Updated to support the tracking of suppressed CPE/CVE per issue #66

Former-commit-id: 12b514a914a1b1df96e92efd78e6a7ec6b9c42bd

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.java

@@ -109,6 +109,17 @@ public class NvdCveAnalyzer implements Analyzer {
                 }
             }
         }
+        for (Identifier id : dependency.getSuppressedIdentifiers()) {
+            if ("cpe".equals(id.getType())) {
+                try {
+                    final String value = id.getValue();
+                    final List<Vulnerability> vulns = cveDB.getVulnerabilities(value);
+                    dependency.getSuppressedVulnerabilities().addAll(vulns);
+                } catch (DatabaseException ex) {
+                    throw new AnalysisException(ex);
+                }
+            }
+        }
     }
 
     /**

dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Dependency.java

@@ -290,6 +290,69 @@ public class Dependency implements Comparable<Dependency> {
     public void addIdentifier(Identifier identifier) {
         this.identifiers.add(identifier);
     }
+    /**
+     * A set of identifiers that have been suppressed.
+     */
+    private Set<Identifier> suppressedIdentifiers;
+
+    /**
+     * Get the value of suppressedIdentifiers.
+     *
+     * @return the value of suppressedIdentifiers
+     */
+    public Set<Identifier> getSuppressedIdentifiers() {
+        return suppressedIdentifiers;
+    }
+
+    /**
+     * Set the value of suppressedIdentifiers.
+     *
+     * @param suppressedIdentifiers new value of suppressedIdentifiers
+     */
+    public void setSuppressedIdentifiers(Set<Identifier> suppressedIdentifiers) {
+        this.suppressedIdentifiers = suppressedIdentifiers;
+    }
+
+    /**
+     * Adds an identifier to the list of suppressed identifiers.
+     *
+     * @param identifier an identifier that was suppressed.
+     */
+    public void addSuppressedIdentifier(Identifier identifier) {
+        this.suppressedIdentifiers.add(identifier);
+    }
+
+    /**
+     * A set of vulnerabilities that have been suppressed.
+     */
+    private SortedSet<Vulnerability> suppressedVulnerabilities;
+
+    /**
+     * Get the value of suppressedVulnerabilities.
+     *
+     * @return the value of suppressedVulnerabilities
+     */
+    public SortedSet<Vulnerability> getSuppressedVulnerabilities() {
+        return suppressedVulnerabilities;
+    }
+
+    /**
+     * Set the value of suppressedVulnerabilities.
+     *
+     * @param suppressedVulnerabilities new value of suppressedVulnerabilities
+     */
+    public void setSuppressedVulnerabilities(SortedSet<Vulnerability> suppressedVulnerabilities) {
+        this.suppressedVulnerabilities = suppressedVulnerabilities;
+    }
+
+    /**
+     * Adds a vulnerability to the set of suppressed vulnerabilities.
+     *
+     * @param vulnerability the vulnerability that was suppressed
+     */
+    public void addSuppressedVulnerability(Vulnerability vulnerability) {
+        this.suppressedVulnerabilities.add(vulnerability);
+    }
 
     /**
      * Returns the evidence used to identify this dependency.

dependency-check-core/src/main/java/org/owasp/dependencycheck/suppression/SuppressionRule.java

@@ -254,6 +254,7 @@ public class SuppressionRule {
                 final Identifier i = itr.next();
                 for (PropertyType c : this.cpe) {
                     if (cpeMatches(c, i)) {
+                        dependency.addSuppressedIdentifier(i);
                         itr.remove();
                         break;
                     }
@@ -292,6 +293,7 @@ public class SuppressionRule {
                     }
                 }
                 if (remove) {
+                    dependency.addSuppressedVulnerability(v);
                     itr.remove();
                 }
             }