Source Code of com.denimgroup.threadfix.service.ChannelVulnerabilityServiceImpl

////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2014 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.service;

import com.denimgroup.threadfix.data.dao.ChannelTypeDao;
import com.denimgroup.threadfix.data.dao.ChannelVulnerabilityDao;
import com.denimgroup.threadfix.data.dao.GenericVulnerabilityDao;
import com.denimgroup.threadfix.data.entities.ChannelType;
import com.denimgroup.threadfix.data.entities.ChannelVulnerability;
import com.denimgroup.threadfix.data.entities.GenericVulnerability;
import com.denimgroup.threadfix.data.entities.VulnerabilityMap;
import com.denimgroup.threadfix.importer.util.IntegerUtils;
import com.denimgroup.threadfix.logging.SanitizedLogger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import java.util.Arrays;
import java.util.List;

@Service
@Transactional(readOnly = false) // used to be true
public class ChannelVulnerabilityServiceImpl implements ChannelVulnerabilityService {

    @Autowired
    private ChannelVulnerabilityDao channelVulnerabilityDao;
    @Autowired
    private ChannelTypeDao          channelTypeDao;
    @Autowired
    private GenericVulnerabilityDao genericVulnerabilityDao;

    private static final SanitizedLogger LOG = new SanitizedLogger(ChannelVulnerabilityService.class);

    @Override
    public List<ChannelVulnerability> loadSuggested(String prefix) {
        return channelVulnerabilityDao.retrieveSuggested(prefix);
    }

    @Override
    public boolean isValidManualName(String code) {
        return channelVulnerabilityDao.isValidManualName(code);
    }

    @Override
    public List<ChannelVulnerability> loadAllManual() {
        return channelVulnerabilityDao.retrieveAllManual();
    }

    @Override
    public MappingCreateResult createMapping(String channelName, String channelVulnerabilityCode, String genericVulnerabilityId) {
        Integer integerId = IntegerUtils.getIntegerOrNull(genericVulnerabilityId);
        if (integerId == null) {
            throw new IllegalArgumentException("Invalid Generic Vulnerability ID: " + genericVulnerabilityId);
        }

        final MappingCreateResult result;

        ChannelType channelType = channelTypeDao.retrieveByName(channelName);

        if (channelType == null) {
            LOG.warn("Invalid ChannelType (" + channelName + ") submitted.");
            result = MappingCreateResult.BAD_CHANNEL_TYPE;
        } else {

            ChannelVulnerability channelVulnerability =
                    channelVulnerabilityDao.retrieveByCode(channelType, channelVulnerabilityCode);

            if (channelVulnerability == null) {
                LOG.info("Channel Vulnerability lookup by code failed, trying by name.");
                channelVulnerability =
                        channelVulnerabilityDao.retrieveByName(channelType, channelVulnerabilityCode);
            }

            if (channelVulnerability == null) {
                LOG.warn("Invalid ChannelVulnerability code (" + channelVulnerabilityCode + ") submitted.");
                result = MappingCreateResult.BAD_CHANNEL_VULNERABILITY;
            } else {

                GenericVulnerability genericVulnerability =
                        genericVulnerabilityDao.retrieveByDisplayId(integerId);

                if (genericVulnerability == null) {
                    LOG.warn("Unable to find GenericVulnerability with code " + genericVulnerabilityId);
                    result = MappingCreateResult.BAD_GENERIC_VULNERABILITY_ID;
                } else {

                    VulnerabilityMap newMap = new VulnerabilityMap();
                    newMap.setChannelVulnerability(channelVulnerability);
                    newMap.setGenericVulnerability(genericVulnerability);

                    channelVulnerability.setVulnerabilityMaps(Arrays.asList(newMap));
                    channelVulnerability.setUserCreated(true);

                    channelVulnerabilityDao.saveOrUpdate(channelVulnerability);

                    result = MappingCreateResult.SUCCESS;
                }
            }
        }

        LOG.info("CreateMapping result was " + result);

        return result;
    }
}