Skip to content

Instantly share code, notes, and snippets.

@bobrich

bobrich/gist:f4fa5562a52feae3f4f5

Created May 2, 2014 01:27
Show Gist options
  • Save bobrich/f4fa5562a52feae3f4f5 to your computer and use it in GitHub Desktop.
Save bobrich/f4fa5562a52feae3f4f5 to your computer and use it in GitHub Desktop.
Download ZIP
Threadfix changes
Raw
gistfile1.txt
diff --git a/threadfix-main/src/main/java/com/denimgroup/threadfix/data/entities/Finding.java b/threadfix-main/src/main/java/com/denimgroup/threadfix/data/entities/Finding.java
index 35fa3db..3c8cb3a 100644
--- a/threadfix-main/src/main/java/com/denimgroup/threadfix/data/entities/Finding.java
+++ b/threadfix-main/src/main/java/com/denimgroup/threadfix/data/entities/Finding.java
@@ -46,6 +46,9 @@
private static final long serialVersionUID = 5978786078427181952L;
public static final int LONG_DESCRIPTION_LENGTH = 2047;
+ public static final int ATTACK_STRING_LENGTH = 65535;
+ public static final int ATTACK_REQUEST_LENGTH = 65535;
+ public static final int ATTACK_RESPONSE_LENGTH = 1048575;
public static final int NATIVE_ID_LENGTH = 50;
public static final int SOURCE_FILE_LOCATION_LENGTH = 128;
@@ -56,6 +59,17 @@
@Size(max = LONG_DESCRIPTION_LENGTH, message = "{errors.maxlength} " + LONG_DESCRIPTION_LENGTH + ".")
private String longDescription;
+ @Size(max = ATTACK_STRING_LENGTH, message = "{errors.maxlength} " + ATTACK_STRING_LENGTH + ".")
+ private String attackString;
+
+ @Size(max = ATTACK_REQUEST_LENGTH, message = "{errors.maxlength} " + ATTACK_REQUEST_LENGTH + ".")
+ private String attackRequest;
+
+ @Size(max = ATTACK_RESPONSE_LENGTH, message = "{errors.maxlength} " + ATTACK_RESPONSE_LENGTH + ".")
+ private String attackResponse;
+
+
+
private ChannelVulnerability channelVulnerability;
@Size(max = NATIVE_ID_LENGTH, message = "{errors.maxlength} " + NATIVE_ID_LENGTH + ".")
@@ -221,6 +235,34 @@
return longDescription;
}
+ @Column(length = ATTACK_STRING_LENGTH)
+ public String getAttackString() {
+ return attackString;
+ }
+
+ public void setAttackString(String attackString) {
+ this.attackString = attackString;
+ }
+
+ @Column(length = ATTACK_REQUEST_LENGTH)
+ public String getAttackRequest() {
+ return attackRequest;
+ }
+
+ public void setAttackRequest(String attackRequest) {
+ this.attackRequest = attackRequest;
+ }
+
+
+ @Column(length = ATTACK_RESPONSE_LENGTH)
+ public String getAttackResponse() {
+ return attackResponse;
+ }
+
+ public void setAttackResponse(String attackResponse) {
+ this.attackResponse = attackResponse;
+ }
+
@Column(nullable = false)
public boolean isFirstFindingForVuln() {
return isFirstFindingForVuln;
diff --git a/threadfix-main/src/main/java/com/denimgroup/threadfix/data/entities/Vulnerability.java b/threadfix-main/src/main/java/com/denimgroup/threadfix/data/entities/Vulnerability.java
index c9f5e3a..55946f5 100644
--- a/threadfix-main/src/main/java/com/denimgroup/threadfix/data/entities/Vulnerability.java
+++ b/threadfix-main/src/main/java/com/denimgroup/threadfix/data/entities/Vulnerability.java
@@ -354,7 +354,7 @@
@Transient
public void closeVulnerability(Scan scan, Calendar closeTime) {
- active = false;
+/* active = false;
if (closeTime == null) {
this.closeTime = Calendar.getInstance();
} else {
@@ -364,7 +364,7 @@
// This constructor maps the objects for us
if (scan != null) {
new ScanCloseVulnerabilityMap(this, scan);
- }
+ }*/
}
@Transient
diff --git a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/AbstractChannelImporter.java b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/AbstractChannelImporter.java
index 315fc55..eea2875 100644
--- a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/AbstractChannelImporter.java
+++ b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/AbstractChannelImporter.java
@@ -96,7 +96,7 @@
protected static final String FILE_CHECK_COMPLETED = "File check completed.";
protected enum FindingKey {
- VULN_CODE, PATH, PARAMETER, SEVERITY_CODE, NATIVE_ID, CVE, CWE
+ VULN_CODE, PATH, PARAMETER, SEVERITY_CODE, NATIVE_ID, CVE, CWE, VALUE, REQUEST, RESPONSE
}
// A stream pointing to the scan's contents. Set with either setFile or
@@ -259,7 +259,10 @@
findingMap.get(FindingKey.PARAMETER),
findingMap.get(FindingKey.VULN_CODE),
findingMap.get(FindingKey.SEVERITY_CODE),
- findingMap.get(FindingKey.CWE));
+ findingMap.get(FindingKey.CWE),
+ findingMap.get(FindingKey.VALUE),
+ findingMap.get(FindingKey.REQUEST),
+ findingMap.get(FindingKey.RESPONSE));
}
/**
@@ -289,7 +292,26 @@
* @return
*/
protected Finding constructFinding(String url, String parameter,
- String channelVulnerabilityCode, String channelSeverityCode, String cweCode) {
+ String channelVulnerabilityCode, String channelSeverityCode, String cweCode) {
+ return constructFinding(url, parameter, channelVulnerabilityCode, channelSeverityCode, cweCode, null, null, null);
+ }
+ /**
+ *
+ * This method can be used to construct a finding out of the
+ * important common information that findings have.
+ * @param url
+ * @param parameter
+ * @param channelVulnerabilityCode
+ * @param channelSeverityCode
+ * @param cweCode
+ * @param parameterValue
+ * @param request
+ * @param response
+ * @return
+ */
+ protected Finding constructFinding(String url, String parameter,
+ String channelVulnerabilityCode, String channelSeverityCode, String cweCode, String parameterValue,
+ String request, String response) {
if (channelVulnerabilityCode == null || channelVulnerabilityCode.isEmpty())
return null;
@@ -329,6 +351,19 @@
finding.setSurfaceLocation(location);
+ if (parameterValue != null && parameterValue.length() > Finding.ATTACK_STRING_LENGTH)
+ parameterValue = parameterValue.substring(0,Finding.ATTACK_STRING_LENGTH-20) + "\n\n<truncated>\n";
+ finding.setAttackString(parameterValue);
+
+ if (request != null && request.length() > Finding.ATTACK_REQUEST_LENGTH)
+ request = request.substring(0,Finding.ATTACK_REQUEST_LENGTH-20) + "\n\n<truncated>\n";
+
+ finding.setAttackRequest(request);
+
+ if (response != null && response.length() > Finding.ATTACK_RESPONSE_LENGTH)
+ response = response.substring(0,Finding.ATTACK_RESPONSE_LENGTH-20) + "\n\n<truncated>\n";
+ finding.setAttackResponse(response);
+
ChannelVulnerability channelVulnerability = null;
if (channelVulnerabilityCode != null) {
channelVulnerability = getChannelVulnerability(channelVulnerabilityCode);
@@ -359,6 +394,7 @@
}
finding.setChannelVulnerability(channelVulnerability);
+
ChannelSeverity channelSeverity = null;
if (channelSeverityCode != null)
@@ -736,8 +772,8 @@
int result = scan.getImportTime().compareTo(testDate);
if (result == 0)
return ScanImportStatus.DUPLICATE_ERROR;
- else if (result > 0)
- return ScanImportStatus.OLD_SCAN_ERROR;
+// else if (result > 0)
+// return ScanImportStatus.OLD_SCAN_ERROR;
}
}
}
diff --git a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/ArachniChannelImporter.java b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/ArachniChannelImporter.java
index c600d25..0a6ec93 100644
--- a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/ArachniChannelImporter.java
+++ b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/ArachniChannelImporter.java
@@ -37,6 +37,7 @@
import com.denimgroup.threadfix.data.entities.ChannelType;
import com.denimgroup.threadfix.data.entities.Finding;
import com.denimgroup.threadfix.data.entities.Scan;
+import com.denimgroup.threadfix.service.channel.AbstractChannelImporter.FindingKey;
import com.denimgroup.threadfix.webapp.controller.ScanCheckResultBean;
/**
@@ -52,6 +53,9 @@
tagMap.put("variable", FindingKey.PARAMETER);
tagMap.put("var", FindingKey.PARAMETER);
tagMap.put("url", FindingKey.PATH);
+ tagMap.put("injected", FindingKey.VALUE);
+ tagMap.put("request", FindingKey.REQUEST);
+ tagMap.put("html", FindingKey.RESPONSE);
}
// Since the severity mappings are static and not included in the XML output,
@@ -170,6 +174,11 @@
inFinding = false;
} else if (inFinding && itemKey != null) {
String currentItem = getBuilderText();
+
+ if (currentItem != null && "RESPONSE".equals(itemKey.toString())){
+ //these are base64 encoded in the xml
+ currentItem = new String(javax.xml.bind.DatatypeConverter.parseBase64Binary(currentItem));
+ }
if (currentItem != null && findingMap.get(itemKey) == null) {
findingMap.put(itemKey, currentItem);
diff --git a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/BurpSuiteChannelImporter.java b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/BurpSuiteChannelImporter.java
index 3053713..410fa17 100644
--- a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/BurpSuiteChannelImporter.java
+++ b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/BurpSuiteChannelImporter.java
@@ -28,6 +28,8 @@
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.HashMap;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import org.springframework.beans.factory.annotation.Autowired;
import org.xml.sax.Attributes;
@@ -53,6 +55,8 @@
private static final String REST_URL_PARAM = "REST URL parameter";
private static final String MANUAL_INSERTION_POINT = "manual insertion point";
private static final HashMap<String, String> SEVERITY_MAP = new HashMap<String, String>();
+ private static Pattern pattern = Pattern.compile("The payload <b>(.*)</b> was submitted");
+
static {
SEVERITY_MAP.put("deformation", "Information");
SEVERITY_MAP.put("eddium", "Medium");
@@ -116,7 +120,13 @@
private boolean getHostText = false;
private boolean getBackupParameter = false;
private boolean getSerialNumber = false;
+ private Boolean getParamValueText = false;
+ private Boolean getRequestText = false;
+ private Boolean getResponseText = false;
+ private String currentParameterValue = null;
+ private String currentRequest = null;
+ private String currentResponse = null;
private String currentChannelVulnCode = null;
private String currentUrlText = null;
private String currentParameter = null;
@@ -161,6 +171,11 @@
atts.getValue("exportTime"));
} else if ("request".equals(qName)) {
getBackupParameter = true;
+ getRequestText = true;
+ } else if ("response".equals(qName)) {
+ getResponseText = true;
+ } else if ("issueDetail".equals(qName)) {
+ getParamValueText = true;
}
}
@@ -187,6 +202,25 @@
} else if (getSerialNumber) {
currentSerialNumber = getBuilderText();
getSerialNumber = false;
+ } else if (getParamValueText) {
+ currentParameterValue = getBuilderText();
+ Matcher m = pattern.matcher(currentParameterValue);
+ if (m.find()){
+ currentParameterValue = m.group(1);
+ } else {
+ currentParameterValue = "";
+ }
+ getParamValueText = false;
+ } else if (getRequestText) {
+ currentRequest = getBuilderText();
+ if (currentRequest != null)
+ currentRequest = new String(javax.xml.bind.DatatypeConverter.parseBase64Binary(currentRequest));
+ getRequestText = false;
+ } else if (getResponseText) {
+ currentResponse = getBuilderText();
+ if (currentResponse != null)
+ currentResponse = new String(javax.xml.bind.DatatypeConverter.parseBase64Binary(currentResponse));
+ getResponseText = false;
} else if (getSeverityText) {
currentSeverityCode = getBuilderText();
getSeverityText = false;
@@ -222,7 +256,7 @@
currentSeverityCode = SEVERITY_MAP.get(currentSeverityCode.toLowerCase());
}
Finding finding = constructFinding(currentHostText + currentUrlText, currentParameter,
- currentChannelVulnCode, currentSeverityCode);
+ currentChannelVulnCode, currentSeverityCode, null, currentParameterValue, currentRequest, currentResponse);
add(finding);
@@ -232,13 +266,17 @@
currentUrlText = null;
currentSerialNumber = null;
currentBackupParameter = null;
+ currentParameterValue = null;
+ currentRequest = null;
+ currentResponse = null;
}
}
public void characters (char ch[], int start, int length)
{
if (getChannelVulnText || getHostText || getUrlText || getParamText ||
- getSeverityText || getBackupParameter || getSerialNumber) {
+ getSeverityText || getBackupParameter || getSerialNumber ||
+ getParamValueText || getRequestText || getResponseText) {
addTextToBuilder(ch,start,length);
}
}
diff --git a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/NTOSpiderChannelImporter.java b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/NTOSpiderChannelImporter.java
index ca8ff85..2a29422 100644
--- a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/NTOSpiderChannelImporter.java
+++ b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/NTOSpiderChannelImporter.java
@@ -51,6 +51,9 @@
tagMap.put("attackscore", FindingKey.SEVERITY_CODE);
tagMap.put("parametername", FindingKey.PARAMETER);
tagMap.put("normalizedurl", FindingKey.PATH);
+ tagMap.put("attackvalue", FindingKey.VALUE);
+ tagMap.put("request", FindingKey.REQUEST);
+ tagMap.put("response", FindingKey.RESPONSE);
}
private static final String VULN_TAG = "vuln", SCAN_DATE = "scandate",
@@ -122,7 +125,15 @@
inFinding = false;
} else if (inFinding && itemKey != null) {
String currentItem = getBuilderText();
- if (currentItem != null && findingMap.get(itemKey) == null) {
+ if (currentItem != null &&
+ ("REQUEST".equals(itemKey.toString()) || "RESPONSE".equals(itemKey.toString()))){
+ //these are base64 encoded in the xml
+ currentItem = new String(javax.xml.bind.DatatypeConverter.parseBase64Binary(currentItem));
+ }
+
+ //NTO vulnerabilities have multiple attack details per vulnerability, with an extra attackvalue sent at the beginning
+ //because of this we allow them to be overwritten in the findingMap to grab the last instance
+ if (currentItem != null ){ // && findingMap.get(itemKey) == null) {
findingMap.put(itemKey, currentItem);
}
itemKey = null;
diff --git a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/NetsparkerChannelImporter.java b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/NetsparkerChannelImporter.java
index 2e60a00..288ba75 100644
--- a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/NetsparkerChannelImporter.java
+++ b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/channel/NetsparkerChannelImporter.java
@@ -70,11 +70,17 @@
private Boolean getUrlText = false;
private Boolean getParamText = false;
private Boolean getSeverityText = false;
+ private Boolean getParamValueText = false;
+ private Boolean getRequestText = false;
+ private Boolean getResponseText = false;
private String currentChannelVulnCode = null;
private String currentUrlText = null;
private String currentParameter = null;
private String currentSeverityCode = null;
+ private String currentParameterValue = null;
+ private String currentRequest = null;
+ private String currentResponse = null;
private String host = null;
@@ -101,6 +107,12 @@
getParamText = true;
} else if ("severity".equals(qName)) {
getSeverityText = true;
+ } else if("vulnerableparametervalue".equals(qName)){
+ getParamValueText = true;
+ } else if("rawrequest".equals(qName)){
+ getRequestText = true;
+ } else if("rawresponse".equals(qName)){
+ getResponseText = true;
} else if ("netsparker".equals(qName)) {
date = getCalendarFromString("MM/dd/yyyy hh:mm:ss a", atts.getValue("generated"));
}
@@ -120,6 +132,15 @@
} else if (getParamText) {
currentParameter = getBuilderText();
getParamText = false;
+ } else if (getParamValueText) {
+ currentParameterValue = getBuilderText();
+ getParamValueText = false;
+ } else if (getRequestText) {
+ currentRequest = getBuilderText();
+ getRequestText = false;
+ } else if (getResponseText) {
+ currentResponse = getBuilderText();
+ getResponseText = false;
} else if (getSeverityText) {
currentSeverityCode = getBuilderText();
getSeverityText = false;
@@ -127,7 +148,7 @@
if ("vulnerability".equals(qName)) {
Finding finding = constructFinding(currentUrlText, currentParameter,
- currentChannelVulnCode, currentSeverityCode);
+ currentChannelVulnCode, currentSeverityCode, null, currentParameterValue, currentRequest, currentResponse);
// The old XML format didn't include severities. As severities are required
// for vulnerabilities to show on the application page, let's assign medium
@@ -143,12 +164,15 @@
currentSeverityCode = null;
currentParameter = null;
currentUrlText = null;
+ currentParameterValue = null;
+ currentRequest = null;
+ currentResponse = null;
}
}
public void characters (char ch[], int start, int length)
{
- if (getChannelVulnText || getUrlText || getParamText || getSeverityText) {
+ if (getChannelVulnText || getUrlText || getParamText || getSeverityText || getParamValueText || getRequestText || getResponseText) {
addTextToBuilder(ch, start, length);
}
}
diff --git a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/report/ReportsServiceImpl.java b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/report/ReportsServiceImpl.java
index f3fd990..c60e17a 100644
--- a/threadfix-main/src/main/java/com/denimgroup/threadfix/service/report/ReportsServiceImpl.java
+++ b/threadfix-main/src/main/java/com/denimgroup/threadfix/service/report/ReportsServiceImpl.java
@@ -707,6 +707,10 @@
if (vuln == null || (!vuln.isActive() && !vuln.getIsFalsePositive())) {
continue;
}
+ Finding finding = null;
+ if ( vuln.getFindings() != null && vuln.getFindings().size() > 0){
+ finding = vuln.getFindings().get(0);
+ }
String openedDate = formatter.format(vuln.getOpenTime().getTime());
// Orders of positions: CWE ID, CWE Name, Path, Parameter, Severity, Open Date, Defect ID
rowParamsList.add(Arrays.asList(vuln.getGenericVulnerability().getId().toString(),
@@ -715,7 +719,12 @@
vuln.getSurfaceLocation().getParameter(),
vuln.getGenericSeverity().getName(),
openedDate,
- (vuln.getDefect() == null) ? "" : vuln.getDefect().getId().toString()));
+ (vuln.getDefect() == null) ? "" : vuln.getDefect().getId().toString(),
+ (finding == null) ? "" : finding.getAttackString(),
+ (finding == null) ? "" : finding.getChannelVulnerability().getChannelType().getName(),
+ (finding == null) ? "" : finding.getNativeId()
+ )
+ );
}
}
return rowParamsList;
diff --git a/threadfix-main/src/main/resources/.gitignore b/threadfix-main/src/main/resources/.gitignore
new file mode 100644
index 0000000..b2bb0f6
--- /dev/null
+++ b/threadfix-main/src/main/resources/.gitignore
@@ -0,0 +1 @@
+/threadfix-backup.script.original
diff --git a/threadfix-main/src/main/resources/threadfix-backup.script b/threadfix-main/src/main/resources/threadfix-backup.script
index b91044e..ebb7eab 100644
--- a/threadfix-main/src/main/resources/threadfix-backup.script
+++ b/threadfix-main/src/main/resources/threadfix-backup.script
@@ -29,7 +29,7 @@
CREATE MEMORY TABLE DOCUMENT(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,ACTIVE BOOLEAN NOT NULL,CREATEDDATE TIMESTAMP NOT NULL,MODIFIEDDATE TIMESTAMP NOT NULL,CONTENTTYPE VARCHAR(255),FILE LONGVARBINARY,NAME VARCHAR(50) NOT NULL,TYPE VARCHAR(10),APPLICATIONID INTEGER,VULNERABILITYID INTEGER,CONSTRAINT FK3737353BC96E039C FOREIGN KEY(APPLICATIONID) REFERENCES APPLICATION(ID))
CREATE MEMORY TABLE EMPTYSCAN(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,ALREADYPROCESSED BOOLEAN NOT NULL,DATEUPLOADED TIMESTAMP,FILENAME VARCHAR(100) NOT NULL,APPLICATIONCHANNELID INTEGER,CONSTRAINT FK22CE714AD1ED50A0 FOREIGN KEY(APPLICATIONCHANNELID) REFERENCES APPLICATIONCHANNEL(ID))
CREATE MEMORY TABLE EXCEPTIONLOG(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,UUID VARCHAR(36),EXCEPTIONSTACKTRACE LONGVARCHAR,EXCEPTIONTOSTRING LONGVARCHAR,MESSAGE VARCHAR(256),TIME TIMESTAMP,TYPE VARCHAR(256))
-CREATE MEMORY TABLE FINDING(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,ACTIVE BOOLEAN NOT NULL,CREATEDDATE TIMESTAMP NOT NULL,MODIFIEDDATE TIMESTAMP NOT NULL,DISPLAYID VARCHAR(50),FIRSTFINDINGFORVULN BOOLEAN NOT NULL,ISSTATIC BOOLEAN NOT NULL,LONGDESCRIPTION VARCHAR(2047),MARKEDFALSEPOSITIVE BOOLEAN,NATIVEID VARCHAR(50),NUMBERMERGEDRESULTS INTEGER,SOURCEFILELOCATION VARCHAR(128),CHANNELSEVERITYID INTEGER,CHANNELVULNERABILITYID INTEGER,DEPENDENCYID INTEGER,SCANID INTEGER,SURFACELOCATIONID INTEGER,USERID INTEGER,VULNERABILITYID INTEGER,CONSTRAINT FK305E33699240CF0 FOREIGN KEY(DEPENDENCYID) REFERENCES DEPENDENCY(ID),CONSTRAINT FK305E33694BC6129C FOREIGN KEY(CHANNELSEVERITYID) REFERENCES CHANNELSEVERITY(ID),CONSTRAINT FK305E3369E2A500AC FOREIGN KEY(CHANNELVULNERABILITYID) REFERENCES CHANNELVULNERABILITY(ID))
+CREATE MEMORY TABLE FINDING(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,ACTIVE BOOLEAN NOT NULL,CREATEDDATE TIMESTAMP NOT NULL,MODIFIEDDATE TIMESTAMP NOT NULL,DISPLAYID VARCHAR(50),FIRSTFINDINGFORVULN BOOLEAN NOT NULL,ISSTATIC BOOLEAN NOT NULL,LONGDESCRIPTION VARCHAR(2047),MARKEDFALSEPOSITIVE BOOLEAN,NATIVEID VARCHAR(50),NUMBERMERGEDRESULTS INTEGER,SOURCEFILELOCATION VARCHAR(128),CHANNELSEVERITYID INTEGER,CHANNELVULNERABILITYID INTEGER,DEPENDENCYID INTEGER,SCANID INTEGER,SURFACELOCATIONID INTEGER,USERID INTEGER,VULNERABILITYID INTEGER,ATTACKVALUE VARCHAR(65535),ATTACKREQUEST VARCHAR(65535),ATTACKRESPONSE VARCHAR(1048575),CONSTRAINT FK305E33699240CF0 FOREIGN KEY(DEPENDENCYID) REFERENCES DEPENDENCY(ID),CONSTRAINT FK305E33694BC6129C FOREIGN KEY(CHANNELSEVERITYID) REFERENCES CHANNELSEVERITY(ID),CONSTRAINT FK305E3369E2A500AC FOREIGN KEY(CHANNELVULNERABILITYID) REFERENCES CHANNELVULNERABILITY(ID))
CREATE MEMORY TABLE GENERICSEVERITY(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,INTVALUE INTEGER NOT NULL,NAME VARCHAR(50) NOT NULL)
CREATE MEMORY TABLE GENERICVULNERABILITY(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,NAME VARCHAR(256) NOT NULL)
CREATE MEMORY TABLE JOBSTATUS(ID INTEGER GENERATED BY DEFAULT AS IDENTITY(START WITH 1) NOT NULL PRIMARY KEY,ENDDATE TIMESTAMP,HASSTARTEDPROCESSING BOOLEAN NOT NULL,MODIFIEDDATE TIMESTAMP NOT NULL,OPEN BOOLEAN NOT NULL,SCANDATE TIMESTAMP,STARTDATE TIMESTAMP NOT NULL,STATUS VARCHAR(128),TYPE VARCHAR(128),URLPATH VARCHAR(128),URLTEXT VARCHAR(128),APPLICATIONCHANNELID INTEGER,CONSTRAINT FKBABFF5EFD1ED50A0 FOREIGN KEY(APPLICATIONCHANNELID) REFERENCES APPLICATIONCHANNEL(ID))
diff --git a/threadfix-main/src/main/webapp/WEB-INF/views/applications/vulnerability.jsp b/threadfix-main/src/main/webapp/WEB-INF/views/applications/vulnerability.jsp
index ff83bd5..6e00ebc 100644
--- a/threadfix-main/src/main/webapp/WEB-INF/views/applications/vulnerability.jsp
+++ b/threadfix-main/src/main/webapp/WEB-INF/views/applications/vulnerability.jsp
@@ -28,6 +28,7 @@
<h2>Vulnerability Details
<span style="font-size:10pt;">
<a href="#statisticsDiv" data-toggle="collapse" class="btn header-button">Toggle More Info</a>
+ <a href="#attackDiv" data-toggle="collapse" class="btn header-button">Toggle Attack Info</a>
</span>
</h2>
@@ -336,6 +337,23 @@
</a>
</td>
</tr>
+ <tr><td colspan=20 cellpadding="0">
+ <div id="attackDiv" style="margin: 0; padding: 0;" class="container-fluid collapse">
+ <table class="table table-striped" cellspacing="0" cellpadding="0" width="100%">
+ <tr>
+ <th valign=top>Attack String</th><td colspan=20 id="attackString${ status.count }"><c:out value="${ finding.attackString }" /></td>
+ </tr>
+ <tr>
+ <th valign=top>Attack Request</th><td colspan=20 id="attackRequest${ status.count } "><pre><c:out value="${ finding.attackRequest }"/></pre></td>
+ </tr>
+ <tr>
+ <th valign=top>Attack Response</th><td colspan=20 id="attackResponse${ status.count } "><pre><c:out value="${ finding.attackResponse }"/></pre></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+
</c:forEach>
</tbody>
</table>
diff --git a/threadfix-main/src/main/webapp/WEB-INF/views/reports/vulnerabilityList.jsp b/threadfix-main/src/main/webapp/WEB-INF/views/reports/vulnerabilityList.jsp
index 80c7772..a535c62 100644
--- a/threadfix-main/src/main/webapp/WEB-INF/views/reports/vulnerabilityList.jsp
+++ b/threadfix-main/src/main/webapp/WEB-INF/views/reports/vulnerabilityList.jsp
@@ -31,7 +31,10 @@
<th>Parameter</th>
<th>Severity</th>
<th>Open Date</th>
- <th class="last">Defect ID</th>
+ <th>Defect ID</th>
+ <th>Attack String</th>
+ <th>Scanner</th>
+ <th class="last">Native ID</th>
</tr>
</thead>
diff --git a/threadfix-main/src/main/webapp/WEB-INF/views/scans/findingDetail.jsp b/threadfix-main/src/main/webapp/WEB-INF/views/scans/findingDetail.jsp
index e808776..1b8a3dc 100644
--- a/threadfix-main/src/main/webapp/WEB-INF/views/scans/findingDetail.jsp
+++ b/threadfix-main/src/main/webapp/WEB-INF/views/scans/findingDetail.jsp
@@ -81,6 +81,19 @@
<c:if test="${ empty finding.displayId }"><c:out value="${ finding.nativeId }" /></c:if>
</td>
</tr>
+ <tr>
+ <td class="bold" >Attack String</td>
+ <td class="inputValue"><c:out value="${ finding.attackString }"/></td>
+ </tr>
+ <tr>
+ <td class="bold" valign=top>Attack Request</td>
+ <td class="inputValue" style="word-wrap: break-word;"><PRE><c:out value="${ finding.attackRequest }"/></PRE></td>
+ </tr>
+ <tr>
+ <td class="bold" valign=top>Attack Response</td>
+ <td class="inputValue" style="word-wrap: break-word;"><PRE><c:out value="${ finding.attackResponse }"/></PRE></td>
+ </tr>
+
</c:if>
<c:if test="${ not empty finding.dependency }">
<tr>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment