com.metaeffekt.mirror.contents.kev.KevData Maven / Gradle / Ivy
package com.metaeffekt.mirror.contents.kev;
import com.metaeffekt.artifact.analysis.utils.StringUtils;
import com.metaeffekt.artifact.analysis.utils.TimeUtils;
import lombok.*;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.TextField;
import org.json.JSONObject;
import java.util.Date;
import java.util.Map;
@Getter
@Setter
@AllArgsConstructor(access = AccessLevel.PRIVATE)
@NoArgsConstructor(access = AccessLevel.PUBLIC)
@EqualsAndHashCode
public class KevData {
private String vulnerability;
private String vendor;
private String product;
private String summary;
private String description;
private String notes;
private String recommendation;
private Date publishDate;
private Date exploitDate;
private Date dueDate;
private RansomwareState ransomwareState;
public KevData(String vulnerability, RansomwareState state) {
this.vulnerability = vulnerability;
this.ransomwareState = state;
}
public Document toDocument() {
final Document document = new Document();
addFieldToDocument(document, "vulnerability", vulnerability);
addFieldToDocument(document, "vendor", vendor);
addFieldToDocument(document, "product", product);
addFieldToDocument(document, "summary", summary);
addFieldToDocument(document, "description", description);
addFieldToDocument(document, "recommendation", recommendation);
addFieldToDocument(document, "notes", notes);
addFieldToDocument(document, "publishDate", publishDate == null ? null : Long.toString(publishDate.getTime()));
addFieldToDocument(document, "exploitDate", exploitDate == null ? null : Long.toString(exploitDate.getTime()));
addFieldToDocument(document, "dueDate", dueDate == null ? null : Long.toString(dueDate.getTime()));
addFieldToDocument(document, "knownRansomwareCampaignUse", String.valueOf(ransomwareState));
return document;
}
public static KevData fromDocument(Document document) {
final KevData kevData = new KevData();
kevData.setVulnerability(returnNullIfEmpty(document.get("vulnerability")));
kevData.setVendor(returnNullIfEmpty(document.get("vendor")));
kevData.setProduct(returnNullIfEmpty(document.get("product")));
kevData.setSummary(returnNullIfEmpty(document.get("summary")));
kevData.setDescription(returnNullIfEmpty(document.get("description")));
kevData.setRecommendation(returnNullIfEmpty(document.get("recommendation")));
kevData.setNotes(returnNullIfEmpty(document.get("notes")));
kevData.setPublishDate(TimeUtils.tryParse(document.get("publishDate")));
kevData.setExploitDate(TimeUtils.tryParse(document.get("exploitDate")));
kevData.setDueDate(TimeUtils.tryParse(document.get("dueDate")));
if (document.get("knownRansomwareCampaignUse") != null) {
kevData.setRansomwareState(RansomwareState.valueOf(document.get("knownRansomwareCampaignUse")));
}
return kevData;
}
public JSONObject toJson() {
final JSONObject jsonObject = new JSONObject();
jsonObject.put("vulnerability", vulnerability);
jsonObject.put("vendor", vendor);
jsonObject.put("product", product);
jsonObject.put("summary", summary);
jsonObject.put("description", description);
jsonObject.put("recommendation", recommendation);
jsonObject.put("notes", notes);
jsonObject.put("publishDate", publishDate == null ? null : publishDate.getTime());
jsonObject.put("exploitDate", exploitDate == null ? null : exploitDate.getTime());
jsonObject.put("dueDate", dueDate == null ? null : dueDate.getTime());
jsonObject.put("knownRansomwareCampaignUse", ransomwareState);
return jsonObject;
}
public static KevData fromJson(JSONObject json) {
if (json == null) {
return null;
}
return fromInputMap(json.toMap());
}
public static KevData fromInputMap(Map map) {
final KevData kevData = new KevData();
kevData.setVulnerability((String) map.get("vulnerability"));
kevData.setVendor((String) map.get("vendor"));
kevData.setProduct((String) map.get("product"));
kevData.setSummary((String) map.get("summary"));
kevData.setDescription((String) map.get("description"));
kevData.setRecommendation((String) map.get("recommendation"));
kevData.setNotes((String) map.get("notes"));
kevData.setPublishDate(TimeUtils.tryParse(map.get("publishDate")));
kevData.setExploitDate(TimeUtils.tryParse(map.get("exploitDate")));
kevData.setDueDate(TimeUtils.tryParse(map.get("dueDate")));
if (map.containsKey("knownRansomwareCampaignUse")) {
final Object knownRansomwareCampaignUse = map.get("knownRansomwareCampaignUse");
if (knownRansomwareCampaignUse instanceof Boolean) {
kevData.setRansomwareState((Boolean) knownRansomwareCampaignUse ? RansomwareState.KNOWN : RansomwareState.UNKNOWN);
} else if (knownRansomwareCampaignUse instanceof String) {
kevData.setRansomwareState(RansomwareState.valueOf((String) knownRansomwareCampaignUse));
} else if (knownRansomwareCampaignUse instanceof RansomwareState) {
kevData.setRansomwareState((RansomwareState) knownRansomwareCampaignUse);
} else {
throw new IllegalArgumentException("Unknown type for knownRansomwareCampaignUse: " + knownRansomwareCampaignUse.getClass() + " on " + map);
}
}
return kevData;
}
public static KevData fromCisaKev(JSONObject json) {
final Map map = json.toMap();
final KevData kevData = new KevData();
kevData.setVulnerability((String) map.getOrDefault("cveID", null));
kevData.setVendor((String) map.getOrDefault("vendorProject", null));
kevData.setProduct((String) map.getOrDefault("product", null));
kevData.setSummary((String) map.getOrDefault("vulnerabilityName", null));
kevData.setRecommendation((String) map.getOrDefault("requiredAction", null));
kevData.setNotes((String) map.getOrDefault("notes", null));
kevData.setDescription((String) map.getOrDefault("shortDescription", null));
// publication date is not used as exploitation date, since CISA does not always publish KEV entries upon known exploitation,
// but also sometimes (often) retroactively adds 20-year-old vulnerabilities as exploited vulnerabilities.
// https://www.linkedin.com/pulse/epss-gaps-cisa-kev-real-world-examples-stack-aware-url2e/
kevData.setPublishDate(TimeUtils.tryParse((String) map.getOrDefault("dateAdded", null)));
kevData.setDueDate(TimeUtils.tryParse((String) map.getOrDefault("dueDate", null)));
String ransomwareKnown = (String) map.getOrDefault("knownRansomwareCampaignUse", null);
if (ransomwareKnown != null) {
switch (ransomwareKnown) {
case "Known":
kevData.setRansomwareState(RansomwareState.KNOWN);
break;
case "Unknown":
default:
kevData.setRansomwareState(RansomwareState.UNKNOWN);
}
}
return kevData;
}
private void addFieldToDocument(Document document, String fieldName, String fieldValue) {
if (fieldValue != null && !fieldValue.equals("null")) {
document.add(new TextField(fieldName, fieldValue, Field.Store.YES));
}
}
private static String returnNullIfEmpty(String string) {
return StringUtils.isEmpty(string) ? null : string;
}
public enum RansomwareState {
UNKNOWN,
KNOWN
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy