1 /*
2 * This file is part of dependency-check-core.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17 */
18 package org.owasp.dependencycheck.data.nvdcve;
19
20 import java.text.DateFormat;
21 import java.text.SimpleDateFormat;
22 import java.util.Date;
23 import java.util.Map;
24 import java.util.Map.Entry;
25 import java.util.Properties;
26 import java.util.TreeMap;
27 import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
28 import org.owasp.dependencycheck.data.update.exception.UpdateException;
29 import org.slf4j.Logger;
30 import org.slf4j.LoggerFactory;
31
32 /**
33 * This is a wrapper around a set of properties that are stored in the database.
34 *
35 * @author Jeremy Long
36 */
37 public class DatabaseProperties {
38
39 /**
40 * The Logger.
41 */
42 private static final Logger LOGGER = LoggerFactory.getLogger(DatabaseProperties.class);
43 /**
44 * Modified key word, used as a key to store information about the modified file (i.e. the containing the last 8 days of
45 * updates)..
46 */
47 public static final String MODIFIED = "Modified";
48 /**
49 * The properties file key for the last checked field - used to store the last check time of the Modified NVD CVE xml file.
50 */
51 public static final String LAST_CHECKED = "NVD CVE Checked";
52 /**
53 * The properties file key for the last updated field - used to store the last updated time of the Modified NVD CVE xml file.
54 */
55 public static final String LAST_UPDATED = "NVD CVE Modified";
56 /**
57 * Stores the last updated time for each of the NVD CVE files. These timestamps should be updated if we process the modified
58 * file within 7 days of the last update.
59 */
60 public static final String LAST_UPDATED_BASE = "NVD CVE ";
61 /**
62 * The key for the last time the CPE data was updated.
63 */
64 public static final String LAST_CPE_UPDATE = "LAST_CPE_UPDATE";
65 /**
66 * The key for the database schema version.
67 */
68 public static final String VERSION = "version";
69
70 /**
71 * A collection of properties about the data.
72 */
73 private final Properties properties;
74 /**
75 * A reference to the database.
76 */
77 private final CveDB cveDB;
78
79 /**
80 * Constructs a new data properties object.
81 *
82 * @param cveDB the database object holding the properties
83 */
84 DatabaseProperties(CveDB cveDB) {
85 this.cveDB = cveDB;
86 this.properties = cveDB.getProperties();
87 }
88
89 /**
90 * Returns whether or not any properties are set.
91 *
92 * @return whether or not any properties are set
93 */
94 public boolean isEmpty() {
95 return properties == null || properties.isEmpty();
96 }
97
98 /**
99 * Saves the last updated information to the properties file.
100 *
101 * @param updatedValue the updated NVD CVE entry
102 * @throws UpdateException is thrown if there is an update exception
103 */
104 public void save(NvdCveInfo updatedValue) throws UpdateException {
105 if (updatedValue == null) {
106 return;
107 }
108 save(LAST_UPDATED_BASE + updatedValue.getId(), String.valueOf(updatedValue.getTimestamp()));
109 }
110
111 /**
112 * Saves the key value pair to the properties store.
113 *
114 * @param key the property key
115 * @param value the property value
116 * @throws UpdateException is thrown if there is an update exception
117 */
118 public void save(String key, String value) throws UpdateException {
119 properties.put(key, value);
120 cveDB.saveProperty(key, value);
121 }
122
123 /**
124 * Returns the property value for the given key. If the key is not contained in the underlying properties null is returned.
125 *
126 * @param key the property key
127 * @return the value of the property
128 */
129 public String getProperty(String key) {
130 return properties.getProperty(key);
131 }
132
133 /**
134 * Returns the property value for the given key. If the key is not contained in the underlying properties the default value is
135 * returned.
136 *
137 * @param key the property key
138 * @param defaultValue the default value
139 * @return the value of the property
140 */
141 public String getProperty(String key, String defaultValue) {
142 return properties.getProperty(key, defaultValue);
143 }
144
145 /**
146 * Returns the collection of Database Properties as a properties collection.
147 *
148 * @return the collection of Database Properties
149 */
150 public Properties getProperties() {
151 return properties;
152 }
153
154 /**
155 * Returns a map of the meta data from the database properties. This primarily contains timestamps of when the NVD CVE
156 * information was last updated.
157 *
158 * @return a map of the database meta data
159 */
160 public Map<String, String> getMetaData() {
161 final Map<String, String> map = new TreeMap<String, String>();
162 for (Entry<Object, Object> entry : properties.entrySet()) {
163 final String key = (String) entry.getKey();
164 if (!"version".equals(key)) {
165 if (key.startsWith("NVD CVE ")) {
166 try {
167 final long epoch = Long.parseLong((String) entry.getValue());
168 final Date date = new Date(epoch);
169 final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
170 final String formatted = format.format(date);
171 map.put(key, formatted);
172 } catch (Throwable ex) { //deliberately being broad in this catch clause
173 LOGGER.debug("Unable to parse timestamp from DB", ex);
174 map.put(key, (String) entry.getValue());
175 }
176 } else {
177 map.put(key, (String) entry.getValue());
178 }
179 }
180 }
181 return map;
182 }
183 }