Closed de-jcup closed 4 years ago
Following changes will happen:
productResultLink
The visibility /occurance of this field shall be configurable. At a first start we switch it globally
by spring value {sechub.feature.showProductResultLink:false}
The output shall be in future for code scans:
{
"jobUUID": "41460d02-08bd-4bf3-b3fa-adce7bb49b6b",
"result": {
"count": 0,
"findings": [
{
"id": 1,
"name": "Reflected XSS All Clients",
"severity": "HIGH",
"code": {
"location" : "com/daimler/sechub/domain/scan/HTMLScanResultReportModelBuilder.java",
"line" : 116,
"column" : 29,
"source" : " while ((line=br.readLine())!=null) {",
"calls": {
"location" : "com/daimler/sechub/domain/scan/HTMLScanResultReportModelBuilder.java",
"line" : 216,
"column" : 31,
"source" : " xyz",
"calls": {
"location" : -1,
"line" : -1,
"source" : "..."
}
}
},
"productResultLink" : "https://defvm1676.intranet.example.org/CxWebClient/ViewerMain.aspx?scanid=1000769&projectid=227441&pathid=163"
}
]
},
"trafficLight": "RED"
}
Thymeleaf template must be changed, so we use code meta information for rendering (when available) - fallback to description, because webscan and infrascan will still return their description fields
Formerly:
Now :
The relevant part of source should be contained in HTML and in JSON data as well.
Added relevant parts now html and json report:
At https://github.com/Daimler/sechub/blob/develop/sechub-other/examples/sechub-reports/codescan-checkmarx-one-yellow-finding-result-beautified.json there is the beautified JSON output for last picture.
https://github.com/Daimler/sechub/blob/develop/sechub-other/examples/sechub-reports/codescan-checkmarx-one-yellow-finding-result.json is the origin example output.
Be aware: We have changed the JSON output handling for null values: We show now no longer any results containing null - reduces file size and increases readability.
If you parse JSON
output you should be aware, that a field containing null
, will be no longer available - so please check if element exists...
Currently we got output as following description inside JSON and HTML reports:
<br>Location:com/daimler/sechub/sharedkernel/util/ZipSupport.java - line:17, column:5\n<br>For details look at <a href='https://defvm1676.intranet.example.org/CxWebClient/ViewerMain.aspx?scanid=1000866&projectid=227441&pathid=167'>Full result</a>
This is cumbersome to read - also html parts should be only inside a html report and nowhere else...