org.owasp.dependencycheck.data.nvd.ecosystem

Class CveEcosystemMapper

java.lang.Object

org.owasp.dependencycheck.data.nvd.ecosystem.CveEcosystemMapper

@NotThreadSafe
public class CveEcosystemMapper
extends java.lang.Object

Utility for mapping CVEs to their ecosystems.

Follows a best effort approach:

• scans through the description for known keywords or file extensions; alternatively
• attempts looks at the reference-data URLs for known hosts or path / query strings.

This class is not thread safe and must be instantiated on a per-thread basis.

Author:

skjolber

Constructor Summary

Constructors

Constructor and Description
CveEcosystemMapper()

Method Summary

Modifier and Type	Method and Description
java.lang.String	getEcosystem(io.github.jeremylong.openvulnerability.client.nvd.DefCveItem cve) Analyzes the description and associated URLs to determine if the vulnerability/software is for a specific known ecosystem.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CveEcosystemMapper

public CveEcosystemMapper()

Method Detail

getEcosystem

public java.lang.String getEcosystem(io.github.jeremylong.openvulnerability.client.nvd.DefCveItem cve)

Analyzes the description and associated URLs to determine if the vulnerability/software is for a specific known ecosystem. The ecosystem can be used later for filtering CPE matches.

Parameters:

cve - the item to be analyzed

Returns:

the ecosystem if one could be identified; otherwise null