Merge pull request #217 from dwvisser/python-github-pr

Add Analyzers for Python Distribution Files and Packages

Former-commit-id: 972a63525744bbbd510b4ae2d92028dc3079787a

dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer

@@ -11,4 +11,6 @@ org.owasp.dependencycheck.analyzer.VulnerabilitySuppressionAnalyzer
 org.owasp.dependencycheck.analyzer.CentralAnalyzer
 org.owasp.dependencycheck.analyzer.NexusAnalyzer
 org.owasp.dependencycheck.analyzer.NuspecAnalyzer
-org.owasp.dependencycheck.analyzer.AssemblyAnalyzer
+org.owasp.dependencycheck.analyzer.AssemblyAnalyzer
+org.owasp.dependencycheck.analyzer.PythonDistributionAnalyzer
+org.owasp.dependencycheck.analyzer.PythonPackageAnalyzer

dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml

@@ -83,5 +83,21 @@
         <gav regex="true">org\.opensaml:xmltooling:.*</gav>
         <cpe>cpe:/a:internet2:opensaml</cpe>
     </suppress>
-
+    <suppress base="true">
+        <notes><![CDATA[
+        Suppresses false positives for python:python.
+        ]]></notes>
+        <filePath regex="true">.*(\.(whl|egg)|\b(site|dist)-packages\b.*)</filePath>
+        <cpe>cpe:/a:python:python</cpe>
+        <cpe>cpe:/a:python_software_foundation:python</cpe>
+        <cpe>cpe:/a:class:class</cpe>
+        <cpe>cpe:/a:file:file</cpe>
+        <cpe>cpe:/a:gnupg:gnupg</cpe>
+        <cpe>cpe:/a:mongodb:mongodb</cpe>
+        <cpe>cpe:/a:mozilla:mozilla</cpe>
+        <cpe>cpe:/a:openssl:openssl</cpe>
+        <cpe>cpe:/a:sendfile:sendfile</cpe>
+        <cpe>cpe:/a:sendmail:sendmail</cpe>
+        <cpe>cpe:/a:yacc:yacc</cpe>
+    </suppress>
 </suppressions>