Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.cpe.CPEHandler

Classes in this File

Line Coverage

Branch Coverage

Complexity

CPEHandler

0/31

0/16

1.611

CPEHandler$Element

0/17

N/A

1.611

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2015 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update.cpe;
 
 import java.io.UnsupportedEncodingException;
 import java.util.ArrayList;
 import java.util.List;
 import org.owasp.dependencycheck.data.update.NvdCveUpdater;
 import org.owasp.dependencycheck.data.update.exception.InvalidDataException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A SAX Handler that will parse the CPE XML and load it into the databse.
  *
  * @author Jeremy Long
  */
 public class CPEHandler extends DefaultHandler {
 
     /**
      * The current CPE schema.
      */
     private static final String CURRENT_SCHEMA_VERSION = "2.3";
     /**
      * The text content of the node being processed. This can be used during the end element event.
      */
     private StringBuilder nodeText = null;
     /**
      * A reference to the current element.
      */
     private final Element current = new Element();
     /**
      * The logger.
      */
     private static final Logger LOGGER = LoggerFactory.getLogger(NvdCveUpdater.class);
     /**
      * The list of CPE values.
      */
     private final List<Cpe> data = new ArrayList<Cpe>();
 
     /**
      * Returns the list of CPE values.
      *
      * @return the list of CPE values
      */
     public List<Cpe> getData() {
         return data;
     }
 
     /**
      * Handles the start element event.
      *
      * @param uri the elements uri
      * @param localName the local name
      * @param qName the qualified name
      * @param attributes the attributes
      * @throws SAXException thrown if there is an exception processing the element
      */
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
         nodeText = null;
         current.setNode(qName);
         if (current.isCpeItemNode()) {
             final String temp = attributes.getValue("deprecated");
             final String value = attributes.getValue("name");
             final boolean delete = "true".equalsIgnoreCase(temp);
             if (!delete && value.startsWith("cpe:/a:") && value.length() > 7) {
                 try {
                     final Cpe cpe = new Cpe(value);
                     data.add(cpe);
                 } catch (UnsupportedEncodingException ex) {
                     LOGGER.debug("Unable to parse the CPE", ex);
                 } catch (InvalidDataException ex) {
                     LOGGER.debug("CPE is not the correct format", ex);
                 }
             }
         } else if (current.isSchemaVersionNode()) {
             nodeText = new StringBuilder(3);
         }
 //        } else if (current.isTitleNode()) {
 //            //do nothing
 //        } else if (current.isMetaNode()) {
 //            //do nothing
 //        } else if (current.isTimestampNode()) {
 //            //do nothing
 //        } else if (current.isCpeListNode()) {
 //            //do nothing
 //        } else if (current.isNotesNode()) {
 //            //do nothing
 //        } else if (current.isNoteNode()) {
 //            //do nothing
 //        } else if (current.isCheckNode()) {
 //            //do nothing
 //        } else if (current.isGeneratorNode()) {
 //            //do nothing
 //        } else if (current.isProductNameNode()) {
 //            //do nothing
 //        } else if (current.isProductVersionNode()) {
 //            //do nothing
     }
 
     /**
      * Reads the characters in the current node.
      *
      * @param ch the char array
      * @param start the start position of the data read
      * @param length the length of the data read
      * @throws SAXException thrown if there is an exception processing the characters
      */
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
         if (nodeText != null) {
             nodeText.append(ch, start, length);
         }
     }
 
     /**
      * Handles the end element event. Stores the CPE data in the Cve Database if the cpe item node is ending.
      *
      * @param uri the element's uri
      * @param localName the local name
      * @param qName the qualified name
      * @throws SAXException thrown if there is an exception processing the element
      */
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         current.setNode(qName);
         if (current.isSchemaVersionNode() && !CURRENT_SCHEMA_VERSION.equals(nodeText.toString())) {
             throw new SAXException("ERROR: Unexpecgted CPE Schema Version, expected: "
                     + CURRENT_SCHEMA_VERSION + ", file is: " + nodeText);
 
         }
 //        } else if (current.isCpeItemNode()) {
 //            //do nothing
 //        } else if (current.isTitleNode()) {
 //            //do nothing
 //        } else if (current.isCpeListNode()) {
 //            //do nothing
 //        } else if (current.isMetaNode()) {
 //            //do nothing
 //        } else if (current.isNotesNode()) {
 //            //do nothing
 //        } else if (current.isNoteNode()) {
 //            //do nothing
 //        } else if (current.isCheckNode()) {
 //            //do nothing
 //        } else if (current.isGeneratorNode()) {
 //            //do nothing
 //        } else if (current.isProductNameNode()) {
 //            //do nothing
 //        } else if (current.isProductVersionNode()) {
 //            //do nothing
 //        else if (current.isTimestampNode()) {
 //            //do nothing
 //        } else {
 //            throw new SAXException("ERROR STATE: Unexpected qName '" + qName + "'");
 //        }
     }
 
     // <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
     /**
      * A simple class to maintain information about the current element while parsing the CPE XML.
      */
     protected static final class Element {
 
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String CPE_LIST = "cpe-list";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String CPE_ITEM = "cpe-item";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String TITLE = "title";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String NOTES = "notes";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String NOTE = "note";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String CHECK = "check";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String META = "meta:item-metadata";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String GENERATOR = "generator";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String PRODUCT_NAME = "product_name";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String PRODUCT_VERSION = "product_version";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String SCHEMA_VERSION = "schema_version";
         /**
          * A node type in the CPE Schema 2.2
          */
         public static final String TIMESTAMP = "timestamp";
         /**
          * A reference to the current node.
          */
         private String node = null;
 
         /**
          * Gets the value of node
          *
          * @return the value of node
          */
         public String getNode() {
             return this.node;
         }
 
         /**
          * Sets the value of node
          *
          * @param node new value of node
          */
         public void setNode(String node) {
             this.node = node;
         }
 
         /**
          * Checks if the handler is at the CPE_LIST node
          *
          * @return true or false
          */
         public boolean isCpeListNode() {
             return CPE_LIST.equals(node);
         }
 
         /**
          * Checks if the handler is at the CPE_ITEM node
          *
          * @return true or false
          */
         public boolean isCpeItemNode() {
             return CPE_ITEM.equals(node);
         }
 
         /**
          * Checks if the handler is at the TITLE node
          *
          * @return true or false
          */
         public boolean isTitleNode() {
             return TITLE.equals(node);
         }
 
         /**
          * Checks if the handler is at the NOTES node
          *
          * @return true or false
          */
         public boolean isNotesNode() {
             return NOTES.equals(node);
         }
 
         /**
          * Checks if the handler is at the NOTE node
          *
          * @return true or false
          */
         public boolean isNoteNode() {
             return NOTE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CHECK node
          *
          * @return true or false
          */
         public boolean isCheckNode() {
             return CHECK.equals(node);
         }
 
         /**
          * Checks if the handler is at the META node
          *
          * @return true or false
          */
         public boolean isMetaNode() {
             return META.equals(node);
         }
 
         /**
          * Checks if the handler is at the GENERATOR node
          *
          * @return true or false
          */
         public boolean isGeneratorNode() {
             return GENERATOR.equals(node);
         }
 
         /**
          * Checks if the handler is at the PRODUCT_NAME node
          *
          * @return true or false
          */
         public boolean isProductNameNode() {
             return PRODUCT_NAME.equals(node);
         }
 
         /**
          * Checks if the handler is at the PRODUCT_VERSION node
          *
          * @return true or false
          */
         public boolean isProductVersionNode() {
             return PRODUCT_VERSION.equals(node);
         }
 
         /**
          * Checks if the handler is at the SCHEMA_VERSION node
          *
          * @return true or false
          */
         public boolean isSchemaVersionNode() {
             return SCHEMA_VERSION.equals(node);
         }
 
         /**
          * Checks if the handler is at the TIMESTAMP node
          *
          * @return true or false
          */
         public boolean isTimestampNode() {
             return TIMESTAMP.equals(node);
         }
     }
     // </editor-fold>
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2015 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.update.cpe;
19
20		import java.io.UnsupportedEncodingException;
21		import java.util.ArrayList;
22		import java.util.List;
23		import org.owasp.dependencycheck.data.update.NvdCveUpdater;
24		import org.owasp.dependencycheck.data.update.exception.InvalidDataException;
25		import org.slf4j.Logger;
26		import org.slf4j.LoggerFactory;
27		import org.xml.sax.Attributes;
28		import org.xml.sax.SAXException;
29		import org.xml.sax.helpers.DefaultHandler;
30
31		/**
32		* A SAX Handler that will parse the CPE XML and load it into the databse.
33		*
34		* @author Jeremy Long
35		*/
36	0	public class CPEHandler extends DefaultHandler {
37
38		/**
39		* The current CPE schema.
40		*/
41		private static final String CURRENT_SCHEMA_VERSION = "2.3";
42		/**
43		* The text content of the node being processed. This can be used during the end element event.
44		*/
45	0	private StringBuilder nodeText = null;
46		/**
47		* A reference to the current element.
48		*/
49	0	private final Element current = new Element();
50		/**
51		* The logger.
52		*/
53	0	private static final Logger LOGGER = LoggerFactory.getLogger(NvdCveUpdater.class);
54		/**
55		* The list of CPE values.
56		*/
57	0	private final List<Cpe> data = new ArrayList<Cpe>();
58
59		/**
60		* Returns the list of CPE values.
61		*
62		* @return the list of CPE values
63		*/
64		public List<Cpe> getData() {
65	0	return data;
66		}
67
68		/**
69		* Handles the start element event.
70		*
71		* @param uri the elements uri
72		* @param localName the local name
73		* @param qName the qualified name
74		* @param attributes the attributes
75		* @throws SAXException thrown if there is an exception processing the element
76		*/
77		@Override
78		public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
79	0	nodeText = null;
80	0	current.setNode(qName);
81	0	if (current.isCpeItemNode()) {
82	0	final String temp = attributes.getValue("deprecated");
83	0	final String value = attributes.getValue("name");
84	0	final boolean delete = "true".equalsIgnoreCase(temp);
85	0	if (!delete && value.startsWith("cpe:/a:") && value.length() > 7) {
86		try {
87	0	final Cpe cpe = new Cpe(value);
88	0	data.add(cpe);
89	0	} catch (UnsupportedEncodingException ex) {
90	0	LOGGER.debug("Unable to parse the CPE", ex);
91	0	} catch (InvalidDataException ex) {
92	0	LOGGER.debug("CPE is not the correct format", ex);
93	0	}
94		}
95	0	} else if (current.isSchemaVersionNode()) {
96	0	nodeText = new StringBuilder(3);
97		}
98		// } else if (current.isTitleNode()) {
99		// //do nothing
100		// } else if (current.isMetaNode()) {
101		// //do nothing
102		// } else if (current.isTimestampNode()) {
103		// //do nothing
104		// } else if (current.isCpeListNode()) {
105		// //do nothing
106		// } else if (current.isNotesNode()) {
107		// //do nothing
108		// } else if (current.isNoteNode()) {
109		// //do nothing
110		// } else if (current.isCheckNode()) {
111		// //do nothing
112		// } else if (current.isGeneratorNode()) {
113		// //do nothing
114		// } else if (current.isProductNameNode()) {
115		// //do nothing
116		// } else if (current.isProductVersionNode()) {
117		// //do nothing
118	0	}
119
120		/**
121		* Reads the characters in the current node.
122		*
123		* @param ch the char array
124		* @param start the start position of the data read
125		* @param length the length of the data read
126		* @throws SAXException thrown if there is an exception processing the characters
127		*/
128		@Override
129		public void characters(char[] ch, int start, int length) throws SAXException {
130	0	if (nodeText != null) {
131	0	nodeText.append(ch, start, length);
132		}
133	0	}
134
135		/**
136		* Handles the end element event. Stores the CPE data in the Cve Database if the cpe item node is ending.
137		*
138		* @param uri the element's uri
139		* @param localName the local name
140		* @param qName the qualified name
141		* @throws SAXException thrown if there is an exception processing the element
142		*/
143		@Override
144		public void endElement(String uri, String localName, String qName) throws SAXException {
145	0	current.setNode(qName);
146	0	if (current.isSchemaVersionNode() && !CURRENT_SCHEMA_VERSION.equals(nodeText.toString())) {
147	0	throw new SAXException("ERROR: Unexpecgted CPE Schema Version, expected: "
148		+ CURRENT_SCHEMA_VERSION + ", file is: " + nodeText);
149
150		}
151		// } else if (current.isCpeItemNode()) {
152		// //do nothing
153		// } else if (current.isTitleNode()) {
154		// //do nothing
155		// } else if (current.isCpeListNode()) {
156		// //do nothing
157		// } else if (current.isMetaNode()) {
158		// //do nothing
159		// } else if (current.isNotesNode()) {
160		// //do nothing
161		// } else if (current.isNoteNode()) {
162		// //do nothing
163		// } else if (current.isCheckNode()) {
164		// //do nothing
165		// } else if (current.isGeneratorNode()) {
166		// //do nothing
167		// } else if (current.isProductNameNode()) {
168		// //do nothing
169		// } else if (current.isProductVersionNode()) {
170		// //do nothing
171		// else if (current.isTimestampNode()) {
172		// //do nothing
173		// } else {
174		// throw new SAXException("ERROR STATE: Unexpected qName '" + qName + "'");
175		// }
176	0	}
177
178		// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
179		/**
180		* A simple class to maintain information about the current element while parsing the CPE XML.
181		*/
182	0	protected static final class Element {
183
184		/**
185		* A node type in the CPE Schema 2.2
186		*/
187		public static final String CPE_LIST = "cpe-list";
188		/**
189		* A node type in the CPE Schema 2.2
190		*/
191		public static final String CPE_ITEM = "cpe-item";
192		/**
193		* A node type in the CPE Schema 2.2
194		*/
195		public static final String TITLE = "title";
196		/**
197		* A node type in the CPE Schema 2.2
198		*/
199		public static final String NOTES = "notes";
200		/**
201		* A node type in the CPE Schema 2.2
202		*/
203		public static final String NOTE = "note";
204		/**
205		* A node type in the CPE Schema 2.2
206		*/
207		public static final String CHECK = "check";
208		/**
209		* A node type in the CPE Schema 2.2
210		*/
211		public static final String META = "meta:item-metadata";
212		/**
213		* A node type in the CPE Schema 2.2
214		*/
215		public static final String GENERATOR = "generator";
216		/**
217		* A node type in the CPE Schema 2.2
218		*/
219		public static final String PRODUCT_NAME = "product_name";
220		/**
221		* A node type in the CPE Schema 2.2
222		*/
223		public static final String PRODUCT_VERSION = "product_version";
224		/**
225		* A node type in the CPE Schema 2.2
226		*/
227		public static final String SCHEMA_VERSION = "schema_version";
228		/**
229		* A node type in the CPE Schema 2.2
230		*/
231		public static final String TIMESTAMP = "timestamp";
232		/**
233		* A reference to the current node.
234		*/
235	0	private String node = null;
236
237		/**
238		* Gets the value of node
239		*
240		* @return the value of node
241		*/
242		public String getNode() {
243	0	return this.node;
244		}
245
246		/**
247		* Sets the value of node
248		*
249		* @param node new value of node
250		*/
251		public void setNode(String node) {
252	0	this.node = node;
253	0	}
254
255		/**
256		* Checks if the handler is at the CPE_LIST node
257		*
258		* @return true or false
259		*/
260		public boolean isCpeListNode() {
261	0	return CPE_LIST.equals(node);
262		}
263
264		/**
265		* Checks if the handler is at the CPE_ITEM node
266		*
267		* @return true or false
268		*/
269		public boolean isCpeItemNode() {
270	0	return CPE_ITEM.equals(node);
271		}
272
273		/**
274		* Checks if the handler is at the TITLE node
275		*
276		* @return true or false
277		*/
278		public boolean isTitleNode() {
279	0	return TITLE.equals(node);
280		}
281
282		/**
283		* Checks if the handler is at the NOTES node
284		*
285		* @return true or false
286		*/
287		public boolean isNotesNode() {
288	0	return NOTES.equals(node);
289		}
290
291		/**
292		* Checks if the handler is at the NOTE node
293		*
294		* @return true or false
295		*/
296		public boolean isNoteNode() {
297	0	return NOTE.equals(node);
298		}
299
300		/**
301		* Checks if the handler is at the CHECK node
302		*
303		* @return true or false
304		*/
305		public boolean isCheckNode() {
306	0	return CHECK.equals(node);
307		}
308
309		/**
310		* Checks if the handler is at the META node
311		*
312		* @return true or false
313		*/
314		public boolean isMetaNode() {
315	0	return META.equals(node);
316		}
317
318		/**
319		* Checks if the handler is at the GENERATOR node
320		*
321		* @return true or false
322		*/
323		public boolean isGeneratorNode() {
324	0	return GENERATOR.equals(node);
325		}
326
327		/**
328		* Checks if the handler is at the PRODUCT_NAME node
329		*
330		* @return true or false
331		*/
332		public boolean isProductNameNode() {
333	0	return PRODUCT_NAME.equals(node);
334		}
335
336		/**
337		* Checks if the handler is at the PRODUCT_VERSION node
338		*
339		* @return true or false
340		*/
341		public boolean isProductVersionNode() {
342	0	return PRODUCT_VERSION.equals(node);
343		}
344
345		/**
346		* Checks if the handler is at the SCHEMA_VERSION node
347		*
348		* @return true or false
349		*/
350		public boolean isSchemaVersionNode() {
351	0	return SCHEMA_VERSION.equals(node);
352		}
353
354		/**
355		* Checks if the handler is at the TIMESTAMP node
356		*
357		* @return true or false
358		*/
359		public boolean isTimestampNode() {
360	0	return TIMESTAMP.equals(node);
361		}
362		}
363		// </editor-fold>
364		}