Add html report exporting

admin · admin · commit 413dbb29913a · 2018-06-14T16:03:40.000+02:00
diff --git a/src/test/java/net/continuumsecurity/steps/AppScanningSteps.java b/src/test/java/net/continuumsecurity/steps/AppScanningSteps.java
@@ -100,6 +100,16 @@ public void writeXmlReport(String path) throws IOException {
         Files.write(pathToFile, xmlReport);
     }
 
+
+    @Then("the HTML report is written to the file (.*)")
+    public void writeHtmlReport(String path) throws IOException {
+        byte[] htmlReport = scanner.getHtmlReport();
+        Path pathToFile = Paths.get(path);
+        Files.createDirectories(pathToFile.getParent());
+        Files.write(pathToFile, htmlReport);
+    }
+
+
     @Given("a scanner with all policies enabled")
     public void enableAllScanners() {
         getScanner().enableAllScanners();
diff --git a/src/test/resources/features/app_scan.feature b/src/test/resources/features/app_scan.feature
@@ -184,3 +184,28 @@ Feature: Automated Application Security Scanning
       |url                    |parameter          |cweId      |wascId   |
     And the XML report is written to the file build/zap/insecure_methods.xml
     Then no Medium or higher risk vulnerabilities should be present
+
+  @sonar-report
+  Scenario: The sonar report is writting
+    And the SQL-Injection policy is enabled
+    And the Cross-Site-Scripting policy is enabled
+    And the Path-traversal policy is enabled
+    And the Remote-file-inclusion policy is enabled
+    And the Server-side-include policy is enabled
+    And the Server-side-code-injection policy is enabled
+    And the Remote-os-command-injection policy is enabled
+    And the crlf-injection policy is enabled
+    And the External-redirect policy is enabled
+    And the source-code-disclosure policy is enabled
+    And the shell-shock policy is enabled
+    And the ldap-injection policy is enabled
+    And the xpath-injection policy is enabled
+    And the xml-external-entity policy is enabled
+    And the padding-oracle policy is enabled
+    And the insecure-http-methods policy is enabled
+    And the attack strength is set to High
+    And the alert threshold is set to Low
+    When the scanner is run
+    And the following false positives are removed
+      |url                    |parameter          |cweId      |wascId   |
+    Then the HTML report is written to the file build/zap/all_reports.html
