1 /*
2 * This file is part of dependency-check-core.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17 */
18 package org.owasp.dependencycheck.data.nvdcve;
19
20 import java.text.DateFormat;
21 import java.text.SimpleDateFormat;
22 import java.util.Date;
23 import java.util.Map;
24 import java.util.Map.Entry;
25 import java.util.Properties;
26 import java.util.TreeMap;
27 import org.owasp.dependencycheck.data.update.nvd.NvdCveInfo;
28 import org.owasp.dependencycheck.data.update.exception.UpdateException;
29 import org.slf4j.Logger;
30 import org.slf4j.LoggerFactory;
31
32 /**
33 * This is a wrapper around a set of properties that are stored in the database.
34 *
35 * @author Jeremy Long
36 */
37 public class DatabaseProperties {
38
39 /**
40 * The Logger.
41 */
42 private static final Logger LOGGER = LoggerFactory.getLogger(DatabaseProperties.class);
43 /**
44 * Modified key word, used as a key to store information about the modified file (i.e. the containing the last 8 days of
45 * updates)..
46 */
47 public static final String MODIFIED = "Modified";
48 /**
49 * The properties file key for the last checked field - used to store the last check time of the Modified NVD CVE xml file.
50 */
51 public static final String LAST_CHECKED = "NVD CVE Checked";
52 /**
53 * The properties file key for the last updated field - used to store the last updated time of the Modified NVD CVE xml file.
54 */
55 public static final String LAST_UPDATED = "NVD CVE Modified";
56 /**
57 * Stores the last updated time for each of the NVD CVE files. These timestamps should be updated if we process the modified
58 * file within 7 days of the last update.
59 */
60 public static final String LAST_UPDATED_BASE = "NVD CVE ";
61 /**
62 * The key for the last time the CPE data was updated.
63 */
64 public static final String LAST_CPE_UPDATE = "LAST_CPE_UPDATE";
65 /**
66 * The key for the database schema version.
67 */
68 public static final String VERSION = "version";
69
70 /**
71 * A collection of properties about the data.
72 */
73 private Properties properties;
74 /**
75 * A reference to the database.
76 */
77 private CveDB cveDB;
78
79 /**
80 * Constructs a new data properties object.
81 *
82 * @param cveDB the database object holding the properties
83 */
84 DatabaseProperties(CveDB cveDB) {
85 this.cveDB = cveDB;
86 loadProperties();
87 }
88
89 /**
90 * Loads the properties from the database.
91 */
92 private void loadProperties() {
93 this.properties = cveDB.getProperties();
94 }
95
96 /**
97 * Returns whether or not any properties are set.
98 *
99 * @return whether or not any properties are set
100 */
101 public boolean isEmpty() {
102 return properties == null || properties.isEmpty();
103 }
104
105 /**
106 * Saves the last updated information to the properties file.
107 *
108 * @param updatedValue the updated NVD CVE entry
109 * @throws UpdateException is thrown if there is an update exception
110 */
111 public void save(NvdCveInfo updatedValue) throws UpdateException {
112 if (updatedValue == null) {
113 return;
114 }
115 save(LAST_UPDATED_BASE + updatedValue.getId(), String.valueOf(updatedValue.getTimestamp()));
116 }
117
118 /**
119 * Saves the key value pair to the properties store.
120 *
121 * @param key the property key
122 * @param value the property value
123 * @throws UpdateException is thrown if there is an update exception
124 */
125 public void save(String key, String value) throws UpdateException {
126 properties.put(key, value);
127 cveDB.saveProperty(key, value);
128 }
129
130 /**
131 * Returns the property value for the given key. If the key is not contained in the underlying properties null is returned.
132 *
133 * @param key the property key
134 * @return the value of the property
135 */
136 public String getProperty(String key) {
137 return properties.getProperty(key);
138 }
139
140 /**
141 * Returns the property value for the given key. If the key is not contained in the underlying properties the default value is
142 * returned.
143 *
144 * @param key the property key
145 * @param defaultValue the default value
146 * @return the value of the property
147 */
148 public String getProperty(String key, String defaultValue) {
149 return properties.getProperty(key, defaultValue);
150 }
151
152 /**
153 * Returns the collection of Database Properties as a properties collection.
154 *
155 * @return the collection of Database Properties
156 */
157 public Properties getProperties() {
158 return properties;
159 }
160
161 /**
162 * Returns a map of the meta data from the database properties. This primarily contains timestamps of when the NVD CVE
163 * information was last updated.
164 *
165 * @return a map of the database meta data
166 */
167 public Map<String, String> getMetaData() {
168 final Map<String, String> map = new TreeMap<String, String>();
169 for (Entry<Object, Object> entry : properties.entrySet()) {
170 final String key = (String) entry.getKey();
171 if (!"version".equals(key)) {
172 if (key.startsWith("NVD CVE ")) {
173 try {
174 final long epoch = Long.parseLong((String) entry.getValue());
175 final Date date = new Date(epoch);
176 final DateFormat format = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
177 final String formatted = format.format(date);
178 map.put(key, formatted);
179 } catch (Throwable ex) { //deliberately being broad in this catch clause
180 LOGGER.debug("Unable to parse timestamp from DB", ex);
181 map.put(key, (String) entry.getValue());
182 }
183 } else {
184 map.put(key, (String) entry.getValue());
185 }
186 }
187 }
188 return map;
189 }
190 }