github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-17 23:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

continued removal of cpe.xml - it is incomplete for our purpose

Browse Source 
Former-commit-id: 1e1a61f92edfd8ba27530fd53fa0d21bf7862ea4
This commit is contained in:
Jeremy Long
2012-12-22 04:30:26 -05:00
parent 23caa1d0b5
commit 5ec9a24c99
10 changed files with 80 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java
View File

@@ -167,13 +167,11 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
dependency.addIdentifier( dependency.addIdentifier(
"cpe", "cpe",
e.getName(), e.getName(),
e.getTitle(),
"http://web.nvd.nist.gov/view/vuln/search?cpe=" "http://web.nvd.nist.gov/view/vuln/search?cpe="
+ URLEncoder.encode(e.getName(), "UTF-8")); + URLEncoder.encode(e.getName(), "UTF-8"));
} }
} }
if (!found) { if (!found) {
int round = ctr % 3; int round = ctr % 3;
if (round == 0) { if (round == 0) {

13
src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java
View File

@@ -54,6 +54,7 @@ public class Entry {
} }
/** /**
* The title of the CPE * The title of the CPE
* @deprecated This field is no longer used
*/ */
protected String title; protected String title;
@@ -61,6 +62,7 @@ public class Entry {
* Get the value of title * Get the value of title
* *
* @return the value of title * @return the value of title
* @deprecated This field is no longer used
*/ */
public String getTitle() { public String getTitle() {
return title; return title;
@@ -70,6 +72,7 @@ public class Entry {
* Set the value of title * Set the value of title
* *
* @param title new value of title * @param title new value of title
* @deprecated This field is no longer used
*/ */
public void setTitle(String title) { public void setTitle(String title) {
this.title = title; this.title = title;
@@ -98,6 +101,7 @@ public class Entry {
} }
/** /**
* The status of the CPE Entry. * The status of the CPE Entry.
* @deprecated This field is no longer used
*/ */
protected String status; protected String status;
@@ -105,6 +109,7 @@ public class Entry {
* Get the value of status * Get the value of status
* *
* @return the value of status * @return the value of status
* @deprecated This field is no longer used
*/ */
public String getStatus() { public String getStatus() {
return status; return status;
@@ -114,12 +119,14 @@ public class Entry {
* Set the value of status * Set the value of status
* *
* @param status new value of status * @param status new value of status
* @deprecated This field is no longer used
*/ */
public void setStatus(String status) { public void setStatus(String status) {
this.status = status; this.status = status;
} }
/** /**
* The modification date of the CPE Entry. * The modification date of the CPE Entry.
* @deprecated This field is no longer used
*/ */
protected Date modificationDate; protected Date modificationDate;
@@ -127,6 +134,7 @@ public class Entry {
* Get the value of modificationDate * Get the value of modificationDate
* *
* @return the value of modificationDate * @return the value of modificationDate
* @deprecated This field is no longer used
*/ */
public Date getModificationDate() { public Date getModificationDate() {
return modificationDate; return modificationDate;
@@ -136,6 +144,7 @@ public class Entry {
* Set the value of modificationDate * Set the value of modificationDate
* *
* @param modificationDate new value of modificationDate * @param modificationDate new value of modificationDate
* @deprecated This field is no longer used
*/ */
public void setModificationDate(Date modificationDate) { public void setModificationDate(Date modificationDate) {
this.modificationDate = modificationDate; this.modificationDate = modificationDate;
@@ -148,6 +157,7 @@ public class Entry {
* *
* @param modificationDate new value of modificationDate * @param modificationDate new value of modificationDate
* @throws ParseException is thrown when a parse exception occurs. * @throws ParseException is thrown when a parse exception occurs.
* @deprecated This field is no longer used
*/ */
public void setModificationDate(String modificationDate) throws ParseException { public void setModificationDate(String modificationDate) throws ParseException {
@@ -161,6 +171,7 @@ public class Entry {
} }
/** /**
* The nvdId. * The nvdId.
* @deprecated This field is no longer used
*/ */
protected String nvdId; protected String nvdId;
@@ -168,6 +179,7 @@ public class Entry {
* Get the value of nvdId * Get the value of nvdId
* *
* @return the value of nvdId * @return the value of nvdId
* @deprecated This field is no longer used
*/ */
public String getNvdId() { public String getNvdId() {
return nvdId; return nvdId;
@@ -177,6 +189,7 @@ public class Entry {
* Set the value of nvdId * Set the value of nvdId
* *
* @param nvdId new value of nvdId * @param nvdId new value of nvdId
* @deprecated This field is no longer used
*/ */
public void setNvdId(String nvdId) { public void setNvdId(String nvdId) {
this.nvdId = nvdId; this.nvdId = nvdId;

8
src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java
View File

@@ -88,7 +88,7 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* @return the data directory for this index. * @return the data directory for this index.
* @throws IOException is thrown if an IOException occurs of course... * @throws IOException is thrown if an IOException occurs of course...
*/ */
protected File getDataDirectory() throws IOException { public File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX); String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath(); String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8"); String decodedPath = URLDecoder.decode(filePath, "UTF-8");
@@ -132,6 +132,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* *
* @throws UpdateException is thrown if there is a problem updating the * @throws UpdateException is thrown if there is a problem updating the
* index. * index.
*
* @deprecated this should no longer be used as the raw CPE hosted at NIST is not complete enough.
*/ */
public void update() throws UpdateException { public void update() throws UpdateException {
try { try {
@@ -180,6 +182,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* directory. * directory.
* *
* @param timeStamp the timestamp to write. * @param timeStamp the timestamp to write.
*
* @deprecated this should no longer be used as the raw CPE hosted at NIST is not complete enough.
*/ */
private void writeLastUpdatedPropertyFile(long timeStamp) throws UpdateException { private void writeLastUpdatedPropertyFile(long timeStamp) throws UpdateException {
String dir; String dir;
@@ -229,6 +233,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* downloading the cpe.meta data file. * downloading the cpe.meta data file.
* @throws UpdateException is thrown if there is an error locating the last updated * @throws UpdateException is thrown if there is an error locating the last updated
* properties file. * properties file.
*
* @deprecated this should no longer be used as the raw CPE hosted at NIST is not complete enough.
*/ */
public long updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException { public long updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
long retVal = 0; long retVal = 0;

32
src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java
View File

@@ -40,6 +40,7 @@ import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
import org.codesecure.dependencycheck.data.nvdcve.xml.Importer; import org.codesecure.dependencycheck.data.nvdcve.xml.Importer;
import org.codesecure.dependencycheck.utils.DownloadFailedException; import org.codesecure.dependencycheck.utils.DownloadFailedException;
import org.codesecure.dependencycheck.utils.Downloader; import org.codesecure.dependencycheck.utils.Downloader;
import org.codesecure.dependencycheck.utils.FileUtils;
import org.codesecure.dependencycheck.utils.Settings; import org.codesecure.dependencycheck.utils.Settings;
/** /**
@@ -48,6 +49,10 @@ import org.codesecure.dependencycheck.utils.Settings;
* @author Jeremy Long (jeremy.long@gmail.com) * @author Jeremy Long (jeremy.long@gmail.com)
*/ */
public class Index extends AbstractIndex implements CachedWebDataSource { public class Index extends AbstractIndex implements CachedWebDataSource {
/**
* The current version of Lucene used to build the index.
*/
public static final String INDEX_VERSION = "4.0";
/** /**
* The name of the properties file containing the timestamp of the last * The name of the properties file containing the timestamp of the last
@@ -203,7 +208,7 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
} }
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE); File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
Properties prop = new Properties(); Properties prop = new Properties();
prop.put("version", INDEX_VERSION);
for (NvdCveUrl cve : updated.values()) { for (NvdCveUrl cve : updated.values()) {
prop.put(LAST_UPDATED_BASE + cve.id, String.valueOf(cve.getTimestamp())); prop.put(LAST_UPDATED_BASE + cve.id, String.valueOf(cve.getTimestamp()));
} }
@@ -271,10 +276,23 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE); File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
if (cveProp.exists()) { if (cveProp.exists()) {
Properties prop = new Properties(); Properties prop = new Properties();
InputStream is; InputStream is = null;
try { try {
is = new FileInputStream(cveProp); is = new FileInputStream(cveProp);
prop.load(is); prop.load(is);
if (prop.getProperty("version") == null) {
is.close();
//this is an old version of the lucene index - just delete it
FileUtils.delete(f);
//this importer also updates the CPE index and it is also using an old version
org.codesecure.dependencycheck.data.cpe.Index cpeidx = new org.codesecure.dependencycheck.data.cpe.Index();
File cpeDir = cpeidx.getDataDirectory();
FileUtils.delete(cpeDir);
return currentlyPublished;
}
long lastUpdated = Long.parseLong(prop.getProperty(Index.LAST_UPDATED_MODIFIED)); long lastUpdated = Long.parseLong(prop.getProperty(Index.LAST_UPDATED_MODIFIED));
Date now = new Date(); Date now = new Date();
int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS); int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS);
@@ -308,6 +326,14 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
} catch (NumberFormatException ex) { } catch (NumberFormatException ex) {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
} finally {
if (is != null) {
try {
is.close();
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
}
}
} }
} }
} }
@@ -460,6 +486,8 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
stream.close(); stream.close();
} }
return str.toString(); return str.toString();
} }
/** /**

5
src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java
View File

@@ -238,11 +238,10 @@ public class Dependency {
* *
* @param type the type of identifier (such as CPE). * @param type the type of identifier (such as CPE).
* @param value the value of the identifier. * @param value the value of the identifier.
* @param title the title of the identifier.
* @param url the URL of the identifier. * @param url the URL of the identifier.
*/ */
public void addIdentifier(String type, String value, String title, String url) { public void addIdentifier(String type, String value, String url) {
Identifier i = new Identifier(type, value, title, url); Identifier i = new Identifier(type, value, url);
this.identifiers.add(i); this.identifiers.add(i);
} }

30
src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java
View File

@@ -29,13 +29,11 @@ public class Identifier {
* *
* @param type the identifier type. * @param type the identifier type.
* @param value the identifier value. * @param value the identifier value.
* @param title the identifier title.
* @param url the identifier url. * @param url the identifier url.
*/ */
Identifier(String type, String value, String title, String url) { Identifier(String type, String value, String url) {
this.type = type; this.type = type;
this.value = value; this.value = value;
this.title = title;
this.url = url; this.url = url;
} }
@@ -44,12 +42,11 @@ public class Identifier {
* *
* @param type the identifier type. * @param type the identifier type.
* @param value the identifier value. * @param value the identifier value.
* @param title the identifier title.
* @param url the identifier url. * @param url the identifier url.
* @param description the description of the identifier. * @param description the description of the identifier.
*/ */
Identifier(String type, String value, String title, String url, String description) { Identifier(String type, String value, String url, String description) {
this(type, value, title, url); this(type, value, url);
this.description = description; this.description = description;
} }
/** /**
@@ -74,28 +71,7 @@ public class Identifier {
public void setValue(String value) { public void setValue(String value) {
this.value = value; this.value = value;
} }
/**
* The title of the identifeir
*/
protected String title;
/**
* Get the value of title
*
* @return the value of title
*/
public String getTitle() {
return title;
}
/**
* Set the value of title
*
* @param title new value of title
*/
public void setTitle(String title) {
this.title = title;
}
/** /**
* The url for the identifeir * The url for the identifeir
*/ */

22
src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java
View File

@@ -18,6 +18,10 @@ package org.codesecure.dependencycheck.utils;
* Copyright (c) 2012 Jeremy Long. All Rights Reserved. * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/ */
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
/** /**
* A collection of utilities for processing information about files. * A collection of utilities for processing information about files.
* *
@@ -45,4 +49,22 @@ public class FileUtils {
} }
return ret; return ret;
} }
/**
* Deletes a file. If the File is a directory it will recursively delete
* the contents.
*
* @param file the File to delete
* @throws IOException
*/
public static void delete(File file) throws IOException {
if (file.isDirectory()) {
for (File c : file.listFiles()) {
delete(c);
}
}
if (!file.delete()) {
throw new FileNotFoundException("Failed to delete file: " + file);
}
}
} }

1
src/main/resources/META-INF/services/org.codesecure.dependencycheck.data.CachedWebDataSource
View File

@@ -1,2 +1 @@
org.codesecure.dependencycheck.data.nvdcve.Index org.codesecure.dependencycheck.data.nvdcve.Index
org.codesecure.dependencycheck.data.cpe.Index

2
src/main/resources/templates/HtmlReport.vsl
View File

@@ -370,7 +370,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<ul> <ul>
#foreach($id in $dependency.getIdentifiers()) #foreach($id in $dependency.getIdentifiers())
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here... ##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
<li><b>$esc.html($id.type):</b>&nbsp;$esc.html($id.title)&nbsp;:&nbsp;<a href="$esc.html($id.url)" target="_blank">$esc.html($id.value)</a> <li><b>$esc.html($id.type):</b>&nbsp;<a href="$esc.html($id.url)" target="_blank">$esc.html($id.value)</a>
#if( $id.descrription ) #if( $id.descrription )
<br/>$esc.html($id.description) <br/>$esc.html($id.description)
#end #end

4
src/test/java/org/codesecure/dependencycheck/dependency/DependencyTest.java
View File

@@ -249,15 +249,13 @@ public class DependencyTest {
System.out.println("addIdentifier"); System.out.println("addIdentifier");
String type = "cpe"; String type = "cpe";
String value = "cpe:/a:apache:struts:2.1.2"; String value = "cpe:/a:apache:struts:2.1.2";
String title = "Apache Struts 2.1.2";
String url = "http://somewhere"; String url = "http://somewhere";
Dependency instance = new Dependency(); Dependency instance = new Dependency();
instance.addIdentifier(type, value, title, url); instance.addIdentifier(type, value, url);
assertEquals(1,instance.getIdentifiers().size()); assertEquals(1,instance.getIdentifiers().size());
Identifier i = instance.getIdentifiers().get(0); Identifier i = instance.getIdentifiers().get(0);
assertEquals(type,i.getType()); assertEquals(type,i.getType());
assertEquals(value, i.getValue()); assertEquals(value, i.getValue());
assertEquals(title, i.getTitle());
assertEquals(url, i.getUrl()); assertEquals(url, i.getUrl());
} }