From ca6bb7dbcf33563679f85b55877a8dfe55ef1ac3 Mon Sep 17 00:00:00 2001 From: Robin Ellis Date: Tue, 9 Jan 2024 11:15:58 +0700 Subject: [PATCH 1/3] refactor: add logging - logging to show progress during cache update - readme edited with actual JAR name --- .../client/nvd/NvdCveClient.java | 21 +++---- vulnz/README.md | 10 ++-- .../vulnz/cli/commands/CveCommand.java | 58 +++++++++++++------ 3 files changed, 56 insertions(+), 33 deletions(-) diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java index e5a20650..6ede9c31 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java @@ -12,7 +12,7 @@ * limitations under the License. * * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2022-2023 Jeremy Long. All Rights Reserved. + * Copyright (c) 2022-2024 Jeremy Long. All Rights Reserved. */ package io.github.jeremylong.openvulnerability.client.nvd; @@ -162,7 +162,7 @@ public class NvdCveClient implements PagedDataSource { * @param httpClientSupplier supplier for custom HTTP clients; if {@code null} a default client will be used */ NvdCveClient(String apiKey, String endpoint, long delay, int threadCount, int maxPageCount, int maxRetryCount, - HttpAsyncClientSupplier httpClientSupplier) { + HttpAsyncClientSupplier httpClientSupplier) { this.apiKey = apiKey; if (endpoint == null) { this.endpoint = DEFAULT_ENDPOINT; @@ -180,8 +180,8 @@ public class NvdCveClient implements PagedDataSource { if (apiKey == null) { if (threadCount > 1) { LOG.warn( - "No api key provided; as such the thread count has been reset to 1 instead of the requested {}", - threadCount); + "No api key provided; as such the thread count has been reset to 1 instead of the requested {}", + threadCount); threadCount = 1; } meter = new RateMeter(5, 32500); @@ -192,6 +192,7 @@ public class NvdCveClient implements PagedDataSource { if (delay == 0) { delay = apiKey == null ? 6500 : 600; } + LOG.info("request endpoint={} threads={} delay={}", this.endpoint, threadCount, delay); for (int i = 0; i < threadCount; i++) { clients.add(new RateLimitedClient(maxRetryCount, delay, meter, httpClientSupplier)); } @@ -257,7 +258,7 @@ private Future callApi(int clientIndex, int startIndex) throws } builder.addHeader("User-Agent", "vulnz"); URI uri = uriBuilder.build(); - LOG.debug("requesting URI: {}", uri.toString()); + LOG.info("requesting URI: {}", uri.toString()); final SimpleHttpRequest request = builder.setUri(uri).build(); return clients.get(clientIndex).execute(request, clientIndex, startIndex); } catch (URISyntaxException e) { @@ -281,7 +282,7 @@ public void close() { try { client.close(); } catch (Exception ex) { - LOG.debug("Error closing client during `close`", ex); + LOG.warn("Error closing client during `close`", ex); } } clients = null; @@ -352,8 +353,8 @@ public Collection next() { return current.getVulnerabilities(); } else { lastStatusCode = response.getCode(); - LOG.debug("Status Code: {}", lastStatusCode); - LOG.debug("Response: {}", response.getBodyText()); + LOG.warn("Status Code: {}", lastStatusCode); + LOG.warn("Response: {}", response.getBodyText()); throw new NvdApiException("NVD Returned Status Code: " + lastStatusCode); } } @@ -419,7 +420,7 @@ private void queueUnsuccessful() { for (Map.Entry i : indexesToRetrieve.entrySet()) { if (i.getValue() > 5) { throw new NvdApiRetryExceededException("NVD Update Failed: attempted to retrieve starting index " - + i.getKey() + " from the NVD unsuccessfully five times."); + + i.getKey() + " from the NVD unsuccessfully five times."); } i.setValue(i.getValue() + 1); futures.add(callApi(clientIndex, i.getKey())); @@ -435,7 +436,7 @@ private void queueCalls() { int pageCount = 1; // start at results per page - as 0 was already requested for (int i = resultsPerPage; (maxPageCount <= 0 || pageCount < maxPageCount) - && i < totalAvailable; i += resultsPerPage) { + && i < totalAvailable; i += resultsPerPage) { indexesToRetrieve.put(i, 0); futures.add(callApi(clientIndex, i)); pageCount += 1; diff --git a/vulnz/README.md b/vulnz/README.md index 277861d1..284bb6c0 100644 --- a/vulnz/README.md +++ b/vulnz/README.md @@ -2,7 +2,7 @@ The cli is a spring-boot command line tool built with picocli. The example below does run the setup - which creates both the `vulnz` symlink (in `/usr/local/bin`) -and a completion script. If using zsh, the completion will be added to +and a completion script. If using zsh, the completion will be added to `/etc/bash_completion.d` or `/usr/local/etc/bash_completion.d` (depending on if they exist); see [permanently installing completion](https://picocli.info/autocomplete.html#_installing_completion_scripts_permanently_in_bashzsh) for more details. We may add a brew formula in the future. @@ -12,7 +12,7 @@ After running `install` you may need to restart your shell for the completion to ```bash ./gradlew vulnz:build cd vulnz/build/libs -./vulnz-5.1.1.jar install +./vulnz.jar install vulnz cve --cveId CVE-2021-44228 --prettyPrint ``` @@ -76,7 +76,7 @@ export JAVA_OPTS="-Xmx2g" Alternatively, run the CLI using the `-Xmx2g` argument: ```bash -java -Xmx2g -jar ./vulnz-5.1.1.jar +java -Xmx2g -jar ./vulnz.jar ``` ### Creating the Cache @@ -88,10 +88,12 @@ via a daily schedule to keep the cached data current: vulnz cve --cache --directory ./cache ``` +Download time may be reduced for the first cache by adding `--threads N` (where N is a number) but remote rate limits will still apply. It may be wise to specify the full path of the cache directory depending on your configuration. + Alternatively, without using the above install command: ```bash -./vulnz-5.1.1.jar cve --cache --directory ./cache +./vulnz.jar cve --cache --directory ./cache cd cache for file in *.json; do gzip -k "${file}"; done ``` diff --git a/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java b/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java index 45dc3872..4e4931e4 100644 --- a/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java +++ b/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java @@ -12,7 +12,7 @@ * limitations under the License. * * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2022-2023 Jeremy Long. All Rights Reserved. + * Copyright (c) 2022-2024 Jeremy Long. All Rights Reserved. */ package io.github.jeremylong.vulnz.cli.commands; @@ -73,6 +73,11 @@ public class CveCommand extends AbstractNvdCommand { * Hex code characters used in getHex. */ private static final String HEXES = "0123456789abcdef"; + /** + * Earliest year to acquire. + */ + private static final int FIRST_YEAR = 2002; + @CommandLine.ArgGroup(exclusive = true) ConfigGroup configGroup; @@ -118,6 +123,8 @@ public Integer timedCall() throws Exception { String apiKey = getApiKey(); if (apiKey == null) { LOG.info("NVD_API_KEY not found. Supply an API key for more generous rate limits"); + } else { + LOG.info("NVD_API_KEY found"); } NvdCveClientBuilder builder = NvdCveClientBuilder.aNvdCveApi().withApiKey(getApiKey()); if (getDelay() > 0) { @@ -177,7 +184,7 @@ public Integer timedCall() throws Exception { if (virtualMatch.matchStart != null && virtualMatch.matchStart.versionStart != null) { if (virtualMatch.matchStart.versionStartType != null) { builder.withVersionStart(virtualMatch.matchStart.versionStart, - virtualMatch.matchStart.versionStartType); + virtualMatch.matchStart.versionStartType); } else { builder.withVersionStart(virtualMatch.matchStart.versionStart); } @@ -212,7 +219,7 @@ public Integer timedCall() throws Exception { builder.withLastModifiedFilter(start, end); } else { LOG.warn( - "Requesting the entire set of NVD CVE data via the api as the cache was last updated over 120 days ago"); + "Requesting the entire set of NVD CVE data via the api as the cache was last updated over 120 days ago"); } } if (configGroup.cacheSettings.prefix != null) { @@ -228,7 +235,7 @@ public Integer timedCall() throws Exception { return 1; } if (configGroup != null && configGroup.modifiedRange != null - && configGroup.modifiedRange.lastModStartDate != null) { + && configGroup.modifiedRange.lastModStartDate != null) { ZonedDateTime end = configGroup.modifiedRange.lastModEndDate; if (end == null) { end = configGroup.modifiedRange.lastModStartDate.minusDays(-120); @@ -248,50 +255,62 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop cves.put("modified", new HashMap<>()); final String prefix = properties.get("prefix", "nvdcve-"); // load existing cached files - for (int year = 2002; year <= Year.now().getValue(); year++) { + for (int year = FIRST_YEAR; year <= Year.now().getValue(); year++) { File file = new File(properties.getDirectory(), prefix + year + ".json.gz"); cves.put(Integer.toString(year), new HashMap<>()); if (file.isFile()) { + LOG.info("cache found {}", file.getAbsolutePath()); CveApiJson20 data; try (FileInputStream fileInputStream = new FileInputStream(file); - GZIPInputStream gzipInputStream = new GZIPInputStream(fileInputStream);) { + GZIPInputStream gzipInputStream = new GZIPInputStream(fileInputStream);) { data = objectMapper.readValue(gzipInputStream, CveApiJson20.class); } catch (IOException exception) { throw new CacheException("Unable to read cached data: " + file, exception); } collectCves(cves, data.getVulnerabilities()); + } else { + LOG.info("no existing cache {}", file.getAbsolutePath()); } } + + final long requestStartTime = System.currentTimeMillis(); ZonedDateTime lastModified = null; // retrieve from NVD API try (NvdCveClient api = builder.build()) { while (api.hasNext()) { Collection data = api.next(); + LOG.info("vulnerabilities received {}", data.size()); collectCves(cves, data); lastModified = api.getLastUpdated(); } } catch (Exception ex) { - LOG.debug("\nERROR", ex); + LOG.error("\nERROR", ex); throw new CacheException("Unable to complete NVD cache update due to error: " + ex.getMessage()); } if (lastModified != null) { properties.set("lastModifiedDate", lastModified); } + LOG.info("requests took ~{} seconds", (System.currentTimeMillis() - requestStartTime) / 1000L); + // write cache // todo - get format and version from API final String format = "NVD_CVE"; final String version = "2.0"; + final int len = cves.size(); + int sofar = 0; + LOG.info("CVE parts: {}", len); for (Map.Entry> entry : cves.entrySet()) { File file = new File(properties.getDirectory(), prefix + entry.getKey() + ".json.gz"); File meta = new File(properties.getDirectory(), prefix + entry.getKey() + ".meta"); - List vulnerabilities = new ArrayList(entry.getValue().values()); + List vulnerabilities = new ArrayList<>(entry.getValue().values()); + LOG.info("{}% CVEs {} vulnerabilities {}", (sofar++ * 100) / len, entry.getKey(), vulnerabilities.size()); vulnerabilities.sort((v1, v2) -> { return v1.getCve().getId().compareTo(v2.getCve().getId()); }); ZonedDateTime timestamp; Optional maxDate = vulnerabilities.stream().map(v -> v.getCve().getLastModified()) - .max(ZonedDateTime::compareTo); + .max(ZonedDateTime::compareTo); if (maxDate.isPresent()) { timestamp = maxDate.get(); } else if (lastModified != null) { @@ -301,7 +320,7 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop } properties.set("lastModifiedDate." + entry.getKey(), timestamp); CveApiJson20 data = new CveApiJson20(vulnerabilities.size(), 0, vulnerabilities.size(), format, version, - timestamp, vulnerabilities); + timestamp, vulnerabilities); MessageDigest md; try { md = MessageDigest.getInstance("SHA-256"); @@ -310,9 +329,9 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop } long byteCount = 0; try (FileOutputStream fileOutputStream = new FileOutputStream(file); - GZIPOutputStream gzipOutputStream = new GZIPOutputStream(fileOutputStream); - DigestOutputStream digestOutputStream = new DigestOutputStream(gzipOutputStream, md); - CountingOutputStream countingOutputStream = new CountingOutputStream(digestOutputStream)) { + GZIPOutputStream gzipOutputStream = new GZIPOutputStream(fileOutputStream); + DigestOutputStream digestOutputStream = new DigestOutputStream(gzipOutputStream, md); + CountingOutputStream countingOutputStream = new CountingOutputStream(digestOutputStream)) { objectMapper.writeValue(countingOutputStream, data); byteCount = countingOutputStream.getByteCount(); } catch (IOException ex) { @@ -320,8 +339,8 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop } String checksum = getHex(md.digest()); try (FileOutputStream fileOutputStream = new FileOutputStream(meta); - OutputStreamWriter osw = new OutputStreamWriter(fileOutputStream, "UTF-8"); - PrintWriter writer = new PrintWriter(osw)) { + OutputStreamWriter osw = new OutputStreamWriter(fileOutputStream, "UTF-8"); + PrintWriter writer = new PrintWriter(osw)) { final String lmd = DateTimeFormatter.ISO_DATE_TIME.format(timestamp); writer.println("lastModifiedDate:" + lmd); writer.println("size:" + byteCount); @@ -331,6 +350,7 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop throw new CacheException("Unable to write cached meta-data: " + file, ex); } } + LOG.info("complete"); return 0; } @@ -359,7 +379,7 @@ public static String getHex(byte[] raw) { } private void collectCves(HashMap> cves, - Collection vulnerabilities) { + Collection vulnerabilities) { for (DefCveItem item : vulnerabilities) { cves.get(getNvdYear(item)).put(item.getCve().getId(), item); if (ChronoUnit.DAYS.between(item.getCve().getLastModified(), ZonedDateTime.now()) <= 7) { @@ -370,8 +390,8 @@ private void collectCves(HashMap> cves, private String getNvdYear(DefCveItem item) { int year = item.getCve().getPublished().getYear(); - if (year < 2002) { - year = 2002; + if (year < FIRST_YEAR) { + year = FIRST_YEAR; } return Integer.toString(year); } @@ -393,7 +413,7 @@ private int processRequest(NvdCveClientBuilder builder) throws IOException { jsonOut.writeObject(c.getCve()); } if (output.getLastModifiedDate() == null - || output.getLastModifiedDate().compareTo(api.getLastUpdated()) < 0) { + || output.getLastModifiedDate().compareTo(api.getLastUpdated()) < 0) { output.setLastModifiedDate(api.getLastUpdated()); } } else { From 847b245a54b03ba2ea6deba4514e507b35edd0c2 Mon Sep 17 00:00:00 2001 From: Robin Ellis Date: Tue, 9 Jan 2024 15:27:29 +0700 Subject: [PATCH 2/3] refactor: add logging - better progress tracking - typos in readme --- vulnz/README.md | 14 +++++++------- .../jeremylong/vulnz/cli/commands/CveCommand.java | 10 ++++------ 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/vulnz/README.md b/vulnz/README.md index 284bb6c0..31c02b5f 100644 --- a/vulnz/README.md +++ b/vulnz/README.md @@ -10,9 +10,9 @@ for more details. We may add a brew formula in the future. After running `install` you may need to restart your shell for the completion to work. ```bash -./gradlew vulnz:build +./gradlew vulnz:build -Pversion=5.1.1 cd vulnz/build/libs -./vulnz.jar install +./vulnz-5.1.1.jar install vulnz cve --cveId CVE-2021-44228 --prettyPrint ``` @@ -76,7 +76,7 @@ export JAVA_OPTS="-Xmx2g" Alternatively, run the CLI using the `-Xmx2g` argument: ```bash -java -Xmx2g -jar ./vulnz.jar +java -Xmx2g -jar ./vulnz-5.1.1.jar ``` ### Creating the Cache @@ -88,12 +88,12 @@ via a daily schedule to keep the cached data current: vulnz cve --cache --directory ./cache ``` -Download time may be reduced for the first cache by adding `--threads N` (where N is a number) but remote rate limits will still apply. It may be wise to specify the full path of the cache directory depending on your configuration. +Download time might be reduced for the first cache by adding `--threads N` (where N is a number) but remote rate limits will still apply. It may be wise to specify the full path of the cache directory depending on your configuration. Alternatively, without using the above install command: ```bash -./vulnz.jar cve --cache --directory ./cache +./vulnz-5.1.1.jar cve --cache --directory ./cache cd cache for file in *.json; do gzip -k "${file}"; done ``` @@ -141,8 +141,8 @@ Assuming the current version is `5.1.1` ```bash export TARGET_VERSION=5.1.1 -./gradlew vunlz:build -Pversion=$TARGET_VERSION -docker build vunlz/ -t ghcr.io/jeremylong/vulnz:$TARGET_VERSION --build-arg BUILD_VERSION=$TARGET_VERSION +./gradlew vulnz:build -Pversion=$TARGET_VERSION +docker build vulnz/ -t ghcr.io/jeremylong/vulnz:$TARGET_VERSION --build-arg BUILD_VERSION=$TARGET_VERSION ``` ### Release diff --git a/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java b/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java index 4e4931e4..a5b31573 100644 --- a/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java +++ b/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java @@ -276,10 +276,12 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop final long requestStartTime = System.currentTimeMillis(); ZonedDateTime lastModified = null; // retrieve from NVD API + int receivedSoFar = 0; try (NvdCveClient api = builder.build()) { while (api.hasNext()) { Collection data = api.next(); - LOG.info("vulnerabilities received {}", data.size()); + receivedSoFar += data.size(); + LOG.info("vulnerabilities received so far {}", receivedSoFar); collectCves(cves, data); lastModified = api.getLastUpdated(); } @@ -296,15 +298,11 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop // todo - get format and version from API final String format = "NVD_CVE"; final String version = "2.0"; - - final int len = cves.size(); - int sofar = 0; - LOG.info("CVE parts: {}", len); for (Map.Entry> entry : cves.entrySet()) { File file = new File(properties.getDirectory(), prefix + entry.getKey() + ".json.gz"); File meta = new File(properties.getDirectory(), prefix + entry.getKey() + ".meta"); List vulnerabilities = new ArrayList<>(entry.getValue().values()); - LOG.info("{}% CVEs {} vulnerabilities {}", (sofar++ * 100) / len, entry.getKey(), vulnerabilities.size()); + LOG.info("CVEs {} vulnerabilities {}", entry.getKey(), vulnerabilities.size()); vulnerabilities.sort((v1, v2) -> { return v1.getCve().getId().compareTo(v2.getCve().getId()); }); From 86bb4cb2e0f2d8138948526128a6699b0917b9ac Mon Sep 17 00:00:00 2001 From: Robin Ellis Date: Tue, 9 Jan 2024 16:22:19 +0700 Subject: [PATCH 3/3] refactor: add logging - restore whitespace --- .../client/nvd/NvdCveClient.java | 12 +++---- .../vulnz/cli/commands/CveCommand.java | 32 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java index 6ede9c31..0be0091b 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java @@ -12,7 +12,7 @@ * limitations under the License. * * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2022-2024 Jeremy Long. All Rights Reserved. + * Copyright (c) 2022-2023 Jeremy Long. All Rights Reserved. */ package io.github.jeremylong.openvulnerability.client.nvd; @@ -162,7 +162,7 @@ public class NvdCveClient implements PagedDataSource { * @param httpClientSupplier supplier for custom HTTP clients; if {@code null} a default client will be used */ NvdCveClient(String apiKey, String endpoint, long delay, int threadCount, int maxPageCount, int maxRetryCount, - HttpAsyncClientSupplier httpClientSupplier) { + HttpAsyncClientSupplier httpClientSupplier) { this.apiKey = apiKey; if (endpoint == null) { this.endpoint = DEFAULT_ENDPOINT; @@ -180,8 +180,8 @@ public class NvdCveClient implements PagedDataSource { if (apiKey == null) { if (threadCount > 1) { LOG.warn( - "No api key provided; as such the thread count has been reset to 1 instead of the requested {}", - threadCount); + "No api key provided; as such the thread count has been reset to 1 instead of the requested {}", + threadCount); threadCount = 1; } meter = new RateMeter(5, 32500); @@ -420,7 +420,7 @@ private void queueUnsuccessful() { for (Map.Entry i : indexesToRetrieve.entrySet()) { if (i.getValue() > 5) { throw new NvdApiRetryExceededException("NVD Update Failed: attempted to retrieve starting index " - + i.getKey() + " from the NVD unsuccessfully five times."); + + i.getKey() + " from the NVD unsuccessfully five times."); } i.setValue(i.getValue() + 1); futures.add(callApi(clientIndex, i.getKey())); @@ -436,7 +436,7 @@ private void queueCalls() { int pageCount = 1; // start at results per page - as 0 was already requested for (int i = resultsPerPage; (maxPageCount <= 0 || pageCount < maxPageCount) - && i < totalAvailable; i += resultsPerPage) { + && i < totalAvailable; i += resultsPerPage) { indexesToRetrieve.put(i, 0); futures.add(callApi(clientIndex, i)); pageCount += 1; diff --git a/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java b/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java index a5b31573..a3ff4719 100644 --- a/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java +++ b/vulnz/src/main/java/io/github/jeremylong/vulnz/cli/commands/CveCommand.java @@ -12,7 +12,7 @@ * limitations under the License. * * SPDX-License-Identifier: Apache-2.0 - * Copyright (c) 2022-2024 Jeremy Long. All Rights Reserved. + * Copyright (c) 2022-2023 Jeremy Long. All Rights Reserved. */ package io.github.jeremylong.vulnz.cli.commands; @@ -184,7 +184,7 @@ public Integer timedCall() throws Exception { if (virtualMatch.matchStart != null && virtualMatch.matchStart.versionStart != null) { if (virtualMatch.matchStart.versionStartType != null) { builder.withVersionStart(virtualMatch.matchStart.versionStart, - virtualMatch.matchStart.versionStartType); + virtualMatch.matchStart.versionStartType); } else { builder.withVersionStart(virtualMatch.matchStart.versionStart); } @@ -219,7 +219,7 @@ public Integer timedCall() throws Exception { builder.withLastModifiedFilter(start, end); } else { LOG.warn( - "Requesting the entire set of NVD CVE data via the api as the cache was last updated over 120 days ago"); + "Requesting the entire set of NVD CVE data via the api as the cache was last updated over 120 days ago"); } } if (configGroup.cacheSettings.prefix != null) { @@ -235,7 +235,7 @@ public Integer timedCall() throws Exception { return 1; } if (configGroup != null && configGroup.modifiedRange != null - && configGroup.modifiedRange.lastModStartDate != null) { + && configGroup.modifiedRange.lastModStartDate != null) { ZonedDateTime end = configGroup.modifiedRange.lastModEndDate; if (end == null) { end = configGroup.modifiedRange.lastModStartDate.minusDays(-120); @@ -262,7 +262,7 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop LOG.info("cache found {}", file.getAbsolutePath()); CveApiJson20 data; try (FileInputStream fileInputStream = new FileInputStream(file); - GZIPInputStream gzipInputStream = new GZIPInputStream(fileInputStream);) { + GZIPInputStream gzipInputStream = new GZIPInputStream(fileInputStream);) { data = objectMapper.readValue(gzipInputStream, CveApiJson20.class); } catch (IOException exception) { throw new CacheException("Unable to read cached data: " + file, exception); @@ -308,7 +308,7 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop }); ZonedDateTime timestamp; Optional maxDate = vulnerabilities.stream().map(v -> v.getCve().getLastModified()) - .max(ZonedDateTime::compareTo); + .max(ZonedDateTime::compareTo); if (maxDate.isPresent()) { timestamp = maxDate.get(); } else if (lastModified != null) { @@ -318,7 +318,7 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop } properties.set("lastModifiedDate." + entry.getKey(), timestamp); CveApiJson20 data = new CveApiJson20(vulnerabilities.size(), 0, vulnerabilities.size(), format, version, - timestamp, vulnerabilities); + timestamp, vulnerabilities); MessageDigest md; try { md = MessageDigest.getInstance("SHA-256"); @@ -327,9 +327,9 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop } long byteCount = 0; try (FileOutputStream fileOutputStream = new FileOutputStream(file); - GZIPOutputStream gzipOutputStream = new GZIPOutputStream(fileOutputStream); - DigestOutputStream digestOutputStream = new DigestOutputStream(gzipOutputStream, md); - CountingOutputStream countingOutputStream = new CountingOutputStream(digestOutputStream)) { + GZIPOutputStream gzipOutputStream = new GZIPOutputStream(fileOutputStream); + DigestOutputStream digestOutputStream = new DigestOutputStream(gzipOutputStream, md); + CountingOutputStream countingOutputStream = new CountingOutputStream(digestOutputStream)) { objectMapper.writeValue(countingOutputStream, data); byteCount = countingOutputStream.getByteCount(); } catch (IOException ex) { @@ -337,8 +337,8 @@ private Integer processRequest(NvdCveClientBuilder builder, CacheProperties prop } String checksum = getHex(md.digest()); try (FileOutputStream fileOutputStream = new FileOutputStream(meta); - OutputStreamWriter osw = new OutputStreamWriter(fileOutputStream, "UTF-8"); - PrintWriter writer = new PrintWriter(osw)) { + OutputStreamWriter osw = new OutputStreamWriter(fileOutputStream, "UTF-8"); + PrintWriter writer = new PrintWriter(osw)) { final String lmd = DateTimeFormatter.ISO_DATE_TIME.format(timestamp); writer.println("lastModifiedDate:" + lmd); writer.println("size:" + byteCount); @@ -377,7 +377,7 @@ public static String getHex(byte[] raw) { } private void collectCves(HashMap> cves, - Collection vulnerabilities) { + Collection vulnerabilities) { for (DefCveItem item : vulnerabilities) { cves.get(getNvdYear(item)).put(item.getCve().getId(), item); if (ChronoUnit.DAYS.between(item.getCve().getLastModified(), ZonedDateTime.now()) <= 7) { @@ -388,8 +388,8 @@ private void collectCves(HashMap> cves, private String getNvdYear(DefCveItem item) { int year = item.getCve().getPublished().getYear(); - if (year < FIRST_YEAR) { - year = FIRST_YEAR; + if (year < 2002) { + year = 2002; } return Integer.toString(year); } @@ -411,7 +411,7 @@ private int processRequest(NvdCveClientBuilder builder) throws IOException { jsonOut.writeObject(c.getCve()); } if (output.getLastModifiedDate() == null - || output.getLastModifiedDate().compareTo(api.getLastUpdated()) < 0) { + || output.getLastModifiedDate().compareTo(api.getLastUpdated()) < 0) { output.setLastModifiedDate(api.getLastUpdated()); } } else {