com.aspectsecurity.contrast.contrastjenkins

Class VulnerabilityTrendHelper

java.lang.Object

com.aspectsecurity.contrast.contrastjenkins.VulnerabilityTrendHelper

public class VulnerabilityTrendHelper
extends Object

Field Summary

Fields

Modifier and Type	Field and Description
static String	EMPTY_SELECT
static List<String>	SEVERITIES

Constructor Summary

Constructors

Constructor and Description
VulnerabilityTrendHelper()

Method Summary

Modifier and Type	Method and Description
static boolean	appExistsInProfile(String teamServerProfileName, String appTitle)
static String	buildAppVersionTag(hudson.model.Run<?,?> build, String applicationId)
static String	buildAppVersionTagHierarchical(hudson.model.Run<?,?> build, String applicationId)
static com.contrastsecurity.sdk.ContrastSDK	createSDK(String username, String serviceKey, String apiKey, String teamServerUrl)
static com.contrastsecurity.models.AgentType	getAgentTypeFromString(String type)
static hudson.util.ListBoxModel	getAgentTypeListBoxModel() The available agent types for the configuration dropdown
static com.contrastsecurity.models.Traces	getAllTraces(com.contrastsecurity.sdk.ContrastSDK sdk, String organizationId, String applicationId, com.contrastsecurity.http.TraceFilterForm filter) Collection of all traces
static String	getAppIdFromAppTitle(String appTitle) get app id from app title in the post build action combo box
static hudson.util.ListBoxModel	getApplicationIds(String teamServerProfileName) The apps for a profile
static hudson.util.ComboBoxModel	getApplicationIdsComboBoxModel(String teamServerProfileName) The apps for a profile
static String	getAppNameFromAppTitle(String appTitle) get the application name from the app title.
static String	getDefaultAgentFileNameFromString(String type)
static List<GlobalThresholdCondition>	getGlobalThresholdConditions(String profileName)
static hudson.model.Result	getJenkinsResultFromJobOutcome(com.contrastsecurity.models.JobOutcomePolicy.Outcome outcome)
static TeamServerProfile	getProfile(String profileName)
static TeamServerProfile	getProfile(String profileName, ContrastPluginConfig.ContrastPluginConfigDescriptor contrastPluginConfigDescriptor)
static hudson.util.ListBoxModel	getProfileNames() The configured profile names for the dropdowns
static EnumSet<com.contrastsecurity.http.RuleSeverity>	getSeverityList(String severity) Returns the sublist of severities greater than or equal to the configured severity level
static hudson.util.ListBoxModel	getSeverityListBoxModel() The available severities for the configuration dropdowns
static List<ThresholdCondition>	getThresholdConditions(List<ThresholdCondition> thresholdConditions, List<GlobalThresholdCondition> globalThresholdConditions) Helper method for combining global threshold conditions and threshold conditions configured in jobs.
static String	getVulnerabilityInfoString(com.contrastsecurity.models.Traces traces) Number of traces by severity
static hudson.util.ListBoxModel	getVulnerabilityTypes(String teamServerProfileName) The vulnerability types for a profile
static boolean	isApplicableEnabledJobOutcomePolicyExist(com.contrastsecurity.sdk.ContrastSDK sdk, String organizationUuid, String applicationId)
static boolean	isEnabledJobOutcomePolicyExist(com.contrastsecurity.sdk.ContrastSDK sdk, String organizationUuid) Checks to see if the organization has a job outcome policy that is enabled
static void	logMessage(hudson.model.TaskListener listener, String msg) Helper method for logging messages.
static com.contrastsecurity.models.SecurityCheck	makeSecurityCheck(com.contrastsecurity.sdk.ContrastSDK sdk, String organizationUuid, String applicationId, Long jobStartTime, int queryBy, com.contrastsecurity.http.TraceFilterForm filterForm)
static List<App>	saveApplicationIds(com.contrastsecurity.sdk.ContrastSDK sdk, String organizationUuid) Retrieves the applications
static List<VulnerabilityType>	saveRules(com.contrastsecurity.sdk.ContrastSDK sdk, String organizationUuid) Retrieves the enabled rules for an organization

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

EMPTY_SELECT

public static final String EMPTY_SELECT

See Also:

Constant Field Values

SEVERITIES

public static final List<String> SEVERITIES

Constructor Detail

VulnerabilityTrendHelper

public VulnerabilityTrendHelper()

Method Detail

createSDK

public static com.contrastsecurity.sdk.ContrastSDK createSDK(String username,
                                                             String serviceKey,
                                                             String apiKey,
                                                             String teamServerUrl)

getProfile

public static TeamServerProfile getProfile(String profileName)

getProfile

public static TeamServerProfile getProfile(String profileName,
                                           ContrastPluginConfig.ContrastPluginConfigDescriptor contrastPluginConfigDescriptor)

getGlobalThresholdConditions

public static List<GlobalThresholdCondition> getGlobalThresholdConditions(String profileName)

getThresholdConditions

public static List<ThresholdCondition> getThresholdConditions(List<ThresholdCondition> thresholdConditions,
                                                              List<GlobalThresholdCondition> globalThresholdConditions)

Helper method for combining global threshold conditions and threshold conditions configured in jobs.

Parameters:

thresholdConditions -

globalThresholdConditions -

logMessage

public static void logMessage(hudson.model.TaskListener listener,
                              String msg)

Helper method for logging messages.

Parameters:

listener - Listener

msg - String to log

getSeverityList

public static EnumSet<com.contrastsecurity.http.RuleSeverity> getSeverityList(String severity)

Returns the sublist of severities greater than or equal to the configured severity level

Parameters:

severity - include severity to filter with severity list with

Returns:

list of severity strings

saveRules

public static List<VulnerabilityType> saveRules(com.contrastsecurity.sdk.ContrastSDK sdk,
                                                String organizationUuid)

Retrieves the enabled rules for an organization

Parameters:

sdk - Contrast SDK object

organizationUuid - uuid of the organization

getSeverityListBoxModel

public static hudson.util.ListBoxModel getSeverityListBoxModel()

The available severities for the configuration dropdowns

Returns:

ListBoxModel of severities

getProfileNames

public static hudson.util.ListBoxModel getProfileNames()

The configured profile names for the dropdowns

Returns:

ListBoxModel of TeamServer profile names

getVulnerabilityTypes

public static hudson.util.ListBoxModel getVulnerabilityTypes(String teamServerProfileName)

The vulnerability types for a profile

Parameters:

teamServerProfileName - Name of the profile

Returns:

ListBoxModel of vulnerability types

getAgentTypeListBoxModel

public static hudson.util.ListBoxModel getAgentTypeListBoxModel()

The available agent types for the configuration dropdown

Returns:

ListBoxModel of agent types

getAgentTypeFromString

public static com.contrastsecurity.models.AgentType getAgentTypeFromString(String type)

getDefaultAgentFileNameFromString

public static String getDefaultAgentFileNameFromString(String type)

buildAppVersionTag

public static String buildAppVersionTag(hudson.model.Run<?,?> build,
                                        String applicationId)

buildAppVersionTagHierarchical

public static String buildAppVersionTagHierarchical(hudson.model.Run<?,?> build,
                                                    String applicationId)

getVulnerabilityInfoString

public static String getVulnerabilityInfoString(com.contrastsecurity.models.Traces traces)

Number of traces by severity

Parameters:

traces -

Returns:

String with the number of traces for each severity.

getAllTraces

public static com.contrastsecurity.models.Traces getAllTraces(com.contrastsecurity.sdk.ContrastSDK sdk,
                                                              String organizationId,
                                                              String applicationId,
                                                              com.contrastsecurity.http.TraceFilterForm filter)
                                                       throws IOException,
                                                              com.contrastsecurity.exceptions.UnauthorizedException

Collection of all traces

Parameters:

sdk - ContrastSDK instance

organizationId - Organization ID of the application

applicationId - Application ID (optional)

filter - TraceFormFilter to limit results

Returns:

Traces object

Throws:

IOException

com.contrastsecurity.exceptions.UnauthorizedException

getApplicationIds

public static hudson.util.ListBoxModel getApplicationIds(String teamServerProfileName)

The apps for a profile

Parameters:

teamServerProfileName - Name of the profile

Returns:

ListBoxModel of apps

getApplicationIdsComboBoxModel

public static hudson.util.ComboBoxModel getApplicationIdsComboBoxModel(String teamServerProfileName)

The apps for a profile

Parameters:

teamServerProfileName - Name of the profile

Returns:

ComboBoxModel of apps

appExistsInProfile

public static boolean appExistsInProfile(String teamServerProfileName,
                                         String appTitle)

getAppIdFromAppTitle

@Nullable
public static String getAppIdFromAppTitle(String appTitle)

get app id from app title in the post build action combo box

Parameters:

appTitle - for example: WebGoat (a123745f-5857-45e4-a278-ddb5012e1996)

Returns:

appId

getAppNameFromAppTitle

public static String getAppNameFromAppTitle(String appTitle)

get the application name from the app title.

Parameters:

appTitle -

Returns:

saveApplicationIds

public static List<App> saveApplicationIds(com.contrastsecurity.sdk.ContrastSDK sdk,
                                           String organizationUuid)

Retrieves the applications

Parameters:

sdk - Contrast SDK object

organizationUuid - uuid of the organization

makeSecurityCheck

public static com.contrastsecurity.models.SecurityCheck makeSecurityCheck(com.contrastsecurity.sdk.ContrastSDK sdk,
                                                                          String organizationUuid,
                                                                          String applicationId,
                                                                          Long jobStartTime,
                                                                          int queryBy,
                                                                          com.contrastsecurity.http.TraceFilterForm filterForm)
                                                                   throws IOException,
                                                                          com.contrastsecurity.exceptions.UnauthorizedException

Throws:

IOException

com.contrastsecurity.exceptions.UnauthorizedException

getJenkinsResultFromJobOutcome

public static hudson.model.Result getJenkinsResultFromJobOutcome(com.contrastsecurity.models.JobOutcomePolicy.Outcome outcome)
                                                          throws VulnerabilityTrendHelperException

Throws:

VulnerabilityTrendHelperException

isEnabledJobOutcomePolicyExist

public static boolean isEnabledJobOutcomePolicyExist(com.contrastsecurity.sdk.ContrastSDK sdk,
                                                     String organizationUuid)
                                              throws IOException,
                                                     com.contrastsecurity.exceptions.UnauthorizedException

Checks to see if the organization has a job outcome policy that is enabled

Parameters:

sdk - Contrast SDK

organizationUuid - uuid of the organization

Returns:

true = an enabled job outcome policy exists, false = no enabled job outcome policy exist

Throws:

IOException

com.contrastsecurity.exceptions.UnauthorizedException

isApplicableEnabledJobOutcomePolicyExist

public static boolean isApplicableEnabledJobOutcomePolicyExist(com.contrastsecurity.sdk.ContrastSDK sdk,
                                                               String organizationUuid,
                                                               String applicationId)
                                                        throws IOException,
                                                               com.contrastsecurity.exceptions.UnauthorizedException

Throws:

IOException

com.contrastsecurity.exceptions.UnauthorizedException