From 08e068725587587d8fbde1c5b8bc94b56c804b60 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Fri, 16 Aug 2019 17:56:06 +0200 Subject: [PATCH 01/12] Fix version to resolve build warning --- scb-persistenceproviders/s3-persistenceprovider/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scb-persistenceproviders/s3-persistenceprovider/pom.xml b/scb-persistenceproviders/s3-persistenceprovider/pom.xml index b228bd9c..b3a1182d 100644 --- a/scb-persistenceproviders/s3-persistenceprovider/pom.xml +++ b/scb-persistenceproviders/s3-persistenceprovider/pom.xml @@ -66,7 +66,7 @@ commons-io commons-io - RELEASE + 2.6 From b3127d5b9a6508b346be58c4d4d2aab85c3fa721 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Fri, 16 Aug 2019 17:57:29 +0200 Subject: [PATCH 02/12] Add startedAt, endedAt and duration to the SecurityTest and Execution Model --- .../DefaultScanProcessExecution.java | 51 ++++++++++++++++--- .../engine/service/SecurityTestService.java | 3 +- .../model/execution/ScanProcessExecution.java | 11 ++++ .../model/securitytest/SecurityTest.java | 47 +++++++++++++++++ 4 files changed, 104 insertions(+), 8 deletions(-) diff --git a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java index ce6be858..6424946d 100644 --- a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java +++ b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java @@ -20,25 +20,26 @@ package io.securecodebox.engine.execution; import com.fasterxml.jackson.annotation.JsonIgnore; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; import io.securecodebox.constants.DefaultFields; -import io.securecodebox.model.rest.Report; import io.securecodebox.model.execution.ScanProcessExecution; import io.securecodebox.model.execution.Scanner; import io.securecodebox.model.execution.Target; import io.securecodebox.model.findings.Finding; import io.securecodebox.scanprocess.ProcessVariableHelper; -import java.util.Map; import org.camunda.bpm.engine.delegate.DelegateExecution; +import org.camunda.bpm.engine.history.HistoricProcessInstance; +import org.camunda.bpm.engine.runtime.ProcessInstance; import org.camunda.bpm.engine.variable.value.BooleanValue; import org.camunda.bpm.engine.variable.value.StringValue; import org.springframework.beans.factory.annotation.Configurable; import org.springframework.util.StringUtils; import java.util.Collections; +import java.util.Date; import java.util.LinkedList; import java.util.List; +import java.util.Map; +import java.util.Optional; import java.util.UUID; /** @@ -166,7 +167,7 @@ public boolean isAutomated() { } @Override - public String getScannerType(){ + public String getScannerType() { return (String) execution.getVariable(DefaultFields.PROCESS_SCANNER_TYPE.name()); } @@ -175,7 +176,7 @@ public String getScannerType(){ * Same as the Name of the securityTest. e.g. nmap */ @Override - public String getName(){ + public String getName() { return (String) execution.getVariable(DefaultFields.PROCESS_NAME.name()); } @@ -189,7 +190,43 @@ public void setName(String name) { } @Override - public Map getMetaData(){ + public Map getMetaData() { return (Map) execution.getVariable(DefaultFields.PROCESS_META_DATA.name()); } + + + @JsonIgnore + private Optional getHistoricProcessInstance(){ + return execution.getProcessEngineServices() + .getHistoryService() + .createHistoricProcessInstanceQuery() + .processInstanceId(execution.getProcessInstanceId()) + .list() + .stream() + .findFirst(); + } + + @Override + public Date getStartDate(){ + return getHistoricProcessInstance() + .orElseThrow(() -> new RuntimeException("Failed to finding process")) + .getStartTime(); + } + + @Override + public Optional getEndDate(){ + return Optional.ofNullable( + getHistoricProcessInstance() + .orElseThrow(() -> new RuntimeException("Failed to finding process")) + .getEndTime() + ); + } + + @Override + public Long getDurationInMilliSeconds() { + Date startTime = getStartDate(); + Date endTime = getEndDate().orElseGet(Date::new); + + return endTime.getTime() - startTime.getTime(); + } } diff --git a/scb-engine/src/main/java/io/securecodebox/engine/service/SecurityTestService.java b/scb-engine/src/main/java/io/securecodebox/engine/service/SecurityTestService.java index 37424a15..cc5d21e0 100644 --- a/scb-engine/src/main/java/io/securecodebox/engine/service/SecurityTestService.java +++ b/scb-engine/src/main/java/io/securecodebox/engine/service/SecurityTestService.java @@ -39,6 +39,7 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.UUID; import java.util.function.Function; import java.util.stream.Collectors; @@ -143,7 +144,7 @@ public SecurityTest getCompletedSecurityTest(UUID id) throws SecurityTestNotFoun List targets = getListValue(variables, DefaultFields.PROCESS_TARGETS, Target.class); Map metaData = (Map) variables.get(DefaultFields.PROCESS_META_DATA.name()).getValue(); - return new SecurityTest(id, context, name, targets.get(0), report, metaData, tenant); + return new SecurityTest(id, context, name, targets.get(0), report, metaData, tenant, process.getStartTime(), Optional.ofNullable(process.getEndTime())); } private List getListValue(Map variables, DefaultFields name, Class type) { diff --git a/scb-sdk/src/main/java/io/securecodebox/model/execution/ScanProcessExecution.java b/scb-sdk/src/main/java/io/securecodebox/model/execution/ScanProcessExecution.java index ed1848b7..79b914bc 100644 --- a/scb-sdk/src/main/java/io/securecodebox/model/execution/ScanProcessExecution.java +++ b/scb-sdk/src/main/java/io/securecodebox/model/execution/ScanProcessExecution.java @@ -25,8 +25,10 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import io.securecodebox.model.findings.Finding; +import java.util.Date; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.UUID; /** @@ -109,4 +111,13 @@ public interface ScanProcessExecution { @JsonProperty("name") void setName(String name); + + @JsonProperty("durationInMilliSeconds") + Long getDurationInMilliSeconds(); + + @JsonProperty("startDate") + Date getStartDate(); + + @JsonProperty("endDate") + Optional getEndDate(); } diff --git a/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java b/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java index c6f159d6..9b4ff588 100644 --- a/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java +++ b/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java @@ -24,7 +24,9 @@ import io.securecodebox.model.rest.Report; import io.swagger.annotations.ApiModelProperty; +import java.util.Date; import java.util.Map; +import java.util.Optional; import java.util.UUID; public class SecurityTest extends AbstractSecurityTest { @@ -41,6 +43,10 @@ public SecurityTest(UUID id, String context, String name, Target target, Report } public SecurityTest(UUID id, String context, String name, Target target, Report report, Map metaData, String tenant) { + this(id, context, name, target, report, metaData, tenant, null, Optional.empty()); + } + + public SecurityTest(UUID id, String context, String name, Target target, Report report, Map metaData, String tenant, Date startedAt, Optional endedAt) { this.id = id; this.context = context; this.name = name; @@ -48,6 +54,8 @@ public SecurityTest(UUID id, String context, String name, Target target, Report this.report = report; this.tenant = tenant; this.setMetaData(metaData); + this.startedAt = startedAt; + this.endedAt = endedAt; } public SecurityTest(ScanProcessExecution execution){ @@ -61,6 +69,8 @@ public SecurityTest(ScanProcessExecution execution){ this.target = execution.getTargets().get(0); } this.report = new Report(execution); + this.startedAt = execution.getStartDate(); + this.endedAt = execution.getEndDate(); } public Report getReport() { @@ -87,4 +97,41 @@ public void setId(UUID id) { public boolean isFinished(){ return this.report != null; } + + @JsonProperty("durationInMilliSeconds") + @ApiModelProperty( + value = "Shows the current runtime duration or the time to completion in milli seconds.", + example = "42" + ) + public Long getDurationInMilliSeconds() { + return endedAt.orElseGet(Date::new).getTime() - startedAt.getTime(); + } + + @JsonProperty("startedAt") + @ApiModelProperty( + value = "Timestamp of when the security test was started.", + example = "42" + ) + Date startedAt; + public Date startedAt() { + return startedAt; + } + + public void setStartedAt(Date startedAt) { + this.startedAt = startedAt; + } + + @JsonProperty("endedAt") + @ApiModelProperty( + value = "Timestamp of when the security test was ended. Null if still running, see finished attributes", + example = "42" + ) + Optional endedAt; + public Optional getEndedAt() { + return endedAt; + } + + public void setEndedAt(Optional endedAt) { + this.endedAt = endedAt; + } } From f4947277e8a27df1888c557c60b10a180fe48add Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Fri, 16 Aug 2019 18:03:03 +0200 Subject: [PATCH 03/12] Add null check --- .../java/io/securecodebox/model/securitytest/SecurityTest.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java b/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java index 9b4ff588..203857f7 100644 --- a/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java +++ b/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java @@ -104,6 +104,9 @@ public boolean isFinished(){ example = "42" ) public Long getDurationInMilliSeconds() { + if(startedAt == null){ + return null; + } return endedAt.orElseGet(Date::new).getTime() - startedAt.getTime(); } From ebdcbea5a7247b075f774a056a283a3adebdfdc2 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Fri, 16 Aug 2019 18:09:07 +0200 Subject: [PATCH 04/12] Add null check --- .../engine/execution/DefaultScanProcessExecution.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java index 6424946d..5201f259 100644 --- a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java +++ b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java @@ -225,8 +225,11 @@ public Optional getEndDate(){ @Override public Long getDurationInMilliSeconds() { Date startTime = getStartDate(); - Date endTime = getEndDate().orElseGet(Date::new); - return endTime.getTime() - startTime.getTime(); + if(startTime == null){ + return null; + } + + return getEndDate().orElseGet(Date::new).getTime() - startTime.getTime(); } } From d59046621b5c31bbef53b76689fff18e218e0204 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 4 Sep 2019 15:27:15 +0200 Subject: [PATCH 05/12] Debugging tests --- .../DefaultScanProcessExecution.java | 27 +++------ .../engine/service/ExecutionTimeService.java | 40 +++++++++++++ .../DefaultScanProcessExecutionTest.java | 56 ++++++++++--------- 3 files changed, 78 insertions(+), 45 deletions(-) create mode 100644 scb-engine/src/main/java/io/securecodebox/engine/service/ExecutionTimeService.java diff --git a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java index 5201f259..a295cf5e 100644 --- a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java +++ b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java @@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonIgnore; import io.securecodebox.constants.DefaultFields; +import io.securecodebox.engine.service.ExecutionTimeService; import io.securecodebox.model.execution.ScanProcessExecution; import io.securecodebox.model.execution.Scanner; import io.securecodebox.model.execution.Target; @@ -31,6 +32,7 @@ import org.camunda.bpm.engine.runtime.ProcessInstance; import org.camunda.bpm.engine.variable.value.BooleanValue; import org.camunda.bpm.engine.variable.value.StringValue; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Configurable; import org.springframework.util.StringUtils; @@ -52,6 +54,9 @@ public class DefaultScanProcessExecution implements ScanProcessExecution { @JsonIgnore protected DelegateExecution execution; + @JsonIgnore + public ExecutionTimeService executionTimeService; + public DefaultScanProcessExecution(DelegateExecution execution) { this.execution = execution; } @@ -194,32 +199,14 @@ public Map getMetaData() { return (Map) execution.getVariable(DefaultFields.PROCESS_META_DATA.name()); } - - @JsonIgnore - private Optional getHistoricProcessInstance(){ - return execution.getProcessEngineServices() - .getHistoryService() - .createHistoricProcessInstanceQuery() - .processInstanceId(execution.getProcessInstanceId()) - .list() - .stream() - .findFirst(); - } - @Override public Date getStartDate(){ - return getHistoricProcessInstance() - .orElseThrow(() -> new RuntimeException("Failed to finding process")) - .getStartTime(); + return executionTimeService.getStartDate(); } @Override public Optional getEndDate(){ - return Optional.ofNullable( - getHistoricProcessInstance() - .orElseThrow(() -> new RuntimeException("Failed to finding process")) - .getEndTime() - ); + return executionTimeService.getEndDate(); } @Override diff --git a/scb-engine/src/main/java/io/securecodebox/engine/service/ExecutionTimeService.java b/scb-engine/src/main/java/io/securecodebox/engine/service/ExecutionTimeService.java new file mode 100644 index 00000000..60b7ca34 --- /dev/null +++ b/scb-engine/src/main/java/io/securecodebox/engine/service/ExecutionTimeService.java @@ -0,0 +1,40 @@ +package io.securecodebox.engine.service; + +import org.camunda.bpm.engine.delegate.DelegateExecution; +import org.camunda.bpm.engine.history.HistoricProcessInstance; + +import java.util.Date; +import java.util.Optional; + +public class ExecutionTimeService { + + DelegateExecution execution; + + public ExecutionTimeService(DelegateExecution execution){ + this.execution = execution; + } + + private Optional getHistoricProcessInstance(){ + return execution.getProcessEngineServices() + .getHistoryService() + .createHistoricProcessInstanceQuery() + .processInstanceId(execution.getProcessInstanceId()) + .list() + .stream() + .findFirst(); + } + + public Date getStartDate(){ + return getHistoricProcessInstance() + .orElseThrow(() -> new RuntimeException("Failed to finding process")) + .getStartTime(); + } + + public Optional getEndDate(){ + return Optional.ofNullable( + getHistoricProcessInstance() + .orElseThrow(() -> new RuntimeException("Failed to finding process")) + .getEndTime() + ); + } +} diff --git a/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java b/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java index 49208255..7de058ea 100644 --- a/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java +++ b/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java @@ -22,6 +22,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import io.securecodebox.TestHelper; import io.securecodebox.constants.DefaultFields; +import io.securecodebox.engine.service.ExecutionTimeService; import io.securecodebox.model.execution.ScanProcessExecution; import io.securecodebox.model.execution.ScanProcessExecutionFactory; import io.securecodebox.model.findings.OsiLayer; @@ -35,19 +36,18 @@ import org.mockito.Mockito; import org.mockito.MockitoAnnotations; import org.mockito.stubbing.Answer; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.util.ReflectionTestUtils; +import java.util.Date; +import java.util.Optional; import java.util.UUID; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyString; import static org.mockito.Matchers.eq; -import static org.mockito.Mockito.atLeastOnce; -import static org.mockito.Mockito.doAnswer; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.when; +import static org.mockito.Mockito.*; /** * @author Rüdiger Heins - iteratec GmbH @@ -66,29 +66,35 @@ public class DefaultScanProcessExecutionTest { @Mock ScanProcessExecutionFactory processExecutionFactory; @Mock - DelegateExecution executionMock; + DelegateExecution execution; + @Mock + ExecutionTimeService executionTimeService; DefaultScanProcessExecution underTest; @Before public void setUp() { MockitoAnnotations.initMocks(this); - underTest = new DefaultScanProcessExecution(executionMock); + underTest = new DefaultScanProcessExecution(execution); + + when(executionTimeService.getStartDate()).thenReturn(new Date(2019, 4, 3)); + when(executionTimeService.getEndDate()).thenReturn(Optional.of(new Date(2019, 4, 3))); + underTest.executionTimeService = executionTimeService; - when(processExecutionFactory.get(executionMock)).thenReturn(underTest); - when(executionMock.hasVariable(eq(DefaultFields.PROCESS_FINDINGS.name()))).thenReturn(true); - when(executionMock.getVariable(eq(DefaultFields.PROCESS_FINDINGS.name()))).thenAnswer((answer) -> findingCache); + when(processExecutionFactory.get(execution)).thenReturn(underTest); + when(execution.hasVariable(eq(DefaultFields.PROCESS_FINDINGS.name()))).thenReturn(true); + when(execution.getVariable(eq(DefaultFields.PROCESS_FINDINGS.name()))).thenAnswer((answer) -> findingCache); doAnswer((Answer) invocation -> { findingCache = (String) ((ObjectValueImpl)invocation.getArgument(1)).getValue(); return Void.TYPE; - }).when(executionMock).setVariable(eq(DefaultFields.PROCESS_FINDINGS.name()), any()); + }).when(execution).setVariable(eq(DefaultFields.PROCESS_FINDINGS.name()), any()); - when(executionMock.hasVariable(eq(DefaultFields.PROCESS_TARGETS.name()))).thenReturn(true); - when(executionMock.getVariable(eq(DefaultFields.PROCESS_TARGETS.name()))).thenAnswer((answer) -> targetCache); + when(execution.hasVariable(eq(DefaultFields.PROCESS_TARGETS.name()))).thenReturn(true); + when(execution.getVariable(eq(DefaultFields.PROCESS_TARGETS.name()))).thenAnswer((answer) -> targetCache); doAnswer((Answer) invocation -> { targetCache = (String) ((ObjectValueImpl)invocation.getArgument(1)).getValue(); return Void.TYPE; - }).when(executionMock).setVariable(eq(DefaultFields.PROCESS_TARGETS.name()), any()); + }).when(execution).setVariable(eq(DefaultFields.PROCESS_TARGETS.name()), any()); } @Test @@ -126,9 +132,9 @@ public void testAppendAndClearFindings() throws Exception { underTest.appendFinding(TestHelper.createBasicFinding(finding1Id)); underTest.appendFinding(TestHelper.createBasicFindingDifferent(finding2Id)); - Mockito.verify(executionMock, times(2)).setVariable(eq(DefaultFields.PROCESS_FINDINGS.name()), any()); + Mockito.verify(execution, times(2)).setVariable(eq(DefaultFields.PROCESS_FINDINGS.name()), any()); - ScanProcessExecution processExecution = processExecutionFactory.get(executionMock); + ScanProcessExecution processExecution = processExecutionFactory.get(execution); assertEquals(2, processExecution.getFindings().size()); @@ -163,9 +169,9 @@ public void testAppendAndClearFindings() throws Exception { // underTest.clearFindings(); - Mockito.verify(executionMock, atLeastOnce()).getVariable(eq(DefaultFields.PROCESS_FINDINGS.name())); - Mockito.verify(executionMock, times(3)).setVariable(eq(DefaultFields.PROCESS_FINDINGS.name()), any()); - Mockito.verifyNoMoreInteractions(executionMock); + Mockito.verify(execution, atLeastOnce()).getVariable(eq(DefaultFields.PROCESS_FINDINGS.name())); + Mockito.verify(execution, times(3)).setVariable(eq(DefaultFields.PROCESS_FINDINGS.name()), any()); + Mockito.verifyNoMoreInteractions(execution); assertEquals(0, processExecution.getFindings().size()); } @@ -177,9 +183,9 @@ public void testAppendAndClearTargets() throws Exception { underTest.appendTarget(TestHelper.createBaiscTarget()); underTest.appendTarget(TestHelper.createTarget("http://w1.w2.www", "some wired")); - Mockito.verify(executionMock, times(2)).setVariable(eq(DefaultFields.PROCESS_TARGETS.name()), any()); + Mockito.verify(execution, times(2)).setVariable(eq(DefaultFields.PROCESS_TARGETS.name()), any()); - ScanProcessExecution processExecution = processExecutionFactory.get(executionMock); + ScanProcessExecution processExecution = processExecutionFactory.get(execution); assertEquals(2, processExecution.getTargets().size()); @@ -201,9 +207,9 @@ public void testAppendAndClearTargets() throws Exception { // Clear targets // underTest.clearTargets(); - Mockito.verify(executionMock, atLeastOnce()).getVariable(eq(DefaultFields.PROCESS_TARGETS.name())); - Mockito.verify(executionMock, times(3)).setVariable(eq(DefaultFields.PROCESS_TARGETS.name()), any()); - Mockito.verifyNoMoreInteractions(executionMock); + Mockito.verify(execution, atLeastOnce()).getVariable(eq(DefaultFields.PROCESS_TARGETS.name())); + Mockito.verify(execution, times(3)).setVariable(eq(DefaultFields.PROCESS_TARGETS.name()), any()); + Mockito.verifyNoMoreInteractions(execution); assertEquals(0, processExecution.getTargets().size()); } From 8cf0082f21676e0a044f925dca9fe4ad710f04bf Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Sep 2019 13:35:08 +0200 Subject: [PATCH 06/12] Explicitly init the ExecutionTimeService --- .../engine/execution/DefaultScanProcessExecution.java | 1 + 1 file changed, 1 insertion(+) diff --git a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java index a295cf5e..e0019393 100644 --- a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java +++ b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java @@ -59,6 +59,7 @@ public class DefaultScanProcessExecution implements ScanProcessExecution { public DefaultScanProcessExecution(DelegateExecution execution) { this.execution = execution; + this.executionTimeService = new ExecutionTimeService(execution); } @Override From 97616f25933e0d5027b5aa59f976a7d3d6fafefc Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Sep 2019 13:36:01 +0200 Subject: [PATCH 07/12] Add jackson-datatype-jdk8 to the explicitly init ObjectMappers --- scb-engine/pom.xml | 5 +++++ .../execution/DefaultScanProcessExecutionTest.java | 13 ++++++++----- .../elasticsearch-persistenceprovider/pom.xml | 4 ++++ .../ElasticSearchPersistenceProvider.java | 2 ++ 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/scb-engine/pom.xml b/scb-engine/pom.xml index a7c8bce5..c01a6212 100644 --- a/scb-engine/pom.xml +++ b/scb-engine/pom.xml @@ -95,6 +95,11 @@ camunda-bpm-spring-boot-starter-test test + + + com.fasterxml.jackson.datatype + jackson-datatype-jdk8 + diff --git a/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java b/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java index 7de058ea..88a5b695 100644 --- a/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java +++ b/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java @@ -20,6 +20,7 @@ package io.securecodebox.engine.execution; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.datatype.jdk8.Jdk8Module; import io.securecodebox.TestHelper; import io.securecodebox.constants.DefaultFields; import io.securecodebox.engine.service.ExecutionTimeService; @@ -36,8 +37,6 @@ import org.mockito.Mockito; import org.mockito.MockitoAnnotations; import org.mockito.stubbing.Answer; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.util.ReflectionTestUtils; import java.util.Date; import java.util.Optional; @@ -55,7 +54,7 @@ */ public class DefaultScanProcessExecutionTest { - private static final String DEFAULT_EXECUTION = "{\"id\":\"5a4e9d37-09b0-4109-badd-d79dfa8fce2a\",\"context\":\"TEST_CONTEXT\",\"automated\":false,\"scanners\":[{\"id\":\"62fa8ffb-e3bc-433e-b322-9c02108c5171\",\"type\":\"Test_SCANNER\",\"findings\":[{\"id\":\"49bf7fd3-8512-4d73-a28f-608e493cd726\",\"name\":\"BAD_TEST_FINDIG\",\"description\":\"Some coder has tested this!\",\"category\":\"COOL_TEST_STUFF\",\"osi_layer\":\"NOT_APPLICABLE\",\"severity\":\"HIGH\",\"reference\":{\"id\":\"UNI_CODE_STUFF\",\"source\":\"RISCOOL\"},\"hint\":\"You might wan't to blame Rüdiger!\",\"attributes\":{\"TEST\":\"Kekse\",\"HORRIBLE\":\"Coke\"},\"location\":\"mett.brot.securecodebox.io\",\"false_positive\":false}],\"rawFindings\":\"[{\\\"pudding\\\":\\\"Bier\\\"}]\"}]}"; + private static final String DEFAULT_EXECUTION = "{\"id\":\"5a4e9d37-09b0-4109-badd-d79dfa8fce2a\",\"context\":\"TEST_CONTEXT\",\"automated\":false,\"scanners\":[{\"id\":\"62fa8ffb-e3bc-433e-b322-9c02108c5171\",\"type\":\"Test_SCANNER\",\"findings\":[{\"id\":\"49bf7fd3-8512-4d73-a28f-608e493cd726\",\"name\":\"BAD_TEST_FINDIG\",\"description\":\"Some coder has tested this!\",\"category\":\"COOL_TEST_STUFF\",\"osi_layer\":\"NOT_APPLICABLE\",\"severity\":\"HIGH\",\"reference\":{\"id\":\"UNI_CODE_STUFF\",\"source\":\"RISCOOL\"},\"hint\":\"You might wan't to blame Rüdiger!\",\"attributes\":{\"TEST\":\"Kekse\",\"HORRIBLE\":\"Coke\"},\"location\":\"mett.brot.securecodebox.io\",\"false_positive\":false}],\"rawFindings\":\"[{\\\"pudding\\\":\\\"Bier\\\"}]\"}],\"startDate\":61514978400000,\"endDate\":61514978400000,\"durationInMilliSeconds\":0}"; public static final String SCANNER_SERIALIZE_RESULT = "{\"id\":\"62fa8ffb-e3bc-433e-b322-9c02108c5171\",\"type\":\"Test_SCANNER\",\"findings\":[{\"id\":\"49bf7fd3-8512-4d73-a28f-608e493cd726\",\"name\":\"BAD_TEST_FINDIG\",\"description\":\"Some coder has tested this!\",\"category\":\"COOL_TEST_STUFF\",\"osi_layer\":\"NOT_APPLICABLE\",\"severity\":\"HIGH\",\"reference\":{\"id\":\"UNI_CODE_STUFF\",\"source\":\"RISCOOL\"},\"hint\":\"You might wan't to blame Rüdiger!\",\"attributes\":{\"TEST\":\"Kekse\",\"HORRIBLE\":\"Coke\"},\"location\":\"mett.brot.securecodebox.io\",\"false_positive\":false}],\"rawFindings\":\"[{\\\"pudding\\\":\\\"Bier\\\"}]\"}"; String findingCache = ""; @@ -77,6 +76,8 @@ public void setUp() { MockitoAnnotations.initMocks(this); underTest = new DefaultScanProcessExecution(execution); + objectMapper.registerModule(new Jdk8Module()); + when(executionTimeService.getStartDate()).thenReturn(new Date(2019, 4, 3)); when(executionTimeService.getEndDate()).thenReturn(Optional.of(new Date(2019, 4, 3))); underTest.executionTimeService = executionTimeService; @@ -101,8 +102,10 @@ public void setUp() { public void testSerialize() throws Exception { DelegateExecution process = mockDelegateExcecution(); - ScanProcessExecution execution = new DefaultScanProcessExecution(process); - String s = objectMapper.writeValueAsString(execution); + DefaultScanProcessExecution execution = new DefaultScanProcessExecution(process); + + execution.executionTimeService = executionTimeService; + String s = objectMapper.writeValueAsString((ScanProcessExecution) execution); System.out.println(s); assertEquals(DEFAULT_EXECUTION, s); diff --git a/scb-persistenceproviders/elasticsearch-persistenceprovider/pom.xml b/scb-persistenceproviders/elasticsearch-persistenceprovider/pom.xml index f02b6182..ae7c9a4d 100644 --- a/scb-persistenceproviders/elasticsearch-persistenceprovider/pom.xml +++ b/scb-persistenceproviders/elasticsearch-persistenceprovider/pom.xml @@ -71,6 +71,10 @@ 1.2.1 test + + com.fasterxml.jackson.datatype + jackson-datatype-jdk8 + diff --git a/scb-persistenceproviders/elasticsearch-persistenceprovider/src/main/java/io/securecodebox/persistence/elasticsearch/ElasticSearchPersistenceProvider.java b/scb-persistenceproviders/elasticsearch-persistenceprovider/src/main/java/io/securecodebox/persistence/elasticsearch/ElasticSearchPersistenceProvider.java index f0d9eab2..000c2e87 100644 --- a/scb-persistenceproviders/elasticsearch-persistenceprovider/src/main/java/io/securecodebox/persistence/elasticsearch/ElasticSearchPersistenceProvider.java +++ b/scb-persistenceproviders/elasticsearch-persistenceprovider/src/main/java/io/securecodebox/persistence/elasticsearch/ElasticSearchPersistenceProvider.java @@ -22,6 +22,7 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.datatype.jdk8.Jdk8Module; import io.securecodebox.model.findings.Finding; import io.securecodebox.model.securitytest.SecurityTest; import io.securecodebox.persistence.PersistenceException; @@ -168,6 +169,7 @@ public void persist(SecurityTest securityTest) throws PersistenceException{ } ObjectMapper objectMapper = new ObjectMapper(); + objectMapper.registerModule(new Jdk8Module()); try { checkForSecurityTestIdExistence(securityTest); From 48af4a8498c762fb8ca5302aa06f66f2a7587368 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Sep 2019 13:36:20 +0200 Subject: [PATCH 08/12] Ensure json attribute order is consistent for the tests --- .../io/securecodebox/model/execution/ScanProcessExecution.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scb-sdk/src/main/java/io/securecodebox/model/execution/ScanProcessExecution.java b/scb-sdk/src/main/java/io/securecodebox/model/execution/ScanProcessExecution.java index 79b914bc..ad73c42f 100644 --- a/scb-sdk/src/main/java/io/securecodebox/model/execution/ScanProcessExecution.java +++ b/scb-sdk/src/main/java/io/securecodebox/model/execution/ScanProcessExecution.java @@ -35,7 +35,7 @@ * @author Rüdiger Heins - iteratec GmbH * @since 08.03.18 */ -@JsonPropertyOrder({ "id", "context", "automated", "scanners", "scanner_type", "tenant_id" }) +@JsonPropertyOrder({ "id", "context", "automated", "scanners", "scanner_type", "tenant_id", "startDate", "endDate", "durationInMilliSeconds" }) @JsonInclude(JsonInclude.Include.NON_EMPTY) public interface ScanProcessExecution { From 6a9f997fe2f8fed767f029d69ad8cdfb49d507ad Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Sep 2019 13:36:30 +0200 Subject: [PATCH 09/12] Update spring boot version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5936da5c..541441bd 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,7 @@ 3.2.0 - 2.1.5.RELEASE + 2.1.8.RELEASE 2.9.0 UTF-8 From 0404656f51a10e4cce1b6a3a3241c29327d19b6c Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Sep 2019 14:11:23 +0200 Subject: [PATCH 10/12] Add jdk8 rules to other manual object mappers --- .../elasticsearch/ElasticSearchPersistenceProvider.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scb-persistenceproviders/elasticsearch-persistenceprovider/src/main/java/io/securecodebox/persistence/elasticsearch/ElasticSearchPersistenceProvider.java b/scb-persistenceproviders/elasticsearch-persistenceprovider/src/main/java/io/securecodebox/persistence/elasticsearch/ElasticSearchPersistenceProvider.java index 000c2e87..3b8a000f 100644 --- a/scb-persistenceproviders/elasticsearch-persistenceprovider/src/main/java/io/securecodebox/persistence/elasticsearch/ElasticSearchPersistenceProvider.java +++ b/scb-persistenceproviders/elasticsearch-persistenceprovider/src/main/java/io/securecodebox/persistence/elasticsearch/ElasticSearchPersistenceProvider.java @@ -338,6 +338,7 @@ private String readFileResource(String file) { private Map serializeAndRemove(Object object, String... toRemove) { ObjectMapper objectMapper = new ObjectMapper(); + objectMapper.registerModule(new Jdk8Module()); try { String jsonString = objectMapper.writeValueAsString(object); Map result = objectMapper.readValue(jsonString, new TypeReference>() { @@ -404,6 +405,7 @@ private void initializeKibana() throws IOException { // The index-pattern "securecodebox*" doesn't exist, we need to create it along with the import objects ObjectMapper objectMapper = new ObjectMapper(); + objectMapper.registerModule(new Jdk8Module()); String kibanaFile = readFileResource("kibana-imports.json"); List dataElements = objectMapper.readValue(kibanaFile, objectMapper.getTypeFactory().constructCollectionType(List.class, KibanaData.class)); From 05715730d0cdc761b7a6f7653e96fc14e71190d3 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Sep 2019 14:11:50 +0200 Subject: [PATCH 11/12] Use LocalDateTime instead of deprecated Date constructor --- .../execution/DefaultScanProcessExecutionTest.java | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java b/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java index 88a5b695..dd590c0d 100644 --- a/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java +++ b/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java @@ -38,6 +38,9 @@ import org.mockito.MockitoAnnotations; import org.mockito.stubbing.Answer; +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.time.ZoneOffset; import java.util.Date; import java.util.Optional; import java.util.UUID; @@ -54,7 +57,7 @@ */ public class DefaultScanProcessExecutionTest { - private static final String DEFAULT_EXECUTION = "{\"id\":\"5a4e9d37-09b0-4109-badd-d79dfa8fce2a\",\"context\":\"TEST_CONTEXT\",\"automated\":false,\"scanners\":[{\"id\":\"62fa8ffb-e3bc-433e-b322-9c02108c5171\",\"type\":\"Test_SCANNER\",\"findings\":[{\"id\":\"49bf7fd3-8512-4d73-a28f-608e493cd726\",\"name\":\"BAD_TEST_FINDIG\",\"description\":\"Some coder has tested this!\",\"category\":\"COOL_TEST_STUFF\",\"osi_layer\":\"NOT_APPLICABLE\",\"severity\":\"HIGH\",\"reference\":{\"id\":\"UNI_CODE_STUFF\",\"source\":\"RISCOOL\"},\"hint\":\"You might wan't to blame Rüdiger!\",\"attributes\":{\"TEST\":\"Kekse\",\"HORRIBLE\":\"Coke\"},\"location\":\"mett.brot.securecodebox.io\",\"false_positive\":false}],\"rawFindings\":\"[{\\\"pudding\\\":\\\"Bier\\\"}]\"}],\"startDate\":61514978400000,\"endDate\":61514978400000,\"durationInMilliSeconds\":0}"; + private static final String DEFAULT_EXECUTION = "{\"id\":\"5a4e9d37-09b0-4109-badd-d79dfa8fce2a\",\"context\":\"TEST_CONTEXT\",\"automated\":false,\"scanners\":[{\"id\":\"62fa8ffb-e3bc-433e-b322-9c02108c5171\",\"type\":\"Test_SCANNER\",\"findings\":[{\"id\":\"49bf7fd3-8512-4d73-a28f-608e493cd726\",\"name\":\"BAD_TEST_FINDIG\",\"description\":\"Some coder has tested this!\",\"category\":\"COOL_TEST_STUFF\",\"osi_layer\":\"NOT_APPLICABLE\",\"severity\":\"HIGH\",\"reference\":{\"id\":\"UNI_CODE_STUFF\",\"source\":\"RISCOOL\"},\"hint\":\"You might wan't to blame Rüdiger!\",\"attributes\":{\"TEST\":\"Kekse\",\"HORRIBLE\":\"Coke\"},\"location\":\"mett.brot.securecodebox.io\",\"false_positive\":false}],\"rawFindings\":\"[{\\\"pudding\\\":\\\"Bier\\\"}]\"}],\"startDate\":504295320000,\"endDate\":504295620000,\"durationInMilliSeconds\":300000}"; public static final String SCANNER_SERIALIZE_RESULT = "{\"id\":\"62fa8ffb-e3bc-433e-b322-9c02108c5171\",\"type\":\"Test_SCANNER\",\"findings\":[{\"id\":\"49bf7fd3-8512-4d73-a28f-608e493cd726\",\"name\":\"BAD_TEST_FINDIG\",\"description\":\"Some coder has tested this!\",\"category\":\"COOL_TEST_STUFF\",\"osi_layer\":\"NOT_APPLICABLE\",\"severity\":\"HIGH\",\"reference\":{\"id\":\"UNI_CODE_STUFF\",\"source\":\"RISCOOL\"},\"hint\":\"You might wan't to blame Rüdiger!\",\"attributes\":{\"TEST\":\"Kekse\",\"HORRIBLE\":\"Coke\"},\"location\":\"mett.brot.securecodebox.io\",\"false_positive\":false}],\"rawFindings\":\"[{\\\"pudding\\\":\\\"Bier\\\"}]\"}"; String findingCache = ""; @@ -78,8 +81,12 @@ public void setUp() { objectMapper.registerModule(new Jdk8Module()); - when(executionTimeService.getStartDate()).thenReturn(new Date(2019, 4, 3)); - when(executionTimeService.getEndDate()).thenReturn(Optional.of(new Date(2019, 4, 3))); + when(executionTimeService.getStartDate()).thenReturn( + Date.from(LocalDateTime.of(1985, 12, 24, 18, 2).toInstant(ZoneOffset.UTC)) + ); + when(executionTimeService.getEndDate()).thenReturn(Optional.of( + Date.from(LocalDateTime.of(1985, 12, 24, 18, 7).toInstant(ZoneOffset.UTC)) + )); underTest.executionTimeService = executionTimeService; when(processExecutionFactory.get(execution)).thenReturn(underTest); From 71ff9a82089701216ddb6c2298db85fbcf3b900c Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 18 Sep 2019 16:27:09 +0200 Subject: [PATCH 12/12] Applied code style suggestions --- .../engine/execution/DefaultScanProcessExecution.java | 3 --- .../securecodebox/engine/service/ExecutionTimeService.java | 2 +- .../engine/execution/DefaultScanProcessExecutionTest.java | 7 +++++-- .../io/securecodebox/model/securitytest/SecurityTest.java | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java index e0019393..518f0b57 100644 --- a/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java +++ b/scb-engine/src/main/java/io/securecodebox/engine/execution/DefaultScanProcessExecution.java @@ -28,11 +28,8 @@ import io.securecodebox.model.findings.Finding; import io.securecodebox.scanprocess.ProcessVariableHelper; import org.camunda.bpm.engine.delegate.DelegateExecution; -import org.camunda.bpm.engine.history.HistoricProcessInstance; -import org.camunda.bpm.engine.runtime.ProcessInstance; import org.camunda.bpm.engine.variable.value.BooleanValue; import org.camunda.bpm.engine.variable.value.StringValue; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Configurable; import org.springframework.util.StringUtils; diff --git a/scb-engine/src/main/java/io/securecodebox/engine/service/ExecutionTimeService.java b/scb-engine/src/main/java/io/securecodebox/engine/service/ExecutionTimeService.java index 60b7ca34..f6118e32 100644 --- a/scb-engine/src/main/java/io/securecodebox/engine/service/ExecutionTimeService.java +++ b/scb-engine/src/main/java/io/securecodebox/engine/service/ExecutionTimeService.java @@ -8,7 +8,7 @@ public class ExecutionTimeService { - DelegateExecution execution; + private DelegateExecution execution; public ExecutionTimeService(DelegateExecution execution){ this.execution = execution; diff --git a/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java b/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java index dd590c0d..a375380f 100644 --- a/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java +++ b/scb-engine/src/test/java/io/securecodebox/engine/execution/DefaultScanProcessExecutionTest.java @@ -38,7 +38,6 @@ import org.mockito.MockitoAnnotations; import org.mockito.stubbing.Answer; -import java.time.LocalDate; import java.time.LocalDateTime; import java.time.ZoneOffset; import java.util.Date; @@ -49,7 +48,11 @@ import static org.junit.Assert.assertNotNull; import static org.mockito.Matchers.any; import static org.mockito.Matchers.eq; -import static org.mockito.Mockito.*; +import static org.mockito.Mockito.atLeastOnce; +import static org.mockito.Mockito.doAnswer; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.when; /** * @author Rüdiger Heins - iteratec GmbH diff --git a/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java b/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java index 203857f7..e1b45547 100644 --- a/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java +++ b/scb-sdk/src/main/java/io/securecodebox/model/securitytest/SecurityTest.java @@ -115,7 +115,7 @@ public Long getDurationInMilliSeconds() { value = "Timestamp of when the security test was started.", example = "42" ) - Date startedAt; + protected Date startedAt; public Date startedAt() { return startedAt; } @@ -129,7 +129,7 @@ public void setStartedAt(Date startedAt) { value = "Timestamp of when the security test was ended. Null if still running, see finished attributes", example = "42" ) - Optional endedAt; + protected Optional endedAt; public Optional getEndedAt() { return endedAt; }