use of com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation in project sechub by mercedes-benz.
the class SerecoProductResultTransformer method appendWebData.
private void appendWebData(UUID sechubJobUUID, SerecoVulnerability vulnerability, SecHubFinding finding) {
SecHubReportWeb sechubWeb = new SecHubReportWeb();
SecHubReportWebRequest sechubRequest = sechubWeb.getRequest();
SerecoWeb serecoWeb = vulnerability.getWeb();
if (serecoWeb == null) {
LOG.error("Web scan, but vulnerability has no web object inside - must skip finding {} for report with uuid=", finding.getId(), sechubJobUUID);
return;
}
/* request */
SerecoWebRequest serecoRequest = serecoWeb.getRequest();
sechubRequest.setProtocol(serecoRequest.getProtocol());
sechubRequest.setVersion(serecoRequest.getVersion());
sechubRequest.setTarget(serecoRequest.getTarget());
sechubRequest.setMethod(serecoRequest.getMethod());
sechubRequest.getHeaders().putAll(serecoRequest.getHeaders());
sechubRequest.getBody().setText(serecoRequest.getBody().getText());
sechubRequest.getBody().setBinary(serecoRequest.getBody().getBinary());
/* response */
SerecoWebResponse serecoResponse = serecoWeb.getResponse();
SecHubReportWebResponse sechubResponse = sechubWeb.getResponse();
sechubResponse.setStatusCode(serecoResponse.getStatusCode());
sechubResponse.setReasonPhrase(serecoResponse.getReasonPhrase());
sechubResponse.setProtocol(serecoResponse.getProtocol());
sechubResponse.setVersion(serecoResponse.getVersion());
sechubResponse.getHeaders().putAll(serecoResponse.getHeaders());
sechubResponse.getBody().setText(serecoResponse.getBody().getText());
sechubResponse.getBody().setBinary(serecoResponse.getBody().getBinary());
/* attack */
SerecoWebAttack serecoAttack = serecoWeb.getAttack();
SecHubReportWebAttack sechubAttack = sechubWeb.getAttack();
sechubAttack.setVector(serecoAttack.getVector());
SerecoWebEvidence serecoEvidence = serecoAttack.getEvidence();
if (serecoEvidence != null) {
SecHubReportWebEvidence sechubEvidence = new SecHubReportWebEvidence();
sechubEvidence.setSnippet(serecoEvidence.getSnippet());
SerecoWebBodyLocation serecoBodyLocation = serecoEvidence.getBodyLocation();
if (serecoBodyLocation != null) {
SecHubReportWebBodyLocation sechubBodyLocation = new SecHubReportWebBodyLocation();
sechubBodyLocation.setStartLine((serecoBodyLocation.getStartLine()));
sechubEvidence.setBodyLocation(sechubBodyLocation);
}
sechubAttack.setEvidence(sechubEvidence);
}
finding.setWeb(sechubWeb);
}
use of com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation in project sechub by mercedes-benz.
the class SarifV1JSONImporter method handleWebAttack.
private void handleWebAttack(Result result, SerecoWeb serecoWeb) {
List<Location> sarifLocations = result.getLocations();
if (sarifLocations.size() <= 0) {
return;
}
Location sarifLocation = sarifLocations.iterator().next();
PhysicalLocation sarifPhysicalLocation = sarifLocation.getPhysicalLocation();
if (sarifPhysicalLocation == null) {
return;
}
Region sarifRegion = sarifPhysicalLocation.getRegion();
if (sarifRegion == null) {
return;
}
/* evidence */
SerecoWebEvidence serecoWebEvidence = new SerecoWebEvidence();
SerecoWebBodyLocation bodyLocation = new SerecoWebBodyLocation();
bodyLocation.setStartLine(sarifRegion.getStartLine());
serecoWebEvidence.setBodyLocation(bodyLocation);
ArtifactContent sarifSnippet = sarifRegion.getSnippet();
if (sarifSnippet != null) {
serecoWebEvidence.setSnippet(sarifSnippet.getText());
}
/* attack */
SerecoWebAttack serecoAttack = serecoWeb.getAttack();
PropertyBag locationProperties = sarifLocation.getProperties();
if (locationProperties != null) {
Object attack = locationProperties.get("attack");
if (SimpleStringUtils.isNotEmpty(attack)) {
serecoAttack.setVector(attack.toString());
}
}
serecoAttack.setEvidence(serecoWebEvidence);
}
Aggregations