use of com.mercedesbenz.sechub.commons.model.web.SecHubReportWebAttack in project sechub by mercedes-benz.
the class SerecoProductResultTransformer method appendWebData.
private void appendWebData(UUID sechubJobUUID, SerecoVulnerability vulnerability, SecHubFinding finding) {
SecHubReportWeb sechubWeb = new SecHubReportWeb();
SecHubReportWebRequest sechubRequest = sechubWeb.getRequest();
SerecoWeb serecoWeb = vulnerability.getWeb();
if (serecoWeb == null) {
LOG.error("Web scan, but vulnerability has no web object inside - must skip finding {} for report with uuid=", finding.getId(), sechubJobUUID);
return;
}
/* request */
SerecoWebRequest serecoRequest = serecoWeb.getRequest();
sechubRequest.setProtocol(serecoRequest.getProtocol());
sechubRequest.setVersion(serecoRequest.getVersion());
sechubRequest.setTarget(serecoRequest.getTarget());
sechubRequest.setMethod(serecoRequest.getMethod());
sechubRequest.getHeaders().putAll(serecoRequest.getHeaders());
sechubRequest.getBody().setText(serecoRequest.getBody().getText());
sechubRequest.getBody().setBinary(serecoRequest.getBody().getBinary());
/* response */
SerecoWebResponse serecoResponse = serecoWeb.getResponse();
SecHubReportWebResponse sechubResponse = sechubWeb.getResponse();
sechubResponse.setStatusCode(serecoResponse.getStatusCode());
sechubResponse.setReasonPhrase(serecoResponse.getReasonPhrase());
sechubResponse.setProtocol(serecoResponse.getProtocol());
sechubResponse.setVersion(serecoResponse.getVersion());
sechubResponse.getHeaders().putAll(serecoResponse.getHeaders());
sechubResponse.getBody().setText(serecoResponse.getBody().getText());
sechubResponse.getBody().setBinary(serecoResponse.getBody().getBinary());
/* attack */
SerecoWebAttack serecoAttack = serecoWeb.getAttack();
SecHubReportWebAttack sechubAttack = sechubWeb.getAttack();
sechubAttack.setVector(serecoAttack.getVector());
SerecoWebEvidence serecoEvidence = serecoAttack.getEvidence();
if (serecoEvidence != null) {
SecHubReportWebEvidence sechubEvidence = new SecHubReportWebEvidence();
sechubEvidence.setSnippet(serecoEvidence.getSnippet());
SerecoWebBodyLocation serecoBodyLocation = serecoEvidence.getBodyLocation();
if (serecoBodyLocation != null) {
SecHubReportWebBodyLocation sechubBodyLocation = new SecHubReportWebBodyLocation();
sechubBodyLocation.setStartLine((serecoBodyLocation.getStartLine()));
sechubEvidence.setBodyLocation(sechubBodyLocation);
}
sechubAttack.setEvidence(sechubEvidence);
}
finding.setWeb(sechubWeb);
}
use of com.mercedesbenz.sechub.commons.model.web.SecHubReportWebAttack in project sechub by mercedes-benz.
the class FalsePositiveMetaDataFactory method createWebScan.
private FalsePositiveMetaData createWebScan(SecHubFinding finding) {
FalsePositiveMetaData metaData = createCommonMetaDataWithCweIdEnsured(finding);
metaData.setCveId(finding.getCveId());
metaData.setScanType(ScanType.WEB_SCAN);
FalsePositiveWebMetaData web = new FalsePositiveWebMetaData();
SecHubReportWeb findingWeb = finding.getWeb();
if (findingWeb == null) {
throw new IllegalStateException("False positive handling for web scan not possible - finding does not contain web data?!?");
}
SecHubReportWebAttack findingAttack = findingWeb.getAttack();
SecHubReportWebRequest findingRequest = findingWeb.getRequest();
SecHubReportWebResponse findingResponse = findingWeb.getResponse();
FalsePositiveWebRequestMetaData falsePositiveRequestMetaData = web.getRequest();
falsePositiveRequestMetaData.setAttackVector(findingAttack.getVector());
falsePositiveRequestMetaData.setMethod(findingRequest.getMethod());
falsePositiveRequestMetaData.setTarget(findingRequest.getTarget());
falsePositiveRequestMetaData.setProtocol(findingRequest.getProtocol());
falsePositiveRequestMetaData.setVersion(findingRequest.getVersion());
FalsePositiveWebResponseMetaData falsePositiveResponseMetaData = web.getResponse();
falsePositiveResponseMetaData.setEvidence(findingAttack.getEvidence().getSnippet());
falsePositiveResponseMetaData.setStatusCode(findingResponse.getStatusCode());
metaData.setWeb(web);
return metaData;
}
Aggregations