mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
added more CVSS details per issue #154
This commit is contained in:
Jeremy Long
@@ -158,7 +158,13 @@
|
||||
<xs:complexType>
|
||||
<xs:sequence>
|
||||
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssScore" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssScore" type="xs:decimal" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssAccessVector" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssAccessComplexity" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssAuthenticationr" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssConfidentialImpact" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssIntegrityImpact" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssAvailabilityImpact" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="severity" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cwe" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="description" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
|
||||
@@ -16,7 +16,7 @@ limitations under the License.
|
||||
Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
|
||||
@author Jeremy Long <jeremy.long@owasp.org>
|
||||
@version 1.1
|
||||
@version 1.2
|
||||
*#
|
||||
|
||||
|
||||
@@ -757,7 +757,7 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
#else
|
||||
Medium
|
||||
#end
|
||||
<br/>CVSS Score: $vuln.cvssScore
|
||||
<br/>CVSS Score: $vuln.cvssScore (AV:$enc.html($vuln.cvssAccessVector.substring(0,1))/AC:$enc.html($vuln.cvssAccessComplexity.substring(0,1))/Au:$enc.html($vuln.cvssAuthentication.substring(0,1))/C:$enc.html($vuln.cvssConfidentialityImpact.substring(0,1))/I:$enc.html($vuln.cvssIntegrityImpact.substring(0,1))/A:$enc.html($vuln.cvssAvailabilityImpact.substring(0,1)))
|
||||
#if ($vuln.cwe)
|
||||
<br/>CWE: $vuln.cwe
|
||||
#end</p>
|
||||
|
||||
@@ -16,7 +16,8 @@ limitations under the License.
|
||||
Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
|
||||
@author Jeremy Long <jeremy.long@owasp.org>
|
||||
@version 1.1
|
||||
@version 1.2
|
||||
|
||||
*#<?xml version="1.0"?>
|
||||
<analysis xmlns="https://jeremylong.github.io/DependencyCheck/dependency-check.1.3.xsd">
|
||||
<scanInfo>
|
||||
@@ -122,6 +123,12 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
<vulnerability>
|
||||
<name>$enc.xml($vuln.name)</name>
|
||||
<cvssScore>$vuln.cvssScore</cvssScore>
|
||||
<cvssAccessVector>$enc.xml($vuln.cvssAccessVector)</cvssAccessVector>
|
||||
<cvssAccessComplexity>$enc.xml($vuln.cvssAccessComplexity)</cvssAccessComplexity>
|
||||
<cvssAuthenticationr>$enc.xml($vuln.cvssAuthentication)</cvssAuthenticationr>
|
||||
<cvssConfidentialImpact>$enc.xml($vuln.cvssConfidentialityImpact)</cvssConfidentialImpact>
|
||||
<cvssIntegrityImpact>$enc.xml($vuln.cvssIntegrityImpact)</cvssIntegrityImpact>
|
||||
<cvssAvailabilityImpact>$enc.xml($vuln.cvssAvailabilityImpact)</cvssAvailabilityImpact>
|
||||
#if ($vuln.cvssScore<4.0)
|
||||
<severity>Low</severity>
|
||||
#elseif ($vuln.cvssScore>=7.0)
|
||||
|
||||
Reference in New Issue
Block a user