View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2020 The OWASP Foundation. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.data.nvd.ecosystem;
19  
20  import java.util.Objects;
21  import java.util.Optional;
22  import java.util.TreeMap;
23  
24  import javax.annotation.concurrent.NotThreadSafe;
25  
26  import io.github.jeremylong.openvulnerability.client.nvd.DefCveItem;
27  import io.github.jeremylong.openvulnerability.client.nvd.Reference;
28  
29  import com.hankcs.algorithm.AhoCorasickDoubleArrayTrie;
30  import com.hankcs.algorithm.AhoCorasickDoubleArrayTrie.Hit;
31  import io.github.jeremylong.openvulnerability.client.nvd.CveItem;
32  import java.util.List;
33  
34  @NotThreadSafe
35  public class UrlEcosystemMapper {
36  
37      /**
38       * The ecosystem map.
39       */
40      private static final TreeMap<String, String> ECOSYSTEM_MAP;
41  
42      /**
43       * TThe search array.
44       */
45      private final AhoCorasickDoubleArrayTrie<String> search;
46  
47      static {
48          ECOSYSTEM_MAP = new TreeMap<>();
49          for (UrlHostHint urlHostHint : UrlHostHint.values()) {
50              ECOSYSTEM_MAP.put(urlHostHint.getValue(), urlHostHint.getEcosystem());
51          }
52          for (UrlPathHint urlPathHint : UrlPathHint.values()) {
53              ECOSYSTEM_MAP.put(urlPathHint.getValue(), urlPathHint.getEcosystem());
54          }
55      }
56  
57      /**
58       * Constructs a new URL ecosystem mapper.
59       */
60      public UrlEcosystemMapper() {
61          search = new AhoCorasickDoubleArrayTrie<>();
62          search.build(ECOSYSTEM_MAP);
63      }
64  
65      /**
66       * Determines the ecosystem for the given CVE.
67       *
68       * @param cve the CVE data
69       * @return the ecosystem
70       */
71      public String getEcosystem(DefCveItem cve) {
72          final List<Reference> references = Optional.ofNullable(cve)
73                  .map(DefCveItem::getCve)
74                  .map(CveItem::getReferences)
75                  .orElse(null);
76  
77          if (Objects.nonNull(references)) {
78              for (Reference r : references) {
79                  final Hit<String> ecosystem = search.findFirst(r.getUrl());
80                  if (ecosystem != null) {
81                      return ecosystem.value;
82                  }
83              }
84          }
85          return null;
86      }
87  }