Merge branch 'develop' into feature-2562-fix-buildDoc-script

mercedes-benz · Oct 25, 2023 · ee679ad · ee679ad
2 parents 70d6467 + 43af9ea
commit ee679ad
Show file tree

Hide file tree

Showing 75 changed files with 4,630 additions and 795 deletions.
diff --git a/sechub-api-java/build.gradle b/sechub-api-java/build.gradle
@@ -20,6 +20,7 @@ dependencies {
     testImplementation spring_boot_dependency.junit_jupiter
     testImplementation library.apache_commons_io
     testImplementation library.mockito_inline
+    testImplementation library.wiremock
 }
 
 /*

diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/AbstractSecHubClient.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/AbstractSecHubClient.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.api;
 
 import java.net.URI;
@@ -18,8 +19,14 @@ public abstract class AbstractSecHubClient implements SecHubClient {
 
     private Set<SecHubClientListener> secHubClientListeners;
 
-    public AbstractSecHubClient() {
-        secHubClientListeners = new LinkedHashSet<>();
+    public AbstractSecHubClient(URI serverUri, String username, String apiToken, boolean trustAll) {
+        this.serverUri = serverUri;
+        this.trustAll = trustAll;
+
+        this.secHubClientListeners = new LinkedHashSet<>();
+
+        setUsername(username);
+        setApiToken(apiToken);
     }
 
     public void setUsername(String username) {
@@ -30,14 +37,6 @@ public void setApiToken(String apiToken) {
         this.sealedApiToken = apiTokenAccess.seal(apiToken);
     }
 
-    public void setServerUri(URI serverUri) {
-        this.serverUri = serverUri;
-    }
-
-    public void setTrustAll(boolean trustAll) {
-        this.trustAll = trustAll;
-    }
-
     @Override
     public boolean isTrustAll() {
         return trustAll;

diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/DefaultSecHubClient.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/DefaultSecHubClient.java
@@ -70,10 +70,7 @@ public DefaultSecHubClient(URI serverUri, String username, String apiToken) {
     }
 
     public DefaultSecHubClient(URI serverUri, String username, String apiToken, boolean trustAll) {
-        setUsername(username);
-        setApiToken(apiToken);
-        setServerUri(serverUri);
-        setTrustAll(trustAll);
+        super(serverUri, username, apiToken, trustAll);
 
         apiClient = new ApiClientBuilder().createApiClient(this, mapper);
 
@@ -442,27 +439,21 @@ public void approveJob(String projectId, UUID jobUUID) throws SecHubClientExcept
     private void runOrFail(RunOrFail<ApiException> failable, String failureMessage) throws SecHubClientException {
         try {
             failable.runOrFail();
-        } catch (ApiException e) {
+        } catch (Exception e) {
             throw createClientException(failureMessage, e);
         }
     }
 
-    private SecHubClientException createClientException(String message, Exception cause) throws SecHubClientException {
-        return new SecHubClientException(message + " - " + cause.getMessage(), cause);
-    }
-
     private <T> T runOrFail(Callable<T> callable, String failureMessage) throws SecHubClientException {
         try {
             return callable.call();
-        } catch (ApiException e) {
-            throw createClientException(failureMessage, e);
         } catch (Exception e) {
-            if (e instanceof RuntimeException) {
-                RuntimeException re = (RuntimeException) e;
-                throw re;
-            }
-            throw new IllegalStateException("Unhandled exception - should not happen", e);
+            throw createClientException(failureMessage, e);
         }
     }
 
+    private SecHubClientException createClientException(String message, Exception cause) throws SecHubClientException {
+        return new SecHubClientException(message + " - " + cause.getMessage(), cause);
+    }
+
 }
diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/ExecutionProfile.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/ExecutionProfile.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.api;
 
 import java.util.HashSet;

diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/Job.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/Job.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.api;
 
 import java.util.UUID;

diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/MockedSecHubClient.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/MockedSecHubClient.java
@@ -1,5 +1,7 @@
+// SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.api;
 
+import java.net.URI;
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -33,6 +35,7 @@ public class MockedSecHubClient extends AbstractSecHubClient {
     private Set<String> userToProjectAssignments = new HashSet<>();
 
     public MockedSecHubClient() {
+        super(URI.create("https://localhost/mocked-sechub"), "mockuser", "pseudo-token", true);
         mockDataAccess = new MockDataAccess();
     }
 

diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/SecHubClient.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/SecHubClient.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.api;
 
 import java.net.URI;

diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/User.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/User.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.api;
 
 public class User {

diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/ApiClientBuilder.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/internal/ApiClientBuilder.java
@@ -1,15 +1,18 @@
 // SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.api.internal;
 
+import java.net.Socket;
 import java.net.http.HttpClient;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.Base64;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.mercedesbenz.sechub.api.SecHubClient;
@@ -18,36 +21,30 @@
 public class ApiClientBuilder {
 
     public ApiClient createApiClient(SecHubClient client, ObjectMapper mapper) {
-        HttpClient.Builder builder = HttpClient.newBuilder().authenticator(new SecHubClientAuthenticator(client));
+        HttpClient.Builder builder = HttpClient.newBuilder();
         if (client.isTrustAll()) {
             builder.sslContext(createTrustAllSSLContext());
         }
+
         ApiClient apiClient = new ApiClient(builder, mapper, client.getServerUri().toString());
+        apiClient.setRequestInterceptor((request) -> {
+            request.setHeader("Authorization", createBasicAuthenticationHeader(client));
+        });
         return apiClient;
 
     }
 
+    private static final String createBasicAuthenticationHeader(SecHubClient client) {
+        String valueToEncode = client.getUsername() + ":" + client.getSealedApiToken();
+        return "Basic " + Base64.getEncoder().encodeToString(valueToEncode.getBytes());
+    }
+
     private SSLContext createTrustAllSSLContext() {
         SSLContext sslContext = null;
         try {
             sslContext = SSLContext.getInstance("TLS");
 
-            TrustManager trustManager = new X509TrustManager() {
-
-                private X509Certificate[] emptyCertificatesArray = new X509Certificate[] {};
-
-                public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-                    /* we do not check the client - we trust all */
-                }
-
-                public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-                    /* we do not check the server - we trust all */
-                }
-
-                public X509Certificate[] getAcceptedIssuers() {
-                    return emptyCertificatesArray;
-                }
-            };
+            TrustManager trustManager = new TrustAllManager();
 
             sslContext.init(null, new TrustManager[] { trustManager }, null);
 
@@ -57,4 +54,42 @@ public X509Certificate[] getAcceptedIssuers() {
         }
 
     }
+
+    private class TrustAllManager extends X509ExtendedTrustManager {
+
+        private X509Certificate[] emptyCertificatesArray = new X509Certificate[] {};
+
+        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+            /* we do not check - we trust all */
+        }
+
+        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+            /* we do not check - we trust all */
+        }
+
+        public X509Certificate[] getAcceptedIssuers() {
+            return emptyCertificatesArray;
+        }
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
+            /* we do not check - we trust all */
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
+            /* we do not check - we trust all */
+        }
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
+            /* we do not check - we trust all */
+
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
+            /* we do not check - we trust all */
+        }
+    };
 }
diff --git a/...pi-java/src/main/java/com/mercedesbenz/sechub/api/internal/SecHubClientAuthenticator.java b/...pi-java/src/main/java/com/mercedesbenz/sechub/api/internal/SecHubClientAuthenticator.java
diff --git a/...b-api-java/src/test/java/com/mercedesbenz/sechub/api/DefaultSechubClientWireMockTest.java b/...b-api-java/src/test/java/com/mercedesbenz/sechub/api/DefaultSechubClientWireMockTest.java
@@ -0,0 +1,102 @@
+// SPDX-License-Identifier: MIT
+package com.mercedesbenz.sechub.api;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.*;
+import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.*;
+import static org.junit.Assert.*;
+
+import java.net.URI;
+
+import org.junit.Rule;
+import org.junit.Test;
+
+import com.github.tomakehurst.wiremock.junit.WireMockRule;
+import com.mercedesbenz.sechub.test.TestPortProvider;
+
+import wiremock.org.apache.http.HttpStatus;
+
+/**
+ * Junit 4 test because of missing official WireMock Junit5 extension - so we
+ * use WireMock Rule and Junit4.
+ *
+ * @author Albert Tregnaghi
+ *
+ */
+public class DefaultSechubClientWireMockTest {
+
+    private static final String EXAMPLE_TOKEN = "example-token";
+
+    private static final String EXAMPLE_USER = "example-user";
+    private static final String APPLICATION_JSON = "application/json";
+
+    private static final int HTTPS_PORT = TestPortProvider.DEFAULT_INSTANCE.getWireMockTestHTTPSPort();
+
+    private static final int HTTP_PORT = TestPortProvider.DEFAULT_INSTANCE.getWireMockTestHTTPPort();
+
+    @Rule
+    public WireMockRule wireMockRule = new WireMockRule(wireMockConfig().port(HTTP_PORT).httpsPort(HTTPS_PORT));
+
+    @Test
+    public void fetch_sechub_status_with_basic_auth() throws Exception {
+
+        /* prepare */
+        String statusBody = """
+                [ {
+                  "key" : "status.scheduler.enabled",
+                  "value" : "true"
+                }, {
+                  "key" : "status.scheduler.jobs.all",
+                  "value" : "2"
+                } ]
+                """;
+        stubFor(get(urlEqualTo("/api/admin/status")).withBasicAuth(EXAMPLE_USER, EXAMPLE_TOKEN)
+                .willReturn(aResponse().withStatus(HttpStatus.SC_OK).withHeader("Content-Type", APPLICATION_JSON).withBody(statusBody)));
+
+        DefaultSecHubClient client = createTestClientWithExampleCredentials();
+
+        /* execute */
+        SecHubStatus status = client.fetchSecHubStatus();
+
+        /* test */
+        verify(getRequestedFor(urlEqualTo("/api/admin/status")));
+        assertNotNull(status);
+        assertEquals("true", status.getStatusInformationMap().get("status.scheduler.enabled"));
+        assertEquals("2", status.getStatusInformationMap().get("status.scheduler.jobs.all"));
+
+    }
+
+    @Test
+    public void credential_changes_on_client_after_creation_are_possible() throws Exception {
+
+        /* prepare */
+        String statusBody = """
+                [ {
+                  "key" : "status.scheduler.enabled",
+                  "value" : "false"
+                }, {
+                  "key" : "status.scheduler.jobs.all",
+                  "value" : "0"
+                } ]
+                """;
+        stubFor(get(urlEqualTo("/api/admin/status")).withBasicAuth("other-user", "other-token")
+                .willReturn(aResponse().withStatus(HttpStatus.SC_OK).withHeader("Content-Type", APPLICATION_JSON).withBody(statusBody)));
+
+        DefaultSecHubClient client = createTestClientWithExampleCredentials();
+
+        /* execute */
+        client.setApiToken("other-token");
+        client.setUsername("other-user");
+
+        /* test */
+        SecHubStatus status = client.fetchSecHubStatus();
+        verify(getRequestedFor(urlEqualTo("/api/admin/status")));
+
+        assertEquals("false", status.getStatusInformationMap().get("status.scheduler.enabled"));
+        assertEquals("0", status.getStatusInformationMap().get("status.scheduler.jobs.all"));
+    }
+
+    private DefaultSecHubClient createTestClientWithExampleCredentials() {
+        DefaultSecHubClient client = new DefaultSecHubClient(URI.create(wireMockRule.baseUrl()), EXAMPLE_USER, EXAMPLE_TOKEN, true);
+        return client;
+    }
+}
diff --git a/sechub-api-java/src/test/java/com/mercedesbenz/sechub/api/MockedSecHubClientTest.java b/sechub-api-java/src/test/java/com/mercedesbenz/sechub/api/MockedSecHubClientTest.java
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: MIT
 package com.mercedesbenz.sechub.api;
 
 import static org.junit.jupiter.api.Assertions.*;

diff --git a/...commons-archive/src/main/java/com/mercedesbenz/sechub/commons/archive/ArchiveSupport.java b/...commons-archive/src/main/java/com/mercedesbenz/sechub/commons/archive/ArchiveSupport.java
@@ -168,6 +168,7 @@ private File createArchive(ArchiveType archiveType, SecHubConfigurationModel con
                 @SuppressWarnings("resource")
                 TarArchiveOutputStream tarOutputStream = (TarArchiveOutputStream) outputStream;
                 tarOutputStream.setLongFileMode(TarArchiveOutputStream.LONGFILE_POSIX);
+                tarOutputStream.setBigNumberMode(TarArchiveOutputStream.BIGNUMBER_POSIX);
             }
 
             Map<String, CreationPathContext> uniqueNameToPaths = creationContext.getUniqueToPathsMap();

diff --git a/...n/java/com/mercedesbenz/sechub/commons/model/SecHubConfigurationModelValidationError.java b/...n/java/com/mercedesbenz/sechub/commons/model/SecHubConfigurationModelValidationError.java
@@ -29,6 +29,10 @@ public enum SecHubConfigurationModelValidationError {
 
     WEB_SCAN_NO_HEADER_VALUE_DEFINED("The value for a HTTP header is not defined!"),
 
+    WEB_SCAN_INCLUDE_INVALID("The value of an include is invalid!"),
+
+    WEB_SCAN_EXCLUDE_INVALID("The value of an exclude is invalid!"),
+
     WEB_SCAN_HTTP_HEADER_ONLY_FOR_URL_IS_NOT_A_VALID_URL("The URL for a HTTP header is not a valid URL!"),
 
     WEB_SCAN_HTTP_HEADER_ONLY_FOR_URL_DOES_NOT_CONTAIN_TARGET_URL("The URL for a HTTP header does not contain the base URL that shall be scanned!"),