@JsonView(AllViews.UIVulnSearch.class) @RequestMapping(value = "/addBatchVulnTagging", method = RequestMethod.POST) public Object addBatchTagging( @PathVariable("orgId") Integer orgId, @PathVariable("appId") Integer appId, @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel, Model model) throws IOException { if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) { return RestResponse.failure("You are not authorized to modify vulnerabilities."); } if (!checkCollectionModel(vulnerabilityCollectionModel, model)) { return RestResponse.failure("Couldn't complete bulk vulnerability operation."); } log.info( "About to tag to " + vulnerabilityCollectionModel.getVulnerabilityIds().size() + " Vulnerabilities."); vulnerabilityService.batchTagging( vulnerabilityCollectionModel.getVulnerabilityIds(), vulnerabilityCollectionModel.getTags()); return RestResponse.success(vulnerabilityCollectionModel.getTags()); }
@JsonView(AllViews.UIVulnSearch.class) @RequestMapping(value = "/addBatchComment", method = RequestMethod.POST) public Object addBatchComment( @PathVariable("orgId") Integer orgId, @PathVariable("appId") Integer appId, @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel, Model model) throws IOException { if (!PermissionUtils.isAuthorized(Permission.CAN_SUBMIT_COMMENTS, orgId, appId)) { return RestResponse.failure("You are not authorized to modify vulnerabilities."); } if (!checkCollectionModel(vulnerabilityCollectionModel, model)) { return RestResponse.failure("Couldn't complete bulk vulnerability operation."); } log.info( "About to add comment to " + vulnerabilityCollectionModel.getVulnerabilityIds().size() + " Vulnerabilities."); VulnerabilityComment vulnerabilityComment = null; for (int vulnerabilityId : vulnerabilityCollectionModel.getVulnerabilityIds()) { vulnerabilityComment = new VulnerabilityComment(); vulnerabilityComment.setComment(vulnerabilityCollectionModel.getComment()); vulnerabilityComment.setTags(vulnerabilityCollectionModel.getTags()); vulnerabilityCommentService.addCommentToVuln(vulnerabilityComment, vulnerabilityId); } return RestResponse.success(vulnerabilityComment); }
@JsonView(AllViews.TableRow.class) @RequestMapping(value = "/severity/change/{genericSeverityId}", method = RequestMethod.POST) public Object changeSeverity( @PathVariable("orgId") Integer orgId, @PathVariable("appId") Integer appId, @PathVariable("genericSeverityId") Integer severityId, @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel, @ModelAttribute TableSortBean bean, Model model) throws IOException { if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) { return RestResponse.failure("You are not authorized to modify vulnerabilities."); } if (!checkCollectionModel(vulnerabilityCollectionModel, model)) { return RestResponse.failure("Couldn't complete bulk vulnerability operation."); } GenericSeverity genericSeverity = genericSeverityService.loadById(severityId); if (genericSeverity == null) return RestResponse.failure("Invalid generic severity Id."); vulnerabilityService.changeSeverities( vulnerabilityCollectionModel.getVulnerabilityIds(), genericSeverity); return tableMap(orgId, appId, bean); }
// This method returns all of the vulnerabilities and tab numbers public Object tableMap(int orgId, int appId, TableSortBean bean) throws IOException { if (appId != -1) { Application application = applicationService.loadApplication(appId); if (application == null || !application.isActive()) { log.warn(ResourceNotFoundException.getLogMessage("Application", appId)); throw new ResourceNotFoundException(); } // we update vulns and application information but not scan vulnerabilityFilterService.updateVulnerabilities(application); } if (orgId != -1) { Organization organization = organizationService.loadById(orgId); if (organization == null || !organization.isActive()) { log.warn(ResourceNotFoundException.getLogMessage("Team", orgId)); throw new ResourceNotFoundException(); } // we update vulns and team information but not scan vulnerabilityFilterService.updateVulnerabilities( organization, organization.getActiveAppIds()); } if (!PermissionUtils.isAuthorized(Permission.READ_ACCESS, orgId, appId)) { return RestResponse.failure("You are not authorized to view this information."); } return RestResponse.success("Bulk Operation successfully ended."); }
@RequestMapping(value = "/{filterId}/deleteChannelFilter", method = RequestMethod.POST) @JsonView(AllViews.TableRow.class) public @ResponseBody RestResponse<String> submitDeleteChannelFilter(@PathVariable int filterId) { if (!EnterpriseTest.isEnterprise()) { String msg = "You do not have permission to delete channel vulnerability filter. You need to update to enterprise license."; log.warn(msg); return RestResponse.failure(msg); } return RestResponse.success(submitDeleteChannelFilterBackend(filterId)); }
@JsonView(AllViews.TableRow.class) @RequestMapping(value = "/table/close", method = RequestMethod.POST) public Object closeTableVulnList( @PathVariable("orgId") Integer orgId, @PathVariable("appId") Integer appId, @ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel, @ModelAttribute TableSortBean bean, Model model) throws IOException { if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) { return RestResponse.failure("You are not authorized to modify vulnerabilities."); } if (!checkCollectionModel(vulnerabilityCollectionModel, model)) { return RestResponse.failure("Couldn't complete bulk vulnerability operation."); } vulnerabilityService.closeAll(vulnerabilityCollectionModel.getVulnerabilityIds()); return tableMap(orgId, appId, bean); }
@RequestMapping(value = "/newChannelFilter", method = RequestMethod.POST) @JsonView(AllViews.TableRow.class) public @ResponseBody RestResponse<ChannelVulnerabilityFilter> submitNewChannelFilter( ChannelVulnerabilityFilter channelVulnerabilityFilter, BindingResult bindingResult, SessionStatus status) { if (!EnterpriseTest.isEnterprise()) { String msg = "You do not have permission to add new channel vulnerability filter. You need to update to enterprise license."; log.warn(msg); return RestResponse.failure(msg); } return submitNewChannelFilterBackend(channelVulnerabilityFilter, bindingResult, status); }