major rework of Analyzers and applicatioin in general.

Former-commit-id: 3b081380f586686762f8a6fcb102778bfc42b17b
2026-01-18 01:27:11 +01:00 · 2012-09-25 11:36:04 -04:00
parent 0643c68da1
commit 8c4d02c909
41 changed files with 1379 additions and 378 deletions
--- a/src/main/resources/META-INF/services/org.codesecure.dependencycheck.analyzer.Analyzer
+++ b/src/main/resources/META-INF/services/org.codesecure.dependencycheck.analyzer.Analyzer
@@ -1,2 +1,3 @@
 org.codesecure.dependencycheck.analyzer.JarAnalyzer
-org.codesecure.dependencycheck.analyzer.FileNameAnalyzer
+org.codesecure.dependencycheck.analyzer.FileNameAnalyzer
+org.codesecure.dependencycheck.data.cpe.CPEAnalyzer
--- a/src/main/resources/templates/HtmlReport.vsl
+++ b/src/main/resources/templates/HtmlReport.vsl
@@ -20,6 +20,8 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
@version 1
 *#

+
+#[[
 <!DOCTYPE html>
 <html>
    <head>
@@ -261,6 +263,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
    <body>
        <div class="wrapper">
            <h1>Dependency Report</h1>
+]]#
            <h2 class="sectionheader white">Project:&nbsp;$esc.html($applicationName)</h2>
            <div class="sectioncontent">Report Generated On: $date<br/><br/>
                Dependencies Scanned:&nbsp;$dependencies.size()<br/><br/>
@@ -287,34 +290,33 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                            </table>
                        </div>
                        #set($cnt=$cnt+1)
-                        #if($dependency.getCPEs().size()==1)
-                            #set($cpevalue=$dependency.getCPEs().get(0))
-                            <h4 id="header$cnt" class="subsectionheader white">Identified CPE:&nbsp;<a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($cpevalue)" target="blank">$esc.html($cpevalue)</a></h4>
-                            <div id="content$cnt" class="subsectioncontent standardsubsection">
-                                Information for specific CVE entries for the idenfied CPE can be found <a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($cpevalue)" target="blank">here</a>.
-                                #* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0838 
-                                <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=" target="blank">cve://a:/blah1.blah</a><br/>
-                                *#
-                            </div>
+                        #set($cpeCount=0)
+                        #foreach($id in $dependency.getIdentifiers())
+                            #if($id.type.equals("cpe"))
+                                #set($cpeCount=$cpeCount+1)
+                            #end
                        #end
-                        #if($dependency.getCPEs().size()>1)
-                            <h4 id="header$cnt" class="subsectionheader standardsubsection white">Possible CPEs</h4>
-                            <div id="content$cnt" class="subsectioncontent standardsubsection">
-                                Several possible CPEs where identified. If one of the following are correct please update the configuration
-                                to set the hash code for this file to the CPE entry below.<br/><br/>
-                                #* http://web.nvd.nist.gov/view/vuln/search-results?cpe=cpe%3A%2Fa%3Aapache%3Astruts%3A2.2.1 *#
-                                #foreach($cpe in $dependency.getCPEs())
-                                    <a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($cpe)" target="blank">$esc.html($cpe)</a><br/>
-                                #end
-                            </div>
+                        <h4 id="header$cnt" class="subsectionheader white">Identifiers</h4>
+                        ##:&nbsp;<a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($cpevalue)" target="blank">$esc.html($cpevalue)</a></h4>
+                        <div id="content$cnt" class="subsectioncontent standardsubsection">
+                        #if($cpeCount>1)
+                            Several possible CPEs where identified. If one of the following are correct please update the configuration
+                            to set the hash code for this file to the CPE entry below.<br/><br/>
                        #end
-                        
-                        #if($dependency.getCPEs().size()==0)
-                            <h4>No CPE Identifiers were found for this dependency.</h4>
+                        #if($dependency.getIdentifiers().size()==0)
+                            <ul><li><b>None</b></li></ul>
+                        #end
+                        #if($dependency.getIdentifiers().size()>0)
+                            <ul>
+                            #foreach($id in $dependency.getIdentifiers())
+                                ##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
+                                <li><b>$esc.html($id.type):</b>&nbsp;$esc.html($id.title)&nbsp;:&nbsp;<a href="$esc.html($id.url)" target="blank">$esc.html($id.value)</a></li>
+                            #end
+                            </ul>
                        #end
                     </div>
-                #end
                </div>
+                #end
            </div>
        </div>        
    </body>
--- a/src/main/resources/templates/HtmlReport.vsl.bak
+++ b/src/main/resources/templates/HtmlReport.vsl.bak