All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.metaeffekt.mirror.query.NvdCpeApiIndexQuery Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.mirror.query;

import com.metaeffekt.artifact.analysis.utils.StringUtils;
import com.metaeffekt.artifact.analysis.vulnerability.CommonEnumerationUtil;
import com.metaeffekt.mirror.contents.cpe.NvdCpeMetadata;
import com.metaeffekt.mirror.index.IndexSearch;
import com.metaeffekt.mirror.index.nvd.NvdCpeApiIndex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.Cpe;

import java.io.File;
import java.util.*;
import java.util.function.Function;
import java.util.stream.Collectors;

public class NvdCpeApiIndexQuery extends IndexQuery {

    private final static Logger LOG = LoggerFactory.getLogger(NvdCpeApiIndexQuery.class);

    public NvdCpeApiIndexQuery(File baseMirrorDirectory) {
        super(baseMirrorDirectory, NvdCpeApiIndex.class);
    }

    public NvdCpeApiIndexQuery(NvdCpeApiIndex index) {
        super(index);
    }

    public List findCpeByVendorProduct(String vendor, String product) {
        return sortCpe(findCpeUsingSearcher(new IndexSearch()
                .fieldEquals("vendor", vendor)
                .fieldEquals("product", product)));
    }

    public List findCpeByVendorProductVersion(String vendor, String product, String version) {
        return sortCpe(findCpeUsingSearcher(new IndexSearch()
                .fieldEquals("vendor", vendor)
                .fieldEquals("product", product)
                .fieldEquals("version", version)));
    }

    private List sortCpe(Collection cpes) {
        if (cpes == null || cpes.isEmpty()) return new ArrayList<>();
        try {
            return cpes.stream().sorted().collect(Collectors.toList());
        } catch (Exception e) {
            LOG.warn("Failed to sort CPEs {}: {}" , cpes, e.getMessage());
            return new ArrayList<>(cpes);
        }
    }

    public List findCpeByProduct(String product) {
        return findCpeUsingSearcher(new IndexSearch().fieldEquals("product", product));
    }

    public List findCpeByVendor(String vendor) {
        return findCpeUsingSearcher(new IndexSearch().fieldEquals("vendor", vendor));
    }

    public List findCpeByProductFuzzy(String product) {
        return findCpeUsingSearcher(new IndexSearch().fieldContains("product", product));
    }

    public List findCpeByVendorFuzzy(String vendor) {
        return findCpeUsingSearcher(new IndexSearch().fieldContains("vendor", vendor));
    }


    public List findByNvdId(String nvdId) {
        return findCpeUsingSearcher(new IndexSearch().fieldEquals("nvdId", nvdId));
    }

    public List findByCpeUri(String cpeUri) {
        return CommonEnumerationUtil.parseCpe(cpeUri)
                .map(this::findByCpeUri)
                .orElseGet(ArrayList::new);
    }

    private final static List> CPE_PART_MAPPINGS = Arrays.asList(
            s -> s,
            s -> s.replace("\\_", "_"),
            s -> s.replace("\\.", "."),
            s -> s.replace("\\-", "-"),
            s -> s.replace("\\/", "/")
    );

    public List findByCpeUri(Cpe cpeUri) {
        for (Function mapper : CPE_PART_MAPPINGS) {
            final List cpeList = findByCpeUri(cpeUri, mapper);
            if (!cpeList.isEmpty()) {
                return cpeList;
            }
        }
        return new ArrayList<>();
    }

    public List findByCpeUri(Cpe cpeUri, Function partMapper) {
        final IndexSearch search = new IndexSearch();
        search.fieldEquals("part", cpeUri.getPart().getAbbreviation());
        addToSearchIfNotWildcard("vendor", partMapper.apply(cpeUri.getVendor()), search);
        addToSearchIfNotWildcard("product", partMapper.apply(cpeUri.getProduct()), search);
        addToSearchIfNotWildcard("version", partMapper.apply(cpeUri.getVersion()), search);
        addToSearchIfNotWildcard("update", partMapper.apply(cpeUri.getUpdate()), search);
        addToSearchIfNotWildcard("edition", partMapper.apply(cpeUri.getEdition()), search);
        addToSearchIfNotWildcard("language", partMapper.apply(cpeUri.getLanguage()), search);
        addToSearchIfNotWildcard("sw_edition", partMapper.apply(cpeUri.getSwEdition()), search);
        addToSearchIfNotWildcard("target_sw", partMapper.apply(cpeUri.getTargetSw()), search);
        addToSearchIfNotWildcard("target_hw", partMapper.apply(cpeUri.getTargetHw()), search);
        addToSearchIfNotWildcard("other", partMapper.apply(cpeUri.getOther()), search);
        return findCpeUsingSearcher(search);
    }

    private static void addToSearchIfNotWildcard(String key, String value, IndexSearch search) {
        if (isNotWildcardPart(value)) {
            search.fieldEquals(key, value);
        }
    }

    /**
     * A wildcard part is: [, *]
     *
     * @param part the part to check
     * @return true if the part is not a wildcard part
     */
    public static boolean isNotWildcardPart(String part) {
        if (StringUtils.isEmpty(part)) return false;
        return !part.equals("*");
    }

    private List findCpeUsingSearcher(IndexSearch search) {
        return super.index.findDocuments(search).stream()
                .map(e -> CommonEnumerationUtil.parseCpe(e.get("cpe23Uri")))
                .filter(Optional::isPresent)
                .map(Optional::get)
                .collect(Collectors.toList());
    }

    public List findCpeMetadataByCpeUri(String cpeUri) {
        return CommonEnumerationUtil.parseCpe(cpeUri)
                .map(this::findCpeMetadataByCpeUri)
                .orElseGet(ArrayList::new);
    }

    public List findCpeMetadataByCpeUri(Cpe cpeUri) {
        for (Function mapper : CPE_PART_MAPPINGS) {
            final List metadata = findCpeMetadataByCpeUri(cpeUri, mapper);
            if (!metadata.isEmpty()) {
                return metadata;
            }
        }
        return new ArrayList<>();
    }

    public List findCpeMetadataByCpeUri(Cpe cpeUri, Function partMapper) {
        final IndexSearch search = new IndexSearch();
        search.fieldEquals("part", cpeUri.getPart().getAbbreviation());
        addToSearchIfNotWildcard("vendor", partMapper.apply(cpeUri.getVendor()), search);
        addToSearchIfNotWildcard("product", partMapper.apply(cpeUri.getProduct()), search);
        addToSearchIfNotWildcard("version", partMapper.apply(cpeUri.getVersion()), search);
        addToSearchIfNotWildcard("update", partMapper.apply(cpeUri.getUpdate()), search);
        addToSearchIfNotWildcard("edition", partMapper.apply(cpeUri.getEdition()), search);
        addToSearchIfNotWildcard("language", partMapper.apply(cpeUri.getLanguage()), search);
        addToSearchIfNotWildcard("sw_edition", partMapper.apply(cpeUri.getSwEdition()), search);
        addToSearchIfNotWildcard("target_sw", partMapper.apply(cpeUri.getTargetSw()), search);
        addToSearchIfNotWildcard("target_hw", partMapper.apply(cpeUri.getTargetHw()), search);
        addToSearchIfNotWildcard("other", partMapper.apply(cpeUri.getOther()), search);
        return findCpeMetadataUsingSearcher(search);
    }

    private List findCpeMetadataUsingSearcher(IndexSearch search) {
        return super.index.findDocuments(search).stream()
                .map(NvdCpeMetadata::new)
                .collect(Collectors.toList());
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy