Java ObjectFactory示例

示例#1

文件： ObjectToSSVLParser.java 项目： yehgdotnet/threadfix

  public static Vulnerabilities.Vulnerability.Finding convertTFFindingToSSVLFinding(
      Finding tfFinding) {

    Vulnerabilities.Vulnerability.Finding ssvlFinding =
        factory.createVulnerabilitiesVulnerabilityFinding();

    ssvlFinding.setFindingDescription(tfFinding.getChannelVulnerability().getName());
    ssvlFinding.setLongDescription(tfFinding.getLongDescription());
    ssvlFinding.setNativeID(tfFinding.getNativeId());
    ssvlFinding.setAttackString(tfFinding.getAttackString());
    ssvlFinding.setScanner(tfFinding.getChannelNameOrNull());
    ssvlFinding.setSeverity(tfFinding.getChannelSeverity().getName());
    ssvlFinding.setIdentifiedTimestamp(getTimestamp(tfFinding.getScan().getImportTime()));
    if (!tfFinding.getIsStatic())
      ssvlFinding.setSurfaceLocation(
          convertTFSurfaceLocationToSSVL(tfFinding.getSurfaceLocation()));

    if (tfFinding.getDataFlowElements() != null)
      for (DataFlowElement tfDataFlow : tfFinding.getDataFlowElements()) {
        ssvlFinding.getDataFlowElement().add(convertTFDataFlowElementToSSVL(tfDataFlow));
      }

    ssvlFinding.setDependency(convertTFDependencyToSSVL(tfFinding.getDependency()));

    return ssvlFinding;
  }

示例#2

文件： ObjectToSSVLParser.java 项目： yehgdotnet/threadfix

  private static Vulnerabilities.Vulnerability.Finding.SurfaceLocation
      convertTFSurfaceLocationToSSVL(SurfaceLocation tfSurfaceLocation) {
    if (tfSurfaceLocation == null) return null;

    Vulnerabilities.Vulnerability.Finding.SurfaceLocation ssvlSurfaceLocation =
        factory.createVulnerabilitiesVulnerabilityFindingSurfaceLocation();
    ssvlSurfaceLocation.setParameter(tfSurfaceLocation.getParameter());
    ssvlSurfaceLocation.setUrl(tfSurfaceLocation.getUrl().toString());

    return ssvlSurfaceLocation;
  }

示例#3

文件： ObjectToSSVLParser.java 项目： yehgdotnet/threadfix

  private static Vulnerabilities.Vulnerability.Finding.DataFlowElement
      convertTFDataFlowElementToSSVL(DataFlowElement tfDataFlowElement) {
    Vulnerabilities.Vulnerability.Finding.DataFlowElement ssvlDataFlowElement =
        factory.createVulnerabilitiesVulnerabilityFindingDataFlowElement();

    ssvlDataFlowElement.setLineText(tfDataFlowElement.getLineText());
    ssvlDataFlowElement.setSourceFileName(tfDataFlowElement.getSourceFileName());
    ssvlDataFlowElement.setLineNumber(BigInteger.valueOf(tfDataFlowElement.getLineNumber()));
    ssvlDataFlowElement.setColumnNumber(BigInteger.valueOf(tfDataFlowElement.getColumnNumber()));
    ssvlDataFlowElement.setSequence(BigInteger.valueOf(tfDataFlowElement.getSequence()));

    return ssvlDataFlowElement;
  }

示例#4

文件： ObjectToSSVLParser.java 项目： yehgdotnet/threadfix

  public static Vulnerabilities.Vulnerability convertTFVulnToSSVLVuln(Vulnerability tfVuln) {
    Vulnerabilities.Vulnerability ssvlVuln = factory.createVulnerabilitiesVulnerability();
    ssvlVuln.setDescription(tfVuln.getGenericVulnName());
    if (tfVuln.getDefect() != null) ssvlVuln.setIssueID(tfVuln.getDefect().getNativeId());
    ssvlVuln.setCWE(tfVuln.getGenericVulnerability().getDisplayId());
    ssvlVuln.setSeverity(Severities.fromValue(tfVuln.getSeverityName()));
    ssvlVuln.setApplication(tfVuln.getAppName());
    if (tfVuln.getFindings() != null) {
      for (Finding tfFinding : tfVuln.getFindings()) {
        ssvlVuln.getFinding().add(convertTFFindingToSSVLFinding(tfFinding));
      }
    }

    return ssvlVuln;
  }

示例#5

文件： ObjectToSSVLParser.java 项目： yehgdotnet/threadfix

  private static Vulnerabilities.Vulnerability.Finding.Dependency convertTFDependencyToSSVL(
      Dependency tfDependency) {

    if (tfDependency == null) return null;

    Vulnerabilities.Vulnerability.Finding.Dependency ssvlDependency =
        factory.createVulnerabilitiesVulnerabilityFindingDependency();
    ssvlDependency.setCVE(tfDependency.getCve());
    ssvlDependency.setComponentName(tfDependency.getComponentName());
    ssvlDependency.setComponentFilePath(tfDependency.getComponentFilePath());
    ssvlDependency.setRefLink(tfDependency.getRefLink());
    ssvlDependency.setSource(tfDependency.getSource());
    ssvlDependency.setDescription(tfDependency.getDescription());

    return ssvlDependency;
  }

示例#6

文件： ObjectToSSVLParser.java 项目： yehgdotnet/threadfix

  private static List<Vulnerabilities.Vulnerability.Finding.DataFlowElement>
      convertTFDataFlowElementsToSSVL(List<DataFlowElement> tfDataFlowElements) {
    if (tfDataFlowElements == null) return null;
    List<Vulnerabilities.Vulnerability.Finding.DataFlowElement> ssvlDataFlowElements =
        CollectionUtils.list();

    for (DataFlowElement tfDataFlowElement : tfDataFlowElements) {
      Vulnerabilities.Vulnerability.Finding.DataFlowElement ssvlDataFlowElement =
          factory.createVulnerabilitiesVulnerabilityFindingDataFlowElement();

      ssvlDataFlowElement.setLineText(tfDataFlowElement.getLineText());
      ssvlDataFlowElement.setSourceFileName(tfDataFlowElement.getSourceFileName());
      ssvlDataFlowElement.setLineNumber(BigInteger.valueOf(tfDataFlowElement.getLineNumber()));
      ssvlDataFlowElement.setColumnNumber(BigInteger.valueOf(tfDataFlowElement.getColumnNumber()));
      ssvlDataFlowElement.setSequence(BigInteger.valueOf(tfDataFlowElement.getSequence()));

      ssvlDataFlowElements.add(ssvlDataFlowElement);
    }
    return ssvlDataFlowElements;
  }

示例#7

文件： ObjectToSSVLParser.java 项目： yehgdotnet/threadfix

  public static String parse(List<Vulnerability> tfVulnerabilities) {
    Vulnerabilities ssvlVulnerabilities = factory.createVulnerabilities();
    if (tfVulnerabilities != null)
      for (Vulnerability tfVuln : tfVulnerabilities) {
        ssvlVulnerabilities.getVulnerability().add(convertTFVulnToSSVLVuln(tfVuln));
      }

    ssvlVulnerabilities.setExportTimestamp(getCurrentTimestamp());
    ssvlVulnerabilities.setSpecVersion(SSVL_SPEC_VERSION_0_3);

    StringWriter stringWriter = new StringWriter();
    try {
      JAXBContext context =
          JAXBContext.newInstance("com.denimgroup.threadfix.data.entities.ssvl.generated");
      Marshaller marshaller = context.createMarshaller();
      marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
      marshaller.marshal(ssvlVulnerabilities, stringWriter);

    } catch (JAXBException e) {
      e.printStackTrace();
    }
    return stringWriter.toString();
  }