mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
Merge branch 'Prakhash-Issues#665_implement'
This commit is contained in:
Jeremy Long
@@ -125,6 +125,28 @@ public class ReportGenerator {
|
||||
context.put("version", Settings.getString(Settings.KEYS.APPLICATION_VERSION, "Unknown"));
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs a new ReportGenerator.
|
||||
*
|
||||
* @param applicationName the application name being analyzed
|
||||
* @param applicationVersion the application version being analyzed
|
||||
* @param artifactID the application version being analyzed
|
||||
* @param applicationVersion the application version being analyzed
|
||||
* @param dependencies the list of dependencies
|
||||
* @param analyzers the list of analyzers used
|
||||
* @param properties the database properties (containing timestamps of the
|
||||
* NVD CVE data)
|
||||
*/
|
||||
|
||||
public ReportGenerator(String applicationName,String applicationVersion,String artifactID,String groupID, List<Dependency> dependencies, List<Analyzer> analyzers, DatabaseProperties properties) {
|
||||
|
||||
this(applicationName,dependencies,analyzers,properties);
|
||||
context.put("applicationVersion",applicationVersion);
|
||||
context.put("artifactID",artifactID);
|
||||
context.put("groupID",groupID);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Creates a new Velocity Engine.
|
||||
*
|
||||
|
||||
@@ -0,0 +1,203 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<xs:schema id="analysis"
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema"
|
||||
elementFormDefault="qualified"
|
||||
targetNamespace="https://jeremylong.github.io/DependencyCheck/dependency-check.1.5.xsd"
|
||||
xmlns:dc="https://jeremylong.github.io/DependencyCheck/dependency-check.1.5.xsd">
|
||||
|
||||
<xs:complexType name="scanInfo">
|
||||
<xs:sequence minOccurs="1" maxOccurs="1">
|
||||
<xs:element name="engineVersion" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="dataSource">
|
||||
<xs:complexType>
|
||||
<xs:sequence>
|
||||
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="timestamp" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:sequence>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
<xs:complexType name="projectInfo">
|
||||
<xs:sequence>
|
||||
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="groupID" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="artifactID" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="version" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="reportDate" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="credits" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
<xs:complexType name="identifier">
|
||||
<xs:sequence>
|
||||
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="url" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
</xs:sequence>
|
||||
<xs:attribute name="type" type="xs:string" use="required" />
|
||||
<xs:attribute name="confidence" type="xs:string" use="optional" />
|
||||
</xs:complexType>
|
||||
<xs:complexType name="relatedDependency">
|
||||
<xs:sequence>
|
||||
<xs:element name="filePath" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="sha1" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="md5" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="identifier" type="dc:identifier" />
|
||||
</xs:sequence>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
<xs:complexType name="exception">
|
||||
<xs:sequence>
|
||||
<xs:element name="message" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xs:element name="stackTrace" minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:complexType>
|
||||
<xs:sequence>
|
||||
<xs:element name="trace" minOccurs="0" maxOccurs="unbounded" />
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element name="innerException" minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:complexType>
|
||||
<xs:sequence>
|
||||
<xs:element name="message" minOccurs="0" maxOccurs="unbounded" />
|
||||
<xs:element name="stackTrace" minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:complexType>
|
||||
<xs:sequence>
|
||||
<xs:element name="trace" minOccurs="0" maxOccurs="unbounded" />
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
<xs:complexType name="evidence">
|
||||
<xs:sequence>
|
||||
<xs:element name="source" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="value" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
</xs:sequence>
|
||||
<xs:attribute name="type" type="xs:string" use="required" />
|
||||
<xs:attribute name="confidence" type="xs:string" use="required" />
|
||||
</xs:complexType>
|
||||
<xs:complexType name="reference">
|
||||
<xs:sequence>
|
||||
<xs:element name="source" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="url" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
<xs:complexType name="software">
|
||||
<xs:simpleContent>
|
||||
<xs:extension base="xs:string">
|
||||
<xs:attribute name="allPreviousVersion" type="xs:boolean" />
|
||||
</xs:extension>
|
||||
</xs:simpleContent>
|
||||
</xs:complexType>
|
||||
<xs:complexType name="vulnerability">
|
||||
<xs:sequence>
|
||||
<xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssScore" type="xs:decimal" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssAccessVector" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssAccessComplexity" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssAuthenticationr" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssConfidentialImpact" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssIntegrityImpact" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cvssAvailabilityImpact" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="severity" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="cwe" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="description" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="notes" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="references" minOccurs="0" maxOccurs="1">
|
||||
<xs:complexType>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="reference" type="dc:reference" />
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element name="vulnerableSoftware" minOccurs="0" maxOccurs="1">
|
||||
<xs:complexType>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="software" type="dc:software" />
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
<xs:complexType name="dependency">
|
||||
<xs:sequence>
|
||||
<xs:element name="fileName" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="filePath" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="md5" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="sha1" type="xs:string" minOccurs="1" maxOccurs="1" />
|
||||
<xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="license" type="xs:string" minOccurs="0" maxOccurs="1" />
|
||||
<xs:element name="relatedDependencies" minOccurs="0" maxOccurs="1">
|
||||
<xs:complexType>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="relatedDependency" type="dc:relatedDependency" />
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element name="analysisExceptions" minOccurs="0" maxOccurs="1">
|
||||
<xs:complexType>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="exception" type="dc:exception"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element name="evidenceCollected" minOccurs="0" maxOccurs="1">
|
||||
<xs:complexType>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="evidence" type="dc:evidence"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element name="identifiers" minOccurs="0" maxOccurs="1">
|
||||
<xs:complexType>
|
||||
<xs:sequence>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="identifier" type="dc:identifier" />
|
||||
</xs:sequence>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="suppressedIdentifier" type="dc:identifier"/>
|
||||
</xs:sequence>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
<xs:element name="vulnerabilities" minOccurs="0" maxOccurs="1">
|
||||
<xs:complexType>
|
||||
<xs:sequence>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="vulnerability" type="dc:vulnerability"/>
|
||||
</xs:sequence>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="suppressedVulnerability" type="dc:vulnerability"/>
|
||||
</xs:sequence>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:element name="analysis">
|
||||
<xs:complexType>
|
||||
<xs:sequence>
|
||||
<xs:element name="scanInfo" type="dc:scanInfo"/>
|
||||
<xs:element name="projectInfo" type="dc:projectInfo"/>
|
||||
<xs:element name="dependencies">
|
||||
<xs:complexType>
|
||||
<xs:sequence minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="dependency" type="dc:dependency"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
</xs:element>
|
||||
</xs:schema>
|
||||
@@ -19,7 +19,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
@version 1.2
|
||||
|
||||
*#<?xml version="1.0"?>
|
||||
<analysis xmlns="https://jeremylong.github.io/DependencyCheck/dependency-check.1.4.xsd">
|
||||
<analysis xmlns="https://jeremylong.github.io/DependencyCheck/dependency-check.1.5.xsd">
|
||||
<scanInfo>
|
||||
<engineVersion>$version</engineVersion>
|
||||
#foreach($prop in $properties.getMetaData().entrySet())
|
||||
@@ -31,6 +31,15 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
</scanInfo>
|
||||
<projectInfo>
|
||||
<name>$enc.xml($applicationName)</name>
|
||||
#if ($groupID)
|
||||
<groupID>$enc.xml($groupID)</groupID>
|
||||
#end
|
||||
#if ($artifactID)
|
||||
<artifactID>$enc.xml($artifactID)</artifactID>
|
||||
#end
|
||||
#if ($version)
|
||||
<version>$enc.xml($version)</version>
|
||||
#end
|
||||
<reportDate>$scanDateXML</reportDate>
|
||||
<credits>This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov</credits>
|
||||
</projectInfo>
|
||||
|
||||
@@ -146,14 +146,14 @@ public class ReportGeneratorIntegrationTest extends BaseDBTestCase {
|
||||
|
||||
CveDB cveDB = CveDB.getInstance();
|
||||
DatabaseProperties dbProp = cveDB.getDatabaseProperties();
|
||||
|
||||
ReportGenerator generator = new ReportGenerator("Test Report", engine.getDependencies(), engine.getAnalyzers(), dbProp);
|
||||
|
||||
ReportGenerator generator = new ReportGenerator("Test Report","1.4.7","dependency-check-core","org.owasp", engine.getDependencies(), engine.getAnalyzers(), dbProp);
|
||||
generator.generateReport(templateName, writeTo);
|
||||
cveDB.close();
|
||||
|
||||
engine.cleanup();
|
||||
|
||||
InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/dependency-check.1.4.xsd");
|
||||
InputStream xsdStream = ReportGenerator.class.getClassLoader().getResourceAsStream("schema/dependency-check.1.5.xsd");
|
||||
StreamSource xsdSource = new StreamSource(xsdStream);
|
||||
StreamSource xmlSource = new StreamSource(new File(writeTo));
|
||||
SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
|
||||
|
||||
@@ -1015,7 +1015,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
|
||||
getLog().debug("Unable to retrieve DB Properties", ex);
|
||||
}
|
||||
}
|
||||
final ReportGenerator r = new ReportGenerator(p.getName(), engine.getDependencies(), engine.getAnalyzers(), prop);
|
||||
final ReportGenerator r = new ReportGenerator(p.getName(),p.getVersion(),p.getArtifactId(),p.getGroupId(), engine.getDependencies(), engine.getAnalyzers(), prop);
|
||||
try {
|
||||
r.generateReports(outputDir.getAbsolutePath(), format);
|
||||
} catch (ReportException ex) {
|
||||
|
||||
Reference in New Issue
Block a user