diff --git a/README.md b/README.md
index d80df5c5f..d2f2eb4be 100644
--- a/README.md
+++ b/README.md
@@ -22,18 +22,18 @@ The latest CLI can be downloaded from bintray's
On *nix
```
$ ./bin/dependency-check.sh -h
-$ ./bin/dependency-check.sh --app Testing --out . --scan [path to jar files to be scanned]
+$ ./bin/dependency-check.sh --project Testing --out . --scan [path to jar files to be scanned]
```
On Windows
```
> bin/dependency-check.bat -h
-> bin/dependency-check.bat --app Testing --out . --scan [path to jar files to be scanned]
+> bin/dependency-check.bat --project Testing --out . --scan [path to jar files to be scanned]
```
On Mac with [Homebrew](http://brew.sh)
```
$ brew update && brew install dependency-check
$ dependency-check -h
-$ dependency-check --app Testing --out . --scan [path to jar files to be scanned]
+$ dependency-check --project Testing --out . --scan [path to jar files to be scanned]
```
### Maven Plugin
@@ -85,13 +85,13 @@ On *nix
```
$ mvn install
$ ./dependency-check-cli/target/release/bin/dependency-check.sh -h
-$ ./dependency-check-cli/target/release/bin/dependency-check.sh --app Testing --out . --scan ./src/test/resources
+$ ./dependency-check-cli/target/release/bin/dependency-check.sh --project Testing --out . --scan ./src/test/resources
```
On Windows
```
> mvn install
> dependency-check-cli/target/release/bin/dependency-check.bat -h
-> dependency-check-cli/target/release/bin/dependency-check.bat --app Testing --out . --scan ./src/test/resources
+> dependency-check-cli/target/release/bin/dependency-check.bat --project Testing --out . --scan ./src/test/resources
```
Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
index 04dcfcefe..7a865ecbf 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AutoconfAnalyzer.java
@@ -30,6 +30,7 @@ import org.owasp.dependencycheck.utils.UrlStringUtils;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
+import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
@@ -220,14 +221,12 @@ public class AutoconfAnalyzer extends AbstractFileTypeAnalyzer {
*/
private String getFileContents(final File actualFile)
throws AnalysisException {
- String contents = "";
try {
- contents = FileUtils.readFileToString(actualFile).trim();
+ return FileUtils.readFileToString(actualFile, Charset.defaultCharset()).trim();
} catch (IOException e) {
throw new AnalysisException(
"Problem occurred while reading dependency file.", e);
}
- return contents;
}
/**
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
index 55a81e216..6237f4777 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
@@ -33,6 +33,7 @@ import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.regex.Matcher;
@@ -156,7 +157,7 @@ public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
dependency.setDisplayFileName(String.format("%s%c%s", parentName, File.separatorChar, name));
String contents;
try {
- contents = FileUtils.readFileToString(file).trim();
+ contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
} catch (IOException e) {
throw new AnalysisException(
"Problem occurred while reading dependency file.", e);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java
index cf45f6806..56e894841 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/OpenSSLAnalyzer.java
@@ -28,6 +28,7 @@ import org.owasp.dependencycheck.utils.Settings;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
+import java.nio.charset.Charset;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -158,14 +159,12 @@ public class OpenSSLAnalyzer extends AbstractFileTypeAnalyzer {
*/
private String getFileContents(final File actualFile)
throws AnalysisException {
- String contents;
try {
- contents = FileUtils.readFileToString(actualFile).trim();
+ return FileUtils.readFileToString(actualFile, Charset.defaultCharset()).trim();
} catch (IOException e) {
throw new AnalysisException(
"Problem occurred while reading dependency file.", e);
}
- return contents;
}
@Override
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
index 7444bcc69..8500eac22 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/PythonPackageAnalyzer.java
@@ -32,6 +32,7 @@ import org.owasp.dependencycheck.utils.UrlStringUtils;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
+import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
@@ -208,7 +209,7 @@ public class PythonPackageAnalyzer extends AbstractFileTypeAnalyzer {
throws AnalysisException {
String contents;
try {
- contents = FileUtils.readFileToString(file).trim();
+ contents = FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
} catch (IOException e) {
throw new AnalysisException(
"Problem occurred while reading dependency file.", e);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
index 1d983169b..48b437fa8 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java
@@ -31,6 +31,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.*;
+import java.nio.charset.Charset;
import java.util.*;
import java.util.logging.Level;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
@@ -361,7 +362,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
private Dependency createDependencyForGem(Engine engine, String parentName, String fileName, String gem) throws IOException {
final File tempFile = File.createTempFile("Gemfile-" + gem, ".lock", Settings.getTempDirectory());
final String displayFileName = String.format("%s%c%s:%s", parentName, File.separatorChar, fileName, gem);
- FileUtils.write(tempFile, displayFileName); // unique contents to avoid dependency bundling
+ FileUtils.write(tempFile, displayFileName, Charset.defaultCharset()); // unique contents to avoid dependency bundling
final Dependency dependency = new Dependency(tempFile);
dependency.getProductEvidence().addEvidence("bundler-audit", "Name", gem, Confidence.HIGHEST);
dependency.setDisplayFileName(displayFileName);
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
index 3b5fe9dbe..d6fb5e6a4 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyGemspecAnalyzer.java
@@ -28,6 +28,7 @@ import org.owasp.dependencycheck.utils.Settings;
import java.io.FileFilter;
import java.io.IOException;
+import java.nio.charset.Charset;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -110,7 +111,7 @@ public class RubyGemspecAnalyzer extends AbstractFileTypeAnalyzer {
throws AnalysisException {
String contents;
try {
- contents = FileUtils.readFileToString(dependency.getActualFile());
+ contents = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
} catch (IOException e) {
throw new AnalysisException(
"Problem occurred while reading dependency file.", e);
diff --git a/dependency-check-core/src/main/resources/data/initialize_mssql.sql b/dependency-check-core/src/main/resources/data/initialize_mssql.sql
new file mode 100644
index 000000000..bdba850fc
--- /dev/null
+++ b/dependency-check-core/src/main/resources/data/initialize_mssql.sql
@@ -0,0 +1,36 @@
+if exists (SELECT 1 FROM sysobjects WHERE name='software' AND xtype='U')
+ drop table software
+if exists (SELECT 1 FROM sysobjects WHERE name='cpeEntry' AND xtype='U')
+ drop table cpeEntry
+if exists (SELECT 1 FROM sysobjects WHERE name='reference' AND xtype='U')
+ drop table reference
+if exists (SELECT 1 FROM sysobjects WHERE name='vulnerability' AND xtype='U')
+ drop table vulnerability
+if exists (SELECT 1 FROM sysobjects WHERE name='properties' AND xtype='U')
+ drop table properties
+
+CREATE TABLE properties (id varchar(50) PRIMARY KEY, value varchar(500));
+
+CREATE TABLE vulnerability (id int identity(1,1) PRIMARY KEY, cve VARCHAR(20) UNIQUE,
+ description VARCHAR(8000), cwe VARCHAR(10), cvssScore DECIMAL(3,1), cvssAccessVector VARCHAR(20),
+ cvssAccessComplexity VARCHAR(20), cvssAuthentication VARCHAR(20), cvssConfidentialityImpact VARCHAR(20),
+ cvssIntegrityImpact VARCHAR(20), cvssAvailabilityImpact VARCHAR(20));
+
+CREATE TABLE reference (cveid INT, name VARCHAR(1000), url VARCHAR(1000), source VARCHAR(255),
+ CONSTRAINT FK_Reference FOREIGN KEY (cveid) REFERENCES vulnerability(id) ON DELETE CASCADE);
+
+CREATE TABLE cpeEntry (id INT identity(1,1) PRIMARY KEY, cpe VARCHAR(250), vendor VARCHAR(255), product VARCHAR(255));
+
+CREATE TABLE software (cveid INT, cpeEntryId INT, previousVersion VARCHAR(50)
+ , CONSTRAINT FK_SoftwareCve FOREIGN KEY (cveid) REFERENCES vulnerability(id) ON DELETE CASCADE
+ , CONSTRAINT FK_SoftwareCpeProduct FOREIGN KEY (cpeEntryId) REFERENCES cpeEntry(id)
+ , PRIMARY KEY (cveid, cpeEntryId));
+
+CREATE INDEX idxVulnerability ON vulnerability(cve);
+CREATE INDEX idxReference ON reference(cveid);
+CREATE INDEX idxCpe ON cpeEntry(cpe);
+CREATE INDEX idxCpeEntry ON cpeEntry(vendor, product);
+CREATE INDEX idxSoftwareCve ON software(cveid);
+CREATE INDEX idxSoftwareCpe ON software(cpeEntryId);
+
+INSERT INTO properties(id,value) VALUES ('version','3.0');
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 096ffffa9..a6cabe1eb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -560,7 +560,7 @@ Copyright (c) 2012 - Jeremy Long
commons-io
commons-io
- 2.4
+ 2.5
org.apache.commons
@@ -690,7 +690,7 @@ Copyright (c) 2012 - Jeremy Long
org.jsoup
jsoup
- 1.8.3
+ 1.9.1
org.slf4j