From bbd88b4bb6d0e48bbc8c8c7a52e8865e3ce321fd Mon Sep 17 00:00:00 2001
From: karan preet singh sasan <karanpreet_singh@intuit.com>
Date: Wed, 22 Jul 2020 01:56:48 +0530
Subject: [PATCH] Metadata about the scanner endpoint

---
 .../beans/ScannerMetaResponseBean.java        | 39 +++++++++++++++++++
 .../VulnerableAppRestController.java          | 22 ++++++++++-
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 src/main/java/org/sasanlabs/beans/ScannerMetaResponseBean.java

diff --git a/src/main/java/org/sasanlabs/beans/ScannerMetaResponseBean.java b/src/main/java/org/sasanlabs/beans/ScannerMetaResponseBean.java
new file mode 100644
index 00000000..ec099297
--- /dev/null
+++ b/src/main/java/org/sasanlabs/beans/ScannerMetaResponseBean.java
@@ -0,0 +1,39 @@
+package org.sasanlabs.beans;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.List;
+import org.sasanlabs.internal.utility.annotations.RequestParameterLocation;
+import org.sasanlabs.vulnerability.types.VulnerabilitySubType;
+
+/**
+ * This class represents the meta data about the data provided by scanner endpoint. This is useful
+ * for scanners to map there vulnerability type names with VulnerableApp's vulnerability type names
+ * and same goes with the request parameter locations etc. This is mainly used for mapping
+ * conventions across different applications
+ *
+ * @author KSASAN preetkaran20@gmail.com
+ */
+public class ScannerMetaResponseBean {
+
+    @JsonProperty("availableVulnerabilities")
+    private List<VulnerabilitySubType> availableVulnerabilityTypes;
+
+    @JsonProperty("availableLocations")
+    private List<RequestParameterLocation> availableLocations;
+
+    public ScannerMetaResponseBean(
+            List<VulnerabilitySubType> availableVulnerabilityTypes,
+            List<RequestParameterLocation> availableLocations) {
+        super();
+        this.availableVulnerabilityTypes = availableVulnerabilityTypes;
+        this.availableLocations = availableLocations;
+    }
+
+    public List<VulnerabilitySubType> getAvailableVulnerabilityTypes() {
+        return availableVulnerabilityTypes;
+    }
+
+    public List<RequestParameterLocation> getAvailableLocations() {
+        return availableLocations;
+    }
+}
diff --git a/src/main/java/org/sasanlabs/controller/VulnerableAppRestController.java b/src/main/java/org/sasanlabs/controller/VulnerableAppRestController.java
index abe91f5f..51fe7946 100755
--- a/src/main/java/org/sasanlabs/controller/VulnerableAppRestController.java
+++ b/src/main/java/org/sasanlabs/controller/VulnerableAppRestController.java
@@ -4,15 +4,18 @@
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import org.sasanlabs.beans.AllEndPointsResponseBean;
+import org.sasanlabs.beans.ScannerMetaResponseBean;
 import org.sasanlabs.beans.ScannerResponseBean;
 import org.sasanlabs.controller.exception.ControllerException;
 import org.sasanlabs.internal.utility.FrameworkConstants;
 import org.sasanlabs.internal.utility.JSONSerializationUtils;
 import org.sasanlabs.internal.utility.ResponseMapper;
+import org.sasanlabs.internal.utility.annotations.RequestParameterLocation;
 import org.sasanlabs.service.IEndPointResolver;
 import org.sasanlabs.service.IEndPointsInformationProvider;
 import org.sasanlabs.service.RequestDelegator;
@@ -20,6 +23,7 @@
 import org.sasanlabs.service.bean.ResponseBean;
 import org.sasanlabs.service.exception.ServiceApplicationException;
 import org.sasanlabs.service.vulnerability.ICustomVulnerableEndPoint;
+import org.sasanlabs.vulnerability.types.VulnerabilitySubType;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpMethod;
@@ -147,11 +151,27 @@ public List<AllEndPointsResponseBean> allEndPointsJsonResponse()
      */
     @GetMapping
     @RequestMapping("/scanner")
-    public List<ScannerResponseBean> getScannerRelatedEndpointInformation()
+    public List<ScannerResponseBean> getScannerRelatedInformation()
             throws JsonProcessingException, UnknownHostException {
         return getAllSupportedEndPoints.getScannerRelatedEndPointInformation();
     }
 
+    /**
+     * This Endpoint is used to provide the metadata about the scanner response bean which is useful
+     * for mapping naming conventions across applications.
+     *
+     * @return {@link ScannerMetaResponseBean}
+     * @throws JsonProcessingException
+     * @throws UnknownHostException
+     */
+    @GetMapping
+    @RequestMapping("/scanner/metadata")
+    public ScannerMetaResponseBean getScannerRelatedMetaInformation() {
+        return new ScannerMetaResponseBean(
+                Arrays.asList(VulnerabilitySubType.values()),
+                Arrays.asList(RequestParameterLocation.values()));
+    }
+
     /**
      * This Endpoint is exposed to help the scanners in finding the Vulnerable EndPoints. Here we
      * are not using any library as we need a very basic sitemap and we don't want to make