/*
* Copyright (c) Bosch Software Innovations GmbH 2016.
* Part of the SW360 Portal Project.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*/
package org.eclipse.sw360.cvesearch.entitytranslation;
import org.eclipse.sw360.cvesearch.datasource.CveSearchData;
import org.eclipse.sw360.datahandler.thrift.vulnerabilities.CVEReference;
import org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability;
import java.util.HashSet;
import java.util.Set;
public class CveSearchDataToVulnerabilityTranslator implements EntityTranslator<CveSearchData,Vulnerability> {
protected Set<CVEReference> getCVEReferencesForCVE(String cve) {
Set<CVEReference> cveReferences = new HashSet<>();
String[] cveParts = cve.split("-");
if(cveParts.length < 3){
return null;
}
cveReferences.add(new CVEReference()
.setYear(cveParts[1])
.setNumber(cveParts[2]));
return cveReferences;
}
protected Set<CVEReference> getCVEReferencesForCveSearchdata(CveSearchData cveSearchData) {
return getCVEReferencesForCVE(cveSearchData.getId());
}
@Override
public Vulnerability apply(CveSearchData cveSearchData) {
Vulnerability vulnerability = new Vulnerability()
.setTitle(cveSearchData.getId())
.setCveReferences(getCVEReferencesForCveSearchdata(cveSearchData))
.setDescription(cveSearchData.getSummary())
.setPublishDate(cveSearchData.getPublished())
.setLastExternalUpdate(cveSearchData.getModified())
.setReferences(cveSearchData.getReferences())
.setExternalId(cveSearchData.getId())
.setImpact(cveSearchData.getImpact())
.setAccess(cveSearchData.getAccess())
.setVulnerableConfiguration(cveSearchData.getVulnerable_configuration())
.setCwe(cveSearchData.getCwe())
.setCveFurtherMetaDataPerSource(cveSearchData.getMap_cve_all());
if(cveSearchData.getCvss() != null){
vulnerability.setIsSetCvss(true);
vulnerability.setCvss(cveSearchData.getCvss());
vulnerability.setCvssTime(cveSearchData.getCvss_time());
}
return vulnerability;
}
}