Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.denimgroup.threadfix.remote.ThreadFixRestClientImpl Maven / Gradle / Ivy
////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2009-2016 Denim Group, Ltd.
//
// The contents of this file are subject to the Mozilla Public License
// Version 2.0 (the "License"); you may not use this file except in
// compliance with the License. You may obtain a copy of the License at
// http://www.mozilla.org/MPL/
//
// Software distributed under the License is distributed on an "AS IS"
// basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
// License for the specific language governing rights and limitations
// under the License.
//
// The Original Code is ThreadFix.
//
// The Initial Developer of the Original Code is Denim Group, Ltd.
// Portions created by Denim Group, Ltd. are Copyright (C)
// Denim Group, Ltd. All Rights Reserved.
//
// Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.remote;
import com.denimgroup.threadfix.VulnerabilityInfo;
import com.denimgroup.threadfix.data.entities.*;
import com.denimgroup.threadfix.logging.SanitizedLogger;
import com.denimgroup.threadfix.properties.PropertiesManager;
import com.denimgroup.threadfix.remote.response.RestResponse;
import com.denimgroup.threadfix.viewmodels.DynamicFormField;
import java.io.File;
import java.util.*;
import static com.denimgroup.threadfix.CollectionUtils.array;
import static com.denimgroup.threadfix.CollectionUtils.list;
import static com.denimgroup.threadfix.remote.HttpRestUtils.encode;
import static com.denimgroup.threadfix.remote.HttpRestUtils.encodeDoublePercent;
public class ThreadFixRestClientImpl implements ThreadFixRestClient {
private static final SanitizedLogger LOGGER = new SanitizedLogger(ThreadFixRestClientImpl.class);
final HttpRestUtils httpRestUtils;
final PropertiesManager propertiesManager;
/**
* Default constructor that will read configuration from a local .properties file
*/
public ThreadFixRestClientImpl() {
propertiesManager = new PropertiesManager();
httpRestUtils = new HttpRestUtils(propertiesManager);
}
public ThreadFixRestClientImpl(PropertiesManager manager) {
propertiesManager = manager;
httpRestUtils = new HttpRestUtils(propertiesManager);
}
/**
* Custom constructor for when you want to use the in-memory properties
*
* @param url URL for the ThreadFix server
* @param apiKey API key to use when accessing the ThreadFix server
*/
public ThreadFixRestClientImpl(String url, String apiKey) {
propertiesManager = new PropertiesManager();
propertiesManager.setMemoryKey(apiKey);
propertiesManager.setMemoryUrl(url);
httpRestUtils = new HttpRestUtils(propertiesManager);
}
public RestResponse createApplication(String teamId, String name, String url) {
return httpRestUtils.httpPost("/teams/" + teamId + "/applications/new",
new String[] { "name", "url"},
new String[] { name, url},
Application.class);
}
public RestResponse setParameters(String appId, String frameworkType, String repositoryUrl) {
return httpRestUtils.httpPost("/applications/" + appId + "/setParameters",
new String[] {"frameworkType", "repositoryUrl"},
new String[] { frameworkType, repositoryUrl},
Application.class);
}
public RestResponse createTeam(String name) {
return httpRestUtils.httpPost("/teams/new",
new String[] {"name"},
new String[] { name },
Organization.class);
}
public RestResponse deleteTeam(String teamId) {
return httpRestUtils.httpPost("/teams/" + teamId + "/delete",
new String[] {},
new String[] {},
String.class);
}
public RestResponse updateTeam(String teamId, String name) {
return httpRestUtils.httpPut("/teams/" + teamId +"/update",
new String[] {"name"},
new String[] { name },
Object.class);
}
public RestResponse getRules(String wafId, String appId) {
return httpRestUtils.httpGet("/wafs/" + wafId + "/rules" + "/app/" + appId, String.class);
}
public RestResponse searchForWafByName(String name) {
return httpRestUtils.httpGet("/wafs/lookup", "&name=" + encode(name), Waf.class);
}
public RestResponse searchForWafById(String wafId) {
return httpRestUtils.httpGet("/wafs/" + wafId, Waf.class);
}
public RestResponse getWafs() {
return httpRestUtils.httpGet("/wafs/", Waf[].class);
}
public RestResponse uploadWafLog(String wafId, File logFile) {
return httpRestUtils.httpPostFile("/wafs/" + wafId + "/uploadLog",
logFile, new String[]{}, new String[]{}, Object.class);
}
public RestResponse createWaf(String name, String type) {
return httpRestUtils.httpPost("/wafs/new",
new String[] {"name", "type"},
new String[] { name, type},
Waf.class);
}
/**
*
* @param appId
* @param wafId
* @return
*/
public RestResponse addWaf(String appId, String wafId) {
return httpRestUtils.httpPost("/applications/" + appId + "/setWaf",
new String[]{"wafId"},
new String[]{wafId},
Application.class);
}
public RestResponse getAllTeams() {
return httpRestUtils.httpGet("/teams/", Organization[].class);
}
public RestResponse getAllTeamsPrettyPrint() {
final RestResponse teams = getAllTeams();
if (teams.success && teams.object.length > 0) {
StringBuilder outputBuilder = new StringBuilder();
for (Organization team : teams.object) {
List applications = team.getApplications();
if (team.isActive()) {
String teamName = team.getName();
if (!applications.isEmpty()) {
for (Application application : applications) {
boolean applicationActive = application.isActive();
if (applicationActive) {
String applicationName = application.getName();
Integer id = application.getId();
outputBuilder.append(teamName);
outputBuilder.append(";");
outputBuilder.append(applicationName);
outputBuilder.append(";");
outputBuilder.append(id);
outputBuilder.append("\n");
}
}
} else {
outputBuilder.append(teamName);
outputBuilder.append(": No Applications Found \n");
}
}
}
if(outputBuilder.length() > 0){
outputBuilder.setLength(outputBuilder.length() - 1);
} else {
outputBuilder.append("No applications");
}
String outputString = outputBuilder.toString();
RestResponse response = RestResponse.success(outputString);
response.setJsonString(outputString);
return response;
} else {
return RestResponse.failure("No Teams found.");
}
}
public RestResponse searchForApplicationById(String id) {
return httpRestUtils.httpGet("/applications/" + id, Application.class);
}
public RestResponse searchForApplicationByName(String name, String teamName) {
return httpRestUtils.httpGet("/applications/" + encodeDoublePercent(teamName) + "/lookup",
"&name=" + encode(name), Application.class);
}
public RestResponse searchForApplicationInTeamByUniqueId(String uniqueId, String teamName) {
return httpRestUtils.httpGet("/applications/" + encodeDoublePercent(teamName) + "/lookup",
"&uniqueId=" + encode(uniqueId), Application.class);
}
@Override
public RestResponse updateApplication(String appId, String name, String url, String uniqueId,
String applicationCriticality, String frameworkType, String repositoryType, String repositoryUrl,
String repositoryBranch, String repositoryUserName, String repositoryPassword,
String repositoryFolder) {
List paramNames = new ArrayList();
List paramValues = new ArrayList();
if (name != null) {
paramNames.add("name");
paramValues.add(name);
}
if (url != null) {
paramNames.add("url");
paramValues.add(url);
}
if (uniqueId != null) {
paramNames.add("uniqueId");
paramValues.add(uniqueId);
}
if (applicationCriticality != null) {
paramNames.add("applicationCriticality");
paramValues.add(applicationCriticality);
}
if (frameworkType != null) {
paramNames.add("frameworkType");
paramValues.add(frameworkType);
}
if (repositoryType != null) {
paramNames.add("repositoryType");
paramValues.add(repositoryType);
}
if (repositoryUrl != null) {
paramNames.add("repositoryUrl");
paramValues.add(repositoryUrl);
}
if (repositoryBranch != null) {
paramNames.add("repositoryBranch");
paramValues.add(repositoryBranch);
}
if (repositoryUserName != null) {
paramNames.add("repositoryUserName");
paramValues.add(repositoryUserName);
}
if (repositoryPassword != null) {
paramNames.add("repositoryPassword");
paramValues.add(repositoryPassword);
}
if (repositoryFolder != null) {
paramNames.add("repositoryFolder");
paramValues.add(repositoryFolder);
}
if (paramNames.size() == 0) {
throw new IllegalArgumentException("At least one new parameter need to be set.");
}
return httpRestUtils.httpPut("/applications/" + appId +"/update",
paramNames.toArray(new String[paramNames.size()]),
paramValues.toArray(new String[paramValues.size()]),
Object.class);
}
public RestResponse searchForTeamById(String id) {
return httpRestUtils.httpGet("/teams/" + id, Organization.class);
}
public RestResponse searchForTeamByName(String name) {
return httpRestUtils.httpGet("/teams/lookup", "&name=" + encode(name), Organization.class);
}
public void setKey(String key) {
propertiesManager.setKey(key);
}
public void setUrl(String url) {
propertiesManager.setUrl(url);
}
public void setOutputFilePath(String outputFilePath) {
propertiesManager.setOutputFilePath(outputFilePath);
}
public void setMemoryKey(String key) {
propertiesManager.setMemoryKey(key);
}
public void setMemoryUrl(String url) {
propertiesManager.setMemoryUrl(url);
}
public RestResponse uploadScan(String applicationId, List filePaths) {
return httpRestUtils.httpPostMultFile("/applications/" + applicationId + "/upload/multi",
filePaths, new String[]{"bulkUpload"}, new String[]{"false"}, Scan.class);
}
public RestResponse uploadScan(String applicationId, String filePath) {
return uploadScan(applicationId, list(filePath));
}
public RestResponse uploadSingleScan(String applicationId, String filePath) {
return httpRestUtils.httpPostFile("/applications/" + applicationId + "/upload",
filePath, new String[]{}, new String[]{}, Scan.class);
}
public RestResponse uploadMultiScan(String applicationId, List filePaths){
return httpRestUtils.httpPostMultFile("/applications/" + applicationId + "/upload/multi",
filePaths, array("bulkUpload"), array("true"), Scan[].class);
}
public RestResponse queueScan(String applicationId, String scannerType) {
return queueScan(applicationId, scannerType, null, null);
}
@Override
public RestResponse queueScan(String applicationId, String scannerType, String targetURL, String scanConfigId) {
return httpRestUtils.httpPost("/tasks/queueScan",
new String[] { "applicationId", "scannerType", "targetURL", "scanConfigId" },
new String[] { applicationId, scannerType, targetURL, scanConfigId },
ScanQueueTask.class);
}
public RestResponse searchForScanById(String scanId) {
return httpRestUtils.httpGet("/scans/" + scanId, Scan.class);
}
public RestResponse getScansForApplication(String applicationId) {
return httpRestUtils.httpGet("applications/" + applicationId + "/scans", Scan[].class);
}
public RestResponse addAppUrl(String appId, String url) {
return httpRestUtils.httpPost("/applications/" + appId + "/addUrl",
new String[] {"url"},
new String[] { url },
Application.class);
}
public RestResponse setTaskConfig(String appId, String scannerType, String filePath) {
String url = "/tasks/setTaskConfig";
String[] paramNames = { "appId", "scannerType" };
String[] paramValues = { appId, scannerType };
return httpRestUtils.httpPostFile(url, new File(filePath), paramNames, paramValues, String.class);
}
public RestResponse addDynamicFinding(String applicationId, String vulnType, String severity,
String nativeId, String parameter, String longDescription,
String fullUrl, String path) {
return httpRestUtils.httpPost("/applications/" + applicationId +
"/addFinding",
new String[]{"vulnType", "severity",
"nativeId", "parameter", "longDescription",
"fullUrl", "path", "isStatic"},
new String[]{vulnType, severity,
nativeId, parameter, longDescription,
fullUrl, path, "false"}, Finding.class);
}
public RestResponse addStaticFinding(String applicationId, String vulnType, String severity,
String nativeId, String parameter, String longDescription,
String filePath, String column, String lineText, String lineNumber) {
return httpRestUtils.httpPost("/applications/" + applicationId +
"/addFinding",
new String[]{"vulnType", "severity",
"nativeId", "parameter", "longDescription",
"filePath", "column", "lineText", "lineNumber", "isStatic"},
new String[]{vulnType, severity,
nativeId, parameter, longDescription,
filePath, column, lineText, lineNumber, "true"}, Finding.class);
}
@Override
public RestResponse createTag(String name, String tagType) {
return httpRestUtils.httpPost("/tags/new",
new String[] { "name", "tagType" },
new String[] { name, tagType }, Tag.class);
}
@Override
public RestResponse searchTagById(String id) {
return httpRestUtils.httpGet("/tags/" + id, Tag.class);
}
@Override
public RestResponse searchTagsByName(String name) {
return httpRestUtils.httpGet("/tags/lookup", "&name=" + encode(name), Tag[].class);
}
@Override
public RestResponse getTags() {
return httpRestUtils.httpGet("/tags/index", Map.class);
}
@Override
public RestResponse getAllTags() {
return httpRestUtils.httpGet("/tags/list", Tag[].class);
}
@Override
public RestResponse addAppTag(String appId, String tagId) {
return httpRestUtils.httpPost("/applications/" + appId + "/tags/add/" + tagId, new String[]{}, new String[]{}, Application.class);
}
@Override
public RestResponse removeAppTag(String appId, String tagId) {
return httpRestUtils.httpPost("/applications/" + appId + "/tags/remove/" + tagId, new String[]{}, new String[]{}, Application.class);
}
@Override
public RestResponse updateTag(String tagId, String name) {
return httpRestUtils.httpPost("/tags/" + tagId + "/update",
new String[] {"name" },
new String[] { name }, Tag.class);
}
@Override
public RestResponse removeTag(String tagId) {
return httpRestUtils.httpPost("/tags/" + tagId + "/delete",
new String[] { },
new String[] { }, String.class);
}
// TODO find a better way to serialize this into a VulnerabilitySearchParameters form.
@Override
public RestResponse searchVulnerabilities(List genericVulnerabilityIds,
List teamIds, List applicationIds, List scannerNames,
List genericSeverityValues, Integer numberVulnerabilities, String parameter, String path,
Date startDate, Date endDate, Boolean showOpen, Boolean showClosed, Boolean showFalsePositive,
Boolean showHidden, Integer numberMerged, Boolean showDefectPresent, Boolean showDefectNotPresent,
Boolean showDefectOpen, Boolean showDefectClosed, Boolean showInconsistentClosedDefectNeedsScan,
Boolean showInconsistentClosedDefectOpenInScan, Boolean showInconsistentOpenDefect,
Boolean includeCustomText) {
List paramNames = new ArrayList();
List paramValues = new ArrayList();
addArrayFields(genericVulnerabilityIds, "genericVulnerabilities", "id", paramNames, paramValues);
addArrayFields(teamIds, "teams", "id", paramNames, paramValues);
addArrayFields(applicationIds, "applications", "id", paramNames, paramValues);
addArrayFields(genericSeverityValues, "genericSeverities", "intValue", paramNames, paramValues);
addArrayFields(scannerNames, "channelTypes", "name", paramNames, paramValues);
if (numberVulnerabilities != null) {
paramNames.add("numberVulnerabilities");
paramValues.add(numberVulnerabilities.toString());
}
if (parameter != null) {
paramNames.add("parameter");
paramValues.add(parameter);
}
if (path != null) {
paramNames.add("path");
paramValues.add(path);
}
if (startDate != null) {
paramNames.add("startDate");
paramValues.add(String.valueOf(startDate.getTime()));
}
if (endDate != null) {
paramNames.add("endDate");
paramValues.add(String.valueOf(endDate.getTime()));
}
if (showOpen != null) {
paramNames.add("showOpen");
paramValues.add(showOpen.toString());
}
if (showClosed != null) {
paramNames.add("showClosed");
paramValues.add(showClosed.toString());
}
if (showFalsePositive != null) {
paramNames.add("showFalsePositive");
paramValues.add(showFalsePositive.toString());
}
if (showHidden != null) {
paramNames.add("showHidden");
paramValues.add(showHidden.toString());
}
if (showDefectPresent != null) {
paramNames.add("showDefectPresent");
paramValues.add(showDefectPresent.toString());
}
if (showDefectNotPresent != null) {
paramNames.add("showDefectNotPresent");
paramValues.add(showDefectNotPresent.toString());
}
if (showDefectOpen != null) {
paramNames.add("showDefectOpen");
paramValues.add(showDefectOpen.toString());
}
if (showDefectClosed != null) {
paramNames.add("showDefectClosed");
paramValues.add(showDefectClosed.toString());
}
if (showInconsistentClosedDefectNeedsScan != null) {
paramNames.add("showInconsistentClosedDefectNeedsScan");
paramValues.add(showInconsistentClosedDefectNeedsScan.toString());
}
if (showInconsistentClosedDefectOpenInScan != null) {
paramNames.add("showInconsistentClosedDefectOpenInScan");
paramValues.add(showInconsistentClosedDefectOpenInScan.toString());
}
if (showInconsistentOpenDefect != null) {
paramNames.add("showInconsistentOpenDefect");
paramValues.add(showInconsistentOpenDefect.toString());
}
if (numberMerged != null) {
paramNames.add("numberMerged");
paramValues.add(numberMerged.toString());
}
if (includeCustomText != null) {
paramNames.add("includeCustomText");
paramValues.add(includeCustomText.toString());
}
assert paramNames.size() == paramValues.size() : "Mismatched param names and values. This probably won't work.";
return httpRestUtils.httpPost("/vulnerabilities", paramNames.toArray(new String[paramNames.size()]),
paramValues.toArray(new String[paramValues.size()]), VulnerabilityInfo[].class);
}
private void addArrayFields(List ids, String key, String field, List paramNames, List paramValues) {
if (ids != null) {
for (int i = 0; i < ids.size(); i++) {
paramNames.add(key + "[" + i + "]." + field);
paramValues.add(String.valueOf(ids.get(i)));
}
}
}
@Override
public void setUnsafeFlag(boolean unsafeFlag) {
this.httpRestUtils.setUnsafeFlag(unsafeFlag);
}
@Override
public RestResponse addVulnComment(Integer vulnId, String comment, String commentTagIds) {
return httpRestUtils.httpPost("/vulnerabilities/" + vulnId + "/addComment",
new String[] { "comment", "commentTagIds" },
new String[] { comment, commentTagIds }, String.class);
}
public RestResponse submitDefect(String[] paramNames, String[] paramValues, Integer appId) {
return httpRestUtils.httpPost("/defects/" + appId + "/defectSubmission",
paramNames,
paramValues,
Object.class);
}
public RestResponse submitDefect(String[] paramNames, String[] paramValues, Integer appId, Integer appTrackerId) {
return httpRestUtils.httpPost("/applications/" + appId + "/appTrackers/" + appTrackerId + "/defectSubmission",
paramNames,
paramValues,
Object.class);
}
public RestResponse getDefectTrackerFields(Integer appId) {
return httpRestUtils.httpGet("/defects/" + appId + "/defectTrackerFields", DynamicFormField[].class);
}
public RestResponse getDefectTrackerFields(Integer appId, Integer appTrackerId) {
return httpRestUtils.httpGet("/applications/" + appId + "/appTrackers/"+appTrackerId+"/defectTrackerFields", DynamicFormField[].class);
}
@Override
public RestResponse searchForApplicationsByUniqueId(String uniqueId) {
return httpRestUtils.httpGet("/applications/allTeamLookup",
"&uniqueId=" + encode(uniqueId), Application[].class);
}
@Override
public RestResponse searchForApplicationsByTagId(String tagId) {
return httpRestUtils.httpGet("/tags/" + tagId + "/listApplications", Application[].class);
}
@Override
public RestResponse newDefectTracker(String defectTrackerTypeId, String name, String url,
String defaultUsername, String defaultPassword,
String defaultProductName) {
return httpRestUtils.httpPost("/defectTrackers/new",
new String[] { "defectTrackerTypeId", "name", "url", "defaultUsername", "defaultPassword", "defaultProductName" },
new String[] { defectTrackerTypeId, name, url, defaultUsername, defaultPassword, defaultProductName },
DefectTracker.class);
}
@Override
public RestResponse listDefectTrackerProjects(String defectTrackerId) {
return httpRestUtils.httpGet("/defectTrackers/" + defectTrackerId + "/projects", Object.class);
}
@Override
public RestResponse listDefectTrackerTypes() {
return httpRestUtils.httpGet("/defectTrackers/types", Object.class);
}
@Override
public RestResponse applicationSetDefectTracker(String applicationId, String defectTrackerId, String username,
String password, String projectName) {
return httpRestUtils.httpPost("/applications/" + applicationId + "/appTrackers/addDefectTracker",
new String[] { "defectTrackerId", "username", "password", "projectName" },
new String[] { defectTrackerId, username, password, projectName },
Object.class);
}
public RestResponse deletePolicy(String policyId) {
return httpRestUtils.httpPost("/policy/" + policyId + "/delete",
new String[] { },
new String[] { },
String.class);
}
@Override
public RestResponse deleteScheduledEmailReport(String scheduledEmailReportId) {
return httpRestUtils.httpPost("/scheduledEmailReport/" + scheduledEmailReportId + "/delete",
new String[] { },
new String[] { },
String.class);
}
@Override
public RestResponse deleteVulnerabilityFilter(String vulnerabilityFilterId) {
return httpRestUtils.httpPost("/configuration/filters/" + vulnerabilityFilterId + "/delete",
new String[] { },
new String[] { },
String.class);
}
@Override
public RestResponse setCustomSeverityName(String customSeverityId, String customName) {
return httpRestUtils.httpPost("/severities/" + customSeverityId + "/setCustomName",
new String[] { "customName" },
new String[] { customName },
String.class);
}
@Override
public RestResponse editSeverityFilter(String info, String low, String medium, String high,
String critical, String enabled, String appId, String teamId) {
return httpRestUtils.httpPost("/configuration/filters/severityFilter/set",
new String[] { "showInfo", "showLow", "showMedium", "showHigh", "showCritical", "enabled", "appId", "teamId" },
new String[] { info, low, medium, high, critical, enabled, appId, teamId },
String.class);
}
@Override
public RestResponse deleteScanResultFilter(String id) {
return httpRestUtils.httpPost("/customize/scannerSeverities/" + id + "/delete",
new String[] { },
new String[] { },
String.class);
}
@Override
public RestResponse deleteChannelFilter(String id) {
return httpRestUtils.httpPost("/configuration/filters/" + id + "/deleteChannelFilter",
new String[]{},
new String[]{},
String.class);
}
public RestResponse setCustomCweText(String cweId, String customText) {
return httpRestUtils.httpPost("/cwe/" + cweId + "/setCustomText",
new String[] { "customText" },
new String[] { customText },
Object.class);
}
@Override
public RestResponse updateCweEntries(String filePath){
return httpRestUtils.httpPost("/cwe/updateCWE",new String []{"updateCSV"}, new String[]{filePath},String.class);
}
// CICD
@Override
public RestResponse listCICDPolicies(){
return httpRestUtils.httpGet("/cicd/policy", String[].class);
}
@Override
public RestResponse getCICDPolicy(String fileName){
return httpRestUtils.httpGet("/cicd/policy/details","fileName="+fileName,String.class, fileName);
}
@Override
public RestResponse uploadCICDPolicy(String filePath){
List filePaths = list(filePath);
return httpRestUtils.httpPostMultFile("/cicd/policy/upload",filePaths,new String []{}, new String[]{},String.class);
}
@Override
public RestResponse deleteCICDPolicy(String filePath){
return httpRestUtils.httpPost("/cicd/policy/delete",new String []{"policyName"}, new String[]{filePath},String.class);
}
}
