github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-04-26 02:08:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

version 1.0.8

Browse Source
This commit is contained in:
Jeremy Long
2014-01-16 08:07:24 -05:00
parent 70103dcca3
commit 412ac1c084
2261 changed files with 187182 additions and 451776 deletions
Download Patch File Download Diff File Expand all files Collapse all files

239
dependency-check-core/cobertura/org.owasp.dependencycheck.analyzer.NvdCveAnalyzer.html
View File

@@ -12,7 +12,7 @@
<div class="separator">&nbsp;</div>
<table class="report">
<thead><tr> <td class="heading">Classes in this File</td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Line Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Branch Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Complexity</a></td></tr></thead>
<tr><td><a href="org.owasp.dependencycheck.analyzer.NvdCveAnalyzer.html">NvdCveAnalyzer</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">74%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:74px"><span class="text">20/27</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">37%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:37px"><span class="text">3/8</span></div></div></td></tr></table></td><td class="value"><span class="hidden">1.5;</span>1.5</td></tr>
<tr><td><a href="org.owasp.dependencycheck.analyzer.NvdCveAnalyzer.html">NvdCveAnalyzer</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">75%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:75px"><span class="text">21/28</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">37%</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:37px"><span class="text">3/8</span></div></div></td></tr></table></td><td class="value"><span class="hidden">1.5;</span>1.5</td></tr>
</table>
<div class="separator">&nbsp;</div>
@@ -90,7 +90,7 @@
<tr> <td class="numLine">&nbsp;36</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;37</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @author Jeremy Long (jeremy.long@owasp.org)</span></pre></td></tr>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @author Jeremy Long &lt;jeremy.long@owasp.org&gt;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;38</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;39</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp;<span class="keyword">public</span> <span class="keyword">class</span> NvdCveAnalyzer <span class="keyword">implements</span> Analyzer {</pre></td></tr>
@@ -218,224 +218,103 @@
<tr> <td class="numLineCover">&nbsp;107</td> <td class="nbHitsCovered">&nbsp;11</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">final</span> String value = id.getValue();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;108</td> <td class="nbHitsCovered">&nbsp;11</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">final</span> List&lt;Vulnerability&gt; vulns = cveDB.getVulnerabilities(value);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;109</td> <td class="nbHitsCovered">&nbsp;11</td> <td class="src"><pre class="src">&nbsp; dependency.getVulnerabilities().addAll(vulns);</pre></td></tr>
<tr> <td class="numLine">&nbsp;110</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//TODO - remove this comment block after additional testing is completed</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;111</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//note - valid match functionality has been moved into the CveDB class.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;112</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// for (Vulnerability v : vulns) {</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;110</td> <td class="nbHitsUncovered">&nbsp;0</td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp; } <span class="keyword">catch</span> (DatabaseException ex) {</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;111</td> <td class="nbHitsUncovered">&nbsp;0</td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp; <span class="keyword">throw</span> <span class="keyword">new</span> AnalysisException(ex);</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;112</td> <td class="nbHitsCovered">&nbsp;11</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;113</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// if (isValidMatch(dependency, v)) {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;114</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// dependency.addVulnerability(v);</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;115</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;116</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;117</td> <td class="nbHitsUncovered">&nbsp;0</td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp; } <span class="keyword">catch</span> (DatabaseException ex) {</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;118</td> <td class="nbHitsUncovered">&nbsp;0</td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp; <span class="keyword">throw</span> <span class="keyword">new</span> AnalysisException(ex);</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;119</td> <td class="nbHitsCovered">&nbsp;11</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;120</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;114</td> <td class="nbHitsCovered">&nbsp;11</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;115</td> <td class="nbHitsCovered">&nbsp;9</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;116</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;117</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;118</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Returns true because this analyzer supports all dependency types.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;119</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;120</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @return true.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;121</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;122</td> <td class="nbHitsCovered">&nbsp;9</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;123</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;124</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;125</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Returns true because this analyzer supports all dependency types.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;126</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;127</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @return true.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;128</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;129</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;122</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> Set&lt;String&gt; getSupportedExtensions() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;130</td> <td class="nbHitsCovered">&nbsp;132</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">null</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;131</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLineCover">&nbsp;123</td> <td class="nbHitsCovered">&nbsp;132</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">null</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;124</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;132</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;125</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;133</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;126</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;134</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;127</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Returns the name of this analyzer.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;135</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;128</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;136</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;129</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @return the name of this analyzer.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;137</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;130</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;138</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;131</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> String getName() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;139</td> <td class="nbHitsCovered">&nbsp;9</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="string">"NVD CVE Analyzer"</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;140</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLineCover">&nbsp;132</td> <td class="nbHitsCovered">&nbsp;9</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="string">"NVD CVE Analyzer"</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;133</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;141</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;134</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;142</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;135</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;143</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;136</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Returns true because this analyzer supports all dependency types.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;144</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;137</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;145</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;138</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @param extension the file extension of the dependency being analyzed.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;146</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;139</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @return true.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;147</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;140</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;148</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;141</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> <span class="keyword">boolean</span> supportsExtension(String extension) {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;149</td> <td class="nbHitsCovered">&nbsp;9</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">true</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;150</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLineCover">&nbsp;142</td> <td class="nbHitsCovered">&nbsp;9</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">true</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;143</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;151</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;144</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;152</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;145</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;153</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;146</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Returns the analysis phase that this analyzer should run in.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;154</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;147</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;155</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;148</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @return the analysis phase that this analyzer should run in.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;156</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;149</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;157</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;150</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> AnalysisPhase getAnalysisPhase() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;158</td> <td class="nbHitsCovered">&nbsp;6</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> AnalysisPhase.FINDING_ANALYSIS;</pre></td></tr>
<tr> <td class="numLine">&nbsp;159</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLineCover">&nbsp;151</td> <td class="nbHitsCovered">&nbsp;6</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> AnalysisPhase.FINDING_ANALYSIS;</pre></td></tr>
<tr> <td class="numLine">&nbsp;152</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;160</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;153</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;161</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;154</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;162</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;155</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Opens the NVD CVE Lucene Index.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;163</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;156</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;164</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;157</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @throws Exception is thrown if there is an issue opening the index.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;165</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;158</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;166</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLine">&nbsp;159</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> <span class="keyword">void</span> initialize() <span class="keyword">throws</span> Exception {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;167</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>.open();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;168</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;169</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//TODO - remove this comment block after additional testing is completed</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;170</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// The following check has been moved into the CveDB class.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;171</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// /**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;172</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// * &lt;p&gt;Determines if this is a valid vulnerability match for the given</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;173</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// * dependency. Specifically, this is concerned with ensuring the version</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;174</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// * numbers are correct.&lt;/p&gt;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;175</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// * &lt;p&gt;Currently, this is focused on the issues with the versions for Struts</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;176</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// * 1 and Struts 2. In the future this will due better matching on more</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;177</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// * version numbers.&lt;/p&gt;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;178</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;179</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// * @param dependency the dependency</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;180</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// * @param v the vulnerability</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;181</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// * @return returns true if the vulnerability is for the given dependency</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;182</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;183</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// private boolean isValidMatch(final Dependency dependency, final Vulnerability v) {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;184</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// //right now I only know of the issue with Struts1/2</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;185</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// // start with fixing this problem.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;186</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">////</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;187</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// //TODO extend this solution to do better version matching for the vulnerable software.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;188</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// boolean struts1 = false;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;189</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// boolean struts2 = false;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;190</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// for (Identifier i : dependency.getIdentifiers()) {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;191</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// if (i.getValue().startsWith("cpe:/a:apache:struts:")) {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;192</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// final char version = i.getValue().charAt(21);</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;193</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// if (version == '1') {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;194</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// struts1 = true;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;195</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;196</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// if (version == '2') {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;197</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// struts2 = true;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;198</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;199</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;200</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;201</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// if (!struts1 &amp;&amp; !struts2) {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;202</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// return true; //we are not looking at struts, so return true.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;203</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;204</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// if (struts1 &amp;&amp; struts2) {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;205</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// return true; //there is a mismatch here, but we can't solve it here so we return valid.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;206</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;207</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// if (struts1) {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;208</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// boolean hasStruts1Vuln = false;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;209</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// boolean hasStruts2PreviousVersion = false;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;210</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// for (VulnerableSoftware vs : v.getVulnerableSoftware()) {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;211</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// //TODO FIX THIS</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;212</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// //hasStruts2PreviousVersion |= vs.hasPreviousVersion() &amp;&amp; vs.getName().charAt(21) == '2';</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;213</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// //hasStruts1Vuln |= vs.getName().charAt(21) == '1';</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;214</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;215</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// if (!hasStruts1Vuln &amp;&amp; hasStruts2PreviousVersion) {</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;216</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// return false;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;217</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;218</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;219</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">////</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;220</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// return true;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;221</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//// }</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;222</td> <td class="nbHits">&nbsp;</td>
<tr> <td class="numLineCover">&nbsp;160</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>.open();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;161</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;162</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;}</pre></td></tr>
</table>
<div class="footer">Report generated by <a href="http://cobertura.sourceforge.net/" target="_top">Cobertura</a> 1.9.4.1 on 12/2/13 10:29 PM.</div>
<div class="footer">Report generated by <a href="http://cobertura.sourceforge.net/" target="_top">Cobertura</a> 2.0.3 on 1/16/14 7:28 AM.</div>
</body>
</html>