Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.xml.NvdCve20Handler

Classes in this File

Line Coverage

Branch Coverage

Complexity

NvdCve20Handler

79%

99/124

89%

75/84

3.04

NvdCve20Handler$Element

94%

18/19

N/A

3.04

 /*
  * This file is part of dependency-check-core.
  *
  * Dependency-check-core is free software: you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation, either version 3 of the License, or (at your option) any
  * later version.
  *
  * Dependency-check-core is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
  *
  * You should have received a copy of the GNU General Public License along with
  * dependency-check-core. If not, see http://www.gnu.org/licenses/.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update.xml;
 
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.apache.lucene.index.CorruptIndexException;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.dependency.Reference;
 import org.owasp.dependencycheck.dependency.Vulnerability;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotSupportedException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class NvdCve20Handler extends DefaultHandler {
 
     /**
      * the current supported schema version.
      */
     private static final String CURRENT_SCHEMA_VERSION = "2.0";
     /**
      * the current element.
      */
     private final Element current = new Element();
     /**
      * the text of the node.
      */
     private StringBuilder nodeText;
     /**
      * the vulnerability.
      */
     private Vulnerability vulnerability;
     /**
      * a reference for the cve.
      */
     private Reference reference;
     /**
      * flag indicating whether the application has a cpe.
      */
     private boolean hasApplicationCpe = false;
     /**
      * The total number of entries parsed.
      */
     private int totalNumberOfEntries;
 
     /**
      * Get the value of totalNumberOfEntries.
      *
      * @return the value of totalNumberOfEntries
      */
     public int getTotalNumberOfEntries() {
         return totalNumberOfEntries;
     }
     /**
      * The total number of application entries parsed.
      */
     private int totalNumberOfApplicationEntries;
 
     /**
      * Get the value of totalNumberOfApplicationEntries.
      *
      * @return the value of totalNumberOfApplicationEntries
      */
     public int getTotalNumberOfApplicationEntries() {
         return totalNumberOfApplicationEntries;
     }
 
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
         current.setNode(qName);
         if (current.isEntryNode()) {
             hasApplicationCpe = false;
             vulnerability = new Vulnerability();
             vulnerability.setName(attributes.getValue("id"));
         } else if (current.isVulnProductNode()) {
             nodeText = new StringBuilder(100);
         } else if (current.isVulnReferencesNode()) {
             final String lang = attributes.getValue("xml:lang");
             if ("en".equals(lang)) {
                 reference = new Reference();
             } else {
                 reference = null;
             }
         } else if (reference != null && current.isVulnReferenceNode()) {
             reference.setUrl(attributes.getValue("href"));
             nodeText = new StringBuilder(130);
         } else if (reference != null && current.isVulnSourceNode()) {
             nodeText = new StringBuilder(30);
         } else if (current.isVulnSummaryNode()) {
             nodeText = new StringBuilder(500);
         } else if (current.isNVDNode()) {
             final String nvdVer = attributes.getValue("nvd_xml_version");
             if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
                 throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
             }
         } else if (current.isVulnCWENode()) {
             vulnerability.setCwe(attributes.getValue("id"));
         } else if (current.isCVSSScoreNode()) {
             nodeText = new StringBuilder(5);
         } else if (current.isCVSSAccessVectorNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAccessComplexityNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAuthenticationNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAvailabilityImpactNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSConfidentialityImpactNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSIntegrityImpactNode()) {
             nodeText = new StringBuilder(20);
         }
     }
 
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
         if (nodeText != null) {
             nodeText.append(ch, start, length);
         }
     }
 
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         current.setNode(qName);
         if (current.isEntryNode()) {
             totalNumberOfEntries += 1;
             if (hasApplicationCpe) {
                 totalNumberOfApplicationEntries += 1;
                 try {
                     saveEntry(vulnerability);
                 } catch (DatabaseException ex) {
                     throw new SAXException(ex);
                 } catch (CorruptIndexException ex) {
                     throw new SAXException(ex);
                 } catch (IOException ex) {
                     throw new SAXException(ex);
                 }
             }
             vulnerability = null;
         } else if (current.isCVSSScoreNode()) {
             try {
                 final float score = Float.parseFloat(nodeText.toString());
                 vulnerability.setCvssScore(score);
             } catch (NumberFormatException ex) {
                 Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, "Error parsing CVSS Score.");
                 Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, null, ex);
             }
             nodeText = null;
         } else if (current.isCVSSAccessVectorNode()) {
             vulnerability.setCvssAccessVector(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAccessComplexityNode()) {
             vulnerability.setCvssAccessComplexity(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAuthenticationNode()) {
             vulnerability.setCvssAuthentication(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAvailabilityImpactNode()) {
             vulnerability.setCvssAvailabilityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSConfidentialityImpactNode()) {
             vulnerability.setCvssConfidentialityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSIntegrityImpactNode()) {
             vulnerability.setCvssIntegrityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isVulnProductNode()) {
             final String cpe = nodeText.toString();
             if (cpe.startsWith("cpe:/a:")) {
                 hasApplicationCpe = true;
                 vulnerability.addVulnerableSoftware(cpe);
             }
             nodeText = null;
         } else if (reference != null && current.isVulnReferencesNode()) {
             vulnerability.addReference(reference);
             reference = null;
         } else if (reference != null && current.isVulnReferenceNode()) {
             reference.setName(nodeText.toString());
             nodeText = null;
         } else if (reference != null && current.isVulnSourceNode()) {
             reference.setSource(nodeText.toString());
             nodeText = null;
         } else if (current.isVulnSummaryNode()) {
             vulnerability.setDescription(nodeText.toString());
             if (nodeText.indexOf("** REJECT **") >= 0) {
                 hasApplicationCpe = true; //ensure we process this to delete the vuln
             }
             nodeText = null;
         }
     }
     /**
      * the cve database.
      */
     private CveDB cveDB;
 
     /**
      * Sets the cveDB.
      *
      * @param db a reference to the CveDB
      */
     public void setCveDB(CveDB db) {
         cveDB = db;
     }
     /**
      * A list of CVE entries and associated VulnerableSoftware entries that
      * contain previous entries.
      */
     private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
 
     /**
      * Sets the prevVersionVulnMap.
      *
      * @param map the map of vulnerable software with previous versions being
      * vulnerable
      */
     public void setPrevVersionVulnMap(Map<String, List<VulnerableSoftware>> map) {
         prevVersionVulnMap = map;
     }
 
     /**
      * Saves a vulnerability to the CVE Database.
      *
      * @param vuln the vulnerability to store in the database
      * @throws DatabaseException thrown if there is an error writing to the
      * database
      * @throws CorruptIndexException is thrown if the CPE Index is corrupt
      * @throws IOException thrown if there is an IOException with the CPE Index
      */
     private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException {
         if (cveDB == null) {
             return;
         }
         final String cveName = vuln.getName();
         if (prevVersionVulnMap.containsKey(cveName)) {
             final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
             for (VulnerableSoftware vs : vulnSoftware) {
                 vuln.updateVulnerableSoftware(vs);
             }
         }
         cveDB.updateVulnerability(vuln);
     }
 
     // <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
     /**
      * A simple class to maintain information about the current element while
      * parsing the NVD CVE XML.
      */
     protected static class Element {
 
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String NVD = "nvd";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String ENTRY = "entry";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_PRODUCT = "vuln:product";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_REFERENCES = "vuln:references";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_SOURCE = "vuln:source";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_REFERENCE = "vuln:reference";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_SUMMARY = "vuln:summary";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_CWE = "vuln:cwe";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_SCORE = "cvss:score";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_ACCESS_VECTOR = "cvss:access-vector";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_ACCESS_COMPLEXITY = "cvss:access-complexity";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_AUTHENTICATION = "cvss:authentication";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_CONFIDENTIALITY_IMPACT = "cvss:confidentiality-impact";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_INTEGRITY_IMPACT = "cvss:integrity-impact";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact";
         /**
          * The current node.
          */
         private String node;
 
         /**
          * Gets the value of node.
          *
          * @return the value of node
          */
         public String getNode() {
             return this.node;
         }
 
         /**
          * Sets the value of node.
          *
          * @param node new value of node
          */
         public void setNode(String node) {
             this.node = node;
         }
 
         /**
          * Checks if the handler is at the NVD node.
          *
          * @return true or false
          */
         public boolean isNVDNode() {
             return NVD.equals(node);
         }
 
         /**
          * Checks if the handler is at the ENTRY node.
          *
          * @return true or false
          */
         public boolean isEntryNode() {
             return ENTRY.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_PRODUCT node.
          *
          * @return true or false
          */
         public boolean isVulnProductNode() {
             return VULN_PRODUCT.equals(node);
         }
 
         /**
          * Checks if the handler is at the REFERENCES node.
          *
          * @return true or false
          */
         public boolean isVulnReferencesNode() {
             return VULN_REFERENCES.equals(node);
         }
 
         /**
          * Checks if the handler is at the REFERENCE node.
          *
          * @return true or false
          */
         public boolean isVulnReferenceNode() {
             return VULN_REFERENCE.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_SOURCE node.
          *
          * @return true or false
          */
         public boolean isVulnSourceNode() {
             return VULN_SOURCE.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_SUMMARY node.
          *
          * @return true or false
          */
         public boolean isVulnSummaryNode() {
             return VULN_SUMMARY.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_CWE node.
          *
          * @return true or false
          */
         public boolean isVulnCWENode() {
             return VULN_CWE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_SCORE node.
          *
          * @return true or false
          */
         public boolean isCVSSScoreNode() {
             return CVSS_SCORE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_ACCESS_VECTOR node.
          *
          * @return true or false
          */
         public boolean isCVSSAccessVectorNode() {
             return CVSS_ACCESS_VECTOR.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node.
          *
          * @return true or false
          */
         public boolean isCVSSAccessComplexityNode() {
             return CVSS_ACCESS_COMPLEXITY.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_AUTHENTICATION node.
          *
          * @return true or false
          */
         public boolean isCVSSAuthenticationNode() {
             return CVSS_AUTHENTICATION.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSConfidentialityImpactNode() {
             return CVSS_CONFIDENTIALITY_IMPACT.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_INTEGRITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSIntegrityImpactNode() {
             return CVSS_INTEGRITY_IMPACT.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSAvailabilityImpactNode() {
             return CVSS_AVAILABILITY_IMPACT.equals(node);
         }
     }
     // </editor-fold>
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Dependency-check-core is free software: you can redistribute it and/or modify it
5		* under the terms of the GNU General Public License as published by the Free
6		* Software Foundation, either version 3 of the License, or (at your option) any
7		* later version.
8		*
9		* Dependency-check-core is distributed in the hope that it will be useful, but
10		* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11		* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
12		* details.
13		*
14		* You should have received a copy of the GNU General Public License along with
15		* dependency-check-core. If not, see http://www.gnu.org/licenses/.
16		*
17		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
18		*/
19		package org.owasp.dependencycheck.data.update.xml;
20
21		import java.io.IOException;
22		import java.util.List;
23		import java.util.Map;
24		import java.util.logging.Level;
25		import java.util.logging.Logger;
26		import org.apache.lucene.index.CorruptIndexException;
27		import org.owasp.dependencycheck.data.nvdcve.CveDB;
28		import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
29		import org.owasp.dependencycheck.dependency.Reference;
30		import org.owasp.dependencycheck.dependency.Vulnerability;
31		import org.owasp.dependencycheck.dependency.VulnerableSoftware;
32		import org.xml.sax.Attributes;
33		import org.xml.sax.SAXException;
34		import org.xml.sax.SAXNotSupportedException;
35		import org.xml.sax.helpers.DefaultHandler;
36
37		/**
38		* A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
39		*
40		* @author Jeremy Long <jeremy.long@owasp.org>
41		*/
42	1	public class NvdCve20Handler extends DefaultHandler {
43
44		/**
45		* the current supported schema version.
46		*/
47		private static final String CURRENT_SCHEMA_VERSION = "2.0";
48		/**
49		* the current element.
50		*/
51	1	private final Element current = new Element();
52		/**
53		* the text of the node.
54		*/
55		private StringBuilder nodeText;
56		/**
57		* the vulnerability.
58		*/
59		private Vulnerability vulnerability;
60		/**
61		* a reference for the cve.
62		*/
63		private Reference reference;
64		/**
65		* flag indicating whether the application has a cpe.
66		*/
67	1	private boolean hasApplicationCpe = false;
68		/**
69		* The total number of entries parsed.
70		*/
71		private int totalNumberOfEntries;
72
73		/**
74		* Get the value of totalNumberOfEntries.
75		*
76		* @return the value of totalNumberOfEntries
77		*/
78		public int getTotalNumberOfEntries() {
79	0	return totalNumberOfEntries;
80		}
81		/**
82		* The total number of application entries parsed.
83		*/
84		private int totalNumberOfApplicationEntries;
85
86		/**
87		* Get the value of totalNumberOfApplicationEntries.
88		*
89		* @return the value of totalNumberOfApplicationEntries
90		*/
91		public int getTotalNumberOfApplicationEntries() {
92	0	return totalNumberOfApplicationEntries;
93		}
94
95		@Override
96		public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
97	2412	current.setNode(qName);
98	2412	if (current.isEntryNode()) {
99	27	hasApplicationCpe = false;
100	27	vulnerability = new Vulnerability();
101	27	vulnerability.setName(attributes.getValue("id"));
102	2385	} else if (current.isVulnProductNode()) {
103	727	nodeText = new StringBuilder(100);
104	1658	} else if (current.isVulnReferencesNode()) {
105	90	final String lang = attributes.getValue("xml:lang");
106	90	if ("en".equals(lang)) {
107	90	reference = new Reference();
108		} else {
109	0	reference = null;
110		}
111	90	} else if (reference != null && current.isVulnReferenceNode()) {
112	90	reference.setUrl(attributes.getValue("href"));
113	90	nodeText = new StringBuilder(130);
114	1478	} else if (reference != null && current.isVulnSourceNode()) {
115	90	nodeText = new StringBuilder(30);
116	1388	} else if (current.isVulnSummaryNode()) {
117	27	nodeText = new StringBuilder(500);
118	1361	} else if (current.isNVDNode()) {
119	1	final String nvdVer = attributes.getValue("nvd_xml_version");
120	1	if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
121	0	throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
122		}
123	1	} else if (current.isVulnCWENode()) {
124	19	vulnerability.setCwe(attributes.getValue("id"));
125	1341	} else if (current.isCVSSScoreNode()) {
126	26	nodeText = new StringBuilder(5);
127	1315	} else if (current.isCVSSAccessVectorNode()) {
128	26	nodeText = new StringBuilder(20);
129	1289	} else if (current.isCVSSAccessComplexityNode()) {
130	26	nodeText = new StringBuilder(20);
131	1263	} else if (current.isCVSSAuthenticationNode()) {
132	26	nodeText = new StringBuilder(20);
133	1237	} else if (current.isCVSSAvailabilityImpactNode()) {
134	26	nodeText = new StringBuilder(20);
135	1211	} else if (current.isCVSSConfidentialityImpactNode()) {
136	26	nodeText = new StringBuilder(20);
137	1185	} else if (current.isCVSSIntegrityImpactNode()) {
138	26	nodeText = new StringBuilder(20);
139		}
140	2412	}
141
142		@Override
143		public void characters(char[] ch, int start, int length) throws SAXException {
144	3987	if (nodeText != null) {
145	1142	nodeText.append(ch, start, length);
146		}
147	3987	}
148
149		@Override
150		public void endElement(String uri, String localName, String qName) throws SAXException {
151	2412	current.setNode(qName);
152	2412	if (current.isEntryNode()) {
153	27	totalNumberOfEntries += 1;
154	27	if (hasApplicationCpe) {
155	19	totalNumberOfApplicationEntries += 1;
156		try {
157	19	saveEntry(vulnerability);
158	0	} catch (DatabaseException ex) {
159	0	throw new SAXException(ex);
160	0	} catch (CorruptIndexException ex) {
161	0	throw new SAXException(ex);
162	0	} catch (IOException ex) {
163	0	throw new SAXException(ex);
164	19	}
165		}
166	27	vulnerability = null;
167	2385	} else if (current.isCVSSScoreNode()) {
168		try {
169	26	final float score = Float.parseFloat(nodeText.toString());
170	26	vulnerability.setCvssScore(score);
171	0	} catch (NumberFormatException ex) {
172	0	Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, "Error parsing CVSS Score.");
173	0	Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, null, ex);
174	26	}
175	26	nodeText = null;
176	2359	} else if (current.isCVSSAccessVectorNode()) {
177	26	vulnerability.setCvssAccessVector(nodeText.toString());
178	26	nodeText = null;
179	2333	} else if (current.isCVSSAccessComplexityNode()) {
180	26	vulnerability.setCvssAccessComplexity(nodeText.toString());
181	26	nodeText = null;
182	2307	} else if (current.isCVSSAuthenticationNode()) {
183	26	vulnerability.setCvssAuthentication(nodeText.toString());
184	26	nodeText = null;
185	2281	} else if (current.isCVSSAvailabilityImpactNode()) {
186	26	vulnerability.setCvssAvailabilityImpact(nodeText.toString());
187	26	nodeText = null;
188	2255	} else if (current.isCVSSConfidentialityImpactNode()) {
189	26	vulnerability.setCvssConfidentialityImpact(nodeText.toString());
190	26	nodeText = null;
191	2229	} else if (current.isCVSSIntegrityImpactNode()) {
192	26	vulnerability.setCvssIntegrityImpact(nodeText.toString());
193	26	nodeText = null;
194	2203	} else if (current.isVulnProductNode()) {
195	727	final String cpe = nodeText.toString();
196	727	if (cpe.startsWith("cpe:/a:")) {
197	614	hasApplicationCpe = true;
198	614	vulnerability.addVulnerableSoftware(cpe);
199		}
200	727	nodeText = null;
201	727	} else if (reference != null && current.isVulnReferencesNode()) {
202	90	vulnerability.addReference(reference);
203	90	reference = null;
204	1386	} else if (reference != null && current.isVulnReferenceNode()) {
205	90	reference.setName(nodeText.toString());
206	90	nodeText = null;
207	1296	} else if (reference != null && current.isVulnSourceNode()) {
208	90	reference.setSource(nodeText.toString());
209	90	nodeText = null;
210	1206	} else if (current.isVulnSummaryNode()) {
211	27	vulnerability.setDescription(nodeText.toString());
212	27	if (nodeText.indexOf(" REJECT ") >= 0) {
213	1	hasApplicationCpe = true; //ensure we process this to delete the vuln
214		}
215	27	nodeText = null;
216		}
217	2412	}
218		/**
219		* the cve database.
220		*/
221		private CveDB cveDB;
222
223		/**
224		* Sets the cveDB.
225		*
226		* @param db a reference to the CveDB
227		*/
228		public void setCveDB(CveDB db) {
229	0	cveDB = db;
230	0	}
231		/**
232		* A list of CVE entries and associated VulnerableSoftware entries that
233		* contain previous entries.
234		*/
235		private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
236
237		/**
238		* Sets the prevVersionVulnMap.
239		*
240		* @param map the map of vulnerable software with previous versions being
241		* vulnerable
242		*/
243		public void setPrevVersionVulnMap(Map<String, List<VulnerableSoftware>> map) {
244	0	prevVersionVulnMap = map;
245	0	}
246
247		/**
248		* Saves a vulnerability to the CVE Database.
249		*
250		* @param vuln the vulnerability to store in the database
251		* @throws DatabaseException thrown if there is an error writing to the
252		* database
253		* @throws CorruptIndexException is thrown if the CPE Index is corrupt
254		* @throws IOException thrown if there is an IOException with the CPE Index
255		*/
256		private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException {
257	19	if (cveDB == null) {
258	19	return;
259		}
260	0	final String cveName = vuln.getName();
261	0	if (prevVersionVulnMap.containsKey(cveName)) {
262	0	final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
263	0	for (VulnerableSoftware vs : vulnSoftware) {
264	0	vuln.updateVulnerableSoftware(vs);
265	0	}
266		}
267	0	cveDB.updateVulnerability(vuln);
268	0	}
269
270		// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
271		/**
272		* A simple class to maintain information about the current element while
273		* parsing the NVD CVE XML.
274		*/
275	1	protected static class Element {
276
277		/**
278		* A node type in the NVD CVE Schema 2.0
279		*/
280		public static final String NVD = "nvd";
281		/**
282		* A node type in the NVD CVE Schema 2.0
283		*/
284		public static final String ENTRY = "entry";
285		/**
286		* A node type in the NVD CVE Schema 2.0
287		*/
288		public static final String VULN_PRODUCT = "vuln:product";
289		/**
290		* A node type in the NVD CVE Schema 2.0
291		*/
292		public static final String VULN_REFERENCES = "vuln:references";
293		/**
294		* A node type in the NVD CVE Schema 2.0
295		*/
296		public static final String VULN_SOURCE = "vuln:source";
297		/**
298		* A node type in the NVD CVE Schema 2.0
299		*/
300		public static final String VULN_REFERENCE = "vuln:reference";
301		/**
302		* A node type in the NVD CVE Schema 2.0
303		*/
304		public static final String VULN_SUMMARY = "vuln:summary";
305		/**
306		* A node type in the NVD CVE Schema 2.0
307		*/
308		public static final String VULN_CWE = "vuln:cwe";
309		/**
310		* A node type in the NVD CVE Schema 2.0
311		*/
312		public static final String CVSS_SCORE = "cvss:score";
313		/**
314		* A node type in the NVD CVE Schema 2.0
315		*/
316		public static final String CVSS_ACCESS_VECTOR = "cvss:access-vector";
317		/**
318		* A node type in the NVD CVE Schema 2.0
319		*/
320		public static final String CVSS_ACCESS_COMPLEXITY = "cvss:access-complexity";
321		/**
322		* A node type in the NVD CVE Schema 2.0
323		*/
324		public static final String CVSS_AUTHENTICATION = "cvss:authentication";
325		/**
326		* A node type in the NVD CVE Schema 2.0
327		*/
328		public static final String CVSS_CONFIDENTIALITY_IMPACT = "cvss:confidentiality-impact";
329		/**
330		* A node type in the NVD CVE Schema 2.0
331		*/
332		public static final String CVSS_INTEGRITY_IMPACT = "cvss:integrity-impact";
333		/**
334		* A node type in the NVD CVE Schema 2.0
335		*/
336		public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact";
337		/**
338		* The current node.
339		*/
340		private String node;
341
342		/**
343		* Gets the value of node.
344		*
345		* @return the value of node
346		*/
347		public String getNode() {
348	0	return this.node;
349		}
350
351		/**
352		* Sets the value of node.
353		*
354		* @param node new value of node
355		*/
356		public void setNode(String node) {
357	4824	this.node = node;
358	4824	}
359
360		/**
361		* Checks if the handler is at the NVD node.
362		*
363		* @return true or false
364		*/
365		public boolean isNVDNode() {
366	1361	return NVD.equals(node);
367		}
368
369		/**
370		* Checks if the handler is at the ENTRY node.
371		*
372		* @return true or false
373		*/
374		public boolean isEntryNode() {
375	4824	return ENTRY.equals(node);
376		}
377
378		/**
379		* Checks if the handler is at the VULN_PRODUCT node.
380		*
381		* @return true or false
382		*/
383		public boolean isVulnProductNode() {
384	4588	return VULN_PRODUCT.equals(node);
385		}
386
387		/**
388		* Checks if the handler is at the REFERENCES node.
389		*
390		* @return true or false
391		*/
392		public boolean isVulnReferencesNode() {
393	1928	return VULN_REFERENCES.equals(node);
394		}
395
396		/**
397		* Checks if the handler is at the REFERENCE node.
398		*
399		* @return true or false
400		*/
401		public boolean isVulnReferenceNode() {
402	360	return VULN_REFERENCE.equals(node);
403		}
404
405		/**
406		* Checks if the handler is at the VULN_SOURCE node.
407		*
408		* @return true or false
409		*/
410		public boolean isVulnSourceNode() {
411	180	return VULN_SOURCE.equals(node);
412		}
413
414		/**
415		* Checks if the handler is at the VULN_SUMMARY node.
416		*
417		* @return true or false
418		*/
419		public boolean isVulnSummaryNode() {
420	2594	return VULN_SUMMARY.equals(node);
421		}
422
423		/**
424		* Checks if the handler is at the VULN_CWE node.
425		*
426		* @return true or false
427		*/
428		public boolean isVulnCWENode() {
429	1360	return VULN_CWE.equals(node);
430		}
431
432		/**
433		* Checks if the handler is at the CVSS_SCORE node.
434		*
435		* @return true or false
436		*/
437		public boolean isCVSSScoreNode() {
438	3726	return CVSS_SCORE.equals(node);
439		}
440
441		/**
442		* Checks if the handler is at the CVSS_ACCESS_VECTOR node.
443		*
444		* @return true or false
445		*/
446		public boolean isCVSSAccessVectorNode() {
447	3674	return CVSS_ACCESS_VECTOR.equals(node);
448		}
449
450		/**
451		* Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node.
452		*
453		* @return true or false
454		*/
455		public boolean isCVSSAccessComplexityNode() {
456	3622	return CVSS_ACCESS_COMPLEXITY.equals(node);
457		}
458
459		/**
460		* Checks if the handler is at the CVSS_AUTHENTICATION node.
461		*
462		* @return true or false
463		*/
464		public boolean isCVSSAuthenticationNode() {
465	3570	return CVSS_AUTHENTICATION.equals(node);
466		}
467
468		/**
469		* Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node.
470		*
471		* @return true or false
472		*/
473		public boolean isCVSSConfidentialityImpactNode() {
474	3466	return CVSS_CONFIDENTIALITY_IMPACT.equals(node);
475		}
476
477		/**
478		* Checks if the handler is at the CVSS_INTEGRITY_IMPACT node.
479		*
480		* @return true or false
481		*/
482		public boolean isCVSSIntegrityImpactNode() {
483	3414	return CVSS_INTEGRITY_IMPACT.equals(node);
484		}
485
486		/**
487		* Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node.
488		*
489		* @return true or false
490		*/
491		public boolean isCVSSAvailabilityImpactNode() {
492	3518	return CVSS_AVAILABILITY_IMPACT.equals(node);
493		}
494		}
495		// </editor-fold>
496		}