if (application != null) {
applicationService.decryptCredentials(application);
}
AbstractDefectTracker dt = DefectTrackerFactory.getTracker(application);
if (dt == null) {
log.warn("Unable to load Defect Tracker.");
return null;
}
String editedSummary = summary, editedPreamble = preamble;
// TODO handle error cases better.
if (editedSummary == null || editedSummary.equals("")) {
if (vuln.getGenericVulnerability() != null && vuln.getSurfaceLocation() != null) {
editedSummary = createMessage(vuln);
} else {
editedSummary = "No editedSummary could be parsed.";
}
}
if (editedPreamble == null || editedPreamble.equals("")) {
if (vuln.getGenericVulnerability() != null && vuln.getSurfaceLocation() != null) {
if(additionalScannerInfo){
String additionalScannerInfoStr = getAdditionalScannerInfo(allVulns);
if(additionalScannerInfoStr == null || additionalScannerInfoStr.equals("")){
editedPreamble = createMessage(vuln);
} else {
editedPreamble = createMessageWithScannerInfo(vuln, additionalScannerInfoStr);
}
} else {
editedPreamble = createMessage(vuln);
}
} else {
editedPreamble = "No editedPreamble could be parsed.";
}
}
List<Vulnerability> vulnsWithoutDefects = list();
for (Vulnerability vulnerability : allVulns) {
if (vulnerability.getDefect() == null) {
vulnsWithoutDefects.add(vulnerability);
}
}
if (vulnsWithoutDefects.size() == 0) {
log.warn("All the vulnerabilities already had defects, exiting.");
return null;
}
String defectTrackerName = null;
if (application != null && application.getDefectTracker() != null
&& application.getDefectTracker().getDefectTrackerType() != null
&& application.getDefectTracker().getDefectTrackerType().getName() != null) {
defectTrackerName = application.getDefectTracker().getDefectTrackerType().getName();
}
if (defectTrackerName != null) {
log.info("About to submit a defect to " + defectTrackerName + ".");
} else {
log.info("About to submit a defect to the defect tracker.");
}
String defectId = dt.createDefect(vulnsWithoutDefects,
new DefectMetadata(editedSummary, editedPreamble,
component, version, severity, priority, status, fieldsMap));
if (defectId != null) {
Defect defect = new Defect();
defect.setNativeId(defectId);
defect.setVulnerabilities(vulnsWithoutDefects);
defect.setApplication(application);
Object sObj = null;
if (fieldsMap != null && status == null) {
sObj = fieldsMap.get("status")==null ? fieldsMap.get("Status") : fieldsMap.get("status");
}
status = (sObj != null ? String.valueOf(sObj) : status);
// By default, set status to Open
if (status == null)
status = "Open";
defect.setStatus(status);
defect.setDefectURL(dt.getBugURL(
application.getDefectTracker().getUrl(), defectId));
defectDao.saveOrUpdate(defect);
for (Vulnerability vulnerability : vulnsWithoutDefects) {
vulnerability.setDefect(defect);
vulnerability.setDefectSubmittedTime(Calendar.getInstance());
vulnerabilityDao.saveOrUpdate(vulnerability);
}
if (defectTrackerName != null) {
log.info("Successfully submitted defect to " + defectTrackerName + ".");
} else {
log.info("Successfully submitted defect.");
}
map.put(DEFECT, defect);
return map;
}
if (defectTrackerName != null) {
log.warn("There was an error submitting the defect to " + defectTrackerName + ".");
} else {
log.warn("There was an error submitting the defect.");
}
map.put(ERROR, dt.getLastError());
return map;
}