Class H2Functions
java.lang.Object
org.owasp.dependencycheck.data.nvdcve.H2Functions
Stored procedures for the H2 database.
- Author:
- Jeremy Long
-
Method Summary
Modifier and TypeMethodDescriptionstatic voidinsertSoftware(Connection conn, int vulnerabilityId, String part, String vendor, String product, String version, String update, String edition, String language, String swEdition, String targetSw, String targetHw, String other, String ecosystem, String versionEndExcluding, String versionEndIncluding, String versionStartExcluding, String versionStartIncluding, Boolean vulnerable) Adds a CPE to a vulnerability; if the CPE is not contained in the database it is first added.static voidmergeKnownExploited(Connection conn, String cveId, String vendorProject, String product, String vulnerabilityName, String dateAdded, String shortDescription, String requiredAction, String dueDate, String notes) Update or insert a known exploited vulnerability.static ResultSetupdateVulnerability(Connection conn, String cve, String description, String v2Severity, Float v2ExploitabilityScore, Float v2ImpactScore, Boolean v2AcInsufInfo, Boolean v2ObtainAllPrivilege, Boolean v2ObtainUserPrivilege, Boolean v2ObtainOtherPrivilege, Boolean v2UserInteractionRequired, Float v2Score, String v2AccessVector, String v2AccessComplexity, String v2Authentication, String v2ConfidentialityImpact, String v2IntegrityImpact, String v2AvailabilityImpact, String v2Version, Float v3ExploitabilityScore, Float v3ImpactScore, String v3AttackVector, String v3AttackComplexity, String v3PrivilegesRequired, String v3UserInteraction, String v3Scope, String v3ConfidentialityImpact, String v3IntegrityImpact, String v3AvailabilityImpact, Float v3BaseScore, String v3BaseSeverity, String v3Version, String v4version, String v4attackVector, String v4attackComplexity, String v4attackRequirements, String v4privilegesRequired, String v4userInteraction, String v4vulnConfidentialityImpact, String v4vulnIntegrityImpact, String v4vulnAvailabilityImpact, String v4subConfidentialityImpact, String v4subIntegrityImpact, String v4subAvailabilityImpact, String v4exploitMaturity, String v4confidentialityRequirement, String v4integrityRequirement, String v4availabilityRequirement, String v4modifiedAttackVector, String v4modifiedAttackComplexity, String v4modifiedAttackRequirements, String v4modifiedPrivilegesRequired, String v4modifiedUserInteraction, String v4modifiedVulnConfidentialityImpact, String v4modifiedVulnIntegrityImpact, String v4modifiedVulnAvailabilityImpact, String v4modifiedSubConfidentialityImpact, String v4modifiedSubIntegrityImpact, String v4modifiedSubAvailabilityImpact, String v4safety, String v4automatable, String v4recovery, String v4valueDensity, String v4vulnerabilityResponseEffort, String v4providerUrgency, Float v4baseScore, String v4baseSeverity, Float v4threatScore, String v4threatSeverity, Float v4environmentalScore, String v4environmentalSeverity, String v4source, String v4type) Updates or inserts the vulnerability into the database.
-
Method Details
-
insertSoftware
public static void insertSoftware(Connection conn, int vulnerabilityId, String part, String vendor, String product, String version, String update, String edition, String language, String swEdition, String targetSw, String targetHw, String other, String ecosystem, String versionEndExcluding, String versionEndIncluding, String versionStartExcluding, String versionStartIncluding, Boolean vulnerable) throws SQLException Adds a CPE to a vulnerability; if the CPE is not contained in the database it is first added.- Parameters:
conn- the database connectionvulnerabilityId- the vulnerability idpart- the CPE partvendor- the CPE vendorproduct- the CPE productversion- the CPE versionupdate- the CPE update versionedition- the CPE editionlanguage- the CPE languageswEdition- the CPE software editiontargetSw- the CPE target softwaretargetHw- the CPE target hardwareother- the CPE otherecosystem- the ecosystemversionEndExcluding- a version range to identify the softwareversionEndIncluding- a version range to identify the softwareversionStartExcluding- a version range to identify the softwareversionStartIncluding- a version range to identify the softwarevulnerable- a flag indicating whether or not the software is vulnerable- Throws:
SQLException- thrown if there is an error adding the CPE or software reference
-
updateVulnerability
public static ResultSet updateVulnerability(Connection conn, String cve, String description, String v2Severity, Float v2ExploitabilityScore, Float v2ImpactScore, Boolean v2AcInsufInfo, Boolean v2ObtainAllPrivilege, Boolean v2ObtainUserPrivilege, Boolean v2ObtainOtherPrivilege, Boolean v2UserInteractionRequired, Float v2Score, String v2AccessVector, String v2AccessComplexity, String v2Authentication, String v2ConfidentialityImpact, String v2IntegrityImpact, String v2AvailabilityImpact, String v2Version, Float v3ExploitabilityScore, Float v3ImpactScore, String v3AttackVector, String v3AttackComplexity, String v3PrivilegesRequired, String v3UserInteraction, String v3Scope, String v3ConfidentialityImpact, String v3IntegrityImpact, String v3AvailabilityImpact, Float v3BaseScore, String v3BaseSeverity, String v3Version, String v4version, String v4attackVector, String v4attackComplexity, String v4attackRequirements, String v4privilegesRequired, String v4userInteraction, String v4vulnConfidentialityImpact, String v4vulnIntegrityImpact, String v4vulnAvailabilityImpact, String v4subConfidentialityImpact, String v4subIntegrityImpact, String v4subAvailabilityImpact, String v4exploitMaturity, String v4confidentialityRequirement, String v4integrityRequirement, String v4availabilityRequirement, String v4modifiedAttackVector, String v4modifiedAttackComplexity, String v4modifiedAttackRequirements, String v4modifiedPrivilegesRequired, String v4modifiedUserInteraction, String v4modifiedVulnConfidentialityImpact, String v4modifiedVulnIntegrityImpact, String v4modifiedVulnAvailabilityImpact, String v4modifiedSubConfidentialityImpact, String v4modifiedSubIntegrityImpact, String v4modifiedSubAvailabilityImpact, String v4safety, String v4automatable, String v4recovery, String v4valueDensity, String v4vulnerabilityResponseEffort, String v4providerUrgency, Float v4baseScore, String v4baseSeverity, Float v4threatScore, String v4threatSeverity, Float v4environmentalScore, String v4environmentalSeverity, String v4source, String v4type) throws SQLException Updates or inserts the vulnerability into the database. If updating a vulnerability the method will delete all software, CWE, and references and new entries will be added later.- Parameters:
conn- the database connectioncve- the CVE identifierdescription- the vulnerability descriptionv2Severity- the CVSS v2 severityv2ExploitabilityScore- the CVSS v2 exploitability scorev2ImpactScore- the CVSS v2 impact scorev2AcInsufInfo- the CVSS v2 AcInsufInfov2ObtainAllPrivilege- the CVSS v2 obtain all privilege flagv2ObtainUserPrivilege- the CVSS v2 obtain user privilege flagv2ObtainOtherPrivilege- the CVSS v2 obtain other privilege flagv2UserInteractionRequired- the CVSS v2 user interaction required flagv2Score- the CVSS v2 scorev2AccessVector- the CVSS v2 access vectorv2AccessComplexity- the CVSS v2 access complexityv2Authentication- the CVSS v2 authenticationv2ConfidentialityImpact- the CVSS v2 confidentiality impactv2IntegrityImpact- the CVSS v2 integrity impactv2AvailabilityImpact- the CVSS v2 availability impactv2Version- the CVSS v2 versionv3ExploitabilityScore- the CVSS v3 exploitability scorev3ImpactScore- the CVSS v3 impact scorev3AttackVector- the CVSS v3 attack vectorv3AttackComplexity- the CVSS v3 attack complexityv3PrivilegesRequired- the CVSS v3 privilege required flagv3UserInteraction- the CVSS v3 user interaction required flagv3Scope- the CVSS v3 scopev3ConfidentialityImpact- the CVSS v3 confidentiality impactv3IntegrityImpact- the CVSS v3 integrity impactv3AvailabilityImpact- the CVSS v3 availability impactv3BaseScore- the CVSS v3 base scorev3BaseSeverity- the CVSS v3 base severityv3Version- the CVSS v3 versionv4version- CVSS v4 datav4attackVector- CVSS v4 datav4attackComplexity- CVSS v4 datav4attackRequirements- CVSS v4 datav4privilegesRequired- CVSS v4 datav4userInteraction- CVSS v4 datav4vulnConfidentialityImpact- CVSS v4 datav4vulnIntegrityImpact- CVSS v4 datav4vulnAvailabilityImpact- CVSS v4 datav4subConfidentialityImpact- CVSS v4 datav4subIntegrityImpact- CVSS v4 datav4subAvailabilityImpact- CVSS v4 datav4exploitMaturity- CVSS v4 datav4confidentialityRequirement- CVSS v4 datav4integrityRequirement- CVSS v4 datav4availabilityRequirement- CVSS v4 datav4modifiedAttackVector- CVSS v4 datav4modifiedAttackComplexity- CVSS v4 datav4modifiedAttackRequirements- CVSS v4 datav4modifiedPrivilegesRequired- CVSS v4 datav4modifiedUserInteraction- CVSS v4 datav4modifiedVulnConfidentialityImpact- CVSS v4 datav4modifiedVulnIntegrityImpact- CVSS v4 datav4modifiedVulnAvailabilityImpact- CVSS v4 datav4modifiedSubConfidentialityImpact- CVSS v4 datav4modifiedSubIntegrityImpact- CVSS v4 datav4modifiedSubAvailabilityImpact- CVSS v4 datav4safety- CVSS v4 datav4automatable- CVSS v4 datav4recovery- CVSS v4 datav4valueDensity- CVSS v4 datav4vulnerabilityResponseEffort- CVSS v4 datav4providerUrgency- CVSS v4 datav4baseScore- CVSS v4 datav4baseSeverity- CVSS v4 datav4threatScore- CVSS v4 datav4threatSeverity- CVSS v4 datav4environmentalScore- CVSS v4 datav4environmentalSeverity- CVSS v4 datav4source- CVSS v4 datav4type- CVSS v4 data- Returns:
- a result set containing the vulnerability id
- Throws:
SQLException- thrown if there is an error updating or inserting the vulnerability
-
mergeKnownExploited
public static void mergeKnownExploited(Connection conn, String cveId, String vendorProject, String product, String vulnerabilityName, String dateAdded, String shortDescription, String requiredAction, String dueDate, String notes) throws SQLException Update or insert a known exploited vulnerability.- Parameters:
conn- the connectioncveId- the idvendorProject- the vendor/projectproduct- the productvulnerabilityName- the vulnerability namedateAdded- the date addedshortDescription- the short descriptionrequiredAction- the action requireddueDate- the due datenotes- notes- Throws:
SQLException- thrown if there is a database error merging the Known Exploited information to the database
-