• Home
• com.metaeffekt.artifact.analysis
• ae-artifact-analysis
• 0.132.0
• source code
• CpeDictionaryIndexQuery.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.metaeffekt.mirror.query.CpeDictionaryIndexQuery Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.mirror.query;

import com.metaeffekt.artifact.analysis.utils.StringUtils;
import com.metaeffekt.artifact.analysis.vulnerability.CommonEnumerationUtil;
import com.metaeffekt.mirror.index.IndexSearch;
import com.metaeffekt.mirror.index.nvd.CpeDictionaryIndex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.Cpe;

import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;

@Deprecated
public class CpeDictionaryIndexQuery extends IndexQuery {

    private final static Logger LOG = LoggerFactory.getLogger(CpeDictionaryIndexQuery.class);

    public CpeDictionaryIndexQuery(File baseMirrorDirectory) {
        super(baseMirrorDirectory, CpeDictionaryIndex.class);
    }

    public CpeDictionaryIndexQuery(CpeDictionaryIndex index) {
        super(index);
    }

    public List findCpeByVendorProductVersion(String vendor, String product, String version) {
        return findCpeUsingSearcher(new IndexSearch()
                .fieldEquals("vendor", vendor)
                .fieldEquals("product", product)
                .fieldEquals("version", version))
                .stream().sorted().collect(Collectors.toList());
    }

    public List findCpeByVendorProduct(String vendor, String product) {
        return findCpeUsingSearcher(new IndexSearch()
                .fieldEquals("vendor", vendor)
                .fieldEquals("product", product))
                .stream().sorted().collect(Collectors.toList());
    }

    public List findCpeByProduct(String product) {
        return findCpeUsingSearcher(new IndexSearch().fieldEquals("product", product));
    }

    public List findCpeByVendor(String vendor) {
        return findCpeUsingSearcher(new IndexSearch().fieldEquals("vendor", vendor));
    }

    public List findByCpeUri(String cpeUri) {
        return CommonEnumerationUtil.parseCpe(cpeUri)
                .map(this::findByCpeUri)
                .orElseGet(ArrayList::new);
    }

    private final static List> CPE_PART_MAPPINGS = Arrays.asList(
            s -> s,
            s -> s.replace("\\_", "_"),
            s -> s.replace("\\.", "."),
            s -> s.replace("\\-", "-"),
            s -> s.replace("\\/", "/")
    );

    public List findByCpeUri(Cpe cpeUri) {
        for (Function mapper : CPE_PART_MAPPINGS) {
            final List cpeList = findByCpeUri(cpeUri, mapper);
            if (!cpeList.isEmpty()) {
                return cpeList;
            }
        }
        return new ArrayList<>();
    }

    public List findByCpeUri(Cpe cpeUri, Function partMapper) {
        final IndexSearch search = new IndexSearch();
        search.fieldEquals("part", cpeUri.getPart().getAbbreviation());
        if (isNotWildcardPart(cpeUri.getVendor())) search.fieldEquals("vendor", partMapper.apply(cpeUri.getVendor()));
        if (isNotWildcardPart(cpeUri.getProduct())) search.fieldEquals("product", partMapper.apply(cpeUri.getProduct()));
        if (isNotWildcardPart(cpeUri.getVersion())) search.fieldEquals("version", partMapper.apply(cpeUri.getVersion()));
        if (isNotWildcardPart(cpeUri.getUpdate())) search.fieldEquals("update", partMapper.apply(cpeUri.getUpdate()));
        if (isNotWildcardPart(cpeUri.getEdition())) search.fieldEquals("edition", partMapper.apply(cpeUri.getEdition()));
        if (isNotWildcardPart(cpeUri.getLanguage())) search.fieldEquals("language", partMapper.apply(cpeUri.getLanguage()));
        if (isNotWildcardPart(cpeUri.getSwEdition())) search.fieldEquals("sw_edition", partMapper.apply(cpeUri.getSwEdition()));
        if (isNotWildcardPart(cpeUri.getTargetSw())) search.fieldEquals("target_sw", partMapper.apply(cpeUri.getTargetSw()));
        if (isNotWildcardPart(cpeUri.getTargetHw())) search.fieldEquals("target_hw", partMapper.apply(cpeUri.getTargetHw()));
        if (isNotWildcardPart(cpeUri.getOther())) search.fieldEquals("other", partMapper.apply(cpeUri.getOther()));
        return findCpeUsingSearcher(search);
    }

    /**
     * A wildcard part is: [, *]
     * @param part the part to check
     * @return true if the part is not a wildcard part
     */
    private static boolean isNotWildcardPart(String part) {
        if (StringUtils.isEmpty(part)) return false;
        return !part.equals("*");
    }

    private List findCpeUsingSearcher(IndexSearch search) {
        return super.index.findDocuments(search).stream()
                .map(e -> CommonEnumerationUtil.parseCpe(e.get("cpe23Uri")))
                .filter(Optional::isPresent)
                .map(Optional::get)
                .collect(Collectors.toList());
    }
}