public static Vulnerabilities.Vulnerability convertTFVulnToSSVLVuln(Vulnerability tfVuln) { Vulnerabilities.Vulnerability ssvlVuln = factory.createVulnerabilitiesVulnerability(); ssvlVuln.setDescription(tfVuln.getGenericVulnName()); if (tfVuln.getDefect() != null) ssvlVuln.setIssueID(tfVuln.getDefect().getNativeId()); ssvlVuln.setCWE(tfVuln.getGenericVulnerability().getDisplayId()); ssvlVuln.setSeverity(Severities.fromValue(tfVuln.getSeverityName())); ssvlVuln.setApplication(tfVuln.getAppName()); if (tfVuln.getFindings() != null) { for (Finding tfFinding : tfVuln.getFindings()) { ssvlVuln.getFinding().add(convertTFFindingToSSVLFinding(tfFinding)); } } return ssvlVuln; }
@Override public VulnerabilityDefectConsistencyState determineVulnerabilityDefectConsistencyState( Vulnerability vulnerability) { VulnerabilityDefectConsistencyState vulnerabilityDefectConsistencyState = null; Defect defect = vulnerability.getDefect(); if (defect != null) { if (vulnerability.isActive() == defect.isOpen()) { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.CONSISTENT; } else if (defect.isOpen()) { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.VULN_CLOSED_DEFECT_OPEN_NEEDS_SCAN; } else { Calendar latestScanDate = null; for (Finding finding : vulnerability.getFindings()) { Calendar scanDate = finding.getScan().getImportTime(); if ((latestScanDate == null) || scanDate.after(latestScanDate)) { latestScanDate = scanDate; } if (finding.getScanRepeatFindingMaps() != null) { for (ScanRepeatFindingMap scanRepeatFindingMap : finding.getScanRepeatFindingMaps()) { Scan scan = scanRepeatFindingMap.getScan(); if (scan != null) { scanDate = scan.getImportTime(); if ((latestScanDate == null) || scanDate.after(latestScanDate)) { latestScanDate = scanDate; } } } } } Calendar defectStatusUpdatedDate = defect.getStatusUpdatedDate(); if (defectStatusUpdatedDate == null) { defectStatusUpdatedDate = Calendar.getInstance(); defectStatusUpdatedDate.setTime(defect.getModifiedDate()); } if ((latestScanDate != null) && latestScanDate.after(defectStatusUpdatedDate)) { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_STILL_IN_SCAN; } else { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_NEEDS_SCAN; } } } vulnerability.setVulnerabilityDefectConsistencyState(vulnerabilityDefectConsistencyState); return vulnerabilityDefectConsistencyState; }