Examples with PhysicalLocation com.mercedesbenz.sechub.sarif.model.PhysicalLocation used on opensource projects

Search in sources :

Example 1 with PhysicalLocation

use of com.mercedesbenz.sechub.sarif.model.PhysicalLocation in project sechub by mercedes-benz.

the class SarifV1JSONImporter method handleWebAttack.

private void handleWebAttack(Result result, SerecoWeb serecoWeb) {
    List<Location> sarifLocations = result.getLocations();
    if (sarifLocations.size() <= 0) {
        return;
    }
    Location sarifLocation = sarifLocations.iterator().next();
    PhysicalLocation sarifPhysicalLocation = sarifLocation.getPhysicalLocation();
    if (sarifPhysicalLocation == null) {
        return;
    }
    Region sarifRegion = sarifPhysicalLocation.getRegion();
    if (sarifRegion == null) {
        return;
    }
    /* evidence */
    SerecoWebEvidence serecoWebEvidence = new SerecoWebEvidence();
    SerecoWebBodyLocation bodyLocation = new SerecoWebBodyLocation();
    bodyLocation.setStartLine(sarifRegion.getStartLine());
    serecoWebEvidence.setBodyLocation(bodyLocation);
    ArtifactContent sarifSnippet = sarifRegion.getSnippet();
    if (sarifSnippet != null) {
        serecoWebEvidence.setSnippet(sarifSnippet.getText());
    }
    /* attack */
    SerecoWebAttack serecoAttack = serecoWeb.getAttack();
    PropertyBag locationProperties = sarifLocation.getProperties();
    if (locationProperties != null) {
        Object attack = locationProperties.get("attack");
        if (SimpleStringUtils.isNotEmpty(attack)) {
            serecoAttack.setVector(attack.toString());
        }
    }
    serecoAttack.setEvidence(serecoWebEvidence);
}
Also used : SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence) ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent) SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack) PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag) Region(com.mercedesbenz.sechub.sarif.model.Region) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation) Location(com.mercedesbenz.sechub.sarif.model.Location) ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation) SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)

Example 2 with PhysicalLocation

use of com.mercedesbenz.sechub.sarif.model.PhysicalLocation in project sechub by mercedes-benz.

the class SarifV1JSONImporter method callStackListFromLocations.

private List<SerecoCodeCallStackElement> callStackListFromLocations(List<Location> locations) {
    List<SerecoCodeCallStackElement> callstack = new ArrayList<>();
    if (locations == null) {
        return callstack;
    }
    locations.forEach(location -> {
        PhysicalLocation physicalLocation = location.getPhysicalLocation();
        if (physicalLocation != null) {
            SerecoCodeCallStackElement subCode = new SerecoCodeCallStackElement();
            ArtifactLocation artifactLocation = physicalLocation.getArtifactLocation();
            if (artifactLocation != null) {
                subCode.setLocation(artifactLocation.getUri());
            }
            Region region = physicalLocation.getRegion();
            if (region != null) {
                subCode.setLine(region.getStartLine());
                subCode.setColumn(region.getStartColumn());
                ArtifactContent snippet = region.getSnippet();
                if (snippet != null) {
                    String text = snippet.getText();
                    if (text != null) {
                        text = text.trim();
                    }
                    subCode.setSource(text);
                }
            }
            callstack.add(subCode);
        }
    });
    return callstack;
}
Also used : ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent) SerecoCodeCallStackElement(com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement) ArrayList(java.util.ArrayList) ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation) Region(com.mercedesbenz.sechub.sarif.model.Region) PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)

Aggregations

ArtifactContent (com.mercedesbenz.sechub.sarif.model.ArtifactContent)2 ArtifactLocation (com.mercedesbenz.sechub.sarif.model.ArtifactLocation)2 PhysicalLocation (com.mercedesbenz.sechub.sarif.model.PhysicalLocation)2 Region (com.mercedesbenz.sechub.sarif.model.Region)2 Location (com.mercedesbenz.sechub.sarif.model.Location)1 PropertyBag (com.mercedesbenz.sechub.sarif.model.PropertyBag)1 SerecoCodeCallStackElement (com.mercedesbenz.sechub.sereco.metadata.SerecoCodeCallStackElement)1 SerecoWebAttack (com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)1 SerecoWebBodyLocation (com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)1 SerecoWebEvidence (com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)1 ArrayList (java.util.ArrayList)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial