com.metaeffekt.mirror.contents.kev.KevData Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of ae-artifact-analysis Show documentation
The newest version!
package com.metaeffekt.mirror.contents.kev;

import com.metaeffekt.artifact.analysis.utils.StringUtils;
import com.metaeffekt.artifact.analysis.utils.TimeUtils;
import lombok.*;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.TextField;
import org.json.JSONObject;

import java.util.Date;
import java.util.Map;

@Getter
@Setter
@AllArgsConstructor(access = AccessLevel.PRIVATE)
@NoArgsConstructor(access = AccessLevel.PUBLIC)
@EqualsAndHashCode
public class KevData {
    private String vulnerability;
    private String vendor;
    private String product;
    private String summary;
    private String description;
    private String notes;
    private String recommendation;
    private Date publishDate;
    private Date exploitDate;
    private Date dueDate;
    private RansomwareState ransomwareState;

    public KevData(String vulnerability, RansomwareState state) {
        this.vulnerability = vulnerability;
        this.ransomwareState = state;
    }

    public Document toDocument() {
        final Document document = new Document();
        addFieldToDocument(document, "vulnerability", vulnerability);
        addFieldToDocument(document, "vendor", vendor);
        addFieldToDocument(document, "product", product);
        addFieldToDocument(document, "summary", summary);
        addFieldToDocument(document, "description", description);
        addFieldToDocument(document, "recommendation", recommendation);
        addFieldToDocument(document, "notes", notes);
        addFieldToDocument(document, "publishDate", publishDate == null ? null : Long.toString(publishDate.getTime()));
        addFieldToDocument(document, "exploitDate", exploitDate == null ? null : Long.toString(exploitDate.getTime()));
        addFieldToDocument(document, "dueDate", dueDate == null ? null : Long.toString(dueDate.getTime()));
        addFieldToDocument(document, "knownRansomwareCampaignUse", String.valueOf(ransomwareState));
        return document;
    }

    public static KevData fromDocument(Document document) {
        final KevData kevData = new KevData();
        kevData.setVulnerability(returnNullIfEmpty(document.get("vulnerability")));
        kevData.setVendor(returnNullIfEmpty(document.get("vendor")));
        kevData.setProduct(returnNullIfEmpty(document.get("product")));
        kevData.setSummary(returnNullIfEmpty(document.get("summary")));
        kevData.setDescription(returnNullIfEmpty(document.get("description")));
        kevData.setRecommendation(returnNullIfEmpty(document.get("recommendation")));
        kevData.setNotes(returnNullIfEmpty(document.get("notes")));
        kevData.setPublishDate(TimeUtils.tryParse(document.get("publishDate")));
        kevData.setExploitDate(TimeUtils.tryParse(document.get("exploitDate")));
        kevData.setDueDate(TimeUtils.tryParse(document.get("dueDate")));
        if (document.get("knownRansomwareCampaignUse") != null) {
            kevData.setRansomwareState(RansomwareState.valueOf(document.get("knownRansomwareCampaignUse")));
        }
        return kevData;
    }

    public JSONObject toJson() {
        final JSONObject jsonObject = new JSONObject();
        jsonObject.put("vulnerability", vulnerability);
        jsonObject.put("vendor", vendor);
        jsonObject.put("product", product);
        jsonObject.put("summary", summary);
        jsonObject.put("description", description);
        jsonObject.put("recommendation", recommendation);
        jsonObject.put("notes", notes);
        jsonObject.put("publishDate", publishDate == null ? null : publishDate.getTime());
        jsonObject.put("exploitDate", exploitDate == null ? null : exploitDate.getTime());
        jsonObject.put("dueDate", dueDate == null ? null : dueDate.getTime());
        jsonObject.put("knownRansomwareCampaignUse", ransomwareState);
        return jsonObject;
    }

    public static KevData fromJson(JSONObject json) {
        if (json == null) {
            return null;
        }
        return fromInputMap(json.toMap());
    }

    public static KevData fromInputMap(Map map) {
        final KevData kevData = new KevData();
        kevData.setVulnerability((String) map.get("vulnerability"));
        kevData.setVendor((String) map.get("vendor"));
        kevData.setProduct((String) map.get("product"));
        kevData.setSummary((String) map.get("summary"));
        kevData.setDescription((String) map.get("description"));
        kevData.setRecommendation((String) map.get("recommendation"));
        kevData.setNotes((String) map.get("notes"));
        kevData.setPublishDate(TimeUtils.tryParse(map.get("publishDate")));
        kevData.setExploitDate(TimeUtils.tryParse(map.get("exploitDate")));
        kevData.setDueDate(TimeUtils.tryParse(map.get("dueDate")));
        if (map.containsKey("knownRansomwareCampaignUse")) {
            final Object knownRansomwareCampaignUse = map.get("knownRansomwareCampaignUse");
            if (knownRansomwareCampaignUse instanceof Boolean) {
                kevData.setRansomwareState((Boolean) knownRansomwareCampaignUse ? RansomwareState.KNOWN : RansomwareState.UNKNOWN);
            } else if (knownRansomwareCampaignUse instanceof String) {
                kevData.setRansomwareState(RansomwareState.valueOf((String) knownRansomwareCampaignUse));
            } else if (knownRansomwareCampaignUse instanceof RansomwareState) {
                kevData.setRansomwareState((RansomwareState) knownRansomwareCampaignUse);
            } else {
                throw new IllegalArgumentException("Unknown type for knownRansomwareCampaignUse: " + knownRansomwareCampaignUse.getClass() + " on " + map);
            }
        }
        return kevData;
    }

    public static KevData fromCisaKev(JSONObject json) {
        final Map map = json.toMap();
        final KevData kevData = new KevData();
        kevData.setVulnerability((String) map.getOrDefault("cveID", null));
        kevData.setVendor((String) map.getOrDefault("vendorProject", null));
        kevData.setProduct((String) map.getOrDefault("product", null));
        kevData.setSummary((String) map.getOrDefault("vulnerabilityName", null));
        kevData.setRecommendation((String) map.getOrDefault("requiredAction", null));
        kevData.setNotes((String) map.getOrDefault("notes", null));
        kevData.setDescription((String) map.getOrDefault("shortDescription", null));
        // publication date is not used as exploitation date, since CISA does not always publish KEV entries upon known exploitation,
        // but also sometimes (often) retroactively adds 20-year-old vulnerabilities as exploited vulnerabilities.
        // https://www.linkedin.com/pulse/epss-gaps-cisa-kev-real-world-examples-stack-aware-url2e/
        kevData.setPublishDate(TimeUtils.tryParse((String) map.getOrDefault("dateAdded", null)));
        kevData.setDueDate(TimeUtils.tryParse((String) map.getOrDefault("dueDate", null)));

        String ransomwareKnown = (String) map.getOrDefault("knownRansomwareCampaignUse", null);
        if (ransomwareKnown != null) {
            switch (ransomwareKnown) {
                case "Known":
                    kevData.setRansomwareState(RansomwareState.KNOWN);
                    break;
                case "Unknown":
                default:
                    kevData.setRansomwareState(RansomwareState.UNKNOWN);
            }
        }
        return kevData;
    }

    private void addFieldToDocument(Document document, String fieldName, String fieldValue) {
        if (fieldValue != null && !fieldValue.equals("null")) {
            document.add(new TextField(fieldName, fieldValue, Field.Store.YES));
        }
    }

    private static String returnNullIfEmpty(String string) {
        return StringUtils.isEmpty(string) ? null : string;
    }

    public enum RansomwareState {
        UNKNOWN,
        KNOWN
    }
}