From 024e09e33eda8e045d418a4e799fed30c7123b22 Mon Sep 17 00:00:00 2001 From: Jan Winz Date: Wed, 27 Nov 2024 10:37:27 +0100 Subject: [PATCH] PR Review suggestions #3622 --- .../zapwrapper/scan/login/JWTSupport.java | 11 +- .../login/ZapWrapperGroovyScriptExecutor.java | 2 +- .../config/ZapScanContextFactoryTest.java | 26 ++--- .../zapwrapper/scan/ZapScannerTest.java | 110 +++++++++--------- ...ZapScriptLoginSessionConfiguratorTest.java | 34 +++--- .../scan/login/ZapScriptLoginTest.java | 12 +- 6 files changed, 100 insertions(+), 95 deletions(-) diff --git a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/JWTSupport.java b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/JWTSupport.java index a35d298f4..b144f4560 100644 --- a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/JWTSupport.java +++ b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/JWTSupport.java @@ -3,18 +3,19 @@ import java.util.regex.Pattern; -public class JWTSupport { +class JWTSupport { private static final Pattern JWT_PATTERN = Pattern.compile("^[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_.+/=]*$"); /** * Performs some tests to see if the given value is a JWT. * - * @param value + * @param value a string which could represent a JWT token (look at + * https://jwt.io/ for detailed description about JWT content) * @return true if all tests pass and the value is a JWT, * false otherwise. */ - public boolean isJWT(String value) { + boolean isJWT(String value) { if (value == null) { return false; } @@ -22,6 +23,10 @@ public boolean isJWT(String value) { return false; } String[] split = value.split("\\."); + // Simple way to check it is a JWT: When looking at https://jwt.io/ we can see, + // that every JWT has the structure "eyJ${someData}.eyJ${OtherData}" so we use + // this to identify JWT. Since this is only used for data extracted from HTTP + // sessions the test should be sufficient. return split[0].startsWith("eyJ") && split[1].startsWith("eyJ"); } } diff --git a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapWrapperGroovyScriptExecutor.java b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapWrapperGroovyScriptExecutor.java index cd89f5071..3eb49de14 100644 --- a/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapWrapperGroovyScriptExecutor.java +++ b/sechub-wrapper-owasp-zap/src/main/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapWrapperGroovyScriptExecutor.java @@ -65,7 +65,7 @@ public ScriptLoginResult executeScript(File scriptFile, ZapScanContext scanConte LOG.info("Execute groovy login script."); scriptEngine.eval(script, bindings); - LOG.info("Execution successful, perparing login result with session data."); + LOG.info("Execution successful, preparing login result with session data."); loginResult.setSessionCookies(firefox.manage().getCookies()); loginResult.setSessionStorage(retrieveStorage(firefox, SESSION_STORAGE)); loginResult.setLocalStorage(retrieveStorage(firefox, LOCAL_STORAGE)); diff --git a/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/config/ZapScanContextFactoryTest.java b/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/config/ZapScanContextFactoryTest.java index a5f4ef3f3..cd1701f58 100644 --- a/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/config/ZapScanContextFactoryTest.java +++ b/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/config/ZapScanContextFactoryTest.java @@ -159,15 +159,15 @@ void result_contains_server_config_with_arguments_from_environment_when_command_ ZapScanContext result = factoryToTest.create(settings); /* test */ - verify(envVariableReader, times(1)).readAsInt(ZAP_PORT_ENV_VARIABLE_NAME); - verify(envVariableReader, times(1)).readAsString(ZAP_HOST_ENV_VARIABLE_NAME); - verify(envVariableReader, times(1)).readAsString(ZAP_API_KEY_ENV_VARIABLE_NAME); + verify(envVariableReader).readAsInt(ZAP_PORT_ENV_VARIABLE_NAME); + verify(envVariableReader).readAsString(ZAP_HOST_ENV_VARIABLE_NAME); + verify(envVariableReader).readAsString(ZAP_API_KEY_ENV_VARIABLE_NAME); - verify(envVariableReader, times(1)).readAsString(PROXY_HOST_ENV_VARIABLE_NAME); - verify(envVariableReader, times(1)).readAsInt(PROXY_PORT_ENV_VARIABLE_NAME); - verify(envVariableReader, times(1)).readAsString(PROXY_REALM_ENV_VARIABLE_NAME); - verify(envVariableReader, times(1)).readAsString(PROXY_USERNAME_ENV_VARIABLE_NAME); - verify(envVariableReader, times(1)).readAsString(PROXY_PASSWORD_ENV_VARIABLE_NAME); + verify(envVariableReader).readAsString(PROXY_HOST_ENV_VARIABLE_NAME); + verify(envVariableReader).readAsInt(PROXY_PORT_ENV_VARIABLE_NAME); + verify(envVariableReader).readAsString(PROXY_REALM_ENV_VARIABLE_NAME); + verify(envVariableReader).readAsString(PROXY_USERNAME_ENV_VARIABLE_NAME); + verify(envVariableReader).readAsString(PROXY_PASSWORD_ENV_VARIABLE_NAME); ZapServerConfiguration serverConfig = result.getServerConfig(); assertNotNull(serverConfig); @@ -330,7 +330,7 @@ void fullruleset_returned_by_provider_is_in_result() { ZapFullRuleset fullRuleset = result.getFullRuleset(); /* test */ - verify(ruleProvider, times(1)).fetchFullRuleset(any()); + verify(ruleProvider).fetchFullRuleset(any()); assertNotNull(fullRuleset); assertNotNull(fullRuleset.getRules()); assertEquals("https://www.zaproxy.org/docs/alerts/", fullRuleset.getOrigin()); @@ -349,7 +349,7 @@ void rules_to_deactivate_returned_by_provider_is_inside_result() { DeactivatedRuleReferences deactivatedRuleReferences = result.getDeactivatedRuleReferences(); /* test */ - verify(ruleProvider, times(1)).fetchDeactivatedRuleReferences(any()); + verify(ruleProvider).fetchDeactivatedRuleReferences(any()); assertNotNull(deactivatedRuleReferences); assertNotNull(deactivatedRuleReferences.getDeactivatedRuleReferences()); assertEquals(2, deactivatedRuleReferences.getDeactivatedRuleReferences().size()); @@ -419,7 +419,7 @@ void rules_to_deactivate_returned_by_command_line_is_null_environment_varibale_r factoryToTest.create(settings); /* test */ - verify(envVariableReader, times(1)).readAsString(ZAP_DEACTIVATED_RULE_REFERENCES); + verify(envVariableReader).readAsString(ZAP_DEACTIVATED_RULE_REFERENCES); } @Test @@ -573,7 +573,7 @@ void no_template_data_results_in_no_template_data_set() { ZapScanContext result = factoryToTest.create(settings); /* test */ - verify(envVariableReader, times(1)).readAsString(ZAP_GROOVY_LOGIN_SCRIPT_FILE); + verify(envVariableReader).readAsString(ZAP_GROOVY_LOGIN_SCRIPT_FILE); assertNull(result.getGroovyScriptLoginFile()); } @@ -609,7 +609,7 @@ void cmd_param_not_set_results_in_environment_variable_reader_being_called_as_fa ZapScanContext result = factoryToTest.create(settings); /* test */ - verify(envVariableReader, times(1)).readAsString(ZAP_GROOVY_LOGIN_SCRIPT_FILE); + verify(envVariableReader).readAsString(ZAP_GROOVY_LOGIN_SCRIPT_FILE); assertEquals(groovyScriptFile, result.getGroovyScriptLoginFile().getName()); } diff --git a/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/ZapScannerTest.java b/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/ZapScannerTest.java index e4260a048..03b48e266 100644 --- a/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/ZapScannerTest.java +++ b/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/ZapScannerTest.java @@ -117,11 +117,11 @@ void setup_standard_configuration_results_in_expected_calls() throws ClientApiEx scannerToTest.setupStandardConfiguration(); /* test */ - verify(clientApiWrapper, times(1)).createNewSession(scanContext.getContextName(), true); - verify(clientApiWrapper, times(1)).setMaximumAlertsForEachRuleToUnlimited(); - verify(clientApiWrapper, times(1)).enableAllPassiveScannerRules(); - verify(clientApiWrapper, times(1)).enableAllActiveScannerRulesForDefaultPolicy(); - verify(clientApiWrapper, times(1)).setAjaxSpiderBrowserId(BROWSER_ID); + verify(clientApiWrapper).createNewSession(scanContext.getContextName(), true); + verify(clientApiWrapper).setMaximumAlertsForEachRuleToUnlimited(); + verify(clientApiWrapper).enableAllPassiveScannerRules(); + verify(clientApiWrapper).enableAllActiveScannerRulesForDefaultPolicy(); + verify(clientApiWrapper).setAjaxSpiderBrowserId(BROWSER_ID); } @Test @@ -161,7 +161,7 @@ void deactivate_rules_results_in_rules_are_deactivated() throws ClientApiExcepti scannerToTest.deactivateRules(ruleSet, deactivatedReferences); /* test */ - verify(clientApiWrapper, times(1)).disablePassiveScannerRule(any()); + verify(clientApiWrapper).disablePassiveScannerRule(any()); verify(clientApiWrapper, times(2)).disableActiveScannerRuleForDefaultPolicy(any()); } @@ -175,7 +175,7 @@ void setup_addtional_proxy_information_with_proxy_information_null_results_in_pr scannerToTest.setupAdditonalProxyConfiguration(null); /* test */ - verify(clientApiWrapper, times(1)).setHttpProxyEnabled(false); + verify(clientApiWrapper).setHttpProxyEnabled(false); } @Test @@ -193,9 +193,9 @@ void setup_addtional_proxy_information_results_in_proxy_enabled() throws ClientA scannerToTest.setupAdditonalProxyConfiguration(proxyInformation); /* test */ - verify(clientApiWrapper, times(1)).configureHttpProxy(proxyInformation); - verify(clientApiWrapper, times(1)).setHttpProxyEnabled(true); - verify(clientApiWrapper, times(1)).setHttpProxyAuthEnabled(false); + verify(clientApiWrapper).configureHttpProxy(proxyInformation); + verify(clientApiWrapper).setHttpProxyEnabled(true); + verify(clientApiWrapper).setHttpProxyAuthEnabled(false); } @Test @@ -210,7 +210,7 @@ void create_context_results_in_expected_calls() throws ClientApiException { /* test */ assertEquals(expectedContextId, contextId); verify(scanContext, times(2)).getContextName(); - verify(clientApiWrapper, times(1)).createNewContext(CONTEXT_NAME); + verify(clientApiWrapper).createNewContext(CONTEXT_NAME); } @Test @@ -318,8 +318,8 @@ void add_replacer_rules_for_headers_with_data_section_results_add_replacer_rule_ scannerToTest.addReplacerRulesForHeaders(); /* test */ - verify(clientApiWrapper, times(1)).addReplacerRule("Key", true, "REQ_HEADER", false, "Key", "header-token", null, null); - verify(clientApiWrapper, times(1)).addReplacerRule("Other", true, "REQ_HEADER", false, "Other", "token", null, null); + verify(clientApiWrapper).addReplacerRule("Key", true, "REQ_HEADER", false, "Key", "header-token", null, null); + verify(clientApiWrapper).addReplacerRule("Other", true, "REQ_HEADER", false, "Other", "token", null, null); } @ParameterizedTest @@ -397,7 +397,7 @@ void import_openapi_file_api_support_is_called_once(String sechubConfigFile) thr scannerToTest.loadApiDefinitions(contextId); /* test */ - verify(clientApiWrapper, times(1)).importOpenApiFile(any(), any(), anyInt()); + verify(clientApiWrapper).importOpenApiFile(any(), any(), anyInt()); } @ParameterizedTest @@ -417,7 +417,7 @@ void import_openapi_defintion_from_url_api_support_is_called_once(String sechubC /* test */ verify(clientApiWrapper, never()).importOpenApiFile(any(), any(), anyInt()); - verify(clientApiWrapper, times(1)).importOpenApiDefintionFromUrl(any(), any(), anyInt()); + verify(clientApiWrapper).importOpenApiDefintionFromUrl(any(), any(), anyInt()); } @ParameterizedTest @@ -440,8 +440,8 @@ void import_openapi_from_file_and_from_url_api_support_is_called_once(String sec scannerToTest.loadApiDefinitions(contextId); /* test */ - verify(clientApiWrapper, times(1)).importOpenApiFile(any(), any(), anyInt()); - verify(clientApiWrapper, times(1)).importOpenApiDefintionFromUrl(any(), any(), anyInt()); + verify(clientApiWrapper).importOpenApiFile(any(), any(), anyInt()); + verify(clientApiWrapper).importOpenApiDefintionFromUrl(any(), any(), anyInt()); } @Test @@ -516,7 +516,7 @@ void import_client_certificate_file_api_support_is_called_once() throws ClientAp scannerToTest.importClientCertificate(); /* test */ - verify(clientApiWrapper, times(1)).importPkcs12ClientCertificate(any(), any()); + verify(clientApiWrapper).importPkcs12ClientCertificate(any(), any()); } @Test @@ -549,7 +549,7 @@ void import_client_certificate_file_but_without_password_api_support_is_called_o scannerToTest.importClientCertificate(); /* test */ - verify(clientApiWrapper, times(1)).importPkcs12ClientCertificate(any(), any()); + verify(clientApiWrapper).importPkcs12ClientCertificate(any(), any()); } @ParameterizedTest @@ -603,12 +603,12 @@ void configure_login_inside_zap_using_basic_auth_results_in_expected_calls() thr verify(scanContext, times(2)).getTargetUrl(); - verify(clientApiWrapper, times(1)).setAuthenticationMethod(eq(contextId), eq(zapAuthenticationMethod), any()); - verify(clientApiWrapper, times(1)).setSessionManagementMethod(eq(contextId), eq(zapSessionManagementMethod), any()); - verify(clientApiWrapper, times(1)).createNewUser(contextId, userName); - verify(clientApiWrapper, times(1)).configureAuthenticationCredentials(eq(contextId), eq(userId), any()); - verify(clientApiWrapper, times(1)).setForcedUser(contextId, userId); - verify(clientApiWrapper, times(1)).setForcedUserModeEnabled(true); + verify(clientApiWrapper).setAuthenticationMethod(eq(contextId), eq(zapAuthenticationMethod), any()); + verify(clientApiWrapper).setSessionManagementMethod(eq(contextId), eq(zapSessionManagementMethod), any()); + verify(clientApiWrapper).createNewUser(contextId, userName); + verify(clientApiWrapper).configureAuthenticationCredentials(eq(contextId), eq(userId), any()); + verify(clientApiWrapper).setForcedUser(contextId, userId); + verify(clientApiWrapper).setForcedUserModeEnabled(true); } @Test @@ -645,7 +645,7 @@ void configure_login_inside_zap_using_script_auth_without_script_file_results_in /* test */ assertNull(userInformation); verify(scriptLogin, never()).login(scanContext, clientApiWrapper); - verify(scanContext, times(1)).getGroovyScriptLoginFile(); + verify(scanContext).getGroovyScriptLoginFile(); } @Test @@ -682,15 +682,15 @@ void configure_login_inside_zap_using_script_auth_with_existing_script_file_resu assertEquals(userName, userInformation.userName()); assertEquals(userId, userInformation.zapuserId()); - verify(scriptLogin, times(1)).login(scanContext, clientApiWrapper); - verify(scanContext, times(1)).getGroovyScriptLoginFile(); + verify(scriptLogin).login(scanContext, clientApiWrapper); + verify(scanContext).getGroovyScriptLoginFile(); - verify(clientApiWrapper, times(1)).setManualAuthenticationMethod(contextId); - verify(clientApiWrapper, times(1)).setCookieBasedSessionManagementMethod(contextId); - verify(clientApiWrapper, times(1)).createNewUser(contextId, userName); - verify(clientApiWrapper, times(1)).configureAuthenticationCredentials(eq(contextId), eq(userId), any()); - verify(clientApiWrapper, times(1)).setForcedUser(contextId, userId); - verify(clientApiWrapper, times(1)).setForcedUserModeEnabled(true); + verify(clientApiWrapper).setManualAuthenticationMethod(contextId); + verify(clientApiWrapper).setCookieBasedSessionManagementMethod(contextId); + verify(clientApiWrapper).createNewUser(contextId, userName); + verify(clientApiWrapper).configureAuthenticationCredentials(eq(contextId), eq(userId), any()); + verify(clientApiWrapper).setForcedUser(contextId, userId); + verify(clientApiWrapper).setForcedUserModeEnabled(true); } @Test @@ -706,7 +706,7 @@ void generate_report_calls_api_support_once() throws ClientApiException { scannerToTest.generateZapReport(); /* test */ - verify(clientApiWrapper, times(1)).generateReport(any(), any(), any(), any(), any(), any(), any(), any(), + verify(clientApiWrapper).generateReport(any(), any(), any(), any(), any(), any(), any(), any(), any(), any(), any(), any(), any()); } @@ -721,8 +721,8 @@ void cleanup_after_scan() throws ClientApiException { scannerToTest.cleanUp(); /* test */ - verify(clientApiWrapper, times(1)).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME); - verify(scriptLogin, times(1)).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper); + verify(clientApiWrapper).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME); + verify(scriptLogin).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper); } @ParameterizedTest @@ -739,9 +739,9 @@ void cleanup_after_scan_without_onylForUrls_headers_set_cleans_up_all_replacer_r /* test */ int times = sechubWebScanConfig.getHeaders().get().size(); - verify(clientApiWrapper, times(1)).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME); + verify(clientApiWrapper).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME); verify(clientApiWrapper, times(times + 1)).removeReplacerRule(any()); - verify(scriptLogin, times(1)).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper); + verify(scriptLogin).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper); } @ParameterizedTest @@ -764,9 +764,9 @@ void cleanup_after_scan_with_onylForUrls_headers_set_cleans_up_all_replacer_rule times += header.getOnlyForUrls().get().size() - 1; } } - verify(clientApiWrapper, times(1)).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME); + verify(clientApiWrapper).removeReplacerRule(ZapScanner.X_SECHUB_DAST_HEADER_NAME); verify(clientApiWrapper, times(times + 1)).removeReplacerRule(any()); - verify(scriptLogin, times(1)).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper); + verify(scriptLogin).cleanUpScriptLoginData(scanContext.getTargetUrlAsString(), clientApiWrapper); } @Test @@ -786,7 +786,7 @@ void wait_for_ajaxSpider_scan_is_cancelled_results_in_exception_with_dedicated_e /* test */ assertEquals(ZapWrapperExitCode.SCAN_JOB_CANCELLED, exception.getExitCode()); verify(zapPDSEventHandler, times(2)).isScanCancelled(); - verify(clientApiWrapper, times(1)).stopAjaxSpider(); + verify(clientApiWrapper).stopAjaxSpider(); } @Test @@ -802,7 +802,7 @@ void wait_for_ajaxSpider_scan_ended_results_in_expected_calls() throws ClientApi /* test */ verify(clientApiWrapper, times(2)).getAjaxSpiderStatus(); - verify(clientApiWrapper, times(1)).stopAjaxSpider(); + verify(clientApiWrapper).stopAjaxSpider(); } @Test @@ -822,7 +822,7 @@ void wait_for_spider_scan_is_cancelled_results_in_exception_with_dedicated_exit_ /* test */ assertEquals(ZapWrapperExitCode.SCAN_JOB_CANCELLED, exception.getExitCode()); verify(zapPDSEventHandler, times(2)).isScanCancelled(); - verify(clientApiWrapper, times(1)).stopSpiderScan(scanId); + verify(clientApiWrapper).stopSpiderScan(scanId); } @Test @@ -858,7 +858,7 @@ void wait_for_passiveScan_scan_is_ended_results_in_expected_calls() throws Clien scannerToTest.runAndWaitForPassiveScan(); /* test */ - verify(clientApiWrapper, times(1)).getNumberOfPassiveScannerRecordsToScan(); + verify(clientApiWrapper).getNumberOfPassiveScannerRecordsToScan(); } @Test @@ -880,7 +880,7 @@ void wait_for_activeScan_scan_is_cancelled_results_in_exception_with_dedicated_e assertEquals(ZapWrapperExitCode.SCAN_JOB_CANCELLED, exception.getExitCode()); verify(zapPDSEventHandler, times(2)).isScanCancelled(); verify(clientApiWrapper, never()).getActiveScannerStatusForScan(scanId); - verify(clientApiWrapper, times(1)).stopActiveScan(scanId); + verify(clientApiWrapper).stopActiveScan(scanId); } @Test @@ -897,7 +897,7 @@ void wait_for_activeScan_scan_is_ended_results_in_expected_calls() throws Client /* test */ verify(clientApiWrapper, atLeast(1)).getActiveScannerStatusForScan(scanId); - verify(clientApiWrapper, times(1)).stopActiveScan(scanId); + verify(clientApiWrapper).stopActiveScan(scanId); } @Test @@ -913,7 +913,7 @@ void run_ajaxSpider_scan_ended_results_in_expected_calls() throws ClientApiExcep /* test */ verify(clientApiWrapper, times(2)).getAjaxSpiderStatus(); - verify(clientApiWrapper, times(1)).stopAjaxSpider(); + verify(clientApiWrapper).stopAjaxSpider(); } @Test @@ -934,11 +934,11 @@ void run_spider_scan_ended_results_in_expected_calls() throws ClientApiException scannerToTest.runAndWaitForSpider(); /* test */ - verify(scanContext, times(1)).getZapProductMessageHelper(); + verify(scanContext).getZapProductMessageHelper(); verify(clientApiWrapper, times(2)).getSpiderStatusForScan(scanId); - verify(clientApiWrapper, times(1)).stopSpiderScan(scanId); - verify(clientApiWrapper, times(1)).logFullSpiderResults(scanId); - verify(clientApiWrapper, times(1)).startSpiderScan(any(), any(), anyBoolean(), any(), anyBoolean()); + verify(clientApiWrapper).stopSpiderScan(scanId); + verify(clientApiWrapper).logFullSpiderResults(scanId); + verify(clientApiWrapper).startSpiderScan(any(), any(), anyBoolean(), any(), anyBoolean()); } @Test @@ -956,9 +956,9 @@ void run_activeScan_scan_is_ended_results_in_expected_calls() throws ClientApiEx scannerToTest.runAndWaitActiveScan(scanId); /* test */ - verify(clientApiWrapper, times(1)).getActiveScannerStatusForScan(scanId); - verify(clientApiWrapper, times(1)).stopActiveScan(scanId); - verify(clientApiWrapper, times(1)).startActiveScan(any(), anyBoolean(), anyBoolean(), any(), any(), any(), anyInt()); + verify(clientApiWrapper).getActiveScannerStatusForScan(scanId); + verify(clientApiWrapper).stopActiveScan(scanId); + verify(clientApiWrapper).startActiveScan(any(), anyBoolean(), anyBoolean(), any(), any(), any(), anyInt()); } static Stream headerPartWithoutOnlyForUrlsTestNamedArguments() { diff --git a/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfiguratorTest.java b/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfiguratorTest.java index 39796f414..6b3ba3d8e 100644 --- a/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfiguratorTest.java +++ b/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginSessionConfiguratorTest.java @@ -66,16 +66,16 @@ void one_cookie_and_one_jwt_results_in_each_mock_called_once() throws ClientApiE sessionConfiguratorToTest.passSessionDataToZAP(loginResult, TARGET_URL, clientApiWrapper); /* test */ - verify(clientApiWrapper, times(1)).removeHTTPSession(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).removeHTTPSessionToken(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).removeReplacerRule(any()); - verify(clientApiWrapper, times(1)).addHTTPSessionToken(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).createEmptyHTTPSession(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).setHTTPSessionTokenValue(eq(TARGET_URL), any(), eq(cookie.getName()), eq(cookie.getValue())); - verify(clientApiWrapper, times(1)).setActiveHTTPSession(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).addReplacerRule(any(), anyBoolean(), any(), anyBoolean(), any(), any(), any(), any()); - - verify(clientApiWrapper, times(1)).accessUrlViaZap(TARGET_URL, FOLLOW_REDIRECTS); + verify(clientApiWrapper).removeHTTPSession(eq(TARGET_URL), any()); + verify(clientApiWrapper).removeHTTPSessionToken(eq(TARGET_URL), any()); + verify(clientApiWrapper).removeReplacerRule(any()); + verify(clientApiWrapper).addHTTPSessionToken(eq(TARGET_URL), any()); + verify(clientApiWrapper).createEmptyHTTPSession(eq(TARGET_URL), any()); + verify(clientApiWrapper).setHTTPSessionTokenValue(eq(TARGET_URL), any(), eq(cookie.getName()), eq(cookie.getValue())); + verify(clientApiWrapper).setActiveHTTPSession(eq(TARGET_URL), any()); + verify(clientApiWrapper).addReplacerRule(any(), anyBoolean(), any(), anyBoolean(), any(), any(), any(), any()); + + verify(clientApiWrapper).accessUrlViaZap(TARGET_URL, FOLLOW_REDIRECTS); } @Test @@ -97,14 +97,14 @@ void no_cookie_and_no_jwt_results_clienapiwrapper_not_adding_replacer_rule() thr // no cookie can be added verify(clientApiWrapper, never()).setHTTPSessionTokenValue(eq(TARGET_URL), any(), any(), any()); - verify(clientApiWrapper, times(1)).removeHTTPSession(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).removeHTTPSessionToken(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).removeReplacerRule(any()); - verify(clientApiWrapper, times(1)).addHTTPSessionToken(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).createEmptyHTTPSession(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).setActiveHTTPSession(eq(TARGET_URL), any()); + verify(clientApiWrapper).removeHTTPSession(eq(TARGET_URL), any()); + verify(clientApiWrapper).removeHTTPSessionToken(eq(TARGET_URL), any()); + verify(clientApiWrapper).removeReplacerRule(any()); + verify(clientApiWrapper).addHTTPSessionToken(eq(TARGET_URL), any()); + verify(clientApiWrapper).createEmptyHTTPSession(eq(TARGET_URL), any()); + verify(clientApiWrapper).setActiveHTTPSession(eq(TARGET_URL), any()); - verify(clientApiWrapper, times(1)).accessUrlViaZap(TARGET_URL, FOLLOW_REDIRECTS); + verify(clientApiWrapper).accessUrlViaZap(TARGET_URL, FOLLOW_REDIRECTS); } @Test diff --git a/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginTest.java b/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginTest.java index 84934feab..0cc45dbc3 100644 --- a/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginTest.java +++ b/sechub-wrapper-owasp-zap/src/test/java/com/mercedesbenz/sechub/zapwrapper/scan/login/ZapScriptLoginTest.java @@ -53,8 +53,8 @@ void script_login_execution_is_perfomed_as_expected() throws Exception { scriptLoginToTest.login(scanContext, clientApiWrapper); /* test */ - verify(groovyScriptExecutor, times(1)).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext); - verify(sessionConfigurator, times(1)).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper); + verify(groovyScriptExecutor).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext); + verify(sessionConfigurator).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper); } @Test @@ -71,7 +71,7 @@ void script_can_not_be_read_results_in_firefox_closed_and_session_configurator_n assertThrows(ZapWrapperRuntimeException.class, () -> scriptLoginToTest.login(scanContext, clientApiWrapper)); /* test */ - verify(groovyScriptExecutor, times(1)).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext); + verify(groovyScriptExecutor).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext); verify(sessionConfigurator, never()).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper); } @@ -89,7 +89,7 @@ void script_login_execution_fails_results_in_firefox_closed_and_session_configur assertThrows(ZapWrapperRuntimeException.class, () -> scriptLoginToTest.login(scanContext, clientApiWrapper)); /* test */ - verify(groovyScriptExecutor, times(1)).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext); + verify(groovyScriptExecutor).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext); verify(sessionConfigurator, never()).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper); } @@ -106,8 +106,8 @@ void session_configurator_fails_results_in_excpetion_thrown() throws Exception { assertThrows(ZapWrapperRuntimeException.class, () -> scriptLoginToTest.login(scanContext, clientApiWrapper)); /* test */ - verify(groovyScriptExecutor, times(1)).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext); - verify(sessionConfigurator, times(1)).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper); + verify(groovyScriptExecutor).executeScript(scanContext.getGroovyScriptLoginFile(), scanContext); + verify(sessionConfigurator).passSessionDataToZAP(loginResult, scanContext.getTargetUrlAsString(), clientApiWrapper); } private ZapScanContext createValidZapScanContext() throws MalformedURLException, URISyntaxException {