CR comments changes

CheckmarxDev · Jun 4, 2024 · 101967d · 101967d
1 parent fcb8a47
commit 101967d
Show file tree

Hide file tree

Showing 5 changed files with 178 additions and 11 deletions.
diff --git a/src/main/java/com/checkmarx/ast/ScanResult/Error.java b/src/main/java/com/checkmarx/ast/ScanResult/Error.java
@@ -3,8 +3,8 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 
 public class Error  {
-    int code;
-    String description;
+    public int code;
+    public String description;
 
     @JsonCreator
     public Error(

diff --git a/src/main/resources/cx.exe b/src/main/resources/cx.exe
diff --git a/src/test/java/com/checkmarx/ast/ScanTest.java b/src/test/java/com/checkmarx/ast/ScanTest.java
@@ -1,14 +1,13 @@
 package com.checkmarx.ast;
 
+import com.checkmarx.ast.ScanResult.Error;
+import com.checkmarx.ast.ScanResult.ScanDetail;
 import com.checkmarx.ast.ScanResult.ScanResult;
 import com.checkmarx.ast.kicsRealtimeResults.KicsRealtimeResults;
 import com.checkmarx.ast.scan.Scan;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
@@ -24,19 +23,45 @@ void testScanShow() throws Exception {
     }
 
     @Test
-    void testScanVorpalSuccessfulResponse() throws Exception {
-        ScanResult scanResult = wrapper.ScanVorpal("src/test/resources/csharp-file.cs", true);
+    void testScanVorpal_WhenFileWithVulnerabilitiesIsSent_ReturnSuccessfulResponseWithCorrectValues() throws Exception {
+        ScanResult scanResult = wrapper.ScanVorpal("src/test/resources/python-vul-file.py", true);
         Assertions.assertNotNull(scanResult.getRequestId());
         Assertions.assertTrue(scanResult.isStatus());
+        Assertions.assertEquals(2, scanResult.getScanDetails().size());
         Assertions.assertNull(scanResult.getError());
+        ScanDetail firstScanDetails = scanResult.getScanDetails().get(0);
+        Assertions.assertEquals(37, firstScanDetails.getLine());
+        Assertions.assertEquals("Stored XSS", firstScanDetails.getQueryName());
+        Assertions.assertEquals("High", firstScanDetails.getSeverity());
+        Assertions.assertNotNull(firstScanDetails.getRemediation());
+        Assertions.assertNotNull(firstScanDetails.getDescription());
+        ScanDetail secondScanDetails = scanResult.getScanDetails().get(1);
+        Assertions.assertEquals(76, secondScanDetails.getLine());
+        Assertions.assertEquals("Missing HSTS Header", secondScanDetails.getQueryName());
+        Assertions.assertEquals("Medium", secondScanDetails.getSeverity());
+        Assertions.assertNotNull(secondScanDetails.getRemediation());
+        Assertions.assertNotNull(secondScanDetails.getDescription());
     }
 
     @Test
-    void testScanVorpalFailureResponse() throws Exception {
-        ScanResult scanResult = wrapper.ScanVorpal("src/test/resources/csharp-file.cs", false);
-        Assertions.assertEquals("1111", scanResult.getRequestId());
+    void testScanVorpal_WhenFileWithoutVulnerabilitiesIsSent_ReturnSuccessfulResponseWithCorrectValues() throws Exception {
+        ScanResult scanResult = wrapper.ScanVorpal("src/test/resources/csharp-no-vul.cs", true);
+        Assertions.assertNotNull(scanResult.getRequestId());
+        Assertions.assertTrue(scanResult.isStatus());
+        Assertions.assertEquals(0, scanResult.getScanDetails().size());
+        Assertions.assertNull(scanResult.getError());
+    }
+
+    @Test
+    void testScanVorpal_WhenInvalidRequestIsSent_ReturnInternalErrorFailure() throws Exception {
+        ScanResult scanResult = wrapper.ScanVorpal("src/test/resources/python-vul-file.py", false);
+        Assertions.assertEquals("some-request-id", scanResult.getRequestId());
         Assertions.assertFalse(scanResult.isStatus());
-        Assertions.assertNotNull(scanResult.getError());
+        Assertions.assertNull(scanResult.getScanDetails());
+        Error error = scanResult.getError();
+        Assertions.assertNotNull(error);
+        Assertions.assertEquals("An internal error occurred.", error.description);
+        Assertions.assertEquals(2, error.code);
     }
 
     @Test

diff --git a/src/test/resources/csharp-no-vul.cs b/src/test/resources/csharp-no-vul.cs
@@ -0,0 +1,44 @@
+namespace EvidenceResolver.Tests.Contract
+{
+    public static class MockProviderServiceExtenstion
+    {
+        public static IMockProviderService WithRequest(this IMockProviderService mockProviderService,
+            HttpVerb method, object path, object body = null, Dictionary<string, object> headers = null)
+        {
+            var providerServiceRequest = new ProviderServiceRequest
+            {
+                Method = method,
+                Path = path
+            };
+
+            providerServiceRequest.Headers = headers ?? new Dictionary<string, object>
+            {
+                {"Content-Type", "application/json"}
+            };
+
+            if (body != null) {
+                providerServiceRequest.Body = PactNet.Matchers.Match.Type(body);
+            }
+
+            return mockProviderService.With(providerServiceRequest);
+        }
+
+        public static void WillRespondParameters(this IMockProviderService mockProviderService,
+            int status, dynamic body = null, Dictionary<string, object> headers = null)
+        {
+            if (body == null) {
+                body = new { };
+            }
+
+            var expectedResponse = new ProviderServiceResponse
+            {
+                Status = status,
+                Headers = headers ?? new Dictionary<string, object>
+                    {{"Content-Type", "application/json; charset=utf-8"}},
+                Body = PactNet.Matchers.Match.Type(body)
+            };
+
+            mockProviderService.WillRespondWith(expectedResponse);
+        }
+    }
+}