diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java index 5b702543b..5c5a8bee1 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java @@ -26,15 +26,17 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; import java.io.OutputStreamWriter; +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.Date; import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; +import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.apache.velocity.context.Context; import org.apache.velocity.runtime.RuntimeConstants; import org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader; -import org.apache.velocity.tools.ToolManager; -import org.apache.velocity.tools.config.EasyFactoryConfiguration; import org.owasp.dependencycheck.analyzer.Analyzer; import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties; import org.owasp.dependencycheck.dependency.Dependency; @@ -93,10 +95,20 @@ public class ReportGenerator { engine.init(); + DateFormat dateFormat = new SimpleDateFormat("MMM d, yyyy 'at' HH:mm:ss z"); + DateFormat dateFormatXML = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ"); + Date d = new Date(); + String scanDate = dateFormat.format(d); + String scanDateXML = dateFormatXML.format(d); + EscapeTool enc = new EscapeTool(); + context.put("applicationName", applicationName); context.put("dependencies", dependencies); context.put("analyzers", analyzers); context.put("properties", properties); + context.put("scanDate", scanDate); + context.put("scanDateXML", scanDateXML); + context.put("enc", enc); context.put("version", Settings.getString("application.version", "Unknown")); } @@ -118,15 +130,15 @@ public class ReportGenerator { * * @return a Velocity Context. */ - @edu.umd.cs.findbugs.annotations.SuppressWarnings(value = "RV_RETURN_VALUE_IGNORED_INFERRED", - justification = "No plan to fix this style issue") private Context createContext() { - final ToolManager manager = new ToolManager(); - final Context c = manager.createContext(); - final EasyFactoryConfiguration config = new EasyFactoryConfiguration(); - config.addDefaultTools(); - config.toolbox("application").tool("esc", "org.apache.velocity.tools.generic.EscapeTool").tool("org.apache.velocity.tools.generic.DateTool"); - manager.configure(config); + //REMOVED all of the velocity tools to simplify the engine trying to resolve issues running this in Jenkins +// final ToolManager manager = new ToolManager(); +// final Context c = manager.createContext(); +// final EasyFactoryConfiguration config = new EasyFactoryConfiguration(); +// config.addDefaultTools(); +// config.toolbox("application").tool("esc", "org.apache.velocity.tools.generic.EscapeTool").tool("org.apache.velocity.tools.generic.DateTool"); +// manager.configure(config); + VelocityContext c = new VelocityContext(); return c; } diff --git a/dependency-check-core/src/main/resources/templates/HtmlReport.vsl b/dependency-check-core/src/main/resources/templates/HtmlReport.vsl index 2ff16d539..0ae1ba690 100644 --- a/dependency-check-core/src/main/resources/templates/HtmlReport.vsl +++ b/dependency-check-core/src/main/resources/templates/HtmlReport.vsl @@ -471,26 +471,38 @@ implied or otherwise, with regard to the analysis or its use. Any use of the too is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

]]# -

Project: $esc.html($applicationName)

+

Project: $enc.html($applicationName)

#set($depCount=$dependencies.size()) + #set($vulnDepCount=0) #set($vulnCount=0) + #set($vulnSuppressedCount=0) + #set($cpeSuppressedCount=0) #foreach($dependency in $dependencies) #set($depCount=$depCount+$dependency.getRelatedDependencies().size()) #if($dependency.getVulnerabilities().size()>0) - #set($vulnCount=$vulnCount+1) + #set($vulnDepCount=$vulnDepCount+1) + #set($vulnCount=$vulnCount+$dependency.getVulnerabilities().size()) + #end + #if($dependency.getSuppressedIdentifiers().size()>0) + #set($cpeSuppressedCount=$cpeSuppressedCount+1) + #end + #if($dependency.getSuppressedVulnerabilities().size()>0) + #set($vulnSuppressedCount=$vulnSuppressedCount+$dependency.getSuppressedVulnerabilities().size()) #end #end Scan Information (show all):

Dependency Display: show all

@@ -499,11 +511,11 @@ arising out of or in connection with the use of this tool, the analysis performe #foreach($dependency in $dependencies) #set($lnkcnt=$lnkcnt+1)
  • - $esc.html($dependency.FileName) + $enc.html($dependency.FileName) #if($dependency.getRelatedDependencies().size()>0) #end @@ -516,22 +528,22 @@ arising out of or in connection with the use of this tool, the analysis performe #set($vsctr=0) ##counter to create unique groups for vulnerable software #foreach($dependency in $dependencies) #set($lnkcnt=$lnkcnt+1) -

    $esc.html($dependency.FileName)

    +

    $enc.html($dependency.FileName)

    #if ($dependency.description) -

    Description: $esc.html($dependency.description)

    +

    Description: $enc.html($dependency.description)

    #end

    #if ($dependency.license) #if ($dependency.license.startsWith("http://")) - License:

    $esc.html($dependency.license)
    + License:
    $enc.html($dependency.license)
    #else - License:
    $esc.html($dependency.license)
    + License:
    $enc.html($dependency.license)
    #end #end - File Path: $esc.html($dependency.FilePath)
    - MD5: $esc.html($dependency.Md5sum)
    - SHA1: $esc.html($dependency.Sha1sum) + File Path: $enc.html($dependency.FilePath)
    + MD5: $enc.html($dependency.Md5sum)
    + SHA1: $enc.html($dependency.Sha1sum)

    #set($cnt=$cnt+1) @@ -539,7 +551,7 @@ arising out of or in connection with the use of this tool, the analysis performe #foreach($evidence in $dependency.getEvidenceUsed()) - + #end
    SourceNameValue
    $esc.html($evidence.getSource())$esc.html($evidence.getName())$esc.html($evidence.getValue())
    $enc.html($evidence.getSource())$enc.html($evidence.getName())$enc.html($evidence.getValue())
    @@ -549,18 +561,18 @@ arising out of or in connection with the use of this tool, the analysis performe


    This report contains data retrieved from the National Vulnerability Database.
    diff --git a/dependency-check-core/src/main/resources/templates/VulnerabilityReport.vsl b/dependency-check-core/src/main/resources/templates/VulnerabilityReport.vsl index c4d642986..c381d5d19 100644 --- a/dependency-check-core/src/main/resources/templates/VulnerabilityReport.vsl +++ b/dependency-check-core/src/main/resources/templates/VulnerabilityReport.vsl @@ -178,8 +178,8 @@ implied or otherwise, with regard to the analysis or its use. Any use of the too is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

    ]]# -

    Project: $esc.html($applicationName)

    -
    Report Generated On: $date

    +

    Project: $enc.html($applicationName)

    +
    Report Generated On: $scanDate

    #set($depCount=$dependencies.size()) #set($vulnCount=0) @@ -205,7 +205,7 @@ arising out of or in connection with the use of this tool, the analysis performe #if($dependency.getVulnerabilities().size()>0) #foreach($vuln in $dependency.getVulnerabilities()) - $esc.html($vuln.name) + $enc.html($vuln.name) #if ($vuln.cwe) $vuln.cwe @@ -222,10 +222,10 @@ arising out of or in connection with the use of this tool, the analysis performe ($vuln.cvssScore) #set($cnt=$cnt+1) #if($dependency.getRelatedDependencies().size()>0)