Package com.denimgroup.threadfix.data.entities

Examples of com.denimgroup.threadfix.data.entities.WafRule

153
154
155
156
157
158
159
160
161
162
163
                    return null;
                }

                log.debug("wafRuleId " + wafRuleId);

                WafRule rule = wafRuleDao.retrieveByWafAndNativeId(wafId, wafRuleId);
                if (rule == null) {
                    log.debug("wafRule not found");
                    return null;
                }
View Full Code Here
56
57
58
59
60
61
62
63
64
65
66
    String nativeId = getRegexResult(entry, "\\[unique_id \\\"([^\\\"]+)\\\"\\]");
   
    if (nativeId == null || securityEventDao.retrieveByNativeIdAndWafId(nativeId, wafId) != null)
      return null;
   
    WafRule rule = wafRuleDao.retrieveByWafAndNativeId(wafId, wafRuleNativeId);
    if (rule == null)
      return null;
   
    Calendar calendar = parseDate(time);
   
View Full Code Here
71
72
73
74
75
76
77
78
79
80
81
    String nativeId = hashArrayItems(toHash);
   
    if (nativeId == null || securityEventDao.retrieveByNativeIdAndWafId(nativeId, wafId) != null)
      return null;
   
    WafRule rule = wafRuleDao.retrieveByWafAndNativeId(wafId, sid);
    if (rule == null)
      return null;
    Calendar calendar = parseDate(time);
   
    SecurityEvent event = new SecurityEvent();
View Full Code Here
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
    for (Vulnerability vuln : application.getVulnerabilities()) {
      if (vuln == null || vuln.getIsFalsePositive())
        continue;
     
      WafRule oldRule = null;
      if (wafRuleDao != null && directive != null)
        oldRule = wafRuleDao.retrieveByVulnerabilityAndWafAndDirective(vuln, application.getWaf(), directive);
      WafRule currentRule = null;
      if (oldRule == null) {
        currentRule = makeRule(application.getWaf().getCurrentId(), vuln, directive);
        if (currentRule != null) {
          currentRule.setVulnerability(vuln);
          application.getWaf().setCurrentId(application.getWaf().getCurrentId() + 1);
        }
      } else {
        currentRule = oldRule;
      }

      if (currentRule != null && currentRule.getRule() != null
          && !currentRule.getRule().trim().equals("")) {
        rules.add(currentRule);
      } else {
        log.debug("New rule was null or empty for vulnerability: " + vuln);
      }
    }
View Full Code Here
377
378
379
380
381
382
383
384
385
386
387
388
      param = surfaceLocation.getParameter().replaceFirst("param=", "");
 
    String rule = generateRuleText(vulnType, vulnUrl, action, currentId.toString(), param, vulnerability);
 
    if (rule != null) {
      WafRule newRule = new WafRule();
      newRule.setRule(rule);
      newRule.setNativeId(currentId.toString());
      return newRule;
    }
    return null;
  }
View Full Code Here
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
    }
   
    String parameter = surfaceLocation.getParameter();
    String path      = surfaceLocation.getPath();
   
    WafRule rule = new WafRule();
    rule.setIsNormalRule(false);
    rule.setWafRuleDirective(directive);
    rule.setNativeId(currentId.toString());
   
    //CSRF is handled on a by-url basis in its own tag
    if (GenericVulnerability.CWE_CROSS_SITE_REQUEST_FORGERY.equals(vulnType)) {
      rule.setVulnerabilityDesc("CSRF");
      rule.setRule("<csrf_urls>" + path + "</csrf_urls>");
      return rule;
    }
   
    // Possibly turn on Response Scrubbing if CCN or SSN might be present
    if (GenericVulnerability.CWE_INFORMATION_EXPOSURE.equals(vulnType) ||
        GenericVulnerability.CWE_PRIVACY_VIOLATION.equals(vulnType)) {
      for (Finding finding : vulnerability.getFindings()) {
        if (finding != null && finding.getChannelVulnerability() != null &&
            finding.getChannelVulnerability().getName()!= null &&
            (finding.getChannelVulnerability().getName().contains("Credit Card") ||
             finding.getChannelVulnerability().getName().contains("Social Security"))) {
          rule.setRule("Response Scrubbing");
          return rule;
        }
      }
      return null;
    }
   
    // Possibly turn on Illegal methods
    // TODO improve detection of these vulns
    if (GenericVulnerability.CWE_GENERIC_INJECTION.equals(vulnType) ||
        GenericVulnerability.CWE_DEBUG_CODE.equals(vulnType)) {
      for (Finding finding : vulnerability.getFindings()) {
        if (finding != null && finding.getChannelVulnerability() != null &&
            finding.getChannelVulnerability().getName()!= null &&
            finding.getChannelVulnerability().getName().contains("HTTP Method")) {
          rule.setRule("Illegal Method");
          return rule;
        }
      }
      return null;
    }

    // The general case: set the path, parameter, and type
    if (path != null && (parameter != null || GenericVulnerability.CWE_FILE_UPLOAD.equals(vulnType))) {
      rule.setParameter(parameter);
      rule.setPath(path);
      rule.setRule("BIG-IP");
      rule.setVulnerabilityDesc(vulnType);
      return rule;
    }
   
    return null;
  }
View Full Code Here
TOP

Related Classes of com.denimgroup.threadfix.data.entities.WafRule

  • com.denimgroup.threadfix.service.waf.BigIPASMGenerator
  • com.denimgroup.threadfix.service.waf.RealTimeProtectionGenerator
  • com.denimgroup.threadfix.service.waflog.ModSecurityLogParser
  • com.denimgroup.threadfix.service.waflog.RiverbedWebAppFirewallLogParser
  • com.denimgroup.threadfix.service.waflog.SnortLogParser
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.