From 1ded1b603efd66eaa8a271c364169de87d45fa6c Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Thu, 18 Apr 2013 06:24:40 -0400
Subject: [PATCH] added vulnerable software

Former-commit-id: dd4b3a9e06bb33e4f895565bec4588a8b38f6f5d
---
 src/main/resources/templates/XmlReport.vsl | 74 ++++++++++++----------
 1 file changed, 39 insertions(+), 35 deletions(-)

diff --git a/src/main/resources/templates/XmlReport.vsl b/src/main/resources/templates/XmlReport.vsl
index 74c3fb69b..a44f9548e 100644
--- a/src/main/resources/templates/XmlReport.vsl
+++ b/src/main/resources/templates/XmlReport.vsl
@@ -26,58 +26,57 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
         <reportDate>$date</reportDate>
     </projectInfo>
     <dependencies>
-        #foreach($dependency in $dependencies)
+#foreach($dependency in $dependencies)
         <dependency>
             <fileName>$esc.html($dependency.FileName)</fileName>
             <filePath>$esc.html($dependency.FilePath)</filePath>
             <md5>$esc.html($dependency.Md5sum)</md5>
             <sha1>$esc.html($dependency.Sha1sum)</sha1>
-            #if ($dependency.description)
+#if ($dependency.description)
             <description>$esc.html($dependency.description)</description>
-            #end
-            #if ($dependency.license)
+#end
+#if ($dependency.license)
             <license>$esc.html($dependency.license)</license>
-            #end
-            #if ( $dependency.analysisExceptions.size() != 0 )
+#end
+#if ( $dependency.analysisExceptions.size() != 0 )
             <analysisExceptions>
-            #foreach($ex in $dependency.analysisExceptions)
+#foreach($ex in $dependency.analysisExceptions)
                 <exception>
                     <message>$esc.html($ex.message)</message>
-                    #if ( $ex.stackTrace )
+#if ( $ex.stackTrace )
                     <stackTrace>
-                    #foreach ($st in $ex.stackTrace)
+#foreach ($st in $ex.stackTrace)
                         <trace>$esc.html($st)</trace>
-                    #end
+#end
                     </stackTrace>
-                    #end
-
-                    #if ( $ex.cause )
+#end
+#if ( $ex.cause )
                     <innerException>
                         <message>$esc.html($ex.cause.message)</message>
-                        #if ( $ex.cause.stackTrace )
+#if ( $ex.cause.stackTrace )
                         <stackTrace>
-                        #foreach ($st in $ex.cause.stackTrace)
+#foreach ($st in $ex.cause.stackTrace)
                             <trace>$esc.html($st)</trace>
-                        #end
+#end
                         </stackTrace>
-                        #end
+#end
                     </innerException>
-                    #end
+#end
                 </exception>
-                #end
+#end
             </analysisExceptions>
-            #end
+#end
             <evidenceCollected>
-            #foreach($evidence in $dependency.getEvidenceUsed())
+#foreach($evidence in $dependency.getEvidenceUsed())
                 <evidence>
                     <source>$esc.html($evidence.getSource())</source>
                     <name>$esc.html($evidence.getName())</name>
                     <value>$esc.html($evidence.getValue())</value>
                 </evidence>
-                #end
+#end
             </evidenceCollected>
             <identifiers>
-                #foreach($id in $dependency.getIdentifiers())
+#foreach($id in $dependency.getIdentifiers())
                 <identifier type="$esc.html($id.type)">
                     <name>$esc.html($id.value)</name>
                     <url>$esc.html($id.url)</url>
@@ -85,37 +84,42 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                     <description>$esc.html($id.description)</description>>
                     #end
                 </identifier>
-                #end
+#end
             </identifiers>
             <vulnerabilities>
-                #foreach($vuln in $dependency.getVulnerabilities())
+#foreach($vuln in $dependency.getVulnerabilities())
                 <vulnerability>
                     <name>$esc.html($vuln.name)</name>
                     <cvssScore>$vuln.cvssScore</cvssScore>
-                    #if ($vuln.cvssScore<4.0)
+#if ($vuln.cvssScore<4.0)
                     <severity>Low</severity>
-                    #elseif ($vuln.cvssScore>=7.0)
+#elseif ($vuln.cvssScore>=7.0)
                     <severity>High</severity>
-                    #else
+#else
                     <severity>Medium</severity>
-                    #end
-                    #if ($vuln.cwe)
+#end
+#if ($vuln.cwe)
                     <cwe>$esc.html($vuln.cwe)</cwe>
-                    #end
+#end
                     <description>$esc.html($vuln.description)</description>
                     <references>
-                        #foreach($ref in $vuln.getReferences())
+#foreach($ref in $vuln.getReferences())
                         <reference>
                             <source>$esc.html($ref.source)</source>
                             <url>$esc.html($ref.url)</url>
                             <name>$ref.name</name>
                         </reference>
-                        #end
+#end
                     </references>
+                    <vulnerableSoftware>
+#foreach($vs in $vuln.getVulnerableSoftware())
+                        <software#if($vs.hasPreviousVersion()) allPreviousVersion="true"#end>$esc.html($vs.name)</software>
+#end
+                    </vulnerableSoftware>
                 </vulnerability>
-                #end
+#end
             </vulnerabilities>
-            #end
+#end
         </dependency>
     </dependencies>
 </analysis>
\ No newline at end of file