github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-28 11:52:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

resolve merge conflict

Browse Source
This commit is contained in:
Jeremy Long
2017-12-29 05:46:48 -05:00
parent af303df965 b5e7a54d35
commit e8088c2bda
2 changed files with 29 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java
View File

@@ -429,19 +429,38 @@ public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|| identifier.getValue().startsWith("cpe:/a:oracle:opensso_enterprise:") || identifier.getValue().startsWith("cpe:/a:oracle:opensso_enterprise:")
|| identifier.getValue().startsWith("cpe:/a:sun:opensso_enterprise:") || identifier.getValue().startsWith("cpe:/a:sun:opensso_enterprise:")
|| identifier.getValue().startsWith("cpe:/a:sun:opensso:"))) { || identifier.getValue().startsWith("cpe:/a:sun:opensso:"))) {
final String newCpe = String.format("cpe:/a:sun:opensso_enterprise:%s", identifier.getValue().substring(22)); final String[] parts = identifier.getValue().split(":");
final String newCpe2 = String.format("cpe:/a:oracle:opensso_enterprise:%s", identifier.getValue().substring(22)); final int pos = parts[0].length() + parts[1].length() + parts[2].length() + parts[3].length() + 4;
final String newCpe3 = String.format("cpe:/a:sun:opensso:%s", identifier.getValue().substring(22)); final String newCpe = String.format("cpe:/a:sun:opensso_enterprise:%s", identifier.getValue().substring(pos));
final String newCpe4 = String.format("cpe:/a:oracle:opensso:%s", identifier.getValue().substring(22)); final String newCpe2 = String.format("cpe:/a:oracle:opensso_enterprise:%s", identifier.getValue().substring(pos));
final String newCpe3 = String.format("cpe:/a:sun:opensso:%s", identifier.getValue().substring(pos));
final String newCpe4 = String.format("cpe:/a:oracle:opensso:%s", identifier.getValue().substring(pos));
try { try {
dependency.addIdentifier("cpe", newCpe, dependency.addIdentifier("cpe", newCpe,
String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe, "UTF-8"))); String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe, "UTF-8")),
identifier.getConfidence());
dependency.addIdentifier("cpe", newCpe2, dependency.addIdentifier("cpe", newCpe2,
String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe2, "UTF-8"))); String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe2, "UTF-8")),
identifier.getConfidence());
dependency.addIdentifier("cpe", newCpe3, dependency.addIdentifier("cpe", newCpe3,
String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe3, "UTF-8"))); String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe3, "UTF-8")),
identifier.getConfidence());
dependency.addIdentifier("cpe", newCpe4, dependency.addIdentifier("cpe", newCpe4,
String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe4, "UTF-8"))); String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe4, "UTF-8")),
identifier.getConfidence());
} catch (UnsupportedEncodingException ex) {
LOGGER.debug("", ex);
}
}
if ("cpe".equals(identifier.getType()) && identifier.getValue() != null
&& identifier.getValue().startsWith("cpe:/a:apache:santuario_xml_security_for_java:")) {
final String[] parts = identifier.getValue().split(":");
final int pos = parts[0].length() + parts[1].length() + parts[2].length() + parts[3].length() + 4;
final String newCpe = String.format("cpe:/a:apache:xml_security_for_java:%s", identifier.getValue().substring(pos));
try {
dependency.addIdentifier("cpe", newCpe,
String.format(CPEAnalyzer.NVD_SEARCH_URL, URLEncoder.encode(newCpe, "UTF-8")),
identifier.getConfidence());
} catch (UnsupportedEncodingException ex) { } catch (UnsupportedEncodingException ex) {
LOGGER.debug("", ex); LOGGER.debug("", ex);
} }

2
dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
View File

@@ -66,6 +66,7 @@
10. ldap_project is part of type3 written in php 10. ldap_project is part of type3 written in php
11. user import project is used in drupal (i.e. php) 11. user import project is used in drupal (i.e. php)
12. root is a c++ project https://github.com/root-project/root/ 12. root is a c++ project https://github.com/root-project/root/
13. xml_sec is a C library for XML security
]]></notes> ]]></notes>
<filePath regex="true">.*(\.(dll|jar|ear|war|pom|nupkg|nuspec)|pom\.xml|package.json)$</filePath> <filePath regex="true">.*(\.(dll|jar|ear|war|pom|nupkg|nuspec)|pom\.xml|package.json)$</filePath>
<cpe>cpe:/a:sandbox:sandbox</cpe> <cpe>cpe:/a:sandbox:sandbox</cpe>
@@ -83,6 +84,7 @@
<cpe>cpe:/a:ldap_project:ldap</cpe> <cpe>cpe:/a:ldap_project:ldap</cpe>
<cpe>cpe:/a:user_import_project:user_import</cpe> <cpe>cpe:/a:user_import_project:user_import</cpe>
<cpe>cpe:/a:root:root</cpe> <cpe>cpe:/a:root:root</cpe>
<cpe>cpe:/a:xmlsec_project:xmlsec</cpe>
</suppress> </suppress>
<suppress base="true"> <suppress base="true">
<notes><![CDATA[ <notes><![CDATA[