github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-17 23:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated to delete refused CVE entries

Browse Source 
Former-commit-id: b16207fa8dfa294a256402e12b278433293106d2
This commit is contained in:
Jeremy Long
2013-11-30 17:23:23 -05:00
parent f80464ea31
commit e6e8d96f12
2 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -57,7 +57,7 @@ public class CveDB extends BaseDB {
/** /**
* SQL Statement to delete a vulnerability by CVE. * SQL Statement to delete a vulnerability by CVE.
*/ */
private static final String DELETE_VULNERABILITY = "DELETE FROM vulnerability WHERE cve = ?"; private static final String DELETE_VULNERABILITY = "DELETE FROM vulnerability WHERE id = ?";
/** /**
* SQL Statement to cleanup orphan entries. Yes, the db schema could be a * SQL Statement to cleanup orphan entries. Yes, the db schema could be a
* little tighter, but what we have works well to keep the data file size * little tighter, but what we have works well to keep the data file size
@@ -173,7 +173,6 @@ public class CveDB extends BaseDB {
* @return the entire list of vendor/product combinations. * @return the entire list of vendor/product combinations.
*/ */
public ResultSet getVendorProductList() { public ResultSet getVendorProductList() {
final Set<IndexEntry> set = new HashSet<IndexEntry>();
ResultSet rs = null; ResultSet rs = null;
try { try {
final PreparedStatement ps = getConnection().prepareStatement(SELECT_VENDOR_PRODUCT_LIST); final PreparedStatement ps = getConnection().prepareStatement(SELECT_VENDOR_PRODUCT_LIST);
@@ -313,6 +312,7 @@ public class CveDB extends BaseDB {
*/ */
public void updateVulnerability(Vulnerability vuln) throws DatabaseException { public void updateVulnerability(Vulnerability vuln) throws DatabaseException {
PreparedStatement selectVulnerabilityId = null; PreparedStatement selectVulnerabilityId = null;
PreparedStatement deleteVulnerability = null;
PreparedStatement deleteReferences = null; PreparedStatement deleteReferences = null;
PreparedStatement deleteSoftware = null; PreparedStatement deleteSoftware = null;
PreparedStatement updateVulnerability = null; PreparedStatement updateVulnerability = null;
@@ -324,6 +324,7 @@ public class CveDB extends BaseDB {
try { try {
selectVulnerabilityId = getConnection().prepareStatement(SELECT_VULNERABILITY_ID); selectVulnerabilityId = getConnection().prepareStatement(SELECT_VULNERABILITY_ID);
deleteVulnerability = getConnection().prepareStatement(DELETE_VULNERABILITY);
deleteReferences = getConnection().prepareStatement(DELETE_REFERENCE); deleteReferences = getConnection().prepareStatement(DELETE_REFERENCE);
deleteSoftware = getConnection().prepareStatement(DELETE_SOFTWARE); deleteSoftware = getConnection().prepareStatement(DELETE_SOFTWARE);
updateVulnerability = getConnection().prepareStatement(UPDATE_VULNERABILITY); updateVulnerability = getConnection().prepareStatement(UPDATE_VULNERABILITY);
@@ -346,17 +347,22 @@ public class CveDB extends BaseDB {
closeResultSet(rs); closeResultSet(rs);
rs = null; rs = null;
if (vulnerabilityId != 0) { if (vulnerabilityId != 0) {
updateVulnerability.setString(1, vuln.getDescription()); if (vuln.getDescription().contains("** REJECT **")) {
updateVulnerability.setString(2, vuln.getCwe()); deleteVulnerability.setInt(1, vulnerabilityId);
updateVulnerability.setFloat(3, vuln.getCvssScore()); deleteVulnerability.executeUpdate();
updateVulnerability.setString(4, vuln.getCvssAccessVector()); } else {
updateVulnerability.setString(5, vuln.getCvssAccessComplexity()); updateVulnerability.setString(1, vuln.getDescription());
updateVulnerability.setString(6, vuln.getCvssAuthentication()); updateVulnerability.setString(2, vuln.getCwe());
updateVulnerability.setString(7, vuln.getCvssConfidentialityImpact()); updateVulnerability.setFloat(3, vuln.getCvssScore());
updateVulnerability.setString(8, vuln.getCvssIntegrityImpact()); updateVulnerability.setString(4, vuln.getCvssAccessVector());
updateVulnerability.setString(9, vuln.getCvssAvailabilityImpact()); updateVulnerability.setString(5, vuln.getCvssAccessComplexity());
updateVulnerability.setInt(10, vulnerabilityId); updateVulnerability.setString(6, vuln.getCvssAuthentication());
updateVulnerability.executeUpdate(); updateVulnerability.setString(7, vuln.getCvssConfidentialityImpact());
updateVulnerability.setString(8, vuln.getCvssIntegrityImpact());
updateVulnerability.setString(9, vuln.getCvssAvailabilityImpact());
updateVulnerability.setInt(10, vulnerabilityId);
updateVulnerability.executeUpdate();
}
} else { } else {
insertVulnerability.setString(1, vuln.getName()); insertVulnerability.setString(1, vuln.getName());
insertVulnerability.setString(2, vuln.getDescription()); insertVulnerability.setString(2, vuln.getDescription());

3
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java
View File

@@ -207,6 +207,9 @@ public class NvdCve20Handler extends DefaultHandler {
nodeText = null; nodeText = null;
} else if (current.isVulnSummaryNode()) { } else if (current.isVulnSummaryNode()) {
vulnerability.setDescription(nodeText.toString()); vulnerability.setDescription(nodeText.toString());
if (nodeText.indexOf("** REJECT **") >= 0) {
hasApplicationCpe = true; //ensure we process this to delete the vuln
}
nodeText = null; nodeText = null;
} }
} }