@JsonView(AllViews.TableRow.class)
@RequestMapping(value = "/severity/change/{genericSeverityId}", method = RequestMethod.POST)
public Object changeSeverity(
@PathVariable("orgId") Integer orgId,
@PathVariable("appId") Integer appId,
@PathVariable("genericSeverityId") Integer severityId,
@ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
@ModelAttribute TableSortBean bean,
Model model)
throws IOException {
if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
return RestResponse.failure("You are not authorized to modify vulnerabilities.");
}
if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
}
GenericSeverity genericSeverity = genericSeverityService.loadById(severityId);
if (genericSeverity == null) return RestResponse.failure("Invalid generic severity Id.");
vulnerabilityService.changeSeverities(
vulnerabilityCollectionModel.getVulnerabilityIds(), genericSeverity);
return tableMap(orgId, appId, bean);
}
@JsonView(AllViews.UIVulnSearch.class)
@RequestMapping(value = "/addBatchVulnTagging", method = RequestMethod.POST)
public Object addBatchTagging(
@PathVariable("orgId") Integer orgId,
@PathVariable("appId") Integer appId,
@ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
Model model)
throws IOException {
if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
return RestResponse.failure("You are not authorized to modify vulnerabilities.");
}
if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
}
log.info(
"About to tag to "
+ vulnerabilityCollectionModel.getVulnerabilityIds().size()
+ " Vulnerabilities.");
vulnerabilityService.batchTagging(
vulnerabilityCollectionModel.getVulnerabilityIds(), vulnerabilityCollectionModel.getTags());
return RestResponse.success(vulnerabilityCollectionModel.getTags());
}
@JsonView(AllViews.TableRow.class)
@RequestMapping(value = "/table/close", method = RequestMethod.POST)
public Object closeTableVulnList(
@PathVariable("orgId") Integer orgId,
@PathVariable("appId") Integer appId,
@ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
@ModelAttribute TableSortBean bean,
Model model)
throws IOException {
if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
return RestResponse.failure("You are not authorized to modify vulnerabilities.");
}
if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
}
vulnerabilityService.closeAll(vulnerabilityCollectionModel.getVulnerabilityIds());
return tableMap(orgId, appId, bean);
}
@RequestMapping(method = RequestMethod.GET)
public String index(Model model, HttpServletRequest request) {
model.addAttribute("hasVulnerabilities", vulnerabilityService.activeVulnerabilitiesExist());
model.addAttribute("reportParameters", new ReportParameters());
model.addAttribute("error", ControllerUtils.getErrorMessage(request));
model.addAttribute("firstReport", ControllerUtils.getItem(request, "reportId"));
model.addAttribute("firstTeamId", ControllerUtils.getItem(request, "teamId"));
model.addAttribute("firstAppId", ControllerUtils.getItem(request, "appId"));
boolean isEnterprise = EnterpriseTest.isEnterprise();
model.addAttribute("isEnterprise", isEnterprise);
PermissionUtils.addPermissions(model, null, null, Permission.CAN_MANAGE_TAGS);
// Return custom report entities
List<Report> reports =
reportService.loadAllNonNativeReportsByLocationType(ReportLocation.ANALYTIC);
if (reports != null && reports.size() > 0) {
model.addAttribute("reportJsPaths", cacheBustService.notCachedJsPaths(request, reports));
model.addAttribute("customReports", reports);
}
return "reports/index";
}