Coverage Report

Coverage Report - org.owasp.dependencycheck.data.nvdcve.DatabaseProperties

Classes in this File

Line Coverage

Branch Coverage

Complexity

DatabaseProperties

84%

27/32

66%

8/12

1.875

 /*
  * This file is part of dependency-check-core.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.nvdcve;
 
 import com.hazelcast.logging.Logger;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Properties;
 import java.util.TreeMap;
 import java.util.logging.Level;
 import org.owasp.dependencycheck.data.update.NvdCveInfo;
 import org.owasp.dependencycheck.data.update.exception.UpdateException;
 
 /**
  * This is a wrapper around a set of properties that are stored in the database.
  *
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class DatabaseProperties {
 
     /**
      * Modified key word, used as a key to store information about the modified file (i.e. the containing the last 8
      * days of updates)..
      */
     public static final String MODIFIED = "Modified";
     /**
      * The properties file key for the last updated field - used to store the last updated time of the Modified NVD CVE
      * xml file.
      */
     public static final String LAST_UPDATED = "NVD CVE Modified";
     /**
      * Stores the last updated time for each of the NVD CVE files. These timestamps should be updated if we process the
      * modified file within 7 days of the last update.
      */
     public static final String LAST_UPDATED_BASE = "NVD CVE ";
     /**
      * A collection of properties about the data.
      */
     private Properties properties;
     /**
      * A reference to the database.
      */
     private CveDB cveDB;
 
     /**
      * Constructs a new data properties object.
      *
      * @param cveDB the database object holding the properties
      */
     DatabaseProperties(CveDB cveDB) {
         this.cveDB = cveDB;
         loadProperties();
     }
 
     /**
      * Loads the properties from the database.
      */
     private void loadProperties() {
         this.properties = cveDB.getProperties();
     }
 
     /**
      * Returns whether or not any properties are set.
      *
      * @return whether or not any properties are set
      */
     public boolean isEmpty() {
         return properties == null || properties.isEmpty();
     }
 
     /**
      * Writes a properties file containing the last updated date to the VULNERABLE_CPE directory.
      *
      * @param updatedValue the updated NVD CVE entry
      * @throws UpdateException is thrown if there is an update exception
      */
     public void save(NvdCveInfo updatedValue) throws UpdateException {
         if (updatedValue == null) {
             return;
         }
         properties.put(LAST_UPDATED_BASE + updatedValue.getId(), String.valueOf(updatedValue.getTimestamp()));
         cveDB.saveProperty(LAST_UPDATED_BASE + updatedValue.getId(), String.valueOf(updatedValue.getTimestamp()));
     }
 
     /**
      * Returns the property value for the given key. If the key is not contained in the underlying properties null is
      * returned.
      *
      * @param key the property key
      * @return the value of the property
      */
     public String getProperty(String key) {
         return properties.getProperty(key);
     }
 
     /**
      * Returns the property value for the given key. If the key is not contained in the underlying properties the
      * default value is returned.
      *
      * @param key the property key
      * @param defaultValue the default value
      * @return the value of the property
      */
     public String getProperty(String key, String defaultValue) {
         return properties.getProperty(key, defaultValue);
     }
 
     /**
      * Returns the collection of Database Properties as a properties collection.
      *
      * @return the collection of Database Properties
      */
     public Properties getProperties() {
         return properties;
     }
 
     /**
      * Returns a map of the meta data from the database properties. This primarily contains timestamps of when the NVD
      * CVE information was last updated.
      *
      * @return a map of the database meta data
      */
     public Map getMetaData() {
         final TreeMap map = new TreeMap();
         for (Entry<Object, Object> entry : properties.entrySet()) {
             final String key = (String) entry.getKey();
             if (!"version".equals(key)) {
                 if (key.startsWith("NVD CVE ")) {
                     try {
                         final long epoch = Long.parseLong((String) entry.getValue());
                         final Date date = new Date(epoch);
                         final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
                         final String formatted = format.format(date);
                         map.put(key, formatted);
                     } catch (Throwable ex) { //deliberatly being broad in this catch clause
                         Logger.getLogger(DatabaseProperties.class.getName()).log(Level.FINE, "Unable to parse timestamp from DB", ex);
                         map.put(key, entry.getValue());
                     }
                 } else {
                     map.put(key, entry.getValue());
                 }
             }
         }
         return map;
     }
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*
16		* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17		*/
18		package org.owasp.dependencycheck.data.nvdcve;
19
20		import com.hazelcast.logging.Logger;
21		import java.text.DateFormat;
22		import java.text.SimpleDateFormat;
23		import java.util.Date;
24		import java.util.Map;
25		import java.util.Map.Entry;
26		import java.util.Properties;
27		import java.util.TreeMap;
28		import java.util.logging.Level;
29		import org.owasp.dependencycheck.data.update.NvdCveInfo;
30		import org.owasp.dependencycheck.data.update.exception.UpdateException;
31
32		/**
33		* This is a wrapper around a set of properties that are stored in the database.
34		*
35		* @author Jeremy Long <jeremy.long@owasp.org>
36		*/
37		public class DatabaseProperties {
38
39		/**
40		* Modified key word, used as a key to store information about the modified file (i.e. the containing the last 8
41		* days of updates)..
42		*/
43		public static final String MODIFIED = "Modified";
44		/**
45		* The properties file key for the last updated field - used to store the last updated time of the Modified NVD CVE
46		* xml file.
47		*/
48		public static final String LAST_UPDATED = "NVD CVE Modified";
49		/**
50		* Stores the last updated time for each of the NVD CVE files. These timestamps should be updated if we process the
51		* modified file within 7 days of the last update.
52		*/
53		public static final String LAST_UPDATED_BASE = "NVD CVE ";
54		/**
55		* A collection of properties about the data.
56		*/
57		private Properties properties;
58		/**
59		* A reference to the database.
60		*/
61		private CveDB cveDB;
62
63		/**
64		* Constructs a new data properties object.
65		*
66		* @param cveDB the database object holding the properties
67		*/
68	27	DatabaseProperties(CveDB cveDB) {
69	27	this.cveDB = cveDB;
70	27	loadProperties();
71	27	}
72
73		/**
74		* Loads the properties from the database.
75		*/
76		private void loadProperties() {
77	27	this.properties = cveDB.getProperties();
78	27	}
79
80		/**
81		* Returns whether or not any properties are set.
82		*
83		* @return whether or not any properties are set
84		*/
85		public boolean isEmpty() {
86	1	return properties == null \|\| properties.isEmpty();
87		}
88
89		/**
90		* Writes a properties file containing the last updated date to the VULNERABLE_CPE directory.
91		*
92		* @param updatedValue the updated NVD CVE entry
93		* @throws UpdateException is thrown if there is an update exception
94		*/
95		public void save(NvdCveInfo updatedValue) throws UpdateException {
96	1	if (updatedValue == null) {
97	0	return;
98		}
99	1	properties.put(LAST_UPDATED_BASE + updatedValue.getId(), String.valueOf(updatedValue.getTimestamp()));
100	1	cveDB.saveProperty(LAST_UPDATED_BASE + updatedValue.getId(), String.valueOf(updatedValue.getTimestamp()));
101	1	}
102
103		/**
104		* Returns the property value for the given key. If the key is not contained in the underlying properties null is
105		* returned.
106		*
107		* @param key the property key
108		* @return the value of the property
109		*/
110		public String getProperty(String key) {
111	2	return properties.getProperty(key);
112		}
113
114		/**
115		* Returns the property value for the given key. If the key is not contained in the underlying properties the
116		* default value is returned.
117		*
118		* @param key the property key
119		* @param defaultValue the default value
120		* @return the value of the property
121		*/
122		public String getProperty(String key, String defaultValue) {
123	1	return properties.getProperty(key, defaultValue);
124		}
125
126		/**
127		* Returns the collection of Database Properties as a properties collection.
128		*
129		* @return the collection of Database Properties
130		*/
131		public Properties getProperties() {
132	1	return properties;
133		}
134
135		/**
136		* Returns a map of the meta data from the database properties. This primarily contains timestamps of when the NVD
137		* CVE information was last updated.
138		*
139		* @return a map of the database meta data
140		*/
141		public Map getMetaData() {
142	1	final TreeMap map = new TreeMap();
143	1	for (Entry<Object, Object> entry : properties.entrySet()) {
144	16	final String key = (String) entry.getKey();
145	16	if (!"version".equals(key)) {
146	15	if (key.startsWith("NVD CVE ")) {
147		try {
148	15	final long epoch = Long.parseLong((String) entry.getValue());
149	15	final Date date = new Date(epoch);
150	15	final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
151	15	final String formatted = format.format(date);
152	15	map.put(key, formatted);
153	0	} catch (Throwable ex) { //deliberatly being broad in this catch clause
154	0	Logger.getLogger(DatabaseProperties.class.getName()).log(Level.FINE, "Unable to parse timestamp from DB", ex);
155	0	map.put(key, entry.getValue());
156	15	}
157		} else {
158	0	map.put(key, entry.getValue());
159		}
160		}
161	16	}
162	1	return map;
163		}
164		}