Merge pull request #734 from jeremylong/updateJsonReport

Update json report
2026-03-22 00:59:34 +01:00 · 2017-05-20 06:06:39 -04:00
parent b6a7d0ee9b ea93f315d5
commit f584be7f44
3 changed files with 169 additions and 185 deletions
--- a/dependency-check-core/src/main/resources/templates/JsonReport.vsl
+++ b/dependency-check-core/src/main/resources/templates/JsonReport.vsl
@@ -1,6 +1,5 @@
 {
    "reportSchema": "1.0",
    "analysis": {
    "scanInfo": {
        "engineVersion": "$version",
        "dataSource": [
@@ -110,8 +109,7 @@
            ]
            #if($dependency.getVulnerabilities().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0)
            ,"vulnerabilities": [
-                    #foreach($vuln in $dependency.getVulnerabilities())
+            #foreach($vuln in $dependency.getVulnerabilities())#if($foreach.count > 1),#end {
                        #if($foreach.count > 1),#end {
                "name": "$enc.json($vuln.name)",
                "cvssScore": "$vuln.cvssScore",
                "cvssAccessVector": "$enc.json($vuln.cvssAccessVector)",
@@ -120,36 +118,29 @@
                "cvssConfidentialImpact": "$enc.json($vuln.cvssConfidentialityImpact)",
                "cvssIntegrityImpact": "$enc.json($vuln.cvssIntegrityImpact)",
                "cvssAvailabilityImpact": "$enc.json($vuln.cvssAvailabilityImpact)",
-                        #if ($vuln.cvssScore<4.0)
+                #if ($vuln.cvssScore<4.0)"severity": "Low",
-                        "severity": "Low",
+                #elseif ($vuln.cvssScore>=7.0)"severity": "High",
-                        #elseif ($vuln.cvssScore>=7.0)
+                #else "severity": "Medium",#end
-                        "severity": "High",
+                "cwe": "#if ($vuln.cwe)$enc.json($vuln.cwe)#end",
                        #else
                        "severity": "Medium",
                        #end
                        #if($vuln.cwe)"cwe": "$enc.json($vuln.cwe)",#end
                "description": "$enc.json($vuln.description)",
-                        #if ($vuln.notes)"notes": "$enc.json($vuln.notes)"#end
+                "notes": "#if ($vuln.notes)$enc.json($vuln.notes)#end",
                "references": [
                    #foreach($ref in $vuln.getReferences())
                        #if($foreach.count > 1),#end {
                        "source": "$enc.json($ref.source)",
                        "url": "$enc.json($ref.url)",
                        "name": "$enc.json($ref.name)"
-                        }
+                    }#end
                        #end
                ],
                "vulnerableSoftware": [
                    #foreach($vs in $vuln.getVulnerableSoftware())
                        #if($foreach.count > 1),#end {
                            #if($vs.hasPreviousVersion()) "allPreviousVersion": "true",#end
                        "software": "$enc.json($vs.name)"
-                        }
+                        #if($vs.hasPreviousVersion()) ,"allPreviousVersion": "true"#end
                        #end
                    ]
                    }#end
                ]
-                #end
+                }#end
            ]#end
            #if($dependency.getSuppressedVulnerabilities().size()>0 || $dependency.getSuppressedVulnerabilities().size()>0)
            ,"suppressedVulnerabilities": [
@@ -166,33 +157,26 @@
                #elseif ($vuln.cvssScore>=7.0) "severity": "High",
                #else "severity": "Medium", 
                #end
-                    #if ($vuln.cwe)"cwe": "$enc.json($vuln.cwe)",#end
+                "cwe": "#if ($vuln.cwe)$enc.json($vuln.cwe)#end",
-                    "description": "$enc.json($vuln.description)"
+                "description": "$enc.json($vuln.description)",
-                        #if ($vuln.notes),"notes": "$enc.json($vuln.notes)"#end
+                "notes": "#if ($vuln.notes)$enc.json($vuln.notes)#end",
-                    ,"references": [
+                "references": [
                    #foreach($ref in $vuln.getReferences())
                        #if($foreach.count > 1),#end {
                    "source": "$enc.json($ref.source)",
                    "url": "$enc.json($ref.url)",
                    "name": "$enc.json($ref.name)"
-                        }
+                    }#end
                        #end
                ],
                "vulnerableSoftware": [
                    #foreach($vs in $vuln.getVulnerableSoftware())
                        #if($foreach.count > 1),#end {
                            #if($vs.hasPreviousVersion()) "allPreviousVersion": "true",#end
                        "name": "$enc.json($vs.name)"
-                        }
+                        #if($vs.hasPreviousVersion()) ,"allPreviousVersion": "true"#end
-                        #end
+                    }#end
                ]
                }#end
            ]#end
        }#end
    ]
 }
                    #end
                ]
                #end
                }
            #end
        ]
    }
 }
--- a/dependency-check-maven/src/it/729-system-scope-resolved/postbuild.groovy
+++ b/dependency-check-maven/src/it/729-system-scope-resolved/postbuild.groovy
@@ -25,6 +25,6 @@ def slurper = new JsonSlurper()
 def json = slurper.parse(new File(basedir, "target/dependency-check-report.json"), "UTF-8")
 assert json instanceof Map
-assert json.analysis.dependencies instanceof List
+assert json.dependencies instanceof List
-assert json.analysis.dependencies.size()==1
+assert json.dependencies.size()==1
 return true;
--- a/dependency-check-maven/src/it/729-system-scope-skipped/postbuild.groovy
+++ b/dependency-check-maven/src/it/729-system-scope-skipped/postbuild.groovy
@@ -25,6 +25,6 @@ def slurper = new JsonSlurper()
 def json = slurper.parse(new File(basedir, "target/dependency-check-report.json"), "UTF-8")
 assert json instanceof Map
-assert json.analysis.dependencies instanceof List
+assert json.dependencies instanceof List
-assert json.analysis.dependencies.size()==0
+assert json.dependencies.size()==0
 return true;