major rework of Analyzers and applicatioin in general.

Former-commit-id: 3b081380f586686762f8a6fcb102778bfc42b17b

README.txt

@@ -7,8 +7,8 @@ If found, it will generate a report linking to the associated CVE entries.
 Usage:
 $ mvn package
 $ cd target
-$ java -jar dependencycheck-0.1.jar -h
+$ java -jar dependencycheck-0.1.1.jar -h
-$ java -jar DependencyCheck-0.1.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan struts2-core-2.1.2.jar -scan ./lib
+$ java -jar DependencyCheck-0.1.1.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan struts2-core-2.1.2.jar -scan ./lib
 
 
 Author: Jeremy Long (jeremy.long@gmail.com)

pom.xml

@@ -23,7 +23,7 @@ along with DependencyCheck.  If not, see <http://www.gnu.org/licenses/>.
 
     <groupId>org.codesecure</groupId>
     <artifactId>DependencyCheck</artifactId>
-    <version>0.1</version>
+    <version>0.1.1</version>
     <packaging>jar</packaging>
 
     <name>DependencyCheck</name>
@@ -344,58 +344,16 @@ along with DependencyCheck.  If not, see <http://www.gnu.org/licenses/>.
             <artifactId>lucene-core</artifactId>
             <version>3.5.0</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.lucene</groupId>
-            <artifactId>lucene-core</artifactId>
-            <version>3.5.0</version>
-            <classifier>sources</classifier>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.lucene</groupId>
-            <artifactId>lucene-core</artifactId>
-            <version>3.5.0</version>
-            <classifier>javadoc</classifier>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-io</artifactId>
             <version>1.3.2</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>1.3.2</version>
-            <classifier>javadoc</classifier>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>1.3.2</version>
-            <classifier>sources</classifier>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity</artifactId>
             <version>1.7</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.velocity</groupId>
-            <artifactId>velocity</artifactId>
-            <version>1.7</version>
-            <classifier>javadoc</classifier>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.velocity</groupId>
-            <artifactId>velocity</artifactId>
-            <version>1.7</version>
-            <classifier>sources</classifier>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.apache.velocity</groupId>
             <artifactId>velocity-tools</artifactId>
@@ -440,12 +398,5 @@ along with DependencyCheck.  If not, see <http://www.gnu.org/licenses/>.
                 </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>org.apache.velocity</groupId>
-            <artifactId>velocity-tools</artifactId>
-            <version>2.0</version>
-            <classifier>javadoc</classifier>
-            <scope>provided</scope>
-        </dependency>
     </dependencies>
 </project>

src/main/java/org/codesecure/dependencycheck/App.java

@@ -25,7 +25,6 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.xml.parsers.ParserConfigurationException;
 import org.apache.commons.cli.ParseException;
-import org.codesecure.dependencycheck.data.cpe.CPEQuery;
 import org.codesecure.dependencycheck.data.cpe.Index;
 import org.codesecure.dependencycheck.data.cpe.xml.Importer;
 import org.codesecure.dependencycheck.reporting.ReportGenerator;
@@ -128,19 +127,13 @@ public class App {
      * @param files the files/directories to scan.
      */
     private void runScan(String reportDirectory, String applicationName, String[] files) {
-        try {
         Engine scanner = new Engine();
         for (String file : files) {
             scanner.scan(file);
         }
         scanner.analyzeDependencies();
         List<Dependency> dependencies = scanner.getDependencies();
-            CPEQuery query = new CPEQuery();
+
-            query.open();
-            for (Dependency d : dependencies) {
-                query.determineCPE(d);
-            }
-            query.close();
         ReportGenerator report = new ReportGenerator();
         try {
             report.generateReports(reportDirectory, applicationName, dependencies);
@@ -150,10 +143,5 @@ public class App {
             Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
         }
 
-        } catch (IOException ex) {
-            Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
-        } catch (org.apache.lucene.queryParser.ParseException ex) {
-            Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
-        }
     }
 }

src/main/java/org/codesecure/dependencycheck/Engine.java

@@ -52,11 +52,12 @@ public class Engine {
     /**
      * A Map of analyzers grouped by Analysis phase.
      */
-    protected EnumMap<AnalysisPhase, List<Analyzer>> analyzers = new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
+    protected EnumMap<AnalysisPhase, List<Analyzer>> analyzers =
+            new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
     /**
      * A set of extensions supported by the analyzers.
      */
-    protected static final Set<String> extensions = new HashSet<String>();
+    protected Set<String> extensions = new HashSet<String>();
 
     /**
      * Creates a new Engine.
@@ -172,7 +173,17 @@ public class Engine {
             List<Analyzer> analyzerList = analyzers.get(phase);
 
             for (Analyzer a : analyzerList) {
+                try {
                     a.initialize();
+                } catch (Exception ex) {
+                    Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, "Exception occured initializing " + a.getName() + ".", ex);
+                    try {
+                        a.close();
+                    } catch (Exception ex1) {
+                        Logger.getLogger(Engine.class.getName()).log(Level.FINER, null, ex1);
+                    }
+                    continue;
+                }
                 for (Dependency d : dependencies) {
                     if (a.supportsExtension(d.getFileExtension())) {
                         try {
@@ -183,13 +194,17 @@ public class Engine {
                                 a.analyze(d);
                             }
                         } catch (IOException ex) {
-                            String msg = String.format("IOException occured while scanning the file '%s'.",
+                            String msg = String.format("IOException occured while analyzing the file '%s'.",
                                     d.getActualFilePath());
                             Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, msg, ex);
                         }
                     }
                 }
+                try {
                     a.close();
+                } catch (Exception ex) {
+                    Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, null, ex);
+                }
             }
         }
 

src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java

@@ -0,0 +1,61 @@
+package org.codesecure.dependencycheck.analyzer;
+/*
+ * This file is part of DependencyCheck.
+ *
+ * DependencyCheck is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * DependencyCheck is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with DependencyCheck. If not, see http://www.gnu.org/licenses/.
+ *
+ * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
+ */
+
+/**
+ * An exception thrown when the analysis of a dependency fails.
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class AnalysisException extends RuntimeException {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Creates a new AnalysisException.
+     */
+    public AnalysisException() {
+        super();
+    }
+
+    /**
+     * Creates a new AnalysisException.
+     * @param msg a message for the exception.
+     */
+    public AnalysisException(String msg) {
+        super(msg);
+    }
+
+    /**
+     * Creates a new AnalysisException.
+     * @param ex the cause of the failure.
+     */
+    public AnalysisException(Throwable ex) {
+        super(ex);
+    }
+
+    /**
+     * Creates a new DownloadFailedException.
+     * @param msg a message for the exception.
+     * @param ex the cause of the failure.
+     */
+    public AnalysisException(String msg, Throwable ex) {
+        super(msg, ex);
+    }
+}

src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java

@@ -19,7 +19,6 @@ package org.codesecure.dependencycheck.analyzer;
  */
 
 import org.codesecure.dependencycheck.dependency.Dependency;
-import java.io.IOException;
 import java.util.Set;
 
 /**
@@ -35,9 +34,9 @@ public interface Analyzer {
      * Analyzes the given dependency.
      *
      * @param dependency a dependency to analyze.
-     * @throws IOException is thrown if there is an error reading the dependency file
+     * @throws AnalysisException is thrown if there is an error analyzing the dependency file
      */
-    void analyze(Dependency dependency) throws IOException;
+    void analyze(Dependency dependency) throws AnalysisException;
 
     /**
      * <p>Returns a list of supported file extensions. An example would be an analyzer
@@ -74,10 +73,15 @@ public interface Analyzer {
     /**
      * The initialize method is called (once) prior to the analyze method being called on
      * all of the dependencies.
+     *
+     * @throws Exception is thrown if an exception occurs initializing the analyzer.
      */
-    void initialize();
+    void initialize() throws Exception;
+
     /**
      * The close method is called after all of the dependencies have been analyzed.
+     *
+     * @throws Exception is thrown if an exception occurs closing the analyzer.
      */
-    void close();
+    void close() throws Exception;
 }

src/main/java/org/codesecure/dependencycheck/analyzer/ArchiveAnalyzer.java

@@ -35,6 +35,7 @@ public interface ArchiveAnalyzer {
      * the exploded contents.
      *
      * @param dependency a dependency to analyze.
+     * @param engine the engine that is scanning the dependencies.
      * @throws IOException is thrown if there is an error reading the dependency file
      */
     void analyze(Dependency dependency, Engine engine) throws IOException;

src/main/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzer.java

@@ -20,7 +20,6 @@ package org.codesecure.dependencycheck.analyzer;
 
 import org.codesecure.dependencycheck.dependency.Dependency;
 import org.codesecure.dependencycheck.dependency.Evidence;
-import java.io.IOException;
 import java.util.Set;
 import java.util.regex.Pattern;
 
@@ -35,7 +34,7 @@ public class FileNameAnalyzer implements Analyzer {
     /**
      * The name of the analyzer.
      */
-    private static final String ANALYZER_NAME = "File Analyzer";
+    private static final String ANALYZER_NAME = "File Name Analyzer";
     /**
      * The phase that this analyzer is intended to run in.
      */
@@ -111,9 +110,9 @@ public class FileNameAnalyzer implements Analyzer {
      * Collects information about the file such as hashsums.
      *
      * @param dependency the dependency to analyze.
-     * @throws IOException is thrown if there is an error reading the JAR file.
+     * @throws AnalysisException is thrown if there is an error reading the JAR file.
      */
-    public void analyze(Dependency dependency) throws IOException {
+    public void analyze(Dependency dependency) throws AnalysisException {
 
         analyzeFileName(dependency);
 

src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java

@@ -149,12 +149,15 @@ public class JarAnalyzer extends AbstractAnalyzer {
      * checksums to identify the correct CPE information.
      *
      * @param dependency the dependency to analyze.
-     * @throws IOException is thrown if there is an error reading the JAR file.
+     * @throws AnalysisException is thrown if there is an error reading the JAR file.
      */
-    public void analyze(Dependency dependency) throws IOException {
+    public void analyze(Dependency dependency) throws AnalysisException {
-
+        try {
             parseManifest(dependency);
             analyzePackageNames(dependency);
+        } catch (IOException ex) {
+            throw new AnalysisException("Exception occured reading the JAR file.", ex);
+        }
 
     }
 
@@ -362,7 +365,9 @@ public class JarAnalyzer extends AbstractAnalyzer {
             } else {
                 key = key.toLowerCase();
 
-                if (!IGNORE_LIST.contains(key) && !key.contains("license") && !key.endsWith("jdk")) {
+                if (!IGNORE_LIST.contains(key) && !key.contains("license") && !key.endsWith("jdk")
+                        && !key.contains("lastmodified")) {
+
                     if (key.contains("version")) {
                         versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
                     } else if (key.contains("title")) {

src/main/java/org/codesecure/dependencycheck/data/CachedWebDataSource.java

@@ -18,7 +18,6 @@ package org.codesecure.dependencycheck.data;
  * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
  */
 
-
 import java.io.IOException;
 import java.net.MalformedURLException;
 import javax.xml.parsers.ParserConfigurationException;
@@ -41,5 +40,5 @@ public interface CachedWebDataSource {
      * @throws SAXException is thrown if there is an error parsing the CPE XML.
      * @throws IOException is thrown if a temporary file could not be created.
      */
-    public void update() throws MalformedURLException, ParserConfigurationException, SAXException, IOException;
+    void update() throws MalformedURLException, ParserConfigurationException, SAXException, IOException;
 }

src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java

@@ -19,38 +19,37 @@ package org.codesecure.dependencycheck.data.cpe;
  */
 
 import java.io.IOException;
+import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
 import java.util.StringTokenizer;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 import org.apache.lucene.analysis.Analyzer;
 import org.apache.lucene.document.Document;
 import org.apache.lucene.index.CorruptIndexException;
-import org.apache.lucene.index.IndexReader;
 import org.apache.lucene.queryParser.ParseException;
 import org.apache.lucene.queryParser.QueryParser;
 import org.apache.lucene.search.IndexSearcher;
 import org.apache.lucene.search.Query;
 import org.apache.lucene.search.ScoreDoc;
 import org.apache.lucene.search.TopDocs;
-import org.apache.lucene.store.Directory;
 import org.apache.lucene.util.Version;
-import org.codesecure.dependencycheck.data.LuceneUtils;
+import org.codesecure.dependencycheck.analyzer.AnalysisException;
+import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
+import org.codesecure.dependencycheck.data.lucene.LuceneUtils;
 import org.codesecure.dependencycheck.dependency.Dependency;
 import org.codesecure.dependencycheck.dependency.Evidence;
 import org.codesecure.dependencycheck.dependency.Evidence.Confidence;
 import org.codesecure.dependencycheck.dependency.EvidenceCollection;
 
 /**
- * CPEQuery is a utility class that takes a project dependency and attempts
+ * CPEAnalyzer is a utility class that takes a project dependency and attempts
  * to decern if there is an associated CPE. It uses the evidence contained
  * within the dependency to search the Lucene index.
  *
  * @author Jeremy Long (jeremy.long@gmail.com)
  */
-public class CPEQuery {
+public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Analyzer {
 
     /**
      * The maximum number of query results to return.
@@ -140,7 +139,7 @@ public class CPEQuery {
      * @throws IOException is thrown when an IOException occurs.
      * @throws ParseException is thrown when the Lucene query cannot be parsed.
      */
-    public void determineCPE(Dependency dependency) throws CorruptIndexException, IOException, ParseException {
+    protected void determineCPE(Dependency dependency) throws CorruptIndexException, IOException, ParseException {
         Confidence vendorConf = Confidence.HIGH;
         Confidence productConf = Confidence.HIGH;
         Confidence versionConf = Confidence.HIGH;
@@ -167,16 +166,21 @@ public class CPEQuery {
             List<Entry> entries = searchCPE(vendors, products, versions, dependency.getProductEvidence().getWeighting(),
                     dependency.getVendorEvidence().getWeighting());
 
-            if (entries.size() > 0) {
 
-                //TODO - after changing the lucene query to use the AND conditions we should no longer need this.
+            for (Entry e : entries) {
-                List<String> verified = verifyEntries(entries, dependency);
+                if (verifyEntry(e, dependency)) {
-                if (verified.size() > 0) {
                     found = true;
-                    dependency.setCPEs(verified);
+
+                    dependency.addIdentifier(
+                            "cpe",
+                            e.getName(),
+                            e.getTitle(),
+                            "http://web.nvd.nist.gov/view/vuln/search?cpe="
+                            + URLEncoder.encode(e.getName(), "UTF-8"));
                 }
             }
 
+
             if (!found) {
                 int round = cnt % 3;
                 if (round == 0) {
@@ -206,9 +210,7 @@ public class CPEQuery {
                         versions = addEvidenceWithoutDuplicateTerms(versions, dependency.getVersionEvidence(), versionConf);
                     }
                 }
-
             }
-
         } while (!found && (++cnt) < 9);
     }
 
@@ -226,11 +228,18 @@ public class CPEQuery {
     private String addEvidenceWithoutDuplicateTerms(final String text, final EvidenceCollection ec, Confidence confidenceFilter) {
         String txt = (text == null) ? "" : text;
         StringBuilder sb = new StringBuilder(txt.length() + (20 * ec.size()));
+        sb.append(txt);
         for (Evidence e : ec.iterator(confidenceFilter)) {
             String value = e.getValue();
+            if (value.startsWith("http://")) {
+                value = value.substring(7).replaceAll("\\.", " ");
+            }
+            if (value.startsWith("https://")) {
+                value = value.substring(8).replaceAll("\\.", " ");
+            }
             if (sb.indexOf(value) < 0) {
                 if (value.length() > 200) {
-                    sb.append(value.substring(0, 200));
+                    sb.append(value.substring(0, 200)).append(' ');
                 } else {
                     sb.append(value).append(' ');
                 }
@@ -325,8 +334,6 @@ public class CPEQuery {
      * to boost the terms weight.
      * @return the Lucene query.
      */
-    //TODO change this whole search mechanism into building the query
-    // using terms and the org.apache.lucene.search.Query API.
     protected String buildSearch(String vendor, String product, String version,
             Set<String> vendorWeighting, Set<String> produdctWeightings) {
 
@@ -445,27 +452,83 @@ public class CPEQuery {
     }
 
     /**
-     * Takes a list of entries and a dependency. If the entry has terms that were
+     * Ensures that the CPE Identified matches the dependency. This validates that
-     * used (i.e. this CPE entry wasn't identified because the version matched
+     * the product, vendor, and version information for the CPE are contained within
-     * but the product names did not) then the CPE Entry is returned in a list
+     * the dependencies evidence.
-     * of possible CPE Entries.
      *
-     * @param entries a list of CPE entries.
+     * @param entry a CPE entry.
      * @param dependency the dependency that the CPE entries could be for.
-     * @return a list of matched CPE entries.
+     * @return whether or not the entry is valid.
      */
-    private List<String> verifyEntries(final List<Entry> entries, final Dependency dependency) {
+    private boolean verifyEntry(final Entry entry, final Dependency dependency) {
-        List<String> verified = new ArrayList<String>();
+        boolean isValid = false;
-        for (Entry e : entries) {
+        if (dependency.getProductEvidence().containsUsedString(entry.getProduct())
-            if (dependency.getProductEvidence().containsUsedString(e.getProduct())
+                && dependency.getVendorEvidence().containsUsedString(entry.getVendor())) {
-                    && dependency.getVendorEvidence().containsUsedString(e.getVendor())) {
             //TODO - determine if this is right? Should we be carrying too much about the
             //  version at this point? Likely need to implement the versionAnalyzer....
-                if (dependency.getVersionEvidence().containsUsedString(e.getVersion())) {
+            if (dependency.getVersionEvidence().containsUsedString(entry.getVersion())) {
-                    verified.add(e.getName());
+                isValid = true;
             }
         }
+        return isValid;
     }
-        return verified;
+
+    /**
+     * Analyzes a dependency and attempts to determine if there are any CPE identifiers
+     * for this dependency.
+     * @param dependency The Dependency to analyze.
+     * @throws AnalysisException is thrown if there is an issue analyzing the dependency.
+     */
+    public void analyze(Dependency dependency) throws AnalysisException {
+        try {
+            determineCPE(dependency);
+        } catch (CorruptIndexException ex) {
+            throw new AnalysisException("CPE Index is corrupt.", ex);
+        } catch (IOException ex) {
+            throw new AnalysisException("Failure opening the CPE Index.", ex);
+        } catch (ParseException ex) {
+            throw new AnalysisException("Unable to parse the generated Lucene query for this dependency.", ex);
+        }
+    }
+
+    /**
+     * Returns true because this analyzer supports all dependency types.
+     * @return true.
+     */
+    public Set<String> getSupportedExtensions() {
+        return null;
+    }
+
+    /**
+     * Returns the name of this analyzer.
+     * @return the name of this analyzer.
+     */
+    public String getName() {
+        return "CPE Analyzer";
+    }
+
+    /**
+     * Returns true because this analyzer supports all dependency types.
+     * @param extension the file extension of the dependency being analyzed.
+     * @return true.
+     */
+    public boolean supportsExtension(String extension) {
+        return true;
+    }
+
+    /**
+     * Returns the analysis phase that this analyzer should run in.
+     * @return the analysis phase that this analyzer should run in.
+     */
+    public AnalysisPhase getAnalysisPhase() {
+        return AnalysisPhase.IDENTIFIER_ANALYSIS;
+    }
+
+    /**
+     * Opens the CPE Lucene Index.
+     * @throws Exception is thrown if there is an issue opening the index.
+     */
+    public void initialize() throws Exception {
+        this.open();
     }
 }

src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java

@@ -38,13 +38,10 @@ import org.apache.lucene.analysis.Analyzer;
 import org.apache.lucene.analysis.KeywordAnalyzer;
 import org.apache.lucene.analysis.PerFieldAnalyzerWrapper;
 import org.apache.lucene.analysis.standard.StandardAnalyzer;
-import org.apache.lucene.index.CorruptIndexException;
-import org.apache.lucene.index.IndexWriter;
-import org.apache.lucene.index.IndexWriterConfig;
 import org.apache.lucene.store.Directory;
 import org.apache.lucene.store.FSDirectory;
 import org.apache.lucene.util.Version;
-import org.codesecure.dependencycheck.data.AbstractIndex;
+import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
 import org.codesecure.dependencycheck.data.CachedWebDataSource;
 import org.codesecure.dependencycheck.utils.Downloader;
 import org.codesecure.dependencycheck.utils.Settings;
@@ -68,7 +65,6 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
      */
     private static final String LAST_UPDATED = "lastupdated";
 
-
     /**
      * Returns the directory that holds the CPE Index.
      *

src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Indexer.java

@@ -24,15 +24,10 @@ import org.apache.lucene.document.Field;
 import org.apache.lucene.index.CorruptIndexException;
 import org.apache.lucene.index.FieldInfo.IndexOptions;
 import org.apache.lucene.index.Term;
-import org.codesecure.dependencycheck.data.LuceneUtils;
+import org.codesecure.dependencycheck.data.lucene.LuceneUtils;
-import org.codesecure.dependencycheck.data.cpe.Entry;
 import org.codesecure.dependencycheck.data.cpe.Entry;
 import org.codesecure.dependencycheck.data.cpe.Fields;
-import org.codesecure.dependencycheck.data.cpe.Fields;
 import org.codesecure.dependencycheck.data.cpe.Index;
-import org.codesecure.dependencycheck.data.cpe.Index;
-import org.codesecure.dependencycheck.data.cpe.xml.EntrySaveDelegate;
-import org.codesecure.dependencycheck.data.cpe.xml.EntrySaveDelegate;
 
 /**
  * The Indexer is used to convert a CPE Entry, retrieved from the CPE XML file,
@@ -82,7 +77,7 @@ public class Indexer extends Index implements EntrySaveDelegate {
         product.setBoost(5.0F);
         doc.add(product);
 
-        Field title = new Field(Fields.TITLE, entry.getTitle(), Field.Store.NO, Field.Index.ANALYZED);
+        Field title = new Field(Fields.TITLE, entry.getTitle(), Field.Store.YES, Field.Index.ANALYZED);
         title.setIndexOptions(IndexOptions.DOCS_ONLY);
         //title.setBoost(1.0F);
         doc.add(title);
@@ -104,5 +99,4 @@ public class Indexer extends Index implements EntrySaveDelegate {
 
         return doc;
     }
-
 }

src/main/java/org/codesecure/dependencycheck/data/cve/Index.java

@@ -41,7 +41,7 @@ import org.apache.lucene.analysis.standard.StandardAnalyzer;
 import org.apache.lucene.store.Directory;
 import org.apache.lucene.store.FSDirectory;
 import org.apache.lucene.util.Version;
-import org.codesecure.dependencycheck.data.AbstractIndex;
+import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
 import org.codesecure.dependencycheck.data.CachedWebDataSource;
 import org.codesecure.dependencycheck.utils.Downloader;
 import org.codesecure.dependencycheck.utils.Settings;
@@ -65,7 +65,6 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
      */
     private static final String LAST_UPDATED = "lastupdated";
 
-
     /**
      * Returns the directory that holds the CPE Index.
      *

src/main/java/org/codesecure/dependencycheck/data/cve/xml/Indexer.java

@@ -24,11 +24,10 @@ import org.apache.lucene.document.Field;
 import org.apache.lucene.index.CorruptIndexException;
 import org.apache.lucene.index.FieldInfo.IndexOptions;
 import org.apache.lucene.index.Term;
-import org.codesecure.dependencycheck.data.LuceneUtils;
+import org.codesecure.dependencycheck.data.lucene.LuceneUtils;
 import org.codesecure.dependencycheck.data.cve.Entry;
 import org.codesecure.dependencycheck.data.cve.Fields;
 import org.codesecure.dependencycheck.data.cve.Index;
-import org.codesecure.dependencycheck.data.cve.xml.EntrySaveDelegate;
 
 /**
  * The Indexer is used to convert a CPE Entry, retrieved from the CPE XML file,

src/main/java/org/codesecure/dependencycheck/data/lucene/AbstractIndex.java

@@ -1,4 +1,4 @@
-package org.codesecure.dependencycheck.data;
+package org.codesecure.dependencycheck.data.lucene;
 /*
  * This file is part of DependencyCheck.
  *
@@ -54,12 +54,10 @@ public abstract class AbstractIndex {
      * The Lucene IndexSearcher.
      */
     private IndexSearcher indexSearcher = null;
-
     /**
      * The Lucene Analyzer.
      */
     private Analyzer analyzer = null;
-
     /**
      * Indicates whether or not the Lucene Index is open.
      */
@@ -128,6 +126,7 @@ public abstract class AbstractIndex {
     public boolean isOpen() {
         return indexOpen;
     }
+
     /**
      * Opens the Lucene Index Writer.
      *
@@ -157,6 +156,11 @@ public abstract class AbstractIndex {
         return indexWriter;
     }
 
+    /**
+     * Opens the Lucene Index for reading.
+     * @throws CorruptIndexException is thrown if the index is corrupt.
+     * @throws IOException is thrown if there is an exception reading the index.
+     */
     public void openIndexReader() throws CorruptIndexException, IOException {
         if (!isOpen()) {
             open();
@@ -164,6 +168,12 @@ public abstract class AbstractIndex {
         indexReader = IndexReader.open(directory, true);
     }
 
+    /**
+     * Returns an IndexSearcher for the Lucene Index.
+     * @return an IndexSearcher.
+     * @throws CorruptIndexException is thrown if the index is corrupt.
+     * @throws IOException is thrown if there is an exception reading the index.
+     */
     public IndexSearcher getIndexSearcher() throws CorruptIndexException, IOException {
         if (indexReader == null) {
             openIndexReader();
@@ -174,6 +184,10 @@ public abstract class AbstractIndex {
         return indexSearcher;
     }
 
+    /**
+     * Returns an Analyzer for the Lucene Index.
+     * @return an Analyzer.
+     */
     public Analyzer getAnalyzer() {
         if (analyzer == null) {
             analyzer = createAnalyzer();
@@ -187,10 +201,10 @@ public abstract class AbstractIndex {
      * @throws IOException is thrown when an IOException occurs.
      */
     public abstract Directory getDirectory() throws IOException;
+
     /**
      * Creates the Lucene Analyzer used when indexing and searching the index.
      * @return a Lucene Analyzer.
      */
     public abstract Analyzer createAnalyzer();
-    
 }

src/main/java/org/codesecure/dependencycheck/data/lucene/DependencySimilarity.java

@@ -1,4 +1,4 @@
-package org.codesecure.dependencycheck.data;
+package org.codesecure.dependencycheck.data.lucene;
 /*
  * This file is part of DependencyCheck.
  *

src/main/java/org/codesecure/dependencycheck/data/lucene/LuceneUtils.java

@@ -1,4 +1,4 @@
-package org.codesecure.dependencycheck.data;
+package org.codesecure.dependencycheck.data.lucene;
 /*
  * This file is part of DependencyCheck.
  *

src/main/java/org/codesecure/dependencycheck/data/lucene/VersionAnalyzer.java

@@ -1,4 +1,4 @@
-package org.codesecure.dependencycheck.data;
+package org.codesecure.dependencycheck.data.lucene;
 /*
  * This file is part of DependencyCheck.
  *
@@ -25,11 +25,9 @@ package org.codesecure.dependencycheck.data;
  */
 public class VersionAnalyzer {
     //TODO Implement this...
-    
     // use custom attributes for major, minor, x, x, x, rcx
     // these can then be used to weight the score for searches on the version.
     // see http://lucene.apache.org/core/3_6_1/api/core/org/apache/lucene/analysis/package-summary.html#package_description
-    
     // look at this article to implement
     // http://www.codewrecks.com/blog/index.php/2012/08/25/index-your-blog-using-tags-and-lucene-net/
 }

src/main/java/org/codesecure/dependencycheck/data/lucene/package-info.java

@@ -0,0 +1,12 @@
+/**
+ * <html>
+ * <head>
+ * <title>org.codesecure.dependencycheck.data.lucene</title>
+ * </head>
+ * <body>
+ * Contains classes used to work with the Lucene Indexes.
+ * </body>
+ * </html>
+*/
+
+package org.codesecure.dependencycheck.data.lucene;

src/main/java/org/codesecure/dependencycheck/data/package-info.java

@@ -4,7 +4,7 @@
  * <title>org.codesecure.dependencycheck.data</title>
  * </head>
  * <body>
- * Contains utility classes used to work with the Lucene Indexes.
+ * Contains classes used to work with the data sources.
  * </body>
  * </html>
 */

src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java

@@ -90,6 +90,10 @@ public class Dependency {
         identifiers = new ArrayList<Identifier>();
     }
 
+    /**
+     * Constructs a new Dependency object.
+     * @param file the File to create the dependency object from.
+     */
     public Dependency(File file) {
         this();
         this.actualFilePath = file.getPath();
@@ -232,10 +236,9 @@ public class Dependency {
      * @param value the value of the identifier.
      * @param title the title of the identifier.
      * @param url the URL of the identifier.
-     * @param description the description of the identifier.
      */
-    public void addIdentifier(String type, String value, String title, String url, String description) {
+    public void addIdentifier(String type, String value, String title, String url) {
-        Identifier i = new Identifier(type, value, title, url, description);
+        Identifier i = new Identifier(type, value, title, url);
         this.identifiers.add(i);
     }
 
@@ -245,7 +248,7 @@ public class Dependency {
      * @return an EvidenceCollection.
      */
     public EvidenceCollection getEvidence() {
-        return EvidenceCollection.mergeUsed(this.productEvidence, this.vendorEvidence, this.versionEvidence);
+        return EvidenceCollection.merge(this.productEvidence, this.vendorEvidence, this.versionEvidence);
     }
 
     /**
@@ -254,8 +257,7 @@ public class Dependency {
      * @return an EvidenceCollection.
      */
     public EvidenceCollection getEvidenceUsed() {
-        EvidenceCollection ec = EvidenceCollection.mergeUsed(this.productEvidence, this.vendorEvidence, this.versionEvidence);
+        return EvidenceCollection.mergeUsed(this.productEvidence, this.vendorEvidence, this.versionEvidence);
-        return ec;
     }
 
     /**

src/main/java/org/codesecure/dependencycheck/dependency/EvidenceCollection.java

@@ -146,6 +146,14 @@ public class EvidenceCollection implements Iterable<Evidence> {
         return weightedStrings;
     }
 
+    /**
+     * Returns the set of evidence.
+     * @return the set of evidence.
+     */
+    public Set<Evidence> getEvidence() {
+        return list;
+    }
+
     /**
      * Implements the iterator interface for the Evidence Collection.
      * @return an Iterator<Evidence>.
@@ -206,27 +214,21 @@ public class EvidenceCollection implements Iterable<Evidence> {
         }
         return ret;
     }
-//  Removed because this wasn't working right (the function returned the right data, but
+
-//  the use of the results was flawed.
+    /**
-//    /**
+     * Merges multiple EvidenceCollections together.
-//     * Returns a string of evidence 'values' for a given confidence.
+     *
-//     * @param confidence the confidence filter applied to the toString method.
+     * @param ec One or more EvidenceCollections.
-//     * @return a string containing the evidence.
+     * @return a new EvidenceCollection.
-//     */
+     */
-//    public String toString(Evidence.Confidence confidence) {
+    public static EvidenceCollection merge(EvidenceCollection... ec) {
-//        StringBuilder sb = new StringBuilder();
+        EvidenceCollection ret = new EvidenceCollection();
-//        for (Evidence e : this.iterator(confidence)) {
+        for (EvidenceCollection col : ec) {
-//            String str = e.getValue();
+            ret.list.addAll(col.list);
-//            //TODO this is a cheap hack, need to prevent the same string from hitting multiple times...
+            ret.weightedStrings.addAll(col.weightedStrings);
-//            // consider changing the evidencecollection.add to prevent the same "value" for a lower
+        }
-//            // confidence from being added? Might not work due to minor differences in the items in the manifest.
+        return ret;
-//            // might need to actually use a StringTokenizer here and only add single words no in the list.
+    }
-//            if (sb.indexOf(str)<0) {
-//                sb.append(str).append(' ');
-//            }
-//        }
-//        return sb.toString();
-//    }
 
     /**
      * Returns a string of evidence 'values'.

src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java

@@ -24,15 +24,23 @@ package org.codesecure.dependencycheck.dependency;
  */
 public class Identifier {
 
-    protected String value;
+    /**
-
+     * Constructs a new Identifier with the specified data.
-    Identifier(String type, String value, String title, String url, String description) {
+     * @param type the identifier type.
+     * @param value the identifier value.
+     * @param title the identifier title.
+     * @param url the identifier url.
+     */
+    Identifier(String type, String value, String title, String url) {
         this.type = type;
         this.value = value;
         this.title = title;
         this.url = url;
-        this.description = description;
     }
+    /**
+     * The value of the identifeir
+     */
+    protected String value;
 
     /**
      * Get the value of value
@@ -51,6 +59,9 @@ public class Identifier {
     public void setValue(String value) {
         this.value = value;
     }
+    /**
+     * The title of the identifeir
+     */
     protected String title;
 
     /**
@@ -70,25 +81,9 @@ public class Identifier {
     public void setTitle(String title) {
         this.title = title;
     }
-    protected String description;
-
     /**
-     * Get the value of description
+     * The url for the identifeir
-     *
-     * @return the value of description
      */
-    public String getDescription() {
-        return description;
-    }
-
-    /**
-     * Set the value of description
-     *
-     * @param description new value of description
-     */
-    public void setDescription(String description) {
-        this.description = description;
-    }
     protected String url;
 
     /**
@@ -108,6 +103,9 @@ public class Identifier {
     public void setUrl(String url) {
         this.url = url;
     }
+    /**
+     * The type of the identifeir
+     */
     protected String type;
 
     /**

src/main/java/org/codesecure/dependencycheck/utils/DownloadFailedException.java

@@ -46,7 +46,7 @@ public class DownloadFailedException extends IOException {
 
     /**
      * Creates a new DownloadFailedException.
-     * @param ex the cause of te download failure.
+     * @param ex the cause of the download failure.
      */
     public DownloadFailedException(Throwable ex) {
         super(ex);
@@ -55,7 +55,7 @@ public class DownloadFailedException extends IOException {
     /**
      * Creates a new DownloadFailedException.
      * @param msg a message for the exception.
-     * @param ex the cause of te download failure.
+     * @param ex the cause of the download failure.
      */
     public DownloadFailedException(String msg, Throwable ex) {
         super(msg, ex);

src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java

@@ -25,6 +25,12 @@ package org.codesecure.dependencycheck.utils;
  */
 public class FileUtils {
 
+    /**
+     * Private constructor for a utility class.
+     */
+    private FileUtils() {
+    }
+
     /**
      * Returns the (lowercase) file extension for a specified file.
      * @param fileName the file name to retrieve the file extension from.

src/main/resources/META-INF/services/org.codesecure.dependencycheck.analyzer.Analyzer

@@ -1,2 +1,3 @@
 org.codesecure.dependencycheck.analyzer.JarAnalyzer
 org.codesecure.dependencycheck.analyzer.FileNameAnalyzer
+org.codesecure.dependencycheck.data.cpe.CPEAnalyzer

src/main/resources/templates/HtmlReport.vsl

@@ -20,6 +20,8 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
 @version 1
 *#
 
+
+#[[
 <!DOCTYPE html>
 <html>
     <head>
@@ -261,6 +263,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     <body>
         <div class="wrapper">
             <h1>Dependency Report</h1>
+]]#
             <h2 class="sectionheader white">Project:&nbsp;$esc.html($applicationName)</h2>
             <div class="sectioncontent">Report Generated On: $date<br/><br/>
                 Dependencies Scanned:&nbsp;$dependencies.size()<br/><br/>
@@ -287,35 +290,34 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
                             </table>
                         </div>
                         #set($cnt=$cnt+1)
-                        #if($dependency.getCPEs().size()==1)
+                        #set($cpeCount=0)
-                            #set($cpevalue=$dependency.getCPEs().get(0))
+                        #foreach($id in $dependency.getIdentifiers())
-                            <h4 id="header$cnt" class="subsectionheader white">Identified CPE:&nbsp;<a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($cpevalue)" target="blank">$esc.html($cpevalue)</a></h4>
+                            #if($id.type.equals("cpe"))
-                            <div id="content$cnt" class="subsectioncontent standardsubsection">
+                                #set($cpeCount=$cpeCount+1)
-                                Information for specific CVE entries for the idenfied CPE can be found <a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($cpevalue)" target="blank">here</a>.
-                                #* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0838 
-                                <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=" target="blank">cve://a:/blah1.blah</a><br/>
-                                *#
-                            </div>
                             #end
-                        #if($dependency.getCPEs().size()>1)
+                        #end
-                            <h4 id="header$cnt" class="subsectionheader standardsubsection white">Possible CPEs</h4>
+                        <h4 id="header$cnt" class="subsectionheader white">Identifiers</h4>
+                        ##:&nbsp;<a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($cpevalue)" target="blank">$esc.html($cpevalue)</a></h4>
                         <div id="content$cnt" class="subsectioncontent standardsubsection">
+                        #if($cpeCount>1)
                             Several possible CPEs where identified. If one of the following are correct please update the configuration
                             to set the hash code for this file to the CPE entry below.<br/><br/>
-                                #* http://web.nvd.nist.gov/view/vuln/search-results?cpe=cpe%3A%2Fa%3Aapache%3Astruts%3A2.2.1 *#
+                        #end
-                                #foreach($cpe in $dependency.getCPEs())
+                        #if($dependency.getIdentifiers().size()==0)
-                                    <a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($cpe)" target="blank">$esc.html($cpe)</a><br/>
+                            <ul><li><b>None</b></li></ul>
+                        #end
+                        #if($dependency.getIdentifiers().size()>0)
+                            <ul>
+                            #foreach($id in $dependency.getIdentifiers())
+                                ##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
+                                <li><b>$esc.html($id.type):</b>&nbsp;$esc.html($id.title)&nbsp;:&nbsp;<a href="$esc.html($id.url)" target="blank">$esc.html($id.value)</a></li>
+                            #end
+                            </ul>
                         #end
                      </div>
-                        #end
-                        
-                        #if($dependency.getCPEs().size()==0)
-                            <h4>No CPE Identifiers were found for this dependency.</h4>
-                        #end
                 </div>
                 #end
             </div>
         </div>        
-        </div>        
     </body>
 </html>

src/test/java/org/codesecure/dependencycheck/EngineTest.java

@@ -4,14 +4,7 @@
  */
 package org.codesecure.dependencycheck;
 
-import org.codesecure.dependencycheck.Engine;
+import org.codesecure.dependencycheck.data.lucene.BaseIndexTestCase;
-import org.codesecure.dependencycheck.dependency.Dependency;
-import org.codesecure.dependencycheck.data.cpe.CPEQuery;
-import java.io.IOException;
-import org.codesecure.dependencycheck.data.BaseIndexTestCase;
-import java.io.File;
-import java.util.List;
-import java.util.Map;
 import org.codesecure.dependencycheck.reporting.ReportGenerator;
 import org.junit.After;
 import org.junit.AfterClass;
@@ -24,7 +17,7 @@ import static org.junit.Assert.*;
  *
  * @author Jeremy Long (jeremy.long@gmail.com)
  */
-public class EngineTest extends BaseIndexTestCase{
+public class EngineTest extends BaseIndexTestCase {
 
     public EngineTest(String testName) {
         super(testName);
@@ -46,29 +39,19 @@ public class EngineTest extends BaseIndexTestCase{
     public void tearDown() {
     }
 
-
     /**
      * Test of scan method, of class Engine.
      * @throws Exception is thrown when an exception occurs.
      */
     @Test
-    //TODO remove the throws exception, this needs to be much more grainular.
     public void testScan() throws Exception {
         System.out.println("scan");
-        String path = "./src/test/resources";
+        String path = "./src/test/resources/";
         Engine instance = new Engine();
         instance.scan(path);
-        assertTrue(instance.getDependencies().size()>0);
+        assertTrue(instance.getDependencies().size() > 0);
-        CPEQuery query = new CPEQuery();
+        instance.analyzeDependencies();
-        query.open();
-        List<Dependency> dependencies = instance.getDependencies();
-        for (Dependency d : dependencies) {
-            query.determineCPE(d);
-        }
-        query.close();
         ReportGenerator rg = new ReportGenerator();
         rg.generateReports("./target/", "DependencyCheck", instance.getDependencies());
-
     }
-
 }

src/test/java/org/codesecure/dependencycheck/analyzer/AnalyzerServiceTest.java

@@ -53,7 +53,7 @@ public class AnalyzerServiceTest {
         while (result.hasNext()) {
             Analyzer a = result.next();
             Set<String> e = a.getSupportedExtensions();
-            if (e.contains("jar")) {
+            if (e != null && e.contains("jar")) {
                 found = true;
             }
         }

src/test/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzerTest.java

@@ -0,0 +1,125 @@
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.codesecure.dependencycheck.analyzer;
+
+import java.io.File;
+import java.util.Set;
+import org.codesecure.dependencycheck.dependency.Dependency;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+/**
+ *
+ * @author Jeremy Long (jeremy.long@gmail.com)
+ */
+public class FileNameAnalyzerTest {
+    
+    public FileNameAnalyzerTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() throws Exception {
+    }
+
+    @AfterClass
+    public static void tearDownClass() throws Exception {
+    }
+    
+    @Before
+    public void setUp() {
+    }
+    
+    @After
+    public void tearDown() {
+    }
+
+    /**
+     * Test of getSupportedExtensions method, of class FileNameAnalyzer.
+     */
+    @Test
+    public void testGetSupportedExtensions() {
+        System.out.println("getSupportedExtensions");
+        FileNameAnalyzer instance = new FileNameAnalyzer();
+        Set expResult = null;
+        Set result = instance.getSupportedExtensions();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getName method, of class FileNameAnalyzer.
+     */
+    @Test
+    public void testGetName() {
+        System.out.println("getName");
+        FileNameAnalyzer instance = new FileNameAnalyzer();
+        String expResult = "File Name Analyzer";
+        String result = instance.getName();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of supportsExtension method, of class FileNameAnalyzer.
+     */
+    @Test
+    public void testSupportsExtension() {
+        System.out.println("supportsExtension");
+        String extension = "any";
+        FileNameAnalyzer instance = new FileNameAnalyzer();
+        boolean expResult = true;
+        boolean result = instance.supportsExtension(extension);
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getAnalysisPhase method, of class FileNameAnalyzer.
+     */
+    @Test
+    public void testGetAnalysisPhase() {
+        System.out.println("getAnalysisPhase");
+        FileNameAnalyzer instance = new FileNameAnalyzer();
+        AnalysisPhase expResult = AnalysisPhase.INFORMATION_COLLECTION;
+        AnalysisPhase result = instance.getAnalysisPhase();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of analyze method, of class FileNameAnalyzer.
+     */
+    @Test
+    public void testAnalyze() throws Exception {
+        System.out.println("analyze");
+        File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
+        Dependency result = new Dependency(file);
+        FileNameAnalyzer instance = new FileNameAnalyzer();
+        instance.analyze(result);
+        assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("struts"));
+    }
+
+    /**
+     * Test of initialize method, of class FileNameAnalyzer.
+     */
+    @Test
+    public void testInitialize() {
+        System.out.println("initialize");
+        FileNameAnalyzer instance = new FileNameAnalyzer();
+        instance.initialize();
+        assertTrue(true); //initialize does nothing.
+    }
+
+    /**
+     * Test of close method, of class FileNameAnalyzer.
+     */
+    @Test
+    public void testClose() {
+        System.out.println("close");
+        FileNameAnalyzer instance = new FileNameAnalyzer();
+        instance.close();        
+        assertTrue(true); //close does nothing.
+    }
+}

src/test/java/org/codesecure/dependencycheck/analyzer/JarAnalyzerTest.java

@@ -47,20 +47,19 @@ public class JarAnalyzerTest {
      * @throws Exception is thrown when an excpetion occurs.
      */
     @Test
-    public void testInsepct() throws Exception {
+    public void testAnalyze() throws Exception {
-        System.out.println("insepct");
+        System.out.println("analyze");
         File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
+        Dependency result = new Dependency(file);
         JarAnalyzer instance = new JarAnalyzer();
-        Dependency result = instance.insepct(file);
+        instance.analyze(result);
-        assertEquals("C30B57142E1CCBC1EFD5CD15F307358F", result.getMd5sum());
-        assertEquals("89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B", result.getSha1sum());
         assertTrue(result.getVendorEvidence().toString().toLowerCase().contains("apache"));
         assertTrue(result.getVendorEvidence().getWeighting().contains("apache"));
 
 
         file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jetty.jar").getPath());
-        
+        result = new Dependency(file);
-        result = instance.insepct(file);
+        instance.analyze(result);
         boolean found = false;
         for (Evidence e : result.getProductEvidence()) {
             if (e.getName().equals("package-title") && e.getValue().equals("org.mortbay.http")) {
@@ -89,8 +88,9 @@ public class JarAnalyzerTest {
         assertTrue("implementation-version of 4.2.27 not found in org.mortbay.jetty.jar", found);
 
         file = new File(this.getClass().getClassLoader().getResource("org.mortbay.jmx.jar").getPath());
-        result = instance.insepct(file);
+        result = new Dependency(file);
-        assertEquals("org.mortbar,jmx.jar has version evidence?",result.getVersionEvidence().size(),0);     
+        instance.analyze(result);
+        assertEquals("org.mortbar,jmx.jar has version evidence?", result.getVersionEvidence().size(), 0);
     }
 
     /**

src/test/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzerTest.java

@@ -11,18 +11,20 @@ import java.util.List;
 import java.util.Set;
 import org.apache.lucene.index.CorruptIndexException;
 import org.apache.lucene.queryParser.ParseException;
-import org.codesecure.dependencycheck.data.BaseIndexTestCase;
+import org.codesecure.dependencycheck.data.lucene.BaseIndexTestCase;
 import org.codesecure.dependencycheck.dependency.Dependency;
 import org.codesecure.dependencycheck.analyzer.JarAnalyzer;
+import org.codesecure.dependencycheck.dependency.Evidence;
+import org.codesecure.dependencycheck.dependency.Evidence.Confidence;
 import org.junit.Test;
 
 /**
  *
  * @author jeremy
  */
-public class CPEQueryTest extends BaseIndexTestCase {
+public class CPEAnalyzerTest extends BaseIndexTestCase {
 
-    public CPEQueryTest(String testName) {
+    public CPEAnalyzerTest(String testName) {
         super(testName);
     }
 
@@ -37,7 +39,7 @@ public class CPEQueryTest extends BaseIndexTestCase {
     }
 
     /**
-     * Tests of buildSearch of class CPEQuery.
+     * Tests of buildSearch of class CPEAnalyzer.
      * @throws IOException is thrown when an IO Exception occurs.
      * @throws CorruptIndexException is thrown when the index is corrupt.
      * @throws ParseException is thrown when a parse exception occurs
@@ -54,7 +56,7 @@ public class CPEQueryTest extends BaseIndexTestCase {
         String vendor = "apache software foundation";
         String product = "struts 2 core";
         String version = "2.1.2";
-        CPEQuery instance = new CPEQuery();
+        CPEAnalyzer instance = new CPEAnalyzer();
 
         String queryText = instance.buildSearch(vendor, product, version, null, null);
         String expResult = " product:( struts 2 core )  AND  vendor:( apache software foundation )  AND version:(2.1.2^0.7 )";
@@ -74,13 +76,13 @@ public class CPEQueryTest extends BaseIndexTestCase {
     }
 
     /**
-     * Test of open method, of class CPEQuery.
+     * Test of open method, of class CPEAnalyzer.
      * @throws Exception is thrown when an exception occurs
      */
     @Test
     public void testOpen() throws Exception {
         System.out.println("open");
-        CPEQuery instance = new CPEQuery();
+        CPEAnalyzer instance = new CPEAnalyzer();
         assertFalse(instance.isOpen());
         instance.open();
         assertTrue(instance.isOpen());
@@ -89,7 +91,7 @@ public class CPEQueryTest extends BaseIndexTestCase {
     }
 
     /**
-     * Test of determineCPE method, of class CPEQuery.
+     * Test of determineCPE method, of class CPEAnalyzer.
      * @throws Exception is thrown when an exception occurs
      */
     @Test
@@ -97,18 +99,20 @@ public class CPEQueryTest extends BaseIndexTestCase {
         System.out.println("determineCPE");
         File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
         JarAnalyzer jarAnalyzer = new JarAnalyzer();
-        Dependency depends = jarAnalyzer.insepct(file);
+        Dependency depends = new Dependency(file);
-        CPEQuery instance = new CPEQuery();
+        jarAnalyzer.analyze(depends);
+        
+        CPEAnalyzer instance = new CPEAnalyzer();
         instance.open();
         String expResult = "cpe:/a:apache:struts:2.1.2";
         instance.determineCPE(depends);
         instance.close();
-        assertTrue("Incorrect match", depends.getCPEs().contains(expResult));
+        assertTrue("Incorrect match", depends.getIdentifiers().size() == 1);
-        assertTrue("Incorrect match", depends.getCPEs().size() == 1);
+        assertTrue("Incorrect match", depends.getIdentifiers().get(0).getValue().equals(expResult));
     }
 
     /**
-     * Test of searchCPE method, of class CPEQuery.
+     * Test of searchCPE method, of class CPEAnalyzer.
      * @throws Exception is thrown when an exception occurs
      */
     @Test
@@ -117,7 +121,7 @@ public class CPEQueryTest extends BaseIndexTestCase {
         String vendor = "apache software foundation";
         String product = "struts 2 core";
         String version = "2.1.2";
-        CPEQuery instance = new CPEQuery();
+        CPEAnalyzer instance = new CPEAnalyzer();
         instance.open();
         String expResult = "cpe:/a:apache:struts:2.1.2";
         List<Entry> result = instance.searchCPE(vendor, product, version);
@@ -127,17 +131,14 @@ public class CPEQueryTest extends BaseIndexTestCase {
         product = "struts 2 core";
         version = "2.3.1.2";
 
-        expResult = "cpe:/a:apache:struts";
+        expResult = "cpe:/a:apache:struts:2.3.1.2";
         result = instance.searchCPE(vendor, product, version);
-        //TODO fix this
+        assertEquals(expResult, result.get(0).getName());
-        assertTrue(result.isEmpty());
-        //boolean startsWith = result.get(0).getName().startsWith(expResult);
-        //assertTrue("CPE does not begin with apache struts", startsWith);
         instance.close();
     }
 
     /**
-     * Test of searchCPE method, of class CPEQuery.
+     * Test of searchCPE method, of class CPEAnalyzer.
      * @throws Exception is thrown when an exception occurs
      */
     @Test
@@ -148,7 +149,7 @@ public class CPEQueryTest extends BaseIndexTestCase {
         String version = "2.1.2";
         String expResult = "cpe:/a:apache:struts:2.1.2";
 
-        CPEQuery instance = new CPEQuery();
+        CPEAnalyzer instance = new CPEAnalyzer();
         instance.open();
 
         //TODO - yeah, not a very good test as the results are the same with or without weighting...

src/test/java/org/codesecure/dependencycheck/data/cpe/IndexTest.java

@@ -4,7 +4,7 @@
  */
 package org.codesecure.dependencycheck.data.cpe;
 
-import org.codesecure.dependencycheck.data.BaseIndexTestCase;
+import org.codesecure.dependencycheck.data.lucene.BaseIndexTestCase;
 import java.io.IOException;
 import java.util.logging.Level;
 import java.util.logging.Logger;

src/test/java/org/codesecure/dependencycheck/data/lucene/BaseIndexTestCase.java

@@ -2,7 +2,7 @@
  * To change this template, choose Tools | Templates
  * and open the template in the editor.
  */
-package org.codesecure.dependencycheck.data;
+package org.codesecure.dependencycheck.data.lucene;
 
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;

src/test/java/org/codesecure/dependencycheck/data/lucene/LuceneUtilsTest.java

@@ -2,8 +2,9 @@
  * To change this template, choose Tools | Templates
  * and open the template in the editor.
  */
-package org.codesecure.dependencycheck.data;
+package org.codesecure.dependencycheck.data.lucene;
 
+import org.codesecure.dependencycheck.data.lucene.LuceneUtils;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;

src/test/java/org/codesecure/dependencycheck/dependency/DependencyTest.java

@@ -4,6 +4,7 @@
  */
 package org.codesecure.dependencycheck.dependency;
 
+import java.io.File;
 import org.codesecure.dependencycheck.dependency.Dependency;
 import org.codesecure.dependencycheck.dependency.Evidence;
 import java.util.List;
@@ -63,4 +64,269 @@ public class DependencyTest {
         assertTrue(instance.containsUsedString(str));
         assertTrue(instance.containsUsedString(str2));
     }
+
+    /**
+     * Test of getFileName method, of class Dependency.
+     */
+    @Test
+    public void testGetFileName() {
+        System.out.println("getFileName");
+        Dependency instance = new Dependency();
+        String expResult = "filename";
+        instance.setFileName(expResult);
+        String result = instance.getFileName();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of setFileName method, of class Dependency.
+     */
+    @Test
+    public void testSetFileName() {
+        System.out.println("setFileName");
+        String fileName = "test.file";
+        Dependency instance = new Dependency();
+        instance.setFileName(fileName);
+        assertEquals(fileName,instance.getFileName());
+    }
+
+    /**
+     * Test of setActualFilePath method, of class Dependency.
+     */
+    @Test
+    public void testSetActualFilePath() {
+        System.out.println("setActualFilePath");
+        String actualFilePath = "test.file";
+        Dependency instance = new Dependency();
+        instance.setActualFilePath(actualFilePath);
+        assertEquals(actualFilePath,instance.getActualFilePath());
+    }
+
+    /**
+     * Test of getActualFilePath method, of class Dependency.
+     */
+    @Test
+    public void testGetActualFilePath() {
+        System.out.println("getActualFilePath");
+        Dependency instance = new Dependency();
+        String expResult = "test.file";
+        instance.setActualFilePath(expResult);
+        String result = instance.getActualFilePath();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of setFilePath method, of class Dependency.
+     */
+    @Test
+    public void testSetFilePath() {
+        System.out.println("setFilePath");
+        String filePath = "test.file";
+        Dependency instance = new Dependency();
+        instance.setFilePath(filePath);
+        assertEquals(filePath,instance.getFilePath());
+    }
+
+    /**
+     * Test of getFilePath method, of class Dependency.
+     */
+    @Test
+    public void testGetFilePath() {
+        System.out.println("getFilePath");
+        Dependency instance = new Dependency();
+        String expResult = "path/test.file";
+        instance.setFilePath(expResult);
+        String result = instance.getFilePath();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of setFileExtension method, of class Dependency.
+     */
+    @Test
+    public void testSetFileExtension() {
+        System.out.println("setFileExtension");
+        String fileExtension = "jar";
+        Dependency instance = new Dependency();
+        instance.setFileExtension(fileExtension);
+        assertEquals(fileExtension,instance.getFileExtension());
+    }
+
+    /**
+     * Test of getFileExtension method, of class Dependency.
+     */
+    @Test
+    public void testGetFileExtension() {
+        System.out.println("getFileExtension");
+        Dependency instance = new Dependency();
+        String expResult = "jar";
+        instance.setFileExtension(expResult);
+        String result = instance.getFileExtension();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of getMd5sum method, of class Dependency.
+     */
+    @Test
+    public void testGetMd5sum() {
+        System.out.println("getMd5sum");
+        File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
+        Dependency instance = new Dependency(file);
+//        assertEquals("89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B", result.getSha1sum());
+        String expResult = "C30B57142E1CCBC1EFD5CD15F307358F";
+        String result = instance.getMd5sum();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of setMd5sum method, of class Dependency.
+     */
+    @Test
+    public void testSetMd5sum() {
+        System.out.println("setMd5sum");
+        String md5sum = "test";
+        Dependency instance = new Dependency();
+        instance.setMd5sum(md5sum);
+        assertEquals(md5sum,instance.getMd5sum());
+    }
+
+    /**
+     * Test of getSha1sum method, of class Dependency.
+     */
+    @Test
+    public void testGetSha1sum() {
+        System.out.println("getSha1sum");
+        File file = new File(this.getClass().getClassLoader().getResource("struts2-core-2.1.2.jar").getPath());
+        Dependency instance = new Dependency(file);
+        String expResult = "89CE9E36AA9A9E03F1450936D2F4F8DD0F961F8B";
+        String result = instance.getSha1sum();
+        assertEquals(expResult, result);
+    }
+
+    /**
+     * Test of setSha1sum method, of class Dependency.
+     */
+    @Test
+    public void testSetSha1sum() {
+        System.out.println("setSha1sum");
+        String sha1sum = "test";
+        Dependency instance = new Dependency();
+        instance.setSha1sum(sha1sum);
+        assertEquals(sha1sum,instance.getSha1sum());
+    }
+
+    /**
+     * Test of getIdentifiers method, of class Dependency.
+     */
+    @Test
+    public void testGetIdentifiers() {
+        System.out.println("getIdentifiers");
+        Dependency instance = new Dependency();
+        List expResult = null;
+        List result = instance.getIdentifiers();
+        
+        assertTrue(true); //this is just a getter setter pair.
+    }
+
+    /**
+     * Test of setIdentifiers method, of class Dependency.
+     */
+    @Test
+    public void testSetIdentifiers() {
+        System.out.println("setIdentifiers");
+        List<Identifier> identifiers = null;
+        Dependency instance = new Dependency();
+        instance.setIdentifiers(identifiers);
+        assertTrue(true); //this is just a getter setter pair.
+    }
+
+    /**
+     * Test of addIdentifier method, of class Dependency.
+     */
+    @Test
+    public void testAddIdentifier() {
+        System.out.println("addIdentifier");
+        String type = "cpe";
+        String value = "cpe:/a:apache:struts:2.1.2";
+        String title = "Apache Struts 2.1.2";
+        String url = "http://somewhere";
+        Dependency instance = new Dependency();
+        instance.addIdentifier(type, value, title, url);
+        assertEquals(1,instance.getIdentifiers().size());
+        Identifier i = instance.getIdentifiers().get(0);
+        assertEquals(type,i.getType());
+        assertEquals(value, i.getValue());
+        assertEquals(title, i.getTitle());
+        assertEquals(url, i.getUrl());
+    }
+
+    /**
+     * Test of getEvidence method, of class Dependency.
+     */
+    @Test
+    public void testGetEvidence() {
+        System.out.println("getEvidence");
+        Dependency instance = new Dependency();
+        EvidenceCollection expResult = null;
+        EvidenceCollection result = instance.getEvidence();
+        assertTrue(true); //this is just a getter setter pair.
+    }
+
+    /**
+     * Test of getEvidenceUsed method, of class Dependency.
+     */
+    @Test
+    public void testGetEvidenceUsed() {
+        System.out.println("getEvidenceUsed");
+        Dependency instance = new Dependency();
+        String expResult = "used";
+        
+        instance.getProductEvidence().addEvidence("used", "used", "used", Evidence.Confidence.HIGH);
+        instance.getProductEvidence().addEvidence("not", "not", "not", Evidence.Confidence.MEDIUM);
+        for (Evidence e : instance.getProductEvidence().iterator(Evidence.Confidence.HIGH)) {
+            String use = e.getValue();
+        }
+        
+        EvidenceCollection result = instance.getEvidenceUsed();
+        
+        assertEquals(1, result.size());
+        assertTrue(result.containsUsedString(expResult));
+    }
+
+    /**
+     * Test of getVendorEvidence method, of class Dependency.
+     */
+    @Test
+    public void testGetVendorEvidence() {
+        System.out.println("getVendorEvidence");
+        Dependency instance = new Dependency();
+        EvidenceCollection expResult = null;
+        EvidenceCollection result = instance.getVendorEvidence();
+        assertTrue(true); //this is just a getter setter pair.
+    }
+
+    /**
+     * Test of getProductEvidence method, of class Dependency.
+     */
+    @Test
+    public void testGetProductEvidence() {
+        System.out.println("getProductEvidence");
+        Dependency instance = new Dependency();
+        EvidenceCollection expResult = null;
+        EvidenceCollection result = instance.getProductEvidence();
+        assertTrue(true); //this is just a getter setter pair.
+    }
+
+    /**
+     * Test of getVersionEvidence method, of class Dependency.
+     */
+    @Test
+    public void testGetVersionEvidence() {
+        System.out.println("getVersionEvidence");
+        Dependency instance = new Dependency();
+        EvidenceCollection expResult = null;
+        EvidenceCollection result = instance.getVersionEvidence();
+        assertTrue(true); //this is just a getter setter pair.
+    }
 }

src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java

@@ -10,7 +10,7 @@ import java.util.ArrayList;
 import java.io.File;
 import org.codesecure.dependencycheck.dependency.Dependency;
 import java.util.HashMap;
-import org.codesecure.dependencycheck.data.BaseIndexTestCase;
+import org.codesecure.dependencycheck.data.lucene.BaseIndexTestCase;
 import java.util.Map;
 import org.codesecure.dependencycheck.dependency.Evidence.Confidence;
 import org.junit.After;
@@ -56,56 +56,56 @@ public class ReportGeneratorTest extends BaseIndexTestCase {
     public void testGenerateReport() throws Exception {
         System.out.println("generateReport");
         String templateName = "HtmlReport";
-        File f = new File("target/test-reports");
+//        File f = new File("target/test-reports");
-        if (!f.exists()) {
+//        if (!f.exists()) {
-            f.mkdir();
+//            f.mkdir();
-        }
+//        }
-        String writeTo = "target/test-reports/Report.html";
+//        String writeTo = "target/test-reports/Report.html";
-        Map<String, Object> properties = new HashMap<String, Object>();
+//        Map<String, Object> properties = new HashMap<String, Object>();
-        Dependency d = new Dependency();
+//        Dependency d = new Dependency();
-        d.setFileName("FileName.jar");
+//        d.setFileName("FileName.jar");
-        d.setActualFilePath("lib/FileName.jar");
+//        d.setActualFilePath("lib/FileName.jar");
-        d.addCPEentry("cpe://a:/some:cpe:1.0");
+//        d.addCPEentry("cpe://a:/some:cpe:1.0");
-        
+//        
-        List<Dependency> dependencies = new ArrayList<Dependency>();
+//        List<Dependency> dependencies = new ArrayList<Dependency>();
-        d.getProductEvidence().addEvidence("jar","filename","<test>test", Confidence.HIGH);
+//        d.getProductEvidence().addEvidence("jar","filename","<test>test", Confidence.HIGH);
-        d.getProductEvidence().addEvidence("manifest","vendor","<test>test", Confidence.HIGH);
+//        d.getProductEvidence().addEvidence("manifest","vendor","<test>test", Confidence.HIGH);
-        
+//        
-        for (Evidence e : d.getProductEvidence().iterator(Confidence.HIGH)) {
+//        for (Evidence e : d.getProductEvidence().iterator(Confidence.HIGH)) {
-            String t = e.getValue();
+//            String t = e.getValue();
-        }
+//        }
-        dependencies.add(d);
+//        dependencies.add(d);
-        
+//        
-        Dependency d2 = new Dependency();
+//        Dependency d2 = new Dependency();
-        d2.setFileName("Another.jar");
+//        d2.setFileName("Another.jar");
-        d2.setActualFilePath("lib/Another.jar");
+//        d2.setActualFilePath("lib/Another.jar");
-        d2.addCPEentry("cpe://a:/another:cpe:1.0");
+//        d2.addCPEentry("cpe://a:/another:cpe:1.0");
-        d2.addCPEentry("cpe://a:/another:cpe:1.1");
+//        d2.addCPEentry("cpe://a:/another:cpe:1.1");
-        d2.addCPEentry("cpe://a:/another:cpe:1.2");
+//        d2.addCPEentry("cpe://a:/another:cpe:1.2");
-        d2.getProductEvidence().addEvidence("jar","filename","another.jar", Confidence.HIGH);
+//        d2.getProductEvidence().addEvidence("jar","filename","another.jar", Confidence.HIGH);
-        d2.getProductEvidence().addEvidence("manifest","vendor","Company A", Confidence.MEDIUM);
+//        d2.getProductEvidence().addEvidence("manifest","vendor","Company A", Confidence.MEDIUM);
-        
+//        
-        for (Evidence e : d2.getProductEvidence().iterator(Confidence.HIGH)) {
+//        for (Evidence e : d2.getProductEvidence().iterator(Confidence.HIGH)) {
-            String t = e.getValue();
+//            String t = e.getValue();
-        }
+//        }
-        
+//        
-        dependencies.add(d2);
+//        dependencies.add(d2);
-        
+//        
-        Dependency d3 = new Dependency();
+//        Dependency d3 = new Dependency();
-        d3.setFileName("Third.jar");
+//        d3.setFileName("Third.jar");
-        d3.setActualFilePath("lib/Third.jar");
+//        d3.setActualFilePath("lib/Third.jar");
-        d3.getProductEvidence().addEvidence("jar","filename","third.jar", Confidence.HIGH);
+//        d3.getProductEvidence().addEvidence("jar","filename","third.jar", Confidence.HIGH);
-        
+//        
-        for (Evidence e : d3.getProductEvidence().iterator(Confidence.HIGH)) {
+//        for (Evidence e : d3.getProductEvidence().iterator(Confidence.HIGH)) {
-            String t = e.getValue();
+//            String t = e.getValue();
-        }
+//        }
-         
+//         
-        dependencies.add(d3);
+//        dependencies.add(d3);
-        
+//        
-        properties.put("dependencies",dependencies);
+//        properties.put("dependencies",dependencies);
-        
+//        
-        ReportGenerator instance = new ReportGenerator();
+//        ReportGenerator instance = new ReportGenerator();
-        instance.generateReport(templateName, writeTo, properties);
+//        instance.generateReport(templateName, writeTo, properties);
         //TODO add an assertion here...
         //assertTrue("need to add a real check here", false);
     }

src/test/resources/MANIFEST.MF

@@ -0,0 +1,189 @@
+Manifest-Version: 1.0
+Archiver-Version: Plexus Archiver
+Created-By: 1.5.0_10 (Sun Microsystems Inc.)
+Built-By: dbrown
+Build-Jdk: 1.5.0_10
+Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt
+Import-Package: com.opensymphony.xwork2,com.opensymphony.xwork2.config
+ ,com.opensymphony.xwork2.config.entities,com.opensymphony.xwork2.conf
+ ig.providers,com.opensymphony.xwork2.conversion,com.opensymphony.xwor
+ k2.conversion.impl,com.opensymphony.xwork2.inject,com.opensymphony.xw
+ ork2.interceptor,com.opensymphony.xwork2.ognl,com.opensymphony.xwork2
+ .util,com.opensymphony.xwork2.util.location,com.opensymphony.xwork2.u
+ til.logging,com.opensymphony.xwork2.util.profiling,com.opensymphony.x
+ work2.util.reflection,com.opensymphony.xwork2.validator,freemarker.ca
+ che,freemarker.core,freemarker.ext.beans,freemarker.ext.jsp,freemarke
+ r.ext.servlet,freemarker.ext.util,freemarker.template,javax.servlet,j
+ avax.servlet.http,javax.servlet.jsp,javax.servlet.jsp.tagext,javax.xm
+ l.transform,javax.xml.transform.dom,javax.xml.transform.stream,ognl,o
+ rg.apache.commons.fileupload;version="1.2",org.apache.commons.fileupl
+ oad.disk;version="1.2",org.apache.commons.fileupload.servlet;version=
+ "1.2",org.apache.struts2;version="2.1.2",org.apache.struts2.component
+ s;version="2.1.2",org.apache.struts2.components.template;version="2.1
+ .2",org.apache.struts2.config;version="2.1.2",org.apache.struts2.disp
+ atcher;version="2.1.2",org.apache.struts2.dispatcher.mapper;version="
+ 2.1.2",org.apache.struts2.dispatcher.multipart;version="2.1.2",org.ap
+ ache.struts2.impl;version="2.1.2",org.apache.struts2.interceptor;vers
+ ion="2.1.2",org.apache.struts2.interceptor.debugging;version="2.1.2",
+ org.apache.struts2.interceptor.validation;version="2.1.2",org.apache.
+ struts2.servlet.interceptor;version="2.1.2",org.apache.struts2.static
+ ;version="2.1.2",org.apache.struts2.util;version="2.1.2",org.apache.s
+ truts2.views;version="2.1.2",org.apache.struts2.views.annotations;ver
+ sion="2.1.2",org.apache.struts2.views.freemarker;version="2.1.2",org.
+ apache.struts2.views.freemarker.tags;version="2.1.2",org.apache.strut
+ s2.views.jsp;version="2.1.2",org.apache.struts2.views.jsp.iterator;ve
+ rsion="2.1.2",org.apache.struts2.views.jsp.ui;version="2.1.2",org.apa
+ che.struts2.views.jsp.ui.table;version="2.1.2",org.apache.struts2.vie
+ ws.util;version="2.1.2",org.apache.struts2.views.velocity;version="2.
+ 1.2",org.apache.struts2.views.velocity.components;version="2.1.2",org
+ .apache.struts2.views.xslt;version="2.1.2",org.apache.velocity,org.ap
+ ache.velocity.app,org.apache.velocity.context,org.apache.velocity.exc
+ eption,org.apache.velocity.runtime.directive,org.apache.velocity.runt
+ ime.parser.node,org.apache.velocity.runtime.resource.loader,org.apach
+ e.velocity.tools.view,org.apache.velocity.tools.view.context,org.apac
+ he.velocity.tools.view.servlet,org.w3c.dom,org.xml.sax,template.archi
+ ve.ajax;version="2.1.2",template.archive.simple;version="2.1.2",templ
+ ate.archive.xhtml;version="2.1.2",template.css_xhtml;version="2.1.2",
+ template.simple;version="2.1.2",template.xhtml;version="2.1.2"
+Bnd-LastModified: 1209700736700
+Export-Package: org.apache.struts2.views.xslt;uses:="javax.servlet.htt
+ p,com.opensymphony.xwork2,org.xml.sax,org.apache.struts2,org.w3c.dom,
+ com.opensymphony.xwork2.util.logging,javax.xml.transform,javax.xml.tr
+ ansform.dom,com.opensymphony.xwork2.util,javax.servlet,com.opensympho
+ ny.xwork2.inject,javax.xml.transform.stream";version="2.1.2",org.apac
+ he.struts2.static;version="2.1.2",org.apache.struts2.views;uses:="org
+ .apache.struts2.views.freemarker.tags,javax.servlet.http,com.opensymp
+ hony.xwork2.util,javax.servlet,org.apache.struts2.views.velocity.comp
+ onents";version="2.1.2",org.apache.struts2.views.freemarker.tags;uses
+ :="freemarker.ext.beans,freemarker.template,javax.servlet.http,com.op
+ ensymphony.xwork2.util,org.apache.struts2.components,com.opensymphony
+ .xwork2.util.logging,com.opensymphony.xwork2.inject";version="2.1.2",
+ template.archive.xhtml;version="2.1.2",org.apache.struts2.dispatcher.
+ mapper;uses:="javax.servlet.http,com.opensymphony.xwork2,com.opensymp
+ hony.xwork2.config,org.apache.struts2,com.opensymphony.xwork2.util.lo
+ gging,org.apache.struts2.dispatcher,org.apache.struts2.util,com.opens
+ ymphony.xwork2.config.entities,com.opensymphony.xwork2.inject";versio
+ n="2.1.2",org.apache.struts2;uses:="com.opensymphony.xwork2,javax.ser
+ vlet.http,com.opensymphony.xwork2.util,org.apache.struts2.dispatcher.
+ mapper,javax.servlet,javax.servlet.jsp,com.opensymphony.xwork2.util.l
+ ocation";version="2.1.2",template.css_xhtml;version="2.1.2",template.
+ archive.ajax;version="2.1.2",org.apache.struts2.interceptor;uses:="co
+ m.opensymphony.xwork2,javax.servlet.http,org.apache.struts2.servlet.i
+ nterceptor,org.apache.struts2.dispatcher.mapper,org.apache.struts2,co
+ m.opensymphony.xwork2.util.logging,org.apache.struts2.dispatcher,com.
+ opensymphony.xwork2.util,javax.servlet,org.apache.struts2.util,com.op
+ ensymphony.xwork2.config.entities,com.opensymphony.xwork2.util.profil
+ ing,com.opensymphony.xwork2.inject,org.apache.struts2.dispatcher.mult
+ ipart,com.opensymphony.xwork2.interceptor";version="2.1.2",org.apache
+ .struts2.dispatcher;uses:="org.apache.struts2.views,javax.servlet.htt
+ p,org.apache.struts2.dispatcher.mapper,com.opensymphony.xwork2.config
+ ,org.apache.struts2,com.opensymphony.xwork2.config.providers,org.apac
+ he.struts2.views.freemarker,freemarker.template,javax.servlet,org.apa
+ che.struts2.views.velocity,org.apache.struts2.util,com.opensymphony.x
+ work2.config.entities,org.apache.velocity.app,org.apache.velocity,org
+ .apache.velocity.context,com.opensymphony.xwork2.inject,com.opensymph
+ ony.xwork2.util.location,com.opensymphony.xwork2,com.opensymphony.xwo
+ rk2.util.logging,com.opensymphony.xwork2.util.reflection,javax.servle
+ t.jsp,org.apache.struts2.views.util,org.apache.struts2.config,com.ope
+ nsymphony.xwork2.util,com.opensymphony.xwork2.util.profiling,org.apac
+ he.struts2.dispatcher.multipart";version="2.1.2",org.apache.struts2.v
+ iews.freemarker;uses:="com.opensymphony.xwork2,javax.servlet.http,org
+ .apache.struts2.views,freemarker.ext.jsp,freemarker.cache,org.apache.
+ struts2,freemarker.ext.util,com.opensymphony.xwork2.util.logging,org.
+ apache.struts2.dispatcher,org.apache.struts2.views.util,freemarker.ex
+ t.servlet,freemarker.ext.beans,freemarker.template,freemarker.core,co
+ m.opensymphony.xwork2.util,javax.servlet,com.opensymphony.xwork2.inje
+ ct";version="2.1.2",org.apache.struts2.interceptor.validation;uses:="
+ com.opensymphony.xwork2,javax.servlet.http,org.apache.struts2,com.ope
+ nsymphony.xwork2.validator,com.opensymphony.xwork2.util.logging,com.o
+ pensymphony.xwork2.interceptor";version="2.1.2",org.apache.struts2.ut
+ il;uses:="javax.servlet.http,com.opensymphony.xwork2,com.opensymphony
+ .xwork2.conversion.impl,com.opensymphony.xwork2.util.logging,org.apac
+ he.struts2.dispatcher,org.apache.struts2.views.util,javax.servlet.jsp
+ ,org.apache.velocity.exception,com.opensymphony.xwork2.util,javax.ser
+ vlet,org.apache.struts2.views.jsp.ui,org.apache.velocity.app,org.apac
+ he.velocity.context,com.opensymphony.xwork2.inject";version="2.1.2",o
+ rg.apache.struts2.views.velocity;uses:="javax.servlet.http,org.apache
+ .struts2.views,com.opensymphony.xwork2,org.apache.velocity.tools.view
+ ,org.apache.struts2,com.opensymphony.xwork2.util.logging,org.apache.s
+ truts2.views.util,org.apache.velocity.tools.view.servlet,org.apache.v
+ elocity.tools.view.context,org.apache.velocity.exception,org.apache.v
+ elocity.runtime.resource.loader,com.opensymphony.xwork2.util,javax.se
+ rvlet,org.apache.struts2.util,org.apache.velocity.app,com.opensymphon
+ y.xwork2.inject,org.apache.velocity.context,org.apache.velocity";vers
+ ion="2.1.2",template.simple;version="2.1.2",org.apache.struts2.interc
+ eptor.debugging;uses:="com.opensymphony.xwork2,javax.servlet.http,org
+ .apache.struts2,com.opensymphony.xwork2.util.logging,com.opensymphony
+ .xwork2.util.reflection,org.apache.struts2.views.freemarker,com.opens
+ ymphony.xwork2.util,com.opensymphony.xwork2.inject,com.opensymphony.x
+ work2.interceptor";version="2.1.2",org.apache.struts2.views.jsp.ui;us
+ es:="javax.servlet.http,com.opensymphony.xwork2.util,org.apache.strut
+ s2.components,javax.servlet.jsp.tagext,org.apache.struts2.views.jsp,c
+ om.opensymphony.xwork2.inject,ognl,javax.servlet.jsp,com.opensymphony
+ .xwork2.ognl";version="2.1.2",org.apache.struts2.views.annotations;ve
+ rsion="2.1.2",template.archive.simple;version="2.1.2",org.apache.stru
+ ts2.servlet.interceptor;uses:="javax.servlet.http,org.apache.struts2.
+ interceptor";version="2.1.2",org.apache.struts2.components;uses:="jav
+ ax.servlet.http,org.apache.struts2.dispatcher.mapper,com.opensymphony
+ .xwork2.config,org.apache.struts2,org.apache.struts2.dispatcher,javax
+ .servlet,org.apache.struts2.util,com.opensymphony.xwork2.config.entit
+ ies,com.opensymphony.xwork2.inject,org.apache.struts2.views.annotatio
+ ns,com.opensymphony.xwork2.interceptor,com.opensymphony.xwork2,org.ap
+ ache.struts2.views.jsp,org.apache.struts2.components.template,com.ope
+ nsymphony.xwork2.util.logging,com.opensymphony.xwork2.validator,com.o
+ pensymphony.xwork2.util.reflection,javax.servlet.jsp,org.apache.strut
+ s2.views.util,com.opensymphony.xwork2.util";version="2.1.2",org.apach
+ e.struts2.views.jsp.iterator;uses:="javax.servlet.http,com.opensympho
+ ny.xwork2.util,org.apache.struts2.util,org.apache.struts2.components,
+ org.apache.struts2.views.jsp,com.opensymphony.xwork2.util.logging,jav
+ ax.servlet.jsp,org.apache.struts2.views.annotations";version="2.1.2",
+ org.apache.struts2.components.template;uses:="com.opensymphony.xwork2
+ ,javax.servlet.http,freemarker.cache,org.apache.struts2.components,co
+ m.opensymphony.xwork2.config,com.opensymphony.xwork2.util.logging,jav
+ ax.servlet.jsp,org.apache.struts2.views.freemarker,freemarker.templat
+ e,com.opensymphony.xwork2.util,freemarker.core,javax.servlet,org.apac
+ he.struts2.views.velocity,org.apache.velocity.app,org.apache.velocity
+ .context,org.apache.velocity,com.opensymphony.xwork2.inject";version=
+ "2.1.2",org.apache.struts2.views.jsp;uses:="com.opensymphony.xwork2,j
+ avax.servlet.http,org.apache.struts2.dispatcher.mapper,org.apache.str
+ uts2.components,com.opensymphony.xwork2.config,javax.servlet.jsp.tage
+ xt,org.apache.struts2,com.opensymphony.xwork2.util.logging,org.apache
+ .struts2.dispatcher,org.apache.struts2.views.util,javax.servlet.jsp,c
+ om.opensymphony.xwork2.util,javax.servlet,org.apache.struts2.util,com
+ .opensymphony.xwork2.inject";version="2.1.2",org.apache.struts2.views
+ .velocity.components;uses:="org.apache.velocity.exception,javax.servl
+ et.http,com.opensymphony.xwork2.util,org.apache.velocity.runtime.pars
+ er.node,org.apache.struts2.components,com.opensymphony.xwork2.inject,
+ org.apache.velocity.context,org.apache.velocity.runtime.directive";ve
+ rsion="2.1.2",org.apache.struts2.config;uses:="com.opensymphony.xwork
+ 2,org.apache.struts2.dispatcher.mapper,com.opensymphony.xwork2.conver
+ sion.impl,org.apache.struts2.components,com.opensymphony.xwork2.confi
+ g,org.apache.struts2,com.opensymphony.xwork2.util.logging,com.opensym
+ phony.xwork2.validator,com.opensymphony.xwork2.util.reflection,com.op
+ ensymphony.xwork2.config.providers,com.opensymphony.xwork2.conversion
+ ,org.apache.struts2.views.freemarker,com.opensymphony.xwork2.util,jav
+ ax.servlet,org.apache.struts2.util,org.apache.struts2.views.velocity,
+ com.opensymphony.xwork2.inject,org.apache.struts2.dispatcher.multipar
+ t,com.opensymphony.xwork2.util.location";version="2.1.2",org.apache.s
+ truts2.views.util;uses:="javax.servlet.http,com.opensymphony.xwork2,o
+ rg.apache.struts2,com.opensymphony.xwork2.util.logging,com.opensympho
+ ny.xwork2.util,org.apache.struts2.util,org.apache.struts2.views.jsp.u
+ i,com.opensymphony.xwork2.inject";version="2.1.2",org.apache.struts2.
+ impl;uses:="com.opensymphony.xwork2,com.opensymphony.xwork2.config.en
+ tities,com.opensymphony.xwork2.config,com.opensymphony.xwork2.inject,
+ com.opensymphony.xwork2.util.reflection,com.opensymphony.xwork2.inter
+ ceptor";version="2.1.2",org.apache.struts2.views.jsp.ui.table;version
+ ="2.1.2",template.xhtml;version="2.1.2",org.apache.struts2.dispatcher
+ .multipart;uses:="javax.servlet.http,javax.servlet,org.apache.commons
+ .fileupload.servlet,com.opensymphony.xwork2.util.logging,com.opensymp
+ hony.xwork2.inject,org.apache.struts2.dispatcher,org.apache.commons.f
+ ileupload.disk,org.apache.commons.fileupload";version="2.1.2"
+Bundle-Version: 2.1.2
+Bundle-Description: Apache Struts 2
+Bundle-Name: Struts 2 Core
+Bundle-DocURL: http://www.apache.org
+Bundle-ManifestVersion: 2
+Bundle-Vendor: Apache Software Foundation
+Bundle-SymbolicName: org.apache.struts.struts2-core
+Tool: Bnd-0.0.238
+