@Override public Vulnerability retrieveById(int id) { Vulnerability vuln = (Vulnerability) sessionFactory.getCurrentSession().get(Vulnerability.class, id); if (vuln != null && !vuln.isExpired()) { return vuln; } else { assert false : "Attempted to retrieve invalid vulnerability id."; return null; } }
@SuppressWarnings("unchecked") @Override public void markAllOpen(List<Vulnerability> vulns) { for (Vulnerability vuln : vulns) { if (vuln != null && !vuln.isActive()) { vuln.setActive(true); vuln.setFoundByScanner(true); determineVulnerabilityDefectConsistencyState(vuln); saveOrUpdate(vuln); } } }
@Override @SuppressWarnings("unchecked") public List<Vulnerability> retrieveAllByGenericVulnerabilityAndApp(Vulnerability vulnerability) { return sessionFactory .getCurrentSession() .createQuery( "from Vulnerability vuln where vuln.application = :appId " + "and vuln.genericVulnerability = :gvId and vuln.expired = :false") .setInteger("gvId", vulnerability.getGenericVulnerability().getId()) .setInteger("appId", vulnerability.getApplication().getId()) .setBoolean("false", false) .list(); }
@SuppressWarnings("unchecked") @Override public void markAllClosed(List<Vulnerability> vulns) { for (Vulnerability vuln : vulns) { if (vuln != null && vuln.isActive()) { vuln.setActive(false); vuln.setCloseTime(Calendar.getInstance()); vuln.setFoundByScanner(false); determineVulnerabilityDefectConsistencyState(vuln); saveOrUpdate(vuln); } } }
@Override public VulnerabilityDefectConsistencyState determineVulnerabilityDefectConsistencyState( Vulnerability vulnerability) { VulnerabilityDefectConsistencyState vulnerabilityDefectConsistencyState = null; Defect defect = vulnerability.getDefect(); if (defect != null) { if (vulnerability.isActive() == defect.isOpen()) { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.CONSISTENT; } else if (defect.isOpen()) { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.VULN_CLOSED_DEFECT_OPEN_NEEDS_SCAN; } else { Calendar latestScanDate = null; for (Finding finding : vulnerability.getFindings()) { Calendar scanDate = finding.getScan().getImportTime(); if ((latestScanDate == null) || scanDate.after(latestScanDate)) { latestScanDate = scanDate; } if (finding.getScanRepeatFindingMaps() != null) { for (ScanRepeatFindingMap scanRepeatFindingMap : finding.getScanRepeatFindingMaps()) { Scan scan = scanRepeatFindingMap.getScan(); if (scan != null) { scanDate = scan.getImportTime(); if ((latestScanDate == null) || scanDate.after(latestScanDate)) { latestScanDate = scanDate; } } } } } Calendar defectStatusUpdatedDate = defect.getStatusUpdatedDate(); if (defectStatusUpdatedDate == null) { defectStatusUpdatedDate = Calendar.getInstance(); defectStatusUpdatedDate.setTime(defect.getModifiedDate()); } if ((latestScanDate != null) && latestScanDate.after(defectStatusUpdatedDate)) { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_STILL_IN_SCAN; } else { vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_NEEDS_SCAN; } } } vulnerability.setVulnerabilityDefectConsistencyState(vulnerabilityDefectConsistencyState); return vulnerabilityDefectConsistencyState; }
@Override @SuppressWarnings("unchecked") public List<Vulnerability> retrieveSimilarHashes(Vulnerability vulnerability) { return sessionFactory .getCurrentSession() .createQuery( "from Vulnerability vuln where vuln.application = :appId " + "and vuln.expired = :false " + "and (vuln.locationVariableHash = :lvHash or " + "vuln.locationHash = :lHash or vuln.variableHash = :vHash)") .setString("lvHash", vulnerability.getLocationVariableHash()) .setString("lHash", vulnerability.getLocationHash()) .setString("vHash", vulnerability.getVariableHash()) .setInteger("appId", vulnerability.getApplication().getId()) .setBoolean("false", false) .list(); }
@Override public void delete(Vulnerability vulnerability) { if (vulnerability.getDocuments() != null) { for (Document document : vulnerability.getDocuments()) { sessionFactory.getCurrentSession().delete(document); } } if (vulnerability.getEvents() != null) { for (Event event : vulnerability.getEvents()) { event.setVulnerability(null); sessionFactory.getCurrentSession().save(event); } } sessionFactory.getCurrentSession().save(new DeletedVulnerability(vulnerability)); sessionFactory.getCurrentSession().delete(vulnerability); }
public static Vulnerabilities.Vulnerability convertTFVulnToSSVLVuln(Vulnerability tfVuln) { Vulnerabilities.Vulnerability ssvlVuln = factory.createVulnerabilitiesVulnerability(); ssvlVuln.setDescription(tfVuln.getGenericVulnName()); if (tfVuln.getDefect() != null) ssvlVuln.setIssueID(tfVuln.getDefect().getNativeId()); ssvlVuln.setCWE(tfVuln.getGenericVulnerability().getDisplayId()); ssvlVuln.setSeverity(Severities.fromValue(tfVuln.getSeverityName())); ssvlVuln.setApplication(tfVuln.getAppName()); if (tfVuln.getFindings() != null) { for (Finding tfFinding : tfVuln.getFindings()) { ssvlVuln.getFinding().add(convertTFFindingToSSVLFinding(tfFinding)); } } return ssvlVuln; }