1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.owasp.dependencycheck.data.update.nvd.api;
19
20 import com.fasterxml.jackson.core.JsonParser;
21 import com.fasterxml.jackson.core.JsonToken;
22 import com.fasterxml.jackson.databind.ObjectMapper;
23 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
24 import io.github.jeremylong.openvulnerability.client.nvd.DefCveItem;
25 import org.apache.commons.io.IOUtils;
26
27 import java.io.IOException;
28 import java.io.InputStream;
29
30 public class CveApiJson20CveItemSource implements CveItemSource<DefCveItem> {
31
32 private final ObjectMapper mapper;
33 private final InputStream inputStream;
34 private final JsonParser jsonParser;
35 private DefCveItem currentItem;
36 private DefCveItem nextItem;
37
38 public CveApiJson20CveItemSource(InputStream inputStream) throws IOException {
39 mapper = new ObjectMapper();
40 mapper.registerModule(new JavaTimeModule());
41 this.inputStream = inputStream;
42 jsonParser = mapper.getFactory().createParser(inputStream);
43
44 JsonToken token = null;
45 do {
46 token = jsonParser.nextToken();
47 if (token == JsonToken.FIELD_NAME) {
48 String fieldName = jsonParser.getCurrentName();
49 if (fieldName.equals("vulnerabilities") && (jsonParser.nextToken() == JsonToken.START_ARRAY)) {
50 nextItem = readItem(jsonParser);
51 }
52 }
53 } while (token != null && nextItem == null);
54 }
55
56 @Override
57 public void close() throws Exception {
58 IOUtils.closeQuietly(jsonParser, inputStream);
59 }
60
61 @Override
62 public boolean hasNext() {
63 return nextItem != null;
64 }
65
66 @Override
67 public DefCveItem next() throws IOException {
68 currentItem = nextItem;
69 nextItem = readItem(jsonParser);
70 return currentItem;
71 }
72
73 private DefCveItem readItem(JsonParser jsonParser) throws IOException {
74 if (jsonParser.nextToken() == JsonToken.START_OBJECT) {
75 return mapper.readValue(jsonParser, DefCveItem.class);
76 }
77 return null;
78 }
79 }