Skip to content

Commit

Permalink
Integrated SSVC endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@dylan-mulligan @ctevse
dylan-mulligan authored and ctevse committed Oct 24, 2023
1 parent 08ae5f5 commit 2a0a733
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 17 deletions.
8 changes: 4 additions & 4 deletions reconciler/src/main/java/edu/rit/se/nvip/ReconcilerMain.java
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,10 @@
package edu.rit.se.nvip;

import edu.rit.se.nvip.characterizer.CveCharacterizer;
import edu.rit.se.nvip.messenger.Messenger;
import edu.rit.se.nvip.model.CompositeVulnerability;
import edu.rit.se.nvip.model.RawVulnerability;
import edu.rit.se.nvip.utils.ReconcilerEnvVars;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

import java.sql.Timestamp;
import java.util.*;

public class ReconcilerMain {
Expand Down Expand Up @@ -63,6 +59,10 @@ public void main() {
break;
}
}
case "dev":
final Set<String> devJobs = new HashSet<>();
devJobs.add("CVE-2023-2825");
rc.main(devJobs);
}

}
Expand Down
7 changes: 2 additions & 5 deletions reconciler/src/main/java/edu/rit/se/nvip/characterizer/CveCharacterizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,9 @@
import org.apache.commons.io.FileUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import sun.net.www.protocol.https.HttpsURLConnectionImpl;

import javax.net.ssl.HttpsURLConnection;
import java.io.*;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.nio.file.Paths;
import java.util.*;
Expand Down Expand Up @@ -250,7 +247,7 @@ private SSVC characterizeCveForSSVC(CompositeVulnerability vuln) {
params.put("exploitStatus", dbh.exploitExists(vuln.getCveId()) ? "POC" : "NONE");

// Create url object
final URL url = new URL("ssvc" + getParamsString(params));
final URL url = new URL("http://localhost:5000/ssvc" + getParamsString(params));

// // Setup connection and parameters
// final HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
Expand Down Expand Up @@ -292,7 +289,7 @@ private double getCvssScoreFromVdoLabels(Set<VDOLabel> predictionsForVuln) {

private static String getParamsString(Map<String, String> params)
throws UnsupportedEncodingException {
StringBuilder result = new StringBuilder();
StringBuilder result = new StringBuilder("?");

for (Map.Entry<String, String> entry : params.entrySet()) {
result.append(URLEncoder.encode(entry.getKey(), "UTF-8"));
Expand Down
22 changes: 14 additions & 8 deletions reconciler/src/main/java/edu/rit/se/nvip/model/SSVC.java
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,26 @@
package edu.rit.se.nvip.model;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;

@JsonIgnoreProperties(ignoreUnknown=true)
public class SSVC {
private enum EXPLOIT_STATUS {
NONE, POC, ACTIVE
}
private final boolean automatable;
private final EXPLOIT_STATUS exploitStatus;
private final boolean technicalImpact;
@JsonProperty("automatable")
private boolean automatable;
@JsonProperty("exploitStatus")
private EXPLOIT_STATUS exploitStatus;

public SSVC(boolean automatable, EXPLOIT_STATUS exploitStatus, boolean technicalImpact) {
this.automatable = automatable;
this.exploitStatus = exploitStatus;
this.technicalImpact = technicalImpact;
}
private boolean technicalImpact;

public boolean isAutomatable() { return automatable; }
public String getExploitStatus() { return exploitStatus.toString(); }
public boolean getTechnicalImpact() { return technicalImpact; }

@JsonProperty("technicalImpact")
public void setTechnicalImpact(String technicalImpact) {
this.technicalImpact = technicalImpact.equals("TOTAL");
}
}

0 comments on commit 2a0a733

Please sign in to comment.