コード例 #1
0
 def test_parser(self):
     parser = SonarQubeApiImporter()
     findings = parser.get_findings(None, self.test)
     self.assertEqual(2, len(findings))
     finding = findings[0]
     self.assertEqual('Remove this useless assignment to local variable "currentValue".', finding.title)
     self.assertEqual(None, finding.cwe)
     self.assertEqual('', finding.description)
     self.assertEqual('', finding.references)
     self.assertEqual('Medium', finding.severity)
     self.assertEqual(242, finding.line)
     self.assertEqual('internal.dummy.project:src/main/javascript/TranslateDirective.ts', finding.file_path)
コード例 #2
0
 def test_parser(self):
     parser = SonarQubeApiImporter()
     findings = parser.get_findings(None, self.test)
     self.assertEqual(
         findings[0].title,
         '"password" detected here, make sure this is not a hard-coded credential.'
     )
     self.assertEqual(findings[0].cwe, 798)
     self.assertMultiLineEqual(
         '**Ask Yourself Whether**'
         '\n\n  '
         '* Credentials allows access to a sensitive component like a database, a file storage, an API or a service. '
         '\n  '
         '* Credentials are used in production environments. '
         '\n  '
         '* Application re-distribution is required before updating the credentials. '
         '\n\n'
         'There is a risk if you answered yes to any of those questions.'
         '\n\n', findings[0].description)
     self.assertEqual(str(findings[0].severity), 'Info')
     self.assertMultiLineEqual(
         '[CVE-2019-13466](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13466)'
         '\n'
         '[CVE-2018-15389](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15389)'
         '\n'
         '[OWASP Top 10 2017 Category A2](https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication)'
         '\n'
         '[MITRE, CWE-798](http://cwe.mitre.org/data/definitions/798)'
         '\n'
         '[MITRE, CWE-259](http://cwe.mitre.org/data/definitions/259)'
         '\n'
         '[CERT, MSC03-J.](https://wiki.sei.cmu.edu/confluence/x/OjdGBQ)'
         '\n'
         '[SANS Top 25](https://www.sans.org/top25-software-errors/#cat3)'
         '\n'
         '[Hard Coded Password](http://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD)'
         '\n', findings[0].references)
     self.assertEqual(
         str(findings[0].file_path),
         'internal.dummy.project:spec/support/user_fixture.rb')
     self.assertEqual(findings[0].line, 9)
     self.assertEqual(findings[0].active, True)
     self.assertEqual(findings[0].verified, False)
     self.assertEqual(findings[0].false_p, False)
     self.assertEqual(findings[0].duplicate, False)
     self.assertEqual(findings[0].out_of_scope, False)
     self.assertEqual(findings[0].static_finding, True)
     self.assertEqual(findings[0].scanner_confidence, 1)
     self.assertEqual(str(findings[0].sonarqube_issue),
                      'AXgm6Z-ophPPY0C1qhRq')
コード例 #3
0
 def test_parse_file_with_one_cwe_and_one_no_cwe_vulns(self):
     parser = SonarQubeApiImporter()
     findings = parser.get_findings(None, self.test)
     self.assertEqual(2, len(findings))
コード例 #4
0
 def test_parser(self):
     parser = SonarQubeApiImporter()
     findings = parser.get_findings(None, self.test)
     self.assertEqual(2, len(findings))