├── .gitignore ├── .sonarcloud.properties ├── README.md ├── Wiki Banner.png └── archived ├── README.md ├── create-scanner-jar.sh ├── dependency-check-suppressions.xml ├── docs └── wiki │ └── img │ ├── Wiki Banner.png │ ├── axway_logo_650x260.png │ ├── burp-plugin1.JPG │ ├── burp-plugin2.JPG │ ├── burp-plugin3.JPG │ ├── burp-plugin4.JPG │ ├── burp-plugin5.JPG │ ├── burp-plugin6.JPG │ ├── burp-plugin7.JPG │ ├── burp-plugin8.JPG │ ├── burp-plugin9.JPG │ └── rax_logo_650x260.png ├── lib └── org │ └── jetbrains │ └── annotations │ └── annotations │ └── 13 │ └── annotations-13.jar ├── license.scala ├── pom.xml ├── report-plugin ├── pom.xml └── src │ └── main │ ├── java │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ └── PluginNameReport.java │ └── resources │ └── META-INF │ ├── resources │ ├── WEB-INF │ │ └── views │ │ │ └── applications │ │ │ └── widgets │ │ │ └── reportPlugin.jsp │ └── scripts │ │ └── report-plugin.js │ └── web-fragment.xml ├── ssvl-converter ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── denimgroup │ │ │ └── threadfix │ │ │ └── csv2ssl │ │ │ ├── Main.java │ │ │ ├── checker │ │ │ ├── ArgumentChecker.java │ │ │ ├── Configuration.java │ │ │ ├── FormatChecker.java │ │ │ └── InteractiveConfiguration.java │ │ │ ├── parser │ │ │ ├── ArgumentParser.java │ │ │ ├── CSVToSSVLParser.java │ │ │ └── FormatParser.java │ │ │ ├── serializer │ │ │ └── RecordToXMLSerializer.java │ │ │ └── util │ │ │ ├── CollectionUtils.java │ │ │ ├── DateUtils.java │ │ │ ├── Defaults.java │ │ │ ├── Either.java │ │ │ ├── Header.java │ │ │ ├── InteractionUtils.java │ │ │ ├── Option.java │ │ │ └── Strings.java │ └── resources │ │ ├── constants.properties │ │ └── ssvl.xsd │ └── test │ ├── java │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ └── csv2ssl │ │ ├── DataFlowElementTests.java │ │ ├── DateUtilsTests.java │ │ ├── DialogUtils.java │ │ ├── ResourceLoader.java │ │ └── parser │ │ ├── FormatParserTests.java │ │ ├── InteractiveTests.java │ │ ├── csv │ │ └── BasicParserTest.java │ │ └── excel │ │ └── ExcelParserTests.java │ └── resources │ ├── Book.xlsx │ ├── basic.csv │ ├── customDateConfig.properties │ ├── data.csv │ ├── dataflow.csv │ ├── date.csv │ ├── emptycolumn.csv │ ├── filename.csv │ ├── fromJunit.properties │ ├── out.ssvl │ ├── sampleConfig.properties │ ├── sept.csv │ ├── windows-line-endings.csv │ ├── withDifferentHeaderLine.csv │ ├── withDifferentHeaderLine.xlsx │ ├── withHeaderLine.csv │ └── withIssueId.csv ├── threadfix-cli-endpoints ├── .gitignore ├── .project ├── README ├── pom.xml └── src │ └── com │ └── denimgroup │ └── threadfix │ └── cli │ └── endpoints │ └── EndpointMain.java ├── threadfix-cli-importers ├── .gitignore ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── denimgroup │ │ │ └── threadfix │ │ │ └── importer │ │ │ └── cli │ │ │ └── CommandLineMain.java │ └── resources │ │ ├── applicationContext-hibernate.xml │ │ ├── jdbc.properties │ │ ├── log4j.xml │ │ └── offline-context.xml │ └── test │ ├── java │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ ├── framework │ │ ├── dotNetMvc │ │ │ ├── ContosoPathTests.java │ │ │ └── EndToEndTests.java │ │ ├── dotNetWebForm │ │ │ └── EndToEndTests.java │ │ ├── rails │ │ │ └── EndToEndTests.java │ │ └── struts │ │ │ └── EndToEndTests.java │ │ ├── importer │ │ ├── ScanLocationManager.java │ │ ├── TestConstants.java │ │ ├── TransactionalTest.java │ │ ├── check │ │ │ └── FormatCheckTests.java │ │ ├── date │ │ │ ├── DateParsingTests.java │ │ │ └── ScanDateParsingChecker.java │ │ ├── impl │ │ │ ├── remoteprovider │ │ │ │ ├── ContrastApplicationParsingTests.java │ │ │ │ ├── ContrastScanParsingTests.java │ │ │ │ ├── ContrastUtils.java │ │ │ │ ├── QualysApplicationParsingTests.java │ │ │ │ ├── QualysScanParsingTests.java │ │ │ │ ├── RemoteProviderScanParser.java │ │ │ │ ├── TrustwaveDateParserTests.java │ │ │ │ ├── VeracodeApplicationParsingTests.java │ │ │ │ ├── VeracodeScanParsingTests.java │ │ │ │ ├── WhiteHatApplicationParsingTests.java │ │ │ │ ├── WhiteHatScanParsingTests.java │ │ │ │ └── utils │ │ │ │ │ ├── ContrastMockHttpUtils.java │ │ │ │ │ ├── QualysMockHttpUtils.java │ │ │ │ │ ├── ScanImporterHarness.java │ │ │ │ │ ├── VeracodeMockHttpUtils.java │ │ │ │ │ └── WhiteHatMockHttpUtils.java │ │ │ └── upload │ │ │ │ ├── ArachniTests.java │ │ │ │ └── fortify │ │ │ │ ├── AuditXmlParsingTests.java │ │ │ │ ├── FilterTemplateXmlTests.java │ │ │ │ ├── FortifyFilterSetTests.java │ │ │ │ └── FortifyFilterTests.java │ │ ├── loader │ │ │ └── ScanTypeCalculatorTests.java │ │ ├── merge │ │ │ └── ChannelMergeTests.java │ │ ├── parser │ │ │ ├── AcunetixScanTest.java │ │ │ ├── ArachniScanTest.java │ │ │ ├── BrakemanScanTest.java │ │ │ ├── BurpScanTest.java │ │ │ ├── CatNetTests.java │ │ │ ├── CenzicScanTest.java │ │ │ ├── ClangScanTest.java │ │ │ ├── CppcheckScanTest.java │ │ │ ├── DependencyCheckTests.java │ │ │ ├── FindBugsTest.java │ │ │ ├── FortifyScanTest.java │ │ │ ├── IBMAppScanTest.java │ │ │ ├── NTOSpider6ScanTest.java │ │ │ ├── NTOSpiderScanResults.java │ │ │ ├── NessusScanTest.java │ │ │ ├── NetsparkerTests.java │ │ │ ├── PMDScanTest.java │ │ │ ├── SSVLDataFlowTests.java │ │ │ ├── SkipFishScanResults.java │ │ │ ├── W3afScanTest.java │ │ │ ├── WebInspectScanTest.java │ │ │ └── ZapProxyScanTest.java │ │ └── utils │ │ │ ├── FolderMappings.java │ │ │ ├── ParserUtils.java │ │ │ ├── ScanComparisonUtils.java │ │ │ ├── ScannerMappingsIncompleteException.java │ │ │ ├── SimpleFinding.java │ │ │ └── SimpleScan.java │ │ └── service │ │ ├── merge │ │ ├── FindingMatcherTests.java │ │ ├── RemappingTestHarness.java │ │ └── RemappingTests.java │ │ └── statistics │ │ ├── CounterHarness.java │ │ └── StatisticsCounterTests.java │ └── resources │ ├── contrast │ ├── apps.json │ ├── autherror.json │ ├── bodgeit-full.json │ ├── c0a1a284-2c81-4b4b-b44a-52d7b8f71aae.json │ ├── orgs.json │ ├── testapp-full.json │ └── traces.json │ ├── fortify │ ├── audit-v4.xml │ ├── date-audit.xml │ ├── empty-audit.xml │ ├── filtertemplate-hide.xml │ ├── filtertemplate.xml │ └── full-audit.xml │ ├── merging │ ├── correctSingleVulnScan.ssvl │ ├── noVulns.ssvl │ ├── singlescan.ssvl │ └── twoMergingVulns.ssvl │ ├── qualys │ ├── apps-authenticated.xml │ ├── apps-unauthenticated.xml │ ├── apps-with-pagination.xml │ ├── scans.xml │ ├── testasp.xml │ └── testphp.xml │ ├── statistics │ ├── testfire-arachni.xml │ ├── testfire-zap.xml │ └── testfire-zap2.xml │ ├── veracode │ ├── 194944.xml │ ├── 198331.xml │ ├── 22881.xml │ ├── 22882.xml │ ├── 22883.xml │ ├── 22887.xml │ ├── 22892.xml │ ├── 22930.xml │ ├── 22931.xml │ ├── 22932.xml │ ├── 22933.xml │ ├── 37068.xml │ ├── 45707.xml │ ├── 45726.xml │ └── apps.xml │ └── whitehat │ ├── 6067.xml │ ├── 6184.xml │ ├── 6185.xml │ ├── 8250.xml │ ├── allClosed.xml │ └── apps.xml ├── threadfix-cli ├── .gitignore ├── .project ├── README.md ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── denimgroup │ │ │ └── threadfix │ │ │ ├── VulnerabilityInfo.java │ │ │ ├── cli │ │ │ ├── CommandLineParser.java │ │ │ ├── DefectSubmissionParameterParser.java │ │ │ ├── GenericParameterParser.java │ │ │ ├── OptionsHolder.java │ │ │ └── VulnSearchParameterParser.java │ │ │ ├── properties │ │ │ └── PropertiesManager.java │ │ │ └── remote │ │ │ ├── AcceptAllTrustFactory.java │ │ │ ├── HttpRestUtils.java │ │ │ ├── InstallCert.java │ │ │ ├── PluginClient.java │ │ │ ├── ThreadFixRestClient.java │ │ │ ├── ThreadFixRestClientImpl.java │ │ │ └── response │ │ │ ├── ByteToStringSerializer.java │ │ │ ├── CalendarSerializer.java │ │ │ ├── DateSerializer.java │ │ │ ├── ResponseParser.java │ │ │ ├── RestResponse.java │ │ │ └── TypeReference.java │ └── resources │ │ └── log4j.xml │ └── test │ ├── java │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ ├── cli │ │ ├── HttpRestUtilsTests.java │ │ ├── TestPropertiesManager.java │ │ ├── ThreadFixRestClientIT.java │ │ ├── ThreadFixRestClientStub.java │ │ ├── VulnSearchParameterParserTests.java │ │ ├── VulnerabilitySearchRestIT.java │ │ ├── api2_1 │ │ │ ├── ApplicationRestIT.java │ │ │ ├── ScanRestIT.java │ │ │ ├── TeamRestIT.java │ │ │ ├── VulnerabilityRestIT.java │ │ │ └── WafRestIT.java │ │ └── util │ │ │ ├── JsonTestUtils.java │ │ │ └── TestUtils.java │ │ └── remote │ │ └── response │ │ └── ResponseParserTests.java │ └── resources │ └── testfire.xml ├── threadfix-data-access ├── pom.xml └── src │ └── main │ └── java │ └── com │ └── denimgroup │ └── threadfix │ └── data │ └── dao │ ├── APIKeyDao.java │ ├── AbstractNamedObjectDao.java │ ├── AbstractObjectDao.java │ ├── AccessControlMapDao.java │ ├── ApplicationChannelDao.java │ ├── ApplicationCriticalityDao.java │ ├── ApplicationDao.java │ ├── ApplicationVersionDao.java │ ├── ChannelSeverityDao.java │ ├── ChannelTypeDao.java │ ├── ChannelVulnerabilityDao.java │ ├── ChannelVulnerabilityFilterDao.java │ ├── DefaultConfigurationDao.java │ ├── DefaultDefectProfileDao.java │ ├── DefaultTagDao.java │ ├── DefectDao.java │ ├── DefectTrackerDao.java │ ├── DefectTrackerTypeDao.java │ ├── DocumentDao.java │ ├── EmailListDao.java │ ├── EmptyScanDao.java │ ├── EndpointPermissionDao.java │ ├── EnterpriseTagDao.java │ ├── EventDao.java │ ├── ExceptionLogDao.java │ ├── FilterDateDao.java │ ├── FilterJsonBlobDao.java │ ├── FindingDao.java │ ├── GenericNamedObjectDao.java │ ├── GenericObjectDao.java │ ├── GenericSeverityDao.java │ ├── GenericVulnerabilityDao.java │ ├── JobStatusDao.java │ ├── OrganizationDao.java │ ├── PolicyDao.java │ ├── PolicyStatusDao.java │ ├── RemoteProviderApplicationDao.java │ ├── RemoteProviderTypeDao.java │ ├── ReportDao.java │ ├── RoleDao.java │ ├── ScanCloseReopenMappingDao.java │ ├── ScanDao.java │ ├── ScanQueueTaskDao.java │ ├── ScanResultFilterDao.java │ ├── ScheduledDefectTrackerUpdateDao.java │ ├── ScheduledEmailReportDao.java │ ├── ScheduledJobDao.java │ ├── ScheduledRemoteProviderImportDao.java │ ├── ScheduledScanDao.java │ ├── SecurityEventDao.java │ ├── SeverityFilterDao.java │ ├── StatisticsCounterDao.java │ ├── SurveyDao.java │ ├── SurveyResultDao.java │ ├── TagDao.java │ ├── UserDao.java │ ├── UserEventNotificationMapDao.java │ ├── VulnerabilityCommentDao.java │ ├── VulnerabilityDao.java │ ├── VulnerabilityFilterDao.java │ ├── VulnerabilityMapDao.java │ ├── VulnerabilitySearchDao.java │ ├── WafDao.java │ ├── WafRuleDao.java │ ├── WafRuleDirectiveDao.java │ ├── WafTypeDao.java │ ├── hibernate │ ├── HibernateAPIKeyDao.java │ ├── HibernateAccessControlMapDao.java │ ├── HibernateApplicationChannelDao.java │ ├── HibernateApplicationCriticalityDao.java │ ├── HibernateApplicationDao.java │ ├── HibernateApplicationVersionDao.java │ ├── HibernateChannelSeverityDao.java │ ├── HibernateChannelTypeDao.java │ ├── HibernateChannelVulnerabilityDao.java │ ├── HibernateDefaultConfigurationDao.java │ ├── HibernateDefaultDefectProfileDao.java │ ├── HibernateDefaultTagDao.java │ ├── HibernateDefectDao.java │ ├── HibernateDefectTrackerDao.java │ ├── HibernateDefectTrackerTypeDao.java │ ├── HibernateDocumentDao.java │ ├── HibernateEmailListDao.java │ ├── HibernateEmptyScanDao.java │ ├── HibernateEndpointPermissionDao.java │ ├── HibernateEventDao.java │ ├── HibernateExceptionLogDao.java │ ├── HibernateFilterDateDao.java │ ├── HibernateFilterJsonBlobDao.java │ ├── HibernateFindingDao.java │ ├── HibernateGenericSeverityDao.java │ ├── HibernateGenericVulnerabilityDao.java │ ├── HibernateJobStatusDao.java │ ├── HibernateOrganizationDao.java │ ├── HibernateRemoteProviderApplicationDao.java │ ├── HibernateRemoteProviderTypeDao.java │ ├── HibernateReportDao.java │ ├── HibernateRoleDao.java │ ├── HibernateScanCloseReopenMappingDao.java │ ├── HibernateScanDao.java │ ├── HibernateScanResultFilterDao.java │ ├── HibernateScheduledDefectTrackerUpdateDao.java │ ├── HibernateScheduledEmailReportDao.java │ ├── HibernateScheduledJobDao.java │ ├── HibernateScheduledRemoteProviderImportDao.java │ ├── HibernateScheduledScanDao.java │ ├── HibernateSecurityEventDao.java │ ├── HibernateSeverityFilterDao.java │ ├── HibernateStatisticsCounterDao.java │ ├── HibernateSurveyDao.java │ ├── HibernateSurveyResultDao.java │ ├── HibernateTagDao.java │ ├── HibernateUserDao.java │ ├── HibernateUserEventNotificationMapDao.java │ ├── HibernateVulnerabilityCommentDao.java │ ├── HibernateVulnerabilityDao.java │ ├── HibernateVulnerabilityFilterDao.java │ ├── HibernateVulnerabilityMapDao.java │ ├── HibernateVulnerabilitySearchDao.java │ ├── HibernateWafDao.java │ ├── HibernateWafRuleDao.java │ ├── HibernateWafRuleDirectiveDao.java │ ├── HibernateWafTypeDao.java │ └── VulnerabilitySearchCriteriaConstructor.java │ └── namingstrategy │ └── OracleNamingStrategy.java ├── threadfix-data-migration ├── pom.xml └── src │ └── main │ ├── java │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ └── importer │ │ ├── cli │ │ ├── CommandLineMigration.java │ │ └── ScriptRunner.java │ │ └── config │ │ └── SpringConfiguration.java │ └── resources │ ├── jdbc.properties │ ├── jdbc.properties.hsql │ └── log4j.xml ├── threadfix-entities ├── pom.xml └── src │ ├── main │ └── java │ │ ├── com │ │ └── denimgroup │ │ │ └── threadfix │ │ │ ├── CloseableUtils.java │ │ │ ├── CollectionUtils.java │ │ │ ├── DiskUtils.java │ │ │ ├── ObjectToSSVLParser.java │ │ │ ├── ScannerUtils.java │ │ │ ├── StringEscapeUtils.java │ │ │ ├── XMLUtils.java │ │ │ ├── annotations │ │ │ ├── MappingsUpdater.java │ │ │ ├── RemoteProvider.java │ │ │ ├── ReportLocation.java │ │ │ ├── ReportPlugin.java │ │ │ ├── ScanFormat.java │ │ │ ├── ScanImporter.java │ │ │ ├── StartingTagSet.java │ │ │ └── WebApplicationFirewall.java │ │ │ ├── data │ │ │ ├── Option.java │ │ │ ├── ScanCheckResultBean.java │ │ │ ├── ScanImportStatus.java │ │ │ ├── entities │ │ │ │ ├── APIKey.java │ │ │ │ ├── AccessControlApplicationMap.java │ │ │ │ ├── AccessControlTeamMap.java │ │ │ │ ├── Application.java │ │ │ │ ├── ApplicationChannel.java │ │ │ │ ├── ApplicationCriticality.java │ │ │ │ ├── ApplicationVersion.java │ │ │ │ ├── Audit.java │ │ │ │ ├── AuditableEntity.java │ │ │ │ ├── AuthenticationRequired.java │ │ │ │ ├── BaseEntity.java │ │ │ │ ├── BatchTaggingParameters.java │ │ │ │ ├── CSVExportField.java │ │ │ │ ├── ChannelSeverity.java │ │ │ │ ├── ChannelType.java │ │ │ │ ├── ChannelVulnerability.java │ │ │ │ ├── ChannelVulnerabilityFilter.java │ │ │ │ ├── DataFlowElement.java │ │ │ │ ├── DayInWeek.java │ │ │ │ ├── DefaultConfiguration.java │ │ │ │ ├── DefaultDefectField.java │ │ │ │ ├── DefaultDefectProfile.java │ │ │ │ ├── DefaultTag.java │ │ │ │ ├── Defect.java │ │ │ │ ├── DefectTracker.java │ │ │ │ ├── DefectTrackerType.java │ │ │ │ ├── DeletedCloseMap.java │ │ │ │ ├── DeletedDataFlowElement.java │ │ │ │ ├── DeletedDefect.java │ │ │ │ ├── DeletedFinding.java │ │ │ │ ├── DeletedRemoteProviderApplication.java │ │ │ │ ├── DeletedReopenMap.java │ │ │ │ ├── DeletedRepeatFindingMap.java │ │ │ │ ├── DeletedScan.java │ │ │ │ ├── DeletedSurfaceLocation.java │ │ │ │ ├── DeletedVulnerability.java │ │ │ │ ├── DeletedWafRule.java │ │ │ │ ├── Dependency.java │ │ │ │ ├── Document.java │ │ │ │ ├── EmailList.java │ │ │ │ ├── EmptyScan.java │ │ │ │ ├── EndpointPermission.java │ │ │ │ ├── Event.java │ │ │ │ ├── ExceptionLog.java │ │ │ │ ├── FilterDate.java │ │ │ │ ├── FilterJsonBlob.java │ │ │ │ ├── Finding.java │ │ │ │ ├── FindingLike.java │ │ │ │ ├── GRCApplication.java │ │ │ │ ├── GRCControl.java │ │ │ │ ├── GRCTool.java │ │ │ │ ├── GRCToolType.java │ │ │ │ ├── GenericSeverity.java │ │ │ │ ├── GenericVulnerability.java │ │ │ │ ├── Group.java │ │ │ │ ├── JobStatus.java │ │ │ │ ├── Organization.java │ │ │ │ ├── Permission.java │ │ │ │ ├── Policy.java │ │ │ │ ├── PolicyStatus.java │ │ │ │ ├── RemoteProviderApplication.java │ │ │ │ ├── RemoteProviderAuthenticationField.java │ │ │ │ ├── RemoteProviderType.java │ │ │ │ ├── Report.java │ │ │ │ ├── ReportParameters.java │ │ │ │ ├── Role.java │ │ │ │ ├── Scan.java │ │ │ │ ├── ScanCloseVulnerabilityMap.java │ │ │ │ ├── ScanQueueTask.java │ │ │ │ ├── ScanReopenVulnerabilityMap.java │ │ │ │ ├── ScanRepeatFindingMap.java │ │ │ │ ├── ScanResultFilter.java │ │ │ │ ├── ScanStatus.java │ │ │ │ ├── ScannerDatabaseNames.java │ │ │ │ ├── ScannerType.java │ │ │ │ ├── ScheduledDefectTrackerUpdate.java │ │ │ │ ├── ScheduledEmailReport.java │ │ │ │ ├── ScheduledFrequencyType.java │ │ │ │ ├── ScheduledGRCToolUpdate.java │ │ │ │ ├── ScheduledJob.java │ │ │ │ ├── ScheduledPeriodType.java │ │ │ │ ├── ScheduledRemoteProviderImport.java │ │ │ │ ├── ScheduledScan.java │ │ │ │ ├── SecurityEvent.java │ │ │ │ ├── SeverityFilter.java │ │ │ │ ├── SeverityMap.java │ │ │ │ ├── SourceCodeRepoType.java │ │ │ │ ├── StaticPathInformation.java │ │ │ │ ├── StatisticsCounter.java │ │ │ │ ├── SurfaceLocation.java │ │ │ │ ├── Survey.java │ │ │ │ ├── SurveyAnswer.java │ │ │ │ ├── SurveyAssertion.java │ │ │ │ ├── SurveyLevel.java │ │ │ │ ├── SurveyObjective.java │ │ │ │ ├── SurveyPractice.java │ │ │ │ ├── SurveyQuestion.java │ │ │ │ ├── SurveyRanking.java │ │ │ │ ├── SurveyResult.java │ │ │ │ ├── SurveySection.java │ │ │ │ ├── Tag.java │ │ │ │ ├── Task.java │ │ │ │ ├── TaskConfig.java │ │ │ │ ├── User.java │ │ │ │ ├── UserEventNotificationMap.java │ │ │ │ ├── Vulnerability.java │ │ │ │ ├── VulnerabilityComment.java │ │ │ │ ├── VulnerabilityFilter.java │ │ │ │ ├── VulnerabilityMap.java │ │ │ │ ├── VulnerabilityMarker.java │ │ │ │ ├── VulnerabilitySearchParameters.java │ │ │ │ ├── VulnerabilityTreeElement.java │ │ │ │ ├── Waf.java │ │ │ │ ├── WafRule.java │ │ │ │ ├── WafRuleDirective.java │ │ │ │ ├── WafType.java │ │ │ │ └── ssvl │ │ │ │ │ └── generated │ │ │ │ │ ├── ObjectFactory.java │ │ │ │ │ ├── Severities.java │ │ │ │ │ └── Vulnerabilities.java │ │ │ ├── enums │ │ │ │ ├── EventAction.java │ │ │ │ ├── FrameworkType.java │ │ │ │ ├── InformationSourceType.java │ │ │ │ ├── QualysPlatform.java │ │ │ │ ├── SourceCodeAccessLevel.java │ │ │ │ ├── TagEnum.java │ │ │ │ ├── TagType.java │ │ │ │ └── VulnerabilityDefectConsistencyState.java │ │ │ └── interfaces │ │ │ │ ├── DefectSubmitter.java │ │ │ │ ├── Endpoint.java │ │ │ │ ├── MultiLevelFilter.java │ │ │ │ └── ProjectMetadataSource.java │ │ │ ├── exception │ │ │ ├── AuthenticationRestException.java │ │ │ ├── DefectTrackerAuthenticationException.java │ │ │ ├── DefectTrackerCommunicationException.java │ │ │ ├── DefectTrackerFormatException.java │ │ │ ├── DefectTrackerUnavailableException.java │ │ │ ├── IllegalStateRestException.java │ │ │ ├── RestException.java │ │ │ ├── RestIOException.java │ │ │ ├── RestInvalidScanFormatException.java │ │ │ ├── RestRedirectException.java │ │ │ ├── RestUrlException.java │ │ │ └── RestValidationException.java │ │ │ ├── logging │ │ │ └── SanitizedLogger.java │ │ │ ├── util │ │ │ ├── DateUtils.java │ │ │ ├── RawPropertiesHolder.java │ │ │ ├── Result.java │ │ │ ├── SimilarityCalculator.java │ │ │ ├── Tuple3.java │ │ │ └── ValidationUtils.java │ │ │ ├── viewmodels │ │ │ ├── DefectMetadata.java │ │ │ ├── DefectViewModel.java │ │ │ ├── DynamicFormField.java │ │ │ └── ProjectMetadata.java │ │ │ └── views │ │ │ └── AllViews.java │ │ └── org │ │ └── hibernate │ │ └── dialect │ │ └── SqlServer2012Dialect.java │ └── test │ └── java │ └── com │ └── denimgroup │ └── threadfix │ ├── CommunityTests.java │ ├── EnterpriseTests.java │ ├── IntegrationTests.java │ ├── RegressionTests.java │ └── WebServiceTests.java ├── threadfix-extras ├── generate_selenium │ └── pom.xml └── identify_web_apps │ ├── README.md │ ├── find_web_apps.py │ └── webkit2png │ ├── README.md │ └── webkit2png ├── threadfix-ham ├── .gitignore ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── denimgroup │ │ │ └── threadfix │ │ │ └── framework │ │ │ ├── engine │ │ │ ├── AbstractEndpoint.java │ │ │ ├── CodePoint.java │ │ │ ├── DefaultCodePoint.java │ │ │ ├── ProjectConfig.java │ │ │ ├── ProjectDirectory.java │ │ │ ├── ThreadFixInterface.java │ │ │ ├── cleaner │ │ │ │ ├── DefaultPathCleaner.java │ │ │ │ ├── PathCleaner.java │ │ │ │ └── PathCleanerFactory.java │ │ │ ├── framework │ │ │ │ ├── ClassMapping.java │ │ │ │ ├── FrameworkCalculator.java │ │ │ │ ├── FrameworkChecker.java │ │ │ │ ├── JavaAndJspFrameworkChecker.java │ │ │ │ ├── ServletMappings.java │ │ │ │ ├── UrlPatternMapping.java │ │ │ │ └── WebXMLParser.java │ │ │ ├── full │ │ │ │ ├── EndpointDatabase.java │ │ │ │ ├── EndpointDatabaseFactory.java │ │ │ │ ├── EndpointGenerator.java │ │ │ │ ├── EndpointQuery.java │ │ │ │ ├── EndpointQueryBuilder.java │ │ │ │ └── GeneratorBasedEndpointDatabase.java │ │ │ ├── parameter │ │ │ │ ├── ParameterParser.java │ │ │ │ └── ParameterParserFactory.java │ │ │ └── partial │ │ │ │ ├── DefaultPartialMapping.java │ │ │ │ ├── DefaultPartialMappingDatabase.java │ │ │ │ ├── PartialMapping.java │ │ │ │ ├── PartialMappingDatabase.java │ │ │ │ └── PartialMappingsDatabaseFactory.java │ │ │ ├── filefilter │ │ │ ├── ClassAnnotationBasedFileFilter.java │ │ │ ├── FileExtensionFileFilter.java │ │ │ └── NoDotDirectoryFileFilter.java │ │ │ ├── impl │ │ │ ├── dotNet │ │ │ │ ├── Action.java │ │ │ │ ├── DotNetControllerMappings.java │ │ │ │ ├── DotNetControllerParser.java │ │ │ │ ├── DotNetEndpoint.java │ │ │ │ ├── DotNetEndpointGenerator.java │ │ │ │ ├── DotNetFrameworkChecker.java │ │ │ │ ├── DotNetKeywords.java │ │ │ │ ├── DotNetMappings.java │ │ │ │ ├── DotNetModelMappings.java │ │ │ │ ├── DotNetPathCleaner.java │ │ │ │ ├── DotNetRouteMappings.java │ │ │ │ ├── DotNetRoutesParser.java │ │ │ │ └── ViewModelParser.java │ │ │ ├── dotNetWebForm │ │ │ │ ├── AscxFile.java │ │ │ │ ├── AscxFileMappingsFileParser.java │ │ │ │ ├── AspxControl.java │ │ │ │ ├── AspxControlStack.java │ │ │ │ ├── AspxCsParser.java │ │ │ │ ├── AspxParser.java │ │ │ │ ├── AspxUniqueIdParser.java │ │ │ │ ├── MasterPageParser.java │ │ │ │ ├── WebFormsEndpoint.java │ │ │ │ ├── WebFormsEndpointGenerator.java │ │ │ │ ├── WebFormsFrameworkChecker.java │ │ │ │ ├── WebFormsParameterParser.java │ │ │ │ └── WebFormsPathCleaner.java │ │ │ ├── jsp │ │ │ │ ├── JSPDataFlowParser.java │ │ │ │ ├── JSPEndpoint.java │ │ │ │ ├── JSPFileFilter.java │ │ │ │ ├── JSPIncludeParser.java │ │ │ │ ├── JSPMappings.java │ │ │ │ ├── JSPParameterParser.java │ │ │ │ └── JSPPathCleaner.java │ │ │ ├── model │ │ │ │ ├── FieldSetLookupUtils.java │ │ │ │ ├── ModelField.java │ │ │ │ └── ModelFieldSet.java │ │ │ ├── rails │ │ │ │ ├── RailsControllerParser.java │ │ │ │ ├── RailsEndpoint.java │ │ │ │ ├── RailsEndpointMappings.java │ │ │ │ ├── RailsFrameworkChecker.java │ │ │ │ ├── RailsModelParser.java │ │ │ │ ├── RailsParameterParser.java │ │ │ │ ├── RailsPathCleaner.java │ │ │ │ ├── RailsRoutesParser.java │ │ │ │ └── model │ │ │ │ │ ├── RailsController.java │ │ │ │ │ ├── RailsControllerMethod.java │ │ │ │ │ ├── RailsResource.java │ │ │ │ │ ├── RailsRoute.java │ │ │ │ │ ├── ResourceState.java │ │ │ │ │ └── ResourceType.java │ │ │ ├── spring │ │ │ │ ├── DispatcherServletParser.java │ │ │ │ ├── SpringControllerEndpoint.java │ │ │ │ ├── SpringControllerEndpointParser.java │ │ │ │ ├── SpringControllerFileFilter.java │ │ │ │ ├── SpringControllerMappings.java │ │ │ │ ├── SpringDataBinderParser.java │ │ │ │ ├── SpringDataFlowParser.java │ │ │ │ ├── SpringEntityFileFilter.java │ │ │ │ ├── SpringJavaConfigurationChecker.java │ │ │ │ ├── SpringPathCleaner.java │ │ │ │ ├── SpringServletConfigurationChecker.java │ │ │ │ └── auth │ │ │ │ │ ├── InterceptUrl.java │ │ │ │ │ └── SpringSecurityXmlParser.java │ │ │ └── struts │ │ │ │ ├── StrutsConfigurationChecker.java │ │ │ │ ├── StrutsDataFlowParser.java │ │ │ │ ├── StrutsEndpoint.java │ │ │ │ ├── StrutsEndpointMappings.java │ │ │ │ ├── StrutsPathCleaner.java │ │ │ │ ├── StrutsPropertiesParser.java │ │ │ │ ├── StrutsXmlParser.java │ │ │ │ └── model │ │ │ │ ├── StrutsAction.java │ │ │ │ ├── StrutsPackage.java │ │ │ │ └── StrutsResult.java │ │ │ └── util │ │ │ ├── CommonPathFinder.java │ │ │ ├── EventBasedTokenizer.java │ │ │ ├── EventBasedTokenizerRunner.java │ │ │ ├── FilePathUtils.java │ │ │ ├── RegexUtils.java │ │ │ └── java │ │ │ ├── EntityMappings.java │ │ │ └── EntityParser.java │ └── resources │ │ └── log4j.xml │ └── test │ ├── java │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ └── framework │ │ ├── EnumTests.java │ │ ├── FrameworkCalculatorTests.java │ │ ├── PartialMappingTests.java │ │ ├── ResourceManager.java │ │ ├── TestConstants.java │ │ ├── TestUtils.java │ │ ├── engine │ │ ├── EndpointDatabaseFactoryTests.java │ │ ├── ProjectDirectoryTests.java │ │ ├── cleaner │ │ │ └── DefaultPathCleanerTests.java │ │ └── framework │ │ │ ├── ServletMappingTests.java │ │ │ └── WebXMLParserTests.java │ │ ├── impl │ │ ├── dotNet │ │ │ ├── ContosoUtilities.java │ │ │ ├── DotNetControllerParserTests.java │ │ │ ├── DotNetDetectionTests.java │ │ │ ├── DotNetEndpointDatabaseTests.java │ │ │ ├── DotNetEndpointGeneratorTests.java │ │ │ ├── DotNetModelBindingTests.java │ │ │ ├── DotNetPathMatchingTests.java │ │ │ ├── DotNetRoutesParserTests.java │ │ │ └── ViewModelParsingTests.java │ │ ├── dotNetWebForm │ │ │ ├── AscxFileMappingsFileParserTests.java │ │ │ ├── AscxParserTests.java │ │ │ ├── AspxControlStackTests.java │ │ │ ├── AspxCsParserTests.java │ │ │ ├── AspxParserTests.java │ │ │ ├── AspxUniqueIDParserTests.java │ │ │ ├── AutoGeneratedParameterNameTests.java │ │ │ ├── MasterPageParserTests.java │ │ │ ├── WebFormUtilities.java │ │ │ ├── WebFormsDetectionTests.java │ │ │ ├── WebFormsEndpointGeneratorTests.java │ │ │ └── WebFormsParameterParserTests.java │ │ ├── jsp │ │ │ ├── JSPIncludeParserTests.java │ │ │ ├── JSPMappingsTests.java │ │ │ ├── JSPNestingTests.java │ │ │ ├── JSPParameterParserTests.java │ │ │ └── JspEndpointDatabaseTests.java │ │ ├── rails │ │ │ ├── RailsControllerParserTest.java │ │ │ ├── RailsEndpointMappingsTest.java │ │ │ ├── RailsModelParserTest.java │ │ │ └── RailsRoutesParserTest.java │ │ ├── spring │ │ │ ├── PetClinicEndpointDatabaseTests.java │ │ │ ├── SpringControllerEndpointParserTests.java │ │ │ ├── SpringControllerMappingsTests.java │ │ │ ├── SpringDataBinderTests.java │ │ │ ├── SpringDetectionTests.java │ │ │ ├── SpringEntityMappingsTests.java │ │ │ ├── SpringEntityParserTests.java │ │ │ ├── SpringJavaConfigurationCheckerTests.java │ │ │ ├── SpringParameterParsingTests.java │ │ │ ├── SpringPathCleanerTests.java │ │ │ └── auth │ │ │ │ ├── EndpointPermissionParsingTests.java │ │ │ │ ├── InterceptUrlTests.java │ │ │ │ └── SecurityXmlParserTests.java │ │ └── struts │ │ │ ├── EntityMappingsTests.java │ │ │ ├── EntityParserTests.java │ │ │ ├── StrutsEndpointMappingsTests.java │ │ │ ├── StrutsFrameworkDetectionTests.java │ │ │ ├── StrutsParameterParsingTests.java │ │ │ ├── StrutsPropertiesParserTests.java │ │ │ └── StrutsXmlParserTests.java │ │ └── util │ │ ├── CommonPathFinderTests.java │ │ ├── RegexUtilsTests.java │ │ └── SimilarityCalculatorTests.java │ └── resources │ ├── code.dotNet.mvc │ ├── AccountViewModels.cs │ ├── AttributesController.cs │ ├── BindingController.cs │ ├── ChatController.cs │ ├── DefaultParametersController.cs │ ├── Global.asax.cs │ ├── InstructorController.cs │ ├── InstructorRoutes.cs │ ├── ProblemEntity.cs │ ├── RestController.cs │ ├── RouteConfig.cs │ ├── Student.cs │ └── SuperclassBindingController.cs │ ├── code.dotNet.webforms │ ├── AddNewUser.aspx.cs │ ├── Catalog.aspx.cs │ ├── ChangePassword.aspx │ ├── ChangePassword.aspx.cs │ ├── Encrypt.aspx.cs │ ├── ForgotPassword.aspx.cs │ ├── Message.aspx │ ├── ProductDetails.aspx │ ├── ProductDetails.aspx.cs │ ├── Random.aspx.cs │ ├── StudentsAdd.aspx │ ├── StudentsAddAutogeneratedId.aspx │ ├── StudentsAddWithControl.aspx │ ├── ViewStatement.aspx.cs │ ├── WebForm1.aspx │ ├── WebForm1.aspx.cs │ ├── WebForm1.aspx.designer.cs │ └── WebUserControl1.ascx │ ├── code.jsp.cycle │ └── cycle.jsp │ ├── code.jsp │ └── nesting │ │ ├── test1.jsp │ │ ├── test2.jsp │ │ ├── test3.jsp │ │ ├── test4.jsp │ │ ├── test5.jsp │ │ ├── test6.jsp │ │ └── test7.jsp │ ├── code.rails │ ├── discource_routes.rb │ ├── gitlab_routes.rb │ └── railsgoat_routes.rb │ ├── code.struts │ ├── struts.properties │ └── struts.xml │ └── code │ └── spring │ ├── CityController.java │ ├── CommentController.java │ ├── ControllerWithAuthentication.java │ ├── ControllerWithClassAnnotation.java.txt │ ├── ControllerWithClassAuthorization.java │ ├── MathController.java │ ├── ParamsController.java │ ├── ProjectsController.java │ ├── clone-repos.sh │ ├── config │ ├── ConfigWithCurlyInAnnotation.java │ ├── MvcSupportConfiguration.java │ ├── MyConfiguration.java │ └── MyWebConfiguration.java │ ├── databinder │ ├── BasicDisallowedFields.java │ ├── BlackAndWhiteLists.java │ ├── BothInDifferentMethods.java │ └── EditApplicationController2.java │ └── test-security.xml ├── threadfix-ide-plugin ├── .gitignore ├── eclipse │ ├── .gitignore │ ├── .project │ ├── META-INF │ │ └── MANIFEST.MF │ ├── README │ ├── build.properties │ ├── icons │ │ ├── icon.jpg │ │ └── sample.gif │ ├── plugin.xml │ ├── pom.xml │ └── src │ │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ └── plugin │ │ └── eclipse │ │ ├── action │ │ ├── ClearAction.java │ │ ├── ConfigureAction.java │ │ ├── ImportAction.java │ │ └── ShowViewAction.java │ │ ├── dialog │ │ ├── ApplicationDialog.java │ │ ├── ConfigDialog.java │ │ └── Test.java │ │ ├── marker │ │ ├── CWEField.java │ │ ├── CWENameField.java │ │ ├── DefectIdField.java │ │ ├── DefectUrlField.java │ │ └── ParameterField.java │ │ ├── rest │ │ ├── ApplicationsMap.java │ │ ├── RestUtils.java │ │ ├── ThreadFixService.java │ │ └── VulnerabilityMarkerService.java │ │ ├── util │ │ ├── Constants.java │ │ ├── EclipsePropertiesManager.java │ │ ├── VulnerabilityMarkerUtils.java │ │ └── WorkspaceUtils.java │ │ └── views │ │ └── VulnerabilitiesView.java ├── intellij │ ├── META-INF │ │ └── plugin.xml │ ├── README │ ├── resources │ │ └── icons │ │ │ └── DG_logo_mark_13x13.png │ └── src │ │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ └── plugins │ │ └── intellij │ │ ├── action │ │ ├── ClearAction.java │ │ ├── ImportAction.java │ │ ├── ShowAction.java │ │ └── TestModuleComponent.java │ │ ├── dialog │ │ ├── ApplicationsDialog.java │ │ ├── CheckBoxTreeWrapper.java │ │ ├── ConfigDialog.java │ │ └── ThreadFixAppNode.java │ │ ├── markers │ │ ├── MarkerUtils.java │ │ ├── ThreadFixMarkerRenderer.java │ │ └── WorkspaceUtils.java │ │ ├── properties │ │ ├── Constants.java │ │ └── IntelliJPropertiesManager.java │ │ ├── rest │ │ ├── ApplicationsMap.java │ │ ├── RestUtils.java │ │ ├── ThreadFixApplicationService.java │ │ └── VulnerabilityMarkerService.java │ │ └── toolwindow │ │ ├── FileOpenerMouseListener.java │ │ ├── ThreadFixMarkersView.form │ │ ├── ThreadFixShowCondition.java │ │ ├── ThreadFixWindowFactory.java │ │ └── VulnerabilitiesTableModel.java ├── pom.xml └── visual-studio │ ├── packages │ └── repositories.config │ ├── threadfix-plugin.sln │ └── threadfix-plugin │ ├── Actions │ ├── ClearAction.cs │ ├── GoToMarkerAction.cs │ ├── IAction.cs │ ├── ImportAction.cs │ └── ShowAction.cs │ ├── Controls │ ├── ApplicationsWindow.xaml │ ├── ApplicationsWindow.xaml.cs │ ├── LoadingWindow.xaml │ ├── LoadingWindow.xaml.cs │ ├── OptionsPage.cs │ ├── ThreadFixToolWindow.cs │ ├── ToolWindowControl.xaml │ └── ToolWindowControl.xaml.cs │ ├── Data │ ├── ApplicationInfo.cs │ ├── MarkerLine.cs │ ├── StoredPluginData.cs │ ├── ThreadFixApiResponse.cs │ └── VulnerabilityMarker.cs │ ├── Extensions │ └── TextDocumentExtensions.cs │ ├── GlobalSuppressions.cs │ ├── Guids.cs │ ├── Key.snk │ ├── MarginGlyphs │ ├── MarkerGlyphFactory.cs │ ├── MarkerTag.cs │ └── MarkerToolTip.cs │ ├── PkgCmdID.cs │ ├── Properties │ └── AssemblyInfo.cs │ ├── Resources.Designer.cs │ ├── Resources.resx │ ├── Resources │ ├── DG_logo_mark_13x13.png │ ├── Images.png │ ├── Package.ico │ └── license.txt │ ├── Utils │ ├── FileUtil.cs │ ├── MarkerGlyphService.cs │ ├── ThreadFixApi.cs │ ├── ThreadFixPlugin.cs │ └── ViewModelService.cs │ ├── VSPackage.resx │ ├── ViewModels │ └── ApplicationsViewModel.cs │ ├── packages.config │ ├── source.extension.vsixmanifest │ ├── threadfix-plugin.csproj │ ├── threadfix-plugin.vsct │ └── threadfix-pluginPackage.cs ├── threadfix-importers ├── .project ├── pom.xml └── src │ └── main │ ├── java │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ ├── importer │ │ ├── exception │ │ │ ├── ChannelVulnerabilityNotFoundException.java │ │ │ ├── MappingException.java │ │ │ ├── ScanFileUnavailableException.java │ │ │ └── SeverityNotFoundException.java │ │ ├── impl │ │ │ ├── AbstractChannelImporter.java │ │ │ ├── remoteprovider │ │ │ │ ├── AbstractRemoteProvider.java │ │ │ │ ├── AppScanEnterpriseRemoteProvider.java │ │ │ │ ├── ContrastRemoteProvider.java │ │ │ │ ├── QualysRemoteProvider.java │ │ │ │ ├── RemoteProviderFactoryImpl.java │ │ │ │ ├── SonatypeRemoteProvider.java │ │ │ │ ├── TrustwaveHailstormRemoteProvider.java │ │ │ │ ├── VeracodeRemoteProvider.java │ │ │ │ ├── WhiteHatRemoteProvider.java │ │ │ │ ├── WhiteHatSourceRemoteProvider.java │ │ │ │ └── utils │ │ │ │ │ ├── DefaultRequestConfigurer.java │ │ │ │ │ ├── HttpResponse.java │ │ │ │ │ ├── RemoteProviderHttpUtils.java │ │ │ │ │ ├── RemoteProviderHttpUtilsImpl.java │ │ │ │ │ └── RequestConfigurer.java │ │ │ └── upload │ │ │ │ ├── AcunetixChannelImporter.java │ │ │ │ ├── AppScanEnterpriseChannelImporter.java │ │ │ │ ├── AppScanSourceChannelImporter.java │ │ │ │ ├── AppScanWebImporter.java │ │ │ │ ├── AppSpiderChannelImporter.java │ │ │ │ ├── ArachniChannelImporter.java │ │ │ │ ├── BrakemanChannelImporter.java │ │ │ │ ├── BurpSuiteChannelImporter.java │ │ │ │ ├── CatNetChannelImporter.java │ │ │ │ ├── CenzicChannelImporter.java │ │ │ │ ├── ChannelImporterFactoryImpl.java │ │ │ │ ├── CheckMarxChannelImporter.java │ │ │ │ ├── ClangChannelImporter.java │ │ │ │ ├── CodeProfilerChannelImporter.java │ │ │ │ ├── ContrastChannelImporter.java │ │ │ │ ├── CppcheckChannelImporter.java │ │ │ │ ├── DependencyCheckChannelImporter.java │ │ │ │ ├── FindBugsChannelImporter.java │ │ │ │ ├── NessusChannelImporter.java │ │ │ │ ├── NetsparkerChannelImporter.java │ │ │ │ ├── PMDChannelImporter.java │ │ │ │ ├── QualysWebImporter.java │ │ │ │ ├── SCARFChannelImporter.java │ │ │ │ ├── SSVLChannelImporter.java │ │ │ │ ├── SkipfishChannelImporter.java │ │ │ │ ├── VeracodeWebImporter.java │ │ │ │ ├── W3afChannelImporter.java │ │ │ │ ├── WebInspectChannelImporter.java │ │ │ │ ├── ZaproxyChannelImporter.java │ │ │ │ └── fortify │ │ │ │ ├── DataFlowElementMap.java │ │ │ │ ├── DataFlowElementParser.java │ │ │ │ ├── FilterKey.java │ │ │ │ ├── FilterResult.java │ │ │ │ ├── FilterTemplateXmlParser.java │ │ │ │ ├── FortifyAuditXmlParser.java │ │ │ │ ├── FortifyChannelImporter.java │ │ │ │ ├── FortifyFilter.java │ │ │ │ ├── FortifyFilterSet.java │ │ │ │ ├── FortifyUtils.java │ │ │ │ ├── ParameterParser.java │ │ │ │ ├── RegexMaps.java │ │ │ │ ├── Threshold.java │ │ │ │ └── VulnKey.java │ │ ├── interop │ │ │ ├── ChannelImporter.java │ │ │ ├── ChannelImporterFactory.java │ │ │ ├── DaoHolder.java │ │ │ ├── RemoteProviderFactory.java │ │ │ ├── ScanTypeCalculationService.java │ │ │ └── ScannerMappingsUpdaterService.java │ │ ├── loader │ │ │ ├── AnnotationKeyGenerator.java │ │ │ ├── AnnotationLoader.java │ │ │ ├── ImplementationLoader.java │ │ │ └── ScanTypeCalculationServiceImpl.java │ │ ├── update │ │ │ ├── ScannerMappingsUpdaterServiceImpl.java │ │ │ ├── Updater.java │ │ │ ├── UpdaterConstants.java │ │ │ ├── UpdaterHarness.java │ │ │ ├── UpdaterUtils.java │ │ │ └── impl │ │ │ │ ├── ChannelVulnerabilityUpdater.java │ │ │ │ ├── DefaultTagUpdater.java │ │ │ │ ├── DefectTrackerUpdater.java │ │ │ │ ├── GenericMappingsUpdater.java │ │ │ │ ├── RemoteProviderUpdater.java │ │ │ │ └── WafsUpdater.java │ │ └── util │ │ │ ├── AnnotationLoaderUtils.java │ │ │ ├── DateUtils.java │ │ │ ├── FilteredXmlInputStream.java │ │ │ ├── HandlerWithBuilder.java │ │ │ ├── IntegerUtils.java │ │ │ ├── JsonUtils.java │ │ │ ├── RegexUtils.java │ │ │ ├── ResourceUtils.java │ │ │ ├── ScanSerializer.java │ │ │ ├── ScanUtils.java │ │ │ ├── ThreadFixBridge.java │ │ │ ├── ThreadFixBridgeImpl.java │ │ │ └── ZipFileUtils.java │ │ └── service │ │ ├── AbstractGenericObjectService.java │ │ ├── AbstractNamedObjectService.java │ │ ├── ChannelVulnerabilityServiceImpl.java │ │ ├── SeverityFilterServiceImpl.java │ │ ├── StatisticsCounterServiceImpl.java │ │ ├── defects │ │ ├── AbstractDefectTracker.java │ │ └── defaults │ │ │ └── AbstractDefaultTagMapper.java │ │ ├── merge │ │ ├── ApplicationMerger.java │ │ ├── ApplicationMergerImpl.java │ │ ├── ChannelMerger.java │ │ ├── EndpointPermissionServiceImpl.java │ │ ├── FindingMatcher.java │ │ ├── PermissionsHandler.java │ │ ├── RemappingService.java │ │ ├── RemappingServiceImpl.java │ │ ├── ScanCleanerUtils.java │ │ ├── ScanMerger.java │ │ ├── ScanMergerImpl.java │ │ ├── ScanStatisticsUpdater.java │ │ ├── VulnerabilityCache.java │ │ └── VulnerabilityParser.java │ │ ├── translator │ │ ├── FindingProcessor.java │ │ ├── FindingProcessorFactory.java │ │ ├── FullSourceFindingProcessor.java │ │ ├── NoSourceFindingProcessor.java │ │ ├── PartialSourceFindingProcessor.java │ │ └── PathGuesser.java │ │ └── waf │ │ ├── BigIPASMGenerator.java │ │ ├── BigIPStrings.java │ │ ├── DenyAllRWebGenerator.java │ │ ├── ImpervaSecureSphereGenerator.java │ │ ├── ModSecurityWafGenerator.java │ │ ├── RealTimeProtectionGenerator.java │ │ ├── RealTimeProtectionGeneratorFactory.java │ │ ├── RiverbedStartAndEndHolder.java │ │ └── SnortGenerator.java │ └── resources │ ├── log4j.xml │ ├── mappings │ ├── defaultTag │ │ └── default-tags.csv │ ├── defect │ │ └── defect-trackers.csv │ ├── generic │ │ ├── cwe2.7.csv │ │ ├── cwe2.8.csv │ │ └── generic-vuln.csv │ ├── remoteprovider │ │ ├── appscanenterprise.csv │ │ ├── contrast.csv │ │ ├── hailstorm.csv │ │ ├── sonatype.csv │ │ └── whitehatsource.csv │ ├── scanner │ │ ├── acunetix.csv │ │ ├── appscan.csv │ │ ├── arachni.csv │ │ ├── brakeman.csv │ │ ├── burp.csv │ │ ├── catnet.csv │ │ ├── cenzic.csv │ │ ├── checkmarx.csv │ │ ├── clang.csv │ │ ├── codeprofiler.csv │ │ ├── contrast.csv │ │ ├── cppcheck.csv │ │ ├── findbugs.csv │ │ ├── fortify.csv │ │ ├── manual.csv │ │ ├── nessus.csv │ │ ├── netsparker.csv │ │ ├── nto.csv │ │ ├── pmd.csv │ │ ├── qualys.csv │ │ ├── scarf.csv │ │ ├── skipfish.csv │ │ ├── ssvl.csv │ │ ├── w3af.csv │ │ ├── webinspect.csv │ │ ├── whitehat.csv │ │ └── zap.csv │ ├── version.txt │ └── waf │ │ ├── mod-security.csv │ │ └── riverbed-waf.csv │ └── ssvl.xsd ├── threadfix-main ├── .checkstyle ├── .gitignore ├── .project ├── .springBeans ├── README.md ├── license.txt ├── pom-selenium.xml ├── pom.xml ├── src │ ├── deb │ │ ├── control │ │ │ ├── config │ │ │ ├── control │ │ │ ├── postinst │ │ │ ├── postrm │ │ │ ├── preinst │ │ │ └── templates │ │ ├── etc │ │ │ └── tomcat7 │ │ │ │ └── Catalina │ │ │ │ └── localhost │ │ │ │ └── threadfix.xml │ │ └── usr │ │ │ └── share │ │ │ └── lintian │ │ │ └── overrides │ │ │ └── threadfix │ ├── main │ │ ├── java │ │ │ ├── ESAPI.properties │ │ │ └── com │ │ │ │ └── denimgroup │ │ │ │ └── threadfix │ │ │ │ ├── service │ │ │ │ ├── APIKeyServiceImpl.java │ │ │ │ ├── AccessControlMapServiceImpl.java │ │ │ │ ├── ApplicationChannelServiceImpl.java │ │ │ │ ├── ApplicationCriticalityServiceImpl.java │ │ │ │ ├── ApplicationServiceImpl.java │ │ │ │ ├── ApplicationVersionServiceImpl.java │ │ │ │ ├── CacheBustServiceImpl.java │ │ │ │ ├── ChannelSeverityServiceImpl.java │ │ │ │ ├── ChannelTypeServiceImpl.java │ │ │ │ ├── ContentTypeServiceImpl.java │ │ │ │ ├── CustomHttpSessionSecurityContextRepository.java │ │ │ │ ├── CustomUserDetailServiceImpl.java │ │ │ │ ├── DefaultConfigServiceImpl.java │ │ │ │ ├── DefaultDefectFieldServiceImpl.java │ │ │ │ ├── DefaultDefectProfileServiceImpl.java │ │ │ │ ├── DefaultTagMappingServiceImpl.java │ │ │ │ ├── DefectDescriptionBuilder.java │ │ │ │ ├── DefectServiceImpl.java │ │ │ │ ├── DefectSubmissionServiceImpl.java │ │ │ │ ├── DefectTrackerServiceImpl.java │ │ │ │ ├── DefectTrackerTypeServiceImpl.java │ │ │ │ ├── DocumentServiceImpl.java │ │ │ │ ├── EmailListServiceImpl.java │ │ │ │ ├── EmailReportServiceImpl.java │ │ │ │ ├── EventBuilder.java │ │ │ │ ├── EventComparator.java │ │ │ │ ├── EventServiceImpl.java │ │ │ │ ├── ExceptionLogServiceImpl.java │ │ │ │ ├── FilterDateServiceImpl.java │ │ │ │ ├── FilterJsonBlobServiceImpl.java │ │ │ │ ├── FindingServiceImpl.java │ │ │ │ ├── GenericSeverityServiceImpl.java │ │ │ │ ├── GenericVulnerabilityServiceImpl.java │ │ │ │ ├── LogParserServiceImpl.java │ │ │ │ ├── ManualFindingServiceImpl.java │ │ │ │ ├── NonceServiceImpl.java │ │ │ │ ├── OrganizationServiceImpl.java │ │ │ │ ├── RemoteProviderApplicationServiceImpl.java │ │ │ │ ├── RemoteProviderTypeServiceImpl.java │ │ │ │ ├── ReportServiceImpl.java │ │ │ │ ├── RequestUrlServiceImpl.java │ │ │ │ ├── RoleServiceImpl.java │ │ │ │ ├── ScanDeleteServiceImpl.java │ │ │ │ ├── ScanMergeServiceImpl.java │ │ │ │ ├── ScanParametersServiceImpl.java │ │ │ │ ├── ScanResultFilterServiceImpl.java │ │ │ │ ├── ScanServiceImpl.java │ │ │ │ ├── ScannerMappingsExportServiceImpl.java │ │ │ │ ├── ScheduledDefectTrackerUpdateServiceImpl.java │ │ │ │ ├── ScheduledEmailReportServiceImpl.java │ │ │ │ ├── ScheduledRemoteProviderImportServiceImpl.java │ │ │ │ ├── SecurityEventServiceImpl.java │ │ │ │ ├── SurveyServiceImpl.java │ │ │ │ ├── TagServiceImpl.java │ │ │ │ ├── ThreadFixPasswordEncoder.java │ │ │ │ ├── UploadScanServiceImpl.java │ │ │ │ ├── UserServiceImpl.java │ │ │ │ ├── VulnerabilityCommentServiceImpl.java │ │ │ │ ├── VulnerabilityFilterServiceImpl.java │ │ │ │ ├── VulnerabilitySearchServiceImpl.java │ │ │ │ ├── WafRuleServiceImpl.java │ │ │ │ ├── WafServiceImpl.java │ │ │ │ ├── bootstrap │ │ │ │ │ ├── ApplicationCriticalityBootstrapper.java │ │ │ │ │ ├── BootstrapServiceImpl.java │ │ │ │ │ ├── DefectTrackerBootstrapper.java │ │ │ │ │ ├── GenericSeverityBootstrapper.java │ │ │ │ │ ├── GenericVulnerabilityBootstrapper.java │ │ │ │ │ ├── RemoteProviderBootstrapper.java │ │ │ │ │ ├── ResourceLineIterable.java │ │ │ │ │ ├── ScannerSeveritiesBootstrapper.java │ │ │ │ │ ├── ScannerSeverityMappingsBootstrapper.java │ │ │ │ │ ├── ScannerTypeBootstrapper.java │ │ │ │ │ ├── ScannerVulnerabilityTypeBootstrapper.java │ │ │ │ │ ├── UserRoleBootstrapper.java │ │ │ │ │ └── WafBootstrapper.java │ │ │ │ ├── defects │ │ │ │ │ ├── BugzillaDefectTracker.java │ │ │ │ │ ├── DefectTrackerFactory.java │ │ │ │ │ ├── HPQualityCenterDefectTracker.java │ │ │ │ │ ├── JiraDefectTracker.java │ │ │ │ │ ├── TFSDefectTracker.java │ │ │ │ │ ├── VersionOneDefectTracker.java │ │ │ │ │ ├── defaults │ │ │ │ │ │ ├── DefaultTagMapperFactory.java │ │ │ │ │ │ └── tags │ │ │ │ │ │ │ ├── GenericNameDefaultTagMapper.java │ │ │ │ │ │ │ └── GenericSeverityDefaultTagMapper.java │ │ │ │ │ └── utils │ │ │ │ │ │ ├── MarshallingUtils.java │ │ │ │ │ │ ├── RestUtils.java │ │ │ │ │ │ ├── RestUtilsImpl.java │ │ │ │ │ │ ├── bugzilla │ │ │ │ │ │ ├── BugzillaClient.java │ │ │ │ │ │ └── BugzillaClientImpl.java │ │ │ │ │ │ ├── hpqc │ │ │ │ │ │ ├── HPQCUtils.java │ │ │ │ │ │ └── infrastructure │ │ │ │ │ │ │ ├── Base64Encoder.java │ │ │ │ │ │ │ ├── Domains.java │ │ │ │ │ │ │ ├── Entities.java │ │ │ │ │ │ │ ├── Entity.java │ │ │ │ │ │ │ ├── EntityDescriptor.java │ │ │ │ │ │ │ ├── Fields.java │ │ │ │ │ │ │ ├── Lists.java │ │ │ │ │ │ │ ├── QCRestException.java │ │ │ │ │ │ │ ├── Response.java │ │ │ │ │ │ │ ├── RestConnector.java │ │ │ │ │ │ │ └── Users.java │ │ │ │ │ │ ├── jira │ │ │ │ │ │ ├── DefectPayload.java │ │ │ │ │ │ ├── DynamicFormFieldParser.java │ │ │ │ │ │ ├── JiraCustomFieldsConstants.java │ │ │ │ │ │ ├── JiraJsonMetadataResponse.java │ │ │ │ │ │ └── UserRetriever.java │ │ │ │ │ │ ├── tfs │ │ │ │ │ │ ├── DynamicFormFieldParser.java │ │ │ │ │ │ ├── TFSClient.java │ │ │ │ │ │ └── TFSClientImpl.java │ │ │ │ │ │ └── versionone │ │ │ │ │ │ ├── Assets.java │ │ │ │ │ │ ├── AttributeDefinition.java │ │ │ │ │ │ ├── AttributeDefinitionParser.java │ │ │ │ │ │ └── Error.java │ │ │ │ ├── email │ │ │ │ │ ├── EmailServicesSetup.java │ │ │ │ │ ├── StructuredGlobbingResourceLoader.java │ │ │ │ │ └── TemplateBuilderServiceImpl.java │ │ │ │ ├── enterprise │ │ │ │ │ └── EnterpriseTest.java │ │ │ │ ├── eventmodel │ │ │ │ │ ├── aspect │ │ │ │ │ │ ├── ApplicationEventTrackingAspect.java │ │ │ │ │ │ ├── CommentSubmissionAspect.java │ │ │ │ │ │ ├── DefectEventTrackingAspect.java │ │ │ │ │ │ ├── DefectTrackerFormPopulationAspect.java │ │ │ │ │ │ ├── EventTrackingAspect.java │ │ │ │ │ │ ├── PolicyEventTrackingAspect.java │ │ │ │ │ │ ├── ScanUploadEventAspect.java │ │ │ │ │ │ ├── SubmitDefectAspect.java │ │ │ │ │ │ └── VulnerabilityEventTrackingAspect.java │ │ │ │ │ └── event │ │ │ │ │ │ ├── CommentSubmissionEvent.java │ │ │ │ │ │ ├── DefectTrackerProjectMetadataEvent.java │ │ │ │ │ │ ├── EventTrackingEvent.java │ │ │ │ │ │ ├── GenericApplicationEvent.java │ │ │ │ │ │ ├── PreDefectSubmissionEvent.java │ │ │ │ │ │ └── ScanUploadedEvent.java │ │ │ │ ├── queue │ │ │ │ │ ├── JmsExceptionListener.java │ │ │ │ │ ├── QueueConstants.java │ │ │ │ │ ├── QueueErrorHandler.java │ │ │ │ │ ├── QueueListener.java │ │ │ │ │ ├── QueueSenderImpl.java │ │ │ │ │ └── scheduledjob │ │ │ │ │ │ ├── AbstractScheduledJobScheduler.java │ │ │ │ │ │ ├── ScheduledDefectTrackerUpdateJob.java │ │ │ │ │ │ ├── ScheduledDefectTrackerUpdater.java │ │ │ │ │ │ ├── ScheduledEmailReportJob.java │ │ │ │ │ │ ├── ScheduledEmailReportScheduler.java │ │ │ │ │ │ ├── ScheduledGRCToolUpdateJob.java │ │ │ │ │ │ ├── ScheduledGRCToolUpdater.java │ │ │ │ │ │ ├── ScheduledRemoteProviderImportJob.java │ │ │ │ │ │ ├── ScheduledRemoteProviderImporter.java │ │ │ │ │ │ ├── ScheduledScanJob.java │ │ │ │ │ │ └── ScheduledScanScheduler.java │ │ │ │ ├── report │ │ │ │ │ ├── ReportsService.java │ │ │ │ │ └── ReportsServiceImpl.java │ │ │ │ ├── repository │ │ │ │ │ ├── GitServiceImpl.java │ │ │ │ │ ├── RepositoryServiceFactoryImpl.java │ │ │ │ │ ├── RepositoryServiceImpl.java │ │ │ │ │ └── SvnServiceImpl.java │ │ │ │ ├── scannermapping │ │ │ │ │ └── ScannerMappingUpdater.java │ │ │ │ ├── waf │ │ │ │ │ └── RiverbedWebAppFirewallGenerator.java │ │ │ │ └── waflog │ │ │ │ │ ├── ModSecurityLogParser.java │ │ │ │ │ ├── RiverbedWebAppFirewallLogParser.java │ │ │ │ │ ├── SnortLogParser.java │ │ │ │ │ ├── WafLogParser.java │ │ │ │ │ └── WafLogParserFactory.java │ │ │ │ ├── util │ │ │ │ ├── CSVExportProperties.java │ │ │ │ ├── DefectTrackersPropertiesHolder.java │ │ │ │ ├── TFManifestProperties.java │ │ │ │ └── UrlShortener.java │ │ │ │ └── webapp │ │ │ │ ├── config │ │ │ │ ├── CustomLoginSuccessHandler.java │ │ │ │ └── CustomLogoutSuccessHandler.java │ │ │ │ ├── controller │ │ │ │ ├── APIKeyController.java │ │ │ │ ├── AboutController.java │ │ │ │ ├── AbstractVulnFilterController.java │ │ │ │ ├── AddApplicationController.java │ │ │ │ ├── AddDefaultDefectProfileController.java │ │ │ │ ├── AddDefectTrackerController.java │ │ │ │ ├── AddManualFindingController.java │ │ │ │ ├── AddOrganizationController.java │ │ │ │ ├── AddScheduledEmailReportController.java │ │ │ │ ├── AddSurveyController.java │ │ │ │ ├── AddUserController.java │ │ │ │ ├── AddWafController.java │ │ │ │ ├── ApplicationVersionController.java │ │ │ │ ├── ApplicationVulnFilterController.java │ │ │ │ ├── ApplicationsController.java │ │ │ │ ├── ApplicationsIndexController.java │ │ │ │ ├── ChangePasswordController.java │ │ │ │ ├── CustomCweTextController.java │ │ │ │ ├── CustomJacksonObjectMapper.java │ │ │ │ ├── CustomSeverityController.java │ │ │ │ ├── DashboardController.java │ │ │ │ ├── DefaultDefectProfileController.java │ │ │ │ ├── DefectDefaultController.java │ │ │ │ ├── DefectTrackersController.java │ │ │ │ ├── DefectsController.java │ │ │ │ ├── DocumentController.java │ │ │ │ ├── EditApplicationController.java │ │ │ │ ├── EditDefectTrackerController.java │ │ │ │ ├── EditManualFindingController.java │ │ │ │ ├── EditOrganizationController.java │ │ │ │ ├── EditScheduledEmailReportController.java │ │ │ │ ├── EditSurveyController.java │ │ │ │ ├── EditUserController.java │ │ │ │ ├── EditWafController.java │ │ │ │ ├── EmailListController.java │ │ │ │ ├── ErrorLogController.java │ │ │ │ ├── FileUploadBean.java │ │ │ │ ├── FindingsController.java │ │ │ │ ├── GlobalFilterController.java │ │ │ │ ├── JobStatusController.java │ │ │ │ ├── JsonFilterBlobController.java │ │ │ │ ├── LoginRedirectController.java │ │ │ │ ├── NumericDatePropertyEditorSupport.java │ │ │ │ ├── OrganizationsRedirectController.java │ │ │ │ ├── PathController.java │ │ │ │ ├── RemoteProvidersController.java │ │ │ │ ├── ReportCheckResultBean.java │ │ │ │ ├── ReportsController.java │ │ │ │ ├── RestExceptionControllerAdvice.java │ │ │ │ ├── ScanController.java │ │ │ │ ├── ScanHistoryController.java │ │ │ │ ├── ScanRefreshController.java │ │ │ │ ├── ScanResultFilterController.java │ │ │ │ ├── ScannerMappingUpdateController.java │ │ │ │ ├── ScannerMappingsController.java │ │ │ │ ├── ScheduledDefectTrackerUpdateController.java │ │ │ │ ├── ScheduledEmailReportController.java │ │ │ │ ├── ScheduledGRCToolUpdateController.java │ │ │ │ ├── ScheduledRemoteProviderImportController.java │ │ │ │ ├── ScheduledScanController.java │ │ │ │ ├── SecurityEventController.java │ │ │ │ ├── SeverityFilterController.java │ │ │ │ ├── SurveysController.java │ │ │ │ ├── SystemSettingsController.java │ │ │ │ ├── TagsController.java │ │ │ │ ├── TeamDetailPageController.java │ │ │ │ ├── TeamVulnerabilityFilterController.java │ │ │ │ ├── ToolsDownloadController.java │ │ │ │ ├── UploadScanController.java │ │ │ │ ├── UploadWafLogController.java │ │ │ │ ├── UrlMismatchController.java │ │ │ │ ├── UsersController.java │ │ │ │ ├── VulnerabilityDetailController.java │ │ │ │ ├── VulnerabilityGroup.java │ │ │ │ ├── VulnerabilitySearchController.java │ │ │ │ ├── VulnerabilityTabController.java │ │ │ │ ├── WafRuleController.java │ │ │ │ ├── WafsController.java │ │ │ │ └── rest │ │ │ │ │ ├── AddFindingRestController.java │ │ │ │ │ ├── ApplicationRestController.java │ │ │ │ │ ├── CweRestController.java │ │ │ │ │ ├── DefectSubmissionRestController.java │ │ │ │ │ ├── PluginRestController.java │ │ │ │ │ ├── ScansRestController.java │ │ │ │ │ ├── TagRestController.java │ │ │ │ │ ├── TeamRestController.java │ │ │ │ │ ├── UnknownRestController.java │ │ │ │ │ ├── VulnerabilityRestController.java │ │ │ │ │ └── WafRestController.java │ │ │ │ ├── filter │ │ │ │ ├── CacheBustFilter.java │ │ │ │ ├── ClickjackHeaderFilter.java │ │ │ │ ├── CsrfPreventionFilter.java │ │ │ │ ├── EnterpriseFilter.java │ │ │ │ └── SessionTimeoutFilter.java │ │ │ │ ├── listeners │ │ │ │ └── ContextRefreshedListener.java │ │ │ │ ├── tags │ │ │ │ └── JsCacheBusterTag.java │ │ │ │ ├── validator │ │ │ │ ├── Unique.java │ │ │ │ ├── UniqueConstraintValidator.java │ │ │ │ └── UserValidator.java │ │ │ │ └── viewmodels │ │ │ │ ├── Node.java │ │ │ │ ├── PathTree.java │ │ │ │ ├── QuickStartModel.java │ │ │ │ ├── UserModel.java │ │ │ │ └── VulnerabilityCollectionModel.java │ │ ├── resources │ │ │ ├── ApplicationResources.properties │ │ │ ├── ApplicationResources_en_US.properties │ │ │ ├── ValidationMessages.properties │ │ │ ├── applicationContext-hibernate.xml │ │ │ ├── applicationContext-scheduling.xml │ │ │ ├── applicationContext-scheduling.xml.deploy │ │ │ ├── bootstrap │ │ │ │ ├── cwe │ │ │ │ │ └── base.csv │ │ │ │ └── scanners │ │ │ │ │ ├── acunetix.csv │ │ │ │ │ ├── appscan.csv │ │ │ │ │ ├── appscanenterprise.csv │ │ │ │ │ ├── appscansource.csv │ │ │ │ │ ├── arachni.csv │ │ │ │ │ ├── base.csv │ │ │ │ │ ├── brakeman.csv │ │ │ │ │ ├── burp.csv │ │ │ │ │ ├── catnet.csv │ │ │ │ │ ├── cenzic.csv │ │ │ │ │ ├── checkmarx.csv │ │ │ │ │ ├── defect-trackers.csv │ │ │ │ │ ├── dependencycheck.csv │ │ │ │ │ ├── findbugs.csv │ │ │ │ │ ├── fortify.csv │ │ │ │ │ ├── manual.csv │ │ │ │ │ ├── nessus.csv │ │ │ │ │ ├── netsparker.csv │ │ │ │ │ ├── nto.csv │ │ │ │ │ ├── qualysguard.csv │ │ │ │ │ ├── skipfish.csv │ │ │ │ │ ├── veracode.csv │ │ │ │ │ ├── w3af.csv │ │ │ │ │ ├── webinspect.csv │ │ │ │ │ ├── whitehat.csv │ │ │ │ │ └── zap.csv │ │ │ ├── custom.properties │ │ │ ├── custom.properties.debian │ │ │ ├── email.properties │ │ │ ├── import.sql │ │ │ ├── jdbc.properties │ │ │ ├── jdbc.properties.debian │ │ │ ├── jdbc.properties.deploy │ │ │ ├── jdbc.properties.mysql │ │ │ ├── jms.properties │ │ │ ├── jms.properties.debian │ │ │ ├── jndi.properties │ │ │ ├── log4j.xml │ │ │ ├── log4j.xml.deploy │ │ │ ├── quartz.properties │ │ │ ├── ssvl.xsd │ │ │ ├── ssvl_v0.3.xsd │ │ │ ├── tfs-native │ │ │ │ ├── aix │ │ │ │ │ └── ppc │ │ │ │ │ │ ├── libnative_auth.a │ │ │ │ │ │ ├── libnative_console.a │ │ │ │ │ │ ├── libnative_filesystem.a │ │ │ │ │ │ ├── libnative_misc.a │ │ │ │ │ │ └── libnative_synchronization.a │ │ │ │ ├── hpux │ │ │ │ │ ├── PA_RISC │ │ │ │ │ │ ├── libnative_auth.sl │ │ │ │ │ │ ├── libnative_console.sl │ │ │ │ │ │ ├── libnative_filesystem.sl │ │ │ │ │ │ ├── libnative_misc.sl │ │ │ │ │ │ └── libnative_synchronization.sl │ │ │ │ │ └── ia64_32 │ │ │ │ │ │ ├── libnative_auth.so │ │ │ │ │ │ ├── libnative_console.so │ │ │ │ │ │ ├── libnative_filesystem.so │ │ │ │ │ │ ├── libnative_misc.so │ │ │ │ │ │ └── libnative_synchronization.so │ │ │ │ ├── linux │ │ │ │ │ ├── arm │ │ │ │ │ │ ├── libnative_auth.so │ │ │ │ │ │ ├── libnative_console.so │ │ │ │ │ │ ├── libnative_filesystem.so │ │ │ │ │ │ ├── libnative_misc.so │ │ │ │ │ │ └── libnative_synchronization.so │ │ │ │ │ ├── ppc │ │ │ │ │ │ ├── libnative_auth.so │ │ │ │ │ │ ├── libnative_console.so │ │ │ │ │ │ ├── libnative_filesystem.so │ │ │ │ │ │ ├── libnative_misc.so │ │ │ │ │ │ └── libnative_synchronization.so │ │ │ │ │ ├── x86 │ │ │ │ │ │ ├── libnative_auth.so │ │ │ │ │ │ ├── libnative_console.so │ │ │ │ │ │ ├── libnative_filesystem.so │ │ │ │ │ │ ├── libnative_misc.so │ │ │ │ │ │ └── libnative_synchronization.so │ │ │ │ │ └── x86_64 │ │ │ │ │ │ ├── libnative_auth.so │ │ │ │ │ │ ├── libnative_console.so │ │ │ │ │ │ ├── libnative_filesystem.so │ │ │ │ │ │ ├── libnative_misc.so │ │ │ │ │ │ └── libnative_synchronization.so │ │ │ │ ├── macosx │ │ │ │ │ ├── libnative_auth.jnilib │ │ │ │ │ ├── libnative_console.jnilib │ │ │ │ │ ├── libnative_filesystem.jnilib │ │ │ │ │ ├── libnative_keychain.jnilib │ │ │ │ │ ├── libnative_misc.jnilib │ │ │ │ │ └── libnative_synchronization.jnilib │ │ │ │ ├── solaris │ │ │ │ │ ├── sparc │ │ │ │ │ │ ├── libnative_auth.so │ │ │ │ │ │ ├── libnative_console.so │ │ │ │ │ │ ├── libnative_filesystem.so │ │ │ │ │ │ ├── libnative_misc.so │ │ │ │ │ │ └── libnative_synchronization.so │ │ │ │ │ ├── x86 │ │ │ │ │ │ ├── libnative_auth.so │ │ │ │ │ │ ├── libnative_console.so │ │ │ │ │ │ ├── libnative_filesystem.so │ │ │ │ │ │ ├── libnative_misc.so │ │ │ │ │ │ └── libnative_synchronization.so │ │ │ │ │ └── x86_64 │ │ │ │ │ │ ├── libnative_auth.so │ │ │ │ │ │ ├── libnative_console.so │ │ │ │ │ │ ├── libnative_filesystem.so │ │ │ │ │ │ ├── libnative_misc.so │ │ │ │ │ │ └── libnative_synchronization.so │ │ │ │ └── win32 │ │ │ │ │ ├── x86 │ │ │ │ │ ├── native_auth.dll │ │ │ │ │ ├── native_console.dll │ │ │ │ │ ├── native_filesystem.dll │ │ │ │ │ ├── native_messagewindow.dll │ │ │ │ │ ├── native_misc.dll │ │ │ │ │ ├── native_registry.dll │ │ │ │ │ └── native_synchronization.dll │ │ │ │ │ └── x86_64 │ │ │ │ │ ├── native_auth.dll │ │ │ │ │ ├── native_console.dll │ │ │ │ │ ├── native_filesystem.dll │ │ │ │ │ ├── native_messagewindow.dll │ │ │ │ │ ├── native_misc.dll │ │ │ │ │ ├── native_registry.dll │ │ │ │ │ └── native_synchronization.dll │ │ │ └── threadfix-backup.script │ │ └── webapp │ │ │ ├── 403.jsp │ │ │ ├── 404.jsp │ │ │ ├── META-INF │ │ │ └── MANIFEST.MF │ │ │ ├── WEB-INF │ │ │ ├── applicationContext.xml │ │ │ ├── decorators.xml │ │ │ ├── dispatcher-servlet.xml │ │ │ ├── jscachebust.tld │ │ │ ├── security.xml │ │ │ ├── sitemesh.xml │ │ │ ├── urlrewrite.xml │ │ │ ├── views │ │ │ │ ├── 403.jsp │ │ │ │ ├── 404.jsp │ │ │ │ ├── about.jsp │ │ │ │ ├── ajaxFailureHarness.jsp │ │ │ │ ├── ajaxJSONHarness.jsp │ │ │ │ ├── ajaxRedirectHarness.jsp │ │ │ │ ├── ajaxSuccessHarness.jsp │ │ │ │ ├── angular-init.jspf │ │ │ │ ├── appLimit.jsp │ │ │ │ ├── applicationReport.jsp │ │ │ │ ├── applications │ │ │ │ │ ├── defects.jsp │ │ │ │ │ ├── detail.jsp │ │ │ │ │ ├── detailHeader.jsp │ │ │ │ │ ├── docsTable.jsp │ │ │ │ │ ├── forms │ │ │ │ │ │ ├── addDTForm.jsp │ │ │ │ │ │ ├── addScanQueueForm.jsp │ │ │ │ │ │ ├── addScheduledJobFields.jsp │ │ │ │ │ │ ├── addScheduledJobForm.jsp │ │ │ │ │ │ ├── addScheduledScanForm.jsp │ │ │ │ │ │ ├── addWafForm.jsp │ │ │ │ │ │ ├── editApplicationForm.jsp │ │ │ │ │ │ ├── manageVersionsForm.jsp │ │ │ │ │ │ ├── manualFindingForm.jsp │ │ │ │ │ │ ├── newApplicationForm.jsp │ │ │ │ │ │ ├── newVersionForm.jsp │ │ │ │ │ │ ├── uploadDocForm.jsp │ │ │ │ │ │ ├── uploadDocVulnForm.jsp │ │ │ │ │ │ ├── uploadScanForm.jsp │ │ │ │ │ │ ├── viewApplicationForm.jsp │ │ │ │ │ │ ├── vulnCommentForm.jsp │ │ │ │ │ │ └── vulnTaggingForm.jsp │ │ │ │ │ ├── hpqcDefectTable.jsp │ │ │ │ │ ├── modals │ │ │ │ │ │ ├── addScanQueueModal.jsp │ │ │ │ │ │ ├── addScheduledScanModal.jsp │ │ │ │ │ │ ├── managePolicyModal.jsp │ │ │ │ │ │ ├── manualFindingModal.jsp │ │ │ │ │ │ ├── submitGRCControl.jsp │ │ │ │ │ │ ├── uploadDocModal.jsp │ │ │ │ │ │ ├── uploadDocVulnModal.jsp │ │ │ │ │ │ ├── uploadScanModal.jsp │ │ │ │ │ │ └── vulnCommentModal.jsp │ │ │ │ │ ├── tabs │ │ │ │ │ │ ├── actionButtons.jspf │ │ │ │ │ │ ├── closedTab.jsp │ │ │ │ │ │ ├── defaultTableDiv.jspf │ │ │ │ │ │ ├── docsTab.jsp │ │ │ │ │ │ ├── falsePositiveTab.jsp │ │ │ │ │ │ ├── filter.jspf │ │ │ │ │ │ ├── hiddenTab.jsp │ │ │ │ │ │ ├── policyTab.jsp │ │ │ │ │ │ ├── scanQueueTab.jsp │ │ │ │ │ │ ├── scanTab.jsp │ │ │ │ │ │ ├── scheduledScanTab.jsp │ │ │ │ │ │ ├── unmappedFindingsTab.jsp │ │ │ │ │ │ └── vulnTabTree.jsp │ │ │ │ │ ├── vulnComments.jsp │ │ │ │ │ ├── vulnerability.jsp │ │ │ │ │ ├── wafRow.jsp │ │ │ │ │ └── widgets │ │ │ │ │ │ ├── mostVulnerableApps.jsp │ │ │ │ │ │ ├── recentComments.jsp │ │ │ │ │ │ ├── recentUploads.jsp │ │ │ │ │ │ └── vulnerabilityTrending.jsp │ │ │ │ ├── config │ │ │ │ │ ├── defecttrackers │ │ │ │ │ │ ├── detail.jsp │ │ │ │ │ │ ├── index.jsp │ │ │ │ │ │ ├── modals │ │ │ │ │ │ │ ├── createDTModal.jsp │ │ │ │ │ │ │ ├── createDefaultProfileModal.jsp │ │ │ │ │ │ │ ├── editDTModal.jsp │ │ │ │ │ │ │ ├── updateDefaultProfileModal.jsp │ │ │ │ │ │ │ └── updateDefectDefaultModal.jsp │ │ │ │ │ │ ├── tabs │ │ │ │ │ │ │ ├── defectTrackersTab.jsp │ │ │ │ │ │ │ └── scheduledUpdateTab.jsp │ │ │ │ │ │ └── trackersTable.jsp │ │ │ │ │ ├── download │ │ │ │ │ │ └── index.jsp │ │ │ │ │ ├── emailLists │ │ │ │ │ │ ├── createEmailListForm.jsp │ │ │ │ │ │ ├── editEmailListForm.jsp │ │ │ │ │ │ └── index.jsp │ │ │ │ │ ├── keys │ │ │ │ │ │ ├── editForm.jsp │ │ │ │ │ │ ├── index.jsp │ │ │ │ │ │ └── newForm.jsp │ │ │ │ │ ├── logs.jsp │ │ │ │ │ ├── remoteproviders │ │ │ │ │ │ ├── apps.jsp │ │ │ │ │ │ ├── configure.jsp │ │ │ │ │ │ ├── editMapping.jsp │ │ │ │ │ │ ├── editRemoteProviderApplicationName.jsp │ │ │ │ │ │ ├── index.jsp │ │ │ │ │ │ ├── rpAppTable.jsp │ │ │ │ │ │ ├── tabs │ │ │ │ │ │ │ ├── remoteProvidersTab.jsp │ │ │ │ │ │ │ └── scheduledImportTab.jsp │ │ │ │ │ │ └── typesTable.jsp │ │ │ │ │ ├── scanResultFilters │ │ │ │ │ │ ├── editForm.jsp │ │ │ │ │ │ ├── index.jsp │ │ │ │ │ │ └── newForm.jsp │ │ │ │ │ ├── scheduledemailreports │ │ │ │ │ │ ├── index.jsp │ │ │ │ │ │ └── modals │ │ │ │ │ │ │ ├── createScheduledReportModal.jsp │ │ │ │ │ │ │ ├── editScheduledReportModal.jsp │ │ │ │ │ │ │ └── scheduledReportModalBody.jsp │ │ │ │ │ ├── systemSettings.jsp │ │ │ │ │ └── users │ │ │ │ │ │ ├── common │ │ │ │ │ │ ├── userDetails.jspf │ │ │ │ │ │ └── userList.jspf │ │ │ │ │ │ ├── community │ │ │ │ │ │ └── index.jsp │ │ │ │ │ │ ├── form.jsp │ │ │ │ │ │ ├── password.jsp │ │ │ │ │ │ └── permissibleUsers.jsp │ │ │ │ ├── customize │ │ │ │ │ ├── scannerSeverity │ │ │ │ │ │ ├── community.jsp │ │ │ │ │ │ ├── editForm.jsp │ │ │ │ │ │ ├── newForm.jsp │ │ │ │ │ │ └── suppressResults.jspf │ │ │ │ │ ├── scannerVulnTypes │ │ │ │ │ │ └── community.jsp │ │ │ │ │ ├── threadfixSeverity │ │ │ │ │ │ └── community.jsp │ │ │ │ │ └── threadfixVulnTypes │ │ │ │ │ │ ├── community.jsp │ │ │ │ │ │ ├── cweCustomText.jsp │ │ │ │ │ │ ├── cweCustomTextForm.jsp │ │ │ │ │ │ └── cweToSeverity.jsp │ │ │ │ ├── dashboard │ │ │ │ │ └── dashboard.jsp │ │ │ │ ├── dataAccessFailure.jsp │ │ │ │ ├── defectTrackerError.jsp │ │ │ │ ├── defects │ │ │ │ │ ├── addToExistingDefectForm.jsp │ │ │ │ │ ├── defectVulnTable.jsp │ │ │ │ │ ├── index.jsp │ │ │ │ │ └── submitDefectForm.jsp │ │ │ │ ├── errorMessage.jsp │ │ │ │ ├── errorMessage.jspf │ │ │ │ ├── exception.jsp │ │ │ │ ├── filters │ │ │ │ │ ├── channelFilterForm.jsp │ │ │ │ │ ├── channelVulnTable.jsp │ │ │ │ │ ├── form.jsp │ │ │ │ │ ├── index.jsp │ │ │ │ │ ├── severityFilterForm.jsp │ │ │ │ │ └── table.jsp │ │ │ │ ├── mappings │ │ │ │ │ └── channelVulnUpdate.jsp │ │ │ │ ├── modal │ │ │ │ │ └── footer.jspf │ │ │ │ ├── multiScanReport.jsp │ │ │ │ ├── organizations │ │ │ │ │ ├── applicationsTable.jsp │ │ │ │ │ ├── detail.jsp │ │ │ │ │ ├── editTeamForm.jsp │ │ │ │ │ ├── form.jsp │ │ │ │ │ ├── index.jsp │ │ │ │ │ ├── indexTable.jsp │ │ │ │ │ └── newTeamForm.jsp │ │ │ │ ├── reports │ │ │ │ │ ├── comparison.jsp │ │ │ │ │ ├── compliance.jsp │ │ │ │ │ ├── custom.jsp │ │ │ │ │ ├── emptyReport.jspf │ │ │ │ │ ├── filter.jsp │ │ │ │ │ ├── index.jsp │ │ │ │ │ ├── loading.jspf │ │ │ │ │ ├── portfolioReport.jsp │ │ │ │ │ ├── progressByVulnerability.jsp │ │ │ │ │ ├── scannerComparison.jsp │ │ │ │ │ ├── scannerComparisonByVulnerability.jsp │ │ │ │ │ ├── snapshot.jsp │ │ │ │ │ ├── trending.jsp │ │ │ │ │ ├── vulnSummaryModal.jsp │ │ │ │ │ └── vulnerabilityList.jsp │ │ │ │ ├── resourceNotFound.jsp │ │ │ │ ├── scans │ │ │ │ │ ├── confirm.jsp │ │ │ │ │ ├── createMappingModal.jsp │ │ │ │ │ ├── detail.jsp │ │ │ │ │ ├── finding │ │ │ │ │ │ ├── editDescriptionFindingForm.jsp │ │ │ │ │ │ ├── editManualFindingForm.jsp │ │ │ │ │ │ └── editManualFindingModal.jsp │ │ │ │ │ ├── findingDetail.jsp │ │ │ │ │ ├── findingMerge.jsp │ │ │ │ │ ├── history.jsp │ │ │ │ │ ├── historyTable.jsp │ │ │ │ │ ├── index.jsp │ │ │ │ │ ├── table.jsp │ │ │ │ │ └── unmappedTable.jsp │ │ │ │ ├── scheduledscans │ │ │ │ │ └── configure.jsp │ │ │ │ ├── successMessage.jspf │ │ │ │ ├── surveys │ │ │ │ │ ├── detail.jsp │ │ │ │ │ ├── form.jsp │ │ │ │ │ └── select.jsp │ │ │ │ ├── tags │ │ │ │ │ ├── appTable.jsp │ │ │ │ │ ├── batchTagging.jsp │ │ │ │ │ ├── commentTable.jsp │ │ │ │ │ ├── createTagForm.jsp │ │ │ │ │ ├── detail.jsp │ │ │ │ │ ├── editTagForm.jsp │ │ │ │ │ ├── index.jsp │ │ │ │ │ └── vulnTable.jsp │ │ │ │ ├── urlMismatch.jsp │ │ │ │ ├── vulnerabilities │ │ │ │ │ ├── filterSections.jsp │ │ │ │ │ ├── littleVulnTable.jspf │ │ │ │ │ ├── newDateForm.jsp │ │ │ │ │ ├── savedFilters.jsp │ │ │ │ │ ├── vulnRequestResponseAttacks.jsp │ │ │ │ │ ├── vulnSearchControls.jsp │ │ │ │ │ ├── vulnSearchTree.jsp │ │ │ │ │ ├── vulnTreeGroupHeader.jsp │ │ │ │ │ └── vulnTreeVulnRows.jsp │ │ │ │ └── wafs │ │ │ │ │ ├── detail.jsp │ │ │ │ │ ├── detailRuleList.jsp │ │ │ │ │ ├── events │ │ │ │ │ ├── detail.jsp │ │ │ │ │ └── index.jsp │ │ │ │ │ ├── form.jsp │ │ │ │ │ ├── forms │ │ │ │ │ ├── createWafForm.jsp │ │ │ │ │ └── editWafForm.jsp │ │ │ │ │ ├── index.jsp │ │ │ │ │ ├── rules │ │ │ │ │ └── detail.jsp │ │ │ │ │ ├── upload │ │ │ │ │ ├── form.jsp │ │ │ │ │ └── success.jsp │ │ │ │ │ └── wafsTable.jsp │ │ │ └── web.xml │ │ │ ├── common │ │ │ ├── delete.jsp │ │ │ ├── footer.jsp │ │ │ ├── header.jsp │ │ │ ├── meta.jsp │ │ │ └── taglibs.jsp │ │ │ ├── decorators │ │ │ └── default.jsp │ │ │ ├── error.jsp │ │ │ ├── images │ │ │ ├── 403.jpg │ │ │ ├── 404.jpg │ │ │ ├── DummyPieChart.PNG │ │ │ ├── TF_logo_w_arrow.png │ │ │ ├── TF_logo_w_arrow_strap.png │ │ │ ├── ThreadFix_72.jpg │ │ │ ├── body-bg-bottom.gif │ │ │ ├── body-bg-top.gif │ │ │ ├── breadcrumbs-bg.gif │ │ │ ├── btn-bg-out.png │ │ │ ├── btn-bg-over.png │ │ │ ├── denim-group.png │ │ │ ├── dg_logo_white.png │ │ │ ├── favicon.ico │ │ │ ├── glyphicons-halflings-white.png │ │ │ ├── glyphicons-halflings.png │ │ │ ├── graph1.PNG │ │ │ ├── graph2.PNG │ │ │ ├── hdr-bg-repeat.png │ │ │ ├── hdr-threadfix-logo-super-short.png │ │ │ ├── hdr-threadfix-logo.png │ │ │ ├── icn_bug.png │ │ │ ├── icn_bug_grn_stroke.png │ │ │ ├── icn_bug_red_stroke.png │ │ │ ├── icn_bug_yellow_stroke.png │ │ │ ├── icn_fork_arrow25x25.png │ │ │ ├── loading.gif │ │ │ ├── main-corners.png │ │ │ └── main-top-gradient.png │ │ │ ├── index.jsp │ │ │ ├── login.jsp │ │ │ ├── scripts │ │ │ ├── FileAPI.flash.swf │ │ │ ├── FileAPI.min.js │ │ │ ├── add-defect-tracker-modal-controller.js │ │ │ ├── add-to-existing-defect-controller.js │ │ │ ├── angular-file-upload-shim.min.js │ │ │ ├── angular-file-upload.min.js │ │ │ ├── angular-multi-select.js │ │ │ ├── angular-sanitize.min.js │ │ │ ├── angular.min.js │ │ │ ├── api-keys-controller.js │ │ │ ├── application-detail-page-controller.js │ │ │ ├── application-page-modal-controller.js │ │ │ ├── applications-index-controller.js │ │ │ ├── batch-tagging-controller.js │ │ │ ├── bootstrap.min.js │ │ │ ├── bulk-operations-controller.js │ │ │ ├── community-severity-text-controller.js │ │ │ ├── create-edit-defect-tracker-modal-controller.js │ │ │ ├── custom-cwe-text-controller.js │ │ │ ├── dashboard-controller.js │ │ │ ├── default-value-mapping.js │ │ │ ├── defect-submission-modal-controller.js │ │ │ ├── defect-trackers-tab-controller.js │ │ │ ├── directives.js │ │ │ ├── document-form-controller.js │ │ │ ├── dynamic-forms.js │ │ │ ├── edit-application-modal-controller.js │ │ │ ├── email-lists-page-controller.js │ │ │ ├── error-logs-controller.js │ │ │ ├── filters.js │ │ │ ├── focus-controller.js │ │ │ ├── generic-modal-controller.js │ │ │ ├── init-controller.js │ │ │ ├── inputDropdown.js │ │ │ ├── jspdf.debug.js │ │ │ ├── jspdf.plugin.autotable.js │ │ │ ├── left-report-controller.js │ │ │ ├── login-controller.js │ │ │ ├── login.js │ │ │ ├── login_page.js │ │ │ ├── manage-policy-modal-controller.js │ │ │ ├── manage-versions-controller.js │ │ │ ├── mappings-page-controller.js │ │ │ ├── modal-controller-with-config.js │ │ │ ├── modal-controller.js │ │ │ ├── remote-provider-modal-controller.js │ │ │ ├── remote-provider-modal-mapping-controller.js │ │ │ ├── remote-providers-tab-controller.js │ │ │ ├── report-page-controller.js │ │ │ ├── report │ │ │ │ ├── canvg.js │ │ │ │ ├── compliance-report-controller.js │ │ │ │ ├── d3-donut.js │ │ │ │ ├── d3.js │ │ │ │ ├── directives │ │ │ │ │ ├── d3-dashboards.js │ │ │ │ │ ├── d3-parallel-coordinates.js │ │ │ │ │ ├── d3-point-in-time.js │ │ │ │ │ └── d3-trending-scans.js │ │ │ │ ├── report-filter-controller.js │ │ │ │ ├── report-services.js │ │ │ │ ├── rgbcolor.js │ │ │ │ ├── snapshot-report-controller.js │ │ │ │ ├── trending-report-controller.js │ │ │ │ └── vuln-summary-modal-controller.js │ │ │ ├── right-report-controller.js │ │ │ ├── scan-detail-page-controller.js │ │ │ ├── scan-history-controller.js │ │ │ ├── scan-mapped-finding-table-controller.js │ │ │ ├── scan-result-filters-controller.js │ │ │ ├── scan-table-controller.js │ │ │ ├── scan-unmapped-finding-table-controller.js │ │ │ ├── scheduled-defect-tracker-update-tab-controller.js │ │ │ ├── scheduled-email-reports-controller.js │ │ │ ├── scheduled-remote-provider-import-tab-controller.js │ │ │ ├── services.js │ │ │ ├── system-settings-controller.js │ │ │ ├── tag-detail-page-controller.js │ │ │ ├── tags-page-controller.js │ │ │ ├── team-detail-page-controller.js │ │ │ ├── threadfix-module.js │ │ │ ├── toggle.js │ │ │ ├── ui-bootstrap-tpls-0.10.0.min.js │ │ │ ├── ui-sortable.js │ │ │ ├── update-defect-defaults-modal-controller.js │ │ │ ├── upload-scan-controller.js │ │ │ ├── user-audit-page-controller.js │ │ │ ├── user-modal-controller.js │ │ │ ├── user-page-controller.js │ │ │ ├── vuln-operations-controller.js │ │ │ ├── vuln-search-controller.js │ │ │ ├── vuln-search-tree-controller.js │ │ │ ├── vulnerability-comments-table-controller.js │ │ │ ├── vulnerability-detail-page-controller.js │ │ │ ├── vulnerability-filters-controller.js │ │ │ ├── waf-detail-page-controller.js │ │ │ ├── wafs-page-controller.js │ │ │ └── wrapper-controller.js │ │ │ ├── styles │ │ │ ├── angular-multi-select.css │ │ │ ├── bootstrap.min.css │ │ │ ├── d3.css │ │ │ ├── dyn-form.css │ │ │ ├── ie6.css │ │ │ ├── inputDropdownStyles.css │ │ │ ├── jquery-ui.css │ │ │ ├── jquery.dataTables.css │ │ │ ├── login.css │ │ │ ├── main.css │ │ │ ├── modal.css │ │ │ ├── reset-fonts-grids.css │ │ │ └── system-settings.css │ │ │ └── velocityTemplates │ │ │ ├── defectDescription.vm │ │ │ ├── policyReport.vm │ │ │ └── scheduledEmailReport.vm │ └── test │ │ ├── java │ │ └── com │ │ │ └── denimgroup │ │ │ └── threadfix │ │ │ └── service │ │ │ └── defects │ │ │ ├── BugzillaTests.java │ │ │ ├── HPQualityCenterTests.java │ │ │ ├── JiraTests.java │ │ │ ├── TFSTests.java │ │ │ ├── VersionOneTests.java │ │ │ ├── mock │ │ │ ├── RestUtilsMock.java │ │ │ └── VersionOneRestUtilsMock.java │ │ │ └── util │ │ │ ├── DefectUtils.java │ │ │ ├── HttpTrafficFileLoader.java │ │ │ └── TestConstants.java │ │ └── resources │ │ └── httptraffic │ │ ├── jira │ │ ├── custom-fields.txt │ │ ├── issue-search.txt │ │ ├── issue-status-NCT-38.txt │ │ ├── issue-status-PDP-60.txt │ │ ├── issue-submit.txt │ │ ├── issuemetadata.txt │ │ ├── nct-components.txt │ │ ├── priorities.txt │ │ ├── projects.txt │ │ ├── user-search.txt │ │ └── users.txt │ │ └── versionone │ │ └── response.txt ├── threadfix.log └── util │ ├── demo-site │ ├── DirectoryIndexing │ │ └── admin.txt │ ├── EvalInjection.php │ ├── EvalInjection2.php │ ├── FormatString.php │ ├── FormatString2.php │ ├── LDAPInjection.php │ ├── LDAPInjection2.php │ ├── OSCommandInjection.php │ ├── OSCommandInjection2.php │ ├── PathTraversal.php │ ├── PredictableResource.php │ ├── SQLI.php │ ├── SQLI2.php │ ├── XPathInjection.php │ ├── XPathInjection2.php │ ├── XSS-cookie.php │ ├── XSS-reflected.php │ ├── XSS-reflected2.php │ ├── XSS.php │ ├── import.sql │ ├── index.html │ ├── password.txt │ ├── users.xml │ └── web.config │ ├── deploy │ └── fabfile.py │ ├── readme.txt │ └── zip │ ├── ADD_ACTIVE_DIRECTORY_SUPPORT.txt │ ├── threadfix.bat │ └── threadfix.sh ├── threadfix-offline ├── pom.xml └── src │ └── main │ └── java │ └── com │ └── denimgroup │ └── threadfix │ ├── importer │ └── util │ │ ├── ScanParser.java │ │ └── SpringConfiguration.java │ └── service │ └── merge │ └── Merger.java ├── threadfix-plugin-examples ├── default-tag │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── com │ │ │ └── denimgroup │ │ │ └── threadfix │ │ │ ├── importer │ │ │ └── update │ │ │ │ └── impl │ │ │ │ └── SampleDefaultTagUpdater.java │ │ │ └── plugin │ │ │ └── SampleDefaultTagMapper.java │ │ └── resources │ │ └── custom │ │ └── example.csv ├── defect-tracker │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── com │ │ │ └── denimgroup │ │ │ └── threadfix │ │ │ ├── importer │ │ │ └── update │ │ │ │ └── impl │ │ │ │ └── SampleTrackerUpdater.java │ │ │ └── plugin │ │ │ └── SampleTracker.java │ │ └── resources │ │ └── custom │ │ └── example.csv ├── importer │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── com │ │ │ └── denimgroup │ │ │ └── threadfix │ │ │ └── importer │ │ │ ├── impl │ │ │ └── upload │ │ │ │ └── SampleImporter.java │ │ │ └── update │ │ │ └── impl │ │ │ └── SampleImporterUpdater.java │ │ └── resources │ │ └── custom │ │ └── sample.csv ├── remote-provider │ ├── pom.xml │ └── src │ │ └── main │ │ ├── java │ │ └── com │ │ │ └── denimgroup │ │ │ └── threadfix │ │ │ └── importer │ │ │ ├── impl │ │ │ └── remoteprovider │ │ │ │ └── SampleRemoteProvider.java │ │ │ └── update │ │ │ └── impl │ │ │ ├── SampleRemoteProviderMappingsUpdater.java │ │ │ └── SampleRemoteProviderUpdater.java │ │ └── resources │ │ └── custom │ │ ├── mappings │ │ └── mappings.csv │ │ └── remoteProvider │ │ └── provider.csv └── waf │ ├── pom.xml │ └── src │ └── main │ ├── java │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ ├── importer │ │ └── update │ │ │ └── impl │ │ │ └── SampleImporterUpdater.java │ │ └── service │ │ └── waf │ │ └── SampleWAF.java │ └── resources │ └── custom │ └── sample.csv ├── threadfix-scanner-plugin ├── burp │ ├── .project │ ├── README │ ├── pom.xml │ └── src │ │ └── main │ │ └── java │ │ └── burp │ │ ├── BurpExtender.java │ │ ├── IBurpExtender.java │ │ ├── IBurpExtenderCallbacks.java │ │ ├── IContextMenuFactory.java │ │ ├── IContextMenuInvocation.java │ │ ├── ICookie.java │ │ ├── IExtensionHelpers.java │ │ ├── IExtensionStateListener.java │ │ ├── IHttpListener.java │ │ ├── IHttpRequestResponse.java │ │ ├── IHttpRequestResponsePersisted.java │ │ ├── IHttpRequestResponseWithMarkers.java │ │ ├── IHttpService.java │ │ ├── IInterceptedProxyMessage.java │ │ ├── IIntruderAttack.java │ │ ├── IIntruderPayloadGenerator.java │ │ ├── IIntruderPayloadGeneratorFactory.java │ │ ├── IIntruderPayloadProcessor.java │ │ ├── IMenuItemHandler.java │ │ ├── IMessageEditor.java │ │ ├── IMessageEditorController.java │ │ ├── IMessageEditorTab.java │ │ ├── IMessageEditorTabFactory.java │ │ ├── IParameter.java │ │ ├── IProxyListener.java │ │ ├── IRequestInfo.java │ │ ├── IResponseInfo.java │ │ ├── IScanIssue.java │ │ ├── IScanQueueItem.java │ │ ├── IScannerCheck.java │ │ ├── IScannerInsertionPoint.java │ │ ├── IScannerInsertionPointProvider.java │ │ ├── IScannerListener.java │ │ ├── IScopeChangeListener.java │ │ ├── ISessionHandlingAction.java │ │ ├── ITab.java │ │ ├── ITempFile.java │ │ ├── ITextEditor.java │ │ ├── custombutton │ │ ├── EndpointsButton.java │ │ ├── ExportButton.java │ │ ├── LocalEndpointsButton.java │ │ └── RemoteEndpointsButton.java │ │ ├── dialog │ │ ├── ApplicationDialog.java │ │ ├── ConfigurationDialogs.java │ │ ├── ParametersDialog.java │ │ ├── SourceDialog.java │ │ └── UrlDialog.java │ │ └── extention │ │ ├── BurpPropertiesManager.java │ │ └── RestUtils.java └── zaproxy │ ├── .gitignore │ ├── .project │ ├── README │ ├── assembly │ └── zap.xml │ ├── lib │ └── com │ │ └── owasp │ │ └── zap │ │ ├── java-getopt │ │ └── 1.0.13 │ │ │ └── java-getopt-1.0.13.jar │ │ ├── jgoodies-looks │ │ └── 2.4.0 │ │ │ └── jgoodies-looks-2.4.0.jar │ │ ├── lablib-checkboxtree │ │ └── 3.2 │ │ │ └── lablib-checkboxtree-3.2.jar │ │ ├── xom │ │ └── 1.2.6 │ │ │ └── xom-1.2.6.jar │ │ ├── zap │ │ └── 2.2.2 │ │ │ └── zap-2.2.2.jar │ │ └── zaphelp │ │ └── 2.2.2 │ │ └── zaphelp-2.2.2.jar │ ├── pom.xml │ └── src │ ├── com │ └── denimgroup │ │ └── threadfix │ │ └── plugin │ │ └── zap │ │ ├── ThreadFixApi.java │ │ ├── action │ │ ├── AttackThread.java │ │ ├── EndpointsAction.java │ │ ├── ImportAction.java │ │ ├── LocalEndpointsAction.java │ │ ├── RemoteEndpointsAction.java │ │ └── ReportGenerator.java │ │ └── dialog │ │ ├── ApplicationDialog.java │ │ ├── ConfigurationDialogs.java │ │ ├── ParametersDialog.java │ │ ├── SourceDialog.java │ │ └── UrlDialog.java │ └── org │ └── zaproxy │ └── zap │ └── extension │ └── threadfix │ ├── AbstractZapPropertiesManager.java │ ├── Messages.properties │ ├── Messages_en_GB.properties │ ├── ThreadFixExtension.java │ ├── ZapAddOn.xml │ ├── ZapApiPropertiesManager.java │ ├── ZapPropertiesManager.java │ └── dg-icon.png ├── threadfix-service-interfaces ├── pom.xml └── src │ └── main │ └── java │ └── com │ ├── denimgroup │ └── threadfix │ │ ├── service │ │ ├── APIKeyService.java │ │ ├── AccessControlMapService.java │ │ ├── ApplicationChannelService.java │ │ ├── ApplicationCriticalityService.java │ │ ├── ApplicationService.java │ │ ├── ApplicationVersionService.java │ │ ├── BootstrapService.java │ │ ├── CacheBustService.java │ │ ├── ChannelSeverityService.java │ │ ├── ChannelTypeService.java │ │ ├── ChannelVulnerabilityFilterService.java │ │ ├── ChannelVulnerabilityService.java │ │ ├── CheckAPIKeyService.java │ │ ├── ContentTypeService.java │ │ ├── DefaultConfigService.java │ │ ├── DefaultDefectFieldService.java │ │ ├── DefaultDefectProfileService.java │ │ ├── DefaultTagMappingService.java │ │ ├── DefectService.java │ │ ├── DefectTrackerService.java │ │ ├── DefectTrackerTypeService.java │ │ ├── DocumentService.java │ │ ├── EmailListService.java │ │ ├── EmailReportService.java │ │ ├── EndpointPermissionService.java │ │ ├── EnterpriseTagService.java │ │ ├── EventService.java │ │ ├── ExceptionLogService.java │ │ ├── FilterDateService.java │ │ ├── FilterJsonBlobService.java │ │ ├── FindingService.java │ │ ├── GRC.java │ │ ├── GRCApplicationService.java │ │ ├── GRCClientService.java │ │ ├── GRCControlService.java │ │ ├── GRCToolService.java │ │ ├── GenericNamedObjectService.java │ │ ├── GenericObjectService.java │ │ ├── GenericSeverityService.java │ │ ├── GenericVulnerabilityService.java │ │ ├── GroupService.java │ │ ├── JobStatusService.java │ │ ├── LdapAuthenticator.java │ │ ├── LdapAuthenticatorService.java │ │ ├── LdapService.java │ │ ├── LicenseService.java │ │ ├── LogParserService.java │ │ ├── ManualFindingService.java │ │ ├── NonceService.java │ │ ├── OrganizationService.java │ │ ├── PermissionService.java │ │ ├── PolicyService.java │ │ ├── PolicyStatusService.java │ │ ├── ProxyService.java │ │ ├── RemoteProviderApplicationService.java │ │ ├── RemoteProviderTypeService.java │ │ ├── ReportService.java │ │ ├── RepositoryService.java │ │ ├── RequestUrlService.java │ │ ├── RoleService.java │ │ ├── ScanDeleteService.java │ │ ├── ScanMergeService.java │ │ ├── ScanParametersService.java │ │ ├── ScanQueueService.java │ │ ├── ScanQueueTaskConfigException.java │ │ ├── ScanResultFilterService.java │ │ ├── ScanService.java │ │ ├── ScannerMappingsExportService.java │ │ ├── ScheduledDefectTrackerUpdateService.java │ │ ├── ScheduledEmailReportService.java │ │ ├── ScheduledGRCToolUpdateService.java │ │ ├── ScheduledJobService.java │ │ ├── ScheduledJobServiceImpl.java │ │ ├── ScheduledRemoteProviderImportService.java │ │ ├── ScheduledScanService.java │ │ ├── SecurityContextHolder.java │ │ ├── SecurityEventService.java │ │ ├── ServiceNowClient.java │ │ ├── SessionService.java │ │ ├── SeverityFilterService.java │ │ ├── StatisticsCounterService.java │ │ ├── SurveyService.java │ │ ├── TagService.java │ │ ├── TemplateBuilderService.java │ │ ├── ThreadFixActiveDirectoryAuthenticationException.java │ │ ├── ThreadFixUserDetails.java │ │ ├── UploadScanService.java │ │ ├── UserService.java │ │ ├── VulnerabilityCommentService.java │ │ ├── VulnerabilityFilterService.java │ │ ├── VulnerabilitySearchService.java │ │ ├── VulnerabilityService.java │ │ ├── VulnerabilityStatusService.java │ │ ├── WafRuleService.java │ │ ├── WafService.java │ │ ├── beans │ │ │ ├── AccessControlMapModel.java │ │ │ ├── DefectTrackerBean.java │ │ │ ├── ScanParametersBean.java │ │ │ └── TableSortBean.java │ │ ├── email │ │ │ ├── EmailConfiguration.java │ │ │ └── EmailFilterService.java │ │ ├── impl │ │ │ ├── JobStatusServiceImpl.java │ │ │ ├── VulnerabilityServiceImpl.java │ │ │ └── VulnerabilityStatusServiceImpl.java │ │ ├── login │ │ │ └── CustomUserDetailService.java │ │ ├── queue │ │ │ └── QueueSender.java │ │ ├── repository │ │ │ └── RepositoryServiceFactory.java │ │ └── util │ │ │ ├── ControllerUtils.java │ │ │ └── PermissionUtils.java │ │ └── webapp │ │ ├── config │ │ └── FormRestResponse.java │ │ ├── controller │ │ └── rest │ │ │ ├── RestMethod.java │ │ │ └── TFRestController.java │ │ ├── utils │ │ ├── MessageConstants.java │ │ └── ResourceNotFoundException.java │ │ └── validator │ │ └── BeanValidator.java │ └── servicenow │ ├── grccontrol │ ├── GetRecordsControls.java │ ├── GetRecordsControlsResponse.java │ ├── GetRecordsControlsResult.java │ ├── ObjectFactory.java │ └── jaxb.index │ ├── grccontrolservice │ ├── ObjectFactory.java │ ├── SubmitControl.java │ ├── SubmitControlResponse.java │ ├── jaxb.index │ └── package-info.java │ ├── grcpolicy │ ├── GetRecordsPolicies.java │ ├── GetRecordsPoliciesResponse.java │ ├── GetRecordsPoliciesResult.java │ ├── ObjectFactory.java │ ├── jaxb.index │ └── package-info.java │ └── grcpolicyservice │ ├── ObjectFactory.java │ ├── ObjectFactory.java~HEAD │ ├── SubmitPolicy.java │ ├── SubmitPolicyResponse.java │ ├── jaxb.index │ └── package-info.java ├── threadfix-sonar-plugin ├── pom.xml └── src │ └── main │ ├── java │ └── com │ │ └── denimgroup │ │ └── threadfix │ │ └── sonarplugin │ │ ├── ThreadFixLanguage.java │ │ ├── ThreadFixMetrics.java │ │ ├── ThreadFixPlugin.java │ │ ├── ThreadFixWidget.java │ │ ├── configuration │ │ ├── ConfigurationCheck.java │ │ ├── Mode.java │ │ └── ThreadFixInfo.java │ │ ├── profiles │ │ ├── AbapProfile.java │ │ ├── AbstractTFQualityProfile.java │ │ ├── CProfile.java │ │ ├── CSharpProfile.java │ │ ├── CobolProfile.java │ │ ├── CppProfile.java │ │ ├── CssProfile.java │ │ ├── FlexProfile.java │ │ ├── GroovyProfile.java │ │ ├── JavaProfile.java │ │ ├── JavaScriptProfile.java │ │ ├── ObjcProfile.java │ │ ├── PLSQLProfile.java │ │ ├── PhpProfile.java │ │ ├── PliProfile.java │ │ ├── PythonProfile.java │ │ ├── RpgProfile.java │ │ ├── ThreadFixProfile.java │ │ ├── VbNetProfile.java │ │ ├── VbProfile.java │ │ ├── WebProfile.java │ │ └── XmlProfile.java │ │ ├── rules │ │ └── ThreadFixCWERulesDefinition.java │ │ ├── sensor │ │ └── ThreadFixSensor.java │ │ └── util │ │ ├── InputStreamLanguageDecorator.java │ │ ├── SonarTools.java │ │ └── ThreadFixTools.java │ └── resources │ ├── META-INF │ └── MANIFEST.MF │ ├── rules.xml │ ├── test.html.erb │ └── threadfix_profile.xml └── threadfix-upgrade ├── hsql-upgrade ├── .gitignore ├── pom.xml ├── resources │ ├── 1_2rc3.sql │ ├── appscan-enterprise.sql │ ├── brakeman.sql │ ├── deleted.sql │ ├── nto6.sql │ ├── rc3-final.sql │ └── update.sql └── src │ └── com │ └── denimgroup │ └── threadfix │ └── update │ └── hsql │ └── HSQLDriver.java └── mysql-upgrade ├── .gitignore ├── pom.xml └── src ├── com └── denimgroup │ └── threadfix │ └── update │ └── mysql │ └── MySQLDriver.java └── resources ├── 1_2rc3.sql ├── appscan-enterprise.sql ├── brakeman.sql ├── deleted.sql ├── fabfile.py ├── nto6.sql ├── rc3-final.sql └── update.sql /.gitignore: -------------------------------------------------------------------------------- 1 | target 2 | threadfix-cli.log* 3 | threadfix-cli.log 4 | threadfix-ide-plugin/intellij/intellij.zip 5 | database 6 | threadfix-main/src/main/resources/threadfix.license 7 | 8 | threadfix-scanagent/threadfix.log 9 | bin 10 | *.DS_Store 11 | *dependency-reduced-pom.xml 12 | *.iml 13 | 14 | .classpath 15 | .settings 16 | .idea/ 17 | *.DS_Store 18 | threadfix-enterprise 19 | threadfix-scanagent 20 | Build 21 | netrc 22 | scanagent.properties 23 | sonar-project.properties 24 | 25 | -------------------------------------------------------------------------------- /.sonarcloud.properties: -------------------------------------------------------------------------------- 1 | # Path to sources 2 | #sonar.sources=. 3 | #sonar.exclusions= 4 | #sonar.inclusions= 5 | 6 | # Path to tests 7 | #sonar.tests= 8 | #sonar.test.exclusions= 9 | #sonar.test.inclusions= 10 | 11 | # Source encoding 12 | #sonar.sourceEncoding=UTF-8 13 | 14 | # Exclusions for copy-paste detection 15 | #sonar.cpd.exclusions= 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![](https://github.com/denimgroup/threadfix/blob/master/Wiki%20Banner.png)](https://www.threadfix.it/threadfix-community-campaign/) 2 | -------------------------------------------------------------------------------- /Wiki Banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/Wiki Banner.png -------------------------------------------------------------------------------- /archived/create-scanner-jar.sh: -------------------------------------------------------------------------------- 1 | cd threadfix-main/target/classes 2 | jar cvf scanners.jar com/denimgroup/threadfix/plugin/scanner/service/** mappings/ 3 | cd ../../ 4 | cp target/classes/scanners.jar src/main/resources 5 | cd .. 6 | -------------------------------------------------------------------------------- /archived/docs/wiki/img/Wiki Banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/Wiki Banner.png -------------------------------------------------------------------------------- /archived/docs/wiki/img/axway_logo_650x260.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/axway_logo_650x260.png -------------------------------------------------------------------------------- /archived/docs/wiki/img/burp-plugin1.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/burp-plugin1.JPG -------------------------------------------------------------------------------- /archived/docs/wiki/img/burp-plugin2.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/burp-plugin2.JPG -------------------------------------------------------------------------------- /archived/docs/wiki/img/burp-plugin3.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/burp-plugin3.JPG -------------------------------------------------------------------------------- /archived/docs/wiki/img/burp-plugin4.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/burp-plugin4.JPG -------------------------------------------------------------------------------- /archived/docs/wiki/img/burp-plugin5.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/burp-plugin5.JPG -------------------------------------------------------------------------------- /archived/docs/wiki/img/burp-plugin6.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/burp-plugin6.JPG -------------------------------------------------------------------------------- /archived/docs/wiki/img/burp-plugin7.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/burp-plugin7.JPG -------------------------------------------------------------------------------- /archived/docs/wiki/img/burp-plugin8.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/burp-plugin8.JPG -------------------------------------------------------------------------------- /archived/docs/wiki/img/burp-plugin9.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/burp-plugin9.JPG -------------------------------------------------------------------------------- /archived/docs/wiki/img/rax_logo_650x260.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/docs/wiki/img/rax_logo_650x260.png -------------------------------------------------------------------------------- /archived/lib/org/jetbrains/annotations/annotations/13/annotations-13.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/lib/org/jetbrains/annotations/annotations/13/annotations-13.jar -------------------------------------------------------------------------------- /archived/report-plugin/src/main/resources/META-INF/resources/WEB-INF/views/applications/widgets/reportPlugin.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | 13 | 14 | 15 |
16 | 17 |

{{ heading }}

18 |
19 |
20 | {{ body }} 21 |
22 |
23 | 24 |
-------------------------------------------------------------------------------- /archived/report-plugin/src/main/resources/META-INF/resources/scripts/report-plugin.js: -------------------------------------------------------------------------------- 1 | var threadfixModule = angular.module('threadfix'); 2 | 3 | threadfixModule.controller('ReportPluginController', function($scope, $http, $modal, $rootScope, $log, tfEncoder) { 4 | 5 | $scope.$on('rootScopeInitialized', function() { 6 | $scope.heading = 'Test Plugin Name'; 7 | $scope.body = 'Report Plugin Module goes here'; 8 | }); 9 | 10 | }); -------------------------------------------------------------------------------- /archived/report-plugin/src/main/resources/META-INF/web-fragment.xml: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | pluginShortName 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /archived/ssvl-converter/src/main/java/com/denimgroup/threadfix/csv2ssl/util/Defaults.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.csv2ssl.util; 2 | 3 | /** 4 | * Created by mcollins on 12/10/2014. 5 | */ 6 | public class Defaults { 7 | 8 | public static boolean ALLOW_FILE_HEADERS = "true".equals(Strings.ALLOW_FILE_HEADERS); 9 | } 10 | -------------------------------------------------------------------------------- /archived/ssvl-converter/src/main/resources/constants.properties: -------------------------------------------------------------------------------- 1 | # These are the field titles. You can rename these as you wish, 2 | # just be sure to keep any format files or strings consistent 3 | 4 | fields.severity=Severity 5 | fields.cwe=CWE 6 | fields.source=Source 7 | fields.url=url 8 | fields.parameter=parameter 9 | fields.nativeId=NativeID 10 | fields.longDescription=LongDescription 11 | fields.shortDescription=ShortDescription 12 | fields.findingDate=Date 13 | fields.sourceFileName=SourceFileName 14 | fields.lineNumber=LineNumber 15 | fields.columnNumber=ColumnNumber 16 | fields.lineText=LineText 17 | fields.issueID=IssueID 18 | fields.ignore= 19 | 20 | # These are the argument modifiers. 21 | 22 | arguments.formatFile=-formatFile= 23 | arguments.format=-format= 24 | arguments.targetFile=-file= 25 | arguments.outputFile=-outputFile= 26 | arguments.configFile=-configFile= 27 | 28 | # Uncomment below and edit to give a default header configuration 29 | #defaults.headers=Valid,Headers,List 30 | 31 | defaults.cwe=16 32 | defaults.allowFileHeaders=true 33 | 34 | formats.date=dd/MM/yyyy 35 | -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/Book.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/ssvl-converter/src/test/resources/Book.xlsx -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/basic.csv: -------------------------------------------------------------------------------- 1 | 89,/login.jsp,parameter,This is a long description,NativeId,AppScan -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/customDateConfig.properties: -------------------------------------------------------------------------------- 1 | #Saving contents. 2 | #Fri Jan 23 11:10:53 CST 2015 3 | useStandardOut=true 4 | shouldSkipFirstLine=true 5 | outputFile= 6 | headers=NativeID,CWE,ShortDescription,SourceFileName,LineNumber,Source,Severity,LongDescription,IssueID,parameter,Date 7 | dateFormat=dd-MMM-yy -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/data.csv: -------------------------------------------------------------------------------- 1 | VULN-468,79,Open,scanned,Whitehat,3/25/14,,uniqueid,,WebAdmin,Critical,,,KSO,Some Name,,,,,JIRA,62610,,2/21/15,,,,,,10/10/14,,451210,12.1 Mini Release,3/11 - remove -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/dataflow.csv: -------------------------------------------------------------------------------- 1 | CWE,LongDescription,NativeID,Source,LineNumber,ColumnNumber,LineText,SourceFileName 2 | 89,This is a long description,NativeId,AppScan,1,3,This is the line text,SourceFile.java -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/date.csv: -------------------------------------------------------------------------------- 1 | 89,/login.jsp,parameter,This is a long description,NativeId,AppScan -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/emptycolumn.csv: -------------------------------------------------------------------------------- 1 | 89,/login.jsp,parameter,This is a long description,,NativeId,AppScan -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/filename.csv: -------------------------------------------------------------------------------- 1 | 89,/login.jsp,parameter,This is a long description,NativeId,AppScan,testfile.jsp -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/fromJunit.properties: -------------------------------------------------------------------------------- 1 | #Saving contents. 2 | #Mon Jan 26 12:50:15 CST 2015 3 | url=Location 4 | ShortDescription=Text 5 | headers=VulnType,Location,Injection Point,Text,ID,Scanner 6 | LongDescription=LongDescription 7 | CWE=VulnType 8 | Source=Scanner 9 | useStandardOut=true 10 | outputFile= 11 | Severity=Severity 12 | NativeID=ID 13 | parameter=Injection Point 14 | shouldSkipFirstLine=true 15 | IssueID=IssueID 16 | -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/out.ssvl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/ssvl-converter/src/test/resources/out.ssvl -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/sampleConfig.properties: -------------------------------------------------------------------------------- 1 | #Saving contents. 2 | #Fri Jan 23 11:10:53 CST 2015 3 | useStandardOut=true 4 | shouldSkipFirstLine=true 5 | outputFile= 6 | headers=CWE,url,Parameter,LongDescription,NativeID,Source 7 | -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/sept.csv: -------------------------------------------------------------------------------- 1 | NativeID,CWE,ShortDescription,SourceFileName,LineNumber,Source,Severity,LongDescription,IssueID,parameter,Date 2 | testapp.1,117,Improper Output Neutralization for Logs,LoggerFilter.java,138,Manual Code Review,Medium,,,,24-Sept-14 3 | testapp.2,117,Improper Output Neutralization for Logs,LoggerFilter.java,161,Manual Code Review,Medium,,,,24-Sept-14 4 | testapp.3,117,Improper Output Neutralization for Logs,LoggerFilter.java,175,Manual Code Review,Medium,,,,24-Sept-14 5 | testapp.4,117,Improper Output Neutralization for Logs,LoggerFilter.java,176,Manual Code Review,Medium,,,,24-Sept-14 -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/windows-line-endings.csv: -------------------------------------------------------------------------------- 1 | NativeID,CWE,ShortDescription,SourceFileName,LineNumber,Source,Severity,LongDescription,IssueID,parameter,Date testapp.1,117,Improper Output Neutralization for Logs,LoggerFilter.java,138,Manual Code Review,Medium,,,,24-Sep-14 testapp.2,117,Improper Output Neutralization for Logs,LoggerFilter.java,161,Manual Code Review,Medium,,,,24-Sep-14 testapp.3,117,Improper Output Neutralization for Logs,LoggerFilter.java,175,Manual Code Review,Medium,,,,24-Sep-14 testapp.4,117,Improper Output Neutralization for Logs,LoggerFilter.java,176,Manual Code Review,Medium,,,,24-Sep-14 -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/withDifferentHeaderLine.csv: -------------------------------------------------------------------------------- 1 | VulnType,Location,Injection Point,Text,ID,Scanner 2 | 89,/login.jsp,parameter,This is a long description,NativeId,AppScan -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/withDifferentHeaderLine.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/ssvl-converter/src/test/resources/withDifferentHeaderLine.xlsx -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/withHeaderLine.csv: -------------------------------------------------------------------------------- 1 | CWE,url,parameter,LongDescription,NativeID,Source 2 | 89,/login.jsp,parameter,This is a long description,NativeId,AppScan -------------------------------------------------------------------------------- /archived/ssvl-converter/src/test/resources/withIssueId.csv: -------------------------------------------------------------------------------- 1 | 89,/login.jsp,parameter,This is a long description,NativeId,AppScan,TESTID -------------------------------------------------------------------------------- /archived/threadfix-cli-endpoints/.gitignore: -------------------------------------------------------------------------------- 1 | # Java # 2 | 3 | *.class 4 | 5 | # Package Files # 6 | *.jar 7 | *.war 8 | *.ear 9 | 10 | 11 | # Eclipse # 12 | 13 | *.pydevproject 14 | .metadata 15 | .gradle 16 | bin/** 17 | tmp/** 18 | tmp/**/* 19 | *.tmp 20 | *.bak 21 | *.swp 22 | *~.nib 23 | local.properties 24 | .settings/ 25 | .loadpath 26 | 27 | # External tool builders 28 | .externalToolBuilders/ 29 | 30 | # Locally stored "Eclipse launch configurations" 31 | *.launch 32 | 33 | # CDT-specific 34 | .cproject 35 | 36 | # PDT-specific 37 | .buildpath 38 | 39 | # TeXlipse plugin 40 | .texlipse 41 | 42 | 43 | # IntelliJ IDEA # 44 | 45 | *.iml 46 | *.ipr 47 | *.iws 48 | .idea/ 49 | out/ 50 | 51 | /bin 52 | -------------------------------------------------------------------------------- /archived/threadfix-cli-endpoints/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | EndpointCLI 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | org.eclipse.m2e.core.maven2Builder 15 | 16 | 17 | 18 | 19 | 20 | org.eclipse.m2e.core.maven2Nature 21 | org.eclipse.jdt.core.javanature 22 | 23 | 24 | -------------------------------------------------------------------------------- /archived/threadfix-cli-endpoints/README: -------------------------------------------------------------------------------- 1 | Documentation for the ThreadFix Endpoint CLI can be found at 2 | https://github.com/denimgroup/threadfix/wiki/Endpoint-CLI -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/.gitignore: -------------------------------------------------------------------------------- 1 | dependency-reduced-pom.xml 2 | .project 3 | bin/ 4 | logs/ 5 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/main/resources/jdbc.properties: -------------------------------------------------------------------------------- 1 | # database settings, this can be the central location for different DB settings 2 | # that are referenced in /src/main/resources/applicationContext-hibernate.xml. 3 | 4 | #HSQLDB 5 | jdbc.driverClassName=org.hsqldb.jdbcDriver 6 | jdbc.url=jdbc:hsqldb:res:/database/threadfix 7 | jdbc.username=sa 8 | jdbc.password= 9 | hibernate.dialect=org.hibernate.dialect.HSQLDialect 10 | hibernate.hbm2ddl.auto=update 11 | 12 | #MYSQL 13 | #jdbc.driverClassName=com.mysql.jdbc.Driver 14 | #jdbc.url=jdbc:mysql://localhost:3306/stonemill?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&jdbcCompliantTruncation=false 15 | #jdbc.username=smuser 16 | #jdbc.password=password 17 | #hibernate.dialect=org.hibernate.dialect.MySQL5Dialect 18 | #hibernate.hbm2ddl.auto=update 19 | 20 | hibernate.show_sql=false 21 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/main/resources/offline-context.xml: -------------------------------------------------------------------------------- 1 | 2 | 9 | 10 | 14 | 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/java/com/denimgroup/threadfix/importer/impl/remoteprovider/RemoteProviderScanParser.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.importer.impl.remoteprovider; 2 | 3 | import org.springframework.transaction.annotation.Transactional; 4 | 5 | /** 6 | * Created by mcollins on 1/5/15. 7 | */ 8 | public interface RemoteProviderScanParser { 9 | 10 | @Transactional(readOnly = false) 11 | public void testInner(String nativeName); 12 | 13 | } 14 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/java/com/denimgroup/threadfix/importer/impl/remoteprovider/utils/ScanImporterHarness.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.importer.impl.remoteprovider.utils; 2 | 3 | import com.denimgroup.threadfix.importer.util.SpringConfiguration; 4 | import com.denimgroup.threadfix.importer.impl.remoteprovider.RemoteProviderScanParser; 5 | 6 | /** 7 | * Created by mcollins on 1/5/15. 8 | */ 9 | public class ScanImporterHarness { 10 | 11 | private ScanImporterHarness(){} 12 | 13 | public static void test(Class myClass, String nativeName) { 14 | // @Transactional requires Spring AOP, which requires a Spring Bean. Lots of steps to get DB access 15 | SpringConfiguration.getContext().getBean(myClass).testInner(nativeName); 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/contrast/autherror.json: -------------------------------------------------------------------------------- 1 | {"success":"false", "messages": ["Authentication failed"] } -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/contrast/orgs.json: -------------------------------------------------------------------------------- 1 | { 2 | "organizations": [ 3 | { 4 | "name": "Denim Group", 5 | "shortname": "Denim Group", 6 | "timezone": "America/New_York", 7 | "links": [], 8 | "organization_uuid": "2942df92-eeb7-4691-baae-52a8cf6327ec" 9 | } 10 | ], 11 | "count": 1, 12 | "org_disabled": [] 13 | } -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/fortify/date-audit.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | petclinic 5 | -1 6 | 2015-02-16T12:43:47.259-06:00 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/fortify/empty-audit.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/merging/correctSingleVulnScan.ssvl: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/merging/noVulns.ssvl: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/merging/singlescan.ssvl: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/merging/twoMergingVulns.ssvl: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/qualys/apps-unauthenticated.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | AUTH_CREDENTIALS_NEEDED 4 | 5 | Login and password are required 6 | Make sure to pass 'user' and 'password' as request headers. 7 | 8 | -------------------------------------------------------------------------------- /archived/threadfix-cli-importers/src/test/resources/whitehat/apps.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 63 5 | 6 | 7 | 8 | 63 9 | 10 | 11 | 12 | 63 13 | 14 | 15 | 16 | 63 17 | 18 | 19 | 20 | 63 21 | 22 | 23 | 24 | 4 25 | 26 | -------------------------------------------------------------------------------- /archived/threadfix-cli/.gitignore: -------------------------------------------------------------------------------- 1 | # Java # 2 | 3 | *.class 4 | 5 | # Package Files # 6 | *.jar 7 | *.war 8 | *.ear 9 | 10 | 11 | # Eclipse # 12 | 13 | *.pydevproject 14 | .metadata 15 | .gradle 16 | bin/** 17 | tmp/** 18 | tmp/**/* 19 | *.tmp 20 | *.bak 21 | *.swp 22 | *~.nib 23 | local.properties 24 | .settings/ 25 | .loadpath 26 | 27 | # External tool builders 28 | .externalToolBuilders/ 29 | 30 | # Locally stored "Eclipse launch configurations" 31 | *.launch 32 | 33 | # CDT-specific 34 | .cproject 35 | 36 | # PDT-specific 37 | .buildpath 38 | 39 | # TeXlipse plugin 40 | .texlipse 41 | 42 | 43 | # IntelliJ IDEA # 44 | 45 | *.iml 46 | *.ipr 47 | *.iws 48 | .idea/ 49 | out/ 50 | 51 | 52 | target/ 53 | bin/ 54 | -------------------------------------------------------------------------------- /archived/threadfix-cli/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | threadfix-cli 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.wst.common.project.facet.core.builder 10 | 11 | 12 | 13 | 14 | org.eclipse.jdt.core.javabuilder 15 | 16 | 17 | 18 | 19 | org.eclipse.m2e.core.maven2Builder 20 | 21 | 22 | 23 | 24 | org.eclipse.wst.validation.validationbuilder 25 | 26 | 27 | 28 | 29 | 30 | org.eclipse.jem.workbench.JavaEMFNature 31 | org.eclipse.wst.common.modulecore.ModuleCoreNature 32 | org.eclipse.m2e.core.maven2Nature 33 | org.eclipse.jdt.core.javanature 34 | org.eclipse.wst.common.project.facet.core.nature 35 | 36 | 37 | -------------------------------------------------------------------------------- /archived/threadfix-data-access/src/main/java/com/denimgroup/threadfix/data/dao/DefaultDefectProfileDao.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.data.dao; 2 | 3 | import com.denimgroup.threadfix.data.entities.DefaultDefectProfile; 4 | 5 | public interface DefaultDefectProfileDao extends GenericObjectDao { 6 | 7 | public void deleteById(int defaultDefectProfileId); 8 | public DefaultDefectProfile retrieveDefectProfileByName(String name, Integer defectTrackerId, Integer appId); 9 | 10 | } 11 | -------------------------------------------------------------------------------- /archived/threadfix-data-access/src/main/java/com/denimgroup/threadfix/data/dao/DefaultTagDao.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.data.dao; 2 | 3 | import com.denimgroup.threadfix.data.entities.DefaultTag; 4 | 5 | /** 6 | * Basic DAO class for the DefaultTag entity. 7 | * 8 | */ 9 | public interface DefaultTagDao extends GenericNamedObjectDao {} 10 | -------------------------------------------------------------------------------- /archived/threadfix-data-access/src/main/java/com/denimgroup/threadfix/data/dao/ScanResultFilterDao.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.data.dao; 2 | 3 | import com.denimgroup.threadfix.data.entities.ChannelType; 4 | import com.denimgroup.threadfix.data.entities.GenericSeverity; 5 | import com.denimgroup.threadfix.data.entities.ScanResultFilter; 6 | 7 | import java.util.List; 8 | 9 | public interface ScanResultFilterDao extends GenericObjectDao{ 10 | void delete(ScanResultFilter scanResultFilter); 11 | 12 | List loadFilteredSeveritiesForChannelType(ChannelType channelType); 13 | 14 | List loadAllForChannelType(ChannelType channelType); 15 | 16 | ScanResultFilter loadByChannelTypeAndSeverity(ChannelType channelType, GenericSeverity genericSeverity); 17 | } 18 | -------------------------------------------------------------------------------- /archived/threadfix-data-access/src/main/java/com/denimgroup/threadfix/data/dao/ScheduledEmailReportDao.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.data.dao; 2 | 3 | import com.denimgroup.threadfix.data.entities.ScheduledEmailReport; 4 | 5 | public interface ScheduledEmailReportDao extends ScheduledJobDao {} -------------------------------------------------------------------------------- /archived/threadfix-data-access/src/main/java/com/denimgroup/threadfix/data/dao/hibernate/HibernateDefaultTagDao.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.data.dao.hibernate; 2 | 3 | import org.hibernate.SessionFactory; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.stereotype.Repository; 6 | 7 | import com.denimgroup.threadfix.data.dao.AbstractNamedObjectDao; 8 | import com.denimgroup.threadfix.data.dao.DefaultTagDao; 9 | import com.denimgroup.threadfix.data.entities.DefaultTag; 10 | 11 | /** 12 | * Hibernate Defect DAO implementation. Most basic methods are implemented in 13 | * the AbstractGenericDao 14 | * 15 | * @see AbstractNamedObjectDao 16 | */ 17 | @Repository 18 | public class HibernateDefaultTagDao extends AbstractNamedObjectDao implements DefaultTagDao { 19 | 20 | @Autowired 21 | public HibernateDefaultTagDao(SessionFactory sessionFactory) { 22 | super(sessionFactory); 23 | } 24 | 25 | @Override 26 | protected Class getClassReference() { 27 | return DefaultTag.class; 28 | } 29 | 30 | } 31 | -------------------------------------------------------------------------------- /archived/threadfix-data-access/src/main/java/com/denimgroup/threadfix/data/dao/hibernate/HibernateScheduledEmailReportDao.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.data.dao.hibernate; 2 | 3 | import org.hibernate.SessionFactory; 4 | import org.springframework.beans.factory.annotation.Autowired; 5 | import org.springframework.stereotype.Repository; 6 | 7 | import com.denimgroup.threadfix.data.dao.ScheduledEmailReportDao; 8 | import com.denimgroup.threadfix.data.entities.ScheduledEmailReport; 9 | 10 | @Repository 11 | public class HibernateScheduledEmailReportDao extends HibernateScheduledJobDao implements ScheduledEmailReportDao { 12 | 13 | @Autowired 14 | public HibernateScheduledEmailReportDao(SessionFactory sessionFactory) { 15 | super(sessionFactory); 16 | } 17 | 18 | @Override 19 | protected Class getClassReference() { 20 | return ScheduledEmailReport.class; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /archived/threadfix-data-migration/src/main/resources/jdbc.properties: -------------------------------------------------------------------------------- 1 | # database settings, this can be the central location for different DB settings 2 | # that are referenced in /src/main/resources/applicationContext-hibernate.xml. 3 | 4 | #HSQLDB 5 | #jdbc.driverClassName=org.hsqldb.jdbcDriver 6 | #jdbc.url=jdbc:hsqldb:/var/lib/tomcat6/database/threadfix 7 | #jdbc.username=sa 8 | #jdbc.password= 9 | #hibernate.dialect=org.hibernate.dialect.HSQLDialect 10 | #hibernate.hbm2ddl.auto=update 11 | 12 | #MYSQL 13 | jdbc.driverClassName=com.mysql.jdbc.Driver 14 | jdbc.url=jdbc:mysql://localhost:3306/threadfix?autoReconnect=true&createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=UTF-8&jdbcCompliantTruncation=false 15 | jdbc.username=threadfix 16 | jdbc.password=tfpassword 17 | hibernate.default_schema=threadfix 18 | hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect 19 | hibernate.hbm2ddl.auto=create 20 | 21 | hibernate.show_sql=false 22 | hibernate.format_sql=true 23 | 24 | hibernate.c3p0.min_size=5 25 | hibernate.c3p0.max_size=20 26 | hibernate.c3p0.timeout=1800 27 | hibernate.c3p0.max_statements=50 -------------------------------------------------------------------------------- /archived/threadfix-data-migration/src/main/resources/jdbc.properties.hsql: -------------------------------------------------------------------------------- 1 | # database settings, this can be the central location for different DB settings 2 | # that are referenced in /src/main/resources/applicationContext-hibernate.xml. 3 | 4 | #HSQLDB 5 | jdbc.driverClassName=org.hsqldb.jdbcDriver 6 | jdbc.url=jdbc:hsqldb:res:/database/threadfix 7 | jdbc.username=sa 8 | jdbc.password= 9 | hibernate.dialect=org.hibernate.dialect.HSQLDialect 10 | hibernate.hbm2ddl.auto=update 11 | 12 | #MYSQL 13 | #jdbc.driverClassName=com.mysql.jdbc.Driver 14 | #jdbc.url=jdbc:mysql://localhost:3306/stonemill?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&jdbcCompliantTruncation=false 15 | #jdbc.username=smuser 16 | #jdbc.password=password 17 | #hibernate.dialect=org.hibernate.dialect.MySQL5Dialect 18 | #hibernate.hbm2ddl.auto=update 19 | 20 | hibernate.show_sql=false 21 | -------------------------------------------------------------------------------- /archived/threadfix-entities/src/main/java/com/denimgroup/threadfix/data/entities/ScanResultFilter.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.data.entities; 2 | 3 | import javax.persistence.*; 4 | import javax.validation.constraints.NotNull; 5 | 6 | @Entity 7 | @Table(name = "ScanResultFilter") 8 | public class ScanResultFilter extends AuditableEntity { 9 | 10 | @NotNull 11 | private GenericSeverity genericSeverity; 12 | 13 | @NotNull 14 | private ChannelType channelType; 15 | 16 | @ManyToOne 17 | @JoinColumn(name = "genericSeverityId") 18 | public GenericSeverity getGenericSeverity() { 19 | return genericSeverity; 20 | } 21 | 22 | public void setGenericSeverity(GenericSeverity genericSeverity) { 23 | this.genericSeverity = genericSeverity; 24 | } 25 | 26 | @ManyToOne 27 | @JoinColumn(name = "channelTypeId") 28 | public ChannelType getChannelType() { 29 | return channelType; 30 | } 31 | 32 | public void setChannelType(ChannelType channelType) { 33 | this.channelType = channelType; 34 | } 35 | 36 | @Transient 37 | public String getScannerTypeName(){ 38 | return this.channelType.getName(); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /archived/threadfix-entities/src/main/java/com/denimgroup/threadfix/util/DateUtils.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.util; 2 | 3 | import org.joda.time.DateTime; 4 | import org.joda.time.Days; 5 | 6 | import java.text.SimpleDateFormat; 7 | import java.util.Calendar; 8 | 9 | public class DateUtils { 10 | public static SimpleDateFormat PRINTABLE_FORMAT = new SimpleDateFormat("EEE, d MMMM yyyy"); 11 | 12 | public static int getDaysBetween(Calendar now, Calendar target) { 13 | DateTime nowLocal = new DateTime(now.getTime()); 14 | DateTime targetLocal = new DateTime(target.getTime()); 15 | 16 | return Days.daysBetween(nowLocal.toLocalDate(), targetLocal.toLocalDate()).getDays(); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /archived/threadfix-entities/src/test/java/com/denimgroup/threadfix/IntegrationTests.java: -------------------------------------------------------------------------------- 1 | //////////////////////////////////////////////////////////////////////// 2 | // 3 | // Copyright (c) 2009-2015 Denim Group, Ltd. 4 | // 5 | // The contents of this file are subject to the Mozilla Public License 6 | // Version 2.0 (the "License"); you may not use this file except in 7 | // compliance with the License. You may obtain a copy of the License at 8 | // http://www.mozilla.org/MPL/ 9 | // 10 | // Software distributed under the License is distributed on an "AS IS" 11 | // basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the 12 | // License for the specific language governing rights and limitations 13 | // under the License. 14 | // 15 | // The Original Code is ThreadFix. 16 | // 17 | // The Initial Developer of the Original Code is Denim Group, Ltd. 18 | // Portions created by Denim Group, Ltd. are Copyright (C) 19 | // Denim Group, Ltd. All Rights Reserved. 20 | // 21 | // Contributor(s): Denim Group, Ltd. 22 | // 23 | //////////////////////////////////////////////////////////////////////// 24 | 25 | package com.denimgroup.threadfix; 26 | 27 | public interface IntegrationTests {} 28 | -------------------------------------------------------------------------------- /archived/threadfix-extras/identify_web_apps/webkit2png/README.md: -------------------------------------------------------------------------------- 1 | # webkit2png 2 | 3 | webkit2png is a command line tool that creates screenshots of webpages. For more info see [the project homepage](http://www.paulhammond.org/webkit2png/). -------------------------------------------------------------------------------- /archived/threadfix-ham/.gitignore: -------------------------------------------------------------------------------- 1 | .classpath 2 | .project 3 | .settings/ 4 | logs/ 5 | 6 | # Java # 7 | 8 | *.class 9 | 10 | # Package Files # 11 | *.jar 12 | *.war 13 | *.ear 14 | 15 | 16 | # Eclipse # 17 | 18 | *.pydevproject 19 | .metadata 20 | .gradle 21 | bin/** 22 | tmp/** 23 | tmp/**/* 24 | *.tmp 25 | *.bak 26 | *.swp 27 | *~.nib 28 | local.properties 29 | .settings/ 30 | .loadpath 31 | 32 | # External tool builders 33 | .externalToolBuilders/ 34 | 35 | # Locally stored "Eclipse launch configurations" 36 | *.launch 37 | 38 | # CDT-specific 39 | .cproject 40 | 41 | # PDT-specific 42 | .buildpath 43 | 44 | # TeXlipse plugin 45 | .texlipse 46 | 47 | 48 | # IntelliJ IDEA # 49 | 50 | *.iml 51 | *.ipr 52 | *.iws 53 | .idea/ 54 | out/ 55 | 56 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.dotNet.mvc/ChatController.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Net; 5 | using System.Net.Http; 6 | using System.Web.Http; 7 | using System.Web.Mvc; 8 | 9 | namespace SignalRChat.Controllers 10 | { 11 | public class ChatController : Controller 12 | { 13 | public ActionResult Index() 14 | { 15 | return View(); 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.dotNet.mvc/DefaultParametersController.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Net; 5 | using System.Net.Http; 6 | using System.Web.Http; 7 | using System.Web.Mvc; 8 | 9 | namespace Test.Controllers 10 | { 11 | public class ChatController : Controller 12 | { 13 | [HttpGet] 14 | public ActionResult DoAction(Guid? id, string type = null, DateTime? expires = null) 15 | { 16 | var thing = GetThingOrThrow(id); 17 | 18 | // init model 19 | var model = new PlaceThing(application, type); 20 | 21 | if (expires.HasValue) model.ExpiredOn = expires.Value.Date; 22 | return View("Test/Model", model); 23 | } 24 | } 25 | } 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.dotNet.mvc/InstructorRoutes.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Web; 5 | using System.Web.Mvc; 6 | using System.Web.Routing; 7 | 8 | namespace ContosoUniversity 9 | { 10 | public class RouteConfig 11 | { 12 | public static void RegisterRoutes(RouteCollection routes) 13 | { 14 | routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); 15 | 16 | routes.MapRoute( 17 | name: "Default", 18 | url: "{controller}/{action}/{id}", 19 | defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional } 20 | ); 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.dotNet.mvc/RouteConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Web; 5 | using System.Web.Mvc; 6 | using System.Web.Routing; 7 | 8 | namespace SignalRChat 9 | { 10 | public class RouteConfig 11 | { 12 | public static void RegisterRoutes(RouteCollection routes) 13 | { 14 | routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); 15 | 16 | routes.MapRoute( 17 | name: "Default", 18 | url: "{controller}/{action}/{id}", 19 | defaults: new { controller = "Chat", action = "Index", id = UrlParameter.Optional } 20 | ); 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.dotNet.mvc/Student.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel.DataAnnotations; 4 | using System.ComponentModel.DataAnnotations.Schema; 5 | 6 | namespace ContosoUniversity.Models 7 | { 8 | public class Student : Person 9 | { 10 | [DataType(DataType.Date)] 11 | [DisplayFormat(DataFormatString = "{0:yyyy-MM-dd}", ApplyFormatInEditMode = true)] 12 | [Display(Name = "Enrollment Date")] 13 | public DateTime EnrollmentDate { get; set; } 14 | 15 | public virtual ICollection Enrollments { get; set; } 16 | } 17 | } -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.dotNet.webforms/WebForm1.aspx.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Web; 5 | using System.Web.UI; 6 | using System.Web.UI.WebControls; 7 | 8 | namespace JSASPNETUserConsent 9 | { 10 | public partial class WebForm1 : System.Web.UI.Page 11 | { 12 | protected void Page_Load(object sender, EventArgs e) 13 | { 14 | Label.Text = "Initial text"; 15 | Response.AddHeader("X-XSS-Protection", "0"); 16 | } 17 | 18 | protected void test_Click(object sender, EventArgs e) 19 | { 20 | Label.Text = newitem.Text; 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.jsp.cycle/cycle.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% 3 | String query = null; 4 | String key = ""; 5 | String[] params = {}; 6 | if (request.getMethod().equals("POST")){ 7 | 8 | String parameter = request.getParameter("test"); 9 | 10 | } 11 | %> 12 | 13 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.jsp/nesting/test1.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% 3 | String query = null; 4 | String key = ""; 5 | String[] params = {}; 6 | if (request.getMethod().equals("POST")){ 7 | 8 | String parameter = request.getParameter("param1"); 9 | 10 | } 11 | %> 12 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.jsp/nesting/test2.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% 3 | String query = null; 4 | String key = ""; 5 | String[] params = {}; 6 | if (request.getMethod().equals("POST")){ 7 | 8 | String parameter = request.getParameter("param2"); 9 | 10 | } 11 | %> 12 | 13 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.jsp/nesting/test3.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% 3 | String query = null; 4 | String key = ""; 5 | String[] params = {}; 6 | if (request.getMethod().equals("POST")){ 7 | 8 | String parameter = request.getParameter("param3"); 9 | 10 | } 11 | %> 12 | 13 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.jsp/nesting/test4.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% 3 | String query = null; 4 | String key = ""; 5 | String[] params = {}; 6 | if (request.getMethod().equals("POST")){ 7 | 8 | String parameter = request.getParameter("param4"); 9 | 10 | } 11 | %> 12 | 13 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.jsp/nesting/test5.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% 3 | String query = null; 4 | String key = ""; 5 | String[] params = {}; 6 | if (request.getMethod().equals("POST")){ 7 | 8 | String parameter = request.getParameter("param5"); 9 | 10 | } 11 | %> 12 | 13 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.jsp/nesting/test6.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% 3 | String query = null; 4 | String key = ""; 5 | String[] params = {}; 6 | if (request.getMethod().equals("POST")){ 7 | 8 | String parameter = request.getParameter("param6"); 9 | 10 | } 11 | %> 12 | 13 | -------------------------------------------------------------------------------- /archived/threadfix-ham/src/test/resources/code.jsp/nesting/test7.jsp: -------------------------------------------------------------------------------- 1 | 2 | <% 3 | String query = null; 4 | String key = ""; 5 | String[] params = {}; 6 | if (request.getMethod().equals("POST")){ 7 | 8 | String parameter = request.getParameter("param7"); 9 | 10 | } 11 | %> 12 | 13 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/.gitignore: -------------------------------------------------------------------------------- 1 | # Java # 2 | 3 | *.class 4 | 5 | # Package Files # 6 | *.jar 7 | *.war 8 | *.ear 9 | 10 | 11 | # Eclipse # 12 | 13 | *.pydevproject 14 | .metadata 15 | .gradle 16 | bin/** 17 | tmp/** 18 | tmp/**/* 19 | *.tmp 20 | *.bak 21 | *.swp 22 | *~.nib 23 | local.properties 24 | .settings/ 25 | .loadpath 26 | 27 | # External tool builders 28 | .externalToolBuilders/ 29 | 30 | # Locally stored "Eclipse launch configurations" 31 | *.launch 32 | 33 | # CDT-specific 34 | .cproject 35 | 36 | # PDT-specific 37 | .buildpath 38 | 39 | # TeXlipse plugin 40 | .texlipse 41 | 42 | 43 | # IntelliJ IDEA # 44 | 45 | *.iml 46 | *.ipr 47 | *.iws 48 | .idea/ 49 | out/ 50 | 51 | # Visual Studio # 52 | obj/ 53 | *.user 54 | *.suo 55 | 56 | # Nuget # 57 | **/packages/* 58 | !**/packages/repositories.config -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/eclipse/.gitignore: -------------------------------------------------------------------------------- 1 | bin 2 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/eclipse/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | EclipsePlugin 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | org.eclipse.pde.ManifestBuilder 15 | 16 | 17 | 18 | 19 | org.eclipse.pde.SchemaBuilder 20 | 21 | 22 | 23 | 24 | 25 | org.eclipse.pde.PluginNature 26 | org.eclipse.jdt.core.javanature 27 | 28 | 29 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/eclipse/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Bundle-ManifestVersion: 2 3 | Bundle-Name: ThreadFixPlugin 4 | Bundle-SymbolicName: com.denimgroup.threadfix.plugin.eclipse.views.VulnerabilitiesView;singleton:=true 5 | Bundle-Version: 0.2 6 | Bundle-Vendor: Denim Group 7 | Bundle-RequiredExecutionEnvironment: JavaSE-1.7 8 | Import-Package: com.google.gson, 9 | org.apache.log4j;version="1.2.15", 10 | org.apache.log4j.xml;version="1.2.15", 11 | org.eclipse.core.commands.common, 12 | org.eclipse.core.resources, 13 | org.eclipse.core.runtime, 14 | org.eclipse.core.runtime.jobs, 15 | org.eclipse.core.runtime.preferences, 16 | org.eclipse.jface, 17 | org.eclipse.jface.action, 18 | org.eclipse.jface.dialogs, 19 | org.eclipse.jface.viewers, 20 | org.eclipse.jface.window, 21 | org.eclipse.swt, 22 | org.eclipse.swt.graphics, 23 | org.eclipse.swt.layout, 24 | org.eclipse.swt.widgets, 25 | org.eclipse.ui, 26 | org.eclipse.ui.texteditor, 27 | org.eclipse.ui.views.markers, 28 | org.osgi.service.prefs 29 | Bundle-ActivationPolicy: lazy 30 | Bundle-ClassPath: lib/threadfix-cli.jar, bin/, lib/ 31 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/eclipse/README: -------------------------------------------------------------------------------- 1 | Documentation for the ThreadFix Eclipse plugin can be found at 2 | https://github.com/denimgroup/threadfix/wiki/Eclipse-IDE-Plugin -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/eclipse/build.properties: -------------------------------------------------------------------------------- 1 | bin.includes = plugin.xml,\ 2 | META-INF/,\ 3 | icons/,\ 4 | bin/,\ 5 | src/,\ 6 | build.properties,\ 7 | lib/,\ 8 | lib/threadfix-cli.jar 9 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/eclipse/icons/icon.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-ide-plugin/eclipse/icons/icon.jpg -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/eclipse/icons/sample.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-ide-plugin/eclipse/icons/sample.gif -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/eclipse/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0.0 4 | 5 | eclipse 6 | parent 7 | 0.1.0 8 | ../pom.xml 9 | 10 | 11 | 12 | 13 | kepler 14 | p2 15 | http://download.eclipse.org/releases/kepler 16 | 17 | 18 | 19 | com.denimgroup.threadfix.plugin.eclipse.views.VulnerabilitiesView 20 | eclipse-plugin 21 | 22 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/intellij/README: -------------------------------------------------------------------------------- 1 | Documentation for the ThreadFix IntelliJ plugin can be found at 2 | https://github.com/denimgroup/threadfix/wiki/IntelliJ-IDEA-Plugin -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/intellij/resources/icons/DG_logo_mark_13x13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-ide-plugin/intellij/resources/icons/DG_logo_mark_13x13.png -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/packages/repositories.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/threadfix-plugin.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2012 4 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "threadfix-plugin", "threadfix-plugin\threadfix-plugin.csproj", "{36252D8F-BFA7-49FB-898B-D2F68F2702FA}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Any CPU = Debug|Any CPU 9 | Release|Any CPU = Release|Any CPU 10 | EndGlobalSection 11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 12 | {36252D8F-BFA7-49FB-898B-D2F68F2702FA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 13 | {36252D8F-BFA7-49FB-898B-D2F68F2702FA}.Debug|Any CPU.Build.0 = Debug|Any CPU 14 | {36252D8F-BFA7-49FB-898B-D2F68F2702FA}.Release|Any CPU.ActiveCfg = Release|Any CPU 15 | {36252D8F-BFA7-49FB-898B-D2F68F2702FA}.Release|Any CPU.Build.0 = Release|Any CPU 16 | EndGlobalSection 17 | GlobalSection(SolutionProperties) = preSolution 18 | HideSolutionNode = FALSE 19 | EndGlobalSection 20 | EndGlobal 21 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Controls/LoadingWindow.xaml: -------------------------------------------------------------------------------- 1 |  6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Controls/LoadingWindow.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Shapes; 14 | 15 | namespace DenimGroup.threadfix_plugin.Controls 16 | { 17 | /// 18 | /// Interaction logic for LoadingWindow.xaml 19 | /// 20 | public partial class LoadingWindow : Window 21 | { 22 | public LoadingWindow() 23 | { 24 | InitializeComponent(); 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Key.snk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Key.snk -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Resources/DG_logo_mark_13x13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Resources/DG_logo_mark_13x13.png -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Resources/Images.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Resources/Images.png -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Resources/Package.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Resources/Package.ico -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/Resources/license.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2009-2015 Denim Group, Ltd. 2 | 3 | The contents of this file are subject to the Mozilla Public License 4 | Version 2.0 (the "License"); you may not use this file except in 5 | compliance with the License. You may obtain a copy of the License at 6 | http: www.mozilla.org/MPL/ 7 | 8 | Software distributed under the License is distributed on an "AS IS" 9 | basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the 10 | License for the specific language governing rights and limitations 11 | under the License. 12 | 13 | The Original Code is ThreadFix. 14 | 15 | The Initial Developer of the Origin Code is Denim Group, Ltd. 16 | Portions created by Denim Group, Ltd. are Copyright (C) 17 | Denim Group, Ltd. All Rights Reserved. 18 | 19 | Contributor(s): Denim Group, Ltd. -------------------------------------------------------------------------------- /archived/threadfix-ide-plugin/visual-studio/threadfix-plugin/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/java/com/denimgroup/threadfix/service/defects/defaults/AbstractDefaultTagMapper.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service.defects.defaults; 2 | 3 | import java.util.List; 4 | 5 | import com.denimgroup.threadfix.data.entities.Vulnerability; 6 | 7 | /** 8 | * The Interface the tag mappers have to implement to return relevant 9 | * values when updating or retrieving default fields using tags for Defect submission 10 | * 11 | */ 12 | public abstract class AbstractDefaultTagMapper { 13 | 14 | public abstract String getValueAssociated(List vulnerabilities); 15 | 16 | public abstract boolean isSupportingValueMapping(); 17 | 18 | public abstract List getValueMappingKeys(); 19 | 20 | } -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/defaultTag/default-tags.csv: -------------------------------------------------------------------------------- 1 | 10/23/2015 13:00:00 2 | GenericName,com.denimgroup.threadfix.service.defects.defaults.tags.GenericNameDefaultTagMapper,Evaluates the generic Threadfix name for the first vulnerability in the list 3 | GenericSeverity,com.denimgroup.threadfix.service.defects.defaults.tags.GenericSeverityDefaultTagMapper,Evaluates the generic Threadfix severity in its literal form (high low...) for the first vulnerability in the list -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/defect/defect-trackers.csv: -------------------------------------------------------------------------------- 1 | 11/24/2015 12:10:00 2 | HP Quality Center,com.denimgroup.threadfix.service.defects.HPQualityCenterDefectTracker 3 | Version One,com.denimgroup.threadfix.service.defects.VersionOneDefectTracker 4 | JIRA,com.denimgroup.threadfix.service.defects.JiraDefectTracker -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/generic/cwe2.7.csv: -------------------------------------------------------------------------------- 1 | 9/15/2014 1:05:00 2 | type.info, 3 | CWE differences between Version 2.6 and Version 2.7, 4 | type.vulnerabilities, 5 | 338,Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 6 | 563,Assignment to Variable without Use ('Unused Variable') 7 | 942,Overly Permissive Cross-domain Whitelist 8 | 943,Improper Neutralization of Special Elements in Data Query Logic -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/generic/generic-vuln.csv: -------------------------------------------------------------------------------- 1 | 12/31/2015 9:45:00 2 | type.info, 3 | CWE differences between Version 2.5 and Version 2.6, 4 | type.vulnerabilities, 5 | 359,Exposure of Private Information ('Privacy Violation') 6 | 451,User Interface (UI) Misrepresentation of Critical Information 7 | 923,Improper Restriction of Communication Channel to Intended Endpoints 8 | 926,Improper Export of Android Application Components 9 | 939,Improper Authorization in Handler for Custom URL Scheme 10 | 940,Improper Verification of Source of a Communication Channel 11 | 941,Incorrectly Specified Destination in a Communication Channel 12 | 1003,Weaknesses for Simplified Mapping of Published Vulnerabilities 13 | 134,Use of Externally-Controlled Format String 14 | -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/remoteprovider/appscanenterprise.csv: -------------------------------------------------------------------------------- 1 | 10/1/2015 15:31:00 2 | type.name 3 | IBM Security AppScan Enterprise,http://www-03.ibm.com/software/products/en/appscan-enterprise,1,Use as a Remote Provider 4 | type.credentials 5 | usernamepassword 6 | type.channelname 7 | IBM Security AppScan Standard 8 | type.authenticationfields 9 | URL,false,true,http://appscan.threadfix.com:8080 10 | Username,false,true 11 | Password,true,true -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/remoteprovider/contrast.csv: -------------------------------------------------------------------------------- 1 | 2/25/2015 12:31:00 2 | type.name 3 | Contrast,http://www1.contrastsecurity.com/,1,Use as a Remote Provider 4 | type.credentials 5 | usernamepassword 6 | type.channelname 7 | Contrast 8 | type.authenticationfields 9 | Username,false,true 10 | API Key,true,true 11 | Service Key,true,true 12 | -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/remoteprovider/hailstorm.csv: -------------------------------------------------------------------------------- 1 | 11/21/2014 9:44:00 2 | type.name 3 | Trustwave Hailstorm 4 | type.credentials 5 | usernamepassword 6 | type.channelname 7 | Trustwave Hailstorm 8 | type.authenticationfields 9 | Client Secret,false 10 | Access Token,false -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/remoteprovider/sonatype.csv: -------------------------------------------------------------------------------- 1 | 10/1/2015 15:31:00 2 | type.name 3 | Sonatype,http://www.sonatype.org/nexus/,1,Use as a Remote Provider 4 | type.credentials 5 | usernamepassword 6 | type.channelname 7 | Sonatype 8 | type.authenticationfields 9 | URL,false,true,http://api.cs.sonatype.com:8070 10 | Username,false,true 11 | Password,true,true -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/remoteprovider/whitehatsource.csv: -------------------------------------------------------------------------------- 1 | 5/6/2015 15:31:00 2 | type.name 3 | WhiteHat Sentinel Source,https://source.whitehatsec.com/application_findings_detail.html,1,Use as a Remote Provider 4 | type.channelname 5 | WhiteHat Sentinel Source 6 | type.authenticationfields 7 | API Key,true,true 8 | -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/brakeman.csv: -------------------------------------------------------------------------------- 1 | 3/27/2015 11:45:00 2 | type.info,, 3 | Brakeman,, 4 | type.vulnerabilities,, 5 | SSL Verification Bypass,SSL Verification Bypass,295 6 | Unscoped Find,Unscoped Find,477 7 | Information Disclosure,Information Disclosure,200 8 | Unsafe Deserialization,Unsafe Deserialization,502 9 | Unsafe Redirects,Unsafe Redirects,601 10 | 11 | -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/catnet.csv: -------------------------------------------------------------------------------- 1 | 8/10/2015 11:45:00 2 | type.info,, 3 | Microsoft CAT.NET 4 | type.severities,,, 5 | Info,Info,1,1 6 | -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/contrast.csv: -------------------------------------------------------------------------------- 1 | 1/14/2015 12:28:00 2 | type.info,,, 3 | Contrast,http://www1.contrastsecurity.com/,1,Use as a Remote Provider 4 | type.vulnerabilities,,, 5 | Reflected Cross-Site Scripting,reflected-xss,79, 6 | Insecure JSP Placement,insecure-jsp-access,425 7 | Pages Without Anti-Clickjacking Controls,clickjacking-control-missing,693 8 | Parameter Pollution,parameter-pollution,88 9 | Forms Without Autocomplete Prevention,autocomplete-missing,525 10 | Session Rewriting,session-rewriting,384 11 | Anti-Caching Controls Missing,cache-controls-missing,524 12 | SQL Injection,sql-injection,89 13 | Trust Boundary Violation,trust-boundary-violation,501 14 | Insecure Hash Algorithms,crypto-bad-mac,327 15 | Insecure Encryption Algorithm,crypto-bad-ciphers,327 16 | type.severities,,, 17 | Note,Note,1,1 18 | Critical,Critical,5,5 19 | High,High,4,4 20 | Medium,Medium,3,3 21 | Low,Low,2,2 22 | -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/manual.csv: -------------------------------------------------------------------------------- 1 | 9/3/2015 8:28:00 2 | type.info,,, 3 | Manual 4 | type.vulnerabilities,,, 5 | type.severities,,, 6 | No Threat,No Threat,1,1 7 | Critical,Critical,5,5 8 | critical,critical,5,5 9 | severe,severe,4,4 10 | moderate,moderate,3,3 -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/nessus.csv: -------------------------------------------------------------------------------- 1 | 11/22/2015 22:45:00 2 | type.info,, 3 | Nessus 4 | type.vulnerabilities,, 5 | CGI Generic Injectable Parameter,47830,74 6 | type.severities,, 7 | 0,0,1,1 8 | 4,4,5,5 9 | 3,3,4,5 -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/nto.csv: -------------------------------------------------------------------------------- 1 | 11/22/2015 16:14:00 2 | type.info,, 3 | AppSpider 4 | type.vulnerabilities,, 5 | Web Beacon,Web Beacon,16 6 | Apache Struts Framework Detection,Apache Struts Framework Detection,16 7 | X-XSS-Protection,X-XSS-Protection,16 8 | X-Frame-Options,X-Frame-Options,16 9 | type.severities,,, 10 | 0-Safe,0-Safe,1,1 11 | 1-Info,1-Info,2,1 12 | 1-Informational,1-Informational,3,1 13 | 2-Low,2-Low,4,2 14 | 3-Med,3-Med,5,3 15 | 3-Medium,3-Medium,6,3 16 | 4-High,4-High,7,4 -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/pmd.csv: -------------------------------------------------------------------------------- 1 | 10/16/2014 09:00:00 2 | type.info,,, 3 | PMD,http://pmd.sourceforge.net/,5.1.1,The PMD importer requires the XML output of PMD 4 | type.vulnerabilities,,, 5 | ArrayIsStoredDirectly,ArrayIsStoredDirectly,16, 6 | MethodReturnsInternalArray,MethodReturnsInternalArray,16, 7 | type.severities,,, 8 | Critical,1,5,5 9 | High,2,4,4 10 | Medium,3,3,3 11 | Low,4,2,2 12 | Information,5,1,1 -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/scarf.csv: -------------------------------------------------------------------------------- 1 | 9/01/2015 12:45:00 2 | type.info,,, 3 | SWAMP SCARF,,1,xml sample files 4 | type.vulnerabilities,,, 5 | type.severities,,, 6 | Medium,Medium,3,3 7 | -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/skipfish.csv: -------------------------------------------------------------------------------- 1 | 8/6/2014 11:45:00 2 | type.info,, 3 | Skipfish 4 | type.vulnerabilities,, 5 | JSON response with no apparent XSSI protection,30602,79 6 | Incorrect or missing charset (low risk),10803,16 7 | Numerical filename - consider enumerating,10901,16 8 | New 404 signature seen,10205,16 9 | New 'X-*' header value seen,10204,16 10 | Incorrect or missing MIME type (low risk),10801,16 11 | New 'Via' header value seen,10203,16 12 | New HTTP cookie added,10201,16 13 | New 'Server' header value seen,10202,16 14 | Unknown form field (can't autocomplete),10505,16 -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/scanner/ssvl.csv: -------------------------------------------------------------------------------- 1 | 9/18/2014 3:59:00 2 | type.info,,, 3 | SSVL,https://github.com/OWASP/SSVL,.1,Create a scan manually -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/version.txt: -------------------------------------------------------------------------------- 1 | 1/14/2015 16:28:00 2 | -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/waf/mod-security.csv: -------------------------------------------------------------------------------- 1 | 9/12/2014 11:45:00 2 | type.name 3 | mod_security 4 | type.directives 5 | deny 6 | drop 7 | pass 8 | allow -------------------------------------------------------------------------------- /archived/threadfix-importers/src/main/resources/mappings/waf/riverbed-waf.csv: -------------------------------------------------------------------------------- 1 | 9/16/2014 00:00:00 2 | type.name 3 | SteelApp Web App Firewall 4 | type.directives 5 | deny 6 | -------------------------------------------------------------------------------- /archived/threadfix-main/.checkstyle: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /archived/threadfix-main/.gitignore: -------------------------------------------------------------------------------- 1 | # Java # 2 | 3 | *.class 4 | 5 | # Package Files # 6 | *.jar 7 | *.war 8 | *.ear 9 | 10 | 11 | # Eclipse # 12 | 13 | *.pydevproject 14 | .metadata 15 | .gradle 16 | bin/** 17 | tmp/** 18 | tmp/**/* 19 | *.tmp 20 | *.bak 21 | *.swp 22 | *~.nib 23 | local.properties 24 | .settings/ 25 | .loadpath 26 | 27 | # External tool builders 28 | .externalToolBuilders/ 29 | 30 | # Locally stored "Eclipse launch configurations" 31 | *.launch 32 | 33 | # CDT-specific 34 | .cproject 35 | 36 | # PDT-specific 37 | .buildpath 38 | 39 | # TeXlipse plugin 40 | .texlipse 41 | 42 | 43 | # IntelliJ IDEA # 44 | 45 | *.iml 46 | *.ipr 47 | *.iws 48 | .idea/ 49 | out/ 50 | 51 | target/ 52 | -------------------------------------------------------------------------------- /archived/threadfix-main/.springBeans: -------------------------------------------------------------------------------- 1 | 2 | 3 | 1 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/deb/control/config: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Exit on error 4 | set -e 5 | 6 | # Source debconf library. 7 | . /usr/share/debconf/confmodule 8 | 9 | # Ask questions 10 | db_input high threadfix/configuration || true 11 | 12 | # Show interface 13 | db_go || true 14 | 15 | db_purge || true -------------------------------------------------------------------------------- /archived/threadfix-main/src/deb/control/control: -------------------------------------------------------------------------------- 1 | Package: [[name]] 2 | Version: [[version]] 3 | Section: misc 4 | Priority: optional 5 | Architecture: all 6 | Pre-Depends: debconf (>= 0.2.17) 7 | Depends: openjdk-7-jre | java7-runtime, openjdk-7-jre-headless | java7-runtime-headless, tomcat7 8 | Maintainer: ThreadFix 9 | Description: Application vulnerability management tool 10 | ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems. -------------------------------------------------------------------------------- /archived/threadfix-main/src/deb/control/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | . /usr/share/debconf/confmodule 4 | 5 | case "$1" in 6 | "configure") 7 | if [ ! -f "/etc/threadfix/database/threadfix.log" ] && [ ! -f "/etc/threadfix/database/threadfix.properties" ] && [ ! -f "/etc/threadfix/database/threadfix.script" ]; 8 | then 9 | mkdir -p /etc/threadfix/database 10 | cp /usr/share/threadfix/threadfix/WEB-INF/classes/threadfix-backup.script /etc/threadfix/database/threadfix.script 11 | mkdir -p /etc/threadfix/scratch 12 | chown -R tomcat7:tomcat7 /etc/threadfix 13 | fi 14 | ;; 15 | esac 16 | 17 | service tomcat7 start 18 | 19 | exit 0 20 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/deb/control/postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | case "$1" in 4 | "remove") 5 | service tomcat7 restart 6 | ;; 7 | "purge") 8 | rm -rf /etc/threadfix 9 | ;; 10 | "abort-install") 11 | service tomcat7 start 12 | ;; 13 | "abort-upgrade") 14 | service tomcat7 start 15 | ;; 16 | esac 17 | 18 | exit 0 -------------------------------------------------------------------------------- /archived/threadfix-main/src/deb/control/preinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | service tomcat7 stop 4 | 5 | exit 0 -------------------------------------------------------------------------------- /archived/threadfix-main/src/deb/control/templates: -------------------------------------------------------------------------------- 1 | Template: threadfix/configuration 2 | Type: note 3 | Description: Ensure Tomcat is using Java 7 and has enough memory. 4 | You may need to change the configuration to ensure Tomcat is using the correct version of Java and has enough memory. Open the 'tomcat7' file located /etc/default/tomcat7 using a text editor and change the following lines. 5 | . 6 | - Uncomment out the line JAVA_HOME=/usr/lib/jvm/openjdk-6-jdk and use the location of your Java7 installation (which will probably be located in /usr/lib/jvm/). The full JAVA_HOME will then be something like this: 7 | . 8 | JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64 9 | . 10 | - Change the memory option on the line JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweeGC". We recommend 4GB(-Xmx4096m) minimum. 11 | . 12 | - If you wish to designate a specific location for ThreadFix's temporary scratch folder, simply add "-Dthreadfix.scratchFolder=", where "" is the location where temp files will be stored during scan uploads. The full JAVA_OPTS will then be: 13 | . 14 | JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweeGC -Dthreadfix.scratchFolder=" -------------------------------------------------------------------------------- /archived/threadfix-main/src/deb/etc/tomcat7/Catalina/localhost/threadfix.xml: -------------------------------------------------------------------------------- 1 | 3 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/deb/usr/share/lintian/overrides/threadfix: -------------------------------------------------------------------------------- 1 | arch-independent-package-contains-binary-or-object -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/java/com/denimgroup/threadfix/service/DefectTrackerTypeServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import com.denimgroup.threadfix.data.dao.DefectTrackerTypeDao; 4 | import com.denimgroup.threadfix.data.dao.GenericObjectDao; 5 | import com.denimgroup.threadfix.data.entities.DefectTrackerType; 6 | import org.springframework.beans.factory.annotation.Autowired; 7 | import org.springframework.stereotype.Service; 8 | import org.springframework.transaction.annotation.Transactional; 9 | 10 | @Service 11 | @Transactional(readOnly = false) 12 | public class DefectTrackerTypeServiceImpl extends AbstractGenericObjectService implements DefectTrackerTypeService{ 13 | 14 | @Autowired 15 | private DefectTrackerTypeDao defectTrackerTypeDao; 16 | 17 | @Override 18 | GenericObjectDao getDao() { 19 | return defectTrackerTypeDao; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/java/com/denimgroup/threadfix/service/RequestUrlServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import javax.servlet.http.HttpServletRequest; 4 | 5 | import org.springframework.stereotype.Service; 6 | 7 | @Service 8 | public class RequestUrlServiceImpl implements RequestUrlService { 9 | 10 | @Override 11 | public String getBaseUrlFromRequest(HttpServletRequest request) { 12 | String scheme = request.getScheme(); 13 | String serverName = request.getServerName(); 14 | int port = request.getServerPort(); 15 | String contextPath = request.getContextPath(); 16 | 17 | if (port == 443 || port == 80){ 18 | return String.format("%s://%s%s", scheme, serverName, contextPath); 19 | } else { 20 | return String.format("%s://%s:%d%s", scheme, serverName, port, contextPath); 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/java/com/denimgroup/threadfix/service/defects/defaults/tags/GenericNameDefaultTagMapper.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service.defects.defaults.tags; 2 | 3 | import java.util.List; 4 | 5 | import org.springframework.stereotype.Component; 6 | 7 | import com.denimgroup.threadfix.data.entities.Finding; 8 | import com.denimgroup.threadfix.data.entities.Vulnerability; 9 | import com.denimgroup.threadfix.service.defects.defaults.AbstractDefaultTagMapper; 10 | 11 | @Component 12 | public class GenericNameDefaultTagMapper extends AbstractDefaultTagMapper { 13 | 14 | @Override 15 | public String getValueAssociated(List vulnerabilities) { 16 | List firstVulnFindings = vulnerabilities.get(0).getFindings(); 17 | if (firstVulnFindings != null){ 18 | return firstVulnFindings.get(0).getChannelVulnerability().getGenericVulnerability().getName(); 19 | } 20 | else return null; 21 | } 22 | 23 | @Override 24 | public boolean isSupportingValueMapping() { 25 | return false; 26 | } 27 | 28 | @Override 29 | public List getValueMappingKeys() { 30 | return null; 31 | } 32 | 33 | } 34 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/java/com/denimgroup/threadfix/util/UrlShortener.java: -------------------------------------------------------------------------------- 1 | // Source from http://stackoverflow.com/questions/742013/how-to-code-a-url-shortener 2 | package com.denimgroup.threadfix.util; 3 | 4 | public class UrlShortener 5 | { 6 | private static final String ALPHABET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; 7 | private static final int BASE = ALPHABET.length(); 8 | 9 | public static String encode(int num) 10 | { 11 | StringBuilder sb = new StringBuilder(); 12 | 13 | while ( num > 0 ) 14 | { 15 | sb.append( ALPHABET.charAt( num % BASE ) ); 16 | num /= BASE; 17 | } 18 | 19 | return sb.reverse().toString(); 20 | } 21 | 22 | public static int decode(String str) 23 | { 24 | int num = 0; 25 | 26 | for ( int i = 0, len = str.length(); i < len; i++ ) 27 | { 28 | num = num * BASE + ALPHABET.indexOf( str.charAt(i) ); 29 | } 30 | 31 | return num; 32 | } 33 | } -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/ApplicationResources_en_US.properties: -------------------------------------------------------------------------------- 1 | # Empty resources file so JSTL resolves the default locale correctly. 2 | # http://raibledesigns.com/page/rd/sunsets/i18n_synching_up_struts_and#comment2 3 | 4 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/ValidationMessages.properties: -------------------------------------------------------------------------------- 1 | errors.required=This field cannot be blank 2 | errors.url=Not a valid URL 3 | errors.maxlength=This field has a maximum length of 4 | errors.unique=Name is not available. -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/bootstrap/scanners/appscanenterprise.csv: -------------------------------------------------------------------------------- 1 | type.info,,, 2 | IBM Rational AppScan Enterprise,http://www-01.ibm.com/software/rational/products/appscan/source/,-,The Appscan Source Edition importer imports the .ozasmt format. This may not work with up-to-date versions of AppScan source edition., 3 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/bootstrap/scanners/catnet.csv: -------------------------------------------------------------------------------- 1 | type.info,,, 2 | Microsoft CAT.NET,http://msdn.microsoft.com/en-us/security/default.aspx,1 CTP,The CAT.NET importer requires the CAT.NET XML format., 3 | type.vulnerabilities,,, 4 | Process Command Execution,ACESEC02,77 5 | Cross-Site Scripting,ACESEC05,79 6 | LDAP Injection,ACESEC08,90 7 | XPath Injection,ACESEC07,643 8 | SQL Injection,ACESEC01,89 9 | Exception Information,ACESEC04,209 10 | File Canonicalization,ACESEC03,180 11 | Redirection to User Controlled Site,ACESEC06,601 12 | type.severities,,, 13 | Info,Info,1,1 14 | Low,Low,2,2 15 | Medium,Medium,3,3 16 | High,High,4,4 17 | Critical,Critical,5,5 18 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/bootstrap/scanners/defect-trackers.csv: -------------------------------------------------------------------------------- 1 | Bugzilla,com.denimgroup.threadfix.service.defects.BugzillaDefectTracker 2 | Jira,com.denimgroup.threadfix.service.defects.JiraDefectTracker 3 | Microsoft TFS,com.denimgroup.threadfix.service.defects.TFSDefectTracker 4 | HP Quality Center,com.denimgroup.threadfix.service.defects.HPQualityCenterDefectTracker 5 | Version One,com.denimgroup.threadfix.service.defects.VersionOneDefectTracker -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/bootstrap/scanners/dependencycheck.csv: -------------------------------------------------------------------------------- 1 | type.info,,, 2 | Dependency Check,https://github.com/jeremylong/DependencyCheck,1.02,You shouldn''t be seeing this., 3 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/custom.properties: -------------------------------------------------------------------------------- 1 | # set to false to set only required fields + the below versionOne.includedFields property 2 | versionOne.includeAll=true 3 | 4 | # Uncomment and fill this to opt-in to fields 5 | # versionOne.includedFields=Owners,Goals 6 | 7 | # Which fields to export. Options are CWE ID, CWE Name, Path, Parameter, Severity, Open Date, Description, Defect ID, Application Name, Team Name, Payload, Attack Surface Path 8 | # The order here will also be the order in the exported CSV file. 9 | #csvExportFields=CWE ID, CWE Name, Path, Parameter, Severity, Open Date, Description, Defect ID, Application Name, Team Name, Payload, Attack Surface Path 10 | 11 | # Where to store temporary files 12 | #threadfix.scratchFolder=/etc/threadfix/scratch -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/custom.properties.debian: -------------------------------------------------------------------------------- 1 | # set to false to set only required fields + the below versionOne.includedFields property 2 | versionOne.includeAll=true 3 | 4 | # Uncomment and fill this to opt-in to fields 5 | # versionOne.includedFields=Owners,Goals 6 | 7 | # Which fields to export. Options are CWE ID, CWE Name, Path, Parameter, Severity, Open Date, Description, Defect ID, Application Name, Team Name, Payload, Attack Surface Path 8 | # The order here will also be the order in the exported CSV file. 9 | #csvExportFields=CWE ID, CWE Name, Path, Parameter, Severity, Open Date, Description, Defect ID, Application Name, Team Name, Payload, Attack Surface Path 10 | 11 | # Where to store temporary files 12 | threadfix.scratchFolder=/etc/threadfix/scratch -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/email.properties: -------------------------------------------------------------------------------- 1 | #In order to configure as you want, you can add any properties compliant with this doc https://javamail.java.net/nonav/docs/api/ 2 | #mail.host=host.company.com 3 | #mail.port=587 4 | 5 | # Return address to appear on emails 6 | #mail.smtp.from=sender@company.com 7 | 8 | #Be sure to use an encrypted protocol when sending sensitive informations over email 9 | #mail.username=username 10 | #mail.password=password 11 | #mail.smtp.starttls.enable= 12 | #mail.smtp.auth=true 13 | 14 | #Enter comma separated email filters, supports * wildcard. Non matching email addresses will be rejected at sending time for security reasons. 15 | #Example: custom.filters=*@company.com,*company2.com,john@contractor.com 16 | #custom.filters= -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/import.sql: -------------------------------------------------------------------------------- 1 | -- This file has been replaced with code. -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/jdbc.properties.debian: -------------------------------------------------------------------------------- 1 | # database settings, this can be the central location for different DB settings 2 | # that are referenced in /src/main/resources/applicationContext-hibernate.xml. 3 | 4 | #HSQLDB 5 | jdbc.driverClassName=org.hsqldb.jdbcDriver 6 | jdbc.url=jdbc:hsqldb:/etc/threadfix/database/threadfix 7 | jdbc.username=sa 8 | jdbc.password= 9 | hibernate.dialect=org.hibernate.dialect.HSQLDialect 10 | hibernate.hbm2ddl.auto=update 11 | 12 | #MYSQL 13 | #jdbc.driverClassName=com.mysql.jdbc.Driver 14 | #jdbc.url=jdbc:mysql://localhost:3306/threadfix?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&jdbcCompliantTruncation=false 15 | #jdbc.username=root 16 | #jdbc.password= 17 | #hibernate.dialect=org.hibernate.dialect.MySQL5Dialect 18 | #hibernate.hbm2ddl.auto=update 19 | 20 | hibernate.show_sql=false 21 | hibernate.format_sql=true -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/jdbc.properties.deploy: -------------------------------------------------------------------------------- 1 | # database settings, this can be the central location for different DB settings 2 | # that are referenced in /src/main/resources/applicationContext-hibernate.xml. 3 | 4 | #HSQLDB 5 | jdbc.driverClassName=org.hsqldb.jdbcDriver 6 | jdbc.url=jdbc:hsqldb:/var/lib/tomcat7/database/threadfix 7 | jdbc.username=sa 8 | jdbc.password= 9 | hibernate.dialect=org.hibernate.dialect.HSQLDialect 10 | hibernate.hbm2ddl.auto=update 11 | 12 | #MYSQL 13 | #jdbc.driverClassName=com.mysql.jdbc.Driver 14 | #jdbc.url=jdbc:mysql://localhost:3306/stonemill?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&jdbcCompliantTruncation=false 15 | #jdbc.username=smuser 16 | #jdbc.password=password 17 | #hibernate.dialect=org.hibernate.dialect.MySQL5Dialect 18 | #hibernate.hbm2ddl.auto=update 19 | 20 | hibernate.show_sql=false 21 | hibernate.format_sql=true -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/jdbc.properties.mysql: -------------------------------------------------------------------------------- 1 | # database settings, this can be the central location for different DB settings 2 | # that are referenced in /src/main/resources/applicationContext-hibernate.xml. 3 | 4 | #HSQLDB 5 | #jdbc.driverClassName=org.hsqldb.jdbcDriver 6 | #jdbc.url=jdbc:hsqldb:/var/lib/tomcat6/database/threadfix 7 | #jdbc.username=sa 8 | #jdbc.password= 9 | #hibernate.dialect=org.hibernate.dialect.HSQLDialect 10 | #hibernate.hbm2ddl.auto=update 11 | 12 | #MYSQL 13 | jdbc.driverClassName=com.mysql.jdbc.Driver 14 | jdbc.url=jdbc:mysql://localhost:3306/threadfix?autoReconnect=true&createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=UTF-8&jdbcCompliantTruncation=false 15 | jdbc.username=threadfix 16 | jdbc.password=tfpassword 17 | hibernate.dialect=org.hibernate.dialect.MySQL5Dialect 18 | hibernate.hbm2ddl.auto=update 19 | 20 | hibernate.show_sql=false 21 | hibernate.format_sql=true -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/jms.properties: -------------------------------------------------------------------------------- 1 | # This properties file is used to configure jms settings in 2 | # /src/main/resources/applicationContext-scheduling.xml. 3 | 4 | jms.url=vm://localhost 5 | # jms.url=tcp://localhost:61616 6 | jms.username= 7 | jms.password= 8 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/jms.properties.debian: -------------------------------------------------------------------------------- 1 | # This properties file is used to configure jms settings in 2 | # /src/main/resources/applicationContext-scheduling.xml. 3 | 4 | jms.url=vm://localhost?broker.dataDirectory=/etc/threadfix/activemq-data 5 | # jms.url=tcp://localhost:61616 6 | jms.username= 7 | jms.password= 8 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/jndi.properties: -------------------------------------------------------------------------------- 1 | java.naming.referral=follow -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/quartz.properties: -------------------------------------------------------------------------------- 1 | # Default Properties file for use by StdSchedulerFactory 2 | # to create a Quartz Scheduler Instance, if a different 3 | # properties file is not explicitly specified. 4 | # 5 | 6 | org.quartz.scheduler.instanceName: DefaultQuartzScheduler 7 | org.quartz.scheduler.rmi.export: false 8 | org.quartz.scheduler.rmi.proxy: false 9 | org.quartz.scheduler.wrapJobExecutionInUserTransaction: false 10 | 11 | org.quartz.threadPool.class: org.quartz.simpl.SimpleThreadPool 12 | org.quartz.threadPool.threadCount: 10 13 | org.quartz.threadPool.threadPriority: 5 14 | org.quartz.threadPool.threadsInheritContextClassLoaderOfInitializingThread: true 15 | 16 | org.quartz.jobStore.misfireThreshold: 60000 17 | 18 | org.quartz.jobStore.class: org.quartz.simpl.RAMJobStore 19 | 20 | #Skip update check. 21 | org.quartz.scheduler.skipUpdateCheck: true -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_auth.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_auth.a -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_console.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_console.a -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_filesystem.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_filesystem.a -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_misc.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_misc.a -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_synchronization.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/aix/ppc/libnative_synchronization.a -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_auth.sl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_auth.sl -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_console.sl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_console.sl -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_filesystem.sl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_filesystem.sl -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_misc.sl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_misc.sl -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_synchronization.sl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/PA_RISC/libnative_synchronization.sl -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_auth.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_auth.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_console.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_console.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_filesystem.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_filesystem.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_misc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_misc.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_synchronization.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/hpux/ia64_32/libnative_synchronization.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_auth.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_auth.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_console.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_console.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_filesystem.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_filesystem.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_misc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_misc.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_synchronization.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/arm/libnative_synchronization.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_auth.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_auth.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_console.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_console.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_filesystem.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_filesystem.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_misc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_misc.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_synchronization.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/ppc/libnative_synchronization.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_auth.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_auth.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_console.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_console.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_filesystem.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_filesystem.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_misc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_misc.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_synchronization.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86/libnative_synchronization.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_auth.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_auth.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_console.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_console.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_filesystem.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_filesystem.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_misc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_misc.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_synchronization.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/linux/x86_64/libnative_synchronization.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_auth.jnilib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_auth.jnilib -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_console.jnilib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_console.jnilib -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_filesystem.jnilib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_filesystem.jnilib -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_keychain.jnilib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_keychain.jnilib -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_misc.jnilib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_misc.jnilib -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_synchronization.jnilib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/macosx/libnative_synchronization.jnilib -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_auth.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_auth.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_console.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_console.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_filesystem.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_filesystem.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_misc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_misc.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_synchronization.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/sparc/libnative_synchronization.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_auth.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_auth.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_console.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_console.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_filesystem.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_filesystem.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_misc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_misc.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_synchronization.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86/libnative_synchronization.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_auth.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_auth.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_console.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_console.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_filesystem.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_filesystem.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_misc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_misc.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_synchronization.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/solaris/x86_64/libnative_synchronization.so -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_auth.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_auth.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_console.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_console.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_filesystem.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_filesystem.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_messagewindow.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_messagewindow.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_misc.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_misc.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_registry.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_registry.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_synchronization.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86/native_synchronization.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_auth.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_auth.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_console.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_console.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_filesystem.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_filesystem.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_messagewindow.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_messagewindow.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_misc.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_misc.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_registry.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_registry.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_synchronization.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/resources/tfs-native/win32/x86_64/native_synchronization.dll -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/403.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | <spring:message code="403.title"/> 5 | "/> 6 | 7 |

8 |
9 |

10 | 11 |

12 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/404.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | 5 | <spring:message code="404.title"/> 6 | "/> 7 | 8 |

Error

9 |
10 |

11 | 12 | 13 |

14 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Class-Path: 3 | 4 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/jscachebust.tld: -------------------------------------------------------------------------------- 1 | 2 | 3 | 1.0 4 | 2.0 5 | JS Cache Bust Tag 6 | 7 | cachebustscript 8 | com.denimgroup.threadfix.webapp.tags.JsCacheBusterTag 9 | empty 10 | 11 | src 12 | true 13 | 14 | 15 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/sitemesh.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 8 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/urlrewrite.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | /images/** 6 | /images/$1 7 | 8 | 9 | /scripts/** 10 | /scripts/$1 11 | 12 | 13 | /v/*/scripts/** 14 | /scripts/$2 15 | 16 | 17 | /styles/** 18 | /styles/$1 19 | 20 | 21 | /login.jsp 22 | /login.jsp 23 | 24 | 25 | / 26 | /app/dashboard 27 | 28 | 29 | /** 30 | /app/$1 31 | 32 | 33 | 34 | /app/** 35 | /$1 36 | 37 | 38 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/403.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | <spring:message code="403.title"/> 5 | "/> 6 | 7 |

8 |
9 |

10 | 11 |

12 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/404.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | <spring:message code="404.title"/> 5 | "/> 6 | 7 |

Error

8 |
9 |

10 | 11 | 12 |

-------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/ajaxFailureHarness.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/ajaxJSONHarness.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | { "wait": } -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/ajaxRedirectHarness.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | 5 | { "isJSONRedirect" : true, "redirectURL" : "" } -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/ajaxSuccessHarness.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/angular-init.jspf: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 |
'; urlRoot = '<%=request.getContextPath()%>'">
5 | 6 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/appLimit.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | Application Limit Reached 5 | 6 | 7 |

Application Limit Reached

8 |
9 |

10 | Your application has reached its maximum of applications. 11 | To create more, please contact Denim Group to upgrade your license. 12 |

13 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/forms/vulnTaggingForm.jsp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/modals/addScanQueueModal.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 |
5 | Add New Task 6 |
7 | 8 | 9 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/modals/addScheduledScanModal.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/modals/manualFindingModal.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 10 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/modals/uploadDocModal.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 15 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/modals/uploadDocVulnModal.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/modals/uploadScanModal.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 15 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/modals/vulnCommentModal.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | Add Comment 4 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/tabs/hiddenTab.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | View Vulnerability Filters 16 | 17 | 18 | 19 | Expand All 20 | Collapse All 21 | 22 | 23 | <%@ include file="/WEB-INF/views/applications/tabs/filter.jspf" %> 24 | 25 | <%@ include file="/WEB-INF/views/applications/tabs/defaultTableDiv.jspf" %> 26 | 27 | 28 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/tabs/unmappedFindingsTab.jsp: -------------------------------------------------------------------------------- 1 | 2 | 4 | 5 |

Findings Without Vulnerabilities

6 | 7 | <%@ include file="../../scans/unmappedTable.jsp" %> 8 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/tabs/vulnTabTree.jsp: -------------------------------------------------------------------------------- 1 | 2 | 3 | <%@ include file="../../vulnerabilities/vulnSearchControls.jsp" %> 4 | 5 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/applications/wafRow.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | WAF 4 | 5 | 6 | 7 |
8 | Add 9 |
10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 19 | data-added-waf="true" 20 | 21 | href="${ fn:escapeXml(wafUrl) }"> 22 | 23 | 24 | () 25 | 26 | 27 | Edit 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/config/defecttrackers/index.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | Defect Trackers 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | <%@ include file="/WEB-INF/views/angular-init.jspf"%> 15 | 16 | <%@include file="/WEB-INF/views/config/defecttrackers/tabs/defectTrackersTab.jsp"%> 17 | <%@include file="/WEB-INF/views/config/defecttrackers/tabs/scheduledUpdateTab.jsp"%> 18 | 19 | 20 | 21 | 24 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/config/remoteproviders/index.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | Remote Providers 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | <%@ include file="/WEB-INF/views/config/remoteproviders/tabs/remoteProvidersTab.jsp" %> 15 | <%@ include file="/WEB-INF/views/config/remoteproviders/tabs/scheduledImportTab.jsp" %> 16 | 17 | 18 | 21 | 22 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/config/remoteproviders/rpAppTable.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/config/scheduledemailreports/modals/createScheduledReportModal.jsp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/config/scheduledemailreports/modals/editScheduledReportModal.jsp: -------------------------------------------------------------------------------- 1 | 15 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/config/users/community/index.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | Manage Users 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | <%@ include file="/WEB-INF/views/angular-init.jspf"%> 13 | 14 |

Manage Users

15 | 16 |
17 | 18 | {{ usersSuccessMessage }} 19 |
20 | <%@ include file="/WEB-INF/views/errorMessage.jsp" %> 21 | 22 |
23 |
24 | <%@ include file="../common/userList.jspf" %> 25 |
26 |
27 | <%@ include file="../common/userDetails.jspf" %> 28 |
29 |
30 | 31 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/customize/scannerSeverity/community.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | Customize Scanner Severities 5 | 6 | 7 | 8 | 9 | 10 | 11 | <%@ include file="/WEB-INF/views/successMessage.jspf" %> 12 | <%@ include file="/WEB-INF/views/errorMessage.jsp" %> 13 | <%@ include file="newForm.jsp" %> 14 | <%@ include file="editForm.jsp" %> 15 | 16 |

Suppress Incoming Results

17 | 18 | <%@ include file="suppressResults.jspf" %> 19 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/customize/scannerVulnTypes/community.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | Manage Filters 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | <%@ include file="/WEB-INF/views/angular-init.jspf"%> 14 | 15 |
16 | 17 |

Scanner Type to CWE Mappings

18 | 19 | <%@ include file="/WEB-INF/views/mappings/channelVulnUpdate.jsp"%> 20 | 21 | 22 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/customize/threadfixSeverity/community.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | Customize ThreadFix Severities 5 | 6 | 7 | 8 | 9 | <%@ include file="/WEB-INF/views/angular-init.jspf"%> 10 | 11 | <%@ include file="/WEB-INF/views/successMessage.jspf" %> 12 | <%@ include file="/WEB-INF/views/errorMessage.jspf"%> 13 | 14 |

Show and Hide

15 | 16 | <%@ include file="/WEB-INF/views/filters/severityFilterForm.jsp" %> 17 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/customize/threadfixVulnTypes/cweToSeverity.jsp: -------------------------------------------------------------------------------- 1 | 2 |
3 | 4 |
5 | <%@ include file="/WEB-INF/views/filters/form.jsp"%> 6 | 7 |
8 | 9 | {{ successMessage }} 10 |
11 | 12 | Create New Mapping 13 | 14 |
15 | <%@ include file="/WEB-INF/views/filters/table.jsp" %> 16 |
17 |
18 |
-------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/dataAccessFailure.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp" %> 2 | 3 | Data Access Error 4 | 5 | 6 | 7 | 8 |

9 | There was a data access failure somewhere in the application. 10 |

11 | 12 | « Back 13 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/defectTrackerError.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | <fmt:message key="mainMenu.title"/> 5 | 6 | 7 | 8 | 9 | ${ message }

10 | Edit Login Credentials

11 | Edit Defect Trackers

12 | Back to Submission Page -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/errorMessage.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 |
5 | 6 | 7 | 8 | 9 |
10 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/errorMessage.jspf: -------------------------------------------------------------------------------- 1 |
2 | 3 | {{ errorMessage }} 4 |
-------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/exception.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | System error 5 | 6 | 7 |

System error

8 | 9 | 10 | A system error occurred and has been logged to the database at . 11 | 12 | 13 | 14 | 15 | "> View Error Log 16 | 17 | 18 | 19 | 20 | A system error occurred. 21 | 22 | 23 |

24 | 25 | 26 | ">Back to Home Page 27 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/modal/footer.jspf: -------------------------------------------------------------------------------- 1 | 2 |
3 | {{ error }} 4 | 5 | Close 6 | 13 | 19 |
-------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/multiScanReport.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | <fmt:message key="mainMenu.title" /> 5 | 6 | 7 | 8 | 9 |
10 | 11 | 12 |

13 | These URLs were found and successfully matched to applications: 14 | 15 |
16 | 17 | 18 | 19 | 20 |

21 | These URLs were found but could not be matched to an application: 22 | 23 |
24 | 25 | 26 | 27 | ">Home -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/organizations/newTeamForm.jsp: -------------------------------------------------------------------------------- 1 | 26 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/reports/comparison.jsp: -------------------------------------------------------------------------------- 1 |
2 | 3 |
4 | 7 |
8 | Comparison 9 | 10 | 11 | 12 |
13 |
14 |
15 | 16 |
17 |

Filters

18 | 19 |
20 | <%@ include file="filter.jsp" %> 21 |
22 | 23 |
24 | 25 |
26 | 27 | 28 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/reports/custom.jsp: -------------------------------------------------------------------------------- 1 |
2 |
3 | 6 |
    7 | 8 |
  • 9 | 10 |
    • 11 |     12 |
13 | 14 | 18 |
19 | 20 | <%@ include file="/WEB-INF/views/angular-init.jspf"%> 21 |
22 | 23 |
24 | 25 |
26 | 27 |
28 |
29 | 30 | 31 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/reports/emptyReport.jspf: -------------------------------------------------------------------------------- 1 |
No data found
-------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/reports/filter.jsp: -------------------------------------------------------------------------------- 1 |
2 |

Filters

3 | 4 | 5 | 6 | 7 | 8 | No saved filters found. 9 | 10 | 11 | 12 |
13 | <%@ include file="/WEB-INF/views/vulnerabilities/filterSections.jsp" %> 14 |
15 | 16 |
17 | <%@ include file="/WEB-INF/views/vulnerabilities/savedFilters.jsp" %> 18 |
19 |
20 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/reports/loading.jspf: -------------------------------------------------------------------------------- 1 |
Loading...
-------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/reports/trending.jsp: -------------------------------------------------------------------------------- 1 |
2 | 3 |
4 | 7 | 8 |
9 | 12 |
13 | 14 |
15 | 16 |
17 | <%@ include file="filter.jsp" %> 18 |
19 | 20 | 21 |
22 | 23 | 24 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/resourceNotFound.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | <spring:message code="404.title"/> 5 | "/> 6 | 7 |

Resource Not Found

8 |
9 | 10 |

11 | We were unable to find the resource that you requested. 12 | This could be because the requested item never existed or because it was deleted.

13 | You may want to go back a page or 14 | ">go to the Home page. 15 |

16 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/scans/confirm.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | <c:out value="${ application.name }"/> Scan Upload Confirmation 5 | 6 | 7 | 8 |

Empty Scan Upload Confirmation

9 | 10 | You have uploaded an empty scan. Click yes to continue, and no to go back to the scan page. 11 |

12 | 13 | 14 | 15 | Yes 16 | 17 | 18 | 19 | 20 | No 21 | 22 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/scans/finding/editDescriptionFindingForm.jsp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/scans/finding/editManualFindingModal.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 10 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/successMessage.jspf: -------------------------------------------------------------------------------- 1 |
2 | 3 | {{ successMessage }} 4 |
-------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/vulnerabilities/littleVulnTable.jspf: -------------------------------------------------------------------------------- 1 |

{{ vulns.length }} {{ vulns.length === 1 ? 'Vulnerability' : 'Vulnerabilities' }}

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 17 | 18 | 19 | 20 | 21 | 22 | 23 |
TypePathParameter
× {{ vuln.vulnerabilityName | shortCweNames }} {{ vuln.path }} {{ vuln.parameter }}
-------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/wafs/detailRuleList.jsp: -------------------------------------------------------------------------------- 1 | 2 | 9 |
10 |

WAF Rules:

11 | 12 |
13 | Download Waf Rules 14 |
15 |
16 |
17 | 
{{ rulesText }}
18 |
19 |
20 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/wafs/rules/detail.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | WAF Rule Statistics 5 | 6 | 7 | 8 | 9 | 10 | 11 | Back to WAF ${ wafRule.waf.name} 12 | 13 |

WAF Rule ${ wafRule.nativeId } Statistics:

14 | 15 | This rule has been fired ${ fn:length(wafRule.securityEvents) } times: 16 |

17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | -- 25 | 26 |
27 | 28 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/WEB-INF/views/wafs/upload/form.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | Upload WAF Log 5 | 6 | 7 | 8 |

Upload WAF Log

9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 20 | 21 | 22 |
Log File: 18 | 19 |
23 |
24 | 25 | ">Cancel 26 | 27 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/common/delete.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/common/footer.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 17 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/common/meta.jsp: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | "/> -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/common/taglibs.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" errorPage="/error.jsp" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %> 2 | <%@ taglib uri="http://www.springframework.org/security/tags" prefix="security" %> 3 | <%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %> 4 | <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> 5 | 6 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> 7 | <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %> 8 | <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> 9 | 10 | <%@ taglib uri="http://www.opensymphony.com/sitemesh/decorator" prefix="decorator"%> 11 | <%@ taglib uri="http://www.opensymphony.com/sitemesh/page" prefix="page"%> 12 | <%@ taglib uri="/WEB-INF/jscachebust.tld" prefix="cbs"%> 13 | 14 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/error.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | 4 | System error 5 | 6 | 7 |

System error

8 | 9 | A system error occurred. 10 | 11 | 12 | 13 |

14 | 15 | 16 | ">Home 17 | 18 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/403.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/403.jpg -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/404.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/404.jpg -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/DummyPieChart.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/DummyPieChart.PNG -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/TF_logo_w_arrow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/TF_logo_w_arrow.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/TF_logo_w_arrow_strap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/TF_logo_w_arrow_strap.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/ThreadFix_72.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/ThreadFix_72.jpg -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/body-bg-bottom.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/body-bg-bottom.gif -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/body-bg-top.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/body-bg-top.gif -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/breadcrumbs-bg.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/breadcrumbs-bg.gif -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/btn-bg-out.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/btn-bg-out.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/btn-bg-over.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/btn-bg-over.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/denim-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/denim-group.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/dg_logo_white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/dg_logo_white.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/favicon.ico -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/glyphicons-halflings-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/glyphicons-halflings-white.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/glyphicons-halflings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/glyphicons-halflings.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/graph1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/graph1.PNG -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/graph2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/graph2.PNG -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/hdr-bg-repeat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/hdr-bg-repeat.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/hdr-threadfix-logo-super-short.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/hdr-threadfix-logo-super-short.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/hdr-threadfix-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/hdr-threadfix-logo.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/icn_bug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/icn_bug.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/icn_bug_grn_stroke.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/icn_bug_grn_stroke.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/icn_bug_red_stroke.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/icn_bug_red_stroke.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/icn_bug_yellow_stroke.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/icn_bug_yellow_stroke.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/icn_fork_arrow25x25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/icn_fork_arrow25x25.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/loading.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/loading.gif -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/main-corners.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/main-corners.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/images/main-top-gradient.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/images/main-top-gradient.png -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="/common/taglibs.jsp"%> 2 | 3 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/FileAPI.flash.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-main/src/main/webapp/scripts/FileAPI.flash.swf -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/dashboard-controller.js: -------------------------------------------------------------------------------- 1 | var myAppModule = angular.module('threadfix'); 2 | 3 | myAppModule.controller('DashboardController', function ($scope, $rootScope) { 4 | 5 | $scope.empty = false; 6 | 7 | $scope.$on('rootScopeInitialized', function() { 8 | $scope.reportQuery = ''; 9 | }); 10 | 11 | $scope.rightReportTitle = "Most Vulnerable Applications"; 12 | 13 | }); -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/filters.js: -------------------------------------------------------------------------------- 1 | var filtersModule = angular.module('threadfixFilters', []); 2 | 3 | filtersModule.filter('shortCweNames', function() { 4 | var akaRegex = /.*\(aka (.*)\)/; 5 | var parensRegex = /.*\('(.*)'\)/; 6 | return function(input) { 7 | var test1 = akaRegex.exec(input); 8 | 9 | if (test1) { 10 | return test1[1]; 11 | } 12 | 13 | var test2 = parensRegex.exec(input); 14 | 15 | if (test2) { 16 | return test2[1]; 17 | } 18 | 19 | return input; 20 | } 21 | }); 22 | 23 | filtersModule.filter('removeSpace', function() { 24 | return function(input) { 25 | if (input) { 26 | return input.replace(/ /g, ''); 27 | } 28 | } 29 | }); 30 | 31 | filtersModule.filter('removeNonWord', function() { 32 | return function(input) { 33 | if (input) { 34 | return input.replace(/\W/g, ''); 35 | } 36 | } 37 | }); 38 | 39 | filtersModule.filter('removeEmailDomain', function() { 40 | return function(input) { 41 | if (input) { 42 | return input.substring(0, input.indexOf("@")); 43 | } 44 | } 45 | }); 46 | 47 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/focus-controller.js: -------------------------------------------------------------------------------- 1 | var myAppModule = angular.module('threadfix'); 2 | 3 | myAppModule.controller('FocusController', function ($window, $scope, $document) { 4 | 5 | $scope.focus = function() { 6 | document.getElementById("currentPasswordInput").focus(); 7 | } 8 | }); 9 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/init-controller.js: -------------------------------------------------------------------------------- 1 | var myAppModule = angular.module('threadfix') 2 | 3 | myAppModule.controller('InitController', function ($scope, $window, $rootScope, $log) { 4 | 5 | var setToken = function(oldValue, newValue) { 6 | $rootScope.csrfToken = $scope.csrfToken; 7 | 8 | if ($rootScope.urlRoot) { 9 | $rootScope.$broadcast('rootScopeInitialized'); 10 | } 11 | 12 | $log.info('Token is ' + $scope.csrfToken); 13 | } 14 | 15 | var setRoot = function(oldValue, newValue) { 16 | $rootScope.urlRoot = $scope.urlRoot; 17 | 18 | if ($rootScope.csrfToken) { 19 | $rootScope.$broadcast('rootScopeInitialized'); 20 | } 21 | 22 | $log.info('Root is ' + $scope.urlRoot); 23 | } 24 | 25 | $scope.$watch('csrfToken', setToken); 26 | $scope.$watch('urlRoot', setRoot); 27 | 28 | }); -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/login-controller.js: -------------------------------------------------------------------------------- 1 | var myAppModule = angular.module('threadfix', []); 2 | 3 | myAppModule.controller('LoginController', function ($window, $scope) { 4 | window.onload = function () { 5 | document.getElementById("username").focus(); 6 | }; 7 | 8 | if(top != self) top.location.replace(location); 9 | }); 10 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/login_page.js: -------------------------------------------------------------------------------- 1 | $(document).ready(function() { 2 | $(".focus").focus(); 3 | }); 4 | 5 | if(top != self) top.location.replace(location); -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/mappings-page-controller.js: -------------------------------------------------------------------------------- 1 | var myAppModule = angular.module('threadfix'); 2 | 3 | myAppModule.controller('MappingsPageController', function ($scope) { 4 | 5 | //this is needed because the unmapped findings table needs a parent with this property. 6 | $scope.currentUrl = "/mappings/index"; 7 | 8 | }); -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/modal-controller.js: -------------------------------------------------------------------------------- 1 | var myAppModule = angular.module('threadfix'); 2 | 3 | myAppModule.controller('ModalController', function ($scope, $modalInstance, data) { 4 | 5 | $scope.data = data; 6 | 7 | $scope.cancel = function () { 8 | $modalInstance.dismiss('cancel'); 9 | }; 10 | }); -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/toggle.js: -------------------------------------------------------------------------------- 1 | function toggleid(id) { 2 | if (document.getElementById) { // DOM3 = IE5, NS6 3 | if (document.getElementById(id).style.display == 'none') 4 | document.getElementById(id).style.display = 'block'; 5 | else 6 | document.getElementById(id).style.display = 'none'; 7 | } 8 | else { 9 | if (document.layers) { // Netscape 4 10 | document.id.display = 'none'; 11 | if (document.id.display == 'none') 12 | document.id.display = 'block'; 13 | else 14 | document.id.display = 'none'; 15 | } 16 | else { // IE 4 17 | document.all.id.style.display = 'none'; 18 | if (document.all.id.style.display == 'none') 19 | document.all.id.style.display = 'block'; 20 | else 21 | document.all.id.style.display = 'none'; 22 | } 23 | } 24 | } -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/scripts/wrapper-controller.js: -------------------------------------------------------------------------------- 1 | var module = angular.module('threadfix'); 2 | 3 | module.controller('WrapperController', function($scope){ 4 | $scope.loaded = true; 5 | }); -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/styles/ie6.css: -------------------------------------------------------------------------------- 1 | .transparent_png { 2 | behavior: url(iepngfix.htc); 3 | } -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/styles/inputDropdownStyles.css: -------------------------------------------------------------------------------- 1 | .input-dropdown { 2 | display: inline-block; 3 | position: relative; 4 | } 5 | 6 | .input-dropdown input[type='text'] { 7 | box-sizing: border-box; 8 | width: 100%; 9 | height: 30px; 10 | } 11 | 12 | .input-dropdown ul { 13 | background: #fff; 14 | border: 1px solid #000; 15 | box-sizing: border-box; 16 | list-style: none; 17 | margin: 0; 18 | padding: 0; 19 | position: absolute; 20 | width: 100%; 21 | z-index: 1000; 22 | } 23 | 24 | .input-dropdown ul > li { 25 | cursor: pointer; 26 | padding: 10px; 27 | } 28 | 29 | .input-dropdown ul > li.active { 30 | background: #608AEB; 31 | } 32 | 33 | /* Custom input dropdown styles */ 34 | .input-dropdown { 35 | margin: 0 30px 0 0; 36 | width: 220px; /* set the width of the input and dropdown */ 37 | } 38 | .input-dropdown input[type='text'] { 39 | font-size: 15px; 40 | padding: 5px; 41 | } 42 | .input-dropdown ul > li { 43 | transition: background .15s; 44 | } 45 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/styles/login.css: -------------------------------------------------------------------------------- 1 | * { 2 | margin: 0; 3 | } 4 | 5 | html,body { 6 | height: 100%; 7 | color: #000000; 8 | font-family: verdana, arial, sans-serif; 9 | font-size: 12px; 10 | } 11 | 12 | html { 13 | background: #FFFFFF; 14 | } 15 | 16 | div a.denim-group { 17 | filter: alpha(opacity = 50); 18 | -khtml-opacity: 0.5; 19 | -moz-opacity: 0.5; 20 | opacity: 0.5; 21 | } 22 | 23 | div a.denim-group:hover { 24 | filter: alpha(opacity = 100); 25 | -khtml-opacity: 1; 26 | -moz-opacity: 1; 27 | opacity: 1; 28 | } 29 | 30 | img { 31 | border:0px; 32 | } 33 | 34 | a { 35 | text-decoration: none; 36 | color: #38606c; 37 | } 38 | 39 | a:hover { 40 | text-decoration: none; 41 | color: #38606c; 42 | } 43 | 44 | a:visited { 45 | text-decoration: none; 46 | color: #38606c; 47 | } 48 | 49 | a:active { 50 | text-decoration: none; 51 | color: #38606c; 52 | } -------------------------------------------------------------------------------- /archived/threadfix-main/src/main/webapp/styles/system-settings.css: -------------------------------------------------------------------------------- 1 | .list { 2 | list-style: none outside none; 3 | margin: 10px 0 30px; 4 | } 5 | 6 | .export-fields-container { 7 | border: 1px solid #ccc; 8 | border-radius: 5px; 9 | margin: 10px 10px 0 0; 10 | padding: 5px; 11 | min-width:200px; 12 | min-height:50px; 13 | } 14 | 15 | .exportField { 16 | width: 185px; 17 | padding: 2px 10px; 18 | margin: 3px 0; 19 | border: 1px solid #add8e6; 20 | background-color: #d6ebf2; 21 | 22 | text-align: center; 23 | cursor: move; 24 | } 25 | 26 | .export-field-ui-container { 27 | padding: 20px 0; 28 | } 29 | 30 | .save { 31 | margin-top: 25px; 32 | } 33 | 34 | /*** Extra ***/ 35 | 36 | .floatleft { 37 | float: left; 38 | } 39 | 40 | .floatright { 41 | float: right; 42 | } 43 | 44 | .clear { 45 | clear: both; 46 | } 47 | -------------------------------------------------------------------------------- /archived/threadfix-main/src/test/resources/httptraffic/jira/issue-submit.txt: -------------------------------------------------------------------------------- 1 | {"id":"14301","key":"NCT-38","self":"https://threadfix.atlassian.net/rest/api/2/issue/14301"} -------------------------------------------------------------------------------- /archived/threadfix-main/src/test/resources/httptraffic/jira/nct-components.txt: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /archived/threadfix-main/src/test/resources/httptraffic/jira/user-search.txt: -------------------------------------------------------------------------------- 1 | {"self":"https://threadfix.atlassian.net/rest/api/2/user?username=threadfix","key":"threadfix","name":"threadfix","emailAddress":"dan@denimgroup.com","avatarUrls":{"16x16":"https://threadfix.atlassian.net/secure/useravatar?size=xsmall&avatarId=10122","24x24":"https://threadfix.atlassian.net/secure/useravatar?size=small&avatarId=10122","32x32":"https://threadfix.atlassian.net/secure/useravatar?size=medium&avatarId=10122","48x48":"https://threadfix.atlassian.net/secure/useravatar?avatarId=10122"},"displayName":"Administrator","active":true,"timeZone":"America/Chicago","groups":{"size":6,"items":[]},"expand":"groups"} -------------------------------------------------------------------------------- /archived/threadfix-main/src/test/resources/httptraffic/jira/users.txt: -------------------------------------------------------------------------------- 1 | [{"self":"https://test.atlassian.net/rest/api/2/user?username=test","key":"test","name":"test","emailAddress":"test@test.com","avatarUrls":{"16x16":"https://test.atlassian.net/secure/useravatar?size=xsmall&avatarId=10122","24x24":"https://test.atlassian.net/secure/useravatar?size=small&avatarId=10122","32x32":"https://test.atlassian.net/secure/useravatar?size=medium&avatarId=10122","48x48":"https://test.atlassian.net/secure/useravatar?avatarId=10122"},"displayName":"Administrator","active":true,"timeZone":"America/Chicago"}] -------------------------------------------------------------------------------- /archived/threadfix-main/src/test/resources/httptraffic/versionone/response.txt: -------------------------------------------------------------------------------- 1 | TEST – 3.6.0 – N4.3 -------------------------------------------------------------------------------- /archived/threadfix-main/util/demo-site/DirectoryIndexing/admin.txt: -------------------------------------------------------------------------------- 1 | admin.txt 2 | 3 | MySQL config 4 | username: root 5 | password: root 6 | 7 | var;%20%0D%0AContent-Length:%200%0D%0A%0D%0AHTTP/1.1%20200%20OK%0D%0AContent-Type:%20text/html%0D%0AContent-Length:%2031%0D%0AHacked%20by%20yehg.org 8 | 9 | -------------------------------------------------------------------------------- /archived/threadfix-main/util/demo-site/import.sql: -------------------------------------------------------------------------------- 1 | -- SQL setup 2 | -- username is root, password is root 3 | 4 | CREATE database threadfix; 5 | USE threadfix; 6 | 7 | CREATE TABLE users(id INTEGER, name VARCHAR(255), password VARCHAR(255)); 8 | 9 | INSERT INTO users (id, name, password) VALUES (1, "Jimmy", "This is Jimmy's password."); 10 | INSERT INTO users (id, name, password) VALUES (2, "", "You got the stored XSS password."); 11 | INSERT INTO users (id, name, password) VALUES (3, "John", "This is John's password."); 12 | -------------------------------------------------------------------------------- /archived/threadfix-main/util/demo-site/password.txt: -------------------------------------------------------------------------------- 1 | password -------------------------------------------------------------------------------- /archived/threadfix-main/util/demo-site/users.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Jimmy 5 | JimmyPassword 6 | 1 7 | 8 | 9 | John 10 | JohnPassword 11 | 2 12 | 13 | -------------------------------------------------------------------------------- /archived/threadfix-main/util/demo-site/web.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /archived/threadfix-main/util/deploy/fabfile.py: -------------------------------------------------------------------------------- 1 | from __future__ import with_statement 2 | from fabric.api import * 3 | from fabric.contrib.console import confirm 4 | import os 5 | from urlparse import urlparse 6 | from ftplib import FTP 7 | 8 | from fabric.api import env 9 | 10 | local_working_folder_loc = os.getcwd() #where fabfile is running from 11 | server_base_loc = '/var/lib/tomcat7/webapps' #where to deploy to 12 | 13 | 14 | # moves the WAR file to the remote server, updates the database and restarts tomcat 15 | @task(default=True) 16 | @runs_once 17 | def deploy_war(): 18 | local('scp -i ~/.ssh/id_rsa %s/threadfix-main/target/*.war %s@%s:threadfix.war' % (local_working_folder_loc, env.user, env.host)) 19 | run('w') 20 | sudo('service tomcat7 stop') #stop tomcat 21 | with settings(warn_only=True): 22 | sudo('rm -rf %s/threadfix' % (server_base_loc)) 23 | sudo('rm -rf %s/threadfix.war' % (server_base_loc)) 24 | sudo('cp ~/threadfix.war %s/threadfix.war' % (server_base_loc)) 25 | sudo('service tomcat7 start') #start tomcat 26 | -------------------------------------------------------------------------------- /archived/threadfix-main/util/zip/ADD_ACTIVE_DIRECTORY_SUPPORT.txt: -------------------------------------------------------------------------------- 1 | Active Directory support can be added by editing the security.xml file and inserting xml similar to this: 2 | 3 | 4 | 5 | under the LDAP Configuration comment tag and xml similar to this: 6 | 7 | 16 | 17 | inside the security:authentication-manager tag. You will of course have to substitute in real values anywhere things are inside curly braces. 18 | -------------------------------------------------------------------------------- /archived/threadfix-plugin-examples/default-tag/src/main/resources/custom/example.csv: -------------------------------------------------------------------------------- 1 | 5/7/2015 11:55:00 2 | DefaultTagName,com.denimgroup.threadfix.plugin.SampleDefaultTagMapper,This is the default tag verbose description that will be displayed to UI -------------------------------------------------------------------------------- /archived/threadfix-plugin-examples/defect-tracker/src/main/resources/custom/example.csv: -------------------------------------------------------------------------------- 1 | 3/2/2015 11:55:00 2 | Sample Tracker,com.denimgroup.threadfix.plugin.SampleTracker -------------------------------------------------------------------------------- /archived/threadfix-plugin-examples/importer/src/main/resources/custom/sample.csv: -------------------------------------------------------------------------------- 1 | 3/2/2015 14:22:00 2 | type.info,,, 3 | Scanner Name,http://scanner.url.com,1.VersionNumber,Instructions for downloading 4 | type.vulnerabilities,,, 5 | Type name,Type code followed by CWE number,64 6 | Cross-Site Scripting,XSS,79, 7 | type.severities,,, 8 | Severity Name,code then ordinal 1-5,1,1 9 | High,High,4,4 10 | -------------------------------------------------------------------------------- /archived/threadfix-plugin-examples/remote-provider/src/main/resources/custom/mappings/mappings.csv: -------------------------------------------------------------------------------- 1 | 3/3/2015 14:22:00 2 | type.info,,, 3 | Sample Remote Provider,http://scanner.url.com,1.VersionNumber,Instructions for downloading 4 | type.vulnerabilities,,, 5 | Type name,Type code followed by CWE number,64 6 | Cross-Site Scripting,XSS,79, 7 | type.severities,,, 8 | Severity Name,code then ordinal 1-5,1,1 9 | High,High,4,4 10 | -------------------------------------------------------------------------------- /archived/threadfix-plugin-examples/remote-provider/src/main/resources/custom/remoteProvider/provider.csv: -------------------------------------------------------------------------------- 1 | 3/3/2015 12:31:00 2 | type.name 3 | Sample Remote Provider,http://www.my-app.com/,1,Use as a Remote Provider 4 | type.credentials 5 | usernamepassword 6 | type.channelname 7 | Sample Remote Provider 8 | type.authenticationfields 9 | Non-secret mandatory,false,true 10 | Non-secret optional,false,false 11 | Secret mandatory,true,true 12 | Sample field,true,true -------------------------------------------------------------------------------- /archived/threadfix-plugin-examples/waf/src/main/resources/custom/sample.csv: -------------------------------------------------------------------------------- 1 | 3/4/2015 00:00:00 2 | type.name 3 | Sample WAF 4 | type.directives 5 | deny 6 | other directive 7 | -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/burp/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | Burp-Plugin 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | org.eclipse.m2e.core.maven2Builder 15 | 16 | 17 | 18 | 19 | 20 | org.eclipse.jdt.core.javanature 21 | org.eclipse.m2e.core.maven2Nature 22 | 23 | 24 | -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/burp/README: -------------------------------------------------------------------------------- 1 | Documentation for the ThreadFix Burp plugin can be found at 2 | https://github.com/denimgroup/threadfix/wiki/Burp-Plugin -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/.gitignore: -------------------------------------------------------------------------------- 1 | /bin 2 | -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | ZaproxyPlugin 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | 15 | org.eclipse.jdt.core.javanature 16 | 17 | 18 | -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/README: -------------------------------------------------------------------------------- 1 | Documentation for the ThreadFix ZAP plugin can be found at 2 | https://github.com/denimgroup/threadfix/wiki/Zap-Plugin -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/java-getopt/1.0.13/java-getopt-1.0.13.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/java-getopt/1.0.13/java-getopt-1.0.13.jar -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/jgoodies-looks/2.4.0/jgoodies-looks-2.4.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/jgoodies-looks/2.4.0/jgoodies-looks-2.4.0.jar -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/lablib-checkboxtree/3.2/lablib-checkboxtree-3.2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/lablib-checkboxtree/3.2/lablib-checkboxtree-3.2.jar -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/xom/1.2.6/xom-1.2.6.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/xom/1.2.6/xom-1.2.6.jar -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/zap/2.2.2/zap-2.2.2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/zap/2.2.2/zap-2.2.2.jar -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/zaphelp/2.2.2/zaphelp-2.2.2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-scanner-plugin/zaproxy/lib/com/owasp/zap/zaphelp/2.2.2/zaphelp-2.2.2.jar -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/src/org/zaproxy/zap/extension/threadfix/Messages.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-scanner-plugin/zaproxy/src/org/zaproxy/zap/extension/threadfix/Messages.properties -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/src/org/zaproxy/zap/extension/threadfix/Messages_en_GB.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-scanner-plugin/zaproxy/src/org/zaproxy/zap/extension/threadfix/Messages_en_GB.properties -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/src/org/zaproxy/zap/extension/threadfix/ZapAddOn.xml: -------------------------------------------------------------------------------- 1 | 2 | ThreadFix 3 | 2 4 | 5 | Export Scans to ThreadFix 6 | Denim Group (Mac Collins) 7 | 8 | First Version 9 | 10 | 11 | org.zaproxy.zap.extension.threadfix.ThreadFixExtension 12 | 13 | 14 | 15 | 16 | 17 | 2.4.0 18 | 19 | 20 | -------------------------------------------------------------------------------- /archived/threadfix-scanner-plugin/zaproxy/src/org/zaproxy/zap/extension/threadfix/dg-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denimgroup/threadfix/9eb511e532e9c0105acd7b47a65590686d3ce29d/archived/threadfix-scanner-plugin/zaproxy/src/org/zaproxy/zap/extension/threadfix/dg-icon.png -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/DefaultDefectFieldService.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import java.util.List; 4 | import com.denimgroup.threadfix.data.entities.DefaultDefectField; 5 | import com.denimgroup.threadfix.data.entities.Vulnerability; 6 | 7 | public interface DefaultDefectFieldService { 8 | 9 | public String getDefaultValueForVulns(DefaultDefectField defaultDefectField, List vulnerabilities); 10 | 11 | /** 12 | * Should parse Json results to update/create defaults, but also validate the defaults (tag existence...) 13 | * @param newDefaults 14 | */ 15 | public List parseDefaultDefectsFields(String newDefaultsJson); 16 | } 17 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/DefaultTagMappingService.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import java.util.List; 4 | import com.denimgroup.threadfix.data.entities.DefaultTag; 5 | import com.denimgroup.threadfix.data.entities.Vulnerability; 6 | 7 | public interface DefaultTagMappingService extends GenericNamedObjectService { 8 | 9 | public String evaluateTagValueForVulns(DefaultTag tag, List vulnerabilities); 10 | 11 | /** 12 | * This function is meant to be compliant with the protocol for listing the available tags 13 | * and return a map that can just be integrated in larger object before serialization 14 | * 15 | */ 16 | public List getTagsWithValueMappingFields(); 17 | 18 | public List getTagKeysOrNull(String tagName); 19 | 20 | String evaluateTagValueForVulnsFromPattern(String dynamicPattern, List vulnerabilities); 21 | } 22 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/DefectTrackerTypeService.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import com.denimgroup.threadfix.data.entities.DefectTrackerType; 4 | 5 | public interface DefectTrackerTypeService extends GenericObjectService{ 6 | } 7 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/EmailReportService.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import java.util.List; 4 | import java.util.Map; 5 | 6 | import com.denimgroup.threadfix.data.entities.PolicyStatus; 7 | import com.denimgroup.threadfix.data.entities.ScheduledEmailReport; 8 | import com.denimgroup.threadfix.data.entities.Vulnerability; 9 | 10 | public interface EmailReportService { 11 | 12 | public void sendEmailReport(ScheduledEmailReport scheduledEmailReport); 13 | 14 | public List getNewVulnerabilities(ScheduledEmailReport scheduledEmailReport); 15 | 16 | public String getEmailReportBody(ScheduledEmailReport scheduledEmailReport); 17 | 18 | public String getEmailReportSubject(List vulnerabilities); 19 | 20 | public Map getNewVulnerabilitiesHierarchicalModel(ScheduledEmailReport scheduledEmailReport); 21 | 22 | public void sendPolicyReport(List policyStatuses); 23 | } 24 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/NonceService.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | public interface NonceService { 4 | 5 | /** 6 | * Generate a once time token (nonce) for authenticating subsequent 7 | * requests. This will also add the token to the session. The nonce 8 | * generation is a simplified version of ManagerBase.generateSessionId(). 9 | * 10 | */ 11 | String generateNonce(); 12 | } 13 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/RequestUrlService.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import javax.servlet.http.HttpServletRequest; 4 | 5 | public interface RequestUrlService { 6 | 7 | /** 8 | * Returns the string of the base URL queried to the HTTP Servlet 9 | * Like: https://hostname:8443/threadfix 10 | * Such as the controllers paths appended to this string would make a valid URL 11 | * The port number doesn't appear (like in web browsers) if it's standard like 80 or 443 12 | */ 13 | public String getBaseUrlFromRequest(HttpServletRequest request); 14 | 15 | } 16 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/ScanResultFilterService.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import com.denimgroup.threadfix.data.entities.ChannelType; 4 | import com.denimgroup.threadfix.data.entities.GenericSeverity; 5 | import com.denimgroup.threadfix.data.entities.ScanResultFilter; 6 | 7 | import java.util.List; 8 | 9 | public interface ScanResultFilterService { 10 | List loadAll(); 11 | 12 | void storeAndApplyFilter(ScanResultFilter scanResultFilter); 13 | 14 | ScanResultFilter loadById(int scanResultFilterId); 15 | 16 | void delete(ScanResultFilter scanResultFilter); 17 | 18 | List loadFilteredSeveritiesForChannelType(ChannelType channelType); 19 | 20 | ScanResultFilter loadByChannelTypeAndSeverity(ChannelType channelType, GenericSeverity genericSeverity); 21 | 22 | void storeAndApplyFilter(ScanResultFilter scanResultFilter, GenericSeverity previousGenericSeverity, ChannelType previousChannelType); 23 | } 24 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/TemplateBuilderService.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import java.util.Map; 4 | 5 | public interface TemplateBuilderService { 6 | 7 | public String prepareMessageFromTemplate(Map model, String templateName); 8 | } 9 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/UploadScanService.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service; 2 | 3 | import org.springframework.web.multipart.MultipartFile; 4 | 5 | import java.util.Collection; 6 | 7 | public interface UploadScanService { 8 | 9 | Object processMultiFileUpload(Collection files, Integer orgId, Integer appId, 10 | String channelIdString, boolean isBulkScans); 11 | } 12 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/denimgroup/threadfix/service/email/EmailConfiguration.java: -------------------------------------------------------------------------------- 1 | package com.denimgroup.threadfix.service.email; 2 | 3 | import org.springframework.stereotype.Component; 4 | 5 | @Component 6 | public class EmailConfiguration { 7 | 8 | private boolean configuredEmail; 9 | 10 | public boolean isConfiguredEmail() { 11 | return configuredEmail; 12 | } 13 | 14 | public void setConfiguredEmail(boolean configuredEmail) { 15 | this.configuredEmail = configuredEmail; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/servicenow/grccontrol/jaxb.index: -------------------------------------------------------------------------------- 1 | GetRecordsControls 2 | GetRecordsControlsResponse 3 | GetRecordsControlsResult -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/servicenow/grccontrolservice/jaxb.index: -------------------------------------------------------------------------------- 1 | SubmitControl 2 | SubmitControlResponse -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/servicenow/grcpolicy/jaxb.index: -------------------------------------------------------------------------------- 1 | GetRecordsPolicies 2 | GetRecordsPoliciesResponse 3 | GetRecordsPoliciesResult -------------------------------------------------------------------------------- /archived/threadfix-service-interfaces/src/main/java/com/servicenow/grcpolicyservice/jaxb.index: -------------------------------------------------------------------------------- 1 | SubmitPolicy 2 | SubmitPolicyResponse -------------------------------------------------------------------------------- /archived/threadfix-sonar-plugin/src/main/resources/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Built-By: mcollins 3 | Build-Jdk: 1.7.0_71 4 | Created-By: Apache Maven 3.2.3 5 | Archiver-Version: Plexus Archiver 6 | Plugin-Class: com.denimgroup.threadfix.sonarplugin.ThreadFixPlugin 7 | Plugin-Description: View ThreadFix data in Sonar 8 | Plugin-Developers: Mac Collins 9 | Plugin-Homepage: http://threadfix.org 10 | Plugin-IssueTrackerUrl: http://github.com/denimgroup/threadfix 11 | Plugin-Key: threadfix 12 | Plugin-License: MPL 13 | Plugin-Name: ThreadFix 14 | Plugin-Organization: Denim Group 15 | Plugin-OrganizationUrl: http://www.denimgroup.com 16 | Plugin-SourcesUrl: http://github.com/denimgroup/threadfix 17 | Plugin-Version: 1.0 18 | Sonar-Version: 4.5.1 19 | -------------------------------------------------------------------------------- /archived/threadfix-sonar-plugin/src/main/resources/test.html.erb: -------------------------------------------------------------------------------- 1 | <% 2 | total_vulns = format_measure('threadfix-total-vulns') 3 | 4 | %> 5 | 6 |
7 |

ThreadFix Statistics for <%= @project.name %>

8 |

<%= total_vulns %> Total Vulnerabilities

9 |
-------------------------------------------------------------------------------- /archived/threadfix-upgrade/hsql-upgrade/.gitignore: -------------------------------------------------------------------------------- 1 | # Java # 2 | 3 | *.class 4 | 5 | # Package Files # 6 | *.jar 7 | *.war 8 | *.ear 9 | 10 | 11 | # Eclipse # 12 | 13 | *.pydevproject 14 | .metadata 15 | .gradle 16 | bin/** 17 | tmp/** 18 | tmp/**/* 19 | *.tmp 20 | *.bak 21 | *.swp 22 | *~.nib 23 | local.properties 24 | .settings/ 25 | .loadpath 26 | 27 | # External tool builders 28 | .externalToolBuilders/ 29 | 30 | # Locally stored "Eclipse launch configurations" 31 | *.launch 32 | 33 | # CDT-specific 34 | .cproject 35 | 36 | # PDT-specific 37 | .buildpath 38 | 39 | # TeXlipse plugin 40 | .texlipse 41 | 42 | 43 | # IntelliJ IDEA # 44 | 45 | *.iml 46 | *.ipr 47 | *.iws 48 | .idea/ 49 | out/ 50 | 51 | target/ 52 | 53 | .project 54 | .classpath 55 | 56 | 57 | -------------------------------------------------------------------------------- /archived/threadfix-upgrade/mysql-upgrade/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | 3 | # Java # 4 | 5 | *.class 6 | 7 | # Package Files # 8 | *.jar 9 | *.war 10 | *.ear 11 | 12 | 13 | # Eclipse # 14 | 15 | *.pydevproject 16 | .metadata 17 | .gradle 18 | bin/** 19 | tmp/** 20 | tmp/**/* 21 | *.tmp 22 | *.bak 23 | *.swp 24 | *~.nib 25 | local.properties 26 | .settings/ 27 | .loadpath 28 | 29 | # External tool builders 30 | .externalToolBuilders/ 31 | 32 | # Locally stored "Eclipse launch configurations" 33 | *.launch 34 | 35 | # CDT-specific 36 | .cproject 37 | 38 | # PDT-specific 39 | .buildpath 40 | 41 | # TeXlipse plugin 42 | .texlipse 43 | 44 | 45 | # IntelliJ IDEA # 46 | 47 | *.iml 48 | *.ipr 49 | *.iws 50 | .idea/ 51 | out/ 52 | 53 | .project 54 | .classpath 55 | 56 | 57 | --------------------------------------------------------------------------------