Ejemplo n.º 1
0
 @Override
 public void changeTagInVulnComments() {
   LOG.info(
       "About to update all tags in Vulnerability Comments from Application Tag to Comment Tag.");
   List<VulnerabilityComment> vulnerabilityComments = vulnerabilityCommentDao.retrieveAllActive();
   if (vulnerabilityComments == null) {
     LOG.info("There is no vulnerability comments in the system.");
     return;
   }
   LOG.info(
       "Looking for tags in "
           + vulnerabilityComments.size()
           + " vulnerability comments, and change them if found.");
   for (VulnerabilityComment comment : vulnerabilityComments) {
     List<Tag> newTags = CollectionUtils.list();
     for (Tag tag : comment.getTags()) {
       if (tag.getType() == TagType.APPLICATION) {
         Tag sameTagInComment = loadCommentTag(tag.getName());
         if (sameTagInComment != null) newTags.add(sameTagInComment);
         else
           LOG.warn(
               "Can't find comment tag "
                   + tag.getName()
                   + " to change for comment in vulnerability ID "
                   + comment.getVulnerability().getId());
       } else newTags.add(tag);
     }
     comment.setTags(newTags);
     vulnerabilityCommentDao.saveOrUpdate(comment);
   }
 }
Ejemplo n.º 2
0
  @RequestMapping(value = "/snapshot/scanComparison", method = RequestMethod.POST)
  public @ResponseBody Object getScanComparison(
      @ModelAttribute VulnerabilitySearchParameters reportParameters) throws IOException {
    long start = System.currentTimeMillis();

    log.info("Generating Scan Comparison report");
    Map<String, Object> result =
        vulnerabilitySearchService.generateScanComparisonReport(reportParameters);

    log.info("Scan Comparison report took " + (System.currentTimeMillis() - start) + " ms");
    return RestResponse.success(result);
  }
  @JsonView(AllViews.UIVulnSearch.class)
  @RequestMapping(value = "/addBatchVulnTagging", method = RequestMethod.POST)
  public Object addBatchTagging(
      @PathVariable("orgId") Integer orgId,
      @PathVariable("appId") Integer appId,
      @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
      Model model)
      throws IOException {

    if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
      return RestResponse.failure("You are not authorized to modify vulnerabilities.");
    }
    if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
      return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
    }

    log.info(
        "About to tag to "
            + vulnerabilityCollectionModel.getVulnerabilityIds().size()
            + " Vulnerabilities.");
    vulnerabilityService.batchTagging(
        vulnerabilityCollectionModel.getVulnerabilityIds(), vulnerabilityCollectionModel.getTags());

    return RestResponse.success(vulnerabilityCollectionModel.getTags());
  }
  @JsonView(AllViews.UIVulnSearch.class)
  @RequestMapping(value = "/addBatchComment", method = RequestMethod.POST)
  public Object addBatchComment(
      @PathVariable("orgId") Integer orgId,
      @PathVariable("appId") Integer appId,
      @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
      Model model)
      throws IOException {

    if (!PermissionUtils.isAuthorized(Permission.CAN_SUBMIT_COMMENTS, orgId, appId)) {
      return RestResponse.failure("You are not authorized to modify vulnerabilities.");
    }

    if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
      return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
    }

    log.info(
        "About to add comment to "
            + vulnerabilityCollectionModel.getVulnerabilityIds().size()
            + " Vulnerabilities.");

    VulnerabilityComment vulnerabilityComment = null;

    for (int vulnerabilityId : vulnerabilityCollectionModel.getVulnerabilityIds()) {
      vulnerabilityComment = new VulnerabilityComment();
      vulnerabilityComment.setComment(vulnerabilityCollectionModel.getComment());
      vulnerabilityComment.setTags(vulnerabilityCollectionModel.getTags());
      vulnerabilityCommentService.addCommentToVuln(vulnerabilityComment, vulnerabilityId);
    }

    return RestResponse.success(vulnerabilityComment);
  }
Ejemplo n.º 5
0
 @Override
 @Transactional(readOnly = false)
 public void deleteById(int tagId) {
   LOG.info("Deleting Tag with ID " + tagId);
   Tag tag = loadTag(tagId);
   tag.setActive(false);
   tagDao.saveOrUpdate(tag);
 }
Ejemplo n.º 6
0
  @RequestMapping(value = "/snapshot/averageAge", method = RequestMethod.POST)
  public @ResponseBody RestResponse<Map<String, Object>> getPointInTimeAge(
      @ModelAttribute VulnerabilitySearchParameters reportParameters) throws IOException {
    long start = System.currentTimeMillis();

    log.info("Generating Average Age in Point In Time report");
    reportParameters.setShowHidden(false);
    reportParameters.setShowFalsePositive(false);
    reportParameters.setShowClosed(false);
    reportParameters.setShowOpen(true);
    Map<String, Object> map =
        vulnerabilitySearchService.generatePointInTimeAgeReport(reportParameters);

    log.info(
        "Get Average Age in Point In Time took " + (System.currentTimeMillis() - start) + " ms");
    return RestResponse.success(map);
  }
Ejemplo n.º 7
0
 @RequestMapping(value = "/getTopApps", method = RequestMethod.POST)
 public @ResponseBody RestResponse<Map<String, Object>> processTopApps(
     @ModelAttribute VulnerabilitySearchParameters reportParameters, HttpServletRequest request)
     throws IOException {
   log.info("Generating Top 20 Vulnerable applications report");
   Map<String, Object> map = reportsService.generateMostAppsReport(reportParameters, request);
   return RestResponse.success(map);
 }
Ejemplo n.º 8
0
 @RequestMapping(value = "/trendingScans", method = RequestMethod.POST)
 @JsonView(AllViews.RestViewScanStatistic.class)
 public @ResponseBody Object processTrendingScans(
     @ModelAttribute ReportParameters reportParameters, HttpServletRequest request)
     throws IOException {
   log.info("Generating trending scans report");
   return RestResponse.success(reportsService.generateTrendingReport(reportParameters, request));
 }
Ejemplo n.º 9
0
  @RequestMapping(value = "/snapshot/progressByType", method = RequestMethod.POST)
  public @ResponseBody Object getProgressByType(
      @ModelAttribute VulnerabilitySearchParameters reportParameters) throws IOException {
    long start = System.currentTimeMillis();

    log.info("Generating Vulnerability Progress By Type report");
    reportParameters.setShowHidden(false);
    reportParameters.setShowFalsePositive(false);
    reportParameters.setShowClosed(true);
    reportParameters.setShowOpen(true);

    List<Object> map = vulnerabilitySearchService.generateProgressByTypeReport(reportParameters);
    log.info(
        "Vulnerability Progress By Type report took "
            + (System.currentTimeMillis() - start)
            + " ms");
    return RestResponse.success(map);
  }
Ejemplo n.º 10
0
 @RequestMapping(value = "/snapshot", method = RequestMethod.POST)
 @JsonView(AllViews.VulnSearchApplications.class)
 public @ResponseBody RestResponse<Map<String, Object>> processSnapShot(
     @ModelAttribute ReportParameters reportParameters, HttpServletRequest request)
     throws IOException {
   log.info("Generating snapshot report");
   Map<String, Object> map = reportsService.generateSnapshotReport(reportParameters, request);
   map.put("tags", tagService.loadAllApplicationTags());
   map.put("vulnTags", tagService.loadAllVulnTags());
   return RestResponse.success(map);
 }
Ejemplo n.º 11
0
 @Override
 public void updateTagTypes() {
   LOG.info("About to update type for all tags.");
   for (Tag tag : tagDao.retrieveAll()) {
     if (!tag.getTagForComment()) { // this is an application tag
       tag.setType(TagType.APPLICATION);
     } else {
       tag.setType(TagType.COMMENT);
     }
     tagDao.saveOrUpdate(tag);
   }
 }
  public static Project getJiraProjectMetadata(String jsonString) {
    try {
      return getLenientObjectMapper()
          .readValue(jsonString, JiraJsonMetadataResponse.class)
          .getProjectOrNull();
    } catch (IOException e) {
      LOG.info("Failed to deserialize JSON.");
      LOG.debug("Failing JSON: " + jsonString, e);

      throw new RestIOException(e, "Unable to parse server response.");
    }
  }
Ejemplo n.º 13
0
 @Override
 public void copyAppTagsToCommentTags() {
   List<Tag> appTags = loadAllApplicationTags();
   if (appTags == null) {
     LOG.info("There is no tags in system.");
     return;
   }
   LOG.info("About to copy " + appTags.size() + " application tags to comment tags.");
   for (Tag appTag : appTags) {
     if (loadCommentTag(appTag.getName()) == null) {
       LOG.info("Copying " + appTag.getName());
       Tag newCommentTag = new Tag();
       newCommentTag.setName(appTag.getName());
       newCommentTag.setEnterpriseTag(appTag.getEnterpriseTag());
       newCommentTag.setDefaultJsonFilter(appTag.getDefaultJsonFilter());
       newCommentTag.setType(TagType.COMMENT);
       tagDao.saveOrUpdate(newCommentTag);
     }
     appTag.setType(TagType.APPLICATION);
     tagDao.saveOrUpdate(appTag);
   }
 }