github.com/ouraigua/jenkins-library@v0.0.0-20231028010029-fbeaf2f3aa9b/pkg/checkmarx/reporting_test.go (about) 1 //go:build unit 2 // +build unit 3 4 package checkmarx 5 6 import ( 7 "encoding/xml" 8 "testing" 9 10 "github.com/stretchr/testify/assert" 11 ) 12 13 func TestCreateJSONReport(t *testing.T) { 14 data := `<?xml version="1.0" encoding="utf-8"?> 15 <CxXMLResults InitiatorName="admin" Owner="admin" ScanId="1000005" ProjectId="2" ProjectName="Project 1" TeamFullPathOnReportDate="CxServer" DeepLink="http://WIN2K12-TEMP/CxWebClient/ViewerMain.aspx?scanid=1000005&projectid=2" ScanStart="Sunday, December 3, 2017 4:50:34 PM" Preset="Checkmarx Default" ScanTime="00h:03m:18s" LinesOfCodeScanned="6838" FilesScanned="34" ReportCreationTime="Sunday, December 3, 2017 6:13:45 PM" Team="CxServer" CheckmarxVersion="8.6.0" ScanComments="" ScanType="Incremental" SourceOrigin="LocalPath" Visibility="Public"> 16 <Query id="430" categories="PCI DSS v3.2;PCI DSS (3.2) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection,FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-10 Information Input Validation (P1),OWASP Top 10 2017;A1-Injection" cweId="89" name="SQL_Injection" group="CSharp_High_Risk" Severity="High" Language="CSharp" LanguageHash="1363215419077432" LanguageChangeDate="2017-12-03T00:00:00.0000000" SeverityIndex="3" QueryPath="CSharp\Cx\CSharp High Risk\SQL Injection Version:0" QueryVersionCode="430"> 17 </Query> 18 </CxXMLResults>` 19 20 var xmlResult DetailedResult 21 xml.Unmarshal([]byte(data), &xmlResult) 22 resultMap := map[string]interface{}{} 23 resultMap["InitiatorName"] = xmlResult.InitiatorName 24 resultMap["Owner"] = xmlResult.Owner 25 resultMap["ScanId"] = xmlResult.ScanID 26 resultMap["ProjectId"] = xmlResult.ProjectID 27 resultMap["ProjectName"] = xmlResult.ProjectName 28 resultMap["Team"] = xmlResult.Team 29 resultMap["TeamFullPathOnReportDate"] = xmlResult.TeamFullPathOnReportDate 30 resultMap["ScanStart"] = xmlResult.ScanStart 31 resultMap["ScanTime"] = xmlResult.ScanTime 32 resultMap["LinesOfCodeScanned"] = xmlResult.LinesOfCodeScanned 33 resultMap["FilesScanned"] = xmlResult.FilesScanned 34 resultMap["CheckmarxVersion"] = xmlResult.CheckmarxVersion 35 resultMap["ScanType"] = xmlResult.ScanType 36 resultMap["Preset"] = xmlResult.Preset 37 resultMap["DeepLink"] = xmlResult.DeepLink 38 resultMap["ReportCreationTime"] = xmlResult.ReportCreationTime 39 resultMap["High"] = map[string]int{} 40 resultMap["Medium"] = map[string]int{} 41 resultMap["Low"] = map[string]int{} 42 resultMap["Information"] = map[string]int{} 43 submap := map[string]int{} 44 submap["Issues"] = 10 45 submap["NotFalsePositive"] = 10 46 resultMap["High"] = submap 47 48 submap = map[string]int{} 49 submap["Issues"] = 4 50 submap["NotFalsePositive"] = 0 51 resultMap["Medium"] = submap 52 53 submap = map[string]int{} 54 submap["Issues"] = 2 55 submap["NotFalsePositive"] = 2 56 submap["Confirmed"] = 1 57 submap["NotExploitable"] = 1 58 resultMap["Low"] = submap 59 60 submap = map[string]int{} 61 submap["Issues"] = 5 62 submap["NotFalsePositive"] = 5 63 resultMap["Information"] = submap 64 65 lowPerQuery := map[string]map[string]int{} 66 submap = map[string]int{} 67 submap["Issues"] = 4 68 submap["Confirmed"] = 0 69 submap["NotExploitable"] = 0 70 lowPerQuery["Low_Query_Name_1"] = submap 71 72 submap = map[string]int{} 73 submap["Issues"] = 5 74 submap["Confirmed"] = 2 75 submap["NotExploitable"] = 3 76 lowPerQuery["Low_Query_Name_2"] = submap 77 78 resultMap["LowPerQuery"] = lowPerQuery 79 80 reportingData := CreateJSONReport(resultMap) 81 assert.Equal(t, int64(1000005), reportingData.ScanID) 82 assert.Equal(t, "Project 1", reportingData.ProjectName) 83 assert.Equal(t, int64(2), reportingData.ProjectID) 84 assert.Equal(t, "CxServer", reportingData.TeamName) 85 assert.Equal(t, "checkmarx", reportingData.ToolName) 86 assert.Equal(t, "CxServer", reportingData.TeamPath) 87 assert.Equal(t, "http://WIN2K12-TEMP/CxWebClient/ViewerMain.aspx?scanid=1000005&projectid=2", reportingData.DeepLink) 88 assert.Equal(t, "Checkmarx Default", reportingData.Preset) 89 assert.Equal(t, "8.6.0", reportingData.CheckmarxVersion) 90 assert.Equal(t, "Incremental", reportingData.ScanType) 91 assert.Equal(t, 10, reportingData.HighTotal) 92 assert.Equal(t, 0, reportingData.HighAudited) 93 assert.Equal(t, 4, reportingData.MediumTotal) 94 assert.Equal(t, 4, reportingData.MediumAudited) 95 assert.Equal(t, 2, reportingData.LowTotal) 96 assert.Equal(t, 2, reportingData.LowAudited) 97 assert.Equal(t, 5, reportingData.InformationTotal) 98 assert.Equal(t, 0, reportingData.InformationAudited) 99 assert.Equal(t, false, reportingData.IsLowPerQueryAudited) 100 assert.Equal(t, 2, len(*reportingData.LowPerQuery)) 101 if (*reportingData.LowPerQuery)[0].QueryName == "Low_Query_Name_1" { 102 assert.Equal(t, "Low_Query_Name_1", (*reportingData.LowPerQuery)[0].QueryName) 103 assert.Equal(t, 0, (*reportingData.LowPerQuery)[0].Audited) 104 assert.Equal(t, 4, (*reportingData.LowPerQuery)[0].Total) 105 assert.Equal(t, "Low_Query_Name_2", (*reportingData.LowPerQuery)[1].QueryName) 106 assert.Equal(t, 5, (*reportingData.LowPerQuery)[1].Audited) 107 assert.Equal(t, 5, (*reportingData.LowPerQuery)[1].Total) 108 } else { 109 assert.Equal(t, "Low_Query_Name_1", (*reportingData.LowPerQuery)[1].QueryName) 110 assert.Equal(t, 0, (*reportingData.LowPerQuery)[1].Audited) 111 assert.Equal(t, 4, (*reportingData.LowPerQuery)[1].Total) 112 assert.Equal(t, "Low_Query_Name_2", (*reportingData.LowPerQuery)[0].QueryName) 113 assert.Equal(t, 5, (*reportingData.LowPerQuery)[0].Audited) 114 assert.Equal(t, 5, (*reportingData.LowPerQuery)[0].Total) 115 } 116 117 lowPerQuery = map[string]map[string]int{} 118 submap = map[string]int{} 119 submap["Issues"] = 100 120 submap["Confirmed"] = 10 121 submap["NotExploitable"] = 0 122 lowPerQuery["Low_Query_Name_1"] = submap 123 124 submap = map[string]int{} 125 submap["Issues"] = 5 126 submap["Confirmed"] = 2 127 submap["NotExploitable"] = 3 128 lowPerQuery["Low_Query_Name_2"] = submap 129 130 resultMap["LowPerQuery"] = lowPerQuery 131 reportingData = CreateJSONReport(resultMap) 132 assert.Equal(t, true, reportingData.IsLowPerQueryAudited) 133 134 lowPerQuery = map[string]map[string]int{} 135 submap = map[string]int{} 136 submap["Issues"] = 200 137 submap["Confirmed"] = 3 138 submap["NotExploitable"] = 2 139 lowPerQuery["Low_Query_Name_1"] = submap 140 141 resultMap["LowPerQuery"] = lowPerQuery 142 reportingData = CreateJSONReport(resultMap) 143 assert.Equal(t, false, reportingData.IsLowPerQueryAudited) 144 145 lowPerQuery = map[string]map[string]int{} 146 submap = map[string]int{} 147 submap["Issues"] = 200 148 submap["Confirmed"] = 5 149 submap["NotExploitable"] = 5 150 lowPerQuery["Low_Query_Name_1"] = submap 151 152 resultMap["LowPerQuery"] = lowPerQuery 153 reportingData = CreateJSONReport(resultMap) 154 assert.Equal(t, true, reportingData.IsLowPerQueryAudited) 155 } 156 157 func TestJsonReportWithNoLowVulnData(t *testing.T) { 158 data := `<?xml version="1.0" encoding="utf-8"?> 159 <CxXMLResults InitiatorName="admin" Owner="admin" ScanId="1000005" ProjectId="2" ProjectName="Project 1" TeamFullPathOnReportDate="CxServer" DeepLink="http://WIN2K12-TEMP/CxWebClient/ViewerMain.aspx?scanid=1000005&projectid=2" ScanStart="Sunday, December 3, 2017 4:50:34 PM" Preset="Checkmarx Default" ScanTime="00h:03m:18s" LinesOfCodeScanned="6838" FilesScanned="34" ReportCreationTime="Sunday, December 3, 2017 6:13:45 PM" Team="CxServer" CheckmarxVersion="8.6.0" ScanComments="" ScanType="Incremental" SourceOrigin="LocalPath" Visibility="Public"> 160 <Query id="430" categories="PCI DSS v3.2;PCI DSS (3.2) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection,FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-10 Information Input Validation (P1),OWASP Top 10 2017;A1-Injection" cweId="89" name="SQL_Injection" group="CSharp_High_Risk" Severity="High" Language="CSharp" LanguageHash="1363215419077432" LanguageChangeDate="2017-12-03T00:00:00.0000000" SeverityIndex="3" QueryPath="CSharp\Cx\CSharp High Risk\SQL Injection Version:0" QueryVersionCode="430"> 161 </Query> 162 </CxXMLResults>` 163 164 var xmlResult DetailedResult 165 xml.Unmarshal([]byte(data), &xmlResult) 166 resultMap := map[string]interface{}{} 167 resultMap["InitiatorName"] = xmlResult.InitiatorName 168 resultMap["Owner"] = xmlResult.Owner 169 resultMap["ScanId"] = xmlResult.ScanID 170 resultMap["ProjectId"] = xmlResult.ProjectID 171 resultMap["ProjectName"] = xmlResult.ProjectName 172 resultMap["Team"] = xmlResult.Team 173 resultMap["TeamFullPathOnReportDate"] = xmlResult.TeamFullPathOnReportDate 174 resultMap["ScanStart"] = xmlResult.ScanStart 175 resultMap["ScanTime"] = xmlResult.ScanTime 176 resultMap["LinesOfCodeScanned"] = xmlResult.LinesOfCodeScanned 177 resultMap["FilesScanned"] = xmlResult.FilesScanned 178 resultMap["CheckmarxVersion"] = xmlResult.CheckmarxVersion 179 resultMap["ScanType"] = xmlResult.ScanType 180 resultMap["Preset"] = xmlResult.Preset 181 resultMap["DeepLink"] = xmlResult.DeepLink 182 resultMap["ReportCreationTime"] = xmlResult.ReportCreationTime 183 resultMap["High"] = map[string]int{} 184 resultMap["Medium"] = map[string]int{} 185 resultMap["Low"] = map[string]int{} 186 resultMap["Information"] = map[string]int{} 187 submap := map[string]int{} 188 submap["Issues"] = 10 189 submap["NotFalsePositive"] = 10 190 resultMap["High"] = submap 191 192 submap = map[string]int{} 193 submap["Issues"] = 4 194 submap["NotFalsePositive"] = 4 195 resultMap["Medium"] = submap 196 197 submap = map[string]int{} 198 submap["Issues"] = 2 199 submap["NotFalsePositive"] = 1 200 resultMap["Information"] = submap 201 202 reportingData := CreateJSONReport(resultMap) 203 assert.Equal(t, int64(1000005), reportingData.ScanID) 204 assert.Equal(t, "Project 1", reportingData.ProjectName) 205 assert.Equal(t, int64(2), reportingData.ProjectID) 206 assert.Equal(t, "CxServer", reportingData.TeamName) 207 assert.Equal(t, "checkmarx", reportingData.ToolName) 208 assert.Equal(t, "CxServer", reportingData.TeamPath) 209 assert.Equal(t, "http://WIN2K12-TEMP/CxWebClient/ViewerMain.aspx?scanid=1000005&projectid=2", reportingData.DeepLink) 210 assert.Equal(t, "Checkmarx Default", reportingData.Preset) 211 assert.Equal(t, "8.6.0", reportingData.CheckmarxVersion) 212 assert.Equal(t, "Incremental", reportingData.ScanType) 213 assert.Equal(t, 10, reportingData.HighTotal) 214 assert.Equal(t, 0, reportingData.HighAudited) 215 assert.Equal(t, 4, reportingData.MediumTotal) 216 assert.Equal(t, 0, reportingData.MediumAudited) 217 assert.Equal(t, 0, reportingData.LowTotal) 218 assert.Equal(t, 0, reportingData.LowAudited) 219 assert.Equal(t, 2, reportingData.InformationTotal) 220 assert.Equal(t, 0, reportingData.InformationAudited) 221 } 222 223 func TestCreateCustomReport(t *testing.T) { 224 data := `<?xml version="1.0" encoding="utf-8"?> 225 <CxXMLResults InitiatorName="admin" Owner="admin" ScanId="1000005" ProjectId="2" ProjectName="Project 1" TeamFullPathOnReportDate="CxServer" DeepLink="http://WIN2K12-TEMP/CxWebClient/ViewerMain.aspx?scanid=1000005&projectid=2" ScanStart="Sunday, December 3, 2017 4:50:34 PM" Preset="Checkmarx Default" ScanTime="00h:03m:18s" LinesOfCodeScanned="6838" FilesScanned="34" ReportCreationTime="Sunday, December 3, 2017 6:13:45 PM" Team="CxServer" CheckmarxVersion="8.6.0" ScanComments="" ScanType="Incremental" SourceOrigin="LocalPath" Visibility="Public"> 226 <Query id="430" categories="PCI DSS v3.2;PCI DSS (3.2) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection,FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-10 Information Input Validation (P1),OWASP Top 10 2017;A1-Injection" cweId="89" name="SQL_Injection" group="CSharp_High_Risk" Severity="High" Language="CSharp" LanguageHash="1363215419077432" LanguageChangeDate="2017-12-03T00:00:00.0000000" SeverityIndex="3" QueryPath="CSharp\Cx\CSharp High Risk\SQL Injection Version:0" QueryVersionCode="430"> 227 </Query> 228 </CxXMLResults>` 229 230 var xmlResult DetailedResult 231 xml.Unmarshal([]byte(data), &xmlResult) 232 resultMap := map[string]interface{}{} 233 resultMap["InitiatorName"] = xmlResult.InitiatorName 234 resultMap["Owner"] = xmlResult.Owner 235 resultMap["ScanId"] = xmlResult.ScanID 236 resultMap["ProjectId"] = xmlResult.ProjectID 237 resultMap["ProjectName"] = xmlResult.ProjectName 238 resultMap["Team"] = xmlResult.Team 239 resultMap["TeamFullPathOnReportDate"] = xmlResult.TeamFullPathOnReportDate 240 resultMap["ScanStart"] = xmlResult.ScanStart 241 resultMap["ScanTime"] = xmlResult.ScanTime 242 resultMap["LinesOfCodeScanned"] = xmlResult.LinesOfCodeScanned 243 resultMap["FilesScanned"] = xmlResult.FilesScanned 244 resultMap["CheckmarxVersion"] = xmlResult.CheckmarxVersion 245 resultMap["ScanType"] = xmlResult.ScanType 246 resultMap["Preset"] = xmlResult.Preset 247 resultMap["DeepLink"] = xmlResult.DeepLink 248 resultMap["ReportCreationTime"] = xmlResult.ReportCreationTime 249 resultMap["High"] = map[string]int{} 250 resultMap["Medium"] = map[string]int{} 251 resultMap["Low"] = map[string]int{} 252 resultMap["Information"] = map[string]int{} 253 submap := map[string]int{} 254 submap["Issues"] = 10 255 submap["NotFalsePositive"] = 10 256 resultMap["High"] = submap 257 258 submap = map[string]int{} 259 submap["Issues"] = 4 260 submap["NotFalsePositive"] = 0 261 resultMap["Medium"] = submap 262 263 submap = map[string]int{} 264 submap["Issues"] = 2 265 submap["NotFalsePositive"] = 2 266 submap["Confirmed"] = 1 267 submap["NotExploitable"] = 1 268 resultMap["Low"] = submap 269 270 submap = map[string]int{} 271 submap["Issues"] = 5 272 submap["NotFalsePositive"] = 5 273 resultMap["Information"] = submap 274 275 lowPerQuery := map[string]map[string]int{} 276 submap = map[string]int{} 277 submap["Issues"] = 4 278 submap["Confirmed"] = 0 279 submap["NotExploitable"] = 0 280 lowPerQuery["Low_Query_Name_1"] = submap 281 282 submap = map[string]int{} 283 submap["Issues"] = 5 284 submap["Confirmed"] = 2 285 submap["NotExploitable"] = 3 286 lowPerQuery["Low_Query_Name_2"] = submap 287 288 resultMap["LowPerQuery"] = lowPerQuery 289 290 insecure := []string{"insecure"} 291 neutral := []string{"neutral"} 292 293 reportingData := CreateCustomReport(resultMap, insecure, neutral) 294 assert.Equal(t, "Checkmarx SAST Report", reportingData.ReportTitle) 295 assert.Equal(t, 15, len(reportingData.Subheaders)) 296 assert.Equal(t, 2, len(reportingData.Overview)) 297 298 subheaders := make(map[string]string) 299 for _, subheader := range reportingData.Subheaders { 300 subheaders[subheader.Description] = subheader.Details 301 } 302 assert.Equal(t, "Project 1", subheaders["Project name"]) 303 assert.Equal(t, "2", subheaders["Project ID"]) 304 assert.Equal(t, "admin", subheaders["Owner"]) 305 assert.Equal(t, "1000005", subheaders["Scan ID"]) 306 assert.Equal(t, "CxServer", subheaders["Team"]) 307 assert.Equal(t, "CxServer", subheaders["Team full path"]) 308 assert.Equal(t, "Sunday, December 3, 2017 4:50:34 PM", subheaders["Scan start"]) 309 assert.Equal(t, "00h:03m:18s", subheaders["Scan duration"]) 310 assert.Equal(t, "Incremental", subheaders["Scan type"]) 311 assert.Equal(t, "Checkmarx Default", subheaders["Preset"]) 312 assert.Equal(t, "Sunday, December 3, 2017 6:13:45 PM", subheaders["Report creation time"]) 313 assert.Equal(t, "6838", subheaders["Lines of code scanned"]) 314 assert.Equal(t, "34", subheaders["Files scanned"]) 315 assert.Equal(t, "8.6.0", subheaders["Checkmarx version"]) 316 assert.Equal(t, `<a href="http://WIN2K12-TEMP/CxWebClient/ViewerMain.aspx?scanid=1000005&projectid=2" target="_blank">Link to scan in CX UI</a>`, subheaders["Deep link"]) 317 318 detailRows := make(map[string]string) 319 for _, detailRow := range reportingData.DetailTable.Rows { 320 detailRows[detailRow.Columns[0].Content] = detailRow.Columns[1].Content 321 } 322 assert.Equal(t, "10", detailRows["High issues"]) 323 assert.Equal(t, "10", detailRows["High not false positive issues"]) 324 assert.Equal(t, "0", detailRows["High not exploitable issues"]) 325 assert.Equal(t, "0", detailRows["High confirmed issues"]) 326 assert.Equal(t, "0", detailRows["High urgent issues"]) 327 assert.Equal(t, "0", detailRows["High proposed not exploitable issues"]) 328 assert.Equal(t, "0", detailRows["High to verify issues"]) 329 assert.Equal(t, "4", detailRows["Medium issues"]) 330 assert.Equal(t, "0", detailRows["Medium not false positive issues"]) 331 assert.Equal(t, "0", detailRows["Medium not exploitable issues"]) 332 assert.Equal(t, "0", detailRows["Medium confirmed issues"]) 333 assert.Equal(t, "0", detailRows["Medium urgent issues"]) 334 assert.Equal(t, "0", detailRows["Medium proposed not exploitable issues"]) 335 assert.Equal(t, "0", detailRows["Medium to verify issues"]) 336 assert.Equal(t, "2", detailRows["Low issues"]) 337 assert.Equal(t, "2", detailRows["Low not false positive issues"]) 338 assert.Equal(t, "1", detailRows["Low not exploitable issues"]) 339 assert.Equal(t, "1", detailRows["Low confirmed issues"]) 340 assert.Equal(t, "0", detailRows["Low urgent issues"]) 341 assert.Equal(t, "0", detailRows["Low proposed not exploitable issues"]) 342 assert.Equal(t, "0", detailRows["Low to verify issues"]) 343 assert.Equal(t, "5", detailRows["Informational issues"]) 344 assert.Equal(t, "5", detailRows["Informational not false positive issues"]) 345 assert.Equal(t, "0", detailRows["Informational not exploitable issues"]) 346 assert.Equal(t, "0", detailRows["Informational confirmed issues"]) 347 assert.Equal(t, "0", detailRows["Informational urgent issues"]) 348 assert.Equal(t, "0", detailRows["Informational proposed not exploitable issues"]) 349 assert.Equal(t, "0", detailRows["Informational to verify issues"]) 350 }