github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

added the ability to retrieve the entire list of vendor/product combinations

Browse Source 
Former-commit-id: c15c6727f00a18c58590b9a1d6cea4767ca12c5f
This commit is contained in:
Jeremy Long
2013-11-16 23:19:52 -05:00
parent d56e0b0eba
commit 8696df12ac
1 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -36,6 +36,7 @@ import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.data.cpe.IndexEntry;
import org.owasp.dependencycheck.data.cwe.CweDB;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
@@ -128,6 +129,10 @@ public class CveDB {
* SQL Statement to select references by CVEID.
*/
public static final String SELECT_REFERENCE = "SELECT source, name, url FROM reference WHERE cveid = ?";
/**
* SQL Statement to select vendor and product for lucene index.
*/
public static final String SELECT_VENDOR_PRODUCT_LIST = "SELECT DISTINCT vendor, product FROM cpeEntry";
/**
* SQL Statement to select software by CVEID.
*/
@@ -247,6 +252,33 @@ public class CveDB {
return cpe;
}
/**
* Returns the entire list of vendor/product combinations.
*
* @return the entire list of vendor/product combinations.
*/
public Set<IndexEntry> getVendorProductList() {
final Set<IndexEntry> set = new HashSet<IndexEntry>();
ResultSet rs = null;
PreparedStatement ps = null;
try {
ps = conn.prepareStatement(SELECT_VENDOR_PRODUCT_LIST);
rs = ps.executeQuery();
while (rs.next()) {
final IndexEntry entry = new IndexEntry();
entry.setVendor(rs.getString(1));
entry.setProduct(rs.getString(2));
set.add(entry);
}
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
} finally {
closeResultSet(rs);
closeStatement(ps);
}
return set;
}
/**
* Retrieves the vulnerabilities associated with the specified CPE.
*