github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-18 15:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated the URL for the NVD CVE external link

Browse Source 
Former-commit-id: 7527c31dab810145d8aebc1225ba302aca9fc80e
This commit is contained in:
Jeremy Long
2014-05-03 10:57:44 -04:00
parent e891ce39c0
commit 83300d028b
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java
View File

@@ -57,6 +57,7 @@ import org.owasp.dependencycheck.utils.DependencyVersionUtil;
* @author Jeremy Long <jeremy.long@owasp.org> * @author Jeremy Long <jeremy.long@owasp.org>
*/ */
public class CPEAnalyzer implements Analyzer { public class CPEAnalyzer implements Analyzer {
/** /**
* The Logger. * The Logger.
*/ */
@@ -90,6 +91,11 @@ public class CPEAnalyzer implements Analyzer {
*/ */
private CveDB cve; private CveDB cve;
/**
* The URL to perform a search of the NVD CVE data at NIST.
*/
public static final String NVD_SEARCH_URL = "https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=%s";
/** /**
* Returns the name of this analyzer. * Returns the name of this analyzer.
* *
@@ -524,7 +530,9 @@ public class CPEAnalyzer implements Analyzer {
} }
if (dbVer == null //special case, no version specified - everything is vulnerable if (dbVer == null //special case, no version specified - everything is vulnerable
|| evVer.equals(dbVer)) { //yeah! exact match || evVer.equals(dbVer)) { //yeah! exact match
final String url = String.format("http://web.nvd.nist.gov/view/vuln/search?cpe=%s", URLEncoder.encode(vs.getName(), "UTF-8"));
//final String url = String.format("http://web.nvd.nist.gov/view/vuln/search?cpe=%s", URLEncoder.encode(vs.getName(), "UTF-8"));
final String url = String.format(NVD_SEARCH_URL, URLEncoder.encode(vs.getName(), "UTF-8"));
final IdentifierMatch match = new IdentifierMatch("cpe", vs.getName(), url, IdentifierConfidence.EXACT_MATCH, conf); final IdentifierMatch match = new IdentifierMatch("cpe", vs.getName(), url, IdentifierConfidence.EXACT_MATCH, conf);
collected.add(match); collected.add(match);
} else { } else {
@@ -549,7 +557,7 @@ public class CPEAnalyzer implements Analyzer {
} }
} }
final String cpeName = String.format("cpe:/a:%s:%s:%s", vendor, product, bestGuess.toString()); final String cpeName = String.format("cpe:/a:%s:%s:%s", vendor, product, bestGuess.toString());
final String url = null; //String.format("http://web.nvd.nist.gov/view/vuln/search?cpe=%s", URLEncoder.encode(cpeName, "UTF-8")); final String url = null;
if (bestGuessConf == null) { if (bestGuessConf == null) {
bestGuessConf = Confidence.LOW; bestGuessConf = Confidence.LOW;
} }