Package com.denimgroup.threadfix.data.entities

Examples of com.denimgroup.threadfix.data.entities.GenericVulnerability


    }

    Vulnerability returnVulnerability = null;
   
    String locationVariableHash, locationHash, variableHash;
    GenericVulnerability genericVulnerability = finding.getChannelVulnerability().getGenericVulnerability();

    if (genericVulnerability == null
        || genericVulnerability.getName() == null
        || genericVulnerability.getName().trim().equals("")) {

            log.warn("No generic vulnerability was found for the Channel Vulnerability with code "
                    + finding.getChannelVulnerability().getCode());
      return null;
    }

    Vulnerability vulnerability = new Vulnerability();
    vulnerability.openVulnerability(Calendar.getInstance());
    vulnerability.setGenericVulnerability(genericVulnerability);
    vulnerability.setSurfaceLocation(finding.getSurfaceLocation());
   
    // TODO calculate some sort of threshold here and figure out whether or not we want to keep
    // the calculated url path or not.
    vulnerability.setCalculatedUrlPath(finding.getCalculatedUrlPath());
   
    if (finding.getIsStatic()) {
      vulnerability.setCalculatedFilePath(finding.getCalculatedFilePath());
    }
     
    if (finding.isMarkedFalsePositive()) {
      log.info("Creating a false positive vulnerability from a finding marked false positive.");
      vulnerability.setIsFalsePositive(finding.isMarkedFalsePositive());
    }

    String vulnName = genericVulnerability.getName();

    if (finding.getChannelSeverity() != null) {
      vulnerability.setGenericSeverity(getGenericSeverity(finding));
    }
View Full Code Here


            if (channelVulnerability == null) {
                LOG.warn("Invalid ChannelVulnerability code (" + channelVulnerabilityCode + ") submitted.");
                result = MappingCreateResult.BAD_CHANNEL_VULNERABILITY;
            } else {

                GenericVulnerability genericVulnerability =
                        genericVulnerabilityDao.retrieveByDisplayId(integerId);

                if (genericVulnerability == null) {
                    LOG.warn("Unable to find GenericVulnerability with code " + genericVulnerabilityId);
                    result = MappingCreateResult.BAD_GENERIC_VULNERABILITY_ID;
View Full Code Here

        Vulnerability vulnerability = new Vulnerability();

        vulnerability.setGenericSeverity(new GenericSeverity());
        vulnerability.getGenericSeverity().setName("Critical");

        vulnerability.setGenericVulnerability(new GenericVulnerability());
        vulnerability.getGenericVulnerability().setName("XSS");

        return list(vulnerability);
    }
View Full Code Here

            Integer integerId = IntegerUtils.getIntegerOrNull(stringId);

            // This code works because of the 1-1 correspondence of manual channel text and cwe text
            if (integerId != null) {
                GenericVulnerability genericVulnerability =
                        genericVulnerabilityDao.retrieveByDisplayId(integerId);
                if (genericVulnerability != null) {
                    cwe = integerId.toString();
                    findingMap.put(FindingKey.VULN_CODE, genericVulnerability.getName());
                }
            }
        }
View Full Code Here

        return GENERIC_VULNS_FOLDER;
    }

    private boolean isUpdateGenericVuln(int genericIdInt, String genericNewName, ChannelType manualType) {

        GenericVulnerability genericVulnerability = genericVulnerabilityDao.retrieveByDisplayId(genericIdInt);

        boolean isUpdate = genericVulnerability != null;
        String oldName = null;
        if (genericVulnerability == null) {
            LOG.info("Add new Generic Vulnerability with CWE Id " + genericIdInt);
            genericVulnerability = new GenericVulnerability();
            genericVulnerability.setCweId(genericIdInt);
        } else {
            LOG.info("Update Generic Vulnerability with Id " + genericIdInt);
            oldName = genericVulnerability.getName();
        }

        genericVulnerability.setName(genericNewName);
        genericVulnerabilityDao.saveOrUpdate(genericVulnerability);

        updateManualVuln(genericVulnerability,oldName, genericNewName, manualType);

        return isUpdate;
View Full Code Here

TOP

Related Classes of com.denimgroup.threadfix.data.entities.GenericVulnerability

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.