Package com.denimgroup.threadfix.data.entities

Examples of com.denimgroup.threadfix.data.entities.GenericVulnerability

63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
    }

    Vulnerability returnVulnerability = null;
   
    String locationVariableHash, locationHash, variableHash;
    GenericVulnerability genericVulnerability = finding.getChannelVulnerability().getGenericVulnerability();

    if (genericVulnerability == null
        || genericVulnerability.getName() == null
        || genericVulnerability.getName().trim().equals("")) {

            log.warn("No generic vulnerability was found for the Channel Vulnerability with code "
                    + finding.getChannelVulnerability().getCode());
      return null;
    }

    Vulnerability vulnerability = new Vulnerability();
    vulnerability.openVulnerability(Calendar.getInstance());
    vulnerability.setGenericVulnerability(genericVulnerability);
    vulnerability.setSurfaceLocation(finding.getSurfaceLocation());
   
    // TODO calculate some sort of threshold here and figure out whether or not we want to keep
    // the calculated url path or not.
    vulnerability.setCalculatedUrlPath(finding.getCalculatedUrlPath());
   
    if (finding.getIsStatic()) {
      vulnerability.setCalculatedFilePath(finding.getCalculatedFilePath());
    }
     
    if (finding.isMarkedFalsePositive()) {
      log.info("Creating a false positive vulnerability from a finding marked false positive.");
      vulnerability.setIsFalsePositive(finding.isMarkedFalsePositive());
    }

    String vulnName = genericVulnerability.getName();

    if (finding.getChannelSeverity() != null) {
      vulnerability.setGenericSeverity(getGenericSeverity(finding));
    }
View Full Code Here
95
96
97
98
99
100
101
102
103
104
105
            if (channelVulnerability == null) {
                LOG.warn("Invalid ChannelVulnerability code (" + channelVulnerabilityCode + ") submitted.");
                result = MappingCreateResult.BAD_CHANNEL_VULNERABILITY;
            } else {

                GenericVulnerability genericVulnerability =
                        genericVulnerabilityDao.retrieveByDisplayId(integerId);

                if (genericVulnerability == null) {
                    LOG.warn("Unable to find GenericVulnerability with code " + genericVulnerabilityId);
                    result = MappingCreateResult.BAD_GENERIC_VULNERABILITY_ID;
View Full Code Here
56
57
58
59
60
61
62
63
64
65
        Vulnerability vulnerability = new Vulnerability();

        vulnerability.setGenericSeverity(new GenericSeverity());
        vulnerability.getGenericSeverity().setName("Critical");

        vulnerability.setGenericVulnerability(new GenericVulnerability());
        vulnerability.getGenericVulnerability().setName("XSS");

        return list(vulnerability);
    }
View Full Code Here
330
331
332
333
334
335
336
337
338
339
340
341
342
            Integer integerId = IntegerUtils.getIntegerOrNull(stringId);

            // This code works because of the 1-1 correspondence of manual channel text and cwe text
            if (integerId != null) {
                GenericVulnerability genericVulnerability =
                        genericVulnerabilityDao.retrieveByDisplayId(integerId);
                if (genericVulnerability != null) {
                    cwe = integerId.toString();
                    findingMap.put(FindingKey.VULN_CODE, genericVulnerability.getName());
                }
            }
        }
View Full Code Here
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
        return GENERIC_VULNS_FOLDER;
    }

    private boolean isUpdateGenericVuln(int genericIdInt, String genericNewName, ChannelType manualType) {

        GenericVulnerability genericVulnerability = genericVulnerabilityDao.retrieveByDisplayId(genericIdInt);

        boolean isUpdate = genericVulnerability != null;
        String oldName = null;
        if (genericVulnerability == null) {
            LOG.info("Add new Generic Vulnerability with CWE Id " + genericIdInt);
            genericVulnerability = new GenericVulnerability();
            genericVulnerability.setCweId(genericIdInt);
        } else {
            LOG.info("Update Generic Vulnerability with Id " + genericIdInt);
            oldName = genericVulnerability.getName();
        }

        genericVulnerability.setName(genericNewName);
        genericVulnerabilityDao.saveOrUpdate(genericVulnerability);

        updateManualVuln(genericVulnerability,oldName, genericNewName, manualType);

        return isUpdate;
View Full Code Here
TOP

Related Classes of com.denimgroup.threadfix.data.entities.GenericVulnerability

  • com.denimgroup.threadfix.importer.impl.upload.NessusChannelImporter$NessusSAXParser
  • com.denimgroup.threadfix.importer.update.GenericMappingsUpdater
  • com.denimgroup.threadfix.service.ChannelVulnerabilityServiceImpl
  • com.denimgroup.threadfix.service.defects.util.DefectUtils
  • com.denimgroup.threadfix.service.merge.VulnerabilityParser
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.