Use NIST NVD REST API as CVE database

That's a lot of acronyms. Also, this is related to #3
FluidTrust · Mar 6, 2022 · d3f610d · d3f610d
1 parent e551b69
commit d3f610d
Show file tree

Hide file tree

Showing 35 changed files with 5,867 additions and 168 deletions.
diff --git a/.../reverseengineering/staticcodeanalysis/iface/parts/interfaces/IVulnerabilityDatabase.java b/.../reverseengineering/staticcodeanalysis/iface/parts/interfaces/IVulnerabilityDatabase.java
@@ -1,7 +1,5 @@
 package org.palladiosimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis.iface.parts.interfaces;
 
-import java.net.URI;
-
 import org.palladiosimulator.pcm.confidentiality.attackerSpecification.attackSpecification.CVEVulnerability;
 import org.palladiosimulator.pcm.confidentiality.attackerSpecification.attackSpecification.CWEVulnerability;
 
@@ -10,19 +8,21 @@
  */
 public interface IVulnerabilityDatabase {
 
-	/**
-	 * Returns a CWEVulnerability for the given path
-	 * 
-	 * @param path to the vulnerability database entry
-	 * @return vulnerability
-	 */
-	public CWEVulnerability getCWEVulnerability(URI path);
+    /**
+     * Returns a CWEVulnerability for the given path
+     * 
+     * @param identifier
+     *            of the vulnerability database entry
+     * @return vulnerability
+     */
+    public CWEVulnerability getCWEVulnerability(String identifier);
 
-	/**
-	 * Returns a CVEVulnerability for the given path
-	 * 
-	 * @param path to the vulnerability database entry
-	 * @return vulnerability
-	 */
-	public CVEVulnerability getCVEVulnerability(URI path);
+    /**
+     * Returns a CVEVulnerability for the given identifier
+     * 
+     * @param identifier
+     *            of the vulnerability database entry
+     * @return vulnerability
+     */
+    public CVEVulnerability getCVEVulnerability(String identifier);
 }
diff --git a/...osimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis/META-INF/MANIFEST.MF b/...osimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis/META-INF/MANIFEST.MF
@@ -10,11 +10,15 @@ Require-Bundle: javax.inject,
  org.eclipse.e4.ui.di,
  org.eclipse.e4.ui.services,
  org.eclipse.e4.core.di.annotations,
- org.palladiosimulator.pcm;bundle-version="5.0.0",
+ org.palladiosimulator.pcm,
  org.palladiosimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis.iface,
  org.jsoup;bundle-version="1.8.3",
- org.palladiosimulator.pcm.confidentiality.attacker
+ org.palladiosimulator.pcm.confidentiality.attacker,
+ org.apache.log4j,
+ javax.ws.rs,
+ com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider,
+ com.fasterxml.jackson.core.jackson-annotations
 Bundle-RequiredExecutionEnvironment: JavaSE-11
 Automatic-Module-Name: org.palladiosimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis
-Import-Package: javax.annotation;version="1.2.0"
+Import-Package: javax.annotation
 Export-Package: org.palladiosimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis.parts
diff --git a/...lator/pcm/confidentiality/reverseengineering/staticcodeanalysis/nvd_rest_api/Affects.java b/...lator/pcm/confidentiality/reverseengineering/staticcodeanalysis/nvd_rest_api/Affects.java
@@ -0,0 +1,80 @@
+
+package org.palladiosimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis.nvd_rest_api;
+
+import javax.annotation.processing.Generated;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonPropertyOrder({ "vendor" })
+@Generated("jsonschema2pojo")
+public class Affects {
+
+    /**
+     * 
+     * (Required)
+     * 
+     */
+    @JsonProperty("vendor")
+    private Vendor vendor;
+
+    /**
+     * 
+     * (Required)
+     * 
+     */
+    @JsonProperty("vendor")
+    public Vendor getVendor() {
+        return vendor;
+    }
+
+    /**
+     * 
+     * (Required)
+     * 
+     */
+    @JsonProperty("vendor")
+    public void setVendor(Vendor vendor) {
+        this.vendor = vendor;
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder();
+        sb.append(Affects.class.getName())
+            .append('@')
+            .append(Integer.toHexString(System.identityHashCode(this)))
+            .append('[');
+        sb.append("vendor");
+        sb.append('=');
+        sb.append(((this.vendor == null) ? "<null>" : this.vendor));
+        sb.append(',');
+        if (sb.charAt((sb.length() - 1)) == ',') {
+            sb.setCharAt((sb.length() - 1), ']');
+        } else {
+            sb.append(']');
+        }
+        return sb.toString();
+    }
+
+    @Override
+    public int hashCode() {
+        int result = 1;
+        result = ((result * 31) + ((this.vendor == null) ? 0 : this.vendor.hashCode()));
+        return result;
+    }
+
+    @Override
+    public boolean equals(Object other) {
+        if (other == this) {
+            return true;
+        }
+        if ((other instanceof Affects) == false) {
+            return false;
+        }
+        Affects rhs = ((Affects) other);
+        return ((this.vendor == rhs.vendor) || ((this.vendor != null) && this.vendor.equals(rhs.vendor)));
+    }
+
+}