UrlEcosystemMapper.java

  1. /*
  2.  * This file is part of dependency-check-core.
  3.  *
  4.  * Licensed under the Apache License, Version 2.0 (the "License");
  5.  * you may not use this file except in compliance with the License.
  6.  * You may obtain a copy of the License at
  7.  *
  8.  *     http://www.apache.org/licenses/LICENSE-2.0
  9.  *
  10.  * Unless required by applicable law or agreed to in writing, software
  11.  * distributed under the License is distributed on an "AS IS" BASIS,
  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13.  * See the License for the specific language governing permissions and
  14.  * limitations under the License.
  15.  *
  16.  * Copyright (c) 2020 The OWASP Foundation. All Rights Reserved.
  17.  */
  18. package org.owasp.dependencycheck.data.nvd.ecosystem;

  20. import java.util.Objects;
  21. import java.util.Optional;
  22. import java.util.TreeMap;

  24. import javax.annotation.concurrent.NotThreadSafe;

  26. import io.github.jeremylong.openvulnerability.client.nvd.DefCveItem;
  27. import io.github.jeremylong.openvulnerability.client.nvd.Reference;

  29. import com.hankcs.algorithm.AhoCorasickDoubleArrayTrie;
  30. import com.hankcs.algorithm.AhoCorasickDoubleArrayTrie.Hit;
  31. import io.github.jeremylong.openvulnerability.client.nvd.CveItem;
  32. import java.util.List;

  34. @NotThreadSafe
  35. public class UrlEcosystemMapper {

  37.     /**
  38.      * The ecosystem map.
  39.      */
  40.     private static final TreeMap<String, String> ECOSYSTEM_MAP;

  42.     /**
  43.      * TThe search array.
  44.      */
  45.     private final AhoCorasickDoubleArrayTrie<String> search;

  47.     static {
  48.         ECOSYSTEM_MAP = new TreeMap<>();
  49.         for (UrlHostHint urlHostHint : UrlHostHint.values()) {
  50.             ECOSYSTEM_MAP.put(urlHostHint.getValue(), urlHostHint.getEcosystem());
  51.         }
  52.         for (UrlPathHint urlPathHint : UrlPathHint.values()) {
  53.             ECOSYSTEM_MAP.put(urlPathHint.getValue(), urlPathHint.getEcosystem());
  54.         }
  55.     }

  57.     /**
  58.      * Constructs a new URL ecosystem mapper.
  59.      */
  60.     public UrlEcosystemMapper() {
  61.         search = new AhoCorasickDoubleArrayTrie<>();
  62.         search.build(ECOSYSTEM_MAP);
  63.     }

  65.     /**
  66.      * Determines the ecosystem for the given CVE.
  67.      *
  68.      * @param cve the CVE data
  69.      * @return the ecosystem
  70.      */
  71.     public String getEcosystem(DefCveItem cve) {
  72.         final List<Reference> references = Optional.ofNullable(cve)
  73.                 .map(DefCveItem::getCve)
  74.                 .map(CveItem::getReferences)
  75.                 .orElse(null);

  77.         if (Objects.nonNull(references)) {
  78.             for (Reference r : references) {
  79.                 final Hit<String> ecosystem = search.findFirst(r.getUrl());
  80.                 if (ecosystem != null) {
  81.                     return ecosystem.value;
  82.                 }
  83.             }
  84.         }
  85.         return null;
  86.     }
  87. }
Created with JaCoCo 0.8.12.202403310830