@Override
public void changeTagInVulnComments() {
LOG.info(
"About to update all tags in Vulnerability Comments from Application Tag to Comment Tag.");
List<VulnerabilityComment> vulnerabilityComments = vulnerabilityCommentDao.retrieveAllActive();
if (vulnerabilityComments == null) {
LOG.info("There is no vulnerability comments in the system.");
return;
}
LOG.info(
"Looking for tags in "
+ vulnerabilityComments.size()
+ " vulnerability comments, and change them if found.");
for (VulnerabilityComment comment : vulnerabilityComments) {
List<Tag> newTags = CollectionUtils.list();
for (Tag tag : comment.getTags()) {
if (tag.getType() == TagType.APPLICATION) {
Tag sameTagInComment = loadCommentTag(tag.getName());
if (sameTagInComment != null) newTags.add(sameTagInComment);
else
LOG.warn(
"Can't find comment tag "
+ tag.getName()
+ " to change for comment in vulnerability ID "
+ comment.getVulnerability().getId());
} else newTags.add(tag);
}
comment.setTags(newTags);
vulnerabilityCommentDao.saveOrUpdate(comment);
}
}
@RequestMapping(value = "/snapshot/scanComparison", method = RequestMethod.POST)
public @ResponseBody Object getScanComparison(
@ModelAttribute VulnerabilitySearchParameters reportParameters) throws IOException {
long start = System.currentTimeMillis();
log.info("Generating Scan Comparison report");
Map<String, Object> result =
vulnerabilitySearchService.generateScanComparisonReport(reportParameters);
log.info("Scan Comparison report took " + (System.currentTimeMillis() - start) + " ms");
return RestResponse.success(result);
}
@JsonView(AllViews.UIVulnSearch.class)
@RequestMapping(value = "/addBatchVulnTagging", method = RequestMethod.POST)
public Object addBatchTagging(
@PathVariable("orgId") Integer orgId,
@PathVariable("appId") Integer appId,
@ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
Model model)
throws IOException {
if (!PermissionUtils.isAuthorized(Permission.CAN_MODIFY_VULNERABILITIES, orgId, appId)) {
return RestResponse.failure("You are not authorized to modify vulnerabilities.");
}
if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
}
log.info(
"About to tag to "
+ vulnerabilityCollectionModel.getVulnerabilityIds().size()
+ " Vulnerabilities.");
vulnerabilityService.batchTagging(
vulnerabilityCollectionModel.getVulnerabilityIds(), vulnerabilityCollectionModel.getTags());
return RestResponse.success(vulnerabilityCollectionModel.getTags());
}
@JsonView(AllViews.UIVulnSearch.class)
@RequestMapping(value = "/addBatchComment", method = RequestMethod.POST)
public Object addBatchComment(
@PathVariable("orgId") Integer orgId,
@PathVariable("appId") Integer appId,
@ModelAttribute VulnerabilityCollectionModel vulnerabilityCollectionModel,
Model model)
throws IOException {
if (!PermissionUtils.isAuthorized(Permission.CAN_SUBMIT_COMMENTS, orgId, appId)) {
return RestResponse.failure("You are not authorized to modify vulnerabilities.");
}
if (!checkCollectionModel(vulnerabilityCollectionModel, model)) {
return RestResponse.failure("Couldn't complete bulk vulnerability operation.");
}
log.info(
"About to add comment to "
+ vulnerabilityCollectionModel.getVulnerabilityIds().size()
+ " Vulnerabilities.");
VulnerabilityComment vulnerabilityComment = null;
for (int vulnerabilityId : vulnerabilityCollectionModel.getVulnerabilityIds()) {
vulnerabilityComment = new VulnerabilityComment();
vulnerabilityComment.setComment(vulnerabilityCollectionModel.getComment());
vulnerabilityComment.setTags(vulnerabilityCollectionModel.getTags());
vulnerabilityCommentService.addCommentToVuln(vulnerabilityComment, vulnerabilityId);
}
return RestResponse.success(vulnerabilityComment);
}
@Override
@Transactional(readOnly = false)
public void deleteById(int tagId) {
LOG.info("Deleting Tag with ID " + tagId);
Tag tag = loadTag(tagId);
tag.setActive(false);
tagDao.saveOrUpdate(tag);
}
@RequestMapping(value = "/snapshot/averageAge", method = RequestMethod.POST)
public @ResponseBody RestResponse<Map<String, Object>> getPointInTimeAge(
@ModelAttribute VulnerabilitySearchParameters reportParameters) throws IOException {
long start = System.currentTimeMillis();
log.info("Generating Average Age in Point In Time report");
reportParameters.setShowHidden(false);
reportParameters.setShowFalsePositive(false);
reportParameters.setShowClosed(false);
reportParameters.setShowOpen(true);
Map<String, Object> map =
vulnerabilitySearchService.generatePointInTimeAgeReport(reportParameters);
log.info(
"Get Average Age in Point In Time took " + (System.currentTimeMillis() - start) + " ms");
return RestResponse.success(map);
}
@RequestMapping(value = "/getTopApps", method = RequestMethod.POST)
public @ResponseBody RestResponse<Map<String, Object>> processTopApps(
@ModelAttribute VulnerabilitySearchParameters reportParameters, HttpServletRequest request)
throws IOException {
log.info("Generating Top 20 Vulnerable applications report");
Map<String, Object> map = reportsService.generateMostAppsReport(reportParameters, request);
return RestResponse.success(map);
}
@RequestMapping(value = "/trendingScans", method = RequestMethod.POST)
@JsonView(AllViews.RestViewScanStatistic.class)
public @ResponseBody Object processTrendingScans(
@ModelAttribute ReportParameters reportParameters, HttpServletRequest request)
throws IOException {
log.info("Generating trending scans report");
return RestResponse.success(reportsService.generateTrendingReport(reportParameters, request));
}
@RequestMapping(value = "/snapshot/progressByType", method = RequestMethod.POST)
public @ResponseBody Object getProgressByType(
@ModelAttribute VulnerabilitySearchParameters reportParameters) throws IOException {
long start = System.currentTimeMillis();
log.info("Generating Vulnerability Progress By Type report");
reportParameters.setShowHidden(false);
reportParameters.setShowFalsePositive(false);
reportParameters.setShowClosed(true);
reportParameters.setShowOpen(true);
List<Object> map = vulnerabilitySearchService.generateProgressByTypeReport(reportParameters);
log.info(
"Vulnerability Progress By Type report took "
+ (System.currentTimeMillis() - start)
+ " ms");
return RestResponse.success(map);
}
@RequestMapping(value = "/snapshot", method = RequestMethod.POST)
@JsonView(AllViews.VulnSearchApplications.class)
public @ResponseBody RestResponse<Map<String, Object>> processSnapShot(
@ModelAttribute ReportParameters reportParameters, HttpServletRequest request)
throws IOException {
log.info("Generating snapshot report");
Map<String, Object> map = reportsService.generateSnapshotReport(reportParameters, request);
map.put("tags", tagService.loadAllApplicationTags());
map.put("vulnTags", tagService.loadAllVulnTags());
return RestResponse.success(map);
}
@Override
public void updateTagTypes() {
LOG.info("About to update type for all tags.");
for (Tag tag : tagDao.retrieveAll()) {
if (!tag.getTagForComment()) { // this is an application tag
tag.setType(TagType.APPLICATION);
} else {
tag.setType(TagType.COMMENT);
}
tagDao.saveOrUpdate(tag);
}
}
public static Project getJiraProjectMetadata(String jsonString) {
try {
return getLenientObjectMapper()
.readValue(jsonString, JiraJsonMetadataResponse.class)
.getProjectOrNull();
} catch (IOException e) {
LOG.info("Failed to deserialize JSON.");
LOG.debug("Failing JSON: " + jsonString, e);
throw new RestIOException(e, "Unable to parse server response.");
}
}
@Override
public void copyAppTagsToCommentTags() {
List<Tag> appTags = loadAllApplicationTags();
if (appTags == null) {
LOG.info("There is no tags in system.");
return;
}
LOG.info("About to copy " + appTags.size() + " application tags to comment tags.");
for (Tag appTag : appTags) {
if (loadCommentTag(appTag.getName()) == null) {
LOG.info("Copying " + appTag.getName());
Tag newCommentTag = new Tag();
newCommentTag.setName(appTag.getName());
newCommentTag.setEnterpriseTag(appTag.getEnterpriseTag());
newCommentTag.setDefaultJsonFilter(appTag.getDefaultJsonFilter());
newCommentTag.setType(TagType.COMMENT);
tagDao.saveOrUpdate(newCommentTag);
}
appTag.setType(TagType.APPLICATION);
tagDao.saveOrUpdate(appTag);
}
}