github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-20 08:14:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated schema and xml report to include the confidence and type of evidence

Browse Source 
Former-commit-id: 774764585a15d8d78a615f20f91c3a8aaaf4abb2
This commit is contained in:
Jeremy Long
2015-07-14 08:01:22 -04:00
parent dffb2887d6
commit a24813b678
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dependency-check-core/src/main/resources/schema/DependencyCheck.xsd → dependency-check-core/src/main/resources/schema/dependency-check.1.3.xsd
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<xs:schema id="analysis" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="https://www.owasp.org/index.php/OWASP_Dependency_Check#1.2"> <xs:schema id="analysis" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="https://jeremylong.github.io/DependencyCheck/dependency-check.1.3.xml">
<xs:element name="analysis"> <xs:element name="analysis">
<xs:complexType> <xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:sequence minOccurs="0" maxOccurs="unbounded">
@@ -111,6 +111,8 @@
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" /> <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="value" type="xs:string" minOccurs="1" maxOccurs="1" /> <xs:element name="value" type="xs:string" minOccurs="1" maxOccurs="1" />
</xs:sequence> </xs:sequence>
<xs:attribute name="type" type="xs:string" use="required" />
<xs:attribute name="confidence" type="xs:string" use="required" />
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
</xs:sequence> </xs:sequence>

20
dependency-check-core/src/main/resources/templates/XmlReport.vsl
View File

@@ -18,7 +18,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
@author Jeremy Long <jeremy.long@owasp.org> @author Jeremy Long <jeremy.long@owasp.org>
@version 1.1 @version 1.1
*#<?xml version="1.0"?> *#<?xml version="1.0"?>
<analysis xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check#1.2"> <analysis xmlns="https://jeremylong.github.io/DependencyCheck/dependency-check.1.3.xml">
<scanInfo> <scanInfo>
<engineVersion>$version</engineVersion> <engineVersion>$version</engineVersion>
#foreach($prop in $properties.getMetaData().entrySet()) #foreach($prop in $properties.getMetaData().entrySet())
@@ -68,8 +68,22 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
</relatedDependencies> </relatedDependencies>
#end #end
<evidenceCollected> <evidenceCollected>
#foreach($evidence in $dependency.getEvidenceForDisplay()) #foreach($evidence in $dependency.getVendorEvidence())
<evidence> <evidence type="vendor" confidence="$enc.xml($evidence.getConfidence().toString())">
<source>$enc.xml($evidence.getSource())</source>
<name>$enc.xml($evidence.getName())</name>
<value>$enc.xml($evidence.getValue().trim())</value>
</evidence>
#end
#foreach($evidence in $dependency.getProductEvidence())
<evidence type="product" confidence="$enc.xml($evidence.getConfidence().toString())">
<source>$enc.xml($evidence.getSource())</source>
<name>$enc.xml($evidence.getName())</name>
<value>$enc.xml($evidence.getValue().trim())</value>
</evidence>
#end
#foreach($evidence in $dependency.getVersionEvidence())
<evidence type="version" confidence="$enc.xml($evidence.getConfidence().toString())">
<source>$enc.xml($evidence.getSource())</source> <source>$enc.xml($evidence.getSource())</source>
<name>$enc.xml($evidence.getName())</name> <name>$enc.xml($evidence.getName())</name>
<value>$enc.xml($evidence.getValue().trim())</value> <value>$enc.xml($evidence.getValue().trim())</value>