CveDB (Dependency-Check Core 5.3.2 API)

java.lang.Object
- org.owasp.dependencycheck.data.nvdcve.CveDB

All Implemented Interfaces:

AutoCloseable
```
@ThreadSafe
public final class CveDB
extends Object
implements AutoCloseable
```
The database holding information about the NVD CVE data. This class is safe to be accessed from multiple threads in parallel, however internally only one connection will be used.

Author:

Jeremy Long

Constructor Summary

Constructors
Constructor and Description

CveDB(Settings settings)
Creates a new CveDB object and opens the database connection.

Constructors
Constructor and Description
`CveDB(Settings settings)` Creates a new CveDB object and opens the database connection.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`addCpe(String cpe, String vendor, String product)` This method is only referenced in unused code and will likely break on MySQL if ever used due to the MERGE statement.
`void`	`cleanupDatabase()` It is possible that orphaned rows may be generated during database updates.
`void`	`close()` Closes the database connection.
`void`	`commit()` Commits all completed transactions.
`boolean`	`dataExists()` Checks to see if data exists so that analysis can be performed.
`void`	`defrag()` If the database is using an H2 file based database calling `defrag()` will de-fragment the database.
`void`	`deleteUnusedCpe()` This method is only referenced in unused code.
`protected void`	`finalize()` Cleans up the object and ensures that "close" has been called.
`Set<CpePlus>`	`getCPEs(String vendor, String product)` Searches the CPE entries in the database and retrieves all entries for a given vendor and product combination.
`DatabaseProperties`	`getDatabaseProperties()` Get the value of databaseProperties.
`protected VulnerableSoftware`	`getMatchingSoftware(us.springett.parsers.cpe.Cpe cpe, Set<VulnerableSoftware> vulnerableSoftware)` Determines if the given identifiedVersion is affected by the given cpeId and previous version flag.
`Properties`	`getProperties()` Returns a set of properties.
`Set<Pair<String,String>>`	`getVendorProductList()` Returns the entire list of vendor/product combinations.
`Set<Pair<String,String>>`	`getVendorProductListForNode()` Returns the entire list of vendor/product combinations filtered for just Node JS related products.
`List<Vulnerability>`	`getVulnerabilities(us.springett.parsers.cpe.Cpe cpe)` Retrieves the vulnerabilities associated with the specified CPE.
`Vulnerability`	`getVulnerability(String cve)` Gets a vulnerability for the provided CVE.
`protected boolean`	`isOpen()` Returns whether the database connection is open or closed.
`protected DatabaseProperties`	`reloadProperties()` Used within the unit tests to reload the database properties.
`void`	`saveProperty(String key, String value)` Saves a property to the database.
`void`	`updateVulnerability(DefCveItem cve)` Updates the vulnerability within the database.

Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CveDB
```
public CveDB(Settings settings)
      throws DatabaseException
```
    Creates a new CveDB object and opens the database connection. Note, the connection must be closed by the caller by calling the close method.
    
    Parameters:
    
    settings - the configured settings
    
    Throws:
    
    DatabaseException - thrown if there is an exception opening the database.
- Method Detail
  - close
```
public void close()
```
    Closes the database connection. Close should be called on this object when it is done being used.
    
    Specified by:
    
    close in interface AutoCloseable
  - isOpen
```
protected boolean isOpen()
```
    Returns whether the database connection is open or closed.
    
    Returns:
    
    whether the database connection is open or closed
  - commit
```
public void commit()
            throws SQLException
```
    Commits all completed transactions.
    
    Throws:
    
    SQLException - thrown if a SQL Exception occurs
  - finalize
```
protected void finalize()
                 throws Throwable
```
    Cleans up the object and ensures that "close" has been called.
    
    Overrides:
    
    finalize in class Object
    
    Throws:
    
    Throwable - thrown if there is a problem
  - getDatabaseProperties
```
public DatabaseProperties getDatabaseProperties()
```
    Get the value of databaseProperties.
    
    Returns:
    
    the value of databaseProperties
  - reloadProperties
```
protected DatabaseProperties reloadProperties()
```
    Used within the unit tests to reload the database properties.
    
    Returns:
    
    the database properties
  - getCPEs
```
public Set<CpePlus> getCPEs(String vendor,
                            String product)
```
    Searches the CPE entries in the database and retrieves all entries for a given vendor and product combination. The returned list will include all versions of the product that are registered in the NVD CVE data.
    
    Parameters:
    
    vendor - the identified vendor name of the dependency being analyzed
    
    product - the identified name of the product of the dependency being analyzed
    
    Returns:
    
    a set of vulnerable software
  - getVendorProductList
```
public Set<Pair<String,String>> getVendorProductList()
                                              throws DatabaseException
```
    Returns the entire list of vendor/product combinations.
    
    Returns:
    
    the entire list of vendor/product combinations
    
    Throws:
    
    DatabaseException - thrown when there is an error retrieving the data from the DB
  - getVendorProductListForNode
```
public Set<Pair<String,String>> getVendorProductListForNode()
                                                     throws DatabaseException
```
    Returns the entire list of vendor/product combinations filtered for just Node JS related products.
    
    Returns:
    
    the list of vendor/product combinations that are known to be related to Node JS
    
    Throws:
    
    DatabaseException - thrown when there is an error retrieving the data from the DB
  - getProperties
```
public Properties getProperties()
```
    Returns a set of properties.
    
    Returns:
    
    the properties from the database
  - saveProperty
```
public void saveProperty(String key,
                         String value)
```
    Saves a property to the database.
    
    Parameters:
    
    key - the property key
    
    value - the property value
  - getVulnerabilities
```
public List<Vulnerability> getVulnerabilities(us.springett.parsers.cpe.Cpe cpe)
                                       throws DatabaseException
```
    Retrieves the vulnerabilities associated with the specified CPE.
    
    Parameters:
    
    cpe - the CPE to retrieve vulnerabilities for
    
    Returns:
    
    a list of Vulnerabilities
    
    Throws:
    
    DatabaseException - thrown if there is an exception retrieving data
  - getVulnerability
```
public Vulnerability getVulnerability(String cve)
                               throws DatabaseException
```
    Gets a vulnerability for the provided CVE.
    
    Parameters:
    
    cve - the CVE to lookup
    
    Returns:
    
    a vulnerability object
    
    Throws:
    
    DatabaseException - if an exception occurs
  - updateVulnerability
```
public void updateVulnerability(DefCveItem cve)
```
    Updates the vulnerability within the database. If the vulnerability does not exist it will be added.
    
    Parameters:
    
    cve - the vulnerability from the NVD CVE Data Feed to add to the database
    
    Throws:
    
    DatabaseException - is thrown if the database
  - dataExists
```
public boolean dataExists()
```
    Checks to see if data exists so that analysis can be performed.
    
    Returns:
    
    true if data exists; otherwise false
  - cleanupDatabase
```
public void cleanupDatabase()
```
    It is possible that orphaned rows may be generated during database updates. This should be called after all updates have been completed to ensure orphan entries are removed.
  - defrag
```
public void defrag()
```
    If the database is using an H2 file based database calling defrag() will de-fragment the database.
  - getMatchingSoftware
```
protected VulnerableSoftware getMatchingSoftware(us.springett.parsers.cpe.Cpe cpe,
                                                 Set<VulnerableSoftware> vulnerableSoftware)
```
    Determines if the given identifiedVersion is affected by the given cpeId and previous version flag. A non-null, non-empty string passed to the previous version argument indicates that all previous versions are affected.
    
    Parameters:
    
    cpe - the CPE for the given dependency
    
    vulnerableSoftware - a set of the vulnerable software
    
    Returns:
    
    true if the identified version is affected, otherwise false
  - deleteUnusedCpe
```
public void deleteUnusedCpe()
```
    This method is only referenced in unused code.
    Deletes unused dictionary entries from the database.
  - addCpe
```
public void addCpe(String cpe,
                   String vendor,
                   String product)
```
    This method is only referenced in unused code and will likely break on MySQL if ever used due to the MERGE statement.
    Merges CPE entries into the database.
    
    Parameters:
    
    cpe - the CPE identifier
    
    vendor - the CPE vendor
    
    product - the CPE product

Class CveDB

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CveDB

Method Detail

close

isOpen

commit

finalize

getDatabaseProperties

reloadProperties

getCPEs

getVendorProductList

getVendorProductListForNode

getProperties

saveProperty

getVulnerabilities

getVulnerability

updateVulnerability

dataExists

cleanupDatabase

defrag

getMatchingSoftware

deleteUnusedCpe

addCpe