Example 1 with SerecoWebBodyLocation
use of com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation in project sechub by mercedes-benz.
the class SerecoProductResultTransformer method appendWebData.
private void appendWebData(UUID sechubJobUUID, SerecoVulnerability vulnerability, SecHubFinding finding) {
SecHubReportWeb sechubWeb = new SecHubReportWeb();
SecHubReportWebRequest sechubRequest = sechubWeb.getRequest();
SerecoWeb serecoWeb = vulnerability.getWeb();
if (serecoWeb == null) {
LOG.error("Web scan, but vulnerability has no web object inside - must skip finding {} for report with uuid=", finding.getId(), sechubJobUUID);
return;
}
/* request */
SerecoWebRequest serecoRequest = serecoWeb.getRequest();
sechubRequest.setProtocol(serecoRequest.getProtocol());
sechubRequest.setVersion(serecoRequest.getVersion());
sechubRequest.setTarget(serecoRequest.getTarget());
sechubRequest.setMethod(serecoRequest.getMethod());
sechubRequest.getHeaders().putAll(serecoRequest.getHeaders());
sechubRequest.getBody().setText(serecoRequest.getBody().getText());
sechubRequest.getBody().setBinary(serecoRequest.getBody().getBinary());
/* response */
SerecoWebResponse serecoResponse = serecoWeb.getResponse();
SecHubReportWebResponse sechubResponse = sechubWeb.getResponse();
sechubResponse.setStatusCode(serecoResponse.getStatusCode());
sechubResponse.setReasonPhrase(serecoResponse.getReasonPhrase());
sechubResponse.setProtocol(serecoResponse.getProtocol());
sechubResponse.setVersion(serecoResponse.getVersion());
sechubResponse.getHeaders().putAll(serecoResponse.getHeaders());
sechubResponse.getBody().setText(serecoResponse.getBody().getText());
sechubResponse.getBody().setBinary(serecoResponse.getBody().getBinary());
/* attack */
SerecoWebAttack serecoAttack = serecoWeb.getAttack();
SecHubReportWebAttack sechubAttack = sechubWeb.getAttack();
sechubAttack.setVector(serecoAttack.getVector());
SerecoWebEvidence serecoEvidence = serecoAttack.getEvidence();
if (serecoEvidence != null) {
SecHubReportWebEvidence sechubEvidence = new SecHubReportWebEvidence();
sechubEvidence.setSnippet(serecoEvidence.getSnippet());
SerecoWebBodyLocation serecoBodyLocation = serecoEvidence.getBodyLocation();
if (serecoBodyLocation != null) {
SecHubReportWebBodyLocation sechubBodyLocation = new SecHubReportWebBodyLocation();
sechubBodyLocation.setStartLine((serecoBodyLocation.getStartLine()));
sechubEvidence.setBodyLocation(sechubBodyLocation);
}
sechubAttack.setEvidence(sechubEvidence);
}
finding.setWeb(sechubWeb);
}
Also used :
SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)
SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)
SecHubReportWebEvidence(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence)
SerecoWebRequest(com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest)
SecHubReportWebAttack(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebAttack)
SecHubReportWebRequest(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebRequest)
SecHubReportWebBodyLocation(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebBodyLocation)
SecHubReportWeb(com.mercedesbenz.sechub.commons.model.web.SecHubReportWeb)
SerecoWebResponse(com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse)
SecHubReportWebResponse(com.mercedesbenz.sechub.commons.model.web.SecHubReportWebResponse)
SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)
SerecoWeb(com.mercedesbenz.sechub.sereco.metadata.SerecoWeb)
Example 2 with SerecoWebBodyLocation
use of com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation in project sechub by mercedes-benz.
the class SarifV1JSONImporter method handleWebAttack.
private void handleWebAttack(Result result, SerecoWeb serecoWeb) {
List<Location> sarifLocations = result.getLocations();
if (sarifLocations.size() <= 0) {
return;
}
Location sarifLocation = sarifLocations.iterator().next();
PhysicalLocation sarifPhysicalLocation = sarifLocation.getPhysicalLocation();
if (sarifPhysicalLocation == null) {
return;
}
Region sarifRegion = sarifPhysicalLocation.getRegion();
if (sarifRegion == null) {
return;
}
/* evidence */
SerecoWebEvidence serecoWebEvidence = new SerecoWebEvidence();
SerecoWebBodyLocation bodyLocation = new SerecoWebBodyLocation();
bodyLocation.setStartLine(sarifRegion.getStartLine());
serecoWebEvidence.setBodyLocation(bodyLocation);
ArtifactContent sarifSnippet = sarifRegion.getSnippet();
if (sarifSnippet != null) {
serecoWebEvidence.setSnippet(sarifSnippet.getText());
}
/* attack */
SerecoWebAttack serecoAttack = serecoWeb.getAttack();
PropertyBag locationProperties = sarifLocation.getProperties();
if (locationProperties != null) {
Object attack = locationProperties.get("attack");
if (SimpleStringUtils.isNotEmpty(attack)) {
serecoAttack.setVector(attack.toString());
}
}
serecoAttack.setEvidence(serecoWebEvidence);
}
Also used :
SerecoWebEvidence(com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)
ArtifactContent(com.mercedesbenz.sechub.sarif.model.ArtifactContent)
SerecoWebAttack(com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)
PropertyBag(com.mercedesbenz.sechub.sarif.model.PropertyBag)
Region(com.mercedesbenz.sechub.sarif.model.Region)
SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)
PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)
Location(com.mercedesbenz.sechub.sarif.model.Location)
ArtifactLocation(com.mercedesbenz.sechub.sarif.model.ArtifactLocation)
SerecoWebBodyLocation(com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)
PhysicalLocation(com.mercedesbenz.sechub.sarif.model.PhysicalLocation)
Aggregations
SerecoWebAttack (com.mercedesbenz.sechub.sereco.metadata.SerecoWebAttack)2
SerecoWebBodyLocation (com.mercedesbenz.sechub.sereco.metadata.SerecoWebBodyLocation)2
SerecoWebEvidence (com.mercedesbenz.sechub.sereco.metadata.SerecoWebEvidence)2
SecHubReportWeb (com.mercedesbenz.sechub.commons.model.web.SecHubReportWeb)1
SecHubReportWebAttack (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebAttack)1
SecHubReportWebBodyLocation (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebBodyLocation)1
SecHubReportWebEvidence (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebEvidence)1
SecHubReportWebRequest (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebRequest)1
SecHubReportWebResponse (com.mercedesbenz.sechub.commons.model.web.SecHubReportWebResponse)1
ArtifactContent (com.mercedesbenz.sechub.sarif.model.ArtifactContent)1
ArtifactLocation (com.mercedesbenz.sechub.sarif.model.ArtifactLocation)1
Location (com.mercedesbenz.sechub.sarif.model.Location)1
PhysicalLocation (com.mercedesbenz.sechub.sarif.model.PhysicalLocation)1
PropertyBag (com.mercedesbenz.sechub.sarif.model.PropertyBag)1
Region (com.mercedesbenz.sechub.sarif.model.Region)1
SerecoWeb (com.mercedesbenz.sechub.sereco.metadata.SerecoWeb)1
SerecoWebRequest (com.mercedesbenz.sechub.sereco.metadata.SerecoWebRequest)1
SerecoWebResponse (com.mercedesbenz.sechub.sereco.metadata.SerecoWebResponse)1
