@Override public String getDynamicPath() { if (finding.getStaticPathInformation() != null) { return finding.getStaticPathInformation().getValue(); } else if (finding.getSurfaceLocation() != null && finding.getSurfaceLocation().getPath() != null){ return finding.getSurfaceLocation().getPath(); } else { return null; } }
public static EndpointQuery toEndpointQuery(Finding finding) { EndpointQueryBuilder builder = EndpointQueryBuilder.start(); SurfaceLocation location = finding.getSurfaceLocation(); if (location != null) { if (location.getHttpMethod() != null) { builder.setHttpMethod(location.getHttpMethod()); } if (location.getPath() != null) { builder.setDynamicPath(location.getPath()); } if (location.getParameter() != null) { builder.setParameter(location.getParameter()); } } if (finding.getIsStatic()) { builder.setInformationSourceType(InformationSourceType.STATIC); } else { builder.setInformationSourceType(InformationSourceType.DYNAMIC); } if (finding.getSourceFileLocation() != null) { builder.setStaticPath(finding.getSourceFileLocation()); } if (finding.getDataFlowElements() != null && !finding.getDataFlowElements().isEmpty()) { builder.setCodePoints(toCodePoints(finding.getDataFlowElements())); } return builder.generateQuery(); }
public Finding(Finding finding) { this.issueId = finding.getIssueId(); this.surfaceLocation = finding.getSurfaceLocation(); this.attackString = finding.getAttackString(); this.attackRequest = finding.getAttackRequest(); this.attackResponse = finding.getAttackResponse(); this.scannerDetail = finding.getScannerDetail(); this.scannerRecommendation = finding.getScannerRecommendation(); this.rawFinding = finding.getRawFinding(); this.urlReference = finding.getUrlReference(); this.attackString = finding.getAttackString(); this.channelVulnerability = finding.getChannelVulnerability(); this.channelSeverity = finding.getChannelSeverity(); this.sourceFileLocation = finding.getSourceFileLocation(); this.nativeId = finding.getNativeId(); this.isStatic = finding.getIsStatic(); this.displayId = finding.getDisplayId(); this.dataFlowElements = finding.getDataFlowElements(); this.dependency = finding.getDependency(); this.longDescription = finding.getLongDescription(); }
public static Vulnerabilities.Vulnerability.Finding convertTFFindingToSSVLFinding(Finding tfFinding) { Vulnerabilities.Vulnerability.Finding ssvlFinding = factory.createVulnerabilitiesVulnerabilityFinding(); ssvlFinding.setFindingDescription(tfFinding.getChannelVulnerability().getName()); ssvlFinding.setLongDescription(tfFinding.getLongDescription()); ssvlFinding.setNativeID(tfFinding.getNativeId()); ssvlFinding.setAttackString(tfFinding.getAttackString()); ssvlFinding.setScanner(tfFinding.getChannelNameOrNull()); ssvlFinding.setSeverity(tfFinding.getChannelSeverity().getName()); ssvlFinding.setIdentifiedTimestamp(getTimestamp(tfFinding.getScan().getImportTime())); if (!tfFinding.getIsStatic()) ssvlFinding.setSurfaceLocation(convertTFSurfaceLocationToSSVL(tfFinding.getSurfaceLocation())); if (tfFinding.getDataFlowElements() != null) for (DataFlowElement tfDataFlow: tfFinding.getDataFlowElements()) { ssvlFinding.getDataFlowElement().add(convertTFDataFlowElementToSSVL(tfDataFlow)); } ssvlFinding.setDependency(convertTFDependencyToSSVL(tfFinding.getDependency())); return ssvlFinding; }