Coverage Report

Coverage Report - org.owasp.dependencycheck.data.nvdcve.NvdCve20Handler

Classes in this File

Line Coverage

Branch Coverage

Complexity

NvdCve20Handler

80%

99/123

89%

75/84

3.04

NvdCve20Handler$Element

94%

18/19

N/A

3.04

 /*
  * This file is part of dependency-check-core.
  *
  * Dependency-check-core is free software: you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation, either version 3 of the License, or (at your option) any
  * later version.
  *
  * Dependency-check-core is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
  *
  * You should have received a copy of the GNU General Public License along with
  * dependency-check-core. If not, see http://www.gnu.org/licenses/.
  *
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 package org.owasp.dependencycheck.data.nvdcve;
 
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.apache.lucene.index.CorruptIndexException;
 import org.owasp.dependencycheck.dependency.Reference;
 import org.owasp.dependencycheck.dependency.Vulnerability;
 import org.owasp.dependencycheck.dependency.VulnerableSoftware;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotSupportedException;
 import org.xml.sax.helpers.DefaultHandler;
 
 /**
  * A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
  *
  * @author Jeremy Long (jeremy.long@owasp.org)
  */
 public class NvdCve20Handler extends DefaultHandler {
 
     /**
      * the current supported schema version.
      */
     private static final String CURRENT_SCHEMA_VERSION = "2.0";
     /**
      * the current element.
      */
     private final Element current = new Element();
     /**
      * the text of the node.
      */
     private StringBuilder nodeText;
     /**
      * the vulnerability.
      */
     private Vulnerability vulnerability;
     /**
      * a reference for the cve.
      */
     private Reference reference;
     /**
      * flag indicating whether the application has a cpe.
      */
     private boolean hasApplicationCpe = false;
     /**
      * The total number of entries parsed.
      */
     private int totalNumberOfEntries;
 
     /**
      * Get the value of totalNumberOfEntries.
      *
      * @return the value of totalNumberOfEntries
      */
     public int getTotalNumberOfEntries() {
         return totalNumberOfEntries;
     }
     /**
      * The total number of application entries parsed.
      */
     private int totalNumberOfApplicationEntries;
 
     /**
      * Get the value of totalNumberOfApplicationEntries.
      *
      * @return the value of totalNumberOfApplicationEntries
      */
     public int getTotalNumberOfApplicationEntries() {
         return totalNumberOfApplicationEntries;
     }
 
     @Override
     public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
         current.setNode(qName);
         if (current.isEntryNode()) {
             hasApplicationCpe = false;
             vulnerability = new Vulnerability();
             vulnerability.setName(attributes.getValue("id"));
         } else if (current.isVulnProductNode()) {
             nodeText = new StringBuilder(100);
         } else if (current.isVulnReferencesNode()) {
             final String lang = attributes.getValue("xml:lang");
             if ("en".equals(lang)) {
                 reference = new Reference();
             } else {
                 reference = null;
             }
         } else if (reference != null && current.isVulnReferenceNode()) {
             reference.setUrl(attributes.getValue("href"));
             nodeText = new StringBuilder(130);
         } else if (reference != null && current.isVulnSourceNode()) {
             nodeText = new StringBuilder(30);
         } else if (current.isVulnSummaryNode()) {
             nodeText = new StringBuilder(500);
         } else if (current.isNVDNode()) {
             final String nvdVer = attributes.getValue("nvd_xml_version");
             if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
                 throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
             }
         } else if (current.isVulnCWENode()) {
             vulnerability.setCwe(attributes.getValue("id"));
         } else if (current.isCVSSScoreNode()) {
             nodeText = new StringBuilder(5);
         } else if (current.isCVSSAccessVectorNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAccessComplexityNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAuthenticationNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSAvailabilityImpactNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSConfidentialityImpactNode()) {
             nodeText = new StringBuilder(20);
         } else if (current.isCVSSIntegrityImpactNode()) {
             nodeText = new StringBuilder(20);
         }
     }
 
     @Override
     public void characters(char[] ch, int start, int length) throws SAXException {
         if (nodeText != null) {
             nodeText.append(ch, start, length);
         }
     }
 
     @Override
     public void endElement(String uri, String localName, String qName) throws SAXException {
         current.setNode(qName);
         if (current.isEntryNode()) {
             totalNumberOfEntries += 1;
             if (hasApplicationCpe) {
                 totalNumberOfApplicationEntries += 1;
                 try {
                     saveEntry(vulnerability);
                 } catch (DatabaseException ex) {
                     throw new SAXException(ex);
                 } catch (CorruptIndexException ex) {
                     throw new SAXException(ex);
                 } catch (IOException ex) {
                     throw new SAXException(ex);
                 }
             }
             vulnerability = null;
         } else if (current.isCVSSScoreNode()) {
             try {
                 final float score = Float.parseFloat(nodeText.toString());
                 vulnerability.setCvssScore(score);
             } catch (NumberFormatException ex) {
                 Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, "Error parsing CVSS Score.");
                 Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, null, ex);
             }
             nodeText = null;
         } else if (current.isCVSSAccessVectorNode()) {
             vulnerability.setCvssAccessVector(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAccessComplexityNode()) {
             vulnerability.setCvssAccessComplexity(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAuthenticationNode()) {
             vulnerability.setCvssAuthentication(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSAvailabilityImpactNode()) {
             vulnerability.setCvssAvailabilityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSConfidentialityImpactNode()) {
             vulnerability.setCvssConfidentialityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isCVSSIntegrityImpactNode()) {
             vulnerability.setCvssIntegrityImpact(nodeText.toString());
             nodeText = null;
         } else if (current.isVulnProductNode()) {
             final String cpe = nodeText.toString();
             if (cpe.startsWith("cpe:/a:")) {
                 hasApplicationCpe = true;
                 vulnerability.addVulnerableSoftware(cpe);
             }
             nodeText = null;
         } else if (reference != null && current.isVulnReferencesNode()) {
             vulnerability.addReference(reference);
             reference = null;
         } else if (reference != null && current.isVulnReferenceNode()) {
             reference.setName(nodeText.toString());
             nodeText = null;
         } else if (reference != null && current.isVulnSourceNode()) {
             reference.setSource(nodeText.toString());
             nodeText = null;
         } else if (current.isVulnSummaryNode()) {
             vulnerability.setDescription(nodeText.toString());
             if (nodeText.indexOf("** REJECT **") >= 0) {
                 hasApplicationCpe = true; //ensure we process this to delete the vuln
             }
             nodeText = null;
         }
     }
     /**
      * the cve database.
      */
     private CveDB cveDB;
 
     /**
      * Sets the cveDB.
      *
      * @param db a reference to the CveDB
      */
     public void setCveDB(CveDB db) {
         cveDB = db;
     }
     /**
      * A list of CVE entries and associated VulnerableSoftware entries that
      * contain previous entries.
      */
     private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
 
     /**
      * Sets the prevVersionVulnMap.
      *
      * @param map the map of vulnerable software with previous versions being
      * vulnerable
      */
     public void setPrevVersionVulnMap(Map<String, List<VulnerableSoftware>> map) {
         prevVersionVulnMap = map;
     }
 
     /**
      * Saves a vulnerability to the CVE Database.
      *
      * @param vuln the vulnerability to store in the database
      * @throws DatabaseException thrown if there is an error writing to the
      * database
      * @throws CorruptIndexException is thrown if the CPE Index is corrupt
      * @throws IOException thrown if there is an IOException with the CPE Index
      */
     private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException {
         if (cveDB == null) {
             return;
         }
         final String cveName = vuln.getName();
         if (prevVersionVulnMap.containsKey(cveName)) {
             final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
             for (VulnerableSoftware vs : vulnSoftware) {
                 vuln.updateVulnerableSoftware(vs);
             }
         }
         cveDB.updateVulnerability(vuln);
     }
 
     // <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
     /**
      * A simple class to maintain information about the current element while
      * parsing the NVD CVE XML.
      */
     protected static class Element {
 
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String NVD = "nvd";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String ENTRY = "entry";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_PRODUCT = "vuln:product";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_REFERENCES = "vuln:references";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_SOURCE = "vuln:source";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_REFERENCE = "vuln:reference";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_SUMMARY = "vuln:summary";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String VULN_CWE = "vuln:cwe";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_SCORE = "cvss:score";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_ACCESS_VECTOR = "cvss:access-vector";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_ACCESS_COMPLEXITY = "cvss:access-complexity";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_AUTHENTICATION = "cvss:authentication";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_CONFIDENTIALITY_IMPACT = "cvss:confidentiality-impact";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_INTEGRITY_IMPACT = "cvss:integrity-impact";
         /**
          * A node type in the NVD CVE Schema 2.0
          */
         public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact";
         /**
          * The current node.
          */
         private String node;
 
         /**
          * Gets the value of node.
          *
          * @return the value of node
          */
         public String getNode() {
             return this.node;
         }
 
         /**
          * Sets the value of node.
          *
          * @param node new value of node
          */
         public void setNode(String node) {
             this.node = node;
         }
 
         /**
          * Checks if the handler is at the NVD node.
          *
          * @return true or false
          */
         public boolean isNVDNode() {
             return NVD.equals(node);
         }
 
         /**
          * Checks if the handler is at the ENTRY node.
          *
          * @return true or false
          */
         public boolean isEntryNode() {
             return ENTRY.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_PRODUCT node.
          *
          * @return true or false
          */
         public boolean isVulnProductNode() {
             return VULN_PRODUCT.equals(node);
         }
 
         /**
          * Checks if the handler is at the REFERENCES node.
          *
          * @return true or false
          */
         public boolean isVulnReferencesNode() {
             return VULN_REFERENCES.equals(node);
         }
 
         /**
          * Checks if the handler is at the REFERENCE node.
          *
          * @return true or false
          */
         public boolean isVulnReferenceNode() {
             return VULN_REFERENCE.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_SOURCE node.
          *
          * @return true or false
          */
         public boolean isVulnSourceNode() {
             return VULN_SOURCE.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_SUMMARY node.
          *
          * @return true or false
          */
         public boolean isVulnSummaryNode() {
             return VULN_SUMMARY.equals(node);
         }
 
         /**
          * Checks if the handler is at the VULN_CWE node.
          *
          * @return true or false
          */
         public boolean isVulnCWENode() {
             return VULN_CWE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_SCORE node.
          *
          * @return true or false
          */
         public boolean isCVSSScoreNode() {
             return CVSS_SCORE.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_ACCESS_VECTOR node.
          *
          * @return true or false
          */
         public boolean isCVSSAccessVectorNode() {
             return CVSS_ACCESS_VECTOR.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node.
          *
          * @return true or false
          */
         public boolean isCVSSAccessComplexityNode() {
             return CVSS_ACCESS_COMPLEXITY.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_AUTHENTICATION node.
          *
          * @return true or false
          */
         public boolean isCVSSAuthenticationNode() {
             return CVSS_AUTHENTICATION.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSConfidentialityImpactNode() {
             return CVSS_CONFIDENTIALITY_IMPACT.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_INTEGRITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSIntegrityImpactNode() {
             return CVSS_INTEGRITY_IMPACT.equals(node);
         }
 
         /**
          * Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node.
          *
          * @return true or false
          */
         public boolean isCVSSAvailabilityImpactNode() {
             return CVSS_AVAILABILITY_IMPACT.equals(node);
         }
     }
     // </editor-fold>
 }

1		/*
2		* This file is part of dependency-check-core.
3		*
4		* Dependency-check-core is free software: you can redistribute it and/or modify it
5		* under the terms of the GNU General Public License as published by the Free
6		* Software Foundation, either version 3 of the License, or (at your option) any
7		* later version.
8		*
9		* Dependency-check-core is distributed in the hope that it will be useful, but
10		* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11		* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
12		* details.
13		*
14		* You should have received a copy of the GNU General Public License along with
15		* dependency-check-core. If not, see http://www.gnu.org/licenses/.
16		*
17		* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
18		*/
19		package org.owasp.dependencycheck.data.nvdcve;
20
21		import java.io.IOException;
22		import java.util.List;
23		import java.util.Map;
24		import java.util.logging.Level;
25		import java.util.logging.Logger;
26		import org.apache.lucene.index.CorruptIndexException;
27		import org.owasp.dependencycheck.dependency.Reference;
28		import org.owasp.dependencycheck.dependency.Vulnerability;
29		import org.owasp.dependencycheck.dependency.VulnerableSoftware;
30		import org.xml.sax.Attributes;
31		import org.xml.sax.SAXException;
32		import org.xml.sax.SAXNotSupportedException;
33		import org.xml.sax.helpers.DefaultHandler;
34
35		/**
36		* A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
37		*
38		* @author Jeremy Long (jeremy.long@owasp.org)
39		*/
40	1	public class NvdCve20Handler extends DefaultHandler {
41
42		/**
43		* the current supported schema version.
44		*/
45		private static final String CURRENT_SCHEMA_VERSION = "2.0";
46		/**
47		* the current element.
48		*/
49	1	private final Element current = new Element();
50		/**
51		* the text of the node.
52		*/
53		private StringBuilder nodeText;
54		/**
55		* the vulnerability.
56		*/
57		private Vulnerability vulnerability;
58		/**
59		* a reference for the cve.
60		*/
61		private Reference reference;
62		/**
63		* flag indicating whether the application has a cpe.
64		*/
65	1	private boolean hasApplicationCpe = false;
66		/**
67		* The total number of entries parsed.
68		*/
69		private int totalNumberOfEntries;
70
71		/**
72		* Get the value of totalNumberOfEntries.
73		*
74		* @return the value of totalNumberOfEntries
75		*/
76		public int getTotalNumberOfEntries() {
77	0	return totalNumberOfEntries;
78		}
79		/**
80		* The total number of application entries parsed.
81		*/
82		private int totalNumberOfApplicationEntries;
83
84		/**
85		* Get the value of totalNumberOfApplicationEntries.
86		*
87		* @return the value of totalNumberOfApplicationEntries
88		*/
89		public int getTotalNumberOfApplicationEntries() {
90	0	return totalNumberOfApplicationEntries;
91		}
92
93		@Override
94		public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
95	2412	current.setNode(qName);
96	2412	if (current.isEntryNode()) {
97	27	hasApplicationCpe = false;
98	27	vulnerability = new Vulnerability();
99	27	vulnerability.setName(attributes.getValue("id"));
100	2385	} else if (current.isVulnProductNode()) {
101	727	nodeText = new StringBuilder(100);
102	1658	} else if (current.isVulnReferencesNode()) {
103	90	final String lang = attributes.getValue("xml:lang");
104	90	if ("en".equals(lang)) {
105	90	reference = new Reference();
106		} else {
107	0	reference = null;
108		}
109	90	} else if (reference != null && current.isVulnReferenceNode()) {
110	90	reference.setUrl(attributes.getValue("href"));
111	90	nodeText = new StringBuilder(130);
112	1478	} else if (reference != null && current.isVulnSourceNode()) {
113	90	nodeText = new StringBuilder(30);
114	1388	} else if (current.isVulnSummaryNode()) {
115	27	nodeText = new StringBuilder(500);
116	1361	} else if (current.isNVDNode()) {
117	1	final String nvdVer = attributes.getValue("nvd_xml_version");
118	1	if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
119	0	throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
120		}
121	1	} else if (current.isVulnCWENode()) {
122	19	vulnerability.setCwe(attributes.getValue("id"));
123	1341	} else if (current.isCVSSScoreNode()) {
124	26	nodeText = new StringBuilder(5);
125	1315	} else if (current.isCVSSAccessVectorNode()) {
126	26	nodeText = new StringBuilder(20);
127	1289	} else if (current.isCVSSAccessComplexityNode()) {
128	26	nodeText = new StringBuilder(20);
129	1263	} else if (current.isCVSSAuthenticationNode()) {
130	26	nodeText = new StringBuilder(20);
131	1237	} else if (current.isCVSSAvailabilityImpactNode()) {
132	26	nodeText = new StringBuilder(20);
133	1211	} else if (current.isCVSSConfidentialityImpactNode()) {
134	26	nodeText = new StringBuilder(20);
135	1185	} else if (current.isCVSSIntegrityImpactNode()) {
136	26	nodeText = new StringBuilder(20);
137		}
138	2412	}
139
140		@Override
141		public void characters(char[] ch, int start, int length) throws SAXException {
142	3987	if (nodeText != null) {
143	1142	nodeText.append(ch, start, length);
144		}
145	3987	}
146
147		@Override
148		public void endElement(String uri, String localName, String qName) throws SAXException {
149	2412	current.setNode(qName);
150	2412	if (current.isEntryNode()) {
151	27	totalNumberOfEntries += 1;
152	27	if (hasApplicationCpe) {
153	19	totalNumberOfApplicationEntries += 1;
154		try {
155	19	saveEntry(vulnerability);
156	0	} catch (DatabaseException ex) {
157	0	throw new SAXException(ex);
158	0	} catch (CorruptIndexException ex) {
159	0	throw new SAXException(ex);
160	0	} catch (IOException ex) {
161	0	throw new SAXException(ex);
162	19	}
163		}
164	27	vulnerability = null;
165	2385	} else if (current.isCVSSScoreNode()) {
166		try {
167	26	final float score = Float.parseFloat(nodeText.toString());
168	26	vulnerability.setCvssScore(score);
169	0	} catch (NumberFormatException ex) {
170	0	Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, "Error parsing CVSS Score.");
171	0	Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, null, ex);
172	26	}
173	26	nodeText = null;
174	2359	} else if (current.isCVSSAccessVectorNode()) {
175	26	vulnerability.setCvssAccessVector(nodeText.toString());
176	26	nodeText = null;
177	2333	} else if (current.isCVSSAccessComplexityNode()) {
178	26	vulnerability.setCvssAccessComplexity(nodeText.toString());
179	26	nodeText = null;
180	2307	} else if (current.isCVSSAuthenticationNode()) {
181	26	vulnerability.setCvssAuthentication(nodeText.toString());
182	26	nodeText = null;
183	2281	} else if (current.isCVSSAvailabilityImpactNode()) {
184	26	vulnerability.setCvssAvailabilityImpact(nodeText.toString());
185	26	nodeText = null;
186	2255	} else if (current.isCVSSConfidentialityImpactNode()) {
187	26	vulnerability.setCvssConfidentialityImpact(nodeText.toString());
188	26	nodeText = null;
189	2229	} else if (current.isCVSSIntegrityImpactNode()) {
190	26	vulnerability.setCvssIntegrityImpact(nodeText.toString());
191	26	nodeText = null;
192	2203	} else if (current.isVulnProductNode()) {
193	727	final String cpe = nodeText.toString();
194	727	if (cpe.startsWith("cpe:/a:")) {
195	614	hasApplicationCpe = true;
196	614	vulnerability.addVulnerableSoftware(cpe);
197		}
198	727	nodeText = null;
199	727	} else if (reference != null && current.isVulnReferencesNode()) {
200	90	vulnerability.addReference(reference);
201	90	reference = null;
202	1386	} else if (reference != null && current.isVulnReferenceNode()) {
203	90	reference.setName(nodeText.toString());
204	90	nodeText = null;
205	1296	} else if (reference != null && current.isVulnSourceNode()) {
206	90	reference.setSource(nodeText.toString());
207	90	nodeText = null;
208	1206	} else if (current.isVulnSummaryNode()) {
209	27	vulnerability.setDescription(nodeText.toString());
210	27	if (nodeText.indexOf(" REJECT ") >= 0) {
211	1	hasApplicationCpe = true; //ensure we process this to delete the vuln
212		}
213	27	nodeText = null;
214		}
215	2412	}
216		/**
217		* the cve database.
218		*/
219		private CveDB cveDB;
220
221		/**
222		* Sets the cveDB.
223		*
224		* @param db a reference to the CveDB
225		*/
226		public void setCveDB(CveDB db) {
227	0	cveDB = db;
228	0	}
229		/**
230		* A list of CVE entries and associated VulnerableSoftware entries that
231		* contain previous entries.
232		*/
233		private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
234
235		/**
236		* Sets the prevVersionVulnMap.
237		*
238		* @param map the map of vulnerable software with previous versions being
239		* vulnerable
240		*/
241		public void setPrevVersionVulnMap(Map<String, List<VulnerableSoftware>> map) {
242	0	prevVersionVulnMap = map;
243	0	}
244
245		/**
246		* Saves a vulnerability to the CVE Database.
247		*
248		* @param vuln the vulnerability to store in the database
249		* @throws DatabaseException thrown if there is an error writing to the
250		* database
251		* @throws CorruptIndexException is thrown if the CPE Index is corrupt
252		* @throws IOException thrown if there is an IOException with the CPE Index
253		*/
254		private void saveEntry(Vulnerability vuln) throws DatabaseException, CorruptIndexException, IOException {
255	19	if (cveDB == null) {
256	19	return;
257		}
258	0	final String cveName = vuln.getName();
259	0	if (prevVersionVulnMap.containsKey(cveName)) {
260	0	final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
261	0	for (VulnerableSoftware vs : vulnSoftware) {
262	0	vuln.updateVulnerableSoftware(vs);
263		}
264		}
265	0	cveDB.updateVulnerability(vuln);
266	0	}
267
268		// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
269		/**
270		* A simple class to maintain information about the current element while
271		* parsing the NVD CVE XML.
272		*/
273	1	protected static class Element {
274
275		/**
276		* A node type in the NVD CVE Schema 2.0
277		*/
278		public static final String NVD = "nvd";
279		/**
280		* A node type in the NVD CVE Schema 2.0
281		*/
282		public static final String ENTRY = "entry";
283		/**
284		* A node type in the NVD CVE Schema 2.0
285		*/
286		public static final String VULN_PRODUCT = "vuln:product";
287		/**
288		* A node type in the NVD CVE Schema 2.0
289		*/
290		public static final String VULN_REFERENCES = "vuln:references";
291		/**
292		* A node type in the NVD CVE Schema 2.0
293		*/
294		public static final String VULN_SOURCE = "vuln:source";
295		/**
296		* A node type in the NVD CVE Schema 2.0
297		*/
298		public static final String VULN_REFERENCE = "vuln:reference";
299		/**
300		* A node type in the NVD CVE Schema 2.0
301		*/
302		public static final String VULN_SUMMARY = "vuln:summary";
303		/**
304		* A node type in the NVD CVE Schema 2.0
305		*/
306		public static final String VULN_CWE = "vuln:cwe";
307		/**
308		* A node type in the NVD CVE Schema 2.0
309		*/
310		public static final String CVSS_SCORE = "cvss:score";
311		/**
312		* A node type in the NVD CVE Schema 2.0
313		*/
314		public static final String CVSS_ACCESS_VECTOR = "cvss:access-vector";
315		/**
316		* A node type in the NVD CVE Schema 2.0
317		*/
318		public static final String CVSS_ACCESS_COMPLEXITY = "cvss:access-complexity";
319		/**
320		* A node type in the NVD CVE Schema 2.0
321		*/
322		public static final String CVSS_AUTHENTICATION = "cvss:authentication";
323		/**
324		* A node type in the NVD CVE Schema 2.0
325		*/
326		public static final String CVSS_CONFIDENTIALITY_IMPACT = "cvss:confidentiality-impact";
327		/**
328		* A node type in the NVD CVE Schema 2.0
329		*/
330		public static final String CVSS_INTEGRITY_IMPACT = "cvss:integrity-impact";
331		/**
332		* A node type in the NVD CVE Schema 2.0
333		*/
334		public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact";
335		/**
336		* The current node.
337		*/
338		private String node;
339
340		/**
341		* Gets the value of node.
342		*
343		* @return the value of node
344		*/
345		public String getNode() {
346	0	return this.node;
347		}
348
349		/**
350		* Sets the value of node.
351		*
352		* @param node new value of node
353		*/
354		public void setNode(String node) {
355	4824	this.node = node;
356	4824	}
357
358		/**
359		* Checks if the handler is at the NVD node.
360		*
361		* @return true or false
362		*/
363		public boolean isNVDNode() {
364	1361	return NVD.equals(node);
365		}
366
367		/**
368		* Checks if the handler is at the ENTRY node.
369		*
370		* @return true or false
371		*/
372		public boolean isEntryNode() {
373	4824	return ENTRY.equals(node);
374		}
375
376		/**
377		* Checks if the handler is at the VULN_PRODUCT node.
378		*
379		* @return true or false
380		*/
381		public boolean isVulnProductNode() {
382	4588	return VULN_PRODUCT.equals(node);
383		}
384
385		/**
386		* Checks if the handler is at the REFERENCES node.
387		*
388		* @return true or false
389		*/
390		public boolean isVulnReferencesNode() {
391	1928	return VULN_REFERENCES.equals(node);
392		}
393
394		/**
395		* Checks if the handler is at the REFERENCE node.
396		*
397		* @return true or false
398		*/
399		public boolean isVulnReferenceNode() {
400	360	return VULN_REFERENCE.equals(node);
401		}
402
403		/**
404		* Checks if the handler is at the VULN_SOURCE node.
405		*
406		* @return true or false
407		*/
408		public boolean isVulnSourceNode() {
409	180	return VULN_SOURCE.equals(node);
410		}
411
412		/**
413		* Checks if the handler is at the VULN_SUMMARY node.
414		*
415		* @return true or false
416		*/
417		public boolean isVulnSummaryNode() {
418	2594	return VULN_SUMMARY.equals(node);
419		}
420
421		/**
422		* Checks if the handler is at the VULN_CWE node.
423		*
424		* @return true or false
425		*/
426		public boolean isVulnCWENode() {
427	1360	return VULN_CWE.equals(node);
428		}
429
430		/**
431		* Checks if the handler is at the CVSS_SCORE node.
432		*
433		* @return true or false
434		*/
435		public boolean isCVSSScoreNode() {
436	3726	return CVSS_SCORE.equals(node);
437		}
438
439		/**
440		* Checks if the handler is at the CVSS_ACCESS_VECTOR node.
441		*
442		* @return true or false
443		*/
444		public boolean isCVSSAccessVectorNode() {
445	3674	return CVSS_ACCESS_VECTOR.equals(node);
446		}
447
448		/**
449		* Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node.
450		*
451		* @return true or false
452		*/
453		public boolean isCVSSAccessComplexityNode() {
454	3622	return CVSS_ACCESS_COMPLEXITY.equals(node);
455		}
456
457		/**
458		* Checks if the handler is at the CVSS_AUTHENTICATION node.
459		*
460		* @return true or false
461		*/
462		public boolean isCVSSAuthenticationNode() {
463	3570	return CVSS_AUTHENTICATION.equals(node);
464		}
465
466		/**
467		* Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node.
468		*
469		* @return true or false
470		*/
471		public boolean isCVSSConfidentialityImpactNode() {
472	3466	return CVSS_CONFIDENTIALITY_IMPACT.equals(node);
473		}
474
475		/**
476		* Checks if the handler is at the CVSS_INTEGRITY_IMPACT node.
477		*
478		* @return true or false
479		*/
480		public boolean isCVSSIntegrityImpactNode() {
481	3414	return CVSS_INTEGRITY_IMPACT.equals(node);
482		}
483
484		/**
485		* Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node.
486		*
487		* @return true or false
488		*/
489		public boolean isCVSSAvailabilityImpactNode() {
490	3518	return CVSS_AVAILABILITY_IMPACT.equals(node);
491		}
492		}
493		// </editor-fold>
494		}