CveSearchDataToVulnerabilityTranslator.java

/*
 * Copyright (c) Bosch Software Innovations GmbH 2016.
 * Part of the SW360 Portal Project.
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 */
package org.eclipse.sw360.cvesearch.entitytranslation;

import org.eclipse.sw360.cvesearch.datasource.CveSearchData;
import org.eclipse.sw360.datahandler.thrift.vulnerabilities.CVEReference;
import org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability;

import java.util.HashSet;
import java.util.Set;


public class CveSearchDataToVulnerabilityTranslator implements EntityTranslator<CveSearchData,Vulnerability> {

    protected Set<CVEReference> getCVEReferencesForCVE(String cve) {
        Set<CVEReference> cveReferences = new HashSet<>();
        String[] cveParts = cve.split("-");
        if(cveParts.length < 3){
            return null;
        }
        cveReferences.add(new CVEReference()
                .setYear(cveParts[1])
                .setNumber(cveParts[2]));
        return cveReferences;
    }

    protected Set<CVEReference> getCVEReferencesForCveSearchdata(CveSearchData cveSearchData) {
        return getCVEReferencesForCVE(cveSearchData.getId());
    }

    @Override
    public Vulnerability apply(CveSearchData cveSearchData) {

        Vulnerability vulnerability = new Vulnerability()
                .setTitle(cveSearchData.getId())
                .setCveReferences(getCVEReferencesForCveSearchdata(cveSearchData))
                .setDescription(cveSearchData.getSummary())
                .setPublishDate(cveSearchData.getPublished())
                .setLastExternalUpdate(cveSearchData.getModified())
                .setReferences(cveSearchData.getReferences())
                .setExternalId(cveSearchData.getId())
                .setImpact(cveSearchData.getImpact())
                .setAccess(cveSearchData.getAccess())
                .setVulnerableConfiguration(cveSearchData.getVulnerable_configuration())
                .setCwe(cveSearchData.getCwe())
                .setCveFurtherMetaDataPerSource(cveSearchData.getMap_cve_all());

        if(cveSearchData.getCvss() != null){
            vulnerability.setIsSetCvss(true);
            vulnerability.setCvss(cveSearchData.getCvss());
            vulnerability.setCvssTime(cveSearchData.getCvss_time());
        }
        return vulnerability;
    }
}