}
Vulnerability returnVulnerability = null;
String locationVariableHash, locationHash, variableHash;
GenericVulnerability genericVulnerability = finding.getChannelVulnerability().getGenericVulnerability();
if (genericVulnerability == null
|| genericVulnerability.getName() == null
|| genericVulnerability.getName().trim().equals("")) {
log.warn("No generic vulnerability was found for the Channel Vulnerability with code "
+ finding.getChannelVulnerability().getCode());
return null;
}
Vulnerability vulnerability = new Vulnerability();
vulnerability.openVulnerability(Calendar.getInstance());
vulnerability.setGenericVulnerability(genericVulnerability);
vulnerability.setSurfaceLocation(finding.getSurfaceLocation());
// TODO calculate some sort of threshold here and figure out whether or not we want to keep
// the calculated url path or not.
vulnerability.setCalculatedUrlPath(finding.getCalculatedUrlPath());
if (finding.getIsStatic()) {
vulnerability.setCalculatedFilePath(finding.getCalculatedFilePath());
}
if (finding.isMarkedFalsePositive()) {
log.info("Creating a false positive vulnerability from a finding marked false positive.");
vulnerability.setIsFalsePositive(finding.isMarkedFalsePositive());
}
String vulnName = genericVulnerability.getName();
if (finding.getChannelSeverity() != null) {
vulnerability.setGenericSeverity(getGenericSeverity(finding));
}