public class Alert extends Object implements Comparable<Alert>
Modifier and Type | Class and Description |
---|---|
static class |
Alert.Builder
A builder of alerts.
|
static class |
Alert.Source
The source of the alerts.
|
Modifier and Type | Field and Description |
---|---|
static int |
CONFIDENCE_FALSE_POSITIVE |
static int |
CONFIDENCE_HIGH |
static int |
CONFIDENCE_LOW |
static int |
CONFIDENCE_MEDIUM |
static int |
CONFIDENCE_USER_CONFIRMED |
static String[] |
MSG_CONFIDENCE |
static String[] |
MSG_RELIABILITY
Deprecated.
(2.4.0) Replaced by
MSG_CONFIDENCE . Use of reliability has been
deprecated in favour of using confidence. |
static String[] |
MSG_RISK |
static int |
RISK_HIGH |
static int |
RISK_INFO |
static int |
RISK_LOW |
static int |
RISK_MEDIUM |
static int |
SUSPICIOUS
Deprecated.
(2.4.0) Replaced by
CONFIDENCE_LOW confidence. SUSPICIOUS reliability
has been deprecated in favour of using CONFIDENCE_LOW confidence. |
static int |
WARNING
Deprecated.
(2.4.0) Replaced by
CONFIDENCE_MEDIUM confidence. WARNING reliability
has been deprecated in favour of using CONFIDENCE_MEDIUM confidence. |
Constructor and Description |
---|
Alert(int pluginId) |
Alert(int pluginId,
int risk,
int confidence,
String name) |
Alert(RecordAlert recordAlert) |
Alert(RecordAlert recordAlert,
HistoryReference ref) |
Modifier and Type | Method and Description |
---|---|
static Alert.Builder |
builder()
Returns a new alert builder.
|
int |
compareTo(Alert alert2) |
boolean |
equals(Object obj)
Override equals.
|
String |
getAlert()
Deprecated.
(2.5.0) Replaced by
getName() . Use of alert has been deprecated in favour
of using name. |
int |
getAlertId() |
String |
getAlertRef()
Gets the alert reference.
|
String |
getAttack() |
int |
getConfidence() |
int |
getCweId() |
String |
getDescription() |
String |
getEvidence() |
HistoryReference |
getHistoryRef() |
ImageIcon |
getIcon()
Gets the correctly scaled icon for this alert.
|
URL |
getIconUrl()
Deprecated.
|
HttpMessage |
getMessage() |
String |
getMethod() |
org.apache.commons.httpclient.URI |
getMsgUri() |
String |
getName() |
String |
getOtherInfo() |
String |
getParam() |
int |
getPluginId() |
String |
getPostData() |
String |
getReference() |
int |
getReliability()
Deprecated.
(2.4.0) Replaced by
getConfidence() . |
int |
getRisk() |
String |
getSolution() |
Alert.Source |
getSource()
Gets the source of the alert.
|
int |
getSourceHistoryId() |
Map<String,String> |
getTags() |
String |
getUri() |
String |
getUrlParamXML() |
int |
getWascId() |
int |
hashCode() |
static boolean |
isValidConfidence(int confidence)
|
static boolean |
isValidRisk(int risk)
|
Alert |
newInstance()
Creates a new instance of
Alert with same members. |
String |
paragraph(String text) |
String |
replaceEntity(String text) |
void |
setAlert(String alert)
Deprecated.
(2.5.0) Replaced by
setName(java.lang.String) . Use of alert has been deprecated in favour
of using name. |
void |
setAlertId(int alertId) |
void |
setAlertRef(String alertRef)
Sets the alert reference.
|
void |
setAttack(String attack) |
void |
setConfidence(int confidence)
Sets the confidence of the alert.
|
void |
setCweId(int cweId) |
void |
setDescription(String description) |
void |
setDetail(String description,
String uri,
String param,
String attack,
String otherInfo,
String solution,
String reference,
HttpMessage msg)
Deprecated.
(2.2.0) Replaced by
setDetail(String, String, String, String, String,
String, String, String, int, int, HttpMessage) . It will be removed in a future release. |
void |
setDetail(String description,
String uri,
String param,
String attack,
String otherInfo,
String solution,
String reference,
String evidence,
int cweId,
int wascId,
HttpMessage msg)
Sets the details of the alert.
|
void |
setEvidence(String evidence) |
void |
setHistoryRef(HistoryReference historyRef) |
void |
setMessage(HttpMessage message) |
void |
setName(String name)
Sets the name of the alert to name
|
void |
setOtherInfo(String otherInfo) |
void |
setParam(String param) |
void |
setReference(String reference) |
void |
setRisk(int risk)
Sets the risk of the alert.
|
void |
setRiskConfidence(int risk,
int confidence) |
void |
setRiskReliability(int risk,
int confidence)
Deprecated.
(2.4.0) Replaced by
setRiskConfidence(int, int) . Use of reliability has
been deprecated in favour of using confidence |
void |
setSolution(String solution) |
void |
setSource(Alert.Source source)
Sets the source of the alert.
|
void |
setSourceHistoryId(int sourceHistoryId) |
void |
setTags(Map<String,String> tags) |
void |
setUri(String uri) |
void |
setWascId(int wascId) |
String |
toPluginXML(String urls) |
public static final int RISK_INFO
public static final int RISK_LOW
public static final int RISK_MEDIUM
public static final int RISK_HIGH
public static final int CONFIDENCE_FALSE_POSITIVE
@Deprecated public static final int SUSPICIOUS
CONFIDENCE_LOW
confidence. SUSPICIOUS reliability
has been deprecated in favour of using CONFIDENCE_LOW confidence.public static final int CONFIDENCE_LOW
@Deprecated public static final int WARNING
CONFIDENCE_MEDIUM
confidence. WARNING reliability
has been deprecated in favour of using CONFIDENCE_MEDIUM confidence.public static final int CONFIDENCE_MEDIUM
public static final int CONFIDENCE_HIGH
public static final int CONFIDENCE_USER_CONFIRMED
public static final String[] MSG_RISK
@Deprecated public static final String[] MSG_RELIABILITY
MSG_CONFIDENCE
. Use of reliability has been
deprecated in favour of using confidence.public static final String[] MSG_CONFIDENCE
public Alert(int pluginId)
public Alert(int pluginId, int risk, int confidence, String name)
public Alert(RecordAlert recordAlert)
public Alert(RecordAlert recordAlert, HistoryReference ref)
@Deprecated public void setRiskReliability(int risk, int confidence)
setRiskConfidence(int, int)
. Use of reliability has
been deprecated in favour of using confidencerisk
- the new riskconfidence
- the new confidencepublic void setRiskConfidence(int risk, int confidence)
public void setRisk(int risk)
risk
- the new risk.public void setConfidence(int confidence)
confidence
- the new confidence.@Deprecated public void setAlert(String alert)
setName(java.lang.String)
. Use of alert has been deprecated in favour
of using name.alert
- the new namepublic void setName(String name)
name
- the name to set for the alert@Deprecated public void setDetail(String description, String uri, String param, String attack, String otherInfo, String solution, String reference, HttpMessage msg)
setDetail(String, String, String, String, String,
String, String, String, int, int, HttpMessage)
. It will be removed in a future release.description
- the description of the alerturi
- the URI that has the issueparam
- the parameter that has the issueattack
- the attack that triggers the issueotherInfo
- other information about the issuesolution
- the solution for the issuereference
- references about the issuemsg
- the HTTP message that triggers/triggered the issueAlert.Builder
public void setDetail(String description, String uri, String param, String attack, String otherInfo, String solution, String reference, String evidence, int cweId, int wascId, HttpMessage msg)
description
- the description of the alerturi
- the URI that has the issueparam
- the parameter that has the issueattack
- the attack that triggers the issueotherInfo
- other information about the issuesolution
- the solution for the issuereference
- references about the issueevidence
- the evidence (in the HTTP response) that the issue existscweId
- the CWE ID of the issuewascId
- the WASC ID of the issuemsg
- the HTTP message that triggers/triggered the issueAlert.Builder
public void setUri(String uri)
public void setDescription(String description)
public void setParam(String param)
public void setOtherInfo(String otherInfo)
public void setSolution(String solution)
public void setReference(String reference)
public void setMessage(HttpMessage message)
public int compareTo(Alert alert2)
compareTo
in interface Comparable<Alert>
public boolean equals(Object obj)
public Alert newInstance()
Alert
with same members.Alert
instance@Deprecated public String getAlert()
getName()
. Use of alert has been deprecated in favour
of using name.public String getName()
public String getDescription()
public int getPluginId()
public HttpMessage getMessage()
public String getOtherInfo()
public String getParam()
public String getReference()
@Deprecated public int getReliability()
getConfidence()
.public int getConfidence()
public int getRisk()
public ImageIcon getIcon()
@Deprecated public URL getIconUrl()
public String getSolution()
public String getUri()
public int getAlertId()
public void setAlertId(int alertId)
alertId
- The alertId to set.public String getUrlParamXML()
public int getSourceHistoryId()
public void setSourceHistoryId(int sourceHistoryId)
public HistoryReference getHistoryRef()
public void setHistoryRef(HistoryReference historyRef)
public String getAttack()
public void setAttack(String attack)
public String getMethod()
public String getPostData()
public org.apache.commons.httpclient.URI getMsgUri()
public String getEvidence()
public void setEvidence(String evidence)
public int getCweId()
public void setCweId(int cweId)
public int getWascId()
public void setWascId(int wascId)
public Alert.Source getSource()
null
.public void setSource(Alert.Source source)
Note: The source should be considered immutable and should be set before the alert is persisted (normally by the tool/functionality raising the alert).
source
- the source of the alert.IllegalArgumentException
- if the given source
is null
.public String getAlertRef()
This is a unique identifier for the type of alert raised. A scan rule may raise more that one type of alert and they should all have different alert references.
public void setAlertRef(String alertRef)
For manually raised alerts this should be an empty string. For alerts raised by scan rules it should start with the rule plugin id and optionally include a 'qualifier' (such as "-1", "-2" etc). Logically different alerts should have different alert references even if they are raised by the same scan rule.
alertRef
- the alert referencepublic static Alert.Builder builder()
public static boolean isValidRisk(int risk)
public static boolean isValidConfidence(int confidence)
int
) is in the range, false otherwiseCONFIDENCE_FALSE_POSITIVE
,
CONFIDENCE_USER_CONFIRMED