Class CveItemOperator

java.lang.Object

org.owasp.dependencycheck.data.nvdcve.CveItemOperator

public class CveItemOperator
extends Object

Utility for processing DefCveItem in order to extract key values like textual description and ecosystem type.

Author:

skjolber

Constructor Summary

Constructors

Constructor	Description
CveItemOperator(String cpeStartsWithFilter)	Constructs a new CVE Item Operator utility.

Method Summary

Modifier and Type	Method	Description
String	extractDescription(io.github.jeremylong.openvulnerability.client.nvd.DefCveItem cve)	Extracts the english description from the CVE object.
String	extractEcosystem(String baseEcosystem, VulnerableSoftware parsedCpe)	Attempts to determine the ecosystem based on the vendor, product and targetSw.
boolean	isRejected(String description)	Determines if the CVE entry is rejected.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CveItemOperator

public CveItemOperator(String cpeStartsWithFilter)

Constructs a new CVE Item Operator utility.

Parameters:

cpeStartsWithFilter - the filter to use for CPE entries

Method Details

extractDescription

public String extractDescription(io.github.jeremylong.openvulnerability.client.nvd.DefCveItem cve)

Extracts the english description from the CVE object.

Parameters:

cve - the CVE data

Returns:

the English descriptions from the CVE object

extractEcosystem

public String extractEcosystem(String baseEcosystem,
 VulnerableSoftware parsedCpe)

Attempts to determine the ecosystem based on the vendor, product and targetSw.

Parameters:

baseEcosystem - the base ecosystem

parsedCpe - the CPE identifier

Returns:

the ecosystem if one is identified

isRejected

public boolean isRejected(String description)

Determines if the CVE entry is rejected.

Parameters:

description - the CVE description

Returns:

true if the CVE was rejected; otherwise false