@JsonView(AllViews.UIVulnSearch.class)
@RequestMapping(value = "/addBatchVulnTagging", method = RequestMethod.POST)
public Object addBatchTagging(
@PathVariable("orgId") Integer orgId,
@PathVariable("appId") Integer appId,
@ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
Model model)
throws IOException {
if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
return RestResponse.failure("You are not authorized to modify vulnerabilities.");
}
if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
}
log.info(
"About to tag to "
+ vulnerabilityCollectionModel.getVulnerabilityIds().size()
+ " Vulnerabilities.");
vulnerabilityService.batchTagging(
vulnerabilityCollectionModel.getVulnerabilityIds(), vulnerabilityCollectionModel.getTags());
return RestResponse.success(vulnerabilityCollectionModel.getTags());
}
@JsonView(AllViews.UIVulnSearch.class)
@RequestMapping(value = "/addBatchComment", method = RequestMethod.POST)
public Object addBatchComment(
@PathVariable("orgId") Integer orgId,
@PathVariable("appId") Integer appId,
@ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
Model model)
throws IOException {
if (!PermissionUtils.isAuthorized(Permission.CAN_SUBMIT_COMMENTS, orgId, appId)) {
return RestResponse.failure("You are not authorized to modify vulnerabilities.");
}
if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
}
log.info(
"About to add comment to "
+ vulnerabilityCollectionModel.getVulnerabilityIds().size()
+ " Vulnerabilities.");
VulnerabilityComment vulnerabilityComment = null;
for (int vulnerabilityId : vulnerabilityCollectionModel.getVulnerabilityIds()) {
vulnerabilityComment = new VulnerabilityComment();
vulnerabilityComment.setComment(vulnerabilityCollectionModel.getComment());
vulnerabilityComment.setTags(vulnerabilityCollectionModel.getTags());
vulnerabilityCommentService.addCommentToVuln(vulnerabilityComment, vulnerabilityId);
}
return RestResponse.success(vulnerabilityComment);
}
@JsonView(AllViews.TableRow.class)
@RequestMapping(value = "/severity/change/{genericSeverityId}", method = RequestMethod.POST)
public Object changeSeverity(
@PathVariable("orgId") Integer orgId,
@PathVariable("appId") Integer appId,
@PathVariable("genericSeverityId") Integer severityId,
@ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
@ModelAttribute TableSortBean bean,
Model model)
throws IOException {
if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
return RestResponse.failure("You are not authorized to modify vulnerabilities.");
}
if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
}
GenericSeverity genericSeverity = genericSeverityService.loadById(severityId);
if (genericSeverity == null) return RestResponse.failure("Invalid generic severity Id.");
vulnerabilityService.changeSeverities(
vulnerabilityCollectionModel.getVulnerabilityIds(), genericSeverity);
return tableMap(orgId, appId, bean);
}
// This method returns all of the vulnerabilities and tab numbers
public Object tableMap(int orgId, int appId, TableSortBean bean) throws IOException {
if (appId != -1) {
Application application = applicationService.loadApplication(appId);
if (application == null || !application.isActive()) {
log.warn(ResourceNotFoundException.getLogMessage("Application", appId));
throw new ResourceNotFoundException();
}
// we update vulns and application information but not scan
vulnerabilityFilterService.updateVulnerabilities(application);
}
if (orgId != -1) {
Organization organization = organizationService.loadById(orgId);
if (organization == null || !organization.isActive()) {
log.warn(ResourceNotFoundException.getLogMessage("Team", orgId));
throw new ResourceNotFoundException();
}
// we update vulns and team information but not scan
vulnerabilityFilterService.updateVulnerabilities(
organization, organization.getActiveAppIds());
}
if (!PermissionUtils.isAuthorized(Permission.READ_ACCESS, orgId, appId)) {
return RestResponse.failure("You are not authorized to view this information.");
}
return RestResponse.success("Bulk Operation successfully ended.");
}
@RequestMapping(value = "/{filterId}/deleteChannelFilter", method = RequestMethod.POST)
@JsonView(AllViews.TableRow.class)
public @ResponseBody RestResponse<String> submitDeleteChannelFilter(@PathVariable int filterId) {
if (!EnterpriseTest.isEnterprise()) {
String msg =
"You do not have permission to delete channel vulnerability filter. You need to update to enterprise license.";
log.warn(msg);
return RestResponse.failure(msg);
}
return RestResponse.success(submitDeleteChannelFilterBackend(filterId));
}
@JsonView(AllViews.TableRow.class)
@RequestMapping(value = "/table/close", method = RequestMethod.POST)
public Object closeTableVulnList(
@PathVariable("orgId") Integer orgId,
@PathVariable("appId") Integer appId,
@ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
@ModelAttribute TableSortBean bean,
Model model)
throws IOException {
if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
return RestResponse.failure("You are not authorized to modify vulnerabilities.");
}
if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
}
vulnerabilityService.closeAll(vulnerabilityCollectionModel.getVulnerabilityIds());
return tableMap(orgId, appId, bean);
}
@RequestMapping(value = "/newChannelFilter", method = RequestMethod.POST)
@JsonView(AllViews.TableRow.class)
public @ResponseBody RestResponse<ChannelVulnerabilityFilter> submitNewChannelFilter(
ChannelVulnerabilityFilter channelVulnerabilityFilter,
BindingResult bindingResult,
SessionStatus status) {
if (!EnterpriseTest.isEnterprise()) {
String msg =
"You do not have permission to add new channel vulnerability filter. You need to update to enterprise license.";
log.warn(msg);
return RestResponse.failure(msg);
}
return submitNewChannelFilterBackend(channelVulnerabilityFilter, bindingResult, status);
}
