From 6706d5ca0e56a59ebac29cb1d0d78f6e7ea5af75 Mon Sep 17 00:00:00 2001
From: Dylan Mulligan <dylan.mulligan2020@gmail.com>
Date: Mon, 16 Oct 2023 17:05:39 -0400
Subject: [PATCH] Integrated SSVC endpoint

---
 .../java/edu/rit/se/nvip/ReconcilerMain.java  |  8 +++----
 .../nvip/characterizer/CveCharacterizer.java  |  7 ++----
 .../main/java/edu/rit/se/nvip/model/SSVC.java | 22 ++++++++++++-------
 3 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/reconciler/src/main/java/edu/rit/se/nvip/ReconcilerMain.java b/reconciler/src/main/java/edu/rit/se/nvip/ReconcilerMain.java
index a40a33a5a..80641efa0 100644
--- a/reconciler/src/main/java/edu/rit/se/nvip/ReconcilerMain.java
+++ b/reconciler/src/main/java/edu/rit/se/nvip/ReconcilerMain.java
@@ -1,14 +1,10 @@
 package edu.rit.se.nvip;
 
-import edu.rit.se.nvip.characterizer.CveCharacterizer;
 import edu.rit.se.nvip.messenger.Messenger;
-import edu.rit.se.nvip.model.CompositeVulnerability;
-import edu.rit.se.nvip.model.RawVulnerability;
 import edu.rit.se.nvip.utils.ReconcilerEnvVars;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
-import java.sql.Timestamp;
 import java.util.*;
 
 public class ReconcilerMain {
@@ -63,6 +59,10 @@ public void main() {
                         break;
                     }
                 }
+            case "dev":
+                final Set<String> devJobs = new HashSet<>();
+                devJobs.add("CVE-2023-2825");
+                rc.main(devJobs);
         }
 
     }
diff --git a/reconciler/src/main/java/edu/rit/se/nvip/characterizer/CveCharacterizer.java b/reconciler/src/main/java/edu/rit/se/nvip/characterizer/CveCharacterizer.java
index caff45434..3568e013b 100644
--- a/reconciler/src/main/java/edu/rit/se/nvip/characterizer/CveCharacterizer.java
+++ b/reconciler/src/main/java/edu/rit/se/nvip/characterizer/CveCharacterizer.java
@@ -39,12 +39,9 @@
 import org.apache.commons.io.FileUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-import sun.net.www.protocol.https.HttpsURLConnectionImpl;
 
-import javax.net.ssl.HttpsURLConnection;
 import java.io.*;
 import java.net.URL;
-import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.nio.file.Paths;
 import java.util.*;
@@ -250,7 +247,7 @@ private SSVC characterizeCveForSSVC(CompositeVulnerability vuln) {
 			params.put("exploitStatus", dbh.exploitExists(vuln.getCveId()) ? "POC" : "NONE");
 
 			// Create url object
-			final URL url = new URL("ssvc" + getParamsString(params));
+			final URL url = new URL("http://localhost:5000/ssvc" + getParamsString(params));
 
 //			// Setup connection and parameters
 //			final HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
@@ -292,7 +289,7 @@ private double getCvssScoreFromVdoLabels(Set<VDOLabel> predictionsForVuln) {
 
 	private static String getParamsString(Map<String, String> params)
 			throws UnsupportedEncodingException {
-		StringBuilder result = new StringBuilder();
+		StringBuilder result = new StringBuilder("?");
 
 		for (Map.Entry<String, String> entry : params.entrySet()) {
 			result.append(URLEncoder.encode(entry.getKey(), "UTF-8"));
diff --git a/reconciler/src/main/java/edu/rit/se/nvip/model/SSVC.java b/reconciler/src/main/java/edu/rit/se/nvip/model/SSVC.java
index 9b34f09cb..7c3072f14 100644
--- a/reconciler/src/main/java/edu/rit/se/nvip/model/SSVC.java
+++ b/reconciler/src/main/java/edu/rit/se/nvip/model/SSVC.java
@@ -1,20 +1,26 @@
 package edu.rit.se.nvip.model;
 
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+@JsonIgnoreProperties(ignoreUnknown=true)
 public class SSVC {
     private enum EXPLOIT_STATUS {
         NONE, POC, ACTIVE
     }
-    private final boolean automatable;
-    private final EXPLOIT_STATUS exploitStatus;
-    private final boolean technicalImpact;
+    @JsonProperty("automatable")
+    private boolean automatable;
+    @JsonProperty("exploitStatus")
+    private EXPLOIT_STATUS exploitStatus;
 
-    public SSVC(boolean automatable, EXPLOIT_STATUS exploitStatus, boolean technicalImpact) {
-        this.automatable = automatable;
-        this.exploitStatus = exploitStatus;
-        this.technicalImpact = technicalImpact;
-    }
+    private boolean technicalImpact;
 
     public boolean isAutomatable() { return automatable; }
     public String getExploitStatus() { return exploitStatus.toString(); }
     public boolean getTechnicalImpact() { return technicalImpact; }
+
+    @JsonProperty("technicalImpact")
+    public void setTechnicalImpact(String technicalImpact) {
+        this.technicalImpact = technicalImpact.equals("TOTAL");
+    }
 }