@NotThreadSafe public class Vulnerability extends java.lang.Object implements java.io.Serializable, java.lang.Comparable<Vulnerability>
Modifier and Type | Class and Description |
---|---|
static class |
Vulnerability.Source
An enumeration for the source of vulnerability.
|
Constructor and Description |
---|
Vulnerability()
Default constructor.
|
Vulnerability(java.lang.String name)
Constructs a new Vulnerability by its name.
|
Modifier and Type | Method and Description |
---|---|
void |
addCwe(java.lang.String cwe)
Adds a CWE to the set.
|
void |
addReference(Reference ref)
Adds a reference to the references collection.
|
void |
addReference(java.lang.String referenceSource,
java.lang.String referenceName,
java.lang.String referenceUrl)
Adds a reference.
|
void |
addReferences(java.util.Set<Reference> references)
Adds the references to the collection.
|
void |
addVulnerableSoftware(java.util.Set<VulnerableSoftware> vulnerableSoftware)
Adds the vulnerableSoftware to the collection.
|
void |
addVulnerableSoftware(VulnerableSoftware software)
Adds an entry for vulnerable software.
|
int |
compareTo(@NotNull Vulnerability o)
Compares two vulnerabilities.
Natural order of vulnerabilities is defined as decreasing in severity and alphabetically by name for equal severity. |
boolean |
equals(java.lang.Object obj) |
io.github.jeremylong.openvulnerability.client.nvd.CvssV2 |
getCvssV2()
Get the CVSS V2 scoring information.
|
io.github.jeremylong.openvulnerability.client.nvd.CvssV3 |
getCvssV3()
Get the CVSS V3 scoring information.
|
CweSet |
getCwes()
Get the set of CWEs.
|
java.lang.String |
getDescription()
Get the value of description.
|
java.lang.String |
getHighestSeverityText()
The report text to use for highest severity when this issue is ranked
highest.
|
Vulnerability |
getKnownExploitedVulnerability()
Get the value of knownExploitedVulnerability.
|
VulnerableSoftware |
getMatchedVulnerableSoftware()
Get the value of matchedVulnerableSoftware.
|
java.lang.String |
getName()
Get the value of name.
|
java.lang.String |
getNotes()
Get the value of notes from suppression notes.
|
java.util.Set<Reference> |
getReferences()
Get the value of references.
|
java.util.List<Reference> |
getReferences(boolean sorted)
Returns the list of references.
|
Vulnerability.Source |
getSource()
Returns the source that identified the vulnerability.
|
java.lang.String |
getUnscoredSeverity()
Retrieves the severity a
Vulnerability.Source has assigned for which a CVSS
score is not available. |
java.util.Set<VulnerableSoftware> |
getVulnerableSoftware()
Get the value of vulnerableSoftware.
|
java.util.List<VulnerableSoftware> |
getVulnerableSoftware(boolean sorted)
Returns a sorted list of vulnerable software.
|
int |
hashCode() |
void |
setCvssV2(io.github.jeremylong.openvulnerability.client.nvd.CvssV2 cvssV2)
Sets the CVSS V2 scoring information.
|
void |
setCvssV3(io.github.jeremylong.openvulnerability.client.nvd.CvssV3 cvssV3)
Sets the CVSS V3 scoring information.
|
void |
setDescription(java.lang.String description)
Set the value of description.
|
void |
setKnownExploitedVulnerability(Vulnerability kev)
Adds information about known exploited vulnerabilities.
|
void |
setMatchedVulnerableSoftware(VulnerableSoftware software)
Sets the CPE that caused this vulnerability to be flagged.
|
void |
setName(java.lang.String name)
Set the value of name.
|
void |
setNotes(java.lang.String notes)
Set the value of notes.
|
void |
setSource(Vulnerability.Source source)
Sets the source that identified the vulnerability.
|
void |
setUnscoredSeverity(java.lang.String unscoredSeverity)
Sets the severity a
Vulnerability.Source has assigned for which a CVSS score is
not available. |
java.lang.String |
toString() |
public Vulnerability()
public Vulnerability(java.lang.String name)
name
- the name of the vulnerabilitypublic java.lang.String getName()
public void setName(java.lang.String name)
name
- new value of namepublic java.lang.String getDescription()
public void setDescription(java.lang.String description)
description
- new value of descriptionpublic java.util.Set<Reference> getReferences()
public java.util.List<Reference> getReferences(boolean sorted)
sorted
- whether the returned list should be sortedpublic void addReferences(java.util.Set<Reference> references)
references
- a collection of references to addpublic void addReference(Reference ref)
ref
- a reference for the vulnerabilitypublic void addReference(java.lang.String referenceSource, java.lang.String referenceName, java.lang.String referenceUrl)
referenceSource
- the source of the referencereferenceName
- the referenceName of the referencereferenceUrl
- the url of the referencepublic void setKnownExploitedVulnerability(Vulnerability kev)
kev
- the known exploited vulnerability informationpublic Vulnerability getKnownExploitedVulnerability()
public java.util.Set<VulnerableSoftware> getVulnerableSoftware()
public java.util.List<VulnerableSoftware> getVulnerableSoftware(boolean sorted)
sorted
- whether or not the list should be sortedpublic void addVulnerableSoftware(java.util.Set<VulnerableSoftware> vulnerableSoftware)
vulnerableSoftware
- a collection of vulnerable softwarepublic void addVulnerableSoftware(VulnerableSoftware software)
software
- the vulnerable software reference to addpublic io.github.jeremylong.openvulnerability.client.nvd.CvssV2 getCvssV2()
public void setCvssV2(io.github.jeremylong.openvulnerability.client.nvd.CvssV2 cvssV2)
cvssV2
- the CVSS V2 scoring informationpublic io.github.jeremylong.openvulnerability.client.nvd.CvssV3 getCvssV3()
public void setCvssV3(io.github.jeremylong.openvulnerability.client.nvd.CvssV3 cvssV3)
cvssV3
- the CVSS V3 scoring informationpublic CweSet getCwes()
public void addCwe(java.lang.String cwe)
cwe
- new CWE to addpublic java.lang.String getUnscoredSeverity()
Vulnerability.Source
has assigned for which a CVSS
score is not available. Severity could be anything ranging from
'critical', 'high', 'medium', and 'low', to non-traditional labels like
'major', 'minor', and 'important'.public void setUnscoredSeverity(java.lang.String unscoredSeverity)
Vulnerability.Source
has assigned for which a CVSS score is
not available. Severity could be anything ranging from 'critical',
'high', 'medium', and 'low', to non-traditional labels like 'major',
'minor', and 'important'.unscoredSeverity
- the un-scored severitypublic java.lang.String getNotes()
public void setNotes(java.lang.String notes)
notes
- new value of notespublic boolean equals(java.lang.Object obj)
equals
in class java.lang.Object
public int hashCode()
hashCode
in class java.lang.Object
public java.lang.String toString()
toString
in class java.lang.Object
public int compareTo(@NotNull @NotNull Vulnerability o)
best-effort ordering
for
severity as the variety of sources do not guarantee a consistent
availability of standardized severity scores. The bestEffort severity
level estimation will use CVSSv3 baseScore for comparison when available
on both sides. If any of the vulnerabilities does not have a CVSSv3 score
the sort order may be off, but it will be consistent.
<CVSSv3 critical> >> <Unscored recognized critical> >>
<Unscored unrecognized (assumed Critical)> >> <Score-based comparison for high-or-lower scoring severities with
recognized unscored severities taking the lower bound of the comparable CVSSv3 range>
compareTo
in interface java.lang.Comparable<Vulnerability>
o
- a vulnerability to be comparedbestEffortSeverityLevelForSorting()
public java.lang.String getHighestSeverityText()
public void setMatchedVulnerableSoftware(VulnerableSoftware software)
software
- a Vulnerable Software identifierpublic VulnerableSoftware getMatchedVulnerableSoftware()
public Vulnerability.Source getSource()
public void setSource(Vulnerability.Source source)
source
- the sourceCopyright© 2012-21 Jeremy Long. All Rights Reserved.