search

mercedes-benz / sechub

SecHub provides a central API to test software with different security tools.
https://mercedes-benz.github.io/sechub/
MIT License
259 stars 58 forks source link

Improve remote Data validator #3133

Closed lorriborri closed 1 month ago

lorriborri commented 1 month ago

Situation

  1. The Sechub model validator allows multiple remote sections that can be configured and remote and file system can be configured both at once.

  2. The sechub validator does not check the remote data section for correct configuration.

Wanted

  1. Check only one configuration
    • When using a remote data section it is only possible to define ONE binary or ONE source definition. Means also: It is only possible to define ONE remote data section (see example 1 for wrong configuration).
  1. Check if remote configuration is correct
    • make sure location is not null or blank

Details

example 1: duplicated remote sources (forbidden)

{
  "apiVersion": "1.0",
  "data": {
    "sources": [
      {
        "name": "remote_example_name",
        "remote": {
          "location": "remote_example_location",
          "type": "git",
          "credentials": {
            "user": {
              "name": "my-example-user",
              "password": "my-example-password"
            }
          }
        }
      },
      {
       "name": "remote_example_name_two",
       "remote": {
         "location": "remote_example_location",
         "type": "some-other-type",
         "credentials": {
           "user": {
             "name": "my-example-user",
             "password": "my-example-password"
           }
         }
       }
      }
    ]
  },
  "codeScan": {
    "use": [
      "remote_example_name"
    ]
  }
}

example 2: mix remote and file system (forbidden)

{
  "apiVersion": "1.0",
  "data": {
    "sources": [
      {
        "name": "remote_example_name",
        "remote": {
          "location": "remote_example_location",
          "type": "git",
          "credentials": {
            "user": {
              "name": "my-example-user",
              "password": "my-example-password"
            }
          }
        }
      },
      {
      "name": "filesystem_example",
        "fileSystem" : {
          "folders" : [ "myProject/build" ]
        }
      }
    ]
  },
  "codeScan": {
    "use": [
      "remote_example_name"
    ]
  }
}

Solution

Implement Validation in SechubConfigurationModelValidator