github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 18:41:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

documentation update v1.4.4

Browse Source
This commit is contained in:
Jeremy Long
2016-11-05 09:41:16 -04:00
parent e1a447f722
commit a1b5e3f7b0
1217 changed files with 79708 additions and 51391 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
xref/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.html
View File

@@ -431,64 +431,66 @@
<a class="jxr_linenumber" name="L423" href="#L423">423</a> String parentPath = dependency.getFilePath().toLowerCase();
<a class="jxr_linenumber" name="L424" href="#L424">424</a> <strong class="jxr_keyword">if</strong> (parentPath.contains(<span class="jxr_string">".jar"</span>)) {
<a class="jxr_linenumber" name="L425" href="#L425">425</a> parentPath = parentPath.substring(0, parentPath.indexOf(<span class="jxr_string">".jar"</span>) + 4);
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> parent = findDependency(parentPath, engine.getDependencies());
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <strong class="jxr_keyword">if</strong> (parent != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <strong class="jxr_keyword">boolean</strong> remove = false;
<a class="jxr_linenumber" name="L429" href="#L429">429</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency.getIdentifiers()) {
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <strong class="jxr_keyword">final</strong> String trimmedCPE = trimCpeToVendor(i.getValue());
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">for</strong> (Identifier parentId : parent.getIdentifiers()) {
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(parentId.getType()) &amp;&amp; parentId.getValue().startsWith(trimmedCPE)) {
<a class="jxr_linenumber" name="L434" href="#L434">434</a> remove |= <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L435" href="#L435">435</a> }
<a class="jxr_linenumber" name="L436" href="#L436">436</a> }
<a class="jxr_linenumber" name="L437" href="#L437">437</a> }
<a class="jxr_linenumber" name="L438" href="#L438">438</a> <strong class="jxr_keyword">if</strong> (!remove) { <em class="jxr_comment">//we can escape early</em>
<a class="jxr_linenumber" name="L439" href="#L439">439</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L440" href="#L440">440</a> }
<a class="jxr_linenumber" name="L441" href="#L441">441</a> }
<a class="jxr_linenumber" name="L442" href="#L442">442</a> <strong class="jxr_keyword">if</strong> (remove) {
<a class="jxr_linenumber" name="L443" href="#L443">443</a> engine.getDependencies().remove(dependency);
<a class="jxr_linenumber" name="L444" href="#L444">444</a> }
<a class="jxr_linenumber" name="L445" href="#L445">445</a> }
<a class="jxr_linenumber" name="L446" href="#L446">446</a> }
<a class="jxr_linenumber" name="L447" href="#L447">447</a>
<a class="jxr_linenumber" name="L448" href="#L448">448</a> }
<a class="jxr_linenumber" name="L449" href="#L449">449</a> }
<a class="jxr_linenumber" name="L450" href="#L450">450</a>
<a class="jxr_linenumber" name="L451" href="#L451">451</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L452" href="#L452">452</a> <em class="jxr_javadoccomment"> * Retrieves a given dependency, based on a given path, from a list of dependencies.</em>
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <em class="jxr_javadoccomment"> * @param dependencyPath the path of the dependency to return</em>
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <em class="jxr_javadoccomment"> * @param dependencies the collection of dependencies to search</em>
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <em class="jxr_javadoccomment"> * @return the dependency object for the given path, otherwise null</em>
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> findDependency(String dependencyPath, List&lt;Dependency&gt; dependencies) {
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <strong class="jxr_keyword">if</strong> (d.getFilePath().equalsIgnoreCase(dependencyPath)) {
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <strong class="jxr_keyword">return</strong> d;
<a class="jxr_linenumber" name="L462" href="#L462">462</a> }
<a class="jxr_linenumber" name="L463" href="#L463">463</a> }
<a class="jxr_linenumber" name="L464" href="#L464">464</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L465" href="#L465">465</a> }
<a class="jxr_linenumber" name="L466" href="#L466">466</a>
<a class="jxr_linenumber" name="L467" href="#L467">467</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L468" href="#L468">468</a> <em class="jxr_javadoccomment"> * Takes a full CPE and returns the CPE trimmed to include only vendor and product.</em>
<a class="jxr_linenumber" name="L469" href="#L469">469</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <em class="jxr_javadoccomment"> * @param value the CPE value to trim</em>
<a class="jxr_linenumber" name="L471" href="#L471">471</a> <em class="jxr_javadoccomment"> * @return a CPE value that only includes the vendor and product</em>
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L473" href="#L473">473</a> <strong class="jxr_keyword">private</strong> String trimCpeToVendor(String value) {
<a class="jxr_linenumber" name="L474" href="#L474">474</a> <em class="jxr_comment">//cpe:/a:jruby:jruby:1.0.8</em>
<a class="jxr_linenumber" name="L475" href="#L475">475</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos1 = value.indexOf(':', 7); <em class="jxr_comment">//right of vendor</em>
<a class="jxr_linenumber" name="L476" href="#L476">476</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos2 = value.indexOf(':', pos1 + 1); <em class="jxr_comment">//right of product</em>
<a class="jxr_linenumber" name="L477" href="#L477">477</a> <strong class="jxr_keyword">if</strong> (pos2 &lt; 0) {
<a class="jxr_linenumber" name="L478" href="#L478">478</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="L479" href="#L479">479</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L480" href="#L480">480</a> <strong class="jxr_keyword">return</strong> value.substring(0, pos2);
<a class="jxr_linenumber" name="L481" href="#L481">481</a> }
<a class="jxr_linenumber" name="L482" href="#L482">482</a> }
<a class="jxr_linenumber" name="L483" href="#L483">483</a> }
<a class="jxr_linenumber" name="L426" href="#L426">426</a> <strong class="jxr_keyword">final</strong> List&lt;Dependency&gt; dependencies = engine.getDependencies();
<a class="jxr_linenumber" name="L427" href="#L427">427</a> <strong class="jxr_keyword">synchronized</strong> (dependencies) {
<a class="jxr_linenumber" name="L428" href="#L428">428</a> <strong class="jxr_keyword">final</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> parent = findDependency(parentPath, dependencies);
<a class="jxr_linenumber" name="L429" href="#L429">429</a> <strong class="jxr_keyword">if</strong> (parent != <strong class="jxr_keyword">null</strong>) {
<a class="jxr_linenumber" name="L430" href="#L430">430</a> <strong class="jxr_keyword">boolean</strong> remove = false;
<a class="jxr_linenumber" name="L431" href="#L431">431</a> <strong class="jxr_keyword">for</strong> (Identifier i : dependency.getIdentifiers()) {
<a class="jxr_linenumber" name="L432" href="#L432">432</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(i.getType())) {
<a class="jxr_linenumber" name="L433" href="#L433">433</a> <strong class="jxr_keyword">final</strong> String trimmedCPE = trimCpeToVendor(i.getValue());
<a class="jxr_linenumber" name="L434" href="#L434">434</a> <strong class="jxr_keyword">for</strong> (Identifier parentId : parent.getIdentifiers()) {
<a class="jxr_linenumber" name="L435" href="#L435">435</a> <strong class="jxr_keyword">if</strong> (<span class="jxr_string">"cpe"</span>.equals(parentId.getType()) &amp;&amp; parentId.getValue().startsWith(trimmedCPE)) {
<a class="jxr_linenumber" name="L436" href="#L436">436</a> remove |= <strong class="jxr_keyword">true</strong>;
<a class="jxr_linenumber" name="L437" href="#L437">437</a> }
<a class="jxr_linenumber" name="L438" href="#L438">438</a> }
<a class="jxr_linenumber" name="L439" href="#L439">439</a> }
<a class="jxr_linenumber" name="L440" href="#L440">440</a> <strong class="jxr_keyword">if</strong> (!remove) { <em class="jxr_comment">//we can escape early</em>
<a class="jxr_linenumber" name="L441" href="#L441">441</a> <strong class="jxr_keyword">return</strong>;
<a class="jxr_linenumber" name="L442" href="#L442">442</a> }
<a class="jxr_linenumber" name="L443" href="#L443">443</a> }
<a class="jxr_linenumber" name="L444" href="#L444">444</a> <strong class="jxr_keyword">if</strong> (remove) {
<a class="jxr_linenumber" name="L445" href="#L445">445</a> dependencies.remove(dependency);
<a class="jxr_linenumber" name="L446" href="#L446">446</a> }
<a class="jxr_linenumber" name="L447" href="#L447">447</a> }
<a class="jxr_linenumber" name="L448" href="#L448">448</a> }
<a class="jxr_linenumber" name="L449" href="#L449">449</a> }
<a class="jxr_linenumber" name="L450" href="#L450">450</a> }
<a class="jxr_linenumber" name="L451" href="#L451">451</a> }
<a class="jxr_linenumber" name="L452" href="#L452">452</a>
<a class="jxr_linenumber" name="L453" href="#L453">453</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L454" href="#L454">454</a> <em class="jxr_javadoccomment"> * Retrieves a given dependency, based on a given path, from a list of dependencies.</em>
<a class="jxr_linenumber" name="L455" href="#L455">455</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L456" href="#L456">456</a> <em class="jxr_javadoccomment"> * @param dependencyPath the path of the dependency to return</em>
<a class="jxr_linenumber" name="L457" href="#L457">457</a> <em class="jxr_javadoccomment"> * @param dependencies the collection of dependencies to search</em>
<a class="jxr_linenumber" name="L458" href="#L458">458</a> <em class="jxr_javadoccomment"> * @return the dependency object for the given path, otherwise null</em>
<a class="jxr_linenumber" name="L459" href="#L459">459</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L460" href="#L460">460</a> <strong class="jxr_keyword">private</strong> <a href="../../../../org/owasp/dependencycheck/dependency/Dependency.html">Dependency</a> findDependency(String dependencyPath, List&lt;Dependency&gt; dependencies) {
<a class="jxr_linenumber" name="L461" href="#L461">461</a> <strong class="jxr_keyword">for</strong> (Dependency d : dependencies) {
<a class="jxr_linenumber" name="L462" href="#L462">462</a> <strong class="jxr_keyword">if</strong> (d.getFilePath().equalsIgnoreCase(dependencyPath)) {
<a class="jxr_linenumber" name="L463" href="#L463">463</a> <strong class="jxr_keyword">return</strong> d;
<a class="jxr_linenumber" name="L464" href="#L464">464</a> }
<a class="jxr_linenumber" name="L465" href="#L465">465</a> }
<a class="jxr_linenumber" name="L466" href="#L466">466</a> <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a class="jxr_linenumber" name="L467" href="#L467">467</a> }
<a class="jxr_linenumber" name="L468" href="#L468">468</a>
<a class="jxr_linenumber" name="L469" href="#L469">469</a> <em class="jxr_javadoccomment">/**</em>
<a class="jxr_linenumber" name="L470" href="#L470">470</a> <em class="jxr_javadoccomment"> * Takes a full CPE and returns the CPE trimmed to include only vendor and product.</em>
<a class="jxr_linenumber" name="L471" href="#L471">471</a> <em class="jxr_javadoccomment"> *</em>
<a class="jxr_linenumber" name="L472" href="#L472">472</a> <em class="jxr_javadoccomment"> * @param value the CPE value to trim</em>
<a class="jxr_linenumber" name="L473" href="#L473">473</a> <em class="jxr_javadoccomment"> * @return a CPE value that only includes the vendor and product</em>
<a class="jxr_linenumber" name="L474" href="#L474">474</a> <em class="jxr_javadoccomment"> */</em>
<a class="jxr_linenumber" name="L475" href="#L475">475</a> <strong class="jxr_keyword">private</strong> String trimCpeToVendor(String value) {
<a class="jxr_linenumber" name="L476" href="#L476">476</a> <em class="jxr_comment">//cpe:/a:jruby:jruby:1.0.8</em>
<a class="jxr_linenumber" name="L477" href="#L477">477</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos1 = value.indexOf(':', 7); <em class="jxr_comment">//right of vendor</em>
<a class="jxr_linenumber" name="L478" href="#L478">478</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">int</strong> pos2 = value.indexOf(':', pos1 + 1); <em class="jxr_comment">//right of product</em>
<a class="jxr_linenumber" name="L479" href="#L479">479</a> <strong class="jxr_keyword">if</strong> (pos2 &lt; 0) {
<a class="jxr_linenumber" name="L480" href="#L480">480</a> <strong class="jxr_keyword">return</strong> value;
<a class="jxr_linenumber" name="L481" href="#L481">481</a> } <strong class="jxr_keyword">else</strong> {
<a class="jxr_linenumber" name="L482" href="#L482">482</a> <strong class="jxr_keyword">return</strong> value.substring(0, pos2);
<a class="jxr_linenumber" name="L483" href="#L483">483</a> }
<a class="jxr_linenumber" name="L484" href="#L484">484</a> }
<a class="jxr_linenumber" name="L485" href="#L485">485</a> }
</pre>
<hr/>
<div id="footer">Copyright &#169; 2012&#x2013;2016 <a href="http://www.owasp.org">OWASP</a>. All rights reserved.</div>