mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-18 09:37:38 +01:00
Fixed merge conflict in App.java
This commit is contained in:
Dale Visser
@@ -15,7 +15,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
package org.owasp.dependencycheck;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.BufferedOutputStream;
|
||||
@@ -31,6 +31,8 @@ import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* An abstract database test case that is used to ensure the H2 DB exists prior to performing tests that utilize the data
|
||||
* contained within.
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
@@ -34,7 +34,7 @@ public class EngineIntegrationTest extends BaseTest {
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase.ensureDBExists();
|
||||
org.owasp.dependencycheck.BaseDBTestCase.ensureDBExists();
|
||||
}
|
||||
|
||||
@After
|
||||
|
||||
@@ -34,7 +34,7 @@ public class AbstractFileTypeAnalyzerTest extends BaseTest {
|
||||
*/
|
||||
@Test
|
||||
public void testNewHashSet() {
|
||||
Set result = AbstractFileTypeAnalyzer.newHashSet("one", "two");
|
||||
Set<String> result = AbstractFileTypeAnalyzer.newHashSet("one", "two");
|
||||
assertEquals(2, result.size());
|
||||
assertTrue(result.contains("one"));
|
||||
assertTrue(result.contains("two"));
|
||||
|
||||
@@ -24,7 +24,7 @@ import static org.junit.Assert.*;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
@@ -32,7 +32,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class ArchiveAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
|
||||
public class ArchiveAnalyzerIntegrationTest extends BaseDBTestCase {
|
||||
|
||||
/**
|
||||
* Test of getSupportedExtensions method, of class ArchiveAnalyzer.
|
||||
|
||||
@@ -0,0 +1,80 @@
|
||||
/*
|
||||
* Copyright 2015 OWASP.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileFilter;
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
||||
import static org.junit.Assume.assumeFalse;
|
||||
import static org.junit.Assume.assumeNotNull;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author jeremy
|
||||
*/
|
||||
public class ArchiveAnalyzerTest extends BaseTest {
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, "z2, z3");
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of analyzeFileType method, of class ArchiveAnalyzer.
|
||||
*/
|
||||
@Test
|
||||
public void testZippableExtensions() throws Exception {
|
||||
assumeFalse(isPreviouslyLoaded("org.owasp.dependencycheck.analyzer.ArchiveAnalyzer"));
|
||||
ArchiveAnalyzer instance = new ArchiveAnalyzer();
|
||||
assertTrue(instance.getFileFilter().accept(new File("c:/test.zip")));
|
||||
assertTrue(instance.getFileFilter().accept(new File("c:/test.z2")));
|
||||
assertTrue(instance.getFileFilter().accept(new File("c:/test.z3")));
|
||||
assertFalse(instance.getFileFilter().accept(new File("c:/test.z4")));
|
||||
}
|
||||
|
||||
private boolean isPreviouslyLoaded(String className) {
|
||||
try {
|
||||
Method m = ClassLoader.class.getDeclaredMethod("findLoadedClass", new Class[]{String.class});
|
||||
m.setAccessible(true);
|
||||
Object t = m.invoke(Thread.currentThread().getContextClassLoader(), className);
|
||||
return t != null;
|
||||
} catch (NoSuchMethodException ex) {
|
||||
Logger.getLogger(ArchiveAnalyzerTest.class.getName()).log(Level.SEVERE, null, ex);
|
||||
} catch (SecurityException ex) {
|
||||
Logger.getLogger(ArchiveAnalyzerTest.class.getName()).log(Level.SEVERE, null, ex);
|
||||
} catch (IllegalAccessException ex) {
|
||||
Logger.getLogger(ArchiveAnalyzerTest.class.getName()).log(Level.SEVERE, null, ex);
|
||||
} catch (IllegalArgumentException ex) {
|
||||
Logger.getLogger(ArchiveAnalyzerTest.class.getName()).log(Level.SEVERE, null, ex);
|
||||
} catch (InvocationTargetException ex) {
|
||||
Logger.getLogger(ArchiveAnalyzerTest.class.getName()).log(Level.SEVERE, null, ex);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -33,7 +33,7 @@ import java.util.regex.Pattern;
|
||||
import static org.hamcrest.CoreMatchers.equalTo;
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.junit.Assert.*;
|
||||
import org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
|
||||
/**
|
||||
* Unit tests for CmakeAnalyzer.
|
||||
|
||||
@@ -19,7 +19,7 @@ package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.util.HashSet;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import org.apache.lucene.index.CorruptIndexException;
|
||||
@@ -28,7 +28,7 @@ import org.junit.Assert;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import org.owasp.dependencycheck.data.cpe.IndexEntry;
|
||||
import org.owasp.dependencycheck.dependency.Confidence;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
@@ -38,7 +38,7 @@ import org.owasp.dependencycheck.dependency.Identifier;
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
|
||||
public class CPEAnalyzerIntegrationTest extends BaseDBTestCase {
|
||||
|
||||
/**
|
||||
* Tests of buildSearch of class CPEAnalyzer.
|
||||
@@ -49,11 +49,9 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
|
||||
*/
|
||||
@Test
|
||||
public void testBuildSearch() throws IOException, CorruptIndexException, ParseException {
|
||||
Set<String> productWeightings = new HashSet<String>(1);
|
||||
productWeightings.add("struts2");
|
||||
Set<String> productWeightings = Collections.singleton("struts2");
|
||||
|
||||
Set<String> vendorWeightings = new HashSet<String>(1);
|
||||
vendorWeightings.add("apache");
|
||||
Set<String> vendorWeightings = Collections.singleton("apache");
|
||||
|
||||
String vendor = "apache software foundation";
|
||||
String product = "struts 2 core";
|
||||
@@ -238,11 +236,9 @@ public class CPEAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
|
||||
CPEAnalyzer instance = new CPEAnalyzer();
|
||||
instance.open();
|
||||
|
||||
Set<String> productWeightings = new HashSet<String>(1);
|
||||
productWeightings.add("struts2");
|
||||
Set<String> productWeightings = Collections.singleton("struts2");
|
||||
|
||||
Set<String> vendorWeightings = new HashSet<String>(1);
|
||||
vendorWeightings.add("apache");
|
||||
Set<String> vendorWeightings = Collections.singleton("apache");
|
||||
|
||||
List<IndexEntry> result = instance.searchCPE(vendor, product, productWeightings, vendorWeightings);
|
||||
instance.close();
|
||||
|
||||
@@ -18,13 +18,13 @@
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class DependencyBundlingAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
|
||||
public class DependencyBundlingAnalyzerIntegrationTest extends BaseDBTestCase {
|
||||
|
||||
/**
|
||||
* Test of analyze method, of class DependencyBundlingAnalyzer.
|
||||
|
||||
@@ -24,6 +24,7 @@ import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import org.owasp.dependencycheck.dependency.Confidence;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Evidence;
|
||||
@@ -33,12 +34,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class HintAnalyzerTest extends BaseTest {
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase.ensureDBExists();
|
||||
}
|
||||
public class HintAnalyzerTest extends BaseDBTestCase {
|
||||
|
||||
/**
|
||||
* Test of getName method, of class HintAnalyzer.
|
||||
|
||||
@@ -21,9 +21,9 @@ import java.io.File;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.data.cpe.AbstractDatabaseTestCase;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
@@ -32,7 +32,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public class VulnerabilitySuppressionAnalyzerIntegrationTest extends AbstractDatabaseTestCase {
|
||||
public class VulnerabilitySuppressionAnalyzerIntegrationTest extends BaseDBTestCase {
|
||||
|
||||
/**
|
||||
* Test of getName method, of class VulnerabilitySuppressionAnalyzer.
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
/*
|
||||
* This file is part of dependency-check-core.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.cpe;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.owasp.dependencycheck.BaseTest;
|
||||
import org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase;
|
||||
|
||||
/**
|
||||
* An abstract database test case that is used to ensure the H2 DB exists prior to performing tests that utilize the
|
||||
* data contained within.
|
||||
*
|
||||
* @author Jeremy Long
|
||||
*/
|
||||
public abstract class AbstractDatabaseTestCase extends BaseTest {
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
BaseDBTestCase.ensureDBExists();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,47 @@
|
||||
/*
|
||||
* Copyright 2015 OWASP.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
|
||||
import java.sql.Connection;
|
||||
import java.sql.SQLException;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author jeremy
|
||||
*/
|
||||
public class ConnectionFactoryTest extends BaseDBTestCase {
|
||||
|
||||
/**
|
||||
* Test of initialize method, of class ConnectionFactory.
|
||||
*
|
||||
* @throws org.owasp.dependencycheck.data.nvdcve.DatabaseException
|
||||
*/
|
||||
@Test
|
||||
public void testInitialize() throws DatabaseException, SQLException {
|
||||
ConnectionFactory.initialize();
|
||||
Connection result = ConnectionFactory.getConnection();
|
||||
assertNotNull(result);
|
||||
result.close();
|
||||
ConnectionFactory.cleanup();
|
||||
}
|
||||
}
|
||||
@@ -17,6 +17,7 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@@ -25,7 +25,9 @@ import static org.junit.Assert.assertTrue;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -35,10 +37,12 @@ public class CveDBMySQLTest {
|
||||
|
||||
@BeforeClass
|
||||
public static void setUpClass() {
|
||||
Settings.initialize();
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void tearDownClass() {
|
||||
Settings.cleanup();
|
||||
}
|
||||
|
||||
@Before
|
||||
@@ -93,7 +97,7 @@ public class CveDBMySQLTest {
|
||||
CveDB instance = new CveDB();
|
||||
try {
|
||||
instance.open();
|
||||
List result = instance.getVulnerabilities(cpeStr);
|
||||
List<Vulnerability> result = instance.getVulnerabilities(cpeStr);
|
||||
assertTrue(result.size() > 5);
|
||||
} catch (Exception ex) {
|
||||
System.out.println("Unable to access the My SQL database; verify that the db server is running and that the schema has been generated");
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
*/
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import java.util.Properties;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
package org.owasp.dependencycheck.data.update;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase;
|
||||
import org.owasp.dependencycheck.BaseDBTestCase;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
||||
import org.owasp.dependencycheck.data.update.exception.UpdateException;
|
||||
|
||||
@@ -185,7 +185,6 @@ public class DependencyTest {
|
||||
@Test
|
||||
public void testGetIdentifiers() {
|
||||
Dependency instance = new Dependency();
|
||||
List expResult = null;
|
||||
Set<Identifier> result = instance.getIdentifiers();
|
||||
|
||||
assertTrue(true); //this is just a getter setter pair.
|
||||
|
||||
@@ -40,7 +40,7 @@ public class ReportGeneratorIntegrationTest extends BaseTest {
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase.ensureDBExists();
|
||||
org.owasp.dependencycheck.BaseDBTestCase.ensureDBExists();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -61,7 +61,7 @@ public class SuppressionParserTest {
|
||||
//File file = new File(this.getClass().getClassLoader().getResource("suppressions.xml").getPath());
|
||||
File file = BaseTest.getResourceAsFile(this, "suppressions.xml");
|
||||
SuppressionParser instance = new SuppressionParser();
|
||||
List result = instance.parseSuppressionRules(file);
|
||||
List<SuppressionRule> result = instance.parseSuppressionRules(file);
|
||||
assertTrue(result.size() > 3);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -306,27 +306,6 @@ public class SuppressionRuleTest {
|
||||
assertTrue(instance.cpeHasNoVersion(c));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of countCharacter method, of class SuppressionRule.
|
||||
*/
|
||||
@Test
|
||||
public void testCountCharacter() {
|
||||
String str = "cpe:/a:microsoft:.net_framework:4.5";
|
||||
char c = ':';
|
||||
SuppressionRule instance = new SuppressionRule();
|
||||
int expResult = 4;
|
||||
int result = instance.countCharacter(str, c);
|
||||
assertEquals(expResult, result);
|
||||
str = "::";
|
||||
expResult = 2;
|
||||
result = instance.countCharacter(str, c);
|
||||
assertEquals(expResult, result);
|
||||
str = "these are not the characters you are looking for";
|
||||
expResult = 0;
|
||||
result = instance.countCharacter(str, c);
|
||||
assertEquals(expResult, result);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of identifierMatches method, of class SuppressionRule.
|
||||
*/
|
||||
|
||||
@@ -61,11 +61,11 @@ public class DependencyVersionTest {
|
||||
@Test
|
||||
public void testIterator() {
|
||||
DependencyVersion instance = new DependencyVersion("1.2.3");
|
||||
Iterator result = instance.iterator();
|
||||
Iterator<String> result = instance.iterator();
|
||||
assertTrue(result.hasNext());
|
||||
int count = 1;
|
||||
while (result.hasNext()) {
|
||||
String v = (String) result.next();
|
||||
String v = result.next();
|
||||
assertTrue(String.valueOf(count++).equals(v));
|
||||
}
|
||||
}
|
||||
|
||||
1746
dependency-check-core/src/test/resources/composer.lock
generated
Normal file
1746
dependency-check-core/src/test/resources/composer.lock
generated
Normal file
File diff suppressed because it is too large
Load Diff
@@ -16,11 +16,9 @@ engine.version.url=http://jeremylong.github.io/DependencyCheck/current.txt
|
||||
# will not be used. The data.directory will be resolved and if the connection string
|
||||
# below contains a %s then the data.directory will replace the %s.
|
||||
data.directory=[JAR]/data
|
||||
# if the filename has a %s it will be replaced with the current expected version. For file
|
||||
# based databases the below filename will be added to the data directory above and then
|
||||
# if the connection string has a %s it will be replaced by the directory/filename path.
|
||||
#if the filename has a %s it will be replaced with the current expected version
|
||||
data.file_name=dc.h2.db
|
||||
data.version=2.9
|
||||
data.version=3.0
|
||||
data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
|
||||
#data.connection_string=jdbc:mysql://localhost:3306/dependencycheck
|
||||
|
||||
@@ -39,19 +37,15 @@ data.password=DC-Pass1337!
|
||||
data.driver_name=org.h2.Driver
|
||||
data.driver_path=
|
||||
|
||||
# the path to the cpe xml file
|
||||
#cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.xml.gz
|
||||
cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz
|
||||
# the path to the cpe meta data file.
|
||||
cpe.meta.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.meta
|
||||
|
||||
# the number of days that the modified nvd cve data holds data for. We don't need
|
||||
# to update the other files if we are within this timespan. Per NIST this file
|
||||
# holds 8 days of updates, we are using 7 just to be safe.
|
||||
cve.url.modified.validfordays=7
|
||||
|
||||
# the path to the modified nvd cve xml file.
|
||||
# the number of hours to wait before checking if updates are available from the NVD.
|
||||
cve.check.validforhours=0
|
||||
#first year to pull data from the URLs below
|
||||
cve.startyear=2014
|
||||
# the path to the modified nvd cve xml file.
|
||||
cve.url-1.2.modified=https://nvd.nist.gov/download/nvdcve-Modified.xml.gz
|
||||
#cve.url-1.2.modified=http://nvd.nist.gov/download/nvdcve-modified.xml
|
||||
cve.url-2.0.modified=https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz
|
||||
@@ -62,6 +56,14 @@ cve.url-2.0.base=https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz
|
||||
#cve.url-2.0.base=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
|
||||
|
||||
cpe.validfordays=30
|
||||
cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz
|
||||
|
||||
# file type analyzer settings:
|
||||
analyzer.archive.enabled=true
|
||||
analyzer.jar.enabled=true
|
||||
analyzer.nuspec.enabled=true
|
||||
analyzer.assembly.enabled=true
|
||||
analyzer.composer.lock.enabled=true
|
||||
|
||||
# the URL for searching Nexus for SHA-1 hashes and whether it's enabled
|
||||
analyzer.nexus.enabled=true
|
||||
@@ -74,5 +76,27 @@ analyzer.nexus.proxy=true
|
||||
analyzer.central.enabled=true
|
||||
analyzer.central.url=http://search.maven.org/solrsearch/select
|
||||
|
||||
# the number of nested archives that will be searched.
|
||||
archive.scan.depth=3
|
||||
|
||||
# use HEAD (default) or GET as HTTP request method for query timestamp
|
||||
downloader.quick.query.timestamp=true
|
||||
|
||||
|
||||
analyzer.jar.enabled=true
|
||||
analyzer.archive.enabled=true
|
||||
analyzer.node.package.enabled=true
|
||||
analyzer.composer.lock.enabled=true
|
||||
analyzer.python.distribution.enabled=true
|
||||
analyzer.python.package.enabled=true
|
||||
analyzer.ruby.gemspec.enabled=true
|
||||
analyzer.autoconf.enabled=true
|
||||
analyzer.cmake.enabled=true
|
||||
analyzer.assembly.enabled=true
|
||||
analyzer.nuspec.enabled=true
|
||||
analyzer.openssl.enabled=true
|
||||
analyzer.central.enabled=true
|
||||
analyzer.nexus.enabled=false
|
||||
#whether the nexus analyzer uses the proxy
|
||||
analyzer.nexus.proxy=true
|
||||
|
||||
|
||||
Reference in New Issue
Block a user