Unit tests for HTTP and binary scan #2504

sechub-pds-solutions/xray/docker/scripts/xray.sh

@@ -11,8 +11,8 @@ echo "PDS Job UUID: $PDS_JOB_UUID"
 echo ""
 
 SKOPEO_AUTH="auth.json"
-# UPLOAD_DIR=$PDS_JOB_EXTRACTED_BINARIES_FOLDER
-UPLOAD_DIR=$PDS_JOB_EXTRACTED_SOURCES_FOLDER
+UPLOAD_DIR=$PDS_JOB_EXTRACTED_BINARIES_FOLDER
+# UPLOAD_DIR=$PDS_JOB_EXTRACTED_SOURCES_FOLDER
 
 check_valid_upload () {
   if [ $(ls $UPLOAD_DIR | wc -l) -ge 2 ]
@@ -64,4 +64,4 @@ do
   java -jar "$TOOL_FOLDER/wrapperxray.jar" "--name" "$IMAGE" "--sha256" "$SHA256" "--scantype" "docker" "--outputfile" "$PDS_JOB_RESULT_FILE"
 done
 
-clean_workspace
+clean_workspace

sechub-wrapper-xray/src/main/java/com.mercedesbenz.sechub.xraywrapper/cli/XrayClientArtifactoryController.java

@@ -1,14 +1,14 @@
 package com.mercedesbenz.sechub.xraywrapper.cli;
 
-import java.io.IOException;
-import java.util.concurrent.TimeUnit;
-
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import com.mercedesbenz.sechub.xraywrapper.config.XrayArtifact;
 import com.mercedesbenz.sechub.xraywrapper.config.XrayConfiguration;
 import com.mercedesbenz.sechub.xraywrapper.http.XrayArtifactoryClient;
 import com.mercedesbenz.sechub.xraywrapper.reportgenerator.XrayReportReader;
 
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+
 public class XrayClientArtifactoryController {
 
     private final XrayConfiguration xrayConfiguration;
@@ -22,15 +22,14 @@ public XrayClientArtifactoryController(XrayConfiguration xrayConfiguration, Xray
     }
 
     /**
-     * manages communication with the xray server in correct order
+     * controls the communication to the Xray artifactory server
      *
      * @throws IOException
      */
     public void waitForScansToFinishAndDownloadReport() throws IOException {
 
         // get xray version from artifactory
         String xray_version = artifactoryClient.getXrayVersion();
-        System.out.println("XRAY Version: " + xray_version);
 
         // check if artifact is uploaded
         boolean isUploaded = artifactoryClient.checkArtifactoryUpload();

sechub-wrapper-xray/src/main/java/com.mercedesbenz.sechub.xraywrapper/http/XrayArtifactoryClient.java

@@ -21,21 +21,21 @@ public XrayArtifactoryClient(XrayArtifact artifact, XrayConfiguration xrayConfig
     }
 
     public String getXrayVersion() throws IOException {
-        XrayAPIRequest request = XrayHttpRequestBuilder.generateGetXrayVersion(xrayConfiguration.getArtifactory());
+        XrayAPIRequest request = XrayHttpRequestBuilder.buildGetXrayVersion(xrayConfiguration.getArtifactory());
         XrayAPIResponse response = send(request);
         JsonNode node = getBodyAsNode(response.getBody());
         return node.get("xray_version").asText();
     }
 
     public boolean checkArtifactoryUpload() throws IOException {
-        XrayAPIRequest request = XrayHttpRequestBuilder.generateCheckArtifactUpload(xrayConfiguration.getArtifactory(), artifact,
+        XrayAPIRequest request = XrayHttpRequestBuilder.buildCheckArtifactUpload(xrayConfiguration.getArtifactory(), artifact,
                 xrayConfiguration.getRegister());
         XrayAPIResponse response = send(request);
         return !(isErrorResponse(response));
     }
 
     public String getScanStatus() throws IOException {
-        XrayAPIRequest request = XrayHttpRequestBuilder.generateGetScanStatus(xrayConfiguration.getArtifactory(), artifact, xrayConfiguration.getRegister());
+        XrayAPIRequest request = XrayHttpRequestBuilder.buildGetScanStatus(xrayConfiguration.getArtifactory(), artifact, xrayConfiguration.getRegister());
         XrayAPIResponse response = send(request);
         if (!isErrorResponse(response)) {
             JsonNode node = getBodyAsNode(response.getBody());
@@ -45,13 +45,13 @@ public String getScanStatus() throws IOException {
     }
 
     public boolean requestScanReports() throws IOException {
-        XrayAPIRequest request = XrayHttpRequestBuilder.generateGetScanReports(xrayConfiguration.getArtifactory(), artifact);
+        XrayAPIRequest request = XrayHttpRequestBuilder.buildGetScanReports(xrayConfiguration.getArtifactory(), artifact);
         XrayAPIResponse response = send(request);
         return !isErrorResponse(response);
     }
 
     public String startScanArtifact() throws IOException {
-        XrayAPIRequest request = XrayHttpRequestBuilder.generateScanArtifact(xrayConfiguration.getArtifactory(), artifact, xrayConfiguration.getRegister());
+        XrayAPIRequest request = XrayHttpRequestBuilder.buildScanArtifact(xrayConfiguration.getArtifactory(), artifact, xrayConfiguration.getRegister());
         XrayAPIResponse response = send(request);
         if (!isErrorResponse(response)) {
             JsonNode node = getBodyAsNode(response.getBody());

sechub-wrapper-xray/src/main/java/com.mercedesbenz.sechub.xraywrapper/http/XrayHttpRequestBuilder.java

@@ -11,7 +11,7 @@ public class XrayHttpRequestBuilder {
      * @param baseUrl factory URL
      * @return XrayAPIRequest
      */
-    public static XrayAPIRequest generateGetXrayVersion(String baseUrl) {
+    public static XrayAPIRequest buildGetXrayVersion(String baseUrl) {
         XrayAPIRequest request = new XrayAPIRequest();
         request.setBaseUrl(baseUrl + "/xray/api/v1/system/version");
         request.setRequestMethodEnum(XrayAPIRequest.RequestMethodEnum.GET);
@@ -26,7 +26,7 @@ public static XrayAPIRequest generateGetXrayVersion(String baseUrl) {
      * @param repository artifactory repository
      * @return XrayAPIRequest
      */
-    public static XrayAPIRequest generateCheckArtifactUpload(String baseUrl, XrayArtifact artifact, String repository) {
+    public static XrayAPIRequest buildCheckArtifactUpload(String baseUrl, XrayArtifact artifact, String repository) {
         String url = baseUrl + "/artifactory/api/storage/" + repository + "/" + artifact.getName() + "/" + artifact.getTag() + "/manifest.json";
         String data = "";
         return new XrayAPIRequest(url, XrayAPIRequest.RequestMethodEnum.GET, true, data);
@@ -40,7 +40,7 @@ public static XrayAPIRequest generateCheckArtifactUpload(String baseUrl, XrayArt
      * @param repository artifactory repository
      * @return XrayAPIRequest
      */
-    public static XrayAPIRequest generateScanArtifact(String baseUrl, XrayArtifact artifact, String repository) {
+    public static XrayAPIRequest buildScanArtifact(String baseUrl, XrayArtifact artifact, String repository) {
         String url = baseUrl + "/xray/api/v1/scanArtifact";
         String data = "{\"componentID\": \"" + artifact.getArtifactType() + "://" + artifact.getName() + ":" + artifact.getTag() + "\"," + "\"path\": \""
                 + repository + "/" + artifact.getName() + "/" + artifact.getTag() + "/manifest.json\"}";
@@ -55,7 +55,7 @@ public static XrayAPIRequest generateScanArtifact(String baseUrl, XrayArtifact a
      * @param repository artifactory repository
      * @return XrayAPIRequest
      */
-    public static XrayAPIRequest generateGetScanStatus(String baseUrl, XrayArtifact artifact, String repository) {
+    public static XrayAPIRequest buildGetScanStatus(String baseUrl, XrayArtifact artifact, String repository) {
         String url = baseUrl + "/xray/api/v1/scan/status/artifact";
         String data = "{\"path\": \"" + repository + "/" + artifact.getName() + "/" + artifact.getTag() + "/manifest.json\", \"repository_pkg_type\":\""
                 + artifact.getArtifactType() + "\", \"sha256\": \"" + artifact.getSha256() + "\"}";
@@ -69,7 +69,7 @@ public static XrayAPIRequest generateGetScanStatus(String baseUrl, XrayArtifact
      * @param artifact Artifact to scan
      * @return XrayAPIRequest
      */
-    public static XrayAPIRequest generateGetScanReports(String baseUrl, XrayArtifact artifact) {
+    public static XrayAPIRequest buildGetScanReports(String baseUrl, XrayArtifact artifact) {
         String url = baseUrl + "/xray/api/v1/component/exportDetails";
         String data = "{\"component_name\": \"" + artifact.getName() + ":" + artifact.getTag() + "\"," + "\"package_type\": \"" + artifact.getArtifactType()
                 + "\"," + "\"sha_256\" : \"" + artifact.getSha256() + "\"," + "\"violations\": true," + "\"include_ignored_violations\": true,"

sechub-wrapper-xray/src/main/java/com.mercedesbenz.sechub.xraywrapper/reportgenerator/XrayReportWriter.java

@@ -1,18 +1,17 @@
 package com.mercedesbenz.sechub.xraywrapper.reportgenerator;
 
-import java.io.File;
-import java.io.IOException;
-
 import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.ObjectWriter;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 
+import java.io.File;
+import java.io.IOException;
+
 public class XrayReportWriter {
     public static void writeReport(ObjectNode rootObject, File report) throws IOException {
         ObjectMapper mapper = new ObjectMapper();
         ObjectWriter writer = mapper.writer(new DefaultPrettyPrinter());
         writer.writeValue(new File(report.toURI()), rootObject);
-
     }
 }

sechub-wrapper-xray/src/test/java/com.mercedesbenz.sechub.xraywrapper/http/XrayAPIResponseTest.java

@@ -1,46 +1,46 @@
 package com.mercedesbenz.sechub.xraywrapper.http;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
+import org.junit.jupiter.api.Test;
 
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
-import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.assertEquals;
 
 class XrayAPIResponseTest {
 
     @Test
     public void testXrayAPIResponseEmpty() {
-        // prepare
+        /* prepare */
         XrayAPIResponse response;
 
-        // execute
+        /* execute */
         response = new XrayAPIResponse();
 
-        // assert
+        /* test */
         assertEquals(0, response.getStatus_code());
         assertEquals("", response.getBody());
     }
 
     @Test
     public void testXrayAPIResponse() {
-        // prepare
+        /* prepare */
         XrayAPIResponse response;
         int status = 200;
         String body = "body";
         Map<String, List<String>> headers = new java.util.HashMap<>(Collections.emptyMap());
         List<String> values = Arrays.asList("elem", "elem2");
         headers.put("header", values);
 
-        // execute
+        /* execute */
         response = new XrayAPIResponse();
         response.setBody(body);
         response.setStatus_code(status);
         response.setHeaders(headers);
 
-        // assert
+        /* test */
         assertEquals(200, response.getStatus_code());
         assertEquals("body", response.getBody());
         assertEquals(values, response.getHeaders().get("header"));

sechub-wrapper-xray/src/test/java/com.mercedesbenz.sechub.xraywrapper/http/XrayHttpRequestBuilderTest.java

@@ -1,12 +1,11 @@
 package com.mercedesbenz.sechub.xraywrapper.http;
 
-import static com.mercedesbenz.sechub.xraywrapper.http.XrayHttpRequestBuilder.*;
-import static org.junit.jupiter.api.Assertions.*;
-
+import com.mercedesbenz.sechub.xraywrapper.config.XrayArtifact;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
-import com.mercedesbenz.sechub.xraywrapper.config.XrayArtifact;
+import static com.mercedesbenz.sechub.xraywrapper.http.XrayHttpRequestBuilder.*;
+import static org.junit.jupiter.api.Assertions.*;
 
 class XrayHttpRequestBuilderTest {
 
@@ -22,78 +21,109 @@ public void beforeEach() {
     }
 
     @Test
-    public void testGenerateGetXrayVersion() {
-        // prepare
+    public void test_buildGetXrayVersion() {
+        /* prepare */
         XrayAPIRequest request;
         String apiUrl = "/xray/api/v1/system/version";
 
-        // execute
-        request = generateGetXrayVersion(url);
+        /* execute */
+        request = buildGetXrayVersion(url);
 
-        // assert
+        /* test  */
         assertEquals(XrayAPIRequest.RequestMethodEnum.GET, request.getRequestMethodEnum());
         assertEquals(url + apiUrl, request.getBaseUrl());
     }
 
     @Test
-    public void testGenerateCheckArtifactUpload() {
-        // prepare
+    public void test_generateGetXrayVersion_null() {
+        /* execute + test */
+        assertThrows(NullPointerException.class, () -> buildGetXrayVersion(null));
+    }
+
+    @Test
+    public void test_buildCheckArtifactUpload() {
+        /* prepare */
         XrayAPIRequest request;
         String apiUrl = "/artifactory/api/storage/myregister/myname/tag/manifest.json";
 
-        // execute
-        request = generateCheckArtifactUpload(url, artifact, register);
+        /* execute */
+        request = buildCheckArtifactUpload(url, artifact, register);
 
-        // assert
+        /* test  */
         assertEquals(XrayAPIRequest.RequestMethodEnum.GET, request.getRequestMethodEnum());
         assertEquals(url + apiUrl, request.getBaseUrl());
     }
 
     @Test
-    public void testGenerateScanArtifact() {
-        // prepare
+    public void test_buildCheckArtifactUpload_null() {
+        /* execute + test */
+        assertThrows(NullPointerException.class, () -> buildCheckArtifactUpload(null, null, null));
+    }
+
+    @Test
+    public void test_buildScanArtifact() {
+        /* prepare */
         XrayAPIRequest request;
         String apiUrl = "/xray/api/v1/scanArtifact";
         String data = "{\"componentID\": \"docker://myname:tag\"," + "\"path\": \"myregister/myname/tag/manifest.json\"}";
 
-        // execute
-        request = generateScanArtifact(url, artifact, register);
+        /* execute */
+        request = buildScanArtifact(url, artifact, register);
 
-        // assert
+        /* test  */
         assertEquals(XrayAPIRequest.RequestMethodEnum.POST, request.getRequestMethodEnum());
         assertEquals(url + apiUrl, request.getBaseUrl());
         assertEquals(data, request.getData());
     }
 
     @Test
-    public void testGenerateGetScanStatus() {
-        // prepare
+    public void test_buildScanArtifact_null() {
+        /* execute + test */
+        assertThrows(NullPointerException.class, () -> buildScanArtifact(null, null, null));
+    }
+
+
+    @Test
+    public void test_buildGetScanStatus() {
+        /* prepare */
         XrayAPIRequest request;
         String apiUrl = "/xray/api/v1/scan/status/artifact";
         String data = "{\"path\": \"myregister/myname/tag/manifest.json\", \"repository_pkg_type\":\"docker\", \"sha256\": \"sha256\"}";
 
-        // execute
-        request = generateGetScanStatus(url, artifact, register);
+        /* execute */
+        request = buildGetScanStatus(url, artifact, register);
 
-        // assert
+        /* test  */
         assertEquals(XrayAPIRequest.RequestMethodEnum.POST, request.getRequestMethodEnum());
         assertEquals(url + apiUrl, request.getBaseUrl());
         assertEquals(data, request.getData());
     }
 
     @Test
-    public void testGenerateGetScanReports() {
-        // prepare
+    public void test_buildGetScanStatus_null() {
+        /* execute + test */
+        assertThrows(NullPointerException.class, () -> buildGetScanStatus(null, null, null));
+    }
+
+    @Test
+    public void test_buildGetScanReports() {
+        /* prepare */
         XrayAPIRequest request;
         String apiUrl = "/xray/api/v1/component/exportDetails";
         String data = "{\"component_name\": \"myname:tag\"," + "\"package_type\": \"docker\"," + "\"sha_256\" : \"sha256\"";
 
-        // execute
-        request = generateGetScanReports(url, artifact);
+        /* execute */
+        request = buildGetScanReports(url, artifact);
 
-        // assert
+        /* test  */
         assertEquals(XrayAPIRequest.RequestMethodEnum.POST, request.getRequestMethodEnum());
         assertEquals(url + apiUrl, request.getBaseUrl());
         assertTrue(request.getData().contains(data));
     }
+
+    @Test
+    public void test_buildGetScanReports_null() {
+        /* execute + test */
+        assertThrows(NullPointerException.class, () -> buildGetScanReports(null, null));
+    }
 }