1 /*
2 * This file is part of dependency-check-core.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17 */
18 package org.owasp.dependencycheck.data.nvdcve;
19
20 import java.text.DateFormat;
21 import java.text.SimpleDateFormat;
22 import java.util.Date;
23 import java.util.Map;
24 import java.util.Map.Entry;
25 import java.util.Properties;
26 import java.util.TreeMap;
27 import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
28 import org.owasp.dependencycheck.data.update.exception.UpdateException;
29 import org.slf4j.Logger;
30 import org.slf4j.LoggerFactory;
31
32 /**
33 * This is a wrapper around a set of properties that are stored in the database.
34 *
35 * @author Jeremy Long
36 */
37 public class DatabaseProperties {
38
39 /**
40 * The Logger.
41 */
42 private static final Logger LOGGER = LoggerFactory.getLogger(DatabaseProperties.class);
43 /**
44 * Modified key word, used as a key to store information about the modified file (i.e. the containing the last 8 days of
45 * updates)..
46 */
47 public static final String MODIFIED = "Modified";
48 /**
49 * The properties file key for the last updated field - used to store the last updated time of the Modified NVD CVE xml file.
50 */
51 public static final String LAST_UPDATED = "NVD CVE Modified";
52 /**
53 * Stores the last updated time for each of the NVD CVE files. These timestamps should be updated if we process the modified
54 * file within 7 days of the last update.
55 */
56 public static final String LAST_UPDATED_BASE = "NVD CVE ";
57 /**
58 * The key for the last time the CPE data was updated.
59 */
60 public static final String LAST_CPE_UPDATE = "LAST_CPE_UPDATE";
61 /**
62 * The key for the database schema version.
63 */
64 public static final String VERSION = "version";
65
66 /**
67 * A collection of properties about the data.
68 */
69 private Properties properties;
70 /**
71 * A reference to the database.
72 */
73 private CveDB cveDB;
74
75 /**
76 * Constructs a new data properties object.
77 *
78 * @param cveDB the database object holding the properties
79 */
80 DatabaseProperties(CveDB cveDB) {
81 this.cveDB = cveDB;
82 loadProperties();
83 }
84
85 /**
86 * Loads the properties from the database.
87 */
88 private void loadProperties() {
89 this.properties = cveDB.getProperties();
90 }
91
92 /**
93 * Returns whether or not any properties are set.
94 *
95 * @return whether or not any properties are set
96 */
97 public boolean isEmpty() {
98 return properties == null || properties.isEmpty();
99 }
100
101 /**
102 * Saves the last updated information to the properties file.
103 *
104 * @param updatedValue the updated NVD CVE entry
105 * @throws UpdateException is thrown if there is an update exception
106 */
107 public void save(NvdCveInfo updatedValue) throws UpdateException {
108 if (updatedValue == null) {
109 return;
110 }
111 save(LAST_UPDATED_BASE + updatedValue.getId(), String.valueOf(updatedValue.getTimestamp()));
112 }
113
114 /**
115 * Saves the key value pair to the properties store.
116 *
117 * @param key the property key
118 * @param value the property value
119 * @throws UpdateException is thrown if there is an update exception
120 */
121 public void save(String key, String value) throws UpdateException {
122 properties.put(key, value);
123 cveDB.saveProperty(key, value);
124 }
125
126 /**
127 * Returns the property value for the given key. If the key is not contained in the underlying properties null is returned.
128 *
129 * @param key the property key
130 * @return the value of the property
131 */
132 public String getProperty(String key) {
133 return properties.getProperty(key);
134 }
135
136 /**
137 * Returns the property value for the given key. If the key is not contained in the underlying properties the default value is
138 * returned.
139 *
140 * @param key the property key
141 * @param defaultValue the default value
142 * @return the value of the property
143 */
144 public String getProperty(String key, String defaultValue) {
145 return properties.getProperty(key, defaultValue);
146 }
147
148 /**
149 * Returns the collection of Database Properties as a properties collection.
150 *
151 * @return the collection of Database Properties
152 */
153 public Properties getProperties() {
154 return properties;
155 }
156
157 /**
158 * Returns a map of the meta data from the database properties. This primarily contains timestamps of when the NVD CVE
159 * information was last updated.
160 *
161 * @return a map of the database meta data
162 */
163 public Map<String, String> getMetaData() {
164 final Map<String, String> map = new TreeMap<String, String>();
165 for (Entry<Object, Object> entry : properties.entrySet()) {
166 final String key = (String) entry.getKey();
167 if (!"version".equals(key)) {
168 if (key.startsWith("NVD CVE ")) {
169 try {
170 final long epoch = Long.parseLong((String) entry.getValue());
171 final Date date = new Date(epoch);
172 final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
173 final String formatted = format.format(date);
174 map.put(key, formatted);
175 } catch (Throwable ex) { //deliberately being broad in this catch clause
176 LOGGER.debug("Unable to parse timestamp from DB", ex);
177 map.put(key, (String) entry.getValue());
178 }
179 } else {
180 map.put(key, (String) entry.getValue());
181 }
182 }
183 }
184 return map;
185 }
186 }