java.lang.Object
- org.owasp.dependencycheck.data.nvdcve.H2Functions

public final class H2Functions
extends java.lang.Object

Stored procedures for the H2 database.

Author:: Jeremy Long

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static void`	insertSoftware(java.sql.Connection conn, int vulnerabilityId, java.lang.String part, java.lang.String vendor, java.lang.String product, java.lang.String version, java.lang.String update, java.lang.String edition, java.lang.String language, java.lang.String swEdition, java.lang.String targetSw, java.lang.String targetHw, java.lang.String other, java.lang.String ecosystem, java.lang.String versionEndExcluding, java.lang.String versionEndIncluding, java.lang.String versionStartExcluding, java.lang.String versionStartIncluding, java.lang.Boolean vulnerable)	Adds a CPE to a vulnerability; if the CPE is not contained in the database it is first added.
`static void`	`mergeKnownExploited(java.sql.Connection conn, java.lang.String cveId, java.lang.String vendorProject, java.lang.String product, java.lang.String vulnerabilityName, java.lang.String dateAdded, java.lang.String shortDescription, java.lang.String requiredAction, java.lang.String dueDate, java.lang.String notes)`	Update or insert a known exploited vulnerability.
`static java.sql.ResultSet`	updateVulnerability(java.sql.Connection conn, java.lang.String cve, java.lang.String description, java.lang.String v2Severity, java.lang.Float v2ExploitabilityScore, java.lang.Float v2ImpactScore, java.lang.Boolean v2AcInsufInfo, java.lang.Boolean v2ObtainAllPrivilege, java.lang.Boolean v2ObtainUserPrivilege, java.lang.Boolean v2ObtainOtherPrivilege, java.lang.Boolean v2UserInteractionRequired, java.lang.Float v2Score, java.lang.String v2AccessVector, java.lang.String v2AccessComplexity, java.lang.String v2Authentication, java.lang.String v2ConfidentialityImpact, java.lang.String v2IntegrityImpact, java.lang.String v2AvailabilityImpact, java.lang.String v2Version, java.lang.Float v3ExploitabilityScore, java.lang.Float v3ImpactScore, java.lang.String v3AttackVector, java.lang.String v3AttackComplexity, java.lang.String v3PrivilegesRequired, java.lang.String v3UserInteraction, java.lang.String v3Scope, java.lang.String v3ConfidentialityImpact, java.lang.String v3IntegrityImpact, java.lang.String v3AvailabilityImpact, java.lang.Float v3BaseScore, java.lang.String v3BaseSeverity, java.lang.String v3Version, java.lang.String v4version, java.lang.String v4attackVector, java.lang.String v4attackComplexity, java.lang.String v4attackRequirements, java.lang.String v4privilegesRequired, java.lang.String v4userInteraction, java.lang.String v4vulnConfidentialityImpact, java.lang.String v4vulnIntegrityImpact, java.lang.String v4vulnAvailabilityImpact, java.lang.String v4subConfidentialityImpact, java.lang.String v4subIntegrityImpact, java.lang.String v4subAvailabilityImpact, java.lang.String v4exploitMaturity, java.lang.String v4confidentialityRequirement, java.lang.String v4integrityRequirement, java.lang.String v4availabilityRequirement, java.lang.String v4modifiedAttackVector, java.lang.String v4modifiedAttackComplexity, java.lang.String v4modifiedAttackRequirements, java.lang.String v4modifiedPrivilegesRequired, java.lang.String v4modifiedUserInteraction, java.lang.String v4modifiedVulnConfidentialityImpact, java.lang.String v4modifiedVulnIntegrityImpact, java.lang.String v4modifiedVulnAvailabilityImpact, java.lang.String v4modifiedSubConfidentialityImpact, java.lang.String v4modifiedSubIntegrityImpact, java.lang.String v4modifiedSubAvailabilityImpact, java.lang.String v4safety, java.lang.String v4automatable, java.lang.String v4recovery, java.lang.String v4valueDensity, java.lang.String v4vulnerabilityResponseEffort, java.lang.String v4providerUrgency, java.lang.Float v4baseScore, java.lang.String v4baseSeverity, java.lang.Float v4threatScore, java.lang.String v4threatSeverity, java.lang.Float v4environmentalScore, java.lang.String v4environmentalSeverity, java.lang.String v4source, java.lang.String v4type)	Updates or inserts the vulnerability into the database.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

insertSoftware

public static void insertSoftware(java.sql.Connection conn,
                                  int vulnerabilityId,
                                  java.lang.String part,
                                  java.lang.String vendor,
                                  java.lang.String product,
                                  java.lang.String version,
                                  java.lang.String update,
                                  java.lang.String edition,
                                  java.lang.String language,
                                  java.lang.String swEdition,
                                  java.lang.String targetSw,
                                  java.lang.String targetHw,
                                  java.lang.String other,
                                  java.lang.String ecosystem,
                                  java.lang.String versionEndExcluding,
                                  java.lang.String versionEndIncluding,
                                  java.lang.String versionStartExcluding,
                                  java.lang.String versionStartIncluding,
                                  java.lang.Boolean vulnerable)
                           throws java.sql.SQLException

Adds a CPE to a vulnerability; if the CPE is not contained in the database it is first added.

Parameters:: conn - the database connection; vulnerabilityId - the vulnerability id; part - the CPE part; vendor - the CPE vendor; product - the CPE product; version - the CPE version; update - the CPE update version; edition - the CPE edition; language - the CPE language; swEdition - the CPE software edition; targetSw - the CPE target software; targetHw - the CPE target hardware; other - the CPE other; ecosystem - the ecosystem; versionEndExcluding - a version range to identify the software; versionEndIncluding - a version range to identify the software; versionStartExcluding - a version range to identify the software; versionStartIncluding - a version range to identify the software; vulnerable - a flag indicating whether or not the software is vulnerable
Throws:: java.sql.SQLException - thrown if there is an error adding the CPE or software reference

updateVulnerability

public static java.sql.ResultSet updateVulnerability(java.sql.Connection conn,
                                                     java.lang.String cve,
                                                     java.lang.String description,
                                                     java.lang.String v2Severity,
                                                     java.lang.Float v2ExploitabilityScore,
                                                     java.lang.Float v2ImpactScore,
                                                     java.lang.Boolean v2AcInsufInfo,
                                                     java.lang.Boolean v2ObtainAllPrivilege,
                                                     java.lang.Boolean v2ObtainUserPrivilege,
                                                     java.lang.Boolean v2ObtainOtherPrivilege,
                                                     java.lang.Boolean v2UserInteractionRequired,
                                                     java.lang.Float v2Score,
                                                     java.lang.String v2AccessVector,
                                                     java.lang.String v2AccessComplexity,
                                                     java.lang.String v2Authentication,
                                                     java.lang.String v2ConfidentialityImpact,
                                                     java.lang.String v2IntegrityImpact,
                                                     java.lang.String v2AvailabilityImpact,
                                                     java.lang.String v2Version,
                                                     java.lang.Float v3ExploitabilityScore,
                                                     java.lang.Float v3ImpactScore,
                                                     java.lang.String v3AttackVector,
                                                     java.lang.String v3AttackComplexity,
                                                     java.lang.String v3PrivilegesRequired,
                                                     java.lang.String v3UserInteraction,
                                                     java.lang.String v3Scope,
                                                     java.lang.String v3ConfidentialityImpact,
                                                     java.lang.String v3IntegrityImpact,
                                                     java.lang.String v3AvailabilityImpact,
                                                     java.lang.Float v3BaseScore,
                                                     java.lang.String v3BaseSeverity,
                                                     java.lang.String v3Version,
                                                     java.lang.String v4version,
                                                     java.lang.String v4attackVector,
                                                     java.lang.String v4attackComplexity,
                                                     java.lang.String v4attackRequirements,
                                                     java.lang.String v4privilegesRequired,
                                                     java.lang.String v4userInteraction,
                                                     java.lang.String v4vulnConfidentialityImpact,
                                                     java.lang.String v4vulnIntegrityImpact,
                                                     java.lang.String v4vulnAvailabilityImpact,
                                                     java.lang.String v4subConfidentialityImpact,
                                                     java.lang.String v4subIntegrityImpact,
                                                     java.lang.String v4subAvailabilityImpact,
                                                     java.lang.String v4exploitMaturity,
                                                     java.lang.String v4confidentialityRequirement,
                                                     java.lang.String v4integrityRequirement,
                                                     java.lang.String v4availabilityRequirement,
                                                     java.lang.String v4modifiedAttackVector,
                                                     java.lang.String v4modifiedAttackComplexity,
                                                     java.lang.String v4modifiedAttackRequirements,
                                                     java.lang.String v4modifiedPrivilegesRequired,
                                                     java.lang.String v4modifiedUserInteraction,
                                                     java.lang.String v4modifiedVulnConfidentialityImpact,
                                                     java.lang.String v4modifiedVulnIntegrityImpact,
                                                     java.lang.String v4modifiedVulnAvailabilityImpact,
                                                     java.lang.String v4modifiedSubConfidentialityImpact,
                                                     java.lang.String v4modifiedSubIntegrityImpact,
                                                     java.lang.String v4modifiedSubAvailabilityImpact,
                                                     java.lang.String v4safety,
                                                     java.lang.String v4automatable,
                                                     java.lang.String v4recovery,
                                                     java.lang.String v4valueDensity,
                                                     java.lang.String v4vulnerabilityResponseEffort,
                                                     java.lang.String v4providerUrgency,
                                                     java.lang.Float v4baseScore,
                                                     java.lang.String v4baseSeverity,
                                                     java.lang.Float v4threatScore,
                                                     java.lang.String v4threatSeverity,
                                                     java.lang.Float v4environmentalScore,
                                                     java.lang.String v4environmentalSeverity,
                                                     java.lang.String v4source,
                                                     java.lang.String v4type)
                                              throws java.sql.SQLException

Updates or inserts the vulnerability into the database. If updating a vulnerability the method will delete all software, CWE, and references and new entries will be added later.

Parameters:: conn - the database connection; cve - the CVE identifier; description - the vulnerability description; v2Severity - the CVSS v2 severity; v2ExploitabilityScore - the CVSS v2 exploitability score; v2ImpactScore - the CVSS v2 impact score; v2AcInsufInfo - the CVSS v2 AcInsufInfo; v2ObtainAllPrivilege - the CVSS v2 obtain all privilege flag; v2ObtainUserPrivilege - the CVSS v2 obtain user privilege flag; v2ObtainOtherPrivilege - the CVSS v2 obtain other privilege flag; v2UserInteractionRequired - the CVSS v2 user interaction required flag; v2Score - the CVSS v2 score; v2AccessVector - the CVSS v2 access vector; v2AccessComplexity - the CVSS v2 access complexity; v2Authentication - the CVSS v2 authentication; v2ConfidentialityImpact - the CVSS v2 confidentiality impact; v2IntegrityImpact - the CVSS v2 integrity impact; v2AvailabilityImpact - the CVSS v2 availability impact; v2Version - the CVSS v2 version; v3ExploitabilityScore - the CVSS v3 exploitability score; v3ImpactScore - the CVSS v3 impact score; v3AttackVector - the CVSS v3 attack vector; v3AttackComplexity - the CVSS v3 attack complexity; v3PrivilegesRequired - the CVSS v3 privilege required flag; v3UserInteraction - the CVSS v3 user interaction required flag; v3Scope - the CVSS v3 scope; v3ConfidentialityImpact - the CVSS v3 confidentiality impact; v3IntegrityImpact - the CVSS v3 integrity impact; v3AvailabilityImpact - the CVSS v3 availability impact; v3BaseScore - the CVSS v3 base score; v3BaseSeverity - the CVSS v3 base severity; v3Version - the CVSS v3 version; v4version - CVSS v4 data; v4attackVector - CVSS v4 data; v4attackComplexity - CVSS v4 data; v4attackRequirements - CVSS v4 data; v4privilegesRequired - CVSS v4 data; v4userInteraction - CVSS v4 data; v4vulnConfidentialityImpact - CVSS v4 data; v4vulnIntegrityImpact - CVSS v4 data; v4vulnAvailabilityImpact - CVSS v4 data; v4subConfidentialityImpact - CVSS v4 data; v4subIntegrityImpact - CVSS v4 data; v4subAvailabilityImpact - CVSS v4 data; v4exploitMaturity - CVSS v4 data; v4confidentialityRequirement - CVSS v4 data; v4integrityRequirement - CVSS v4 data; v4availabilityRequirement - CVSS v4 data; v4modifiedAttackVector - CVSS v4 data; v4modifiedAttackComplexity - CVSS v4 data; v4modifiedAttackRequirements - CVSS v4 data; v4modifiedPrivilegesRequired - CVSS v4 data; v4modifiedUserInteraction - CVSS v4 data; v4modifiedVulnConfidentialityImpact - CVSS v4 data; v4modifiedVulnIntegrityImpact - CVSS v4 data; v4modifiedVulnAvailabilityImpact - CVSS v4 data; v4modifiedSubConfidentialityImpact - CVSS v4 data; v4modifiedSubIntegrityImpact - CVSS v4 data; v4modifiedSubAvailabilityImpact - CVSS v4 data; v4safety - CVSS v4 data; v4automatable - CVSS v4 data; v4recovery - CVSS v4 data; v4valueDensity - CVSS v4 data; v4vulnerabilityResponseEffort - CVSS v4 data; v4providerUrgency - CVSS v4 data; v4baseScore - CVSS v4 data; v4baseSeverity - CVSS v4 data; v4threatScore - CVSS v4 data; v4threatSeverity - CVSS v4 data; v4environmentalScore - CVSS v4 data; v4environmentalSeverity - CVSS v4 data; v4source - CVSS v4 data; v4type - CVSS v4 data
Returns:: a result set containing the vulnerability id
Throws:: java.sql.SQLException - thrown if there is an error updating or inserting the vulnerability

mergeKnownExploited

public static void mergeKnownExploited(java.sql.Connection conn,
                                       java.lang.String cveId,
                                       java.lang.String vendorProject,
                                       java.lang.String product,
                                       java.lang.String vulnerabilityName,
                                       java.lang.String dateAdded,
                                       java.lang.String shortDescription,
                                       java.lang.String requiredAction,
                                       java.lang.String dueDate,
                                       java.lang.String notes)
                                throws java.sql.SQLException

Update or insert a known exploited vulnerability.

Parameters:: conn - the connection; cveId - the id; vendorProject - the vendor/project; product - the product; vulnerabilityName - the vulnerability name; dateAdded - the date added; shortDescription - the short description; requiredAction - the action required; dueDate - the due date; notes - notes
Throws:: java.sql.SQLException - thrown if there is a database error merging the Known Exploited information to the database

Class H2Functions

Method Summary

Methods inherited from class java.lang.Object

Method Detail

insertSoftware

updateVulnerability

mergeKnownExploited