View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.data.nvdcve;
19  
20  import java.util.Map;
21  import java.util.Map.Entry;
22  import java.util.Properties;
23  import java.util.TreeMap;
24  import org.joda.time.DateTime;
25  import org.joda.time.format.DateTimeFormat;
26  import org.joda.time.format.DateTimeFormatter;
27  import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
28  import org.owasp.dependencycheck.data.update.exception.UpdateException;
29  import org.slf4j.Logger;
30  import org.slf4j.LoggerFactory;
31  
32  /**
33   * This is a wrapper around a set of properties that are stored in the database.
34   *
35   * @author Jeremy Long
36   */
37  public class DatabaseProperties {
38  
39      /**
40       * The Logger.
41       */
42      private static final Logger LOGGER = LoggerFactory.getLogger(DatabaseProperties.class);
43      /**
44       * Modified key word, used as a key to store information about the modified
45       * file (i.e. the containing the last 8 days of updates)..
46       */
47      public static final String MODIFIED = "Modified";
48      /**
49       * The properties file key for the last checked field - used to store the
50       * last check time of the Modified NVD CVE xml file.
51       */
52      public static final String LAST_CHECKED = "NVD CVE Checked";
53      /**
54       * The properties file key for the last updated field - used to store the
55       * last updated time of the Modified NVD CVE xml file.
56       */
57      public static final String LAST_UPDATED = "NVD CVE Modified";
58      /**
59       * Stores the last updated time for each of the NVD CVE files. These
60       * timestamps should be updated if we process the modified file within 7
61       * days of the last update.
62       */
63      public static final String LAST_UPDATED_BASE = "NVD CVE ";
64      /**
65       * The key for the last time the CPE data was updated.
66       */
67      public static final String LAST_CPE_UPDATE = "LAST_CPE_UPDATE";
68      /**
69       * The key for the database schema version.
70       */
71      public static final String VERSION = "version";
72  
73      /**
74       * A collection of properties about the data.
75       */
76      private final Properties properties;
77      /**
78       * A reference to the database.
79       */
80      private final CveDB cveDB;
81  
82      /**
83       * Constructs a new data properties object.
84       *
85       * @param cveDB the database object holding the properties
86       */
87      DatabaseProperties(CveDB cveDB) {
88          this.cveDB = cveDB;
89          this.properties = cveDB.getProperties();
90      }
91  
92      /**
93       * Returns whether or not any properties are set.
94       *
95       * @return whether or not any properties are set
96       */
97      public boolean isEmpty() {
98          return properties == null || properties.isEmpty();
99      }
100 
101     /**
102      * Saves the last updated information to the properties file.
103      *
104      * @param updatedValue the updated NVD CVE entry
105      * @throws UpdateException is thrown if there is an update exception
106      */
107     public void save(NvdCveInfo updatedValue) throws UpdateException {
108         if (updatedValue == null) {
109             return;
110         }
111         save(LAST_UPDATED_BASE + updatedValue.getId(), String.valueOf(updatedValue.getTimestamp()));
112     }
113 
114     /**
115      * Saves the key value pair to the properties store.
116      *
117      * @param key the property key
118      * @param value the property value
119      * @throws UpdateException is thrown if there is an update exception
120      */
121     public void save(String key, String value) throws UpdateException {
122         properties.put(key, value);
123         cveDB.saveProperty(key, value);
124     }
125 
126     /**
127      * Returns the property value for the given key. If the key is not contained
128      * in the underlying properties null is returned.
129      *
130      * @param key the property key
131      * @return the value of the property
132      */
133     public String getProperty(String key) {
134         return properties.getProperty(key);
135     }
136 
137     /**
138      * Returns the property value for the given key. If the key is not contained
139      * in the underlying properties the default value is returned.
140      *
141      * @param key the property key
142      * @param defaultValue the default value
143      * @return the value of the property
144      */
145     public String getProperty(String key, String defaultValue) {
146         return properties.getProperty(key, defaultValue);
147     }
148 
149     /**
150      * Returns the collection of Database Properties as a properties collection.
151      *
152      * @return the collection of Database Properties
153      */
154     public Properties getProperties() {
155         return properties;
156     }
157 
158     /**
159      * Returns a map of the meta data from the database properties. This
160      * primarily contains timestamps of when the NVD CVE information was last
161      * updated.
162      *
163      * @return a map of the database meta data
164      */
165     public Map<String, String> getMetaData() {
166         final Map<String, String> map = new TreeMap<String, String>();
167         for (Entry<Object, Object> entry : properties.entrySet()) {
168             final String key = (String) entry.getKey();
169             if (!"version".equals(key)) {
170                 if (key.startsWith("NVD CVE ")) {
171                     try {
172                         final long epoch = Long.parseLong((String) entry.getValue());
173                         final DateTime date = new DateTime(epoch);
174                         final DateTimeFormatter format = DateTimeFormat.forPattern("dd/MM/yyyy HH:mm:ss");
175                         final String formatted = format.print(date);
176 //                        final Date date = new Date(epoch);
177 //                        final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
178 //                        final String formatted = format.format(date);
179                         map.put(key, formatted);
180                     } catch (Throwable ex) { //deliberately being broad in this catch clause
181                         LOGGER.debug("Unable to parse timestamp from DB", ex);
182                         map.put(key, (String) entry.getValue());
183                     }
184                 } else {
185                     map.put(key, (String) entry.getValue());
186                 }
187             }
188         }
189         return map;
190     }
191 }