package fuzion24.device.vulnerability.test;
import android.content.Context;
import org.json.JSONArray;
import org.json.JSONObject;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;
import fuzion24.device.vulnerability.vulnerabilities.helper.BinaryAssets;
/**
* Created by fuzion24 on 11/23/15.
*/
public class VulnerabilityDescriptor {
private final String CVEorID;
private final String description;
private final String impact;
private final Double CVSSV2Score;
private final Date CVEDate;
private final List<String> externalLinks;
private final List<String> altNames;
private final List<String> patches;
private VulnerabilityDescriptor(String cve,
String desc,
String impact,
Double cvssv2,
String cveDate,
List<String> externLinks,
List<String> altNames,
List<String> patches) throws Exception {
this.CVEorID = cve;
this.description = desc;
this.impact = impact;
this.CVSSV2Score = cvssv2;
this.externalLinks = externLinks;
this.altNames = altNames;
this.patches = patches;
SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
Date d = sdf.parse(cveDate);
this.CVEDate = d;
}
private static List<String> extractStringArray(JSONObject obj, String arrayName) throws Exception {
JSONArray jsonStringArray = obj.getJSONArray(arrayName);
List<String> items = new ArrayList<>();
for (int i = 0; i < jsonStringArray.length(); i++) {
items.add(jsonStringArray.getString(i));
}
return items;
}
public static Map<String, VulnerabilityDescriptor> getParsedVulnMap(Context ctx) throws Exception {
String jsonVulns = BinaryAssets.extractAsset(ctx, "vuln_map.json");
JSONObject vulnMap = new JSONObject(jsonVulns);
Map<String, VulnerabilityDescriptor> descriptorMap = new HashMap<>();
Iterator<String> keys = vulnMap.keys();
while (keys.hasNext()) {
JSONObject jobj = null;
String description = null;
String impact = null;
Double cvssV2Score = null;
String cveDate = null;
List<String> externalLinks = null;
List<String> altNames = null;
List<String> patches = null;
String key = keys.next();
jobj = vulnMap.getJSONObject(key);
String cve = jobj.getString("cve");
altNames = extractStringArray(jobj, "altnames");
description = jobj.getString("description");
impact = jobj.getString("impact");
externalLinks = extractStringArray(jobj, "external_links");
cvssV2Score = jobj.getDouble("cvssv2");
patches = extractStringArray(jobj, "patch");
cveDate = jobj.getString("cvedate");
VulnerabilityDescriptor vd = new VulnerabilityDescriptor(
cve,
description,
impact,
cvssV2Score,
cveDate,
externalLinks,
altNames,
patches);
descriptorMap.put(key, vd);
}
return descriptorMap;
}
public String getCVEorID() {
return CVEorID;
}
public String getDescription() {
return description;
}
public String getImpact() {
return impact;
}
public Double getCVSSV2Score() {
return CVSSV2Score;
}
public Date getCVEDate() {
return CVEDate;
}
public List<String> getExternalLinks() {
return externalLinks;
}
public List<String> getAltNames() {
return altNames;
}
public List<String> getPatches() {
return patches;
}
}