Package com.denimgroup.threadfix.data.entities

Examples of com.denimgroup.threadfix.data.entities.SurfaceLocation


    private ThreadFixInterface(){}

    public static EndpointQuery toEndpointQuery(Finding finding) {
        EndpointQueryBuilder builder = EndpointQueryBuilder.start();

        SurfaceLocation location = finding.getSurfaceLocation();

        if (location != null) {
            if (location.getHttpMethod() != null) {
                builder.setHttpMethod(location.getHttpMethod());
            }

            if (location.getPath() != null) {
                builder.setDynamicPath(location.getPath());
            }

            if (location.getParameter() != null) {
                builder.setParameter(location.getParameter());
            }
        }


        if (finding.getIsStatic()) {
View Full Code Here


 
    String action = defaultDirective;
    if (directive != null && directive.getDirective() != null)
      action = directive.getDirective();
   
    SurfaceLocation surfaceLocation = vulnerability.getSurfaceLocation();
 
    String vulnType = vulnerability.getGenericVulnerability().getName();
    // Check if the vuln is supported
    if (!stringInList(vulnType, getSupportedVulnerabilityTypes()))
      return null;
   
    String vulnUrl = surfaceLocation.getPath();
   
    // TODO remove this, it should be unnecessary.
    String param = null;
    if (surfaceLocation.getParameter() != null && !surfaceLocation.getParameter().isEmpty())
      param = surfaceLocation.getParameter().replaceFirst("param=", "");
 
    String rule = generateRuleText(vulnType, vulnUrl, action, currentId.toString(), param, vulnerability);
 
    if (rule != null) {
      WafRule newRule = new WafRule();
View Full Code Here

        || vulnerability.getGenericVulnerability() == null
        || vulnerability.getGenericVulnerability().getName() == null) {
      return null;
    }
   
    SurfaceLocation surfaceLocation = vulnerability.getSurfaceLocation();
 
    String vulnType = vulnerability.getGenericVulnerability().getName();
    // Check if the vuln is supported
    if (!stringInList(vulnType, getSupportedVulnerabilityTypes())) {
      return null;
    }
   
    String parameter = surfaceLocation.getParameter();
    String path      = surfaceLocation.getPath();
   
    WafRule rule = new WafRule();
    rule.setIsNormalRule(false);
    rule.setWafRuleDirective(directive);
    rule.setNativeId(currentId.toString());
View Full Code Here

                            .append("http://cwe.mitre.org/data/definitions/")
                            .append(vulnerability.getGenericVulnerability().getId())
                            .append(".html")
                            .append('\n');

                    SurfaceLocation surfaceLocation = vulnerability.getSurfaceLocation();
                    stringBuilder
                            .append("Vulnerability attack surface location:\n")
                            .append("URL: ")
                            .append(surfaceLocation.getUrl())
                            .append("\n")
                            .append("Parameter: ")
                            .append(surfaceLocation.getParameter());

                    List<Finding> findings = vulnerability.getFindings();
                    if (findings != null && !findings.isEmpty()) {
                        addUrlReferences(findings, stringBuilder);
                        addNativeIds(findings, stringBuilder);
View Full Code Here

TOP

Related Classes of com.denimgroup.threadfix.data.entities.SurfaceLocation

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.