github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

added a schema for the dependency-check XML report

Browse Source 
Former-commit-id: a1ddac261454dd46e4d875c0de451db943db3674
This commit is contained in:
Jeremy Long
2013-04-20 14:41:08 -04:00
parent 1e6780a2e3
commit c9364e7b94
2 changed files with 180 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
src/main/resources/schema/DependencyCheck.xsd Normal file
View File

@@ -0,0 +1,163 @@
<?xml version="1.0" encoding="utf-8"?>
<xs:schema id="analysis" xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="analysis">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="projectInfo">
<xs:complexType>
<xs:sequence>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="reportDate" type="xs:date" minOccurs="1" maxOccurs="1" />
<xs:element name="credits" type="xs:string" minOccurs="1" maxOccurs="1" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="dependencies">
<xs:complexType>
<xs:sequence>
<xs:element name="dependency" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="fileName" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="filePath" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="md5" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="sha1" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1" />
<xs:element name="license" type="xs:string" minOccurs="0" maxOccurs="1" />
<xs:element name="relatedDependencies" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="relatedDependency" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="filePath" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="sha1" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="md5" type="xs:string" minOccurs="1" maxOccurs="1" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="analysisExceptions" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="exception" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="message" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="stackTrace" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="trace" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="innerException" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="message" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="stackTrace" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="trace" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="evidenceCollected" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="evidence" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="source" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="value" type="xs:string" minOccurs="1" maxOccurs="1" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="identifiers" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="identifier" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="url" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1" />
</xs:sequence>
<xs:attribute name="type" type="xs:string" />
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="vulnerabilities" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="vulnerability" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="cvssScore" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="severity" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="cwe" type="xs:string" minOccurs="0" maxOccurs="1" />
<xs:element name="description" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="references" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="reference" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="source" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="url" type="xs:string" minOccurs="1" maxOccurs="1" />
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="vulnerableSoftware" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="software" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="allPreviousVersion" type="xs:boolean" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>

23
src/main/resources/templates/XmlReport.vsl
View File

@@ -16,14 +16,14 @@ along with DependencyCheck. If not, see http://www.gnu.org/licenses/.
Copyright (c) 2012 Jeremy Long. All Rights Reserved.
* @author Jeremy Long (jeremy.long@gmail.com)
@author Jeremy Long (jeremy.long@gmail.com)
@version 1
*#
<?xml version="1.0"?>
<analysis>
*#<?xml version="1.0"?>
<analysis xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check">
<projectInfo>
<name>$esc.html($applicationName)</name>
<reportDate>$date</reportDate>
<credits>This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov</credits>
</projectInfo>
<dependencies>
#foreach($dependency in $dependencies)
@@ -38,6 +38,17 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
#if ($dependency.license)
<license>$esc.html($dependency.license)</license>
#end
#if ($dependency.getRelatedDependencies().size()>0)
<relatedDependencies>
#foreach($related in $dependency.getRelatedDependencies())
<relatedDependency>
<filePath>$esc.html($related.FilePath)</filePath>
<sha1>$esc.html($related.Sha1sum)</sha1>
<md5>$esc.html($related.Md5sum)</md5>
</relatedDependency>
#end
</relatedDependencies>
#end
#if ( $dependency.analysisExceptions.size() != 0 )
<analysisExceptions>
#foreach($ex in $dependency.analysisExceptions)
@@ -71,7 +82,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<evidence>
<source>$esc.html($evidence.getSource())</source>
<name>$esc.html($evidence.getName())</name>
<value>$esc.html($evidence.getValue())</value>
<value>$esc.html($evidence.getValue().trim())</value>
</evidence>
#end
</evidenceCollected>
@@ -110,7 +121,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
<reference>
<source>$esc.html($ref.source)</source>
<url>$esc.html($ref.url)</url>
<name>$ref.name</name>
<name>$esc.html($ref.name)</name>
</reference>
#end
</references>