diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
index 2793db045..29c9824bd 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
@@ -1027,7 +1027,7 @@ public final class CveDB implements AutoCloseable {
} else {
versionText = cpe.getVersion();
}
- cpeVersion = DependencyVersionUtil.parseVersion(versionText);
+ cpeVersion = DependencyVersionUtil.parseVersion(versionText, true);
} else {
cpeVersion = new DependencyVersion("-");
}
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
index 4bf15f62b..a0ca0aafc 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/DependencyVersionUtil.java
@@ -70,6 +70,25 @@ public final class DependencyVersionUtil {
* @return a DependencyVersion containing the version
*/
public static DependencyVersion parseVersion(String text) {
+ return parseVersion(text, false);
+ }
+
+ /**
+ *
+ * A utility class to extract version numbers from file names (or other
+ * strings containing version numbers.
+ *
+ * Example:
+ * Give the file name: library-name-1.4.1r2-release.jar
+ * This function would return: 1.4.1.r2
+ *
+ * @param text the text being analyzed
+ * @param firstMatchOnly if false and more then one
+ * version string is found in the given text, null will be returned.
+ * Otherwise, the first version found will be returned.
+ * @return a DependencyVersion containing the version
+ */
+ public static DependencyVersion parseVersion(String text, boolean firstMatchOnly) {
if (text == null) {
return null;
}
@@ -87,7 +106,7 @@ public final class DependencyVersionUtil {
version = matcher.group();
}
//throw away the results if there are two things that look like version numbers
- if (matcher.find()) {
+ if (!firstMatchOnly && matcher.find()) {
return null;
}
if (version == null) {
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java
index 393fc6d88..73780fa99 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/xml/hints/EvidenceMatcher.java
@@ -38,30 +38,30 @@ public class EvidenceMatcher {
/**
* The name that the {@link Evidence} should have for a match.
*/
- private String name;
+ private final String name;
/**
* The source that the {@link Evidence} should have for a match. A
* {@code null}-value is allowed and functions as a wildcard.
*/
- private String source;
+ private final String source;
/**
* The value that the {@link Evidence} should have for a match.
*/
- private String value;
+ private final String value;
/**
* Whether the {@link EvidenceMatcher#value} should be interpreted as a
* regular expression.
*/
- private boolean regex = false;
+ private final boolean regex;
/**
* The confidence that the {@link Evidence} should have for a match. A
* {@code null}-value is allowed and functions as a wildcard.
*/
- private Confidence confidence;
+ private final Confidence confidence;
/**
* Creates a new EvidenceMatcher objects.
diff --git a/dependency-check-core/src/main/resources/dependencycheck-base-hint.xml b/dependency-check-core/src/main/resources/dependencycheck-base-hint.xml
index d2fb2d581..3bcffc03e 100644
--- a/dependency-check-core/src/main/resources/dependencycheck-base-hint.xml
+++ b/dependency-check-core/src/main/resources/dependencycheck-base-hint.xml
@@ -1,5 +1,5 @@
-
+
@@ -197,4 +197,14 @@
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml b/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
index 6cbeec1a2..8894c254c 100644
--- a/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
+++ b/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
@@ -63,6 +63,7 @@
7. Even if a node.js package exists - we aren't flagging the entire node.js
8. Context project is drupal plugin
9. mail_project is ruby library
+ 10. ldap_project is part of type3 written in php
]]>
.*(\.(dll|jar|ear|war|pom|nupkg|nuspec)|pom\.xml|package.json)$
cpe:/a:sandbox:sandbox
@@ -77,6 +78,7 @@
cpe:/a:nodejs:nodejs
cpe:/a:context_project:context
cpe:/a:mail_project:mail
+ cpe:/a:ldap_project:ldap
cpe:/a:oracle:glassfish
cpe:/a:oracle:glassfish_server
-
+
^org\.apache\.struts\.xwork:xwork-core:.*$
cpe:/a:apache:struts
-
+
73a51faadb407dccdbd77234e0d5a0a648665692
cpe:/a:apache:xerces2_java
+
+
+ ^com\.typesafe\.play:play-akka-http-server_2\.\d+:.*$
+ cpe:/a:akka:akka
+ cpe:/a:akka:http_server
+
+
+
+ ^org\.mongodb\.morphia:.*$
+ cpe:/a:git:git
+ cpe:/a:git_project:git
+
+
+
+ ^org\.apache\.chemistry\.opencmis:chemistry-opencmis.*$
+ cpe:/a:apache:apache_http_server
+ cpe:/a:apache:http_server
+
+
+
+ ^org\.alfresco\.cmis\.client:alfresco-opencmis-extension:.*$
+ cpe:/a:alfresco:alfresco
+
+
+
+ ^org\.opensaml:xmltooling:.*$
+ CVE-2015-0851
+
+
+
+ ^com\.github\.waffle:waffle-jna:.*$
+ cpe:/a:git_for_windows_project:git_for_windows
+
+
+
+ ^com\.evernote:evernote-api:.*$
+ CVE-2016-4900
+
+
+
+ ^org\.apache\.portals\.pluto:pluto-portal-driver:.*$
+ cpe:/a:in-portal:in-portal
+
+
+
+ ^org\.apache\.directory\.api:api-ldap.*$
+ cpe:/a:apache:apache_ldap_studio
+
+
+
+ ^org\.mapstruct:mapstruct:.*$
+ cpe:/a:bean_project:bean
+
+
+
+ ^org\.codehaus\.groovy:groovy:.*$
+ CVE-2016-6497
+
+
+
+ ^org\.codehaus\.groovy:groovy-all:.*$
+ CVE-2016-6497
+
+
+
+
+
+ ^mysql:mysql-connector-java:.*$
+ CVE-2017-3331
+ CVE-2017-3452
+ CVE-2007-6304
+ CVE-2016-5442
+ CVE-2014-6555
+ CVE-2015-4861
+ CVE-2013-3796
+ CVE-2012-0553
+ CVE-2016-0659
+ CVE-2002-1923
+ CVE-2012-0119
+ CVE-2015-0508
+ CVE-2016-8283
+ CVE-2017-3463
+ CVE-2016-6663
+ CVE-2013-5881
+ CVE-2015-2573
+ CVE-2016-5436
+ CVE-2002-1376
+ CVE-2015-0432
+ CVE-2005-2558
+ CVE-2017-3308
+ CVE-2014-0402
+ CVE-2015-0499
+ CVE-2009-0819
+ CVE-2012-1757
+ CVE-2010-3838
+ CVE-2006-4031
+ CVE-2012-3180
+ CVE-2015-3152
+ CVE-2014-0393
+ CVE-2012-3163
+ CVE-2016-0594
+ CVE-2014-2450
+ CVE-2014-0430
+ CVE-2017-3457
+ CVE-2015-2567
+ CVE-2017-3319
+ CVE-2015-4866
+ CVE-2010-1621
+ CVE-2015-0409
+ CVE-2016-8288
+ CVE-2014-6484
+ CVE-2017-3243
+ CVE-2016-5633
+ CVE-2017-3468
+ CVE-2012-2122
+ CVE-2014-2444
+ CVE-2016-0642
+ CVE-2012-0882
+ CVE-2012-0102
+ CVE-2012-5614
+ CVE-2013-1567
+ CVE-2016-0504
+ CVE-2017-3643
+ CVE-2010-2008
+ CVE-2016-0608
+ CVE-2015-4756
+ CVE-2017-10284
+ CVE-2014-6495
+ CVE-2013-5793
+ CVE-2014-4233
+ CVE-2010-3680
+ CVE-2012-0493
+ CVE-2001-1275
+ CVE-2013-0385
+ CVE-2016-0599
+ CVE-2016-5627
+ CVE-2012-0113
+ CVE-2013-0368
+ CVE-2014-2438
+ CVE-2013-1511
+ CVE-2014-6478
+ CVE-2017-3637
+ CVE-2004-0837
+ CVE-2016-0653
+ CVE-2010-1626
+ CVE-2013-3810
+ CVE-2015-2643
+ CVE-2015-4767
+ CVE-2017-3265
+ CVE-2009-4019
+ CVE-2014-6489
+ CVE-2017-3302
+ CVE-2012-0087
+ CVE-2016-3477
+ CVE-2017-3648
+ CVE-2012-1697
+ CVE-2012-0487
+ CVE-2016-0647
+ CVE-2015-4815
+ CVE-2012-1734
+ CVE-2013-3804
+ CVE-2013-5807
+ CVE-2008-7247
+ CVE-2016-5441
+ CVE-2007-6303
+ CVE-2014-2494
+ CVE-2017-3313
+ CVE-2013-3795
+ CVE-2014-4238
+ CVE-2015-4826
+ CVE-2016-0658
+ CVE-2012-0118
+ CVE-2015-0507
+ CVE-2015-2648
+ CVE-2006-7232
+ CVE-2009-5026
+ CVE-2017-3462
+ CVE-2016-6662
+ CVE-2016-2047
+ CVE-2006-4227
+ CVE-2014-0001
+ CVE-2002-1375
+ CVE-2015-0498
+ CVE-2017-10365
+ CVE-2014-0401
+ CVE-2013-1544
+ CVE-2006-1518
+ CVE-2010-3679
+ CVE-2012-1756
+ CVE-2004-0628
+ CVE-2017-10227
+ CVE-2010-3837
+ CVE-2013-3809
+ CVE-2016-5584
+ CVE-2008-4456
+ CVE-2013-5891
+ CVE-2015-4761
+ CVE-2013-5770
+ CVE-2017-3456
+ CVE-2014-2432
+ CVE-2015-2566
+ CVE-2014-6559
+ CVE-2012-0574
+ CVE-2014-0412
+ CVE-2013-1555
+ CVE-2017-3318
+ CVE-2015-2620
+ CVE-2009-4030
+ CVE-2016-8287
+ CVE-2016-3471
+ CVE-2007-2693
+ CVE-2003-0150
+ CVE-2012-3173
+ CVE-2014-6520
+ CVE-2017-10283
+ CVE-2017-3467
+ CVE-2014-0386
+ CVE-2004-0388
+ CVE-2004-2149
+ CVE-2012-0101
+ CVE-2012-5613
+ CVE-2013-1566
+ CVE-2013-2376
+ CVE-2016-5632
+ CVE-2016-0503
+ CVE-2017-3329
+ CVE-2016-0607
+ CVE-2015-4913
+ CVE-2017-3642
+ CVE-2012-3156
+ CVE-2015-4772
+ CVE-2016-0641
+ CVE-2017-10320
+ CVE-2014-6494
+ CVE-2007-2583
+ CVE-2017-3653
+ CVE-2012-0492
+ CVE-2001-1274
+ CVE-2012-0075
+ CVE-2012-3167
+ CVE-2017-3636
+ CVE-2012-0112
+ CVE-2013-0367
+ CVE-2013-0384
+ CVE-2016-0652
+ CVE-2012-4414
+ CVE-2017-10294
+ CVE-2004-0957
+ CVE-2004-0836
+ CVE-2016-0598
+ CVE-2012-1705
+ CVE-2017-10314
+ CVE-2016-8318
+ CVE-2015-4766
+ CVE-2016-5626
+ CVE-2017-3599
+ CVE-2016-5609
+ CVE-2014-4260
+ CVE-2015-0501
+ CVE-2014-4243
+ CVE-2013-3783
+ CVE-2013-5786
+ CVE-2016-0663
+ CVE-2012-0540
+ CVE-2012-1696
+ CVE-2000-0045
+ CVE-2006-0369
+ CVE-2013-1521
+ CVE-2016-3459
+ CVE-2012-0486
+ CVE-2016-0646
+ CVE-2017-3647
+ CVE-2017-10167
+ CVE-2017-3450
+ CVE-2016-5440
+ CVE-2015-0382
+ CVE-2017-3312
+ CVE-2011-2262
+ CVE-2013-3794
+ CVE-2005-0004
+ CVE-2001-1454
+ CVE-2013-0389
+ CVE-2016-0657
+ CVE-2013-1532
+ CVE-2002-1921
+ CVE-2012-0117
+ CVE-2015-0506
+ CVE-2017-3258
+ CVE-2017-3461
+ CVE-2012-3150
+ CVE-2003-0073
+ CVE-2005-2573
+ CVE-2014-6564
+ CVE-2006-4226
+ CVE-2002-1374
+ CVE-2015-4870
+ CVE-2005-0711
+ CVE-2010-1850
+ CVE-2006-1517
+ CVE-2010-3678
+ CVE-2013-1526
+ CVE-2004-0627
+ CVE-2016-0705
+ CVE-2010-3836
+ CVE-2016-3518
+ CVE-2013-3808
+ CVE-2016-0601
+ CVE-2015-4836
+ CVE-2015-2571
+ CVE-2016-0668
+ CVE-2012-5060
+ CVE-2015-4819
+ CVE-2013-2381
+ CVE-2015-2582
+ CVE-2017-3455
+ CVE-2003-0780
+ CVE-2014-2431
+ CVE-2003-1331
+ CVE-2015-4864
+ CVE-2012-3144
+ CVE-2017-3317
+ CVE-2005-1636
+ CVE-2015-0441
+ CVE-2001-0407
+ CVE-2016-8286
+ CVE-2007-2692
+ CVE-2003-1480
+ CVE-2013-2392
+ CVE-2017-3641
+ CVE-2016-5631
+ CVE-2012-1690
+ CVE-2007-5646
+ CVE-2013-2375
+ CVE-2016-2105
+ CVE-2007-5925
+ CVE-2012-5612
+ CVE-2016-0502
+ CVE-2014-2442
+ CVE-2015-4858
+ CVE-2013-1548
+ CVE-2016-0606
+ CVE-2015-2576
+ CVE-2014-4287
+ CVE-2002-0969
+ CVE-2016-0640
+ CVE-2015-4737
+ CVE-2015-4771
+ CVE-2016-5439
+ CVE-1999-1188
+ CVE-2007-5970
+ CVE-2014-6530
+ CVE-2017-3652
+ CVE-2008-3963
+ CVE-2013-0383
+ CVE-2012-3166
+ CVE-2012-0491
+ CVE-2014-4214
+ CVE-2016-5625
+ CVE-2014-0433
+ CVE-2012-3149
+ CVE-2014-2436
+ CVE-2016-3501
+ CVE-2012-0578
+ CVE-2004-0956
+ CVE-2004-0835
+ CVE-2014-2419
+ CVE-2017-3635
+ CVE-2017-10155
+ CVE-2015-0500
+ CVE-2016-0651
+ CVE-2010-1849
+ CVE-2017-10313
+ CVE-2017-10276
+ CVE-2015-4802
+ CVE-2015-2641
+ CVE-2016-0597
+ CVE-2016-3492
+ CVE-2007-1420
+ CVE-2012-3177
+ CVE-2016-0662
+ CVE-2017-3646
+ CVE-2012-0485
+ CVE-2015-0511
+ CVE-2014-6507
+ CVE-2000-0148
+ CVE-2013-3802
+ CVE-2014-0427
+ CVE-2015-4830
+ CVE-2017-3291
+ CVE-2015-3194
+ CVE-2008-2079
+ CVE-2009-4028
+ CVE-2016-3486
+ CVE-2012-5383
+ CVE-2013-3793
+ CVE-2012-4452
+ CVE-2017-3257
+ CVE-2010-3683
+ CVE-2001-1453
+ CVE-2012-0496
+ CVE-2004-0457
+ CVE-2013-1531
+ CVE-2012-0116
+ CVE-2012-1689
+ CVE-2016-0639
+ CVE-2015-4807
+ CVE-2015-0505
+ CVE-2016-0656
+ CVE-2015-0381
+ CVE-2006-4380
+ CVE-2017-3460
+ CVE-2004-0381
+ CVE-2005-2572
+ CVE-2002-1373
+ CVE-2017-3305
+ CVE-2005-0710
+ CVE-2016-0667
+ CVE-2006-1516
+ CVE-2010-3677
+ CVE-2016-0546
+ CVE-2016-0600
+ CVE-2010-3835
+ CVE-2013-3807
+ CVE-2009-4484
+ CVE-2012-3160
+ CVE-2017-3454
+ CVE-2013-1570
+ CVE-2014-2430
+ CVE-2016-5444
+ CVE-2014-4258
+ CVE-2012-0572
+ CVE-2012-2750
+ CVE-2013-3798
+ CVE-2016-0611
+ CVE-2016-3424
+ CVE-2015-0423
+ CVE-2007-2691
+ CVE-2013-2391
+ CVE-2014-6464
+ CVE-2017-3465
+ CVE-2013-0371
+ CVE-2014-0384
+ CVE-2015-2575
+ CVE-2014-6568
+ CVE-2012-0583
+ CVE-2012-2102
+ CVE-2012-5611
+ CVE-2005-0799
+ CVE-2016-5630
+ CVE-2006-0903
+ CVE-2016-0605
+ CVE-2017-3640
+ CVE-2016-3452
+ CVE-2017-3251
+ CVE-2017-3651
+ CVE-2012-0490
+ CVE-2013-5894
+ CVE-2016-0596
+ CVE-2017-3634
+ CVE-2017-3459
+ CVE-2001-1255
+ CVE-2014-2435
+ CVE-2016-0650
+ CVE-2017-10379
+ CVE-2016-0616
+ CVE-2015-4905
+ CVE-2012-1703
+ CVE-2005-0709
+ CVE-2010-1848
+ CVE-2016-5624
+ CVE-2002-1809
+ CVE-2015-4792
+ CVE-2016-8327
+ CVE-2016-0661
+ CVE-2014-6469
+ CVE-2012-0484
+ CVE-2017-10286
+ CVE-2016-5635
+ CVE-2000-0981
+ CVE-2014-4207
+ CVE-2013-3801
+ CVE-2013-1502
+ CVE-2015-0439
+ CVE-2013-5767
+ CVE-2016-3615
+ CVE-2012-2749
+ CVE-2013-5908
+ CVE-2016-0644
+ CVE-2015-2617
+ CVE-2017-3645
+ CVE-2017-10165
+ CVE-2015-4879
+ CVE-2008-4098
+ CVE-2017-3273
+ CVE-2014-6551
+ CVE-2017-3256
+ CVE-2010-3682
+ CVE-2012-0495
+ CVE-2016-0655
+ CVE-2010-3840
+ CVE-2016-5629
+ CVE-2012-0115
+ CVE-2012-1688
+ CVE-2014-0437
+ CVE-2013-3812
+ CVE-2012-5627
+ CVE-2017-3639
+ CVE-2015-4769
+ CVE-2015-0391
+ CVE-2013-5860
+ CVE-2015-4730
+ CVE-2017-3600
+ CVE-2015-0374
+ CVE-2015-0411
+ CVE-2016-0666
+ CVE-2010-3676
+ CVE-2012-0489
+ CVE-2017-3529
+ CVE-2010-3834
+ CVE-2013-3806
+ CVE-2016-8290
+ CVE-2016-0649
+ CVE-2015-2639
+ CVE-2014-4274
+ CVE-2017-3453
+ CVE-2016-5443
+ CVE-2009-2446
+ CVE-2015-0385
+ CVE-2006-2753
+ CVE-2016-3440
+ CVE-2013-1552
+ CVE-2016-0610
+ CVE-2015-4862
+ CVE-2015-0405
+ CVE-2016-8284
+ CVE-2015-4890
+ CVE-2014-6463
+ CVE-2017-3464
+ CVE-2016-6664
+ CVE-2014-2440
+ CVE-2014-6500
+ CVE-2016-5612
+ CVE-2017-10384
+ CVE-2014-0420
+ CVE-2015-4910
+ CVE-2013-5882
+ CVE-2015-4752
+ CVE-2017-3309
+ CVE-2016-5437
+ CVE-2015-0433
+ CVE-2015-2611
+ CVE-2010-3839
+ CVE-2006-3081
+ CVE-2014-6491
+ CVE-2014-6474
+ CVE-2017-3650
+ CVE-2014-2451
+ CVE-2016-0595
+ CVE-2017-3633
+ CVE-2017-3458
+ CVE-2014-0431
+ CVE-2012-3147
+ CVE-2014-2434
+ CVE-2015-2568
+ CVE-2017-10378
+ CVE-2015-4904
+ CVE-2015-4800
+ CVE-2012-1702
+ CVE-2017-10311
+ CVE-2013-3839
+ CVE-2016-8289
+ CVE-2014-4240
+ CVE-2015-4791
+ CVE-2017-3244
+ CVE-2013-2395
+ CVE-2015-4895
+ CVE-2016-5634
+ CVE-2012-0120
+ CVE-2013-0375
+ CVE-2013-2378
+ CVE-2012-3158
+ CVE-2014-6505
+ CVE-2017-10268
+ CVE-2012-5615
+ CVE-2016-0505
+ CVE-2016-0643
+ CVE-2016-3614
+ CVE-2015-0438
+ CVE-2016-0609
+ CVE-2015-4757
+ CVE-2017-3644
+ CVE-2008-4097
+ CVE-2016-7440
+ CVE-2014-6496
+ CVE-2006-3486
+ CVE-2013-1492
+ CVE-2015-2661
+ CVE-2016-3521
+ CVE-2010-3681
+ CVE-2017-10296
+ CVE-2006-3469
+ CVE-2013-2389
+ CVE-2012-0494
+ CVE-2016-5628
+ CVE-2017-3638
+ CVE-2012-0114
+ CVE-2013-0386
+ CVE-2013-1512
+ CVE-2016-3588
+ CVE-2017-3238
+ CVE-2013-3811
+ CVE-2016-0654
+ CVE-2016-5507
+ CVE-2017-10279
+ CVE-2015-0503
+ CVE-2012-5096
+ CVE-2016-3495
+ CVE-2017-3320
+ CVE-2012-3197
+ CVE-2014-2484
+ CVE-2008-0226
+ CVE-2011-5049
+ CVE-2016-0665
+ CVE-2017-3649
+ CVE-2012-0488
+ CVE-2013-1523
+ CVE-2016-0648
+ CVE-2010-3833
+ CVE-2012-1735
+ CVE-2013-3805
+ CVE-2013-1506
+ CVE-2015-4833
+ CVE-2015-4816
+
+
+
+ ^postgresql:postgresql:.*$
+ CVE-2006-5540
+ CVE-2006-5542
+ CVE-2007-6600
+ CVE-2007-3279
+ CVE-2016-5423
+ CVE-2005-0244
+ CVE-2006-2314
+ CVE-2005-0246
+ CVE-2005-1410
+ CVE-2006-0678
+ CVE-2002-0972
+ CVE-2005-0227
+ CVE-2002-1402
+ CVE-2004-0977
+ CVE-2013-1899
+ CVE-2003-0901
+ CVE-2010-0733
+ CVE-2010-1447
+ CVE-2002-1642
+ CVE-2006-0553
+ CVE-2002-1400
+ CVE-2007-3280
+ CVE-2017-7484
+ CVE-2009-4034
+ CVE-2017-7486
+ CVE-2012-3489
+ CVE-2009-4136
+ CVE-2014-0061
+ CVE-2015-5288
+ CVE-1999-0862
+ CVE-2014-0063
+ CVE-2014-0065
+ CVE-2007-2138
+ CVE-2002-1397
+ CVE-2007-0556
+ CVE-2002-1399
+ CVE-2006-0105
+ CVE-2016-0766
+ CVE-2010-0442
+ CVE-2014-0067
+ CVE-2002-1657
+ CVE-2017-7548
+ CVE-2010-1975
+ CVE-2012-0866
+ CVE-2012-0868
+ CVE-2013-1903
+ CVE-2013-1901
+ CVE-2016-0768
+ CVE-2017-7546
+ CVE-2009-3231
+ CVE-2016-2193
+ CVE-2006-5541
+ CVE-2016-3065
+ CVE-2007-3278
+ CVE-2007-6601
+ CVE-2016-5424
+ CVE-2006-2313
+ CVE-2005-0245
+ CVE-2007-4769
+ CVE-2005-0247
+ CVE-2009-0922
+ CVE-2002-1401
+ CVE-2012-2655
+ CVE-2010-1169
+ CVE-2012-3488
+ CVE-2010-4015
+ CVE-2016-0773
+
+ CVE-2007-4772
+ CVE-2014-0060
+ CVE-2014-0062
+ CVE-2010-1170
+ CVE-2014-0064
+ CVE-2015-3165
+ CVE-2009-3229
+ CVE-2007-0555
+ CVE-2002-1398
+ CVE-2000-1199
+ CVE-2013-0255
+ CVE-2010-3433
+ CVE-2014-0066
+ CVE-2004-0547
+ CVE-2014-2669
+ CVE-2013-1900
+ CVE-2005-1409
+ CVE-2002-0802
+ CVE-2013-1902
+ CVE-2017-7547
+ CVE-2012-0867
+ CVE-2012-2143
+
+ CVE-2015-5289
+ CVE-2009-3230
+ CVE-2007-6067
+
+
+
+ ^com\.microsoft\.sqlserver:sqljdbc4:.*$
+ CVE-2000-1081
+ CVE-2004-1560
+ CVE-2000-1083
+ CVE-2000-1085
+ CVE-2009-2503
+ CVE-2000-1087
+ CVE-2002-1123
+ CVE-2002-0057
+ CVE-2009-2501
+ CVE-2001-0542
+ CVE-2001-0344
+ CVE-2000-0654
+ CVE-2009-2528
+ CVE-2014-1820
+ CVE-1999-0999
+ CVE-2002-0859
+ CVE-2012-2552
+ CVE-2016-7249
+ CVE-2016-7250
+ CVE-2016-7252
+ CVE-2014-4061
+ CVE-2016-7254
+ CVE-2008-0086
+ CVE-2008-3013
+ CVE-2009-3126
+ CVE-2008-3015
+ CVE-2008-5416
+ CVE-2003-0231
+ CVE-2002-0187
+ CVE-2008-0106
+ CVE-2002-1872
+ CVE-2002-0641
+ CVE-2002-0224
+ CVE-2002-1138
+ CVE-2002-0643
+ CVE-2000-0202
+ CVE-2000-0402
+ CVE-2002-0624
+ CVE-2002-0645
+ CVE-2002-0649
+ CVE-2007-4814
+ CVE-2007-5090
+ CVE-2015-1761
+ CVE-2011-1280
+ CVE-2017-8516
+ CVE-2015-1763
+ CVE-2000-1082
+ CVE-2009-2500
+ CVE-2000-1084
+ CVE-2009-2502
+ CVE-2000-1086
+ CVE-2002-0154
+ CVE-2002-1145
+ CVE-2000-1088
+ CVE-2000-0199
+ CVE-2002-0056
+ CVE-2012-0158
+ CVE-2009-2504
+ CVE-2002-0650
+ CVE-2002-1981
+ CVE-2001-0509
+ CVE-2016-7251
+ CVE-2016-7253
+ CVE-2008-0085
+ CVE-2008-3012
+ CVE-2008-3014
+ CVE-1999-1556
+ CVE-2003-0230
+ CVE-2002-0186
+ CVE-2003-0232
+ CVE-2015-1762
+ CVE-2008-0107
+ CVE-2002-0982
+ CVE-2002-1137
+ CVE-2002-0642
+ CVE-2002-0721
+ CVE-2002-0644
+ CVE-2000-0485
+ CVE-2012-1856
+ CVE-2000-0603
+ CVE-2001-0879
+ CVE-2002-0729
+ CVE-2007-5348
+ CVE-2008-4110
+
+
+
+ ^org\.mariadb\.jdbc:mariadb-java-client:.*$
+ CVE-2016-5440
+ CVE-2016-5584
+ CVE-2014-6500
+ CVE-2016-5444
+ CVE-2014-6555
+ CVE-2016-0597
+ CVE-2016-5625
+ CVE-2014-6559
+ CVE-2016-0655
+ CVE-2016-5627
+ CVE-2016-5629
+ CVE-2012-5627
+ CVE-2016-3492
+ CVE-2016-6663
+ CVE-2016-3452
+ CVE-2016-5630
+ CVE-2016-5632
+ CVE-2017-3302
+ CVE-2016-3477
+ CVE-2016-0641
+ CVE-2014-6464
+ CVE-2012-5611
+ CVE-2016-0666
+ CVE-2012-5613
+ CVE-2016-0668
+ CVE-2012-5615
+ CVE-2016-0505
+ CVE-2016-0649
+ CVE-2016-0647
+ CVE-2014-6507
+ CVE-2016-0609
+ CVE-2016-5634
+ CVE-2016-0643
+ CVE-2016-7440
+ CVE-2014-6494
+ CVE-2015-3152
+ CVE-2014-6496
+ CVE-2016-0650
+ CVE-2016-0596
+ CVE-2016-0598
+ CVE-2016-0610
+ CVE-2016-5626
+ CVE-2012-4414
+ CVE-2016-5507
+ CVE-2016-5609
+ CVE-2016-0616
+ CVE-2016-5628
+ CVE-2016-3521
+ CVE-2016-6662
+ CVE-2016-3495
+ CVE-2016-6664
+ CVE-2016-5631
+ CVE-2016-2047
+ CVE-2016-5612
+ CVE-2016-0640
+ CVE-2012-2122
+ CVE-2016-3459
+ CVE-2012-5612
+ CVE-2016-0644
+ CVE-2012-5614
+ CVE-2014-0001
+ CVE-2016-0546
+ CVE-2013-1861
+ CVE-2016-0600
+ CVE-2016-0606
+ CVE-2016-0646
+ CVE-2016-0608
+ CVE-2016-0648
+ CVE-2016-3615
+ CVE-2016-5635
+ CVE-2016-5633
+ CVE-2014-6469
+ CVE-2014-6491
+
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java
index 825b98f66..efda25535 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/utils/DependencyVersionUtilTest.java
@@ -33,7 +33,7 @@ public class DependencyVersionUtilTest extends BaseTest {
* Test of parseVersion method, of class DependencyVersionUtil.
*/
@Test
- public void testParseVersion() {
+ public void testParseVersion_String() {
final String[] fileName = {"something-0.9.5.jar", "lib2-1.1.jar", "lib1.5r4-someflag-R26.jar",
"lib-1.2.5-dev-20050313.jar", "testlib_V4.4.0.jar", "lib-core-2.0.0-RC1-SNAPSHOT.jar",
"lib-jsp-2.0.1_R114940.jar", "dev-api-2.3.11_R121413.jar", "lib-api-3.7-SNAPSHOT.jar",
@@ -59,4 +59,33 @@ public class DependencyVersionUtilTest extends BaseTest {
assertNull("Found version in name that should have failed \"" + failingName + "\".", version);
}
}
+
+ /**
+ * Test of parseVersion method, of class DependencyVersionUtil.
+ */
+ @Test
+ public void testParseVersion_String_boolean() {
+ //cpe:/a:playframework:play_framework:2.1.1:rc1-2.9.x-backport
+ String text = "2.1.1.rc1.2.9.x-backport";
+ boolean firstMatchOnly = false;
+ DependencyVersion expResult = null;
+ DependencyVersion result = DependencyVersionUtil.parseVersion(text, firstMatchOnly);
+ assertNull(result);
+ firstMatchOnly = true;
+ expResult = DependencyVersionUtil.parseVersion("2.1.1.rc1");
+ result = DependencyVersionUtil.parseVersion(text, firstMatchOnly);
+ assertEquals(expResult, result);
+ }
+
+ /**
+ * Test of parsePreVersion method, of class DependencyVersionUtil.
+ */
+ @Test
+ public void testParsePreVersion() {
+ String text = "library-name-1.4.1r2-release.jar";
+ String expResult = "library-name";
+ String result = DependencyVersionUtil.parsePreVersion(text);
+ assertEquals(expResult, result);
+
+ }
}