github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,302 Commits 7 Branches 56 Tags
d2fa14bbe287c0fc6729dec4ee7049a96fc5f084
Commit Graph

551 Commits

Author SHA1 Message Date
Jeremy Long
afb07b651f Merge branch 'master' of github.com:colezlaw/DependencyCheck into colezlaw-master 
Former-commit-id: 1158591ef47032ceed72654ebde6ef5f20782f75
 2014-11-09 19:53:26 -05:00
Jeremy Long
e6806fdf2b patch to resolve issue #137 - the output path can be a file name if the format is not ALL 
Former-commit-id: 05c638b21f09842781e105259ff58819e4bd3e8c
 2014-11-09 19:52:42 -05:00
Will Stranathan
e5ff2cff4e Squashed commits for the new Solr/Central Search capability 
Former-commit-id: 28ca3ca0ff5de4e097082f6f73003c0a67455efd
 2014-11-08 10:54:02 -05:00
Jeremy Long
824898dba5 patch for issue #155 
Former-commit-id: 57b144d94354c48c9bebabae2cc3d0c120fd2138
 2014-11-07 06:42:54 -05:00
Jeremy Long
ea15205be8 pmd corrections 
Former-commit-id: 7cdc5b009285b9b428d4e731cb4b493a24453a9f
 2014-11-05 21:31:00 -05:00
Jeremy Long
0a45048535 checkstyle corrections 
Former-commit-id: 8807237a0a38f390298a19507ed55d9df156663f
 2014-11-05 21:24:34 -05:00
Jeremy Long
1c51655ce3 checkstyle corrections 
Former-commit-id: b7acf0b29d86a17f03f996d8d4b7a47e3a9f5eb9
 2014-11-05 21:08:34 -05:00
Jeremy Long
f8c913a3e8 small modification to warnings 
Former-commit-id: 1ee729d27fdd7f394df0ea00efcb9f5e2bf663cd
 2014-11-05 06:19:43 -05:00
Jeremy Long
24b1c4d0a4 removed wild card pattern matching during scan 
Former-commit-id: 183963237c378641467f7277f68ba74156442485
 2014-11-04 05:50:58 -05:00
Jeremy Long
dda6cf728b added suppression for opendj-ldap-sdk to fix issue #165 
Former-commit-id: e8dc84bea2350eb5539475cf77650fafb118f3a4
 2014-11-01 07:08:00 -04:00
Jeremy Long
a7fd410b01 stopped trimming org and com off of the groupid so it is consistent with other analyzers 
Former-commit-id: c22d3b7af9af00c28ee0df80ba706f70399b80ef
 2014-11-01 06:51:05 -04:00
Jeremy Long
d281c36733 updated suppression rule for jersey-client 
Former-commit-id: 81920e19da3c29de46207c2132f225cb8c77a840
 2014-11-01 06:35:28 -04:00
Jeremy Long
2d58cfe0ce fixed link to the NVD 
Former-commit-id: 73ca530e569d4376999c155a8bc1256d935209bf
 2014-10-25 08:07:20 -04:00
Jeremy Long
9df8bdff5f cleaned up code to use isEmpty instead of "".equals(string) 
Former-commit-id: 8469f91a948ab2ab5b0ce61865a0b11cd6d11717
 2014-10-25 08:06:56 -04:00
Jeremy Long
c86b821951 suppressed warning on unchecked cast 
Former-commit-id: 633151a31b613071c7bd3e939c6a5c16864b8b88
 2014-10-25 08:06:15 -04:00
Jeremy Long
4def086bf9 removed comments 
Former-commit-id: 2c48f5b93a97a0642fbc37edd603b0d0baca4368
 2014-10-25 08:05:26 -04:00
Jeremy Long
885c890d7d changed the analyzer to use the actual file name rather then the display name 
Former-commit-id: 9cc348aaef8fac5e6c64220d94428f168ea8855b
 2014-10-25 08:05:01 -04:00
Jeremy Long
06060a6694 improved error handling of invalid search strings 
Former-commit-id: 97250e44b27e009b2480d25f8c2ebb7566038086
 2014-10-25 08:04:33 -04:00
Jeremy Long
70667814f6 changed display name of files contained in archives so that it doesn't look like an invalid path 
Former-commit-id: db3a7edadef81dd7e66c68cf0f4cdf43e12936b6
 2014-10-25 08:03:47 -04:00
Jeremy Long
766b7a940c changed scan methods to return a list of dependencies instead of void 
Former-commit-id: f0fd1e06708de3159acff0147968b5508a54fc05
 2014-10-25 08:02:36 -04:00
Jeremy Long
b4aa55ce1f Merge branch 'master' of github.com:ctrl-alt-dev/DependencyCheck into ctrl-alt-dev-master 
Former-commit-id: 4d1ab5ecacf0ca7354f57d3a49accd5a173e0a26
 2014-10-24 05:36:40 -04:00
Jeremy Long
109443ce77 changed the name property of dependencies identified within an archive 
Former-commit-id: 5d778afea68c881efea628d9ecc28596d3cbc9d6
 2014-10-23 06:09:39 -04:00
Jeremy Long
d1f3105fbd added appropriate sorting to resolve issue #156 
Former-commit-id: b5d0dd3e9d337417ea3483b491035009269eaa5c
 2014-10-22 21:42:51 -04:00
Jeremy Long
8f88ca9d3d corrected compareTo to use file path, not just file name 
Former-commit-id: 98e19c402cd5824aed4b3b4923b7ef72359752cf
 2014-10-22 21:12:40 -04:00
Erik Hooijmeijer
35c2f4873c values from the project pom.xml are now taken into account as well 
Former-commit-id: ca6c5b40f09959f162b337f2cb4268a57ce46d3d
 2014-10-21 20:09:54 +02:00
Jeremy Long
1ed7bab375 additional updates for issue #162, if no pom is present in the jar, but it exists in the repo the pom from the repo will be used 
Former-commit-id: 0d1603f45420b57b00149764acca1fe5bd3f3c83
 2014-10-17 20:55:58 -04:00
Jeremy Long
f0d1bfb777 added an additional suppression for issue #162 
Former-commit-id: 9c3403814b15cbcdebdc9e0d43253016548efb23
 2014-10-16 06:57:24 -04:00
Jeremy Long
4aad3471af fixed javadoc 
Former-commit-id: 2402251f2157864ee3c51dd571cb9d21e17856e6
 2014-10-08 06:21:20 -04:00
Jeremy Long
29595324c4 added suppression rules for jersey-client 
Former-commit-id: cb8f4081c6d0fc2128a3a3dfda294a541c16adec
 2014-09-13 07:10:17 -04:00
Jeremy Long
8fab2f58da added the base property and skipped adding the vulnerability or identifier to the suppressed collection if this is a base suppression rule 
Former-commit-id: a668d7d8b9345b6ad44bfff1ced4ab783a1f90d8
 2014-09-13 05:43:16 -04:00
Jeremy Long
e44ee3bfe1 added parsing of the base flag 
Former-commit-id: 02f533177846bcd4a98b31f851e91f438e1ddeaa
 2014-09-13 05:42:01 -04:00
Jeremy Long
62065c9d28 corrected the removal of an identifier so that iterator.remove was correctly used 
Former-commit-id: 252507772242cc7ff42ef9f310cfca3bec7cb075
 2014-09-13 05:41:26 -04:00
Jeremy Long
c76275275f added the base=true flag to all base suppressions 
Former-commit-id: ac77f3fc4ff80c182b7736554a1960e186e67d69
 2014-09-13 05:40:37 -04:00
Jeremy Long
257f78879d added base attribute to suppression rules 
Former-commit-id: bcadbd75b99471a56d604c2f158570305e9b4010
 2014-09-13 05:40:06 -04:00
Jeremy Long
d4756c9eb8 updated base suppression list to include sandbox:sandbox - a php app 
Former-commit-id: 087a4c5af2afd03a1d4703d2e1e5a1607a2e7ac9
 2014-09-12 06:34:23 -04:00
Jeremy Long
0004767775 added fix for issue #147 to address springsource, non-core spring, jars being idenified as cpe://a:springsource:springframwork 
Former-commit-id: 0a3182123be78a3f450cdef0bcc395907d27730a
 2014-09-10 17:55:04 -04:00
Jeremy Long
1244af649d updated to improve CPE matching so that if a broad match occured (cpe with no version number) we use the highest confidence version when generating the CPE identifier 
Former-commit-id: 6e8c87a71522b1ca7cfa9d72ca419a792d1b17e7
 2014-09-09 15:10:08 -04:00
Jeremy Long
7bd48cc811 updated version analysis to reduce false positives and increase accurate detection 
Former-commit-id: 6097160434b7e98182738706790d82cdbd867175
 2014-09-09 15:07:28 -04:00
Jeremy Long
1b2d9b4245 fixed minor display bug 
Former-commit-id: 65e1adcdc7677490907ee6eca68bf1174d355a3c
 2014-09-07 07:20:45 -04:00
Jeremy Long
e58fc13fdb additional looping corrections in determineCPE() to break early if an identifier is found 
Former-commit-id: 4ec4ffe598d9870a793da8980bb863633c1967d7
 2014-09-06 19:09:38 -04:00
Jeremy Long
922d53d2e4 Increased the confidence on the pom artifact and groupid 
Former-commit-id: b052b50353197e0f7cb419e6f618f2320da11183
 2014-09-06 19:08:22 -04:00
Jeremy Long
fec53b3951 corrected looping in determineCPE() 
Former-commit-id: 329f20687223f38273b2e23601b05fcea2b9122f
 2014-09-06 06:37:12 -04:00
Jeremy Long
da20fb2922 added velocity-tools to base suppression as it should not be reported as struts 
Former-commit-id: 4649d95a091def05ae249da42aa7d6f845b14d59
 2014-08-30 07:48:02 -04:00
Jeremy Long
4095c5da38 made serializable 
Former-commit-id: 27d8084ea981766791df05c5e9ef61dbe40ba32c
 2014-08-16 07:27:28 -04:00
Jeremy Long
b4405ebf3e minor changes to the TOC table - removed # of related dependencies and renamed CVE Impact to Highest Severity to clear up ambiguity 
Former-commit-id: b8b14ab120d889057864eb6f93cadad9773b9171
 2014-08-15 05:58:10 -04:00
Jeremy Long
56b447493e added additional error messages about the proxy if the download fails per issue #136 
Former-commit-id: 7a5dcc58ab959a70b7e086a984f5d9289d749b99
 2014-08-05 10:58:43 -04:00
Jeremy Long
e45b68eda7 fixed issue #140 - false positive is now suppressed 
Former-commit-id: 4b584884e1eb5efa214b1af87d555e6866db917a
 2014-08-05 10:44:33 -04:00
Jeremy Long
bd955cda06 improved TOC per issue #138 
Former-commit-id: 7cc7ccb9d0dd8257588438220bf61d78caa2bcec
 2014-08-05 09:22:28 -04:00
Jeremy Long
c6dbc01912 ensured FileInputStream is correctly closed 
Former-commit-id: 6e0362476f456e5af07e686fdccf04e600a97de8
 2014-08-05 09:19:35 -04:00
Jeremy Long
fabe1aa940 checkstyle corrections 
Former-commit-id: d23c5d17629f8484c1c07d328c9c1b74a678e062
 2014-08-05 09:19:00 -04:00