mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-29 05:12:14 +02:00
change in namespace as this is now an OWASP project
Former-commit-id: dc00f98a142bef2560d90f3b851844f352fbf262
This commit is contained in:
Jeremy Long
14
pom.xml
14
pom.xml
@@ -20,7 +20,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses />.
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<groupId>org.codesecure</groupId>
|
||||
<groupId>org.owasp.dependency-check</groupId>
|
||||
<artifactId>dependency-check</artifactId>
|
||||
<version>0.2.6.0</version>
|
||||
<packaging>jar</packaging>
|
||||
@@ -30,15 +30,15 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses />.
|
||||
<description>DependencyCheck is a utility that attempts to detect publically disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.</description>
|
||||
<inceptionYear>2012</inceptionYear>
|
||||
<organization>
|
||||
<name>Jeremy Long</name>
|
||||
<name>owasp</name>
|
||||
</organization>
|
||||
|
||||
<developers>
|
||||
<developer>
|
||||
<name>Jeremy Long</name>
|
||||
<email>jeremy.long@gmail.com</email>
|
||||
<organization>Codesecure</organization>
|
||||
<organizationUrl>http://codesecure.blogspot.com</organizationUrl>
|
||||
<organization>owasp</organization>
|
||||
<organizationUrl>https://www.owasp.org/index.php/OWASP_Dependency_Check</organizationUrl>
|
||||
<roles>
|
||||
<role>architect</role>
|
||||
<role>developer</role>
|
||||
@@ -137,7 +137,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses />.
|
||||
<configuration>
|
||||
<archive>
|
||||
<manifest>
|
||||
<mainClass>org.codesecure.dependencycheck.App</mainClass>
|
||||
<mainClass>org.owasp.dependencycheck.App</mainClass>
|
||||
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
|
||||
<addClasspath>true</addClasspath>
|
||||
<classpathPrefix>lib/</classpathPrefix>
|
||||
@@ -179,12 +179,12 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses />.
|
||||
<lineRate>0</lineRate>
|
||||
</regex>
|
||||
<regex>
|
||||
<pattern>org.codesecure.dependencycheck.data.cpe.Fields</pattern>
|
||||
<pattern>org.owasp.dependencycheck.data.cpe.Fields</pattern>
|
||||
<branchRate>0</branchRate>
|
||||
<lineRate>0</lineRate>
|
||||
</regex>
|
||||
<regex>
|
||||
<pattern>org.codesecure.dependencycheck.App</pattern>
|
||||
<pattern>org.owasp.dependencycheck.App</pattern>
|
||||
<branchRate>0</branchRate>
|
||||
<lineRate>0</lineRate>
|
||||
</regex>
|
||||
|
||||
@@ -6,10 +6,10 @@
|
||||
|
||||
<suppressions>
|
||||
<suppress checks=".*" files=".*[\\/]package-info\.java" />
|
||||
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]Filter.java" />
|
||||
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]Checksum.java" />
|
||||
<suppress checks=".*" files=".*org[\\/]owasp[\\/]dependencycheck[\\/]utils[\\/]Filter.java" />
|
||||
<suppress checks=".*" files=".*org[\\/]owasp[\\/]dependencycheck[\\/]utils[\\/]Checksum.java" />
|
||||
<suppress checks=".*" files=".*[\\/]generated[\\/].*.java" />
|
||||
<suppress checks="MagicNumberCheck"
|
||||
files="org[\\/]codesecure[\\/]dependencycheck[\\/]data[\\/]cpe/Entry.java"
|
||||
files="org[\\/]owasp[\\/]dependencycheck[\\/]data[\\/]cpe/Entry.java"
|
||||
lines="376"/>
|
||||
</suppressions>
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck;
|
||||
package org.owasp.dependencycheck;
|
||||
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
@@ -26,9 +26,9 @@ import java.util.logging.Level;
|
||||
import java.util.logging.LogManager;
|
||||
import java.util.logging.Logger;
|
||||
import org.apache.commons.cli.ParseException;
|
||||
import org.codesecure.dependencycheck.reporting.ReportGenerator;
|
||||
import org.codesecure.dependencycheck.dependency.Dependency;
|
||||
import org.codesecure.dependencycheck.utils.CliParser;
|
||||
import org.owasp.dependencycheck.reporting.ReportGenerator;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.utils.CliParser;
|
||||
|
||||
/*
|
||||
* This file is part of App.
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck;
|
||||
package org.owasp.dependencycheck;
|
||||
|
||||
import java.util.EnumMap;
|
||||
import java.io.File;
|
||||
@@ -27,15 +27,15 @@ import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalysisException;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
|
||||
import org.codesecure.dependencycheck.analyzer.Analyzer;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalyzerService;
|
||||
import org.codesecure.dependencycheck.data.CachedWebDataSource;
|
||||
import org.codesecure.dependencycheck.data.UpdateException;
|
||||
import org.codesecure.dependencycheck.data.UpdateService;
|
||||
import org.codesecure.dependencycheck.dependency.Dependency;
|
||||
import org.codesecure.dependencycheck.utils.FileUtils;
|
||||
import org.owasp.dependencycheck.analyzer.AnalysisException;
|
||||
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
|
||||
import org.owasp.dependencycheck.analyzer.Analyzer;
|
||||
import org.owasp.dependencycheck.analyzer.AnalyzerService;
|
||||
import org.owasp.dependencycheck.data.CachedWebDataSource;
|
||||
import org.owasp.dependencycheck.data.UpdateException;
|
||||
import org.owasp.dependencycheck.data.UpdateService;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.utils.FileUtils;
|
||||
|
||||
/**
|
||||
* Scans files, directories, etc. for Dependencies. Analyzers are loaded and
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.analyzer;
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.analyzer;
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
/**
|
||||
* An exception thrown when the analysis of a dependency fails.
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.analyzer;
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
/**
|
||||
* An enumeration defining the phases of analysis.
|
||||
@@ -16,11 +16,11 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.analyzer;
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.util.Set;
|
||||
import org.codesecure.dependencycheck.Engine;
|
||||
import org.codesecure.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
|
||||
/**
|
||||
* An interface that defines an Analyzer that is used to identify Dependencies.
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.analyzer;
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.ServiceLoader;
|
||||
@@ -16,12 +16,12 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.analyzer;
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import org.codesecure.dependencycheck.dependency.Dependency;
|
||||
import org.codesecure.dependencycheck.dependency.Evidence;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Evidence;
|
||||
import java.util.Set;
|
||||
import org.codesecure.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -16,17 +16,17 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.analyzer;
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import org.codesecure.dependencycheck.Engine;
|
||||
import org.codesecure.dependencycheck.dependency.Dependency;
|
||||
import org.codesecure.dependencycheck.dependency.Evidence;
|
||||
import org.codesecure.dependencycheck.dependency.EvidenceCollection;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Evidence;
|
||||
import org.owasp.dependencycheck.dependency.EvidenceCollection;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStreamReader;
|
||||
import java.io.Reader;
|
||||
@@ -43,10 +43,10 @@ import java.util.zip.ZipInputStream;
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBElement;
|
||||
import javax.xml.bind.Unmarshaller;
|
||||
import org.codesecure.dependencycheck.analyzer.pom.generated.License;
|
||||
import org.codesecure.dependencycheck.analyzer.pom.generated.Model;
|
||||
import org.codesecure.dependencycheck.analyzer.pom.generated.Organization;
|
||||
import org.codesecure.dependencycheck.utils.NonClosingStream;
|
||||
import org.owasp.dependencycheck.analyzer.pom.generated.License;
|
||||
import org.owasp.dependencycheck.analyzer.pom.generated.Model;
|
||||
import org.owasp.dependencycheck.analyzer.pom.generated.Organization;
|
||||
import org.owasp.dependencycheck.utils.NonClosingStream;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -125,7 +125,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
*/
|
||||
public JarAnalyzer() {
|
||||
try {
|
||||
JAXBContext jaxbContext = JAXBContext.newInstance("org.codesecure.dependencycheck.analyzer.pom.generated");
|
||||
JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.analyzer.pom.generated");
|
||||
pomUnmarshaller = jaxbContext.createUnmarshaller();
|
||||
} catch (JAXBException ex) { //guess we will just have a null pointer exception later...
|
||||
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
|
||||
@@ -220,7 +220,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
if (pom == null) {
|
||||
NonClosingStream stream = new NonClosingStream(zin);
|
||||
JAXBElement obj = (JAXBElement) pomUnmarshaller.unmarshal(stream);
|
||||
pom = (org.codesecure.dependencycheck.analyzer.pom.generated.Model) obj.getValue();
|
||||
pom = (org.owasp.dependencycheck.analyzer.pom.generated.Model) obj.getValue();
|
||||
zin.closeEntry();
|
||||
} else {
|
||||
throw new AnalysisException("JAR file contains multiple pom.xml files - unable to process POM");
|
||||
@@ -0,0 +1,126 @@
|
||||
/*
|
||||
* This file is part of DependencyCheck.
|
||||
*
|
||||
* DependencyCheck is free software: you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the Free
|
||||
* Software Foundation, either version 3 of the License, or (at your option) any
|
||||
* later version.
|
||||
*
|
||||
* DependencyCheck is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
* details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with
|
||||
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import java.util.Set;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
*
|
||||
* Used to load a JAR file and collect information that can be used to determine
|
||||
* the associated CPE.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
*/
|
||||
public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
|
||||
/**
|
||||
* The system independent newline character.
|
||||
*/
|
||||
private static final String NEWLINE = System.getProperty("line.separator");
|
||||
/**
|
||||
* The name of the analyzer.
|
||||
*/
|
||||
private static final String ANALYZER_NAME = "JavaScript Analyzer";
|
||||
/**
|
||||
* The phase that this analyzer is intended to run in.
|
||||
*/
|
||||
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
|
||||
/**
|
||||
* The set of file extensions supported by this analyzer.
|
||||
*/
|
||||
private static final Set<String> EXTENSIONS = newHashSet("js");
|
||||
|
||||
/**
|
||||
* Returns a list of file EXTENSIONS supported by this analyzer.
|
||||
*
|
||||
* @return a list of file EXTENSIONS supported by this analyzer.
|
||||
*/
|
||||
public Set<String> getSupportedExtensions() {
|
||||
return EXTENSIONS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the name of the analyzer.
|
||||
*
|
||||
* @return the name of the analyzer.
|
||||
*/
|
||||
public String getName() {
|
||||
return ANALYZER_NAME;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether or not this analyzer can process the given extension.
|
||||
*
|
||||
* @param extension the file extension to test for support.
|
||||
* @return whether or not the specified file extension is supported by this
|
||||
* analyzer.
|
||||
*/
|
||||
public boolean supportsExtension(String extension) {
|
||||
return EXTENSIONS.contains(extension);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the phase that the analyzer is intended to run in.
|
||||
*
|
||||
* @return the phase that the analyzer is intended to run in.
|
||||
*/
|
||||
public AnalysisPhase getAnalysisPhase() {
|
||||
return ANALYSIS_PHASE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads a specified JAR file and collects information from the manifest and
|
||||
* checksums to identify the correct CPE information.
|
||||
*
|
||||
* @param dependency the dependency to analyze.
|
||||
* @param engine the engine that is scanning the dependencies
|
||||
* @throws AnalysisException is thrown if there is an error reading the JAR
|
||||
* file.
|
||||
*/
|
||||
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
|
||||
Pattern extractComments = Pattern.compile("(/\\*([^*]|[\\r\\n]|(\\*+([^*/]|[\\r\\n])))*\\*+/)|(//.*)");
|
||||
|
||||
}
|
||||
|
||||
private void addLicense(Dependency d, String license) {
|
||||
if (d.getLicense() == null) {
|
||||
d.setLicense(license);
|
||||
} else if (!d.getLicense().contains(license)) {
|
||||
d.setLicense(d.getLicense() + NEWLINE + license);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The initialize method does nothing for this Analyzer
|
||||
*/
|
||||
public void initialize() {
|
||||
//do nothing
|
||||
}
|
||||
|
||||
/**
|
||||
* The close method does nothing for this Analyzer
|
||||
*/
|
||||
public void close() {
|
||||
//do nothing
|
||||
}
|
||||
|
||||
}
|
||||
@@ -16,14 +16,14 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.analyzer;
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import org.codesecure.dependencycheck.Engine;
|
||||
import org.codesecure.dependencycheck.dependency.Dependency;
|
||||
import org.codesecure.dependencycheck.dependency.Identifier;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Identifier;
|
||||
|
||||
/**
|
||||
* This analyzer ensures that the Spring Framework Core CPE identifiers are only associated
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck.scanner</title>
|
||||
* <title>org.owasp.dependencycheck.scanner</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* The scanner package contains the utilities to scan files and directories for
|
||||
@@ -12,4 +12,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer;
|
||||
package org.owasp.dependencycheck.analyzer;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.xml.bind.JAXBElement;
|
||||
import javax.xml.bind.annotation.XmlElementDecl;
|
||||
@@ -17,7 +17,7 @@ import javax.xml.namespace.QName;
|
||||
/**
|
||||
* This object contains factory methods for each
|
||||
* Java content interface and Java element interface
|
||||
* generated in the org.codesecure.dependencycheck.analyzer.pom.generated package.
|
||||
* generated in the org.owasp.dependencycheck.analyzer.pom.generated package.
|
||||
* <p>An ObjectFactory allows you to programmatically
|
||||
* construct new instances of the Java representation
|
||||
* for XML content. The Java representation of XML
|
||||
@@ -34,7 +34,7 @@ public class ObjectFactory {
|
||||
private final static QName _Project_QNAME = new QName("http://maven.apache.org/POM/4.0.0", "project");
|
||||
|
||||
/**
|
||||
* Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.codesecure.dependencycheck.analyzer.pom.generated
|
||||
* Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.owasp.dependencycheck.analyzer.pom.generated
|
||||
*
|
||||
*/
|
||||
public ObjectFactory() {
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,7 +6,7 @@
|
||||
//
|
||||
|
||||
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
|
||||
import javax.annotation.Generated;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
@@ -6,4 +6,4 @@
|
||||
//
|
||||
|
||||
@javax.xml.bind.annotation.XmlSchema(namespace = "http://maven.apache.org/POM/4.0.0", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
|
||||
package org.codesecure.dependencycheck.analyzer.pom.generated;
|
||||
package org.owasp.dependencycheck.analyzer.pom.generated;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data;
|
||||
package org.owasp.dependencycheck.data;
|
||||
|
||||
/**
|
||||
* Defines an Index who's data is retrieved from the Internet. This data can be
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data;
|
||||
package org.owasp.dependencycheck.data;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data;
|
||||
package org.owasp.dependencycheck.data;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.ServiceLoader;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.cpe;
|
||||
package org.owasp.dependencycheck.data.cpe;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URLEncoder;
|
||||
@@ -29,14 +29,14 @@ import org.apache.lucene.index.CorruptIndexException;
|
||||
import org.apache.lucene.queryparser.classic.ParseException;
|
||||
import org.apache.lucene.search.ScoreDoc;
|
||||
import org.apache.lucene.search.TopDocs;
|
||||
import org.codesecure.dependencycheck.Engine;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalysisException;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
|
||||
import org.codesecure.dependencycheck.data.lucene.LuceneUtils;
|
||||
import org.codesecure.dependencycheck.dependency.Dependency;
|
||||
import org.codesecure.dependencycheck.dependency.Evidence;
|
||||
import org.codesecure.dependencycheck.dependency.Evidence.Confidence;
|
||||
import org.codesecure.dependencycheck.dependency.EvidenceCollection;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.analyzer.AnalysisException;
|
||||
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
|
||||
import org.owasp.dependencycheck.data.lucene.LuceneUtils;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Evidence;
|
||||
import org.owasp.dependencycheck.dependency.Evidence.Confidence;
|
||||
import org.owasp.dependencycheck.dependency.EvidenceCollection;
|
||||
|
||||
/**
|
||||
* CPEAnalyzer is a utility class that takes a project dependency and attempts
|
||||
@@ -45,7 +45,7 @@ import org.codesecure.dependencycheck.dependency.EvidenceCollection;
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
*/
|
||||
public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Analyzer {
|
||||
public class CPEAnalyzer implements org.owasp.dependencycheck.analyzer.Analyzer {
|
||||
|
||||
/**
|
||||
* The maximum number of query results to return.
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.cpe;
|
||||
package org.owasp.dependencycheck.data.cpe;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.cpe;
|
||||
package org.owasp.dependencycheck.data.cpe;
|
||||
|
||||
/**
|
||||
* Fields is a collection of field names used within the Lucene index for CPE
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.cpe;
|
||||
package org.owasp.dependencycheck.data.cpe;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
@@ -36,12 +36,12 @@ import org.apache.lucene.queryparser.classic.QueryParser;
|
||||
import org.apache.lucene.store.Directory;
|
||||
import org.apache.lucene.store.FSDirectory;
|
||||
import org.apache.lucene.util.Version;
|
||||
import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
|
||||
import org.codesecure.dependencycheck.utils.Settings;
|
||||
import org.codesecure.dependencycheck.data.lucene.FieldAnalyzer;
|
||||
import org.codesecure.dependencycheck.data.lucene.SearchFieldAnalyzer;
|
||||
import org.codesecure.dependencycheck.data.lucene.SearchVersionAnalyzer;
|
||||
import org.codesecure.dependencycheck.data.lucene.VersionAnalyzer;
|
||||
import org.owasp.dependencycheck.data.lucene.AbstractIndex;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
import org.owasp.dependencycheck.data.lucene.FieldAnalyzer;
|
||||
import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer;
|
||||
import org.owasp.dependencycheck.data.lucene.SearchVersionAnalyzer;
|
||||
import org.owasp.dependencycheck.data.lucene.VersionAnalyzer;
|
||||
|
||||
/**
|
||||
* The Index class is used to utilize and maintain the CPE Index.
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck.data.cpe</title>
|
||||
* <title>org.owasp.dependencycheck.data.cpe</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* Contains classes for working with the CPE Lucene Index.
|
||||
@@ -9,4 +9,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck.data.cpe;
|
||||
package org.owasp.dependencycheck.data.cpe;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.cwe;
|
||||
package org.owasp.dependencycheck.data.cwe;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.cwe;
|
||||
package org.owasp.dependencycheck.data.cwe;
|
||||
|
||||
import java.util.HashMap;
|
||||
import org.xml.sax.Attributes;
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck.data.cwe</title>
|
||||
* <title>org.owasp.dependencycheck.data.cwe</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* Contains classes for working with the CWE Database.
|
||||
@@ -9,4 +9,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck.data.cwe;
|
||||
package org.owasp.dependencycheck.data.cwe;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.logging.Level;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
|
||||
import org.apache.lucene.search.similarities.DefaultSimilarity;
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
|
||||
import java.io.Reader;
|
||||
import org.apache.lucene.analysis.Analyzer;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
|
||||
/**
|
||||
* <p>Lucene utils is a set of utilize written to make constructing Lucene
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
|
||||
import java.io.Reader;
|
||||
import org.apache.lucene.analysis.Analyzer;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
|
||||
import java.io.Reader;
|
||||
import org.apache.lucene.analysis.Analyzer;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.LinkedList;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
|
||||
import java.io.Reader;
|
||||
import org.apache.lucene.analysis.Analyzer;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.LinkedList;
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck.data.lucene</title>
|
||||
* <title>org.owasp.dependencycheck.data.lucene</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* Contains classes used to work with the Lucene Indexes.
|
||||
@@ -9,4 +9,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck.data.lucene;
|
||||
package org.owasp.dependencycheck.data.lucene;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.nvdcve;
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
|
||||
/**
|
||||
* An exception used to indicate the db4o database is corrupt.
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.nvdcve;
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
@@ -32,12 +32,12 @@ import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.codesecure.dependencycheck.data.cpe.Entry;
|
||||
import org.codesecure.dependencycheck.data.cwe.CweDB;
|
||||
import org.codesecure.dependencycheck.dependency.Reference;
|
||||
import org.codesecure.dependencycheck.dependency.Vulnerability;
|
||||
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.codesecure.dependencycheck.utils.Settings;
|
||||
import org.owasp.dependencycheck.data.cpe.Entry;
|
||||
import org.owasp.dependencycheck.data.cwe.CweDB;
|
||||
import org.owasp.dependencycheck.dependency.Reference;
|
||||
import org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
* The database holding information about the NVD CVE data.
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.nvdcve;
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
|
||||
/**
|
||||
* An exception thrown if an operation against the database fails.
|
||||
@@ -16,18 +16,18 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.nvdcve;
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.sql.SQLException;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import org.codesecure.dependencycheck.Engine;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalysisException;
|
||||
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
|
||||
import org.codesecure.dependencycheck.dependency.Dependency;
|
||||
import org.codesecure.dependencycheck.dependency.Vulnerability;
|
||||
import org.codesecure.dependencycheck.dependency.Identifier;
|
||||
import org.owasp.dependencycheck.Engine;
|
||||
import org.owasp.dependencycheck.analyzer.AnalysisException;
|
||||
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
import org.owasp.dependencycheck.dependency.Identifier;
|
||||
|
||||
/**
|
||||
* NvdCveAnalyzer is a utility class that takes a project dependency and
|
||||
@@ -36,7 +36,7 @@ import org.codesecure.dependencycheck.dependency.Identifier;
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
*/
|
||||
public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.Analyzer {
|
||||
public class NvdCveAnalyzer implements org.owasp.dependencycheck.analyzer.Analyzer {
|
||||
|
||||
/**
|
||||
* The maximum number of query results to return.
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck.data.nvdcve</title>
|
||||
* <title>org.owasp.dependencycheck.data.nvdcve</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* Contains classes used to work with the NVD CVE data.
|
||||
@@ -9,4 +9,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck.data.nvdcve;
|
||||
package org.owasp.dependencycheck.data.nvdcve;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.nvdcve.xml;
|
||||
package org.owasp.dependencycheck.data.nvdcve.xml;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
@@ -27,7 +27,7 @@ import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.io.OutputStreamWriter;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import org.codesecure.dependencycheck.data.CachedWebDataSource;
|
||||
import org.owasp.dependencycheck.data.CachedWebDataSource;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
import java.sql.SQLException;
|
||||
@@ -40,17 +40,17 @@ import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import javax.xml.parsers.SAXParser;
|
||||
import javax.xml.parsers.SAXParserFactory;
|
||||
import org.codesecure.dependencycheck.data.UpdateException;
|
||||
import org.codesecure.dependencycheck.data.cpe.Index;
|
||||
import org.codesecure.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.codesecure.dependencycheck.utils.DownloadFailedException;
|
||||
import org.codesecure.dependencycheck.utils.Downloader;
|
||||
import org.codesecure.dependencycheck.utils.FileUtils;
|
||||
import org.codesecure.dependencycheck.utils.InvalidSettingException;
|
||||
import org.codesecure.dependencycheck.utils.Settings;
|
||||
import org.owasp.dependencycheck.data.UpdateException;
|
||||
import org.owasp.dependencycheck.data.cpe.Index;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.owasp.dependencycheck.utils.DownloadFailedException;
|
||||
import org.owasp.dependencycheck.utils.Downloader;
|
||||
import org.owasp.dependencycheck.utils.FileUtils;
|
||||
import org.owasp.dependencycheck.utils.InvalidSettingException;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
import org.xml.sax.SAXException;
|
||||
import org.codesecure.dependencycheck.data.nvdcve.DatabaseException;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -321,7 +321,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
|
||||
FileUtils.delete(f);
|
||||
|
||||
//this importer also updates the CPE index and it is also using an old version
|
||||
org.codesecure.dependencycheck.data.cpe.Index cpeid = new org.codesecure.dependencycheck.data.cpe.Index();
|
||||
org.owasp.dependencycheck.data.cpe.Index cpeid = new org.owasp.dependencycheck.data.cpe.Index();
|
||||
File cpeDir = cpeid.getDataDirectory();
|
||||
FileUtils.delete(cpeDir);
|
||||
return currentlyPublished;
|
||||
@@ -16,13 +16,13 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.nvdcve.xml;
|
||||
package org.owasp.dependencycheck.data.nvdcve.xml;
|
||||
|
||||
/**
|
||||
* An InvalidDataDataException is a generic exception used when trying to load
|
||||
* the nvd cve meta data.
|
||||
*
|
||||
* @author Jeremy
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
*/
|
||||
public class InvalidDataException extends Exception {
|
||||
private static final long serialVersionUID = 1L;
|
||||
@@ -16,13 +16,13 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.nvdcve.xml;
|
||||
package org.owasp.dependencycheck.data.nvdcve.xml;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.xml.sax.Attributes;
|
||||
import org.xml.sax.SAXException;
|
||||
import org.xml.sax.SAXNotSupportedException;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.data.nvdcve.xml;
|
||||
package org.owasp.dependencycheck.data.nvdcve.xml;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
@@ -24,12 +24,12 @@ import java.util.Map;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.apache.lucene.index.CorruptIndexException;
|
||||
import org.codesecure.dependencycheck.data.cpe.Index;
|
||||
import org.codesecure.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.codesecure.dependencycheck.data.nvdcve.DatabaseException;
|
||||
import org.codesecure.dependencycheck.dependency.Reference;
|
||||
import org.codesecure.dependencycheck.dependency.Vulnerability;
|
||||
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.owasp.dependencycheck.data.cpe.Index;
|
||||
import org.owasp.dependencycheck.data.nvdcve.CveDB;
|
||||
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||
import org.owasp.dependencycheck.dependency.Reference;
|
||||
import org.owasp.dependencycheck.dependency.Vulnerability;
|
||||
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
|
||||
import org.xml.sax.Attributes;
|
||||
import org.xml.sax.SAXException;
|
||||
import org.xml.sax.SAXNotSupportedException;
|
||||
@@ -191,7 +191,7 @@ public class NvdCve20Handler extends DefaultHandler {
|
||||
|
||||
/**
|
||||
* Saves a vulnerability to the CVE Database. This is a callback method
|
||||
* called by the Sax Parser Handler {@link org.codesecure.dependencycheck.data.nvdcve.xml.NvdCve20Handler}.
|
||||
* called by the Sax Parser Handler {@link org.owasp.dependencycheck.data.nvdcve.xml.NvdCve20Handler}.
|
||||
*
|
||||
* @param vuln the vulnerability to store in the database
|
||||
* @throws DatabaseException thrown if there is an error writing to the database
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck.data.nvdcve.xml</title>
|
||||
* <title>org.owasp.dependencycheck.data.nvdcve.xml</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* <p>Contains classes used to parse the NVD CVE XML file.</p>
|
||||
@@ -15,4 +15,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck.data.nvdcve.xml;
|
||||
package org.owasp.dependencycheck.data.nvdcve.xml;
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck.data</title>
|
||||
* <title>org.owasp.dependencycheck.data</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* Contains classes used to work with the data sources.
|
||||
@@ -9,4 +9,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck.data;
|
||||
package org.owasp.dependencycheck.data;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.dependency;
|
||||
package org.owasp.dependencycheck.dependency;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
@@ -28,8 +28,8 @@ import java.util.SortedSet;
|
||||
import java.util.TreeSet;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.codesecure.dependencycheck.utils.Checksum;
|
||||
import org.codesecure.dependencycheck.utils.FileUtils;
|
||||
import org.owasp.dependencycheck.utils.Checksum;
|
||||
import org.owasp.dependencycheck.utils.FileUtils;
|
||||
|
||||
/**
|
||||
* A program dependency. This object is one of the core components within
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.dependency;
|
||||
package org.owasp.dependencycheck.dependency;
|
||||
|
||||
/**
|
||||
* Evidence is a piece of information about a Dependency.
|
||||
@@ -16,12 +16,12 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.dependency;
|
||||
package org.owasp.dependencycheck.dependency;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
import org.codesecure.dependencycheck.utils.Filter;
|
||||
import org.owasp.dependencycheck.utils.Filter;
|
||||
|
||||
/**
|
||||
* Used to maintain a collection of Evidence.
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.dependency;
|
||||
package org.owasp.dependencycheck.dependency;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.dependency;
|
||||
package org.owasp.dependencycheck.dependency;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
@@ -24,7 +24,7 @@ import java.io.Serializable;
|
||||
* An external reference for a vulnerability. This contains a name, URL, and a
|
||||
* source.
|
||||
*
|
||||
* @author Jeremy
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
*/
|
||||
public class Reference implements Serializable {
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.dependency;
|
||||
package org.owasp.dependencycheck.dependency;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.HashSet;
|
||||
@@ -25,7 +25,7 @@ import java.util.Set;
|
||||
/**
|
||||
* Contains the information about a vulnerability.
|
||||
*
|
||||
* @author Jeremy
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
*/
|
||||
public class Vulnerability implements Serializable, Comparable<Vulnerability> {
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.dependency;
|
||||
package org.owasp.dependencycheck.dependency;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Comparator;
|
||||
@@ -16,13 +16,13 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.dependency;
|
||||
package org.owasp.dependencycheck.dependency;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import org.codesecure.dependencycheck.data.cpe.Entry;
|
||||
import org.owasp.dependencycheck.data.cpe.Entry;
|
||||
|
||||
/**
|
||||
* A record containing information about vulnerable software. This
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck.dependency</title>
|
||||
* <title>org.owasp.dependencycheck.dependency</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* Contains the core Dependency implementation.
|
||||
@@ -9,4 +9,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck.dependency;
|
||||
package org.owasp.dependencycheck.dependency;
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck</title>
|
||||
* <title>org.owasp.dependencycheck</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* Includes the main entry point for the DependencyChecker.
|
||||
@@ -9,4 +9,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck;
|
||||
package org.owasp.dependencycheck;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.reporting;
|
||||
package org.owasp.dependencycheck.reporting;
|
||||
|
||||
import java.io.FileInputStream;
|
||||
import java.io.File;
|
||||
@@ -36,8 +36,8 @@ import org.apache.velocity.runtime.RuntimeConstants;
|
||||
import org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader;
|
||||
import org.apache.velocity.tools.ToolManager;
|
||||
import org.apache.velocity.tools.config.EasyFactoryConfiguration;
|
||||
import org.codesecure.dependencycheck.analyzer.Analyzer;
|
||||
import org.codesecure.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.analyzer.Analyzer;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
|
||||
/**
|
||||
* The ReportGenerator is used to, as the name implies, generate reports. Internally
|
||||
@@ -114,7 +114,7 @@ public class ReportGenerator {
|
||||
generateReport("XmlReport", outputDir + File.separator + "DependencyCheck-Report.xml");
|
||||
} else {
|
||||
generateReport("HtmlReport", outputDir + File.separator + "DependencyCheck-Report.html");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* <html>
|
||||
* <head>
|
||||
* <title>org.codesecure.dependencycheck.reporting</title>
|
||||
* <title>org.owasp.dependencycheck.reporting</title>
|
||||
* </head>
|
||||
* <body>
|
||||
* Contains classes used to generate reports.
|
||||
@@ -9,4 +9,4 @@
|
||||
* </html>
|
||||
*/
|
||||
|
||||
package org.codesecure.dependencycheck.reporting;
|
||||
package org.owasp.dependencycheck.reporting;
|
||||
@@ -1,4 +1,4 @@
|
||||
package org.codesecure.dependencycheck.utils;
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.utils;
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileNotFoundException;
|
||||
@@ -107,8 +107,9 @@ public final class CliParser {
|
||||
}
|
||||
if (line.hasOption(ArgumentName.OUTPUT_FORMAT)) {
|
||||
String format = line.getOptionValue(ArgumentName.OUTPUT_FORMAT);
|
||||
if (!(format.equalsIgnoreCase("XML") || format.equalsIgnoreCase("HTML")))
|
||||
if (!(format.equalsIgnoreCase("XML") || format.equalsIgnoreCase("HTML"))) {
|
||||
throw new ParseException("Supported output formats are XML and HTML");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.utils;
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
*
|
||||
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
*/
|
||||
package org.codesecure.dependencycheck.utils;
|
||||
package org.owasp.dependencycheck.utils;
|
||||
|
||||
import java.io.BufferedOutputStream;
|
||||
import java.io.File;
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user