public Finding(Finding finding) { this.issueId = finding.getIssueId(); this.surfaceLocation = finding.getSurfaceLocation(); this.attackString = finding.getAttackString(); this.attackRequest = finding.getAttackRequest(); this.attackResponse = finding.getAttackResponse(); this.scannerDetail = finding.getScannerDetail(); this.scannerRecommendation = finding.getScannerRecommendation(); this.rawFinding = finding.getRawFinding(); this.urlReference = finding.getUrlReference(); this.attackString = finding.getAttackString(); this.channelVulnerability = finding.getChannelVulnerability(); this.channelSeverity = finding.getChannelSeverity(); this.sourceFileLocation = finding.getSourceFileLocation(); this.nativeId = finding.getNativeId(); this.isStatic = finding.getIsStatic(); this.displayId = finding.getDisplayId(); this.dataFlowElements = finding.getDataFlowElements(); this.dependency = finding.getDependency(); this.longDescription = finding.getLongDescription(); }
public DeletedFinding(Finding originalFinding) { if (originalFinding != null) { setSourceFileLocation(originalFinding.getSourceFileLocation()); setNativeId(originalFinding.getNativeId()); setIsStatic(originalFinding.getIsStatic()); setMarkedFalsePositive(originalFinding.isMarkedFalsePositive()); setUser(originalFinding.getUser()); setId(originalFinding.getId()); setChannelSeverity(originalFinding.getChannelSeverity()); setChannelVulnerability(originalFinding.getChannelVulnerability()); setLongDescription(originalFinding.getLongDescription()); if (originalFinding.getScan() != null) { setDeletedScanId(originalFinding.getScan().getId()); } } }
@Transient @JsonIgnore public String getFindingCalculatedFilePath() { String filePath = null; if (findings != null) { for (Finding finding : findings) { if (finding != null && finding.getCalculatedFilePath() != null) { filePath = finding.getCalculatedFilePath(); break; } } } return filePath; }
@Override public String getDynamicPath() { if (finding.getStaticPathInformation() != null) { return finding.getStaticPathInformation().getValue(); } else if (finding.getSurfaceLocation() != null && finding.getSurfaceLocation().getPath() != null){ return finding.getSurfaceLocation().getPath(); } else { return null; } }
@Transient @JsonIgnore public int getEntryPointLineNumber() { int lineNumber = -1; if (findings != null) { for (Finding finding : findings) { if (finding != null && finding.getDataFlowElements() != null && !finding.getDataFlowElements().isEmpty() && finding.getDataFlowElements().get(0).getLineNumber() != -1) { lineNumber = finding.getDataFlowElements().get(0).getLineNumber(); break; } else if (finding != null && finding.getEntryPointLineNumber() != -1) { lineNumber = finding.getEntryPointLineNumber(); } } } return lineNumber; }
public static Vulnerabilities.Vulnerability.Finding convertTFFindingToSSVLFinding(Finding tfFinding) { Vulnerabilities.Vulnerability.Finding ssvlFinding = factory.createVulnerabilitiesVulnerabilityFinding(); ssvlFinding.setFindingDescription(tfFinding.getChannelVulnerability().getName()); ssvlFinding.setLongDescription(tfFinding.getLongDescription()); ssvlFinding.setNativeID(tfFinding.getNativeId()); ssvlFinding.setAttackString(tfFinding.getAttackString()); ssvlFinding.setScanner(tfFinding.getChannelNameOrNull()); ssvlFinding.setSeverity(tfFinding.getChannelSeverity().getName()); ssvlFinding.setIdentifiedTimestamp(getTimestamp(tfFinding.getScan().getImportTime())); if (!tfFinding.getIsStatic()) ssvlFinding.setSurfaceLocation(convertTFSurfaceLocationToSSVL(tfFinding.getSurfaceLocation())); if (tfFinding.getDataFlowElements() != null) for (DataFlowElement tfDataFlow: tfFinding.getDataFlowElements()) { ssvlFinding.getDataFlowElement().add(convertTFDataFlowElementToSSVL(tfDataFlow)); } ssvlFinding.setDependency(convertTFDependencyToSSVL(tfFinding.getDependency())); return ssvlFinding; }
public static EndpointQuery toEndpointQuery(Finding finding) { EndpointQueryBuilder builder = EndpointQueryBuilder.start(); SurfaceLocation location = finding.getSurfaceLocation(); if (location != null) { if (location.getHttpMethod() != null) { builder.setHttpMethod(location.getHttpMethod()); } if (location.getPath() != null) { builder.setDynamicPath(location.getPath()); } if (location.getParameter() != null) { builder.setParameter(location.getParameter()); } } if (finding.getIsStatic()) { builder.setInformationSourceType(InformationSourceType.STATIC); } else { builder.setInformationSourceType(InformationSourceType.DYNAMIC); } if (finding.getSourceFileLocation() != null) { builder.setStaticPath(finding.getSourceFileLocation()); } if (finding.getDataFlowElements() != null && !finding.getDataFlowElements().isEmpty()) { builder.setCodePoints(toCodePoints(finding.getDataFlowElements())); } return builder.generateQuery(); }
public static StatisticsCounter getStatisticsCounter(Finding finding) { if (finding != null && finding.getVulnerability() != null && finding.getChannelSeverity() != null && finding.getChannelVulnerability() != null && finding.getScan() != null && finding.getVulnerability().getGenericSeverity() != null && finding.getVulnerability().getGenericVulnerability() != null) { StatisticsCounter counter = new StatisticsCounter(); counter.vulnerabilityId = finding.getVulnerability().getId(); counter.scanId = finding.getScan().getId(); counter.channelSeverityId = finding.getChannelSeverity().getId(); counter.channelVulnerabilityId = finding.getChannelVulnerability().getId(); counter.currentGenericSeverityId = finding.getVulnerability().getGenericSeverity().getId(); counter.genericVulnerabilityId = finding.getVulnerability().getGenericVulnerability().getId(); counter.originalGenericSeverityId = counter.currentGenericSeverityId; counter.finding = finding; return counter; } else { return null; } }
@Transient @JsonView({ AllViews.UIVulnSearch.class, AllViews.VulnerabilityDetail.class, AllViews.RestVulnSearch.class }) public List<Finding> getDynamicFindings() { if (getFindings() == null) return null; List<Finding> dynamicFindingList = list(); for (Finding finding : getFindings()) { if (finding != null && !finding.getIsStatic() && ((finding.getAttackRequest() != null && !finding.getAttackRequest().isEmpty()) || (finding.getAttackResponse() != null) && !finding.getAttackResponse().isEmpty())) { dynamicFindingList.add(finding); } } return dynamicFindingList; }
@Transient @JsonView({ AllViews.UIVulnSearch.class, AllViews.VulnerabilityDetail.class, AllViews.RestVulnSearch.class }) public List<Finding> getStaticFindings() { if (getFindings() == null) return null; List<Finding> staticFindingList = list(); for (Finding finding : getFindings()) { if (finding != null && finding.getIsStatic()) { if (finding.getDataFlowElements() != null && finding.getDataFlowElements().size() != 0) { Collections.sort(finding.getDataFlowElements()); staticFindingList.add(finding); } } } return staticFindingList; }
@Transient @JsonIgnore @Nullable public String getChannelNameOrNull() { return getScan() != null && getScan().getApplicationChannel() != null && getScan().getApplicationChannel().getChannelType() != null && getScan().getApplicationChannel().getChannelType().getName() != null ? getScan().getApplicationChannel().getChannelType().getName() : null; }
Calendar latestScanDate = null; for (Finding finding : vulnerability.getFindings()) { Calendar scanDate = finding.getScan().getImportTime(); if ((latestScanDate == null) || scanDate.after(latestScanDate)) { latestScanDate = scanDate; if (finding.getScanRepeatFindingMaps() != null) { for (ScanRepeatFindingMap scanRepeatFindingMap : finding.getScanRepeatFindingMaps()) { Scan scan = scanRepeatFindingMap.getScan(); if (scan != null) {
/** * This constructor maps everything correctly, so just creating the object is enough. * This object is useless without the mappings, so it makes sense to include them here. * @param finding * @param scan */ public ScanRepeatFindingMap(Finding finding, Scan scan) { this.finding = finding; this.scan = scan; if (finding != null) { if (finding.getScanRepeatFindingMaps() == null) { finding.setScanRepeatFindingMaps(new ArrayList<ScanRepeatFindingMap>()); } finding.getScanRepeatFindingMaps().add(this); } if (scan != null) { if (scan.getScanRepeatFindingMaps() == null) { scan.setScanRepeatFindingMaps(new ArrayList<ScanRepeatFindingMap>()); } scan.getScanRepeatFindingMaps().add(this); } }
@Override public String getStaticPath() { return finding.getSourceFileLocation(); }
@Transient @JsonView(AllViews.TableRow.class) private Calendar getImportTime() { return getScan().getImportTime(); }
@Override public String toString() { if (dependency != null) { return "Finding{ Dependency{ CVEID=" + dependency.getCve() + "}}"; } else if (isStatic) { return "Finding{ " + "staticPath=" + getSourceFileLocation() + ", channelSeverity=" + channelSeverity + ", channelVulnerability=" + channelVulnerability + "}"; } else { return "Finding {" + "channelSeverity=" + channelSeverity + ", channelVulnerability=" + channelVulnerability + ", surfaceLocation=" + surfaceLocation + '}'; } }
@Transient @JsonView({ AllViews.TableRow.class, AllViews.VulnerabilityDetail.class }) private Integer getScanId() { return getScan().getId(); }
@Transient @JsonView({ AllViews.UIVulnSearch.class, AllViews.VulnSearchApplications.class, AllViews.RestVulnSearch.class }) public List<String> getChannelNames() { if (getFindings() == null || getFindings().isEmpty()) { return new ArrayList<String>(); } List<String> returnList = new ArrayList<String>(); for (Finding finding : getFindings()) { if (finding.getScan() != null && finding.getScan().getApplicationChannel() != null && finding.getScan().getApplicationChannel().getChannelType() != null) { returnList.add(finding.getScan().getApplicationChannel().getChannelType().getName()); } } return returnList; }