diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java index df8299bdf..059996456 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java @@ -36,6 +36,7 @@ import java.util.List; import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; +import org.owasp.dependencycheck.data.cpe.IndexEntry; import org.owasp.dependencycheck.data.cwe.CweDB; import org.owasp.dependencycheck.dependency.Reference; import org.owasp.dependencycheck.dependency.Vulnerability; @@ -128,6 +129,10 @@ public class CveDB { * SQL Statement to select references by CVEID. */ public static final String SELECT_REFERENCE = "SELECT source, name, url FROM reference WHERE cveid = ?"; + /** + * SQL Statement to select vendor and product for lucene index. + */ + public static final String SELECT_VENDOR_PRODUCT_LIST = "SELECT DISTINCT vendor, product FROM cpeEntry"; /** * SQL Statement to select software by CVEID. */ @@ -247,6 +252,33 @@ public class CveDB { return cpe; } + /** + * Returns the entire list of vendor/product combinations. + * + * @return the entire list of vendor/product combinations. + */ + public Set getVendorProductList() { + final Set set = new HashSet(); + ResultSet rs = null; + PreparedStatement ps = null; + try { + ps = conn.prepareStatement(SELECT_VENDOR_PRODUCT_LIST); + rs = ps.executeQuery(); + while (rs.next()) { + final IndexEntry entry = new IndexEntry(); + entry.setVendor(rs.getString(1)); + entry.setProduct(rs.getString(2)); + set.add(entry); + } + } catch (SQLException ex) { + Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex); + } finally { + closeResultSet(rs); + closeStatement(ps); + } + return set; + } + /** * Retrieves the vulnerabilities associated with the specified CPE. *