Skip to content
This repository was archived by the owner on Feb 26, 2021. It is now read-only.

Add getLatestTestIdByEngagementName #131

Merged
J12934 merged 11 commits into from
Jan 3, 2020
Merged

Add getLatestTestIdByEngagementName #131

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
0b8b6e9
Add getLatestTestIdByEngagementName
wurstbrot Jan 2, 2020
e4855f3
Update DependencyCheck version
J12934 Jan 3, 2020
5a8c386
Update spring boot starter version
J12934 Jan 3, 2020
0aa20c7
Update spin dataformat all out of line
J12934 Jan 3, 2020
b950fbf
Update spring security core
J12934 Jan 3, 2020
856ef6f
Add unrestricted suppression for CVE-2018-1258
J12934 Jan 3, 2020
6472f5b
Update `camunda-spin-dataformat-all` to latest version
J12934 Jan 3, 2020
a9b389f
Update tomcat version
J12934 Jan 3, 2020
95625d3
Update proper tomact dependency
J12934 Jan 3, 2020
18e8e2e
Update related tomcat libs
J12934 Jan 3, 2020
1a24580
Merge branch 'feature/getlatest' of github.com:secureCodeBox/engine
J12934 Jan 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 3 additions & 11 deletions dependency-check-suppression.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,20 +45,12 @@
<cve>CVE-2019-0232</cve>
</suppress>

<suppress until="2020-01-01Z">
<suppress>
<!--
Introduced through: spring-security-core-5.2.0.RELEASE.jar
False Positive.
Does not apply to our Spring Version: https://pivotal.io/security/cve-2018-1258
-->
<cve>CVE-2018-1258</cve>

<!--
Not fixable until camunda-spin updates its jackson dependency
Introduced through: camunda-spin-dataformat-all-1.6.3.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
-->
<cve>CVE-2019-14379</cve>
<cve>CVE-2018-19362</cve>
<cve>CVE-2018-19361</cve>
<cve>CVE-2018-19360</cve>
</suppress>

</suppressions>
4 changes: 2 additions & 2 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
please see org.camunda.bpm.springboot.project:camunda-bpm-spring-boot-starter-root
-->
<camunda.version>7.10.0</camunda.version>
<camunda.spring.boot.starter.version>3.2.7</camunda.spring.boot.starter.version>
<camunda.spring.boot.starter.version>3.2.8</camunda.spring.boot.starter.version>
<!-- END IMPORTANT -->

<spring-boot.version>2.2.2.RELEASE</spring-boot.version>
Expand Down Expand Up @@ -256,7 +256,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>5.2.2</version>
<version>5.2.4</version>
<configuration>
<failBuildOnCVSS>8</failBuildOnCVSS>
<format>ALL</format>
Expand Down
23 changes: 23 additions & 0 deletions scb-engine/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,12 @@
<version>2.2.2.RELEASE</version>
</dependency>

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>5.2.1.RELEASE</version>
</dependency>

<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
Expand Down Expand Up @@ -65,6 +71,7 @@
<dependency>
<groupId>org.camunda.spin</groupId>
<artifactId>camunda-spin-dataformat-all</artifactId>
<version>1.7.5</version>
</dependency>

<dependency>
Expand All @@ -83,6 +90,22 @@
<artifactId>tomcat-jdbc</artifactId>
</dependency>

<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-core</artifactId>
<version>9.0.30</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-el</artifactId>
<version>9.0.30</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-websocket</artifactId>
<version>9.0.30</version>
</dependency>

<dependency>
<groupId>io.securecodebox.persistenceproviders</groupId>
<artifactId>empty-persistenceprovider</artifactId>
Expand Down
52 changes: 51 additions & 1 deletion ...ojo-persistenceprovider/src/main/java/io/securecodebox/persistence/DefectDojoService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,12 @@ private Optional<Long> getTestIdByEngagementName(long engagementId, String testN
.queryParam("engagement", Long.toString(engagementId))
.queryParam("limit", Long.toString(50L))
.queryParam("offset", Long.toString(offset));
if(testName!= null) builder.queryParam("testType", testName);
if(testName == null) {
LOG.warn("TestName must be set unique, e.g. with time");
return Optional.empty();
} else {
builder.queryParam("testType", testName);
}

RestTemplate restTemplate = new RestTemplate();
HttpEntity engagementRequest = new HttpEntity(getHeaders());
Expand All @@ -285,6 +290,51 @@ private Optional<Long> getTestIdByEngagementName(long engagementId, String testN
LOG.warn("Test with name '{}' not found.", testName);
return Optional.empty();
}
/*
* Be aware that using latest might results in "conflicting" "latest" in case a new test is added while requesting latest
*/
public Optional<Long> getLatestTestIdByEngagementName(String engagementName, String productName, String testName, long offset) {
Optional<Long> optionalEngagementId = getEngagementIdByEngagementName(engagementName, productName);
if(!optionalEngagementId.isPresent()) {
LOG.warn("engagementName with name '{}' not found.", engagementName);
return Optional.empty();
}
Long engagementId = optionalEngagementId.get();
UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(defectDojoUrl + "/api/v2/tests")
.queryParam("engagement", Long.toString(engagementId))
.queryParam("limit", Long.toString(50L))
.queryParam("offset", Long.toString(offset));
if(testName != null) builder.queryParam("testType", testName);

RestTemplate restTemplate = new RestTemplate();
HttpEntity engagementRequest = new HttpEntity(getHeaders());

ResponseEntity<DefectDojoResponse<TestResponse>> response = restTemplate.exchange(builder.toUriString(), HttpMethod.GET, engagementRequest, new ParameterizedTypeReference<DefectDojoResponse<TestResponse>>(){});

Optional<Long> testResponseId = null;
for(TestResponse test : response.getBody().getResults()){
if(testResponseId == null || test.getId() > testResponseId.get()) {
testResponseId = Optional.of(test.getId());
}
}

if(response.getBody().getNext() != null){
Optional<Long> subOptionalTestResponseId = getTestIdByEngagementName(engagementId, testName, offset + 1);
if(testResponseId == null ||
(subOptionalTestResponseId.isPresent()) &&
subOptionalTestResponseId.get() > testResponseId.get()
) {
testResponseId = subOptionalTestResponseId;
}
}
if(testResponseId != null) {
return testResponseId;
}

LOG.warn("Test with name '{}' not found.", testName);
return Optional.empty();
}

private EngagementResponse createTest(TestPayload testPayload) {
RestTemplate restTemplate = new RestTemplate();

Expand Down