View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.data.update.nvd.api;
19  
20  import com.fasterxml.jackson.core.JsonParser;
21  import com.fasterxml.jackson.core.JsonToken;
22  import com.fasterxml.jackson.databind.ObjectMapper;
23  import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
24  import io.github.jeremylong.openvulnerability.client.nvd.DefCveItem;
25  import org.apache.commons.io.IOUtils;
26  
27  import java.io.IOException;
28  import java.io.InputStream;
29  
30  public class CveApiJson20CveItemSource implements CveItemSource<DefCveItem> {
31  
32      private final ObjectMapper mapper;
33      private final InputStream inputStream;
34      private final JsonParser jsonParser;
35      private DefCveItem currentItem;
36      private DefCveItem nextItem;
37  
38      public CveApiJson20CveItemSource(InputStream inputStream) throws IOException {
39          mapper = new ObjectMapper();
40          mapper.registerModule(new JavaTimeModule());
41          this.inputStream = inputStream;
42          jsonParser = mapper.getFactory().createParser(inputStream);
43  
44          JsonToken token = null;
45          do {
46              token = jsonParser.nextToken();
47              if (token == JsonToken.FIELD_NAME) {
48                  String fieldName = jsonParser.getCurrentName();
49                  if (fieldName.equals("vulnerabilities") && (jsonParser.nextToken() == JsonToken.START_ARRAY)) {
50                      nextItem = readItem(jsonParser);
51                  }
52              }
53          } while (token != null && nextItem == null);
54      }
55  
56      @Override
57      public void close() throws Exception {
58          IOUtils.closeQuietly(jsonParser, inputStream);
59      }
60  
61      @Override
62      public boolean hasNext() {
63          return nextItem != null;
64      }
65  
66      @Override
67      public DefCveItem next() throws IOException {
68          currentItem = nextItem;
69          nextItem = readItem(jsonParser);
70          return currentItem;
71      }
72  
73      private DefCveItem readItem(JsonParser jsonParser) throws IOException {
74          if (jsonParser.nextToken() == JsonToken.START_OBJECT) {
75              return mapper.readValue(jsonParser, DefCveItem.class);
76          }
77          return null;
78      }
79  }