View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2022 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.reporting;
19  
20  import io.github.jeremylong.openvulnerability.client.nvd.CvssV2;
21  import io.github.jeremylong.openvulnerability.client.nvd.CvssV3;
22  
23  /**
24   *
25   * @author Jeremy Long
26   */
27  public class SarifRule {
28  
29      /**
30       * The rule id.
31       */
32      private String id;
33      /**
34       * The short description.
35       */
36      private String shortDescription;
37      /**
38       * The full description.
39       */
40      private String fullDescription;
41      /**
42       * The name of the rule.
43       */
44      private String name;
45      /**
46       * CVSS V2 field.
47       */
48      private String cvssv2Score;
49      /**
50       * CVSS V2 field.
51       */
52      private String cvssv2AccessVector;
53      /**
54       * CVSS V2 field.
55       */
56      private String cvssv2AccessComplexity;
57      /**
58       * CVSS V2 field.
59       */
60      private String cvssv2Authentication;
61      /**
62       * CVSS V2 field.
63       */
64      private String cvssv2ConfidentialityImpact;
65      /**
66       * CVSS V2 field.
67       */
68      private String cvssv2IntegrityImpact;
69      /**
70       * CVSS V2 field.
71       */
72      private String cvssv2AvailabilityImpact;
73      /**
74       * CVSS V2 field.
75       */
76      private String cvssv2Severity;
77      /**
78       * CVSS V2 field.
79       */
80      private String cvssv2Version;
81      /**
82       * CVSS V2 field.
83       */
84      private String cvssv2ExploitabilityScore;
85      /**
86       * CVSS V2 field.
87       */
88      private String cvssv2ImpactScore;
89      /**
90       * CVSS V3 field.
91       */
92      private String cvssv3BaseScore;
93      /**
94       * CVSS V3 field.
95       */
96      private String cvssv3AttackVector;
97      /**
98       * CVSS V3 field.
99       */
100     private String cvssv3AttackComplexity;
101     /**
102      * CVSS V3 field.
103      */
104     private String cvssv3PrivilegesRequired;
105     /**
106      * CVSS V3 field.
107      */
108     private String cvssv3UserInteraction;
109     /**
110      * CVSS V3 field.
111      */
112     private String cvssv3Scope;
113     /**
114      * CVSS V3 field.
115      */
116     private String cvssv3ConfidentialityImpact;
117     /**
118      * CVSS V3 field.
119      */
120     private String cvssv3IntegrityImpact;
121     /**
122      * CVSS V3 field.
123      */
124     private String cvssv3AvailabilityImpact;
125     /**
126      * CVSS V3 field.
127      */
128     private String cvssv3BaseSeverity;
129     /**
130      * CVSS V3 field.
131      */
132     private String cvssv3ExploitabilityScore;
133     /**
134      * CVSS V3 field.
135      */
136     private String cvssv3ImpactScore;
137     /**
138      * CVSS V3 field.
139      */
140     private String cvssv3Version;
141     /**
142      * The source of the rule.
143      */
144     private String source;
145 
146     /**
147      * Constructs a new SARIF rule object.
148      *
149      * @param name the name of the rule
150      * @param shortDescription the short description
151      * @param fullDescription the full description
152      * @param source the source
153      * @param cvssV2 the CVSS v2 score
154      * @param cvssV3 the CVSS v3 score
155      */
156     public SarifRule(String name, String shortDescription, String fullDescription,
157             String source, CvssV2 cvssV2, CvssV3 cvssV3) {
158         this.id = name;
159         this.name = name;
160         this.shortDescription = shortDescription;
161         this.fullDescription = fullDescription;
162         this.source = source;
163         if (cvssV2 != null) {
164             if (cvssV2.getCvssData().getBaseScore() != null) {
165                 this.cvssv2Score = cvssV2.getCvssData().getBaseScore().toString();
166             }
167             if (cvssV2.getCvssData().getAccessVector() != null) {
168                 this.cvssv2AccessVector = cvssV2.getCvssData().getAccessVector().name();
169             }
170             if (cvssV2.getCvssData().getAccessComplexity() != null) {
171                 this.cvssv2AccessComplexity = cvssV2.getCvssData().getAccessComplexity().name();
172             }
173             if (cvssV2.getCvssData().getAuthentication() != null) {
174                 this.cvssv2Authentication = cvssV2.getCvssData().getAuthentication().name();
175             }
176             if (cvssV2.getCvssData().getConfidentialityImpact() != null) {
177                 this.cvssv2ConfidentialityImpact = cvssV2.getCvssData().getConfidentialityImpact().name();
178             }
179             if (cvssV2.getCvssData().getIntegrityImpact() != null) {
180                 this.cvssv2IntegrityImpact = cvssV2.getCvssData().getIntegrityImpact().name();
181             }
182             if (cvssV2.getCvssData().getAvailabilityImpact() != null) {
183                 this.cvssv2AvailabilityImpact = cvssV2.getCvssData().getAvailabilityImpact().name();
184             }
185             this.cvssv2Severity = cvssV2.getCvssData().getBaseSeverity();
186             if (cvssV2.getCvssData().getVersion() != null) {
187                 this.cvssv2Version = cvssV2.getCvssData().getVersion().name();
188             }
189             if (cvssV2.getExploitabilityScore() != null) {
190                 this.cvssv2ExploitabilityScore = cvssV2.getExploitabilityScore().toString();
191             }
192             if (cvssV2.getImpactScore() != null) {
193                 this.cvssv2ImpactScore = cvssV2.getImpactScore().toString();
194             }
195         }
196         if (cvssV3 != null) {
197             if (cvssV3.getCvssData().getBaseScore() != null) {
198                 this.cvssv3BaseScore = cvssV3.getCvssData().getBaseScore().toString();
199             }
200             if (cvssV3.getCvssData().getAttackVector() != null) {
201                 this.cvssv3AttackVector = cvssV3.getCvssData().getAttackVector().name();
202             }
203             if (cvssV3.getCvssData().getAttackComplexity() != null) {
204                 this.cvssv3AttackComplexity = cvssV3.getCvssData().getAttackComplexity().name();
205             }
206             if (cvssV3.getCvssData().getPrivilegesRequired() != null) {
207                 this.cvssv3PrivilegesRequired = cvssV3.getCvssData().getPrivilegesRequired().name();
208             }
209             if (cvssV3.getCvssData().getUserInteraction() != null) {
210                 this.cvssv3UserInteraction = cvssV3.getCvssData().getUserInteraction().name();
211             }
212             if (cvssV3.getCvssData().getScope() != null) {
213                 this.cvssv3Scope = cvssV3.getCvssData().getScope().name();
214             }
215             if (cvssV3.getCvssData().getConfidentialityImpact() != null) {
216                 this.cvssv3ConfidentialityImpact = cvssV3.getCvssData().getConfidentialityImpact().name();
217             }
218             if (cvssV3.getCvssData().getIntegrityImpact() != null) {
219                 this.cvssv3IntegrityImpact = cvssV3.getCvssData().getIntegrityImpact().name();
220             }
221             if (cvssV3.getCvssData().getAvailabilityImpact() != null) {
222                 this.cvssv3AvailabilityImpact = cvssV3.getCvssData().getAvailabilityImpact().name();
223             }
224             if (cvssV3.getCvssData().getBaseSeverity() != null) {
225                 this.cvssv3BaseSeverity = cvssV3.getCvssData().getBaseSeverity().name();
226             }
227             if (cvssV3.getExploitabilityScore() != null) {
228                 this.cvssv3ExploitabilityScore = cvssV3.getExploitabilityScore().toString();
229             }
230             if (cvssV3.getImpactScore() != null) {
231                 this.cvssv3ImpactScore = cvssV3.getImpactScore().toString();
232             }
233             this.cvssv3Version = cvssV3.getCvssData().getVersion().name();
234         }
235     }
236 
237     /**
238      * Get the value of source.
239      *
240      * @return the value of source
241      */
242     public String getSource() {
243         return source;
244     }
245 
246     /**
247      * Set the value of source.
248      *
249      * @param source new value of source
250      */
251     public void setSource(String source) {
252         this.source = source;
253     }
254 
255     /**
256      * Get the value of CVSS3 Version.
257      *
258      * @return the value of CVSS3 Version
259      */
260     public String getCvssv3Version() {
261         return cvssv3Version;
262     }
263 
264     /**
265      * Set the value of CVSS3 Version.
266      *
267      * @param cvssv3Version new value of CVSS3 Version
268      */
269     public void setCvssv3Version(String cvssv3Version) {
270         this.cvssv3Version = cvssv3Version;
271     }
272 
273     /**
274      * Get the value of CVSS3 Impact Score.
275      *
276      * @return the value of CVSS3 Impact Score
277      */
278     public String getCvssv3ImpactScore() {
279         return cvssv3ImpactScore;
280     }
281 
282     /**
283      * Set the value of CVSS3 Impact Score.
284      *
285      * @param cvssv3ImpactScore new value of CVSS3 Impact Score
286      */
287     public void setCvssv3ImpactScore(String cvssv3ImpactScore) {
288         this.cvssv3ImpactScore = cvssv3ImpactScore;
289     }
290 
291     /**
292      * Get the value of CVSS3 Exploitability Score.
293      *
294      * @return the value of CVSS3 Exploitability Score
295      */
296     public String getCvssv3ExploitabilityScore() {
297         return cvssv3ExploitabilityScore;
298     }
299 
300     /**
301      * Set the value of CVSS3 Exploitability Score.
302      *
303      * @param cvssv3ExploitabilityScore new value of CVSS3 Exploitability Score
304      */
305     public void setCvssv3ExploitabilityScore(String cvssv3ExploitabilityScore) {
306         this.cvssv3ExploitabilityScore = cvssv3ExploitabilityScore;
307     }
308 
309     /**
310      * Get the value of CVSS3 Base Severity.
311      *
312      * @return the value of CVSS3 Base Severity
313      */
314     public String getCvssv3BaseSeverity() {
315         return cvssv3BaseSeverity;
316     }
317 
318     /**
319      * Set the value of CVSS3 Base Severity.
320      *
321      * @param cvssv3BaseSeverity new value of CVSS3 Base Severity
322      */
323     public void setCvssv3BaseSeverity(String cvssv3BaseSeverity) {
324         this.cvssv3BaseSeverity = cvssv3BaseSeverity;
325     }
326 
327     /**
328      * Get the value of CVSS3 Availability Impact.
329      *
330      * @return the value of CVSS3 Availability Impact
331      */
332     public String getCvssv3AvailabilityImpact() {
333         return cvssv3AvailabilityImpact;
334     }
335 
336     /**
337      * Set the value of CVSS3 Availability Impact.
338      *
339      * @param cvssv3AvailabilityImpact new value of CVSS3 Availability Impact
340      */
341     public void setCvssv3AvailabilityImpact(String cvssv3AvailabilityImpact) {
342         this.cvssv3AvailabilityImpact = cvssv3AvailabilityImpact;
343     }
344 
345     /**
346      * Get the value of CVSS3 Integrity Impact.
347      *
348      * @return the value of CVSS3 Integrity Impact
349      */
350     public String getCvssv3IntegrityImpact() {
351         return cvssv3IntegrityImpact;
352     }
353 
354     /**
355      * Set the value of CVSS3 Integrity Impact.
356      *
357      * @param cvssv3IntegrityImpact new value of CVSS3 Integrity Impact
358      */
359     public void setCvssv3IntegrityImpact(String cvssv3IntegrityImpact) {
360         this.cvssv3IntegrityImpact = cvssv3IntegrityImpact;
361     }
362 
363     /**
364      * Get the value of CVSS3 Confidentiality Impact.
365      *
366      * @return the value of CVSS3 Confidentiality Impact
367      */
368     public String getCvssv3ConfidentialityImpact() {
369         return cvssv3ConfidentialityImpact;
370     }
371 
372     /**
373      * Set the value of CVSS3 Confidentiality Impact.
374      *
375      * @param cvssv3ConfidentialityImpact new value of CVSS3 Confidentiality
376      * Impact
377      */
378     public void setCvssv3ConfidentialityImpact(String cvssv3ConfidentialityImpact) {
379         this.cvssv3ConfidentialityImpact = cvssv3ConfidentialityImpact;
380     }
381 
382     /**
383      * Get the value of CVSS3 Scope.
384      *
385      * @return the value of CVSS3 Scope
386      */
387     public String getCvssv3Scope() {
388         return cvssv3Scope;
389     }
390 
391     /**
392      * Set the value of CVSS3 Scope.
393      *
394      * @param cvssv3Scope new value of CVSS3 Scope
395      */
396     public void setCvssv3Scope(String cvssv3Scope) {
397         this.cvssv3Scope = cvssv3Scope;
398     }
399 
400     /**
401      * Get the value of CVSS3 User Interaction.
402      *
403      * @return the value of CVSS3 User Interaction
404      */
405     public String getCvssv3UserInteraction() {
406         return cvssv3UserInteraction;
407     }
408 
409     /**
410      * Set the value of CVSS3 User Interaction.
411      *
412      * @param cvssv3UserInteraction new value of CVSS3 User Interaction
413      */
414     public void setCvssv3UserInteraction(String cvssv3UserInteraction) {
415         this.cvssv3UserInteraction = cvssv3UserInteraction;
416     }
417 
418     /**
419      * Get the value of CVSS3 Privileges Required.
420      *
421      * @return the value of CVSS3 Privileges Required
422      */
423     public String getCvssv3PrivilegesRequired() {
424         return cvssv3PrivilegesRequired;
425     }
426 
427     /**
428      * Set the value of CVSS3 Privileges Required.
429      *
430      * @param cvssv3PrivilegesRequired new value of CVSS3 Privileges Required
431      */
432     public void setCvssv3PrivilegesRequired(String cvssv3PrivilegesRequired) {
433         this.cvssv3PrivilegesRequired = cvssv3PrivilegesRequired;
434     }
435 
436     /**
437      * Get the value of CVSS3 Attack Complexity.
438      *
439      * @return the value of CVSS3 Attack Complexity
440      */
441     public String getCvssv3AttackComplexity() {
442         return cvssv3AttackComplexity;
443     }
444 
445     /**
446      * Set the value of CVSS3 Attack Complexity.
447      *
448      * @param cvssv3AttackComplexity new value of CVSS3 Attack Complexity
449      */
450     public void setCvssv3AttackComplexity(String cvssv3AttackComplexity) {
451         this.cvssv3AttackComplexity = cvssv3AttackComplexity;
452     }
453 
454     /**
455      * Get the value of CVSS3 Attack Vector.
456      *
457      * @return the value of CVSS3 Attack Vector
458      */
459     public String getCvssv3AttackVector() {
460         return cvssv3AttackVector;
461     }
462 
463     /**
464      * Set the value of CVSS3 Attack Vector.
465      *
466      * @param cvssv3AttackVector new value of CVSS3 Attack Vector
467      */
468     public void setCvssv3AttackVector(String cvssv3AttackVector) {
469         this.cvssv3AttackVector = cvssv3AttackVector;
470     }
471 
472     /**
473      * Get the value of CVSS3 Base Score.
474      *
475      * @return the value of CVSS3 Base Score
476      */
477     public String getCvssv3BaseScore() {
478         return cvssv3BaseScore;
479     }
480 
481     /**
482      * Set the value of CVSS3 Base Score.
483      *
484      * @param cvssv3BaseScore new value of CVSS3 Base Score
485      */
486     public void setCvssv3BaseScore(String cvssv3BaseScore) {
487         this.cvssv3BaseScore = cvssv3BaseScore;
488     }
489 
490     /**
491      * Get the value of CVSS2 Impact Score.
492      *
493      * @return the value of CVSS2 Impact Score
494      */
495     public String getCvssv2ImpactScore() {
496         return cvssv2ImpactScore;
497     }
498 
499     /**
500      * Set the value of CVSS2 Impact Score.
501      *
502      * @param cvssv2ImpactScore new value of CVSS2 Impact Score
503      */
504     public void setCvssv2ImpactScore(String cvssv2ImpactScore) {
505         this.cvssv2ImpactScore = cvssv2ImpactScore;
506     }
507 
508     /**
509      * Get the value of CVSS2 Exploitability Score.
510      *
511      * @return the value of CVSS2 Exploitability Score
512      */
513     public String getCvssv2ExploitabilityScore() {
514         return cvssv2ExploitabilityScore;
515     }
516 
517     /**
518      * Set the value of CVSS2 Exploitability Score.
519      *
520      * @param cvssv2ExploitabilityScore new value of CVSS2 Exploitability Score
521      */
522     public void setCvssv2ExploitabilityScore(String cvssv2ExploitabilityScore) {
523         this.cvssv2ExploitabilityScore = cvssv2ExploitabilityScore;
524     }
525 
526     /**
527      * Get the value of CVSS2 Version.
528      *
529      * @return the value of CVSS2 Version
530      */
531     public String getCvssv2Version() {
532         return cvssv2Version;
533     }
534 
535     /**
536      * Set the value of CVSS2 Version.
537      *
538      * @param cvssv2Version new value of CVSS2 Version
539      */
540     public void setCvssv2Version(String cvssv2Version) {
541         this.cvssv2Version = cvssv2Version;
542     }
543 
544     /**
545      * Get the value of CVSS2 Severity.
546      *
547      * @return the value of CVSS2 Severity
548      */
549     public String getCvssv2Severity() {
550         return cvssv2Severity;
551     }
552 
553     /**
554      * Set the value of CVSS2 Severity.
555      *
556      * @param cvssv2Severity new value of CVSS2 Severity
557      */
558     public void setCvssv2Severity(String cvssv2Severity) {
559         this.cvssv2Severity = cvssv2Severity;
560     }
561 
562     /**
563      * Get the value of CVSS2 Availability Impact.
564      *
565      * @return the value of CVSS2 Availability Impact
566      */
567     public String getCvssv2AvailabilityImpact() {
568         return cvssv2AvailabilityImpact;
569     }
570 
571     /**
572      * Set the value of CVSS2 Availability Impact.
573      *
574      * @param cvssv2AvailabilityImpact new value of CVSS2 Availability Impact
575      */
576     public void setCvssv2AvailabilityImpact(String cvssv2AvailabilityImpact) {
577         this.cvssv2AvailabilityImpact = cvssv2AvailabilityImpact;
578     }
579 
580     /**
581      * Get the value of CVSS2 Integrity Impact.
582      *
583      * @return the value of CVSS2 Integrity Impact
584      */
585     public String getCvssv2IntegrityImpact() {
586         return cvssv2IntegrityImpact;
587     }
588 
589     /**
590      * Set the value of CVSS2 Integrity Impact.
591      *
592      * @param cvssv2IntegrityImpact new value of CVSS2 Integrity Impact
593      */
594     public void setCvssv2IntegrityImpact(String cvssv2IntegrityImpact) {
595         this.cvssv2IntegrityImpact = cvssv2IntegrityImpact;
596     }
597 
598     /**
599      * Get the value of CVSS2 Confidentiality Impact.
600      *
601      * @return the value of CVSS2 Confidentiality Impact
602      */
603     public String getCvssv2ConfidentialityImpact() {
604         return cvssv2ConfidentialityImpact;
605     }
606 
607     /**
608      * Set the value of CVSS2 Confidentiality Impact.
609      *
610      * @param cvssv2ConfidentialityImpact new value of CVSS2 Confidentiality Impact
611      */
612     public void setCvssv2ConfidentialityImpact(String cvssv2ConfidentialityImpact) {
613         this.cvssv2ConfidentialityImpact = cvssv2ConfidentialityImpact;
614     }
615 
616     /**
617      * Get the value of CVSS2 Authentication.
618      *
619      * @return the value of CVSS2 Authentication
620      */
621     public String getCvssv2Authentication() {
622         return cvssv2Authentication;
623     }
624 
625     /**
626      * Set the value of CVSS2 Authentication.
627      *
628      * @param cvssv2Authentication new value of CVSS2 Authentication
629      */
630     public void setCvssv2Authentication(String cvssv2Authentication) {
631         this.cvssv2Authentication = cvssv2Authentication;
632     }
633 
634     /**
635      * Get the value of CVSS2 Access Complexity.
636      *
637      * @return the value of CVSS2 Access Complexity
638      */
639     public String getCvssv2AccessComplexity() {
640         return cvssv2AccessComplexity;
641     }
642 
643     /**
644      * Set the value of CVSS2 Access Complexity.
645      *
646      * @param cvssv2AccessComplexity new value of CVSS2 Access Complexity
647      */
648     public void setCvssv2AccessComplexity(String cvssv2AccessComplexity) {
649         this.cvssv2AccessComplexity = cvssv2AccessComplexity;
650     }
651 
652     /**
653      * Get the value of CVSS2 Access Vector.
654      *
655      * @return the value of CVSS2 Access Vector
656      */
657     public String getCvssv2AccessVector() {
658         return cvssv2AccessVector;
659     }
660 
661     /**
662      * Set the value of CVSS2 Access Vector.
663      *
664      * @param cvssv2AccessVector new value of CVSS2 Access Vector
665      */
666     public void setCvssv2AccessVector(String cvssv2AccessVector) {
667         this.cvssv2AccessVector = cvssv2AccessVector;
668     }
669 
670     /**
671      * Get the value of CVSS2 Score.
672      *
673      * @return the value of CVSS2 Score
674      */
675     public String getCvssv2Score() {
676         return cvssv2Score;
677     }
678 
679     /**
680      * Set the value of CVSS2 Score.
681      *
682      * @param cvssv2Score new value of CVSS2 Score
683      */
684     public void setCvssv2Score(String cvssv2Score) {
685         this.cvssv2Score = cvssv2Score;
686     }
687 
688     /**
689      * Get the name.
690      *
691      * @return the name
692      */
693     public String getName() {
694         return name;
695     }
696 
697     /**
698      * Set the name.
699      *
700      * @param name the name
701      */
702     public void setName(String name) {
703         this.name = name;
704     }
705 
706     /**
707      * Get the full description.
708      *
709      * @return the value of full description
710      */
711     public String getFullDescription() {
712         return fullDescription;
713     }
714 
715     /**
716      * Set the full description.
717      *
718      * @param fullDescription the full description
719      */
720     public void setFullDescription(String fullDescription) {
721         this.fullDescription = fullDescription;
722     }
723 
724     /**
725      * Get the short description.
726      *
727      * @return the short description
728      */
729     public String getShortDescription() {
730         return shortDescription;
731     }
732 
733     /**
734      * Set the short description.
735      *
736      * @param shortDescription the short description
737      */
738     public void setShortDescription(String shortDescription) {
739         this.shortDescription = shortDescription;
740     }
741 
742     /**
743      * Get the value of id.
744      *
745      * @return the value of id
746      */
747     public String getId() {
748         return id;
749     }
750 
751     /**
752      * Set the value of id.
753      *
754      * @param id new value of id
755      */
756     public void setId(String id) {
757         this.id = id;
758     }
759 
760 }