@Override
 public Vulnerability retrieveById(int id) {
   Vulnerability vuln =
       (Vulnerability) sessionFactory.getCurrentSession().get(Vulnerability.class, id);
   if (vuln != null && !vuln.isExpired()) {
     return vuln;
   } else {
     assert false : "Attempted to retrieve invalid vulnerability id.";
     return null;
   }
 }
 @SuppressWarnings("unchecked")
 @Override
 public void markAllOpen(List<Vulnerability> vulns) {
   for (Vulnerability vuln : vulns) {
     if (vuln != null && !vuln.isActive()) {
       vuln.setActive(true);
       vuln.setFoundByScanner(true);
       determineVulnerabilityDefectConsistencyState(vuln);
       saveOrUpdate(vuln);
     }
   }
 }
 @Override
 @SuppressWarnings("unchecked")
 public List<Vulnerability> retrieveAllByGenericVulnerabilityAndApp(Vulnerability vulnerability) {
   return sessionFactory
       .getCurrentSession()
       .createQuery(
           "from Vulnerability vuln where vuln.application = :appId "
               + "and vuln.genericVulnerability = :gvId and vuln.expired = :false")
       .setInteger("gvId", vulnerability.getGenericVulnerability().getId())
       .setInteger("appId", vulnerability.getApplication().getId())
       .setBoolean("false", false)
       .list();
 }
 @SuppressWarnings("unchecked")
 @Override
 public void markAllClosed(List<Vulnerability> vulns) {
   for (Vulnerability vuln : vulns) {
     if (vuln != null && vuln.isActive()) {
       vuln.setActive(false);
       vuln.setCloseTime(Calendar.getInstance());
       vuln.setFoundByScanner(false);
       determineVulnerabilityDefectConsistencyState(vuln);
       saveOrUpdate(vuln);
     }
   }
 }
  @Override
  public VulnerabilityDefectConsistencyState determineVulnerabilityDefectConsistencyState(
      Vulnerability vulnerability) {
    VulnerabilityDefectConsistencyState vulnerabilityDefectConsistencyState = null;

    Defect defect = vulnerability.getDefect();
    if (defect != null) {
      if (vulnerability.isActive() == defect.isOpen()) {
        vulnerabilityDefectConsistencyState = VulnerabilityDefectConsistencyState.CONSISTENT;
      } else if (defect.isOpen()) {
        vulnerabilityDefectConsistencyState =
            VulnerabilityDefectConsistencyState.VULN_CLOSED_DEFECT_OPEN_NEEDS_SCAN;
      } else {
        Calendar latestScanDate = null;
        for (Finding finding : vulnerability.getFindings()) {
          Calendar scanDate = finding.getScan().getImportTime();
          if ((latestScanDate == null) || scanDate.after(latestScanDate)) {
            latestScanDate = scanDate;
          }
          if (finding.getScanRepeatFindingMaps() != null) {
            for (ScanRepeatFindingMap scanRepeatFindingMap : finding.getScanRepeatFindingMaps()) {
              Scan scan = scanRepeatFindingMap.getScan();
              if (scan != null) {
                scanDate = scan.getImportTime();
                if ((latestScanDate == null) || scanDate.after(latestScanDate)) {
                  latestScanDate = scanDate;
                }
              }
            }
          }
        }
        Calendar defectStatusUpdatedDate = defect.getStatusUpdatedDate();
        if (defectStatusUpdatedDate == null) {
          defectStatusUpdatedDate = Calendar.getInstance();
          defectStatusUpdatedDate.setTime(defect.getModifiedDate());
        }
        if ((latestScanDate != null) && latestScanDate.after(defectStatusUpdatedDate)) {
          vulnerabilityDefectConsistencyState =
              VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_STILL_IN_SCAN;
        } else {
          vulnerabilityDefectConsistencyState =
              VulnerabilityDefectConsistencyState.VULN_OPEN_DEFECT_CLOSED_NEEDS_SCAN;
        }
      }
    }

    vulnerability.setVulnerabilityDefectConsistencyState(vulnerabilityDefectConsistencyState);
    return vulnerabilityDefectConsistencyState;
  }
 @Override
 @SuppressWarnings("unchecked")
 public List<Vulnerability> retrieveSimilarHashes(Vulnerability vulnerability) {
   return sessionFactory
       .getCurrentSession()
       .createQuery(
           "from Vulnerability vuln where vuln.application = :appId "
               + "and vuln.expired = :false "
               + "and (vuln.locationVariableHash = :lvHash or "
               + "vuln.locationHash = :lHash or vuln.variableHash = :vHash)")
       .setString("lvHash", vulnerability.getLocationVariableHash())
       .setString("lHash", vulnerability.getLocationHash())
       .setString("vHash", vulnerability.getVariableHash())
       .setInteger("appId", vulnerability.getApplication().getId())
       .setBoolean("false", false)
       .list();
 }
  @Override
  public void delete(Vulnerability vulnerability) {

    if (vulnerability.getDocuments() != null) {
      for (Document document : vulnerability.getDocuments()) {
        sessionFactory.getCurrentSession().delete(document);
      }
    }

    if (vulnerability.getEvents() != null) {
      for (Event event : vulnerability.getEvents()) {
        event.setVulnerability(null);
        sessionFactory.getCurrentSession().save(event);
      }
    }

    sessionFactory.getCurrentSession().save(new DeletedVulnerability(vulnerability));
    sessionFactory.getCurrentSession().delete(vulnerability);
  }
Exemplo n.º 8
0
  public static Vulnerabilities.Vulnerability convertTFVulnToSSVLVuln(Vulnerability tfVuln) {
    Vulnerabilities.Vulnerability ssvlVuln = factory.createVulnerabilitiesVulnerability();
    ssvlVuln.setDescription(tfVuln.getGenericVulnName());
    if (tfVuln.getDefect() != null) ssvlVuln.setIssueID(tfVuln.getDefect().getNativeId());
    ssvlVuln.setCWE(tfVuln.getGenericVulnerability().getDisplayId());
    ssvlVuln.setSeverity(Severities.fromValue(tfVuln.getSeverityName()));
    ssvlVuln.setApplication(tfVuln.getAppName());
    if (tfVuln.getFindings() != null) {
      for (Finding tfFinding : tfVuln.getFindings()) {
        ssvlVuln.getFinding().add(convertTFFindingToSSVLFinding(tfFinding));
      }
    }

    return ssvlVuln;
  }