Examples of SurfaceLocation

com.denimgroup.threadfix.data.entities.SurfaceLocation

Examples of com.denimgroup.threadfix.data.entities.SurfaceLocation

    private ThreadFixInterface(){}


    public static EndpointQuery toEndpointQuery(Finding finding) {
        EndpointQueryBuilder builder = EndpointQueryBuilder.start();


        SurfaceLocation location = finding.getSurfaceLocation();


        if (location != null) {
            if (location.getHttpMethod() != null) {
                builder.setHttpMethod(location.getHttpMethod());
            }


            if (location.getPath() != null) {
                builder.setDynamicPath(location.getPath());
            }


            if (location.getParameter() != null) {
                builder.setParameter(location.getParameter());
            }
        }




        if (finding.getIsStatic()) {

View Full Code Here

Examples of com.denimgroup.threadfix.data.entities.SurfaceLocation

  
    String action = defaultDirective;
    if (directive != null && directive.getDirective() != null)
      action = directive.getDirective();
    
    SurfaceLocation surfaceLocation = vulnerability.getSurfaceLocation();
  
    String vulnType = vulnerability.getGenericVulnerability().getName();
    // Check if the vuln is supported
    if (!stringInList(vulnType, getSupportedVulnerabilityTypes()))
      return null;
    
    String vulnUrl = surfaceLocation.getPath();
    
    // TODO remove this, it should be unnecessary.
    String param = null;
    if (surfaceLocation.getParameter() != null && !surfaceLocation.getParameter().isEmpty())
      param = surfaceLocation.getParameter().replaceFirst("param=", "");
  
    String rule = generateRuleText(vulnType, vulnUrl, action, currentId.toString(), param, vulnerability);
  
    if (rule != null) {
      WafRule newRule = new WafRule();

View Full Code Here

Examples of com.denimgroup.threadfix.data.entities.SurfaceLocation

        || vulnerability.getGenericVulnerability() == null
        || vulnerability.getGenericVulnerability().getName() == null) {
      return null;
    }
    
    SurfaceLocation surfaceLocation = vulnerability.getSurfaceLocation();
  
    String vulnType = vulnerability.getGenericVulnerability().getName();
    // Check if the vuln is supported
    if (!stringInList(vulnType, getSupportedVulnerabilityTypes())) {
      return null;
    }
    
    String parameter = surfaceLocation.getParameter();
    String path      = surfaceLocation.getPath();
    
    WafRule rule = new WafRule();
    rule.setIsNormalRule(false);
    rule.setWafRuleDirective(directive);
    rule.setNativeId(currentId.toString());

View Full Code Here

Examples of com.denimgroup.threadfix.data.entities.SurfaceLocation

                            .append("http://cwe.mitre.org/data/definitions/")
                            .append(vulnerability.getGenericVulnerability().getId())
                            .append(".html")
                            .append('\n');


                    SurfaceLocation surfaceLocation = vulnerability.getSurfaceLocation();
                    stringBuilder
                            .append("Vulnerability attack surface location:\n")
                            .append("URL: ")
                            .append(surfaceLocation.getUrl())
                            .append("\n")
                            .append("Parameter: ")
                            .append(surfaceLocation.getParameter());


                    List<Finding> findings = vulnerability.getFindings();
                    if (findings != null && !findings.isEmpty()) {
                        addUrlReferences(findings, stringBuilder);
                        addNativeIds(findings, stringBuilder);

View Full Code Here

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.