From f4928dd0b4ce8b84a3b108010c21022e3cee3c65 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 3 Jan 2014 14:29:35 -0500 Subject: [PATCH] moved files to a new package Former-commit-id: 129b8d0c256104fe2ae28bb45c0418114ed28e35 --- .../data/nvdcve/InvalidDataException.java | 52 -- .../data/nvdcve/NvdCve12Handler.java | 247 --------- .../data/nvdcve/NvdCve20Handler.java | 494 ------------------ .../data/nvdcve/NvdCve_1_2_HandlerTest.java | 72 --- .../data/nvdcve/NvdCve_2_0_HandlerTest.java | 78 --- 5 files changed, 943 deletions(-) delete mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/InvalidDataException.java delete mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve12Handler.java delete mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java delete mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_1_2_HandlerTest.java delete mode 100644 dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_2_0_HandlerTest.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/InvalidDataException.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/InvalidDataException.java deleted file mode 100644 index 133d17cec..000000000 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/InvalidDataException.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * This file is part of dependency-check-core. - * - * Dependency-check-core is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation, either version 3 of the License, or (at your option) any - * later version. - * - * Dependency-check-core is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - * - * You should have received a copy of the GNU General Public License along with - * dependency-check-core. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ -package org.owasp.dependencycheck.data.nvdcve; - -/** - * An InvalidDataDataException is a generic exception used when trying to load - * the nvd cve meta data. - * - * @author Jeremy Long (jeremy.long@owasp.org) - */ -public class InvalidDataException extends Exception { - - /** - * the serial version uid. - */ - private static final long serialVersionUID = 1L; - - /** - * Creates an InvalidDataException. - * - * @param msg the exception message - */ - public InvalidDataException(String msg) { - super(msg); - } - - /** - * Creates an InvalidDataException. - * - * @param msg the exception message - * @param ex the cause of the exception - */ - public InvalidDataException(String msg, Exception ex) { - super(msg, ex); - } -} diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve12Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve12Handler.java deleted file mode 100644 index baca54635..000000000 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve12Handler.java +++ /dev/null @@ -1,247 +0,0 @@ -/* - * This file is part of dependency-check-core. - * - * Dependency-check-core is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation, either version 3 of the License, or (at your option) any - * later version. - * - * Dependency-check-core is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - * - * You should have received a copy of the GNU General Public License along with - * dependency-check-core. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ -package org.owasp.dependencycheck.data.nvdcve; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import org.owasp.dependencycheck.dependency.VulnerableSoftware; -import org.xml.sax.Attributes; -import org.xml.sax.SAXException; -import org.xml.sax.SAXNotSupportedException; -import org.xml.sax.helpers.DefaultHandler; - -/** - * A SAX Handler that will parse the NVD CVE XML (schema version 1.2). This - * parses the xml and retrieves a listing of CPEs that have previous versions - * specified. The previous version information is not in the 2.0 version of the - * schema and is useful to ensure accurate identification (or at least - * complete). - * - * @author Jeremy Long (jeremy.long@owasp.org) - */ -public class NvdCve12Handler extends DefaultHandler { - - /** - * the supported schema version. - */ - private static final String CURRENT_SCHEMA_VERSION = "1.2"; - /** - * the current vulnerability. - */ - private String vulnerability; - /** - * a list of vulnerable software. - */ - private List software; - /** - * the vendor name. - */ - private String vendor; - /** - * the product name. - */ - private String product; - /** - * if the nvd cve should be skipped because it was rejected. - */ - private boolean skip = false; - /** - * flag indicating if there is a previous version. - */ - private boolean hasPreviousVersion = false; - /** - * The current element. - */ - private final Element current = new Element(); - /** - * a map of vulnerabilities. - */ - private Map> vulnerabilities; - - /** - * Get the value of vulnerabilities. - * - * @return the value of vulnerabilities - */ - public Map> getVulnerabilities() { - return vulnerabilities; - } - - @Override - public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException { - current.setNode(qName); - if (current.isEntryNode()) { - vendor = null; - product = null; - hasPreviousVersion = false; - final String reject = attributes.getValue("reject"); - skip = "1".equals(reject); - if (!skip) { - vulnerability = attributes.getValue("name"); - software = new ArrayList(); - } else { - vulnerability = null; - software = null; - } - } else if (!skip && current.isProdNode()) { - - vendor = attributes.getValue("vendor"); - product = attributes.getValue("name"); - } else if (!skip && current.isVersNode()) { - final String prev = attributes.getValue("prev"); - if (prev != null && "1".equals(prev)) { - hasPreviousVersion = true; - final String edition = attributes.getValue("edition"); - final String num = attributes.getValue("num"); - - /*yes yes, this may not actually be an "a" - it could be an OS, etc. but for our - purposes this is good enough as we won't use this if we don't find a corresponding "a" - in the nvd cve 2.0. */ - String cpe = "cpe:/a:" + vendor + ":" + product; - if (num != null) { - cpe += ":" + num; - } - if (edition != null) { - cpe += ":" + edition; - } - final VulnerableSoftware vs = new VulnerableSoftware(); - vs.setCpe(cpe); - vs.setPreviousVersion(prev); - software.add(vs); - } - } else if (current.isNVDNode()) { - final String nvdVer = attributes.getValue("nvd_xml_version"); - if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) { - throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported"); - } - vulnerabilities = new HashMap>(); - } - } - - @Override - public void endElement(String uri, String localName, String qName) throws SAXException { - current.setNode(qName); - if (current.isEntryNode()) { - if (!skip && hasPreviousVersion) { - vulnerabilities.put(vulnerability, software); - } - vulnerability = null; - software = null; - } - } - - // - /** - * A simple class to maintain information about the current element while - * parsing the NVD CVE XML. - */ - protected static class Element { - - /** - * A node type in the NVD CVE Schema 1.2. - */ - public static final String NVD = "nvd"; - /** - * A node type in the NVD CVE Schema 1.2. - */ - public static final String ENTRY = "entry"; - /** - * A node type in the NVD CVE Schema 1.2. - */ - public static final String VULN_SOFTWARE = "vuln_soft"; - /** - * A node type in the NVD CVE Schema 1.2. - */ - public static final String PROD = "prod"; - /** - * A node type in the NVD CVE Schema 1.2. - */ - public static final String VERS = "vers"; - /** - * The name of the current node. - */ - private String node; - - /** - * Gets the value of node. - * - * @return the value of node - */ - public String getNode() { - return this.node; - } - - /** - * Sets the value of node. - * - * @param node new value of node - */ - public void setNode(String node) { - this.node = node; - } - - /** - * Checks if the handler is at the NVD node. - * - * @return true or false - */ - public boolean isNVDNode() { - return NVD.equals(node); - } - - /** - * Checks if the handler is at the ENTRY node. - * - * @return true or false - */ - public boolean isEntryNode() { - return ENTRY.equals(node); - } - - /** - * Checks if the handler is at the VULN_SOFTWARE node. - * - * @return true or false - */ - public boolean isVulnSoftwareNode() { - return VULN_SOFTWARE.equals(node); - } - - /** - * Checks if the handler is at the PROD node. - * - * @return true or false - */ - public boolean isProdNode() { - return PROD.equals(node); - } - - /** - * Checks if the handler is at the VERS node. - * - * @return true or false - */ - public boolean isVersNode() { - return VERS.equals(node); - } - } - // -} diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java deleted file mode 100644 index 2cf5a2bb6..000000000 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCve20Handler.java +++ /dev/null @@ -1,494 +0,0 @@ -/* - * This file is part of dependency-check-core. - * - * Dependency-check-core is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation, either version 3 of the License, or (at your option) any - * later version. - * - * Dependency-check-core is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - * - * You should have received a copy of the GNU General Public License along with - * dependency-check-core. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ -package org.owasp.dependencycheck.data.nvdcve; - -import java.io.IOException; -import java.util.List; -import java.util.Map; -import java.util.logging.Level; -import java.util.logging.Logger; -import org.apache.lucene.index.CorruptIndexException; -import org.owasp.dependencycheck.dependency.Reference; -import org.owasp.dependencycheck.dependency.Vulnerability; -import org.owasp.dependencycheck.dependency.VulnerableSoftware; -import org.xml.sax.Attributes; -import org.xml.sax.SAXException; -import org.xml.sax.SAXNotSupportedException; -import org.xml.sax.helpers.DefaultHandler; - -/** - * A SAX Handler that will parse the NVD CVE XML (schema version 2.0). - * - * @author Jeremy Long (jeremy.long@owasp.org) - */ -public class NvdCve20Handler extends DefaultHandler { - - /** - * the current supported schema version. - */ - private static final String CURRENT_SCHEMA_VERSION = "2.0"; - /** - * the current element. - */ - private final Element current = new Element(); - /** - * the text of the node. - */ - private StringBuilder nodeText; - /** - * the vulnerability. - */ - private Vulnerability vulnerability; - /** - * a reference for the cve. - */ - private Reference reference; - /** - * flag indicating whether the application has a cpe. - */ - private boolean hasApplicationCpe = false; - /** - * The total number of entries parsed. - */ - private int totalNumberOfEntries; - - /** - * Get the value of totalNumberOfEntries. - * - * @return the value of totalNumberOfEntries - */ - public int getTotalNumberOfEntries() { - return totalNumberOfEntries; - } - /** - * The total number of application entries parsed. - */ - private int totalNumberOfApplicationEntries; - - /** - * Get the value of totalNumberOfApplicationEntries. - * - * @return the value of totalNumberOfApplicationEntries - */ - public int getTotalNumberOfApplicationEntries() { - return totalNumberOfApplicationEntries; - } - - @Override - public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException { - current.setNode(qName); - if (current.isEntryNode()) { - hasApplicationCpe = false; - vulnerability = new Vulnerability(); - vulnerability.setName(attributes.getValue("id")); - } else if (current.isVulnProductNode()) { - nodeText = new StringBuilder(100); - } else if (current.isVulnReferencesNode()) { - final String lang = attributes.getValue("xml:lang"); - if ("en".equals(lang)) { - reference = new Reference(); - } else { - reference = null; - } - } else if (reference != null && current.isVulnReferenceNode()) { - reference.setUrl(attributes.getValue("href")); - nodeText = new StringBuilder(130); - } else if (reference != null && current.isVulnSourceNode()) { - nodeText = new StringBuilder(30); - } else if (current.isVulnSummaryNode()) { - nodeText = new StringBuilder(500); - } else if (current.isNVDNode()) { - final String nvdVer = attributes.getValue("nvd_xml_version"); - if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) { - throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported"); - } - } else if (current.isVulnCWENode()) { - vulnerability.setCwe(attributes.getValue("id")); - } else if (current.isCVSSScoreNode()) { - nodeText = new StringBuilder(5); - } else if (current.isCVSSAccessVectorNode()) { - nodeText = new StringBuilder(20); - } else if (current.isCVSSAccessComplexityNode()) { - nodeText = new StringBuilder(20); - } else if (current.isCVSSAuthenticationNode()) { - nodeText = new StringBuilder(20); - } else if (current.isCVSSAvailabilityImpactNode()) { - nodeText = new StringBuilder(20); - } else if (current.isCVSSConfidentialityImpactNode()) { - nodeText = new StringBuilder(20); - } else if (current.isCVSSIntegrityImpactNode()) { - nodeText = new StringBuilder(20); - } - } - - @Override - public void characters(char[] ch, int start, int length) throws SAXException { - if (nodeText != null) { - nodeText.append(ch, start, length); - } - } - - @Override - public void endElement(String uri, String localName, String qName) throws SAXException { - current.setNode(qName); - if (current.isEntryNode()) { - totalNumberOfEntries += 1; - if (hasApplicationCpe) { - totalNumberOfApplicationEntries += 1; - try { - saveEntry(vulnerability); - } catch (DatabaseException ex) { - throw new SAXException(ex); - } catch (CorruptIndexException ex) { - throw new SAXException(ex); - } catch (IOException ex) { - throw new SAXException(ex); - } - } - vulnerability = null; - } else if (current.isCVSSScoreNode()) { - try { - final float score = Float.parseFloat(nodeText.toString()); - vulnerability.setCvssScore(score); - } catch (NumberFormatException ex) { - Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, "Error parsing CVSS Score."); - Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, null, ex); - } - nodeText = null; - } else if (current.isCVSSAccessVectorNode()) { - vulnerability.setCvssAccessVector(nodeText.toString()); - nodeText = null; - } else if (current.isCVSSAccessComplexityNode()) { - vulnerability.setCvssAccessComplexity(nodeText.toString()); - nodeText = null; - } else if (current.isCVSSAuthenticationNode()) { - vulnerability.setCvssAuthentication(nodeText.toString()); - nodeText = null; - } else if (current.isCVSSAvailabilityImpactNode()) { - vulnerability.setCvssAvailabilityImpact(nodeText.toString()); - nodeText = null; - } else if (current.isCVSSConfidentialityImpactNode()) { - vulnerability.setCvssConfidentialityImpact(nodeText.toString()); - nodeText = null; - } else if (current.isCVSSIntegrityImpactNode()) { - vulnerability.setCvssIntegrityImpact(nodeText.toString()); - nodeText = null; - } else if (current.isVulnProductNode()) { - final String cpe = nodeText.toString(); - if (cpe.startsWith("cpe:/a:")) { - hasApplicationCpe = true; - vulnerability.addVulnerableSoftware(cpe); - } - nodeText = null; - } else if (reference != null && current.isVulnReferencesNode()) { - vulnerability.addReference(reference); - reference = null; - } else if (reference != null && current.isVulnReferenceNode()) { - reference.setName(nodeText.toString()); - nodeText = null; - } else if (reference != null && current.isVulnSourceNode()) { - reference.setSource(nodeText.toString()); - nodeText = null; - } else if (current.isVulnSummaryNode()) { - vulnerability.setDescription(nodeText.toString()); - if (nodeText.indexOf("** REJECT **") >= 0) { - hasApplicationCpe = true; //ensure we process this to delete the vuln - } - nodeText = null; - } - } - /** - * the cve database. - */ - private CveDB cveDB; - - /** - * Sets the cveDB. - * - * @param db a reference to the CveDB - */ - public void setCveDB(CveDB db) { - cveDB = db; - } - /** - * A list of CVE entries and associated VulnerableSoftware entries that - * contain previous entries. - */ - private Map> prevVersionVulnMap; - - /** - * Sets the prevVersionVulnMap. - * - * @param map the map of vulnerable software with previous versions being - * vulnerable - */ - public void setPrevVersionVulnMap(Map> map) { - prevVersionVulnMap = map; - } - - /** - * Saves a vulnerability to the CVE Database. - * - * @param vuln the vulnerability to store in the database - * @throws DatabaseException thrown if there is an error writing to the - * database - * @throws CorruptIndexException is thrown if the CPE Index is corrupt - * @throws IOException thrown if there is an IOException with the CPE Index - */ - private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException { - if (cveDB == null) { - return; - } - final String cveName = vuln.getName(); - if (prevVersionVulnMap.containsKey(cveName)) { - final List vulnSoftware = prevVersionVulnMap.get(cveName); - for (VulnerableSoftware vs : vulnSoftware) { - vuln.updateVulnerableSoftware(vs); - } - } - cveDB.updateVulnerability(vuln); - } - - // - /** - * A simple class to maintain information about the current element while - * parsing the NVD CVE XML. - */ - protected static class Element { - - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String NVD = "nvd"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String ENTRY = "entry"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String VULN_PRODUCT = "vuln:product"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String VULN_REFERENCES = "vuln:references"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String VULN_SOURCE = "vuln:source"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String VULN_REFERENCE = "vuln:reference"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String VULN_SUMMARY = "vuln:summary"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String VULN_CWE = "vuln:cwe"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String CVSS_SCORE = "cvss:score"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String CVSS_ACCESS_VECTOR = "cvss:access-vector"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String CVSS_ACCESS_COMPLEXITY = "cvss:access-complexity"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String CVSS_AUTHENTICATION = "cvss:authentication"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String CVSS_CONFIDENTIALITY_IMPACT = "cvss:confidentiality-impact"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String CVSS_INTEGRITY_IMPACT = "cvss:integrity-impact"; - /** - * A node type in the NVD CVE Schema 2.0 - */ - public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact"; - /** - * The current node. - */ - private String node; - - /** - * Gets the value of node. - * - * @return the value of node - */ - public String getNode() { - return this.node; - } - - /** - * Sets the value of node. - * - * @param node new value of node - */ - public void setNode(String node) { - this.node = node; - } - - /** - * Checks if the handler is at the NVD node. - * - * @return true or false - */ - public boolean isNVDNode() { - return NVD.equals(node); - } - - /** - * Checks if the handler is at the ENTRY node. - * - * @return true or false - */ - public boolean isEntryNode() { - return ENTRY.equals(node); - } - - /** - * Checks if the handler is at the VULN_PRODUCT node. - * - * @return true or false - */ - public boolean isVulnProductNode() { - return VULN_PRODUCT.equals(node); - } - - /** - * Checks if the handler is at the REFERENCES node. - * - * @return true or false - */ - public boolean isVulnReferencesNode() { - return VULN_REFERENCES.equals(node); - } - - /** - * Checks if the handler is at the REFERENCE node. - * - * @return true or false - */ - public boolean isVulnReferenceNode() { - return VULN_REFERENCE.equals(node); - } - - /** - * Checks if the handler is at the VULN_SOURCE node. - * - * @return true or false - */ - public boolean isVulnSourceNode() { - return VULN_SOURCE.equals(node); - } - - /** - * Checks if the handler is at the VULN_SUMMARY node. - * - * @return true or false - */ - public boolean isVulnSummaryNode() { - return VULN_SUMMARY.equals(node); - } - - /** - * Checks if the handler is at the VULN_CWE node. - * - * @return true or false - */ - public boolean isVulnCWENode() { - return VULN_CWE.equals(node); - } - - /** - * Checks if the handler is at the CVSS_SCORE node. - * - * @return true or false - */ - public boolean isCVSSScoreNode() { - return CVSS_SCORE.equals(node); - } - - /** - * Checks if the handler is at the CVSS_ACCESS_VECTOR node. - * - * @return true or false - */ - public boolean isCVSSAccessVectorNode() { - return CVSS_ACCESS_VECTOR.equals(node); - } - - /** - * Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node. - * - * @return true or false - */ - public boolean isCVSSAccessComplexityNode() { - return CVSS_ACCESS_COMPLEXITY.equals(node); - } - - /** - * Checks if the handler is at the CVSS_AUTHENTICATION node. - * - * @return true or false - */ - public boolean isCVSSAuthenticationNode() { - return CVSS_AUTHENTICATION.equals(node); - } - - /** - * Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node. - * - * @return true or false - */ - public boolean isCVSSConfidentialityImpactNode() { - return CVSS_CONFIDENTIALITY_IMPACT.equals(node); - } - - /** - * Checks if the handler is at the CVSS_INTEGRITY_IMPACT node. - * - * @return true or false - */ - public boolean isCVSSIntegrityImpactNode() { - return CVSS_INTEGRITY_IMPACT.equals(node); - } - - /** - * Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node. - * - * @return true or false - */ - public boolean isCVSSAvailabilityImpactNode() { - return CVSS_AVAILABILITY_IMPACT.equals(node); - } - } - // -} diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_1_2_HandlerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_1_2_HandlerTest.java deleted file mode 100644 index 443239f4e..000000000 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_1_2_HandlerTest.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * This file is part of dependency-check-core. - * - * Dependency-check-core is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation, either version 3 of the License, or (at your option) any - * later version. - * - * Dependency-check-core is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - * - * You should have received a copy of the GNU General Public License along with - * dependency-check-core. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ -package org.owasp.dependencycheck.data.nvdcve; - -import org.owasp.dependencycheck.data.nvdcve.NvdCve12Handler; -import java.io.File; -import java.util.List; -import java.util.Map; -import javax.xml.parsers.SAXParser; -import javax.xml.parsers.SAXParserFactory; -import org.owasp.dependencycheck.dependency.VulnerableSoftware; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import static org.junit.Assert.*; - -/** - * - * @author Jeremy Long (jeremy.long@owasp.org) - */ -public class NvdCve_1_2_HandlerTest { - - public NvdCve_1_2_HandlerTest() { - } - - @BeforeClass - public static void setUpClass() throws Exception { - } - - @AfterClass - public static void tearDownClass() throws Exception { - } - - @Before - public void setUp() { - } - - @After - public void tearDown() { - } - - @Test - public void testParse() throws Exception { - SAXParserFactory factory = SAXParserFactory.newInstance(); - SAXParser saxParser = factory.newSAXParser(); - - File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2012.xml").getPath()); - - NvdCve12Handler instance = new NvdCve12Handler(); - saxParser.parse(file, instance); - Map> results = instance.getVulnerabilities(); - assertTrue("No vulnerable software identified with a previous version in 2012 CVE 1.2?", !results.isEmpty()); - } -} diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_2_0_HandlerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_2_0_HandlerTest.java deleted file mode 100644 index acec690b0..000000000 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nvdcve/NvdCve_2_0_HandlerTest.java +++ /dev/null @@ -1,78 +0,0 @@ -/* - * This file is part of dependency-check-core. - * - * Dependency-check-core is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation, either version 3 of the License, or (at your option) any - * later version. - * - * Dependency-check-core is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - * - * You should have received a copy of the GNU General Public License along with - * dependency-check-core. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ -package org.owasp.dependencycheck.data.nvdcve; - -import org.owasp.dependencycheck.data.nvdcve.NvdCve20Handler; -import java.io.File; -import javax.xml.parsers.SAXParser; -import javax.xml.parsers.SAXParserFactory; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import static org.junit.Assert.*; - -/** - * - * @author Jeremy Long (jeremy.long@owasp.org) - */ -public class NvdCve_2_0_HandlerTest { - - public NvdCve_2_0_HandlerTest() { - } - - @BeforeClass - public static void setUpClass() throws Exception { - } - - @AfterClass - public static void tearDownClass() throws Exception { - } - - @Before - public void setUp() { - } - - @After - public void tearDown() { - } - - @Test - public void testParse() { - Exception results = null; - try { - SAXParserFactory factory = SAXParserFactory.newInstance(); - SAXParser saxParser = factory.newSAXParser(); - - File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath()); - - NvdCve20Handler instance = new NvdCve20Handler(); - - saxParser.parse(file, instance); - } catch (Exception ex) { - results = ex; - } - assertTrue("Exception thrown during parse of 2012 CVE version 2.0?", results == null); - if (results != null) { - System.err.println(results); - } - - } -}