github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

update to #657 to allow sorted vulnerable software in repots; also, sorting an array list is faster then building a treeset

Browse Source
This commit is contained in:
Jeremy Long
2017-02-21 06:38:31 -05:00
parent d31e0453bd
commit a5990ea6f3
3 changed files with 44 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Vulnerability.java
View File

@@ -18,10 +18,11 @@
package org.owasp.dependencycheck.dependency;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import org.apache.commons.lang3.builder.CompareToBuilder;
/**
@@ -139,6 +140,21 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
return references;
}
/**
* Returns the list of references. This is primarily used within the
* generated reports.
*
* @param sorted whether the returned list should be sorted
* @return the list of references
*/
public List<Reference> getReferences(boolean sorted) {
List<Reference> sortedRefs = new ArrayList<>(this.references);
if (sorted) {
Collections.sort(sortedRefs);
}
return sortedRefs;
}
/**
* Set the value of references.
*
@@ -181,6 +197,21 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
return vulnerableSoftware;
}
/**
* Returns a sorted list of vulnerable software. This is primarily used for
* display within reports.
*
* @param sorted whether or not the list should be sorted
* @return the list of vulnerable software
*/
public List<VulnerableSoftware> getVulnerableSoftware(boolean sorted) {
List<VulnerableSoftware> sortedVulnerableSoftware = new ArrayList<>(this.vulnerableSoftware);
if (sorted) {
Collections.sort(sortedVulnerableSoftware);
}
return sortedVulnerableSoftware;
}
/**
* Set the value of vulnerableSoftware.
*
@@ -398,15 +429,14 @@ public class Vulnerability implements Serializable, Comparable<Vulnerability> {
final StringBuilder sb = new StringBuilder("Vulnerability ");
sb.append(this.name);
sb.append("\nReferences:\n");
SortedSet<Reference> sortedReferences = new TreeSet<Reference>(this.references);
for (Reference reference : sortedReferences) {
for (Reference reference : getReferences(true)) {
sb.append("=> ");
sb.append(reference);
sb.append("\n");
}
sb.append("\nSoftware:\n");
SortedSet<VulnerableSoftware> sortedVulnerableSoftware = new TreeSet<VulnerableSoftware>(this.vulnerableSoftware);
for (VulnerableSoftware software : sortedVulnerableSoftware) {
for (VulnerableSoftware software : getVulnerableSoftware(true)) {
sb.append("=> ");
sb.append(software);
sb.append("\n");

8
dependency-check-core/src/main/resources/templates/HtmlReport.vsl
View File

@@ -842,7 +842,7 @@ Getting Help: <a href="https://groups.google.com/forum/#!forum/dependency-check"
<p>$enc.html($vuln.description)
#if ($vuln.getReferences().size()>0)
<ul>
#foreach($ref in $vuln.getReferences())
#foreach($ref in $vuln.getReferences(true))
<li>$enc.html($ref.source) - <a target="_blank" href="$enc.html($ref.url)">$ref.name</a></li>
#end
</ul>
@@ -857,7 +857,7 @@ Getting Help: <a href="https://groups.google.com/forum/#!forum/dependency-check"
<p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs$vsctr', 'show all', 'show less');">show all</a>)<ul>
<li class="vs$vsctr"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=$enc.url($vuln.matchedCPE)">$enc.html($vuln.matchedCPE)</a> #if($vuln.hasMatchedAllPreviousCPE()) and all previous versions#end</li>
<li class="vs$vsctr">...</li>
#foreach($vs in $vuln.getVulnerableSoftware())
#foreach($vs in $vuln.getVulnerableSoftware(true))
<li class="vs$vsctr hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=$enc.url($vs.name)">$enc.html($vs.name)</a> #if($vs.hasPreviousVersion()) and all previous versions#end</li>
#end
</ul></p>
@@ -977,7 +977,7 @@ Getting Help: <a href="https://groups.google.com/forum/#!forum/dependency-check"
<p>$enc.html($vuln.description)
#if ($vuln.getReferences().size()>0)
<ul>
#foreach($ref in $vuln.getReferences())
#foreach($ref in $vuln.getReferences(true))
<li>$enc.html($ref.source) - <a target="_blank" href="$enc.html($ref.url)">$ref.name</a></li>
#end
</ul>
@@ -991,7 +991,7 @@ Getting Help: <a href="https://groups.google.com/forum/#!forum/dependency-check"
<p>Vulnerable Software &amp; Versions:&nbsp;(<a href="#" onclick="return toggleDisplay(this,'.vs$vsctr', 'show all', 'show less');">show all</a>)<ul>
<li class="vs$vsctr"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=$enc.url($vuln.matchedCPE)">$enc.html($vuln.matchedCPE)</a> #if($vuln.hasMatchedAllPreviousCPE()) and all previous versions#end</li>
<li class="vs$vsctr">...</li>
#foreach($vs in $vuln.getVulnerableSoftware())
#foreach($vs in $vuln.getVulnerableSoftware(true))
<li class="vs$vsctr hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=$enc.url($vs.name)">$enc.html($vs.name)</a> #if($vs.hasPreviousVersion()) and all previous versions#end</li>
#end
</ul></p>

8
dependency-check-core/src/main/resources/templates/XmlReport.vsl
View File

@@ -141,7 +141,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
#end
<description>$enc.xml($vuln.description)</description>
<references>
#foreach($ref in $vuln.getReferences())
#foreach($ref in $vuln.getReferences(true))
<reference>
<source>$enc.xml($ref.source)</source>
<url>$enc.xml($ref.url)</url>
@@ -150,7 +150,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
#end
</references>
<vulnerableSoftware>
#foreach($vs in $vuln.getVulnerableSoftware())
#foreach($vs in $vuln.getVulnerableSoftware(true))
<software#if($vs.hasPreviousVersion()) allPreviousVersion="true"#end>$enc.xml($vs.name)</software>
#end
</vulnerableSoftware>
@@ -172,7 +172,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
#end
<description>$enc.xml($vuln.description)</description>
<references>
#foreach($ref in $vuln.getReferences())
#foreach($ref in $vuln.getReferences(true))
<reference>
<source>$enc.xml($ref.source)</source>
<url>$enc.xml($ref.url)</url>
@@ -181,7 +181,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
#end
</references>
<vulnerableSoftware>
#foreach($vs in $vuln.getVulnerableSoftware())
#foreach($vs in $vuln.getVulnerableSoftware(true))
<software#if($vs.hasPreviousVersion()) allPreviousVersion="true"#end>$enc.xml($vs.name)</software>
#end
</vulnerableSoftware>