Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.cpe.CPEHandler

Classes in this File

Line Coverage

Branch Coverage

Complexity

CPEHandler

0/31

0/16

1.611

CPEHandler$Element

0/17

N/A

1.611

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2015 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update.cpe;
 
 import java.io.UnsupportedEncodingException;
 import java.util.ArrayList;
 import java.util.List;
 import org.owasp.dependencycheck.data.update.NvdCveUpdater;
 import org.owasp.dependencycheck.data.update.exception.InvalidDataException;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A SAX Handler that will parse the CPE XML and load it into the databse.
  *
  * @author Jeremy Long
  */
 public class CPEHandler extends DefaultHandler {
 
     /**
      * The current CPE schema.
      */
     private static final String CURRENT_SCHEMA_VERSION = "2.3";
     /**
      * The Starts with expression to filter CVE entries by CPE.
      */
     private static final String CPE_STARTS_WITH = Settings.getString(Settings.KEYS.CVE_CPE_STARTS_WITH_FILTER, "cpe:/a:");
     /**
      * The text content of the node being processed. This can be used during the
      * end element event.
      */
     private StringBuilder nodeText = null;
     /**
      * A reference to the current element.
      */
     private final Element current = new Element();
     /**
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(NvdCveUpdater.class);
     /**
      * The list of CPE values.
      */
     private final List<Cpe> data = new ArrayList<Cpe>();
 
     /**
      * Returns the list of CPE values.
      *
      * @return the list of CPE values
      */
     public List<Cpe> getData() {
         return data;
     }
 
     /**
      * Handles the start element event.
      *
      * @param uri the elements uri
      * @param localName the local name
      * @param qName the qualified name
      * @param attributes the attributes
      * @throws SAXException thrown if there is an exception processing the
      * element
      */
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
         nodeText = null;
         current.setNode(qName);
         if (current.isCpeItemNode()) {
             final String temp = attributes.getValue("deprecated");
             final String value = attributes.getValue("name");
             final boolean delete = "true".equalsIgnoreCase(temp);
             if (!delete && value.startsWith(CPE_STARTS_WITH) && value.length() > 7) {
                 try {
                     final Cpe cpe = new Cpe(value);
                     data.add(cpe);
                 } catch (UnsupportedEncodingException ex) {
                     LOGGER.debug("Unable to parse the CPE", ex);
                 } catch (InvalidDataException ex) {
                     LOGGER.debug("CPE is not the correct format", ex);
                 }
             }
         } else if (current.isSchemaVersionNode()) {
             nodeText = new StringBuilder(3);
         }
 //        } else if (current.isTitleNode()) {
 //            //do nothing
 //        } else if (current.isMetaNode()) {
 //            //do nothing
 //        } else if (current.isTimestampNode()) {
 //            //do nothing
 //        } else if (current.isCpeListNode()) {
 //            //do nothing
 //        } else if (current.isNotesNode()) {
 //            //do nothing
 //        } else if (current.isNoteNode()) {
 //            //do nothing
 //        } else if (current.isCheckNode()) {
 //            //do nothing
 //        } else if (current.isGeneratorNode()) {
 //            //do nothing
 //        } else if (current.isProductNameNode()) {
 //            //do nothing
 //        } else if (current.isProductVersionNode()) {
 //            //do nothing
     }
 
     /**
      * Reads the characters in the current node.
      *
      * @param ch the char array
      * @param start the start position of the data read
      * @param length the length of the data read
      * @throws SAXException thrown if there is an exception processing the
      * characters
      */
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
         if (nodeText != null) {
             nodeText.append(ch, start, length);
         }
     }
 
     /**
      * Handles the end element event. Stores the CPE data in the Cve Database if
      * the cpe item node is ending.
      *
      * @param uri the element's uri
      * @param localName the local name
      * @param qName the qualified name
      * @throws SAXException thrown if there is an exception processing the
      * element
      */
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         current.setNode(qName);
         if (current.isSchemaVersionNode() && !CURRENT_SCHEMA_VERSION.equals(nodeText.toString())) {
             throw new SAXException("ERROR: Unexpecgted CPE Schema Version, expected: "
                     + CURRENT_SCHEMA_VERSION + ", file is: " + nodeText);
 
         }
 //        } else if (current.isCpeItemNode()) {
 //            //do nothing
 //        } else if (current.isTitleNode()) {
 //            //do nothing
 //        } else if (current.isCpeListNode()) {
 //            //do nothing
 //        } else if (current.isMetaNode()) {
 //            //do nothing
 //        } else if (current.isNotesNode()) {
 //            //do nothing
 //        } else if (current.isNoteNode()) {
 //            //do nothing
 //        } else if (current.isCheckNode()) {
 //            //do nothing
 //        } else if (current.isGeneratorNode()) {
 //            //do nothing
 //        } else if (current.isProductNameNode()) {
 //            //do nothing
 //        } else if (current.isProductVersionNode()) {
 //            //do nothing
 //        else if (current.isTimestampNode()) {
 //            //do nothing
 //        } else {
 //            throw new SAXException("ERROR STATE: Unexpected qName '" + qName + "'");
 //        }
     }
 
     // <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
     /**
      * A simple class to maintain information about the current element while
      * parsing the CPE XML.
      */
     protected static final class Element {
 
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String CPE_LIST = "cpe-list";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String CPE_ITEM = "cpe-item";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String TITLE = "title";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String NOTES = "notes";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String NOTE = "note";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String CHECK = "check";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String META = "meta:item-metadata";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String GENERATOR = "generator";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String PRODUCT_NAME = "product_name";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String PRODUCT_VERSION = "product_version";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String SCHEMA_VERSION = "schema_version";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String TIMESTAMP = "timestamp";
         /**
          * A reference to the current node.
          */
         private String node = null;
 
         /**
          * Gets the value of node
          *
          * @return the value of node
          */
         public String getNode() {
             return this.node;
         }
 
         /**
          * Sets the value of node
          *
          * @param node new value of node
          */
         public void setNode(String node) {
             this.node = node;
         }
 
         /**
          * Checks if the handler is at the CPE_LIST node
          *
          * @return true or false
          */
         public boolean isCpeListNode() {
             return CPE_LIST.equals(node);
         }
 
         /**
          * Checks if the handler is at the CPE_ITEM node
          *
          * @return true or false
          */
         public boolean isCpeItemNode() {
             return CPE_ITEM.equals(node);
         }
 
         /**
          * Checks if the handler is at the TITLE node
          *
          * @return true or false
          */
         public boolean isTitleNode() {
             return TITLE.equals(node);
         }
 
         /**
          * Checks if the handler is at the NOTES node
          *
          * @return true or false
          */
         public boolean isNotesNode() {
             return NOTES.equals(node);
         }
 
         /**
          * Checks if the handler is at the NOTE node
          *
          * @return true or false
          */
         public boolean isNoteNode() {
             return NOTE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CHECK node
          *
          * @return true or false
          */
         public boolean isCheckNode() {
             return CHECK.equals(node);
         }
 
         /**
          * Checks if the handler is at the META node
          *
          * @return true or false
          */
         public boolean isMetaNode() {
             return META.equals(node);
         }
 
         /**
          * Checks if the handler is at the GENERATOR node
          *
          * @return true or false
          */
         public boolean isGeneratorNode() {
             return GENERATOR.equals(node);
         }
 
         /**
          * Checks if the handler is at the PRODUCT_NAME node
          *
          * @return true or false
          */
         public boolean isProductNameNode() {
             return PRODUCT_NAME.equals(node);
         }
 
         /**
          * Checks if the handler is at the PRODUCT_VERSION node
          *
          * @return true or false
          */
         public boolean isProductVersionNode() {
             return PRODUCT_VERSION.equals(node);
         }
 
         /**
          * Checks if the handler is at the SCHEMA_VERSION node
          *
          * @return true or false
          */
         public boolean isSchemaVersionNode() {
             return SCHEMA_VERSION.equals(node);
         }
 
         /**
          * Checks if the handler is at the TIMESTAMP node
          *
          * @return true or false
          */
         public boolean isTimestampNode() {
             return TIMESTAMP.equals(node);
         }
     }
     // </editor-fold>
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2015 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.update.cpe;
19
20		import java.io.UnsupportedEncodingException;
21		import java.util.ArrayList;
22		import java.util.List;
23		import org.owasp.dependencycheck.data.update.NvdCveUpdater;
24		import org.owasp.dependencycheck.data.update.exception.InvalidDataException;
25		import org.owasp.dependencycheck.utils.Settings;
26		import org.slf4j.Logger;
27		import org.slf4j.LoggerFactory;
28		import org.xml.sax.Attributes;
29		import org.xml.sax.SAXException;
30		import org.xml.sax.helpers.DefaultHandler;
31
32		/**
33		* A SAX Handler that will parse the CPE XML and load it into the databse.
34		*
35		* @author Jeremy Long
36		*/
37	0	public class CPEHandler extends DefaultHandler {
38
39		/**
40		* The current CPE schema.
41		*/
42		private static final String CURRENT_SCHEMA_VERSION = "2.3";
43		/**
44		* The Starts with expression to filter CVE entries by CPE.
45		*/
46	0	private static final String CPE_STARTS_WITH = Settings.getString(Settings.KEYS.CVE_CPE_STARTS_WITH_FILTER, "cpe:/a:");
47		/**
48		* The text content of the node being processed. This can be used during the
49		* end element event.
50		*/
51	0	private StringBuilder nodeText = null;
52		/**
53		* A reference to the current element.
54		*/
55	0	private final Element current = new Element();
56		/**
57		* The logger.
58		*/
59	0	private static final Logger LOGGER = LoggerFactory.getLogger(NvdCveUpdater.class);
60		/**
61		* The list of CPE values.
62		*/
63	0	private final List<Cpe> data = new ArrayList<Cpe>();
64
65		/**
66		* Returns the list of CPE values.
67		*
68		* @return the list of CPE values
69		*/
70		public List<Cpe> getData() {
71	0	return data;
72		}
73
74		/**
75		* Handles the start element event.
76		*
77		* @param uri the elements uri
78		* @param localName the local name
79		* @param qName the qualified name
80		* @param attributes the attributes
81		* @throws SAXException thrown if there is an exception processing the
82		* element
83		*/
84		@Override
85		public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
86	0	nodeText = null;
87	0	current.setNode(qName);
88	0	if (current.isCpeItemNode()) {
89	0	final String temp = attributes.getValue("deprecated");
90	0	final String value = attributes.getValue("name");
91	0	final boolean delete = "true".equalsIgnoreCase(temp);
92	0	if (!delete && value.startsWith(CPE_STARTS_WITH) && value.length() > 7) {
93		try {
94	0	final Cpe cpe = new Cpe(value);
95	0	data.add(cpe);
96	0	} catch (UnsupportedEncodingException ex) {
97	0	LOGGER.debug("Unable to parse the CPE", ex);
98	0	} catch (InvalidDataException ex) {
99	0	LOGGER.debug("CPE is not the correct format", ex);
100	0	}
101		}
102	0	} else if (current.isSchemaVersionNode()) {
103	0	nodeText = new StringBuilder(3);
104		}
105		// } else if (current.isTitleNode()) {
106		// //do nothing
107		// } else if (current.isMetaNode()) {
108		// //do nothing
109		// } else if (current.isTimestampNode()) {
110		// //do nothing
111		// } else if (current.isCpeListNode()) {
112		// //do nothing
113		// } else if (current.isNotesNode()) {
114		// //do nothing
115		// } else if (current.isNoteNode()) {
116		// //do nothing
117		// } else if (current.isCheckNode()) {
118		// //do nothing
119		// } else if (current.isGeneratorNode()) {
120		// //do nothing
121		// } else if (current.isProductNameNode()) {
122		// //do nothing
123		// } else if (current.isProductVersionNode()) {
124		// //do nothing
125	0	}
126
127		/**
128		* Reads the characters in the current node.
129		*
130		* @param ch the char array
131		* @param start the start position of the data read
132		* @param length the length of the data read
133		* @throws SAXException thrown if there is an exception processing the
134		* characters
135		*/
136		@Override
137		public void characters(char[] ch, int start, int length) throws SAXException {
138	0	if (nodeText != null) {
139	0	nodeText.append(ch, start, length);
140		}
141	0	}
142
143		/**
144		* Handles the end element event. Stores the CPE data in the Cve Database if
145		* the cpe item node is ending.
146		*
147		* @param uri the element's uri
148		* @param localName the local name
149		* @param qName the qualified name
150		* @throws SAXException thrown if there is an exception processing the
151		* element
152		*/
153		@Override
154		public void endElement(String uri, String localName, String qName) throws SAXException {
155	0	current.setNode(qName);
156	0	if (current.isSchemaVersionNode() && !CURRENT_SCHEMA_VERSION.equals(nodeText.toString())) {
157	0	throw new SAXException("ERROR: Unexpecgted CPE Schema Version, expected: "
158		+ CURRENT_SCHEMA_VERSION + ", file is: " + nodeText);
159
160		}
161		// } else if (current.isCpeItemNode()) {
162		// //do nothing
163		// } else if (current.isTitleNode()) {
164		// //do nothing
165		// } else if (current.isCpeListNode()) {
166		// //do nothing
167		// } else if (current.isMetaNode()) {
168		// //do nothing
169		// } else if (current.isNotesNode()) {
170		// //do nothing
171		// } else if (current.isNoteNode()) {
172		// //do nothing
173		// } else if (current.isCheckNode()) {
174		// //do nothing
175		// } else if (current.isGeneratorNode()) {
176		// //do nothing
177		// } else if (current.isProductNameNode()) {
178		// //do nothing
179		// } else if (current.isProductVersionNode()) {
180		// //do nothing
181		// else if (current.isTimestampNode()) {
182		// //do nothing
183		// } else {
184		// throw new SAXException("ERROR STATE: Unexpected qName '" + qName + "'");
185		// }
186	0	}
187
188		// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
189		/**
190		* A simple class to maintain information about the current element while
191		* parsing the CPE XML.
192		*/
193	0	protected static final class Element {
194
195		/**
196		* A node type in the CPE Schema 2.2
197		*/
198		public static final String CPE_LIST = "cpe-list";
199		/**
200		* A node type in the CPE Schema 2.2
201		*/
202		public static final String CPE_ITEM = "cpe-item";
203		/**
204		* A node type in the CPE Schema 2.2
205		*/
206		public static final String TITLE = "title";
207		/**
208		* A node type in the CPE Schema 2.2
209		*/
210		public static final String NOTES = "notes";
211		/**
212		* A node type in the CPE Schema 2.2
213		*/
214		public static final String NOTE = "note";
215		/**
216		* A node type in the CPE Schema 2.2
217		*/
218		public static final String CHECK = "check";
219		/**
220		* A node type in the CPE Schema 2.2
221		*/
222		public static final String META = "meta:item-metadata";
223		/**
224		* A node type in the CPE Schema 2.2
225		*/
226		public static final String GENERATOR = "generator";
227		/**
228		* A node type in the CPE Schema 2.2
229		*/
230		public static final String PRODUCT_NAME = "product_name";
231		/**
232		* A node type in the CPE Schema 2.2
233		*/
234		public static final String PRODUCT_VERSION = "product_version";
235		/**
236		* A node type in the CPE Schema 2.2
237		*/
238		public static final String SCHEMA_VERSION = "schema_version";
239		/**
240		* A node type in the CPE Schema 2.2
241		*/
242		public static final String TIMESTAMP = "timestamp";
243		/**
244		* A reference to the current node.
245		*/
246	0	private String node = null;
247
248		/**
249		* Gets the value of node
250		*
251		* @return the value of node
252		*/
253		public String getNode() {
254	0	return this.node;
255		}
256
257		/**
258		* Sets the value of node
259		*
260		* @param node new value of node
261		*/
262		public void setNode(String node) {
263	0	this.node = node;
264	0	}
265
266		/**
267		* Checks if the handler is at the CPE_LIST node
268		*
269		* @return true or false
270		*/
271		public boolean isCpeListNode() {
272	0	return CPE_LIST.equals(node);
273		}
274
275		/**
276		* Checks if the handler is at the CPE_ITEM node
277		*
278		* @return true or false
279		*/
280		public boolean isCpeItemNode() {
281	0	return CPE_ITEM.equals(node);
282		}
283
284		/**
285		* Checks if the handler is at the TITLE node
286		*
287		* @return true or false
288		*/
289		public boolean isTitleNode() {
290	0	return TITLE.equals(node);
291		}
292
293		/**
294		* Checks if the handler is at the NOTES node
295		*
296		* @return true or false
297		*/
298		public boolean isNotesNode() {
299	0	return NOTES.equals(node);
300		}
301
302		/**
303		* Checks if the handler is at the NOTE node
304		*
305		* @return true or false
306		*/
307		public boolean isNoteNode() {
308	0	return NOTE.equals(node);
309		}
310
311		/**
312		* Checks if the handler is at the CHECK node
313		*
314		* @return true or false
315		*/
316		public boolean isCheckNode() {
317	0	return CHECK.equals(node);
318		}
319
320		/**
321		* Checks if the handler is at the META node
322		*
323		* @return true or false
324		*/
325		public boolean isMetaNode() {
326	0	return META.equals(node);
327		}
328
329		/**
330		* Checks if the handler is at the GENERATOR node
331		*
332		* @return true or false
333		*/
334		public boolean isGeneratorNode() {
335	0	return GENERATOR.equals(node);
336		}
337
338		/**
339		* Checks if the handler is at the PRODUCT_NAME node
340		*
341		* @return true or false
342		*/
343		public boolean isProductNameNode() {
344	0	return PRODUCT_NAME.equals(node);
345		}
346
347		/**
348		* Checks if the handler is at the PRODUCT_VERSION node
349		*
350		* @return true or false
351		*/
352		public boolean isProductVersionNode() {
353	0	return PRODUCT_VERSION.equals(node);
354		}
355
356		/**
357		* Checks if the handler is at the SCHEMA_VERSION node
358		*
359		* @return true or false
360		*/
361		public boolean isSchemaVersionNode() {
362	0	return SCHEMA_VERSION.equals(node);
363		}
364
365		/**
366		* Checks if the handler is at the TIMESTAMP node
367		*
368		* @return true or false
369		*/
370		public boolean isTimestampNode() {
371	0	return TIMESTAMP.equals(node);
372		}
373		}
374		// </editor-fold>
375		}