From 5444253ed61b99af56a28793ccadf8fe0ffc2f5a Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Mon, 27 Jul 2015 06:56:23 -0400
Subject: [PATCH] added more CVSS details per issue #154

---
 .../src/main/resources/schema/dependency-check.1.3.xsd   | 8 +++++++-
 .../src/main/resources/templates/HtmlReport.vsl          | 4 ++--
 .../src/main/resources/templates/XmlReport.vsl           | 9 ++++++++-
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/dependency-check-core/src/main/resources/schema/dependency-check.1.3.xsd b/dependency-check-core/src/main/resources/schema/dependency-check.1.3.xsd
index 232d1c424..023eb6f15 100644
--- a/dependency-check-core/src/main/resources/schema/dependency-check.1.3.xsd
+++ b/dependency-check-core/src/main/resources/schema/dependency-check.1.3.xsd
@@ -158,7 +158,13 @@
                                                             <xs:complexType>
                                                                 <xs:sequence>
                                                                     <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
-                                                                    <xs:element name="cvssScore" type="xs:string" minOccurs="1" maxOccurs="1" />
+                                                                    <xs:element name="cvssScore" type="xs:decimal" minOccurs="1" maxOccurs="1" />
+                                                                    <xs:element name="cvssAccessVector" type="xs:string" minOccurs="1" maxOccurs="1" />
+                                                                    <xs:element name="cvssAccessComplexity" type="xs:string" minOccurs="1" maxOccurs="1" />
+                                                                    <xs:element name="cvssAuthenticationr" type="xs:string" minOccurs="1" maxOccurs="1" />
+                                                                    <xs:element name="cvssConfidentialImpact" type="xs:string" minOccurs="1" maxOccurs="1" />
+                                                                    <xs:element name="cvssIntegrityImpact" type="xs:string" minOccurs="1" maxOccurs="1" />
+                                                                    <xs:element name="cvssAvailabilityImpact" type="xs:string" minOccurs="1" maxOccurs="1" />
                                                                     <xs:element name="severity" type="xs:string" minOccurs="1" maxOccurs="1" />
                                                                     <xs:element name="cwe" type="xs:string" minOccurs="0" maxOccurs="1" />
                                                                     <xs:element name="description" type="xs:string" minOccurs="1" maxOccurs="1" />
diff --git a/dependency-check-core/src/main/resources/templates/HtmlReport.vsl b/dependency-check-core/src/main/resources/templates/HtmlReport.vsl
index 979d16327..ac1bf63e9 100644
--- a/dependency-check-core/src/main/resources/templates/HtmlReport.vsl
+++ b/dependency-check-core/src/main/resources/templates/HtmlReport.vsl
@@ -16,7 +16,7 @@ limitations under the License.
 Copyright (c) 2012 Jeremy Long. All Rights Reserved.
 
 @author Jeremy Long <jeremy.long@owasp.org>
-@version 1.1
+@version 1.2
 *#
 
 
@@ -757,7 +757,7 @@ arising out of or in connection with the use of this tool, the analysis performe
                             #else
                                 Medium
                             #end
-                            <br/>CVSS Score: $vuln.cvssScore
+                            <br/>CVSS Score: $vuln.cvssScore (AV:$enc.html($vuln.cvssAccessVector.substring(0,1))/AC:$enc.html($vuln.cvssAccessComplexity.substring(0,1))/Au:$enc.html($vuln.cvssAuthentication.substring(0,1))/C:$enc.html($vuln.cvssConfidentialityImpact.substring(0,1))/I:$enc.html($vuln.cvssIntegrityImpact.substring(0,1))/A:$enc.html($vuln.cvssAvailabilityImpact.substring(0,1)))
                             #if ($vuln.cwe)
                                 <br/>CWE: $vuln.cwe
                             #end</p>
diff --git a/dependency-check-core/src/main/resources/templates/XmlReport.vsl b/dependency-check-core/src/main/resources/templates/XmlReport.vsl
index 78dc468d6..8e71e1dc7 100644
--- a/dependency-check-core/src/main/resources/templates/XmlReport.vsl
+++ b/dependency-check-core/src/main/resources/templates/XmlReport.vsl
@@ -16,7 +16,8 @@ limitations under the License.
 Copyright (c) 2012 Jeremy Long. All Rights Reserved.
 
 @author Jeremy Long <jeremy.long@owasp.org>
-@version 1.1
+@version 1.2
+
 *#<?xml version="1.0"?>
 <analysis xmlns="https://jeremylong.github.io/DependencyCheck/dependency-check.1.3.xsd">
     <scanInfo>
@@ -122,6 +123,12 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                 <vulnerability>
                     <name>$enc.xml($vuln.name)</name>
                     <cvssScore>$vuln.cvssScore</cvssScore>
+                    <cvssAccessVector>$enc.xml($vuln.cvssAccessVector)</cvssAccessVector>
+                    <cvssAccessComplexity>$enc.xml($vuln.cvssAccessComplexity)</cvssAccessComplexity>
+                    <cvssAuthenticationr>$enc.xml($vuln.cvssAuthentication)</cvssAuthenticationr>
+                    <cvssConfidentialImpact>$enc.xml($vuln.cvssConfidentialityImpact)</cvssConfidentialImpact>
+                    <cvssIntegrityImpact>$enc.xml($vuln.cvssIntegrityImpact)</cvssIntegrityImpact>
+                    <cvssAvailabilityImpact>$enc.xml($vuln.cvssAvailabilityImpact)</cvssAvailabilityImpact>
 #if ($vuln.cvssScore<4.0)
                     <severity>Low</severity>
 #elseif ($vuln.cvssScore>=7.0)