From d1aa3643d46413d424f99e1e4a936a16623ca55f Mon Sep 17 00:00:00 2001 From: Dave Wichers Date: Wed, 7 Aug 2024 15:44:23 -0400 Subject: [PATCH] Additional work in progress. Changed testcase expected/actual results map to use a String instead of int. For normal Benchmark scoring, the results key is the testcase number, now as a string representation of the test case number. For custom scoring, the results key is the name of the entire test case file. Still have to implement changes to each tool parser to be able to parse out either the test case number, or provide the entire filename, depending on the scoring approach. --- .../benchmarkutils/helpers/Category.java | 7 +++ library/src/main/resources/categories.xml | 2 +- .../benchmarkutils/score/BenchmarkScore.java | 23 +++++----- .../benchmarkutils/score/TestCaseResult.java | 2 +- .../score/TestSuiteResults.java | 43 ++++++++++++------- .../service/ExpectedResultsProvider.java | 9 ++-- .../score/service/ResultsFileCreator.java | 8 ++-- .../tools/CalculateToolCodeBlocksSupport.java | 16 +++---- .../score/parsers/AcunetixReaderTest.java | 8 ++-- .../score/parsers/ArachniReaderTest.java | 4 +- .../score/parsers/BearerReaderTest.java | 6 +-- .../score/parsers/BurpReaderTest.java | 4 +- .../score/parsers/CASTAIPReaderTest.java | 4 +- .../parsers/CheckmarxIASTReaderTest.java | 4 +- .../score/parsers/CheckmarxReaderTest.java | 4 +- .../score/parsers/CoverityReaderTest.java | 4 +- .../score/parsers/DatadogReaderTest.java | 8 ++-- .../score/parsers/FindbugsReaderTest.java | 8 ++-- .../score/parsers/FluidAttacksReaderTest.java | 4 +- .../score/parsers/FortifyReaderTest.java | 4 +- .../parsers/HCLAppScanIASTReaderTest.java | 4 +- .../parsers/HCLAppScanSourceReaderTest.java | 4 +- .../parsers/HCLAppScanStandardReaderTest.java | 8 ++-- .../score/parsers/HorusecReaderTest.java | 4 +- .../score/parsers/InsiderReaderTest.java | 4 +- .../score/parsers/JuliaReaderTest.java | 4 +- .../score/parsers/KiuwanReaderTest.java | 4 +- .../score/parsers/KlocworkCSVReaderTest.java | 4 +- .../score/parsers/MendReaderTest.java | 4 +- .../score/parsers/NetsparkerReaderTest.java | 4 +- .../score/parsers/ParasoftReaderTest.java | 4 +- .../score/parsers/Rapid7ReaderTest.java | 4 +- .../score/parsers/ScnrReaderTest.java | 8 ++-- .../score/parsers/SeekerReaderTest.java | 4 +- .../score/parsers/SemgrepReaderTest.java | 8 ++-- .../parsers/ShiftLeftScanReaderTest.java | 4 +- .../parsers/SonarQubeJsonReaderTest.java | 4 +- .../score/parsers/SonarQubeReaderTest.java | 4 +- .../score/parsers/ThunderScanReaderTest.java | 4 +- .../score/parsers/VeracodeReaderTest.java | 10 ++--- .../parsers/VisualCodeGrepperReaderTest.java | 4 +- .../score/parsers/W3AFReaderTest.java | 4 +- .../score/parsers/WapitiJsonReaderTest.java | 4 +- .../score/parsers/WapitiReaderTest.java | 4 +- .../score/parsers/ZapJsonReaderTest.java | 8 ++-- .../score/parsers/ZapReaderTest.java | 4 +- .../score/parsers/sarif/CodeQLReaderTest.java | 8 ++-- .../parsers/sarif/ContrastScanReaderTest.java | 4 +- .../parsers/sarif/DatadogSastReaderTest.java | 2 +- .../parsers/sarif/PrecautionReaderTest.java | 3 +- .../parsers/sarif/SemgrepSarifReaderTest.java | 8 ++-- .../score/parsers/sarif/SnykReaderTest.java | 4 +- .../service/ExpectedResultsProviderTest.java | 16 +++---- 53 files changed, 180 insertions(+), 163 deletions(-) diff --git a/library/src/main/java/org/owasp/benchmarkutils/helpers/Category.java b/library/src/main/java/org/owasp/benchmarkutils/helpers/Category.java index 52874393..812331ea 100644 --- a/library/src/main/java/org/owasp/benchmarkutils/helpers/Category.java +++ b/library/src/main/java/org/owasp/benchmarkutils/helpers/Category.java @@ -39,6 +39,13 @@ public class Category implements Comparable { */ public Category(String id, String name, int cwe, boolean isInjection, String shortname) { this.id = id; + if (name.contains("/") || name.contains("\\")) { + System.out.println( + "FATAL ERROR: CWE name from provided categories.xml file: '" + + name + + "' contains a path character, which breaks scorecard generation."); + System.exit(-1); + } this.name = name; this.CWE = cwe; this.isInjection = isInjection; diff --git a/library/src/main/resources/categories.xml b/library/src/main/resources/categories.xml index d0ea3625..bd42c0a2 100644 --- a/library/src/main/resources/categories.xml +++ b/library/src/main/resources/categories.xml @@ -106,7 +106,7 @@ reflecti - Reflection + Unsafe Reflection 470 true REFL diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/BenchmarkScore.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/BenchmarkScore.java index 50e3d068..427b36ba 100644 --- a/plugin/src/main/java/org/owasp/benchmarkutils/score/BenchmarkScore.java +++ b/plugin/src/main/java/org/owasp/benchmarkutils/score/BenchmarkScore.java @@ -575,16 +575,16 @@ private static void process( private static void printExtraCWE( TestSuiteResults expectedResults, TestSuiteResults actualResults) { Set expectedCWE = new HashSet(); - for (int i : expectedResults.keySet()) { - List list = expectedResults.get(i); + for (String testcase : expectedResults.keySet()) { + List list = expectedResults.get(testcase); for (TestCaseResult t : list) { expectedCWE.add(t.getCWE()); } } Set actualCWE = new HashSet(); - for (int i : actualResults.keySet()) { - List list = actualResults.get(i); + for (String testcase : actualResults.keySet()) { + List list = actualResults.get(testcase); if (list != null) { for (TestCaseResult t : list) { actualCWE.add(t.getCWE()); @@ -682,8 +682,8 @@ public static int translateNameToCWE(String categoryName) { private static Map calculateScores(TestSuiteResults actualResults) { Map map = new TreeMap(); - for (Integer tn : actualResults.keySet()) { - TestCaseResult tcr = actualResults.get(tn).get(0); // only one + for (String testcase : actualResults.keySet()) { + TestCaseResult tcr = actualResults.get(testcase).get(0); // only one String cat = Categories.getById(tcr.getCategory()).getName(); TP_FN_TN_FP_Counts c = map.get(cat); @@ -763,17 +763,16 @@ private static TestSuiteResults analyze( } boolean pass = false; - for (int tc : expected.keySet()) { - TestCaseResult exp = expected.get(tc).get(0); // always only one! + for (String testcase : expected.keySet()) { + TestCaseResult exp = expected.get(testcase).get(0); // always only one! List act = - rawToolResults.get(tc); // could be lots of results for this test + rawToolResults.get(testcase); // could be lots of results for this test pass = compare(exp, act, rawToolResults.getToolName()); // helpful in debugging - // System.out.println( tc + ", " + exp.getCategory() + ", " + exp.isTruePositive() + ", - // " + - // exp.getCWE() + ", " + pass + "\n"); + // System.out.println( testcase + ", " + exp.getCategory() + ", " + exp.isTruePositive() + // + "," + exp.getCWE() + ", " + pass + "\n"); // fill the result into the "expected" results in case we need it later exp.setPassed(pass); diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/TestCaseResult.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/TestCaseResult.java index c21a0f6c..b4685416 100644 --- a/plugin/src/main/java/org/owasp/benchmarkutils/score/TestCaseResult.java +++ b/plugin/src/main/java/org/owasp/benchmarkutils/score/TestCaseResult.java @@ -81,7 +81,7 @@ public void setTestCaseName(String name) { /* * The name of the test case. E.g., BenchmarkTest00001 */ - public String getName() { + public String getTestCaseName() { return testCaseName; } diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/TestSuiteResults.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/TestSuiteResults.java index 0282cb63..82b02551 100644 --- a/plugin/src/main/java/org/owasp/benchmarkutils/score/TestSuiteResults.java +++ b/plugin/src/main/java/org/owasp/benchmarkutils/score/TestSuiteResults.java @@ -48,14 +48,15 @@ public static enum ToolType { // The name and version of the test suite these test results are for private String testSuiteName = "notSet"; private String testSuiteVersion = "notSet"; + private boolean standardBenchmarkStyleScoring = true; private String toolName = "Unknown Tool"; private String toolVersion = null; private String time = "Unknown"; // Scan time. e.g., '0:17:29' public final boolean isCommercial; public final ToolType toolType; - private Map> testCaseResults = - new TreeMap>(); + private Map> testCaseResults = + new TreeMap>(); // Used to track if this tool has been anonymized private boolean anonymous = false; @@ -102,35 +103,47 @@ public boolean isCommercial() { } /** - * Add a test case result to the set of results for this tool. + * Add a test case result to the set of results for this tool or expected results file. * * @param tcr The test case result to add. */ public void put(TestCaseResult tcr) { - // This warning message is added just in case. It can be caused by a buggy parser or - // invalid results file. int testCaseNum = tcr.getNumber(); - if ((testCaseNum <= 0 || testCaseNum > 10000) - && testCaseNum != TestCaseResult.NOT_USING_TESTCASE_NUMBERS) { - System.out.println( - "WARNING: Did you really intend to add a test case result for test case: " - + testCaseNum); + String testCaseKey; + + // If we are using test case numbers, we add each result to that specific test case number + if (this.standardBenchmarkStyleScoring + && (testCaseNum != TestCaseResult.NOT_USING_TESTCASE_NUMBERS)) { + // This warning message is added just in case. It can be caused by a buggy parser or + // invalid results file. + if ((testCaseNum <= 0 || testCaseNum > 10000)) { + System.out.println( + "WARNING: Did you really intend to add a test case result for test case: " + + testCaseNum); + } + + testCaseKey = String.valueOf(testCaseNum); + } else { + // otherwise use test case names as the key, and we add each result by test case name + testCaseKey = tcr.getTestCaseName(); + this.standardBenchmarkStyleScoring = false; } // There is a list of results for each test case - List results = testCaseResults.get(testCaseNum); + List results = testCaseResults.get(testCaseKey); if (results == null) { // If there are no results yet for this test case, create a List. - // Add this list for this test case to the set of results + // Add this entry for this test case to the set of results results = new ArrayList(); - testCaseResults.put(tcr.getNumber(), results); + testCaseResults.put(testCaseKey, results); } + // Add this specific result to this test case's results results.add(tcr); } - public List get(int tn) { + public List get(String tn) { return testCaseResults.get(tn); } @@ -139,7 +152,7 @@ public List get(int tn) { * * @return The Set of Keys. */ - public Set keySet() { + public Set keySet() { return testCaseResults.keySet(); } diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/service/ExpectedResultsProvider.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/service/ExpectedResultsProvider.java index 3a31d421..c82cf995 100644 --- a/plugin/src/main/java/org/owasp/benchmarkutils/score/service/ExpectedResultsProvider.java +++ b/plugin/src/main/java/org/owasp/benchmarkutils/score/service/ExpectedResultsProvider.java @@ -49,7 +49,7 @@ public static TestSuiteResults parse(ResultFile resultFile) throws IOException { try (final CSVParser parser = resultFile.csvRecords()) { setResultsMetadata(parser, tr); - String testCaseName = tr.getTestSuiteName() + BenchmarkScore.TEST; + final String TESTCASENAME = tr.getTestSuiteName() + BenchmarkScore.TEST; for (CSVRecord record : parser) { TestCaseResult tcr = new TestCaseResult(); @@ -70,9 +70,10 @@ public static TestSuiteResults parse(ResultFile resultFile) throws IOException { } if (record.get(TEST_NAME) .trim() - .startsWith(tr.getTestSuiteName() + BenchmarkScore.TEST)) { - tcr.setNumber(testNumber(record.get(TEST_NAME).trim(), testCaseName)); - } else tcr.setNumber(TestCaseResult.NOT_USING_TESTCASE_NUMBERS); + .startsWith(tr.getTestSuiteName() + BenchmarkScore.TEST)) + tcr.setNumber(testNumber(record.get(TEST_NAME).trim(), TESTCASENAME)); + else tcr.setNumber(TestCaseResult.NOT_USING_TESTCASE_NUMBERS); + if (isExtendedResultsFile(parser)) { tcr.setSource(record.get(SOURCE).trim()); tcr.setDataFlow(record.get(DATA_FLOW).trim()); diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/service/ResultsFileCreator.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/service/ResultsFileCreator.java index a60abef8..afbd6715 100644 --- a/plugin/src/main/java/org/owasp/benchmarkutils/score/service/ResultsFileCreator.java +++ b/plugin/src/main/java/org/owasp/benchmarkutils/score/service/ResultsFileCreator.java @@ -72,7 +72,7 @@ public String createFor(TestSuiteResults actual) { } private boolean isFullDetails(TestSuiteResults actual) { - Iterator iterator = actual.keySet().iterator(); + Iterator iterator = actual.keySet().iterator(); return iterator.hasNext() && (actual.get(iterator.next()).get(0).getSource() != null); } @@ -94,12 +94,12 @@ private void writeHeader(PrintStream ps, boolean fullDetails, String testSuiteVe } private void appendRow( - PrintStream ps, TestSuiteResults actual, Integer testNumber, boolean fullDetails) { - TestCaseResult actualResult = actual.get(testNumber).get(0); + PrintStream ps, TestSuiteResults actual, String testcaseID, boolean fullDetails) { + TestCaseResult actualResult = actual.get(testcaseID).get(0); boolean isReal = actualResult.isTruePositive(); boolean passed = actualResult.isPassed(); - ps.print(actualResult.getName()); + ps.print(actualResult.getTestCaseName()); ps.print(", " + actualResult.getCategory()); ps.print(", " + actualResult.getCWE()); diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/tools/CalculateToolCodeBlocksSupport.java b/plugin/src/main/java/org/owasp/benchmarkutils/tools/CalculateToolCodeBlocksSupport.java index 1e5655b3..e6d3b1bd 100644 --- a/plugin/src/main/java/org/owasp/benchmarkutils/tools/CalculateToolCodeBlocksSupport.java +++ b/plugin/src/main/java/org/owasp/benchmarkutils/tools/CalculateToolCodeBlocksSupport.java @@ -371,9 +371,8 @@ protected void run() { // 3. Calculate which codeblocks that tool seems to support and does not support // 3a. Loop through all the results in theToolResults to calculate the initial - // statistics - // across all of them. - for (int tc : theToolResults.keySet()) { + // statistics across all of them. + for (String tc : theToolResults.keySet()) { TestCaseResult theResult = theToolResults.get(tc).get(0); // Always only one. boolean passed = theResult.isPassed(); CodeBlockSupportResults source = sourceCodeBlocksResults.get(theResult.getSource()); @@ -393,9 +392,8 @@ protected void run() { // If a TP passes, we 'assume' that all code block elements are supported // However, sources can be false positives, but the dataflow introduces - // taint, so we - // only 'know' if a source is supported if the source is also a true - // positive. + // taint, so we only 'know' if a source is supported if the source is + // also a true positive. if (source.truePositive) source.supported = true; source.numTPTestCasesPassed++; dataflow.supported = true; @@ -434,7 +432,7 @@ protected void run() { // SOURCEs/DATAFLOWs: Calculate which sources cause TPs to NOT be detected. // Loop through them all again and calculate the number of TPs for each source that // pass/fail, ignoring any failures that are caused by unsupported SINKs. - for (int tc : theToolResults.keySet()) { + for (String tc : theToolResults.keySet()) { TestCaseResult theResult = theToolResults.get(tc).get(0); // Always only one. boolean passed = theResult.isPassed(); CodeBlockSupportResults source = sourceCodeBlocksResults.get(theResult.getSource()); @@ -485,7 +483,7 @@ protected void run() { // Check Failures where the sink is 'supported' or hasn't been reported as a False // Positive and the dataflow is 'null'. boolean foundFPorFN = false; - for (int tc : theToolResults.keySet()) { + for (String tc : theToolResults.keySet()) { TestCaseResult theResult = theToolResults.get(tc).get(0); // Always only one. boolean passed = theResult.isPassed(); CodeBlockSupportResults source = sourceCodeBlocksResults.get(theResult.getSource()); @@ -592,7 +590,7 @@ protected void run() { // Print out codeblock coordinates of the rest of the False Positives, ignoring all with // sinks or sources already known to cause FPs int FPCount = 1; - for (int tc : theToolResults.keySet()) { + for (String tc : theToolResults.keySet()) { TestCaseResult theResult = theToolResults.get(tc).get(0); // Always only one. boolean passed = theResult.isPassed(); CodeBlockSupportResults source = sourceCodeBlocksResults.get(theResult.getSource()); diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/AcunetixReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/AcunetixReaderTest.java index 46bc7256..b0f22b2a 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/AcunetixReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/AcunetixReaderTest.java @@ -57,8 +57,8 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XSS, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("2").get(0).getCWE()); // For Acunetix WVS reader = new AcunetixReader(); @@ -70,7 +70,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.LDAP_INJECTION, result.get(44).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2629).get(0).getCWE()); + assertEquals(CweNumber.LDAP_INJECTION, result.get("44").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2629").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ArachniReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ArachniReaderTest.java index 9c0db6e1..67c51588 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ArachniReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ArachniReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.XSS, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XSS, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BearerReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BearerReaderTest.java index 4ed882b3..a09e1787 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BearerReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BearerReaderTest.java @@ -55,8 +55,8 @@ void readerHandlesGivenResultFileInV1_30() throws Exception { assertEquals(3, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(7).get(0).getCWE()); - assertEquals(CweNumber.WEAK_HASH_ALGO, result.get(5).get(0).getCWE()); - assertEquals(CweNumber.WEAK_CRYPTO_ALGO, result.get(35).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("7").get(0).getCWE()); + assertEquals(CweNumber.WEAK_HASH_ALGO, result.get("5").get(0).getCWE()); + assertEquals(CweNumber.WEAK_CRYPTO_ALGO, result.get("35").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BurpReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BurpReaderTest.java index 05d876ca..8fe2427f 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BurpReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/BurpReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CASTAIPReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CASTAIPReaderTest.java index 59ef8023..2ad021ab 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CASTAIPReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CASTAIPReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CheckmarxIASTReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CheckmarxIASTReaderTest.java index 7d0d02d3..1427f788 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CheckmarxIASTReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CheckmarxIASTReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CheckmarxReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CheckmarxReaderTest.java index 29b59ffd..8d456b56 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CheckmarxReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CheckmarxReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.XSS, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CoverityReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CoverityReaderTest.java index c43fdbb8..6ff05913 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CoverityReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/CoverityReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/DatadogReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/DatadogReaderTest.java index 8e632d82..9c2b9f45 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/DatadogReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/DatadogReaderTest.java @@ -55,9 +55,9 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(4, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1609).get(0).getCWE()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(2).get(0).getCWE()); - assertEquals(CweNumber.WEAK_HASH_ALGO, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.TRUST_BOUNDARY_VIOLATION, result.get(4).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1609").get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("2").get(0).getCWE()); + assertEquals(CweNumber.WEAK_HASH_ALGO, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.TRUST_BOUNDARY_VIOLATION, result.get("4").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FindbugsReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FindbugsReaderTest.java index 037ed3c0..4bdc42a5 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FindbugsReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FindbugsReaderTest.java @@ -62,8 +62,8 @@ void readerHandlesGivenFindSecBugsResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.XSS, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } @Test @@ -77,7 +77,7 @@ void readerHandlesGivenSpotBugsResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FluidAttacksReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FluidAttacksReaderTest.java index d1d33486..777b6135 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FluidAttacksReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FluidAttacksReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FortifyReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FortifyReaderTest.java index 9a5792aa..5a29c471 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FortifyReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/FortifyReaderTest.java @@ -55,7 +55,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanIASTReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanIASTReaderTest.java index 036b62e6..62146e05 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanIASTReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanIASTReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanSourceReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanSourceReaderTest.java index dd9dc104..e2b96108 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanSourceReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanSourceReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanStandardReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanStandardReaderTest.java index 27ded010..cb517146 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanStandardReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HCLAppScanStandardReaderTest.java @@ -56,9 +56,9 @@ void readerHandlesGivenV10ResultFile() throws Exception { assertEquals(4, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); - assertEquals(CweNumber.INSECURE_COOKIE, result.get(300).get(0).getCWE()); - assertEquals(CweNumber.INSECURE_COOKIE, result.get(348).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); + assertEquals(CweNumber.INSECURE_COOKIE, result.get("300").get(0).getCWE()); + assertEquals(CweNumber.INSECURE_COOKIE, result.get("348").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HorusecReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HorusecReaderTest.java index ea47b19f..b34afd33 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HorusecReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/HorusecReaderTest.java @@ -56,7 +56,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.XSS, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/InsiderReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/InsiderReaderTest.java index 9fcdf32f..eaf64262 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/InsiderReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/InsiderReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.WEAK_CRYPTO_ALGO, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.WEAK_CRYPTO_ALGO, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/JuliaReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/JuliaReaderTest.java index f2a83473..6f99f296 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/JuliaReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/JuliaReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.INSECURE_COOKIE, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.WEAK_CRYPTO_ALGO, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.INSECURE_COOKIE, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.WEAK_CRYPTO_ALGO, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/KiuwanReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/KiuwanReaderTest.java index a2a01eca..b59e8d27 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/KiuwanReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/KiuwanReaderTest.java @@ -56,7 +56,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.XSS, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/KlocworkCSVReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/KlocworkCSVReaderTest.java index 5f9f91df..b2f67753 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/KlocworkCSVReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/KlocworkCSVReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/MendReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/MendReaderTest.java index e998ee5f..42664529 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/MendReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/MendReaderTest.java @@ -55,7 +55,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/NetsparkerReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/NetsparkerReaderTest.java index 74c414b3..477df4ec 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/NetsparkerReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/NetsparkerReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.INSECURE_COOKIE, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.INSECURE_COOKIE, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ParasoftReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ParasoftReaderTest.java index 8291e45f..24b5c1b6 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ParasoftReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ParasoftReaderTest.java @@ -55,7 +55,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XSS, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/Rapid7ReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/Rapid7ReaderTest.java index 3bdcd51b..44fda6a2 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/Rapid7ReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/Rapid7ReaderTest.java @@ -56,7 +56,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ScnrReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ScnrReaderTest.java index b89883f0..c509632f 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ScnrReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ScnrReaderTest.java @@ -42,8 +42,8 @@ void readerHandlesGivenJsonResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XSS, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("2").get(0).getCWE()); } private static void assertToolData(TestSuiteResults result) { @@ -63,7 +63,7 @@ void readerHandlesGivenXmlResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SeekerReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SeekerReaderTest.java index c4904ed6..ef4a6b14 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SeekerReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SeekerReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.TRUST_BOUNDARY_VIOLATION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.TRUST_BOUNDARY_VIOLATION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SemgrepReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SemgrepReaderTest.java index 97f2537c..b832813f 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SemgrepReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SemgrepReaderTest.java @@ -63,8 +63,8 @@ void readerHandlesGivenResultFileInV65() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.INSECURE_COOKIE, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.INSECURE_COOKIE, result.get("2").get(0).getCWE()); } @Test @@ -78,7 +78,7 @@ void readerHandlesGivenResultFileInV121() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(3).get(0).getCWE()); - assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get(4).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("3").get(0).getCWE()); + assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get("4").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ShiftLeftScanReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ShiftLeftScanReaderTest.java index 55160f2c..679b997c 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ShiftLeftScanReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ShiftLeftScanReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SonarQubeJsonReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SonarQubeJsonReaderTest.java index 3824d23b..8aa8de35 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SonarQubeJsonReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SonarQubeJsonReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.WEAK_CRYPTO_ALGO, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.WEAK_CRYPTO_ALGO, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SonarQubeReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SonarQubeReaderTest.java index 2f0df0c9..a8d36fd8 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SonarQubeReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/SonarQubeReaderTest.java @@ -56,7 +56,7 @@ void readerHandlesGivenPluginResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.WEAK_RANDOM, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.WEAK_RANDOM, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ThunderScanReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ThunderScanReaderTest.java index 9bfa470d..065e83d4 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ThunderScanReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ThunderScanReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XPATH_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XPATH_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/VeracodeReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/VeracodeReaderTest.java index 618fbbaf..16a21c30 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/VeracodeReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/VeracodeReaderTest.java @@ -1,12 +1,12 @@ package org.owasp.benchmarkutils.score.parsers; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; + import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.owasp.benchmarkutils.score.*; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertTrue; - class VeracodeReaderTest extends ReaderTestBase { private ResultFile resultFile; @@ -33,7 +33,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(3, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(7).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(8).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("7").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("8").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/VisualCodeGrepperReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/VisualCodeGrepperReaderTest.java index 7b89890f..436f4be6 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/VisualCodeGrepperReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/VisualCodeGrepperReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XSS, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/W3AFReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/W3AFReaderTest.java index 5bd93ba0..df533b82 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/W3AFReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/W3AFReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.XSS, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XSS, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/WapitiJsonReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/WapitiJsonReaderTest.java index 88c0374d..14112594 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/WapitiJsonReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/WapitiJsonReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/WapitiReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/WapitiReaderTest.java index 5b0fb949..eedbf951 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/WapitiReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/WapitiReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.SQL_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ZapJsonReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ZapJsonReaderTest.java index c1fb8ebb..056e4bf8 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ZapJsonReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ZapJsonReaderTest.java @@ -62,8 +62,8 @@ void readerHandlesGivenOldFormatResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XSS, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("2").get(0).getCWE()); } @Test @@ -78,7 +78,7 @@ void readerHandlesGivenNewFormatResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.CSRF, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.CSRF, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ZapReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ZapReaderTest.java index c44fe332..b630ee56 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ZapReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/ZapReaderTest.java @@ -54,7 +54,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.XSS, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/CodeQLReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/CodeQLReaderTest.java index 66199c75..62753f8a 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/CodeQLReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/CodeQLReaderTest.java @@ -55,8 +55,8 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.XSS, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } @Test @@ -72,7 +72,7 @@ void readerHandlesAlternativeResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.XSS, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.SQL_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.SQL_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/ContrastScanReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/ContrastScanReaderTest.java index 4c21ca33..3fca82f3 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/ContrastScanReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/ContrastScanReaderTest.java @@ -58,7 +58,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.INSECURE_COOKIE, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.INSECURE_COOKIE, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/DatadogSastReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/DatadogSastReaderTest.java index 30fcf414..bcbdacf7 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/DatadogSastReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/DatadogSastReaderTest.java @@ -56,6 +56,6 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(1, result.getTotalResults()); - assertEquals(CweNumber.INSECURE_COOKIE, result.get(10).get(0).getCWE()); + assertEquals(CweNumber.INSECURE_COOKIE, result.get("10").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/PrecautionReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/PrecautionReaderTest.java index 2733c810..2b21897a 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/PrecautionReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/PrecautionReaderTest.java @@ -28,7 +28,6 @@ import org.owasp.benchmarkutils.score.TestHelper; import org.owasp.benchmarkutils.score.TestSuiteResults; import org.owasp.benchmarkutils.score.parsers.ReaderTestBase; -import org.owasp.benchmarkutils.score.parsers.sarif.PrecautionReader; class PrecautionReaderTest extends ReaderTestBase { @@ -56,6 +55,6 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals("0.5.0", result.getToolVersion()); assertEquals(1, result.getTotalResults()); - assertEquals(CweNumber.WEAK_HASH_ALGO, result.get(73).get(0).getCWE()); + assertEquals(CweNumber.WEAK_HASH_ALGO, result.get("73").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/SemgrepSarifReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/SemgrepSarifReaderTest.java index 05a68662..b522e055 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/SemgrepSarifReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/SemgrepSarifReaderTest.java @@ -58,8 +58,8 @@ void readerHandlesSemgrepOSSResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XSS, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("2").get(0).getCWE()); } @Test @@ -74,7 +74,7 @@ void readerHandlesSemgrepPROResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XSS, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.COOKIE_WITHOUT_HTTPONLY, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XSS, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/SnykReaderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/SnykReaderTest.java index 9c023742..bdf0ce48 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/SnykReaderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/parsers/sarif/SnykReaderTest.java @@ -56,7 +56,7 @@ void readerHandlesGivenResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.INSECURE_COOKIE, result.get(1).get(0).getCWE()); - assertEquals(CweNumber.XPATH_INJECTION, result.get(2).get(0).getCWE()); + assertEquals(CweNumber.INSECURE_COOKIE, result.get("1").get(0).getCWE()); + assertEquals(CweNumber.XPATH_INJECTION, result.get("2").get(0).getCWE()); } } diff --git a/plugin/src/test/java/org/owasp/benchmarkutils/score/service/ExpectedResultsProviderTest.java b/plugin/src/test/java/org/owasp/benchmarkutils/score/service/ExpectedResultsProviderTest.java index 83ef72d5..c4c4fbb1 100644 --- a/plugin/src/test/java/org/owasp/benchmarkutils/score/service/ExpectedResultsProviderTest.java +++ b/plugin/src/test/java/org/owasp/benchmarkutils/score/service/ExpectedResultsProviderTest.java @@ -47,11 +47,11 @@ void providerHandlesGivenSimpleResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(1).get(0).getCWE()); - assertNull(result.get(1).get(0).getSource()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("1").get(0).getCWE()); + assertNull(result.get("1").get(0).getSource()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(2).get(0).getCWE()); - assertNull(result.get(2).get(0).getSource()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("2").get(0).getCWE()); + assertNull(result.get("2").get(0).getSource()); } @Test @@ -63,10 +63,10 @@ void providerHandlesGivenExtendedResultFile() throws Exception { assertEquals(2, result.getTotalResults()); - assertEquals(CweNumber.PATH_TRAVERSAL, result.get(1).get(0).getCWE()); - assertEquals("RequestGetCookies.code", result.get(1).get(0).getSource()); + assertEquals(CweNumber.PATH_TRAVERSAL, result.get("1").get(0).getCWE()); + assertEquals("RequestGetCookies.code", result.get("1").get(0).getSource()); - assertEquals(CweNumber.COMMAND_INJECTION, result.get(2).get(0).getCWE()); - assertEquals("RequestGetHeader.code", result.get(2).get(0).getSource()); + assertEquals(CweNumber.COMMAND_INJECTION, result.get("2").get(0).getCWE()); + assertEquals("RequestGetHeader.code", result.get("2").get(0).getSource()); } }