mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 07:43:40 +01:00
Updated to support the tracking of suppressed CPE/CVE per issue #66
Former-commit-id: 5f98715a8ffd45ac8d78ba7c103cbfb287cb1ddc
This commit is contained in:
Jeremy Long
@@ -109,6 +109,17 @@ public class NvdCveAnalyzer implements Analyzer {
|
||||
}
|
||||
}
|
||||
}
|
||||
for (Identifier id : dependency.getSuppressedIdentifiers()) {
|
||||
if ("cpe".equals(id.getType())) {
|
||||
try {
|
||||
final String value = id.getValue();
|
||||
final List<Vulnerability> vulns = cveDB.getVulnerabilities(value);
|
||||
dependency.getSuppressedVulnerabilities().addAll(vulns);
|
||||
} catch (DatabaseException ex) {
|
||||
throw new AnalysisException(ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -290,6 +290,69 @@ public class Dependency implements Comparable<Dependency> {
|
||||
public void addIdentifier(Identifier identifier) {
|
||||
this.identifiers.add(identifier);
|
||||
}
|
||||
/**
|
||||
* A set of identifiers that have been suppressed.
|
||||
*/
|
||||
private Set<Identifier> suppressedIdentifiers;
|
||||
|
||||
/**
|
||||
* Get the value of suppressedIdentifiers.
|
||||
*
|
||||
* @return the value of suppressedIdentifiers
|
||||
*/
|
||||
public Set<Identifier> getSuppressedIdentifiers() {
|
||||
return suppressedIdentifiers;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of suppressedIdentifiers.
|
||||
*
|
||||
* @param suppressedIdentifiers new value of suppressedIdentifiers
|
||||
*/
|
||||
public void setSuppressedIdentifiers(Set<Identifier> suppressedIdentifiers) {
|
||||
this.suppressedIdentifiers = suppressedIdentifiers;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds an identifier to the list of suppressed identifiers.
|
||||
*
|
||||
* @param identifier an identifier that was suppressed.
|
||||
*/
|
||||
public void addSuppressedIdentifier(Identifier identifier) {
|
||||
this.suppressedIdentifiers.add(identifier);
|
||||
}
|
||||
|
||||
/**
|
||||
* A set of vulnerabilities that have been suppressed.
|
||||
*/
|
||||
private SortedSet<Vulnerability> suppressedVulnerabilities;
|
||||
|
||||
/**
|
||||
* Get the value of suppressedVulnerabilities.
|
||||
*
|
||||
* @return the value of suppressedVulnerabilities
|
||||
*/
|
||||
public SortedSet<Vulnerability> getSuppressedVulnerabilities() {
|
||||
return suppressedVulnerabilities;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the value of suppressedVulnerabilities.
|
||||
*
|
||||
* @param suppressedVulnerabilities new value of suppressedVulnerabilities
|
||||
*/
|
||||
public void setSuppressedVulnerabilities(SortedSet<Vulnerability> suppressedVulnerabilities) {
|
||||
this.suppressedVulnerabilities = suppressedVulnerabilities;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a vulnerability to the set of suppressed vulnerabilities.
|
||||
*
|
||||
* @param vulnerability the vulnerability that was suppressed
|
||||
*/
|
||||
public void addSuppressedVulnerability(Vulnerability vulnerability) {
|
||||
this.suppressedVulnerabilities.add(vulnerability);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the evidence used to identify this dependency.
|
||||
|
||||
@@ -254,6 +254,7 @@ public class SuppressionRule {
|
||||
final Identifier i = itr.next();
|
||||
for (PropertyType c : this.cpe) {
|
||||
if (cpeMatches(c, i)) {
|
||||
dependency.addSuppressedIdentifier(i);
|
||||
itr.remove();
|
||||
break;
|
||||
}
|
||||
@@ -292,6 +293,7 @@ public class SuppressionRule {
|
||||
}
|
||||
}
|
||||
if (remove) {
|
||||
dependency.addSuppressedVulnerability(v);
|
||||
itr.remove();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user