@ThreadSafe
public class VulnerableSoftware
extends us.springett.parsers.cpe.Cpe
implements java.io.Serializable
Constructor and Description |
---|
VulnerableSoftware(us.springett.parsers.cpe.values.Part part,
java.lang.String vendor,
java.lang.String product,
java.lang.String version,
java.lang.String update,
java.lang.String edition,
java.lang.String language,
java.lang.String swEdition,
java.lang.String targetSw,
java.lang.String targetHw,
java.lang.String other,
java.lang.String versionEndExcluding,
java.lang.String versionEndIncluding,
java.lang.String versionStartExcluding,
java.lang.String versionStartIncluding,
boolean vulnerable)
Constructs a new immutable VulnerableSoftware object that represents the
Well Form Named defined in the CPE 2.3 specification.
|
Modifier and Type | Method and Description |
---|---|
int |
compareTo(@NotNull java.lang.Object o) |
protected static boolean |
compareUpdateAttributes(java.lang.String left,
java.lang.String right)
Performs the same operation as Cpe.compareAttributes() - except
additional rules are applied to match a1 to alpha1 and the comparison of
update attributes will also return true if the only difference between
the strings is an underscore or hyphen.
|
protected boolean |
compareVersionRange(java.lang.String targetVersion)
Evaluates the target against the version and version range checks:
versionEndExcluding, versionStartExcluding versionEndIncluding, and
versionStartIncluding.
|
protected static boolean |
compareVersions(VulnerableSoftware vs,
java.lang.String targetVersion)
Evaluates the target against the version and version range checks:
versionEndExcluding, versionStartExcluding versionEndIncluding, and
versionStartIncluding.
|
boolean |
equals(java.lang.Object obj) |
java.lang.String |
getVersionEndExcluding()
Returns the versionEndExcluding.
|
java.lang.String |
getVersionEndIncluding()
Returns the versionEndIncluding.
|
java.lang.String |
getVersionStartExcluding()
Returns the versionStartExcluding.
|
java.lang.String |
getVersionStartIncluding()
Returns the versionStartIncluding.
|
int |
hashCode() |
boolean |
isVulnerable()
Returns the value of vulnerable.
|
boolean |
matchedBy(us.springett.parsers.cpe.ICpe target)
Determines if the target VulnerableSoftware matches the
VulnerableSoftware.
|
boolean |
matches(us.springett.parsers.cpe.ICpe target)
Determines if the VulnerableSoftware matches the given target
VulnerableSoftware.
|
static boolean |
testMatch(us.springett.parsers.cpe.ICpe left,
us.springett.parsers.cpe.ICpe right)
Tests if the left matches the right.
|
java.lang.String |
toString() |
compareAttributes, compareAttributes, compareVersions, getEdition, getLanguage, getOther, getPart, getProduct, getSwEdition, getTargetHw, getTargetSw, getUpdate, getVendor, getVersion, getWellFormedEdition, getWellFormedLanguage, getWellFormedOther, getWellFormedProduct, getWellFormedSwEdition, getWellFormedTargetHw, getWellFormedTargetSw, getWellFormedUpdate, getWellFormedVendor, getWellFormedVersion, toCpe22Uri, toCpe23FS
public VulnerableSoftware(us.springett.parsers.cpe.values.Part part, java.lang.String vendor, java.lang.String product, java.lang.String version, java.lang.String update, java.lang.String edition, java.lang.String language, java.lang.String swEdition, java.lang.String targetSw, java.lang.String targetHw, java.lang.String other, java.lang.String versionEndExcluding, java.lang.String versionEndIncluding, java.lang.String versionStartExcluding, java.lang.String versionStartIncluding, boolean vulnerable) throws us.springett.parsers.cpe.exceptions.CpeValidationException
null
will be set to the default
LogicalValue.ANY
. All values
passed in must be well formed (i.e. special characters quoted with a
backslash).part
- the type of entry: application, operating system, or hardwarevendor
- the vendor of the CPE entryproduct
- the product of the CPE entryversion
- the version of the CPE entryupdate
- the update of the CPE entryedition
- the edition of the CPE entrylanguage
- the language of the CPE entryswEdition
- the swEdition of the CPE entrytargetSw
- the targetSw of the CPE entrytargetHw
- the targetHw of the CPE entryother
- the other of the CPE entryversionEndExcluding
- the ending range, excluding the specified
version, for matching vulnerable softwareversionEndIncluding
- the ending range, including the specified
version, for matching vulnerable softwareversionStartExcluding
- the starting range, excluding the specified
version, for matching vulnerable softwareversionStartIncluding
- the starting range, including the specified
version, for matching vulnerable softwarevulnerable
- whether or not this represents a vulnerable software
itemus.springett.parsers.cpe.exceptions.CpeValidationException
- thrown if one of the CPE entries is
invalidpublic int compareTo(@NotNull @NotNull java.lang.Object o)
compareTo
in interface java.lang.Comparable
compareTo
in class us.springett.parsers.cpe.Cpe
public int hashCode()
hashCode
in class us.springett.parsers.cpe.Cpe
public boolean equals(java.lang.Object obj)
equals
in class us.springett.parsers.cpe.Cpe
public boolean matches(us.springett.parsers.cpe.ICpe target)
Determines if the VulnerableSoftware matches the given target VulnerableSoftware. This does not follow the CPE 2.3 Specification exactly as there are cases where undefined comparisons will result in either true or false. For instance, 'ANY' will match 'm+wild cards' and NA will return false when the target has 'm+wild cards'.
For vulnerable software matching, the implementation also takes into account version ranges as specified within the NVD data feeds.
matches
in interface us.springett.parsers.cpe.ICpe
matches
in class us.springett.parsers.cpe.Cpe
target
- the target CPE to evaluatetrue
if the CPE matches the target; otherwise
false
protected static boolean compareUpdateAttributes(java.lang.String left, java.lang.String right)
left
- the left value to compareright
- the right value to comparetrue
if there is a match; otherwise
false
public static boolean testMatch(us.springett.parsers.cpe.ICpe left, us.springett.parsers.cpe.ICpe right)
left
- the cpe to compareright
- the cpe to checktrue
if a match is found; otherwise
false
public boolean matchedBy(us.springett.parsers.cpe.ICpe target)
Determines if the target VulnerableSoftware matches the VulnerableSoftware. This does not follow the CPE 2.3 Specification exactly as there are cases where undefined comparisons will result in either true or false. For instance, 'ANY' will match 'm+wild cards' and NA will return false when the target has 'm+wild cards'.
For vulnerable software matching, the implementation also takes into account version ranges as specified within the NVD data feeds.
matchedBy
in interface us.springett.parsers.cpe.ICpe
matchedBy
in class us.springett.parsers.cpe.Cpe
target
- the VulnerableSoftware to evaluatetrue
if the target CPE matches CPE; otherwise
false
protected boolean compareVersionRange(java.lang.String targetVersion)
targetVersion
- the version to comparetrue
if the target version is matched; otherwise
false
protected static boolean compareVersions(VulnerableSoftware vs, java.lang.String targetVersion)
vs
- a reference to the vulnerable software to comparetargetVersion
- the version to comparetrue
if the target version is matched; otherwise
false
public java.lang.String getVersionEndExcluding()
public java.lang.String getVersionEndIncluding()
public java.lang.String getVersionStartExcluding()
public java.lang.String getVersionStartIncluding()
public boolean isVulnerable()
public java.lang.String toString()
toString
in class us.springett.parsers.cpe.Cpe
Copyright© 2012-21 Jeremy Long. All Rights Reserved.