Example 1 with Location
use of com.mercedesbenz.sechub.sarif.model.Location in project sechub by mercedes-benz.
the class SarifV1JSONImporter method handleWebAttack.
private void handleWebAttack(Result result, SerecoWeb serecoWeb) {
List<Location> sarifLocations = result.getLocations();
if (sarifLocations.size() <= 0) {
return;
}
Location sarifLocation = sarifLocations.iterator().next();
PhysicalLocation sarifPhysicalLocation = sarifLocation.getPhysicalLocation();
if (sarifPhysicalLocation == null) {
return;
}
Region sarifRegion = sarifPhysicalLocation.getRegion();
if (sarifRegion == null) {
return;
}
/* evidence */
SerecoWebEvidence serecoWebEvidence = new SerecoWebEvidence();
SerecoWebBodyLocation bodyLocation = new SerecoWebBodyLocation();
bodyLocation.setStartLine(sarifRegion.getStartLine());
serecoWebEvidence.setBodyLocation(bodyLocation);
ArtifactContent sarifSnippet = sarifRegion.getSnippet();
if (sarifSnippet != null) {
serecoWebEvidence.setSnippet(sarifSnippet.getText());
}
/* attack */
SerecoWebAttack serecoAttack = serecoWeb.getAttack();
PropertyBag locationProperties = sarifLocation.getProperties();
if (locationProperties != null) {
Object attack = locationProperties.get("attack");
if (SimpleStringUtils.isNotEmpty(attack)) {
serecoAttack.setVector(attack.toString());
}
}
serecoAttack.setEvidence(serecoWebEvidence);
}
Also used :
SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)
ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent)
SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)
PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag)
Region(com.mercedesbenz.sechub.sarif.model.Region)
SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)
PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)
Location(com.mercedesbenz.sechub.sarif.model.Location)
ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation)
SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)
PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)
Example 2 with Location
use of com.mercedesbenz.sechub.sarif.model.Location in project sechub by mercedes-benz.
the class SarifV1JSONImporter method resolveCodeInfoFromCodeFlow.
private SerecoCodeCallStackElement resolveCodeInfoFromCodeFlow(Result result) {
Optional<CodeFlow> codeFlows = result.getCodeFlows().stream().findFirst();
if (!codeFlows.isPresent()) {
return null;
}
Optional<ThreadFlow> optFlow = codeFlows.get().getThreadFlows().stream().findFirst();
if (!optFlow.isPresent()) {
return null;
}
ThreadFlow flow = optFlow.get();
List<Location> locations = flow.getLocations().stream().map(location -> location.getLocation()).collect(Collectors.toList());
return resolveCodeInfoFromLocations(locations);
}
Also used :
Message(com.mercedesbenz.sechub.sarif.model.Message)
PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)
Run(com.mercedesbenz.sechub.sarif.model.Run)
LoggerFactory(org.slf4j.LoggerFactory)
Region(com.mercedesbenz.sechub.sarif.model.Region)
SerecoWebRequest(com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest)
Location(com.mercedesbenz.sechub.sarif.model.Location)
ArrayList(java.util.ArrayList)
Rule(com.mercedesbenz.sechub.sarif.model.Rule)
WebRequest(com.mercedesbenz.sechub.sarif.model.WebRequest)
ImportParameter(com.mercedesbenz.sechub.sereco.ImportParameter)
Level(com.mercedesbenz.sechub.sarif.model.Level)
Map(java.util.Map)
CodeFlow(com.mercedesbenz.sechub.sarif.model.CodeFlow)
WebResponse(com.mercedesbenz.sechub.sarif.model.WebResponse)
ThreadFlow(com.mercedesbenz.sechub.sarif.model.ThreadFlow)
SerecoSeverity(com.mercedesbenz.sechub.sereco.metadata.SerecoSeverity)
ToolComponentReference(com.mercedesbenz.sechub.sarif.model.ToolComponentReference)
SarifReportSupport(com.mercedesbenz.sechub.sarif.SarifReportSupport)
Result(com.mercedesbenz.sechub.sarif.model.Result)
SerecoWeb(com.mercedesbenz.sechub.sereco.metadata.SerecoWeb)
Logger(org.slf4j.Logger)
SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)
SerecoWebBody(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBody)
ScanType(com.mercedesbenz.sechub.commons.model.ScanType)
SimpleStringUtils(com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils)
ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent)
SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)
ReportingDescriptorRelationship(com.mercedesbenz.sechub.sarif.model.ReportingDescriptorRelationship)
IOException(java.io.IOException)
Collectors(java.util.stream.Collectors)
ReportingDescriptorReference(com.mercedesbenz.sechub.sarif.model.ReportingDescriptorReference)
SerecoVulnerability(com.mercedesbenz.sechub.sereco.metadata.SerecoVulnerability)
List(java.util.List)
Component(org.springframework.stereotype.Component)
ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation)
SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement)
Report(com.mercedesbenz.sechub.sarif.model.Report)
SerecoMetaData(com.mercedesbenz.sechub.sereco.metadata.SerecoMetaData)
PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag)
SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)
SerecoWebResponse(com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse)
Optional(java.util.Optional)
ThreadFlow(com.mercedesbenz.sechub.sarif.model.ThreadFlow)
CodeFlow(com.mercedesbenz.sechub.sarif.model.CodeFlow)
PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)
Location(com.mercedesbenz.sechub.sarif.model.Location)
ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation)
SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)
Aggregations
ArtifactContent (com.mercedesbenz.sechub.sarif.model.ArtifactContent)2
ArtifactLocation (com.mercedesbenz.sechub.sarif.model.ArtifactLocation)2
Location (com.mercedesbenz.sechub.sarif.model.Location)2
PhysicalLocation (com.mercedesbenz.sechub.sarif.model.PhysicalLocation)2
PropertyBag (com.mercedesbenz.sechub.sarif.model.PropertyBag)2
Region (com.mercedesbenz.sechub.sarif.model.Region)2
SerecoWebAttack (com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)2
SerecoWebBodyLocation (com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)2
SerecoWebEvidence (com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)2
SimpleStringUtils (com.mercedesbenz.sechub.commons.core.util.SimpleStringUtils)1
ScanType (com.mercedesbenz.sechub.commons.model.ScanType)1
SarifReportSupport (com.mercedesbenz.sechub.sarif.SarifReportSupport)1
CodeFlow (com.mercedesbenz.sechub.sarif.model.CodeFlow)1
Level (com.mercedesbenz.sechub.sarif.model.Level)1
Message (com.mercedesbenz.sechub.sarif.model.Message)1
Report (com.mercedesbenz.sechub.sarif.model.Report)1
ReportingDescriptorReference (com.mercedesbenz.sechub.sarif.model.ReportingDescriptorReference)1
ReportingDescriptorRelationship (com.mercedesbenz.sechub.sarif.model.ReportingDescriptorRelationship)1
Result (com.mercedesbenz.sechub.sarif.model.Result)1
Rule (com.mercedesbenz.sechub.sarif.model.Rule)1
