예제 #1
0
  public static Vulnerabilities.Vulnerability convertTFVulnToSSVLVuln(Vulnerability tfVuln) {
    Vulnerabilities.Vulnerability ssvlVuln = factory.createVulnerabilitiesVulnerability();
    ssvlVuln.setDescription(tfVuln.getGenericVulnName());
    if (tfVuln.getDefect() != null) ssvlVuln.setIssueID(tfVuln.getDefect().getNativeId());
    ssvlVuln.setCWE(tfVuln.getGenericVulnerability().getDisplayId());
    ssvlVuln.setSeverity(Severities.fromValue(tfVuln.getSeverityName()));
    ssvlVuln.setApplication(tfVuln.getAppName());
    if (tfVuln.getFindings() != null) {
      for (Finding tfFinding : tfVuln.getFindings()) {
        ssvlVuln.getFinding().add(convertTFFindingToSSVLFinding(tfFinding));
      }
    }

    return ssvlVuln;
  }
  @Override
  public VulnerabilityDefectConsistencyState determineVulnerabilityDefectConsistencyState(
      Vulnerability vulnerability) {
    VulnerabilityDefectConsistencyState vulnerabilityDefectConsistencyState = null;

    Defect defect = vulnerability.getDefect();
    if (defect != null) {
      if (vulnerability.isActive() == defect.isOpen()) {
        vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.CONSISTENT;
      } else if (defect.isOpen()) {
        vulnerabilityDefectConsistencyState =
            VulnerabilityDefectConsistencyState.VULN_CLOSED_DEFECT_OPEN_NEEDS_SCAN;
      } else {
        Calendar latestScanDate = null;
        for (Finding finding : vulnerability.getFindings()) {
          Calendar scanDate = finding.getScan().getImportTime();
          if ((latestScanDate == null) || scanDate.after(latestScanDate)) {
            latestScanDate = scanDate;
          }
          if (finding.getScanRepeatFindingMaps() != null) {
            for (ScanRepeatFindingMap scanRepeatFindingMap : finding.getScanRepeatFindingMaps()) {
              Scan scan = scanRepeatFindingMap.getScan();
              if (scan != null) {
                scanDate = scan.getImportTime();
                if ((latestScanDate == null) || scanDate.after(latestScanDate)) {
                  latestScanDate = scanDate;
                }
              }
            }
          }
        }
        Calendar defectStatusUpdatedDate = defect.getStatusUpdatedDate();
        if (defectStatusUpdatedDate == null) {
          defectStatusUpdatedDate = Calendar.getInstance();
          defectStatusUpdatedDate.setTime(defect.getModifiedDate());
        }
        if ((latestScanDate != null) && latestScanDate.after(defectStatusUpdatedDate)) {
          vulnerabilityDefectConsistencyState =
              VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_STILL_IN_SCAN;
        } else {
          vulnerabilityDefectConsistencyState =
              VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_NEEDS_SCAN;
        }
      }
    }

    vulnerability.setVulnerabilityDefectConsistencyState(vulnerabilityDefectConsistencyState);
    return vulnerabilityDefectConsistencyState;
  }