github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-02-21 18:08:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

documentation v1.3.1

Browse Source
This commit is contained in:
Jeremy Long
2015-09-20 07:41:29 -04:00
parent 4fd8873223
commit 191c5fae56
1456 changed files with 125936 additions and 63077 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
analyzers/archive-analyzer.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Archive Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Archive Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,162 +72,197 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li class="active">
<a href="#"><i class="none"></i>Archive Analyzer</a>
<a href="#"><span class="none"></span>Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<i class="none"></i>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/python-analyzer.html" title="Python Analyzer">
<i class="none"></i>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<i class="none"></i>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<i class="none"></i>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<i class="none"></i>
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<i class="none"></i>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf-analyzer.html" title="Autoconf Analyzer">
<i class="none"></i>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl-analyzer.html" title="OpenSSL Analyzer">
<i class="none"></i>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -268,7 +303,7 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Archive Analyzer</h1>
<p>OWASP dependency-check includes an analyzer an archive analyzer that will attempt to extract files from the archive that are supported by the other file type analyzers.</p>
@@ -284,15 +319,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

176
analyzers/assembly-analyzer.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Assembly Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Assembly Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,162 +72,197 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<i class="none"></i>
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<i class="none"></i>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/python-analyzer.html" title="Python Analyzer">
<i class="none"></i>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<i class="none"></i>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<i class="none"></i>
Nexus Analyzer</a>
</li>
<li class="active">
<a href="#"><i class="none"></i>Assembly Analyzer</a>
<a href="#"><span class="none"></span>Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<i class="none"></i>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf-analyzer.html" title="Autoconf Analyzer">
<i class="none"></i>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl-analyzer.html" title="OpenSSL Analyzer">
<i class="none"></i>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -268,7 +303,7 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Assembly Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that scans .NET dll and exe files and collect as much information it can about the files as it can. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply.</p>
@@ -282,15 +317,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

331
analyzers/autoconf.html Normal file
View File

@@ -0,0 +1,331 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; Autoconf Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:-20px;margin-bottom:5px !important }</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">Autoconf Analyzer</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.1
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>Autoconf Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that will scan Autoconf project configuration files. The analyzer will collect as much information it can about the project. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply.</p>
<p>File names scanned: configure, configure.in, configure.ac</p>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>

164
analyzers/central-analyzer.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Central Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Central Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,144 +72,172 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<i class="none"></i>
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<i class="none"></i>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/python-analyzer.html" title="Python Analyzer">
<i class="none"></i>
Python Analyzer</a>
</li>
<li class="active">
<a href="#"><i class="none"></i>Central Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<i class="none"></i>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<i class="none"></i>
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<i class="none"></i>
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf-analyzer.html" title="Autoconf Analyzer">
<i class="none"></i>
Autoconf Analyzer</a>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl-analyzer.html" title="OpenSSL Analyzer">
<i class="none"></i>
OpenSSL Analyzer</a>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
@@ -217,17 +245,24 @@
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -268,7 +303,7 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Central Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that will check for the Maven GAV (Group/Artifact/Version) information for artifacts in the scanned area. By default the information comes from <a class="externalLink" href="http://search.maven.org/" title="Maven Central">Maven Central</a>. If the artifact&#x2019;s hash is found in the configured Nexus repository, its GAV is recorded as an Identifier and the Group is collected as Vendor evidence, the Artifact is collected as Product evidence, and the Version is collected as Version evidence.</p>
@@ -281,15 +316,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

331
analyzers/cmake.html Normal file
View File

@@ -0,0 +1,331 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; CMake Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:-20px;margin-bottom:5px !important }</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">CMake Analyzer</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.1
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>CMake Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that will scan CMake project configuration files. The analyzer will collect as much information it can about the project. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply.</p>
<p>File names scanned: CMakeLists.txt, *.cmake</p>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>

246
analyzers/composer-lock.html Normal file
View File

@@ -0,0 +1,246 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; Composer Lock Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:-20px;margin-bottom:5px !important }</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">Composer Lock Analyzer</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.1
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-right"></span>
File Type Analyzers</a>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>Composer Lock Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that scans composer.lock files to get exact dependency version information from PHP projects which are managed with <a class="externalLink" href="http://getcomposer.org/">Composer</a>. If you&#x2019;re using Composer to manage your project, this will only analyze the <tt>composer.lock</tt> file currently, so you&#x2019;ll need to run <tt>composer install</tt> to have Composer generate this file.</p>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>

328
analyzers/index.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - File Type Analyzers</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; File Type Analyzers</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,162 +72,197 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li class="active">
<a href="#"><i class="icon-chevron-down"></i>File Type Analyzers</a>
<a href="#"><span class="icon-chevron-down"></span>File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<i class="none"></i>
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<i class="none"></i>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/python-analyzer.html" title="Python Analyzer">
<i class="none"></i>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<i class="none"></i>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<i class="none"></i>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<i class="none"></i>
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<i class="none"></i>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf-analyzer.html" title="Autoconf Analyzer">
<i class="none"></i>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl-analyzer.html" title="OpenSSL Analyzer">
<i class="none"></i>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -268,31 +303,143 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>File Type Analyzers</h1>
<p>OWASP dependency-check contains several file type analyzers that are used to extract identification information from the files analyzed.</p>
<ul>
<li><a href="./archive-analyzer.html">Archive Analyzer</a></li>
<li><a href="./assembly-analyzer.html">Assembly Analyzer</a></li>
<li><a href="./autoconf-analyzer.html">Autoconf Analyzer</a></li>
<li><a href="./central-analyzer.html">Central Analyzer</a></li>
<li><a href="./jar-analyzer.html">Jar Analyzer</a></li>
<li><a href="./nexus-analyzer.html">Nexus Analyzer</a></li>
<li><a href="./nuspec-analyzer.html">Nuspec Analyzer</a></li>
<li><a href="./openssl-analyzer.html">OpenSSL Analyzer</a></li>
<li><a href="./python-analyzer.html">Python Analyzer</a></li>
</ul>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Analyzer </th>
<th>File Types Scanned </th>
<th>Analysis Method </th>
</tr>
</thead>
<tbody>
<tr class="b">
<td><a href="./archive-analyzer.html">Archive</a> </td>
<td>Zip archive format (*.zip, *.ear, *.war, *.jar, *.sar, *.apk, *.nupkg); Tape Archive Format (*.tar); Gzip format (*.gz, *.tgz); Bzip2 format (*.bz2, *.tbz2) </td>
<td>Extracts archive contents, then scans contents with all available analyzers. </td>
</tr>
<tr class="a">
<td><a href="./assembly-analyzer.html">Assembly</a> </td>
<td>.NET Assemblies (*.exe, *.dll) </td>
<td>Uses <a class="externalLink" href="https://github.com/colezlaw/GrokAssembly">GrokAssembly.exe</a>, which requires .NET Framework or Mono runtime to be installed. </td>
</tr>
<tr class="b">
<td><a href="./autoconf.html">Autoconf</a> </td>
<td>Autoconf project configuration files (configure, configure.in, configure.ac) </td>
<td><a class="externalLink" href="https://en.wikipedia.org/wiki/Regular_expression">Regex</a> scan for AC_INIT metadata, including in generated configuration script. </td>
</tr>
<tr class="a">
<td><a href="./central-analyzer.html">Central</a> </td>
<td>Java archive files (*.jar) </td>
<td>Searches Maven Central or a configured Nexus repository for the file&#x2019;s SHA1 hash. </td>
</tr>
<tr class="b">
<td><a href="./cmake.html">CMake</a> </td>
<td>CMake project files (CMakeLists.txt) and scripts (*.cmake) </td>
<td>Regex scan for project initialization and version setting commands. </td>
</tr>
<tr class="a">
<td><a href="./composer-lock.html">Composer Lock</a> </td>
<td>PHP <a class="externalLink" href="http://getcomposer.org">Composer</a> Lock files (composer.lock) </td>
<td>Parses PHP <a class="externalLink" href="http://getcomposer.org">Composer</a> lock files for exact versions of dependencies. </td>
</tr>
<tr class="b">
<td><a href="./jar-analyzer.html">Jar</a> </td>
<td>Java archive files (*.jar); Web application archive (*.war) </td>
<td>Examines archive manifest metadata, and Maven Project Object Model files (pom.xml). </td>
</tr>
<tr class="a">
<td><a href="./nexus-analyzer.html">Nexus</a> </td>
<td>Java archive files (*.jar) </td>
<td>Searches Sonatype or a configured Nexus repository for the file&#x2019;s SHA1 hash. In most cases, superceded by Central . </td>
</tr>
<tr class="b">
<td><a href="./nodejs.html">Node.js</a> </td>
<td>NPM package specification files (package.json) </td>
<td>Parse JSON format for metadata. </td>
</tr>
<tr class="a">
<td><a href="./nuspec-analyzer.html">Nuspec</a> </td>
<td>Nuget package specification file (*.nuspec) </td>
<td>Uses XPath to parse specification XML. </td>
</tr>
<tr class="b">
<td><a href="./openssl.html">OpenSSL</a> </td>
<td>OpenSSL Version Source Header File (opensslv.h) </td>
<td>Regex parse of the OPENSSL_VERSION_NUMBER macro definition. </td>
</tr>
<tr class="a">
<td><a href="./python.html">Python</a> </td>
<td>Python source files (*.py); Package metadata files (PKG-INFO, METADATA); Package Distribution Files (*.whl, *.egg, *.zip) </td>
<td>Regex scan of Python source files for setuptools metadata; Parse RFC822 header format for metadata in all other artifacts. </td>
</tr>
<tr class="b">
<td><a href="./ruby-gemspec.html">Ruby Gemspec</a> </td>
<td>Ruby makefiles (Rakefile); Ruby Gemspec files (*.gemspec) </td>
<td>Regex scan Gemspec initialization blocks for metadata. </td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
@@ -302,15 +449,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

172
analyzers/jar-analyzer.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Jar Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Jar Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,162 +72,197 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<i class="none"></i>
<span class="none"></span>
Archive Analyzer</a>
</li>
<li class="active">
<a href="#"><i class="none"></i>Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/python-analyzer.html" title="Python Analyzer">
<i class="none"></i>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<i class="none"></i>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<i class="none"></i>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<i class="none"></i>
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<i class="none"></i>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf-analyzer.html" title="Autoconf Analyzer">
<i class="none"></i>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl-analyzer.html" title="OpenSSL Analyzer">
<i class="none"></i>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -268,7 +303,7 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Jar Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that scans JAR files and collect as much information it can about the file as it can. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply. Additionally, if a POM is present the analyzer will add the Maven group, artifact, and version (GAV).</p>
@@ -282,15 +317,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

178
analyzers/nexus-analyzer.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Nexus Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Nexus Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,162 +72,197 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<i class="none"></i>
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<i class="none"></i>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/python-analyzer.html" title="Python Analyzer">
<i class="none"></i>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<i class="none"></i>
Central Analyzer</a>
</li>
<li class="active">
<a href="#"><i class="none"></i>Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<i class="none"></i>
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<i class="none"></i>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf-analyzer.html" title="Autoconf Analyzer">
<i class="none"></i>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl-analyzer.html" title="OpenSSL Analyzer">
<i class="none"></i>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -268,19 +303,19 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Nexus Analyzer</h1>
<p>The Nexus Analyzer has been superceded by the Central Analyzer. If both the Central Analyzer and Nexus Analyzer are enabled and the Nexus URL has not been configured to point to an instance of Nexus Pro the Nexus Analyzer will disable itself.</p>
<p>The Nexus Analyzer will check for the Maven GAV (Group/Artifact/Version) information for artifacts in the scanned area. This is done by determining if an artifact exists in a Nexus Pro installation using the SHA-1 hash of the artifact scanned. If the artifact&#x2019;s hash is found in the configured Nexus repository, its GAV is recorded as an Identifier and the Group is collected as Vendor evidence, the Artifact is collected as Product evidence, and the Version is collected as Version evidence.</p>
<div class="section">
<h2>Logging<a name="Logging"></a></h2>
<h2><a name="Logging"></a>Logging</h2>
<p>You may see a log message similar to the following during analysis:</p>
<div class="source">
<pre>Mar 31, 2014 9:15:12 AM org.owasp.dependencycheck.analyzer.NexusAnalyzer initializeFileTypeAnalyzer
<div class="source"><pre class="prettyprint linenums">Mar 31, 2014 9:15:12 AM org.owasp.dependencycheck.analyzer.NexusAnalyzer initializeFileTypeAnalyzer
WARNING: There was an issue getting Nexus status. Disabling analyzer.
</pre></div>
</pre></div></div>
<p>At the beginning of analysis, a check is made by the Nexus analyzer to see if it is able to reach the configured Nexus service, and if it cannot be reached, the analyzer will be disabled. If you see this message, you can use the configuration settings described in either the CLI, Ant, Maven, or Jenkins plugins to resolve the issue, or disable the analyzer altogether.</p></div>
</div>
</div>
@@ -291,15 +326,14 @@ WARNING: There was an issue getting Nexus status. Disabling analyzer.
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

332
analyzers/nodejs.html Normal file
View File

@@ -0,0 +1,332 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; Node.js Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:-20px;margin-bottom:5px !important }</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">Node.js Analyzer</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.1
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>Node.js Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that will scan <a class="externalLink" href="https://www.npmjs.com/">Node Package Manager</a> package specification files. The analyzer will collect as much information as it can about the package. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply.</p>
<p><b>Note:</b> Also consider using the Node Security Project auditing tool, <a class="externalLink" href="https://nodesecurity.io/tools">nsp</a>.</p>
<p>Files Types Scanned: <a class="externalLink" href="https://docs.npmjs.com/files/package.json">package.json</a></p>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>

172
analyzers/nuspec-analyzer.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Nuspec Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Nuspec Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,162 +72,197 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<i class="none"></i>
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<i class="none"></i>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/python-analyzer.html" title="Python Analyzer">
<i class="none"></i>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<i class="none"></i>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<i class="none"></i>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<i class="none"></i>
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li class="active">
<a href="#"><i class="none"></i>Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf-analyzer.html" title="Autoconf Analyzer">
<i class="none"></i>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl-analyzer.html" title="OpenSSL Analyzer">
<i class="none"></i>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -268,7 +303,7 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Nuspec Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that will scan NuGet&#x2019;s Nuspec file to collect information about the component being used. The evidence collected is used by other analyzers to determine if there are any known vulnerabilities associated with the component.</p>
@@ -283,15 +318,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

331
analyzers/openssl.html Normal file
View File

@@ -0,0 +1,331 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; OpenSSL Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:-20px;margin-bottom:5px !important }</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">OpenSSL Analyzer</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.1
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>OpenSSL Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that will scan OpenSSL source code files for the OpenSSL version information. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply.</p>
<p>File names scanned: opensslv.h</p>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>

331
analyzers/python.html Normal file
View File

@@ -0,0 +1,331 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; Python Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:-20px;margin-bottom:5px !important }</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">Python Analyzer</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.1
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>Python Analyzer</a>
</li>
<li>
<a href="../analyzers/ruby-gemspec.html" title="Ruby Gemspec Analyzer">
<span class="none"></span>
Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>Python Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that will scan Python artifacts. The analyzer(s) will collect as much information it can about the Python artifacts. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply.</p>
<p>Files Types Scanned: py, whl, egg, zip, PKG-INFO, and METADATA</p>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>

332
analyzers/ruby-gemspec.html Normal file
View File

@@ -0,0 +1,332 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; Ruby Gemspec Analyzer</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:-20px;margin-bottom:5px !important }</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">Ruby Gemspec Analyzer</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.1
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<span class="icon-chevron-right"></span>
Internet Access Required</a>
</li>
<li>
<a href="../related.html" title="Related Work">
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-down"></span>
File Type Analyzers</a>
<ul class="nav nav-list">
<li>
<a href="../analyzers/archive-analyzer.html" title="Archive Analyzer">
<span class="none"></span>
Archive Analyzer</a>
</li>
<li>
<a href="../analyzers/assembly-analyzer.html" title="Assembly Analyzer">
<span class="none"></span>
Assembly Analyzer</a>
</li>
<li>
<a href="../analyzers/autoconf.html" title="Autoconf Analyzer">
<span class="none"></span>
Autoconf Analyzer</a>
</li>
<li>
<a href="../analyzers/central-analyzer.html" title="Central Analyzer">
<span class="none"></span>
Central Analyzer</a>
</li>
<li>
<a href="../analyzers/cmake.html" title="CMake Analyzer">
<span class="none"></span>
CMake Analyzer</a>
</li>
<li>
<a href="../analyzers/jar-analyzer.html" title="Jar Analyzer">
<span class="none"></span>
Jar Analyzer</a>
</li>
<li>
<a href="../analyzers/nexus-analyzer.html" title="Nexus Analyzer">
<span class="none"></span>
Nexus Analyzer</a>
</li>
<li>
<a href="../analyzers/nodejs.html" title="Node.js Analyzer">
<span class="none"></span>
Node.js Analyzer</a>
</li>
<li>
<a href="../analyzers/nuspec-analyzer.html" title="Nuspec Analyzer">
<span class="none"></span>
Nuspec Analyzer</a>
</li>
<li>
<a href="../analyzers/openssl.html" title="OpenSSL Analyzer">
<span class="none"></span>
OpenSSL Analyzer</a>
</li>
<li>
<a href="../analyzers/python.html" title="Python Analyzer">
<span class="none"></span>
Python Analyzer</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>Ruby Gemspec Analyzer</a>
</li>
</ul>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>Ruby Gemspec Analyzer</h1>
<p>OWASP dependency-check includes an analyzer that will scan <a class="externalLink" href="https://rubygems.org/">Ruby Gem</a> <a class="externalLink" href="http://guides.rubygems.org/specification-reference/">specifications</a>. The analyzer will collect as much information as it can about the Gem. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply.</p>
<p><b>Note:</b> Also consider using the Ruby <a class="externalLink" href="https://github.com/rubysec/bundler-audit#readme">bundler-audit</a> tool.</p>
<p>Files Types Scanned: Rakefile, *.gemspec</p>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>