Java tutorial
//////////////////////////////////////////////////////////////////////// // // Copyright (c) 2009-2015 Denim Group, Ltd. // // The contents of this file are subject to the Mozilla Public License // Version 2.0 (the "License"); you may not use this file except in // compliance with the License. You may obtain a copy of the License at // http://www.mozilla.org/MPL/ // // Software distributed under the License is distributed on an "AS IS" // basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the // License for the specific language governing rights and limitations // under the License. // // The Original Code is ThreadFix. // // The Initial Developer of the Original Code is Denim Group, Ltd. // Portions created by Denim Group, Ltd. are Copyright (C) // Denim Group, Ltd. All Rights Reserved. // // Contributor(s): Denim Group, Ltd. // //////////////////////////////////////////////////////////////////////// package com.denimgroup.threadfix.service.eventmodel.aspect; import com.denimgroup.threadfix.data.entities.*; import com.denimgroup.threadfix.data.enums.EventAction; import com.denimgroup.threadfix.logging.SanitizedLogger; import com.denimgroup.threadfix.service.EventBuilder; import com.denimgroup.threadfix.service.ExceptionLogService; import com.denimgroup.threadfix.service.VulnerabilityCommentService; import com.denimgroup.threadfix.service.VulnerabilityService; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import java.util.Calendar; import java.util.List; @Aspect @Component public class VulnerabilityEventTrackingAspect extends EventTrackingAspect { protected SanitizedLogger log = new SanitizedLogger(VulnerabilityEventTrackingAspect.class); @Autowired private ExceptionLogService exceptionLogService; @Autowired private VulnerabilityService vulnerabilityService; @Around("execution(* com.denimgroup.threadfix.service.VulnerabilityStatusService.openVulnerability(..)) && args(vulnerability, scan, finding, openTime, fromScanDeletion, remapFinding)") public Object emitOpenVulnerabilityEvent(ProceedingJoinPoint joinPoint, Vulnerability vulnerability, Scan scan, Finding finding, Calendar openTime, Boolean fromScanDeletion, Boolean remapFinding) throws Throwable { EventAction eventAction = null; if (scan.getApplicationChannel().getChannelType().getName().equals(ScannerType.MANUAL.getDisplayName())) { eventAction = EventAction.VULNERABILITY_OPEN_MANUAL; } else if (fromScanDeletion) { eventAction = EventAction.VULNERABILITY_OPEN_SCAN_DELETED; } else if (remapFinding) { eventAction = EventAction.VULNERABILITY_OPEN_REMAP_FINDING; } else { eventAction = EventAction.VULNERABILITY_OPEN_SCAN_UPLOAD; } return emitStoreVulnerabilityEvent(joinPoint, vulnerability, eventAction, scan, finding); } @Around("execution(* com.denimgroup.threadfix.service.VulnerabilityStatusService.closeVulnerability(..)) && args(vulnerability, scan, closeTime, fromScanDeletion, fromFindingsMerge)") public Object emitCloseVulnerabilityEvent(ProceedingJoinPoint joinPoint, Vulnerability vulnerability, Scan scan, Calendar closeTime, Boolean fromScanDeletion, Boolean fromFindingsMerge) throws Throwable { EventAction eventAction; if (fromFindingsMerge) { eventAction = EventAction.VULNERABILITY_CLOSE_FINDINGS_MERGE; } else if (fromScanDeletion) { eventAction = EventAction.VULNERABILITY_CLOSE_SCAN_DELETED; } else { eventAction = EventAction.VULNERABILITY_CLOSE_SCAN_UPLOAD; } return emitStoreVulnerabilityEvent(joinPoint, vulnerability, eventAction, scan, null); } @Around("execution(* com.denimgroup.threadfix.service.VulnerabilityStatusService.reopenVulnerability(..)) && args(vulnerability, scan, reopenTime)") public Object emitReopenVulnerabilityEvent(ProceedingJoinPoint joinPoint, Vulnerability vulnerability, Scan scan, Calendar reopenTime) throws Throwable { EventAction eventAction = EventAction.VULNERABILITY_REOPEN_SCAN_UPLOAD; return emitStoreVulnerabilityEvent(joinPoint, vulnerability, eventAction, scan, null); } @Around("execution(* com.denimgroup.threadfix.service.VulnerabilityStatusService.markVulnerabilityFalsePositive(..)) && args(vulnerability, scan, fromScanDeletion, remapFinding)") public Object emitMarkVulnerabilityFalsePositiveEvent(ProceedingJoinPoint joinPoint, Vulnerability vulnerability, Scan scan, Boolean fromScanDeletion, Boolean remapFinding) throws Throwable { EventAction eventAction = null; if ((scan == null) || scan.getApplicationChannel().getChannelType().getName() .equals(ScannerType.MANUAL.getDisplayName())) { eventAction = EventAction.VULNERABILITY_MARK_FALSE_POSITIVE_MANUAL; } else if (fromScanDeletion) { eventAction = EventAction.VULNERABILITY_MARK_FALSE_POSITIVE_SCAN_DELETED; } else if (remapFinding) { eventAction = EventAction.VULNERABILITY_MARK_FALSE_POSITIVE_REMAP_FINDING; } else { eventAction = EventAction.VULNERABILITY_MARK_FALSE_POSITIVE_SCAN_UPLOAD; } return emitStoreVulnerabilityEvent(joinPoint, vulnerability, eventAction, scan, null); } @Around("execution(* com.denimgroup.threadfix.service.VulnerabilityStatusService.unmarkVulnerabilityFalsePositive(..)) && args(vulnerability, scan, fromScanDeletion, remapFinding)") public Object emitUnmarkVulnerabilityFalsePositiveEvent(ProceedingJoinPoint joinPoint, Vulnerability vulnerability, Scan scan, Boolean fromScanDeletion, Boolean remapFinding) throws Throwable { EventAction eventAction = null; if ((scan == null) || scan.getApplicationChannel().getChannelType().getName() .equals(ScannerType.MANUAL.getDisplayName())) { eventAction = EventAction.VULNERABILITY_UNMARK_FALSE_POSITIVE_MANUAL; } else if (fromScanDeletion) { eventAction = EventAction.VULNERABILITY_UNMARK_FALSE_POSITIVE_SCAN_DELETED; } else if (remapFinding) { eventAction = EventAction.VULNERABILITY_UNMARK_FALSE_POSITIVE_REMAP_FINDING; } else { eventAction = EventAction.VULNERABILITY_UNMARK_FALSE_POSITIVE_SCAN_UPLOAD; } return emitStoreVulnerabilityEvent(joinPoint, vulnerability, eventAction, scan, null); } @Around("execution(* com.denimgroup.threadfix.data.dao.VulnerabilityDao.markAllClosed(..)) && args(vulns)") public Object emitMarkAllClosedVulnerabilityEvent(ProceedingJoinPoint joinPoint, List<Vulnerability> vulns) throws Throwable { EventAction eventAction = EventAction.VULNERABILITY_CLOSE_MANUAL; return emitStoreVulnerabilitiesEvents(joinPoint, vulns, eventAction, null); } @Around("execution(* com.denimgroup.threadfix.data.dao.VulnerabilityDao.markAllOpen(..)) && args(vulns)") public Object emitMarkAllOpenVulnerabilityEvent(ProceedingJoinPoint joinPoint, List<Vulnerability> vulns) throws Throwable { EventAction eventAction = EventAction.VULNERABILITY_REOPEN_MANUAL; return emitStoreVulnerabilitiesEvents(joinPoint, vulns, eventAction, null); } protected Object emitStoreVulnerabilityEvent(ProceedingJoinPoint joinPoint, Vulnerability vulnerability, EventAction eventAction, Scan scan, Finding finding) throws Throwable { Object proceed = joinPoint.proceed(); if (eventAction != null) { try { Event event = generateStoreVulnerabilityEvent(vulnerability, eventAction, scan, finding); publishEventTrackingEvent(event); } catch (Exception e) { log.error("Error while logging Event: " + eventAction + ", logging to database (visible under Error Messages)"); exceptionLogService.storeExceptionLog(new ExceptionLog(e)); } } return proceed; } protected Object emitStoreVulnerabilitiesEvents(ProceedingJoinPoint joinPoint, List<Vulnerability> vulns, EventAction eventAction, Scan scan) throws Throwable { Object proceed = joinPoint.proceed(); try { for (Vulnerability vulnerability : vulns) { Event event = generateStoreVulnerabilityEvent(vulnerability, eventAction, scan, null); publishEventTrackingEvent(event); } } catch (Exception e) { log.error("Error while logging Event: " + eventAction + ", logging to database (visible under Error Messages)"); exceptionLogService.storeExceptionLog(new ExceptionLog(e)); } return proceed; } protected Event generateStoreVulnerabilityEvent(Vulnerability vulnerability, EventAction eventAction, Scan scan, Finding finding) { Event event = new EventBuilder().setUser(userService.getCurrentUser()).setEventAction(eventAction) .setVulnerability(vulnerability).setApplication(vulnerability.getApplication()).setScan(scan) .setFinding(finding).generateEvent(); eventService.saveOrUpdate(event); return event; } @Around("execution(* com.denimgroup.threadfix.service.VulnerabilityCommentService.addCommentToVuln(..)) && args(comment, vulnerabilityId)") public Object emitVulnerabilityCommentEvent(ProceedingJoinPoint joinPoint, VulnerabilityComment comment, Integer vulnerabilityId) throws Throwable { Object proceed = joinPoint.proceed(); try { if (proceed.equals(VulnerabilityCommentService.VALID)) { Event event = generateVulnerabilityCommentEvent(comment, vulnerabilityId); publishEventTrackingEvent(event); } } catch (Exception e) { log.error("Error while logging Event: " + EventAction.VULNERABILITY_COMMENT + ", logging to database (visible under Error Messages)"); exceptionLogService.storeExceptionLog(new ExceptionLog(e)); } return proceed; } protected Event generateVulnerabilityCommentEvent(VulnerabilityComment comment, Integer vulnerabilityId) { Vulnerability vulnerability = vulnerabilityService.loadVulnerability(vulnerabilityId); Event event = new EventBuilder().setUser(userService.getCurrentUser()) .setEventAction(EventAction.VULNERABILITY_COMMENT).setVulnerabilityComment(comment) .setVulnerability(vulnerability).setApplication(vulnerability.getApplication()).generateEvent(); eventService.saveOrUpdate(event); return event; } }