com.contrastsecurity.ide.eclipse.core.extended.ExtendedContrastSDK.java Source code

Java tutorial

Introduction

Here is the source code for com.contrastsecurity.ide.eclipse.core.extended.ExtendedContrastSDK.java

Source

/*******************************************************************************
 * Copyright (c) 2017 Contrast Security.
 * All rights reserved. 
 * 
 * This program and the accompanying materials are made available under 
 * the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 3 of the License.
 * 
 * The terms of the GNU GPL version 3 which accompanies this distribution
 * and is available at https://www.gnu.org/licenses/gpl-3.0.en.html
 * 
 * Contributors:
 *     Contrast Security - initial API and implementation
 *******************************************************************************/
package com.contrastsecurity.ide.eclipse.core.extended;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map.Entry;
import java.util.Set;

import com.google.gson.*;

import com.contrastsecurity.exceptions.UnauthorizedException;
import com.contrastsecurity.http.HttpMethod;
import com.contrastsecurity.ide.eclipse.core.UrlConstants;
import com.contrastsecurity.sdk.ContrastSDK;

import org.apache.commons.io.IOUtils;

public class ExtendedContrastSDK extends ContrastSDK {

    private static final int BAD_REQUEST = 400;
    private static final int SERVER_ERROR = 500;
    private Gson gson;
    private String restApiURL;

    public ExtendedContrastSDK(String user, String serviceKey, String apiKey, String restApiURL)
            throws IllegalArgumentException {
        super(user, serviceKey, apiKey, restApiURL);
        this.restApiURL = restApiURL;
        this.gson = new Gson();
    }

    public EventSummaryResource getEventSummary(String orgUuid, String traceId)
            throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String eventSummaryUrl = getEventSummaryUrl(orgUuid, traceId);
            is = makeRequest(HttpMethod.GET, eventSummaryUrl);
            reader = new InputStreamReader(is);
            EventSummaryResource resource = gson.fromJson(reader, EventSummaryResource.class);
            for (EventResource event : resource.getEvents()) {
                if (event.getCollapsedEvents() != null && !event.getCollapsedEvents().isEmpty()) {
                    getCollapsedEventsDetails(event, orgUuid, traceId);
                } else {
                    EventDetails eventDetails = getEventDetails(orgUuid, traceId, event);
                    event.setEvent(eventDetails.getEvent());
                }
            }
            return resource;
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    private void getCollapsedEventsDetails(EventResource parentEvent, final String orgUuid, final String traceId)
            throws IOException, UnauthorizedException {
        for (EventResource event : parentEvent.getCollapsedEvents()) {
            EventDetails eventDetails = getEventDetails(orgUuid, traceId, event);
            event.setEvent(eventDetails.getEvent());
            event.setParent(parentEvent);
        }
    }

    public EventDetails getEventDetails(String orgUuid, String traceId, EventResource event)
            throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String eventDetailsUrl = getEventDetailsUrl(orgUuid, traceId, event);
            is = makeRequest(HttpMethod.GET, eventDetailsUrl);
            reader = new InputStreamReader(is);
            EventDetails resource = gson.fromJson(reader, EventDetails.class);
            return resource;
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    private String getEventDetailsUrl(String orgUuid, String traceId, final EventResource event) {
        return String.format("/ng/%s/traces/%s/events/%s/details?expand=skip_links", orgUuid, traceId,
                event.getId());
    }

    private String getEventSummaryUrl(String orgUuid, String traceId) {
        return String.format("/ng/%s/traces/%s/events/summary?expand=skip_links", orgUuid, traceId);
    }

    public HttpRequestResource getHttpRequest(String orgUuid, String traceId)
            throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String httpRequestUrl = getHttpRequestUrl(orgUuid, traceId);
            is = makeRequest(HttpMethod.GET, httpRequestUrl);
            reader = new InputStreamReader(is);
            HttpRequestResource resource = gson.fromJson(reader, HttpRequestResource.class);
            return resource;
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    private String getHttpRequestUrl(String orgUuid, String traceId) {
        return String.format("/ng/%s/traces/%s/httprequest?expand=skip_links", orgUuid, traceId);
    }

    public StoryResource getStory(String orgUuid, String traceId) throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String traceUrl = getTraceUrl(orgUuid, traceId);
            is = makeRequest(HttpMethod.GET, traceUrl);
            reader = new InputStreamReader(is);

            String inputString = IOUtils.toString(is, "UTF-8");
            StoryResource story = this.gson.fromJson(inputString, StoryResource.class);
            JsonObject object = (JsonObject) new JsonParser().parse(inputString);
            JsonObject storyObject = (JsonObject) object.get("story");
            if (storyObject != null) {
                JsonArray chaptersArray = (JsonArray) storyObject.get("chapters");
                List<Chapter> chapters = story.getStory().getChapters();
                if (chapters == null) {
                    chapters = new ArrayList<>();
                } else {
                    chapters.clear();
                }
                for (int i = 0; i < chaptersArray.size(); i++) {
                    JsonObject member = (JsonObject) chaptersArray.get(i);
                    Chapter chapter = gson.fromJson(member, Chapter.class);
                    chapters.add(chapter);
                    JsonObject properties = (JsonObject) member.get("properties");
                    if (properties != null) {
                        Set<Entry<String, JsonElement>> entries = properties.entrySet();
                        Iterator<Entry<String, JsonElement>> iter = entries.iterator();
                        List<PropertyResource> propertyResources = new ArrayList<>();
                        chapter.setPropertyResources(propertyResources);
                        while (iter.hasNext()) {
                            Entry<String, JsonElement> prop = iter.next();
                            // String key = prop.getKey();
                            JsonElement entryValue = prop.getValue();
                            if (entryValue != null && entryValue.isJsonObject()) {
                                JsonObject obj = (JsonObject) entryValue;
                                JsonElement name = obj.get("name");
                                JsonElement value = obj.get("value");
                                if (name != null && value != null) {
                                    PropertyResource propertyResource = new PropertyResource();
                                    propertyResource.setName(name.getAsString());
                                    propertyResource.setValue(value.getAsString());
                                    propertyResources.add(propertyResource);
                                }
                            }
                        }
                    }

                }
            }
            return story;
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    public RecommendationResource getRecommendation(String orgUuid, String traceId)
            throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String recommendationUrl = String.format(UrlConstants.RECOMMENDATION, orgUuid, traceId);
            is = makeRequest(HttpMethod.GET, recommendationUrl);
            reader = new InputStreamReader(is);
            return gson.fromJson(reader, RecommendationResource.class);
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    private String getTraceUrl(String orgUuid, String traceId) {
        return String.format("/ng/%s/traces/%s/story?expand=skip_links", orgUuid, traceId);
    }

    /**
     * Gets a trace information using its UUID as reference.
     * @param orgUuid Organization UUID.
     * @param traceId Vulnerability UUID.
     * @return A response that contains the requested trace information.
     * @throws IOException
     * @throws UnauthorizedException
     */
    public TraceResponse getTraceByUuid(String orgUuid, String traceId) throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String url = String.format(UrlConstants.GET_TRACE, orgUuid, traceId);

            is = makeRequest(HttpMethod.GET, url);
            reader = new InputStreamReader(is);
            return gson.fromJson(reader, TraceResponse.class);
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    /**
     * Changes the status for a list of vulnerabilities.
     * @param orgUuid The UUID for the organization.
     * @param request Object that contains the request body with the indicated vulnerabilities and their status data.
     * @return A BaseResponse object that indicated whether the status change was successful.
     * @throws IOException
     * @throws UnauthorizedException
     */
    public BaseResponse markStatus(String orgUuid, TraceStatusRequest request)
            throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String markUrl = String.format(UrlConstants.MARK_STATUS, orgUuid);
            is = makeRequest(HttpMethod.PUT, markUrl, request);
            reader = new InputStreamReader(is);
            return gson.fromJson(reader, BaseResponse.class);
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    public TagsResource getTagsByOrg(String orgUuid) throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String tagsUrl = String.format(UrlConstants.ORG_TAGS, orgUuid);
            is = makeRequest(HttpMethod.GET, tagsUrl);
            reader = new InputStreamReader(is);
            return gson.fromJson(reader, TagsResource.class);
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    public TagsResource getTagsByTrace(String orgUuid, String traceId) throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String tagsUrl = String.format(UrlConstants.TRACE_TAGS, orgUuid, traceId);
            is = makeRequest(HttpMethod.GET, tagsUrl);
            reader = new InputStreamReader(is);
            return gson.fromJson(reader, TagsResource.class);
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    public BaseResponse putTags(String orgUuid, TagsServersResource tagsServersResource)
            throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            String tagsUrl = String.format(UrlConstants.ORG_TAGS, orgUuid);
            is = makeRequest(HttpMethod.PUT, tagsUrl, tagsServersResource);
            reader = new InputStreamReader(is);
            return gson.fromJson(reader, BaseResponse.class);
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    public TagsResource deleteTag(String orgUuid, String traceId, String tag)
            throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        TagRequest tagRequest = new TagRequest(tag);
        try {
            String tagsUrl = String.format(UrlConstants.TRACE_TAGS_DELETE, orgUuid, traceId);
            is = makeRequest(HttpMethod.DELETE, tagsUrl, tagRequest);
            reader = new InputStreamReader(is);
            return gson.fromJson(reader, TagsResource.class);
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    public FilterResource getApplicationTraceFiltersByType(final String orgUuid, final String appId,
            final String filterType) throws IOException, UnauthorizedException {
        InputStream is = null;
        InputStreamReader reader = null;
        try {
            final String filtersUrl = String.format(UrlConstants.APPLICATION_TRACE_FILTERS, orgUuid, appId,
                    filterType);
            is = makeRequest(HttpMethod.GET, filtersUrl);
            reader = new InputStreamReader(is);
            return gson.fromJson(reader, FilterResource.class);
        } finally {
            IOUtils.closeQuietly(is);
            IOUtils.closeQuietly(reader);
        }
    }

    // ------------------------ Utilities -----------------------------------------------
    private InputStream makeRequest(HttpMethod method, String path, Object body)
            throws IOException, UnauthorizedException {
        String url = restApiURL + path;
        HttpURLConnection connection = makeConnection(url, method.toString(), body);

        InputStream is = connection.getInputStream();
        int rc = connection.getResponseCode();
        if (rc >= BAD_REQUEST && rc < SERVER_ERROR) {
            IOUtils.closeQuietly(is);
            throw new UnauthorizedException(rc);
        }
        return is;
    }

    private HttpURLConnection makeConnection(String url, String method, Object body) throws IOException {

        HttpURLConnection connection = makeConnection(url, method);

        connection.setDoOutput(true);
        connection.setRequestProperty("Content-Type", "application/json");
        OutputStream os = connection.getOutputStream();
        OutputStreamWriter osw = new OutputStreamWriter(os, "UTF-8");

        osw.write(gson.toJson(body));
        osw.flush();
        osw.close();
        os.close();

        return connection;
    }

}