Coverage Report

Coverage Report - org.owasp.dependencycheck.data.update.xml.NvdCve20Handler

Classes in this File

Line Coverage

Branch Coverage

Complexity

NvdCve20Handler

79%

99/124

89%

75/84

3.04

NvdCve20Handler$Element

94%

18/19

N/A

3.04

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.update.xml;
 
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.apache.lucene.index.CorruptIndexException;
 import org.owasp.dependencycheck.data.nvdcve.CveDB;
 import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
 import org.owasp.dependencycheck.dependency.Reference;
 import org.owasp.dependencycheck.dependency.Vulnerability;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotSupportedException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class NvdCve20Handler extends DefaultHandler {
 
     /**
      * the current supported schema version.
      */
     private static final String CURRENT_SCHEMA_VERSION = "2.0";
     /**
      * the current element.
      */
     private final Element current = new Element();
     /**
      * the text of the node.
      */
     private StringBuilder nodeText;
     /**
      * the vulnerability.
      */
     private Vulnerability vulnerability;
     /**
      * a reference for the cve.
      */
     private Reference reference;
     /**
      * flag indicating whether the application has a cpe.
      */
     private boolean hasApplicationCpe = false;
     /**
      * The total number of entries parsed.
      */
     private int totalNumberOfEntries;
 
     /**
      * Get the value of totalNumberOfEntries.
      *
      * @return the value of totalNumberOfEntries
      */
     public int getTotalNumberOfEntries() {
         return totalNumberOfEntries;
     }
     /**
      * The total number of application entries parsed.
      */
     private int totalNumberOfApplicationEntries;
 
     /**
      * Get the value of totalNumberOfApplicationEntries.
      *
      * @return the value of totalNumberOfApplicationEntries
      */
     public int getTotalNumberOfApplicationEntries() {
         return totalNumberOfApplicationEntries;
     }
 
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
         current.setNode(qName);
         if (current.isEntryNode()) {
             hasApplicationCpe = false;
             vulnerability = new Vulnerability();
             vulnerability.setName(attributes.getValue("id"));
         } else if (current.isVulnProductNode()) {
             nodeText = new StringBuilder(100);
         } else if (current.isVulnReferencesNode()) {
             final String lang = attributes.getValue("xml:lang");
             if ("en".equals(lang)) {
                 reference = new Reference();
             } else {
                 reference = null;
             }
         } else if (reference != null && current.isVulnReferenceNode()) {
             reference.setUrl(attributes.getValue("href"));
             nodeText = new StringBuilder(130);
         } else if (reference != null && current.isVulnSourceNode()) {
             nodeText = new StringBuilder(30);
         } else if (current.isVulnSummaryNode()) {
             nodeText = new StringBuilder(500);
         } else if (current.isNVDNode()) {
             final String nvdVer = attributes.getValue("nvd_xml_version");
             if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
                 throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
             }
         } else if (current.isVulnCWENode()) {
             vulnerability.setCwe(attributes.getValue("id"));
         } else if (current.isCVSSScoreNode()) {
             nodeText = new StringBuilder(5);
         } else if (current.isCVSSAccessVectorNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAccessComplexityNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAuthenticationNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAvailabilityImpactNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSConfidentialityImpactNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSIntegrityImpactNode()) {
             nodeText = new StringBuilder(20);
         }
     }
 
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
         if (nodeText != null) {
             nodeText.append(ch, start, length);
         }
     }
 
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         current.setNode(qName);
         if (current.isEntryNode()) {
             totalNumberOfEntries += 1;
             if (hasApplicationCpe) {
                 totalNumberOfApplicationEntries += 1;
                 try {
                     saveEntry(vulnerability);
                 } catch (DatabaseException ex) {
                     throw new SAXException(ex);
                 } catch (CorruptIndexException ex) {
                     throw new SAXException(ex);
                 } catch (IOException ex) {
                     throw new SAXException(ex);
                 }
             }
             vulnerability = null;
         } else if (current.isCVSSScoreNode()) {
             try {
                 final float score = Float.parseFloat(nodeText.toString());
                 vulnerability.setCvssScore(score);
             } catch (NumberFormatException ex) {
                 Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, "Error parsing CVSS Score.");
                 Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, null, ex);
             }
             nodeText = null;
         } else if (current.isCVSSAccessVectorNode()) {
             vulnerability.setCvssAccessVector(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAccessComplexityNode()) {
             vulnerability.setCvssAccessComplexity(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAuthenticationNode()) {
             vulnerability.setCvssAuthentication(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAvailabilityImpactNode()) {
             vulnerability.setCvssAvailabilityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSConfidentialityImpactNode()) {
             vulnerability.setCvssConfidentialityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSIntegrityImpactNode()) {
             vulnerability.setCvssIntegrityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isVulnProductNode()) {
             final String cpe = nodeText.toString();
             if (cpe.startsWith("cpe:/a:")) {
                 hasApplicationCpe = true;
                 vulnerability.addVulnerableSoftware(cpe);
             }
             nodeText = null;
         } else if (reference != null && current.isVulnReferencesNode()) {
             vulnerability.addReference(reference);
             reference = null;
         } else if (reference != null && current.isVulnReferenceNode()) {
             reference.setName(nodeText.toString());
             nodeText = null;
         } else if (reference != null && current.isVulnSourceNode()) {
             reference.setSource(nodeText.toString());
             nodeText = null;
         } else if (current.isVulnSummaryNode()) {
             vulnerability.setDescription(nodeText.toString());
             if (nodeText.indexOf("** REJECT **") >= 0) {
                 hasApplicationCpe = true; //ensure we process this to delete the vuln
             }
             nodeText = null;
         }
     }
     /**
      * the cve database.
      */
     private CveDB cveDB;
 
     /**
      * Sets the cveDB.
      *
      * @param db a reference to the CveDB
      */
     public void setCveDB(CveDB db) {
         cveDB = db;
     }
     /**
      * A list of CVE entries and associated VulnerableSoftware entries that contain previous entries.
      */
     private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
 
     /**
      * Sets the prevVersionVulnMap.
      *
      * @param map the map of vulnerable software with previous versions being vulnerable
      */
     public void setPrevVersionVulnMap(Map<String, List<VulnerableSoftware>> map) {
         prevVersionVulnMap = map;
     }
 
     /**
      * Saves a vulnerability to the CVE Database.
      *
      * @param vuln the vulnerability to store in the database
      * @throws DatabaseException thrown if there is an error writing to the database
      * @throws CorruptIndexException is thrown if the CPE Index is corrupt
      * @throws IOException thrown if there is an IOException with the CPE Index
      */
     private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException {
         if (cveDB == null) {
             return;
         }
         final String cveName = vuln.getName();
         if (prevVersionVulnMap.containsKey(cveName)) {
             final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
             for (VulnerableSoftware vs : vulnSoftware) {
                 vuln.updateVulnerableSoftware(vs);
             }
         }
         cveDB.updateVulnerability(vuln);
     }
 
     // <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
     /**
      * A simple class to maintain information about the current element while parsing the NVD CVE XML.
      */
     protected static class Element {
 
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String NVD = "nvd";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String ENTRY = "entry";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_PRODUCT = "vuln:product";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_REFERENCES = "vuln:references";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_SOURCE = "vuln:source";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_REFERENCE = "vuln:reference";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_SUMMARY = "vuln:summary";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_CWE = "vuln:cwe";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_SCORE = "cvss:score";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_ACCESS_VECTOR = "cvss:access-vector";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_ACCESS_COMPLEXITY = "cvss:access-complexity";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_AUTHENTICATION = "cvss:authentication";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_CONFIDENTIALITY_IMPACT = "cvss:confidentiality-impact";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_INTEGRITY_IMPACT = "cvss:integrity-impact";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact";
         /**
          * The current node.
          */
         private String node;
 
         /**
          * Gets the value of node.
          *
          * @return the value of node
          */
         public String getNode() {
             return this.node;
         }
 
         /**
          * Sets the value of node.
          *
          * @param node new value of node
          */
         public void setNode(String node) {
             this.node = node;
         }
 
         /**
          * Checks if the handler is at the NVD node.
          *
          * @return true or false
          */
         public boolean isNVDNode() {
             return NVD.equals(node);
         }
 
         /**
          * Checks if the handler is at the ENTRY node.
          *
          * @return true or false
          */
         public boolean isEntryNode() {
             return ENTRY.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_PRODUCT node.
          *
          * @return true or false
          */
         public boolean isVulnProductNode() {
             return VULN_PRODUCT.equals(node);
         }
 
         /**
          * Checks if the handler is at the REFERENCES node.
          *
          * @return true or false
          */
         public boolean isVulnReferencesNode() {
             return VULN_REFERENCES.equals(node);
         }
 
         /**
          * Checks if the handler is at the REFERENCE node.
          *
          * @return true or false
          */
         public boolean isVulnReferenceNode() {
             return VULN_REFERENCE.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_SOURCE node.
          *
          * @return true or false
          */
         public boolean isVulnSourceNode() {
             return VULN_SOURCE.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_SUMMARY node.
          *
          * @return true or false
          */
         public boolean isVulnSummaryNode() {
             return VULN_SUMMARY.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_CWE node.
          *
          * @return true or false
          */
         public boolean isVulnCWENode() {
             return VULN_CWE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_SCORE node.
          *
          * @return true or false
          */
         public boolean isCVSSScoreNode() {
             return CVSS_SCORE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_ACCESS_VECTOR node.
          *
          * @return true or false
          */
         public boolean isCVSSAccessVectorNode() {
             return CVSS_ACCESS_VECTOR.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node.
          *
          * @return true or false
          */
         public boolean isCVSSAccessComplexityNode() {
             return CVSS_ACCESS_COMPLEXITY.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_AUTHENTICATION node.
          *
          * @return true or false
          */
         public boolean isCVSSAuthenticationNode() {
             return CVSS_AUTHENTICATION.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSConfidentialityImpactNode() {
             return CVSS_CONFIDENTIALITY_IMPACT.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_INTEGRITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSIntegrityImpactNode() {
             return CVSS_INTEGRITY_IMPACT.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSAvailabilityImpactNode() {
             return CVSS_AVAILABILITY_IMPACT.equals(node);
         }
     }
     // </editor-fold>
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.update.xml;
19
20		import java.io.IOException;
21		import java.util.List;
22		import java.util.Map;
23		import java.util.logging.Level;
24		import java.util.logging.Logger;
25		import org.apache.lucene.index.CorruptIndexException;
26		import org.owasp.dependencycheck.data.nvdcve.CveDB;
27		import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
28		import org.owasp.dependencycheck.dependency.Reference;
29		import org.owasp.dependencycheck.dependency.Vulnerability;
30		import org.owasp.dependencycheck.dependency.VulnerableSoftware;
31		import org.xml.sax.Attributes;
32		import org.xml.sax.SAXException;
33		import org.xml.sax.SAXNotSupportedException;
34		import org.xml.sax.helpers.DefaultHandler;
35
36		/**
37		* A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
38		*
39		* @author Jeremy Long <jeremy.long@owasp.org>
40		*/
41	2	public class NvdCve20Handler extends DefaultHandler {
42
43		/**
44		* the current supported schema version.
45		*/
46		private static final String CURRENT_SCHEMA_VERSION = "2.0";
47		/**
48		* the current element.
49		*/
50	2	private final Element current = new Element();
51		/**
52		* the text of the node.
53		*/
54		private StringBuilder nodeText;
55		/**
56		* the vulnerability.
57		*/
58		private Vulnerability vulnerability;
59		/**
60		* a reference for the cve.
61		*/
62		private Reference reference;
63		/**
64		* flag indicating whether the application has a cpe.
65		*/
66	2	private boolean hasApplicationCpe = false;
67		/**
68		* The total number of entries parsed.
69		*/
70		private int totalNumberOfEntries;
71
72		/**
73		* Get the value of totalNumberOfEntries.
74		*
75		* @return the value of totalNumberOfEntries
76		*/
77		public int getTotalNumberOfEntries() {
78	0	return totalNumberOfEntries;
79		}
80		/**
81		* The total number of application entries parsed.
82		*/
83		private int totalNumberOfApplicationEntries;
84
85		/**
86		* Get the value of totalNumberOfApplicationEntries.
87		*
88		* @return the value of totalNumberOfApplicationEntries
89		*/
90		public int getTotalNumberOfApplicationEntries() {
91	0	return totalNumberOfApplicationEntries;
92		}
93
94		@Override
95		public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
96	4824	current.setNode(qName);
97	4824	if (current.isEntryNode()) {
98	54	hasApplicationCpe = false;
99	54	vulnerability = new Vulnerability();
100	54	vulnerability.setName(attributes.getValue("id"));
101	4770	} else if (current.isVulnProductNode()) {
102	1454	nodeText = new StringBuilder(100);
103	3316	} else if (current.isVulnReferencesNode()) {
104	180	final String lang = attributes.getValue("xml:lang");
105	180	if ("en".equals(lang)) {
106	180	reference = new Reference();
107		} else {
108	0	reference = null;
109		}
110	180	} else if (reference != null && current.isVulnReferenceNode()) {
111	180	reference.setUrl(attributes.getValue("href"));
112	180	nodeText = new StringBuilder(130);
113	2956	} else if (reference != null && current.isVulnSourceNode()) {
114	180	nodeText = new StringBuilder(30);
115	2776	} else if (current.isVulnSummaryNode()) {
116	54	nodeText = new StringBuilder(500);
117	2722	} else if (current.isNVDNode()) {
118	2	final String nvdVer = attributes.getValue("nvd_xml_version");
119	2	if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
120	0	throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
121		}
122	2	} else if (current.isVulnCWENode()) {
123	38	vulnerability.setCwe(attributes.getValue("id"));
124	2682	} else if (current.isCVSSScoreNode()) {
125	52	nodeText = new StringBuilder(5);
126	2630	} else if (current.isCVSSAccessVectorNode()) {
127	52	nodeText = new StringBuilder(20);
128	2578	} else if (current.isCVSSAccessComplexityNode()) {
129	52	nodeText = new StringBuilder(20);
130	2526	} else if (current.isCVSSAuthenticationNode()) {
131	52	nodeText = new StringBuilder(20);
132	2474	} else if (current.isCVSSAvailabilityImpactNode()) {
133	52	nodeText = new StringBuilder(20);
134	2422	} else if (current.isCVSSConfidentialityImpactNode()) {
135	52	nodeText = new StringBuilder(20);
136	2370	} else if (current.isCVSSIntegrityImpactNode()) {
137	52	nodeText = new StringBuilder(20);
138		}
139	4824	}
140
141		@Override
142		public void characters(char[] ch, int start, int length) throws SAXException {
143	7974	if (nodeText != null) {
144	2284	nodeText.append(ch, start, length);
145		}
146	7974	}
147
148		@Override
149		public void endElement(String uri, String localName, String qName) throws SAXException {
150	4824	current.setNode(qName);
151	4824	if (current.isEntryNode()) {
152	54	totalNumberOfEntries += 1;
153	54	if (hasApplicationCpe) {
154	38	totalNumberOfApplicationEntries += 1;
155		try {
156	38	saveEntry(vulnerability);
157	0	} catch (DatabaseException ex) {
158	0	throw new SAXException(ex);
159	0	} catch (CorruptIndexException ex) {
160	0	throw new SAXException(ex);
161	0	} catch (IOException ex) {
162	0	throw new SAXException(ex);
163	38	}
164		}
165	54	vulnerability = null;
166	4770	} else if (current.isCVSSScoreNode()) {
167		try {
168	52	final float score = Float.parseFloat(nodeText.toString());
169	52	vulnerability.setCvssScore(score);
170	0	} catch (NumberFormatException ex) {
171	0	Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, "Error parsing CVSS Score.");
172	0	Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, null, ex);
173	52	}
174	52	nodeText = null;
175	4718	} else if (current.isCVSSAccessVectorNode()) {
176	52	vulnerability.setCvssAccessVector(nodeText.toString());
177	52	nodeText = null;
178	4666	} else if (current.isCVSSAccessComplexityNode()) {
179	52	vulnerability.setCvssAccessComplexity(nodeText.toString());
180	52	nodeText = null;
181	4614	} else if (current.isCVSSAuthenticationNode()) {
182	52	vulnerability.setCvssAuthentication(nodeText.toString());
183	52	nodeText = null;
184	4562	} else if (current.isCVSSAvailabilityImpactNode()) {
185	52	vulnerability.setCvssAvailabilityImpact(nodeText.toString());
186	52	nodeText = null;
187	4510	} else if (current.isCVSSConfidentialityImpactNode()) {
188	52	vulnerability.setCvssConfidentialityImpact(nodeText.toString());
189	52	nodeText = null;
190	4458	} else if (current.isCVSSIntegrityImpactNode()) {
191	52	vulnerability.setCvssIntegrityImpact(nodeText.toString());
192	52	nodeText = null;
193	4406	} else if (current.isVulnProductNode()) {
194	1454	final String cpe = nodeText.toString();
195	1454	if (cpe.startsWith("cpe:/a:")) {
196	1228	hasApplicationCpe = true;
197	1228	vulnerability.addVulnerableSoftware(cpe);
198		}
199	1454	nodeText = null;
200	1454	} else if (reference != null && current.isVulnReferencesNode()) {
201	180	vulnerability.addReference(reference);
202	180	reference = null;
203	2772	} else if (reference != null && current.isVulnReferenceNode()) {
204	180	reference.setName(nodeText.toString());
205	180	nodeText = null;
206	2592	} else if (reference != null && current.isVulnSourceNode()) {
207	180	reference.setSource(nodeText.toString());
208	180	nodeText = null;
209	2412	} else if (current.isVulnSummaryNode()) {
210	54	vulnerability.setDescription(nodeText.toString());
211	54	if (nodeText.indexOf(" REJECT ") >= 0) {
212	2	hasApplicationCpe = true; //ensure we process this to delete the vuln
213		}
214	54	nodeText = null;
215		}
216	4824	}
217		/**
218		* the cve database.
219		*/
220		private CveDB cveDB;
221
222		/**
223		* Sets the cveDB.
224		*
225		* @param db a reference to the CveDB
226		*/
227		public void setCveDB(CveDB db) {
228	0	cveDB = db;
229	0	}
230		/**
231		* A list of CVE entries and associated VulnerableSoftware entries that contain previous entries.
232		*/
233		private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
234
235		/**
236		* Sets the prevVersionVulnMap.
237		*
238		* @param map the map of vulnerable software with previous versions being vulnerable
239		*/
240		public void setPrevVersionVulnMap(Map<String, List<VulnerableSoftware>> map) {
241	0	prevVersionVulnMap = map;
242	0	}
243
244		/**
245		* Saves a vulnerability to the CVE Database.
246		*
247		* @param vuln the vulnerability to store in the database
248		* @throws DatabaseException thrown if there is an error writing to the database
249		* @throws CorruptIndexException is thrown if the CPE Index is corrupt
250		* @throws IOException thrown if there is an IOException with the CPE Index
251		*/
252		private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException {
253	38	if (cveDB == null) {
254	38	return;
255		}
256	0	final String cveName = vuln.getName();
257	0	if (prevVersionVulnMap.containsKey(cveName)) {
258	0	final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
259	0	for (VulnerableSoftware vs : vulnSoftware) {
260	0	vuln.updateVulnerableSoftware(vs);
261	0	}
262		}
263	0	cveDB.updateVulnerability(vuln);
264	0	}
265
266		// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
267		/**
268		* A simple class to maintain information about the current element while parsing the NVD CVE XML.
269		*/
270	2	protected static class Element {
271
272		/**
273		* A node type in the NVD CVE Schema 2.0
274		*/
275		public static final String NVD = "nvd";
276		/**
277		* A node type in the NVD CVE Schema 2.0
278		*/
279		public static final String ENTRY = "entry";
280		/**
281		* A node type in the NVD CVE Schema 2.0
282		*/
283		public static final String VULN_PRODUCT = "vuln:product";
284		/**
285		* A node type in the NVD CVE Schema 2.0
286		*/
287		public static final String VULN_REFERENCES = "vuln:references";
288		/**
289		* A node type in the NVD CVE Schema 2.0
290		*/
291		public static final String VULN_SOURCE = "vuln:source";
292		/**
293		* A node type in the NVD CVE Schema 2.0
294		*/
295		public static final String VULN_REFERENCE = "vuln:reference";
296		/**
297		* A node type in the NVD CVE Schema 2.0
298		*/
299		public static final String VULN_SUMMARY = "vuln:summary";
300		/**
301		* A node type in the NVD CVE Schema 2.0
302		*/
303		public static final String VULN_CWE = "vuln:cwe";
304		/**
305		* A node type in the NVD CVE Schema 2.0
306		*/
307		public static final String CVSS_SCORE = "cvss:score";
308		/**
309		* A node type in the NVD CVE Schema 2.0
310		*/
311		public static final String CVSS_ACCESS_VECTOR = "cvss:access-vector";
312		/**
313		* A node type in the NVD CVE Schema 2.0
314		*/
315		public static final String CVSS_ACCESS_COMPLEXITY = "cvss:access-complexity";
316		/**
317		* A node type in the NVD CVE Schema 2.0
318		*/
319		public static final String CVSS_AUTHENTICATION = "cvss:authentication";
320		/**
321		* A node type in the NVD CVE Schema 2.0
322		*/
323		public static final String CVSS_CONFIDENTIALITY_IMPACT = "cvss:confidentiality-impact";
324		/**
325		* A node type in the NVD CVE Schema 2.0
326		*/
327		public static final String CVSS_INTEGRITY_IMPACT = "cvss:integrity-impact";
328		/**
329		* A node type in the NVD CVE Schema 2.0
330		*/
331		public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact";
332		/**
333		* The current node.
334		*/
335		private String node;
336
337		/**
338		* Gets the value of node.
339		*
340		* @return the value of node
341		*/
342		public String getNode() {
343	0	return this.node;
344		}
345
346		/**
347		* Sets the value of node.
348		*
349		* @param node new value of node
350		*/
351		public void setNode(String node) {
352	9648	this.node = node;
353	9648	}
354
355		/**
356		* Checks if the handler is at the NVD node.
357		*
358		* @return true or false
359		*/
360		public boolean isNVDNode() {
361	2722	return NVD.equals(node);
362		}
363
364		/**
365		* Checks if the handler is at the ENTRY node.
366		*
367		* @return true or false
368		*/
369		public boolean isEntryNode() {
370	9648	return ENTRY.equals(node);
371		}
372
373		/**
374		* Checks if the handler is at the VULN_PRODUCT node.
375		*
376		* @return true or false
377		*/
378		public boolean isVulnProductNode() {
379	9176	return VULN_PRODUCT.equals(node);
380		}
381
382		/**
383		* Checks if the handler is at the REFERENCES node.
384		*
385		* @return true or false
386		*/
387		public boolean isVulnReferencesNode() {
388	3856	return VULN_REFERENCES.equals(node);
389		}
390
391		/**
392		* Checks if the handler is at the REFERENCE node.
393		*
394		* @return true or false
395		*/
396		public boolean isVulnReferenceNode() {
397	720	return VULN_REFERENCE.equals(node);
398		}
399
400		/**
401		* Checks if the handler is at the VULN_SOURCE node.
402		*
403		* @return true or false
404		*/
405		public boolean isVulnSourceNode() {
406	360	return VULN_SOURCE.equals(node);
407		}
408
409		/**
410		* Checks if the handler is at the VULN_SUMMARY node.
411		*
412		* @return true or false
413		*/
414		public boolean isVulnSummaryNode() {
415	5188	return VULN_SUMMARY.equals(node);
416		}
417
418		/**
419		* Checks if the handler is at the VULN_CWE node.
420		*
421		* @return true or false
422		*/
423		public boolean isVulnCWENode() {
424	2720	return VULN_CWE.equals(node);
425		}
426
427		/**
428		* Checks if the handler is at the CVSS_SCORE node.
429		*
430		* @return true or false
431		*/
432		public boolean isCVSSScoreNode() {
433	7452	return CVSS_SCORE.equals(node);
434		}
435
436		/**
437		* Checks if the handler is at the CVSS_ACCESS_VECTOR node.
438		*
439		* @return true or false
440		*/
441		public boolean isCVSSAccessVectorNode() {
442	7348	return CVSS_ACCESS_VECTOR.equals(node);
443		}
444
445		/**
446		* Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node.
447		*
448		* @return true or false
449		*/
450		public boolean isCVSSAccessComplexityNode() {
451	7244	return CVSS_ACCESS_COMPLEXITY.equals(node);
452		}
453
454		/**
455		* Checks if the handler is at the CVSS_AUTHENTICATION node.
456		*
457		* @return true or false
458		*/
459		public boolean isCVSSAuthenticationNode() {
460	7140	return CVSS_AUTHENTICATION.equals(node);
461		}
462
463		/**
464		* Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node.
465		*
466		* @return true or false
467		*/
468		public boolean isCVSSConfidentialityImpactNode() {
469	6932	return CVSS_CONFIDENTIALITY_IMPACT.equals(node);
470		}
471
472		/**
473		* Checks if the handler is at the CVSS_INTEGRITY_IMPACT node.
474		*
475		* @return true or false
476		*/
477		public boolean isCVSSIntegrityImpactNode() {
478	6828	return CVSS_INTEGRITY_IMPACT.equals(node);
479		}
480
481		/**
482		* Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node.
483		*
484		* @return true or false
485		*/
486		public boolean isCVSSAvailabilityImpactNode() {
487	7036	return CVSS_AVAILABILITY_IMPACT.equals(node);
488		}
489		}
490		// </editor-fold>
491		}