Merge pull request #157 from SasanLabs/Fix1

Metadata about the scanner endpoint
SasanLabs · Jul 21, 2020 · 9ac1a78 · 9ac1a78
2 parents 9302bc6 + bbd88b4
commit 9ac1a78
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 1 deletion.
diff --git a/src/main/java/org/sasanlabs/beans/ScannerMetaResponseBean.java b/src/main/java/org/sasanlabs/beans/ScannerMetaResponseBean.java
@@ -0,0 +1,39 @@
+package org.sasanlabs.beans;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.List;
+import org.sasanlabs.internal.utility.annotations.RequestParameterLocation;
+import org.sasanlabs.vulnerability.types.VulnerabilitySubType;
+
+/**
+ * This class represents the meta data about the data provided by scanner endpoint. This is useful
+ * for scanners to map there vulnerability type names with VulnerableApp's vulnerability type names
+ * and same goes with the request parameter locations etc. This is mainly used for mapping
+ * conventions across different applications
+ *
+ * @author KSASAN [email protected]
+ */
+public class ScannerMetaResponseBean {
+
+    @JsonProperty("availableVulnerabilities")
+    private List<VulnerabilitySubType> availableVulnerabilityTypes;
+
+    @JsonProperty("availableLocations")
+    private List<RequestParameterLocation> availableLocations;
+
+    public ScannerMetaResponseBean(
+            List<VulnerabilitySubType> availableVulnerabilityTypes,
+            List<RequestParameterLocation> availableLocations) {
+        super();
+        this.availableVulnerabilityTypes = availableVulnerabilityTypes;
+        this.availableLocations = availableLocations;
+    }
+
+    public List<VulnerabilitySubType> getAvailableVulnerabilityTypes() {
+        return availableVulnerabilityTypes;
+    }
+
+    public List<RequestParameterLocation> getAvailableLocations() {
+        return availableLocations;
+    }
+}
diff --git a/src/main/java/org/sasanlabs/controller/VulnerableAppRestController.java b/src/main/java/org/sasanlabs/controller/VulnerableAppRestController.java
@@ -4,22 +4,26 @@
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import org.sasanlabs.beans.AllEndPointsResponseBean;
+import org.sasanlabs.beans.ScannerMetaResponseBean;
 import org.sasanlabs.beans.ScannerResponseBean;
 import org.sasanlabs.controller.exception.ControllerException;
 import org.sasanlabs.internal.utility.FrameworkConstants;
 import org.sasanlabs.internal.utility.JSONSerializationUtils;
 import org.sasanlabs.internal.utility.ResponseMapper;
+import org.sasanlabs.internal.utility.annotations.RequestParameterLocation;
 import org.sasanlabs.service.IEndPointResolver;
 import org.sasanlabs.service.IEndPointsInformationProvider;
 import org.sasanlabs.service.RequestDelegator;
 import org.sasanlabs.service.bean.RequestBean;
 import org.sasanlabs.service.bean.ResponseBean;
 import org.sasanlabs.service.exception.ServiceApplicationException;
 import org.sasanlabs.service.vulnerability.ICustomVulnerableEndPoint;
+import org.sasanlabs.vulnerability.types.VulnerabilitySubType;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpMethod;
@@ -147,11 +151,27 @@ public List<AllEndPointsResponseBean> allEndPointsJsonResponse()
      */
     @GetMapping
     @RequestMapping("/scanner")
-    public List<ScannerResponseBean> getScannerRelatedEndpointInformation()
+    public List<ScannerResponseBean> getScannerRelatedInformation()
             throws JsonProcessingException, UnknownHostException {
         return getAllSupportedEndPoints.getScannerRelatedEndPointInformation();
     }
 
+    /**
+     * This Endpoint is used to provide the metadata about the scanner response bean which is useful
+     * for mapping naming conventions across applications.
+     *
+     * @return {@link ScannerMetaResponseBean}
+     * @throws JsonProcessingException
+     * @throws UnknownHostException
+     */
+    @GetMapping
+    @RequestMapping("/scanner/metadata")
+    public ScannerMetaResponseBean getScannerRelatedMetaInformation() {
+        return new ScannerMetaResponseBean(
+                Arrays.asList(VulnerabilitySubType.values()),
+                Arrays.asList(RequestParameterLocation.values()));
+    }
+
     /**
      * This Endpoint is exposed to help the scanners in finding the Vulnerable EndPoints. Here we
      * are not using any library as we need a very basic sitemap and we don't want to make