From 83300d028b5d251de87c3614ef629e73275f7614 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 3 May 2014 10:57:44 -0400
Subject: [PATCH] updated the URL for the NVD CVE external link

Former-commit-id: 7527c31dab810145d8aebc1225ba302aca9fc80e
---
 .../owasp/dependencycheck/analyzer/CPEAnalyzer.java  | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
index 64ac94f94..ef4044543 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
@@ -57,6 +57,7 @@ import org.owasp.dependencycheck.utils.DependencyVersionUtil;
  * @author Jeremy Long <jeremy.long@owasp.org>
  */
 public class CPEAnalyzer implements Analyzer {
+
     /**
      * The Logger.
      */
@@ -90,6 +91,11 @@ public class CPEAnalyzer implements Analyzer {
      */
     private CveDB cve;
 
+    /**
+     * The URL to perform a search of the NVD CVE data at NIST.
+     */
+    public static final String NVD_SEARCH_URL = "https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=%s";
+
     /**
      * Returns the name of this analyzer.
      *
@@ -524,7 +530,9 @@ public class CPEAnalyzer implements Analyzer {
                     }
                     if (dbVer == null //special case, no version specified - everything is vulnerable
                             || evVer.equals(dbVer)) { //yeah! exact match
-                        final String url = String.format("http://web.nvd.nist.gov/view/vuln/search?cpe=%s", URLEncoder.encode(vs.getName(), "UTF-8"));
+
+                        //final String url = String.format("http://web.nvd.nist.gov/view/vuln/search?cpe=%s", URLEncoder.encode(vs.getName(), "UTF-8"));
+                        final String url = String.format(NVD_SEARCH_URL, URLEncoder.encode(vs.getName(), "UTF-8"));
                         final IdentifierMatch match = new IdentifierMatch("cpe", vs.getName(), url, IdentifierConfidence.EXACT_MATCH, conf);
                         collected.add(match);
                     } else {
@@ -549,7 +557,7 @@ public class CPEAnalyzer implements Analyzer {
             }
         }
         final String cpeName = String.format("cpe:/a:%s:%s:%s", vendor, product, bestGuess.toString());
-        final String url = null; //String.format("http://web.nvd.nist.gov/view/vuln/search?cpe=%s", URLEncoder.encode(cpeName, "UTF-8"));
+        final String url = null;
         if (bestGuessConf == null) {
             bestGuessConf = Confidence.LOW;
         }