mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-27 11:31:24 +01:00
Merge pull request #880 from elenoir/enhance_csv_report
Enhance csv report
This commit is contained in:
Jeremy Long
@@ -179,4 +179,57 @@ public class EscapeTool {
|
|||||||
}
|
}
|
||||||
return StringEscapeUtils.escapeCsv(sb.toString());
|
return StringEscapeUtils.escapeCsv(sb.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Takes a set of Identifiers, filters them to just CPEs, and formats them
|
||||||
|
* for confidence display in a CSV.
|
||||||
|
*
|
||||||
|
* @param ids the set of identifiers
|
||||||
|
* @return the formated list of confidence
|
||||||
|
*/
|
||||||
|
public String csvCpeConfidence(Set<Identifier> ids) {
|
||||||
|
if (ids == null || ids.isEmpty()) {
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
boolean addComma = false;
|
||||||
|
final StringBuilder sb = new StringBuilder();
|
||||||
|
for (Identifier id : ids) {
|
||||||
|
if ("cpe".equals(id.getType())) {
|
||||||
|
if (addComma) {
|
||||||
|
sb.append(", ");
|
||||||
|
} else {
|
||||||
|
addComma = true;
|
||||||
|
}
|
||||||
|
sb.append(id.getConfidence());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return StringEscapeUtils.escapeCsv(sb.toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Takes a set of Identifiers, filters them to just GAVs, and formats them
|
||||||
|
* for display in a CSV.
|
||||||
|
*
|
||||||
|
* @param ids the set of identifiers
|
||||||
|
* @return the formated list of GAV identifiers
|
||||||
|
*/
|
||||||
|
public String csvGav(Set<Identifier> ids) {
|
||||||
|
if (ids == null || ids.isEmpty()) {
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
boolean addComma = false;
|
||||||
|
final StringBuilder sb = new StringBuilder();
|
||||||
|
for (Identifier id : ids) {
|
||||||
|
if ("maven".equals(id.getType())) {
|
||||||
|
if (addComma) {
|
||||||
|
sb.append(", ");
|
||||||
|
} else {
|
||||||
|
addComma = true;
|
||||||
|
}
|
||||||
|
sb.append(id.getValue());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return StringEscapeUtils.escapeCsv(sb.toString());
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,11 +17,11 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
|
|||||||
|
|
||||||
@author Jeremy Long <jeremy.long@owasp.org>
|
@author Jeremy Long <jeremy.long@owasp.org>
|
||||||
@version 1 *###
|
@version 1 *###
|
||||||
"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2"
|
"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","Severity","CVSSv2","GAV","CPE Confidence","Evidence Count"
|
||||||
#macro(writeSev $score)#if($score<4.0)"Low"#elseif($score>=7.0)"High"#else"Medium"#end#end
|
#macro(writeSev $score)#if($score<4.0)"Low"#elseif($score>=7.0)"High"#else"Medium"#end#end
|
||||||
#foreach($dependency in $dependencies)#if($dependency.getVulnerabilities().size()>0)
|
#foreach($dependency in $dependencies)#if($dependency.getVulnerabilities().size()>0)
|
||||||
#foreach($vuln in $dependency.getVulnerabilities())
|
#foreach($vuln in $dependency.getVulnerabilities())
|
||||||
$enc.csv($applicationName),$enc.csv($scanDate),$enc.csv($dependency.DisplayFileName),#if($dependency.FilePath)$enc.csv($dependency.FilePath)#end,#if($dependency.description)$enc.csv($dependency.description)#end,#if($dependency.license)$enc.csv($dependency.license)#end,#if($dependency.Md5sum)$enc.csv($dependency.Md5sum)#end,#if($dependency.Sha1sum)$enc.csv($dependency.Sha1sum)#end,#if($dependency.identifiers)$enc.csvIdentifiers($dependency.identifiers)#end,#if($dependency.identifiers)$enc.csvCpe($dependency.identifiers)#end,#if($vuln.name)$enc.csv($vuln.name)#end,#if($dependency.cwe)$enc.csv($vuln.cwe)#end,#if($vuln.description)$enc.csv($vuln.description)#end,#if($vuln.getSource().name())$enc.csv($vuln.getSource().name())#end,#writeSev($vuln.cvssScore),$vuln.cvssScore
|
$enc.csv($applicationName),$enc.csv($scanDate),$enc.csv($dependency.DisplayFileName),#if($dependency.FilePath)$enc.csv($dependency.FilePath)#end,#if($dependency.description)$enc.csv($dependency.description)#end,#if($dependency.license)$enc.csv($dependency.license)#end,#if($dependency.Md5sum)$enc.csv($dependency.Md5sum)#end,#if($dependency.Sha1sum)$enc.csv($dependency.Sha1sum)#end,#if($dependency.identifiers)$enc.csvIdentifiers($dependency.identifiers)#end,#if($dependency.identifiers)$enc.csvCpe($dependency.identifiers)#end,#if($vuln.name)$enc.csv($vuln.name)#end,#if($dependency.cwe)$enc.csv($vuln.cwe)#end,#if($vuln.description)$enc.csv($vuln.description)#end,#if($vuln.getSource().name())$enc.csv($vuln.getSource().name())#end,#writeSev($vuln.cvssScore),$vuln.cvssScore,#if($dependency.identifiers)$enc.csvGav($dependency.identifiers)#end,#if($dependency.identifiers)$enc.csvCpeConfidence($dependency.identifiers)#end,$dependency.getEvidenceForDisplay().size()
|
||||||
#end
|
#end
|
||||||
#end
|
#end
|
||||||
#end
|
#end
|
||||||
@@ -21,6 +21,8 @@ import java.util.HashSet;
|
|||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import static org.junit.Assert.*;
|
import static org.junit.Assert.*;
|
||||||
|
|
||||||
|
import org.owasp.dependencycheck.dependency.Confidence;
|
||||||
import org.owasp.dependencycheck.dependency.Identifier;
|
import org.owasp.dependencycheck.dependency.Identifier;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -228,4 +230,97 @@ public class EscapeToolTest {
|
|||||||
result = instance.csvCpe(ids);
|
result = instance.csvCpe(ids);
|
||||||
assertTrue(expResult.equals(result) || expResult2.equals(result));
|
assertTrue(expResult.equals(result) || expResult2.equals(result));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test of csvCpeConfidence method, of class EscapeTool.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testCsvCpeConfidence() {
|
||||||
|
EscapeTool instance = new EscapeTool();
|
||||||
|
Set<Identifier> ids = null;
|
||||||
|
String expResult = "";
|
||||||
|
String result = instance.csvCpeConfidence(ids);
|
||||||
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
ids = new HashSet<>();
|
||||||
|
expResult = "";
|
||||||
|
result = instance.csvCpeConfidence(ids);
|
||||||
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
ids = new HashSet<>();
|
||||||
|
ids.add(new Identifier("gav", "somegroup:something:1.0", ""));
|
||||||
|
expResult = "";
|
||||||
|
result = instance.csvCpeConfidence(ids);
|
||||||
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
ids = new HashSet<>();
|
||||||
|
Identifier i1 = new Identifier("cpe", "cpe:/a:somegroup:something:1.0", "");
|
||||||
|
i1.setConfidence(Confidence.HIGH);
|
||||||
|
ids.add(i1);
|
||||||
|
expResult = "HIGH";
|
||||||
|
result = instance.csvCpeConfidence(ids);
|
||||||
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
ids = new HashSet<>();
|
||||||
|
i1 = new Identifier("cpe", "cpe:/a:somegroup:something:1.0", "");
|
||||||
|
i1.setConfidence(Confidence.HIGH);
|
||||||
|
ids.add(i1);
|
||||||
|
Identifier i2 = new Identifier("cpe", "cpe:/a:somegroup:something2:1.0", "");
|
||||||
|
i2.setConfidence(Confidence.MEDIUM);
|
||||||
|
ids.add(i2);
|
||||||
|
Identifier i3 = new Identifier("gav", "somegroup:something:1.0", "");
|
||||||
|
i3.setConfidence(Confidence.LOW);
|
||||||
|
ids.add(i3);
|
||||||
|
|
||||||
|
expResult = "\"HIGH, MEDIUM\"";
|
||||||
|
String expResult2 = "\"MEDIUM, HIGH\"";
|
||||||
|
result = instance.csvCpeConfidence(ids);
|
||||||
|
assertTrue(expResult.equals(result) || expResult2.equals(result));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test of csvGav method, of class EscapeTool.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testCsvGav() {
|
||||||
|
EscapeTool instance = new EscapeTool();
|
||||||
|
Set<Identifier> ids = null;
|
||||||
|
String expResult = "";
|
||||||
|
String result = instance.csvGav(ids);
|
||||||
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
ids = new HashSet<>();
|
||||||
|
expResult = "";
|
||||||
|
result = instance.csvGav(ids);
|
||||||
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
ids = new HashSet<>();
|
||||||
|
ids.add(new Identifier("cpe", "somegroup:something:1.0", ""));
|
||||||
|
expResult = "";
|
||||||
|
result = instance.csvGav(ids);
|
||||||
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
ids = new HashSet<>();
|
||||||
|
ids.add(new Identifier("maven", "somegroup:something:1.0", ""));
|
||||||
|
expResult = "somegroup:something:1.0";
|
||||||
|
result = instance.csvGav(ids);
|
||||||
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
ids = new HashSet<>();
|
||||||
|
ids.add(new Identifier("cpe", "cpe:/a:somegroup:something:1.0", ""));
|
||||||
|
ids.add(new Identifier("maven", "somegroup:something:1.0", ""));
|
||||||
|
expResult = "somegroup:something:1.0";
|
||||||
|
result = instance.csvGav(ids);
|
||||||
|
assertEquals(expResult, result);
|
||||||
|
|
||||||
|
ids = new HashSet<>();
|
||||||
|
ids.add(new Identifier("maven", "somegroup:something:1.0", ""));
|
||||||
|
ids.add(new Identifier("cpe", "cpe:/a:somegroup:something:1.0", ""));
|
||||||
|
ids.add(new Identifier("maven", "somegroup:something2:1.0", ""));
|
||||||
|
expResult = "\"somegroup:something:1.0, somegroup:something2:1.0\"";
|
||||||
|
String expResult2 = "\"somegroup:something2:1.0, somegroup:something:1.0\"";
|
||||||
|
result = instance.csvGav(ids);
|
||||||
|
assertTrue(expResult.equals(result) || expResult2.equals(result));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user