github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-13 23:33:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github-mirrors:v0.2.2
Branches Tags
github-mirrors:master github-mirrors:feature/java-version-parse github-mirrors:cvedb-cache github-mirrors:reportGeneration github-mirrors:stevespringett-master github-mirrors:gh-pages github-mirrors:issue690_threadsafe
github-mirrors:v1.4.5 github-mirrors:v1.4.4 github-mirrors:1.4.3 github-mirrors:v1.4.2 github-mirrors:v1.4.1 github-mirrors:v1.4.0 github-mirrors:v1.3.6 github-mirrors:v1.3.5 github-mirrors:v1.3.4 github-mirrors:v1.3.3 github-mirrors:v1.3.2 github-mirrors:v1.3.1 github-mirrors:v1.3.0 github-mirrors:v1.2.11 github-mirrors:v1.2.9 github-mirrors:v1.2.8 github-mirrors:v1.2.7 github-mirrors:v1.2.6 github-mirrors:v1.2.5 github-mirrors:v1.2.4 github-mirrors:v1.2.3 github-mirrors:v1.2.2 github-mirrors:v1.2.1 github-mirrors:v1.2.0.1 github-mirrors:v1.2.0 github-mirrors:v1.1.4 github-mirrors:v1.1.3 github-mirrors:v1.1.2 github-mirrors:v1.1.1 github-mirrors:v1.1.0 github-mirrors:v1.0.8 github-mirrors:v1.0.7 github-mirrors:v1.0.6 github-mirrors:v1.0.5 github-mirrors:v1.0.4 github-mirrors:v1.0.3 github-mirrors:v1.0.2 github-mirrors:v1.0.1 github-mirrors:v0.3.2.4 github-mirrors:v0.3.2.3 github-mirrors:v0.3.2.2 github-mirrors:v0.3.2.0 github-mirrors:v0.3.1.1 github-mirrors:v0.3.1.0 github-mirrors:v0.3.0.0 github-mirrors:v0.2.6.0 github-mirrors:v0.2.5.2 github-mirrors:v0.2.5.1 github-mirrors:v0.2.5.0 github-mirrors:v0.2.4.0 github-mirrors:v0.2.3.2 github-mirrors:v0.2.3.1 github-mirrors:v0.2.3 github-mirrors:v0.2.2 github-mirrors:v0.2.1 github-mirrors:v0.2.0
...
compare: github-mirrors:v0.2.5.2
Branches Tags
github-mirrors:feature/java-version-parse github-mirrors:cvedb-cache github-mirrors:reportGeneration github-mirrors:master github-mirrors:stevespringett-master github-mirrors:gh-pages github-mirrors:issue690_threadsafe
github-mirrors:v1.4.5 github-mirrors:v1.4.4 github-mirrors:1.4.3 github-mirrors:v1.4.2 github-mirrors:v1.4.1 github-mirrors:v1.4.0 github-mirrors:v1.3.6 github-mirrors:v1.3.5 github-mirrors:v1.3.4 github-mirrors:v1.3.3 github-mirrors:v1.3.2 github-mirrors:v1.3.1 github-mirrors:v1.3.0 github-mirrors:v1.2.11 github-mirrors:v1.2.9 github-mirrors:v1.2.8 github-mirrors:v1.2.7 github-mirrors:v1.2.6 github-mirrors:v1.2.5 github-mirrors:v1.2.4 github-mirrors:v1.2.3 github-mirrors:v1.2.2 github-mirrors:v1.2.1 github-mirrors:v1.2.0.1 github-mirrors:v1.2.0 github-mirrors:v1.1.4 github-mirrors:v1.1.3 github-mirrors:v1.1.2 github-mirrors:v1.1.1 github-mirrors:v1.1.0 github-mirrors:v1.0.8 github-mirrors:v1.0.7 github-mirrors:v1.0.6 github-mirrors:v1.0.5 github-mirrors:v1.0.4 github-mirrors:v1.0.3 github-mirrors:v1.0.2 github-mirrors:v1.0.1 github-mirrors:v0.3.2.4 github-mirrors:v0.3.2.3 github-mirrors:v0.3.2.2 github-mirrors:v0.3.2.0 github-mirrors:v0.3.1.1 github-mirrors:v0.3.1.0 github-mirrors:v0.3.0.0 github-mirrors:v0.2.6.0 github-mirrors:v0.2.5.2 github-mirrors:v0.2.5.1 github-mirrors:v0.2.5.0 github-mirrors:v0.2.4.0 github-mirrors:v0.2.3.2 github-mirrors:v0.2.3.1 github-mirrors:v0.2.3 github-mirrors:v0.2.2 github-mirrors:v0.2.1 github-mirrors:v0.2.0

36 Commits
v0.2.2 ... v0.2.5.2

Author SHA1 Message Date
Jeremy Long
41f631d1c0 Added CVSS Scores 
Former-commit-id: 2feda15c4f42461b87a2a4e5941a32eb98a918de
 2013-01-13 16:48:27 -05:00
Jeremy Long
0080b916ce version 0.2.5.1 
Former-commit-id: 7ced778f0f8a749ffca1efd7d3416c4a16c1da26
 2013-01-09 22:51:06 -05:00
Jeremy Long
73782493b0 additional spring jar files for testing 
Former-commit-id: 95f8858a0b75ff74b4e039948c1848bcd3c1be22
 2013-01-09 22:50:11 -05:00
Jeremy Long
bb1e47ae43 fixed analyzer method signature, added SpringCleaningAnalyzer, and removed ArchiveAnalyzer interface 
Former-commit-id: 789fcd7a7c463ee2528c9a325a8536f2cc9278c5
 2013-01-09 22:49:41 -05:00
Jeremy Long
d1194f23d7 added 2013 NVD CVE file 
Former-commit-id: 049b7e8d493d722fb61896fd46067f625e56d79e
 2013-01-08 15:40:58 -05:00
Jeremy Long
b9eda7984f added mailing list 
Former-commit-id: a4ff51a95343a893e7565814a4a3ce21f19d6a75
 2013-01-06 12:38:56 -05:00
Jeremy Long
4b07b59bbc version 0.2.5.0 
Former-commit-id: 88eaccdc6e83a8c3c3061e38186bb45fb9ba5a3d
 2013-01-06 12:13:08 -05:00
Jeremy Long
4861b1befe bug fixes/replaced CVE datastore (lucene->H2) 
Former-commit-id: 51cd0f93a50b70b0722a139034f5e0dda416e803
 2013-01-06 12:04:27 -05:00
Jeremy Long
67c0815d8a updated file header 
Former-commit-id: cd617dd03567a665df4088d963047146918fe091
 2012-12-30 17:37:21 -05:00
Jeremy Long
ff4e40a910 added equals and hashCode 
Former-commit-id: 065a80852277add47d259f8f96fe9ed64c84ffe3
 2012-12-30 16:50:19 -05:00
Jeremy Long
7d9fa79bd4 format fix 
Former-commit-id: ae279dfda4fc8bda0d22a324c8d4cb461765fe7b
 2012-12-30 16:49:51 -05:00
Jeremy Long
78a7fe5b93 fixed commons-io reference 
Former-commit-id: 4f4d001485f248ebe9db02ccdc95174a2a25dda9
 2012-12-30 16:48:05 -05:00
Jeremy Long
f08a23fbf9 added db4o as project-local repo 
Former-commit-id: 9e64c3d1dd0979c401c8dd5ca31af6f8ce94e9ea
 2012-12-30 15:58:11 -05:00
Jeremy Long
46a5059b36 added vulnerable software 
Former-commit-id: 8bd4247143bfbc85e9786433d22da24e59ef676f
 2012-12-30 15:57:34 -05:00
Jeremy Long
41b3c475ab minor update 
Former-commit-id: fe4a040b4d07efc4d4c9bbfdadd9d53f4f9b7532
 2012-12-30 15:56:29 -05:00
Jeremy Long
5f798a4814 minor update 
Former-commit-id: 28ff2348960bfc4e8a5332b203098b0363ced143
 2012-12-30 15:56:21 -05:00
Jeremy Long
7a4ba451ad adding vulnerable software 
Former-commit-id: 2fbc588a90c8d11f2fa0f806fb14f6b31fddcbea
 2012-12-30 09:46:21 -05:00
Jeremy Long
3c62f8501c formating update 
Former-commit-id: 535878fa1a445cef81fcf01cf1c79451a56887da
 2012-12-30 09:31:49 -05:00
Jeremy Long
172558ed8c minor bug fixes 
Former-commit-id: f79fdb279ef60bebace4061a9df6d9a6e0cf818b
 2012-12-30 09:30:12 -05:00
Jeremy Long
86416292d6 removed deprecated functionality 
Former-commit-id: b4f14a8295ebc604267ab0d234ddf39c111e6164
 2012-12-30 09:09:23 -05:00
Jeremy Long
d4f097cfbc Update NVD CVE timestamp checking 
Former-commit-id: 5764a3ce90b6963d4476f581b712bc9df0c1a7cb
 2012-12-30 08:53:14 -05:00
Jeremy Long
40e4f9cd90 added Vulnerability class 
Former-commit-id: 1a7797d9730501267c7836660c255ac7f0b2b7ee
 2012-12-29 10:16:34 -05:00
Jeremy Long
38c1e31476 updated to v0.2.4.0 
Former-commit-id: 77765b0e7fb13185b8552c3ece882077736ef944
 2012-12-29 08:31:09 -05:00
Jeremy Long
9e489c0c55 updates and bug fixes for CPE data 
Former-commit-id: 367da7219f76f370e87aa410d70a83553e71d828
 2012-12-29 08:28:23 -05:00
Jeremy Long
76899996c2 version 0.2.3.2 
Former-commit-id: 474018fefa56379cb88cfd232c4a88e8ce9b15af
 2012-12-22 06:16:46 -05:00
Jeremy Long
283dcae297 added find bugs and fixed some bugs 
Former-commit-id: 2266d86317f4fb20b7d3262b41b14d962916078f
 2012-12-22 06:15:39 -05:00
Jeremy Long
566f36e577 continued removal of cpe.xml - it is incomplete for our purpose 
Former-commit-id: 83d10942664962f0f530b4694a96c1f4f2783d43
 2012-12-22 04:30:26 -05:00
Jeremy Long
6e23fd7251 bug fixes 
Former-commit-id: 770436e4eff1f331b122eecd16081194987ba3f9
 2012-12-20 21:39:02 -05:00
Jeremy Long
a16bcfbc10 upgrade to lucene 4.0 
Former-commit-id: 0822d5816b603d8017b2fe8aa2a592aa3263c51c
 2012-12-16 21:26:30 -05:00
Jeremy Long
2fcc325af7 bug fixes 
Former-commit-id: 02eac4d4a7073e140181c39fa8137b37f86e5f74
 2012-12-02 22:22:25 -05:00
Jeremy Long
5334cf7def fixed reported bug 
Former-commit-id: 0f4d2380d45811e2c181996651ed1541376a3cb6
 2012-11-20 20:11:08 -05:00
Jeremy Long
a8a85a5947 Cleaned up reporting 
Former-commit-id: ba7c493381c4a5d9b1078e8f8c8a44f3ffc119f3
 2012-11-17 07:57:55 -05:00
Jeremy Long
a6faadcc74 v0.2.3 
Former-commit-id: 03939984b22675d4aaa73aad4803dd2aa4751638
 2012-11-12 14:50:04 -05:00
Jeremy Long
1e7b45c00b updated to use directory of jar instead of working directory to store data 
Former-commit-id: 5090e57e59d022d0824bf5a7fdcbedfc0bff027e
 2012-11-12 14:48:39 -05:00
Jeremy Long
9f21ea6a9d general updates 
Former-commit-id: edac8a6df87e1793f94ebdad615ed424acb27d90
 2012-11-12 13:36:44 -05:00
Jeremy Long
99c056e7f5 location of data files is no longer the working directory, rather the location of the JAR file itself 
Former-commit-id: 320077664c9c65f5b5f6dd7acb5c923da8869167
 2012-11-12 12:19:39 -05:00
176 changed files with 4346 additions and 172823 deletions
Expand all files Collapse all files

7
NOTICES.txt
View File

@@ -3,6 +3,9 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
This product includes software developed by
The Apache Software Foundation (http://www.apache.org/).
This product includes software developed by
Jquery.com (http://jquery.com/).
Jquery.com (http://jquery.com/).
This product includes software developed by
H2 (http://www.h2database.com).

10
README.txt
View File

@@ -1,16 +1,16 @@
About:
DependencyCheck is a utility that attempts to detect publically disclosed
vulnerabilities contained within project dependencies. It does this by determining
if there is a Common Platform Enumeration (CPE) identifier for a given dependency.
If found, it will generate a report linking to the associated CVE entries.
if there is a Common Platform Enumeration (CPE) identifier for a given dependency.
If found, it will generate a report linking to the associated CVE entries.
Usage:
$ mvn package
$ cd target
$ java -jar DependencyCheck-0.2.2.jar -h
$ java -jar DependencyCheck-0.2.2.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan ./test-classes/struts2-core-2.1.2.jar -scan ./lib
$ java -jar DependencyCheck-0.2.5.2.jar -h
$ java -jar DependencyCheck-0.2.5.2.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan ./test-classes/struts2-core-2.1.2.jar -scan ./lib
Then load the resulting 'Testing.html' into your favorite browser.
Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.
Author: Jeremy Long (jeremy.long@gmail.com)

82
pom.xml
View File

@@ -23,7 +23,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<groupId>org.codesecure</groupId>
<artifactId>DependencyCheck</artifactId>
<version>0.2.2</version>
<version>0.2.5.2</version>
<packaging>jar</packaging>
<name>DependencyCheck</name>
@@ -55,6 +55,15 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<system>github</system>
<url>https://github.com/jeremylong/DependencyCheck/issues</url>
</issueManagement>
<mailingLists>
<mailingList>
<name>Dependency Check</name>
<subscribe>dependency-check+subscribe@googlegroups.com</subscribe>
<unsubscribe>dependency-check+unsubscribe@googlegroups.com</unsubscribe>
<post>dependency-check@googlegroups.com</post>
<archive>https://groups.google.com/forum/?fromgroups#!forum/dependency-check</archive>
</mailingList>
</mailingLists>
<licenses>
<license>
<name>GNU General Public License version 3</name>
@@ -65,6 +74,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
</properties>
<build>
<resources>
<resource>
@@ -100,7 +110,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.8.1</version>
<configuration>
<bottom>Copyright &#169; 2012 Jeremy Long. All Rights Reserved.</bottom>
<bottom>Copyright&#169; 2012 Jeremy Long. All Rights Reserved.</bottom>
</configuration>
</plugin>
<plugin>
@@ -178,11 +188,6 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<branchRate>0</branchRate>
<lineRate>0</lineRate>
</regex>
<regex>
<pattern>org.codesecure.dependencycheck.utils.SSDeep</pattern>
<branchRate>0</branchRate>
<lineRate>0</lineRate>
</regex>
</regexes>
</check>
</configuration>
@@ -208,11 +213,11 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
</property>
<property>
<name>cve</name>
<value>${project.build.directory}/data/cve</value>
<value>target/data/cve</value>
</property>
<property>
<name>cpe</name>
<value>${project.build.directory}/data/cpe</value>
<value>target/data/cpe</value>
</property>
</systemProperties>
<excludes>
@@ -224,6 +229,21 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<version>2.12.4</version>
<configuration>
<systemProperties>
<property>
<name>cve</name>
<value>target/data/cve</value>
</property>
<property>
<name>cpe</name>
<value>target/data/cpe</value>
</property>
</systemProperties>
<includes>
<include>**/*IntegrationTest.java</include>
</includes>
</configuration>
<executions>
<execution>
<goals>
@@ -246,7 +266,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<reportSets>
<reportSet>
<reports>
<!--<report>mailing-list</report>-->
<report>mailing-list</report>
<!--<report>cim</report>-->
<report>index</report>
<report>summary</report>
@@ -308,6 +328,11 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>taglist-maven-plugin</artifactId>
<version>2.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
@@ -338,11 +363,17 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<reportSet>
<id>integration-tests</id>
<reports>
<report>report-only</report>
<report>failsafe-report-only</report>
</reports>
</reportSet>
</reportSets>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>2.5.2</version>
</plugin>
</reportPlugins>
</configuration>
</plugin>
@@ -365,10 +396,21 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-core</artifactId>
<version>3.5.0</version>
<version>4.0.0</version>
<!--<version>3.5.0</version>-->
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-analyzers-common</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-queryparser</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>1.3.2</version>
</dependency>
@@ -421,11 +463,19 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
</exclusion>
</exclusions>
</dependency>
<!--
<dependency>
<groupId>org.fusesource.hawtdb</groupId>
<artifactId>hawtdb</artifactId>
<version>1.6</version>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.3.170</version>
</dependency>
<!-- The following dependencies are only scanned during integration testing -->
<!--<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>2.5.5</version>
<scope>test</scope>
</dependency>-->
</dependencies>
</project>

4
src/main/config/checkstyle-header.txt
View File

@@ -1,4 +1,3 @@
^package
^/\*\s*$
^ \* This file is part of DependencyCheck\.\s*$
^ \*\s*$
@@ -16,4 +15,5 @@
^ \* DependencyCheck\. If not, see http://www.gnu.org/licenses/\.\s*$
^ \*\s*$
^ \* Copyright \(c\) 2012 Jeremy Long\. All Rights Reserved\.\s*$
^ \*/\s*$
^ \*/\s*$
^package

1
src/main/config/checkstyle-suppressions.xml
View File

@@ -6,7 +6,6 @@
<suppressions>
<suppress checks=".*" files=".*[\\/]package-info\.java" />
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]SSDeep.java" />
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]Filter.java" />
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]Checksum.java" />
<suppress checks=".*" files=".*[\\/]generated[\\/].*.java" />

39
src/main/java/org/codesecure/dependencycheck/App.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck;
/*
* This file is part of DependencyCheck.
*
@@ -17,8 +16,8 @@ package org.codesecure.dependencycheck;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
@@ -26,13 +25,10 @@ import java.util.List;
import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.cli.ParseException;
import org.codesecure.dependencycheck.data.cpe.xml.Importer;
import org.codesecure.dependencycheck.reporting.ReportGenerator;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.utils.CliParser;
import org.xml.sax.SAXException;
/*
* This file is part of App.
@@ -73,10 +69,12 @@ public class App {
//while java doc for JUL says to use preferences api - it throws an exception...
//Preferences.systemRoot().put("java.util.logging.config.file", "log.properties");
//System.getProperties().put("java.util.logging.config.file", "configuration/log.properties");
File dir = new File("logs");
if (!dir.exists()) {
dir.mkdir();
}
//removed the file handler. since this is a console app - just write to console.
// File dir = new File("logs");
// if (!dir.exists()) {
// dir.mkdir();
// }
try {
InputStream in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
LogManager.getLogManager().reset();
@@ -113,8 +111,6 @@ public class App {
if (cli.isGetVersion()) {
cli.printVersionInfo();
} else if (cli.isLoadCPE()) {
loadCPE(cli.getCpeFile());
} else if (cli.isRunScan()) {
runScan(cli.getReportDirectory(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate());
} else {
@@ -123,23 +119,6 @@ public class App {
}
/**
* Loads the specified CPE.XML file into Lucene Index.
*
* @param cpePath
*/
private void loadCPE(String cpePath) {
try {
Importer.importXML(cpePath);
} catch (ParserConfigurationException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
} catch (SAXException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Scans the specified directories and writes the dependency reports to the
* reportDirectory.
@@ -157,9 +136,9 @@ public class App {
scanner.analyzeDependencies();
List<Dependency> dependencies = scanner.getDependencies();
ReportGenerator report = new ReportGenerator();
ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
try {
report.generateReports(reportDirectory, applicationName, dependencies);
report.generateReports(reportDirectory);
} catch (IOException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
} catch (Exception ex) {

63
src/main/java/org/codesecure/dependencycheck/Engine.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck;
/*
* This file is part of DependencyCheck.
*
@@ -17,11 +16,10 @@ package org.codesecure.dependencycheck;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck;
import java.util.EnumMap;
import org.codesecure.dependencycheck.dependency.Dependency;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
@@ -33,10 +31,10 @@ import org.codesecure.dependencycheck.analyzer.AnalysisException;
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
import org.codesecure.dependencycheck.analyzer.Analyzer;
import org.codesecure.dependencycheck.analyzer.AnalyzerService;
import org.codesecure.dependencycheck.analyzer.ArchiveAnalyzer;
import org.codesecure.dependencycheck.data.CachedWebDataSource;
import org.codesecure.dependencycheck.data.UpdateException;
import org.codesecure.dependencycheck.data.UpdateService;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.utils.FileUtils;
/**
@@ -188,14 +186,15 @@ public class Engine {
* Runs the analyzers against all of the dependencies.
*/
public void analyzeDependencies() {
//phase one initilize
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
try {
a.initialize();
} catch (Exception ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, "Exception occured initializing " + a.getName() + ".", ex);
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE,
"Exception occured initializing " + a.getName() + ".", ex);
try {
a.close();
} catch (Exception ex1) {
@@ -203,41 +202,34 @@ public class Engine {
}
continue;
}
}
}
// analysis phases
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
for (Dependency d : dependencies) {
if (a.supportsExtension(d.getFileExtension())) {
try {
if (a instanceof ArchiveAnalyzer) {
ArchiveAnalyzer aa = (ArchiveAnalyzer) a;
aa.analyze(d, this);
} else {
a.analyze(d);
}
a.analyze(d, this);
} catch (AnalysisException ex) {
d.addAnalysisException(ex);
} catch (IOException ex) {
String msg = String.format("IOException occured while analyzing the file '%s'.",
d.getActualFilePath());
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, msg, ex);
}
}
}
try {
a.close();
} catch (Exception ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
//Now cycle through all of the analyzers one last time to call
// cleanup on any archiveanalyzers. These should only exist in the
// initial phase, but we are going to be thourough just in case.
//close/cleanup
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
if (a instanceof ArchiveAnalyzer) {
ArchiveAnalyzer aa = (ArchiveAnalyzer) a;
aa.cleanup();
try {
a.close();
} catch (Exception ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
@@ -254,8 +246,23 @@ public class Engine {
try {
source.update();
} catch (UpdateException ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, "Unable to update " + source.getClass().getName(), ex);
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE,
"Unable to update " + source.getClass().getName(), ex);
}
}
}
/**
* Returns a full list of all of the analyzers. This is useful
* for reporting which analyzers where used.
* @return a list of Analyzers
*/
public List<Analyzer> getAnalyzers() {
List<Analyzer> ret = new ArrayList<Analyzer>();
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
ret.addAll(analyzerList);
}
return ret;
}
}

2
src/main/java/org/codesecure/dependencycheck/analyzer/AbstractAnalyzer.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.analyzer;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
import java.util.HashSet;
import java.util.Set;

2
src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.analyzer;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
/**
* An exception thrown when the analysis of a dependency fails.

2
src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisPhase.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.analyzer;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
/**
* An enumeration defining the phases of analysis.

7
src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
@@ -17,8 +16,10 @@ package org.codesecure.dependencycheck.analyzer;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
import java.util.Set;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.dependency.Dependency;
/**
@@ -37,10 +38,12 @@ public interface Analyzer {
* description or license information for the dependency it should be added.
*
* @param dependency a dependency to analyze.
* @param engine the engine that is scanning the dependencies - this is useful
* if we need to check other dependencies
* @throws AnalysisException is thrown if there is an error analyzing the
* dependency file
*/
void analyze(Dependency dependency) throws AnalysisException;
void analyze(Dependency dependency, Engine engine) throws AnalysisException;
/**
* <p>Returns a list of supported file extensions. An example would be an

2
src/main/java/org/codesecure/dependencycheck/analyzer/AnalyzerService.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.analyzer;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
import java.util.Iterator;
import java.util.ServiceLoader;

48
src/main/java/org/codesecure/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -1,48 +0,0 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import org.codesecure.dependencycheck.dependency.Dependency;
import java.io.IOException;
import org.codesecure.dependencycheck.Engine;
/**
* An interface that defines an Analyzer that is used to expand archives and
* allow the engine to scan the contents.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public interface ArchiveAnalyzer {
/**
* An ArchiveAnalyzer expands an archive and calls the scan method of the
* engine on the exploded contents.
*
* @param dependency a dependency to analyze.
* @param engine the engine that is scanning the dependencies.
* @throws IOException is thrown if there is an error reading the dependency
* file
*/
void analyze(Dependency dependency, Engine engine) throws IOException;
/**
* Cleans any temporary files generated when analyzing the archive.
*/
void cleanup();
}

87
src/main/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzer.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
@@ -17,11 +16,12 @@ package org.codesecure.dependencycheck.analyzer;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Evidence;
import java.util.Set;
import java.util.regex.Pattern;
import org.codesecure.dependencycheck.Engine;
/**
*
@@ -83,87 +83,30 @@ public class FileNameAnalyzer implements Analyzer {
}
/**
* An enumeration to keep track of the characters in a string as it is being
* read in one character at a time.
*/
private enum STRING_STATE {
ALPHA,
NUMBER,
PERIOD,
OTHER
}
/**
* Determines type of the character passed in.
*
* @param c a character
* @return a STRING_STATE representing whether the character is number,
* alpha, or other.
*/
private STRING_STATE determineState(char c) {
if (c >= '0' && c <= '9') {
return STRING_STATE.NUMBER;
} else if (c == '.') {
return STRING_STATE.PERIOD;
} else if (c >= 'a' && c <= 'z') {
return STRING_STATE.ALPHA;
} else {
return STRING_STATE.OTHER;
}
}
/**
* Collects information about the file such as hashsums.
* Collects information about the file name.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency) throws AnalysisException {
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
analyzeFileName(dependency);
}
/**
* Analyzes the filename of the dependency and adds it to the evidence
* collections.
*
* @param dependency the dependency to analyze.
*/
private void analyzeFileName(Dependency dependency) {
String fileName = dependency.getFileName();
//slightly process the filename to chunk it into distinct words, numbers.
// Yes, the lucene analyzer might do this, but I want a little better control
// over the process.
String fileNameEvidence = fileName.substring(0, fileName.length() - 4).toLowerCase().replace('-', ' ').replace('_', ' ');
StringBuilder sb = new StringBuilder(fileNameEvidence.length());
STRING_STATE state = determineState(fileNameEvidence.charAt(0));
for (int i = 0; i < fileNameEvidence.length(); i++) {
char c = fileNameEvidence.charAt(i);
STRING_STATE newState = determineState(c);
if (newState != state) {
if ((state != STRING_STATE.NUMBER && newState == STRING_STATE.PERIOD)
|| (state == STRING_STATE.PERIOD && newState != STRING_STATE.NUMBER)
|| (state == STRING_STATE.ALPHA || newState == STRING_STATE.ALPHA)
|| ((state == STRING_STATE.OTHER || newState == STRING_STATE.OTHER) && c != ' ')) {
sb.append(' ');
}
}
state = newState;
sb.append(c);
int pos = fileName.lastIndexOf(".");
if (pos > 0) {
fileName = fileName.substring(0, pos - 1);
}
Pattern rx = Pattern.compile("\\s\\s+");
fileNameEvidence = rx.matcher(sb.toString()).replaceAll(" ");
dependency.getProductEvidence().addEvidence("file", "name",
fileNameEvidence, Evidence.Confidence.HIGH);
fileName, Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("file", "name",
fileNameEvidence, Evidence.Confidence.HIGH);
if (fileNameEvidence.matches(".*\\d.*")) {
fileName, Evidence.Confidence.HIGH);
if (fileName.matches(".*\\d.*")) {
dependency.getVersionEvidence().addEvidence("file", "name",
fileNameEvidence, Evidence.Confidence.HIGH);
fileName, Evidence.Confidence.HIGH);
}
}

418
src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
@@ -17,12 +16,14 @@ package org.codesecure.dependencycheck.analyzer;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
import java.io.File;
import java.io.FileInputStream;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBException;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Evidence;
import org.codesecure.dependencycheck.dependency.EvidenceCollection;
@@ -54,7 +55,7 @@ import org.codesecure.dependencycheck.utils.NonClosingStream;
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class JarAnalyzer extends AbstractAnalyzer {
public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* The system independent newline character.
@@ -178,14 +179,16 @@ public class JarAnalyzer extends AbstractAnalyzer {
* checksums to identify the correct CPE information.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency) throws AnalysisException {
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
try {
parseManifest(dependency);
analyzePackageNames(dependency);
analyzePOM(dependency);
addPredefinedData(dependency);
} catch (IOException ex) {
throw new AnalysisException("Exception occured reading the JAR file.", ex);
} catch (JAXBException ex) {
@@ -228,10 +231,16 @@ public class JarAnalyzer extends AbstractAnalyzer {
}
} else if (!entry.isDirectory() && "pom.properties".equals(entryName)) {
if (pomProperties == null) {
Reader reader = new InputStreamReader(zin);
pomProperties = new Properties();
pomProperties.load(reader);
zin.closeEntry();
Reader reader = null;
try {
reader = new InputStreamReader(zin, "UTF-8");
pomProperties = new Properties();
pomProperties.load(reader);
} finally {
//zin.closeEntry closes the reader
//reader.close();
zin.closeEntry();
}
} else {
throw new AnalysisException("JAR file contains multiple pom.properties files - unable to process POM");
}
@@ -326,143 +335,151 @@ public class JarAnalyzer extends AbstractAnalyzer {
*/
protected void analyzePackageNames(Dependency dependency) throws IOException {
JarFile jar = new JarFile(dependency.getActualFilePath());
java.util.Enumeration en = jar.entries();
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
HashMap<String, Integer> level0 = new HashMap<String, Integer>();
HashMap<String, Integer> level1 = new HashMap<String, Integer>();
HashMap<String, Integer> level2 = new HashMap<String, Integer>();
HashMap<String, Integer> level3 = new HashMap<String, Integer>();
int count = 0;
while (en.hasMoreElements()) {
java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement();
if (entry.getName().endsWith(".class") && entry.getName().contains("/")) {
String[] path = entry.getName().toLowerCase().split("/");
java.util.Enumeration en = jar.entries();
if ("java".equals(path[0])
|| "javax".equals(path[0])
|| ("com".equals(path[0]) && "sun".equals(path[0]))) {
continue;
}
HashMap<String, Integer> level0 = new HashMap<String, Integer>();
HashMap<String, Integer> level1 = new HashMap<String, Integer>();
HashMap<String, Integer> level2 = new HashMap<String, Integer>();
HashMap<String, Integer> level3 = new HashMap<String, Integer>();
int count = 0;
while (en.hasMoreElements()) {
java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement();
if (entry.getName().endsWith(".class") && entry.getName().contains("/")) {
String[] path = entry.getName().toLowerCase().split("/");
count += 1;
String temp = path[0];
if (level0.containsKey(temp)) {
level0.put(temp, level0.get(temp) + 1);
} else {
level0.put(temp, 1);
}
if ("java".equals(path[0])
|| "javax".equals(path[0])
|| ("com".equals(path[0]) && "sun".equals(path[0]))) {
continue;
}
if (path.length > 2) {
temp += "/" + path[1];
if (level1.containsKey(temp)) {
level1.put(temp, level1.get(temp) + 1);
count += 1;
String temp = path[0];
if (level0.containsKey(temp)) {
level0.put(temp, level0.get(temp) + 1);
} else {
level1.put(temp, 1);
level0.put(temp, 1);
}
if (path.length > 2) {
temp += "/" + path[1];
if (level1.containsKey(temp)) {
level1.put(temp, level1.get(temp) + 1);
} else {
level1.put(temp, 1);
}
}
if (path.length > 3) {
temp += "/" + path[2];
if (level2.containsKey(temp)) {
level2.put(temp, level2.get(temp) + 1);
} else {
level2.put(temp, 1);
}
}
if (path.length > 4) {
temp += "/" + path[3];
if (level3.containsKey(temp)) {
level3.put(temp, level3.get(temp) + 1);
} else {
level3.put(temp, 1);
}
}
}
}
if (count == 0) {
return;
}
EvidenceCollection vendor = dependency.getVendorEvidence();
EvidenceCollection product = dependency.getProductEvidence();
for (String s : level0.keySet()) {
if (!"org".equals(s) && !"com".equals(s)) {
vendor.addWeighting(s);
product.addWeighting(s);
vendor.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
product.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
}
}
for (String s : level1.keySet()) {
float ratio = level1.get(s);
ratio /= count;
if (ratio > 0.5) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
product.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
}
if (path.length > 3) {
temp += "/" + path[2];
if (level2.containsKey(temp)) {
level2.put(temp, level2.get(temp) + 1);
}
for (String s : level2.keySet()) {
float ratio = level2.get(s);
ratio /= count;
if (ratio > 0.4) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
} else {
level2.put(temp, 1);
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
}
}
for (String s : level3.keySet()) {
float ratio = level3.get(s);
ratio /= count;
if (ratio > 0.3) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
if (path.length > 4) {
temp += "/" + path[3];
if (level3.containsKey(temp)) {
level3.put(temp, level3.get(temp) + 1);
} else {
level3.put(temp, 1);
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
}
}
}
if (count == 0) {
return;
}
EvidenceCollection vendor = dependency.getVendorEvidence();
EvidenceCollection product = dependency.getProductEvidence();
for (String s : level0.keySet()) {
if (!"org".equals(s) && !"com".equals(s)) {
vendor.addWeighting(s);
product.addWeighting(s);
vendor.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
product.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
}
}
for (String s : level1.keySet()) {
float ratio = level1.get(s);
ratio /= count;
if (ratio > 0.5) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
product.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
}
}
for (String s : level2.keySet()) {
float ratio = level2.get(s);
ratio /= count;
if (ratio > 0.4) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
}
}
for (String s : level3.keySet()) {
float ratio = level3.get(s);
ratio /= count;
if (ratio > 0.3) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
} finally {
if (jar != null) {
jar.close();
}
}
}
@@ -479,75 +496,89 @@ public class JarAnalyzer extends AbstractAnalyzer {
* @throws IOException if there is an issue reading the JAR file.
*/
protected void parseManifest(Dependency dependency) throws IOException {
JarFile jar = new JarFile(dependency.getActualFilePath());
Manifest manifest = jar.getManifest();
Attributes atts = manifest.getMainAttributes();
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
EvidenceCollection productEvidence = dependency.getProductEvidence();
EvidenceCollection versionEvidence = dependency.getVersionEvidence();
Manifest manifest = jar.getManifest();
if (manifest == null) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE,
"Jar file '{0}' does not contain a manifest.",
dependency.getFileName());
return;
}
Attributes atts = manifest.getMainAttributes();
String source = "Manifest";
EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
EvidenceCollection productEvidence = dependency.getProductEvidence();
EvidenceCollection versionEvidence = dependency.getVersionEvidence();
for (Entry<Object, Object> entry : atts.entrySet()) {
String key = entry.getKey().toString();
String value = atts.getValue(key);
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_DESCRIPTION)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
dependency.setDescription(value);
} else if (key.equals(BUNDLE_NAME)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_VENDOR)) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(BUNDLE_VERSION)) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else {
key = key.toLowerCase();
String source = "Manifest";
if (!IGNORE_LIST.contains(key) && !key.endsWith("jdk")
&& !key.contains("lastmodified") && !key.endsWith("package")) {
for (Entry<Object, Object> entry : atts.entrySet()) {
String key = entry.getKey().toString();
String value = atts.getValue(key);
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_DESCRIPTION)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
dependency.setDescription(value);
} else if (key.equals(BUNDLE_NAME)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_VENDOR)) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(BUNDLE_VERSION)) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else {
key = key.toLowerCase();
if (key.contains("version")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("title")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("vendor")) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("name")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("license")) {
addLicense(dependency, value);
} else {
if (key.contains("description")) {
addDescription(dependency, value);
}
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
if (value.matches(".*\\d.*")) {
StringTokenizer tokenizer = new StringTokenizer(value, " ");
while (tokenizer.hasMoreElements()) {
String s = tokenizer.nextToken();
if (s.matches("^[0-9.]+$")) {
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
}
if (!IGNORE_LIST.contains(key) && !key.endsWith("jdk")
&& !key.contains("lastmodified") && !key.endsWith("package")) {
if (key.contains("version")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("title")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("vendor")) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("name")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("license")) {
addLicense(dependency, value);
} else {
if (key.contains("description")) {
addDescription(dependency, value);
}
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
if (value.matches(".*\\d.*")) {
StringTokenizer tokenizer = new StringTokenizer(value, " ");
while (tokenizer.hasMoreElements()) {
String s = tokenizer.nextToken();
if (s.matches("^[0-9.]+$")) {
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
}
}
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
}
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
}
}
}
}
} finally {
if (jar != null) {
jar.close();
}
}
}
@@ -615,4 +646,15 @@ public class JarAnalyzer extends AbstractAnalyzer {
sb.append(text.substring(end + 1));
return interpolateString(sb.toString(), properties); //yes yes, this should be a loop...
}
private void addPredefinedData(Dependency dependency) {
Evidence spring = new Evidence("Manifest",
"Implementation-Title",
"Spring Framework",
Evidence.Confidence.HIGH);
if (dependency.getProductEvidence().getEvidence().contains(spring)) {
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "SpringSource", Evidence.Confidence.HIGH);
}
}
}

158
src/main/java/org/codesecure/dependencycheck/analyzer/SpringCleaningAnalyzer.java Normal file
View File

@@ -0,0 +1,158 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Identifier;
/**
* This analyzer ensures that the Spring Framework Core CPE identifiers are only associated
* with the "core" jar files. If there are other Spring JARs, such as spring-beans, and
* spring-core is in the scanned dependencies then only the spring-core will have a reference
* to the CPE values (if there are any for the version of spring being used).
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class SpringCleaningAnalyzer extends AbstractAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("jar");
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Jar Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_IDENTIFIER_ANALYSIS;
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by tihs
* analyzer.
*/
public boolean supportsExtension(String extension) {
return EXTENSIONS.contains(extension);
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* The initialize method does nothing for this Analyzer
* @throws Exception never thrown by this analyzer
*/
public void initialize() throws Exception {
//do nothing
}
/**
* The close method does nothing for this Analyzer
* @throws Exception never thrown by this analyzer
*/
public void close() throws Exception {
//do nothing
}
private List<Identifier> springVersions = null;
/**
* Determines if several "spring" libraries were scanned and trimes the
* cpe:/a:springsource:spring_framework:[version] from the none "core" framework
* if the core framework was part of the scan.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
collectSpringFrameworkIdentifiers(engine);
List<Identifier> identifiersToRemove = new ArrayList<Identifier>();
for (Identifier identifier : dependency.getIdentifiers()) {
if (springVersions.contains(identifier) && !isCoreFramework(dependency.getFileName())) {
identifiersToRemove.add(identifier);
}
}
for (Identifier i : identifiersToRemove) {
dependency.getIdentifiers().remove(i);
}
}
private void collectSpringFrameworkIdentifiers(Engine engine) {
//check to see if any of the libs are the core framework
if (springVersions == null) {
springVersions = new ArrayList<Identifier>();
for (Dependency d : engine.getDependencies()) {
if (supportsExtension(d.getFileExtension())) {
for (Identifier i : d.getIdentifiers()) {
if (isSpringFrameworkCpe(i)) {
if (isCoreFramework(d.getFileName())) {
springVersions.add(i);
}
}
}
}
}
}
}
private boolean isSpringFrameworkCpe(Identifier identifier) {
return "cpe".equals(identifier.getType())
&& identifier.getValue().startsWith("cpe:/a:springsource:spring_framework:");
}
private boolean isCoreFramework(String filename) {
return filename.toLowerCase().matches("^spring([ _-]?core)?[ _-]?\\d.*");
}
}

2
src/main/java/org/codesecure/dependencycheck/data/CachedWebDataSource.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.data;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data;
/**
* Defines an Index who's data is retrieved from the Internet. This data can be

2
src/main/java/org/codesecure/dependencycheck/data/UpdateException.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.data;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data;
import java.io.IOException;

2
src/main/java/org/codesecure/dependencycheck/data/UpdateService.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.data;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data;
import java.util.Iterator;
import java.util.ServiceLoader;

81
src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.cpe;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.data.cpe;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.cpe;
import java.io.IOException;
import java.net.URLEncoder;
@@ -24,16 +24,12 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.queryParser.ParseException;
import org.apache.lucene.queryParser.QueryParser;
import org.apache.lucene.search.IndexSearcher;
import org.apache.lucene.search.Query;
import org.apache.lucene.queryparser.classic.ParseException;
import org.apache.lucene.search.ScoreDoc;
import org.apache.lucene.search.TopDocs;
import org.apache.lucene.util.Version;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.analyzer.AnalysisException;
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
import org.codesecure.dependencycheck.data.lucene.LuceneUtils;
@@ -78,14 +74,6 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
* The CPE Index.
*/
protected Index cpe = null;
/**
* The Lucene IndexSearcher.
*/
private IndexSearcher indexSearcher = null;
/**
* The Lucene QueryParser.
*/
private QueryParser queryParser = null;
/**
* Opens the data source.
@@ -96,18 +84,12 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
public void open() throws IOException {
cpe = new Index();
cpe.open();
indexSearcher = cpe.getIndexSearcher();
Analyzer analyzer = cpe.getAnalyzer();
//TITLE is the default field because it contains venddor, product, and version all in one.
queryParser = new QueryParser(Version.LUCENE_35, Fields.TITLE, analyzer);
}
/**
* Closes the data source.
*/
public void close() {
queryParser = null;
indexSearcher = null;
cpe.close();
}
@@ -149,23 +131,11 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
Confidence versionConf = Confidence.HIGH;
String vendors = addEvidenceWithoutDuplicateTerms("", dependency.getVendorEvidence(), vendorConf);
//dependency.getVendorEvidence().toString(vendorConf);
// if ("".equals(vendors)) {
// vendors = STRING_THAT_WILL_NEVER_BE_IN_THE_INDEX;
// }
String products = addEvidenceWithoutDuplicateTerms("", dependency.getProductEvidence(), productConf);
///dependency.getProductEvidence().toString(productConf);
// if ("".equals(products)) {
// products = STRING_THAT_WILL_NEVER_BE_IN_THE_INDEX;
// }
String versions = addEvidenceWithoutDuplicateTerms("", dependency.getVersionEvidence(), versionConf);
//dependency.getVersionEvidence().toString(versionConf);
// if ("".equals(versions)) {
// versions = STRING_THAT_WILL_NEVER_BE_IN_THE_INDEX;
// }
boolean found = false;
int cnt = 0;
int ctr = 0;
do {
List<Entry> entries = searchCPE(vendors, products, versions, dependency.getProductEvidence().getWeighting(),
dependency.getVendorEvidence().getWeighting());
@@ -178,22 +148,20 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
dependency.addIdentifier(
"cpe",
e.getName(),
e.getTitle(),
"http://web.nvd.nist.gov/view/vuln/search?cpe="
+ URLEncoder.encode(e.getName(), "UTF-8"));
}
}
if (!found) {
int round = cnt % 3;
int round = ctr % 3;
if (round == 0) {
vendorConf = reduceConfidence(vendorConf);
if (dependency.getVendorEvidence().contains(vendorConf)) {
//vendors += " " + dependency.getVendorEvidence().toString(vendorConf);
vendors = addEvidenceWithoutDuplicateTerms(vendors, dependency.getVendorEvidence(), vendorConf);
} else {
cnt += 1;
ctr += 1;
round += 1;
}
}
@@ -203,7 +171,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
//products += " " + dependency.getProductEvidence().toString(productConf);
products = addEvidenceWithoutDuplicateTerms(products, dependency.getProductEvidence(), productConf);
} else {
cnt += 1;
ctr += 1;
round += 1;
}
}
@@ -215,7 +183,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
}
}
}
} while (!found && (++cnt) < 9);
} while (!found && (++ctr) < 9);
}
/**
@@ -245,11 +213,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
value = value.substring(8).replaceAll("\\.", " ");
}
if (sb.indexOf(value) < 0) {
// if (value.length() > 200) {
// sb.append(value.substring(0, 200)).append(' ');
// } else {
sb.append(value).append(' ');
// }
}
}
return sb.toString();
@@ -270,23 +234,6 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
}
}
/**
* Searches the Lucene CPE index to identify possible CPE entries associated
* with the supplied vendor, product, and version.
*
* @param vendor the text used to search the vendor field.
* @param product the text used to search the product field.
* @param version the text used to search the version field.
* @return a list of possible CPE values.
* @throws CorruptIndexException when the Lucene index is corrupt.
* @throws IOException when the Lucene index is not found.
* @throws ParseException when the generated query is not valid.
*/
protected List<Entry> searchCPE(String vendor, String product, String version)
throws CorruptIndexException, IOException, ParseException {
return searchCPE(vendor, product, version, null, null);
}
/**
* <p>Searches the Lucene CPE index to identify possible CPE entries
* associated with the supplied vendor, product, and version.</p>
@@ -315,10 +262,9 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
if (searchString == null) {
return ret;
}
Query query = queryParser.parse(searchString);
TopDocs docs = indexSearcher.search(query, MAX_QUERY_RESULTS);
TopDocs docs = cpe.search(searchString, MAX_QUERY_RESULTS);
for (ScoreDoc d : docs.scoreDocs) {
Document doc = indexSearcher.doc(d.doc);
Document doc = cpe.getDocument(d.doc);
Entry entry = Entry.parse(doc);
entry.setSearchScore(d.score);
if (!ret.contains(entry)) {
@@ -356,11 +302,11 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
return null;
}
if (!appendWeightedSearch(sb, Fields.PRODUCT, product.toLowerCase(), produdctWeightings)) {
if (!appendWeightedSearch(sb, Fields.PRODUCT, product, produdctWeightings)) {
return null;
}
sb.append(" AND ");
if (!appendWeightedSearch(sb, Fields.VENDOR, vendor.toLowerCase(), vendorWeighting)) {
if (!appendWeightedSearch(sb, Fields.VENDOR, vendor, vendorWeighting)) {
return null;
}
sb.append(" AND ");
@@ -491,10 +437,11 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
* identifiers for this dependency.
*
* @param dependency The Dependency to analyze.
* @param engine The analysis engine
* @throws AnalysisException is thrown if there is an issue analyzing the
* dependency.
*/
public void analyze(Dependency dependency) throws AnalysisException {
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
try {
determineCPE(dependency);
} catch (CorruptIndexException ex) {

147
src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.cpe;
/*
* This file is part of DependencyCheck.
*
@@ -17,23 +16,23 @@ package org.codesecure.dependencycheck.data.cpe;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.cpe;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.lucene.document.Document;
/**
* A single CPE entry from the cpe.xml downloaded from <a
* href="http://nvd.nist.gov/cpe.cfm">http://nvd.nist.gov/cpe.cfm</a>.
* A CPE entry containing the name, vendor, product, and version.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class Entry {
public class Entry implements Serializable {
static final long serialVersionUID = 8011924485946326934L;
/**
* This parse method does not fully convert a Lucene Document into a CPE
@@ -45,41 +44,13 @@ public class Entry {
public static Entry parse(Document doc) {
Entry entry = new Entry();
try {
entry.setName(doc.get(Fields.NAME));
entry.setTitle(doc.get(Fields.TITLE));
entry.parseName(doc.get(Fields.NAME));
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(Entry.class.getName()).log(Level.SEVERE, null, ex);
entry.name = doc.get(Fields.NAME);
}
// entry.vendor = doc.get(Fields.VENDOR);
// entry.version = doc.get(Fields.VERSION);
// //entry.revision = doc.get(Fields.REVISION);
// entry.product = doc.get(Fields.TITLE);
// entry.nvdId = doc.get(Fields.NVDID);
return entry;
}
/**
* The title of the CPE
*/
protected String title;
/**
* Get the value of title
*
* @return the value of title
*/
public String getTitle() {
return title;
}
/**
* Set the value of title
*
* @param title new value of title
*/
public void setTitle(String title) {
this.title = title;
}
/**
* The name of the CPE entry.
*/
@@ -95,100 +66,12 @@ public class Entry {
}
/**
* Set the value of name and calls parseName to obtain the
* vendor:product:version:revision
* Set the value of name
*
* @param name new value of name
* @throws UnsupportedEncodingException should never be thrown...
*/
public void setName(String name) throws UnsupportedEncodingException {
public void setName(String name) {
this.name = name;
parseName();
}
/**
* The status of the CPE Entry.
*/
protected String status;
/**
* Get the value of status
*
* @return the value of status
*/
public String getStatus() {
return status;
}
/**
* Set the value of status
*
* @param status new value of status
*/
public void setStatus(String status) {
this.status = status;
}
/**
* The modification date of the CPE Entry.
*/
protected Date modificationDate;
/**
* Get the value of modificationDate
*
* @return the value of modificationDate
*/
public Date getModificationDate() {
return modificationDate;
}
/**
* Set the value of modificationDate
*
* @param modificationDate new value of modificationDate
*/
public void setModificationDate(Date modificationDate) {
this.modificationDate = modificationDate;
}
/**
* Set the value of modificationDate
*
* Expected format: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
*
* @param modificationDate new value of modificationDate
* @throws ParseException is thrown when a parse exception occurs.
*/
public void setModificationDate(String modificationDate) throws ParseException {
String formatStr = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";
Date tempDate = null;
SimpleDateFormat sdf = new SimpleDateFormat(formatStr);
sdf.setLenient(true);
tempDate = sdf.parse(modificationDate);
this.modificationDate = tempDate;
}
/**
* The nvdId.
*/
protected String nvdId;
/**
* Get the value of nvdId
*
* @return the value of nvdId
*/
public String getNvdId() {
return nvdId;
}
/**
* Set the value of nvdId
*
* @param nvdId new value of nvdId
*/
public void setNvdId(String nvdId) {
this.nvdId = nvdId;
}
/**
* The vendor name.
@@ -310,15 +193,17 @@ public class Entry {
* <p>Results in:</p> <ul> <li>Vendor: apache</li> <li>Product: struts</li>
* <li>Version: 1.1</li> <li>Revision: rc2</li> </ul>
*
* @param cpeName the cpe name
* @throws UnsupportedEncodingException should never be thrown...
*/
private void parseName() throws UnsupportedEncodingException {
if (name != null && name.length() > 7) {
String[] data = name.substring(7).split(":");
public void parseName(String cpeName) throws UnsupportedEncodingException {
this.name = cpeName;
if (cpeName != null && cpeName.length() > 7) {
String[] data = cpeName.substring(7).split(":");
if (data.length >= 1) {
vendor = URLDecoder.decode(data[0], "UTF-8");
vendor = URLDecoder.decode(data[0], "UTF-8").replaceAll("[_-]", " ");
if (data.length >= 2) {
product = URLDecoder.decode(data[1], "UTF-8");
product = URLDecoder.decode(data[1], "UTF-8").replaceAll("[_-]", " ");
if (data.length >= 3) {
version = URLDecoder.decode(data[2], "UTF-8");
if (data.length >= 4) {

17
src/main/java/org/codesecure/dependencycheck/data/cpe/Fields.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.cpe;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.data.cpe;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.cpe;
/**
* Fields is a collection of field names used within the Lucene index for CPE
@@ -34,22 +34,13 @@ public abstract class Fields {
* The key for the vendor field.
*/
public static final String VENDOR = "vendor";
/**
* The key for the version field.
*/
public static final String VERSION = "version";
//public static final String REVISION = "revision";
/**
* The key for the product field.
*/
public static final String PRODUCT = "product";
/**
* The key for the title field. This is a field combining vendor, product,
* and version.
* The key for the version field.
*/
public static final String TITLE = "title";
/**
* The key for the nvdId field.
*/
public static final String NVDID = "nvdid";
public static final String VERSION = "version";
//public static final String REVISION = "revision";
}

316
src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.cpe;
/*
* This file is part of DependencyCheck.
*
@@ -17,55 +16,37 @@ package org.codesecure.dependencycheck.data.cpe;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.cpe;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.KeywordAnalyzer;
import org.apache.lucene.analysis.PerFieldAnalyzerWrapper;
import org.apache.lucene.analysis.standard.StandardAnalyzer;
import org.apache.lucene.analysis.core.KeywordAnalyzer;
import org.apache.lucene.analysis.miscellaneous.PerFieldAnalyzerWrapper;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.StoredField;
import org.apache.lucene.document.TextField;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.index.Term;
import org.apache.lucene.queryparser.classic.QueryParser;
import org.apache.lucene.store.Directory;
import org.apache.lucene.store.FSDirectory;
import org.apache.lucene.util.Version;
import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
import org.codesecure.dependencycheck.data.CachedWebDataSource;
import org.codesecure.dependencycheck.data.UpdateException;
import org.codesecure.dependencycheck.utils.Downloader;
import org.codesecure.dependencycheck.utils.Settings;
import org.codesecure.dependencycheck.data.cpe.xml.Importer;
import org.codesecure.dependencycheck.utils.DownloadFailedException;
import org.xml.sax.SAXException;
import org.codesecure.dependencycheck.data.lucene.FieldAnalyzer;
import org.codesecure.dependencycheck.data.lucene.SearchFieldAnalyzer;
/**
* The Index class is used to utilize and maintain the CPE Index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class Index extends AbstractIndex implements CachedWebDataSource {
/**
* The name of the properties file containing the timestamp of the last
* update.
*/
private static final String UPDATE_PROPERTIES_FILE = "lastupdated.prop";
/**
* The properties file key for the last updated field.
*/
private static final String LAST_UPDATED = "lastupdated";
public class Index extends AbstractIndex {
/**
* Returns the directory that holds the CPE Index.
@@ -74,205 +55,148 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* @throws IOException is thrown if an IOException occurs.
*/
public Directory getDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
File path = new File(fileName);
File path = getDataDirectory();
Directory dir = FSDirectory.open(path);
return dir;
}
/**
* Retrieves the directory that the JAR file exists in so that
* we can ensure we always use a common data directory.
*
* @return the data directory for this index.
* @throws IOException is thrown if an IOException occurs of course...
*/
public File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create CPE Data directory");
}
}
return path;
}
/**
* Creates an Analyzer for the CPE Index.
*
* @return the CPE Analyzer.
*/
@SuppressWarnings("unchecked")
public Analyzer createAnalyzer() {
public Analyzer createIndexingAnalyzer() {
Map fieldAnalyzers = new HashMap();
fieldAnalyzers.put(Fields.VERSION, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.NAME, new KeywordAnalyzer());
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(
new StandardAnalyzer(Version.LUCENE_35), fieldAnalyzers);
new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers);
return wrapper;
}
private SearchFieldAnalyzer productSearchFieldAnalyzer = null;
private SearchFieldAnalyzer vendorSearchFieldAnalyzer = null;
/**
* Creates an Analyzer for searching the CPE Index.
*
* @return the CPE Analyzer.
*/
@SuppressWarnings("unchecked")
public Analyzer createSearchingAnalyzer() {
Map fieldAnalyzers = new HashMap();
fieldAnalyzers.put(Fields.VERSION, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.NAME, new KeywordAnalyzer());
productSearchFieldAnalyzer = new SearchFieldAnalyzer(Version.LUCENE_40);
vendorSearchFieldAnalyzer = new SearchFieldAnalyzer(Version.LUCENE_40);
fieldAnalyzers.put(Fields.PRODUCT, productSearchFieldAnalyzer);
fieldAnalyzers.put(Fields.VENDOR, vendorSearchFieldAnalyzer);
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(
new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers);
return wrapper;
}
/**
* Downloads the latest CPE XML file from the web and imports it into the
* current CPE Index.
*
* @throws UpdateException is thrown if there is a problem updating the
* index.
* Creates the Lucene QueryParser used when querying the index
* @return a QueryParser.
*/
public void update() throws UpdateException {
try {
long timeStamp = updateNeeded();
if (timeStamp > 0) {
URL url = new URL(Settings.getString(Settings.KEYS.CPE_URL));
Logger.getLogger(Index.class.getName()).log(Level.WARNING, "Updating CPE :" + url.toString());
File outputPath = null;
try {
outputPath = File.createTempFile("cpe", ".xml");
Downloader.fetchFile(url, outputPath, true);
Importer.importXML(outputPath.toString());
writeLastUpdatedPropertyFile(timeStamp);
} catch (ParserConfigurationException ex) {
//Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} catch (SAXException ex) {
//Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} catch (IOException ex) {
//Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} finally {
try {
if (outputPath != null && outputPath.exists()) {
outputPath.delete();
}
} finally {
if (outputPath != null && outputPath.exists()) {
outputPath.deleteOnExit();
}
}
}
}
} catch (MalformedURLException ex) {
//Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} catch (DownloadFailedException ex) {
//Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
public QueryParser createQueryParser() {
return new QueryParser(Version.LUCENE_40, Fields.NAME, getSearchingAnalyzer());
}
/**
* Resets the searching analyzers
*/
protected void resetSearchingAnalyzer() {
if (productSearchFieldAnalyzer != null) {
productSearchFieldAnalyzer.clear();
}
if (vendorSearchFieldAnalyzer != null) {
vendorSearchFieldAnalyzer.clear();
}
}
/**
* Writes a properties file containing the last updated date to the CPE
* directory.
* Saves a CPE Entry into the Lucene index.
*
* @param timeStamp the timestamp to write.
* @param entry a CPE entry.
* @throws CorruptIndexException is thrown if the index is corrupt.
* @throws IOException is thrown if an IOException occurs.
*/
private void writeLastUpdatedPropertyFile(long timeStamp) {
String dir = Settings.getString(Settings.KEYS.CPE_INDEX);
File cpeProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
Properties prop = new Properties();
prop.put(Index.LAST_UPDATED, String.valueOf(timeStamp));
OutputStream os = null;
try {
os = new FileOutputStream(cpeProp);
OutputStreamWriter out = new OutputStreamWriter(os);
prop.store(out, dir);
} catch (FileNotFoundException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
} finally {
try {
os.flush();
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
}
try {
os.close();
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
}
}
public void saveEntry(Entry entry) throws CorruptIndexException, IOException {
Document doc = convertEntryToDoc(entry);
//Term term = new Term(Fields.NVDID, LuceneUtils.escapeLuceneQuery(entry.getNvdId()));
Term term = new Term(Fields.NAME, entry.getName());
indexWriter.updateDocument(term, doc);
}
/**
* Determines if the index needs to be updated. This is done by fetching the
* cpe.meta data and checking the lastModifiedDate. If the CPE data needs to
* be refreshed this method will return the timestamp of the new CPE. If an
* update is not required this function will return 0.
* Converts a CPE entry into a Lucene Document.
*
* @return the timestamp of the currently published CPE.xml if the index
* needs to be updated, otherwise returns 0..
* @throws MalformedURLException is thrown if the URL for the CPE Meta data
* is incorrect.
* @throws DownloadFailedException is thrown if there is an error
* downloading the cpe.meta data file.
* @param entry a CPE Entry.
* @return a Lucene Document containing a CPE Entry.
*/
public long updateNeeded() throws MalformedURLException, DownloadFailedException {
long retVal = 0;
long lastUpdated = 0;
long currentlyPublishedDate = retrieveCurrentCPETimestampFromWeb();
if (currentlyPublishedDate == 0) {
throw new DownloadFailedException("Unable to retrieve valid timestamp from cpe.meta file");
}
protected Document convertEntryToDoc(Entry entry) {
Document doc = new Document();
String dir = Settings.getString(Settings.KEYS.CPE_INDEX);
File f = new File(dir);
if (!f.exists()) {
retVal = currentlyPublishedDate;
} else {
File cpeProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
if (!cpeProp.exists()) {
retVal = currentlyPublishedDate;
Field name = new StoredField(Fields.NAME, entry.getName());
doc.add(name);
Field vendor = new TextField(Fields.VENDOR, entry.getVendor(), Field.Store.NO);
vendor.setBoost(5.0F);
doc.add(vendor);
Field product = new TextField(Fields.PRODUCT, entry.getProduct(), Field.Store.NO);
product.setBoost(5.0F);
doc.add(product);
//TODO revision should likely be its own field
if (entry.getVersion() != null) {
Field version = null;
if (entry.getRevision() != null) {
version = new TextField(Fields.VERSION, entry.getVersion() + " "
+ entry.getRevision(), Field.Store.NO);
} else {
Properties prop = new Properties();
InputStream is = null;
try {
is = new FileInputStream(cpeProp);
prop.load(is);
lastUpdated = Long.parseLong(prop.getProperty(Index.LAST_UPDATED));
} catch (FileNotFoundException ex) {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
} catch (NumberFormatException ex) {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
}
if (currentlyPublishedDate > lastUpdated) {
retVal = currentlyPublishedDate;
}
version = new TextField(Fields.VERSION, entry.getVersion(),
Field.Store.NO);
}
version.setBoost(0.8F);
doc.add(version);
}
return retVal;
}
/**
* Retrieves the timestamp from the CPE meta data file.
*
* @return the timestamp from the currently published cpe.meta.
* @throws MalformedURLException is thrown if the URL for the CPE Meta data
* is incorrect.
* @throws DownloadFailedException is thrown if there is an error
* downloading the cpe.meta data file.
*/
private long retrieveCurrentCPETimestampFromWeb() throws MalformedURLException, DownloadFailedException {
long timestamp = 0;
File tmp = null;
InputStream is = null;
try {
tmp = File.createTempFile("cpe", "meta");
URL url = new URL(Settings.getString(Settings.KEYS.CPE_META_URL));
Downloader.fetchFile(url, tmp);
Properties prop = new Properties();
is = new FileInputStream(tmp);
prop.load(is);
timestamp = Long.parseLong(prop.getProperty("lastModifiedDate"));
} catch (IOException ex) {
throw new DownloadFailedException("Unable to create temporary file for CPE Meta File download.", ex);
} finally {
try {
if (is != null) {
try {
is.close();
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
}
}
if (tmp != null && tmp.exists()) {
tmp.delete();
}
} finally {
if (tmp != null && tmp.exists()) {
tmp.deleteOnExit();
}
}
}
return timestamp;
return doc;
}
}

351
src/main/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandler.java
View File

@@ -1,351 +0,0 @@
package org.codesecure.dependencycheck.data.cpe.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.text.ParseException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.lucene.index.CorruptIndexException;
import org.codesecure.dependencycheck.data.cpe.Entry;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
/**
* A SAX Handler that will parse the CPE XML Listing.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class CPEHandler extends DefaultHandler {
private static final String CURRENT_SCHEMA_VERSION = "2.2";
EntrySaveDelegate saveDelegate = null;
Entry entry = null;
boolean languageIsUS = false;
StringBuilder nodeText = null;
boolean skip = false;
Element current = new Element();
/**
* Register a EntrySaveDelegate object. When the last node of an entry is
* reached if a save delegate has been registered the save method will be
* invoked.
*
* @param delegate the delegate used to save an entry
*/
public void registerSaveDelegate(EntrySaveDelegate delegate) {
this.saveDelegate = delegate;
}
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
nodeText = null;
current.setNode(qName);
if (current.isCpeItemNode()) {
entry = new Entry();
String temp = attributes.getValue("deprecated");
String name = attributes.getValue("name");
skip = (temp != null && temp.equals("true"));
try {
if (!skip && name.startsWith("cpe:/a:")) {
entry.setName(name);
} else {
skip = true;
}
} catch (UnsupportedEncodingException ex) {
throw new SAXException(ex);
}
} else if (current.isTitleNode()) {
nodeText = new StringBuilder(100);
if ("en-US".equalsIgnoreCase(attributes.getValue("xml:lang"))) {
languageIsUS = true;
} else {
languageIsUS = false;
}
} else if (current.isMetaNode()) {
try {
entry.setModificationDate(attributes.getValue("modification-date"));
} catch (ParseException ex) {
Logger.getLogger(CPEHandler.class.getName()).log(Level.SEVERE, null, ex);
}
entry.setStatus(attributes.getValue("status"));
entry.setNvdId(attributes.getValue("nvd-id"));
} else if (current.isSchemaVersionNode()) {
nodeText = new StringBuilder(3);
} else if (current.isTimestampNode()) {
nodeText = new StringBuilder(24);
}
// } else if (current.isCpeListNode()) {
// //do nothing
// } else if (current.isNotesNode()) {
// //do nothing
// } else if (current.isNoteNode()) {
// //do nothing
// } else if (current.isCheckNode()) {
// //do nothing
// } else if (current.isGeneratorNode()) {
// //do nothing
// } else if (current.isProductNameNode()) {
// //do nothing
// } else if (current.isProductVersionNode()) {
// //do nothing
}
@Override
public void characters(char[] ch, int start, int length) throws SAXException {
//nodeText += new String(ch, start, length);
if (nodeText != null) {
nodeText.append(ch, start, length);
}
}
@Override
public void endElement(String uri, String localName, String qName) throws SAXException {
current.setNode(qName);
if (current.isCpeItemNode()) {
if (saveDelegate != null && !skip) {
try {
saveDelegate.saveEntry(entry);
} catch (CorruptIndexException ex) {
Logger.getLogger(CPEHandler.class.getName()).log(Level.SEVERE, null, ex);
throw new SAXException(ex);
} catch (IOException ex) {
Logger.getLogger(CPEHandler.class.getName()).log(Level.SEVERE, null, ex);
throw new SAXException(ex);
}
entry = null;
}
} else if (current.isTitleNode()) {
if (languageIsUS) {
entry.setTitle(nodeText.toString());
}
} else if (current.isSchemaVersionNode() && !CURRENT_SCHEMA_VERSION.equals(nodeText.toString())) {
throw new SAXException("ERROR: Invalid Schema Version, expected: "
+ CURRENT_SCHEMA_VERSION + ", file is: " + nodeText);
}
// } else if (current.isCpeListNode()) {
// //do nothing
// } else if (current.isMetaNode()) {
// //do nothing
// } else if (current.isNotesNode()) {
// //do nothing
// } else if (current.isNoteNode()) {
// //do nothing
// } else if (current.isCheckNode()) {
// //do nothing
// } else if (current.isGeneratorNode()) {
// //do nothing
// } else if (current.isProductNameNode()) {
// //do nothing
// } else if (current.isProductVersionNode()) {
// //do nothing
// else if (current.isTimestampNode()) {
// //do nothing
// } else {
// throw new SAXException("ERROR STATE: Unexpected qName '" + qName + "'");
// }
}
// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
/**
* A simple class to maintain information about the current element while
* parsing the CPE XML.
*/
protected class Element {
/**
* A node type in the CPE Schema 2.2
*/
public static final String CPE_LIST = "cpe-list";
/**
* A node type in the CPE Schema 2.2
*/
public static final String CPE_ITEM = "cpe-item";
/**
* A node type in the CPE Schema 2.2
*/
public static final String TITLE = "title";
/**
* A node type in the CPE Schema 2.2
*/
public static final String NOTES = "notes";
/**
* A node type in the CPE Schema 2.2
*/
public static final String NOTE = "note";
/**
* A node type in the CPE Schema 2.2
*/
public static final String CHECK = "check";
/**
* A node type in the CPE Schema 2.2
*/
public static final String META = "meta:item-metadata";
/**
* A node type in the CPE Schema 2.2
*/
public static final String GENERATOR = "generator";
/**
* A node type in the CPE Schema 2.2
*/
public static final String PRODUCT_NAME = "product_name";
/**
* A node type in the CPE Schema 2.2
*/
public static final String PRODUCT_VERSION = "product_version";
/**
* A node type in the CPE Schema 2.2
*/
public static final String SCHEMA_VERSION = "schema_version";
/**
* A node type in the CPE Schema 2.2
*/
public static final String TIMESTAMP = "timestamp";
private String node = null;
/**
* Gets the value of node
*
* @return the value of node
*/
public String getNode() {
return this.node;
}
/**
* Sets the value of node
*
* @param node new value of node
*/
public void setNode(String node) {
this.node = node;
}
/**
* Checks if the handler is at the CPE_LIST node
*
* @return true or false
*/
public boolean isCpeListNode() {
return CPE_LIST.equals(node);
}
/**
* Checks if the handler is at the CPE_ITEM node
*
* @return true or false
*/
public boolean isCpeItemNode() {
return CPE_ITEM.equals(node);
}
/**
* Checks if the handler is at the TITLE node
*
* @return true or false
*/
public boolean isTitleNode() {
return TITLE.equals(node);
}
/**
* Checks if the handler is at the NOTES node
*
* @return true or false
*/
public boolean isNotesNode() {
return NOTES.equals(node);
}
/**
* Checks if the handler is at the NOTE node
*
* @return true or false
*/
public boolean isNoteNode() {
return NOTE.equals(node);
}
/**
* Checks if the handler is at the CHECK node
*
* @return true or false
*/
public boolean isCheckNode() {
return CHECK.equals(node);
}
/**
* Checks if the handler is at the META node
*
* @return true or false
*/
public boolean isMetaNode() {
return META.equals(node);
}
/**
* Checks if the handler is at the GENERATOR node
*
* @return true or false
*/
public boolean isGeneratorNode() {
return GENERATOR.equals(node);
}
/**
* Checks if the handler is at the PRODUCT_NAME node
*
* @return true or false
*/
public boolean isProductNameNode() {
return PRODUCT_NAME.equals(node);
}
/**
* Checks if the handler is at the PRODUCT_VERSION node
*
* @return true or false
*/
public boolean isProductVersionNode() {
return PRODUCT_VERSION.equals(node);
}
/**
* Checks if the handler is at the SCHEMA_VERSION node
*
* @return true or false
*/
public boolean isSchemaVersionNode() {
return SCHEMA_VERSION.equals(node);
}
/**
* Checks if the handler is at the TIMESTAMP node
*
* @return true or false
*/
public boolean isTimestampNode() {
return TIMESTAMP.equals(node);
}
}
// </editor-fold>
}

88
src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Importer.java
View File

@@ -1,88 +0,0 @@
package org.codesecure.dependencycheck.data.cpe.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.File;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.apache.lucene.index.CorruptIndexException;
import org.xml.sax.SAXException;
/**
* Imports a CPE XML file into the Lucene CPE Index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class Importer {
/**
* Private constructor for utility class.
*/
private Importer() {
}
/**
* Imports the CPE XML File into the Lucene Index.
*
* @param file containing the path to the CPE XML file.
* @throws ParserConfigurationException is thrown if the parser is
* misconfigured.
* @throws SAXException is thrown when there is a SAXException.
* @throws IOException is thrown when there is an IOException.
* @throws CorruptIndexException is thrown when the Lucene index is corrupt.
*/
public static void importXML(File file) throws CorruptIndexException, ParserConfigurationException, IOException, SAXException {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
CPEHandler handler = new CPEHandler();
Indexer indexer = new Indexer();
indexer.openIndexWriter();
handler.registerSaveDelegate(indexer);
try {
saxParser.parse(file, handler);
} catch (SAXException ex) {
Logger.getLogger(Importer.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(Importer.class.getName()).log(Level.SEVERE, null, ex);
} finally {
indexer.close();
}
}
/**
* Imports the CPE XML File into the Lucene Index.
*
* @param path the path to the CPE XML file.
* @throws ParserConfigurationException is thrown if the parser is
* misconfigured.
* @throws SAXException is thrown when there is a SAXException.
* @throws IOException is thrown when there is an IOException.
*/
public static void importXML(String path) throws ParserConfigurationException, SAXException, IOException {
File f = new File(path);
if (!f.exists()) {
f.mkdirs();
}
Importer.importXML(f);
}
}

102
src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Indexer.java
View File

@@ -1,102 +0,0 @@
package org.codesecure.dependencycheck.data.cpe.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.IOException;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.index.FieldInfo.IndexOptions;
import org.apache.lucene.index.Term;
import org.codesecure.dependencycheck.data.cpe.Entry;
import org.codesecure.dependencycheck.data.cpe.Fields;
import org.codesecure.dependencycheck.data.cpe.Index;
import org.codesecure.dependencycheck.data.lucene.LuceneUtils;
/**
* The Indexer is used to convert a CPE Entry, retrieved from the CPE XML file,
* into a Document that is stored in the Lucene index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class Indexer extends Index implements EntrySaveDelegate {
/**
* Saves a CPE Entry into the Lucene index.
*
* @param entry a CPE entry.
* @throws CorruptIndexException is thrown if the index is corrupt.
* @throws IOException is thrown if an IOException occurs.
*/
public void saveEntry(Entry entry) throws CorruptIndexException, IOException {
Document doc = convertEntryToDoc(entry);
Term term = new Term(Fields.NVDID, LuceneUtils.escapeLuceneQuery(entry.getNvdId()));
indexWriter.updateDocument(term, doc);
}
/**
* Converts a CPE entry into a Lucene Document.
*
* @param entry a CPE Entry.
* @return a Lucene Document containing a CPE Entry.
*/
protected Document convertEntryToDoc(Entry entry) {
Document doc = new Document();
Field name = new Field(Fields.NAME, entry.getName(), Field.Store.YES, Field.Index.ANALYZED);
name.setIndexOptions(IndexOptions.DOCS_ONLY);
doc.add(name);
Field nvdId = new Field(Fields.NVDID, entry.getNvdId(), Field.Store.NO, Field.Index.ANALYZED);
nvdId.setIndexOptions(IndexOptions.DOCS_ONLY);
doc.add(nvdId);
Field vendor = new Field(Fields.VENDOR, entry.getVendor(), Field.Store.NO, Field.Index.ANALYZED);
vendor.setIndexOptions(IndexOptions.DOCS_ONLY);
vendor.setBoost(5.0F);
doc.add(vendor);
Field product = new Field(Fields.PRODUCT, entry.getProduct(), Field.Store.NO, Field.Index.ANALYZED);
product.setIndexOptions(IndexOptions.DOCS_ONLY);
product.setBoost(5.0F);
doc.add(product);
Field title = new Field(Fields.TITLE, entry.getTitle(), Field.Store.YES, Field.Index.ANALYZED);
title.setIndexOptions(IndexOptions.DOCS_ONLY);
//title.setBoost(1.0F);
doc.add(title);
//TODO revision should likely be its own field
if (entry.getVersion() != null) {
Field version = null;
if (entry.getRevision() != null) {
version = new Field(Fields.VERSION, entry.getVersion() + " "
+ entry.getRevision(), Field.Store.NO, Field.Index.ANALYZED);
} else {
version = new Field(Fields.VERSION, entry.getVersion(),
Field.Store.NO, Field.Index.ANALYZED);
}
version.setIndexOptions(IndexOptions.DOCS_ONLY);
version.setBoost(0.8F);
doc.add(version);
}
return doc;
}
}

12
src/main/java/org/codesecure/dependencycheck/data/cpe/xml/package-info.java
View File

@@ -1,12 +0,0 @@
/**
* <html>
* <head>
* <title>org.codesecure.dependencycheck.data.cpe.xml</title>
* </head>
* <body>
* Contains classes used to parse the CPE XML file.
* </body>
* </html>
*/
package org.codesecure.dependencycheck.data.cpe.xml;

159
src/main/java/org/codesecure/dependencycheck/data/lucene/AbstractIndex.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.lucene;
/*
* This file is part of DependencyCheck.
*
@@ -17,16 +16,23 @@ package org.codesecure.dependencycheck.data.lucene;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.index.DirectoryReader;
import org.apache.lucene.index.IndexReader;
import org.apache.lucene.index.IndexWriter;
import org.apache.lucene.index.IndexWriterConfig;
import org.apache.lucene.queryparser.classic.ParseException;
import org.apache.lucene.queryparser.classic.QueryParser;
import org.apache.lucene.search.IndexSearcher;
import org.apache.lucene.search.Query;
import org.apache.lucene.search.TopDocs;
import org.apache.lucene.store.Directory;
import org.apache.lucene.store.LockObtainFailedException;
import org.apache.lucene.util.Version;
@@ -56,9 +62,17 @@ public abstract class AbstractIndex {
*/
private IndexSearcher indexSearcher = null;
/**
* The Lucene Analyzer.
* The Lucene Analyzer used for Indexing.
*/
private Analyzer analyzer = null;
private Analyzer indexingAnalyzer = null;
/**
* The Lucene Analyzer used for Searching
*/
private Analyzer searchingAnalyzer = null;
/**
* The Lucene QueryParser used for Searching
*/
private QueryParser queryParser = null;
/**
* Indicates whether or not the Lucene Index is open.
*/
@@ -71,7 +85,8 @@ public abstract class AbstractIndex {
*/
public void open() throws IOException {
directory = this.getDirectory();
analyzer = this.getAnalyzer(); //new StandardAnalyzer(Version.LUCENE_35);
indexingAnalyzer = this.getIndexingAnalyzer();
searchingAnalyzer = this.getSearchingAnalyzer();
indexOpen = true;
}
@@ -98,19 +113,19 @@ public abstract class AbstractIndex {
}
}
if (indexSearcher != null) {
try {
indexSearcher.close();
} catch (IOException ex) {
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, null, ex);
} finally {
indexSearcher = null;
}
indexSearcher = null;
}
if (analyzer != null) {
analyzer.close();
analyzer = null;
if (indexingAnalyzer != null) {
indexingAnalyzer.close();
indexingAnalyzer = null;
}
if (searchingAnalyzer != null) {
searchingAnalyzer.close();
searchingAnalyzer = null;
}
try {
directory.close();
} catch (IOException ex) {
@@ -140,7 +155,7 @@ public abstract class AbstractIndex {
if (!isOpen()) {
open();
}
IndexWriterConfig conf = new IndexWriterConfig(Version.LUCENE_35, analyzer);
IndexWriterConfig conf = new IndexWriterConfig(Version.LUCENE_40, indexingAnalyzer);
indexWriter = new IndexWriter(directory, conf);
}
@@ -170,7 +185,8 @@ public abstract class AbstractIndex {
if (!isOpen()) {
open();
}
indexReader = IndexReader.open(directory, true);
//indexReader = IndexReader.open(directory, true);
indexReader = DirectoryReader.open(directory);
}
/**
@@ -180,7 +196,7 @@ public abstract class AbstractIndex {
* @throws CorruptIndexException is thrown if the index is corrupt.
* @throws IOException is thrown if there is an exception reading the index.
*/
public IndexSearcher getIndexSearcher() throws CorruptIndexException, IOException {
protected IndexSearcher getIndexSearcher() throws CorruptIndexException, IOException {
if (indexReader == null) {
openIndexReader();
}
@@ -191,29 +207,116 @@ public abstract class AbstractIndex {
}
/**
* Returns an Analyzer for the Lucene Index.
* Returns an Analyzer to be used when indexing.
*
* @return an Analyzer.
*/
public Analyzer getAnalyzer() {
if (analyzer == null) {
analyzer = createAnalyzer();
public Analyzer getIndexingAnalyzer() {
if (indexingAnalyzer == null) {
indexingAnalyzer = createIndexingAnalyzer();
}
return analyzer;
return indexingAnalyzer;
}
/**
* Gets the directory that contains the Lucene Index.
* Returns an analyzer used for searching the index
* @return a lucene analyzer
*/
protected Analyzer getSearchingAnalyzer() {
if (searchingAnalyzer == null) {
searchingAnalyzer = createSearchingAnalyzer();
}
return searchingAnalyzer;
}
/**
* Gets a query parser
* @return a query parser
*/
protected QueryParser getQueryParser() {
if (queryParser == null) {
queryParser = createQueryParser();
}
return queryParser;
}
/**
* Searches the index using the given search string
* @param searchString the query text
* @param maxQueryResults the maximum number of documents to return
* @return the TopDocs found by the search
* @throws ParseException thrown when the searchString is invalid
* @throws IOException is thrown if there is an issue with the underlying Index
*/
public TopDocs search(String searchString, int maxQueryResults) throws ParseException, IOException {
QueryParser parser = getQueryParser();
Query query = parser.parse(searchString);
resetSearchingAnalyzer();
IndexSearcher is = getIndexSearcher();
TopDocs docs = is.search(query, maxQueryResults);
return docs;
}
/**
* Searches the index using the given query
* @param query the query used to search the index
* @param maxQueryResults the max number of results to return
* @return the TopDocs found be the query
* @throws CorruptIndexException thrown if the Index is corrupt
* @throws IOException thrown if there is an IOException
*/
public TopDocs search(Query query, int maxQueryResults) throws CorruptIndexException, IOException {
IndexSearcher is = getIndexSearcher();
return is.search(query, maxQueryResults);
}
/**
* Retrieves a document from the Index
* @param documentId the id of the document to retrieve
* @return the Document
* @throws IOException thrown if there is an IOException
*/
public Document getDocument(int documentId) throws IOException {
IndexSearcher is = getIndexSearcher();
return is.doc(documentId);
}
/**
* Gets the directory that contains the Lucene Index
*
* @return a Lucene Directory.
* @throws IOException is thrown when an IOException occurs.
* @return a Lucene Directory
* @throws IOException is thrown when an IOException occurs
*/
public abstract Directory getDirectory() throws IOException;
/**
* Creates the Lucene Analyzer used when indexing and searching the index.
* Creates the Lucene Analyzer used when indexing
*
* @return a Lucene Analyzer.
* @return a Lucene Analyzer
*/
public abstract Analyzer createAnalyzer();
public abstract Analyzer createIndexingAnalyzer();
/**
* Creates the Lucene Analyzer used when querying the index
*
* @return a Lucene Analyzer
*/
public abstract Analyzer createSearchingAnalyzer();
/**
* Creates the Lucene QueryParser used when querying the index
* @return a QueryParser
*/
public abstract QueryParser createQueryParser();
/**
* Resets the searching analyzers
*/
protected abstract void resetSearchingAnalyzer();
}

6
src/main/java/org/codesecure/dependencycheck/data/lucene/DependencySimilarity.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.lucene;
/*
* This file is part of DependencyCheck.
*
@@ -17,8 +16,9 @@ package org.codesecure.dependencycheck.data.lucene;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
import org.apache.lucene.search.DefaultSimilarity;
import org.apache.lucene.search.similarities.DefaultSimilarity;
/**
*
@@ -41,7 +41,7 @@ public class DependencySimilarity extends DefaultSimilarity {
* @return 1
*/
@Override
public float idf(int docFreq, int numDocs) {
public float idf(long docFreq, long numDocs) {
return 1;
}
}

81
src/main/java/org/codesecure/dependencycheck/data/lucene/FieldAnalyzer.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
import java.io.Reader;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.TokenStream;
import org.apache.lucene.analysis.Tokenizer;
import org.apache.lucene.analysis.core.WhitespaceTokenizer;
import org.apache.lucene.analysis.core.LowerCaseFilter;
import org.apache.lucene.analysis.core.StopAnalyzer;
import org.apache.lucene.analysis.core.StopFilter;
import org.apache.lucene.analysis.miscellaneous.WordDelimiterFilter;
import org.apache.lucene.util.Version;
/**
* <p>A Lucene Analyzer that utilizes the WhitespaceTokenizer, WordDelimiterFilter,
* LowerCaseFilter, and StopFilter. The intended purpose of this Analyzer is
* to index the CPE fields vendor and product.</p>
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class FieldAnalyzer extends Analyzer {
/**
* The Lucene Version used
*/
private Version version = null;
/**
* Creates a new FieldAnalyzer
* @param version the Lucene version
*/
public FieldAnalyzer(Version version) {
this.version = version;
}
/**
* Creates the TokenStreamComponents
*
* @param fieldName the field name being analyzed
* @param reader the reader containing the input
* @return the TokenStreamComponents
*/
@Override
protected TokenStreamComponents createComponents(String fieldName, Reader reader) {
Tokenizer source = new WhitespaceTokenizer(version, reader);
TokenStream stream = source;
stream = new WordDelimiterFilter(stream,
WordDelimiterFilter.CATENATE_WORDS
| WordDelimiterFilter.GENERATE_WORD_PARTS
| WordDelimiterFilter.GENERATE_NUMBER_PARTS
| WordDelimiterFilter.PRESERVE_ORIGINAL
| WordDelimiterFilter.SPLIT_ON_CASE_CHANGE
| WordDelimiterFilter.SPLIT_ON_NUMERICS
| WordDelimiterFilter.STEM_ENGLISH_POSSESSIVE, null);
stream = new LowerCaseFilter(version, stream);
stream = new StopFilter(version, stream, StopAnalyzer.ENGLISH_STOP_WORDS_SET);
return new TokenStreamComponents(source, stream);
}
}

2
src/main/java/org/codesecure/dependencycheck/data/lucene/LuceneUtils.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.lucene;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.data.lucene;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
/**
* <p>Lucene utils is a set of utilitize written to make constructing Lucene

93
src/main/java/org/codesecure/dependencycheck/data/lucene/SearchFieldAnalyzer.java Normal file
View File

@@ -0,0 +1,93 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
import java.io.Reader;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.TokenStream;
import org.apache.lucene.analysis.Tokenizer;
import org.apache.lucene.analysis.core.WhitespaceTokenizer;
import org.apache.lucene.analysis.core.LowerCaseFilter;
import org.apache.lucene.analysis.core.StopAnalyzer;
import org.apache.lucene.analysis.core.StopFilter;
import org.apache.lucene.analysis.miscellaneous.WordDelimiterFilter;
import org.apache.lucene.util.Version;
/**
* A Lucene field analyzer used to analyzer queries against the CPE data.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class SearchFieldAnalyzer extends Analyzer {
/**
* The Lucene Version used
*/
private Version version = null;
/**
* A local reference to the TokenPairConcatenatingFilter so that we
* can clear any left over state if this analyzer is re-used.
*/
private TokenPairConcatenatingFilter concatenatingFilter = null;
/**
* Constructs a new SearchFieldAnalyzer
* @param version the Lucene version
*/
public SearchFieldAnalyzer(Version version) {
this.version = version;
}
/**
* Creates a the TokenStreamComponents used to analyze the stream.
* @param fieldName the field that this lucene analyzer will process
* @param reader a reader containing the tokens
* @return the token stream filter chain
*/
@Override
protected TokenStreamComponents createComponents(String fieldName, Reader reader) {
Tokenizer source = new WhitespaceTokenizer(version, reader);
TokenStream stream = source;
stream = new WordDelimiterFilter(stream,
WordDelimiterFilter.GENERATE_WORD_PARTS
| WordDelimiterFilter.GENERATE_NUMBER_PARTS
| WordDelimiterFilter.PRESERVE_ORIGINAL
| WordDelimiterFilter.SPLIT_ON_CASE_CHANGE
| WordDelimiterFilter.SPLIT_ON_NUMERICS
| WordDelimiterFilter.STEM_ENGLISH_POSSESSIVE, null);
stream = new LowerCaseFilter(version, stream);
concatenatingFilter = new TokenPairConcatenatingFilter(stream);
stream = concatenatingFilter;
stream = new StopFilter(version, stream, StopAnalyzer.ENGLISH_STOP_WORDS_SET);
return new TokenStreamComponents(source, stream);
}
/**
* <p>Resets the analyzer and clears any internal state data that may
* have been left-over from previous uses of the analyzer.</p>
* <p><b>If this analyzer is re-used this method must be called between uses.</b></p>
*/
public void clear() {
concatenatingFilter.clear();
}
}

97
src/main/java/org/codesecure/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java Normal file
View File

@@ -0,0 +1,97 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
import java.io.IOException;
import java.util.LinkedList;
import org.apache.lucene.analysis.TokenFilter;
import org.apache.lucene.analysis.TokenStream;
import org.apache.lucene.analysis.tokenattributes.CharTermAttribute;
import org.apache.lucene.analysis.tokenattributes.PositionIncrementAttribute;
/**
* <p>Takes a TokenStream and adds additional tokens by concatenating pairs of words.</p>
* <p><b>Example:</b> "Spring Framework Core" -> "Spring SpringFramework Framework FrameworkCore Core".</p>
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public final class TokenPairConcatenatingFilter extends TokenFilter {
private final CharTermAttribute termAtt = addAttribute(CharTermAttribute.class);
private final PositionIncrementAttribute posIncAtt = addAttribute(PositionIncrementAttribute.class);
private String previousWord = null;
private LinkedList<String> words = null;
/**
* Consructs a new TokenPairConcatenatingFilter
* @param stream the TokenStream that this filter will process
*/
public TokenPairConcatenatingFilter(TokenStream stream) {
super(stream);
words = new LinkedList<String>();
}
/**
* Increments the underlying TokenStream and sets CharTermAtttributes to
* construct an expanded set of tokens by concatenting tokens with the
* previous token.
*
* @return whether or not we have hit the end of the TokenStream
* @throws IOException is thrown when an IOException occurs
*/
@Override
public boolean incrementToken() throws IOException {
//collect all the terms into the words collaction
while (input.incrementToken()) {
String word = new String(termAtt.buffer(), 0, termAtt.length());
words.add(word);
}
//if we have a previousTerm - write it out as its own token concatonated
// with the current word (if one is available).
if (previousWord != null && words.size() > 0) {
String word = words.getFirst();
clearAttributes();
termAtt.append(previousWord).append(word);
posIncAtt.setPositionIncrement(0);
previousWord = null;
return true;
}
//if we have words, write it out as a single token
if (words.size() > 0) {
String word = words.removeFirst();
clearAttributes();
termAtt.append(word);
previousWord = word;
return true;
}
return false;
}
/**
* <p>Resets the Filter and clears any internal state data that may
* have been left-over from previous uses of the Filter.</p>
* <p><b>If this Filter is re-used this method must be called between uses.</b></p>
*/
public void clear() {
previousWord = null;
words.clear();
}
}

2
src/main/java/org/codesecure/dependencycheck/data/lucene/VersionAnalyzer.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.lucene;
/*
* This file is part of DependencyCheck.
*
@@ -17,6 +16,7 @@ package org.codesecure.dependencycheck.data.lucene;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
/**
* VersionAnalyzer is a Lucene Analyzer used to analyze version information.

34
src/main/java/org/codesecure/dependencycheck/data/cpe/xml/EntrySaveDelegate.java → src/main/java/org/codesecure/dependencycheck/data/nvdcve/CorruptDatabaseException.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.cpe.xml;
/*
* This file is part of DependencyCheck.
*
@@ -17,26 +16,33 @@ package org.codesecure.dependencycheck.data.cpe.xml;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import org.codesecure.dependencycheck.data.cpe.Entry;
import java.io.IOException;
import org.apache.lucene.index.CorruptIndexException;
package org.codesecure.dependencycheck.data.nvdcve;
/**
*
* An interface used to define the save function used when parsing the CPE XML
* file.
* An exception used to indicate the db4o database is corrupt.
* This could be due to invalid data or a complete failure of the db.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public interface EntrySaveDelegate {
class CorruptDatabaseException extends DatabaseException {
private static final long serialVersionUID = 1L;
/**
* Saves a CPE Entry into the Lucene index.
* Creates an CorruptDatabaseException
*
* @param entry a CPE entry.
* @throws CorruptIndexException is thrown if the index is corrupt.
* @throws IOException is thrown if an IOException occurs.
* @param msg the exception message
*/
void saveEntry(Entry entry) throws CorruptIndexException, IOException;
public CorruptDatabaseException(String msg) {
super(msg);
}
/**
* Creates an CorruptDatabaseException
*
* @param msg the exception message
* @param ex the cause of the exception
*/
public CorruptDatabaseException(String msg, Exception ex) {
super(msg, ex);
}
}

465
src/main/java/org/codesecure/dependencycheck/data/nvdcve/CveDB.java Normal file
View File

@@ -0,0 +1,465 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.codesecure.dependencycheck.data.cpe.Entry;
import org.codesecure.dependencycheck.dependency.Reference;
import org.codesecure.dependencycheck.dependency.Vulnerability;
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
import org.codesecure.dependencycheck.utils.Settings;
/**
* The database holding information about the NVD CVE data.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class CveDB {
//<editor-fold defaultstate="collapsed" desc="Constants to create, maintain, and retrieve data from the CVE Database">
/**
* SQL Statement to create an index on the reference table
*/
public static final String CREATE_INDEX_IDXREFERENCE = "CREATE INDEX IF NOT EXISTS idxReference ON reference(cveid)";
/**
* SQL Statement to create an index on the software for finding CVE entries based on CPE data
*/
public static final String CREATE_INDEX_IDXSOFTWARE = "CREATE INDEX IF NOT EXISTS idxSoftware ON software(product, vendor, version)";
/**
* SQL Statement to create an index for retrieving software by CVEID
*/
public static final String CREATE_INDEX_IDXSOFTWARECVE = "CREATE INDEX IF NOT EXISTS idxSoftwareCve ON software(cveid)";
/**
* SQL Statement to create an index on the vulnerability table
*/
public static final String CREATE_INDEX_IDXVULNERABILITY = "CREATE INDEX IF NOT EXISTS idxVulnerability ON vulnerability(cveid)";
/**
* SQL Statement to create the reference table
*/
public static final String CREATE_TABLE_REFERENCE = "CREATE TABLE IF NOT EXISTS reference (cveid CHAR(13), "
+ "name varchar(1000), url varchar(1000), source varchar(255))";
/**
* SQL Statement to create the software table
*/
public static final String CREATE_TABLE_SOFTWARE = "CREATE TABLE IF NOT EXISTS software (cveid CHAR(13), cpe varchar(500), "
+ "vendor varchar(255), product varchar(255), version varchar(50), previousVersion varchar(50))";
/**
* SQL Statement to create the vulnerability table
*/
public static final String CREATE_TABLE_VULNERABILITY = "CREATE TABLE IF NOT EXISTS vulnerability (cveid CHAR(13) PRIMARY KEY, "
+ "description varchar(8000), cwe varchar(10), cvssScore DECIMAL(3,1), cvssAccessVector varchar(20), "
+ "cvssAccessComplexity varchar(20), cvssAuthentication varchar(20), cvssConfidentialityImpact varchar(20), "
+ "cvssIntegrityImpact varchar(20), cvssAvailabilityImpact varchar(20))";
/**
* SQL Statement to delete references by CVEID
*/
public static final String DELETE_REFERENCE = "DELETE FROM reference WHERE cveid = ?";
/**
* SQL Statement to delete software by CVEID
*/
public static final String DELETE_SOFTWARE = "DELETE FROM software WHERE cveid = ?";
/**
* SQL Statement to delete a vulnerability by CVEID
*/
public static final String DELETE_VULNERABILITY = "DELETE FROM vulnerability WHERE cveid = ?";
/**
* SQL Statement to insert a new reference
*/
public static final String INSERT_REFERENCE = "INSERT INTO reference (cveid, name, url, source) VALUES (?, ?, ?, ?)";
/**
* SQL Statement to insert a new software
*/
public static final String INSERT_SOFTWARE = "INSERT INTO software (cveid, cpe, vendor, product, version, previousVersion) "
+ "VALUES (?, ?, ?, ?, ?, ?)";
/**
* SQL Statement to insert a new vulnerability
*/
public static final String INSERT_VULNERABILITY = "INSERT INTO vulnerability (cveid, description, cwe, cvssScore, cvssAccessVector, "
+ "cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact) "
+ "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
/**
* SQL Statement to find CVE entries based on CPE data
*/
public static final String SELECT_CVE_FROM_SOFTWARE = "SELECT cveid FROM software WHERE Vendor = ? AND Product = ? AND "
+ "(version = '-' OR previousVersion IS NOT NULL OR version=?)";
/**
* SQL Statement to select references by CVEID
*/
public static final String SELECT_REFERENCE = "SELECT source, name, url FROM reference WHERE cveid = ?";
/**
* SQL Statement to select software by CVEID
*/
public static final String SELECT_SOFTWARE = "SELECT cpe, previousVersion FROM software WHERE cveid = ?";
/**
* SQL Statement to select a vulnerability by CVEID
*/
public static final String SELECT_VULNERABILITY = "SELECT cveid, description, cwe, cvssScore, cvssAccessVector, cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact FROM vulnerability WHERE cveid = ?";
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Collection of CallableStatements to work with the DB">
/**
* delete reference - parameters (cveid)
*/
private CallableStatement deleteReferences = null;
/**
* delete software - parameters (cveid)
*/
private CallableStatement deleteSoftware = null;
/**
* delete vulnerability - parameters (cveid)
*/
private CallableStatement deleteVulnerabilities = null;
/**
* insert reference - parameters (cveid, name, url, source)
*/
private CallableStatement insertReference = null;
/**
* insert software - parameters (cveid, cpe, vendor, product, version, previousVersion)
*/
private CallableStatement insertSoftware = null;
/**
* insert vulnerability - parameters (cveid, description, cwe, cvssScore, cvssAccessVector, cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact)
*/
private CallableStatement insertVulnerability = null;
/**
* select cve from software - parameters (vendor, product, version)
*/
private CallableStatement selectCveFromSoftware = null;
/**
* select vulnerability - parameters (cveid)
*/
private CallableStatement selectVulnerability = null;
/**
* select reference - parameters (cveid)
*/
private CallableStatement selectReferences = null;
/**
* select software - parameters (cveid)
*/
private CallableStatement selectSoftware = null;
//</editor-fold>
/**
* Database connection
*/
protected Connection conn = null;
/**
* Opens the database connection. If the database does not exist, it will
* create a new one.
*
* @throws IOException thrown if there is an IO Exception
* @throws SQLException thrown if there is a SQL Exception
* @throws DatabaseException thrown if there is an error initializing a new database
*/
public void open() throws IOException, SQLException, DatabaseException {
String fileName = CveDB.getDataDirectory().getCanonicalPath()
+ File.separator
+ "cve";
File f = new File(fileName);
boolean createTables = !f.exists();
String connStr = "jdbc:h2:file:" + fileName;
conn = DriverManager.getConnection(connStr, "sa", "");
if (createTables) {
createTables();
}
buildStatements();
}
/**
* Cleansup the object and ensures that "close" has been called.
* @throws Throwable thrown if there is a problem
*/
@Override
protected void finalize() throws Throwable {
close();
super.finalize(); //not necessary if extending Object.
}
/**
* Closes the DB4O database. Close should be called on
* this object when it is done being used.
*/
public void close() {
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
}
conn = null;
}
}
/**
* Retrieves the vulnerabilities associated with the specified CPE cpe.
*
* @param cpeStr the CPE cpe name
* @return a list of Vulnerabilities
* @throws DatabaseException thrown if there is an exception retrieving data
*/
public List<Vulnerability> getVulnerablilities(String cpeStr) throws DatabaseException {
ResultSet rs = null;
final Entry cpe = new Entry();
try {
cpe.parseName(cpeStr);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
}
List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>();
try {
selectCveFromSoftware.setString(1, cpe.getVendor());
selectCveFromSoftware.setString(2, cpe.getProduct());
selectCveFromSoftware.setString(3, cpe.getVersion());
rs = selectCveFromSoftware.executeQuery();
while (rs.next()) {
Vulnerability v = getVulnerability(rs.getString("cveid"));
vulnerabilities.add(v);
}
} catch (SQLException ex) {
throw new DatabaseException("Exception retrieving vulnerability for " + cpeStr, ex);
} finally {
if (rs != null) {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
return vulnerabilities;
}
private Vulnerability getVulnerability(String cve) throws DatabaseException {
ResultSet rsV = null;
ResultSet rsR = null;
ResultSet rsS = null;
Vulnerability vuln = null;
try {
selectVulnerability.setString(1, cve);
rsV = selectVulnerability.executeQuery();
if (rsV.next()) {
vuln = new Vulnerability();
vuln.setName(cve);
vuln.setDescription(rsV.getString(2));
vuln.setCwe(rsV.getString(3));
vuln.setCvssScore(rsV.getFloat(4));
vuln.setCvssAccessVector(rsV.getString(5));
vuln.setCvssAccessComplexity(rsV.getString(6));
vuln.setCvssAuthentication(rsV.getString(7));
vuln.setCvssConfidentialityImpact(rsV.getString(8));
vuln.setCvssIntegrityImpact(rsV.getString(9));
vuln.setCvssAvailabilityImpact(rsV.getString(10));
selectReferences.setString(1, cve);
rsR = selectReferences.executeQuery();
while (rsR.next()) {
vuln.addReference(rsR.getString(1), rsR.getString(2), rsR.getString(3));
}
selectSoftware.setString(1, cve);
rsS = selectSoftware.executeQuery();
while (rsS.next()) {
String cpe = rsS.getString(1);
String prevVers = rsS.getString(2);
if (prevVers == null) {
vuln.addVulnerableSoftware(cpe);
} else {
vuln.addVulnerableSoftware(cpe, prevVers);
}
}
}
} catch (SQLException ex) {
throw new DatabaseException("Error retrieving " + cve, ex);
} finally {
if (rsV != null) {
try {
rsV.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
}
}
if (rsR != null) {
try {
rsR.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
}
}
if (rsS != null) {
try {
rsS.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
return vuln;
}
/**
* Updates the vulnerability within the database. If the vulnerability does not
* exist it will be added.
*
* @param vuln the vulnerability to add to the database
* @throws DatabaseException is thrown if the database
*/
public void updateVulnerability(Vulnerability vuln) throws DatabaseException {
try {
// first delete any existing vulnerabilty info.
deleteReferences.setString(1, vuln.getName());
deleteReferences.execute();
deleteSoftware.setString(1, vuln.getName());
deleteSoftware.execute();
deleteVulnerabilities.setString(1, vuln.getName());
deleteVulnerabilities.execute();
insertVulnerability.setString(1, vuln.getName());
insertVulnerability.setString(2, vuln.getDescription());
insertVulnerability.setString(3, vuln.getCwe());
insertVulnerability.setFloat(4, vuln.getCvssScore());
insertVulnerability.setString(5, vuln.getCvssAccessVector());
insertVulnerability.setString(6, vuln.getCvssAccessComplexity());
insertVulnerability.setString(7, vuln.getCvssAuthentication());
insertVulnerability.setString(8, vuln.getCvssConfidentialityImpact());
insertVulnerability.setString(9, vuln.getCvssIntegrityImpact());
insertVulnerability.setString(10, vuln.getCvssAvailabilityImpact());
insertVulnerability.execute();
insertReference.setString(1, vuln.getName());
for (Reference r : vuln.getReferences()) {
insertReference.setString(2, r.getName());
insertReference.setString(3, r.getUrl());
insertReference.setString(4, r.getSource());
insertReference.execute();
}
insertSoftware.setString(1, vuln.getName());
for (VulnerableSoftware s : vuln.getVulnerableSoftware()) {
//cveid, cpe, vendor, product, version, previousVersion
insertSoftware.setString(2, s.getName());
insertSoftware.setString(3, s.getVendor());
insertSoftware.setString(4, s.getProduct());
insertSoftware.setString(5, s.getVersion());
if (s.hasPreviousVersion()) {
insertSoftware.setString(6, s.getPreviousVersion());
} else {
insertSoftware.setNull(6, java.sql.Types.VARCHAR);
}
insertSoftware.execute();
}
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
throw new DatabaseException("Error updating '" + vuln.getName() + "'", ex);
}
}
/**
* Retrieves the directory that the JAR file exists in so that
* we can ensure we always use a common data directory.
*
* @return the data directory for this index.
* @throws IOException is thrown if an IOException occurs of course...
*/
public static File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
String filePath = CveDB.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create NVD CVE Data directory");
}
}
return path;
}
/**
* Creates the database structure (tables and indexes) to store the CVE data
*
* @throws SQLException thrown if there is a sql exception
* @throws DatabaseException thrown if there is a database exception
*/
protected void createTables() throws SQLException, DatabaseException {
Statement statement = null;
try {
statement = conn.createStatement();
statement.execute(CREATE_TABLE_VULNERABILITY);
statement.execute(CREATE_TABLE_REFERENCE);
statement.execute(CREATE_TABLE_SOFTWARE);
statement.execute(CREATE_INDEX_IDXSOFTWARE);
statement.execute(CREATE_INDEX_IDXREFERENCE);
statement.execute(CREATE_INDEX_IDXVULNERABILITY);
statement.execute(CREATE_INDEX_IDXSOFTWARECVE);
} finally {
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
}
/**
* Builds the CallableStatements used by the application.
* @throws DatabaseException
*/
private void buildStatements() throws DatabaseException {
try {
deleteReferences = conn.prepareCall(DELETE_REFERENCE);
deleteSoftware = conn.prepareCall(DELETE_SOFTWARE);
deleteVulnerabilities = conn.prepareCall(DELETE_VULNERABILITY);
insertReference = conn.prepareCall(INSERT_REFERENCE);
insertSoftware = conn.prepareCall(INSERT_SOFTWARE);
insertVulnerability = conn.prepareCall(INSERT_VULNERABILITY);
selectCveFromSoftware = conn.prepareCall(SELECT_CVE_FROM_SOFTWARE);
selectVulnerability = conn.prepareCall(SELECT_VULNERABILITY);
selectReferences = conn.prepareCall(SELECT_REFERENCE);
selectSoftware = conn.prepareCall(SELECT_SOFTWARE);
} catch (SQLException ex) {
throw new DatabaseException("Unable to prepare statements", ex);
}
}
}

33
src/main/java/org/codesecure/dependencycheck/data/nvdcve/Fields.java → src/main/java/org/codesecure/dependencycheck/data/nvdcve/DatabaseException.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.nvdcve;
/*
* This file is part of DependencyCheck.
*
@@ -17,29 +16,31 @@ package org.codesecure.dependencycheck.data.nvdcve;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve;
/**
* Fields is a collection of field names used within the Lucene index for NVD
* VULNERABLE_CPE entries.
* An exception thrown if an operation against the database fails.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public abstract class Fields {
public class DatabaseException extends Exception {
/**
* The key for the name field.
* Creates an DatabaseException
*
* @param msg the exception message
*/
public static final String CVE_ID = "cve";
public DatabaseException(String msg) {
super(msg);
}
/**
* The key for the vulnerable cpes field.
* Creates an DatabaseException
*
* @param msg the exception message
* @param ex the cause of the exception
*/
public static final String VULNERABLE_CPE = "cpe";
/**
* The key for the description field.
*/
public static final String DESCRIPTION = "description";
/**
* The key for the xml field. Stores the entire NVD VULNERABLE_CPE Entry.
*/
public static final String XML = "xml";
public DatabaseException(String msg, Exception ex) {
super(msg, ex);
}
}

113
src/main/java/org/codesecure/dependencycheck/data/nvdcve/NvdCveAnalyzer.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.nvdcve;
/*
* This file is part of DependencyCheck.
*
@@ -17,26 +16,18 @@ package org.codesecure.dependencycheck.data.nvdcve;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.sql.SQLException;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.Term;
import org.apache.lucene.search.*;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.analyzer.AnalysisException;
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityReferenceType;
import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Vulnerability;
import org.codesecure.dependencycheck.dependency.Identifier;
import org.codesecure.dependencycheck.dependency.Reference;
/**
* NvdCveAnalyzer is a utility class that takes a project dependency and
@@ -54,43 +45,39 @@ public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.A
/**
* The CVE Index.
*/
protected Index cve = null;
/**
* The Lucene IndexSearcher.
*/
private IndexSearcher indexSearcher = null;
protected CveDB cveDB = null;
/**
* Opens the data source.
*
* @throws IOException when the Lucene directory to be querried does not
* exist or is corrupt.
* @throws SQLException thrown wwhen there is a SQL Exception
* @throws IOException thrown when there is an IO Exception
* @throws DatabaseException thrown when there is a database exceptions
*/
public void open() throws IOException {
cve = new Index();
cve.open();
indexSearcher = cve.getIndexSearcher();
public void open() throws SQLException, IOException, DatabaseException {
cveDB = new CveDB();
cveDB.open();
}
/**
* Closes the data source.
*/
public void close() {
indexSearcher = null;
cve.close();
cveDB.close();
cveDB = null;
}
/**
* Returns the status of the data source - is the index open.
* Returns the status of the data source - is the database open.
*
* @return true or false.
*/
public boolean isOpen() {
return (cve == null) ? false : cve.isOpen();
return (cveDB != null);
}
/**
* Ensures that the Lucene index is closed.
* Ensures that the CVE Database is closed.
*
* @throws Throwable when a throwable is thrown.
*/
@@ -106,47 +93,22 @@ public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.A
* Analyzes a dependency and attempts to determine if there are any CPE
* identifiers for this dependency.
*
* @param dependency The Dependency to analyze.
* @param dependency The Dependency to analyze
* @param engine The analysis engine
* @throws AnalysisException is thrown if there is an issue analyzing the
* dependency.
* dependency
*/
public void analyze(Dependency dependency) throws AnalysisException {
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
for (Identifier id : dependency.getIdentifiers()) {
if ("cpe".equals(id.getType())) {
try {
String value = id.getValue();
Term term1 = new Term(Fields.VULNERABLE_CPE, value);
Query query1 = new TermQuery(term1);
//need to get the cpe:/a:vendor:product - some CVEs are referenced very broadly.
//find the index of the colon after the product of the cpe value
//cpe:/a:microsoft:anti-cross_site_scripting_library:3.1
int pos = value.indexOf(":", 7) + 1;
pos = value.indexOf(":", pos);
String productVendor = value.substring(0, pos);
Term term2 = new Term(Fields.VULNERABLE_CPE, productVendor);
Query query2 = new TermQuery(term2);
BooleanQuery query = new BooleanQuery();
query.add(query1, BooleanClause.Occur.SHOULD);
query.add(query2, BooleanClause.Occur.SHOULD);
TopDocs docs = indexSearcher.search(query, MAX_QUERY_RESULTS);
for (ScoreDoc d : docs.scoreDocs) {
Document doc = indexSearcher.doc(d.doc);
String xml = doc.get(Fields.XML);
Vulnerability vuln;
try {
vuln = parseVulnerability(xml);
dependency.addVulnerability(vuln);
} catch (JAXBException ex) {
Logger.getLogger(NvdCveAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
dependency.addAnalysisException(new AnalysisException("Unable to retrieve vulnerability data", ex));
}
List<Vulnerability> vulns = cveDB.getVulnerablilities(value);
for (Vulnerability v : vulns) {
dependency.addVulnerability(v);
}
} catch (IOException ex) {
Logger.getLogger(NvdCveAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
throw new AnalysisException("Exception occured while determining CVEs", ex);
} catch (DatabaseException ex) {
throw new AnalysisException(ex);
}
}
}
@@ -197,29 +159,4 @@ public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.A
public void initialize() throws Exception {
this.open();
}
private Vulnerability parseVulnerability(String xml) throws JAXBException {
JAXBContext jaxbContext = JAXBContext.newInstance(VulnerabilityType.class);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
ByteArrayInputStream input = new ByteArrayInputStream(xml.getBytes());
VulnerabilityType cvedata = (VulnerabilityType) unmarshaller.unmarshal(input);
if (cvedata == null) {
return null;
}
Vulnerability vuln = new Vulnerability();
vuln.setName(cvedata.getId());
vuln.setDescription(cvedata.getSummary());
if (cvedata.getReferences() != null) {
for (VulnerabilityReferenceType r : cvedata.getReferences()) {
Reference ref = new Reference();
ref.setName(r.getReference().getValue());
ref.setSource(r.getSource());
ref.setUrl(r.getReference().getHref());
vuln.addReference(ref);
}
}
return vuln;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityEnumType.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for accessComplexityEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="accessComplexityEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="MEDIUM"/>
* &lt;enumeration value="LOW"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "accessComplexityEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum AccessComplexityEnumType {
HIGH,
MEDIUM,
LOW;
public String value() {
return name();
}
public static AccessComplexityEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for accessComplexityType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="accessComplexityType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>accessComplexityEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "accessComplexityType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class AccessComplexityType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AccessComplexityEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link AccessComplexityEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AccessComplexityEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link AccessComplexityEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(AccessComplexityEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorEnumType.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for accessVectorEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="accessVectorEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="LOCAL"/>
* &lt;enumeration value="ADJACENT_NETWORK"/>
* &lt;enumeration value="NETWORK"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "accessVectorEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum AccessVectorEnumType {
LOCAL,
ADJACENT_NETWORK,
NETWORK;
public String value() {
return name();
}
public static AccessVectorEnumType fromValue(String v) {
return valueOf(v);
}
}

124
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorType.java
View File

@@ -1,124 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for accessVectorType complex type.
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
* <pre>
* &lt;complexType name="accessVectorType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>accessVectorEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "accessVectorType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class AccessVectorType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AccessVectorEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return
* possible object is
* {@link AccessVectorEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AccessVectorEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value
* allowed object is
* {@link AccessVectorEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(AccessVectorEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return
* possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value
* allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

174
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AssociatedExploitLocationType.java
View File

@@ -1,174 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for associatedExploitLocationType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="associatedExploitLocationType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="physical-access" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
* &lt;element name="voluntarily-interact" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
* &lt;element name="dialup" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
* &lt;element name="unknown" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "associatedExploitLocationType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"physicalAccess",
"voluntarilyInteract",
"dialup",
"unknown"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class AssociatedExploitLocationType {
@XmlElement(name = "physical-access", defaultValue = "false")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean physicalAccess;
@XmlElement(name = "voluntarily-interact", defaultValue = "false")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean voluntarilyInteract;
@XmlElement(defaultValue = "false")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean dialup;
@XmlElement(defaultValue = "false")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean unknown;
/**
* Gets the value of the physicalAccess property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isPhysicalAccess() {
return physicalAccess;
}
/**
* Sets the value of the physicalAccess property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPhysicalAccess(Boolean value) {
this.physicalAccess = value;
}
/**
* Gets the value of the voluntarilyInteract property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isVoluntarilyInteract() {
return voluntarilyInteract;
}
/**
* Sets the value of the voluntarilyInteract property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVoluntarilyInteract(Boolean value) {
this.voluntarilyInteract = value;
}
/**
* Gets the value of the dialup property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isDialup() {
return dialup;
}
/**
* Sets the value of the dialup property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDialup(Boolean value) {
this.dialup = value;
}
/**
* Gets the value of the unknown property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isUnknown() {
return unknown;
}
/**
* Sets the value of the unknown property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUnknown(Boolean value) {
this.unknown = value;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationEnumType.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for authenticationEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="authenticationEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="MULTIPLE_INSTANCES"/>
* &lt;enumeration value="SINGLE_INSTANCE"/>
* &lt;enumeration value="NONE"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "authenticationEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum AuthenticationEnumType {
MULTIPLE_INSTANCES,
SINGLE_INSTANCE,
NONE;
public String value() {
return name();
}
public static AuthenticationEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for authenticationType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="authenticationType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>authenticationEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "authenticationType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class AuthenticationType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AuthenticationEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link AuthenticationEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AuthenticationEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link AuthenticationEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(AuthenticationEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

376
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/BaseMetricsType.java
View File

@@ -1,376 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* <p>Java class for baseMetricsType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="baseMetricsType">
* &lt;complexContent>
* &lt;extension base="{http://scap.nist.gov/schema/cvss-v2/0.2}metricsType">
* &lt;sequence>
* &lt;element name="score" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;element name="exploit-subscore" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;element name="impact-subscore" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;group ref="{http://scap.nist.gov/schema/cvss-v2/0.2}baseVectorsGroup"/>
* &lt;element name="source" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
* &lt;element name="generated-on-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;/sequence>
* &lt;/extension>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "baseMetricsType", propOrder = {
"score",
"exploitSubscore",
"impactSubscore",
"accessVector",
"accessComplexity",
"authentication",
"confidentialityImpact",
"integrityImpact",
"availabilityImpact",
"source",
"generatedOnDatetime"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class BaseMetricsType
extends MetricsType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal score;
@XmlElement(name = "exploit-subscore")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal exploitSubscore;
@XmlElement(name = "impact-subscore")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal impactSubscore;
@XmlElement(name = "access-vector")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AccessVectorType accessVector;
@XmlElement(name = "access-complexity")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AccessComplexityType accessComplexity;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AuthenticationType authentication;
@XmlElement(name = "confidentiality-impact")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaType confidentialityImpact;
@XmlElement(name = "integrity-impact")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaType integrityImpact;
@XmlElement(name = "availability-impact")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaType availabilityImpact;
@XmlElement(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
@XmlElement(name = "generated-on-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar generatedOnDatetime;
/**
* Gets the value of the score property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getScore() {
return score;
}
/**
* Sets the value of the score property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setScore(BigDecimal value) {
this.score = value;
}
/**
* Gets the value of the exploitSubscore property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getExploitSubscore() {
return exploitSubscore;
}
/**
* Sets the value of the exploitSubscore property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExploitSubscore(BigDecimal value) {
this.exploitSubscore = value;
}
/**
* Gets the value of the impactSubscore property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getImpactSubscore() {
return impactSubscore;
}
/**
* Sets the value of the impactSubscore property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setImpactSubscore(BigDecimal value) {
this.impactSubscore = value;
}
/**
* Gets the value of the accessVector property.
*
* @return possible object is
* {@link AccessVectorType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AccessVectorType getAccessVector() {
return accessVector;
}
/**
* Sets the value of the accessVector property.
*
* @param value allowed object is
* {@link AccessVectorType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAccessVector(AccessVectorType value) {
this.accessVector = value;
}
/**
* Gets the value of the accessComplexity property.
*
* @return possible object is
* {@link AccessComplexityType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AccessComplexityType getAccessComplexity() {
return accessComplexity;
}
/**
* Sets the value of the accessComplexity property.
*
* @param value allowed object is
* {@link AccessComplexityType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAccessComplexity(AccessComplexityType value) {
this.accessComplexity = value;
}
/**
* Gets the value of the authentication property.
*
* @return possible object is
* {@link AuthenticationType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AuthenticationType getAuthentication() {
return authentication;
}
/**
* Sets the value of the authentication property.
*
* @param value allowed object is
* {@link AuthenticationType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAuthentication(AuthenticationType value) {
this.authentication = value;
}
/**
* Gets the value of the confidentialityImpact property.
*
* @return possible object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaType getConfidentialityImpact() {
return confidentialityImpact;
}
/**
* Sets the value of the confidentialityImpact property.
*
* @param value allowed object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfidentialityImpact(CiaType value) {
this.confidentialityImpact = value;
}
/**
* Gets the value of the integrityImpact property.
*
* @return possible object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaType getIntegrityImpact() {
return integrityImpact;
}
/**
* Sets the value of the integrityImpact property.
*
* @param value allowed object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setIntegrityImpact(CiaType value) {
this.integrityImpact = value;
}
/**
* Gets the value of the availabilityImpact property.
*
* @return possible object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaType getAvailabilityImpact() {
return availabilityImpact;
}
/**
* Sets the value of the availabilityImpact property.
*
* @param value allowed object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAvailabilityImpact(CiaType value) {
this.availabilityImpact = value;
}
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
/**
* Gets the value of the generatedOnDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getGeneratedOnDatetime() {
return generatedOnDatetime;
}
/**
* Sets the value of the generatedOnDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGeneratedOnDatetime(XMLGregorianCalendar value) {
this.generatedOnDatetime = value;
}
}

156
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceParameterType.java
View File

@@ -1,156 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for cceParameterType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cceParameterType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="value" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;attribute name="identifier" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;attribute name="operator" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cceParameterType", namespace = "http://scap.nist.gov/schema/cce/0.1", propOrder = {
"values"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CceParameterType {
@XmlElement(name = "value", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> values;
@XmlAttribute
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String identifier;
@XmlAttribute
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String operator;
/**
* Gets the value of the values property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the values property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getValues().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getValues() {
if (values == null) {
values = new ArrayList<String>();
}
return this.values;
}
/**
* Gets the value of the identifier property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getIdentifier() {
return identifier;
}
/**
* Sets the value of the identifier property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setIdentifier(String value) {
this.identifier = value;
}
/**
* Gets the value of the operator property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getOperator() {
return operator;
}
/**
* Sets the value of the operator property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOperator(String value) {
this.operator = value;
}
}

215
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceType.java
View File

@@ -1,215 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for cceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cceType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="definition" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
* &lt;element name="parameter" type="{http://scap.nist.gov/schema/cce/0.1}cceParameterType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="technical-mechanisms" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="references" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="id" use="required" type="{http://scap.nist.gov/schema/cce/0.1}cceNamePatternType" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cceType", namespace = "http://scap.nist.gov/schema/cce/0.1", propOrder = {
"definition",
"parameters",
"technicalMechanisms",
"references"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CceType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String definition;
@XmlElement(name = "parameter")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CceParameterType> parameters;
@XmlElement(name = "technical-mechanisms")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> technicalMechanisms;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> references;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the definition property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDefinition() {
return definition;
}
/**
* Sets the value of the definition property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDefinition(String value) {
this.definition = value;
}
/**
* Gets the value of the parameters property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the parameters property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getParameters().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CceParameterType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CceParameterType> getParameters() {
if (parameters == null) {
parameters = new ArrayList<CceParameterType>();
}
return this.parameters;
}
/**
* Gets the value of the technicalMechanisms property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the technicalMechanisms property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getTechnicalMechanisms().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getTechnicalMechanisms() {
if (technicalMechanisms == null) {
technicalMechanisms = new ArrayList<String>();
}
return this.technicalMechanisms;
}
/**
* Gets the value of the references property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the references property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getReferences().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getReferences() {
if (references == null) {
references = new ArrayList<ReferenceType>();
}
return this.references;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

153
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckReferenceType.java
View File

@@ -1,153 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* Data type for the check element, a checking system specification URI, string
* content, and an optional external file reference. The checking system
* specification should be the URI for a particular version of OVAL or a related
* system testing language, and the content will be an identifier of a test
* written in that language. The external file reference could be used to point
* to the file in which the content test identifier is defined.
*
* <p>Java class for checkReferenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="checkReferenceType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="system" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;attribute name="href" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;attribute name="name" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "checkReferenceType", namespace = "http://scap.nist.gov/schema/scap-core/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CheckReferenceType {
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String system;
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String href;
@XmlAttribute
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
/**
* Gets the value of the system property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSystem() {
return system;
}
/**
* Sets the value of the system property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSystem(String value) {
this.system = value;
}
/**
* Gets the value of the href property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getHref() {
return href;
}
/**
* Sets the value of the href property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setHref(String value) {
this.href = value;
}
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckSearchType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for checkSearchType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="checkSearchType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="system" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;attribute name="name" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "checkSearchType", namespace = "http://scap.nist.gov/schema/scap-core/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CheckSearchType {
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String system;
@XmlAttribute
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
/**
* Gets the value of the system property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSystem() {
return system;
}
/**
* Sets the value of the system property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSystem(String value) {
this.system = value;
}
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaEnumType.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for ciaEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="ciaEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="NONE"/>
* &lt;enumeration value="PARTIAL"/>
* &lt;enumeration value="COMPLETE"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "ciaEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum CiaEnumType {
NONE,
PARTIAL,
COMPLETE;
public String value() {
return name();
}
public static CiaEnumType fromValue(String v) {
return valueOf(v);
}
}

65
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementEnumType.java
View File

@@ -1,65 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for ciaRequirementEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="ciaRequirementEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="LOW"/>
* &lt;enumeration value="MEDIUM"/>
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "ciaRequirementEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum CiaRequirementEnumType {
LOW,
MEDIUM,
HIGH,
NOT_DEFINED;
public String value() {
return name();
}
public static CiaRequirementEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for ciaRequirementType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="ciaRequirementType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>ciaRequirementEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "ciaRequirementType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CiaRequirementType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaRequirementEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link CiaRequirementEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaRequirementEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link CiaRequirementEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(CiaRequirementEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for ciaType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="ciaType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>ciaEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "ciaType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CiaType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link CiaEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link CiaEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(CiaEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

69
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialEnumType.java
View File

@@ -1,69 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for collateralDamagePotentialEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="collateralDamagePotentialEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="NONE"/>
* &lt;enumeration value="LOW"/>
* &lt;enumeration value="LOW_MEDIUM"/>
* &lt;enumeration value="MEDIUM_HIGH"/>
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "collateralDamagePotentialEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum CollateralDamagePotentialEnumType {
NONE,
LOW,
LOW_MEDIUM,
MEDIUM_HIGH,
HIGH,
NOT_DEFINED;
public String value() {
return name();
}
public static CollateralDamagePotentialEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for collateralDamagePotentialType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="collateralDamagePotentialType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>collateralDamagePotentialEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "collateralDamagePotentialType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CollateralDamagePotentialType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CollateralDamagePotentialEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link CollateralDamagePotentialEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CollateralDamagePotentialEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link CollateralDamagePotentialEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(CollateralDamagePotentialEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

65
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceEnumType.java
View File

@@ -1,65 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for confidenceEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="confidenceEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="UNCONFIRMED"/>
* &lt;enumeration value="UNCORROBORATED"/>
* &lt;enumeration value="CONFIRMED"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "confidenceEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum ConfidenceEnumType {
UNCONFIRMED,
UNCORROBORATED,
CONFIRMED,
NOT_DEFINED;
public String value() {
return name();
}
public static ConfidenceEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for confidenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="confidenceType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>confidenceEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "confidenceType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class ConfidenceType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ConfidenceEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link ConfidenceEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ConfidenceEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link ConfidenceEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(ConfidenceEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveStatus.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for cveStatus.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="cveStatus">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="CANDIDATE"/>
* &lt;enumeration value="ENTRY"/>
* &lt;enumeration value="DEPRECATED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "cveStatus", namespace = "http://scap.nist.gov/schema/cve/0.1")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum CveStatus {
CANDIDATE,
ENTRY,
DEPRECATED;
public String value() {
return name();
}
public static CveStatus fromValue(String v) {
return valueOf(v);
}
}

178
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveType.java
View File

@@ -1,178 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for cveType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cveType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="status" type="{http://scap.nist.gov/schema/cve/0.1}cveStatus" minOccurs="0"/>
* &lt;element name="description" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
* &lt;element name="references" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="id" use="required" type="{http://scap.nist.gov/schema/cve/0.1}cveNamePatternType" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cveType", namespace = "http://scap.nist.gov/schema/cve/0.1", propOrder = {
"status",
"description",
"references"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CveType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CveStatus status;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String description;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> references;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the status property.
*
* @return possible object is
* {@link CveStatus }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CveStatus getStatus() {
return status;
}
/**
* Sets the value of the status property.
*
* @param value allowed object is
* {@link CveStatus }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setStatus(CveStatus value) {
this.status = value;
}
/**
* Gets the value of the description property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDescription() {
return description;
}
/**
* Sets the value of the description property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDescription(String value) {
this.description = value;
}
/**
* Gets the value of the references property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the references property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getReferences().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getReferences() {
if (references == null) {
references = new ArrayList<ReferenceType>();
}
return this.references;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

59
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssImpactType.java
View File

@@ -1,59 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for cvssImpactType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cvssImpactType">
* &lt;complexContent>
* &lt;restriction base="{http://scap.nist.gov/schema/cvss-v2/0.2}cvssType">
* &lt;sequence>
* &lt;element name="base_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}baseMetricsType"/>
* &lt;element name="environmental_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}environmentalMetricsType" minOccurs="0"/>
* &lt;element name="temporal_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}temporalMetricsType" minOccurs="0"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cvssImpactType")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CvssImpactType
extends CvssType {
}

170
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssType.java
View File

@@ -1,170 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSeeAlso;
import javax.xml.bind.annotation.XmlType;
/**
* "This schema was intentionally designed to avoid mixing classes and
* attributes between CVSS version 1, CVSS version 2, and future versions.
* Scores in the CVSS system are interdependent. The temporal score is a
* multiplier of the base score. The environmental score, in turn, is a
* multiplier of the temporal score. The ability to transfer these scores
* independently is provided on the assumption that the user understands the
* business logic. For any given metric, it is preferred that the score, as a
* minimum is provided, however the score can be re-created from the metrics or
* the multiplier and any scores they are dependent on."
*
* <p>Java class for cvssType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cvssType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="base_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}baseMetricsType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="environmental_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}environmentalMetricsType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="temporal_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}temporalMetricsType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cvssType", propOrder = {
"baseMetrics",
"environmentalMetrics",
"temporalMetrics"
})
@XmlSeeAlso({
CvssImpactType.class
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CvssType {
@XmlElement(name = "base_metrics")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<BaseMetricsType> baseMetrics;
@XmlElement(name = "environmental_metrics")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<EnvironmentalMetricsType> environmentalMetrics;
@XmlElement(name = "temporal_metrics")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<TemporalMetricsType> temporalMetrics;
/**
* Gets the value of the baseMetrics property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the baseMetrics property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getBaseMetrics().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link BaseMetricsType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<BaseMetricsType> getBaseMetrics() {
if (baseMetrics == null) {
baseMetrics = new ArrayList<BaseMetricsType>();
}
return this.baseMetrics;
}
/**
* Gets the value of the environmentalMetrics property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the environmentalMetrics property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getEnvironmentalMetrics().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link EnvironmentalMetricsType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<EnvironmentalMetricsType> getEnvironmentalMetrics() {
if (environmentalMetrics == null) {
environmentalMetrics = new ArrayList<EnvironmentalMetricsType>();
}
return this.environmentalMetrics;
}
/**
* Gets the value of the temporalMetrics property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the temporalMetrics property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getTemporalMetrics().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link TemporalMetricsType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<TemporalMetricsType> getTemporalMetrics() {
if (temporalMetrics == null) {
temporalMetrics = new ArrayList<TemporalMetricsType>();
}
return this.temporalMetrics;
}
}

86
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CweReferenceType.java
View File

@@ -1,86 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for cweReferenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cweReferenceType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="id" use="required" type="{http://scap.nist.gov/schema/scap-core/0.1}cweNamePatternType" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cweReferenceType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CweReferenceType {
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

291
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/EnvironmentalMetricsType.java
View File

@@ -1,291 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* <p>Java class for environmentalMetricsType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="environmentalMetricsType">
* &lt;complexContent>
* &lt;extension base="{http://scap.nist.gov/schema/cvss-v2/0.2}metricsType">
* &lt;sequence>
* &lt;element name="score" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;group ref="{http://scap.nist.gov/schema/cvss-v2/0.2}environmentalVectorsGroup"/>
* &lt;element name="source" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
* &lt;element name="generated-on-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;/sequence>
* &lt;/extension>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "environmentalMetricsType", propOrder = {
"score",
"collateralDamagePotential",
"targetDistribution",
"confidentialityRequirement",
"integrityRequirement",
"availabilityRequirement",
"source",
"generatedOnDatetime"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class EnvironmentalMetricsType
extends MetricsType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal score;
@XmlElement(name = "collateral-damage-potential")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CollateralDamagePotentialType collateralDamagePotential;
@XmlElement(name = "target-distribution")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected TargetDistributionType targetDistribution;
@XmlElement(name = "confidentiality-requirement")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaRequirementType confidentialityRequirement;
@XmlElement(name = "integrity-requirement")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaRequirementType integrityRequirement;
@XmlElement(name = "availability-requirement")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaRequirementType availabilityRequirement;
@XmlElement(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
@XmlElement(name = "generated-on-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar generatedOnDatetime;
/**
* Gets the value of the score property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getScore() {
return score;
}
/**
* Sets the value of the score property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setScore(BigDecimal value) {
this.score = value;
}
/**
* Gets the value of the collateralDamagePotential property.
*
* @return possible object is
* {@link CollateralDamagePotentialType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CollateralDamagePotentialType getCollateralDamagePotential() {
return collateralDamagePotential;
}
/**
* Sets the value of the collateralDamagePotential property.
*
* @param value allowed object is
* {@link CollateralDamagePotentialType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setCollateralDamagePotential(CollateralDamagePotentialType value) {
this.collateralDamagePotential = value;
}
/**
* Gets the value of the targetDistribution property.
*
* @return possible object is
* {@link TargetDistributionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public TargetDistributionType getTargetDistribution() {
return targetDistribution;
}
/**
* Sets the value of the targetDistribution property.
*
* @param value allowed object is
* {@link TargetDistributionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTargetDistribution(TargetDistributionType value) {
this.targetDistribution = value;
}
/**
* Gets the value of the confidentialityRequirement property.
*
* @return possible object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaRequirementType getConfidentialityRequirement() {
return confidentialityRequirement;
}
/**
* Sets the value of the confidentialityRequirement property.
*
* @param value allowed object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfidentialityRequirement(CiaRequirementType value) {
this.confidentialityRequirement = value;
}
/**
* Gets the value of the integrityRequirement property.
*
* @return possible object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaRequirementType getIntegrityRequirement() {
return integrityRequirement;
}
/**
* Sets the value of the integrityRequirement property.
*
* @param value allowed object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setIntegrityRequirement(CiaRequirementType value) {
this.integrityRequirement = value;
}
/**
* Gets the value of the availabilityRequirement property.
*
* @return possible object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaRequirementType getAvailabilityRequirement() {
return availabilityRequirement;
}
/**
* Sets the value of the availabilityRequirement property.
*
* @param value allowed object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAvailabilityRequirement(CiaRequirementType value) {
this.availabilityRequirement = value;
}
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
/**
* Gets the value of the generatedOnDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getGeneratedOnDatetime() {
return generatedOnDatetime;
}
/**
* Sets the value of the generatedOnDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGeneratedOnDatetime(XMLGregorianCalendar value) {
this.generatedOnDatetime = value;
}
}

67
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityEnumType.java
View File

@@ -1,67 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for exploitabilityEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="exploitabilityEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="UNPROVEN"/>
* &lt;enumeration value="PROOF_OF_CONCEPT"/>
* &lt;enumeration value="FUNCTIONAL"/>
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "exploitabilityEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum ExploitabilityEnumType {
UNPROVEN,
PROOF_OF_CONCEPT,
FUNCTIONAL,
HIGH,
NOT_DEFINED;
public String value() {
return name();
}
public static ExploitabilityEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for exploitabilityType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="exploitabilityType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>exploitabilityEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "exploitabilityType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class ExploitabilityType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ExploitabilityEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link ExploitabilityEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ExploitabilityEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link ExploitabilityEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(ExploitabilityEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

86
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FactRefType.java
View File

@@ -1,86 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
/**
* The fact-ref element appears as a child of a logical-test element. It is
* simply a reference to a CPE Name that always evaluates to a Boolean result.
*
* <p>Java class for FactRefType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="FactRefType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="name" use="required" type="{http://cpe.mitre.org/language/2.0}namePattern" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "FactRefType", namespace = "http://cpe.mitre.org/language/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class FactRefType {
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
}

67
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionDescriptionEnumType.java
View File

@@ -1,67 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for fixActionDescriptionEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="fixActionDescriptionEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="PATCH"/>
* &lt;enumeration value="SOFTWARE_UPDATE"/>
* &lt;enumeration value="CONFIGURATION_CHANGE"/>
* &lt;enumeration value="POLICY_CHANGE"/>
* &lt;enumeration value="EXTERNAL_MITIGATION"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "fixActionDescriptionEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum FixActionDescriptionEnumType {
PATCH,
SOFTWARE_UPDATE,
CONFIGURATION_CHANGE,
POLICY_CHANGE,
EXTERNAL_MITIGATION;
public String value() {
return name();
}
public static FixActionDescriptionEnumType fromValue(String v) {
return valueOf(v);
}
}

493
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionType.java
View File

@@ -1,493 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* A single fix action should only cover a single patch application, software
* update, configuration change, or external fix. Dependencies should be
* documented by using the "next_fix_action" element to point to a recursive
* list of fix actions.
*
* <p>Java class for fixActionType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="fixActionType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element ref="{http://scap.nist.gov/schema/patch/0.1}patch" minOccurs="0"/>
* &lt;element name="configuration-remediation" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityReferenceType" minOccurs="0"/>
* &lt;element name="software-update" type="{http://scap.nist.gov/schema/scap-core/0.1}cpeNamePatternType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="notes" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="deprecated-by" type="{http://scap.nist.gov/schema/scap-core/0.1}cpeNamePatternType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="next-fix-action" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="fix-action-tool-configuration" type="{http://scap.nist.gov/schema/vulnerability/0.4}toolConfigurationType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="applicable-configuration" type="{http://cpe.mitre.org/language/2.0}PlatformType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="effectiveness" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixEffectivenessEnumType" minOccurs="0"/>
* &lt;element name="applicable-check" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="fix_action_description" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionDescriptionEnumType" />
* &lt;attribute name="fix_action_type" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionTypeEnumType" />
* &lt;attribute name="id" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;attribute name="source" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "fixActionType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"patch",
"configurationRemediation",
"softwareUpdates",
"notes",
"deprecatedBies",
"nextFixActions",
"fixActionToolConfigurations",
"applicableConfigurations",
"effectiveness",
"applicableChecks"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class FixActionType {
@XmlElement(namespace = "http://scap.nist.gov/schema/patch/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Patch patch;
@XmlElement(name = "configuration-remediation")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected VulnerabilityReferenceType configurationRemediation;
@XmlElement(name = "software-update")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> softwareUpdates;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> notes;
@XmlElement(name = "deprecated-by")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> deprecatedBies;
@XmlElement(name = "next-fix-action")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<FixActionType> nextFixActions;
@XmlElement(name = "fix-action-tool-configuration")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ToolConfigurationType> fixActionToolConfigurations;
@XmlElement(name = "applicable-configuration")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<PlatformType> applicableConfigurations;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected FixEffectivenessEnumType effectiveness;
@XmlElement(name = "applicable-check")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CheckReferenceType> applicableChecks;
@XmlAttribute(name = "fix_action_description", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected FixActionDescriptionEnumType fixActionDescription;
@XmlAttribute(name = "fix_action_type", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected FixActionTypeEnumType fixActionType;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
/**
* Gets the value of the patch property.
*
* @return possible object is
* {@link Patch }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Patch getPatch() {
return patch;
}
/**
* Sets the value of the patch property.
*
* @param value allowed object is
* {@link Patch }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPatch(Patch value) {
this.patch = value;
}
/**
* Gets the value of the configurationRemediation property.
*
* @return possible object is
* {@link VulnerabilityReferenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public VulnerabilityReferenceType getConfigurationRemediation() {
return configurationRemediation;
}
/**
* Sets the value of the configurationRemediation property.
*
* @param value allowed object is
* {@link VulnerabilityReferenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfigurationRemediation(VulnerabilityReferenceType value) {
this.configurationRemediation = value;
}
/**
* Gets the value of the softwareUpdates property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the softwareUpdates property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getSoftwareUpdates().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getSoftwareUpdates() {
if (softwareUpdates == null) {
softwareUpdates = new ArrayList<String>();
}
return this.softwareUpdates;
}
/**
* Gets the value of the notes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the notes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getNotes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getNotes() {
if (notes == null) {
notes = new ArrayList<String>();
}
return this.notes;
}
/**
* Gets the value of the deprecatedBies property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the deprecatedBies property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getDeprecatedBies().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getDeprecatedBies() {
if (deprecatedBies == null) {
deprecatedBies = new ArrayList<String>();
}
return this.deprecatedBies;
}
/**
* Gets the value of the nextFixActions property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the nextFixActions property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getNextFixActions().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link FixActionType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<FixActionType> getNextFixActions() {
if (nextFixActions == null) {
nextFixActions = new ArrayList<FixActionType>();
}
return this.nextFixActions;
}
/**
* Gets the value of the fixActionToolConfigurations property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the fixActionToolConfigurations property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getFixActionToolConfigurations().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ToolConfigurationType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ToolConfigurationType> getFixActionToolConfigurations() {
if (fixActionToolConfigurations == null) {
fixActionToolConfigurations = new ArrayList<ToolConfigurationType>();
}
return this.fixActionToolConfigurations;
}
/**
* Gets the value of the applicableConfigurations property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the applicableConfigurations property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getApplicableConfigurations().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link PlatformType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<PlatformType> getApplicableConfigurations() {
if (applicableConfigurations == null) {
applicableConfigurations = new ArrayList<PlatformType>();
}
return this.applicableConfigurations;
}
/**
* Gets the value of the effectiveness property.
*
* @return possible object is
* {@link FixEffectivenessEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public FixEffectivenessEnumType getEffectiveness() {
return effectiveness;
}
/**
* Sets the value of the effectiveness property.
*
* @param value allowed object is
* {@link FixEffectivenessEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setEffectiveness(FixEffectivenessEnumType value) {
this.effectiveness = value;
}
/**
* Gets the value of the applicableChecks property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the applicableChecks property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getApplicableChecks().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CheckReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CheckReferenceType> getApplicableChecks() {
if (applicableChecks == null) {
applicableChecks = new ArrayList<CheckReferenceType>();
}
return this.applicableChecks;
}
/**
* Gets the value of the fixActionDescription property.
*
* @return possible object is
* {@link FixActionDescriptionEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public FixActionDescriptionEnumType getFixActionDescription() {
return fixActionDescription;
}
/**
* Sets the value of the fixActionDescription property.
*
* @param value allowed object is
* {@link FixActionDescriptionEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFixActionDescription(FixActionDescriptionEnumType value) {
this.fixActionDescription = value;
}
/**
* Gets the value of the fixActionType property.
*
* @return possible object is
* {@link FixActionTypeEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public FixActionTypeEnumType getFixActionType() {
return fixActionType;
}
/**
* Sets the value of the fixActionType property.
*
* @param value allowed object is
* {@link FixActionTypeEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFixActionType(FixActionTypeEnumType value) {
this.fixActionType = value;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
}

61
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionTypeEnumType.java
View File

@@ -1,61 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for fixActionTypeEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="fixActionTypeEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="MITIGATION"/>
* &lt;enumeration value="REMEDIATION"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "fixActionTypeEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum FixActionTypeEnumType {
MITIGATION,
REMEDIATION;
public String value() {
return name();
}
public static FixActionTypeEnumType fromValue(String v) {
return valueOf(v);
}
}

61
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixEffectivenessEnumType.java
View File

@@ -1,61 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for fixEffectivenessEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="fixEffectivenessEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="PARTIAL"/>
* &lt;enumeration value="COMPLETE"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "fixEffectivenessEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum FixEffectivenessEnumType {
PARTIAL,
COMPLETE;
public String value() {
return name();
}
public static FixEffectivenessEnumType fromValue(String v) {
return valueOf(v);
}
}

183
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/LogicalTest.java
View File

@@ -1,183 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
/**
* The logical-test element appears as a child of a platform element, and may
* also be nested to create more complex logical tests. The content consists of
* one or more elements: fact-ref, and logical-test children are permitted. The
* operator to be applied, and optional negation of the test, are given as
* attributes.
*
* <p>Java class for LogicalTestType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="LogicalTestType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="logical-test" type="{http://cpe.mitre.org/language/2.0}LogicalTestType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="fact-ref" type="{http://cpe.mitre.org/language/2.0}FactRefType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="operator" use="required" type="{http://cpe.mitre.org/language/2.0}operatorEnumeration" />
* &lt;attribute name="negate" use="required" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "LogicalTestType", namespace = "http://cpe.mitre.org/language/2.0", propOrder = {
"logicalTests",
"factReves"
})
@XmlRootElement(name = "logical-test", namespace = "http://cpe.mitre.org/language/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class LogicalTest {
@XmlElement(name = "logical-test")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<LogicalTest> logicalTests;
@XmlElement(name = "fact-ref")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<FactRefType> factReves;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected OperatorEnumeration operator;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected boolean negate;
/**
* Gets the value of the logicalTests property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the logicalTests property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getLogicalTests().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link LogicalTest }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<LogicalTest> getLogicalTests() {
if (logicalTests == null) {
logicalTests = new ArrayList<LogicalTest>();
}
return this.logicalTests;
}
/**
* Gets the value of the factReves property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the factReves property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getFactReves().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link FactRefType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<FactRefType> getFactReves() {
if (factReves == null) {
factReves = new ArrayList<FactRefType>();
}
return this.factReves;
}
/**
* Gets the value of the operator property.
*
* @return possible object is
* {@link OperatorEnumeration }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public OperatorEnumeration getOperator() {
return operator;
}
/**
* Sets the value of the operator property.
*
* @param value allowed object is
* {@link OperatorEnumeration }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOperator(OperatorEnumeration value) {
this.operator = value;
}
/**
* Gets the value of the negate property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isNegate() {
return negate;
}
/**
* Sets the value of the negate property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setNegate(boolean value) {
this.negate = value;
}
}

92
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/MetricsType.java
View File

@@ -1,92 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSeeAlso;
import javax.xml.bind.annotation.XmlType;
/**
* Base type for metrics that defines common attributes of all metrics.
*
* <p>Java class for metricsType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="metricsType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="upgraded-from-version" type="{http://www.w3.org/2001/XMLSchema}decimal" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "metricsType")
@XmlSeeAlso({
TemporalMetricsType.class,
BaseMetricsType.class,
EnvironmentalMetricsType.class
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public abstract class MetricsType {
@XmlAttribute(name = "upgraded-from-version")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal upgradedFromVersion;
/**
* Gets the value of the upgradedFromVersion property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getUpgradedFromVersion() {
return upgradedFromVersion;
}
/**
* Sets the value of the upgradedFromVersion property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUpgradedFromVersion(BigDecimal value) {
this.upgradedFromVersion = value;
}
}

96
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/NotesType.java
View File

@@ -1,96 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* The notesType defines an element that consists of one or more child note
* elements. It is assumed that each of these note elements are representative
* of the same language as defined by their parent.
*
* <p>Java class for notesType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="notesType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="note" type="{http://scap.nist.gov/schema/scap-core/0.1}textType" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "notesType", namespace = "http://scap.nist.gov/schema/scap-core/0.1", propOrder = {
"notes"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class NotesType {
@XmlElement(name = "note", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<TextType2> notes;
/**
* Gets the value of the notes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the notes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getNotes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link TextType2 }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<TextType2> getNotes() {
if (notes == null) {
notes = new ArrayList<TextType2>();
}
return this.notes;
}
}

155
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Nvd.java
View File

@@ -1,155 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* <p>Java class for anonymous complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element ref="{http://scap.nist.gov/schema/feed/vulnerability/2.0}entry" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="nvd_xml_version" use="required" type="{http://www.w3.org/2001/XMLSchema}decimal" />
* &lt;attribute name="pub_date" use="required" type="{http://www.w3.org/2001/XMLSchema}dateTime" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
"entries"
})
@XmlRootElement(name = "nvd", namespace = "http://scap.nist.gov/schema/feed/vulnerability/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class Nvd {
@XmlElement(name = "entry", namespace = "http://scap.nist.gov/schema/feed/vulnerability/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<VulnerabilityType> entries;
@XmlAttribute(name = "nvd_xml_version", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal nvdXmlVersion;
@XmlAttribute(name = "pub_date", required = true)
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar pubDate;
/**
* A CVE entry.Gets the value of the entries property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the entries property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getEntries().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link VulnerabilityType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<VulnerabilityType> getEntries() {
if (entries == null) {
entries = new ArrayList<VulnerabilityType>();
}
return this.entries;
}
/**
* Gets the value of the nvdXmlVersion property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getNvdXmlVersion() {
return nvdXmlVersion;
}
/**
* Sets the value of the nvdXmlVersion property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setNvdXmlVersion(BigDecimal value) {
this.nvdXmlVersion = value;
}
/**
* Gets the value of the pubDate property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getPubDate() {
return pubDate;
}
/**
* Sets the value of the pubDate property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPubDate(XMLGregorianCalendar value) {
this.pubDate = value;
}
}

423
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ObjectFactory.java
View File

@@ -1,423 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.xml.bind.JAXBElement;
import javax.xml.bind.annotation.XmlElementDecl;
import javax.xml.bind.annotation.XmlRegistry;
import javax.xml.namespace.QName;
/**
* This object contains factory methods for each Java content interface and Java
* element interface generated in the
* org.codesecure.dependencycheck.data.nvdcve.generated package. <p>An
* ObjectFactory allows you to programatically construct new instances of the
* Java representation for XML content. The Java representation of XML content
* can consist of schema derived interfaces and classes representing the binding
* of schema type definitions, element declarations and model groups. Factory
* methods for each of these are provided in this class.
*
*/
@XmlRegistry
public class ObjectFactory {
private final static QName _Entry_QNAME = new QName("http://scap.nist.gov/schema/feed/vulnerability/2.0", "entry");
private final static QName _Vulnerability_QNAME = new QName("http://scap.nist.gov/schema/vulnerability/0.4", "vulnerability");
private final static QName _SearchableCpeReferencesTypeCpeName_QNAME = new QName("http://scap.nist.gov/schema/scap-core/0.1", "cpe-name");
private final static QName _SearchableCpeReferencesTypeCpeSearchableName_QNAME = new QName("http://scap.nist.gov/schema/scap-core/0.1", "cpe-searchable-name");
/**
* Create a new ObjectFactory that can be used to create new instances of
* schema derived classes for package:
* org.codesecure.dependencycheck.data.nvdcve.generated
*
*/
public ObjectFactory() {
}
/**
* Create an instance of {@link AccessComplexityType }
*
*/
public AccessComplexityType createAccessComplexityType() {
return new AccessComplexityType();
}
/**
* Create an instance of {@link ExploitabilityType }
*
*/
public ExploitabilityType createExploitabilityType() {
return new ExploitabilityType();
}
/**
* Create an instance of {@link ConfidenceType }
*
*/
public ConfidenceType createConfidenceType() {
return new ConfidenceType();
}
/**
* Create an instance of {@link TemporalMetricsType }
*
*/
public TemporalMetricsType createTemporalMetricsType() {
return new TemporalMetricsType();
}
/**
* Create an instance of {@link FactRefType }
*
*/
public FactRefType createFactRefType() {
return new FactRefType();
}
/**
* Create an instance of {@link VulnerableSoftwareType }
*
*/
public VulnerableSoftwareType createVulnerableSoftwareType() {
return new VulnerableSoftwareType();
}
/**
* Create an instance of {@link CveType }
*
*/
public CveType createCveType() {
return new CveType();
}
/**
* Create an instance of {@link AssociatedExploitLocationType }
*
*/
public AssociatedExploitLocationType createAssociatedExploitLocationType() {
return new AssociatedExploitLocationType();
}
/**
* Create an instance of {@link SearchableCpeReferencesType }
*
*/
public SearchableCpeReferencesType createSearchableCpeReferencesType() {
return new SearchableCpeReferencesType();
}
/**
* Create an instance of {@link CvssImpactType }
*
*/
public CvssImpactType createCvssImpactType() {
return new CvssImpactType();
}
/**
* Create an instance of {@link CweReferenceType }
*
*/
public CweReferenceType createCweReferenceType() {
return new CweReferenceType();
}
/**
* Create an instance of {@link CceParameterType }
*
*/
public CceParameterType createCceParameterType() {
return new CceParameterType();
}
/**
* Create an instance of {@link FixActionType }
*
*/
public FixActionType createFixActionType() {
return new FixActionType();
}
/**
* Create an instance of {@link OsvdbExtensionType }
*
*/
public OsvdbExtensionType createOsvdbExtensionType() {
return new OsvdbExtensionType();
}
/**
* Create an instance of {@link CheckSearchType }
*
*/
public CheckSearchType createCheckSearchType() {
return new CheckSearchType();
}
/**
* Create an instance of {@link RemediationLevelType }
*
*/
public RemediationLevelType createRemediationLevelType() {
return new RemediationLevelType();
}
/**
* Create an instance of {@link ToolConfigurationType }
*
*/
public ToolConfigurationType createToolConfigurationType() {
return new ToolConfigurationType();
}
/**
* Create an instance of {@link TextType1 }
*
*/
public TextType1 createTextType1() {
return new TextType1();
}
/**
* Create an instance of {@link PlatformSpecification }
*
*/
public PlatformSpecification createPlatformSpecification() {
return new PlatformSpecification();
}
/**
* Create an instance of {@link NotesType }
*
*/
public NotesType createNotesType() {
return new NotesType();
}
/**
* Create an instance of {@link CollateralDamagePotentialType }
*
*/
public CollateralDamagePotentialType createCollateralDamagePotentialType() {
return new CollateralDamagePotentialType();
}
/**
* Create an instance of {@link BaseMetricsType }
*
*/
public BaseMetricsType createBaseMetricsType() {
return new BaseMetricsType();
}
/**
* Create an instance of {@link CheckReferenceType }
*
*/
public CheckReferenceType createCheckReferenceType() {
return new CheckReferenceType();
}
/**
* Create an instance of {@link ReferenceType }
*
*/
public ReferenceType createReferenceType() {
return new ReferenceType();
}
/**
* Create an instance of {@link VulnerabilityReferenceType }
*
*/
public VulnerabilityReferenceType createVulnerabilityReferenceType() {
return new VulnerabilityReferenceType();
}
/**
* Create an instance of {@link CiaRequirementType }
*
*/
public CiaRequirementType createCiaRequirementType() {
return new CiaRequirementType();
}
/**
* Create an instance of {@link CvssType }
*
*/
public CvssType createCvssType() {
return new CvssType();
}
/**
* Create an instance of {@link TargetDistributionType }
*
*/
public TargetDistributionType createTargetDistributionType() {
return new TargetDistributionType();
}
/**
* Create an instance of {@link VulnerabilityType }
*
*/
public VulnerabilityType createVulnerabilityType() {
return new VulnerabilityType();
}
/**
* Create an instance of {@link Nvd }
*
*/
public Nvd createNvd() {
return new Nvd();
}
/**
* Create an instance of {@link Patch }
*
*/
public Patch createPatch() {
return new Patch();
}
/**
* Create an instance of {@link EnvironmentalMetricsType }
*
*/
public EnvironmentalMetricsType createEnvironmentalMetricsType() {
return new EnvironmentalMetricsType();
}
/**
* Create an instance of {@link LogicalTest }
*
*/
public LogicalTest createLogicalTest() {
return new LogicalTest();
}
/**
* Create an instance of {@link TextType2 }
*
*/
public TextType2 createTextType2() {
return new TextType2();
}
/**
* Create an instance of {@link AccessVectorType }
*
*/
public AccessVectorType createAccessVectorType() {
return new AccessVectorType();
}
/**
* Create an instance of {@link AuthenticationType }
*
*/
public AuthenticationType createAuthenticationType() {
return new AuthenticationType();
}
/**
* Create an instance of {@link Patch.References }
*
*/
public Patch.References createPatchReferences() {
return new Patch.References();
}
/**
* Create an instance of {@link TagType }
*
*/
public TagType createTagType() {
return new TagType();
}
/**
* Create an instance of {@link CceType }
*
*/
public CceType createCceType() {
return new CceType();
}
/**
* Create an instance of {@link PlatformType }
*
*/
public PlatformType createPlatformType() {
return new PlatformType();
}
/**
* Create an instance of {@link CiaType }
*
*/
public CiaType createCiaType() {
return new CiaType();
}
/**
* Create an instance of {@link JAXBElement }{@code <}{@link VulnerabilityType }{@code >}}
*
*/
@XmlElementDecl(namespace = "http://scap.nist.gov/schema/feed/vulnerability/2.0", name = "entry")
public JAXBElement<VulnerabilityType> createEntry(VulnerabilityType value) {
return new JAXBElement<VulnerabilityType>(_Entry_QNAME, VulnerabilityType.class, null, value);
}
/**
* Create an instance of {@link JAXBElement }{@code <}{@link VulnerabilityType }{@code >}}
*
*/
@XmlElementDecl(namespace = "http://scap.nist.gov/schema/vulnerability/0.4", name = "vulnerability")
public JAXBElement<VulnerabilityType> createVulnerability(VulnerabilityType value) {
return new JAXBElement<VulnerabilityType>(_Vulnerability_QNAME, VulnerabilityType.class, null, value);
}
/**
* Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
*
*/
@XmlElementDecl(namespace = "http://scap.nist.gov/schema/scap-core/0.1", name = "cpe-name", scope = SearchableCpeReferencesType.class)
public JAXBElement<String> createSearchableCpeReferencesTypeCpeName(String value) {
return new JAXBElement<String>(_SearchableCpeReferencesTypeCpeName_QNAME, String.class, SearchableCpeReferencesType.class, value);
}
/**
* Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
*
*/
@XmlElementDecl(namespace = "http://scap.nist.gov/schema/scap-core/0.1", name = "cpe-searchable-name", scope = SearchableCpeReferencesType.class)
public JAXBElement<String> createSearchableCpeReferencesTypeCpeSearchableName(String value) {
return new JAXBElement<String>(_SearchableCpeReferencesTypeCpeSearchableName_QNAME, String.class, SearchableCpeReferencesType.class, value);
}
}

61
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OperatorEnumeration.java
View File

@@ -1,61 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for operatorEnumeration.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="operatorEnumeration">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
* &lt;enumeration value="AND"/>
* &lt;enumeration value="OR"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "operatorEnumeration", namespace = "http://cpe.mitre.org/language/2.0")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum OperatorEnumeration {
AND,
OR;
public String value() {
return name();
}
public static OperatorEnumeration fromValue(String v) {
return valueOf(v);
}
}

87
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OsvdbExtensionType.java
View File

@@ -1,87 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for osvdbExtensionType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="osvdbExtensionType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="exploit-location" type="{http://scap.nist.gov/schema/vulnerability/0.4}associatedExploitLocationType"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "osvdbExtensionType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"exploitLocation"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class OsvdbExtensionType {
@XmlElement(name = "exploit-location", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AssociatedExploitLocationType exploitLocation;
/**
* Gets the value of the exploitLocation property.
*
* @return possible object is
* {@link AssociatedExploitLocationType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AssociatedExploitLocationType getExploitLocation() {
return exploitLocation;
}
/**
* Sets the value of the exploitLocation property.
*
* @param value allowed object is
* {@link AssociatedExploitLocationType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExploitLocation(AssociatedExploitLocationType value) {
this.exploitLocation = value;
}
}

414
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Patch.java
View File

@@ -1,414 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for patchType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="patchType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="title" type="{http://scap.nist.gov/schema/scap-core/0.1}textType" minOccurs="0"/>
* &lt;element name="references" minOccurs="0">
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="reference" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* &lt;/element>
* &lt;element name="notes" type="{http://scap.nist.gov/schema/scap-core/0.1}notesType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="check" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="supersedes" type="{http://scap.nist.gov/schema/patch/0.1}patchType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="superseded-by" type="{http://scap.nist.gov/schema/patch/0.1}patchType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="identifier" use="required" type="{http://www.w3.org/2001/XMLSchema}double" />
* &lt;attribute name="name" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="superseded" use="required" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;attribute name="deprecated" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "patchType", namespace = "http://scap.nist.gov/schema/patch/0.1", propOrder = {
"title",
"references",
"notes",
"checks",
"supersedes",
"supersededBies"
})
@XmlRootElement(name = "patch", namespace = "http://scap.nist.gov/schema/patch/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class Patch {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected TextType2 title;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Patch.References references;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<NotesType> notes;
@XmlElement(name = "check")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CheckReferenceType> checks;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<Patch> supersedes;
@XmlElement(name = "superseded-by")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<Patch> supersededBies;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected double identifier;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected boolean superseded;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean deprecated;
/**
* Gets the value of the title property.
*
* @return possible object is
* {@link TextType2 }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public TextType2 getTitle() {
return title;
}
/**
* Sets the value of the title property.
*
* @param value allowed object is
* {@link TextType2 }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTitle(TextType2 value) {
this.title = value;
}
/**
* Gets the value of the references property.
*
* @return possible object is
* {@link Patch.References }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Patch.References getReferences() {
return references;
}
/**
* Sets the value of the references property.
*
* @param value allowed object is
* {@link Patch.References }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReferences(Patch.References value) {
this.references = value;
}
/**
* Gets the value of the notes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the notes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getNotes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link NotesType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<NotesType> getNotes() {
if (notes == null) {
notes = new ArrayList<NotesType>();
}
return this.notes;
}
/**
* Gets the value of the checks property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the checks property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getChecks().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CheckReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CheckReferenceType> getChecks() {
if (checks == null) {
checks = new ArrayList<CheckReferenceType>();
}
return this.checks;
}
/**
* Gets the value of the supersedes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the supersedes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getSupersedes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link Patch }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Patch> getSupersedes() {
if (supersedes == null) {
supersedes = new ArrayList<Patch>();
}
return this.supersedes;
}
/**
* Gets the value of the supersededBies property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the supersededBies property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getSupersededBies().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link Patch }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Patch> getSupersededBies() {
if (supersededBies == null) {
supersededBies = new ArrayList<Patch>();
}
return this.supersededBies;
}
/**
* Gets the value of the identifier property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public double getIdentifier() {
return identifier;
}
/**
* Sets the value of the identifier property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setIdentifier(double value) {
this.identifier = value;
}
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
/**
* Gets the value of the superseded property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isSuperseded() {
return superseded;
}
/**
* Sets the value of the superseded property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSuperseded(boolean value) {
this.superseded = value;
}
/**
* Gets the value of the deprecated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isDeprecated() {
return deprecated;
}
/**
* Sets the value of the deprecated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDeprecated(Boolean value) {
this.deprecated = value;
}
/**
* <p>Java class for anonymous complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="reference" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
"references"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public static class References {
@XmlElement(name = "reference", namespace = "http://scap.nist.gov/schema/patch/0.1", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> references;
/**
* Gets the value of the references property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list
* will be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the references property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getReferences().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getReferences() {
if (references == null) {
references = new ArrayList<ReferenceType>();
}
return this.references;
}
}
}

94
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformSpecification.java
View File

@@ -1,94 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for anonymous complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="platform" type="{http://cpe.mitre.org/language/2.0}PlatformType" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
"platforms"
})
@XmlRootElement(name = "platform-specification", namespace = "http://cpe.mitre.org/language/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class PlatformSpecification {
@XmlElement(name = "platform", namespace = "http://cpe.mitre.org/language/2.0", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<PlatformType> platforms;
/**
* Gets the value of the platforms property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the platforms property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getPlatforms().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link PlatformType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<PlatformType> getPlatforms() {
if (platforms == null) {
platforms = new ArrayList<PlatformType>();
}
return this.platforms;
}
}

190
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformType.java
View File

@@ -1,190 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
/**
* The optional remark element may appear as a child of a platform element. It
* provides some additional description. Zero or more remark elements may
* appear. To support uses intended for multiple languages, this element
* supports the <20>xml:lang<6E> attribute. There can be multiple remarks for a single
* language.
*
* <p>Java class for PlatformType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="PlatformType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="title" type="{http://cpe.mitre.org/language/2.0}TextType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="remark" type="{http://cpe.mitre.org/language/2.0}TextType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="logical-test" type="{http://cpe.mitre.org/language/2.0}LogicalTestType"/>
* &lt;/sequence>
* &lt;attribute name="id" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "PlatformType", namespace = "http://cpe.mitre.org/language/2.0", propOrder = {
"titles",
"remarks",
"logicalTest"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class PlatformType {
@XmlElement(name = "title")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<TextType1> titles;
@XmlElement(name = "remark")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<TextType1> remarks;
@XmlElement(name = "logical-test", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected LogicalTest logicalTest;
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the titles property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the titles property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getTitles().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link TextType1 }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<TextType1> getTitles() {
if (titles == null) {
titles = new ArrayList<TextType1>();
}
return this.titles;
}
/**
* Gets the value of the remarks property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the remarks property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getRemarks().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link TextType1 }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<TextType1> getRemarks() {
if (remarks == null) {
remarks = new ArrayList<TextType1>();
}
return this.remarks;
}
/**
* Gets the value of the logicalTest property.
*
* @return possible object is
* {@link LogicalTest }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public LogicalTest getLogicalTest() {
return logicalTest;
}
/**
* Sets the value of the logicalTest property.
*
* @param value allowed object is
* {@link LogicalTest }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLogicalTest(LogicalTest value) {
this.logicalTest = value;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

92
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ReferenceType.java
View File

@@ -1,92 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
/**
* Type for a reference in the description of a CPE item. This would normally be
* used to point to extra descriptive material, or the supplier's web site, or
* the platform documentation. It consists of a piece of text (intended to be
* human-readable) and a URI (intended to be a URL, and point to a real
* resource).
*
* <p>Java class for referenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="referenceType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/scap-core/0.1>textType">
* &lt;attribute name="href" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "referenceType", namespace = "http://scap.nist.gov/schema/scap-core/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class ReferenceType
extends TextType2 {
@XmlAttribute
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String href;
/**
* Gets the value of the href property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getHref() {
return href;
}
/**
* Sets the value of the href property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setHref(String value) {
this.href = value;
}
}

67
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelEnumType.java
View File

@@ -1,67 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for remediationLevelEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="remediationLevelEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="OFFICIAL_FIX"/>
* &lt;enumeration value="TEMPORARY_FIX"/>
* &lt;enumeration value="WORKAROUND"/>
* &lt;enumeration value="UNAVAILABLE"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "remediationLevelEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum RemediationLevelEnumType {
OFFICIAL_FIX,
TEMPORARY_FIX,
WORKAROUND,
UNAVAILABLE,
NOT_DEFINED;
public String value() {
return name();
}
public static RemediationLevelEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for remediationLevelType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="remediationLevelType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>remediationLevelEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "remediationLevelType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class RemediationLevelType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected RemediationLevelEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link RemediationLevelEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public RemediationLevelEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link RemediationLevelEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(RemediationLevelEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

98
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SearchableCpeReferencesType.java
View File

@@ -1,98 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElementRef;
import javax.xml.bind.annotation.XmlElementRefs;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for searchableCpeReferencesType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="searchableCpeReferencesType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;group ref="{http://scap.nist.gov/schema/scap-core/0.1}cpeReferenceGroup" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "searchableCpeReferencesType", namespace = "http://scap.nist.gov/schema/scap-core/0.1", propOrder = {
"cpeNamesAndCpeSearchableNames"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class SearchableCpeReferencesType {
@XmlElementRefs({
@XmlElementRef(name = "cpe-searchable-name", namespace = "http://scap.nist.gov/schema/scap-core/0.1", type = JAXBElement.class),
@XmlElementRef(name = "cpe-name", namespace = "http://scap.nist.gov/schema/scap-core/0.1", type = JAXBElement.class)
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<JAXBElement<String>> cpeNamesAndCpeSearchableNames;
/**
* Gets the value of the cpeNamesAndCpeSearchableNames property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the cpeNamesAndCpeSearchableNames property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getCpeNamesAndCpeSearchableNames().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link JAXBElement }{@code <}{@link String }{@code >}
* {@link JAXBElement }{@code <}{@link String }{@code >}
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<JAXBElement<String>> getCpeNamesAndCpeSearchableNames() {
if (cpeNamesAndCpeSearchableNames == null) {
cpeNamesAndCpeSearchableNames = new ArrayList<JAXBElement<String>>();
}
return this.cpeNamesAndCpeSearchableNames;
}
}

71
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SecurityProtectionType.java
View File

@@ -1,71 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for securityProtectionType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="securityProtectionType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="ALLOWS_ADMIN_ACCESS"/>
* &lt;enumeration value="ALLOWS_USER_ACCESS"/>
* &lt;enumeration value="ALLOWS_OTHER_ACCESS"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "securityProtectionType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum SecurityProtectionType {
/**
* gain administrative access
*
*/
ALLOWS_ADMIN_ACCESS,
/**
* gain user access
*
*/
ALLOWS_USER_ACCESS,
ALLOWS_OTHER_ACCESS;
public String value() {
return name();
}
public static SecurityProtectionType fromValue(String v) {
return valueOf(v);
}
}

118
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TagType.java
View File

@@ -1,118 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for tagType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="tagType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="name" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;attribute name="value" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "tagType", namespace = "http://scap.nist.gov/schema/scap-core/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TagType {
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String value;
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(String value) {
this.value = value;
}
}

67
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionEnumType.java
View File

@@ -1,67 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for targetDistributionEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="targetDistributionEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="NONE"/>
* &lt;enumeration value="LOW"/>
* &lt;enumeration value="MEDIUM"/>
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "targetDistributionEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum TargetDistributionEnumType {
NONE,
LOW,
MEDIUM,
HIGH,
NOT_DEFINED;
public String value() {
return name();
}
public static TargetDistributionEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for targetDistributionType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="targetDistributionType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>targetDistributionEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "targetDistributionType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TargetDistributionType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected TargetDistributionEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link TargetDistributionEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public TargetDistributionEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link TargetDistributionEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(TargetDistributionEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

263
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TemporalMetricsType.java
View File

@@ -1,263 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* <p>Java class for temporalMetricsType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="temporalMetricsType">
* &lt;complexContent>
* &lt;extension base="{http://scap.nist.gov/schema/cvss-v2/0.2}metricsType">
* &lt;sequence>
* &lt;element name="score" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;element name="temporal-multiplier" type="{http://www.w3.org/2001/XMLSchema}decimal" minOccurs="0"/>
* &lt;group ref="{http://scap.nist.gov/schema/cvss-v2/0.2}temporalVectorsGroup"/>
* &lt;element name="source" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
* &lt;element name="generated-on-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime"/>
* &lt;/sequence>
* &lt;/extension>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "temporalMetricsType", propOrder = {
"score",
"temporalMultiplier",
"exploitability",
"remediationLevel",
"reportConfidence",
"source",
"generatedOnDatetime"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TemporalMetricsType
extends MetricsType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal score;
@XmlElement(name = "temporal-multiplier")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal temporalMultiplier;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ExploitabilityType exploitability;
@XmlElement(name = "remediation-level")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected RemediationLevelType remediationLevel;
@XmlElement(name = "report-confidence")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ConfidenceType reportConfidence;
@XmlElement(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
@XmlElement(name = "generated-on-datetime", required = true)
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar generatedOnDatetime;
/**
* Gets the value of the score property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getScore() {
return score;
}
/**
* Sets the value of the score property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setScore(BigDecimal value) {
this.score = value;
}
/**
* Gets the value of the temporalMultiplier property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getTemporalMultiplier() {
return temporalMultiplier;
}
/**
* Sets the value of the temporalMultiplier property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTemporalMultiplier(BigDecimal value) {
this.temporalMultiplier = value;
}
/**
* Gets the value of the exploitability property.
*
* @return possible object is
* {@link ExploitabilityType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ExploitabilityType getExploitability() {
return exploitability;
}
/**
* Sets the value of the exploitability property.
*
* @param value allowed object is
* {@link ExploitabilityType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExploitability(ExploitabilityType value) {
this.exploitability = value;
}
/**
* Gets the value of the remediationLevel property.
*
* @return possible object is
* {@link RemediationLevelType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public RemediationLevelType getRemediationLevel() {
return remediationLevel;
}
/**
* Sets the value of the remediationLevel property.
*
* @param value allowed object is
* {@link RemediationLevelType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setRemediationLevel(RemediationLevelType value) {
this.remediationLevel = value;
}
/**
* Gets the value of the reportConfidence property.
*
* @return possible object is
* {@link ConfidenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ConfidenceType getReportConfidence() {
return reportConfidence;
}
/**
* Sets the value of the reportConfidence property.
*
* @param value allowed object is
* {@link ConfidenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReportConfidence(ConfidenceType value) {
this.reportConfidence = value;
}
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
/**
* Gets the value of the generatedOnDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getGeneratedOnDatetime() {
return generatedOnDatetime;
}
/**
* Sets the value of the generatedOnDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGeneratedOnDatetime(XMLGregorianCalendar value) {
this.generatedOnDatetime = value;
}
}

116
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType1.java
View File

@@ -1,116 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* This type allows the xml:lang attribute to associate a specific language with
* an element's string content.
*
* <p>Java class for TextType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="TextType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
* &lt;attribute ref="{http://www.w3.org/XML/1998/namespace}lang"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "TextType", namespace = "http://cpe.mitre.org/language/2.0", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TextType1 {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String value;
@XmlAttribute(namespace = "http://www.w3.org/XML/1998/namespace")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String lang;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(String value) {
this.value = value;
}
/**
* Gets the value of the lang property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getLang() {
return lang;
}
/**
* Sets the value of the lang property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLang(String value) {
this.lang = value;
}
}

120
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType2.java
View File

@@ -1,120 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSeeAlso;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* This type allows the xml:lang attribute to associate a specific language with
* an element's string content.
*
* <p>Java class for textType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="textType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
* &lt;attribute ref="{http://www.w3.org/XML/1998/namespace}lang"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "textType", namespace = "http://scap.nist.gov/schema/scap-core/0.1", propOrder = {
"value"
})
@XmlSeeAlso({
ReferenceType.class
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TextType2 {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String value;
@XmlAttribute(namespace = "http://www.w3.org/XML/1998/namespace")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String lang;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(String value) {
this.value = value;
}
/**
* Gets the value of the lang property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getLang() {
return lang;
}
/**
* Sets the value of the lang property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLang(String value) {
this.lang = value;
}
}

120
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ToolConfigurationType.java
View File

@@ -1,120 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for toolConfigurationType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="toolConfigurationType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="name" type="{http://scap.nist.gov/schema/scap-core/0.1}cpeNamePatternType" minOccurs="0"/>
* &lt;element name="definition" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "toolConfigurationType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"name",
"definitions"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class ToolConfigurationType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
@XmlElement(name = "definition")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CheckReferenceType> definitions;
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
/**
* Gets the value of the definitions property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the definitions property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getDefinitions().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CheckReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CheckReferenceType> getDefinitions() {
if (definitions == null) {
definitions = new ArrayList<CheckReferenceType>();
}
return this.definitions;
}
}

71
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceCategoryEnumType.java
View File

@@ -1,71 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for vulnerabilityReferenceCategoryEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="vulnerabilityReferenceCategoryEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="PATCH"/>
* &lt;enumeration value="VENDOR_ADVISORY"/>
* &lt;enumeration value="THIRD_PARTY_ADVISORY"/>
* &lt;enumeration value="SIGNATURE_SOURCE"/>
* &lt;enumeration value="MITIGATION_PROCEDURE"/>
* &lt;enumeration value="TOOL_CONFIGURATION_DESCRIPTION"/>
* &lt;enumeration value="UNKNOWN"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "vulnerabilityReferenceCategoryEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum VulnerabilityReferenceCategoryEnumType {
PATCH,
VENDOR_ADVISORY,
THIRD_PARTY_ADVISORY,
SIGNATURE_SOURCE,
MITIGATION_PROCEDURE,
TOOL_CONFIGURATION_DESCRIPTION,
UNKNOWN;
public String value() {
return name();
}
public static VulnerabilityReferenceCategoryEnumType fromValue(String v) {
return valueOf(v);
}
}

236
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceType.java
View File

@@ -1,236 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* Extends the base "reference" class by adding the ability to specify which
* kind (within the vulnerability model) of reference it is. See
* "Vulnerability_Reference_Category_List" enumeration.
*
* <p>Java class for vulnerabilityReferenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="vulnerabilityReferenceType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="source" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
* &lt;element name="reference" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType"/>
* &lt;element name="notes" type="{http://scap.nist.gov/schema/scap-core/0.1}notesType" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute ref="{http://www.w3.org/XML/1998/namespace}lang default="en""/>
* &lt;attribute name="reference_type" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityReferenceCategoryEnumType" />
* &lt;attribute name="deprecated" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "vulnerabilityReferenceType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"source",
"reference",
"notes"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class VulnerabilityReferenceType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
@XmlElement(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ReferenceType reference;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected NotesType notes;
@XmlAttribute(namespace = "http://www.w3.org/XML/1998/namespace")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String lang;
@XmlAttribute(name = "reference_type", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected VulnerabilityReferenceCategoryEnumType referenceType;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean deprecated;
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
/**
* Gets the value of the reference property.
*
* @return possible object is
* {@link ReferenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ReferenceType getReference() {
return reference;
}
/**
* Sets the value of the reference property.
*
* @param value allowed object is
* {@link ReferenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReference(ReferenceType value) {
this.reference = value;
}
/**
* Gets the value of the notes property.
*
* @return possible object is
* {@link NotesType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public NotesType getNotes() {
return notes;
}
/**
* Sets the value of the notes property.
*
* @param value allowed object is
* {@link NotesType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setNotes(NotesType value) {
this.notes = value;
}
/**
* Gets the value of the lang property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getLang() {
if (lang == null) {
return "en";
} else {
return lang;
}
}
/**
* Sets the value of the lang property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLang(String value) {
this.lang = value;
}
/**
* Gets the value of the referenceType property.
*
* @return possible object is
* {@link VulnerabilityReferenceCategoryEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public VulnerabilityReferenceCategoryEnumType getReferenceType() {
return referenceType;
}
/**
* Sets the value of the referenceType property.
*
* @param value allowed object is
* {@link VulnerabilityReferenceCategoryEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReferenceType(VulnerabilityReferenceCategoryEnumType value) {
this.referenceType = value;
}
/**
* Gets the value of the deprecated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isDeprecated() {
return deprecated;
}
/**
* Sets the value of the deprecated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDeprecated(Boolean value) {
this.deprecated = value;
}
}

703
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityType.java
View File

@@ -1,703 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.*;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* TODO: Low priority: Add reference to notes type to allow analysts, vendor and
* other comments. Add source attribute. Maybe categorization?
*
* <p>Java class for vulnerabilityType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="vulnerabilityType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="osvdb-ext" type="{http://scap.nist.gov/schema/vulnerability/0.4}osvdbExtensionType" minOccurs="0"/>
* &lt;element name="vulnerable-configuration" type="{http://cpe.mitre.org/language/2.0}PlatformType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="vulnerable-software-list" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerableSoftwareType" minOccurs="0"/>
* &lt;choice minOccurs="0">
* &lt;element name="cve-id" type="{http://scap.nist.gov/schema/cve/0.1}cveNamePatternType"/>
* &lt;element name="cce-id" type="{http://scap.nist.gov/schema/cce/0.1}cceNamePatternType"/>
* &lt;/choice>
* &lt;element name="discovered-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="disclosure-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="exploit-publish-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="published-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="last-modified-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="cvss" type="{http://scap.nist.gov/schema/cvss-v2/0.2}cvssImpactType" minOccurs="0"/>
* &lt;element name="security-protection" type="{http://scap.nist.gov/schema/vulnerability/0.4}securityProtectionType" minOccurs="0"/>
* &lt;element name="assessment_check" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="cwe" type="{http://scap.nist.gov/schema/vulnerability/0.4}cweReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="references" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="fix_action" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="scanner" type="{http://scap.nist.gov/schema/vulnerability/0.4}toolConfigurationType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="summary" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
* &lt;element name="technical_description" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="attack_scenario" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="id" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityIdType" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlRootElement(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"osvdbExt",
"vulnerableConfigurations",
"vulnerableSoftwareList",
"cceId",
"cveId",
"discoveredDatetime",
"disclosureDatetime",
"exploitPublishDatetime",
"publishedDatetime",
"lastModifiedDatetime",
"cvss",
"securityProtection",
"assessmentChecks",
"cwes",
"references",
"fixActions",
"scanners",
"summary",
"technicalDescriptions",
"attackScenarios"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class VulnerabilityType {
@XmlElement(name = "osvdb-ext")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected OsvdbExtensionType osvdbExt;
@XmlElement(name = "vulnerable-configuration")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<PlatformType> vulnerableConfigurations;
@XmlElement(name = "vulnerable-software-list")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected VulnerableSoftwareType vulnerableSoftwareList;
@XmlElement(name = "cce-id")
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String cceId;
@XmlElement(name = "cve-id")
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String cveId;
@XmlElement(name = "discovered-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar discoveredDatetime;
@XmlElement(name = "disclosure-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar disclosureDatetime;
@XmlElement(name = "exploit-publish-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar exploitPublishDatetime;
@XmlElement(name = "published-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar publishedDatetime;
@XmlElement(name = "last-modified-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar lastModifiedDatetime;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CvssImpactType cvss;
@XmlElement(name = "security-protection")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected SecurityProtectionType securityProtection;
@XmlElement(name = "assessment_check")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CheckReferenceType> assessmentChecks;
@XmlElement(name = "cwe")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CweReferenceType> cwes;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<VulnerabilityReferenceType> references;
@XmlElement(name = "fix_action")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<FixActionType> fixActions;
@XmlElement(name = "scanner")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ToolConfigurationType> scanners;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String summary;
@XmlElement(name = "technical_description")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> technicalDescriptions;
@XmlElement(name = "attack_scenario")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> attackScenarios;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the osvdbExt property.
*
* @return possible object is
* {@link OsvdbExtensionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public OsvdbExtensionType getOsvdbExt() {
return osvdbExt;
}
/**
* Sets the value of the osvdbExt property.
*
* @param value allowed object is
* {@link OsvdbExtensionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOsvdbExt(OsvdbExtensionType value) {
this.osvdbExt = value;
}
/**
* Gets the value of the vulnerableConfigurations property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the vulnerableConfigurations property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getVulnerableConfigurations().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link PlatformType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<PlatformType> getVulnerableConfigurations() {
if (vulnerableConfigurations == null) {
vulnerableConfigurations = new ArrayList<PlatformType>();
}
return this.vulnerableConfigurations;
}
/**
* Gets the value of the vulnerableSoftwareList property.
*
* @return possible object is
* {@link VulnerableSoftwareType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public VulnerableSoftwareType getVulnerableSoftwareList() {
return vulnerableSoftwareList;
}
/**
* Sets the value of the vulnerableSoftwareList property.
*
* @param value allowed object is
* {@link VulnerableSoftwareType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVulnerableSoftwareList(VulnerableSoftwareType value) {
this.vulnerableSoftwareList = value;
}
/**
* Gets the value of the cceId property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getCceId() {
return cceId;
}
/**
* Sets the value of the cceId property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setCceId(String value) {
this.cceId = value;
}
/**
* Gets the value of the cveId property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getCveId() {
return cveId;
}
/**
* Sets the value of the cveId property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setCveId(String value) {
this.cveId = value;
}
/**
* Gets the value of the discoveredDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getDiscoveredDatetime() {
return discoveredDatetime;
}
/**
* Sets the value of the discoveredDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDiscoveredDatetime(XMLGregorianCalendar value) {
this.discoveredDatetime = value;
}
/**
* Gets the value of the disclosureDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getDisclosureDatetime() {
return disclosureDatetime;
}
/**
* Sets the value of the disclosureDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDisclosureDatetime(XMLGregorianCalendar value) {
this.disclosureDatetime = value;
}
/**
* Gets the value of the exploitPublishDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getExploitPublishDatetime() {
return exploitPublishDatetime;
}
/**
* Sets the value of the exploitPublishDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExploitPublishDatetime(XMLGregorianCalendar value) {
this.exploitPublishDatetime = value;
}
/**
* Gets the value of the publishedDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getPublishedDatetime() {
return publishedDatetime;
}
/**
* Sets the value of the publishedDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPublishedDatetime(XMLGregorianCalendar value) {
this.publishedDatetime = value;
}
/**
* Gets the value of the lastModifiedDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getLastModifiedDatetime() {
return lastModifiedDatetime;
}
/**
* Sets the value of the lastModifiedDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLastModifiedDatetime(XMLGregorianCalendar value) {
this.lastModifiedDatetime = value;
}
/**
* Gets the value of the cvss property.
*
* @return possible object is
* {@link CvssImpactType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CvssImpactType getCvss() {
return cvss;
}
/**
* Sets the value of the cvss property.
*
* @param value allowed object is
* {@link CvssImpactType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setCvss(CvssImpactType value) {
this.cvss = value;
}
/**
* Gets the value of the securityProtection property.
*
* @return possible object is
* {@link SecurityProtectionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public SecurityProtectionType getSecurityProtection() {
return securityProtection;
}
/**
* Sets the value of the securityProtection property.
*
* @param value allowed object is
* {@link SecurityProtectionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSecurityProtection(SecurityProtectionType value) {
this.securityProtection = value;
}
/**
* Gets the value of the assessmentChecks property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the assessmentChecks property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getAssessmentChecks().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CheckReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CheckReferenceType> getAssessmentChecks() {
if (assessmentChecks == null) {
assessmentChecks = new ArrayList<CheckReferenceType>();
}
return this.assessmentChecks;
}
/**
* Gets the value of the cwes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the cwes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getCwes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CweReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CweReferenceType> getCwes() {
if (cwes == null) {
cwes = new ArrayList<CweReferenceType>();
}
return this.cwes;
}
/**
* Gets the value of the references property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the references property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getReferences().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link VulnerabilityReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<VulnerabilityReferenceType> getReferences() {
if (references == null) {
references = new ArrayList<VulnerabilityReferenceType>();
}
return this.references;
}
/**
* Gets the value of the fixActions property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the fixActions property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getFixActions().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link FixActionType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<FixActionType> getFixActions() {
if (fixActions == null) {
fixActions = new ArrayList<FixActionType>();
}
return this.fixActions;
}
/**
* Gets the value of the scanners property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the scanners property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getScanners().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ToolConfigurationType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ToolConfigurationType> getScanners() {
if (scanners == null) {
scanners = new ArrayList<ToolConfigurationType>();
}
return this.scanners;
}
/**
* Gets the value of the summary property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSummary() {
return summary;
}
/**
* Sets the value of the summary property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSummary(String value) {
this.summary = value;
}
/**
* Gets the value of the technicalDescriptions property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the technicalDescriptions property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getTechnicalDescriptions().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getTechnicalDescriptions() {
if (technicalDescriptions == null) {
technicalDescriptions = new ArrayList<ReferenceType>();
}
return this.technicalDescriptions;
}
/**
* Gets the value of the attackScenarios property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the attackScenarios property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getAttackScenarios().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getAttackScenarios() {
if (attackScenarios == null) {
attackScenarios = new ArrayList<ReferenceType>();
}
return this.attackScenarios;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

92
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerableSoftwareType.java
View File

@@ -1,92 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for vulnerableSoftwareType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="vulnerableSoftwareType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="product" type="{http://cpe.mitre.org/language/2.0}namePattern" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "vulnerableSoftwareType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"products"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class VulnerableSoftwareType {
@XmlElement(name = "product", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> products;
/**
* Gets the value of the products property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the products property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getProducts().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getProducts() {
if (products == null) {
products = new ArrayList<String>();
}
return this.products;
}
}

9
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/package-info.java
View File

@@ -1,9 +0,0 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
@javax.xml.bind.annotation.XmlSchema(namespace = "http://scap.nist.gov/schema/cvss-v2/0.2", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
package org.codesecure.dependencycheck.data.nvdcve.generated;

441
src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java → src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java
View File

@@ -1,4 +1,3 @@
package org.codesecure.dependencycheck.data.nvdcve;
/*
* This file is part of DependencyCheck.
*
@@ -17,36 +16,47 @@ package org.codesecure.dependencycheck.data.nvdcve;
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
import java.io.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import javax.xml.parsers.ParserConfigurationException;
import org.codesecure.dependencycheck.data.CachedWebDataSource;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.*;
import java.sql.SQLException;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.KeywordAnalyzer;
import org.apache.lucene.analysis.PerFieldAnalyzerWrapper;
import org.apache.lucene.analysis.standard.StandardAnalyzer;
import org.apache.lucene.store.Directory;
import org.apache.lucene.store.FSDirectory;
import org.apache.lucene.util.Version;
import org.codesecure.dependencycheck.data.CachedWebDataSource;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.codesecure.dependencycheck.data.UpdateException;
import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
import org.codesecure.dependencycheck.data.nvdcve.xml.Importer;
import org.codesecure.dependencycheck.data.cpe.Index;
import org.codesecure.dependencycheck.data.nvdcve.CveDB;
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
import org.codesecure.dependencycheck.utils.DownloadFailedException;
import org.codesecure.dependencycheck.utils.Downloader;
import org.codesecure.dependencycheck.utils.FileUtils;
import org.codesecure.dependencycheck.utils.InvalidSettingException;
import org.codesecure.dependencycheck.utils.Settings;
import org.xml.sax.SAXException;
import org.codesecure.dependencycheck.data.nvdcve.DatabaseException;
/**
* The Index class is used to utilize and maintain the NVD CVE Index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class Index extends AbstractIndex implements CachedWebDataSource {
public class DatabaseUpdater implements CachedWebDataSource {
/**
* The name of the properties file containing the timestamp of the last
@@ -64,43 +74,16 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* days of the last update.
*/
private static final String LAST_UPDATED_BASE = "lastupdated.";
/**
* Returns the directory that holds the NVD CVE Index.
*
* @return the Directory containing the NVD CVE Index.
* @throws IOException is thrown if an IOException occurs.
* The current version of the database
*/
public Directory getDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
File path = new File(fileName);
Directory dir = FSDirectory.open(path);
return dir;
}
/**
* Creates an Analyzer for the NVD VULNERABLE_CPE Index.
*
* @return the VULNERABLE_CPE Analyzer.
*/
@SuppressWarnings("unchecked")
public Analyzer createAnalyzer() {
Map fieldAnalyzers = new HashMap();
fieldAnalyzers.put(Fields.CVE_ID, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.VULNERABLE_CPE, new KeywordAnalyzer());
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(
new StandardAnalyzer(Version.LUCENE_35), fieldAnalyzers);
return wrapper;
}
public static final String DATABASE_VERSION = "2.1";
/**
* <p>Downloads the latest NVD CVE XML file from the web and imports it into
* the current CVE Index.</p>
* the current CVE Database.</p>
*
* @throws UpdateException is thrown if there is an error updating the index
* @throws UpdateException is thrown if there is an error updating the database
*/
public void update() throws UpdateException {
try {
@@ -112,27 +95,46 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
}
}
if (maxUpdates > 3) {
Logger.getLogger(Index.class.getName()).log(Level.WARNING, "NVD CVE requires several updates; this could take a couple of minutes.");
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
"NVD CVE requires several updates; this could take a couple of minutes.");
}
int count = 0;
for (NvdCveUrl cve : update.values()) {
if (cve.getNeedsUpdate()) {
count += 1;
Logger.getLogger(Index.class.getName()).log(Level.WARNING, "Updating NVD CVE (" + count + " of " + maxUpdates + ")");
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
"Updating NVD CVE ({0} of {1})", new Object[]{count, maxUpdates});
URL url = new URL(cve.getUrl());
File outputPath = null;
File outputPath12 = null;
try {
Logger.getLogger(Index.class.getName()).log(Level.WARNING, "Downloading " + cve.getUrl());
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
"Downloading {0}", cve.getUrl());
outputPath = File.createTempFile("cve" + cve.getId() + "_", ".xml");
Downloader.fetchFile(url, outputPath, false);
Logger.getLogger(Index.class.getName()).log(Level.WARNING, "Processing " + cve.getUrl());
Importer.importXML(outputPath.toString());
Logger.getLogger(Index.class.getName()).log(Level.WARNING, "Completed updated " + count + " of " + maxUpdates);
url = new URL(cve.getOldSchemaVersionUrl());
outputPath12 = File.createTempFile("cve_1_2_" + cve.getId() + "_", ".xml");
Downloader.fetchFile(url, outputPath12, false);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
"Processing {0}", cve.getUrl());
importXML(outputPath, outputPath12);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
"Completed updated {0} of {1}", new Object[]{count, maxUpdates});
} catch (FileNotFoundException ex) {
//Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} catch (ParserConfigurationException ex) {
throw new UpdateException(ex);
} catch (SAXException ex) {
throw new UpdateException(ex);
} catch (IOException ex) {
//Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} catch (SQLException ex) {
throw new UpdateException(ex);
} catch (DatabaseException ex) {
throw new UpdateException(ex);
} finally {
try {
@@ -151,48 +153,99 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
writeLastUpdatedPropertyFile(update);
}
} catch (MalformedURLException ex) {
//Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} catch (DownloadFailedException ex) {
//Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
}
}
/**
* Imports the NVD CVE XML File into the Lucene Index.
*
* @param file the file containing the NVD CVE XML
* @param oldVersion contains the file containing the NVD CVE XML 1.2
*/
private void importXML(File file, File oldVersion)
throws ParserConfigurationException, SAXException, IOException, SQLException, DatabaseException {
CveDB cveDB = null;
Index cpeIndex = null;
try {
cveDB = new CveDB();
cveDB.open();
cpeIndex = new Index();
cpeIndex.openIndexWriter();
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
NvdCve12Handler cve12Handler = new NvdCve12Handler();
saxParser.parse(oldVersion, cve12Handler);
Map<String, List<VulnerableSoftware>> prevVersionVulnMap = cve12Handler.getVulnerabilities();
cve12Handler = null;
NvdCve20Handler cve20Handler = new NvdCve20Handler();
cve20Handler.setCveDB(cveDB);
cve20Handler.setPrevVersionVulnMap(prevVersionVulnMap);
cve20Handler.setCpeIndex(cpeIndex);
saxParser.parse(file, cve20Handler);
cve20Handler = null;
} finally {
if (cpeIndex != null) {
cpeIndex.close();
cpeIndex = null;
}
if (cveDB != null) {
cveDB.close();
cveDB = null;
}
}
}
//<editor-fold defaultstate="collapsed" desc="Code to read/write properties files regarding the last update dates">
/**
* Writes a properties file containing the last updated date to the
* VULNERABLE_CPE directory.
*
* @param timeStamp the timestamp to write.
*/
private void writeLastUpdatedPropertyFile(Map<String, NvdCveUrl> updated) {
String dir = Settings.getString(Settings.KEYS.CVE_INDEX);
private void writeLastUpdatedPropertyFile(Map<String, NvdCveUrl> updated) throws UpdateException {
String dir;
try {
dir = CveDB.getDataDirectory().getCanonicalPath();
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to locate last updated properties file.", ex);
}
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
Properties prop = new Properties();
prop.put("version", DATABASE_VERSION);
for (NvdCveUrl cve : updated.values()) {
prop.put(LAST_UPDATED_BASE + cve.id, String.valueOf(cve.getTimestamp()));
}
OutputStream os = null;
OutputStreamWriter out = null;
try {
os = new FileOutputStream(cveProp);
OutputStreamWriter out = new OutputStreamWriter(os);
out = new OutputStreamWriter(os, "UTF-8");
prop.store(out, dir);
} catch (FileNotFoundException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to find last updated properties file.", ex);
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to update last updated properties file.", ex);
} finally {
try {
os.flush();
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
}
try {
os.close();
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
if (out != null) {
try {
out.close();
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
}
@@ -206,32 +259,75 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* @return the NvdCveUrl of the files that need to be updated.
* @throws MalformedURLException is thrown if the URL for the NVD CVE Meta
* data is incorrect.
* @throws DownloadFailedException is thrown if there is an error
* @throws DownloadFailedException is thrown if there is an error.
* downloading the nvd cve download data file.
* @throws UpdateException Is thrown if there is an issue with the last updated properties file.
*/
public Map<String, NvdCveUrl> updateNeeded() throws MalformedURLException, DownloadFailedException {
public Map<String, NvdCveUrl> updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
Map<String, NvdCveUrl> currentlyPublished;
try {
currentlyPublished = retrieveCurrentTimestampsFromWeb();
} catch (InvalidDataException ex) {
Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new DownloadFailedException("Unable to retrieve valid timestamp from nvd cve downloads page", ex);
} catch (InvalidSettingException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new DownloadFailedException("Invalid settings", ex);
}
if (currentlyPublished == null) {
throw new DownloadFailedException("Unable to retrieve valid timestamp from nvd cve downloads page");
}
String dir = Settings.getString(Settings.KEYS.CVE_INDEX);
String dir;
try {
dir = CveDB.getDataDirectory().getCanonicalPath();
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to locate last updated properties file.", ex);
}
File f = new File(dir);
if (f.exists()) {
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
if (cveProp.exists()) {
Properties prop = new Properties();
InputStream is;
InputStream is = null;
try {
is = new FileInputStream(cveProp);
prop.load(is);
long lastUpdated = Long.parseLong(prop.getProperty(Index.LAST_UPDATED_MODIFIED));
boolean deleteAndRecreate = false;
float version = 0;
if (prop.getProperty("version") == null) {
deleteAndRecreate = true;
} else {
try {
version = Float.parseFloat(prop.getProperty("version"));
float currentVersion = Float.parseFloat(DATABASE_VERSION);
if (currentVersion > version) {
deleteAndRecreate = true;
}
} catch (NumberFormatException ex) {
deleteAndRecreate = true;
}
}
if (deleteAndRecreate) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING, "Index version is old. Rebuilding the index.");
is.close();
//this is an old version of the lucene index - just delete it
FileUtils.delete(f);
//this importer also updates the CPE index and it is also using an old version
org.codesecure.dependencycheck.data.cpe.Index cpeidx = new org.codesecure.dependencycheck.data.cpe.Index();
File cpeDir = cpeidx.getDataDirectory();
FileUtils.delete(cpeDir);
return currentlyPublished;
}
long lastUpdated = Long.parseLong(prop.getProperty(LAST_UPDATED_MODIFIED));
Date now = new Date();
int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS);
int maxEntries = Settings.getInt(Settings.KEYS.CVE_URL_COUNT);
@@ -250,7 +346,7 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
try {
currentTimestamp = Long.parseLong(prop.getProperty(LAST_UPDATED_BASE + String.valueOf(i), "0"));
} catch (NumberFormatException ex) {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, "Error parsing " + LAST_UPDATED_BASE
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, "Error parsing " + LAST_UPDATED_BASE
+ String.valueOf(i) + " from nvdcve.lastupdated", ex);
}
if (currentTimestamp == cve.getTimestamp()) {
@@ -259,11 +355,19 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
}
}
} catch (FileNotFoundException ex) {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, null, ex);
} catch (IOException ex) {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, null, ex);
} catch (NumberFormatException ex) {
Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, null, ex);
} finally {
if (is != null) {
try {
is.close();
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
}
}
@@ -282,7 +386,7 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* @return whether or not the date is within the range.
*/
private boolean withinRange(long date, long compareTo, int range) {
double differenceInDays = (compareTo - date) / 1000 / 60 / 60 / 24;
double differenceInDays = (compareTo - date) / 1000.0 / 60.0 / 60.0 / 24.0;
return differenceInDays < range;
}
@@ -290,139 +394,47 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
* Retrieves the timestamps from the NVD CVE meta data file.
*
* @return the timestamp from the currently published nvdcve downloads page
* @throws MalformedURLException is thrown if the URL for the NVD CCE Meta
* @throws MalformedURLException thrown if the URL for the NVD CCE Meta
* data is incorrect.
* @throws DownloadFailedException is thrown if there is an error
* @throws DownloadFailedException thrown if there is an error
* downloading the nvd cve meta data file
* @throws InvalidDataException is thrown if there is an exception parsing
* @throws InvalidDataException thrown if there is an exception parsing
* the timestamps
* @throws InvalidSettingException thrown if the settings are invalid
*/
protected Map<String, NvdCveUrl> retrieveCurrentTimestampsFromWeb() throws MalformedURLException, DownloadFailedException, InvalidDataException {
protected Map<String, NvdCveUrl> retrieveCurrentTimestampsFromWeb()
throws MalformedURLException, DownloadFailedException, InvalidDataException, InvalidSettingException {
Map<String, NvdCveUrl> map = new HashMap<String, NvdCveUrl>();
String retrieveUrl = Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL);
File tmp = null;
try {
tmp = File.createTempFile("cve", "meta");
URL url = new URL(Settings.getString(Settings.KEYS.CVE_META_URL));
Downloader.fetchFile(url, tmp);
String html = readFile(tmp);
NvdCveUrl item = new NvdCveUrl();
item.setNeedsUpdate(false); //the others default to true, to make life easier later this should default to false.
item.setId("modified");
item.setUrl(retrieveUrl);
item.setOldSchemaVersionUrl(Settings.getString(Settings.KEYS.CVE_MODIFIED_12_URL));
String retrieveUrl = Settings.getString(Settings.KEYS.CVE_MODIFIED_URL);
NvdCveUrl cve = createNvdCveUrl("modified", retrieveUrl, html);
cve.setNeedsUpdate(false); //the others default to true, to make life easier later this should default to false.
map.put("modified", cve);
int max = Settings.getInt(Settings.KEYS.CVE_URL_COUNT);
for (int i = 1; i <= max; i++) {
retrieveUrl = Settings.getString(Settings.KEYS.CVE_BASE_URL + i);
String key = Integer.toString(i);
cve = createNvdCveUrl(key, retrieveUrl, html);
map.put(key, cve);
}
} catch (IOException ex) {
throw new DownloadFailedException("Unable to create temporary file for NVD CVE Meta File download.", ex);
} finally {
try {
if (tmp != null && tmp.exists()) {
tmp.delete();
}
} finally {
if (tmp != null && tmp.exists()) {
tmp.deleteOnExit();
}
}
item.timestamp = Downloader.getLastModified(new URL(retrieveUrl));
map.put("modified", item);
int max = Settings.getInt(Settings.KEYS.CVE_URL_COUNT);
for (int i = 1; i <= max; i++) {
retrieveUrl = Settings.getString(Settings.KEYS.CVE_BASE_URL + Settings.KEYS.CVE_SCHEMA_2_0 + i);
item = new NvdCveUrl();
item.setId(Integer.toString(i));
item.setUrl(retrieveUrl);
item.setOldSchemaVersionUrl(Settings.getString(Settings.KEYS.CVE_BASE_URL + Settings.KEYS.CVE_SCHEMA_1_2 + i));
item.setTimestamp(Downloader.getLastModified(new URL(retrieveUrl)));
map.put(item.id, item);
}
return map;
}
/**
* Creates a new NvdCveUrl object from the provide id, url, and text/html
* from the NVD CVE downloads page.
*
* @param id the name of this NVD CVE Url
* @param retrieveUrl the URL to download the file from
* @param text a bit of HTML from the NVD CVE downloads page that contains
* the URL and the last updated timestamp.
* @return a shiny new NvdCveUrl object.
* @throws InvalidDataException is thrown if the timestamp could not be
* extracted from the provided text.
*/
private NvdCveUrl createNvdCveUrl(String id, String retrieveUrl, String text) throws InvalidDataException {
Pattern pattern = Pattern.compile(Pattern.quote(retrieveUrl) + ".+?\\<br");
Matcher m = pattern.matcher(text);
NvdCveUrl item = new NvdCveUrl();
item.id = id;
item.url = retrieveUrl;
if (m.find()) {
String line = m.group();
int pos = line.indexOf("Updated:");
if (pos > 0) {
pos += 9;
try {
String timestampstr = line.substring(pos, line.length() - 3).replace("at ", "");
long timestamp = getEpochTimeFromDateTime(timestampstr);
item.setTimestamp(timestamp);
} catch (NumberFormatException ex) {
throw new InvalidDataException("NVD CVE Meta file does not contain a valid timestamp for '" + retrieveUrl + "'.", ex);
}
} else {
throw new InvalidDataException("NVD CVE Meta file does not contain the updated timestamp for '" + retrieveUrl + "'.");
}
} else {
throw new InvalidDataException("NVD CVE Meta file does not contain the url for '" + retrieveUrl + "'.");
}
return item;
}
/**
* Parses a timestamp in the format of "MM/dd/yy hh:mm" into a calendar
* object and returns the epoch time. Note, this removes the millisecond
* portion of the epoch time so all numbers returned should end in 000.
*
* @param timestamp a string in the format of "MM/dd/yy hh:mm"
* @return a Calendar object.
* @throws NumberFormatException if the timestamp was parsed incorrectly.
*/
private long getEpochTimeFromDateTime(String timestamp) throws NumberFormatException {
Calendar c = new GregorianCalendar();
int month = Integer.parseInt(timestamp.substring(0, 2));
int date = Integer.parseInt(timestamp.substring(3, 5));
int year = 2000 + Integer.parseInt(timestamp.substring(6, 8));
int hourOfDay = Integer.parseInt(timestamp.substring(9, 11));
int minute = Integer.parseInt(timestamp.substring(12, 14));
c.set(year, month, date, hourOfDay, minute, 0);
long t = c.getTimeInMillis();
t = (t / 1000) * 1000;
return t;
}
/**
* Reads a file into a string.
*
* @param file the file to be read.
* @return the contents of the file.
* @throws IOException is thrown if an IOExcpetion occurs.
*/
private String readFile(File file) throws IOException {
FileReader stream = new FileReader(file);
StringBuilder str = new StringBuilder((int) file.length());
try {
char[] buf = new char[8096];
int read = stream.read(buf, 0, 8096);
while (read > 0) {
str.append(buf, 0, read);
read = stream.read(buf, 0, 8096);
}
} finally {
stream.close();
}
return str.toString();
}
/**
* A pojo that contains the Url and timestamp of the current NvdCve XML
* files.
*/
protected class NvdCveUrl {
protected static class NvdCveUrl {
/**
* an id.
@@ -468,6 +480,30 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
public void setUrl(String url) {
this.url = url;
}
/**
* The 1.2 schema URL
*/
protected String oldSchemaVersionUrl;
/**
* Get the value of oldSchemaVersionUrl
*
* @return the value of oldSchemaVersionUrl
*/
public String getOldSchemaVersionUrl() {
return oldSchemaVersionUrl;
}
/**
* Set the value of oldSchemaVersionUrl
*
* @param oldSchemaVersionUrl new value of oldSchemaVersionUrl
*/
public void setOldSchemaVersionUrl(String oldSchemaVersionUrl) {
this.oldSchemaVersionUrl = oldSchemaVersionUrl;
}
/**
* a timestamp - epoch time.
*/
@@ -513,4 +549,5 @@ public class Index extends AbstractIndex implements CachedWebDataSource {
this.needsUpdate = needsUpdate;
}
}
//</editor-fold>
}

42
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/EntrySaveDelegate.java
View File

@@ -1,42 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.IOException;
import org.apache.lucene.index.CorruptIndexException;
import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType;
/**
*
* An interface used to define the save function used when parsing the NVD CVE
* XML file.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public interface EntrySaveDelegate {
/**
* Saves a CVE Entry into the Lucene index.
*
* @param vulnerability a CVE entry.
* @throws CorruptIndexException is thrown if the index is corrupt.
* @throws IOException is thrown if an IOException occurs.
*/
void saveEntry(VulnerabilityType vulnerability) throws CorruptIndexException, IOException;
}

Some files were not shown because too many files have changed in this diff Show More