コード例 #1
0
  @JsonView(AllViews.UIVulnSearch.class)
  @RequestMapping(value = "/addBatchComment", method = RequestMethod.POST)
  public Object addBatchComment(
      @PathVariable("orgId") Integer orgId,
      @PathVariable("appId") Integer appId,
      @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
      Model model)
      throws IOException {

    if (!PermissionUtils.isAuthorized(Permission.CAN_SUBMIT_COMMENTS, orgId, appId)) {
      return RestResponse.failure("You are not authorized to modify vulnerabilities.");
    }

    if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
      return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
    }

    log.info(
        "About to add comment to "
            + vulnerabilityCollectionModel.getVulnerabilityIds().size()
            + " Vulnerabilities.");

    VulnerabilityComment vulnerabilityComment = null;

    for (int vulnerabilityId : vulnerabilityCollectionModel.getVulnerabilityIds()) {
      vulnerabilityComment = new VulnerabilityComment();
      vulnerabilityComment.setComment(vulnerabilityCollectionModel.getComment());
      vulnerabilityComment.setTags(vulnerabilityCollectionModel.getTags());
      vulnerabilityCommentService.addCommentToVuln(vulnerabilityComment, vulnerabilityId);
    }

    return RestResponse.success(vulnerabilityComment);
  }
コード例 #2
0
 @Override
 public void changeTagInVulnComments() {
   LOG.info(
       "About to update all tags in Vulnerability Comments from Application Tag to Comment Tag.");
   List<VulnerabilityComment> vulnerabilityComments = vulnerabilityCommentDao.retrieveAllActive();
   if (vulnerabilityComments == null) {
     LOG.info("There is no vulnerability comments in the system.");
     return;
   }
   LOG.info(
       "Looking for tags in "
           + vulnerabilityComments.size()
           + " vulnerability comments, and change them if found.");
   for (VulnerabilityComment comment : vulnerabilityComments) {
     List<Tag> newTags = CollectionUtils.list();
     for (Tag tag : comment.getTags()) {
       if (tag.getType() == TagType.APPLICATION) {
         Tag sameTagInComment = loadCommentTag(tag.getName());
         if (sameTagInComment != null) newTags.add(sameTagInComment);
         else
           LOG.warn(
               "Can't find comment tag "
                   + tag.getName()
                   + " to change for comment in vulnerability ID "
                   + comment.getVulnerability().getId());
       } else newTags.add(tag);
     }
     comment.setTags(newTags);
     vulnerabilityCommentDao.saveOrUpdate(comment);
   }
 }