package com.denimgroup.threadfix.data.dao.hibernate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org.hibernate.Criteria;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.Restrictions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;
import com.denimgroup.threadfix.data.dao.VulnerabilityCommentDao;
import com.denimgroup.threadfix.data.entities.VulnerabilityComment;
@Repository
public class HibernateVulnerabilityCommentDao implements VulnerabilityCommentDao {
private SessionFactory sessionFactory;
@Autowired
public HibernateVulnerabilityCommentDao(SessionFactory sessionFactory) {
this.sessionFactory = sessionFactory;
}
@SuppressWarnings("unchecked")
@Override
public List<VulnerabilityComment> retrieveAllForVuln(Integer vulnId) {
return sessionFactory.getCurrentSession()
.createCriteria(VulnerabilityComment.class)
.add(Restrictions.eq("vulnerability.id", vulnId))
.add(Restrictions.eq("active", true))
.addOrder(Order.asc("id"))
.list();
}
@Override
public void saveOrUpdate(VulnerabilityComment comment) {
sessionFactory.getCurrentSession().save(comment);
}
@Override
public void delete(VulnerabilityComment comment) {
comment.setActive(false);
comment.setModifiedDate(new Date());
if (comment.getVulnerability() != null) {
comment.setDeletedVulnerabilityId(comment.getVulnerability().getId());
}
comment.setVulnerability(null);
saveOrUpdate(comment);
}
@SuppressWarnings("unchecked")
@Override
public List<VulnerabilityComment> retrieveRecent(int number, Set<Integer> authenticatedAppIds,
Set<Integer> authenticatedTeamIds) {
if ((authenticatedAppIds == null || authenticatedAppIds.isEmpty()) &&
(authenticatedTeamIds == null || authenticatedTeamIds.isEmpty())) {
return new ArrayList<VulnerabilityComment>();
}
Criteria baseCriteria = getVulnCriteria(number)
.createAlias("vulnerability.application", "app")
.createAlias("vulnerability", "vuln")
.add(Restrictions.eq("app.active", true))
.add(Restrictions.eq("vuln.active", true))
;
boolean useAppIds = authenticatedAppIds != null && !authenticatedAppIds.isEmpty(),
useTeamIds = authenticatedTeamIds != null && !authenticatedTeamIds.isEmpty();
if (useAppIds && useTeamIds) {
baseCriteria.createAlias("app.organization", "team")
.add(Restrictions.or(
Restrictions.in("app.id", authenticatedAppIds),
Restrictions.in("team.id", authenticatedTeamIds)
));
} else if (useAppIds) {
baseCriteria.add(Restrictions.in("app.id", authenticatedAppIds));
} else if (useTeamIds) {
baseCriteria.createAlias("app.organization", "team")
.add(Restrictions.in("team.id", authenticatedTeamIds));
}
return baseCriteria.list();
}
@SuppressWarnings("unchecked")
@Override
public List<VulnerabilityComment> retrieveRecent(int number) {
return getVulnCriteria(number)
.createAlias("vulnerability.application", "app")
.createAlias("vulnerability", "vuln")
.add(Restrictions.eq("app.active", true))
.add(Restrictions.eq("vuln.active", true))
.list();
}
private Criteria getVulnCriteria(int number) {
return sessionFactory.getCurrentSession()
.createCriteria(VulnerabilityComment.class)
.add(Restrictions.eq("active", true))
.addOrder(Order.desc("id"))
.setMaxResults(number);
}
}