////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2009-2014 Denim Group, Ltd.
//
// The contents of this file are subject to the Mozilla Public License
// Version 2.0 (the "License"); you may not use this file except in
// compliance with the License. You may obtain a copy of the License at
// http://www.mozilla.org/MPL/
//
// Software distributed under the License is distributed on an "AS IS"
// basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
// License for the specific language governing rights and limitations
// under the License.
//
// The Original Code is ThreadFix.
//
// The Initial Developer of the Original Code is Denim Group, Ltd.
// Portions created by Denim Group, Ltd. are Copyright (C)
// Denim Group, Ltd. All Rights Reserved.
//
// Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.service;
import com.denimgroup.threadfix.data.dao.ChannelTypeDao;
import com.denimgroup.threadfix.data.dao.ChannelVulnerabilityDao;
import com.denimgroup.threadfix.data.dao.GenericVulnerabilityDao;
import com.denimgroup.threadfix.data.entities.ChannelType;
import com.denimgroup.threadfix.data.entities.ChannelVulnerability;
import com.denimgroup.threadfix.data.entities.GenericVulnerability;
import com.denimgroup.threadfix.data.entities.VulnerabilityMap;
import com.denimgroup.threadfix.importer.util.IntegerUtils;
import com.denimgroup.threadfix.logging.SanitizedLogger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.Arrays;
import java.util.List;
@Service
@Transactional(readOnly = false) // used to be true
public class ChannelVulnerabilityServiceImpl implements ChannelVulnerabilityService {
@Autowired
private ChannelVulnerabilityDao channelVulnerabilityDao;
@Autowired
private ChannelTypeDao channelTypeDao;
@Autowired
private GenericVulnerabilityDao genericVulnerabilityDao;
private static final SanitizedLogger LOG = new SanitizedLogger(ChannelVulnerabilityService.class);
@Override
public List<ChannelVulnerability> loadSuggested(String prefix) {
return channelVulnerabilityDao.retrieveSuggested(prefix);
}
@Override
public boolean isValidManualName(String code) {
return channelVulnerabilityDao.isValidManualName(code);
}
@Override
public List<ChannelVulnerability> loadAllManual() {
return channelVulnerabilityDao.retrieveAllManual();
}
@Override
public MappingCreateResult createMapping(String channelName, String channelVulnerabilityCode, String genericVulnerabilityId) {
Integer integerId = IntegerUtils.getIntegerOrNull(genericVulnerabilityId);
if (integerId == null) {
throw new IllegalArgumentException("Invalid Generic Vulnerability ID: " + genericVulnerabilityId);
}
final MappingCreateResult result;
ChannelType channelType = channelTypeDao.retrieveByName(channelName);
if (channelType == null) {
LOG.warn("Invalid ChannelType (" + channelName + ") submitted.");
result = MappingCreateResult.BAD_CHANNEL_TYPE;
} else {
ChannelVulnerability channelVulnerability =
channelVulnerabilityDao.retrieveByCode(channelType, channelVulnerabilityCode);
if (channelVulnerability == null) {
LOG.info("Channel Vulnerability lookup by code failed, trying by name.");
channelVulnerability =
channelVulnerabilityDao.retrieveByName(channelType, channelVulnerabilityCode);
}
if (channelVulnerability == null) {
LOG.warn("Invalid ChannelVulnerability code (" + channelVulnerabilityCode + ") submitted.");
result = MappingCreateResult.BAD_CHANNEL_VULNERABILITY;
} else {
GenericVulnerability genericVulnerability =
genericVulnerabilityDao.retrieveByDisplayId(integerId);
if (genericVulnerability == null) {
LOG.warn("Unable to find GenericVulnerability with code " + genericVulnerabilityId);
result = MappingCreateResult.BAD_GENERIC_VULNERABILITY_ID;
} else {
VulnerabilityMap newMap = new VulnerabilityMap();
newMap.setChannelVulnerability(channelVulnerability);
newMap.setGenericVulnerability(genericVulnerability);
channelVulnerability.setVulnerabilityMaps(Arrays.asList(newMap));
channelVulnerability.setUserCreated(true);
channelVulnerabilityDao.saveOrUpdate(channelVulnerability);
result = MappingCreateResult.SUCCESS;
}
}
}
LOG.info("CreateMapping result was " + result);
return result;
}
}