mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 07:43:40 +01:00
continued removal of cpe.xml - it is incomplete for our purpose
Former-commit-id: 1e1a61f92edfd8ba27530fd53fa0d21bf7862ea4
This commit is contained in:
Jeremy Long
@@ -167,13 +167,11 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
|
||||
dependency.addIdentifier(
|
||||
"cpe",
|
||||
e.getName(),
|
||||
e.getTitle(),
|
||||
"http://web.nvd.nist.gov/view/vuln/search?cpe="
|
||||
+ URLEncoder.encode(e.getName(), "UTF-8"));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!found) {
|
||||
int round = ctr % 3;
|
||||
if (round == 0) {
|
||||
|
||||
@@ -54,6 +54,7 @@ public class Entry {
|
||||
}
|
||||
/**
|
||||
* The title of the CPE
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
protected String title;
|
||||
|
||||
@@ -61,6 +62,7 @@ public class Entry {
|
||||
* Get the value of title
|
||||
*
|
||||
* @return the value of title
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
public String getTitle() {
|
||||
return title;
|
||||
@@ -70,6 +72,7 @@ public class Entry {
|
||||
* Set the value of title
|
||||
*
|
||||
* @param title new value of title
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
public void setTitle(String title) {
|
||||
this.title = title;
|
||||
@@ -98,6 +101,7 @@ public class Entry {
|
||||
}
|
||||
/**
|
||||
* The status of the CPE Entry.
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
protected String status;
|
||||
|
||||
@@ -105,6 +109,7 @@ public class Entry {
|
||||
* Get the value of status
|
||||
*
|
||||
* @return the value of status
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
public String getStatus() {
|
||||
return status;
|
||||
@@ -114,12 +119,14 @@ public class Entry {
|
||||
* Set the value of status
|
||||
*
|
||||
* @param status new value of status
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
public void setStatus(String status) {
|
||||
this.status = status;
|
||||
}
|
||||
/**
|
||||
* The modification date of the CPE Entry.
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
protected Date modificationDate;
|
||||
|
||||
@@ -127,6 +134,7 @@ public class Entry {
|
||||
* Get the value of modificationDate
|
||||
*
|
||||
* @return the value of modificationDate
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
public Date getModificationDate() {
|
||||
return modificationDate;
|
||||
@@ -136,6 +144,7 @@ public class Entry {
|
||||
* Set the value of modificationDate
|
||||
*
|
||||
* @param modificationDate new value of modificationDate
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
public void setModificationDate(Date modificationDate) {
|
||||
this.modificationDate = modificationDate;
|
||||
@@ -148,6 +157,7 @@ public class Entry {
|
||||
*
|
||||
* @param modificationDate new value of modificationDate
|
||||
* @throws ParseException is thrown when a parse exception occurs.
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
public void setModificationDate(String modificationDate) throws ParseException {
|
||||
|
||||
@@ -161,6 +171,7 @@ public class Entry {
|
||||
}
|
||||
/**
|
||||
* The nvdId.
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
protected String nvdId;
|
||||
|
||||
@@ -168,6 +179,7 @@ public class Entry {
|
||||
* Get the value of nvdId
|
||||
*
|
||||
* @return the value of nvdId
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
public String getNvdId() {
|
||||
return nvdId;
|
||||
@@ -177,6 +189,7 @@ public class Entry {
|
||||
* Set the value of nvdId
|
||||
*
|
||||
* @param nvdId new value of nvdId
|
||||
* @deprecated This field is no longer used
|
||||
*/
|
||||
public void setNvdId(String nvdId) {
|
||||
this.nvdId = nvdId;
|
||||
|
||||
@@ -88,7 +88,7 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
|
||||
* @return the data directory for this index.
|
||||
* @throws IOException is thrown if an IOException occurs of course...
|
||||
*/
|
||||
protected File getDataDirectory() throws IOException {
|
||||
public File getDataDirectory() throws IOException {
|
||||
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
|
||||
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
|
||||
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
|
||||
@@ -132,6 +132,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
|
||||
*
|
||||
* @throws UpdateException is thrown if there is a problem updating the
|
||||
* index.
|
||||
*
|
||||
* @deprecated this should no longer be used as the raw CPE hosted at NIST is not complete enough.
|
||||
*/
|
||||
public void update() throws UpdateException {
|
||||
try {
|
||||
@@ -180,6 +182,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
|
||||
* directory.
|
||||
*
|
||||
* @param timeStamp the timestamp to write.
|
||||
*
|
||||
* @deprecated this should no longer be used as the raw CPE hosted at NIST is not complete enough.
|
||||
*/
|
||||
private void writeLastUpdatedPropertyFile(long timeStamp) throws UpdateException {
|
||||
String dir;
|
||||
@@ -229,6 +233,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
|
||||
* downloading the cpe.meta data file.
|
||||
* @throws UpdateException is thrown if there is an error locating the last updated
|
||||
* properties file.
|
||||
*
|
||||
* @deprecated this should no longer be used as the raw CPE hosted at NIST is not complete enough.
|
||||
*/
|
||||
public long updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
|
||||
long retVal = 0;
|
||||
|
||||
@@ -40,6 +40,7 @@ import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
|
||||
import org.codesecure.dependencycheck.data.nvdcve.xml.Importer;
|
||||
import org.codesecure.dependencycheck.utils.DownloadFailedException;
|
||||
import org.codesecure.dependencycheck.utils.Downloader;
|
||||
import org.codesecure.dependencycheck.utils.FileUtils;
|
||||
import org.codesecure.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
@@ -48,6 +49,10 @@ import org.codesecure.dependencycheck.utils.Settings;
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
*/
|
||||
public class Index extends AbstractIndex implements CachedWebDataSource {
|
||||
/**
|
||||
* The current version of Lucene used to build the index.
|
||||
*/
|
||||
public static final String INDEX_VERSION = "4.0";
|
||||
|
||||
/**
|
||||
* The name of the properties file containing the timestamp of the last
|
||||
@@ -203,7 +208,7 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
|
||||
}
|
||||
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
|
||||
Properties prop = new Properties();
|
||||
|
||||
prop.put("version", INDEX_VERSION);
|
||||
for (NvdCveUrl cve : updated.values()) {
|
||||
prop.put(LAST_UPDATED_BASE + cve.id, String.valueOf(cve.getTimestamp()));
|
||||
}
|
||||
@@ -271,10 +276,23 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
|
||||
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
|
||||
if (cveProp.exists()) {
|
||||
Properties prop = new Properties();
|
||||
InputStream is;
|
||||
InputStream is = null;
|
||||
try {
|
||||
is = new FileInputStream(cveProp);
|
||||
prop.load(is);
|
||||
|
||||
if (prop.getProperty("version") == null) {
|
||||
is.close();
|
||||
//this is an old version of the lucene index - just delete it
|
||||
FileUtils.delete(f);
|
||||
|
||||
//this importer also updates the CPE index and it is also using an old version
|
||||
org.codesecure.dependencycheck.data.cpe.Index cpeidx = new org.codesecure.dependencycheck.data.cpe.Index();
|
||||
File cpeDir = cpeidx.getDataDirectory();
|
||||
FileUtils.delete(cpeDir);
|
||||
return currentlyPublished;
|
||||
}
|
||||
|
||||
long lastUpdated = Long.parseLong(prop.getProperty(Index.LAST_UPDATED_MODIFIED));
|
||||
Date now = new Date();
|
||||
int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS);
|
||||
@@ -308,6 +326,14 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
|
||||
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
|
||||
} catch (NumberFormatException ex) {
|
||||
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
|
||||
} finally {
|
||||
if (is != null) {
|
||||
try {
|
||||
is.close();
|
||||
} catch (IOException ex) {
|
||||
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -460,6 +486,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
|
||||
stream.close();
|
||||
}
|
||||
return str.toString();
|
||||
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -238,11 +238,10 @@ public class Dependency {
|
||||
*
|
||||
* @param type the type of identifier (such as CPE).
|
||||
* @param value the value of the identifier.
|
||||
* @param title the title of the identifier.
|
||||
* @param url the URL of the identifier.
|
||||
*/
|
||||
public void addIdentifier(String type, String value, String title, String url) {
|
||||
Identifier i = new Identifier(type, value, title, url);
|
||||
public void addIdentifier(String type, String value, String url) {
|
||||
Identifier i = new Identifier(type, value, url);
|
||||
this.identifiers.add(i);
|
||||
}
|
||||
|
||||
|
||||
@@ -29,13 +29,11 @@ public class Identifier {
|
||||
*
|
||||
* @param type the identifier type.
|
||||
* @param value the identifier value.
|
||||
* @param title the identifier title.
|
||||
* @param url the identifier url.
|
||||
*/
|
||||
Identifier(String type, String value, String title, String url) {
|
||||
Identifier(String type, String value, String url) {
|
||||
this.type = type;
|
||||
this.value = value;
|
||||
this.title = title;
|
||||
this.url = url;
|
||||
}
|
||||
|
||||
@@ -44,12 +42,11 @@ public class Identifier {
|
||||
*
|
||||
* @param type the identifier type.
|
||||
* @param value the identifier value.
|
||||
* @param title the identifier title.
|
||||
* @param url the identifier url.
|
||||
* @param description the description of the identifier.
|
||||
*/
|
||||
Identifier(String type, String value, String title, String url, String description) {
|
||||
this(type, value, title, url);
|
||||
Identifier(String type, String value, String url, String description) {
|
||||
this(type, value, url);
|
||||
this.description = description;
|
||||
}
|
||||
/**
|
||||
@@ -74,28 +71,7 @@ public class Identifier {
|
||||
public void setValue(String value) {
|
||||
this.value = value;
|
||||
}
|
||||
/**
|
||||
* The title of the identifeir
|
||||
*/
|
||||
protected String title;
|
||||
|
||||
/**
|
||||
* Get the value of title
|
||||
*
|
||||
* @return the value of title
|
||||
*/
|
||||
public String getTitle() {
|
||||
return title;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of title
|
||||
*
|
||||
* @param title new value of title
|
||||
*/
|
||||
public void setTitle(String title) {
|
||||
this.title = title;
|
||||
}
|
||||
/**
|
||||
* The url for the identifeir
|
||||
*/
|
||||
|
||||
@@ -18,6 +18,10 @@ package org.codesecure.dependencycheck.utils;
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* A collection of utilities for processing information about files.
|
||||
*
|
||||
@@ -45,4 +49,22 @@ public class FileUtils {
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes a file. If the File is a directory it will recursively delete
|
||||
* the contents.
|
||||
*
|
||||
* @param file the File to delete
|
||||
* @throws IOException
|
||||
*/
|
||||
public static void delete(File file) throws IOException {
|
||||
if (file.isDirectory()) {
|
||||
for (File c : file.listFiles()) {
|
||||
delete(c);
|
||||
}
|
||||
}
|
||||
if (!file.delete()) {
|
||||
throw new FileNotFoundException("Failed to delete file: " + file);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,2 +1 @@
|
||||
org.codesecure.dependencycheck.data.nvdcve.Index
|
||||
org.codesecure.dependencycheck.data.cpe.Index
|
||||
org.codesecure.dependencycheck.data.nvdcve.Index
|
||||
@@ -370,7 +370,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
<ul>
|
||||
#foreach($id in $dependency.getIdentifiers())
|
||||
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
|
||||
<li><b>$esc.html($id.type):</b> $esc.html($id.title) : <a href="$esc.html($id.url)" target="_blank">$esc.html($id.value)</a>
|
||||
<li><b>$esc.html($id.type):</b> <a href="$esc.html($id.url)" target="_blank">$esc.html($id.value)</a>
|
||||
#if( $id.descrription )
|
||||
<br/>$esc.html($id.description)
|
||||
#end
|
||||
|
||||
@@ -249,15 +249,13 @@ public class DependencyTest {
|
||||
System.out.println("addIdentifier");
|
||||
String type = "cpe";
|
||||
String value = "cpe:/a:apache:struts:2.1.2";
|
||||
String title = "Apache Struts 2.1.2";
|
||||
String url = "http://somewhere";
|
||||
Dependency instance = new Dependency();
|
||||
instance.addIdentifier(type, value, title, url);
|
||||
instance.addIdentifier(type, value, url);
|
||||
assertEquals(1,instance.getIdentifiers().size());
|
||||
Identifier i = instance.getIdentifiers().get(0);
|
||||
assertEquals(type,i.getType());
|
||||
assertEquals(value, i.getValue());
|
||||
assertEquals(title, i.getTitle());
|
||||
assertEquals(url, i.getUrl());
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user