Merge pull request #2563 from mercedes-benz/develop

Release ZAP wrapper
mercedes-benz · Sep 26, 2023 · 090209e · 090209e
2 parents 6a3f505 + 70d6467
commit 090209e
Show file tree

Hide file tree

Showing 123 changed files with 4,919 additions and 2,624 deletions.
diff --git a/.github/workflows/_build+publish-pds-solution.yml b/.github/workflows/_build+publish-pds-solution.yml
@@ -37,10 +37,10 @@ jobs:
           echo "pds-version '${{ inputs.pds-version }}'"
 
       - name: Checkout git repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Docker login to ghcr.io
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}

diff --git a/.github/workflows/github-action-scan.yml b/.github/workflows/github-action-scan.yml
@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Use Node.js
         # We do not define a dedicated node version here, we just use the default environment

diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -19,7 +19,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up JDK 17
         uses: actions/setup-java@v3
@@ -33,7 +33,7 @@ jobs:
         with:
           go-version: 1.20.4
 
-      - uses: actions/[email protected].1
+      - uses: actions/[email protected].2
         with:
           path: |
             ~/.cache/go-build

diff --git a/.github/workflows/publish-libraries.yml b/.github/workflows/publish-libraries.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout master
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: master
       # Create temporary local tags, so we build documentation for this tag...

diff --git a/.github/workflows/release-client-server-pds.yml b/.github/workflows/release-client-server-pds.yml
@@ -63,7 +63,7 @@ jobs:
           exit 1
 
       - name: Checkout master
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: master
       # Create temporary local tags, so we build documentation for this tag...
@@ -97,7 +97,7 @@ jobs:
           go-version: 1.20.4
 
       - name: Set up Go caching
-        uses: actions/[email protected].1
+        uses: actions/[email protected].2
         id: go-cache
         with:
           path: |
@@ -108,7 +108,7 @@ jobs:
             ${{ runner.os }}-go-
 
       - name: Docker login to ghcr.io
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}

diff --git a/.github/workflows/release-pds-tools.yml b/.github/workflows/release-pds-tools.yml
@@ -28,7 +28,7 @@ jobs:
           exit 1
 
       - name: Checkout master
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: master
 

diff --git a/.github/workflows/release-wrapper-checkmarx.yml b/.github/workflows/release-wrapper-checkmarx.yml
@@ -20,7 +20,7 @@ jobs:
           echo "Checkmarx-wrapper '${{ inputs.checkmarx-wrapper-version }}' - Milestone '${{ inputs.checkmarx-wrapper-milestone-number }}'"
 
       - name: Checkout branch master
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: master
 

diff --git a/.github/workflows/release-wrapper-owaspzap.yml b/.github/workflows/release-wrapper-owaspzap.yml
@@ -21,7 +21,7 @@ jobs:
           echo "OWASP-ZAP Wrapper '${{ inputs.owaspzap-wrapper-version }}' - Milestone '${{ inputs.owaspzap-wrapper-milestone-number }}'"
 
       - name: Checkout branch master
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: master
 

diff --git a/MAINTAINERS.md b/MAINTAINERS.md
@@ -10,6 +10,7 @@
 | Jeremias Eppler  | <[email protected]>     | [jeeppler](https://github.com/jeeppler) | Mercedes-Benz Tech Innovation GmbH, [imprint](https://github.com/mercedes-benz/foss/blob/master/PROVIDER_INFORMATION.md) | 2021-01-01 |
 | Jan Winz         | <[email protected]>     | [winzj](https://github.com/winzj) | Mercedes-Benz Tech Innovation GmbH, [imprint](https://github.com/mercedes-benz/foss/blob/master/PROVIDER_INFORMATION.md) | 2021-07-01 |
 | Rouven Härtel         | <[email protected]>     | [haerter-tss](https://github.com/haerter-tss) | Mercedes-Benz Tech Innovation GmbH, [imprint](https://github.com/mercedes-benz/foss/blob/master/PROVIDER_INFORMATION.md) | 2022-02-01 |
+| Laura Bottner         | <[email protected]>     | [lorriborri](hhttps://github.com/lorriborri) | Mercedes-Benz Tech Innovation GmbH, [imprint](https://github.com/mercedes-benz/foss/blob/master/PROVIDER_INFORMATION.md) | 2023-09-06 |
 
 
 ## Emeritus Maintainers

diff --git a/gradle/libraries.gradle b/gradle/libraries.gradle
@@ -49,7 +49,7 @@ ext {
       apache_commons_io:                       "2.11.0",
       apache_commons_validator:                "1.7",
       apache_commons_fileupload:               "1.5",
-      apache_commons_compress:                 "1.23.0",
+      apache_commons_compress:                 "1.24.0",
       apache_commons_lang3:                    "3.12.0",
 
       /* testing */                            
@@ -68,7 +68,7 @@ ext {
       restDocsApiSpec:                         "0.16.4",  // newest version compatible with Spring Boot 2.x
 
       /* Owasp Zap wrapper */
-      owaspzap_client_api:                     "1.11.0",
+      owaspzap_client_api:                     "1.12.0",
       jcommander:                              "1.82",
 
       thymeleaf_extras_springsecurity5:        "3.1.1.RELEASE",

diff --git a/sechub-api-java/README.adoc b/sechub-api-java/README.adoc
@@ -14,7 +14,7 @@ The goal of the API is to:
 
 === Usage
 
-Create an instance of `com.mercedesbenz.sechub.api.SecHubClient` and use the client methods.
+Create an instance of `com.mercedesbenz.sechub.api.DefaultSecHubClient` and use the client methods.
 
 For a working example please look into `sechub-examples/example-sechub-api-java`.
 

diff --git a/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/AbstractSecHubClient.java b/sechub-api-java/src/main/java/com/mercedesbenz/sechub/api/AbstractSecHubClient.java
@@ -0,0 +1,101 @@
+package com.mercedesbenz.sechub.api;
+
+import java.net.URI;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import javax.crypto.SealedObject;
+
+import com.mercedesbenz.sechub.commons.core.security.CryptoAccess;
+
+public abstract class AbstractSecHubClient implements SecHubClient {
+
+    private boolean trustAll;
+    private String username;
+    private SealedObject sealedApiToken;
+    private URI serverUri;
+    private CryptoAccess<String> apiTokenAccess = new CryptoAccess<>();
+
+    private Set<SecHubClientListener> secHubClientListeners;
+
+    public AbstractSecHubClient() {
+        secHubClientListeners = new LinkedHashSet<>();
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public void setApiToken(String apiToken) {
+        this.sealedApiToken = apiTokenAccess.seal(apiToken);
+    }
+
+    public void setServerUri(URI serverUri) {
+        this.serverUri = serverUri;
+    }
+
+    public void setTrustAll(boolean trustAll) {
+        this.trustAll = trustAll;
+    }
+
+    @Override
+    public boolean isTrustAll() {
+        return trustAll;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public String getSealedApiToken() {
+        return apiTokenAccess.unseal(sealedApiToken);
+    }
+
+    @Override
+    public URI getServerUri() {
+        return serverUri;
+    }
+
+    /**
+     * Adds a listener to the client. For some action on client side the listener
+     * will be informed. A listener can be added only one time no matter how many
+     * times this method is called.
+     *
+     * @param listener
+     */
+    @Override
+    public void addListener(SecHubClientListener listener) {
+        if (listener == null) {
+            return;
+        }
+        this.secHubClientListeners.add(listener);
+    }
+
+    /**
+     * Removes a listener from the client (if added).
+     *
+     * @param listener
+     */
+    @Override
+    public void removeListener(SecHubClientListener listener) {
+        if (listener == null) {
+            return;
+        }
+        this.secHubClientListeners.remove(listener);
+    }
+
+    void inform(SecHubClientListenerCaller r) {
+        for (SecHubClientListener listener : secHubClientListeners) {
+            r.inform(listener);
+        }
+    }
+
+    interface SecHubClientListenerCaller {
+
+        public void inform(SecHubClientListener listener);
+
+    }
+
+}