src/main/java/com/mercedesbenz/sechub/domain/administration/OneTimeTokenGenerator.java

@@ -4,9 +4,9 @@
 import java.util.Base64;
 import java.util.UUID;
 
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Component;
 
-@Service
+@Component
 public class OneTimeTokenGenerator {
 
     public String generateNewOneTimeToken() {

sechub-analyzer-cli/src/main/java/com/mercedesbenz/sechub/analyzer/cli/SecHubAnalyzerApplication.java

@@ -12,8 +12,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.mercedesbenz.analyzer.model.AnalyzerResult;
 import com.mercedesbenz.sechub.analyzer.core.Analyzer;
+import com.mercedesbenz.sechub.analyzer.model.AnalyzerResult;
 
 import ch.qos.logback.classic.Level;
 

sechub-analyzer-cli/src/main/java/com/mercedesbenz/sechub/analyzer/core/Analyzer.java

@@ -14,8 +14,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.mercedesbenz.analyzer.model.AnalyzerResult;
-import com.mercedesbenz.analyzer.model.MarkerPair;
+import com.mercedesbenz.sechub.analyzer.model.AnalyzerResult;
+import com.mercedesbenz.sechub.analyzer.model.MarkerPair;
 
 /**
  * Main analyzer class which represents the entry point for callers. Starts

sechub-analyzer-cli/src/main/java/com/mercedesbenz/sechub/analyzer/core/FileProcessor.java

@@ -9,9 +9,9 @@
 import java.util.LinkedList;
 import java.util.List;
 
-import com.mercedesbenz.analyzer.model.Marker;
-import com.mercedesbenz.analyzer.model.MarkerPair;
-import com.mercedesbenz.analyzer.model.MarkerType;
+import com.mercedesbenz.sechub.analyzer.model.Marker;
+import com.mercedesbenz.sechub.analyzer.model.MarkerPair;
+import com.mercedesbenz.sechub.analyzer.model.MarkerType;
 
 /**
  * Searches through a file looking for SecHub markers

sechub-analyzer-cli/src/main/java/com/mercedesbenz/analyzer/model/AnalyzerResult.java → sechub-analyzer-cli/src/main/java/com/mercedesbenz/sechub/analyzer/model/AnalyzerResult.java

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-package com.mercedesbenz.analyzer.model;
+package com.mercedesbenz.sechub.analyzer.model;
 
 import java.io.IOException;
 import java.util.HashMap;

sechub-analyzer-cli/src/main/java/com/mercedesbenz/analyzer/model/DeepClonable.java → sechub-analyzer-cli/src/main/java/com/mercedesbenz/sechub/analyzer/model/DeepClonable.java

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-package com.mercedesbenz.analyzer.model;
+package com.mercedesbenz.sechub.analyzer.model;
 
 public interface DeepClonable<T> {
     public T deepClone();

sechub-analyzer-cli/src/main/java/com/mercedesbenz/analyzer/model/Marker.java → sechub-analyzer-cli/src/main/java/com/mercedesbenz/sechub/analyzer/model/Marker.java

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-package com.mercedesbenz.analyzer.model;
+package com.mercedesbenz.sechub.analyzer.model;
 
 public class Marker implements DeepClonable<Marker> {
 

sechub-analyzer-cli/src/main/java/com/mercedesbenz/analyzer/model/MarkerPair.java → sechub-analyzer-cli/src/main/java/com/mercedesbenz/sechub/analyzer/model/MarkerPair.java

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-package com.mercedesbenz.analyzer.model;
+package com.mercedesbenz.sechub.analyzer.model;
 
 /**
  * Represents always a pair of markers containing

sechub-analyzer-cli/src/main/java/com/mercedesbenz/analyzer/model/MarkerType.java → sechub-analyzer-cli/src/main/java/com/mercedesbenz/sechub/analyzer/model/MarkerType.java

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: MIT
-package com.mercedesbenz.analyzer.model;
+package com.mercedesbenz.sechub.analyzer.model;
 
 public enum MarkerType {
 

sechub-analyzer-cli/src/test/java/com/mercedesbenz/sechub/analyzer/core/AnalyzerTest.java

@@ -17,10 +17,10 @@
 import org.junit.Before;
 import org.junit.Test;
 
-import com.mercedesbenz.analyzer.model.AnalyzerResult;
-import com.mercedesbenz.analyzer.model.Marker;
-import com.mercedesbenz.analyzer.model.MarkerPair;
-import com.mercedesbenz.analyzer.model.MarkerType;
+import com.mercedesbenz.sechub.analyzer.model.AnalyzerResult;
+import com.mercedesbenz.sechub.analyzer.model.Marker;
+import com.mercedesbenz.sechub.analyzer.model.MarkerPair;
+import com.mercedesbenz.sechub.analyzer.model.MarkerType;
 
 /**
  * Integration Tests

sechub-analyzer-cli/src/test/java/com/mercedesbenz/sechub/analyzer/core/FileProcessorTest.java

@@ -14,9 +14,9 @@
 import org.junit.Before;
 import org.junit.Test;
 
-import com.mercedesbenz.analyzer.model.Marker;
-import com.mercedesbenz.analyzer.model.MarkerPair;
-import com.mercedesbenz.analyzer.model.MarkerType;
+import com.mercedesbenz.sechub.analyzer.model.Marker;
+import com.mercedesbenz.sechub.analyzer.model.MarkerPair;
+import com.mercedesbenz.sechub.analyzer.model.MarkerType;
 
 public class FileProcessorTest {
 

sechub-analyzer-cli/src/test/java/com/mercedesbenz/sechub/analyzer/model/AnalyzerResultTest.java

@@ -11,11 +11,6 @@
 
 import org.junit.Test;
 
-import com.mercedesbenz.analyzer.model.AnalyzerResult;
-import com.mercedesbenz.analyzer.model.Marker;
-import com.mercedesbenz.analyzer.model.MarkerPair;
-import com.mercedesbenz.analyzer.model.MarkerType;
-
 public class AnalyzerResultTest {
 
     @Test

sechub-analyzer-cli/src/test/java/com/mercedesbenz/sechub/analyzer/model/MarkerPairTest.java

@@ -6,10 +6,6 @@
 
 import org.junit.Test;
 
-import com.mercedesbenz.analyzer.model.Marker;
-import com.mercedesbenz.analyzer.model.MarkerPair;
-import com.mercedesbenz.analyzer.model.MarkerType;
-
 public class MarkerPairTest {
     @Test
     public void test_deepClone() {

sechub-analyzer-cli/src/test/java/com/mercedesbenz/sechub/analyzer/model/MarkerTest.java

@@ -6,9 +6,6 @@
 
 import org.junit.Test;
 
-import com.mercedesbenz.analyzer.model.Marker;
-import com.mercedesbenz.analyzer.model.MarkerType;
-
 public class MarkerTest {
     @Test
     public void test_deepClone() {

sechub-archunit-test/build.gradle

@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: MIT
+/*============================================================================
+* Build file for subproject
+*
+* Root build file: "${rootProject.projectDir}/build.gradle"
+* ============================================================================
+*/
+
+dependencies {
+    testImplementation library.springframework_web
+
+    for (project in projectType.archUnitProjects) {
+        testImplementation project
+    }
+
+    testImplementation spring_boot_dependency.junit_jupiter
+    testImplementation library.arch_unit
+}
+
+// executing archunit tests: ./gradlew sechub-archunit-test:test