Search in sources :

Example 1 with SecHubReportWebEvidence

use of com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence in project sechub by mercedes-benz.

the class SerecoProductResultTransformer method appendWebData.

private void appendWebData(UUID sechubJobUUID, SerecoVulnerability vulnerability, SecHubFinding finding) {
    SecHubReportWeb sechubWeb = new SecHubReportWeb();
    SecHubReportWebRequest sechubRequest = sechubWeb.getRequest();
    SerecoWeb serecoWeb = vulnerability.getWeb();
    if (serecoWeb == null) {
        LOG.error("Web scan, but vulnerability has no web object inside - must skip finding {} for report with uuid=", finding.getId(), sechubJobUUID);
        return;
    }
    /* request */
    SerecoWebRequest serecoRequest = serecoWeb.getRequest();
    sechubRequest.setProtocol(serecoRequest.getProtocol());
    sechubRequest.setVersion(serecoRequest.getVersion());
    sechubRequest.setTarget(serecoRequest.getTarget());
    sechubRequest.setMethod(serecoRequest.getMethod());
    sechubRequest.getHeaders().putAll(serecoRequest.getHeaders());
    sechubRequest.getBody().setText(serecoRequest.getBody().getText());
    sechubRequest.getBody().setBinary(serecoRequest.getBody().getBinary());
    /* response */
    SerecoWebResponse serecoResponse = serecoWeb.getResponse();
    SecHubReportWebResponse sechubResponse = sechubWeb.getResponse();
    sechubResponse.setStatusCode(serecoResponse.getStatusCode());
    sechubResponse.setReasonPhrase(serecoResponse.getReasonPhrase());
    sechubResponse.setProtocol(serecoResponse.getProtocol());
    sechubResponse.setVersion(serecoResponse.getVersion());
    sechubResponse.getHeaders().putAll(serecoResponse.getHeaders());
    sechubResponse.getBody().setText(serecoResponse.getBody().getText());
    sechubResponse.getBody().setBinary(serecoResponse.getBody().getBinary());
    /* attack */
    SerecoWebAttack serecoAttack = serecoWeb.getAttack();
    SecHubReportWebAttack sechubAttack = sechubWeb.getAttack();
    sechubAttack.setVector(serecoAttack.getVector());
    SerecoWebEvidence serecoEvidence = serecoAttack.getEvidence();
    if (serecoEvidence != null) {
        SecHubReportWebEvidence sechubEvidence = new SecHubReportWebEvidence();
        sechubEvidence.setSnippet(serecoEvidence.getSnippet());
        SerecoWebBodyLocation serecoBodyLocation = serecoEvidence.getBodyLocation();
        if (serecoBodyLocation != null) {
            SecHubReportWebBodyLocation sechubBodyLocation = new SecHubReportWebBodyLocation();
            sechubBodyLocation.setStartLine((serecoBodyLocation.getStartLine()));
            sechubEvidence.setBodyLocation(sechubBodyLocation);
        }
        sechubAttack.setEvidence(sechubEvidence);
    }
    finding.setWeb(sechubWeb);
}
Also used : SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack) SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence) SecHubReportWebEvidence(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence) SerecoWebRequest(com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest) SecHubReportWebAttack(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebAttack) SecHubReportWebRequest(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebRequest) SecHubReportWebBodyLocation(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebBodyLocation) SecHubReportWeb(com.mercedesbenz.sechub.commons.model.web.SecHubReportWeb) SerecoWebResponse(com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse) SecHubReportWebResponse(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebResponse) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation) SerecoWeb(com.mercedesbenz.sechub.sereco.metadata.SerecoWeb)

Example 2 with SecHubReportWebEvidence

use of com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence in project sechub by mercedes-benz.

the class FalsePositiveMetaDataFactoryTest method createWebFinding.

private SecHubFinding createWebFinding() {
    SecHubFinding finding = createTestFinding();
    SecHubReportWeb web = new SecHubReportWeb();
    finding.setWeb(web);
    finding.setType(ScanType.WEB_SCAN);
    SecHubReportWebRequest request = web.getRequest();
    request.setMethod("method1");
    request.setTarget("target1");
    request.setProtocol("protocol1");
    request.setVersion("version1");
    SecHubReportWebResponse response = web.getResponse();
    response.setStatusCode(4211);
    // attack
    SecHubReportWebEvidence evidence = new SecHubReportWebEvidence();
    evidence.setSnippet("evidence-snippet1");
    web.getAttack().setEvidence(evidence);
    web.getAttack().setVector("attack-vector1");
    return finding;
}
Also used : SecHubReportWebEvidence(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence) SecHubReportWebRequest(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebRequest) SecHubFinding(com.mercedesbenz.sechub.commons.model.SecHubFinding) SecHubReportWeb(com.mercedesbenz.sechub.commons.model.web.SecHubReportWeb) SecHubReportWebResponse(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebResponse)

Example 3 with SecHubReportWebEvidence

use of com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence in project sechub by mercedes-benz.

the class HTMLReportHelper method getEvidenceStartLine.

public int getEvidenceStartLine(SecHubReportWebAttack attack) {
    if (attack == null) {
        return LINE_NOT_FOUND;
    }
    SecHubReportWebEvidence evidence = attack.getEvidence();
    if (evidence == null) {
        return LINE_NOT_FOUND;
    }
    SecHubReportWebBodyLocation bodyLocation = evidence.getBodyLocation();
    if (bodyLocation == null) {
        return LINE_NOT_FOUND;
    }
    return bodyLocation.getStartLine();
}
Also used : SecHubReportWebEvidence(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence) SecHubReportWebBodyLocation(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebBodyLocation)

Aggregations

SecHubReportWebEvidence (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence)3 SecHubReportWeb (com.mercedesbenz.sechub.commons.model.web.SecHubReportWeb)2 SecHubReportWebBodyLocation (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebBodyLocation)2 SecHubReportWebRequest (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebRequest)2 SecHubReportWebResponse (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebResponse)2 SecHubFinding (com.mercedesbenz.sechub.commons.model.SecHubFinding)1 SecHubReportWebAttack (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebAttack)1 SerecoWeb (com.mercedesbenz.sechub.sereco.metadata.SerecoWeb)1 SerecoWebAttack (com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)1 SerecoWebBodyLocation (com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)1 SerecoWebEvidence (com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)1 SerecoWebRequest (com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest)1 SerecoWebResponse (com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse)1