From b4664f85f000c9625ec5aff7c106a81196c4e7ab Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 17 Jan 2014 20:11:06 -0500 Subject: [PATCH] moved the Confidence enumeration out of the Evidence object Former-commit-id: 77f937f2b17201b2764259ef6089f848fe8f3c8b --- .../dependencycheck/analyzer/CPEAnalyzer.java | 2 +- .../analyzer/FileNameAnalyzer.java | 14 ++-- .../analyzer/HintAnalyzer.java | 17 ++--- .../dependencycheck/analyzer/JarAnalyzer.java | 72 +++++++++---------- .../analyzer/NexusAnalyzer.java | 11 ++- .../dependencycheck/dependency/Evidence.java | 23 ------ .../dependency/EvidenceCollection.java | 20 +++--- .../dependency/DependencyTest.java | 6 +- 8 files changed, 70 insertions(+), 95 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java index 29786a99b..cea8a7460 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CPEAnalyzer.java @@ -40,9 +40,9 @@ import org.owasp.dependencycheck.data.cpe.IndexException; import org.owasp.dependencycheck.data.lucene.LuceneUtils; import org.owasp.dependencycheck.data.nvdcve.CveDB; import org.owasp.dependencycheck.data.nvdcve.DatabaseException; +import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; -import org.owasp.dependencycheck.dependency.Evidence.Confidence; import org.owasp.dependencycheck.dependency.EvidenceCollection; import org.owasp.dependencycheck.dependency.Identifier; import org.owasp.dependencycheck.dependency.VulnerableSoftware; diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java index 0a3fb8b53..35037b307 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java @@ -20,8 +20,8 @@ package org.owasp.dependencycheck.analyzer; import java.io.File; import java.util.Set; import org.owasp.dependencycheck.Engine; +import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; -import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.utils.DependencyVersion; import org.owasp.dependencycheck.utils.DependencyVersionUtil; @@ -109,22 +109,22 @@ public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer { final DependencyVersion version = DependencyVersionUtil.parseVersion(fileName); if (version != null) { dependency.getVersionEvidence().addEvidence("file", "name", - version.toString(), Evidence.Confidence.HIGHEST); + version.toString(), Confidence.HIGHEST); dependency.getVersionEvidence().addEvidence("file", "name", - fileName, Evidence.Confidence.MEDIUM); + fileName, Confidence.MEDIUM); } //add as vendor and product evidence if (fileName.contains("-")) { dependency.getProductEvidence().addEvidence("file", "name", - fileName, Evidence.Confidence.HIGHEST); + fileName, Confidence.HIGHEST); dependency.getVendorEvidence().addEvidence("file", "name", - fileName, Evidence.Confidence.HIGHEST); + fileName, Confidence.HIGHEST); } else { dependency.getProductEvidence().addEvidence("file", "name", - fileName, Evidence.Confidence.HIGH); + fileName, Confidence.HIGH); dependency.getVendorEvidence().addEvidence("file", "name", - fileName, Evidence.Confidence.HIGH); + fileName, Confidence.HIGH); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java index ffd1ad098..ff8789073 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java @@ -21,6 +21,7 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.Set; import org.owasp.dependencycheck.Engine; +import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; import org.owasp.dependencycheck.dependency.Evidence; @@ -95,29 +96,29 @@ public class HintAnalyzer extends AbstractAnalyzer implements Analyzer { final Evidence springTest1 = new Evidence("Manifest", "Implementation-Title", "Spring Framework", - Evidence.Confidence.HIGH); + Confidence.HIGH); final Evidence springTest2 = new Evidence("Manifest", "Implementation-Title", "org.springframework.core", - Evidence.Confidence.HIGH); + Confidence.HIGH); final Evidence springTest3 = new Evidence("Manifest", "Bundle-Vendor", "SpringSource", - Evidence.Confidence.HIGH); + Confidence.HIGH); Set evidence = dependency.getProductEvidence().getEvidence(); if (evidence.contains(springTest1) || evidence.contains(springTest2)) { - dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Evidence.Confidence.HIGH); - dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "SpringSource", Evidence.Confidence.HIGH); - dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Evidence.Confidence.HIGH); + dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH); + dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "SpringSource", Confidence.HIGH); + dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH); } evidence = dependency.getVendorEvidence().getEvidence(); if (evidence.contains(springTest3)) { - dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Evidence.Confidence.HIGH); - dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Evidence.Confidence.HIGH); + dependency.getProductEvidence().addEvidence("hint analyzer", "product", "springsource_spring_framework", Confidence.HIGH); + dependency.getVendorEvidence().addEvidence("hint analyzer", "vendor", "vmware", Confidence.HIGH); } final Iterator itr = dependency.getVendorEvidence().iterator(); final ArrayList newEntries = new ArrayList(); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index d33104af3..543f25738 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -48,8 +48,8 @@ import javax.xml.parsers.SAXParserFactory; import javax.xml.transform.sax.SAXSource; import org.jsoup.Jsoup; import org.owasp.dependencycheck.Engine; +import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; -import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.dependency.EvidenceCollection; import org.owasp.dependencycheck.jaxb.pom.MavenNamespaceFilter; import org.owasp.dependencycheck.jaxb.pom.generated.License; @@ -405,8 +405,8 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { groupid = groupid.substring(4); } foundSomething = true; - dependency.getVendorEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.HIGH); - dependency.getProductEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.LOW); + dependency.getVendorEvidence().addEvidence("pom", "groupid", groupid, Confidence.HIGH); + dependency.getProductEvidence().addEvidence("pom", "groupid", groupid, Confidence.LOW); addMatchingValues(classes, groupid, dependency.getVendorEvidence()); addMatchingValues(classes, groupid, dependency.getProductEvidence()); } @@ -416,8 +416,8 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { artifactid = artifactid.substring(4); } foundSomething = true; - dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.HIGH); - dependency.getVendorEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.LOW); + dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Confidence.HIGH); + dependency.getVendorEvidence().addEvidence("pom", "artifactid", artifactid, Confidence.LOW); addMatchingValues(classes, artifactid, dependency.getVendorEvidence()); addMatchingValues(classes, artifactid, dependency.getProductEvidence()); } @@ -425,7 +425,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { final String version = interpolateString(pom.getVersion(), pomProperties); if (version != null && !version.isEmpty()) { foundSomething = true; - dependency.getVersionEvidence().addEvidence("pom", "version", version, Evidence.Confidence.HIGHEST); + dependency.getVersionEvidence().addEvidence("pom", "version", version, Confidence.HIGHEST); } // org name final Organization org = pom.getOrganization(); @@ -433,7 +433,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { foundSomething = true; final String orgName = interpolateString(org.getName(), pomProperties); if (orgName != null && !orgName.isEmpty()) { - dependency.getVendorEvidence().addEvidence("pom", "organization name", orgName, Evidence.Confidence.HIGH); + dependency.getVendorEvidence().addEvidence("pom", "organization name", orgName, Confidence.HIGH); addMatchingValues(classes, orgName, dependency.getVendorEvidence()); } } @@ -441,8 +441,8 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { final String pomName = interpolateString(pom.getName(), pomProperties); if (pomName != null && !pomName.isEmpty()) { foundSomething = true; - dependency.getProductEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH); - dependency.getVendorEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH); + dependency.getProductEvidence().addEvidence("pom", "name", pomName, Confidence.HIGH); + dependency.getVendorEvidence().addEvidence("pom", "name", pomName, Confidence.HIGH); addMatchingValues(classes, pomName, dependency.getVendorEvidence()); addMatchingValues(classes, pomName, dependency.getProductEvidence()); } @@ -516,7 +516,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { //TODO remove weighting vendor.addWeighting(entry.getKey()); if (addPackagesAsEvidence && entry.getKey().length() > 1) { - vendor.addEvidence("jar", "package", entry.getKey(), Evidence.Confidence.LOW); + vendor.addEvidence("jar", "package", entry.getKey(), Confidence.LOW); } } } @@ -525,7 +525,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { if (ratio > 0.5) { product.addWeighting(entry.getKey()); if (addPackagesAsEvidence && entry.getKey().length() > 1) { - product.addEvidence("jar", "package", entry.getKey(), Evidence.Confidence.LOW); + product.addEvidence("jar", "package", entry.getKey(), Confidence.LOW); } } } @@ -582,43 +582,43 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { continue; } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_TITLE.toString())) { foundSomething = true; - productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); + productEvidence.addEvidence(source, key, value, Confidence.HIGH); addMatchingValues(classInformation, value, productEvidence); } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VERSION.toString())) { foundSomething = true; - versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); + versionEvidence.addEvidence(source, key, value, Confidence.HIGH); } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) { foundSomething = true; - vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); + vendorEvidence.addEvidence(source, key, value, Confidence.HIGH); addMatchingValues(classInformation, value, vendorEvidence); } else if (key.equalsIgnoreCase(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) { foundSomething = true; - vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); + vendorEvidence.addEvidence(source, key, value, Confidence.MEDIUM); addMatchingValues(classInformation, value, vendorEvidence); } else if (key.equalsIgnoreCase(BUNDLE_DESCRIPTION)) { foundSomething = true; addDescription(dependency, value, "manifest", key); - //productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); + //productEvidence.addEvidence(source, key, value, Confidence.MEDIUM); addMatchingValues(classInformation, value, productEvidence); } else if (key.equalsIgnoreCase(BUNDLE_NAME)) { foundSomething = true; - productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); + productEvidence.addEvidence(source, key, value, Confidence.MEDIUM); addMatchingValues(classInformation, value, productEvidence); } else if (key.equalsIgnoreCase(BUNDLE_VENDOR)) { foundSomething = true; - vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); + vendorEvidence.addEvidence(source, key, value, Confidence.HIGH); addMatchingValues(classInformation, value, vendorEvidence); } else if (key.equalsIgnoreCase(BUNDLE_VERSION)) { foundSomething = true; - versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH); + versionEvidence.addEvidence(source, key, value, Confidence.HIGH); } else if (key.equalsIgnoreCase(Attributes.Name.MAIN_CLASS.toString())) { continue; //skipping main class as if this has important information to add // it will be added during class name analysis... if other fields // have the information from the class name then they will get added... // foundSomething = true; -// productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); -// vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); +// productEvidence.addEvidence(source, key, value, Confidence.MEDIUM); +// vendorEvidence.addEvidence(source, key, value, Confidence.MEDIUM); // addMatchingValues(classInformation, value, vendorEvidence); // addMatchingValues(classInformation, value, productEvidence); } else { @@ -638,24 +638,24 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { foundSomething = true; if (key.contains("version")) { if (key.contains("specification")) { - versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); + versionEvidence.addEvidence(source, key, value, Confidence.LOW); } else { - versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); + versionEvidence.addEvidence(source, key, value, Confidence.MEDIUM); } } else if (key.contains("title")) { - productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); + productEvidence.addEvidence(source, key, value, Confidence.MEDIUM); addMatchingValues(classInformation, value, productEvidence); } else if (key.contains("vendor")) { if (key.contains("specification")) { - vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); + vendorEvidence.addEvidence(source, key, value, Confidence.LOW); } else { - vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); + vendorEvidence.addEvidence(source, key, value, Confidence.MEDIUM); addMatchingValues(classInformation, value, vendorEvidence); } } else if (key.contains("name")) { - productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); - vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM); + productEvidence.addEvidence(source, key, value, Confidence.MEDIUM); + vendorEvidence.addEvidence(source, key, value, Confidence.MEDIUM); addMatchingValues(classInformation, value, vendorEvidence); addMatchingValues(classInformation, value, productEvidence); } else if (key.contains("license")) { @@ -664,8 +664,8 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { if (key.contains("description")) { addDescription(dependency, value, "manifest", key); } else { - productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); - vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW); + productEvidence.addEvidence(source, key, value, Confidence.LOW); + vendorEvidence.addEvidence(source, key, value, Confidence.LOW); addMatchingValues(classInformation, value, vendorEvidence); addMatchingValues(classInformation, value, productEvidence); if (value.matches(".*\\d.*")) { @@ -673,7 +673,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { while (tokenizer.hasMoreElements()) { final String s = tokenizer.nextToken(); if (s.matches("^[0-9.]+$")) { - versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW); + versionEvidence.addEvidence(source, key, s, Confidence.LOW); } } } @@ -727,11 +727,11 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { sb.append("..."); descToUse = sb.toString(); } - dependency.getProductEvidence().addEvidence(source, key, descToUse, Evidence.Confidence.LOW); - dependency.getVendorEvidence().addEvidence(source, key, descToUse, Evidence.Confidence.LOW); + dependency.getProductEvidence().addEvidence(source, key, descToUse, Confidence.LOW); + dependency.getVendorEvidence().addEvidence(source, key, descToUse, Confidence.LOW); } else { - dependency.getProductEvidence().addEvidence(source, key, desc, Evidence.Confidence.MEDIUM); - dependency.getVendorEvidence().addEvidence(source, key, desc, Evidence.Confidence.MEDIUM); + dependency.getProductEvidence().addEvidence(source, key, desc, Confidence.MEDIUM); + dependency.getVendorEvidence().addEvidence(source, key, desc, Confidence.MEDIUM); } } @@ -937,7 +937,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer { for (ClassNameInformation cni : classes) { for (String key : cni.getPackageStructure()) { if (text.contains(key)) { //note, package structure elements are already lowercase. - evidence.addEvidence("jar", "package name", key, Evidence.Confidence.HIGHEST); + evidence.addEvidence("jar", "package name", key, Confidence.HIGHEST); } } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java index 210aa6176..79bc07629 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/NexusAnalyzer.java @@ -26,8 +26,8 @@ import java.util.logging.Logger; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.data.nexus.MavenArtifact; import org.owasp.dependencycheck.data.nexus.NexusSearch; +import org.owasp.dependencycheck.dependency.Confidence; import org.owasp.dependencycheck.dependency.Dependency; -import org.owasp.dependencycheck.dependency.Evidence; import org.owasp.dependencycheck.utils.Settings; /** @@ -151,16 +151,13 @@ public class NexusAnalyzer extends AbstractAnalyzer { try { final MavenArtifact ma = searcher.searchSha1(dependency.getSha1sum()); if (ma.getGroupId() != null && !"".equals(ma.getGroupId())) { - dependency.getVendorEvidence().addEvidence("nexus", "groupid", ma.getGroupId(), - Evidence.Confidence.HIGH); + dependency.getVendorEvidence().addEvidence("nexus", "groupid", ma.getGroupId(), Confidence.HIGH); } if (ma.getArtifactId() != null && !"".equals(ma.getArtifactId())) { - dependency.getProductEvidence().addEvidence("nexus", "artifactid", ma.getArtifactId(), - Evidence.Confidence.HIGH); + dependency.getProductEvidence().addEvidence("nexus", "artifactid", ma.getArtifactId(), Confidence.HIGH); } if (ma.getVersion() != null && !"".equals(ma.getVersion())) { - dependency.getVersionEvidence().addEvidence("nexus", "version", ma.getVersion(), - Evidence.Confidence.HIGH); + dependency.getVersionEvidence().addEvidence("nexus", "version", ma.getVersion(), Confidence.HIGH); } if (ma.getArtifactUrl() != null && !"".equals(ma.getArtifactUrl())) { dependency.addIdentifier("maven", ma.toString(), ma.getArtifactUrl()); diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java index 86433c893..88fc18e72 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/Evidence.java @@ -24,29 +24,6 @@ package org.owasp.dependencycheck.dependency; */ public class Evidence implements Comparable { - /** - * The confidence that the evidence is "high" quality. - */ - public enum Confidence { - - /** - * High confidence evidence. - */ - HIGHEST, - /** - * High confidence evidence. - */ - HIGH, - /** - * Medium confidence evidence. - */ - MEDIUM, - /** - * Low confidence evidence. - */ - LOW - } - /** * Creates a new Evidence object. */ diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java index 2319d3f8d..354d1f59f 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/dependency/EvidenceCollection.java @@ -43,7 +43,7 @@ public class EvidenceCollection implements Iterable { */ private static final Filter HIGHEST_CONFIDENCE = new Filter() { public boolean passes(Evidence evidence) { - return evidence.getConfidence() == Evidence.Confidence.HIGHEST; + return evidence.getConfidence() == Confidence.HIGHEST; } }; /** @@ -51,7 +51,7 @@ public class EvidenceCollection implements Iterable { */ private static final Filter HIGH_CONFIDENCE = new Filter() { public boolean passes(Evidence evidence) { - return evidence.getConfidence() == Evidence.Confidence.HIGH; + return evidence.getConfidence() == Confidence.HIGH; } }; /** @@ -59,7 +59,7 @@ public class EvidenceCollection implements Iterable { */ private static final Filter MEDIUM_CONFIDENCE = new Filter() { public boolean passes(Evidence evidence) { - return evidence.getConfidence() == Evidence.Confidence.MEDIUM; + return evidence.getConfidence() == Confidence.MEDIUM; } }; /** @@ -67,7 +67,7 @@ public class EvidenceCollection implements Iterable { */ private static final Filter LOW_CONFIDENCE = new Filter() { public boolean passes(Evidence evidence) { - return evidence.getConfidence() == Evidence.Confidence.LOW; + return evidence.getConfidence() == Confidence.LOW; } }; /** @@ -85,12 +85,12 @@ public class EvidenceCollection implements Iterable { * @param confidence the confidence level for the evidence to be iterated over. * @return Iterable an iterable collection of evidence */ - public final Iterable iterator(Evidence.Confidence confidence) { - if (confidence == Evidence.Confidence.HIGHEST) { + public final Iterable iterator(Confidence confidence) { + if (confidence == Confidence.HIGHEST) { return EvidenceCollection.HIGHEST_CONFIDENCE.filter(this.list); - } else if (confidence == Evidence.Confidence.HIGH) { + } else if (confidence == Confidence.HIGH) { return EvidenceCollection.HIGH_CONFIDENCE.filter(this.list); - } else if (confidence == Evidence.Confidence.MEDIUM) { + } else if (confidence == Confidence.MEDIUM) { return EvidenceCollection.MEDIUM_CONFIDENCE.filter(this.list); } else { return EvidenceCollection.LOW_CONFIDENCE.filter(this.list); @@ -130,7 +130,7 @@ public class EvidenceCollection implements Iterable { * @param value the value of the Evidence. * @param confidence the confidence of the Evidence. */ - public void addEvidence(String source, String name, String value, Evidence.Confidence confidence) { + public void addEvidence(String source, String name, String value, Confidence confidence) { final Evidence e = new Evidence(source, name, value, confidence); addEvidence(e); } @@ -265,7 +265,7 @@ public class EvidenceCollection implements Iterable { * @param confidence A Confidence value. * @return boolean. */ - public boolean contains(Evidence.Confidence confidence) { + public boolean contains(Confidence confidence) { for (Evidence e : list) { if (e.getConfidence().equals(confidence)) { return true; diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java index 646f583b9..54885b558 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/dependency/DependencyTest.java @@ -250,9 +250,9 @@ public class DependencyTest { Dependency instance = new Dependency(); String expResult = "used"; - instance.getProductEvidence().addEvidence("used", "used", "used", Evidence.Confidence.HIGH); - instance.getProductEvidence().addEvidence("not", "not", "not", Evidence.Confidence.MEDIUM); - for (Evidence e : instance.getProductEvidence().iterator(Evidence.Confidence.HIGH)) { + instance.getProductEvidence().addEvidence("used", "used", "used", Confidence.HIGH); + instance.getProductEvidence().addEvidence("not", "not", "not", Confidence.MEDIUM); + for (Evidence e : instance.getProductEvidence().iterator(Confidence.HIGH)) { String use = e.getValue(); }