github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/pkg/checkmarx/cxxml_to_sarif_test.go (about) 1 //go:build unit 2 // +build unit 3 4 package checkmarx 5 6 import ( 7 "testing" 8 9 "github.com/SAP/jenkins-library/pkg/format" 10 piperHttp "github.com/SAP/jenkins-library/pkg/http" 11 "github.com/SAP/jenkins-library/pkg/log" 12 "github.com/stretchr/testify/assert" 13 ) 14 15 func TestParse(t *testing.T) { 16 17 //Use a test CXXML doc 18 testCxxml := ` 19 <?xml version="1.0" encoding="utf-8"?> 20 <CxXMLResults InitiatorName="Test" Owner="Tester" ScanId="1111111" ProjectId="11037" ProjectName="test-project" TeamFullPathOnReportDate="CxServer" DeepLink="https://cxtext.test/CxWebClient/ViewerMain.aspx?scanid=1111111&projectid=11037" ScanStart="Monday, March 7, 2022 1:58:49 PM" Preset="Checkmarx Default" ScanTime="00h:00m:22s" LinesOfCodeScanned="2682" FilesScanned="15" ReportCreationTime="Monday, March 7, 2022 1:59:25 PM" Team="SecurityTesting" CheckmarxVersion="V 9.4.3" ScanComments="Scan From Golang Script" ScanType="Incremental" SourceOrigin="LocalPath" Visibility="Public"> 21 <Query id="2415" categories="Dummy Categories" cweId="79" name="Dummy Vuln 1" group="JavaScript_High_Risk" Severity="High" Language="JavaScript" LanguageHash="9095271965336651" LanguageChangeDate="2022-01-16T00:00:00.0000000" SeverityIndex="3" QueryPath="JavaScript\Cx\JavaScript High Risk\Dummy Vuln 1:4" QueryVersionCode="14383421"> 22 <Result NodeId="143834211111" FileName="test/any.ts" Status="Recurrent" Line="7" Column="46" FalsePositive="False" Severity="High" AssignToUser="" state="0" Remark="" DeepLink="https://cxtext.test/CxWebClient/ViewerMain.aspx?" SeverityIndex="3" StatusIndex="1" DetectionDate="3/7/2022 12:21:30 PM"> 23 <Path ResultId="11037" PathId="4" SimilarityId="-1754124988" SourceMethod="function" DestinationMethod="function"> 24 <PathNode> 25 <FileName>test/any.ts</FileName> 26 <Line>7</Line> 27 <Column>46</Column> 28 <NodeId>1</NodeId> 29 <Name>slice</Name> 30 <Type></Type> 31 <Length>5</Length> 32 <Snippet> 33 <Line> 34 <Number>7</Number> 35 <Code>dummy code</Code> 36 </Line> 37 </Snippet> 38 </PathNode> 39 <PathNode> 40 <FileName>test/any.ts</FileName> 41 <Line>7</Line> 42 <Column>12</Column> 43 <NodeId>2</NodeId> 44 <Name>location</Name> 45 <Type></Type> 46 <Length>8</Length> 47 <Snippet> 48 <Line> 49 <Number>7</Number> 50 <Code>dummy code 2</Code> 51 </Line> 52 </Snippet> 53 </PathNode> 54 </Path> 55 </Result> 56 <Result NodeId="143834211112" FileName="html/ts.ts" Status="Recurrent" Line="7" Column="46" FalsePositive="False" Severity="High" AssignToUser="" state="0" Remark="" DeepLink="https://cxtext.test/CxWebClient/ViewerMain.aspx?" SeverityIndex="3" StatusIndex="1" DetectionDate="3/7/2022 12:21:30 PM"> 57 <Path ResultId="4845356468" PathId="5" SimilarityId="-1465173916" SourceMethod="function" DestinationMethod="function"> 58 <PathNode> 59 <FileName>html/other.ts</FileName> 60 <Line>7</Line> 61 <Column>46</Column> 62 <NodeId>1</NodeId> 63 <Name>slice</Name> 64 <Type></Type> 65 <Length>5</Length> 66 <Snippet> 67 <Line> 68 <Number>7</Number> 69 <Code>dummycode</Code> 70 </Line> 71 </Snippet> 72 </PathNode> 73 <PathNode> 74 <FileName>html/other.ts</FileName> 75 <Line>7</Line> 76 <Column>12</Column> 77 <NodeId>2</NodeId> 78 <Name>location</Name> 79 <Type></Type> 80 <Length>8</Length> 81 <Snippet> 82 <Line> 83 <Number>7</Number> 84 <Code>dummycode2</Code> 85 </Line> 86 </Snippet> 87 </PathNode> 88 </Path> 89 </Result> 90 </Query> 91 <Query id="1111" categories="Dummy Categories" cweId="79" name="Dummy Vuln 2" group="JavaScript_High_Risk" Severity="High" Language="JavaScript" LanguageHash="9095271965336651" LanguageChangeDate="2022-01-16T00:00:00.0000000" SeverityIndex="3" QueryPath="JavaScript\Cx\JavaScript High Risk\Dummy Vuln 1:4" QueryVersionCode="14383421"> 92 <Result NodeId="143834211111" FileName="test/any.ts" Status="Recurrent" Line="7" Column="46" FalsePositive="False" Severity="High" AssignToUser="" state="2" Remark="Test-user Test-project, [Monday, March 7, 2022 1:57:26 PM]: Dummy comment
Test-user Test-project, [Monday, March 7, 2022 1:57:26 PM]: Changed status to Confirmed" DeepLink="https://cxtext.test/CxWebClient/ViewerMain.aspx?" SeverityIndex="3" StatusIndex="1" DetectionDate="3/7/2022 12:21:30 PM"> 93 <Path ResultId="11037" PathId="4" SimilarityId="-1754124988" SourceMethod="function" DestinationMethod="function"> 94 <PathNode> 95 <FileName>test/any.ts</FileName> 96 <Line>7</Line> 97 <Column>46</Column> 98 <NodeId>1</NodeId> 99 <Name>slice</Name> 100 <Type></Type> 101 <Length>5</Length> 102 <Snippet> 103 <Line> 104 <Number>7</Number> 105 <Code>dummy code</Code> 106 </Line> 107 </Snippet> 108 </PathNode> 109 </Path> 110 </Result> 111 </Query> 112 </CxXMLResults> 113 ` 114 115 t.Run("Valid config", func(t *testing.T) { 116 opts := piperHttp.ClientOptions{} 117 logger := log.Entry().WithField("package", "SAP/jenkins-library/pkg/checkmarx_test") 118 myTestClient := senderMock{responseBody: `{"shortDescription":"This is a dummy short description."}`, httpStatusCode: 200} 119 sys := SystemInstance{serverURL: "https://cx.server.com", client: &myTestClient, logger: logger} 120 myTestClient.SetOptions(opts) 121 122 sarif, err := Parse(&sys, []byte(testCxxml), 11037) 123 assert.NoError(t, err, "error") 124 assert.Equal(t, len(sarif.Runs[0].Results), 3) 125 assert.Equal(t, len(sarif.Runs[0].Tool.Driver.Rules), 2) 126 assert.Equal(t, sarif.Runs[0].Results[2].Properties.ToolState, "Confirmed") 127 assert.Equal(t, sarif.Runs[0].Results[2].Properties.ToolAuditMessage, "Changed status to Confirmed \n Dummy comment") 128 assert.Equal(t, sarif.Runs[0].Results[2].Properties.ToolSeverityIndex, 3) 129 assert.Equal(t, sarif.Runs[0].Results[2].Properties.ToolSeverity, "High") 130 assert.Equal(t, sarif.Runs[0].Results[2].Properties.AuditRequirementIndex, format.AUDIT_REQUIREMENT_GROUP_1_INDEX) 131 assert.Equal(t, sarif.Runs[0].Results[2].Properties.AuditRequirement, format.AUDIT_REQUIREMENT_GROUP_1_DESC) 132 //assert.Equal(t, "This is a dummy short description.", sarif.Runs[0].Tool.Driver.Rules[0].FullDescription.Text) 133 134 // ensure the existence of not applicable field (specific Fortify) 135 assert.Equal(t, sarif.Runs[0].Results[2].Properties.InstanceSeverity, "") 136 assert.Equal(t, sarif.Runs[0].Results[2].Properties.Confidence, "") 137 assert.Equal(t, sarif.Runs[0].Results[2].Properties.FortifyCategory, "") 138 }) 139 140 t.Run("Missing sys", func(t *testing.T) { 141 142 sarif, err := Parse(nil, []byte(testCxxml), 11037) 143 assert.NoError(t, err, "error") 144 assert.Equal(t, len(sarif.Runs[0].Results), 3) 145 assert.Equal(t, len(sarif.Runs[0].Tool.Driver.Rules), 2) 146 assert.Equal(t, sarif.Runs[0].Results[2].Properties.ToolState, "Confirmed") 147 assert.Equal(t, sarif.Runs[0].Results[2].Properties.ToolAuditMessage, "Changed status to Confirmed \n Dummy comment") 148 assert.Equal(t, "Dummy Categories", sarif.Runs[0].Tool.Driver.Rules[0].FullDescription.Text) 149 }) 150 151 t.Run("Missing data", func(t *testing.T) { 152 _, err := Parse(nil, []byte{}, 11037) 153 assert.Error(t, err, "EOF") 154 }) 155 156 }