@Override public int consolidateDuplicateIssues(IScanIssue existingIssue, IScanIssue newIssue) { if (Objects.equals(existingIssue.getIssueDetail(), newIssue.getIssueDetail()) && existingIssue.getIssueType() == newIssue.getIssueType() && existingIssue.getUrl().equals(newIssue.getUrl())) return -1; else return 1; } }
@Override public int consolidateDuplicateIssues(IScanIssue existingIssue, IScanIssue newIssue) { switch (newIssue.getIssueName()) { case "Clickjacking": case "Missing X-Content-Type-Options header": case "Missing X-XSS-Protection header": case "Content Security Policy related information": if (existingIssue.getIssueName().equals(newIssue.getIssueName()) && existingIssue.getUrl().getHost().equals(newIssue.getUrl().getHost()) && existingIssue.getUrl().getPath().equals(newIssue.getUrl().getPath())) { return -1; } return 0; default: if (existingIssue.getIssueDetail().equals(newIssue.getIssueDetail())) { return -1; } return 0; } }
/** * Check if the provided issue is in the configured falsePositives list. * * @param issue Issue found by the scanner * @return {@code true} if Issue is in the configured falsePositives list, otherwise {@code false} */ private boolean isFalsePositive(IScanIssue issue) { for (Issue falsePositive : config.getFalsePositives()) { if (falsePositive.getType() == issue.getIssueType() && issue.getUrl().getPath().matches(falsePositive.getPath())) { return true; } } return false; }
/** * {@inheritDoc} */ @Override public void newScanIssue(IScanIssue issue) { if (isFalsePositive(issue)) { log("Excluding false positive of type: " + issue.getIssueType() + ", name: " + issue.getIssueName() + " found at URL: " + issue.getUrl()); } else { log("New scan issue of type: " + issue.getIssueType() + ", name: " + issue.getIssueName() + " found at URL: " + issue.getUrl()); scanIssues.add(issue); } }
/******************* * Consolidate duplicate issues. * * @param existingIssue The existing scanner issue. * @param newIssue The new scanner issue. * @return -1 keep existing issue, 0 to keep both, 1 to keep the new issue. ******************/ public int consolidateDuplicateIssues(IScanIssue existingIssue, IScanIssue newIssue) { //Compare issues if (existingIssue.getUrl().equals(newIssue.getUrl()) && existingIssue.getIssueName().equals(newIssue.getIssueName())) { //Return the issue with higher confidence if (confidenceValue(existingIssue) > confidenceValue(newIssue)) { return -1; } else if (confidenceValue(existingIssue) < confidenceValue(newIssue)) { return 1; } else { //Confidence matches, return the issue with higher severity if (severityValue(existingIssue) > severityValue(newIssue)) { return -1; } else if (severityValue(existingIssue) < severityValue(newIssue)) { return 1; } else { //Both match, keep the existing issue return -1; } } } //Keep both issues return 0; }