@JsonView(AllViews.TableRow.class)
  @RequestMapping(value = "/severity/change/{genericSeverityId}", method = RequestMethod.POST)
  public Object changeSeverity(
      @PathVariable("orgId") Integer orgId,
      @PathVariable("appId") Integer appId,
      @PathVariable("genericSeverityId") Integer severityId,
      @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
      @ModelAttribute TableSortBean bean,
      Model model)
      throws IOException {

    if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
      return RestResponse.failure("You are not authorized to modify vulnerabilities.");
    }

    if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
      return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
    }

    GenericSeverity genericSeverity = genericSeverityService.loadById(severityId);
    if (genericSeverity == null) return RestResponse.failure("Invalid generic severity Id.");

    vulnerabilityService.changeSeverities(
        vulnerabilityCollectionModel.getVulnerabilityIds(), genericSeverity);

    return tableMap(orgId, appId, bean);
  }
  @JsonView(AllViews.UIVulnSearch.class)
  @RequestMapping(value = "/addBatchVulnTagging", method = RequestMethod.POST)
  public Object addBatchTagging(
      @PathVariable("orgId") Integer orgId,
      @PathVariable("appId") Integer appId,
      @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
      Model model)
      throws IOException {

    if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
      return RestResponse.failure("You are not authorized to modify vulnerabilities.");
    }
    if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
      return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
    }

    log.info(
        "About to tag to "
            + vulnerabilityCollectionModel.getVulnerabilityIds().size()
            + " Vulnerabilities.");
    vulnerabilityService.batchTagging(
        vulnerabilityCollectionModel.getVulnerabilityIds(), vulnerabilityCollectionModel.getTags());

    return RestResponse.success(vulnerabilityCollectionModel.getTags());
  }
  @JsonView(AllViews.TableRow.class)
  @RequestMapping(value = "/table/close", method = RequestMethod.POST)
  public Object closeTableVulnList(
      @PathVariable("orgId") Integer orgId,
      @PathVariable("appId") Integer appId,
      @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
      @ModelAttribute TableSortBean bean,
      Model model)
      throws IOException {

    if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
      return RestResponse.failure("You are not authorized to modify vulnerabilities.");
    }

    if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
      return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
    }

    vulnerabilityService.closeAll(vulnerabilityCollectionModel.getVulnerabilityIds());

    return tableMap(orgId, appId, bean);
  }
Ejemplo n.º 4
0
  @RequestMapping(method = RequestMethod.GET)
  public String index(Model model, HttpServletRequest request) {
    model.addAttribute("hasVulnerabilities", vulnerabilityService.activeVulnerabilitiesExist());
    model.addAttribute("reportParameters", new ReportParameters());
    model.addAttribute("error", ControllerUtils.getErrorMessage(request));
    model.addAttribute("firstReport", ControllerUtils.getItem(request, "reportId"));
    model.addAttribute("firstTeamId", ControllerUtils.getItem(request, "teamId"));
    model.addAttribute("firstAppId", ControllerUtils.getItem(request, "appId"));
    boolean isEnterprise = EnterpriseTest.isEnterprise();
    model.addAttribute("isEnterprise", isEnterprise);
    PermissionUtils.addPermissions(model, null, null, Permission.CAN_MANAGE_TAGS);

    // Return custom report entities
    List<Report> reports =
        reportService.loadAllNonNativeReportsByLocationType(ReportLocation.ANALYTIC);
    if (reports != null && reports.size() > 0) {
      model.addAttribute("reportJsPaths", cacheBustService.notCachedJsPaths(request, reports));
      model.addAttribute("customReports", reports);
    }

    return "reports/index";
  }