use of com.mercedesbenz.sechub.sarif.model.Location in project sechub by mercedes-benz.
the class SarifV1JSONImporter method handleWebAttack.
private void handleWebAttack(Result result, SerecoWeb serecoWeb) {
List<Location> sarifLocations = result.getLocations();
if (sarifLocations.size() <= 0) {
return;
}
Location sarifLocation = sarifLocations.iterator().next();
PhysicalLocation sarifPhysicalLocation = sarifLocation.getPhysicalLocation();
if (sarifPhysicalLocation == null) {
return;
}
Region sarifRegion = sarifPhysicalLocation.getRegion();
if (sarifRegion == null) {
return;
}
/* evidence */
SerecoWebEvidence serecoWebEvidence = new SerecoWebEvidence();
SerecoWebBodyLocation bodyLocation = new SerecoWebBodyLocation();
bodyLocation.setStartLine(sarifRegion.getStartLine());
serecoWebEvidence.setBodyLocation(bodyLocation);
ArtifactContent sarifSnippet = sarifRegion.getSnippet();
if (sarifSnippet != null) {
serecoWebEvidence.setSnippet(sarifSnippet.getText());
}
/* attack */
SerecoWebAttack serecoAttack = serecoWeb.getAttack();
PropertyBag locationProperties = sarifLocation.getProperties();
if (locationProperties != null) {
Object attack = locationProperties.get("attack");
if (SimpleStringUtils.isNotEmpty(attack)) {
serecoAttack.setVector(attack.toString());
}
}
serecoAttack.setEvidence(serecoWebEvidence);
}
use of com.mercedesbenz.sechub.sarif.model.Location in project sechub by mercedes-benz.
the class SarifV1JSONImporter method resolveCodeInfoFromCodeFlow.
private SerecoCodeCallStackElement resolveCodeInfoFromCodeFlow(Result result) {
Optional<CodeFlow> codeFlows = result.getCodeFlows().stream().findFirst();
if (!codeFlows.isPresent()) {
return null;
}
Optional<ThreadFlow> optFlow = codeFlows.get().getThreadFlows().stream().findFirst();
if (!optFlow.isPresent()) {
return null;
}
ThreadFlow flow = optFlow.get();
List<Location> locations = flow.getLocations().stream().map(location -> location.getLocation()).collect(Collectors.toList());
return resolveCodeInfoFromLocations(locations);
}
Aggregations