Initial commit

On behalf of Daimler TSS GmbH.

.gitignore

@@ -0,0 +1,34 @@
+# customization files
+build-custom.gradle
+build-custom-buildscript.gradle
+build-custom-allprojects.gradle
+
+# eclipse parts
+bin/
+gen/
+src-gen/
+.metadata
+.lck
+.classpath
+.project
+.settings/
+
+# intellij parts
+*.iml
+.idea/
+*.ipr
+*.iws
+
+# gradle parts
+.gradle/
+
+# Build artifacts at all
+*.class
+build/
+*.jar
+*.log
+*.bak
+*.zip
+#*.json
+#!sechub.json
+

CONTRIBUTING.md

@@ -0,0 +1,40 @@
+<!-- SPDX-License-Identifier: MIT --->
+# Contributing
+
+This document explains how to contribute to this project.
+By contributing you will agree that your contribution will be put under the same license as this repository.
+
+## Table of Contents
+- Communication
+- Quick start
+- Contributions
+- Quality
+
+## Communication
+For communication please respect our [FOSS Code of Conduct](https://github.com/Daimler/daimler-foss/blob/master/CODE_OF_CONDUCT.md).
+
+The following communication channels exist for this project:
+- Github for reporting and claiming issues: https://github.com/daimler/sechub/issues
+
+Transparent and open communication is important to us. Thus, all project-related communication should happen only through these channels and in English. Issue-related communication should happen within the concerned issue.
+
+
+## Quick Start
+Please look at [First steps Wiki page](https://github.com/Daimler/sechub/wiki/First-steps)
+
+## Contributions
+If you would like to contribute code you can do so through Daimler GitHub by forking the repository and sending a pull request.
+
+When submitting code, please make every effort to follow existing conventions and style in order to keep the code as readable as possible.
+
+If you are new to contributing in Github, [First Contributions](https://github.com/firstcontributions/first-contributions) might be a good starting point.
+
+Before you can contribute, you will need to sign our [CLA](https://github.com/Daimler/daimler-foss/blob/master/CONTRIBUTORS_LICENSE_AGREEMENT.md) and send the signed CLA to [email protected]
+
+## Quality
+Please ensure that for all contributions, the corresponding documentation is in-sync and up-to-date. All documentation should be in English language.
+
+Please look into [Quality Wiki page](https://github.com/Daimler/sechub/wiki/Quality) for more details.
+
+We assume that for every non-trivial contribution, the project has been built and tested prior to the contribution.
+

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Daimler TSS GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,38 @@
+<!-- SPDX-License-Identifier: MIT -->
+# SecHub
+![SecHub Logo](https://github.com/Daimler/sechub/blob/master/sechub-doc/src/docs/asciidoc/images/sechub-logo.png)
+
+## Indented Usage
+
+SecHub represents a mechanism to integrate diverse security products like
+- static code analysis tools
+- web scanners
+- infrastructure scanners
+- ... maybe more in future
+
+by just using one simple API/client
+
+## Installation
+
+Please visit <https://github.com/daimler/sechub/wiki/> for detailed information.
+
+## Contributing
+
+We welcome any contributions.
+If you want to contribute to this project, please read the [contributing guide](CONTRIBUTING.md).
+
+## Code of Conduct
+
+Please read our [Code of Conduct](https://github.com/Daimler/daimler-foss/blob/master/CODE_OF_CONDUCT.md) as it is our base for interaction.
+
+## License
+
+This project is licensed under the [MIT LICENSE](LICENSE).
+
+## Provider Information
+
+Please visit <https://www.daimler-tss.com/en/imprint/> for information on the provider.
+
+Notice: Before you use the program in productive use, please take all necessary precautions,
+e.g. testing and verifying the program with regard to your specific use.
+The program was tested solely for our own use cases, which might differ from yours.

SECURITY.md

@@ -0,0 +1,6 @@
+<!-- SPDX-License-Identifier: MIT --->
+It is Daimler’s goal to offer its customers the best and most secure products such as connected cars and other services. Daimler values the work of security researchers and whitehat hackers who spend time and effort helping us to achieve this goal.
+
+For further Information please visit our [Vulnerability Reporting Policy](https://www.daimler.com/whitehat/)
+
+

apply-headers.sh

@@ -0,0 +1,106 @@
+#!/bin/bash
+
+# SPDX-License-Identifier: MIT
+
+RED='\033[0;31m'
+LIGHT_RED='\033[1;31m'
+LIGHT_GREEN='\033[1;32m'
+BROWN='\033[0;33m'
+NC='\033[0m' # No Color
+
+
+#
+# apply spdx template to given file type
+# param 1: fileending (e.g "yaml")
+# param 2: template filename, will use templates inside sechub-other/spdx/template/$filename
+function applySPDXonFirstLine {
+    fileEnding=$1
+    spxTemplate=$2
+
+    echo -e "${LIGHT_GREEN}$Scanning '*.$fileEnding' files${NC}"
+    find -iname \*.$fileEnding | while read file ; do
+        if [[ -d $file ]]; then
+            echo -e "${BROWN}$file${NC} - ${LIGHT_GREEN}ignored because directory.${NC}"
+        elif ! grep -q SPDX-License $file
+        then
+            echo -e "${BROWN}$file${NC} - ${LIGHT_GREEN}appending copyright.${NC}"
+            cat sechub-other/spdx/template/$spxTemplate $file >$file.new && mv $file.new $file
+        fi
+
+    done
+}
+
+function infoAboutManualParts {
+    echo -e "${LIGHT_GREEN}Manual parts:${NC}"
+    echo -e "${BROWN}- Bash files must be handled manual${NC}"
+    echo "Reason?"
+    echo "        This must be done in second line because of the #! string"
+    echo "        Because apply-copyright-info.sh itself is a bash script and"
+    echo "        also having only a small amount of bash scripts, we do not"
+    echo "        automate this, so developers must add spdx info manually."
+    echo "Why second line?"
+    echo "        This is the exact way done by linux kernel project and so a good "
+    echo "        approach, see https://lwn.net/Articles/739183/ :"
+    echo -e "${BROWN}        \"... For kernel source files, the decision was made that the SPDX tag"
+    echo -e "         should appear as the first line in the file (or the second line for"
+    echo -e "         scripts where the first line must be the #! string)...\"${NC}"
+
+}
+
+function infoAboutIgnoredParts {
+    echo -e "${LIGHT_GREEN}Ignored parts:${NC}"
+    echo -e "${BROWN}- json files must be ignored${NC}"
+    echo "Reason?"
+    echo -e "       ${LIGHT_RED}Comments are not part of official syntax${NC}, see https://www.json.org/json-en.html"
+    echo "       So many tools and libraries often have problems with javascript comments"
+    echo "       inside JSON. Having declared MIT license also everybody is allowed to remove"
+    echo "       an SPDX enry without licence conflict ... so we decided to add no spdx"
+    echo "       entries in json files."
+
+}
+
+function startAutoApply {
+
+    applySPDXonFirstLine "java" "spdx_template_doubleslash.txt"
+    applySPDXonFirstLine "groovy" "spdx_template_doubleslash.txt"
+    applySPDXonFirstLine "gradle" "spdx_template_doubleslash.txt"
+    applySPDXonFirstLine "go" "spdx_template_doubleslash.txt"
+    applySPDXonFirstLine "adoc" "spdx_template_doubleslash.txt"
+
+    # for plantuml we assume these files are starting with a @startuml
+    # so we add as first enry the //
+    # if there is a need to change this in a file where no @startuml is
+    # used, change manual to ' at the beginning and commit change manually
+    applySPDXonFirstLine "puml" "spdx_template_doubleslash.txt"
+    applySPDXonFirstLine "plantuml" "spdx_template_doubleslash.txt"
+
+    applySPDXonFirstLine "properties" "spdx_template_hash.txt"
+
+    applySPDXonFirstLine "yaml" "spdx_template_hash.txt"
+    applySPDXonFirstLine "yml" "spdx_template_hash.txt"
+
+    applySPDXonFirstLine "md" "spdx_template_md.txt"
+}
+
+echo "*******************************"
+echo "* Apply copyright information *"
+echo "*******************************"
+echo
+infoAboutManualParts
+infoAboutIgnoredParts
+echo -e "${LIGHT_GREEN}Automated parts:${NC}"
+echo "When you continue next step the automation will start:"
+
+read -n 1 -p "Continue ?(y/n):" continueSelect
+
+echo
+echo "--------------------------------------------"
+echo "Start applying missing copyright information"
+echo "--------------------------------------------"
+echo
+if [ "$continueSelect" == "y" ]; then
+    startAutoApply
+else
+    echo "Canceled"
+fi
+

build-eclipse.gradle

@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: MIT
+/* ============================================================================
+   This file contains the configurations for
+   Eclipse settings
+   ============================================================================
+
+   Included from: "${rootProject.projectDir}/build.gradle"
+   ============================================================================
+ */
+
+	/* ensure eclipse source folders are always created, even when not inside GIT */
+	def eclipseJavaSourceFolders=[
+		'src/main/java',
+		'src/main/resources',
+		'src/test/java',
+		'src/test/resources'
+	];
+
+	subprojects {
+	    if (! projectType.eclipseProjects.contains(project)){
+			return;
+	    }
+
+		apply plugin: 'eclipse'
+
+		if (! projectType.javaProjects.contains(project)){
+			return;
+	    }
+		tasks.eclipse.dependsOn << {
+			    if (projectType.javaProjects.contains(project)){
+        			for (String sourceFolder: eclipseJavaSourceFolders){
+        				def resourceDir = new File(project.projectDir, sourceFolder)
+        				if( !resourceDir.exists() && ! resourceDir.mkdirs() ) {
+        		    		logger.info("Not able to create eclipse resource dir: %1",resourceDir);
+        		    	}
+        			}
+                }
+		}
+
+
+		/* To have javadocs in eclipse added - where no source are available - we need these lines:
+		 * see https://docs.gradle.org/current/dsl/org.gradle.plugins.ide.eclipse.model.EclipseClasspath.html
+		 */
+		eclipse {
+			  classpath {
+				downloadSources = true // default: true
+				downloadJavadoc = true // default: false
+			  }
+
+		}
+
+
+
+		/* setup eclipse with project encoding as UTF-8 (for editors) */
+		eclipseJdt.doLast {
+		  if (projectType.javaProjects.contains(project)){
+    			File f = file('.settings/org.eclipse.core.resources.prefs')
+    			f.write('eclipse.preferences.version=1\n')
+    			f.append('encoding/<project>=utf-8')
+		  }
+		}
+
+}

build-java.gradle

@@ -0,0 +1,80 @@
+// SPDX-License-Identifier: MIT
+/* ============================================================================
+   This file contains the configurations for
+   Java settings
+   ============================================================================
+
+   Included from: "${rootProject.projectDir}/build.gradle"
+   ============================================================================
+ */
+
+if (JavaVersion.current().isJava8Compatible()) {
+  allprojects {
+    tasks.withType(Javadoc) {
+      // turn off doclint
+      options.addStringOption('Xdoclint:none', '-quiet')
+      enabled = false
+    }
+  }
+}
+subprojects{
+
+    if (! projectType.javaProjects.contains(project)){
+		return;
+    }
+
+    apply plugin: 'java'
+
+	/* Setup UTF-8 for compile AND test compilation*/
+	[ compileJava, compileTestJava ]*.options*.encoding = 'UTF-8'
+
+	sourceCompatibility = '1.8'
+	targetCompatibility = '1.8'
+
+
+    def wireMockHttpPortValue = 8180;
+    def wireMockHttpsPortValue = 8143;
+
+	/* Per default GRADLE stops the build if one single test fails. We want to have all tests executed. */
+    test {
+        ignoreFailures = true
+
+        def wireMockHttpPortProperty="sechub.test.wiremock.http_port";
+        if ( project.hasProperty(wireMockHttpPortProperty)){
+            wireMockHttpPortValue = project.getProperty(wireMockHttpPortProperty)
+        }
+        def wireMockHttpsPortProperty="sechub.test.wiremock.https_port";
+        if ( project.hasProperty(wireMockHttpsPortProperty)){
+            wireMockHttpsPortValue = project.getProperty(wireMockHttpsPortProperty)
+        }
+
+        environment 'SECHUB_TEST_WIREMOCK_HTTP_PORT', "$wireMockHttpPortValue"
+        environment 'SECHUB_TEST_WIREMOCK_HTTPS_PORT', "$wireMockHttpsPortValue"
+
+    }
+
+	/**
+	 * Task to create source jars
+	 */
+	task sourcesJar(type: Jar, dependsOn:classes) {
+		classifier = 'sources'
+		from sourceSets.main.allSource
+	}
+
+    /**
+	 * Task to create javadoc jars
+	 */
+	task javadocJar(type: Jar, dependsOn:javadoc) {
+		classifier = 'javadoc'
+		from javadoc.destinationDir
+	}
+
+	/**
+	 * Define artifacts
+	 */
+	artifacts {
+		archives sourcesJar
+		archives javadocJar
+	}
+
+}