Update output messages for job streaming to pf/ff

SoftwareDesignLab · Nov 21, 2023 · 192e287 · 192e287
1 parent f2922d7
commit 192e287
Show file tree

Hide file tree

Showing 10 changed files with 325 additions and 861 deletions.
diff --git a/productnameextractor/pom.xml b/productnameextractor/pom.xml
@@ -8,8 +8,8 @@
     <version>1.0</version>
 
     <properties>
-        <maven.compiler.source>1.8</maven.compiler.source>
-        <maven.compiler.target>1.8</maven.compiler.target>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 

diff --git a/productnameextractor/productnameextractor.iml b/productnameextractor/productnameextractor.iml
diff --git a/productnameextractor/src/main/java/ProductNameExtractorMain.java b/productnameextractor/src/main/java/ProductNameExtractorMain.java
@@ -210,7 +210,12 @@ private static void dbMain(DatabaseHelper databaseHelper) {
 
         // Process vulnerabilities
         final long getProdStart = System.currentTimeMillis();
-        final List<AffectedProduct> affectedProducts = affectedProductIdentifier.identifyAffectedProducts(vulnList);
+        final List<AffectedProduct> affectedProducts = new ArrayList<>();
+
+        for(CompositeVulnerability vuln : vulnList) {
+            affectedProducts.addAll(affectedProductIdentifier.identifyAffectedProducts(vuln));
+        }
+
         int numAffectedProducts = affectedProducts.size();
 
         logger.info("Product Name Extractor found {} affected products in {} seconds", numAffectedProducts, Math.floor(((double) (System.currentTimeMillis() - getProdStart) / 1000) * 100) / 100);
@@ -245,7 +250,8 @@ private static void rabbitMain(DatabaseHelper databaseHelper) {
         final Messenger rabbitMQ = new Messenger(
                 factory,
                 ProductNameExtractorEnvVars.getRabbitInputQueue(),
-                ProductNameExtractorEnvVars.getRabbitOutputQueue(),
+                ProductNameExtractorEnvVars.getRabbitPatchfinderOutputQueue(),
+                ProductNameExtractorEnvVars.getRabbitFixfinderOutputQueue(),
                 affectedProductIdentifier,
                 databaseHelper);
 
@@ -258,11 +264,17 @@ private static void testMain() {
         logger.info("Test mode enabled, creating test vulnerability list...");
         vulnList = createTestVulnList();
 
+        // TODO: Deprecate and remove
         initializeProductIdentifier(vulnList);
 
         // Process vulnerabilities
         long getProdStart = System.currentTimeMillis();
-        int numAffectedProducts = affectedProductIdentifier.identifyAffectedProducts(vulnList).size();
+        final List<AffectedProduct> affectedProducts = new ArrayList<>();
+        for(CompositeVulnerability vuln : vulnList) {
+            affectedProducts.addAll(affectedProductIdentifier.identifyAffectedProducts(vuln));
+        }
+
+        int numAffectedProducts = affectedProducts.size();
 
         logger.info("Product Name Extractor found {} affected products in the test run in {} seconds", numAffectedProducts, Math.floor(((double) (System.currentTimeMillis() - getProdStart) / 1000) * 100) / 100);
 

diff --git a/productnameextractor/src/main/java/db/DatabaseHelper.java b/productnameextractor/src/main/java/db/DatabaseHelper.java
@@ -254,46 +254,43 @@ public List<CompositeVulnerability> getAllCompositeVulnerabilities(int maxVulner
 	}
 
 	/**
-	 * Gets list of specific vulnerabilities by their CVE IDs from the database,
-	 * formats them into CompositeVulnerability objects, and returns the list.
+	 * Gets specific vulnerability by CVE ID from the database,
+	 * formats them into a CompositeVulnerability object and returns it.
+	 * Returns null if no vulnerability found
 	 *
-	 * @param cveIds list of CVEs to be pulled from database
-	 * @return list of fetched vulnerabilities
+	 * @param cveId CVE to be pulled from database
+	 * @return fetched vulnerability
 	 */
-	public List<CompositeVulnerability> getSpecificCompositeVulnerabilities(List<String> cveIds){
-		ArrayList<CompositeVulnerability> vulnList = new ArrayList<>();
+	public CompositeVulnerability getSpecificCompositeVulnerability(String cveId){
 		synchronized (DatabaseHelper.class) {
 			try (Connection connection = getConnection()) {
 
 				// For each CVE ID in cveIds, query database for info specific to that cve
-				for(String cveId : cveIds){
-					PreparedStatement pstmt = connection.prepareStatement(selectSpecificVulnerabilitySql);
-					pstmt.setString(1, cveId);
-
-					ResultSet rs = pstmt.executeQuery();
-
-					while (rs.next()) {
-						int vulnId = rs.getInt("vuln_id");
-						String description = rs.getString("description");
-
-						CompositeVulnerability vulnerability = new CompositeVulnerability(
-								vulnId,
-								cveId,
-								description,
-								CompositeVulnerability.CveReconcileStatus.UPDATE
-						);
-						vulnList.add(vulnerability);
-					}
-				}
-				logger.info("Successfully loaded {} existing CVE items from DB! {} CVE items were not found in the DB", vulnList.size(), cveIds.size() - vulnList.size());
+				PreparedStatement pstmt = connection.prepareStatement(selectSpecificVulnerabilitySql);
+				pstmt.setString(1, cveId);
+
+				ResultSet rs = pstmt.executeQuery();
+
+				// If result found
+				if(rs.next()) {
+					int vulnId = rs.getInt("vuln_id");
+					String description = rs.getString("description");
+
+					logger.info("Successfully found CVE '{}' from DB!", cveId);
+					return new CompositeVulnerability(
+							vulnId,
+							cveId,
+							description,
+							CompositeVulnerability.CveReconcileStatus.UPDATE
+					);
+				} else logger.warn("CVE '{}' was not found in the DB!", cveId);
 			} catch (Exception e) {
 				logger.error("Error while getting existing vulnerabilities from DB\nException: {}", e.getMessage());
 				logger.error("This is a serious error! Product Name Extraction will not be able to proceed! Exiting...");
 				System.exit(1);
 			}
 		}
-
-		return vulnList;
+		return null;
 	}
 
 	/**

diff --git a/productnameextractor/src/main/java/env/ProductNameExtractorEnvVars.java b/productnameextractor/src/main/java/env/ProductNameExtractorEnvVars.java
@@ -89,7 +89,8 @@ public class ProductNameExtractorEnvVars {
     private static String rabbitUsername = "guest";
     private static String rabbitPassword = "guest";
     private static String rabbitInputQueue = "RECONCILER_OUT";
-    private static String rabbitOutputQueue = "PNE_OUT";
+    private static String rabbitPatchfinderOutputQueue = "PNE_OUT_PATCH";
+    private static String rabbitFixfinderOutputQueue = "PNE_OUT_RABBIT";
 
     // Automatically load env vars
     static{
@@ -155,7 +156,8 @@ public static String getRabbitVHost() {
     public static String getRabbitUsername() { return rabbitUsername; }
     public static String getRabbitPassword() { return rabbitPassword; }
     public static String getRabbitInputQueue() { return rabbitInputQueue; }
-    public static String getRabbitOutputQueue() { return rabbitOutputQueue; }
+    public static String getRabbitPatchfinderOutputQueue() { return rabbitPatchfinderOutputQueue; }
+    public static String getRabbitFixfinderOutputQueue() { return rabbitFixfinderOutputQueue; }
     public static String getInputMode() { return inputMode; }
     public static int getCveLimit() { return cveLimit; }
 
@@ -414,14 +416,21 @@ private static void fetchRabbitEnvVars(Map<String, String> systemProps, Map<Stri
             logger.info("Setting PNE_INPUT_QUEUE to {}", rabbitInputQueue);
         } else logger.warn("Could not fetch PNE_INPUT_QUEUE from env vars, defaulting to {}", rabbitInputQueue);
 
-        if(systemProps.containsKey("PNE_OUTPUT_QUEUE")) {
-            rabbitOutputQueue = systemProps.get("PNE_OUTPUT_QUEUE");
-            logger.info("Setting PNE_OUTPUT_QUEUE to {}", rabbitOutputQueue);
-        } else if (fileProps.containsKey("PNE_OUTPUT_QUEUE")) {
-            rabbitOutputQueue = fileProps.get("PNE_OUTPUT_QUEUE");
-            logger.info("Setting PNE_OUTPUT_QUEUE to {}", rabbitOutputQueue);
-        } else logger.warn("Could not fetch PNE_OUTPUT_QUEUE from env vars, defaulting to {}", rabbitOutputQueue);
-
+        if(systemProps.containsKey("PNE_OUTPUT_QUEUE_PATCH")) {
+            rabbitPatchfinderOutputQueue = systemProps.get("PNE_OUTPUT_QUEUE_PATCH");
+            logger.info("Setting PNE_OUTPUT_QUEUE_PATCH to {}", rabbitPatchfinderOutputQueue);
+        } else if (fileProps.containsKey("PNE_OUTPUT_QUEUE_PATCH")) {
+            rabbitPatchfinderOutputQueue = fileProps.get("PNE_OUTPUT_QUEUE_PATCH");
+            logger.info("Setting PNE_OUTPUT_QUEUE_PATCH to {}", rabbitPatchfinderOutputQueue);
+        } else logger.warn("Could not fetch PNE_OUTPUT_QUEUE_PATCH from env vars, defaulting to {}", rabbitPatchfinderOutputQueue);
+
+        if(systemProps.containsKey("PNE_OUTPUT_QUEUE_FIX")) {
+            rabbitFixfinderOutputQueue = systemProps.get("PNE_OUTPUT_QUEUE_FIX");
+            logger.info("Setting PNE_OUTPUT_QUEUE_FIX to {}", rabbitFixfinderOutputQueue);
+        } else if (fileProps.containsKey("PNE_OUTPUT_QUEUE_FIX")) {
+            rabbitFixfinderOutputQueue = fileProps.get("PNE_OUTPUT_QUEUE_FIX");
+            logger.info("Setting PNE_OUTPUT_QUEUE_FIX to {}", rabbitFixfinderOutputQueue);
+        } else logger.warn("Could not fetch PNE_OUTPUT_QUEUE_FIX from env vars, defaulting to {}", rabbitFixfinderOutputQueue);
     }
 
     /**