From 566f36e57716c31d9e7f985e0b5e617b2da6889a Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 22 Dec 2012 04:30:26 -0500 Subject: [PATCH] continued removal of cpe.xml - it is incomplete for our purpose Former-commit-id: 83d10942664962f0f530b4694a96c1f4f2783d43 --- .../dependencycheck/data/cpe/CPEAnalyzer.java | 2 -- .../dependencycheck/data/cpe/Entry.java | 13 ++++++++ .../dependencycheck/data/cpe/Index.java | 8 ++++- .../dependencycheck/data/nvdcve/Index.java | 32 +++++++++++++++++-- .../dependency/Dependency.java | 5 ++- .../dependency/Identifier.java | 30 ++--------------- .../dependencycheck/utils/FileUtils.java | 22 +++++++++++++ ...e.dependencycheck.data.CachedWebDataSource | 3 +- src/main/resources/templates/HtmlReport.vsl | 2 +- .../dependency/DependencyTest.java | 4 +-- 10 files changed, 80 insertions(+), 41 deletions(-) diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java index b15c8d905..f06e70ab2 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java @@ -167,13 +167,11 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal dependency.addIdentifier( "cpe", e.getName(), - e.getTitle(), "http://web.nvd.nist.gov/view/vuln/search?cpe=" + URLEncoder.encode(e.getName(), "UTF-8")); } } - if (!found) { int round = ctr % 3; if (round == 0) { diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java index 123c69d6f..b39907b28 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java @@ -54,6 +54,7 @@ public class Entry { } /** * The title of the CPE + * @deprecated This field is no longer used */ protected String title; @@ -61,6 +62,7 @@ public class Entry { * Get the value of title * * @return the value of title + * @deprecated This field is no longer used */ public String getTitle() { return title; @@ -70,6 +72,7 @@ public class Entry { * Set the value of title * * @param title new value of title + * @deprecated This field is no longer used */ public void setTitle(String title) { this.title = title; @@ -98,6 +101,7 @@ public class Entry { } /** * The status of the CPE Entry. + * @deprecated This field is no longer used */ protected String status; @@ -105,6 +109,7 @@ public class Entry { * Get the value of status * * @return the value of status + * @deprecated This field is no longer used */ public String getStatus() { return status; @@ -114,12 +119,14 @@ public class Entry { * Set the value of status * * @param status new value of status + * @deprecated This field is no longer used */ public void setStatus(String status) { this.status = status; } /** * The modification date of the CPE Entry. + * @deprecated This field is no longer used */ protected Date modificationDate; @@ -127,6 +134,7 @@ public class Entry { * Get the value of modificationDate * * @return the value of modificationDate + * @deprecated This field is no longer used */ public Date getModificationDate() { return modificationDate; @@ -136,6 +144,7 @@ public class Entry { * Set the value of modificationDate * * @param modificationDate new value of modificationDate + * @deprecated This field is no longer used */ public void setModificationDate(Date modificationDate) { this.modificationDate = modificationDate; @@ -148,6 +157,7 @@ public class Entry { * * @param modificationDate new value of modificationDate * @throws ParseException is thrown when a parse exception occurs. + * @deprecated This field is no longer used */ public void setModificationDate(String modificationDate) throws ParseException { @@ -161,6 +171,7 @@ public class Entry { } /** * The nvdId. + * @deprecated This field is no longer used */ protected String nvdId; @@ -168,6 +179,7 @@ public class Entry { * Get the value of nvdId * * @return the value of nvdId + * @deprecated This field is no longer used */ public String getNvdId() { return nvdId; @@ -177,6 +189,7 @@ public class Entry { * Set the value of nvdId * * @param nvdId new value of nvdId + * @deprecated This field is no longer used */ public void setNvdId(String nvdId) { this.nvdId = nvdId; diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java index 3a416efaf..01b43e607 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java @@ -88,7 +88,7 @@ public class Index extends AbstractIndex implements CachedWebDataSource { * @return the data directory for this index. * @throws IOException is thrown if an IOException occurs of course... */ - protected File getDataDirectory() throws IOException { + public File getDataDirectory() throws IOException { String fileName = Settings.getString(Settings.KEYS.CPE_INDEX); String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath(); String decodedPath = URLDecoder.decode(filePath, "UTF-8"); @@ -132,6 +132,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource { * * @throws UpdateException is thrown if there is a problem updating the * index. + * + * @deprecated this should no longer be used as the raw CPE hosted at NIST is not complete enough. */ public void update() throws UpdateException { try { @@ -180,6 +182,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource { * directory. * * @param timeStamp the timestamp to write. + * + * @deprecated this should no longer be used as the raw CPE hosted at NIST is not complete enough. */ private void writeLastUpdatedPropertyFile(long timeStamp) throws UpdateException { String dir; @@ -229,6 +233,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource { * downloading the cpe.meta data file. * @throws UpdateException is thrown if there is an error locating the last updated * properties file. + * + * @deprecated this should no longer be used as the raw CPE hosted at NIST is not complete enough. */ public long updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException { long retVal = 0; diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java index 4448298ec..9bacb1b7b 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java @@ -40,6 +40,7 @@ import org.codesecure.dependencycheck.data.lucene.AbstractIndex; import org.codesecure.dependencycheck.data.nvdcve.xml.Importer; import org.codesecure.dependencycheck.utils.DownloadFailedException; import org.codesecure.dependencycheck.utils.Downloader; +import org.codesecure.dependencycheck.utils.FileUtils; import org.codesecure.dependencycheck.utils.Settings; /** @@ -48,6 +49,10 @@ import org.codesecure.dependencycheck.utils.Settings; * @author Jeremy Long (jeremy.long@gmail.com) */ public class Index extends AbstractIndex implements CachedWebDataSource { + /** + * The current version of Lucene used to build the index. + */ + public static final String INDEX_VERSION = "4.0"; /** * The name of the properties file containing the timestamp of the last @@ -203,7 +208,7 @@ public class Index extends AbstractIndex implements CachedWebDataSource { } File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE); Properties prop = new Properties(); - + prop.put("version", INDEX_VERSION); for (NvdCveUrl cve : updated.values()) { prop.put(LAST_UPDATED_BASE + cve.id, String.valueOf(cve.getTimestamp())); } @@ -271,10 +276,23 @@ public class Index extends AbstractIndex implements CachedWebDataSource { File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE); if (cveProp.exists()) { Properties prop = new Properties(); - InputStream is; + InputStream is = null; try { is = new FileInputStream(cveProp); prop.load(is); + + if (prop.getProperty("version") == null) { + is.close(); + //this is an old version of the lucene index - just delete it + FileUtils.delete(f); + + //this importer also updates the CPE index and it is also using an old version + org.codesecure.dependencycheck.data.cpe.Index cpeidx = new org.codesecure.dependencycheck.data.cpe.Index(); + File cpeDir = cpeidx.getDataDirectory(); + FileUtils.delete(cpeDir); + return currentlyPublished; + } + long lastUpdated = Long.parseLong(prop.getProperty(Index.LAST_UPDATED_MODIFIED)); Date now = new Date(); int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS); @@ -308,6 +326,14 @@ public class Index extends AbstractIndex implements CachedWebDataSource { Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); } catch (NumberFormatException ex) { Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); + } finally { + if (is != null) { + try { + is.close(); + } catch (IOException ex) { + Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + } + } } } } @@ -460,6 +486,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource { stream.close(); } return str.toString(); + + } /** diff --git a/src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java b/src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java index 1b3062572..47a3a93e3 100644 --- a/src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java +++ b/src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java @@ -238,11 +238,10 @@ public class Dependency { * * @param type the type of identifier (such as CPE). * @param value the value of the identifier. - * @param title the title of the identifier. * @param url the URL of the identifier. */ - public void addIdentifier(String type, String value, String title, String url) { - Identifier i = new Identifier(type, value, title, url); + public void addIdentifier(String type, String value, String url) { + Identifier i = new Identifier(type, value, url); this.identifiers.add(i); } diff --git a/src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java b/src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java index 489442d3c..2529c60b6 100644 --- a/src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java +++ b/src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java @@ -29,13 +29,11 @@ public class Identifier { * * @param type the identifier type. * @param value the identifier value. - * @param title the identifier title. * @param url the identifier url. */ - Identifier(String type, String value, String title, String url) { + Identifier(String type, String value, String url) { this.type = type; this.value = value; - this.title = title; this.url = url; } @@ -44,12 +42,11 @@ public class Identifier { * * @param type the identifier type. * @param value the identifier value. - * @param title the identifier title. * @param url the identifier url. * @param description the description of the identifier. */ - Identifier(String type, String value, String title, String url, String description) { - this(type, value, title, url); + Identifier(String type, String value, String url, String description) { + this(type, value, url); this.description = description; } /** @@ -74,28 +71,7 @@ public class Identifier { public void setValue(String value) { this.value = value; } - /** - * The title of the identifeir - */ - protected String title; - /** - * Get the value of title - * - * @return the value of title - */ - public String getTitle() { - return title; - } - - /** - * Set the value of title - * - * @param title new value of title - */ - public void setTitle(String title) { - this.title = title; - } /** * The url for the identifeir */ diff --git a/src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java b/src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java index b2a7545b7..5edc02477 100644 --- a/src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java +++ b/src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java @@ -18,6 +18,10 @@ package org.codesecure.dependencycheck.utils; * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ +import java.io.File; +import java.io.FileNotFoundException; +import java.io.IOException; + /** * A collection of utilities for processing information about files. * @@ -45,4 +49,22 @@ public class FileUtils { } return ret; } + + /** + * Deletes a file. If the File is a directory it will recursively delete + * the contents. + * + * @param file the File to delete + * @throws IOException + */ + public static void delete(File file) throws IOException { + if (file.isDirectory()) { + for (File c : file.listFiles()) { + delete(c); + } + } + if (!file.delete()) { + throw new FileNotFoundException("Failed to delete file: " + file); + } + } } diff --git a/src/main/resources/META-INF/services/org.codesecure.dependencycheck.data.CachedWebDataSource b/src/main/resources/META-INF/services/org.codesecure.dependencycheck.data.CachedWebDataSource index 4fcc89797..54359f2dc 100644 --- a/src/main/resources/META-INF/services/org.codesecure.dependencycheck.data.CachedWebDataSource +++ b/src/main/resources/META-INF/services/org.codesecure.dependencycheck.data.CachedWebDataSource @@ -1,2 +1 @@ -org.codesecure.dependencycheck.data.nvdcve.Index -org.codesecure.dependencycheck.data.cpe.Index \ No newline at end of file +org.codesecure.dependencycheck.data.nvdcve.Index \ No newline at end of file diff --git a/src/main/resources/templates/HtmlReport.vsl b/src/main/resources/templates/HtmlReport.vsl index 8723fbc03..a727f7a7d 100644 --- a/src/main/resources/templates/HtmlReport.vsl +++ b/src/main/resources/templates/HtmlReport.vsl @@ -370,7 +370,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.