CveEcosystemMapper (Dependency-Check Core 12.2.1 API)

java.lang.Object

org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper

@NotThreadSafe public class CveEcosystemMapper extends Object

Utility for mapping CVEs to their ecosystems.

Follows a best effort approach:

scans through the description for known keywords or file extensions; alternatively
attempts looks at the reference-data URLs for known hosts or path / query strings.

This class is not thread safe and must be instantiated on a per-thread basis.

Author:: skjolber

Constructor Summary

Constructors

Constructor

Description

CveEcosystemMapper()
Method Summary

Modifier and Type

Method

Description

String

getEcosystem(io.github.jeremylong.openvulnerability.client.nvd.DefCveItem cve)

Analyzes the description and associated URLs to determine if the vulnerability/software is for a specific known ecosystem.

Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- CveEcosystemMapper
  
  public CveEcosystemMapper()
Method Details
- getEcosystem
  
  public String getEcosystem(io.github.jeremylong.openvulnerability.client.nvd.DefCveItem cve)
  
  Analyzes the description and associated URLs to determine if the vulnerability/software is for a specific known ecosystem. The ecosystem can be used later for filtering CPE matches.
  
  Parameters:
  
  cve - the item to be analyzed
  
  Returns:
  
  the ecosystem if one could be identified; otherwise null