Feature 3141 implement first version of secret validator application #3280
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
winzj
commented
Jul 8, 2024
winzj
commented
- closes Implement first version of a spring application that helps to categorize and verify secretscan results #3141
- closes Sereco SarifV1Importer shall be able to import SARIF PropertyBag from Secret Scans #3276
- basic structure and first version of config model - validation section - categorization section - unit tests and spring boot tests - README with documentation
…ties #3276 - extend workaround classes with te ability to resolve secret validation wrapper custom severities - add necessary changes to SarifV1JSONImporter and added test cases with test report files
de-jcup
requested changes
Jul 15, 2024
There was a problem hiding this comment.
Good work, but I found some things to discuss.
Additionally: Even when we have no pds solution currently for the validation, we still could write an an integration test by enhancing existing secrect scan integration test (which just returns a sarif result) and call here the wrapper application from build folder (when a variant is set). So we could check this works together with SecHub at all.
...java/com/mercedesbenz/sechub/wrapper/secret/validator/cli/SecretValidatorSpringBootTest.java
Outdated
Show resolved
Hide resolved
...om/mercedesbenz/sechub/wrapper/secret/validator/execution/ResponseValidationServiceTest.java
Outdated
Show resolved
Hide resolved
...a/com/mercedesbenz/sechub/wrapper/secret/validator/properties/SecretValidatorProperties.java
Outdated
Show resolved
Hide resolved
...m/mercedesbenz/sechub/wrapper/secret/validator/support/SecretValidatorHttpClientFactory.java
Show resolved
Hide resolved
...java/com/mercedesbenz/sechub/wrapper/secret/validator/cli/SecretValidatorSpringBootTest.java
Outdated
Show resolved
Hide resolved
...nz/sechub/wrapper/secret/validator/execution/SecretValidatorExecutionContextFactoryTest.java
Outdated
Show resolved
Hide resolved
...desbenz/sechub/wrapper/secret/validator/model/SecretValidatorConfigurationModelListTest.java
Outdated
Show resolved
Hide resolved
- fix typos - improve documentation - change sereco Sarif import to use enum instead of strings - simplify response validation service and add unit test - refactor categorization with better readability - split execution service into multiple methods - split validation web request service into multiple methods - improve spring boot with custom assert method - improve setters for list fields of configuration model - improve readability of execution context factory test
…ecret-validator-application
- fix naming of sarif custom property key - add integrationtest profile to secret validator wrapper application and implement another validation module that is only available with the integrationtest profile. This module does not perform real web requests - extend existing integrationtest with a call to the secret validator wrapper application by using the the gitleaks.sh from the pds gitleaks
de-jcup
requested changes
Aug 5, 2024
...n/java/com/mercedesbenz/sechub/wrapper/secret/validator/execution/SecretValidationModul.java
Outdated
Show resolved
Hide resolved
.../mercedesbenz/sechub/wrapper/secret/validator/execution/SecretValidatorExecutionService.java
Outdated
Show resolved
Hide resolved
...mercedesbenz/sechub/wrapper/secret/validator/execution/SecretValidatorWebRequestService.java
Outdated
Show resolved
Hide resolved
...java/com/mercedesbenz/sechub/wrapper/secret/validator/cli/SecretValidatorSpringBootTest.java
Outdated
Show resolved
Hide resolved
- rename module to better fitting name service - rename tests - minor changes and typo fixes
de-jcup
approved these changes
Aug 5, 2024
winzj
deleted the
feature-3141-implement-first-version-of-secret-validator-application
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.