Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.nvd.NvdCve20Handler

Classes in this File

Line Coverage

Branch Coverage

Complexity

NvdCve20Handler

87%

108/123

93%

80/86

3.04

NvdCve20Handler$Element

94%

18/19

N/A

3.04

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update.nvd;
 
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import org.apache.lucene.index.CorruptIndexException;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.dependency.Reference;
 import org.owasp.dependencycheck.dependency.Vulnerability;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotSupportedException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
  *
  * @author Jeremy Long
  */
 public class NvdCve20Handler extends DefaultHandler {
 
     /**
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(NvdCve20Handler.class);
     /**
      * the current supported schema version.
      */
     private static final String CURRENT_SCHEMA_VERSION = "2.0";
     /**
      * the current element.
      */
     private final Element current = new Element();
     /**
      * the text of the node.
      */
     private StringBuilder nodeText;
     /**
      * the vulnerability.
      */
     private Vulnerability vulnerability;
     /**
      * a reference for the cve.
      */
     private Reference reference;
     /**
      * flag indicating whether the application has a cpe.
      */
     private boolean hasApplicationCpe = false;
     /**
      * The total number of entries parsed.
      */
     private int totalNumberOfEntries;
 
     /**
      * Get the value of totalNumberOfEntries.
      *
      * @return the value of totalNumberOfEntries
      */
     public int getTotalNumberOfEntries() {
         return totalNumberOfEntries;
     }
     /**
      * The total number of application entries parsed.
      */
     private int totalNumberOfApplicationEntries;
 
     /**
      * Get the value of totalNumberOfApplicationEntries.
      *
      * @return the value of totalNumberOfApplicationEntries
      */
     public int getTotalNumberOfApplicationEntries() {
         return totalNumberOfApplicationEntries;
     }
 
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
         current.setNode(qName);
         if (current.isEntryNode()) {
             hasApplicationCpe = false;
             vulnerability = new Vulnerability();
             vulnerability.setName(attributes.getValue("id"));
         } else if (current.isVulnProductNode()) {
             nodeText = new StringBuilder(100);
         } else if (current.isVulnReferencesNode()) {
             final String lang = attributes.getValue("xml:lang");
             if ("en".equals(lang)) {
                 reference = new Reference();
             } else {
                 reference = null;
             }
         } else if (reference != null && current.isVulnReferenceNode()) {
             reference.setUrl(attributes.getValue("href"));
             nodeText = new StringBuilder(130);
         } else if (reference != null && current.isVulnSourceNode()) {
             nodeText = new StringBuilder(30);
         } else if (current.isVulnSummaryNode()) {
             nodeText = new StringBuilder(500);
         } else if (current.isNVDNode()) {
             final String nvdVer = attributes.getValue("nvd_xml_version");
             if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
                 throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
             }
         } else if (current.isVulnCWENode()) {
             vulnerability.setCwe(attributes.getValue("id"));
         } else if (current.isCVSSScoreNode()) {
             nodeText = new StringBuilder(5);
         } else if (current.isCVSSAccessVectorNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAccessComplexityNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAuthenticationNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAvailabilityImpactNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSConfidentialityImpactNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSIntegrityImpactNode()) {
             nodeText = new StringBuilder(20);
         }
     }
 
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
         if (nodeText != null) {
             nodeText.append(ch, start, length);
         }
     }
 
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         current.setNode(qName);
         if (current.isEntryNode()) {
             totalNumberOfEntries += 1;
             if (hasApplicationCpe) {
                 totalNumberOfApplicationEntries += 1;
                 try {
                     saveEntry(vulnerability);
                 } catch (DatabaseException ex) {
                     throw new SAXException(ex);
                 } catch (CorruptIndexException ex) {
                     throw new SAXException(ex);
                 } catch (IOException ex) {
                     throw new SAXException(ex);
                 }
             }
             vulnerability = null;
         } else if (current.isCVSSScoreNode()) {
             try {
                 final float score = Float.parseFloat(nodeText.toString());
                 vulnerability.setCvssScore(score);
             } catch (NumberFormatException ex) {
                 LOGGER.error("Error parsing CVSS Score.");
                 LOGGER.debug("", ex);
             }
             nodeText = null;
         } else if (current.isCVSSAccessVectorNode()) {
             vulnerability.setCvssAccessVector(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAccessComplexityNode()) {
             vulnerability.setCvssAccessComplexity(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAuthenticationNode()) {
             vulnerability.setCvssAuthentication(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAvailabilityImpactNode()) {
             vulnerability.setCvssAvailabilityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSConfidentialityImpactNode()) {
             vulnerability.setCvssConfidentialityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSIntegrityImpactNode()) {
             vulnerability.setCvssIntegrityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isVulnProductNode()) {
             final String cpe = nodeText.toString();
             if (cpe.startsWith("cpe:/a:")) {
                 hasApplicationCpe = true;
                 vulnerability.addVulnerableSoftware(cpe);
             }
             nodeText = null;
         } else if (reference != null && current.isVulnReferencesNode()) {
             vulnerability.addReference(reference);
             reference = null;
         } else if (reference != null && current.isVulnReferenceNode()) {
             reference.setName(nodeText.toString());
             nodeText = null;
         } else if (reference != null && current.isVulnSourceNode()) {
             reference.setSource(nodeText.toString());
             nodeText = null;
         } else if (current.isVulnSummaryNode()) {
             vulnerability.setDescription(nodeText.toString());
             if (nodeText.indexOf("** REJECT **") >= 0) {
                 hasApplicationCpe = true; //ensure we process this to delete the vuln
             }
             nodeText = null;
         }
     }
     /**
      * the cve database.
      */
     private CveDB cveDB;
 
     /**
      * Sets the cveDB.
      *
      * @param db a reference to the CveDB
      */
     public void setCveDB(CveDB db) {
         cveDB = db;
     }
     /**
      * A list of CVE entries and associated VulnerableSoftware entries that contain previous entries.
      */
     private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
 
     /**
      * Sets the prevVersionVulnMap.
      *
      * @param map the map of vulnerable software with previous versions being vulnerable
      */
     public void setPrevVersionVulnMap(Map<String, List<VulnerableSoftware>> map) {
         prevVersionVulnMap = map;
     }
 
     /**
      * Saves a vulnerability to the CVE Database.
      *
      * @param vuln the vulnerability to store in the database
      * @throws DatabaseException thrown if there is an error writing to the database
      * @throws CorruptIndexException is thrown if the CPE Index is corrupt
      * @throws IOException thrown if there is an IOException with the CPE Index
      */
     private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException {
         final String cveName = vuln.getName();
         if (prevVersionVulnMap != null && prevVersionVulnMap.containsKey(cveName)) {
             final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
             for (VulnerableSoftware vs : vulnSoftware) {
                 vuln.updateVulnerableSoftware(vs);
             }
         }
         if (cveDB != null) {
             cveDB.updateVulnerability(vuln);
         }
     }
 
     // <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
     /**
      * A simple class to maintain information about the current element while parsing the NVD CVE XML.
      */
     protected static class Element {
 
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String NVD = "nvd";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String ENTRY = "entry";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_PRODUCT = "vuln:product";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_REFERENCES = "vuln:references";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_SOURCE = "vuln:source";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_REFERENCE = "vuln:reference";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_SUMMARY = "vuln:summary";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_CWE = "vuln:cwe";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_SCORE = "cvss:score";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_ACCESS_VECTOR = "cvss:access-vector";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_ACCESS_COMPLEXITY = "cvss:access-complexity";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_AUTHENTICATION = "cvss:authentication";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_CONFIDENTIALITY_IMPACT = "cvss:confidentiality-impact";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_INTEGRITY_IMPACT = "cvss:integrity-impact";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact";
         /**
          * The current node.
          */
         private String node;
 
         /**
          * Gets the value of node.
          *
          * @return the value of node
          */
         public String getNode() {
             return this.node;
         }
 
         /**
          * Sets the value of node.
          *
          * @param node new value of node
          */
         public void setNode(String node) {
             this.node = node;
         }
 
         /**
          * Checks if the handler is at the NVD node.
          *
          * @return true or false
          */
         public boolean isNVDNode() {
             return NVD.equals(node);
         }
 
         /**
          * Checks if the handler is at the ENTRY node.
          *
          * @return true or false
          */
         public boolean isEntryNode() {
             return ENTRY.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_PRODUCT node.
          *
          * @return true or false
          */
         public boolean isVulnProductNode() {
             return VULN_PRODUCT.equals(node);
         }
 
         /**
          * Checks if the handler is at the REFERENCES node.
          *
          * @return true or false
          */
         public boolean isVulnReferencesNode() {
             return VULN_REFERENCES.equals(node);
         }
 
         /**
          * Checks if the handler is at the REFERENCE node.
          *
          * @return true or false
          */
         public boolean isVulnReferenceNode() {
             return VULN_REFERENCE.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_SOURCE node.
          *
          * @return true or false
          */
         public boolean isVulnSourceNode() {
             return VULN_SOURCE.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_SUMMARY node.
          *
          * @return true or false
          */
         public boolean isVulnSummaryNode() {
             return VULN_SUMMARY.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_CWE node.
          *
          * @return true or false
          */
         public boolean isVulnCWENode() {
             return VULN_CWE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_SCORE node.
          *
          * @return true or false
          */
         public boolean isCVSSScoreNode() {
             return CVSS_SCORE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_ACCESS_VECTOR node.
          *
          * @return true or false
          */
         public boolean isCVSSAccessVectorNode() {
             return CVSS_ACCESS_VECTOR.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node.
          *
          * @return true or false
          */
         public boolean isCVSSAccessComplexityNode() {
             return CVSS_ACCESS_COMPLEXITY.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_AUTHENTICATION node.
          *
          * @return true or false
          */
         public boolean isCVSSAuthenticationNode() {
             return CVSS_AUTHENTICATION.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSConfidentialityImpactNode() {
             return CVSS_CONFIDENTIALITY_IMPACT.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_INTEGRITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSIntegrityImpactNode() {
             return CVSS_INTEGRITY_IMPACT.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSAvailabilityImpactNode() {
             return CVSS_AVAILABILITY_IMPACT.equals(node);
         }
     }
     // </editor-fold>
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.update.nvd;
19
20		import java.io.IOException;
21		import java.util.List;
22		import java.util.Map;
23		import org.apache.lucene.index.CorruptIndexException;
24		import org.owasp.dependencycheck.data.nvdcve.CveDB;
25		import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
26		import org.owasp.dependencycheck.dependency.Reference;
27		import org.owasp.dependencycheck.dependency.Vulnerability;
28		import org.owasp.dependencycheck.dependency.VulnerableSoftware;
29		import org.slf4j.Logger;
30		import org.slf4j.LoggerFactory;
31		import org.xml.sax.Attributes;
32		import org.xml.sax.SAXException;
33		import org.xml.sax.SAXNotSupportedException;
34		import org.xml.sax.helpers.DefaultHandler;
35
36		/**
37		* A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
38		*
39		* @author Jeremy Long
40		*/
41	2	public class NvdCve20Handler extends DefaultHandler {
42
43		/**
44		* The logger.
45		*/
46	1	private static final Logger LOGGER = LoggerFactory.getLogger(NvdCve20Handler.class);
47		/**
48		* the current supported schema version.
49		*/
50		private static final String CURRENT_SCHEMA_VERSION = "2.0";
51		/**
52		* the current element.
53		*/
54	2	private final Element current = new Element();
55		/**
56		* the text of the node.
57		*/
58		private StringBuilder nodeText;
59		/**
60		* the vulnerability.
61		*/
62		private Vulnerability vulnerability;
63		/**
64		* a reference for the cve.
65		*/
66		private Reference reference;
67		/**
68		* flag indicating whether the application has a cpe.
69		*/
70	2	private boolean hasApplicationCpe = false;
71		/**
72		* The total number of entries parsed.
73		*/
74		private int totalNumberOfEntries;
75
76		/**
77		* Get the value of totalNumberOfEntries.
78		*
79		* @return the value of totalNumberOfEntries
80		*/
81		public int getTotalNumberOfEntries() {
82	1	return totalNumberOfEntries;
83		}
84		/**
85		* The total number of application entries parsed.
86		*/
87		private int totalNumberOfApplicationEntries;
88
89		/**
90		* Get the value of totalNumberOfApplicationEntries.
91		*
92		* @return the value of totalNumberOfApplicationEntries
93		*/
94		public int getTotalNumberOfApplicationEntries() {
95	0	return totalNumberOfApplicationEntries;
96		}
97
98		@Override
99		public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
100	2510	current.setNode(qName);
101	2510	if (current.isEntryNode()) {
102	28	hasApplicationCpe = false;
103	28	vulnerability = new Vulnerability();
104	28	vulnerability.setName(attributes.getValue("id"));
105	2482	} else if (current.isVulnProductNode()) {
106	758	nodeText = new StringBuilder(100);
107	1724	} else if (current.isVulnReferencesNode()) {
108	95	final String lang = attributes.getValue("xml:lang");
109	95	if ("en".equals(lang)) {
110	95	reference = new Reference();
111		} else {
112	0	reference = null;
113		}
114	95	} else if (reference != null && current.isVulnReferenceNode()) {
115	95	reference.setUrl(attributes.getValue("href"));
116	95	nodeText = new StringBuilder(130);
117	1534	} else if (reference != null && current.isVulnSourceNode()) {
118	95	nodeText = new StringBuilder(30);
119	1439	} else if (current.isVulnSummaryNode()) {
120	28	nodeText = new StringBuilder(500);
121	1411	} else if (current.isNVDNode()) {
122	2	final String nvdVer = attributes.getValue("nvd_xml_version");
123	2	if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
124	0	throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
125		}
126	2	} else if (current.isVulnCWENode()) {
127	20	vulnerability.setCwe(attributes.getValue("id"));
128	1389	} else if (current.isCVSSScoreNode()) {
129	27	nodeText = new StringBuilder(5);
130	1362	} else if (current.isCVSSAccessVectorNode()) {
131	27	nodeText = new StringBuilder(20);
132	1335	} else if (current.isCVSSAccessComplexityNode()) {
133	27	nodeText = new StringBuilder(20);
134	1308	} else if (current.isCVSSAuthenticationNode()) {
135	27	nodeText = new StringBuilder(20);
136	1281	} else if (current.isCVSSAvailabilityImpactNode()) {
137	27	nodeText = new StringBuilder(20);
138	1254	} else if (current.isCVSSConfidentialityImpactNode()) {
139	27	nodeText = new StringBuilder(20);
140	1227	} else if (current.isCVSSIntegrityImpactNode()) {
141	27	nodeText = new StringBuilder(20);
142		}
143	2510	}
144
145		@Override
146		public void characters(char[] ch, int start, int length) throws SAXException {
147	4155	if (nodeText != null) {
148	1192	nodeText.append(ch, start, length);
149		}
150	4155	}
151
152		@Override
153		public void endElement(String uri, String localName, String qName) throws SAXException {
154	2510	current.setNode(qName);
155	2510	if (current.isEntryNode()) {
156	28	totalNumberOfEntries += 1;
157	28	if (hasApplicationCpe) {
158	20	totalNumberOfApplicationEntries += 1;
159		try {
160	20	saveEntry(vulnerability);
161	0	} catch (DatabaseException ex) {
162	0	throw new SAXException(ex);
163	0	} catch (CorruptIndexException ex) {
164	0	throw new SAXException(ex);
165	0	} catch (IOException ex) {
166	0	throw new SAXException(ex);
167	20	}
168		}
169	28	vulnerability = null;
170	2482	} else if (current.isCVSSScoreNode()) {
171		try {
172	27	final float score = Float.parseFloat(nodeText.toString());
173	27	vulnerability.setCvssScore(score);
174	0	} catch (NumberFormatException ex) {
175	0	LOGGER.error("Error parsing CVSS Score.");
176	0	LOGGER.debug("", ex);
177	27	}
178	27	nodeText = null;
179	2455	} else if (current.isCVSSAccessVectorNode()) {
180	27	vulnerability.setCvssAccessVector(nodeText.toString());
181	27	nodeText = null;
182	2428	} else if (current.isCVSSAccessComplexityNode()) {
183	27	vulnerability.setCvssAccessComplexity(nodeText.toString());
184	27	nodeText = null;
185	2401	} else if (current.isCVSSAuthenticationNode()) {
186	27	vulnerability.setCvssAuthentication(nodeText.toString());
187	27	nodeText = null;
188	2374	} else if (current.isCVSSAvailabilityImpactNode()) {
189	27	vulnerability.setCvssAvailabilityImpact(nodeText.toString());
190	27	nodeText = null;
191	2347	} else if (current.isCVSSConfidentialityImpactNode()) {
192	27	vulnerability.setCvssConfidentialityImpact(nodeText.toString());
193	27	nodeText = null;
194	2320	} else if (current.isCVSSIntegrityImpactNode()) {
195	27	vulnerability.setCvssIntegrityImpact(nodeText.toString());
196	27	nodeText = null;
197	2293	} else if (current.isVulnProductNode()) {
198	758	final String cpe = nodeText.toString();
199	758	if (cpe.startsWith("cpe:/a:")) {
200	645	hasApplicationCpe = true;
201	645	vulnerability.addVulnerableSoftware(cpe);
202		}
203	758	nodeText = null;
204	758	} else if (reference != null && current.isVulnReferencesNode()) {
205	95	vulnerability.addReference(reference);
206	95	reference = null;
207	1440	} else if (reference != null && current.isVulnReferenceNode()) {
208	95	reference.setName(nodeText.toString());
209	95	nodeText = null;
210	1345	} else if (reference != null && current.isVulnSourceNode()) {
211	95	reference.setSource(nodeText.toString());
212	95	nodeText = null;
213	1250	} else if (current.isVulnSummaryNode()) {
214	28	vulnerability.setDescription(nodeText.toString());
215	28	if (nodeText.indexOf(" REJECT ") >= 0) {
216	1	hasApplicationCpe = true; //ensure we process this to delete the vuln
217		}
218	28	nodeText = null;
219		}
220	2510	}
221		/**
222		* the cve database.
223		*/
224		private CveDB cveDB;
225
226		/**
227		* Sets the cveDB.
228		*
229		* @param db a reference to the CveDB
230		*/
231		public void setCveDB(CveDB db) {
232	0	cveDB = db;
233	0	}
234		/**
235		* A list of CVE entries and associated VulnerableSoftware entries that contain previous entries.
236		*/
237		private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
238
239		/**
240		* Sets the prevVersionVulnMap.
241		*
242		* @param map the map of vulnerable software with previous versions being vulnerable
243		*/
244		public void setPrevVersionVulnMap(Map<String, List<VulnerableSoftware>> map) {
245	1	prevVersionVulnMap = map;
246	1	}
247
248		/**
249		* Saves a vulnerability to the CVE Database.
250		*
251		* @param vuln the vulnerability to store in the database
252		* @throws DatabaseException thrown if there is an error writing to the database
253		* @throws CorruptIndexException is thrown if the CPE Index is corrupt
254		* @throws IOException thrown if there is an IOException with the CPE Index
255		*/
256		private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException {
257	20	final String cveName = vuln.getName();
258	20	if (prevVersionVulnMap != null && prevVersionVulnMap.containsKey(cveName)) {
259	1	final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
260	1	for (VulnerableSoftware vs : vulnSoftware) {
261	1	vuln.updateVulnerableSoftware(vs);
262	1	}
263		}
264	20	if (cveDB != null) {
265	0	cveDB.updateVulnerability(vuln);
266		}
267	20	}
268
269		// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
270		/**
271		* A simple class to maintain information about the current element while parsing the NVD CVE XML.
272		*/
273	2	protected static class Element {
274
275		/**
276		* A node type in the NVD CVE Schema 2.0
277		*/
278		public static final String NVD = "nvd";
279		/**
280		* A node type in the NVD CVE Schema 2.0
281		*/
282		public static final String ENTRY = "entry";
283		/**
284		* A node type in the NVD CVE Schema 2.0
285		*/
286		public static final String VULN_PRODUCT = "vuln:product";
287		/**
288		* A node type in the NVD CVE Schema 2.0
289		*/
290		public static final String VULN_REFERENCES = "vuln:references";
291		/**
292		* A node type in the NVD CVE Schema 2.0
293		*/
294		public static final String VULN_SOURCE = "vuln:source";
295		/**
296		* A node type in the NVD CVE Schema 2.0
297		*/
298		public static final String VULN_REFERENCE = "vuln:reference";
299		/**
300		* A node type in the NVD CVE Schema 2.0
301		*/
302		public static final String VULN_SUMMARY = "vuln:summary";
303		/**
304		* A node type in the NVD CVE Schema 2.0
305		*/
306		public static final String VULN_CWE = "vuln:cwe";
307		/**
308		* A node type in the NVD CVE Schema 2.0
309		*/
310		public static final String CVSS_SCORE = "cvss:score";
311		/**
312		* A node type in the NVD CVE Schema 2.0
313		*/
314		public static final String CVSS_ACCESS_VECTOR = "cvss:access-vector";
315		/**
316		* A node type in the NVD CVE Schema 2.0
317		*/
318		public static final String CVSS_ACCESS_COMPLEXITY = "cvss:access-complexity";
319		/**
320		* A node type in the NVD CVE Schema 2.0
321		*/
322		public static final String CVSS_AUTHENTICATION = "cvss:authentication";
323		/**
324		* A node type in the NVD CVE Schema 2.0
325		*/
326		public static final String CVSS_CONFIDENTIALITY_IMPACT = "cvss:confidentiality-impact";
327		/**
328		* A node type in the NVD CVE Schema 2.0
329		*/
330		public static final String CVSS_INTEGRITY_IMPACT = "cvss:integrity-impact";
331		/**
332		* A node type in the NVD CVE Schema 2.0
333		*/
334		public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact";
335		/**
336		* The current node.
337		*/
338		private String node;
339
340		/**
341		* Gets the value of node.
342		*
343		* @return the value of node
344		*/
345		public String getNode() {
346	0	return this.node;
347		}
348
349		/**
350		* Sets the value of node.
351		*
352		* @param node new value of node
353		*/
354		public void setNode(String node) {
355	5020	this.node = node;
356	5020	}
357
358		/**
359		* Checks if the handler is at the NVD node.
360		*
361		* @return true or false
362		*/
363		public boolean isNVDNode() {
364	1411	return NVD.equals(node);
365		}
366
367		/**
368		* Checks if the handler is at the ENTRY node.
369		*
370		* @return true or false
371		*/
372		public boolean isEntryNode() {
373	5020	return ENTRY.equals(node);
374		}
375
376		/**
377		* Checks if the handler is at the VULN_PRODUCT node.
378		*
379		* @return true or false
380		*/
381		public boolean isVulnProductNode() {
382	4775	return VULN_PRODUCT.equals(node);
383		}
384
385		/**
386		* Checks if the handler is at the REFERENCES node.
387		*
388		* @return true or false
389		*/
390		public boolean isVulnReferencesNode() {
391	2009	return VULN_REFERENCES.equals(node);
392		}
393
394		/**
395		* Checks if the handler is at the REFERENCE node.
396		*
397		* @return true or false
398		*/
399		public boolean isVulnReferenceNode() {
400	380	return VULN_REFERENCE.equals(node);
401		}
402
403		/**
404		* Checks if the handler is at the VULN_SOURCE node.
405		*
406		* @return true or false
407		*/
408		public boolean isVulnSourceNode() {
409	190	return VULN_SOURCE.equals(node);
410		}
411
412		/**
413		* Checks if the handler is at the VULN_SUMMARY node.
414		*
415		* @return true or false
416		*/
417		public boolean isVulnSummaryNode() {
418	2689	return VULN_SUMMARY.equals(node);
419		}
420
421		/**
422		* Checks if the handler is at the VULN_CWE node.
423		*
424		* @return true or false
425		*/
426		public boolean isVulnCWENode() {
427	1409	return VULN_CWE.equals(node);
428		}
429
430		/**
431		* Checks if the handler is at the CVSS_SCORE node.
432		*
433		* @return true or false
434		*/
435		public boolean isCVSSScoreNode() {
436	3871	return CVSS_SCORE.equals(node);
437		}
438
439		/**
440		* Checks if the handler is at the CVSS_ACCESS_VECTOR node.
441		*
442		* @return true or false
443		*/
444		public boolean isCVSSAccessVectorNode() {
445	3817	return CVSS_ACCESS_VECTOR.equals(node);
446		}
447
448		/**
449		* Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node.
450		*
451		* @return true or false
452		*/
453		public boolean isCVSSAccessComplexityNode() {
454	3763	return CVSS_ACCESS_COMPLEXITY.equals(node);
455		}
456
457		/**
458		* Checks if the handler is at the CVSS_AUTHENTICATION node.
459		*
460		* @return true or false
461		*/
462		public boolean isCVSSAuthenticationNode() {
463	3709	return CVSS_AUTHENTICATION.equals(node);
464		}
465
466		/**
467		* Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node.
468		*
469		* @return true or false
470		*/
471		public boolean isCVSSConfidentialityImpactNode() {
472	3601	return CVSS_CONFIDENTIALITY_IMPACT.equals(node);
473		}
474
475		/**
476		* Checks if the handler is at the CVSS_INTEGRITY_IMPACT node.
477		*
478		* @return true or false
479		*/
480		public boolean isCVSSIntegrityImpactNode() {
481	3547	return CVSS_INTEGRITY_IMPACT.equals(node);
482		}
483
484		/**
485		* Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node.
486		*
487		* @return true or false
488		*/
489		public boolean isCVSSAvailabilityImpactNode() {
490	3655	return CVSS_AVAILABILITY_IMPACT.equals(node);
491		}
492		}
493		// </editor-fold>
494		}