Package com.denimgroup.threadfix.service.translator

Source Code of com.denimgroup.threadfix.service.translator.FullSourceFindingProcessor

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2014 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.service.translator;

import com.denimgroup.threadfix.data.entities.Finding;
import com.denimgroup.threadfix.data.entities.Scan;
import com.denimgroup.threadfix.data.interfaces.Endpoint;
import com.denimgroup.threadfix.framework.engine.ProjectConfig;
import com.denimgroup.threadfix.framework.engine.ThreadFixInterface;
import com.denimgroup.threadfix.framework.engine.cleaner.PathCleaner;
import com.denimgroup.threadfix.framework.engine.cleaner.PathCleanerFactory;
import com.denimgroup.threadfix.framework.engine.full.EndpointDatabase;
import com.denimgroup.threadfix.framework.engine.full.EndpointDatabaseFactory;
import com.denimgroup.threadfix.framework.engine.parameter.ParameterParser;
import com.denimgroup.threadfix.framework.engine.parameter.ParameterParserFactory;
import com.denimgroup.threadfix.logging.SanitizedLogger;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;

class FullSourceFindingProcessor implements FindingProcessor {

    private static final SanitizedLogger LOG = new SanitizedLogger(FullSourceFindingProcessor.class);

    @Nullable
    private final EndpointDatabase database;

    @Nullable
    private final ParameterParser parameterParser;

    @Nonnull
    private final FindingProcessor noSourceProcessor;

    private int numberMissed = 0, total = 0, foundParameter;
    private long startTime = 0L;

    public FullSourceFindingProcessor(ProjectConfig config, Scan scan) {
        PathCleaner cleaner = PathCleanerFactory.getPathCleaner(
                config.getFrameworkType(), ThreadFixInterface.toPartialMappingList(scan));

        noSourceProcessor = new NoSourceFindingProcessor(cleaner);

        database = EndpointDatabaseFactory.getDatabase(config.getRootFile(),
                config.getFrameworkType(), cleaner);

        parameterParser = ParameterParserFactory.getParameterParser(config);

        startTime = System.currentTimeMillis();

        LOG.info("Initialized with EndpointDatabase = " + database);
        LOG.info("Initialized with PathCleaner = " + cleaner);
        LOG.info("Initialized with ParameterParser = " + parameterParser);
    }

    @Override
    public void process(@Nonnull Finding finding) {
        String parameter = null;
        Endpoint endpoint = null;
        total++;

        if (parameterParser != null) {
            if (finding.getSurfaceLocation() != null) {
                parameter = parameterParser.parse(ThreadFixInterface.toEndpointQuery(finding));
                foundParameter++;
                finding.getSurfaceLocation().setParameter(parameter);
            }
        }

        if (database != null) {
            endpoint = database.findBestMatch(ThreadFixInterface.toEndpointQuery(finding));
        }

        if (endpoint != null) {
            finding.setCalculatedFilePath(endpoint.getFilePath());
            finding.setCalculatedUrlPath(endpoint.getUrlPath());

            if (parameter != null) {
                finding.setEntryPointLineNumber(endpoint.getLineNumberForParameter(parameter));
            } else {
                finding.setEntryPointLineNumber(endpoint.getStartingLineNumber());
            }

        } else {

            numberMissed++;

            // let's try without the parameter in order to degrade gracefully
            noSourceProcessor.process(finding);
        }
    }

    @Override
    public void printStatistics() {
        LOG.info("Printing statistics for FullSourceFindingProcessor.");

        LOG.info("Successfully found endpoints for " + (total - numberMissed) +
                " out of " + total + " findings " +
                "(" + (100.0 * (total - numberMissed) / total) + "%).");
        LOG.info("Successfully found parameters for " + foundParameter +
                " out of " + total + " findings " +
                "(" + (100.0 * foundParameter / total) + "%)");
        LOG.info("Processing took " + (System.currentTimeMillis() - startTime) + " ms.");

        noSourceProcessor.printStatistics();
    }
}
TOP

Related Classes of com.denimgroup.threadfix.service.translator.FullSourceFindingProcessor

  • com.denimgroup.threadfix.data.interfaces.Endpoint
  • com.denimgroup.threadfix.framework.engine.cleaner.PathCleaner
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.