org.owasp.dependencycheck.data.update

Class NvdCveUpdater

java.lang.Object

org.owasp.dependencycheck.data.update.NvdCveUpdater

All Implemented Interfaces:

CachedWebDataSource

@ThreadSafe
public class NvdCveUpdater
extends Object
implements CachedWebDataSource

Class responsible for updating the NVD CVE data.

Author:

Jeremy Long

Constructor Summary

Constructors

Constructor and Description
NvdCveUpdater()

Method Summary

Modifier and Type	Method and Description
protected MetaProperties	getMetaFile(String url) Downloads the NVD CVE Meta file properties.
protected List<NvdCveInfo>	getUpdatesNeeded() Determines if the index needs to be updated.
protected void	initializeExecutorServices() Initialize the executor services for download and processing of the NVD CVE XML data.
boolean	purge(Engine engine) Deletes any locally cached data.
protected void	setSettings(Settings settings) Sets the settings object; this is used during testing.
boolean	update(Engine engine) Downloads the latest NVD CVE XML file from the web and imports it into the current CVE Database.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NvdCveUpdater

public NvdCveUpdater()

Method Detail

update

public boolean update(Engine engine)
               throws UpdateException

Downloads the latest NVD CVE XML file from the web and imports it into the current CVE Database. A lock on a file is obtained in an attempt to prevent more then one thread/JVM from updating the database at the same time. This method may sleep upto 5 minutes.

Specified by:

update in interface CachedWebDataSource

Parameters:

engine - a reference to the dependency-check engine

Returns:

whether or not an update was made to the CveDB

Throws:

UpdateException - is thrown if there is an error updating the database

initializeExecutorServices

protected void initializeExecutorServices()

Initialize the executor services for download and processing of the NVD CVE XML data.

getMetaFile

protected final MetaProperties getMetaFile(String url)
                                    throws UpdateException

Downloads the NVD CVE Meta file properties.

Parameters:

url - the URL to the NVD CVE JSON file

Returns:

the meta file properties

Throws:

UpdateException - thrown if the meta file could not be downloaded

getUpdatesNeeded

protected final List<NvdCveInfo> getUpdatesNeeded()
                                           throws UpdateException

Determines if the index needs to be updated. This is done by fetching the NVD CVE meta data and checking the last update date. If the data needs to be refreshed this method will return the NvdCveUrl for the files that need to be updated.

Returns:

the collection of files that need to be updated

Throws:

UpdateException - Is thrown if there is an issue with the last updated properties file

setSettings

protected void setSettings(Settings settings)

Sets the settings object; this is used during testing.

Parameters:

settings - the configured settings

purge

public boolean purge(Engine engine)

Description copied from interface: CachedWebDataSource

Deletes any locally cached data.

Specified by:

purge in interface CachedWebDataSource

Parameters:

engine - a reference to the dependency-check engine

Returns:

true if the purge was successful; otherwise false