public static Vulnerabilities.Vulnerability.Finding convertTFFindingToSSVLFinding( Finding tfFinding) { Vulnerabilities.Vulnerability.Finding ssvlFinding = factory.createVulnerabilitiesVulnerabilityFinding(); ssvlFinding.setFindingDescription(tfFinding.getChannelVulnerability().getName()); ssvlFinding.setLongDescription(tfFinding.getLongDescription()); ssvlFinding.setNativeID(tfFinding.getNativeId()); ssvlFinding.setAttackString(tfFinding.getAttackString()); ssvlFinding.setScanner(tfFinding.getChannelNameOrNull()); ssvlFinding.setSeverity(tfFinding.getChannelSeverity().getName()); ssvlFinding.setIdentifiedTimestamp(getTimestamp(tfFinding.getScan().getImportTime())); if (!tfFinding.getIsStatic()) ssvlFinding.setSurfaceLocation( convertTFSurfaceLocationToSSVL(tfFinding.getSurfaceLocation())); if (tfFinding.getDataFlowElements() != null) for (DataFlowElement tfDataFlow : tfFinding.getDataFlowElements()) { ssvlFinding.getDataFlowElement().add(convertTFDataFlowElementToSSVL(tfDataFlow)); } ssvlFinding.setDependency(convertTFDependencyToSSVL(tfFinding.getDependency())); return ssvlFinding; }
@Override public VulnerabilityDefectConsistencyState determineVulnerabilityDefectConsistencyState( Vulnerability vulnerability) { VulnerabilityDefectConsistencyState vulnerabilityDefectConsistencyState = null; Defect defect = vulnerability.getDefect(); if (defect != null) { if (vulnerability.isActive() == defect.isOpen()) { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.CONSISTENT; } else if (defect.isOpen()) { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.VULN_CLOSED_DEFECT_OPEN_NEEDS_SCAN; } else { Calendar latestScanDate = null; for (Finding finding : vulnerability.getFindings()) { Calendar scanDate = finding.getScan().getImportTime(); if ((latestScanDate == null) || scanDate.after(latestScanDate)) { latestScanDate = scanDate; } if (finding.getScanRepeatFindingMaps() != null) { for (ScanRepeatFindingMap scanRepeatFindingMap : finding.getScanRepeatFindingMaps()) { Scan scan = scanRepeatFindingMap.getScan(); if (scan != null) { scanDate = scan.getImportTime(); if ((latestScanDate == null) || scanDate.after(latestScanDate)) { latestScanDate = scanDate; } } } } } Calendar defectStatusUpdatedDate = defect.getStatusUpdatedDate(); if (defectStatusUpdatedDate == null) { defectStatusUpdatedDate = Calendar.getInstance(); defectStatusUpdatedDate.setTime(defect.getModifiedDate()); } if ((latestScanDate != null) && latestScanDate.after(defectStatusUpdatedDate)) { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_STILL_IN_SCAN; } else { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_NEEDS_SCAN; } } } vulnerability.setVulnerabilityDefectConsistencyState(vulnerabilityDefectConsistencyState); return vulnerabilityDefectConsistencyState; }