mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
simplified velocity report generation
Former-commit-id: 7c0f5bd492bce8a37c1633715d989970ee5b0d61
This commit is contained in:
Jeremy Long
@@ -26,15 +26,17 @@ import java.io.InputStream;
|
||||
import java.io.InputStreamReader;
|
||||
import java.io.OutputStream;
|
||||
import java.io.OutputStreamWriter;
|
||||
import java.text.DateFormat;
|
||||
import java.text.SimpleDateFormat;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.apache.velocity.VelocityContext;
|
||||
import org.apache.velocity.app.VelocityEngine;
|
||||
import org.apache.velocity.context.Context;
|
||||
import org.apache.velocity.runtime.RuntimeConstants;
|
||||
import org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader;
|
||||
import org.apache.velocity.tools.ToolManager;
|
||||
import org.apache.velocity.tools.config.EasyFactoryConfiguration;
|
||||
import org.owasp.dependencycheck.analyzer.Analyzer;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseProperties;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
@@ -93,10 +95,20 @@ public class ReportGenerator {
|
||||
|
||||
engine.init();
|
||||
|
||||
DateFormat dateFormat = new SimpleDateFormat("MMM d, yyyy 'at' HH:mm:ss z");
|
||||
DateFormat dateFormatXML = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSZ");
|
||||
Date d = new Date();
|
||||
String scanDate = dateFormat.format(d);
|
||||
String scanDateXML = dateFormatXML.format(d);
|
||||
EscapeTool enc = new EscapeTool();
|
||||
|
||||
context.put("applicationName", applicationName);
|
||||
context.put("dependencies", dependencies);
|
||||
context.put("analyzers", analyzers);
|
||||
context.put("properties", properties);
|
||||
context.put("scanDate", scanDate);
|
||||
context.put("scanDateXML", scanDateXML);
|
||||
context.put("enc", enc);
|
||||
context.put("version", Settings.getString("application.version", "Unknown"));
|
||||
}
|
||||
|
||||
@@ -118,15 +130,15 @@ public class ReportGenerator {
|
||||
*
|
||||
* @return a Velocity Context.
|
||||
*/
|
||||
@edu.umd.cs.findbugs.annotations.SuppressWarnings(value = "RV_RETURN_VALUE_IGNORED_INFERRED",
|
||||
justification = "No plan to fix this style issue")
|
||||
private Context createContext() {
|
||||
final ToolManager manager = new ToolManager();
|
||||
final Context c = manager.createContext();
|
||||
final EasyFactoryConfiguration config = new EasyFactoryConfiguration();
|
||||
config.addDefaultTools();
|
||||
config.toolbox("application").tool("esc", "org.apache.velocity.tools.generic.EscapeTool").tool("org.apache.velocity.tools.generic.DateTool");
|
||||
manager.configure(config);
|
||||
//REMOVED all of the velocity tools to simplify the engine trying to resolve issues running this in Jenkins
|
||||
// final ToolManager manager = new ToolManager();
|
||||
// final Context c = manager.createContext();
|
||||
// final EasyFactoryConfiguration config = new EasyFactoryConfiguration();
|
||||
// config.addDefaultTools();
|
||||
// config.toolbox("application").tool("esc", "org.apache.velocity.tools.generic.EscapeTool").tool("org.apache.velocity.tools.generic.DateTool");
|
||||
// manager.configure(config);
|
||||
VelocityContext c = new VelocityContext();
|
||||
return c;
|
||||
}
|
||||
|
||||
|
||||
@@ -471,26 +471,38 @@ implied or otherwise, with regard to the analysis or its use. Any use of the too
|
||||
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
|
||||
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.</p>
|
||||
]]#
|
||||
<h2 class="">Project: $esc.html($applicationName)</h2>
|
||||
<h2 class="">Project: $enc.html($applicationName)</h2>
|
||||
<div class="">
|
||||
#set($depCount=$dependencies.size())
|
||||
#set($vulnDepCount=0)
|
||||
#set($vulnCount=0)
|
||||
#set($vulnSuppressedCount=0)
|
||||
#set($cpeSuppressedCount=0)
|
||||
|
||||
#foreach($dependency in $dependencies)
|
||||
#set($depCount=$depCount+$dependency.getRelatedDependencies().size())
|
||||
#if($dependency.getVulnerabilities().size()>0)
|
||||
#set($vulnCount=$vulnCount+1)
|
||||
#set($vulnDepCount=$vulnDepCount+1)
|
||||
#set($vulnCount=$vulnCount+$dependency.getVulnerabilities().size())
|
||||
#end
|
||||
#if($dependency.getSuppressedIdentifiers().size()>0)
|
||||
#set($cpeSuppressedCount=$cpeSuppressedCount+1)
|
||||
#end
|
||||
#if($dependency.getSuppressedVulnerabilities().size()>0)
|
||||
#set($vulnSuppressedCount=$vulnSuppressedCount+$dependency.getSuppressedVulnerabilities().size())
|
||||
#end
|
||||
#end
|
||||
Scan Information (<a href="#" onclick="toggleDisplay(this, '.scaninfo'); return false;">show all</a>):<br/>
|
||||
<ul class="indent">
|
||||
<li><i>dependency-check version</i>: $version</li>
|
||||
<li><i>Report Generated On</i>: $date</li>
|
||||
<li><i>Report Generated On</i>: $scanDate</li>
|
||||
<li><i>Dependencies Scanned</i>: $depCount</li>
|
||||
<li><i>Vulnerable Dependencies</i>: $vulnCount</li>
|
||||
<li><i>Vulnerable Dependencies</i>: $vulnDepCount</li>
|
||||
<li><i>Vulnerabilities Found</i>: $vulnCount</li>
|
||||
<li><i>Vulnerabilities Suppressed</i>: $vulnSuppressedCount</li>
|
||||
<li class="scaninfo">...</li>
|
||||
#foreach($prop in $properties.getMetaData().entrySet())
|
||||
<li class="scaninfo hidden"><i>$esc.html($prop.key)</i>: $esc.html($prop.value)</li>
|
||||
<li class="scaninfo hidden"><i>$enc.html($prop.key)</i>: $enc.html($prop.value)</li>
|
||||
#end
|
||||
</ul><br/>
|
||||
Dependency Display: <a href="#" onclick="toggleDisplay(this,'.notvulnerable'); return false;">show all</a><br/><br/>
|
||||
@@ -499,11 +511,11 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
#foreach($dependency in $dependencies)
|
||||
#set($lnkcnt=$lnkcnt+1)
|
||||
<li class="#if($dependency.getVulnerabilities().size()==0)notvulnerable#else vulnerable#end">
|
||||
<a href="#l${lnkcnt}_$esc.html($esc.url($dependency.Sha1sum))">$esc.html($dependency.FileName)</a>
|
||||
<a href="#l${lnkcnt}_$enc.html($enc.url($dependency.Sha1sum))">$enc.html($dependency.FileName)</a>
|
||||
#if($dependency.getRelatedDependencies().size()>0)
|
||||
<ul>
|
||||
#foreach($related in $dependency.getRelatedDependencies())
|
||||
<li>$esc.html($related.FileName)</li>
|
||||
<li>$enc.html($related.FileName)</li>
|
||||
#end
|
||||
</ul>
|
||||
#end
|
||||
@@ -516,22 +528,22 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
#set($vsctr=0) ##counter to create unique groups for vulnerable software
|
||||
#foreach($dependency in $dependencies)
|
||||
#set($lnkcnt=$lnkcnt+1)
|
||||
<h3 class="subsectionheader standardsubsection#if($dependency.getVulnerabilities().size()==0) notvulnerable#end"><a name="l${lnkcnt}_$esc.html($dependency.Sha1sum)"></a>$esc.html($dependency.FileName)</h3>
|
||||
<h3 class="subsectionheader standardsubsection#if($dependency.getVulnerabilities().size()==0) notvulnerable#end"><a name="l${lnkcnt}_$enc.html($dependency.Sha1sum)"></a>$enc.html($dependency.FileName)</h3>
|
||||
<div class="subsectioncontent#if($dependency.getVulnerabilities().size()==0) notvulnerable#end">
|
||||
#if ($dependency.description)
|
||||
<p><b>Description:</b> $esc.html($dependency.description)<br/></p>
|
||||
<p><b>Description:</b> $enc.html($dependency.description)<br/></p>
|
||||
#end
|
||||
<p>
|
||||
#if ($dependency.license)
|
||||
#if ($dependency.license.startsWith("http://"))
|
||||
<b>License:</b><pre class="indent"><a href="$esc.html($dependency.license)">$esc.html($dependency.license)</a></pre>
|
||||
<b>License:</b><pre class="indent"><a href="$enc.html($dependency.license)">$enc.html($dependency.license)</a></pre>
|
||||
#else
|
||||
<b>License:</b><pre class="indent">$esc.html($dependency.license)</pre>
|
||||
<b>License:</b><pre class="indent">$enc.html($dependency.license)</pre>
|
||||
#end
|
||||
#end
|
||||
<b>File Path:</b> $esc.html($dependency.FilePath)<br/>
|
||||
<b>MD5:</b> $esc.html($dependency.Md5sum)<br/>
|
||||
<b>SHA1:</b> $esc.html($dependency.Sha1sum)
|
||||
<b>File Path:</b> $enc.html($dependency.FilePath)<br/>
|
||||
<b>MD5:</b> $enc.html($dependency.Md5sum)<br/>
|
||||
<b>SHA1:</b> $enc.html($dependency.Sha1sum)
|
||||
</p>
|
||||
#set($cnt=$cnt+1)
|
||||
<h4 id="header$cnt" class="subsectionheader expandable expandablesubsection white">Evidence</h4>
|
||||
@@ -539,7 +551,7 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
<table class="lined fullwidth" border="0">
|
||||
<tr><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:70%;">Value</th></tr>
|
||||
#foreach($evidence in $dependency.getEvidenceUsed())
|
||||
<tr><td>$esc.html($evidence.getSource())</td><td>$esc.html($evidence.getName())</td><td>$esc.html($evidence.getValue())</td></tr>
|
||||
<tr><td>$enc.html($evidence.getSource())</td><td>$enc.html($evidence.getName())</td><td>$enc.html($evidence.getValue())</td></tr>
|
||||
#end
|
||||
</table>
|
||||
</div>
|
||||
@@ -549,18 +561,18 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
<div id="content$cnt" class="subsectioncontent standardsubsection hidden">
|
||||
<ul>
|
||||
#foreach($related in $dependency.getRelatedDependencies())
|
||||
<li>$esc.html($related.FileName)
|
||||
<li>$enc.html($related.FileName)
|
||||
<ul>
|
||||
<li>File Path: $esc.html($related.FilePath)</li>
|
||||
<li>SHA1: $esc.html($related.Sha1sum)</li>
|
||||
<li>MD5: $esc.html($related.Md5sum)</li>
|
||||
<li>File Path: $enc.html($related.FilePath)</li>
|
||||
<li>SHA1: $enc.html($related.Sha1sum)</li>
|
||||
<li>MD5: $enc.html($related.Md5sum)</li>
|
||||
#foreach($id in $related.getIdentifiers())
|
||||
#if ($id.type=="maven")
|
||||
#if( $id.url )
|
||||
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
|
||||
<li>$esc.html($id.type): <a href="$esc.html($id.url)" target="_blank">$esc.html($id.value)</a>
|
||||
<li>$enc.html($id.type): <a href="$enc.html($id.url)" target="_blank">$enc.html($id.value)</a>
|
||||
#else
|
||||
<li>$esc.html($id.type): $esc.html($id.value)
|
||||
<li>$enc.html($id.type): $enc.html($id.value)
|
||||
#end
|
||||
</li>
|
||||
#end
|
||||
@@ -579,7 +591,7 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
#end
|
||||
#end
|
||||
<h4 id="header$cnt" class="subsectionheader white">Identifiers</h4>
|
||||
##: <a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($cpevalue)" target="_blank">$esc.html($cpevalue)</a></h4>
|
||||
##: <a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$enc.url($cpevalue)" target="_blank">$enc.html($cpevalue)</a></h4>
|
||||
<div id="content$cnt" class="subsectioncontent standardsubsection">
|
||||
#if ($dependency.getIdentifiers().size()==0)
|
||||
<ul><li><b>None</b></li></ul>
|
||||
@@ -588,19 +600,19 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
#foreach($id in $dependency.getIdentifiers())
|
||||
#if( $id.url )
|
||||
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
|
||||
<li><b>$esc.html($id.type):</b> <a href="$esc.html($id.url)" target="_blank">$esc.html($id.value)</a>
|
||||
<li><b>$enc.html($id.type):</b> <a href="$enc.html($id.url)" target="_blank">$enc.html($id.value)</a>
|
||||
#else
|
||||
<li><b>$esc.html($id.type):</b> $esc.html($id.value)
|
||||
<li><b>$enc.html($id.type):</b> $enc.html($id.value)
|
||||
#end
|
||||
#if ($id.confidence)
|
||||
<i>Confidence</i>:$id.confidence
|
||||
#end
|
||||
#if ($id.type=="cpe")
|
||||
##yes, we are HTML Encoding into JavaScript... the escape utils don't have a JS Encode and I haven't written one yet
|
||||
<button class="copybutton" onclick="copyText('$esc.html($dependency.FileNameForJavaScript)', '$esc.html($dependency.Sha1sum)', 'cpe', '$esc.html($id.value)')">suppress</button>
|
||||
<button class="copybutton" onclick="copyText('$enc.html($dependency.FileNameForJavaScript)', '$enc.html($dependency.Sha1sum)', 'cpe', '$enc.html($id.value)')">suppress</button>
|
||||
#end
|
||||
#if ($id.description)
|
||||
<br/>$esc.html($id.description)
|
||||
<br/>$enc.html($id.description)
|
||||
#end
|
||||
</li>
|
||||
#end
|
||||
@@ -613,7 +625,7 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
<div id="content$cnt" class="subsectioncontent standardsubsection">
|
||||
#foreach($vuln in $dependency.getVulnerabilities())
|
||||
#set($vsctr=$vsctr+1)
|
||||
<p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$esc.url($vuln.name)">$esc.html($vuln.name)</a></b> <button class="copybutton" onclick="copyText('$esc.html($dependency.FileNameForJavaScript)', '$esc.html($dependency.Sha1sum)', 'cve', '$esc.html($vuln.name)')">suppress</button></p>
|
||||
<p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$enc.url($vuln.name)">$enc.html($vuln.name)</a></b> <button class="copybutton" onclick="copyText('$enc.html($dependency.FileNameForJavaScript)', '$enc.html($dependency.Sha1sum)', 'cve', '$enc.html($vuln.name)')">suppress</button></p>
|
||||
<p>Severity:
|
||||
#if ($vuln.cvssScore<4.0)
|
||||
Low
|
||||
@@ -626,20 +638,20 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
#if ($vuln.cwe)
|
||||
<br/>CWE: $vuln.cwe
|
||||
#end</p>
|
||||
<p>$esc.html($vuln.description)
|
||||
<p>$enc.html($vuln.description)
|
||||
#if ($vuln.getReferences().size()>0)
|
||||
<ul>
|
||||
#foreach($ref in $vuln.getReferences())
|
||||
<li>$esc.html($ref.source) - <a target="_blank" href="$esc.html($ref.url)">$ref.name</a></li>
|
||||
<li>$enc.html($ref.source) - <a target="_blank" href="$enc.html($ref.url)">$ref.name</a></li>
|
||||
#end
|
||||
</ul>
|
||||
#end
|
||||
</p>
|
||||
<p>Vulnerable Software & Versions: (<a href="#" onclick="toggleDisplay(this,'.vs$vsctr'); return false;">show all</a>)<ul>
|
||||
<li class="vs$vsctr"><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($vuln.matchedCPE)">$esc.html($vuln.matchedCPE)</a> #if($vuln.hasMatchedAllPreviousCPE()) and all previous versions#end</li>
|
||||
<li class="vs$vsctr"><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$enc.url($vuln.matchedCPE)">$enc.html($vuln.matchedCPE)</a> #if($vuln.hasMatchedAllPreviousCPE()) and all previous versions#end</li>
|
||||
<li class="vs$vsctr">...</li>
|
||||
#foreach($vs in $vuln.getVulnerableSoftware())
|
||||
<li class="vs$vsctr hidden"><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$esc.url($vs.name)">$esc.html($vs.name)</a> #if($vs.hasPreviousVersion()) and all previous versions#end</li>
|
||||
<li class="vs$vsctr hidden"><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$enc.url($vs.name)">$enc.html($vs.name)</a> #if($vs.hasPreviousVersion()) and all previous versions#end</li>
|
||||
#end
|
||||
</ul></p>
|
||||
#end
|
||||
@@ -647,6 +659,138 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
#end
|
||||
</div>
|
||||
#end
|
||||
|
||||
|
||||
|
||||
## BEGIN SUPPRESSED VULNERABILITIES
|
||||
#if ($vulnSuppressedCount>0 || $cpeSuppressedCount>0)
|
||||
#set($cnt=$cnt+1)
|
||||
<h3 id="header$cnt" class="sectionheader expandable expandablesubsection white">Suppressed Vulnerabilities</h3>
|
||||
<div id="content$cnt" class="sectioncontent standardsubsection hidden">
|
||||
|
||||
#foreach($dependency in $dependencies)
|
||||
#if ($dependency.getSuppressedIdentifiers().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0)
|
||||
#set($lnkcnt=$lnkcnt+1)
|
||||
<h3 class="subsectionheader standardsubsection">$enc.html($dependency.FileName)</h3>
|
||||
<div class="subsectioncontent">
|
||||
#if ($dependency.description)
|
||||
<p><b>Description:</b> $enc.html($dependency.description)<br/></p>
|
||||
#end
|
||||
<p>
|
||||
#if ($dependency.license)
|
||||
#if ($dependency.license.startsWith("http://"))
|
||||
<b>License:</b><pre class="indent"><a href="$enc.html($dependency.license)">$enc.html($dependency.license)</a></pre>
|
||||
#else
|
||||
<b>License:</b><pre class="indent">$enc.html($dependency.license)</pre>
|
||||
#end
|
||||
#end
|
||||
<b>File Path:</b> $enc.html($dependency.FilePath)<br/>
|
||||
<b>MD5:</b> $enc.html($dependency.Md5sum)<br/>
|
||||
<b>SHA1:</b> $enc.html($dependency.Sha1sum)
|
||||
</p>
|
||||
#set($cnt=$cnt+1)
|
||||
<h4 id="header$cnt" class="subsectionheader expandable expandablesubsection white">Evidence</h4>
|
||||
<div id="content$cnt" class="subsectioncontent standardsubsection hidden">
|
||||
<table class="lined fullwidth" border="0">
|
||||
<tr><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:70%;">Value</th></tr>
|
||||
#foreach($evidence in $dependency.getEvidenceUsed())
|
||||
<tr><td>$enc.html($evidence.getSource())</td><td>$enc.html($evidence.getName())</td><td>$enc.html($evidence.getValue())</td></tr>
|
||||
#end
|
||||
</table>
|
||||
</div>
|
||||
#if($dependency.getRelatedDependencies().size()>0)
|
||||
#set($cnt=$cnt+1)
|
||||
<h4 id="header$cnt" class="subsectionheader expandable expandablesubsection white">Related Dependencies</h4>
|
||||
<div id="content$cnt" class="subsectioncontent standardsubsection hidden">
|
||||
<ul>
|
||||
#foreach($related in $dependency.getRelatedDependencies())
|
||||
<li>$enc.html($related.FileName)
|
||||
<ul>
|
||||
<li>File Path: $enc.html($related.FilePath)</li>
|
||||
<li>SHA1: $enc.html($related.Sha1sum)</li>
|
||||
<li>MD5: $enc.html($related.Md5sum)</li>
|
||||
</ul>
|
||||
</li>
|
||||
#end
|
||||
</ul>
|
||||
</div>
|
||||
#end
|
||||
#set($cnt=$cnt+1)
|
||||
#set($cpeCount=0)
|
||||
#foreach($id in $dependency.getSuppressedIdentifiers())
|
||||
#if($id.type.equals("cpe"))
|
||||
#set($cpeCount=$cpeCount+1)
|
||||
#end
|
||||
#end
|
||||
<h4 id="header$cnt" class="subsectionheader white">Suppressed Identifiers</h4>
|
||||
##: <a href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$enc.url($cpevalue)" target="_blank">$enc.html($cpevalue)</a></h4>
|
||||
<div id="content$cnt" class="subsectioncontent standardsubsection">
|
||||
#if ($dependency.getSuppressedIdentifiers().size()==0)
|
||||
<ul><li><b>None</b></li></ul>
|
||||
#else ## ($dependency.getSuppressedIdentifiers().size()>0)
|
||||
<ul>
|
||||
#foreach($id in $dependency.getSuppressedIdentifiers())
|
||||
#if( $id.url )
|
||||
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
|
||||
<li><b>$enc.html($id.type):</b> <a href="$enc.html($id.url)" target="_blank">$enc.html($id.value)</a>
|
||||
#else
|
||||
<li><b>$enc.html($id.type):</b> $enc.html($id.value)
|
||||
#end
|
||||
#if ($id.confidence)
|
||||
<i>Confidence</i>:$id.confidence
|
||||
#end
|
||||
#if ($id.description)
|
||||
<br/>$enc.html($id.description)
|
||||
#end
|
||||
</li>
|
||||
#end
|
||||
</ul>
|
||||
#end
|
||||
</div>
|
||||
#if($dependency.getSuppressedVulnerabilities().size()>0)
|
||||
#set($cnt=$cnt+1)
|
||||
<h4 id="header$cnt" class="subsectionheader expandable collaspablesubsection white">Suppressed Vulnerabilities</h4>
|
||||
<div id="content$cnt" class="subsectioncontent standardsubsection">
|
||||
#foreach($vuln in $dependency.getSuppressedVulnerabilities())
|
||||
#set($vsctr=$vsctr+1)
|
||||
<p><b><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$enc.url($vuln.name)">$enc.html($vuln.name)</a></b> <button class="copybutton" onclick="copyText('$enc.html($dependency.FileNameForJavaScript)', '$enc.html($dependency.Sha1sum)', 'cve', '$enc.html($vuln.name)')">suppress</button></p>
|
||||
<p>Severity:
|
||||
#if ($vuln.cvssScore<4.0)
|
||||
Low
|
||||
#elseif ($vuln.cvssScore>=7.0)
|
||||
High
|
||||
#else
|
||||
Medium
|
||||
#end
|
||||
<br/>CVSS Score: $vuln.cvssScore
|
||||
#if ($vuln.cwe)
|
||||
<br/>CWE: $vuln.cwe
|
||||
#end</p>
|
||||
<p>$enc.html($vuln.description)
|
||||
#if ($vuln.getReferences().size()>0)
|
||||
<ul>
|
||||
#foreach($ref in $vuln.getReferences())
|
||||
<li>$enc.html($ref.source) - <a target="_blank" href="$enc.html($ref.url)">$ref.name</a></li>
|
||||
#end
|
||||
</ul>
|
||||
#end
|
||||
</p>
|
||||
<p>Vulnerable Software & Versions: (<a href="#" onclick="toggleDisplay(this,'.vs$vsctr'); return false;">show all</a>)<ul>
|
||||
<li class="vs$vsctr"><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$enc.url($vuln.matchedCPE)">$enc.html($vuln.matchedCPE)</a> #if($vuln.hasMatchedAllPreviousCPE()) and all previous versions#end</li>
|
||||
<li class="vs$vsctr">...</li>
|
||||
#foreach($vs in $vuln.getVulnerableSoftware())
|
||||
<li class="vs$vsctr hidden"><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/search-results?cpe=$enc.url($vs.name)">$enc.html($vs.name)</a> #if($vs.hasPreviousVersion()) and all previous versions#end</li>
|
||||
#end
|
||||
</ul></p>
|
||||
#end
|
||||
</div>
|
||||
#end
|
||||
</div>
|
||||
#end
|
||||
#end
|
||||
</div>
|
||||
#end
|
||||
## END SUPPRESSED VULNERABILITIES
|
||||
</div>
|
||||
</div>
|
||||
<div><br/><br/>This report contains data retrieved from the <a href="nvd.nist.gov">National Vulnerability Database</a>.</div>
|
||||
|
||||
@@ -178,8 +178,8 @@ implied or otherwise, with regard to the analysis or its use. Any use of the too
|
||||
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
|
||||
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.</p>
|
||||
]]#
|
||||
<h2 class="sectionheader white">Project: $esc.html($applicationName)</h2>
|
||||
<div class="sectioncontent">Report Generated On: $date<br/><br/>
|
||||
<h2 class="sectionheader white">Project: $enc.html($applicationName)</h2>
|
||||
<div class="sectioncontent">Report Generated On: $scanDate<br/><br/>
|
||||
#set($depCount=$dependencies.size())
|
||||
#set($vulnCount=0)
|
||||
|
||||
@@ -205,7 +205,7 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
#if($dependency.getVulnerabilities().size()>0)
|
||||
#foreach($vuln in $dependency.getVulnerabilities())
|
||||
<tr>
|
||||
<td><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$esc.url($vuln.name)">$esc.html($vuln.name)</a></td>
|
||||
<td><a target="_blank" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=$enc.url($vuln.name)">$enc.html($vuln.name)</a></td>
|
||||
<td>
|
||||
#if ($vuln.cwe)
|
||||
$vuln.cwe
|
||||
@@ -222,10 +222,10 @@ arising out of or in connection with the use of this tool, the analysis performe
|
||||
($vuln.cvssScore)
|
||||
<td>#set($cnt=$cnt+1)
|
||||
#if($dependency.getRelatedDependencies().size()>0)<span id="header$cnt" class="expandable collapsedList">#end
|
||||
$esc.html($dependency.FileName)
|
||||
$enc.html($dependency.FileName)
|
||||
#if($dependency.getRelatedDependencies().size()>0) </span><div id="content$cnt" class="hidden">#end
|
||||
#foreach($related in $dependency.getRelatedDependencies())
|
||||
$esc.html($related.FileName)<br/>
|
||||
$enc.html($related.FileName)<br/>
|
||||
#end
|
||||
#if($dependency.getRelatedDependencies().size()>0)</div#end
|
||||
</td>
|
||||
|
||||
@@ -23,42 +23,42 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
<engineVersion>$version</engineVersion>
|
||||
#foreach($prop in $properties.getMetaData().entrySet())
|
||||
<dataSource>
|
||||
<name>$esc.xml($prop.key)</name>
|
||||
<timestamp>$esc.xml($prop.value)</timestamp>
|
||||
<name>$enc.xml($prop.key)</name>
|
||||
<timestamp>$enc.xml($prop.value)</timestamp>
|
||||
</dataSource>
|
||||
#end
|
||||
</scanInfo>
|
||||
<projectInfo>
|
||||
<name>$esc.xml($applicationName)</name>
|
||||
<reportDate>$date</reportDate>
|
||||
<name>$enc.xml($applicationName)</name>
|
||||
<reportDate>$scanDateXML</reportDate>
|
||||
<credits>This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov</credits>
|
||||
</projectInfo>
|
||||
<dependencies>
|
||||
#foreach($dependency in $dependencies)
|
||||
<dependency>
|
||||
<fileName>$esc.xml($dependency.FileName)</fileName>
|
||||
<filePath>$esc.xml($dependency.FilePath)</filePath>
|
||||
<md5>$esc.xml($dependency.Md5sum)</md5>
|
||||
<sha1>$esc.xml($dependency.Sha1sum)</sha1>
|
||||
<fileName>$enc.xml($dependency.FileName)</fileName>
|
||||
<filePath>$enc.xml($dependency.FilePath)</filePath>
|
||||
<md5>$enc.xml($dependency.Md5sum)</md5>
|
||||
<sha1>$enc.xml($dependency.Sha1sum)</sha1>
|
||||
#if ($dependency.description)
|
||||
<description>$esc.xml($dependency.description)</description>
|
||||
<description>$enc.xml($dependency.description)</description>
|
||||
#end
|
||||
#if ($dependency.license)
|
||||
<license>$esc.xml($dependency.license)</license>
|
||||
<license>$enc.xml($dependency.license)</license>
|
||||
#end
|
||||
#if ($dependency.getRelatedDependencies().size()>0)
|
||||
<relatedDependencies>
|
||||
#foreach($related in $dependency.getRelatedDependencies())
|
||||
<relatedDependency>
|
||||
<filePath>$esc.xml($related.FilePath)</filePath>
|
||||
<sha1>$esc.xml($related.Sha1sum)</sha1>
|
||||
<md5>$esc.xml($related.Md5sum)</md5>
|
||||
<filePath>$enc.xml($related.FilePath)</filePath>
|
||||
<sha1>$enc.xml($related.Sha1sum)</sha1>
|
||||
<md5>$enc.xml($related.Md5sum)</md5>
|
||||
#foreach($id in $related.getIdentifiers())
|
||||
#if ($id.type=="maven")
|
||||
<identifier type="$esc.xml($id.type)">
|
||||
<identifier type="$enc.xml($id.type)">
|
||||
<name>($id.value)</name>
|
||||
#if( $id.url )
|
||||
<url>$esc.xml($id.url)</url>
|
||||
<url>$enc.xml($id.url)</url>
|
||||
#end
|
||||
</identifier>
|
||||
#end
|
||||
@@ -70,22 +70,22 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
<evidenceCollected>
|
||||
#foreach($evidence in $dependency.getEvidenceUsed())
|
||||
<evidence>
|
||||
<source>$esc.xml($evidence.getSource())</source>
|
||||
<name>$esc.xml($evidence.getName())</name>
|
||||
<value>$esc.xml($evidence.getValue().trim())</value>
|
||||
<source>$enc.xml($evidence.getSource())</source>
|
||||
<name>$enc.xml($evidence.getName())</name>
|
||||
<value>$enc.xml($evidence.getValue().trim())</value>
|
||||
</evidence>
|
||||
#end
|
||||
</evidenceCollected>
|
||||
#if($dependency.getIdentifiers().size()>0)
|
||||
<identifiers>
|
||||
#foreach($id in $dependency.getIdentifiers())
|
||||
<identifier type="$esc.xml($id.type)" #if($id.confidence)confidence="$id.confidence"#end>
|
||||
<identifier type="$enc.xml($id.type)" #if($id.confidence)confidence="$id.confidence"#end>
|
||||
<name>($id.value)</name>
|
||||
#if( $id.url )
|
||||
<url>$esc.xml($id.url)</url>
|
||||
<url>$enc.xml($id.url)</url>
|
||||
#end
|
||||
#if( $id.description )
|
||||
<description>$esc.xml($id.description)</description>
|
||||
<description>$enc.xml($id.description)</description>
|
||||
#end
|
||||
</identifier>
|
||||
#end
|
||||
@@ -95,7 +95,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
<vulnerabilities>
|
||||
#foreach($vuln in $dependency.getVulnerabilities())
|
||||
<vulnerability>
|
||||
<name>$esc.xml($vuln.name)</name>
|
||||
<name>$enc.xml($vuln.name)</name>
|
||||
<cvssScore>$vuln.cvssScore</cvssScore>
|
||||
#if ($vuln.cvssScore<4.0)
|
||||
<severity>Low</severity>
|
||||
@@ -105,21 +105,21 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
<severity>Medium</severity>
|
||||
#end
|
||||
#if ($vuln.cwe)
|
||||
<cwe>$esc.xml($vuln.cwe)</cwe>
|
||||
<cwe>$enc.xml($vuln.cwe)</cwe>
|
||||
#end
|
||||
<description>$esc.xml($vuln.description)</description>
|
||||
<description>$enc.xml($vuln.description)</description>
|
||||
<references>
|
||||
#foreach($ref in $vuln.getReferences())
|
||||
<reference>
|
||||
<source>$esc.xml($ref.source)</source>
|
||||
<url>$esc.xml($ref.url)</url>
|
||||
<name>$esc.xml($ref.name)</name>
|
||||
<source>$enc.xml($ref.source)</source>
|
||||
<url>$enc.xml($ref.url)</url>
|
||||
<name>$enc.xml($ref.name)</name>
|
||||
</reference>
|
||||
#end
|
||||
</references>
|
||||
<vulnerableSoftware>
|
||||
#foreach($vs in $vuln.getVulnerableSoftware())
|
||||
<software#if($vs.hasPreviousVersion()) allPreviousVersion="true"#end>$esc.xml($vs.name)</software>
|
||||
<software#if($vs.hasPreviousVersion()) allPreviousVersion="true"#end>$enc.xml($vs.name)</software>
|
||||
#end
|
||||
</vulnerableSoftware>
|
||||
</vulnerability>
|
||||
|
||||
Reference in New Issue
Block a user