Search in sources :

Example 1 with Location

use of com.mercedesbenz.sechub.sarif.model.Location in project sechub by mercedes-benz.

the class SarifV1JSONImporter method handleWebAttack.

private void handleWebAttack(Result result, SerecoWeb serecoWeb) {
    List<Location> sarifLocations = result.getLocations();
    if (sarifLocations.size() <= 0) {
        return;
    }
    Location sarifLocation = sarifLocations.iterator().next();
    PhysicalLocation sarifPhysicalLocation = sarifLocation.getPhysicalLocation();
    if (sarifPhysicalLocation == null) {
        return;
    }
    Region sarifRegion = sarifPhysicalLocation.getRegion();
    if (sarifRegion == null) {
        return;
    }
    /* evidence */
    SerecoWebEvidence serecoWebEvidence = new SerecoWebEvidence();
    SerecoWebBodyLocation bodyLocation = new SerecoWebBodyLocation();
    bodyLocation.setStartLine(sarifRegion.getStartLine());
    serecoWebEvidence.setBodyLocation(bodyLocation);
    ArtifactContent sarifSnippet = sarifRegion.getSnippet();
    if (sarifSnippet != null) {
        serecoWebEvidence.setSnippet(sarifSnippet.getText());
    }
    /* attack */
    SerecoWebAttack serecoAttack = serecoWeb.getAttack();
    PropertyBag locationProperties = sarifLocation.getProperties();
    if (locationProperties != null) {
        Object attack = locationProperties.get("attack");
        if (SimpleStringUtils.isNotEmpty(attack)) {
            serecoAttack.setVector(attack.toString());
        }
    }
    serecoAttack.setEvidence(serecoWebEvidence);
}
Also used : SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence) ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent) SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack) PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag) Region(com.mercedesbenz.sechub.sarif.model.Region) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation) Location(com.mercedesbenz.sechub.sarif.model.Location) ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)

Example 2 with Location

use of com.mercedesbenz.sechub.sarif.model.Location in project sechub by mercedes-benz.

the class SarifV1JSONImporter method resolveCodeInfoFromCodeFlow.

private SerecoCodeCallStackElement resolveCodeInfoFromCodeFlow(Result result) {
    Optional<CodeFlow> codeFlows = result.getCodeFlows().stream().findFirst();
    if (!codeFlows.isPresent()) {
        return null;
    }
    Optional<ThreadFlow> optFlow = codeFlows.get().getThreadFlows().stream().findFirst();
    if (!optFlow.isPresent()) {
        return null;
    }
    ThreadFlow flow = optFlow.get();
    List<Location> locations = flow.getLocations().stream().map(location -> location.getLocation()).collect(Collectors.toList());
    return resolveCodeInfoFromLocations(locations);
}
Also used : Message(com.mercedesbenz.sechub.sarif.model.Message) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation) Run(com.mercedesbenz.sechub.sarif.model.Run) LoggerFactory(org.slf4j.LoggerFactory) Region(com.mercedesbenz.sechub.sarif.model.Region) SerecoWebRequest(com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest) Location(com.mercedesbenz.sechub.sarif.model.Location) ArrayList(java.util.ArrayList) Rule(com.mercedesbenz.sechub.sarif.model.Rule) WebRequest(com.mercedesbenz.sechub.sarif.model.WebRequest) ImportParameter(com.mercedesbenz.sechub.sereco.ImportParameter) Level(com.mercedesbenz.sechub.sarif.model.Level) Map(java.util.Map) CodeFlow(com.mercedesbenz.sechub.sarif.model.CodeFlow) WebResponse(com.mercedesbenz.sechub.sarif.model.WebResponse) ThreadFlow(com.mercedesbenz.sechub.sarif.model.ThreadFlow) SerecoSeverity(com.mercedesbenz.sechub.sereco.metadata.SerecoSeverity) ToolComponentReference(com.mercedesbenz.sechub.sarif.model.ToolComponentReference) SarifReportSupport(com.mercedesbenz.sechub.sarif.SarifReportSupport) Result(com.mercedesbenz.sechub.sarif.model.Result) SerecoWeb(com.mercedesbenz.sechub.sereco.metadata.SerecoWeb) Logger(org.slf4j.Logger) SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence) SerecoWebBody(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBody) ScanType(com.mercedesbenz.sechub.commons.model.ScanType) SimpleStringUtils(com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils) ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent) SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack) ReportingDescriptorRelationship(com.mercedesbenz.sechub.sarif.model.ReportingDescriptorRelationship) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) ReportingDescriptorReference(com.mercedesbenz.sechub.sarif.model.ReportingDescriptorReference) SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability) List(java.util.List) Component(org.springframework.stereotype.Component) ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation) SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) Report(com.mercedesbenz.sechub.sarif.model.Report) SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData) PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation) SerecoWebResponse(com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse) Optional(java.util.Optional) ThreadFlow(com.mercedesbenz.sechub.sarif.model.ThreadFlow) CodeFlow(com.mercedesbenz.sechub.sarif.model.CodeFlow) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation) Location(com.mercedesbenz.sechub.sarif.model.Location) ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)

Aggregations

ArtifactContent (com.mercedesbenz.sechub.sarif.model.ArtifactContent)2 ArtifactLocation (com.mercedesbenz.sechub.sarif.model.ArtifactLocation)2 Location (com.mercedesbenz.sechub.sarif.model.Location)2 PhysicalLocation (com.mercedesbenz.sechub.sarif.model.PhysicalLocation)2 PropertyBag (com.mercedesbenz.sechub.sarif.model.PropertyBag)2 Region (com.mercedesbenz.sechub.sarif.model.Region)2 SerecoWebAttack (com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)2 SerecoWebBodyLocation (com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)2 SerecoWebEvidence (com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)2 SimpleStringUtils (com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils)1 ScanType (com.mercedesbenz.sechub.commons.model.ScanType)1 SarifReportSupport (com.mercedesbenz.sechub.sarif.SarifReportSupport)1 CodeFlow (com.mercedesbenz.sechub.sarif.model.CodeFlow)1 Level (com.mercedesbenz.sechub.sarif.model.Level)1 Message (com.mercedesbenz.sechub.sarif.model.Message)1 Report (com.mercedesbenz.sechub.sarif.model.Report)1 ReportingDescriptorReference (com.mercedesbenz.sechub.sarif.model.ReportingDescriptorReference)1 ReportingDescriptorRelationship (com.mercedesbenz.sechub.sarif.model.ReportingDescriptorRelationship)1 Result (com.mercedesbenz.sechub.sarif.model.Result)1 Rule (com.mercedesbenz.sechub.sarif.model.Rule)1