github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 02:21:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

patched for issue #120 - duplicate evidence listed in reports

Browse Source 
Former-commit-id: 3cdc1854af586029911b70fb4b8ff54669bac022
This commit is contained in:
Jeremy Long
2014-05-03 08:52:45 -04:00
parent ad601fd1ee
commit 0edf017ddc
6 changed files with 116 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java
View File

@@ -369,6 +369,15 @@ public class Dependency implements Comparable<Dependency> {
return EvidenceCollection.merge(this.productEvidence, this.vendorEvidence, this.versionEvidence); return EvidenceCollection.merge(this.productEvidence, this.vendorEvidence, this.versionEvidence);
} }
/**
* Returns the evidence used to identify this dependency.
*
* @return an EvidenceCollection.
*/
public Set<Evidence> getEvidenceForDisplay() {
return EvidenceCollection.mergeForDisplay(this.productEvidence, this.vendorEvidence, this.versionEvidence);
}
/** /**
* Returns the evidence used to identify this dependency. * Returns the evidence used to identify this dependency.
* *

89
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java
View File

@@ -220,22 +220,95 @@ public class Evidence implements Comparable<Evidence> {
* @return an integer indicating the ordering of the two objects * @return an integer indicating the ordering of the two objects
*/ */
public int compareTo(Evidence o) { public int compareTo(Evidence o) {
if (source.equals(o.source)) { if (o == null) {
if (name.equals(o.name)) { return 1;
if (value.equals(o.value)) { }
if (confidence.equals(o.confidence)) { if (equalsWithNullCheck(source, o.source)) {
if (equalsWithNullCheck(name, o.name)) {
if (equalsWithNullCheck(value, o.value)) {
if (equalsWithNullCheck(confidence, o.confidence)) {
return 0; //they are equal return 0; //they are equal
} else { } else {
return confidence.compareTo(o.confidence); return compareToWithNullCheck(confidence, o.confidence);
} }
} else { } else {
return value.compareToIgnoreCase(o.value); return compareToIgnoreCaseWithNullCheck(value, o.value);
} }
} else { } else {
return name.compareToIgnoreCase(o.name); return compareToIgnoreCaseWithNullCheck(name, o.name);
} }
} else { } else {
return source.compareToIgnoreCase(o.source); return compareToIgnoreCaseWithNullCheck(source, o.source);
} }
} }
/**
* Equality check with an exhaustive, possibly duplicative, check against nulls.
*
* @param me the value to be compared
* @param other the other value to be compared
* @return true if the values are equal; otherwise false
*/
private boolean equalsWithNullCheck(String me, String other) {
if (me == null && other == null) {
return true;
} else if (me == null || other == null) {
return false;
}
return me.equals(other);
}
/**
* Equality check with an exhaustive, possibly duplicative, check against nulls.
*
* @param me the value to be compared
* @param other the other value to be compared
* @return true if the values are equal; otherwise false
*/
private boolean equalsWithNullCheck(Confidence me, Confidence other) {
if (me == null && other == null) {
return true;
} else if (me == null || other == null) {
return false;
}
return me.equals(other);
}
/**
* Wrapper around {@link java.lang.String#compareToIgnoreCase(java.lang.String) String.compareToIgnoreCase} with an
* exhaustive, possibly duplicative, check against nulls.
*
* @param me the value to be compared
* @param other the other value to be compared
* @return true if the values are equal; otherwise false
*/
private int compareToIgnoreCaseWithNullCheck(String me, String other) {
if (me == null && other == null) {
return 0;
} else if (me == null) {
return -1; //the other string is greater then me
} else if (other == null) {
return 1; //me is greater then the other string
}
return me.compareToIgnoreCase(other);
}
/**
* Wrapper around {@link java.lang.Enum#compareTo(java.lang.Enum) Enum.compareTo} with an exhaustive, possibly
* duplicative, check against nulls.
*
* @param me the value to be compared
* @param other the other value to be compared
* @return true if the values are equal; otherwise false
*/
private int compareToWithNullCheck(Confidence me, Confidence other) {
if (me == null && other == null) {
return 0;
} else if (me == null) {
return -1; //the other string is greater then me
} else if (other == null) {
return 1; //me is greater then the other string
}
return me.compareTo(other);
}
} }

20
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java
View File

@@ -311,6 +311,26 @@ public class EvidenceCollection implements Iterable<Evidence> {
return ret; return ret;
} }
/**
* Merges multiple EvidenceCollections together; flattening all of the evidence items by removing the confidence.
*
* @param ec One or more EvidenceCollections
* @return new set of evidence resulting from merging the evidence in the collections
*/
public static Set<Evidence> mergeForDisplay(EvidenceCollection... ec) {
final Set<Evidence> ret = new TreeSet<Evidence>();
for (EvidenceCollection col : ec) {
for (Evidence e : col) {
if (e.isUsed()) {
final Evidence newEvidence = new Evidence(e.getSource(), e.getName(), e.getValue(), null);
newEvidence.setUsed(true);
ret.add(newEvidence);
}
}
}
return ret;
}
/** /**
* Returns a string of evidence 'values'. * Returns a string of evidence 'values'.
* *

4
dependency-check-core/src/main/resources/templates/HtmlReport.vsl
View File

@@ -571,7 +571,7 @@ arising out of or in connection with the use of this tool, the analysis performe
<div id="content$cnt" class="subsectioncontent standardsubsection hidden"> <div id="content$cnt" class="subsectioncontent standardsubsection hidden">
<table class="lined fullwidth" border="0"> <table class="lined fullwidth" border="0">
<tr><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:70%;">Value</th></tr> <tr><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:70%;">Value</th></tr>
#foreach($evidence in $dependency.getEvidenceUsed()) #foreach($evidence in $dependency.getEvidenceForDisplay())
<tr><td>$enc.html($evidence.getSource())</td><td>$enc.html($evidence.getName())</td><td>$enc.html($evidence.getValue())</td></tr> <tr><td>$enc.html($evidence.getSource())</td><td>$enc.html($evidence.getName())</td><td>$enc.html($evidence.getValue())</td></tr>
#end #end
</table> </table>
@@ -714,7 +714,7 @@ arising out of or in connection with the use of this tool, the analysis performe
<div id="content$cnt" class="subsectioncontent standardsubsection hidden"> <div id="content$cnt" class="subsectioncontent standardsubsection hidden">
<table class="lined fullwidth" border="0"> <table class="lined fullwidth" border="0">
<tr><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:70%;">Value</th></tr> <tr><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:70%;">Value</th></tr>
#foreach($evidence in $dependency.getEvidenceUsed()) #foreach($evidence in $dependency.getEvidenceForDisplay())
<tr><td>$enc.html($evidence.getSource())</td><td>$enc.html($evidence.getName())</td><td>$enc.html($evidence.getValue())</td></tr> <tr><td>$enc.html($evidence.getSource())</td><td>$enc.html($evidence.getName())</td><td>$enc.html($evidence.getValue())</td></tr>
#end #end
</table> </table>

2
dependency-check-core/src/main/resources/templates/XmlReport.vsl
View File

@@ -68,7 +68,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
</relatedDependencies> </relatedDependencies>
#end #end
<evidenceCollected> <evidenceCollected>
#foreach($evidence in $dependency.getEvidenceUsed()) #foreach($evidence in $dependency.getEvidenceForDisplay())
<evidence> <evidence>
<source>$enc.xml($evidence.getSource())</source> <source>$enc.xml($evidence.getSource())</source>
<name>$enc.xml($evidence.getName())</name> <name>$enc.xml($evidence.getName())</name>

5
dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java
View File

@@ -613,7 +613,8 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
*/ */
private int writeSiteReportDependencyEvidenceUsed(Dependency d, int collapsibleHeaderCount, Sink sink) { private int writeSiteReportDependencyEvidenceUsed(Dependency d, int collapsibleHeaderCount, Sink sink) {
int cnt = collapsibleHeaderCount; int cnt = collapsibleHeaderCount;
if (d.getEvidenceUsed() != null && d.getEvidenceUsed().size() > 0) { final Set<Evidence> evidence = d.getEvidenceForDisplay();
if (evidence != null && evidence.size() > 0) {
cnt += 1; cnt += 1;
sink.sectionTitle4(); sink.sectionTitle4();
sink.rawText("Evidence Collected <a href=\"javascript:toggleElement(this, 'evidence" + cnt + "')\">[+]</a>"); sink.rawText("Evidence Collected <a href=\"javascript:toggleElement(this, 'evidence" + cnt + "')\">[+]</a>");
@@ -625,7 +626,7 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
writeTableHeaderCell(sink, "Name"); writeTableHeaderCell(sink, "Name");
writeTableHeaderCell(sink, "Value"); writeTableHeaderCell(sink, "Value");
sink.tableRow_(); sink.tableRow_();
for (Evidence e : d.getEvidenceUsed()) { for (Evidence e : evidence) {
sink.tableRow(); sink.tableRow();
writeTableCell(sink, e.getSource()); writeTableCell(sink, e.getSource());
writeTableCell(sink, e.getName()); writeTableCell(sink, e.getName());