github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 16:23:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #880 from elenoir/enhance_csv_report

Browse Source 
Enhance csv report
This commit is contained in:
Jeremy Long
2017-09-30 07:29:03 -04:00
committed by GitHub
parent 3b019d173c 9a9cf826ab
commit b6936bf805
3 changed files with 150 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
dependency-check-core/src/main/java/org/owasp/dependencycheck/reporting/EscapeTool.java
View File

@@ -179,4 +179,57 @@ public class EscapeTool {
}
return StringEscapeUtils.escapeCsv(sb.toString());
}
/**
* Takes a set of Identifiers, filters them to just CPEs, and formats them
* for confidence display in a CSV.
*
* @param ids the set of identifiers
* @return the formated list of confidence
*/
public String csvCpeConfidence(Set<Identifier> ids) {
if (ids == null || ids.isEmpty()) {
return "";
}
boolean addComma = false;
final StringBuilder sb = new StringBuilder();
for (Identifier id : ids) {
if ("cpe".equals(id.getType())) {
if (addComma) {
sb.append(", ");
} else {
addComma = true;
}
sb.append(id.getConfidence());
}
}
return StringEscapeUtils.escapeCsv(sb.toString());
}
/**
* Takes a set of Identifiers, filters them to just GAVs, and formats them
* for display in a CSV.
*
* @param ids the set of identifiers
* @return the formated list of GAV identifiers
*/
public String csvGav(Set<Identifier> ids) {
if (ids == null || ids.isEmpty()) {
return "";
}
boolean addComma = false;
final StringBuilder sb = new StringBuilder();
for (Identifier id : ids) {
if ("maven".equals(id.getType())) {
if (addComma) {
sb.append(", ");
} else {
addComma = true;
}
sb.append(id.getValue());
}
}
return StringEscapeUtils.escapeCsv(sb.toString());
}
}

4
dependency-check-core/src/main/resources/templates/csvReport.vsl
View File

@@ -17,11 +17,11 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
@author Jeremy Long <jeremy.long@owasp.org>
@version 1 *###
"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2"
"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2","GAV","CPE Confidence","Evidence Count"
#macro(writeSev $score)#if($score<4.0)"Low"#elseif($score>=7.0)"High"#else"Medium"#end#end
#foreach($dependency in $dependencies)#if($dependency.getVulnerabilities().size()>0)
#foreach($vuln in $dependency.getVulnerabilities())
$enc.csv($applicationName),$enc.csv($scanDate),$enc.csv($dependency.DisplayFileName),#if($dependency.FilePath)$enc.csv($dependency.FilePath)#end,#if($dependency.description)$enc.csv($dependency.description)#end,#if($dependency.license)$enc.csv($dependency.license)#end,#if($dependency.Md5sum)$enc.csv($dependency.Md5sum)#end,#if($dependency.Sha1sum)$enc.csv($dependency.Sha1sum)#end,#if($dependency.identifiers)$enc.csvIdentifiers($dependency.identifiers)#end,#if($dependency.identifiers)$enc.csvCpe($dependency.identifiers)#end,#if($vuln.name)$enc.csv($vuln.name)#end,#if($dependency.cwe)$enc.csv($vuln.cwe)#end,#if($vuln.description)$enc.csv($vuln.description)#end,#if($vuln.getSource().name())$enc.csv($vuln.getSource().name())#end,#writeSev($vuln.cvssScore),$vuln.cvssScore
$enc.csv($applicationName),$enc.csv($scanDate),$enc.csv($dependency.DisplayFileName),#if($dependency.FilePath)$enc.csv($dependency.FilePath)#end,#if($dependency.description)$enc.csv($dependency.description)#end,#if($dependency.license)$enc.csv($dependency.license)#end,#if($dependency.Md5sum)$enc.csv($dependency.Md5sum)#end,#if($dependency.Sha1sum)$enc.csv($dependency.Sha1sum)#end,#if($dependency.identifiers)$enc.csvIdentifiers($dependency.identifiers)#end,#if($dependency.identifiers)$enc.csvCpe($dependency.identifiers)#end,#if($vuln.name)$enc.csv($vuln.name)#end,#if($dependency.cwe)$enc.csv($vuln.cwe)#end,#if($vuln.description)$enc.csv($vuln.description)#end,#if($vuln.getSource().name())$enc.csv($vuln.getSource().name())#end,#writeSev($vuln.cvssScore),$vuln.cvssScore,#if($dependency.identifiers)$enc.csvGav($dependency.identifiers)#end,#if($dependency.identifiers)$enc.csvCpeConfidence($dependency.identifiers)#end,$dependency.getEvidenceForDisplay().size()
#end
#end
#end

95
dependency-check-core/src/test/java/org/owasp/dependencycheck/reporting/EscapeToolTest.java
View File

@@ -21,6 +21,8 @@ import java.util.HashSet;
import java.util.Set;
import org.junit.Test;
import static org.junit.Assert.*;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Identifier;
/**
@@ -228,4 +230,97 @@ public class EscapeToolTest {
result = instance.csvCpe(ids);
assertTrue(expResult.equals(result) || expResult2.equals(result));
}
/**
* Test of csvCpeConfidence method, of class EscapeTool.
*/
@Test
public void testCsvCpeConfidence() {
EscapeTool instance = new EscapeTool();
Set<Identifier> ids = null;
String expResult = "";
String result = instance.csvCpeConfidence(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
expResult = "";
result = instance.csvCpeConfidence(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
ids.add(new Identifier("gav", "somegroup:something:1.0", ""));
expResult = "";
result = instance.csvCpeConfidence(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
Identifier i1 = new Identifier("cpe", "cpe:/a:somegroup:something:1.0", "");
i1.setConfidence(Confidence.HIGH);
ids.add(i1);
expResult = "HIGH";
result = instance.csvCpeConfidence(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
i1 = new Identifier("cpe", "cpe:/a:somegroup:something:1.0", "");
i1.setConfidence(Confidence.HIGH);
ids.add(i1);
Identifier i2 = new Identifier("cpe", "cpe:/a:somegroup:something2:1.0", "");
i2.setConfidence(Confidence.MEDIUM);
ids.add(i2);
Identifier i3 = new Identifier("gav", "somegroup:something:1.0", "");
i3.setConfidence(Confidence.LOW);
ids.add(i3);
expResult = "\"HIGH, MEDIUM\"";
String expResult2 = "\"MEDIUM, HIGH\"";
result = instance.csvCpeConfidence(ids);
assertTrue(expResult.equals(result) || expResult2.equals(result));
}
/**
* Test of csvGav method, of class EscapeTool.
*/
@Test
public void testCsvGav() {
EscapeTool instance = new EscapeTool();
Set<Identifier> ids = null;
String expResult = "";
String result = instance.csvGav(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
expResult = "";
result = instance.csvGav(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
ids.add(new Identifier("cpe", "somegroup:something:1.0", ""));
expResult = "";
result = instance.csvGav(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
ids.add(new Identifier("maven", "somegroup:something:1.0", ""));
expResult = "somegroup:something:1.0";
result = instance.csvGav(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
ids.add(new Identifier("cpe", "cpe:/a:somegroup:something:1.0", ""));
ids.add(new Identifier("maven", "somegroup:something:1.0", ""));
expResult = "somegroup:something:1.0";
result = instance.csvGav(ids);
assertEquals(expResult, result);
ids = new HashSet<>();
ids.add(new Identifier("maven", "somegroup:something:1.0", ""));
ids.add(new Identifier("cpe", "cpe:/a:somegroup:something:1.0", ""));
ids.add(new Identifier("maven", "somegroup:something2:1.0", ""));
expResult = "\"somegroup:something:1.0, somegroup:something2:1.0\"";
String expResult2 = "\"somegroup:something2:1.0, somegroup:something:1.0\"";
result = instance.csvGav(ids);
assertTrue(expResult.equals(result) || expResult2.equals(result));
}
}