github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github-mirrors:v0.2.4.0
Branches Tags
github-mirrors:master github-mirrors:feature/java-version-parse github-mirrors:cvedb-cache github-mirrors:reportGeneration github-mirrors:stevespringett-master github-mirrors:gh-pages github-mirrors:issue690_threadsafe
github-mirrors:v1.4.5 github-mirrors:v1.4.4 github-mirrors:1.4.3 github-mirrors:v1.4.2 github-mirrors:v1.4.1 github-mirrors:v1.4.0 github-mirrors:v1.3.6 github-mirrors:v1.3.5 github-mirrors:v1.3.4 github-mirrors:v1.3.3 github-mirrors:v1.3.2 github-mirrors:v1.3.1 github-mirrors:v1.3.0 github-mirrors:v1.2.11 github-mirrors:v1.2.9 github-mirrors:v1.2.8 github-mirrors:v1.2.7 github-mirrors:v1.2.6 github-mirrors:v1.2.5 github-mirrors:v1.2.4 github-mirrors:v1.2.3 github-mirrors:v1.2.2 github-mirrors:v1.2.1 github-mirrors:v1.2.0.1 github-mirrors:v1.2.0 github-mirrors:v1.1.4 github-mirrors:v1.1.3 github-mirrors:v1.1.2 github-mirrors:v1.1.1 github-mirrors:v1.1.0 github-mirrors:v1.0.8 github-mirrors:v1.0.7 github-mirrors:v1.0.6 github-mirrors:v1.0.5 github-mirrors:v1.0.4 github-mirrors:v1.0.3 github-mirrors:v1.0.2 github-mirrors:v1.0.1 github-mirrors:v0.3.2.4 github-mirrors:v0.3.2.3 github-mirrors:v0.3.2.2 github-mirrors:v0.3.2.0 github-mirrors:v0.3.1.1 github-mirrors:v0.3.1.0 github-mirrors:v0.3.0.0 github-mirrors:v0.2.6.0 github-mirrors:v0.2.5.2 github-mirrors:v0.2.5.1 github-mirrors:v0.2.5.0 github-mirrors:v0.2.4.0 github-mirrors:v0.2.3.2 github-mirrors:v0.2.3.1 github-mirrors:v0.2.3 github-mirrors:v0.2.2 github-mirrors:v0.2.1 github-mirrors:v0.2.0
..
compare: github-mirrors:v0.3.2.0
Branches Tags
github-mirrors:feature/java-version-parse github-mirrors:cvedb-cache github-mirrors:reportGeneration github-mirrors:master github-mirrors:stevespringett-master github-mirrors:gh-pages github-mirrors:issue690_threadsafe
github-mirrors:v1.4.5 github-mirrors:v1.4.4 github-mirrors:1.4.3 github-mirrors:v1.4.2 github-mirrors:v1.4.1 github-mirrors:v1.4.0 github-mirrors:v1.3.6 github-mirrors:v1.3.5 github-mirrors:v1.3.4 github-mirrors:v1.3.3 github-mirrors:v1.3.2 github-mirrors:v1.3.1 github-mirrors:v1.3.0 github-mirrors:v1.2.11 github-mirrors:v1.2.9 github-mirrors:v1.2.8 github-mirrors:v1.2.7 github-mirrors:v1.2.6 github-mirrors:v1.2.5 github-mirrors:v1.2.4 github-mirrors:v1.2.3 github-mirrors:v1.2.2 github-mirrors:v1.2.1 github-mirrors:v1.2.0.1 github-mirrors:v1.2.0 github-mirrors:v1.1.4 github-mirrors:v1.1.3 github-mirrors:v1.1.2 github-mirrors:v1.1.1 github-mirrors:v1.1.0 github-mirrors:v1.0.8 github-mirrors:v1.0.7 github-mirrors:v1.0.6 github-mirrors:v1.0.5 github-mirrors:v1.0.4 github-mirrors:v1.0.3 github-mirrors:v1.0.2 github-mirrors:v1.0.1 github-mirrors:v0.3.2.4 github-mirrors:v0.3.2.3 github-mirrors:v0.3.2.2 github-mirrors:v0.3.2.0 github-mirrors:v0.3.1.1 github-mirrors:v0.3.1.0 github-mirrors:v0.3.0.0 github-mirrors:v0.2.6.0 github-mirrors:v0.2.5.2 github-mirrors:v0.2.5.1 github-mirrors:v0.2.5.0 github-mirrors:v0.2.4.0 github-mirrors:v0.2.3.2 github-mirrors:v0.2.3.1 github-mirrors:v0.2.3 github-mirrors:v0.2.2 github-mirrors:v0.2.1 github-mirrors:v0.2.0

170 Commits
v0.2.4.0 ... v0.3.2.0

Author SHA1 Message Date
Jeremy Long
e488767cea 0.3.2.0 
Former-commit-id: 8431f1312204c78a829f269954161d7187245493
 2013-05-27 22:14:27 -04:00
Jeremy Long
85cacaf91e testing 
Former-commit-id: 7fd42dc4c273eff98a8fbc3e3a14f0ce1fd26abe
 2013-05-27 22:12:25 -04:00
Jeremy Long
a038bef7fe reset username and blank password 
Former-commit-id: 398c0723854c8c43d674d03a6433611c8572cec5
 2013-05-27 21:32:05 -04:00
Jeremy Long
539d3cbaba updated H2 version 
Former-commit-id: b7193bc7c2e256ebdcabc039d573994daab47415
 2013-05-27 20:47:13 -04:00
Jeremy Long
80784a44c5 added compile time support for findbugs suppress warning annotation 
Former-commit-id: 83d178ebafafe8ffc1f10b91d7336490c046990b
 2013-05-27 20:02:54 -04:00
Jeremy Long
b1a55e2df3 updated javadoc 
Former-commit-id: 2818f04997c8fa1c81c8e9bddaea0e9370b76350
 2013-05-27 20:01:47 -04:00
Jeremy Long
870d345de8 updated javadoc 
Former-commit-id: 3e05f7622618e2dc27fe40cfbdb488303d5c0ec9
 2013-05-27 20:01:16 -04:00
Jeremy Long
2b830dccfa added findbugs suppression for a non-issue and made a few checkstyle corrections 
Former-commit-id: a4a3c3503eee772c13d567d473f7ed5126941301
 2013-05-27 20:00:46 -04:00
Jeremy Long
9f08cf553b added findbugs suppress warning for a false positive 
Former-commit-id: c493f8178c129cb73f023b605599dc3dfa558f58
 2013-05-27 19:59:16 -04:00
Jeremy Long
7c14017db3 collapsed nested if statements 
Former-commit-id: e4d466f50e76659bece83b46f8a111a3d8225353
 2013-05-27 19:58:26 -04:00
Jeremy Long
e0e85c468a added supresswarnings for findbugs false positive 
Former-commit-id: 7423c03adb41f92e447aba5e58bc415d27c6c957
 2013-05-27 19:56:19 -04:00
Jeremy Long
6628fc3c33 updated javadoc 
Former-commit-id: 591bec1e2d5a2945a9cca5bf02cd1cea1bd8a38c
 2013-05-27 19:55:13 -04:00
Jeremy Long
61a1531e7b checkstyle fixes 
Former-commit-id: 5281b8ecb5163ce4a0a6464fea4f6d2a4baffafd
 2013-05-27 19:54:41 -04:00
Jeremy Long
933a8f8ec6 reduced size to make tests fasters 
Former-commit-id: d8a3b0c2382ae28a519c2cb44fb93205015e82b0
 2013-05-27 19:53:14 -04:00
Jeremy Long
f660afc6cb updated javadoc and copyright 
Former-commit-id: d48d9e1deed118e9b60d37185cdbfda47898ef6f
 2013-05-27 09:14:56 -04:00
Jeremy Long
a5dc79dffe Merge branch 'master' of https://github.com/jeremylong/DependencyCheck 
Former-commit-id: 9189529fca392ee1ef0b810528288e243dcdb6e4
 2013-05-27 09:07:18 -04:00
Steve Springett
dbc862ad39 Adding more control over data directory path 
Former-commit-id: 263475fc5b3aae04f2530ea78a0456deb18686fe
 2013-05-27 00:10:08 -07:00
Jeremy Long
e6efe6e610 Applied patch from Steve to change the loading of the H2 db 
Former-commit-id: cfce611fadbd2a39880f01d61054dbb8f72f81dc
 2013-05-25 10:56:41 -04:00
Steve Springett
9a7fbe44eb Adding more control over data directory path 
Former-commit-id: 966544bd738646ba57be087f413f686ecdfcee9c
 2013-05-24 23:53:24 -07:00
Steve Springett
adfc913a0e Fixed Velocity logging issues in server environment. 
Former-commit-id: 429105274ee0c2e78c3398e3c019feaaa056866d
 2013-05-24 16:00:10 -07:00
Steve Springett
8813652f0d Forcing the class loading of the H2 JDBC driver. 
Former-commit-id: d6c11d56afc04d115bbf1d0962072c70cb205dd8
 2013-05-22 01:11:02 -07:00
Jeremy Long
250444dd25 made outDir final 
Former-commit-id: 7987673433e91d54efa138bfafd7fbe1a22ee089
 2013-05-20 22:54:35 -04:00
Jeremy Long
a939d0c844 various updates recommended by intelliJ 
Former-commit-id: 2909f6b33224c74a2984f94651f6418bf60d88fc
 2013-05-20 22:50:21 -04:00
Jeremy Long
577b5ad704 various updates recommended by intelliJ 
Former-commit-id: 5ec42c1470384e9acd203819daa7d688ed10e965
 2013-05-20 22:17:19 -04:00
Jeremy Long
7476550356 version 0.3.1.1-snapshot 
Former-commit-id: 172a258ed0804641d1c6f73cb745330213014ceb
 2013-05-20 17:04:03 -04:00
Jeremy Long
c9077a151d version 0.3.1.1 
Former-commit-id: a47cc07a1a23ad75214fbedbe35c5e7cf72196f8
 2013-05-20 17:01:02 -04:00
Jeremy Long
7e650e05b2 fixed typo that prevented some information from being displayed 
Former-commit-id: 4823d74d2bfb31912715a363e9e56e7656f0e4b0
 2013-05-20 17:00:21 -04:00
Jeremy Long
8e6b8a092b corrected file path of related dependencies 
Former-commit-id: 62ffe2147fe1ed2e0126359371580cb0b098f4b1
 2013-05-19 08:29:00 -04:00
Jeremy Long
bd6aa7c61b bug fix, report generation failed if target directory didn't exist 
Former-commit-id: 41dacefc1453b7625ccee3c697e1348f36eebbd1
 2013-05-18 10:23:57 -04:00
Jeremy Long
300a3211ba updated exception logging message 
Former-commit-id: a63f99f7eb5ec2dbb60239d10aefd3f4f0387123
 2013-05-18 09:00:34 -04:00
Jeremy Long
d4084cfe85 PMD fix 
Former-commit-id: 7d7592cedc8d131811cfc33ad9272a360bc7acae
 2013-05-18 08:49:08 -04:00
Jeremy Long
7027109272 checkstyle fix 
Former-commit-id: 841f19eb4b9b210a060a1c200e250ffa9abb17c1
 2013-05-18 08:45:58 -04:00
Jeremy Long
f37f8a7025 updated global Settings and moved connectionTimeout, proxyUrl, and proxyPort from system properties to normal command line properties 
Former-commit-id: 2264d15e1e30034142554f93c92b30bd775083ee
 2013-05-18 08:45:16 -04:00
Jeremy Long
4758bea71b updated autor email address to my owasp address 
Former-commit-id: 4d5b9a406416032e6b53d7c4cdaa20a0c5dc80e4
 2013-05-17 23:57:59 -04:00
Jeremy Long
dcbe626d55 added equals and hashcode methods 
Former-commit-id: cf7b97b47b53fa5ad57cb15747e205d5e616760b
 2013-05-17 22:39:28 -04:00
Jeremy Long
1d8dddbfbf v0.3.1.0-snapshot 
Former-commit-id: 85ae4f6b22174a3226d4bc1b7141960fef06cb67
 2013-05-17 22:26:22 -04:00
Jeremy Long
1eae29e255 v0.3.1.0 
Former-commit-id: af198b8777439f63939bb67849bdd836e3da1a1d
 2013-05-17 22:24:24 -04:00
Jeremy Long
f1d76ecace fixed logging bug 
Former-commit-id: 41a3727c279f804ce4691f5d9ab1ce91310beae8
 2013-05-13 12:11:22 -04:00
Jeremy Long
e295bae27a Checkstyle fix 
Former-commit-id: d66c419a63c01b09e7a72647e7c495158c1f30c3
 2013-05-13 11:54:50 -04:00
Jeremy Long
2330e71b8a Improved logging on failed updates 
Former-commit-id: 76b8b8829276b32926e096b400e32f59dbaca8ea
 2013-05-13 11:54:25 -04:00
Jeremy Long
6a51fe9564 Improved logging on failed updates 
Former-commit-id: 4b08adcdeec38333e07e5ca42a658c98ac9b83a3
 2013-05-13 11:52:54 -04:00
Jeremy Long
c57c4b1184 minor update to prepareLogger 
Former-commit-id: 67135fe039ecfbea508418c844de3b44e0e23634
 2013-05-13 11:41:55 -04:00
Jeremy Long
7de83a77c2 source formating update 
Former-commit-id: da043ebca3e9a6b9b63c7b8c371563cc16121d4e
 2013-05-13 11:09:39 -04:00
Jeremy Long
0b04cc196a updated title 
Former-commit-id: 153aeace4c2709f5222a5b4d84e86f2ff36bf7ef
 2013-05-12 07:00:58 -04:00
Jeremy Long
5c37b6216f file header update 
Former-commit-id: e26b3651f6c4d9ce993da96a990f14a300aef8f9
 2013-05-10 06:34:45 -04:00
Jeremy Long
2cb56cb6fa minor bug fix 
Former-commit-id: 3daff3bc23acfd2e960df85fc8038beb62e0a6d1
 2013-05-10 06:29:08 -04:00
Jeremy Long
912b0ef8da checkstyle fix 
Former-commit-id: 07c248e22163c69f924e02932b94952c8a5ef3a1
 2013-05-10 06:05:59 -04:00
Jeremy Long
1fe56dbff7 updated file header 
Former-commit-id: 091fbe9d35dde27175c5c9e6782d4514f92ca0ca
 2013-05-10 06:04:28 -04:00
Jeremy Long
d7d6dd5a62 checkstyle fixes 
Former-commit-id: 6074262a482d3136e7a2b9e12c2b5448dd4d1426
 2013-05-10 06:03:00 -04:00
Jeremy Long
0c100c1372 updated file header comment 
Former-commit-id: 7398d863e1b4271bd39875644f2de3d3376d7e26
 2013-05-10 05:52:44 -04:00
Jeremy Long
73886ce46e minor correction 
Former-commit-id: a22f05e1f2446fa60d0b27c7019c0977bd9f103f
 2013-05-10 05:33:57 -04:00
Jeremy Long
55e61caf39 Fixed bug when analyzing maven repositories - related JARs would not get bundled 
Former-commit-id: a63d04d7d3674f1df6a98f7741867841f40093f9
 2013-05-09 23:03:03 -04:00
Jeremy Long
2e3331f568 bug fixes 
Former-commit-id: e6e1292842528039ab4498d65239759e6729a70a
 2013-05-09 22:34:47 -04:00
Jeremy Long
a1c7612a85 spelling fixes 
Former-commit-id: 1909bc5b30b2dfd4ece5c880aace9ca4fd830b48
 2013-05-09 19:49:25 -04:00
Jeremy Long
a70cbcc9d3 improved pom analysis 
Former-commit-id: d1f81329c4de99873e83f65a9abc0bef1e3c4552
 2013-05-03 20:23:42 -04:00
Jeremy Long
2a5b8943c3 minor update to references where the actual licenses are for the 3rd party components 
Former-commit-id: bebca29026d1429aaf386352be4e7226d9d4663d
 2013-04-24 20:03:02 -04:00
Jeremy Long
24d5616c45 changed logging level when logging update exceptions 
Former-commit-id: bb69814afc4a335342366fd5eaa4243cf8923f13
 2013-04-23 21:35:23 -04:00
Jeremy Long
43e1ee3e67 checkstyle/pmd/findbugs fixes 
Former-commit-id: b7b60a9649e79b1ea30d0a0601b8212679ad59b7
 2013-04-23 20:22:51 -04:00
Jeremy Long
f40fa460ca added commons-lang dependency 
Former-commit-id: 86d36425ad26dff6af427fcbe91077a53050da43
 2013-04-23 07:10:31 -04:00
Jeremy Long
210d8b9f49 added FileUtilsTest 
Former-commit-id: 0736d9241e72a08821321c226095497809be553c
 2013-04-23 07:09:56 -04:00
Jeremy Long
84f0a7e76a bug fixes 
Former-commit-id: 5800eee292f46fabbf0ca4f59e69d4b450b1cc5f
 2013-04-23 07:09:18 -04:00
Jeremy Long
bd71bb601e added removal off spurious CPE entries 
Former-commit-id: 3117c5a312eb57ec48e5686b5d3d2393364d5788
 2013-04-23 07:08:29 -04:00
Jeremy Long
116fe70061 added pre finding and post finding phases 
Former-commit-id: 7a5794735ad91a44f0c281c551fe7b8a79a9cdff
 2013-04-23 07:07:19 -04:00
Jeremy Long
231eb5067f added tests for DependencyVersionUtil 
Former-commit-id: ef73d9755d63561527d974775b73393cc780fd6e
 2013-04-23 07:06:30 -04:00
Jeremy Long
2562d6ff98 added better version analysis for dependency bundling 
Former-commit-id: c089750bbb5b23c7cca31138590b1dada55f59e5
 2013-04-23 07:05:42 -04:00
Jeremy Long
bb2abf4529 bug fixed regarding whether or not to include packages as evidence 
Former-commit-id: 0a180e491a630d6cbb1fb1083aabad97f44dc1fd
 2013-04-23 07:03:57 -04:00
Jeremy Long
9c0ef770b2 added axis and axis2 for testing 
Former-commit-id: eb21c8df788687269491b05f704a6ffe63d67e44
 2013-04-23 07:02:48 -04:00
Jeremy Long
43f0fa9e10 fixed bug in removing sources and javadoc JARs from analysis 
Former-commit-id: 044cbb59264adbc11f022b0b40e8a781b9c1a046
 2013-04-21 05:18:50 -04:00
Jeremy Long
6925ed78f6 added code to filter out sources.jar and javadoc.jar if no class files are contained 
Former-commit-id: 8c9ff1bdd942e0e1db80181196d8d23e17353b3a
 2013-04-20 15:43:12 -04:00
Jeremy Long
2ebe80b12f started snapshot 
Former-commit-id: 82092ccf6224eb8072476a48b937386cc3984ead
 2013-04-20 15:42:21 -04:00
Jeremy Long
34250f2cfe fixed line break issues 
Former-commit-id: 5f1310fb81d70c68d49e2479186949f1fae74caa
 2013-04-20 15:03:32 -04:00
Jeremy Long
d3153ef0f3 fixed line break issues 
Former-commit-id: 61c3e7e184fbdef8d0ada19d0366cd1b10cc1311
 2013-04-20 15:02:38 -04:00
Jeremy Long
5eaaa254ca fixed line breaks in the usage 
Former-commit-id: 186ade9f6b1c9b3fa1b5eab1cea6a2ce367a8b92
 2013-04-20 15:00:58 -04:00
Jeremy Long
c71bab2404 release 0.3.0.0 
Former-commit-id: f3069886fe0887a42f993eb344aacdf26a1c185d
 2013-04-20 14:55:28 -04:00
Jeremy Long
9d3cd0e13a minor bug fix 
Former-commit-id: cb65f6e4a1a38454760bbecef0246b9b014471b7
 2013-04-20 14:48:58 -04:00
Jeremy Long
033637dd92 added a schema for the dependency-check XML report 
Former-commit-id: a0df3302a9258bc0ac6933f1421913be21c89f74
 2013-04-20 14:41:08 -04:00
Jeremy Long
d6ba01f5f5 minor updates 
Former-commit-id: a3746443592105c7fb84d707a09c03dd83e378e1
 2013-04-20 13:36:44 -04:00
Jeremy Long
b3f0fb5392 removed un-necassary functionality from all analyzers and the base engine 
Former-commit-id: 255cddb785bc1bc5ee6c5c945280510201645d66
 2013-04-20 13:12:16 -04:00
Jeremy Long
df3aac0794 added related dependencies 
Former-commit-id: ed3ef90c1431cdff7d7a3ee52ee4f37f6feacdf1
 2013-04-20 13:11:31 -04:00
Jeremy Long
62b6bf9105 Correctly implemented this analyzer (hopefully) 
Former-commit-id: d65b60ee5212f3a10cc146a7f2aff345fd93695b
 2013-04-20 13:11:01 -04:00
Jeremy Long
dba1e0b316 checkstyle/PMD updates 
Former-commit-id: 3ea0d7bbe9842029bc1d2ab9d4bf168a27ab38e3
 2013-04-20 11:49:59 -04:00
Jeremy Long
0ad97dea0e added test case for VulnerableSoftware 
Former-commit-id: f91fcbbf9f29411459e3c667302b38ff6ea0dffc
 2013-04-20 07:18:27 -04:00
Jeremy Long
704f8e4f0b correct and issue with the comparable interface (invalid sort order) 
Former-commit-id: 4ed8acea596bd2e1bb7a1d7cd9beee367e2c4920
 2013-04-20 07:18:05 -04:00
Jeremy Long
2de68d9cda minor bug fix 
Former-commit-id: c61667a0382ce40fffc29b7290fb2bd5235edfff
 2013-04-20 06:28:40 -04:00
Jeremy Long
ca4a91d621 added vulnerable software to the report 
Former-commit-id: a301e9096ad4afc205f3b2cbb9b2eb27213f8e61
 2013-04-20 06:16:43 -04:00
Jeremy Long
c352cd63ac added a link to the NVD 
Former-commit-id: 4e105bafd0f508e6187b7852a2851034ef220140
 2013-04-20 06:03:37 -04:00
Jeremy Long
351817edf2 added license information 
Former-commit-id: 54a0c1e42a5aa6fab03bb208e168c26164ec1d93
 2013-04-20 06:00:36 -04:00
Jeremy Long
032015a70a updated license information 
Former-commit-id: 69776b7dc082cf132d6b9eca21347690629f9622
 2013-04-20 06:00:02 -04:00
Jeremy Long
096d136387 updated output format to accept 'ALL' to generated both HTML and XML reports 
Former-commit-id: 7ec90c7b40b6f23dc21739a72088931b5abc4d50
 2013-04-19 18:52:02 -04:00
Jeremy Long
616da84891 Updates to abstract analyzer and subclasses - removed duplicate code 
Former-commit-id: 618c113750bf2af612d9e476fd6992db5147fcdc
 2013-04-19 18:46:01 -04:00
Jeremy Long
811f85c127 Updated to accomadate removing dependencies (used by the DependencyBundlingAnalyzer) 
Former-commit-id: 3719925f410094d04d5276e118c48f6733d15a17
 2013-04-19 18:45:40 -04:00
Jeremy Long
1b021a2eec Updating Dependency Bundler to group related dependencies 
Former-commit-id: 7b77cffec9f6b9a5f01a3c47db0d00236bd4e8fb
 2013-04-19 18:44:25 -04:00
Jeremy Long
c05490ca09 Updating Dependency Bundler to group related dependencies 
Former-commit-id: 521c9be8621a24b42328ce2de81d22631f3a5dc5
 2013-04-19 18:43:31 -04:00
Jeremy Long
2223b3666f Adding Dependency Bundling to collapse multiple related dependencies into a single reportable instance 
Former-commit-id: a82034eaaa59e1ea9f69847135be01b5631d59cb
 2013-04-18 17:58:47 -04:00
Jeremy Long
561b9d78d4 checkstyle fix 
Former-commit-id: 4a0d9af646d6bd188fba48a4a7da94d2c2fc2371
 2013-04-18 07:02:05 -04:00
Jeremy Long
dc1e30bf39 PMD fixes 
Former-commit-id: 24dbeed70898d25700ab6ea9a2951ba2aac641fc
 2013-04-18 07:00:33 -04:00
Jeremy Long
28180267e4 checkstyle fixes 
Former-commit-id: eee44e97dc6e7ab3e84abfc49bb15263e5ee2225
 2013-04-18 06:54:36 -04:00
Jeremy Long
056b50aeba minor update to the description 
Former-commit-id: bf7bb530fa2b642c550faf60c3fb2e48b2acff93
 2013-04-18 06:54:24 -04:00
Jeremy Long
d3b16e5f75 bug fixes 
Former-commit-id: ce0654912058bdca615e265b8a3f946b4d488fb5
 2013-04-18 06:46:03 -04:00
Jeremy Long
c80b0b4286 minor update 
Former-commit-id: 20e8ddaede661b037475b65bf12c021079d17340
 2013-04-18 06:45:41 -04:00
Jeremy Long
b5c09528d0 added sorting for References via Comparable interface 
Former-commit-id: d7522ea20250c771d80f164f631107095c8c12c9
 2013-04-18 06:29:08 -04:00
Jeremy Long
99ce04a62f minor bug fix with sorted set 
Former-commit-id: 542d7f92b47cae01e16e59da3e66ee4e80d9d265
 2013-04-18 06:25:12 -04:00
Jeremy Long
d30910e711 added vulnerable software 
Former-commit-id: f573e77808357e7e48edbc394fac0ac71cebebb4
 2013-04-18 06:24:40 -04:00
Jeremy Long
f064c1a229 updated to use SortedSet instead of Set in a couple of places 
Former-commit-id: 87a86825e814d183af8957a0b0c284e20623fc19
 2013-04-18 05:50:17 -04:00
Jeremy Long
b888e1b5f8 implemented the Comparable interface 
Former-commit-id: 615f09c75ccdd2f526943a771fd724d8b90aea87
 2013-04-18 05:43:13 -04:00
Jeremy Long
1fcefb3bb7 implemented the Comparable interface 
Former-commit-id: 9e69353436d60bf42c851c8d7a9e8e3de5407571
 2013-04-18 05:42:25 -04:00
Jeremy Long
6143202428 checkstyle patches 
Former-commit-id: e65bd4197c8fb2d2dd5a0f5459f175eef31045fe
 2013-04-11 23:18:28 -04:00
Jeremy Long
3d15afa0b5 updated to release a snapshot 
Former-commit-id: 2ac4f44094dea5785cf9ad34a4b99ff1196eab87
 2013-04-11 23:01:18 -04:00
Jeremy Long
9f8270165a added functionality to remove some false positives 
Former-commit-id: cb57e83478e39b7145482214b45743e2e38e7faf
 2013-04-11 22:59:46 -04:00
Jeremy Long
cd4b02ba2f Implemented the Comparable interface 
Former-commit-id: 306cee400d6cc08ff2a61cd45019c3df8f223a29
 2013-04-11 06:05:58 -04:00
Jeremy Long
b88272802f added counts for imported quantities 
Former-commit-id: f3ceb36af76814dac70175126b1e10f32d5aef69
 2013-04-09 06:56:09 -04:00
Jeremy Long
0b8bb63f61 added counts for imported quantities 
Former-commit-id: cf2b0fda5e53fbd01280200814e49c5bdd5ef43c
 2013-04-09 06:55:43 -04:00
Jeremy Long
d6e387a29b checkstyle updates 
Former-commit-id: ab27a76b429996a66a4964d6d52aab97dd1f1bd1
 2013-03-30 22:11:04 -04:00
Jeremy Long
00a35ce93f checkstyle corrections 
Former-commit-id: 836c1ba05aa9daace394b44a6d25aca93d44e777
 2013-03-28 22:44:11 -04:00
Jeremy Long
2b1eca171c removed old file 
Former-commit-id: d2dc3cc856b0637f21c53ef998dfbe821e59196b
 2013-03-28 21:51:07 -04:00
Jeremy Long
84af7e0906 updated dependencies and plugins 
Former-commit-id: 1cc3f0d20c86159640f678c2b689af04431b8136
 2013-03-28 21:50:28 -04:00
Jeremy Long
d291033725 added ignores for Eclipse project files 
Former-commit-id: 64f078dc4e0473d6175144f8d298fe2313243bbc
 2013-03-27 07:22:47 -04:00
Jeremy Long
c9fd6d6cf8 version 0.2.6.1 
Former-commit-id: 216985f090c33a5d79c9389afd714a9423f15312
 2013-03-16 16:56:34 -04:00
Jeremy Long
bba3e85d0e checkstyle fixes 
Former-commit-id: a4197ab5fc0e6f0a927869a30cd5e302aed64a33
 2013-03-16 16:53:41 -04:00
Jeremy Long
05e480a3b7 added package name scanning back in if no other data was found 
Former-commit-id: d33a1fd126179ac5e191420541cf796c77c71c45
 2013-03-10 08:18:25 -04:00
Jeremy Long
d99e8f9ef5 Added 'deep scan' argument/property to indicate more evidence should be collected even if it increases false positives 
Former-commit-id: 200acdb012410df0cd59c164cd362f7940366fb1
 2013-03-08 17:33:01 -05:00
Jeremy Long
7d67d3fa86 fixed bug 
Former-commit-id: a9d2e22c806dc3bbd694f3d5f57d7aa11371fe44
 2013-03-08 17:32:16 -05:00
Jeremy Long
c7f7324d05 bug fix regarding duplicate terms being added to the lucene query 
Former-commit-id: beee4c78158abc0ffc1087d829ebd2ed747043b0
 2013-03-03 09:50:12 -05:00
Jeremy Long
5a5d699cab bug fixes 
Former-commit-id: 6411fe67e52a3eef4044b1d640bdfb6864c2dbf3
 2013-03-03 09:47:54 -05:00
Jeremy Long
ea1fb191a9 change in namespace as this is now an OWASP project 
Former-commit-id: dc00f98a142bef2560d90f3b851844f352fbf262
 2013-03-03 08:57:38 -05:00
Jeremy Long
f6f68655fb completed version 1 of XML report 
Former-commit-id: 329f048e5c1dca8173d5ce3ff7b22400577f392a
 2013-02-22 21:47:41 -05:00
Jeremy Long
5dcb68c07f added XML Report Template 
Former-commit-id: 73aa31a0322a46aaa189916712be13ff9e0f603a
 2013-02-21 02:33:11 -05:00
Jeremy Long
288b171f5a converted README.txt to MarkDown 
Former-commit-id: 60c7dfb0912bdf636173544fffe549a4f805aa0f
 2013-02-20 07:27:06 -05:00
Jeremy Long
d73ce5c1e2 updated 
Former-commit-id: 4d7c97d27286465773415fe50b70190d3c94dfc9
 2013-02-20 07:25:28 -05:00
Jeremy Long
d27cfe45ec updated 
Former-commit-id: df1f8fa51cfff15808799ac6f73bb402c68508e2
 2013-02-20 07:23:28 -05:00
Jeremy Long
dad343539e updated 
Former-commit-id: 521e29c94ac5235e01a6671d13f89b5a8fbcc160
 2013-02-20 07:22:30 -05:00
Jeremy Long
5c493248aa converted README.txt to MarkDown 
Former-commit-id: 382e7b832aff3f836fbd9857799e6b7803cd0d88
 2013-02-20 07:19:56 -05:00
Jeremy Long
708ba46040 spelling fixes 
Former-commit-id: 2e0c40c67da68f70be57e507b62e4df2dad8fc35
 2013-02-19 21:40:42 -05:00
Jeremy Long
b72a7d0440 cleanup and spelling fixes 
Former-commit-id: d966f548ebccb77139f668343459210022c4deaa
 2013-02-19 21:35:24 -05:00
Jeremy Long
b67092c472 add ignore for IntelliJ files 
Former-commit-id: a1f133a7808493eb4dd917504b49909d7c6696d5
 2013-02-19 20:25:00 -05:00
Jeremy Long
7220a2ca46 spelling errors corrected 
Former-commit-id: bf7ed2bf57b54a1acc916945963d07c0bb8f6675
 2013-02-17 07:46:10 -05:00
Jeremy Long
1165c11d2d Patches from Steve Springett for XML report format 
Former-commit-id: 56a6aaf8aa38904009d09c9192b3697de37be55a
 2013-02-17 07:27:01 -05:00
Jeremy Long
407aad924d updated failing test 
Former-commit-id: 172562190cccb5eddae8c4647351c9128680ca0b
 2013-02-13 21:38:03 -05:00
Jeremy Long
72fd37bfa8 updated notice 
Former-commit-id: e9e57757afd8530bdb9ba0d83daf04692b418eb2
 2013-02-03 08:20:47 -05:00
Jeremy Long
4dba00ad38 [maven-release-plugin] prepare release dependency-check-0.2.6.0 
Former-commit-id: 72f4e6be540edb2a8fd5ea3700a244e4aa0d9fbd
 2013-02-02 17:12:48 -05:00
Jeremy Long
283acc5e30 updated version 
Former-commit-id: f7ad88caa8ae9064d66c1bdff4d98c2dd0778d8b
 2013-02-02 16:50:29 -05:00
Jeremy Long
cfece9499b updated usage 
Former-commit-id: 807dd804fac2be34fb4a5c938e3e6bbdf694613e
 2013-02-02 16:49:11 -05:00
Jeremy Long
276078a2e3 bug fixes and additions 
Former-commit-id: 1eddb332f6dba5732284eda1ed1fa62cb196f7f9
 2013-02-02 16:44:46 -05:00
Jeremy Long
9e4b39988f bug fixes and additions 
Former-commit-id: 82130e779f30550ce08c7c90503c1cfce21e9b53
 2013-02-02 16:44:06 -05:00
Jeremy Long
9a9f03e730 added CWE Names 
Former-commit-id: e1d0daf70d7ba49b4667ecc9437c1b8f4efe036b
 2013-01-14 22:14:45 -05:00
Jeremy Long
d37ea348bf minor update 
Former-commit-id: abf23f47d2bf07f96200cf990a3c3a48179aedf9
 2013-01-13 17:05:19 -05:00
Jeremy Long
9478d5aea3 added CWE 
Former-commit-id: f47818f88a5fbbd883eb60709dab768f80e20c18
 2013-01-13 17:01:46 -05:00
Jeremy Long
c2dbe4c821 fixed analysis phase 
Former-commit-id: e28068852192aeba7912e434cde2ec207a679baa
 2013-01-13 16:53:28 -05:00
Jeremy Long
41f631d1c0 Added CVSS Scores 
Former-commit-id: 2feda15c4f42461b87a2a4e5941a32eb98a918de
 2013-01-13 16:48:27 -05:00
Jeremy Long
0080b916ce version 0.2.5.1 
Former-commit-id: 7ced778f0f8a749ffca1efd7d3416c4a16c1da26
 2013-01-09 22:51:06 -05:00
Jeremy Long
73782493b0 additional spring jar files for testing 
Former-commit-id: 95f8858a0b75ff74b4e039948c1848bcd3c1be22
 2013-01-09 22:50:11 -05:00
Jeremy Long
bb1e47ae43 fixed analyzer method signature, added SpringCleaningAnalyzer, and removed ArchiveAnalyzer interface 
Former-commit-id: 789fcd7a7c463ee2528c9a325a8536f2cc9278c5
 2013-01-09 22:49:41 -05:00
Jeremy Long
d1194f23d7 added 2013 NVD CVE file 
Former-commit-id: 049b7e8d493d722fb61896fd46067f625e56d79e
 2013-01-08 15:40:58 -05:00
Jeremy Long
b9eda7984f added mailing list 
Former-commit-id: a4ff51a95343a893e7565814a4a3ce21f19d6a75
 2013-01-06 12:38:56 -05:00
Jeremy Long
4b07b59bbc version 0.2.5.0 
Former-commit-id: 88eaccdc6e83a8c3c3061e38186bb45fb9ba5a3d
 2013-01-06 12:13:08 -05:00
Jeremy Long
4861b1befe bug fixes/replaced CVE datastore (lucene->H2) 
Former-commit-id: 51cd0f93a50b70b0722a139034f5e0dda416e803
 2013-01-06 12:04:27 -05:00
Jeremy Long
67c0815d8a updated file header 
Former-commit-id: cd617dd03567a665df4088d963047146918fe091
 2012-12-30 17:37:21 -05:00
Jeremy Long
ff4e40a910 added equals and hashCode 
Former-commit-id: 065a80852277add47d259f8f96fe9ed64c84ffe3
 2012-12-30 16:50:19 -05:00
Jeremy Long
7d9fa79bd4 format fix 
Former-commit-id: ae279dfda4fc8bda0d22a324c8d4cb461765fe7b
 2012-12-30 16:49:51 -05:00
Jeremy Long
78a7fe5b93 fixed commons-io reference 
Former-commit-id: 4f4d001485f248ebe9db02ccdc95174a2a25dda9
 2012-12-30 16:48:05 -05:00
Jeremy Long
f08a23fbf9 added db4o as project-local repo 
Former-commit-id: 9e64c3d1dd0979c401c8dd5ca31af6f8ce94e9ea
 2012-12-30 15:58:11 -05:00
Jeremy Long
46a5059b36 added vulnerable software 
Former-commit-id: 8bd4247143bfbc85e9786433d22da24e59ef676f
 2012-12-30 15:57:34 -05:00
Jeremy Long
41b3c475ab minor update 
Former-commit-id: fe4a040b4d07efc4d4c9bbfdadd9d53f4f9b7532
 2012-12-30 15:56:29 -05:00
Jeremy Long
5f798a4814 minor update 
Former-commit-id: 28ff2348960bfc4e8a5332b203098b0363ced143
 2012-12-30 15:56:21 -05:00
Jeremy Long
7a4ba451ad adding vulnerable software 
Former-commit-id: 2fbc588a90c8d11f2fa0f806fb14f6b31fddcbea
 2012-12-30 09:46:21 -05:00
Jeremy Long
3c62f8501c formating update 
Former-commit-id: 535878fa1a445cef81fcf01cf1c79451a56887da
 2012-12-30 09:31:49 -05:00
Jeremy Long
172558ed8c minor bug fixes 
Former-commit-id: f79fdb279ef60bebace4061a9df6d9a6e0cf818b
 2012-12-30 09:30:12 -05:00
Jeremy Long
86416292d6 removed deprecated functionality 
Former-commit-id: b4f14a8295ebc604267ab0d234ddf39c111e6164
 2012-12-30 09:09:23 -05:00
Jeremy Long
d4f097cfbc Update NVD CVE timestamp checking 
Former-commit-id: 5764a3ce90b6963d4476f581b712bc9df0c1a7cb
 2012-12-30 08:53:14 -05:00
Jeremy Long
40e4f9cd90 added Vulnerability class 
Former-commit-id: 1a7797d9730501267c7836660c255ac7f0b2b7ee
 2012-12-29 10:16:34 -05:00
299 changed files with 194171 additions and 16505 deletions
Expand all files Collapse all files

10
.gitignore vendored
View File

@@ -1 +1,9 @@
/target/
/target/
# Intellij project files
*.iml
*.ipr
*.iws
.idea/
# Eclipse project files
.classpath
.project

15
NOTICES.txt
View File

@@ -1,8 +1,17 @@
DependencyCheck
Copyright (c) 2012 Jeremy Long. All Rights Reserved.
Copyright (c) 2012-2013 Jeremy Long. All Rights Reserved.
The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
This product includes software developed by
The Apache Software Foundation (http://www.apache.org/).
This product includes software developed by
Jquery.com (http://jquery.com/).
Jquery.com (http://jquery.com/).
This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm

42
README.md Normal file
View File

@@ -0,0 +1,42 @@
DependencyCheck
=========
DependencyCheck is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries..
More information can be found on the [wiki].
Usage
-
> $ mvn package
> $ cd target
> $ java -jar dependency-check-[version].jar -h
> $ java -jar dependency-check-[version].jar -a Testing -out . -scan ./test-classes -scan ./lib
Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.
Mailing List
-
Subscribe: [dependency-check+subscribe@googlegroups.com] [subscribe]
Post: [dependency-check@googlegroups.com] [post]
Copyright & License
-
Dependency-Check is Copyright (c) 2012-2013 Jeremy Long. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the GPLv3 license. See the [LICENSE.txt] [GPLv3] file for the full license.
Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt] [notices] file for more information.
[wiki]: https://github.com/jeremylong/DependencyCheck/wiki
[subscribe]: mailto:dependency-check+subscribe@googlegroups.com
[post]: mailto:dependency-check@googlegroups.com
[GPLv3]: https://github.com/jeremylong/DependencyCheck/blob/master/LICENSE.txt
[notices]: https://github.com/jeremylong/DependencyCheck/blob/master/NOTICES.txt

17
README.txt
View File

@@ -1,17 +0,0 @@
About:
DependencyCheck is a utility that attempts to detect publically disclosed
vulnerabilities contained within project dependencies. It does this by determining
if there is a Common Platform Enumeration (CPE) identifier for a given dependency.
If found, it will generate a report linking to the associated CVE entries.
Usage:
$ mvn package
$ cd target
$ java -jar DependencyCheck-0.2.4.0.jar -h
$ java -jar DependencyCheck-0.2.4.0.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan ./test-classes/struts2-core-2.1.2.jar -scan ./lib
Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.
Author: Jeremy Long (jeremy.long@gmail.com)
Copyright (c) 2012 Jeremy Long. All Rights Reserved.

157
pom.xml
View File

@@ -8,43 +8,51 @@ it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
DependencyCheck is distributed in the hope that it will be useful,
Dependency-Check is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
along with DependencyCheck. If not, see <http://www.gnu.org/licenses />.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.codesecure</groupId>
<artifactId>DependencyCheck</artifactId>
<version>0.2.4.0</version>
<groupId>org.owasp</groupId>
<artifactId>dependency-check</artifactId>
<version>0.3.2.0</version>
<packaging>jar</packaging>
<name>DependencyCheck</name>
<url>https://github.com/jeremylong/DependencyCheck.git</url>
<description>DependencyCheck is a utility that attempts to detect publically disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.</description>
<description>Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.</description>
<inceptionYear>2012</inceptionYear>
<organization>
<name>Jeremy Long</name>
<name>owasp</name>
</organization>
<developers>
<developer>
<name>Jeremy Long</name>
<email>jeremy.long@gmail.com</email>
<organization>Codesecure</organization>
<organizationUrl>http://codesecure.blogspot.com</organizationUrl>
<email>jeremy.long@owasp.org</email>
<organization>OWASP</organization>
<organizationUrl>https://www.owasp.org/index.php/OWASP_Dependency_Check</organizationUrl>
<roles>
<role>architect</role>
<role>developer</role>
</roles>
</developer>
<developer>
<name>Steve Springett</name>
<email>Steve.Springett@owasp.org</email>
<organization>OWASP</organization>
<organizationUrl>https://www.owasp.org/index.php/OWASP_Dependency_Check</organizationUrl>
<roles>
<role>contributor</role>
</roles>
</developer>
</developers>
<scm>
<connection>scm:git:git@github.com:jeremylong/DependencyCheck.git</connection>
@@ -55,6 +63,15 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<system>github</system>
<url>https://github.com/jeremylong/DependencyCheck/issues</url>
</issueManagement>
<mailingLists>
<mailingList>
<name>Dependency Check</name>
<subscribe>dependency-check+subscribe@googlegroups.com</subscribe>
<unsubscribe>dependency-check+unsubscribe@googlegroups.com</unsubscribe>
<post>dependency-check@googlegroups.com</post>
<archive>https://groups.google.com/forum/?fromgroups#!forum/dependency-check</archive>
</mailingList>
</mailingLists>
<licenses>
<license>
<name>GNU General Public License version 3</name>
@@ -65,6 +82,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
</properties>
<build>
<resources>
<resource>
@@ -93,20 +111,20 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.3.2</version>
<version>2.4.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.8.1</version>
<version>2.9</version>
<configuration>
<bottom>Copyright&#169; 2012 Jeremy Long. All Rights Reserved.</bottom>
<bottom>Copyright© 2012 Jeremy Long. All Rights Reserved.</bottom>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.5.1</version>
<version>2.7</version>
<executions>
<execution>
<phase>package</phase>
@@ -127,7 +145,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<configuration>
<archive>
<manifest>
<mainClass>org.codesecure.dependencycheck.App</mainClass>
<mainClass>org.owasp.dependencycheck.App</mainClass>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addClasspath>true</addClasspath>
<classpathPrefix>lib/</classpathPrefix>
@@ -138,11 +156,10 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>2.5.1</version>
<version>2.5.2</version>
<configuration>
<instrumentation>
<ignores>
@@ -169,17 +186,12 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<lineRate>0</lineRate>
</regex>
<regex>
<pattern>org.codesecure.dependencycheck.data.cpe.Fields</pattern>
<pattern>org.owasp.dependencycheck.data.cpe.Fields</pattern>
<branchRate>0</branchRate>
<lineRate>0</lineRate>
</regex>
<regex>
<pattern>org.codesecure.dependencycheck.App</pattern>
<branchRate>0</branchRate>
<lineRate>0</lineRate>
</regex>
<regex>
<pattern>org.codesecure.dependencycheck.utils.SSDeep</pattern>
<pattern>org.owasp.dependencycheck.App</pattern>
<branchRate>0</branchRate>
<lineRate>0</lineRate>
</regex>
@@ -198,7 +210,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.12</version>
<version>2.14</version>
<configuration>
<systemProperties>
<property>
@@ -206,14 +218,6 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<value>${project.build.directory}/cobertura/cobertura.ser</value>
<workingDirectory>target</workingDirectory>
</property>
<!--<property>
<name>cve</name>
<value>${project.build.directory}/data/cve</value>
</property>
<property>
<name>cpe</name>
<value>${project.build.directory}/data/cpe</value>
</property>-->
<property>
<name>cve</name>
<value>target/data/cve</value>
@@ -231,7 +235,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<version>2.12.4</version>
<version>2.14</version>
<configuration>
<systemProperties>
<property>
@@ -259,17 +263,17 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.0</version>
<version>3.2</version>
<configuration>
<reportPlugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>2.5.1</version>
<version>2.6</version>
<reportSets>
<reportSet>
<reports>
<!--<report>mailing-list</report>-->
<report>mailing-list</report>
<!--<report>cim</report>-->
<report>index</report>
<report>summary</report>
@@ -286,7 +290,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>1.3.1</version>
<version>2.0</version>
<reportSets>
<reportSet>
<reports>
@@ -304,7 +308,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.12.2</version>
<version>2.14</version>
<reportSets>
<reportSet>
<reports>
@@ -316,12 +320,12 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>2.5.1</version>
<version>2.5.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>2.7.1</version>
<version>3.0.1</version>
<configuration>
<targetJdk>1.6</targetJdk>
<linkXref>true</linkXref>
@@ -335,11 +339,30 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<groupId>org.codehaus.mojo</groupId>
<artifactId>taglist-maven-plugin</artifactId>
<version>2.4</version>
<configuration>
<tagListOptions>
<tagClasses>
<tagClass>
<displayName>Todo Work</displayName>
<tags>
<tag>
<matchString>todo</matchString>
<matchType>ignoreCase</matchType>
</tag>
<tag>
<matchString>FIXME</matchString>
<matchType>exact</matchType>
</tag>
</tags>
</tagClass>
</tagClasses>
</tagListOptions>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.8.1</version>
<version>2.9</version>
<reportSets>
<reportSet>
<id>default</id>
@@ -352,7 +375,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.9.1</version>
<version>2.10</version>
<configuration>
<enableRulesSummary>false</enableRulesSummary>
<configLocation>src/main/config/checkstyle-checks.xml</configLocation>
@@ -361,7 +384,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.12.4</version>
<version>2.14</version>
<reportSets>
<reportSet>
<id>integration-tests</id>
@@ -382,40 +405,49 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>annotations</artifactId>
<version>2.0.1</version>
<scope>provided</scope><!-- don't include this in the libs-->
</dependency>
<dependency>
<groupId>commons-cli</groupId>
<artifactId>commons-cli</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.5</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.10</version>
<version>4.11</version>
<scope>test</scope>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-core</artifactId>
<version>4.0.0</version>
<!--<version>3.5.0</version>-->
<version>4.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-analyzers-common</artifactId>
<version>4.0.0</version>
<version>4.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-queryparser</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-io</artifactId>
<version>1.3.2</version>
<version>4.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
@@ -466,17 +498,16 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
</exclusion>
</exclusions>
</dependency>
<!--
<dependency>
<groupId>org.fusesource.hawtdb</groupId>
<artifactId>hawtdb</artifactId>
<version>1.6</version>
</dependency>-->
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.3.172</version>
</dependency>
<!-- The following dependencies are only scanned during integration testing -->
<!--<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<artifactId>spring-webmvc</artifactId>
<version>2.5.5</version>
<scope>test</scope>
</dependency>-->

398
src/main/config/checkstyle-checks.xml
View File

@@ -1,205 +1,223 @@
<?xml version="1.0"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE module PUBLIC
"-//Puppy Crawl//DTD Check Configuration 1.2//EN"
"http://www.puppycrawl.com/dtds/configuration_1_2.dtd">
<!--
Checkstyle configuration that checks the maven coding conventions from:
-->
"-//Puppy Crawl//DTD Check Configuration 1.3//EN"
"http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
<module name="Checker">
<!--
If you set the basedir property below, then all reported file
names will be relative to the specified directory. See
http://checkstyle.sourceforge.net/5.x/config.html#Checker
<!-- Checks that each Java package has a Javadoc file used for commenting. -->
<!-- See http://checkstyle.sf.net/config_javadoc.html#JavadocPackage -->
<module name="JavadocPackage">
<!--property name="allowLegacy" value="true"/-->
</module>
<property name="basedir" value="${basedir}"/>
-->
<!-- Checks whether files end with a new line. -->
<!-- See http://checkstyle.sf.net/config_misc.html#NewlineAtEndOfFile -->
<!--module name="NewlineAtEndOfFile">
<property name="lineSeparator" value="system"/>
<property name="severity" value="error"/>
<module name="SuppressionFilter">
<property name="file" value="src/main/config/checkstyle-suppressions.xml"/>
</module>
<module name="JavadocPackage">
<property name="allowLegacy" value="false"/>
</module>
<module name="Translation">
<property name="severity" value="warning"/>
</module>
<module name="FileTabCharacter">
<property name="eachLine" value="false"/>
</module>
<module name="FileLength">
<property name="fileExtensions" value="java"/>
</module>
<module name="NewlineAtEndOfFile">
<property name="fileExtensions" value="java"/>
<property name="lineSeparator" value="lf"/>
</module>
<module name="RegexpHeader">
<property name="headerFile" value="src/main/config/checkstyle-header.txt"/>
<property name="fileExtensions" value="java"/>
<property name="id" value="header"/>
</module>
<module name="RegexpSingleline">
<property name="format" value="\s+$"/>
<property name="minimum" value="0"/>
<property name="maximum" value="0"/>
</module>
<module name="TreeWalker">
<property name="tabWidth" value="4"/>
<module name="AvoidStarImport"/>
<module name="ConstantName"/>
<module name="EmptyBlock"/>
<module name="EmptyForIteratorPad"/>
<module name="EqualsHashCode"/>
<module name="OneStatementPerLine"/>
<!-- module name="IllegalCatch"/ -->
<!--module name="ImportControl">
<property name="file" value="${checkstyle.importcontrol.file}"/>
</module-->
<module name="SuppressionFilter">
<property name="file" value="src/main/config/checkstyle-suppressions.xml"/>
<module name="IllegalImport"/>
<module name="IllegalInstantiation"/>
<module name="IllegalThrows"/>
<module name="InnerAssignment"/>
<module name="JavadocType">
<property name="authorFormat" value="\S"/>
</module>
<module name="JavadocMethod">
<property name="allowUndeclaredRTE" value="true"/>
<property name="allowThrowsTagsForSubclasses" value="true"/>
<property name="allowMissingPropertyJavadoc" value="true"/>
</module>
<module name="JavadocVariable"/>
<module name="JavadocStyle">
<property name="scope" value="public"/>
</module>
<!-- Checks that property files contain the same keys. -->
<!-- See http://checkstyle.sf.net/config_misc.html#Translation -->
<!-- module name="Translation"/ -->
<module name="FileLength"/>
<!-- Checks for Headers -->
<!-- See http://checkstyle.sf.net/config_header.html -->
<module name="RegexpHeader">
<property name="headerFile" value="src/main/config/checkstyle-header.txt"/>
</module>
<module name="FileTabCharacter">
<property name="eachLine" value="true"/>
<module name="LeftCurly">
<property name="option" value="eol"/>
<property name="tokens" value="CLASS_DEF"/>
<property name="tokens" value="CTOR_DEF"/>
<property name="tokens" value="INTERFACE_DEF"/>
<property name="tokens" value="METHOD_DEF"/>
<property name="tokens" value="LITERAL_CATCH"/>
<property name="tokens" value="LITERAL_DO"/>
<property name="tokens" value="LITERAL_ELSE"/>
<property name="tokens" value="LITERAL_FINALLY"/>
<property name="tokens" value="LITERAL_FOR"/>
<property name="tokens" value="LITERAL_IF"/>
<property name="tokens" value="LITERAL_SWITCH"/>
<property name="tokens" value="LITERAL_SYNCHRONIZED"/>
<property name="tokens" value="LITERAL_TRY"/>
<property name="tokens" value="LITERAL_WHILE"/>
</module>
<!-- Line with trailing spaces (disabled as it's too noisy) -->
<module name="RegexpSingleline">
<property name="format" value="\s+$"/>
<property name="message" value="Line has trailing spaces."/>
<module name="OuterTypeNumber"/>
<module name="LineLength">
<property name="ignorePattern" value="^ *\* *[^ ]+$"/>
<property name="max" value="150"/>
</module>
<module name="TreeWalker">
<property name="cacheFile" value="${checkstyle.cache.file}"/>
<property name="tabWidth" value="4"/>
<module name="LeftCurly">
<property name="option" value="eol"/>
</module>
<module name="RightCurly">
<!--property name="option" value="alone"/-->
</module>
<module name="LineLength">
<property name="max" value="150" />
<property name="ignorePattern" value="@version|@see|@todo|TODO"/>
</module>
<module name="MemberName" />
<!-- Checks for Javadoc comments. -->
<!-- See http://checkstyle.sf.net/config_javadoc.html -->
<module name="JavadocMethod">
<property name="severity" value="warning"/>
<property name="scope" value="protected"/>
</module>
<module name="JavadocType">
<property name="scope" value="protected"/>
<property name="allowUnknownTags" value="true" />
</module>
<module name="JavadocVariable">
<property name="severity" value="info"/>
<property name="scope" value="protected"/>
</module>
<!-- Checks for Naming Conventions. -->
<!-- See http://checkstyle.sf.net/config_naming.html -->
<module name="ConstantName"/>
<module name="LocalFinalVariableName"/>
<module name="LocalVariableName"/>
<module name="MethodName"/>
<module name="PackageName"/>
<module name="ParameterName"/>
<module name="StaticVariableName"/>
<module name="TypeName"/>
<!-- Checks for imports -->
<!-- See http://checkstyle.sf.net/config_import.html -->
<!--<module name="AvoidStarImport"/>-->
<module name="IllegalImport"/>
<module name="RedundantImport"/>
<module name="UnusedImports"/>
<!-- Checks for Size Violations. -->
<!-- See http://checkstyle.sf.net/config_sizes.html -->
<module name="MethodLength"/>
<module name="ParameterNumber"/>
<!-- Checks for whitespace -->
<!-- See http://checkstyle.sf.net/config_whitespace.html -->
<module name="EmptyForIteratorPad">
<property name="option" value="space"/>
</module>
<module name="OperatorWrap"/>
<!--module name="ParenPad">
<property name="option" value="space" />
</module-->
<module name="WhitespaceAfter"/>
<module name="WhitespaceAround"/>
<!-- module name="MethodParamPad"/ -->
<!-- Modifier Checks -->
<!-- See http://checkstyle.sf.net/config_modifiers.html -->
<module name="ModifierOrder"/>
<module name="RedundantModifier"/>
<!-- Checks for blocks. You know, those {}'s -->
<!-- See http://checkstyle.sf.net/config_blocks.html -->
<module name="AvoidNestedBlocks"/>
<module name="EmptyBlock">
<property name="option" value="text"/>
</module>
<module name="NeedBraces"/>
<!-- Checks for common coding problems -->
<!-- See http://checkstyle.sf.net/config_coding.html -->
<!-- module name="AvoidInlineConditionals"/ -->
<module name="DoubleCheckedLocking"/>
<module name="EmptyStatement"/>
<module name="EqualsHashCode"/>
<module name="HiddenField">
<property name="severity" value="warning"/>
<property name="ignoreSetter" value="true"/>
<property name="ignoreConstructorParameter" value="true"/>
</module>
<module name="IllegalInstantiation"/>
<module name="InnerAssignment"/>
<!--
<module name="MagicNumber">
<property name="ignoreNumbers" value="-4, -3, -2, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 14, 32, 64, 100, 128, 256, 512, 1000, 1024, 4096"/>
</module>
-->
<module name="MissingSwitchDefault"/>
<!--module name="RedundantThrows"/-->
<module name="SimplifyBooleanExpression"/>
<module name="SimplifyBooleanReturn"/>
<!-- Checks for class design -->
<!-- See http://checkstyle.sf.net/config_design.html -->
<!-- module name="DesignForExtension"/ -->
<!-- module name="FinalClass"/ -->
<module name="HideUtilityClassConstructor"/>
<module name="InterfaceIsType"/>
<module name="VisibilityModifier">
<property name="protectedAllowed" value="true"/>
<property name="packageAllowed" value="true"/>
</module>
<!-- Miscellaneous other checks. -->
<!-- See http://checkstyle.sf.net/config_misc.html -->
<!-- module name="ArrayTypeStyle"/ -->
<!-- module name="FinalParameters"/ -->
<!-- Let todo plugin handle this.
<module name="TodoComment"/>
-->
<module name="UpperEll"/>
<module name="MethodCount">
<property name="maxTotal" value="40"/>
</module>
</module>
<module name="LocalFinalVariableName"/>
<module name="LocalVariableName"/>
<module name="MemberName">
<property name="format" value="^[a-z][a-zA-Z0-9]*$"/>
</module>
<module name="MethodLength">
<property name="max" value="160"/>
<property name="countEmpty" value="false"/>
</module>
<module name="MethodName"/>
<module name="MethodParamPad"/>
<module name="ModifierOrder"/>
<module name="NeedBraces"/>
<module name="NoWhitespaceAfter">
<property name="tokens" value="ARRAY_INIT"/>
<property name="tokens" value="BNOT"/>
<property name="tokens" value="DEC"/>
<property name="tokens" value="DOT"/>
<property name="tokens" value="INC"/>
<property name="tokens" value="LNOT"/>
<property name="tokens" value="UNARY_MINUS"/>
<property name="tokens" value="UNARY_PLUS"/>
</module>
<module name="NoWhitespaceBefore"/>
<module name="NoWhitespaceBefore">
<property name="tokens" value="DOT"/>
<property name="allowLineBreaks" value="true"/>
</module>
<module name="OperatorWrap"/>
<module name="OperatorWrap">
<property name="tokens" value="ASSIGN"/>
<property name="tokens" value="DIV_ASSIGN"/>
<property name="tokens" value="PLUS_ASSIGN"/>
<property name="tokens" value="MINUS_ASSIGN"/>
<property name="tokens" value="STAR_ASSIGN"/>
<property name="tokens" value="MOD_ASSIGN"/>
<property name="tokens" value="SR_ASSIGN"/>
<property name="tokens" value="BSR_ASSIGN"/>
<property name="tokens" value="SL_ASSIGN"/>
<property name="tokens" value="BXOR_ASSIGN"/>
<property name="tokens" value="BOR_ASSIGN"/>
<property name="tokens" value="BAND_ASSIGN"/>
<property name="option" value="eol"/>
</module>
<module name="PackageName"/>
<module name="ParameterName">
<property name="format" value="^[a-z][a-zA-Z0-9]*$"/>
</module>
<module name="ParameterNumber">
<property name="id" value="paramNum"/>
</module>
<module name="ParenPad"/>
<module name="TypecastParenPad"/>
<module name="RedundantImport"/>
<module name="RedundantModifier"/>
<module name="RightCurly">
<property name="option" value="same"/>
</module>
<module name="SimplifyBooleanExpression"/>
<module name="SimplifyBooleanReturn"/>
<module name="StaticVariableName">
<property name="format" value="^[a-z][a-zA-Z0-9]*$"/>
</module>
<module name="TypeName"/>
<module name="UnusedImports"/>
<module name="UpperEll"/>
<module name="VisibilityModifier"/>
<module name="WhitespaceAfter"/>
<module name="WhitespaceAround"/>
<module name="GenericWhitespace"/>
<module name="FinalClass"/>
<module name="MissingSwitchDefault"/>
<!--module name="MagicNumber"/-->
<!--module name="Indentation">
<property name="basicOffset" value="4"/>
<property name="braceAdjustment" value="0"/>
<property name="caseIndent" value="0"/>
</module-->
<module name="ArrayTrailingComma"/>
<module name="FinalLocalVariable"/>
<module name="EqualsAvoidNull"/>
<module name="ParameterAssignment"/>
<!-- Generates quite a few errors -->
<module name="CyclomaticComplexity">
<property name="severity" value="ignore"/>
</module>
<module name="NestedForDepth">
<property name="max" value="2"/>
</module>
<module name="NestedIfDepth">
<property name="max" value="4"/>
</module>
<module name="NestedTryDepth">
<property name="max" value="2"/>
</module>
<!--module name="ExplicitInitialization"/-->
<module name="AnnotationUseStyle"/>
<module name="MissingDeprecated"/>
<module name="MissingOverride">
<property name="javaFiveCompatibility" value="true"/>
</module>
<module name="PackageAnnotation"/>
<module name="SuppressWarnings"/>
<module name="OuterTypeFilename"/>
<module name="HideUtilityClassConstructor"/>
</module>
</module>

14
src/main/config/checkstyle-header.txt
View File

@@ -1,19 +1,19 @@
^package
^/\*\s*$
^ \* This file is part of DependencyCheck\.\s*$
^ \* This file is part of Dependency-Check\.\s*$
^ \*\s*$
^ \* DependencyCheck is free software\: you can redistribute it and/or modify it\s*$
^ \* Dependency-Check is free software\: you can redistribute it and/or modify it\s*$
^ \* under the terms of the GNU General Public License as published by the Free\s*$
^ \* Software Foundation, either version 3 of the License, or \(at your option\) any\s*$
^ \* later version\.
^ \*\s*$
^ \* DependencyCheck is distributed in the hope that it will be useful, but\s*$
^ \* Dependency-Check is distributed in the hope that it will be useful, but\s*$
^ \* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or\s*$
^ \* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more\s*$
^ \* details\.\s*$
^ \*\s*$
^ \* You should have received a copy of the GNU General Public License along with\s*$
^ \* DependencyCheck\. If not, see http://www.gnu.org/licenses/\.\s*$
^ \* Dependency-Check\. If not, see http://www.gnu.org/licenses/\.\s*$
^ \*\s*$
^ \* Copyright \(c\) 2012 Jeremy Long\. All Rights Reserved\.\s*$
^ \*/\s*$
^ \* Copyright \(c\) 201[23] (Jeremy Long|Steve Springett)\. All Rights Reserved\.\s*$
^ \*/\s*$
^package

7
src/main/config/checkstyle-suppressions.xml
View File

@@ -6,11 +6,10 @@
<suppressions>
<suppress checks=".*" files=".*[\\/]package-info\.java" />
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]SSDeep.java" />
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]Filter.java" />
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]Checksum.java" />
<suppress checks=".*" files=".*org[\\/]owasp[\\/]dependencycheck[\\/]utils[\\/]Filter.java" />
<suppress checks=".*" files=".*org[\\/]owasp[\\/]dependencycheck[\\/]utils[\\/]Checksum.java" />
<suppress checks=".*" files=".*[\\/]generated[\\/].*.java" />
<suppress checks="MagicNumberCheck"
files="org[\\/]codesecure[\\/]dependencycheck[\\/]data[\\/]cpe/Entry.java"
files="org[\\/]owasp[\\/]dependencycheck[\\/]data[\\/]cpe/Entry.java"
lines="376"/>
</suppressions>

48
src/main/java/org/codesecure/dependencycheck/analyzer/ArchiveAnalyzer.java
View File

@@ -1,48 +0,0 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import org.codesecure.dependencycheck.dependency.Dependency;
import java.io.IOException;
import org.codesecure.dependencycheck.Engine;
/**
* An interface that defines an Analyzer that is used to expand archives and
* allow the engine to scan the contents.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public interface ArchiveAnalyzer {
/**
* An ArchiveAnalyzer expands an archive and calls the scan method of the
* engine on the exploded contents.
*
* @param dependency a dependency to analyze.
* @param engine the engine that is scanning the dependencies.
* @throws IOException is thrown if there is an error reading the dependency
* file
*/
void analyze(Dependency dependency, Engine engine) throws IOException;
/**
* Cleans any temporary files generated when analyzing the archive.
*/
void cleanup();
}

636
src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -1,636 +0,0 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.File;
import java.io.FileInputStream;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBException;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Evidence;
import org.codesecure.dependencycheck.dependency.EvidenceCollection;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.jar.Attributes;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.Unmarshaller;
import org.codesecure.dependencycheck.analyzer.pom.generated.License;
import org.codesecure.dependencycheck.analyzer.pom.generated.Model;
import org.codesecure.dependencycheck.analyzer.pom.generated.Organization;
import org.codesecure.dependencycheck.utils.NonClosingStream;
/**
*
* Used to load a JAR file and collect information that can be used to determine
* the associated CPE.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class JarAnalyzer extends AbstractAnalyzer {
/**
* The system independent newline character.
*/
private static final String NEWLINE = System.getProperty("line.separator");
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Jar Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INITIAL;
/**
* A list of elements in the manifest to ignore.
*/
private static final Set<String> IGNORE_LIST = newHashSet(
"built-by",
"created-by",
"builtby",
"createdby",
"build-jdk",
"buildjdk",
"ant-version",
"antversion",
"import-package",
"export-package",
"importpackage",
"exportpackage",
"sealed",
"manifest-version",
"archiver-version",
"manifestversion",
"archiverversion",
"classpath",
"class-path",
"tool",
"bundle-manifestversion",
"bundlemanifestversion");
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("jar");
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_VERSION = "Bundle-Version"; //: 2.1.2
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_DESCRIPTION = "Bundle-Description"; //: Apache Struts 2
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_NAME = "Bundle-Name"; //: Struts 2 Core
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_VENDOR = "Bundle-Vendor"; //: Apache Software Foundation
/**
* The JAXB Contexts used to unmarshall the pom.xml from a JAR file.
*/
private JAXBContext jaxbContext = null;
/**
* The unmarshaller used to parse the pom.xml from a JAR file.
*/
private Unmarshaller pomUnmarshaller = null;
/**
* Constructs a new JarAnalyzer.
*/
public JarAnalyzer() {
try {
jaxbContext = JAXBContext.newInstance("org.codesecure.dependencycheck.analyzer.pom.generated");
pomUnmarshaller = jaxbContext.createUnmarshaller();
} catch (JAXBException ex) { //guess we will just have a null pointer exception later...
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by tihs
* analyzer.
*/
public boolean supportsExtension(String extension) {
return EXTENSIONS.contains(extension);
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* Loads a specified JAR file and collects information from the manifest and
* checksums to identify the correct CPE information.
*
* @param dependency the dependency to analyze.
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency) throws AnalysisException {
try {
parseManifest(dependency);
analyzePackageNames(dependency);
analyzePOM(dependency);
addPredefinedData(dependency);
} catch (IOException ex) {
throw new AnalysisException("Exception occured reading the JAR file.", ex);
} catch (JAXBException ex) {
throw new AnalysisException("Exception occured reading the POM within the JAR file.", ex);
}
}
/**
* Attempts to find a pom.xml within the JAR file. If found it extracts information
* and adds it to the evidence. This will attempt to interpolate the strings contained
* within the pom.properties if one exists.
*
* @param dependency the dependency being analyzed.
* @throws IOException is thrown if there is an error reading the zip file.
* @throws JAXBException is thrown if there is an error extracting the model (aka pom).
* @throws AnalysisException is thrown if there is an exception parsing the pom.
*/
protected void analyzePOM(Dependency dependency) throws IOException, JAXBException, AnalysisException {
Properties pomProperties = null;
Model pom = null;
FileInputStream fs = null;
try {
fs = new FileInputStream(dependency.getActualFilePath());
ZipInputStream zin = new ZipInputStream(fs);
ZipEntry entry = zin.getNextEntry();
while (entry != null) {
String entryName = (new File(entry.getName())).getName().toLowerCase();
if (!entry.isDirectory() && "pom.xml".equals(entryName)) {
if (pom == null) {
NonClosingStream stream = new NonClosingStream(zin);
JAXBElement obj = (JAXBElement) pomUnmarshaller.unmarshal(stream);
pom = (org.codesecure.dependencycheck.analyzer.pom.generated.Model) obj.getValue();
zin.closeEntry();
} else {
throw new AnalysisException("JAR file contains multiple pom.xml files - unable to process POM");
}
} else if (!entry.isDirectory() && "pom.properties".equals(entryName)) {
if (pomProperties == null) {
Reader reader = new InputStreamReader(zin, "UTF-8");
pomProperties = new Properties();
pomProperties.load(reader);
zin.closeEntry();
} else {
throw new AnalysisException("JAR file contains multiple pom.properties files - unable to process POM");
}
}
entry = zin.getNextEntry();
}
} catch (IOException ex) {
throw new AnalysisException("Error reading JAR file as zip.", ex);
} finally {
if (fs != null) {
fs.close();
}
}
if (pom != null) {
//group id
String groupid = interpolateString(pom.getGroupId(), pomProperties);
if (groupid != null) {
dependency.getVendorEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.HIGH);
dependency.getProductEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.LOW);
}
//artifact id
String artifactid = interpolateString(pom.getArtifactId(), pomProperties);
if (artifactid != null) {
dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.HIGH);
}
//version
String version = interpolateString(pom.getVersion(), pomProperties);
if (version != null) {
dependency.getVersionEvidence().addEvidence("pom", "version", version, Evidence.Confidence.HIGH);
}
// org name
Organization org = pom.getOrganization();
if (org != null && org.getName() != null) {
String orgName = interpolateString(org.getName(), pomProperties);
dependency.getVendorEvidence().addEvidence("pom", "organization name", orgName, Evidence.Confidence.HIGH);
}
//pom name
String pomName = interpolateString(pom.getName(), pomProperties);
if (pomName != null) {
dependency.getProductEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
}
//Description
if (pom.getDescription() != null) {
String description = interpolateString(pom.getDescription(), pomProperties);
dependency.setDescription(description);
dependency.getProductEvidence().addEvidence("pom", "description", description, Evidence.Confidence.MEDIUM);
dependency.getVendorEvidence().addEvidence("pom", "description", description, Evidence.Confidence.MEDIUM);
}
//license
if (pom.getLicenses() != null) {
String license = null;
for (License lic : pom.getLicenses().getLicense()) {
String tmp = null;
if (lic.getName() != null) {
tmp = interpolateString(lic.getName(), pomProperties);
}
if (lic.getUrl() != null) {
if (tmp == null) {
tmp = interpolateString(lic.getUrl(), pomProperties);
} else {
tmp += ": " + interpolateString(lic.getUrl(), pomProperties);
}
}
if (tmp == null) {
continue;
}
if (license == null) {
license = tmp;
} else {
license += "\n" + tmp;
}
}
if (license != null) {
dependency.setLicense(license);
}
}
}
}
/**
* Analyzes the path information of the classes contained within the
* JarAnalyzer to try and determine possible vendor or product names. If any
* are found they are stored in the packageVendor and packageProduct
* hashSets.
*
* @param dependency A reference to the dependency.
* @throws IOException is thrown if there is an error reading the JAR file.
*/
protected void analyzePackageNames(Dependency dependency) throws IOException {
JarFile jar = new JarFile(dependency.getActualFilePath());
java.util.Enumeration en = jar.entries();
HashMap<String, Integer> level0 = new HashMap<String, Integer>();
HashMap<String, Integer> level1 = new HashMap<String, Integer>();
HashMap<String, Integer> level2 = new HashMap<String, Integer>();
HashMap<String, Integer> level3 = new HashMap<String, Integer>();
int count = 0;
while (en.hasMoreElements()) {
java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement();
if (entry.getName().endsWith(".class") && entry.getName().contains("/")) {
String[] path = entry.getName().toLowerCase().split("/");
if ("java".equals(path[0])
|| "javax".equals(path[0])
|| ("com".equals(path[0]) && "sun".equals(path[0]))) {
continue;
}
count += 1;
String temp = path[0];
if (level0.containsKey(temp)) {
level0.put(temp, level0.get(temp) + 1);
} else {
level0.put(temp, 1);
}
if (path.length > 2) {
temp += "/" + path[1];
if (level1.containsKey(temp)) {
level1.put(temp, level1.get(temp) + 1);
} else {
level1.put(temp, 1);
}
}
if (path.length > 3) {
temp += "/" + path[2];
if (level2.containsKey(temp)) {
level2.put(temp, level2.get(temp) + 1);
} else {
level2.put(temp, 1);
}
}
if (path.length > 4) {
temp += "/" + path[3];
if (level3.containsKey(temp)) {
level3.put(temp, level3.get(temp) + 1);
} else {
level3.put(temp, 1);
}
}
}
}
if (count == 0) {
return;
}
EvidenceCollection vendor = dependency.getVendorEvidence();
EvidenceCollection product = dependency.getProductEvidence();
for (String s : level0.keySet()) {
if (!"org".equals(s) && !"com".equals(s)) {
vendor.addWeighting(s);
product.addWeighting(s);
vendor.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
product.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
}
}
for (String s : level1.keySet()) {
float ratio = level1.get(s);
ratio /= count;
if (ratio > 0.5) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
product.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
}
}
for (String s : level2.keySet()) {
float ratio = level2.get(s);
ratio /= count;
if (ratio > 0.4) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
}
}
for (String s : level3.keySet()) {
float ratio = level3.get(s);
ratio /= count;
if (ratio > 0.3) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
}
}
}
/**
* <p>Reads the manifest from the JAR file and collects the entries. Some
* key entries are:</p> <ul><li>Implementation Title</li> <li>Implementation
* Version</li> <li>Implementation Vendor</li> <li>Implementation
* VendorId</li> <li>Bundle Name</li> <li>Bundle Version</li> <li>Bundle
* Vendor</li> <li>Bundle Description</li> <li>Main Class</li> </ul>
* However, all but a handful of specific entries are read in.
*
* @param dependency A reference to the dependency.
* @throws IOException if there is an issue reading the JAR file.
*/
protected void parseManifest(Dependency dependency) throws IOException {
JarFile jar = new JarFile(dependency.getActualFilePath());
Manifest manifest = jar.getManifest();
if (manifest == null) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE,
"Jar file '{0}' does not contain a manifest.",
dependency.getFileName());
return;
}
Attributes atts = manifest.getMainAttributes();
EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
EvidenceCollection productEvidence = dependency.getProductEvidence();
EvidenceCollection versionEvidence = dependency.getVersionEvidence();
String source = "Manifest";
for (Entry<Object, Object> entry : atts.entrySet()) {
String key = entry.getKey().toString();
String value = atts.getValue(key);
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_DESCRIPTION)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
dependency.setDescription(value);
} else if (key.equals(BUNDLE_NAME)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_VENDOR)) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(BUNDLE_VERSION)) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else {
key = key.toLowerCase();
if (!IGNORE_LIST.contains(key) && !key.endsWith("jdk")
&& !key.contains("lastmodified") && !key.endsWith("package")) {
if (key.contains("version")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("title")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("vendor")) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("name")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("license")) {
addLicense(dependency, value);
} else {
if (key.contains("description")) {
addDescription(dependency, value);
}
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
if (value.matches(".*\\d.*")) {
StringTokenizer tokenizer = new StringTokenizer(value, " ");
while (tokenizer.hasMoreElements()) {
String s = tokenizer.nextToken();
if (s.matches("^[0-9.]+$")) {
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
}
}
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
}
}
}
}
}
}
private void addDescription(Dependency d, String description) {
if (d.getDescription() == null) {
d.setDescription(description);
}
}
private void addLicense(Dependency d, String license) {
if (d.getLicense() == null) {
d.setLicense(license);
} else if (!d.getLicense().contains(license)) {
d.setLicense(d.getLicense() + NEWLINE + license);
}
}
/**
* The initialize method does nothing for this Analyzer
*/
public void initialize() {
//do nothing
}
/**
* The close method does nothing for this Analyzer
*/
public void close() {
//do nothing
}
/**
* A utiltiy function that will interpolate strings based on values given
* in the properties file. It will also interpolate the strings contained
* within the properties file so that properties can reference other
* properties.
*
* @param text the string that contains references to properties.
* @param properties a collection of properties that may be referenced within the text.
* @return the interpolated text.
*/
protected String interpolateString(String text, Properties properties) {
//${project.build.directory}
if (properties == null || text == null) {
return text;
}
int pos = text.indexOf("${");
if (pos < 0) {
return text;
}
int end = text.indexOf("}");
if (end < pos) {
return text;
}
String propName = text.substring(pos + 2, end);
String propValue = interpolateString(properties.getProperty(propName), properties);
if (propValue == null) {
propValue = "";
}
StringBuilder sb = new StringBuilder(propValue.length() + text.length());
sb.append(text.subSequence(0, pos));
sb.append(propValue);
sb.append(text.substring(end + 1));
return interpolateString(sb.toString(), properties); //yes yes, this should be a loop...
}
private void addPredefinedData(Dependency dependency) {
Evidence spring = new Evidence("Manifest",
"Implementation-Title",
"Spring Framework",
Evidence.Confidence.HIGH);
if (dependency.getProductEvidence().getEvidence().contains(spring)) {
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "SpringSource", Evidence.Confidence.HIGH);
}
}
}

146
src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java
View File

@@ -1,146 +0,0 @@
package org.codesecure.dependencycheck.data.cpe;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.File;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.core.KeywordAnalyzer;
import org.apache.lucene.analysis.miscellaneous.PerFieldAnalyzerWrapper;
import org.apache.lucene.queryparser.classic.QueryParser;
import org.apache.lucene.store.Directory;
import org.apache.lucene.store.FSDirectory;
import org.apache.lucene.util.Version;
import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
import org.codesecure.dependencycheck.utils.Settings;
import org.codesecure.dependencycheck.data.lucene.FieldAnalyzer;
import org.codesecure.dependencycheck.data.lucene.SearchFieldAnalyzer;
/**
* The Index class is used to utilize and maintain the CPE Index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class Index extends AbstractIndex {
/**
* Returns the directory that holds the CPE Index.
*
* @return the Directory containing the CPE Index.
* @throws IOException is thrown if an IOException occurs.
*/
public Directory getDirectory() throws IOException {
File path = getDataDirectory();
Directory dir = FSDirectory.open(path);
return dir;
}
/**
* Retrieves the directory that the JAR file exists in so that
* we can ensure we always use a common data directory.
*
* @return the data directory for this index.
* @throws IOException is thrown if an IOException occurs of course...
*/
public File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create CPE Data directory");
}
}
return path;
}
/**
* Creates an Analyzer for the CPE Index.
*
* @return the CPE Analyzer.
*/
@SuppressWarnings("unchecked")
public Analyzer createIndexingAnalyzer() {
Map fieldAnalyzers = new HashMap();
fieldAnalyzers.put(Fields.VERSION, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.NAME, new KeywordAnalyzer());
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(
new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers);
return wrapper;
}
private SearchFieldAnalyzer productSearchFieldAnalyzer = null;
private SearchFieldAnalyzer vendorSearchFieldAnalyzer = null;
/**
* Creates an Analyzer for searching the CPE Index.
*
* @return the CPE Analyzer.
*/
@SuppressWarnings("unchecked")
public Analyzer createSearchingAnalyzer() {
Map fieldAnalyzers = new HashMap();
fieldAnalyzers.put(Fields.VERSION, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.NAME, new KeywordAnalyzer());
productSearchFieldAnalyzer = new SearchFieldAnalyzer(Version.LUCENE_40);
vendorSearchFieldAnalyzer = new SearchFieldAnalyzer(Version.LUCENE_40);
fieldAnalyzers.put(Fields.PRODUCT, productSearchFieldAnalyzer);
fieldAnalyzers.put(Fields.VENDOR, vendorSearchFieldAnalyzer);
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(
new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers);
return wrapper;
}
/**
* Creates the Lucene QueryParser used when querying the index
* @return a QueryParser.
*/
public QueryParser createQueryParser() {
return new QueryParser(Version.LUCENE_40, Fields.NAME, getSearchingAnalyzer());
}
/**
* Resets the searching analyzers
*/
protected void resetSearchingAnalyzer() {
if (productSearchFieldAnalyzer != null) {
productSearchFieldAnalyzer.clear();
}
if (vendorSearchFieldAnalyzer != null) {
vendorSearchFieldAnalyzer.clear();
}
}
}

351
src/main/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandler.java
View File

@@ -1,351 +0,0 @@
package org.codesecure.dependencycheck.data.cpe.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.text.ParseException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.lucene.index.CorruptIndexException;
import org.codesecure.dependencycheck.data.cpe.Entry;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
/**
* A SAX Handler that will parse the CPE XML Listing.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class CPEHandler extends DefaultHandler {
private static final String CURRENT_SCHEMA_VERSION = "2.2";
EntrySaveDelegate saveDelegate = null;
Entry entry = null;
boolean languageIsUS = false;
StringBuilder nodeText = null;
boolean skip = false;
Element current = new Element();
/**
* Register a EntrySaveDelegate object. When the last node of an entry is
* reached if a save delegate has been registered the save method will be
* invoked.
*
* @param delegate the delegate used to save an entry
*/
public void registerSaveDelegate(EntrySaveDelegate delegate) {
this.saveDelegate = delegate;
}
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
nodeText = null;
current.setNode(qName);
if (current.isCpeItemNode()) {
entry = new Entry();
String temp = attributes.getValue("deprecated");
String name = attributes.getValue("name");
skip = (temp != null && temp.equals("true"));
try {
if (!skip && name.startsWith("cpe:/a:")) {
entry.parseName(name);
} else {
skip = true;
}
} catch (UnsupportedEncodingException ex) {
throw new SAXException(ex);
}
} else if (current.isTitleNode()) {
nodeText = new StringBuilder(100);
if ("en-US".equalsIgnoreCase(attributes.getValue("xml:lang"))) {
languageIsUS = true;
} else {
languageIsUS = false;
}
} else if (current.isMetaNode()) {
try {
entry.setModificationDate(attributes.getValue("modification-date"));
} catch (ParseException ex) {
Logger.getLogger(CPEHandler.class.getName()).log(Level.SEVERE, null, ex);
}
entry.setStatus(attributes.getValue("status"));
entry.setNvdId(attributes.getValue("nvd-id"));
} else if (current.isSchemaVersionNode()) {
nodeText = new StringBuilder(3);
} else if (current.isTimestampNode()) {
nodeText = new StringBuilder(24);
}
// } else if (current.isCpeListNode()) {
// //do nothing
// } else if (current.isNotesNode()) {
// //do nothing
// } else if (current.isNoteNode()) {
// //do nothing
// } else if (current.isCheckNode()) {
// //do nothing
// } else if (current.isGeneratorNode()) {
// //do nothing
// } else if (current.isProductNameNode()) {
// //do nothing
// } else if (current.isProductVersionNode()) {
// //do nothing
}
@Override
public void characters(char[] ch, int start, int length) throws SAXException {
//nodeText += new String(ch, start, length);
if (nodeText != null) {
nodeText.append(ch, start, length);
}
}
@Override
public void endElement(String uri, String localName, String qName) throws SAXException {
current.setNode(qName);
if (current.isCpeItemNode()) {
if (saveDelegate != null && !skip) {
try {
saveDelegate.saveEntry(entry);
} catch (CorruptIndexException ex) {
Logger.getLogger(CPEHandler.class.getName()).log(Level.SEVERE, null, ex);
throw new SAXException(ex);
} catch (IOException ex) {
Logger.getLogger(CPEHandler.class.getName()).log(Level.SEVERE, null, ex);
throw new SAXException(ex);
}
entry = null;
}
} else if (current.isTitleNode()) {
if (languageIsUS) {
entry.setTitle(nodeText.toString());
}
} else if (current.isSchemaVersionNode() && !CURRENT_SCHEMA_VERSION.equals(nodeText.toString())) {
throw new SAXException("ERROR: Invalid Schema Version, expected: "
+ CURRENT_SCHEMA_VERSION + ", file is: " + nodeText);
}
// } else if (current.isCpeListNode()) {
// //do nothing
// } else if (current.isMetaNode()) {
// //do nothing
// } else if (current.isNotesNode()) {
// //do nothing
// } else if (current.isNoteNode()) {
// //do nothing
// } else if (current.isCheckNode()) {
// //do nothing
// } else if (current.isGeneratorNode()) {
// //do nothing
// } else if (current.isProductNameNode()) {
// //do nothing
// } else if (current.isProductVersionNode()) {
// //do nothing
// else if (current.isTimestampNode()) {
// //do nothing
// } else {
// throw new SAXException("ERROR STATE: Unexpected qName '" + qName + "'");
// }
}
// <editor-fold defaultstate="collapsed" desc="The Element Class that maintains state information about the current node">
/**
* A simple class to maintain information about the current element while
* parsing the CPE XML.
*/
protected class Element {
/**
* A node type in the CPE Schema 2.2
*/
public static final String CPE_LIST = "cpe-list";
/**
* A node type in the CPE Schema 2.2
*/
public static final String CPE_ITEM = "cpe-item";
/**
* A node type in the CPE Schema 2.2
*/
public static final String TITLE = "title";
/**
* A node type in the CPE Schema 2.2
*/
public static final String NOTES = "notes";
/**
* A node type in the CPE Schema 2.2
*/
public static final String NOTE = "note";
/**
* A node type in the CPE Schema 2.2
*/
public static final String CHECK = "check";
/**
* A node type in the CPE Schema 2.2
*/
public static final String META = "meta:item-metadata";
/**
* A node type in the CPE Schema 2.2
*/
public static final String GENERATOR = "generator";
/**
* A node type in the CPE Schema 2.2
*/
public static final String PRODUCT_NAME = "product_name";
/**
* A node type in the CPE Schema 2.2
*/
public static final String PRODUCT_VERSION = "product_version";
/**
* A node type in the CPE Schema 2.2
*/
public static final String SCHEMA_VERSION = "schema_version";
/**
* A node type in the CPE Schema 2.2
*/
public static final String TIMESTAMP = "timestamp";
private String node = null;
/**
* Gets the value of node
*
* @return the value of node
*/
public String getNode() {
return this.node;
}
/**
* Sets the value of node
*
* @param node new value of node
*/
public void setNode(String node) {
this.node = node;
}
/**
* Checks if the handler is at the CPE_LIST node
*
* @return true or false
*/
public boolean isCpeListNode() {
return CPE_LIST.equals(node);
}
/**
* Checks if the handler is at the CPE_ITEM node
*
* @return true or false
*/
public boolean isCpeItemNode() {
return CPE_ITEM.equals(node);
}
/**
* Checks if the handler is at the TITLE node
*
* @return true or false
*/
public boolean isTitleNode() {
return TITLE.equals(node);
}
/**
* Checks if the handler is at the NOTES node
*
* @return true or false
*/
public boolean isNotesNode() {
return NOTES.equals(node);
}
/**
* Checks if the handler is at the NOTE node
*
* @return true or false
*/
public boolean isNoteNode() {
return NOTE.equals(node);
}
/**
* Checks if the handler is at the CHECK node
*
* @return true or false
*/
public boolean isCheckNode() {
return CHECK.equals(node);
}
/**
* Checks if the handler is at the META node
*
* @return true or false
*/
public boolean isMetaNode() {
return META.equals(node);
}
/**
* Checks if the handler is at the GENERATOR node
*
* @return true or false
*/
public boolean isGeneratorNode() {
return GENERATOR.equals(node);
}
/**
* Checks if the handler is at the PRODUCT_NAME node
*
* @return true or false
*/
public boolean isProductNameNode() {
return PRODUCT_NAME.equals(node);
}
/**
* Checks if the handler is at the PRODUCT_VERSION node
*
* @return true or false
*/
public boolean isProductVersionNode() {
return PRODUCT_VERSION.equals(node);
}
/**
* Checks if the handler is at the SCHEMA_VERSION node
*
* @return true or false
*/
public boolean isSchemaVersionNode() {
return SCHEMA_VERSION.equals(node);
}
/**
* Checks if the handler is at the TIMESTAMP node
*
* @return true or false
*/
public boolean isTimestampNode() {
return TIMESTAMP.equals(node);
}
}
// </editor-fold>
}

42
src/main/java/org/codesecure/dependencycheck/data/cpe/xml/EntrySaveDelegate.java
View File

@@ -1,42 +0,0 @@
package org.codesecure.dependencycheck.data.cpe.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import org.codesecure.dependencycheck.data.cpe.Entry;
import java.io.IOException;
import org.apache.lucene.index.CorruptIndexException;
/**
*
* An interface used to define the save function used when parsing the CPE XML
* file.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public interface EntrySaveDelegate {
/**
* Saves a CPE Entry into the Lucene index.
*
* @param entry a CPE entry.
* @throws CorruptIndexException is thrown if the index is corrupt.
* @throws IOException is thrown if an IOException occurs.
*/
void saveEntry(Entry entry) throws CorruptIndexException, IOException;
}

89
src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Indexer.java
View File

@@ -1,89 +0,0 @@
package org.codesecure.dependencycheck.data.cpe.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.IOException;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.StoredField;
import org.apache.lucene.document.TextField;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.index.Term;
import org.codesecure.dependencycheck.data.cpe.Entry;
import org.codesecure.dependencycheck.data.cpe.Fields;
import org.codesecure.dependencycheck.data.cpe.Index;
/**
* The Indexer is used to convert a CPE Entry, retrieved from the CPE XML file,
* into a Document that is stored in the Lucene index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class Indexer extends Index implements EntrySaveDelegate {
/**
* Saves a CPE Entry into the Lucene index.
*
* @param entry a CPE entry.
* @throws CorruptIndexException is thrown if the index is corrupt.
* @throws IOException is thrown if an IOException occurs.
*/
public void saveEntry(Entry entry) throws CorruptIndexException, IOException {
Document doc = convertEntryToDoc(entry);
//Term term = new Term(Fields.NVDID, LuceneUtils.escapeLuceneQuery(entry.getNvdId()));
Term term = new Term(Fields.NAME, entry.getName());
indexWriter.updateDocument(term, doc);
}
/**
* Converts a CPE entry into a Lucene Document.
*
* @param entry a CPE Entry.
* @return a Lucene Document containing a CPE Entry.
*/
protected Document convertEntryToDoc(Entry entry) {
Document doc = new Document();
Field name = new StoredField(Fields.NAME, entry.getName());
doc.add(name);
Field vendor = new TextField(Fields.VENDOR, entry.getVendor(), Field.Store.NO);
vendor.setBoost(5.0F);
doc.add(vendor);
Field product = new TextField(Fields.PRODUCT, entry.getProduct(), Field.Store.NO);
product.setBoost(5.0F);
doc.add(product);
//TODO revision should likely be its own field
if (entry.getVersion() != null) {
Field version = null;
if (entry.getRevision() != null) {
version = new TextField(Fields.VERSION, entry.getVersion() + " "
+ entry.getRevision(), Field.Store.NO);
} else {
version = new TextField(Fields.VERSION, entry.getVersion(),
Field.Store.NO);
}
version.setBoost(0.8F);
doc.add(version);
}
return doc;
}
}

12
src/main/java/org/codesecure/dependencycheck/data/cpe/xml/package-info.java
View File

@@ -1,12 +0,0 @@
/**
* <html>
* <head>
* <title>org.codesecure.dependencycheck.data.cpe.xml</title>
* </head>
* <body>
* Contains classes used to parse the CPE XML file.
* </body>
* </html>
*/
package org.codesecure.dependencycheck.data.cpe.xml;

33
src/main/java/org/codesecure/dependencycheck/data/lucene/VersionAnalyzer.java
View File

@@ -1,33 +0,0 @@
package org.codesecure.dependencycheck.data.lucene;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
/**
* VersionAnalyzer is a Lucene Analyzer used to analyze version information.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class VersionAnalyzer {
//TODO Implement this...
// use custom attributes for major, minor, x, x, x, rcx
// these can then be used to weight the score for searches on the version.
// see http://lucene.apache.org/core/3_6_1/api/core/org/apache/lucene/analysis/package-summary.html#package_description
// look at this article to implement
// http://www.codewrecks.com/blog/index.php/2012/08/25/index-your-blog-using-tags-and-lucene-net/
}

45
src/main/java/org/codesecure/dependencycheck/data/nvdcve/Fields.java
View File

@@ -1,45 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
/**
* Fields is a collection of field names used within the Lucene index for NVD
* VULNERABLE_CPE entries.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public abstract class Fields {
/**
* The key for the name field.
*/
public static final String CVE_ID = "cve";
/**
* The key for the vulnerable cpes field.
*/
public static final String VULNERABLE_CPE = "cpe";
/**
* The key for the description field.
*/
public static final String DESCRIPTION = "description";
/**
* The key for the xml field. Stores the entire NVD VULNERABLE_CPE Entry.
*/
public static final String XML = "xml";
}

132
src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java
View File

@@ -1,132 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.*;
import java.net.URLDecoder;
import java.util.*;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.core.KeywordAnalyzer;
import org.apache.lucene.analysis.miscellaneous.PerFieldAnalyzerWrapper;
import org.apache.lucene.analysis.standard.StandardAnalyzer;
import org.apache.lucene.queryparser.classic.QueryParser;
import org.apache.lucene.store.Directory;
import org.apache.lucene.store.FSDirectory;
import org.apache.lucene.util.Version;
import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
import org.codesecure.dependencycheck.utils.Settings;
/**
* The Index class is used to utilize and maintain the NVD CVE Index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class Index extends AbstractIndex {
/**
* Returns the directory that holds the NVD CVE Index. Note, this
* returns the path where the class or jar file exists.
*
* @return the Directory containing the NVD CVE Index.
* @throws IOException is thrown if an IOException occurs.
*/
public Directory getDirectory() throws IOException {
File path = getDataDirectory();
Directory dir = FSDirectory.open(path);
return dir;
}
/**
* Retrieves the directory that the JAR file exists in so that
* we can ensure we always use a common data directory.
*
* @return the data directory for this index.
* @throws IOException is thrown if an IOException occurs of course...
*/
protected File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create NVD CVE Data directory");
}
}
return path;
}
/**
* Creates an Analyzer for the NVD VULNERABLE_CPE Index.
*
* @return the VULNERABLE_CPE Analyzer.
*/
@SuppressWarnings("unchecked")
public Analyzer createIndexingAnalyzer() {
Map fieldAnalyzers = new HashMap();
fieldAnalyzers.put(Fields.CVE_ID, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.VULNERABLE_CPE, new KeywordAnalyzer());
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(
new StandardAnalyzer(Version.LUCENE_40), fieldAnalyzers);
return wrapper;
}
/**
* Creates an Analyzer for the NVD VULNERABLE_CPE Index.
*
* @return the VULNERABLE_CPE Analyzer.
*/
@SuppressWarnings("unchecked")
public Analyzer createSearchingAnalyzer() {
Map fieldAnalyzers = new HashMap();
fieldAnalyzers.put(Fields.CVE_ID, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.VULNERABLE_CPE, new KeywordAnalyzer());
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(
new StandardAnalyzer(Version.LUCENE_40), fieldAnalyzers);
return wrapper;
}
/**
* Creates the Lucene QueryParser used when querying the index
* @return a QueryParser
*/
public QueryParser createQueryParser() {
return new QueryParser(Version.LUCENE_40, Fields.VULNERABLE_CPE, getSearchingAnalyzer());
}
/**
* Resets the searching analyzers
*/
protected void resetSearchingAnalyzer() {
//do nothing
}
}

223
src/main/java/org/codesecure/dependencycheck/data/nvdcve/NvdCveAnalyzer.java
View File

@@ -1,223 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.Term;
import org.apache.lucene.search.*;
import org.codesecure.dependencycheck.analyzer.AnalysisException;
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityReferenceType;
import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Vulnerability;
import org.codesecure.dependencycheck.dependency.Identifier;
import org.codesecure.dependencycheck.dependency.Reference;
/**
* NvdCveAnalyzer is a utility class that takes a project dependency and
* attempts to decern if there is an associated CVEs. It uses the the
* identifiers found by other analyzers to lookup the CVE data.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.Analyzer {
/**
* The maximum number of query results to return.
*/
static final int MAX_QUERY_RESULTS = 100;
/**
* The CVE Index.
*/
protected Index cve = null;
/**
* Opens the data source.
*
* @throws IOException when the Lucene directory to be querried does not
* exist or is corrupt.
*/
public void open() throws IOException {
cve = new Index();
cve.open();
}
/**
* Closes the data source.
*/
public void close() {
cve.close();
}
/**
* Returns the status of the data source - is the index open.
*
* @return true or false.
*/
public boolean isOpen() {
return (cve == null) ? false : cve.isOpen();
}
/**
* Ensures that the Lucene index is closed.
*
* @throws Throwable when a throwable is thrown.
*/
@Override
protected void finalize() throws Throwable {
super.finalize();
if (isOpen()) {
close();
}
}
/**
* Analyzes a dependency and attempts to determine if there are any CPE
* identifiers for this dependency.
*
* @param dependency The Dependency to analyze.
* @throws AnalysisException is thrown if there is an issue analyzing the
* dependency.
*/
public void analyze(Dependency dependency) throws AnalysisException {
for (Identifier id : dependency.getIdentifiers()) {
if ("cpe".equals(id.getType())) {
try {
String value = id.getValue();
Term term1 = new Term(Fields.VULNERABLE_CPE, value);
Query query1 = new TermQuery(term1);
//need to get the cpe:/a:vendor:product - some CVEs are referenced very broadly.
//find the index of the colon after the product of the cpe value
//cpe:/a:microsoft:anti-cross_site_scripting_library:3.1
int pos = value.indexOf(":", 7) + 1;
pos = value.indexOf(":", pos);
String productVendor = value.substring(0, pos);
Term term2 = new Term(Fields.VULNERABLE_CPE, productVendor);
Query query2 = new TermQuery(term2);
BooleanQuery query = new BooleanQuery();
query.add(query1, BooleanClause.Occur.SHOULD);
query.add(query2, BooleanClause.Occur.SHOULD);
TopDocs docs = cve.search(query, MAX_QUERY_RESULTS);
for (ScoreDoc d : docs.scoreDocs) {
Document doc = cve.getDocument(d.doc);
String xml = doc.get(Fields.XML);
Vulnerability vuln;
try {
vuln = parseVulnerability(xml);
dependency.addVulnerability(vuln);
} catch (JAXBException ex) {
Logger.getLogger(NvdCveAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
dependency.addAnalysisException(new AnalysisException("Unable to retrieve vulnerability data", ex));
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(NvdCveAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
dependency.addAnalysisException(new AnalysisException("Unable to retrieve vulnerability data - utf-8", ex));
}
}
} catch (IOException ex) {
Logger.getLogger(NvdCveAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
throw new AnalysisException("Exception occured while determining CVEs", ex);
}
}
}
}
/**
* Returns true because this analyzer supports all dependency types.
*
* @return true.
*/
public Set<String> getSupportedExtensions() {
return null;
}
/**
* Returns the name of this analyzer.
*
* @return the name of this analyzer.
*/
public String getName() {
return "NVD CVE Analyzer";
}
/**
* Returns true because this analyzer supports all dependency types.
*
* @param extension the file extension of the dependency being analyzed.
* @return true.
*/
public boolean supportsExtension(String extension) {
return true;
}
/**
* Returns the analysis phase that this analyzer should run in.
*
* @return the analysis phase that this analyzer should run in.
*/
public AnalysisPhase getAnalysisPhase() {
return AnalysisPhase.FINDING_ANALYSIS;
}
/**
* Opens the NVD CVE Lucene Index.
*
* @throws Exception is thrown if there is an issue opening the index.
*/
public void initialize() throws Exception {
this.open();
}
private Vulnerability parseVulnerability(String xml) throws JAXBException, UnsupportedEncodingException {
JAXBContext jaxbContext = JAXBContext.newInstance(VulnerabilityType.class);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
ByteArrayInputStream input = new ByteArrayInputStream(xml.getBytes("UTF-8"));
VulnerabilityType cvedata = (VulnerabilityType) unmarshaller.unmarshal(input);
if (cvedata == null) {
return null;
}
Vulnerability vuln = new Vulnerability();
vuln.setName(cvedata.getId());
vuln.setDescription(cvedata.getSummary());
if (cvedata.getReferences() != null) {
for (VulnerabilityReferenceType r : cvedata.getReferences()) {
Reference ref = new Reference();
ref.setName(r.getReference().getValue());
ref.setSource(r.getSource());
ref.setUrl(r.getReference().getHref());
vuln.addReference(ref);
}
}
return vuln;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityEnumType.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for accessComplexityEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="accessComplexityEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="MEDIUM"/>
* &lt;enumeration value="LOW"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "accessComplexityEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum AccessComplexityEnumType {
HIGH,
MEDIUM,
LOW;
public String value() {
return name();
}
public static AccessComplexityEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for accessComplexityType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="accessComplexityType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>accessComplexityEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "accessComplexityType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class AccessComplexityType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AccessComplexityEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link AccessComplexityEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AccessComplexityEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link AccessComplexityEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(AccessComplexityEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorEnumType.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for accessVectorEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="accessVectorEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="LOCAL"/>
* &lt;enumeration value="ADJACENT_NETWORK"/>
* &lt;enumeration value="NETWORK"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "accessVectorEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum AccessVectorEnumType {
LOCAL,
ADJACENT_NETWORK,
NETWORK;
public String value() {
return name();
}
public static AccessVectorEnumType fromValue(String v) {
return valueOf(v);
}
}

124
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorType.java
View File

@@ -1,124 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for accessVectorType complex type.
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
* <pre>
* &lt;complexType name="accessVectorType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>accessVectorEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "accessVectorType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class AccessVectorType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AccessVectorEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return
* possible object is
* {@link AccessVectorEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AccessVectorEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value
* allowed object is
* {@link AccessVectorEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(AccessVectorEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return
* possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value
* allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

174
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AssociatedExploitLocationType.java
View File

@@ -1,174 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for associatedExploitLocationType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="associatedExploitLocationType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="physical-access" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
* &lt;element name="voluntarily-interact" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
* &lt;element name="dialup" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
* &lt;element name="unknown" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "associatedExploitLocationType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"physicalAccess",
"voluntarilyInteract",
"dialup",
"unknown"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class AssociatedExploitLocationType {
@XmlElement(name = "physical-access", defaultValue = "false")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean physicalAccess;
@XmlElement(name = "voluntarily-interact", defaultValue = "false")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean voluntarilyInteract;
@XmlElement(defaultValue = "false")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean dialup;
@XmlElement(defaultValue = "false")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean unknown;
/**
* Gets the value of the physicalAccess property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isPhysicalAccess() {
return physicalAccess;
}
/**
* Sets the value of the physicalAccess property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPhysicalAccess(Boolean value) {
this.physicalAccess = value;
}
/**
* Gets the value of the voluntarilyInteract property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isVoluntarilyInteract() {
return voluntarilyInteract;
}
/**
* Sets the value of the voluntarilyInteract property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVoluntarilyInteract(Boolean value) {
this.voluntarilyInteract = value;
}
/**
* Gets the value of the dialup property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isDialup() {
return dialup;
}
/**
* Sets the value of the dialup property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDialup(Boolean value) {
this.dialup = value;
}
/**
* Gets the value of the unknown property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isUnknown() {
return unknown;
}
/**
* Sets the value of the unknown property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUnknown(Boolean value) {
this.unknown = value;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationEnumType.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for authenticationEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="authenticationEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="MULTIPLE_INSTANCES"/>
* &lt;enumeration value="SINGLE_INSTANCE"/>
* &lt;enumeration value="NONE"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "authenticationEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum AuthenticationEnumType {
MULTIPLE_INSTANCES,
SINGLE_INSTANCE,
NONE;
public String value() {
return name();
}
public static AuthenticationEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for authenticationType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="authenticationType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>authenticationEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "authenticationType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class AuthenticationType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AuthenticationEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link AuthenticationEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AuthenticationEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link AuthenticationEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(AuthenticationEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

376
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/BaseMetricsType.java
View File

@@ -1,376 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* <p>Java class for baseMetricsType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="baseMetricsType">
* &lt;complexContent>
* &lt;extension base="{http://scap.nist.gov/schema/cvss-v2/0.2}metricsType">
* &lt;sequence>
* &lt;element name="score" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;element name="exploit-subscore" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;element name="impact-subscore" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;group ref="{http://scap.nist.gov/schema/cvss-v2/0.2}baseVectorsGroup"/>
* &lt;element name="source" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
* &lt;element name="generated-on-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;/sequence>
* &lt;/extension>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "baseMetricsType", propOrder = {
"score",
"exploitSubscore",
"impactSubscore",
"accessVector",
"accessComplexity",
"authentication",
"confidentialityImpact",
"integrityImpact",
"availabilityImpact",
"source",
"generatedOnDatetime"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class BaseMetricsType
extends MetricsType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal score;
@XmlElement(name = "exploit-subscore")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal exploitSubscore;
@XmlElement(name = "impact-subscore")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal impactSubscore;
@XmlElement(name = "access-vector")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AccessVectorType accessVector;
@XmlElement(name = "access-complexity")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AccessComplexityType accessComplexity;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AuthenticationType authentication;
@XmlElement(name = "confidentiality-impact")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaType confidentialityImpact;
@XmlElement(name = "integrity-impact")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaType integrityImpact;
@XmlElement(name = "availability-impact")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaType availabilityImpact;
@XmlElement(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
@XmlElement(name = "generated-on-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar generatedOnDatetime;
/**
* Gets the value of the score property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getScore() {
return score;
}
/**
* Sets the value of the score property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setScore(BigDecimal value) {
this.score = value;
}
/**
* Gets the value of the exploitSubscore property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getExploitSubscore() {
return exploitSubscore;
}
/**
* Sets the value of the exploitSubscore property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExploitSubscore(BigDecimal value) {
this.exploitSubscore = value;
}
/**
* Gets the value of the impactSubscore property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getImpactSubscore() {
return impactSubscore;
}
/**
* Sets the value of the impactSubscore property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setImpactSubscore(BigDecimal value) {
this.impactSubscore = value;
}
/**
* Gets the value of the accessVector property.
*
* @return possible object is
* {@link AccessVectorType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AccessVectorType getAccessVector() {
return accessVector;
}
/**
* Sets the value of the accessVector property.
*
* @param value allowed object is
* {@link AccessVectorType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAccessVector(AccessVectorType value) {
this.accessVector = value;
}
/**
* Gets the value of the accessComplexity property.
*
* @return possible object is
* {@link AccessComplexityType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AccessComplexityType getAccessComplexity() {
return accessComplexity;
}
/**
* Sets the value of the accessComplexity property.
*
* @param value allowed object is
* {@link AccessComplexityType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAccessComplexity(AccessComplexityType value) {
this.accessComplexity = value;
}
/**
* Gets the value of the authentication property.
*
* @return possible object is
* {@link AuthenticationType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AuthenticationType getAuthentication() {
return authentication;
}
/**
* Sets the value of the authentication property.
*
* @param value allowed object is
* {@link AuthenticationType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAuthentication(AuthenticationType value) {
this.authentication = value;
}
/**
* Gets the value of the confidentialityImpact property.
*
* @return possible object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaType getConfidentialityImpact() {
return confidentialityImpact;
}
/**
* Sets the value of the confidentialityImpact property.
*
* @param value allowed object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfidentialityImpact(CiaType value) {
this.confidentialityImpact = value;
}
/**
* Gets the value of the integrityImpact property.
*
* @return possible object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaType getIntegrityImpact() {
return integrityImpact;
}
/**
* Sets the value of the integrityImpact property.
*
* @param value allowed object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setIntegrityImpact(CiaType value) {
this.integrityImpact = value;
}
/**
* Gets the value of the availabilityImpact property.
*
* @return possible object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaType getAvailabilityImpact() {
return availabilityImpact;
}
/**
* Sets the value of the availabilityImpact property.
*
* @param value allowed object is
* {@link CiaType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAvailabilityImpact(CiaType value) {
this.availabilityImpact = value;
}
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
/**
* Gets the value of the generatedOnDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getGeneratedOnDatetime() {
return generatedOnDatetime;
}
/**
* Sets the value of the generatedOnDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGeneratedOnDatetime(XMLGregorianCalendar value) {
this.generatedOnDatetime = value;
}
}

156
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceParameterType.java
View File

@@ -1,156 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for cceParameterType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cceParameterType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="value" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;attribute name="identifier" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;attribute name="operator" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cceParameterType", namespace = "http://scap.nist.gov/schema/cce/0.1", propOrder = {
"values"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CceParameterType {
@XmlElement(name = "value", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> values;
@XmlAttribute
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String identifier;
@XmlAttribute
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String operator;
/**
* Gets the value of the values property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the values property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getValues().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getValues() {
if (values == null) {
values = new ArrayList<String>();
}
return this.values;
}
/**
* Gets the value of the identifier property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getIdentifier() {
return identifier;
}
/**
* Sets the value of the identifier property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setIdentifier(String value) {
this.identifier = value;
}
/**
* Gets the value of the operator property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getOperator() {
return operator;
}
/**
* Sets the value of the operator property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOperator(String value) {
this.operator = value;
}
}

215
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceType.java
View File

@@ -1,215 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for cceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cceType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="definition" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
* &lt;element name="parameter" type="{http://scap.nist.gov/schema/cce/0.1}cceParameterType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="technical-mechanisms" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="references" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="id" use="required" type="{http://scap.nist.gov/schema/cce/0.1}cceNamePatternType" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cceType", namespace = "http://scap.nist.gov/schema/cce/0.1", propOrder = {
"definition",
"parameters",
"technicalMechanisms",
"references"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CceType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String definition;
@XmlElement(name = "parameter")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CceParameterType> parameters;
@XmlElement(name = "technical-mechanisms")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> technicalMechanisms;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> references;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the definition property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDefinition() {
return definition;
}
/**
* Sets the value of the definition property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDefinition(String value) {
this.definition = value;
}
/**
* Gets the value of the parameters property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the parameters property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getParameters().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CceParameterType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CceParameterType> getParameters() {
if (parameters == null) {
parameters = new ArrayList<CceParameterType>();
}
return this.parameters;
}
/**
* Gets the value of the technicalMechanisms property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the technicalMechanisms property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getTechnicalMechanisms().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getTechnicalMechanisms() {
if (technicalMechanisms == null) {
technicalMechanisms = new ArrayList<String>();
}
return this.technicalMechanisms;
}
/**
* Gets the value of the references property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the references property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getReferences().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getReferences() {
if (references == null) {
references = new ArrayList<ReferenceType>();
}
return this.references;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

153
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckReferenceType.java
View File

@@ -1,153 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* Data type for the check element, a checking system specification URI, string
* content, and an optional external file reference. The checking system
* specification should be the URI for a particular version of OVAL or a related
* system testing language, and the content will be an identifier of a test
* written in that language. The external file reference could be used to point
* to the file in which the content test identifier is defined.
*
* <p>Java class for checkReferenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="checkReferenceType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="system" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;attribute name="href" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;attribute name="name" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "checkReferenceType", namespace = "http://scap.nist.gov/schema/scap-core/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CheckReferenceType {
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String system;
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String href;
@XmlAttribute
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
/**
* Gets the value of the system property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSystem() {
return system;
}
/**
* Sets the value of the system property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSystem(String value) {
this.system = value;
}
/**
* Gets the value of the href property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getHref() {
return href;
}
/**
* Sets the value of the href property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setHref(String value) {
this.href = value;
}
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckSearchType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for checkSearchType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="checkSearchType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="system" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;attribute name="name" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "checkSearchType", namespace = "http://scap.nist.gov/schema/scap-core/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CheckSearchType {
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String system;
@XmlAttribute
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
/**
* Gets the value of the system property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSystem() {
return system;
}
/**
* Sets the value of the system property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSystem(String value) {
this.system = value;
}
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaEnumType.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for ciaEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="ciaEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="NONE"/>
* &lt;enumeration value="PARTIAL"/>
* &lt;enumeration value="COMPLETE"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "ciaEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum CiaEnumType {
NONE,
PARTIAL,
COMPLETE;
public String value() {
return name();
}
public static CiaEnumType fromValue(String v) {
return valueOf(v);
}
}

65
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementEnumType.java
View File

@@ -1,65 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for ciaRequirementEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="ciaRequirementEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="LOW"/>
* &lt;enumeration value="MEDIUM"/>
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "ciaRequirementEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum CiaRequirementEnumType {
LOW,
MEDIUM,
HIGH,
NOT_DEFINED;
public String value() {
return name();
}
public static CiaRequirementEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for ciaRequirementType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="ciaRequirementType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>ciaRequirementEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "ciaRequirementType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CiaRequirementType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaRequirementEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link CiaRequirementEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaRequirementEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link CiaRequirementEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(CiaRequirementEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for ciaType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="ciaType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>ciaEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "ciaType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CiaType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link CiaEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link CiaEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(CiaEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

69
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialEnumType.java
View File

@@ -1,69 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for collateralDamagePotentialEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="collateralDamagePotentialEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="NONE"/>
* &lt;enumeration value="LOW"/>
* &lt;enumeration value="LOW_MEDIUM"/>
* &lt;enumeration value="MEDIUM_HIGH"/>
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "collateralDamagePotentialEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum CollateralDamagePotentialEnumType {
NONE,
LOW,
LOW_MEDIUM,
MEDIUM_HIGH,
HIGH,
NOT_DEFINED;
public String value() {
return name();
}
public static CollateralDamagePotentialEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for collateralDamagePotentialType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="collateralDamagePotentialType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>collateralDamagePotentialEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "collateralDamagePotentialType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CollateralDamagePotentialType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CollateralDamagePotentialEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link CollateralDamagePotentialEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CollateralDamagePotentialEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link CollateralDamagePotentialEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(CollateralDamagePotentialEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

65
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceEnumType.java
View File

@@ -1,65 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for confidenceEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="confidenceEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="UNCONFIRMED"/>
* &lt;enumeration value="UNCORROBORATED"/>
* &lt;enumeration value="CONFIRMED"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "confidenceEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum ConfidenceEnumType {
UNCONFIRMED,
UNCORROBORATED,
CONFIRMED,
NOT_DEFINED;
public String value() {
return name();
}
public static ConfidenceEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for confidenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="confidenceType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>confidenceEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "confidenceType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class ConfidenceType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ConfidenceEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link ConfidenceEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ConfidenceEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link ConfidenceEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(ConfidenceEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

63
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveStatus.java
View File

@@ -1,63 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for cveStatus.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="cveStatus">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="CANDIDATE"/>
* &lt;enumeration value="ENTRY"/>
* &lt;enumeration value="DEPRECATED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "cveStatus", namespace = "http://scap.nist.gov/schema/cve/0.1")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum CveStatus {
CANDIDATE,
ENTRY,
DEPRECATED;
public String value() {
return name();
}
public static CveStatus fromValue(String v) {
return valueOf(v);
}
}

178
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveType.java
View File

@@ -1,178 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for cveType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cveType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="status" type="{http://scap.nist.gov/schema/cve/0.1}cveStatus" minOccurs="0"/>
* &lt;element name="description" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
* &lt;element name="references" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="id" use="required" type="{http://scap.nist.gov/schema/cve/0.1}cveNamePatternType" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cveType", namespace = "http://scap.nist.gov/schema/cve/0.1", propOrder = {
"status",
"description",
"references"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CveType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CveStatus status;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String description;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> references;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the status property.
*
* @return possible object is
* {@link CveStatus }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CveStatus getStatus() {
return status;
}
/**
* Sets the value of the status property.
*
* @param value allowed object is
* {@link CveStatus }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setStatus(CveStatus value) {
this.status = value;
}
/**
* Gets the value of the description property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDescription() {
return description;
}
/**
* Sets the value of the description property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDescription(String value) {
this.description = value;
}
/**
* Gets the value of the references property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the references property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getReferences().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getReferences() {
if (references == null) {
references = new ArrayList<ReferenceType>();
}
return this.references;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

59
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssImpactType.java
View File

@@ -1,59 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for cvssImpactType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cvssImpactType">
* &lt;complexContent>
* &lt;restriction base="{http://scap.nist.gov/schema/cvss-v2/0.2}cvssType">
* &lt;sequence>
* &lt;element name="base_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}baseMetricsType"/>
* &lt;element name="environmental_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}environmentalMetricsType" minOccurs="0"/>
* &lt;element name="temporal_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}temporalMetricsType" minOccurs="0"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cvssImpactType")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CvssImpactType
extends CvssType {
}

170
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssType.java
View File

@@ -1,170 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSeeAlso;
import javax.xml.bind.annotation.XmlType;
/**
* "This schema was intentionally designed to avoid mixing classes and
* attributes between CVSS version 1, CVSS version 2, and future versions.
* Scores in the CVSS system are interdependent. The temporal score is a
* multiplier of the base score. The environmental score, in turn, is a
* multiplier of the temporal score. The ability to transfer these scores
* independently is provided on the assumption that the user understands the
* business logic. For any given metric, it is preferred that the score, as a
* minimum is provided, however the score can be re-created from the metrics or
* the multiplier and any scores they are dependent on."
*
* <p>Java class for cvssType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cvssType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="base_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}baseMetricsType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="environmental_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}environmentalMetricsType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="temporal_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}temporalMetricsType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cvssType", propOrder = {
"baseMetrics",
"environmentalMetrics",
"temporalMetrics"
})
@XmlSeeAlso({
CvssImpactType.class
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CvssType {
@XmlElement(name = "base_metrics")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<BaseMetricsType> baseMetrics;
@XmlElement(name = "environmental_metrics")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<EnvironmentalMetricsType> environmentalMetrics;
@XmlElement(name = "temporal_metrics")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<TemporalMetricsType> temporalMetrics;
/**
* Gets the value of the baseMetrics property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the baseMetrics property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getBaseMetrics().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link BaseMetricsType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<BaseMetricsType> getBaseMetrics() {
if (baseMetrics == null) {
baseMetrics = new ArrayList<BaseMetricsType>();
}
return this.baseMetrics;
}
/**
* Gets the value of the environmentalMetrics property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the environmentalMetrics property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getEnvironmentalMetrics().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link EnvironmentalMetricsType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<EnvironmentalMetricsType> getEnvironmentalMetrics() {
if (environmentalMetrics == null) {
environmentalMetrics = new ArrayList<EnvironmentalMetricsType>();
}
return this.environmentalMetrics;
}
/**
* Gets the value of the temporalMetrics property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the temporalMetrics property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getTemporalMetrics().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link TemporalMetricsType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<TemporalMetricsType> getTemporalMetrics() {
if (temporalMetrics == null) {
temporalMetrics = new ArrayList<TemporalMetricsType>();
}
return this.temporalMetrics;
}
}

86
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CweReferenceType.java
View File

@@ -1,86 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for cweReferenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="cweReferenceType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="id" use="required" type="{http://scap.nist.gov/schema/scap-core/0.1}cweNamePatternType" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "cweReferenceType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class CweReferenceType {
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

291
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/EnvironmentalMetricsType.java
View File

@@ -1,291 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* <p>Java class for environmentalMetricsType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="environmentalMetricsType">
* &lt;complexContent>
* &lt;extension base="{http://scap.nist.gov/schema/cvss-v2/0.2}metricsType">
* &lt;sequence>
* &lt;element name="score" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;group ref="{http://scap.nist.gov/schema/cvss-v2/0.2}environmentalVectorsGroup"/>
* &lt;element name="source" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
* &lt;element name="generated-on-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;/sequence>
* &lt;/extension>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "environmentalMetricsType", propOrder = {
"score",
"collateralDamagePotential",
"targetDistribution",
"confidentialityRequirement",
"integrityRequirement",
"availabilityRequirement",
"source",
"generatedOnDatetime"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class EnvironmentalMetricsType
extends MetricsType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal score;
@XmlElement(name = "collateral-damage-potential")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CollateralDamagePotentialType collateralDamagePotential;
@XmlElement(name = "target-distribution")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected TargetDistributionType targetDistribution;
@XmlElement(name = "confidentiality-requirement")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaRequirementType confidentialityRequirement;
@XmlElement(name = "integrity-requirement")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaRequirementType integrityRequirement;
@XmlElement(name = "availability-requirement")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CiaRequirementType availabilityRequirement;
@XmlElement(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
@XmlElement(name = "generated-on-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar generatedOnDatetime;
/**
* Gets the value of the score property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getScore() {
return score;
}
/**
* Sets the value of the score property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setScore(BigDecimal value) {
this.score = value;
}
/**
* Gets the value of the collateralDamagePotential property.
*
* @return possible object is
* {@link CollateralDamagePotentialType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CollateralDamagePotentialType getCollateralDamagePotential() {
return collateralDamagePotential;
}
/**
* Sets the value of the collateralDamagePotential property.
*
* @param value allowed object is
* {@link CollateralDamagePotentialType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setCollateralDamagePotential(CollateralDamagePotentialType value) {
this.collateralDamagePotential = value;
}
/**
* Gets the value of the targetDistribution property.
*
* @return possible object is
* {@link TargetDistributionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public TargetDistributionType getTargetDistribution() {
return targetDistribution;
}
/**
* Sets the value of the targetDistribution property.
*
* @param value allowed object is
* {@link TargetDistributionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTargetDistribution(TargetDistributionType value) {
this.targetDistribution = value;
}
/**
* Gets the value of the confidentialityRequirement property.
*
* @return possible object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaRequirementType getConfidentialityRequirement() {
return confidentialityRequirement;
}
/**
* Sets the value of the confidentialityRequirement property.
*
* @param value allowed object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfidentialityRequirement(CiaRequirementType value) {
this.confidentialityRequirement = value;
}
/**
* Gets the value of the integrityRequirement property.
*
* @return possible object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaRequirementType getIntegrityRequirement() {
return integrityRequirement;
}
/**
* Sets the value of the integrityRequirement property.
*
* @param value allowed object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setIntegrityRequirement(CiaRequirementType value) {
this.integrityRequirement = value;
}
/**
* Gets the value of the availabilityRequirement property.
*
* @return possible object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiaRequirementType getAvailabilityRequirement() {
return availabilityRequirement;
}
/**
* Sets the value of the availabilityRequirement property.
*
* @param value allowed object is
* {@link CiaRequirementType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAvailabilityRequirement(CiaRequirementType value) {
this.availabilityRequirement = value;
}
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
/**
* Gets the value of the generatedOnDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getGeneratedOnDatetime() {
return generatedOnDatetime;
}
/**
* Sets the value of the generatedOnDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGeneratedOnDatetime(XMLGregorianCalendar value) {
this.generatedOnDatetime = value;
}
}

67
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityEnumType.java
View File

@@ -1,67 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for exploitabilityEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="exploitabilityEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="UNPROVEN"/>
* &lt;enumeration value="PROOF_OF_CONCEPT"/>
* &lt;enumeration value="FUNCTIONAL"/>
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "exploitabilityEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum ExploitabilityEnumType {
UNPROVEN,
PROOF_OF_CONCEPT,
FUNCTIONAL,
HIGH,
NOT_DEFINED;
public String value() {
return name();
}
public static ExploitabilityEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for exploitabilityType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="exploitabilityType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>exploitabilityEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "exploitabilityType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class ExploitabilityType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ExploitabilityEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link ExploitabilityEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ExploitabilityEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link ExploitabilityEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(ExploitabilityEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

86
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FactRefType.java
View File

@@ -1,86 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
/**
* The fact-ref element appears as a child of a logical-test element. It is
* simply a reference to a CPE Name that always evaluates to a Boolean result.
*
* <p>Java class for FactRefType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="FactRefType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="name" use="required" type="{http://cpe.mitre.org/language/2.0}namePattern" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "FactRefType", namespace = "http://cpe.mitre.org/language/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class FactRefType {
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
}

67
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionDescriptionEnumType.java
View File

@@ -1,67 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for fixActionDescriptionEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="fixActionDescriptionEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="PATCH"/>
* &lt;enumeration value="SOFTWARE_UPDATE"/>
* &lt;enumeration value="CONFIGURATION_CHANGE"/>
* &lt;enumeration value="POLICY_CHANGE"/>
* &lt;enumeration value="EXTERNAL_MITIGATION"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "fixActionDescriptionEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum FixActionDescriptionEnumType {
PATCH,
SOFTWARE_UPDATE,
CONFIGURATION_CHANGE,
POLICY_CHANGE,
EXTERNAL_MITIGATION;
public String value() {
return name();
}
public static FixActionDescriptionEnumType fromValue(String v) {
return valueOf(v);
}
}

493
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionType.java
View File

@@ -1,493 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* A single fix action should only cover a single patch application, software
* update, configuration change, or external fix. Dependencies should be
* documented by using the "next_fix_action" element to point to a recursive
* list of fix actions.
*
* <p>Java class for fixActionType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="fixActionType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element ref="{http://scap.nist.gov/schema/patch/0.1}patch" minOccurs="0"/>
* &lt;element name="configuration-remediation" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityReferenceType" minOccurs="0"/>
* &lt;element name="software-update" type="{http://scap.nist.gov/schema/scap-core/0.1}cpeNamePatternType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="notes" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="deprecated-by" type="{http://scap.nist.gov/schema/scap-core/0.1}cpeNamePatternType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="next-fix-action" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="fix-action-tool-configuration" type="{http://scap.nist.gov/schema/vulnerability/0.4}toolConfigurationType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="applicable-configuration" type="{http://cpe.mitre.org/language/2.0}PlatformType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="effectiveness" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixEffectivenessEnumType" minOccurs="0"/>
* &lt;element name="applicable-check" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="fix_action_description" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionDescriptionEnumType" />
* &lt;attribute name="fix_action_type" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionTypeEnumType" />
* &lt;attribute name="id" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;attribute name="source" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "fixActionType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"patch",
"configurationRemediation",
"softwareUpdates",
"notes",
"deprecatedBies",
"nextFixActions",
"fixActionToolConfigurations",
"applicableConfigurations",
"effectiveness",
"applicableChecks"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class FixActionType {
@XmlElement(namespace = "http://scap.nist.gov/schema/patch/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Patch patch;
@XmlElement(name = "configuration-remediation")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected VulnerabilityReferenceType configurationRemediation;
@XmlElement(name = "software-update")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> softwareUpdates;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> notes;
@XmlElement(name = "deprecated-by")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> deprecatedBies;
@XmlElement(name = "next-fix-action")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<FixActionType> nextFixActions;
@XmlElement(name = "fix-action-tool-configuration")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ToolConfigurationType> fixActionToolConfigurations;
@XmlElement(name = "applicable-configuration")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<PlatformType> applicableConfigurations;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected FixEffectivenessEnumType effectiveness;
@XmlElement(name = "applicable-check")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CheckReferenceType> applicableChecks;
@XmlAttribute(name = "fix_action_description", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected FixActionDescriptionEnumType fixActionDescription;
@XmlAttribute(name = "fix_action_type", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected FixActionTypeEnumType fixActionType;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
/**
* Gets the value of the patch property.
*
* @return possible object is
* {@link Patch }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Patch getPatch() {
return patch;
}
/**
* Sets the value of the patch property.
*
* @param value allowed object is
* {@link Patch }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPatch(Patch value) {
this.patch = value;
}
/**
* Gets the value of the configurationRemediation property.
*
* @return possible object is
* {@link VulnerabilityReferenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public VulnerabilityReferenceType getConfigurationRemediation() {
return configurationRemediation;
}
/**
* Sets the value of the configurationRemediation property.
*
* @param value allowed object is
* {@link VulnerabilityReferenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfigurationRemediation(VulnerabilityReferenceType value) {
this.configurationRemediation = value;
}
/**
* Gets the value of the softwareUpdates property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the softwareUpdates property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getSoftwareUpdates().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getSoftwareUpdates() {
if (softwareUpdates == null) {
softwareUpdates = new ArrayList<String>();
}
return this.softwareUpdates;
}
/**
* Gets the value of the notes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the notes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getNotes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getNotes() {
if (notes == null) {
notes = new ArrayList<String>();
}
return this.notes;
}
/**
* Gets the value of the deprecatedBies property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the deprecatedBies property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getDeprecatedBies().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getDeprecatedBies() {
if (deprecatedBies == null) {
deprecatedBies = new ArrayList<String>();
}
return this.deprecatedBies;
}
/**
* Gets the value of the nextFixActions property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the nextFixActions property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getNextFixActions().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link FixActionType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<FixActionType> getNextFixActions() {
if (nextFixActions == null) {
nextFixActions = new ArrayList<FixActionType>();
}
return this.nextFixActions;
}
/**
* Gets the value of the fixActionToolConfigurations property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the fixActionToolConfigurations property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getFixActionToolConfigurations().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ToolConfigurationType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ToolConfigurationType> getFixActionToolConfigurations() {
if (fixActionToolConfigurations == null) {
fixActionToolConfigurations = new ArrayList<ToolConfigurationType>();
}
return this.fixActionToolConfigurations;
}
/**
* Gets the value of the applicableConfigurations property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the applicableConfigurations property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getApplicableConfigurations().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link PlatformType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<PlatformType> getApplicableConfigurations() {
if (applicableConfigurations == null) {
applicableConfigurations = new ArrayList<PlatformType>();
}
return this.applicableConfigurations;
}
/**
* Gets the value of the effectiveness property.
*
* @return possible object is
* {@link FixEffectivenessEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public FixEffectivenessEnumType getEffectiveness() {
return effectiveness;
}
/**
* Sets the value of the effectiveness property.
*
* @param value allowed object is
* {@link FixEffectivenessEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setEffectiveness(FixEffectivenessEnumType value) {
this.effectiveness = value;
}
/**
* Gets the value of the applicableChecks property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the applicableChecks property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getApplicableChecks().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CheckReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CheckReferenceType> getApplicableChecks() {
if (applicableChecks == null) {
applicableChecks = new ArrayList<CheckReferenceType>();
}
return this.applicableChecks;
}
/**
* Gets the value of the fixActionDescription property.
*
* @return possible object is
* {@link FixActionDescriptionEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public FixActionDescriptionEnumType getFixActionDescription() {
return fixActionDescription;
}
/**
* Sets the value of the fixActionDescription property.
*
* @param value allowed object is
* {@link FixActionDescriptionEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFixActionDescription(FixActionDescriptionEnumType value) {
this.fixActionDescription = value;
}
/**
* Gets the value of the fixActionType property.
*
* @return possible object is
* {@link FixActionTypeEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public FixActionTypeEnumType getFixActionType() {
return fixActionType;
}
/**
* Sets the value of the fixActionType property.
*
* @param value allowed object is
* {@link FixActionTypeEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFixActionType(FixActionTypeEnumType value) {
this.fixActionType = value;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
}

61
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionTypeEnumType.java
View File

@@ -1,61 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for fixActionTypeEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="fixActionTypeEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="MITIGATION"/>
* &lt;enumeration value="REMEDIATION"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "fixActionTypeEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum FixActionTypeEnumType {
MITIGATION,
REMEDIATION;
public String value() {
return name();
}
public static FixActionTypeEnumType fromValue(String v) {
return valueOf(v);
}
}

61
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixEffectivenessEnumType.java
View File

@@ -1,61 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for fixEffectivenessEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="fixEffectivenessEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="PARTIAL"/>
* &lt;enumeration value="COMPLETE"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "fixEffectivenessEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum FixEffectivenessEnumType {
PARTIAL,
COMPLETE;
public String value() {
return name();
}
public static FixEffectivenessEnumType fromValue(String v) {
return valueOf(v);
}
}

183
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/LogicalTest.java
View File

@@ -1,183 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
/**
* The logical-test element appears as a child of a platform element, and may
* also be nested to create more complex logical tests. The content consists of
* one or more elements: fact-ref, and logical-test children are permitted. The
* operator to be applied, and optional negation of the test, are given as
* attributes.
*
* <p>Java class for LogicalTestType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="LogicalTestType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="logical-test" type="{http://cpe.mitre.org/language/2.0}LogicalTestType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="fact-ref" type="{http://cpe.mitre.org/language/2.0}FactRefType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="operator" use="required" type="{http://cpe.mitre.org/language/2.0}operatorEnumeration" />
* &lt;attribute name="negate" use="required" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "LogicalTestType", namespace = "http://cpe.mitre.org/language/2.0", propOrder = {
"logicalTests",
"factReves"
})
@XmlRootElement(name = "logical-test", namespace = "http://cpe.mitre.org/language/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class LogicalTest {
@XmlElement(name = "logical-test")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<LogicalTest> logicalTests;
@XmlElement(name = "fact-ref")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<FactRefType> factReves;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected OperatorEnumeration operator;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected boolean negate;
/**
* Gets the value of the logicalTests property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the logicalTests property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getLogicalTests().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link LogicalTest }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<LogicalTest> getLogicalTests() {
if (logicalTests == null) {
logicalTests = new ArrayList<LogicalTest>();
}
return this.logicalTests;
}
/**
* Gets the value of the factReves property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the factReves property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getFactReves().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link FactRefType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<FactRefType> getFactReves() {
if (factReves == null) {
factReves = new ArrayList<FactRefType>();
}
return this.factReves;
}
/**
* Gets the value of the operator property.
*
* @return possible object is
* {@link OperatorEnumeration }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public OperatorEnumeration getOperator() {
return operator;
}
/**
* Sets the value of the operator property.
*
* @param value allowed object is
* {@link OperatorEnumeration }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOperator(OperatorEnumeration value) {
this.operator = value;
}
/**
* Gets the value of the negate property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isNegate() {
return negate;
}
/**
* Sets the value of the negate property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setNegate(boolean value) {
this.negate = value;
}
}

92
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/MetricsType.java
View File

@@ -1,92 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSeeAlso;
import javax.xml.bind.annotation.XmlType;
/**
* Base type for metrics that defines common attributes of all metrics.
*
* <p>Java class for metricsType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="metricsType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="upgraded-from-version" type="{http://www.w3.org/2001/XMLSchema}decimal" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "metricsType")
@XmlSeeAlso({
TemporalMetricsType.class,
BaseMetricsType.class,
EnvironmentalMetricsType.class
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public abstract class MetricsType {
@XmlAttribute(name = "upgraded-from-version")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal upgradedFromVersion;
/**
* Gets the value of the upgradedFromVersion property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getUpgradedFromVersion() {
return upgradedFromVersion;
}
/**
* Sets the value of the upgradedFromVersion property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUpgradedFromVersion(BigDecimal value) {
this.upgradedFromVersion = value;
}
}

96
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/NotesType.java
View File

@@ -1,96 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* The notesType defines an element that consists of one or more child note
* elements. It is assumed that each of these note elements are representative
* of the same language as defined by their parent.
*
* <p>Java class for notesType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="notesType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="note" type="{http://scap.nist.gov/schema/scap-core/0.1}textType" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "notesType", namespace = "http://scap.nist.gov/schema/scap-core/0.1", propOrder = {
"notes"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class NotesType {
@XmlElement(name = "note", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<TextType2> notes;
/**
* Gets the value of the notes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the notes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getNotes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link TextType2 }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<TextType2> getNotes() {
if (notes == null) {
notes = new ArrayList<TextType2>();
}
return this.notes;
}
}

155
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Nvd.java
View File

@@ -1,155 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* <p>Java class for anonymous complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element ref="{http://scap.nist.gov/schema/feed/vulnerability/2.0}entry" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="nvd_xml_version" use="required" type="{http://www.w3.org/2001/XMLSchema}decimal" />
* &lt;attribute name="pub_date" use="required" type="{http://www.w3.org/2001/XMLSchema}dateTime" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
"entries"
})
@XmlRootElement(name = "nvd", namespace = "http://scap.nist.gov/schema/feed/vulnerability/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class Nvd {
@XmlElement(name = "entry", namespace = "http://scap.nist.gov/schema/feed/vulnerability/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<VulnerabilityType> entries;
@XmlAttribute(name = "nvd_xml_version", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal nvdXmlVersion;
@XmlAttribute(name = "pub_date", required = true)
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar pubDate;
/**
* A CVE entry.Gets the value of the entries property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the entries property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getEntries().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link VulnerabilityType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<VulnerabilityType> getEntries() {
if (entries == null) {
entries = new ArrayList<VulnerabilityType>();
}
return this.entries;
}
/**
* Gets the value of the nvdXmlVersion property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getNvdXmlVersion() {
return nvdXmlVersion;
}
/**
* Sets the value of the nvdXmlVersion property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setNvdXmlVersion(BigDecimal value) {
this.nvdXmlVersion = value;
}
/**
* Gets the value of the pubDate property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getPubDate() {
return pubDate;
}
/**
* Sets the value of the pubDate property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPubDate(XMLGregorianCalendar value) {
this.pubDate = value;
}
}

423
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ObjectFactory.java
View File

@@ -1,423 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.xml.bind.JAXBElement;
import javax.xml.bind.annotation.XmlElementDecl;
import javax.xml.bind.annotation.XmlRegistry;
import javax.xml.namespace.QName;
/**
* This object contains factory methods for each Java content interface and Java
* element interface generated in the
* org.codesecure.dependencycheck.data.nvdcve.generated package. <p>An
* ObjectFactory allows you to programatically construct new instances of the
* Java representation for XML content. The Java representation of XML content
* can consist of schema derived interfaces and classes representing the binding
* of schema type definitions, element declarations and model groups. Factory
* methods for each of these are provided in this class.
*
*/
@XmlRegistry
public class ObjectFactory {
private final static QName _Entry_QNAME = new QName("http://scap.nist.gov/schema/feed/vulnerability/2.0", "entry");
private final static QName _Vulnerability_QNAME = new QName("http://scap.nist.gov/schema/vulnerability/0.4", "vulnerability");
private final static QName _SearchableCpeReferencesTypeCpeName_QNAME = new QName("http://scap.nist.gov/schema/scap-core/0.1", "cpe-name");
private final static QName _SearchableCpeReferencesTypeCpeSearchableName_QNAME = new QName("http://scap.nist.gov/schema/scap-core/0.1", "cpe-searchable-name");
/**
* Create a new ObjectFactory that can be used to create new instances of
* schema derived classes for package:
* org.codesecure.dependencycheck.data.nvdcve.generated
*
*/
public ObjectFactory() {
}
/**
* Create an instance of {@link AccessComplexityType }
*
*/
public AccessComplexityType createAccessComplexityType() {
return new AccessComplexityType();
}
/**
* Create an instance of {@link ExploitabilityType }
*
*/
public ExploitabilityType createExploitabilityType() {
return new ExploitabilityType();
}
/**
* Create an instance of {@link ConfidenceType }
*
*/
public ConfidenceType createConfidenceType() {
return new ConfidenceType();
}
/**
* Create an instance of {@link TemporalMetricsType }
*
*/
public TemporalMetricsType createTemporalMetricsType() {
return new TemporalMetricsType();
}
/**
* Create an instance of {@link FactRefType }
*
*/
public FactRefType createFactRefType() {
return new FactRefType();
}
/**
* Create an instance of {@link VulnerableSoftwareType }
*
*/
public VulnerableSoftwareType createVulnerableSoftwareType() {
return new VulnerableSoftwareType();
}
/**
* Create an instance of {@link CveType }
*
*/
public CveType createCveType() {
return new CveType();
}
/**
* Create an instance of {@link AssociatedExploitLocationType }
*
*/
public AssociatedExploitLocationType createAssociatedExploitLocationType() {
return new AssociatedExploitLocationType();
}
/**
* Create an instance of {@link SearchableCpeReferencesType }
*
*/
public SearchableCpeReferencesType createSearchableCpeReferencesType() {
return new SearchableCpeReferencesType();
}
/**
* Create an instance of {@link CvssImpactType }
*
*/
public CvssImpactType createCvssImpactType() {
return new CvssImpactType();
}
/**
* Create an instance of {@link CweReferenceType }
*
*/
public CweReferenceType createCweReferenceType() {
return new CweReferenceType();
}
/**
* Create an instance of {@link CceParameterType }
*
*/
public CceParameterType createCceParameterType() {
return new CceParameterType();
}
/**
* Create an instance of {@link FixActionType }
*
*/
public FixActionType createFixActionType() {
return new FixActionType();
}
/**
* Create an instance of {@link OsvdbExtensionType }
*
*/
public OsvdbExtensionType createOsvdbExtensionType() {
return new OsvdbExtensionType();
}
/**
* Create an instance of {@link CheckSearchType }
*
*/
public CheckSearchType createCheckSearchType() {
return new CheckSearchType();
}
/**
* Create an instance of {@link RemediationLevelType }
*
*/
public RemediationLevelType createRemediationLevelType() {
return new RemediationLevelType();
}
/**
* Create an instance of {@link ToolConfigurationType }
*
*/
public ToolConfigurationType createToolConfigurationType() {
return new ToolConfigurationType();
}
/**
* Create an instance of {@link TextType1 }
*
*/
public TextType1 createTextType1() {
return new TextType1();
}
/**
* Create an instance of {@link PlatformSpecification }
*
*/
public PlatformSpecification createPlatformSpecification() {
return new PlatformSpecification();
}
/**
* Create an instance of {@link NotesType }
*
*/
public NotesType createNotesType() {
return new NotesType();
}
/**
* Create an instance of {@link CollateralDamagePotentialType }
*
*/
public CollateralDamagePotentialType createCollateralDamagePotentialType() {
return new CollateralDamagePotentialType();
}
/**
* Create an instance of {@link BaseMetricsType }
*
*/
public BaseMetricsType createBaseMetricsType() {
return new BaseMetricsType();
}
/**
* Create an instance of {@link CheckReferenceType }
*
*/
public CheckReferenceType createCheckReferenceType() {
return new CheckReferenceType();
}
/**
* Create an instance of {@link ReferenceType }
*
*/
public ReferenceType createReferenceType() {
return new ReferenceType();
}
/**
* Create an instance of {@link VulnerabilityReferenceType }
*
*/
public VulnerabilityReferenceType createVulnerabilityReferenceType() {
return new VulnerabilityReferenceType();
}
/**
* Create an instance of {@link CiaRequirementType }
*
*/
public CiaRequirementType createCiaRequirementType() {
return new CiaRequirementType();
}
/**
* Create an instance of {@link CvssType }
*
*/
public CvssType createCvssType() {
return new CvssType();
}
/**
* Create an instance of {@link TargetDistributionType }
*
*/
public TargetDistributionType createTargetDistributionType() {
return new TargetDistributionType();
}
/**
* Create an instance of {@link VulnerabilityType }
*
*/
public VulnerabilityType createVulnerabilityType() {
return new VulnerabilityType();
}
/**
* Create an instance of {@link Nvd }
*
*/
public Nvd createNvd() {
return new Nvd();
}
/**
* Create an instance of {@link Patch }
*
*/
public Patch createPatch() {
return new Patch();
}
/**
* Create an instance of {@link EnvironmentalMetricsType }
*
*/
public EnvironmentalMetricsType createEnvironmentalMetricsType() {
return new EnvironmentalMetricsType();
}
/**
* Create an instance of {@link LogicalTest }
*
*/
public LogicalTest createLogicalTest() {
return new LogicalTest();
}
/**
* Create an instance of {@link TextType2 }
*
*/
public TextType2 createTextType2() {
return new TextType2();
}
/**
* Create an instance of {@link AccessVectorType }
*
*/
public AccessVectorType createAccessVectorType() {
return new AccessVectorType();
}
/**
* Create an instance of {@link AuthenticationType }
*
*/
public AuthenticationType createAuthenticationType() {
return new AuthenticationType();
}
/**
* Create an instance of {@link Patch.References }
*
*/
public Patch.References createPatchReferences() {
return new Patch.References();
}
/**
* Create an instance of {@link TagType }
*
*/
public TagType createTagType() {
return new TagType();
}
/**
* Create an instance of {@link CceType }
*
*/
public CceType createCceType() {
return new CceType();
}
/**
* Create an instance of {@link PlatformType }
*
*/
public PlatformType createPlatformType() {
return new PlatformType();
}
/**
* Create an instance of {@link CiaType }
*
*/
public CiaType createCiaType() {
return new CiaType();
}
/**
* Create an instance of {@link JAXBElement }{@code <}{@link VulnerabilityType }{@code >}}
*
*/
@XmlElementDecl(namespace = "http://scap.nist.gov/schema/feed/vulnerability/2.0", name = "entry")
public JAXBElement<VulnerabilityType> createEntry(VulnerabilityType value) {
return new JAXBElement<VulnerabilityType>(_Entry_QNAME, VulnerabilityType.class, null, value);
}
/**
* Create an instance of {@link JAXBElement }{@code <}{@link VulnerabilityType }{@code >}}
*
*/
@XmlElementDecl(namespace = "http://scap.nist.gov/schema/vulnerability/0.4", name = "vulnerability")
public JAXBElement<VulnerabilityType> createVulnerability(VulnerabilityType value) {
return new JAXBElement<VulnerabilityType>(_Vulnerability_QNAME, VulnerabilityType.class, null, value);
}
/**
* Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
*
*/
@XmlElementDecl(namespace = "http://scap.nist.gov/schema/scap-core/0.1", name = "cpe-name", scope = SearchableCpeReferencesType.class)
public JAXBElement<String> createSearchableCpeReferencesTypeCpeName(String value) {
return new JAXBElement<String>(_SearchableCpeReferencesTypeCpeName_QNAME, String.class, SearchableCpeReferencesType.class, value);
}
/**
* Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}
*
*/
@XmlElementDecl(namespace = "http://scap.nist.gov/schema/scap-core/0.1", name = "cpe-searchable-name", scope = SearchableCpeReferencesType.class)
public JAXBElement<String> createSearchableCpeReferencesTypeCpeSearchableName(String value) {
return new JAXBElement<String>(_SearchableCpeReferencesTypeCpeSearchableName_QNAME, String.class, SearchableCpeReferencesType.class, value);
}
}

61
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OperatorEnumeration.java
View File

@@ -1,61 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for operatorEnumeration.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="operatorEnumeration">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}string">
* &lt;enumeration value="AND"/>
* &lt;enumeration value="OR"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "operatorEnumeration", namespace = "http://cpe.mitre.org/language/2.0")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum OperatorEnumeration {
AND,
OR;
public String value() {
return name();
}
public static OperatorEnumeration fromValue(String v) {
return valueOf(v);
}
}

87
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OsvdbExtensionType.java
View File

@@ -1,87 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for osvdbExtensionType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="osvdbExtensionType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="exploit-location" type="{http://scap.nist.gov/schema/vulnerability/0.4}associatedExploitLocationType"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "osvdbExtensionType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"exploitLocation"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class OsvdbExtensionType {
@XmlElement(name = "exploit-location", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected AssociatedExploitLocationType exploitLocation;
/**
* Gets the value of the exploitLocation property.
*
* @return possible object is
* {@link AssociatedExploitLocationType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public AssociatedExploitLocationType getExploitLocation() {
return exploitLocation;
}
/**
* Sets the value of the exploitLocation property.
*
* @param value allowed object is
* {@link AssociatedExploitLocationType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExploitLocation(AssociatedExploitLocationType value) {
this.exploitLocation = value;
}
}

414
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Patch.java
View File

@@ -1,414 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for patchType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="patchType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="title" type="{http://scap.nist.gov/schema/scap-core/0.1}textType" minOccurs="0"/>
* &lt;element name="references" minOccurs="0">
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="reference" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* &lt;/element>
* &lt;element name="notes" type="{http://scap.nist.gov/schema/scap-core/0.1}notesType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="check" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="supersedes" type="{http://scap.nist.gov/schema/patch/0.1}patchType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="superseded-by" type="{http://scap.nist.gov/schema/patch/0.1}patchType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="identifier" use="required" type="{http://www.w3.org/2001/XMLSchema}double" />
* &lt;attribute name="name" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
* &lt;attribute name="superseded" use="required" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;attribute name="deprecated" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "patchType", namespace = "http://scap.nist.gov/schema/patch/0.1", propOrder = {
"title",
"references",
"notes",
"checks",
"supersedes",
"supersededBies"
})
@XmlRootElement(name = "patch", namespace = "http://scap.nist.gov/schema/patch/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class Patch {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected TextType2 title;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Patch.References references;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<NotesType> notes;
@XmlElement(name = "check")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CheckReferenceType> checks;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<Patch> supersedes;
@XmlElement(name = "superseded-by")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<Patch> supersededBies;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected double identifier;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
@XmlAttribute(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected boolean superseded;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean deprecated;
/**
* Gets the value of the title property.
*
* @return possible object is
* {@link TextType2 }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public TextType2 getTitle() {
return title;
}
/**
* Sets the value of the title property.
*
* @param value allowed object is
* {@link TextType2 }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTitle(TextType2 value) {
this.title = value;
}
/**
* Gets the value of the references property.
*
* @return possible object is
* {@link Patch.References }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Patch.References getReferences() {
return references;
}
/**
* Sets the value of the references property.
*
* @param value allowed object is
* {@link Patch.References }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReferences(Patch.References value) {
this.references = value;
}
/**
* Gets the value of the notes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the notes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getNotes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link NotesType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<NotesType> getNotes() {
if (notes == null) {
notes = new ArrayList<NotesType>();
}
return this.notes;
}
/**
* Gets the value of the checks property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the checks property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getChecks().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CheckReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CheckReferenceType> getChecks() {
if (checks == null) {
checks = new ArrayList<CheckReferenceType>();
}
return this.checks;
}
/**
* Gets the value of the supersedes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the supersedes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getSupersedes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link Patch }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Patch> getSupersedes() {
if (supersedes == null) {
supersedes = new ArrayList<Patch>();
}
return this.supersedes;
}
/**
* Gets the value of the supersededBies property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the supersededBies property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getSupersededBies().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link Patch }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Patch> getSupersededBies() {
if (supersededBies == null) {
supersededBies = new ArrayList<Patch>();
}
return this.supersededBies;
}
/**
* Gets the value of the identifier property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public double getIdentifier() {
return identifier;
}
/**
* Sets the value of the identifier property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setIdentifier(double value) {
this.identifier = value;
}
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
/**
* Gets the value of the superseded property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isSuperseded() {
return superseded;
}
/**
* Sets the value of the superseded property.
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSuperseded(boolean value) {
this.superseded = value;
}
/**
* Gets the value of the deprecated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isDeprecated() {
return deprecated;
}
/**
* Sets the value of the deprecated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDeprecated(Boolean value) {
this.deprecated = value;
}
/**
* <p>Java class for anonymous complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="reference" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
"references"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public static class References {
@XmlElement(name = "reference", namespace = "http://scap.nist.gov/schema/patch/0.1", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> references;
/**
* Gets the value of the references property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list
* will be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the references property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getReferences().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getReferences() {
if (references == null) {
references = new ArrayList<ReferenceType>();
}
return this.references;
}
}
}

94
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformSpecification.java
View File

@@ -1,94 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for anonymous complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="platform" type="{http://cpe.mitre.org/language/2.0}PlatformType" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
"platforms"
})
@XmlRootElement(name = "platform-specification", namespace = "http://cpe.mitre.org/language/2.0")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class PlatformSpecification {
@XmlElement(name = "platform", namespace = "http://cpe.mitre.org/language/2.0", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<PlatformType> platforms;
/**
* Gets the value of the platforms property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the platforms property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getPlatforms().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link PlatformType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<PlatformType> getPlatforms() {
if (platforms == null) {
platforms = new ArrayList<PlatformType>();
}
return this.platforms;
}
}

190
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformType.java
View File

@@ -1,190 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
/**
* The optional remark element may appear as a child of a platform element. It
* provides some additional description. Zero or more remark elements may
* appear. To support uses intended for multiple languages, this element
* supports the <20>xml:lang<6E> attribute. There can be multiple remarks for a single
* language.
*
* <p>Java class for PlatformType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="PlatformType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="title" type="{http://cpe.mitre.org/language/2.0}TextType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="remark" type="{http://cpe.mitre.org/language/2.0}TextType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="logical-test" type="{http://cpe.mitre.org/language/2.0}LogicalTestType"/>
* &lt;/sequence>
* &lt;attribute name="id" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "PlatformType", namespace = "http://cpe.mitre.org/language/2.0", propOrder = {
"titles",
"remarks",
"logicalTest"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class PlatformType {
@XmlElement(name = "title")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<TextType1> titles;
@XmlElement(name = "remark")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<TextType1> remarks;
@XmlElement(name = "logical-test", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected LogicalTest logicalTest;
@XmlAttribute(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the titles property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the titles property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getTitles().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link TextType1 }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<TextType1> getTitles() {
if (titles == null) {
titles = new ArrayList<TextType1>();
}
return this.titles;
}
/**
* Gets the value of the remarks property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the remarks property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getRemarks().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link TextType1 }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<TextType1> getRemarks() {
if (remarks == null) {
remarks = new ArrayList<TextType1>();
}
return this.remarks;
}
/**
* Gets the value of the logicalTest property.
*
* @return possible object is
* {@link LogicalTest }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public LogicalTest getLogicalTest() {
return logicalTest;
}
/**
* Sets the value of the logicalTest property.
*
* @param value allowed object is
* {@link LogicalTest }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLogicalTest(LogicalTest value) {
this.logicalTest = value;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

92
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ReferenceType.java
View File

@@ -1,92 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
/**
* Type for a reference in the description of a CPE item. This would normally be
* used to point to extra descriptive material, or the supplier's web site, or
* the platform documentation. It consists of a piece of text (intended to be
* human-readable) and a URI (intended to be a URL, and point to a real
* resource).
*
* <p>Java class for referenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="referenceType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/scap-core/0.1>textType">
* &lt;attribute name="href" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "referenceType", namespace = "http://scap.nist.gov/schema/scap-core/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class ReferenceType
extends TextType2 {
@XmlAttribute
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String href;
/**
* Gets the value of the href property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getHref() {
return href;
}
/**
* Sets the value of the href property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setHref(String value) {
this.href = value;
}
}

67
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelEnumType.java
View File

@@ -1,67 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for remediationLevelEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="remediationLevelEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="OFFICIAL_FIX"/>
* &lt;enumeration value="TEMPORARY_FIX"/>
* &lt;enumeration value="WORKAROUND"/>
* &lt;enumeration value="UNAVAILABLE"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "remediationLevelEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum RemediationLevelEnumType {
OFFICIAL_FIX,
TEMPORARY_FIX,
WORKAROUND,
UNAVAILABLE,
NOT_DEFINED;
public String value() {
return name();
}
public static RemediationLevelEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for remediationLevelType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="remediationLevelType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>remediationLevelEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "remediationLevelType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class RemediationLevelType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected RemediationLevelEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link RemediationLevelEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public RemediationLevelEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link RemediationLevelEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(RemediationLevelEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

98
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SearchableCpeReferencesType.java
View File

@@ -1,98 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElementRef;
import javax.xml.bind.annotation.XmlElementRefs;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for searchableCpeReferencesType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="searchableCpeReferencesType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;group ref="{http://scap.nist.gov/schema/scap-core/0.1}cpeReferenceGroup" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "searchableCpeReferencesType", namespace = "http://scap.nist.gov/schema/scap-core/0.1", propOrder = {
"cpeNamesAndCpeSearchableNames"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class SearchableCpeReferencesType {
@XmlElementRefs({
@XmlElementRef(name = "cpe-searchable-name", namespace = "http://scap.nist.gov/schema/scap-core/0.1", type = JAXBElement.class),
@XmlElementRef(name = "cpe-name", namespace = "http://scap.nist.gov/schema/scap-core/0.1", type = JAXBElement.class)
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<JAXBElement<String>> cpeNamesAndCpeSearchableNames;
/**
* Gets the value of the cpeNamesAndCpeSearchableNames property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the cpeNamesAndCpeSearchableNames property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getCpeNamesAndCpeSearchableNames().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link JAXBElement }{@code <}{@link String }{@code >}
* {@link JAXBElement }{@code <}{@link String }{@code >}
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<JAXBElement<String>> getCpeNamesAndCpeSearchableNames() {
if (cpeNamesAndCpeSearchableNames == null) {
cpeNamesAndCpeSearchableNames = new ArrayList<JAXBElement<String>>();
}
return this.cpeNamesAndCpeSearchableNames;
}
}

71
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SecurityProtectionType.java
View File

@@ -1,71 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for securityProtectionType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="securityProtectionType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="ALLOWS_ADMIN_ACCESS"/>
* &lt;enumeration value="ALLOWS_USER_ACCESS"/>
* &lt;enumeration value="ALLOWS_OTHER_ACCESS"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "securityProtectionType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum SecurityProtectionType {
/**
* gain administrative access
*
*/
ALLOWS_ADMIN_ACCESS,
/**
* gain user access
*
*/
ALLOWS_USER_ACCESS,
ALLOWS_OTHER_ACCESS;
public String value() {
return name();
}
public static SecurityProtectionType fromValue(String v) {
return valueOf(v);
}
}

118
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TagType.java
View File

@@ -1,118 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
* <p>Java class for tagType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="tagType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;attribute name="name" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;attribute name="value" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "tagType", namespace = "http://scap.nist.gov/schema/scap-core/0.1")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TagType {
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@XmlSchemaType(name = "token")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String value;
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(String value) {
this.value = value;
}
}

67
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionEnumType.java
View File

@@ -1,67 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for targetDistributionEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="targetDistributionEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="NONE"/>
* &lt;enumeration value="LOW"/>
* &lt;enumeration value="MEDIUM"/>
* &lt;enumeration value="HIGH"/>
* &lt;enumeration value="NOT_DEFINED"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "targetDistributionEnumType")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum TargetDistributionEnumType {
NONE,
LOW,
MEDIUM,
HIGH,
NOT_DEFINED;
public String value() {
return name();
}
public static TargetDistributionEnumType fromValue(String v) {
return valueOf(v);
}
}

117
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionType.java
View File

@@ -1,117 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* <p>Java class for targetDistributionType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="targetDistributionType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://scap.nist.gov/schema/cvss-v2/0.2>targetDistributionEnumType">
* &lt;attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "targetDistributionType", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TargetDistributionType {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected TargetDistributionEnumType value;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean approximated;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link TargetDistributionEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public TargetDistributionEnumType getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link TargetDistributionEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(TargetDistributionEnumType value) {
this.value = value;
}
/**
* Gets the value of the approximated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public boolean isApproximated() {
if (approximated == null) {
return false;
} else {
return approximated;
}
}
/**
* Sets the value of the approximated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setApproximated(Boolean value) {
this.approximated = value;
}
}

263
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TemporalMetricsType.java
View File

@@ -1,263 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.math.BigDecimal;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* <p>Java class for temporalMetricsType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="temporalMetricsType">
* &lt;complexContent>
* &lt;extension base="{http://scap.nist.gov/schema/cvss-v2/0.2}metricsType">
* &lt;sequence>
* &lt;element name="score" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
* &lt;element name="temporal-multiplier" type="{http://www.w3.org/2001/XMLSchema}decimal" minOccurs="0"/>
* &lt;group ref="{http://scap.nist.gov/schema/cvss-v2/0.2}temporalVectorsGroup"/>
* &lt;element name="source" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
* &lt;element name="generated-on-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime"/>
* &lt;/sequence>
* &lt;/extension>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "temporalMetricsType", propOrder = {
"score",
"temporalMultiplier",
"exploitability",
"remediationLevel",
"reportConfidence",
"source",
"generatedOnDatetime"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TemporalMetricsType
extends MetricsType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal score;
@XmlElement(name = "temporal-multiplier")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected BigDecimal temporalMultiplier;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ExploitabilityType exploitability;
@XmlElement(name = "remediation-level")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected RemediationLevelType remediationLevel;
@XmlElement(name = "report-confidence")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ConfidenceType reportConfidence;
@XmlElement(required = true)
@XmlSchemaType(name = "anyURI")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
@XmlElement(name = "generated-on-datetime", required = true)
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar generatedOnDatetime;
/**
* Gets the value of the score property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getScore() {
return score;
}
/**
* Sets the value of the score property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setScore(BigDecimal value) {
this.score = value;
}
/**
* Gets the value of the temporalMultiplier property.
*
* @return possible object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BigDecimal getTemporalMultiplier() {
return temporalMultiplier;
}
/**
* Sets the value of the temporalMultiplier property.
*
* @param value allowed object is
* {@link BigDecimal }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTemporalMultiplier(BigDecimal value) {
this.temporalMultiplier = value;
}
/**
* Gets the value of the exploitability property.
*
* @return possible object is
* {@link ExploitabilityType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ExploitabilityType getExploitability() {
return exploitability;
}
/**
* Sets the value of the exploitability property.
*
* @param value allowed object is
* {@link ExploitabilityType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExploitability(ExploitabilityType value) {
this.exploitability = value;
}
/**
* Gets the value of the remediationLevel property.
*
* @return possible object is
* {@link RemediationLevelType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public RemediationLevelType getRemediationLevel() {
return remediationLevel;
}
/**
* Sets the value of the remediationLevel property.
*
* @param value allowed object is
* {@link RemediationLevelType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setRemediationLevel(RemediationLevelType value) {
this.remediationLevel = value;
}
/**
* Gets the value of the reportConfidence property.
*
* @return possible object is
* {@link ConfidenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ConfidenceType getReportConfidence() {
return reportConfidence;
}
/**
* Sets the value of the reportConfidence property.
*
* @param value allowed object is
* {@link ConfidenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReportConfidence(ConfidenceType value) {
this.reportConfidence = value;
}
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
/**
* Gets the value of the generatedOnDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getGeneratedOnDatetime() {
return generatedOnDatetime;
}
/**
* Sets the value of the generatedOnDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGeneratedOnDatetime(XMLGregorianCalendar value) {
this.generatedOnDatetime = value;
}
}

116
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType1.java
View File

@@ -1,116 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* This type allows the xml:lang attribute to associate a specific language with
* an element's string content.
*
* <p>Java class for TextType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="TextType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
* &lt;attribute ref="{http://www.w3.org/XML/1998/namespace}lang"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "TextType", namespace = "http://cpe.mitre.org/language/2.0", propOrder = {
"value"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TextType1 {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String value;
@XmlAttribute(namespace = "http://www.w3.org/XML/1998/namespace")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String lang;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(String value) {
this.value = value;
}
/**
* Gets the value of the lang property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getLang() {
return lang;
}
/**
* Sets the value of the lang property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLang(String value) {
this.lang = value;
}
}

120
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType2.java
View File

@@ -1,120 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlSeeAlso;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.XmlValue;
/**
* This type allows the xml:lang attribute to associate a specific language with
* an element's string content.
*
* <p>Java class for textType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="textType">
* &lt;simpleContent>
* &lt;extension base="&lt;http://www.w3.org/2001/XMLSchema>string">
* &lt;attribute ref="{http://www.w3.org/XML/1998/namespace}lang"/>
* &lt;/extension>
* &lt;/simpleContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "textType", namespace = "http://scap.nist.gov/schema/scap-core/0.1", propOrder = {
"value"
})
@XmlSeeAlso({
ReferenceType.class
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class TextType2 {
@XmlValue
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String value;
@XmlAttribute(namespace = "http://www.w3.org/XML/1998/namespace")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String lang;
/**
* Gets the value of the value property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getValue() {
return value;
}
/**
* Sets the value of the value property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(String value) {
this.value = value;
}
/**
* Gets the value of the lang property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getLang() {
return lang;
}
/**
* Sets the value of the lang property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLang(String value) {
this.lang = value;
}
}

120
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ToolConfigurationType.java
View File

@@ -1,120 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for toolConfigurationType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="toolConfigurationType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="name" type="{http://scap.nist.gov/schema/scap-core/0.1}cpeNamePatternType" minOccurs="0"/>
* &lt;element name="definition" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "toolConfigurationType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"name",
"definitions"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class ToolConfigurationType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String name;
@XmlElement(name = "definition")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CheckReferenceType> definitions;
/**
* Gets the value of the name property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
return name;
}
/**
* Sets the value of the name property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
this.name = value;
}
/**
* Gets the value of the definitions property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the definitions property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getDefinitions().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CheckReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CheckReferenceType> getDefinitions() {
if (definitions == null) {
definitions = new ArrayList<CheckReferenceType>();
}
return this.definitions;
}
}

71
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceCategoryEnumType.java
View File

@@ -1,71 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for vulnerabilityReferenceCategoryEnumType.
*
* <p>The following schema fragment specifies the expected content contained
* within this class. <p>
* <pre>
* &lt;simpleType name="vulnerabilityReferenceCategoryEnumType">
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}token">
* &lt;enumeration value="PATCH"/>
* &lt;enumeration value="VENDOR_ADVISORY"/>
* &lt;enumeration value="THIRD_PARTY_ADVISORY"/>
* &lt;enumeration value="SIGNATURE_SOURCE"/>
* &lt;enumeration value="MITIGATION_PROCEDURE"/>
* &lt;enumeration value="TOOL_CONFIGURATION_DESCRIPTION"/>
* &lt;enumeration value="UNKNOWN"/>
* &lt;/restriction>
* &lt;/simpleType>
* </pre>
*
*/
@XmlType(name = "vulnerabilityReferenceCategoryEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlEnum
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public enum VulnerabilityReferenceCategoryEnumType {
PATCH,
VENDOR_ADVISORY,
THIRD_PARTY_ADVISORY,
SIGNATURE_SOURCE,
MITIGATION_PROCEDURE,
TOOL_CONFIGURATION_DESCRIPTION,
UNKNOWN;
public String value() {
return name();
}
public static VulnerabilityReferenceCategoryEnumType fromValue(String v) {
return valueOf(v);
}
}

236
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceType.java
View File

@@ -1,236 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* Extends the base "reference" class by adding the ability to specify which
* kind (within the vulnerability model) of reference it is. See
* "Vulnerability_Reference_Category_List" enumeration.
*
* <p>Java class for vulnerabilityReferenceType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="vulnerabilityReferenceType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="source" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
* &lt;element name="reference" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType"/>
* &lt;element name="notes" type="{http://scap.nist.gov/schema/scap-core/0.1}notesType" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute ref="{http://www.w3.org/XML/1998/namespace}lang default="en""/>
* &lt;attribute name="reference_type" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityReferenceCategoryEnumType" />
* &lt;attribute name="deprecated" type="{http://www.w3.org/2001/XMLSchema}boolean" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "vulnerabilityReferenceType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"source",
"reference",
"notes"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class VulnerabilityReferenceType {
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String source;
@XmlElement(required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected ReferenceType reference;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected NotesType notes;
@XmlAttribute(namespace = "http://www.w3.org/XML/1998/namespace")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String lang;
@XmlAttribute(name = "reference_type", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected VulnerabilityReferenceCategoryEnumType referenceType;
@XmlAttribute
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected Boolean deprecated;
/**
* Gets the value of the source property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSource() {
return source;
}
/**
* Sets the value of the source property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSource(String value) {
this.source = value;
}
/**
* Gets the value of the reference property.
*
* @return possible object is
* {@link ReferenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ReferenceType getReference() {
return reference;
}
/**
* Sets the value of the reference property.
*
* @param value allowed object is
* {@link ReferenceType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReference(ReferenceType value) {
this.reference = value;
}
/**
* Gets the value of the notes property.
*
* @return possible object is
* {@link NotesType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public NotesType getNotes() {
return notes;
}
/**
* Sets the value of the notes property.
*
* @param value allowed object is
* {@link NotesType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setNotes(NotesType value) {
this.notes = value;
}
/**
* Gets the value of the lang property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getLang() {
if (lang == null) {
return "en";
} else {
return lang;
}
}
/**
* Sets the value of the lang property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLang(String value) {
this.lang = value;
}
/**
* Gets the value of the referenceType property.
*
* @return possible object is
* {@link VulnerabilityReferenceCategoryEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public VulnerabilityReferenceCategoryEnumType getReferenceType() {
return referenceType;
}
/**
* Sets the value of the referenceType property.
*
* @param value allowed object is
* {@link VulnerabilityReferenceCategoryEnumType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReferenceType(VulnerabilityReferenceCategoryEnumType value) {
this.referenceType = value;
}
/**
* Gets the value of the deprecated property.
*
* @return possible object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isDeprecated() {
return deprecated;
}
/**
* Sets the value of the deprecated property.
*
* @param value allowed object is
* {@link Boolean }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDeprecated(Boolean value) {
this.deprecated = value;
}
}

703
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityType.java
View File

@@ -1,703 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.*;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
import javax.xml.datatype.XMLGregorianCalendar;
/**
* TODO: Low priority: Add reference to notes type to allow analysts, vendor and
* other comments. Add source attribute. Maybe categorization?
*
* <p>Java class for vulnerabilityType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="vulnerabilityType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="osvdb-ext" type="{http://scap.nist.gov/schema/vulnerability/0.4}osvdbExtensionType" minOccurs="0"/>
* &lt;element name="vulnerable-configuration" type="{http://cpe.mitre.org/language/2.0}PlatformType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="vulnerable-software-list" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerableSoftwareType" minOccurs="0"/>
* &lt;choice minOccurs="0">
* &lt;element name="cve-id" type="{http://scap.nist.gov/schema/cve/0.1}cveNamePatternType"/>
* &lt;element name="cce-id" type="{http://scap.nist.gov/schema/cce/0.1}cceNamePatternType"/>
* &lt;/choice>
* &lt;element name="discovered-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="disclosure-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="exploit-publish-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="published-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="last-modified-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
* &lt;element name="cvss" type="{http://scap.nist.gov/schema/cvss-v2/0.2}cvssImpactType" minOccurs="0"/>
* &lt;element name="security-protection" type="{http://scap.nist.gov/schema/vulnerability/0.4}securityProtectionType" minOccurs="0"/>
* &lt;element name="assessment_check" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="cwe" type="{http://scap.nist.gov/schema/vulnerability/0.4}cweReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="references" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityReferenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="fix_action" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="scanner" type="{http://scap.nist.gov/schema/vulnerability/0.4}toolConfigurationType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="summary" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
* &lt;element name="technical_description" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;element name="attack_scenario" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
* &lt;/sequence>
* &lt;attribute name="id" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityIdType" />
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlRootElement(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"osvdbExt",
"vulnerableConfigurations",
"vulnerableSoftwareList",
"cceId",
"cveId",
"discoveredDatetime",
"disclosureDatetime",
"exploitPublishDatetime",
"publishedDatetime",
"lastModifiedDatetime",
"cvss",
"securityProtection",
"assessmentChecks",
"cwes",
"references",
"fixActions",
"scanners",
"summary",
"technicalDescriptions",
"attackScenarios"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class VulnerabilityType {
@XmlElement(name = "osvdb-ext")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected OsvdbExtensionType osvdbExt;
@XmlElement(name = "vulnerable-configuration")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<PlatformType> vulnerableConfigurations;
@XmlElement(name = "vulnerable-software-list")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected VulnerableSoftwareType vulnerableSoftwareList;
@XmlElement(name = "cce-id")
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String cceId;
@XmlElement(name = "cve-id")
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String cveId;
@XmlElement(name = "discovered-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar discoveredDatetime;
@XmlElement(name = "disclosure-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar disclosureDatetime;
@XmlElement(name = "exploit-publish-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar exploitPublishDatetime;
@XmlElement(name = "published-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar publishedDatetime;
@XmlElement(name = "last-modified-datetime")
@XmlSchemaType(name = "dateTime")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected XMLGregorianCalendar lastModifiedDatetime;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected CvssImpactType cvss;
@XmlElement(name = "security-protection")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected SecurityProtectionType securityProtection;
@XmlElement(name = "assessment_check")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CheckReferenceType> assessmentChecks;
@XmlElement(name = "cwe")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<CweReferenceType> cwes;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<VulnerabilityReferenceType> references;
@XmlElement(name = "fix_action")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<FixActionType> fixActions;
@XmlElement(name = "scanner")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ToolConfigurationType> scanners;
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String summary;
@XmlElement(name = "technical_description")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> technicalDescriptions;
@XmlElement(name = "attack_scenario")
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<ReferenceType> attackScenarios;
@XmlAttribute(required = true)
@XmlJavaTypeAdapter(CollapsedStringAdapter.class)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected String id;
/**
* Gets the value of the osvdbExt property.
*
* @return possible object is
* {@link OsvdbExtensionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public OsvdbExtensionType getOsvdbExt() {
return osvdbExt;
}
/**
* Sets the value of the osvdbExt property.
*
* @param value allowed object is
* {@link OsvdbExtensionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOsvdbExt(OsvdbExtensionType value) {
this.osvdbExt = value;
}
/**
* Gets the value of the vulnerableConfigurations property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the vulnerableConfigurations property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getVulnerableConfigurations().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link PlatformType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<PlatformType> getVulnerableConfigurations() {
if (vulnerableConfigurations == null) {
vulnerableConfigurations = new ArrayList<PlatformType>();
}
return this.vulnerableConfigurations;
}
/**
* Gets the value of the vulnerableSoftwareList property.
*
* @return possible object is
* {@link VulnerableSoftwareType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public VulnerableSoftwareType getVulnerableSoftwareList() {
return vulnerableSoftwareList;
}
/**
* Sets the value of the vulnerableSoftwareList property.
*
* @param value allowed object is
* {@link VulnerableSoftwareType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVulnerableSoftwareList(VulnerableSoftwareType value) {
this.vulnerableSoftwareList = value;
}
/**
* Gets the value of the cceId property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getCceId() {
return cceId;
}
/**
* Sets the value of the cceId property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setCceId(String value) {
this.cceId = value;
}
/**
* Gets the value of the cveId property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getCveId() {
return cveId;
}
/**
* Sets the value of the cveId property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setCveId(String value) {
this.cveId = value;
}
/**
* Gets the value of the discoveredDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getDiscoveredDatetime() {
return discoveredDatetime;
}
/**
* Sets the value of the discoveredDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDiscoveredDatetime(XMLGregorianCalendar value) {
this.discoveredDatetime = value;
}
/**
* Gets the value of the disclosureDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getDisclosureDatetime() {
return disclosureDatetime;
}
/**
* Sets the value of the disclosureDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDisclosureDatetime(XMLGregorianCalendar value) {
this.disclosureDatetime = value;
}
/**
* Gets the value of the exploitPublishDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getExploitPublishDatetime() {
return exploitPublishDatetime;
}
/**
* Sets the value of the exploitPublishDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExploitPublishDatetime(XMLGregorianCalendar value) {
this.exploitPublishDatetime = value;
}
/**
* Gets the value of the publishedDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getPublishedDatetime() {
return publishedDatetime;
}
/**
* Sets the value of the publishedDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPublishedDatetime(XMLGregorianCalendar value) {
this.publishedDatetime = value;
}
/**
* Gets the value of the lastModifiedDatetime property.
*
* @return possible object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public XMLGregorianCalendar getLastModifiedDatetime() {
return lastModifiedDatetime;
}
/**
* Sets the value of the lastModifiedDatetime property.
*
* @param value allowed object is
* {@link XMLGregorianCalendar }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLastModifiedDatetime(XMLGregorianCalendar value) {
this.lastModifiedDatetime = value;
}
/**
* Gets the value of the cvss property.
*
* @return possible object is
* {@link CvssImpactType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CvssImpactType getCvss() {
return cvss;
}
/**
* Sets the value of the cvss property.
*
* @param value allowed object is
* {@link CvssImpactType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setCvss(CvssImpactType value) {
this.cvss = value;
}
/**
* Gets the value of the securityProtection property.
*
* @return possible object is
* {@link SecurityProtectionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public SecurityProtectionType getSecurityProtection() {
return securityProtection;
}
/**
* Sets the value of the securityProtection property.
*
* @param value allowed object is
* {@link SecurityProtectionType }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSecurityProtection(SecurityProtectionType value) {
this.securityProtection = value;
}
/**
* Gets the value of the assessmentChecks property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the assessmentChecks property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getAssessmentChecks().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CheckReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CheckReferenceType> getAssessmentChecks() {
if (assessmentChecks == null) {
assessmentChecks = new ArrayList<CheckReferenceType>();
}
return this.assessmentChecks;
}
/**
* Gets the value of the cwes property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the cwes property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getCwes().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link CweReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<CweReferenceType> getCwes() {
if (cwes == null) {
cwes = new ArrayList<CweReferenceType>();
}
return this.cwes;
}
/**
* Gets the value of the references property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the references property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getReferences().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link VulnerabilityReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<VulnerabilityReferenceType> getReferences() {
if (references == null) {
references = new ArrayList<VulnerabilityReferenceType>();
}
return this.references;
}
/**
* Gets the value of the fixActions property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the fixActions property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getFixActions().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link FixActionType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<FixActionType> getFixActions() {
if (fixActions == null) {
fixActions = new ArrayList<FixActionType>();
}
return this.fixActions;
}
/**
* Gets the value of the scanners property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the scanners property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getScanners().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ToolConfigurationType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ToolConfigurationType> getScanners() {
if (scanners == null) {
scanners = new ArrayList<ToolConfigurationType>();
}
return this.scanners;
}
/**
* Gets the value of the summary property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSummary() {
return summary;
}
/**
* Sets the value of the summary property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSummary(String value) {
this.summary = value;
}
/**
* Gets the value of the technicalDescriptions property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the technicalDescriptions property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getTechnicalDescriptions().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getTechnicalDescriptions() {
if (technicalDescriptions == null) {
technicalDescriptions = new ArrayList<ReferenceType>();
}
return this.technicalDescriptions;
}
/**
* Gets the value of the attackScenarios property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the attackScenarios property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getAttackScenarios().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link ReferenceType }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReferenceType> getAttackScenarios() {
if (attackScenarios == null) {
attackScenarios = new ArrayList<ReferenceType>();
}
return this.attackScenarios;
}
/**
* Gets the value of the id property.
*
* @return possible object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
return id;
}
/**
* Sets the value of the id property.
*
* @param value allowed object is
* {@link String }
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
this.id = value;
}
}

92
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerableSoftwareType.java
View File

@@ -1,92 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.generated;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
/**
* <p>Java class for vulnerableSoftwareType complex type.
*
* <p>The following schema fragment specifies the expected content contained
* within this class.
*
* <pre>
* &lt;complexType name="vulnerableSoftwareType">
* &lt;complexContent>
* &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
* &lt;sequence>
* &lt;element name="product" type="{http://cpe.mitre.org/language/2.0}namePattern" maxOccurs="unbounded"/>
* &lt;/sequence>
* &lt;/restriction>
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "vulnerableSoftwareType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = {
"products"
})
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public class VulnerableSoftwareType {
@XmlElement(name = "product", required = true)
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
protected List<String> products;
/**
* Gets the value of the products property.
*
* <p> This accessor method returns a reference to the live list, not a
* snapshot. Therefore any modification you make to the returned list will
* be present inside the JAXB object. This is why there is not a
* <CODE>set</CODE> method for the products property.
*
* <p> For example, to add a new item, do as follows:
* <pre>
* getProducts().add(newItem);
* </pre>
*
*
* <p> Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getProducts() {
if (products == null) {
products = new ArrayList<String>();
}
return this.products;
}
}

9
src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/package-info.java
View File

@@ -1,9 +0,0 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.10.21 at 11:58:46 AM EDT
//
@javax.xml.bind.annotation.XmlSchema(namespace = "http://scap.nist.gov/schema/cvss-v2/0.2", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
package org.codesecure.dependencycheck.data.nvdcve.generated;

42
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/EntrySaveDelegate.java
View File

@@ -1,42 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.IOException;
import org.apache.lucene.index.CorruptIndexException;
import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType;
/**
*
* An interface used to define the save function used when parsing the NVD CVE
* XML file.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public interface EntrySaveDelegate {
/**
* Saves a CVE Entry into the Lucene index.
*
* @param vulnerability a CVE entry.
* @throws CorruptIndexException is thrown if the index is corrupt.
* @throws IOException is thrown if an IOException occurs.
*/
void saveEntry(VulnerabilityType vulnerability) throws CorruptIndexException, IOException;
}

627
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/IndexUpdater.java
View File

@@ -1,627 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import org.codesecure.dependencycheck.data.CachedWebDataSource;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.lucene.index.CorruptIndexException;
import org.codesecure.dependencycheck.data.nvdcve.Index;
import org.codesecure.dependencycheck.data.UpdateException;
import org.codesecure.dependencycheck.utils.DownloadFailedException;
import org.codesecure.dependencycheck.utils.Downloader;
import org.codesecure.dependencycheck.utils.FileUtils;
import org.codesecure.dependencycheck.utils.Settings;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class IndexUpdater extends Index implements CachedWebDataSource {
/**
* The name of the properties file containing the timestamp of the last
* update.
*/
private static final String UPDATE_PROPERTIES_FILE = "lastupdated.prop";
/**
* The properties file key for the last updated field - used to store the
* last updated time of the Modified NVD CVE xml file.
*/
private static final String LAST_UPDATED_MODIFIED = "lastupdated.modified";
/**
* Stores the last updated time for each of the NVD CVE files. These
* timestamps should be updated if we process the modified file within 7
* days of the last update.
*/
private static final String LAST_UPDATED_BASE = "lastupdated.";
/**
* The current version of the index
*/
public static final String INDEX_VERSION = "1.1";
/**
* <p>Downloads the latest NVD CVE XML file from the web and imports it into
* the current CVE Index.</p>
*
* @throws UpdateException is thrown if there is an error updating the index
*/
public void update() throws UpdateException {
try {
Map<String, NvdCveUrl> update = updateNeeded();
int maxUpdates = 0;
for (NvdCveUrl cve : update.values()) {
if (cve.getNeedsUpdate()) {
maxUpdates += 1;
}
}
if (maxUpdates > 3) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.WARNING,
"NVD CVE requires several updates; this could take a couple of minutes.");
}
int count = 0;
for (NvdCveUrl cve : update.values()) {
if (cve.getNeedsUpdate()) {
count += 1;
Logger.getLogger(IndexUpdater.class.getName()).log(Level.WARNING,
"Updating NVD CVE ({0} of {1})", new Object[]{count, maxUpdates});
URL url = new URL(cve.getUrl());
File outputPath = null;
try {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.WARNING, "Downloading {0}", cve.getUrl());
outputPath = File.createTempFile("cve" + cve.getId() + "_", ".xml");
Downloader.fetchFile(url, outputPath, false);
Logger.getLogger(IndexUpdater.class.getName()).log(Level.WARNING, "Processing {0}", cve.getUrl());
importXML(outputPath.toString());
Logger.getLogger(IndexUpdater.class.getName()).log(Level.WARNING,
"Completed updated {0} of {1}", new Object[]{count, maxUpdates});
} catch (FileNotFoundException ex) {
//Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} catch (IOException ex) {
//Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} finally {
try {
if (outputPath != null && outputPath.exists()) {
outputPath.delete();
}
} finally {
if (outputPath != null && outputPath.exists()) {
outputPath.deleteOnExit();
}
}
}
}
}
if (maxUpdates >= 1) {
writeLastUpdatedPropertyFile(update);
}
} catch (MalformedURLException ex) {
//Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
} catch (DownloadFailedException ex) {
//Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException(ex);
}
}
/**
* Imports the NVD CVE XML File into the Lucene Index.
*
* @param file containing the path to the NVD CVE XML file.
*/
private void importXML(File file) {
if (!file.exists()) {
file.mkdirs();
}
NvdCveParser indexer = null;
org.codesecure.dependencycheck.data.cpe.xml.Indexer cpeIndexer = null;
try {
indexer = new NvdCveParser();
indexer.openIndexWriter();
//HACK - hack to ensure all CPE data is stored in the index.
cpeIndexer = new org.codesecure.dependencycheck.data.cpe.xml.Indexer();
cpeIndexer.openIndexWriter();
indexer.setCPEIndexer(cpeIndexer);
indexer.parse(file);
} catch (CorruptIndexException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
} finally {
if (indexer != null) {
indexer.close();
}
if (cpeIndexer != null) {
cpeIndexer.close();
}
}
}
// public static void importXML(File file) throws FileNotFoundException, IOException, JAXBException,
// ParserConfigurationException, SAXException {
//
// SAXParserFactory factory = SAXParserFactory.newInstance();
// factory.setNamespaceAware(true);
// XMLReader reader = factory.newSAXParser().getXMLReader();
//
// JAXBContext context = JAXBContext.newInstance("org.codesecure.dependencycheck.data.nvdcve.generated");
// NvdCveXmlFilter filter = new NvdCveXmlFilter(context);
//
// Indexer indexer = new Indexer();
// indexer.openIndexWriter();
//
// filter.registerSaveDelegate(indexer);
//
// reader.setContentHandler(filter);
// Reader fileReader = new FileReader(file);
// InputSource is = new InputSource(fileReader);
// try {
// reader.parse(is);
// } catch (IOException ex) {
// Logger.getLogger(Importer.class.getName()).log(Level.SEVERE, null, ex);
// } catch (SAXException ex) {
// Logger.getLogger(Importer.class.getName()).log(Level.SEVERE, null, ex);
// } finally {
// indexer.close();
// }
// }
/**
* Imports the CPE XML File into the Lucene Index.
*
* @param path the path to the CPE XML file.
*/
private void importXML(String path) {
File f = new File(path);
importXML(f);
}
/**
* Writes a properties file containing the last updated date to the
* VULNERABLE_CPE directory.
*
* @param timeStamp the timestamp to write.
*/
private void writeLastUpdatedPropertyFile(Map<String, NvdCveUrl> updated) throws UpdateException {
String dir;
try {
dir = getDataDirectory().getCanonicalPath();
} catch (IOException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to locate last updated properties file.", ex);
}
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
Properties prop = new Properties();
prop.put("version", INDEX_VERSION);
for (NvdCveUrl cve : updated.values()) {
prop.put(LAST_UPDATED_BASE + cve.id, String.valueOf(cve.getTimestamp()));
}
OutputStream os = null;
try {
os = new FileOutputStream(cveProp);
OutputStreamWriter out = new OutputStreamWriter(os, "UTF-8");
prop.store(out, dir);
} catch (FileNotFoundException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to find last updated properties file.", ex);
} catch (IOException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to update last updated properties file.", ex);
} finally {
if (os != null) {
try {
os.flush();
} catch (IOException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
}
try {
os.close();
} catch (IOException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
}
/**
* Determines if the index needs to be updated. This is done by fetching the
* nvd cve meta data and checking the last update date. If the data needs to
* be refreshed this method will return the NvdCveUrl for the files that
* need to be updated.
*
* @return the NvdCveUrl of the files that need to be updated.
* @throws MalformedURLException is thrown if the URL for the NVD CVE Meta
* data is incorrect.
* @throws DownloadFailedException is thrown if there is an error.
* downloading the nvd cve download data file.
* @throws UpdateException Is thrown if there is an issue with the last updated properties file.
*/
public Map<String, NvdCveUrl> updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
Map<String, NvdCveUrl> currentlyPublished;
try {
currentlyPublished = retrieveCurrentTimestampsFromWeb();
} catch (InvalidDataException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new DownloadFailedException("Unable to retrieve valid timestamp from nvd cve downloads page", ex);
}
if (currentlyPublished == null) {
throw new DownloadFailedException("Unable to retrieve valid timestamp from nvd cve downloads page");
}
String dir;
try {
dir = getDataDirectory().getCanonicalPath();
} catch (IOException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new UpdateException("Unable to locate last updated properties file.", ex);
}
File f = new File(dir);
if (f.exists()) {
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
if (cveProp.exists()) {
Properties prop = new Properties();
InputStream is = null;
try {
is = new FileInputStream(cveProp);
prop.load(is);
boolean deleteAndRecreate = false;
float version = 0;
if (prop.getProperty("version") == null) {
deleteAndRecreate = true;
} else {
try {
version = Float.parseFloat(prop.getProperty("version"));
float currentVersion = Float.parseFloat(INDEX_VERSION);
if (currentVersion > version) {
deleteAndRecreate = true;
}
} catch (NumberFormatException ex) {
deleteAndRecreate = true;
}
}
if (deleteAndRecreate) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.WARNING, "Index version is old. Rebuilding the index.");
is.close();
//this is an old version of the lucene index - just delete it
FileUtils.delete(f);
//this importer also updates the CPE index and it is also using an old version
org.codesecure.dependencycheck.data.cpe.Index cpeidx = new org.codesecure.dependencycheck.data.cpe.Index();
File cpeDir = cpeidx.getDataDirectory();
FileUtils.delete(cpeDir);
return currentlyPublished;
}
long lastUpdated = Long.parseLong(prop.getProperty(LAST_UPDATED_MODIFIED));
Date now = new Date();
int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS);
int maxEntries = Settings.getInt(Settings.KEYS.CVE_URL_COUNT);
if (lastUpdated == currentlyPublished.get("modified").timestamp) {
currentlyPublished.clear(); //we don't need to update anything.
} else if (withinRange(lastUpdated, now.getTime(), days)) {
currentlyPublished.get("modified").setNeedsUpdate(true);
for (int i = 1; i <= maxEntries; i++) {
currentlyPublished.get(String.valueOf(i)).setNeedsUpdate(false);
}
} else { //we figure out which of the several XML files need to be downloaded.
currentlyPublished.get("modified").setNeedsUpdate(false);
for (int i = 1; i <= maxEntries; i++) {
NvdCveUrl cve = currentlyPublished.get(String.valueOf(i));
long currentTimestamp = 0;
try {
currentTimestamp = Long.parseLong(prop.getProperty(LAST_UPDATED_BASE + String.valueOf(i), "0"));
} catch (NumberFormatException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.FINEST, "Error parsing " + LAST_UPDATED_BASE
+ String.valueOf(i) + " from nvdcve.lastupdated", ex);
}
if (currentTimestamp == cve.getTimestamp()) {
cve.setNeedsUpdate(false); //they default to true.
}
}
}
} catch (FileNotFoundException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.FINEST, null, ex);
} catch (IOException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.FINEST, null, ex);
} catch (NumberFormatException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.FINEST, null, ex);
} finally {
if (is != null) {
try {
is.close();
} catch (IOException ex) {
Logger.getLogger(IndexUpdater.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
}
}
return currentlyPublished;
}
/**
* Determines if the epoch date is within the range specified of the
* compareTo epoch time. This takes the (compareTo-date)/1000/60/60/24 to
* get the number of days. If the calculated days is less then the range the
* date is considered valid.
*
* @param date the date to be checked.
* @param compareTo the date to compare to.
* @param range the range in days to be considered valid.
* @return whether or not the date is within the range.
*/
private boolean withinRange(long date, long compareTo, int range) {
double differenceInDays = (compareTo - date) / 1000 / 60 / 60 / 24;
return differenceInDays < range;
}
/**
* Retrieves the timestamps from the NVD CVE meta data file.
*
* @return the timestamp from the currently published nvdcve downloads page
* @throws MalformedURLException is thrown if the URL for the NVD CCE Meta
* data is incorrect.
* @throws DownloadFailedException is thrown if there is an error
* downloading the nvd cve meta data file
* @throws InvalidDataException is thrown if there is an exception parsing
* the timestamps
*/
protected Map<String, NvdCveUrl> retrieveCurrentTimestampsFromWeb() throws MalformedURLException, DownloadFailedException, InvalidDataException {
Map<String, NvdCveUrl> map = new HashMap<String, NvdCveUrl>();
File tmp = null;
try {
tmp = File.createTempFile("cve", "meta");
URL url = new URL(Settings.getString(Settings.KEYS.CVE_META_URL));
Downloader.fetchFile(url, tmp);
String html = readFile(tmp);
String retrieveUrl = Settings.getString(Settings.KEYS.CVE_MODIFIED_URL);
NvdCveUrl cve = createNvdCveUrl("modified", retrieveUrl, html);
cve.setNeedsUpdate(false); //the others default to true, to make life easier later this should default to false.
map.put("modified", cve);
int max = Settings.getInt(Settings.KEYS.CVE_URL_COUNT);
for (int i = 1; i <= max; i++) {
retrieveUrl = Settings.getString(Settings.KEYS.CVE_BASE_URL + i);
String key = Integer.toString(i);
cve = createNvdCveUrl(key, retrieveUrl, html);
map.put(key, cve);
}
} catch (IOException ex) {
throw new DownloadFailedException("Unable to create temporary file for NVD CVE Meta File download.", ex);
} finally {
try {
if (tmp != null && tmp.exists()) {
tmp.delete();
}
} finally {
if (tmp != null && tmp.exists()) {
tmp.deleteOnExit();
}
}
}
return map;
}
/**
* Creates a new NvdCveUrl object from the provide id, url, and text/html
* from the NVD CVE downloads page.
*
* @param id the name of this NVD CVE Url
* @param retrieveUrl the URL to download the file from
* @param text a bit of HTML from the NVD CVE downloads page that contains
* the URL and the last updated timestamp.
* @return a shiny new NvdCveUrl object.
* @throws InvalidDataException is thrown if the timestamp could not be
* extracted from the provided text.
*/
private NvdCveUrl createNvdCveUrl(String id, String retrieveUrl, String text) throws InvalidDataException {
Pattern pattern = Pattern.compile(Pattern.quote(retrieveUrl) + ".+?\\<br");
Matcher m = pattern.matcher(text);
NvdCveUrl item = new NvdCveUrl();
item.id = id;
item.url = retrieveUrl;
if (m.find()) {
String line = m.group();
int pos = line.indexOf("Updated:");
if (pos > 0) {
pos += 9;
try {
String timestampstr = line.substring(pos, line.length() - 3).replace("at ", "");
long timestamp = getEpochTimeFromDateTime(timestampstr);
item.setTimestamp(timestamp);
} catch (NumberFormatException ex) {
throw new InvalidDataException("NVD CVE Meta file does not contain a valid timestamp for '" + retrieveUrl + "'.", ex);
}
} else {
throw new InvalidDataException("NVD CVE Meta file does not contain the updated timestamp for '" + retrieveUrl + "'.");
}
} else {
throw new InvalidDataException("NVD CVE Meta file does not contain the url for '" + retrieveUrl + "'.");
}
return item;
}
/**
* Parses a timestamp in the format of "MM/dd/yy hh:mm" into a calendar
* object and returns the epoch time. Note, this removes the millisecond
* portion of the epoch time so all numbers returned should end in 000.
*
* @param timestamp a string in the format of "MM/dd/yy hh:mm"
* @return a Calendar object.
* @throws NumberFormatException if the timestamp was parsed incorrectly.
*/
private long getEpochTimeFromDateTime(String timestamp) throws NumberFormatException {
Calendar c = new GregorianCalendar();
int month = Integer.parseInt(timestamp.substring(0, 2));
int date = Integer.parseInt(timestamp.substring(3, 5));
int year = 2000 + Integer.parseInt(timestamp.substring(6, 8));
int hourOfDay = Integer.parseInt(timestamp.substring(9, 11));
int minute = Integer.parseInt(timestamp.substring(12, 14));
c.set(year, month, date, hourOfDay, minute, 0);
long t = c.getTimeInMillis();
t = (t / 1000) * 1000;
return t;
}
/**
* Reads a file into a string.
*
* @param file the file to be read.
* @return the contents of the file.
* @throws IOException is thrown if an IOExcpetion occurs.
*/
private String readFile(File file) throws IOException {
InputStreamReader stream = new InputStreamReader(new FileInputStream(file), "UTF-8");
StringBuilder str = new StringBuilder((int) file.length());
try {
char[] buf = new char[8096];
int read = stream.read(buf, 0, 8096);
while (read > 0) {
str.append(buf, 0, read);
read = stream.read(buf, 0, 8096);
}
} finally {
stream.close();
}
return str.toString();
}
/**
* A pojo that contains the Url and timestamp of the current NvdCve XML
* files.
*/
protected class NvdCveUrl {
/**
* an id.
*/
private String id;
/**
* Get the value of id
*
* @return the value of id
*/
public String getId() {
return id;
}
/**
* Set the value of id
*
* @param id new value of id
*/
public void setId(String id) {
this.id = id;
}
/**
* a url.
*/
private String url;
/**
* Get the value of url
*
* @return the value of url
*/
public String getUrl() {
return url;
}
/**
* Set the value of url
*
* @param url new value of url
*/
public void setUrl(String url) {
this.url = url;
}
/**
* a timestamp - epoch time.
*/
private long timestamp;
/**
* Get the value of timestamp - epoch time
*
* @return the value of timestamp - epoch time
*/
public long getTimestamp() {
return timestamp;
}
/**
* Set the value of timestamp - epoch time
*
* @param timestamp new value of timestamp - epoch time
*/
public void setTimestamp(long timestamp) {
this.timestamp = timestamp;
}
/**
* indicates whether or not this item should be updated.
*/
private boolean needsUpdate = true;
/**
* Get the value of needsUpdate
*
* @return the value of needsUpdate
*/
public boolean getNeedsUpdate() {
return needsUpdate;
}
/**
* Set the value of needsUpdate
*
* @param needsUpdate new value of needsUpdate
*/
public void setNeedsUpdate(boolean needsUpdate) {
this.needsUpdate = needsUpdate;
}
}
}

152
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/Indexer.java
View File

@@ -1,152 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.StoredField;
import org.apache.lucene.document.StringField;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.index.Term;
import org.codesecure.dependencycheck.data.lucene.LuceneUtils;
import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType;
import org.codesecure.dependencycheck.data.nvdcve.Fields;
import org.codesecure.dependencycheck.data.nvdcve.Index;
import org.codesecure.dependencycheck.data.nvdcve.generated.FactRefType;
import org.codesecure.dependencycheck.data.nvdcve.generated.LogicalTest;
import org.codesecure.dependencycheck.data.nvdcve.generated.PlatformType;
/**
* The Indexer is used to convert a VULNERABLE_CPE Entry, retrieved from the
* VULNERABLE_CPE XML file, into a Document that is stored in the Lucene index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class Indexer extends Index implements EntrySaveDelegate {
/**
* Saves an NVD CVE Entry into the Lucene index.
*
* @param vulnerability a NVD CVE vulnerability.
* @throws CorruptIndexException is thrown if the index is corrupt.
* @throws IOException is thrown if an IOException occurs.
*/
public void saveEntry(VulnerabilityType vulnerability) throws CorruptIndexException, IOException {
try {
Document doc = null;
try {
doc = convertEntryToDoc(vulnerability);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(Indexer.class.getName()).log(Level.SEVERE, null, ex);
}
if (doc == null) {
return;
}
Term name = new Term(Fields.CVE_ID, LuceneUtils.escapeLuceneQuery(vulnerability.getId()));
indexWriter.updateDocument(name, doc);
} catch (JAXBException ex) {
Logger.getLogger(Indexer.class.getName()).log(Level.SEVERE, "Unable to add " + vulnerability.getId() + " to the Lucene index.", ex);
}
}
/**
* Converts a VULNERABLE_CPE vulnerability into a Lucene Document.
*
* @param vulnerability a VULNERABLE_CPE Entry.
* @return a Lucene Document containing a VULNERABLE_CPE Entry.
* @throws JAXBException is thrown when there is a JAXBException.
* @throws UnsupportedEncodingException if the system doesn't support utf-8
*/
protected Document convertEntryToDoc(VulnerabilityType vulnerability) throws JAXBException, UnsupportedEncodingException {
boolean hasApplication = false;
Document doc = new Document();
if (vulnerability.getVulnerableConfigurations() != null) {
for (PlatformType pt : vulnerability.getVulnerableConfigurations()) {
hasApplication = addVulnerableProducts(doc, pt.getLogicalTest());
}
} else if (vulnerability.getVulnerableSoftwareList() != null) { //this should never be reached, but is here just in case.
for (String cpe : vulnerability.getVulnerableSoftwareList().getProducts()) {
if (cpe.startsWith("cpe:/a:")) {
hasApplication = true;
addVulnerableCpe(cpe, doc);
}
}
} else {
return null;
}
//there are no cpe:/a that are vulnerable - don't add it to the index.
if (!hasApplication) {
return null;
}
Field name = new StringField(Fields.CVE_ID, vulnerability.getId(), Field.Store.NO);
doc.add(name);
// Field description = new Field(Fields.DESCRIPTION, vulnerability.getSummary(), Field.Store.NO, Field.Index.ANALYZED);
// doc.add(description);
JAXBContext context = JAXBContext.newInstance("org.codesecure.dependencycheck.data.nvdcve.generated");
Marshaller m = context.createMarshaller();
m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
ByteArrayOutputStream out = new ByteArrayOutputStream();
m.marshal(vulnerability, out);
Field xml = new StoredField(Fields.XML, out.toString("UTF-8"));
doc.add(xml);
return doc;
}
private boolean addVulnerableProducts(Document doc, LogicalTest logicalTest) {
boolean retVal = false;
for (LogicalTest lt : logicalTest.getLogicalTests()) {
retVal = retVal || addVulnerableProducts(doc, lt);
}
for (FactRefType facts : logicalTest.getFactReves()) {
String cpe = facts.getName();
if (cpe.startsWith("cpe:/a:")) {
retVal = true;
addVulnerableCpe(cpe, doc);
}
}
return retVal;
}
private void addVulnerableCpe(String cpe, Document doc) {
Field vulnerable = new StringField(Fields.VULNERABLE_CPE, cpe, Field.Store.NO);
doc.add(vulnerable);
}
}

212
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveParser.java
View File

@@ -1,212 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.StoredField;
import org.apache.lucene.document.StringField;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.index.Term;
import org.codesecure.dependencycheck.data.cpe.Entry;
import org.codesecure.dependencycheck.data.nvdcve.Fields;
import org.codesecure.dependencycheck.data.nvdcve.Index;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class NvdCveParser extends Index {
//HACK - this has initially been placed here as a hack because not all
// of the CPEs listed in the NVD CVE are actually in the CPE xml file
// hosted by NIST.
private org.codesecure.dependencycheck.data.cpe.xml.Indexer cpeIndexer = null;
/**
* Adds the CPE Index to add additional CPEs found by parsing the NVD CVE.
* @param indexer the CPE Indexer to write new CPEs into.
*/
public void setCPEIndexer(org.codesecure.dependencycheck.data.cpe.xml.Indexer indexer) {
this.cpeIndexer = indexer;
}
/**
* Parses an NVD CVE xml file using a buffered readerd. This
* method maybe more fragile then using a partial-unmarshalling SAX
* Parser (aka the deprecated NvdCveXmlFilter) - but this method is
* orders of magnitude faster.
*
* @param file the reference to the NVD CVE file
*/
public void parse(File file) {
InputStreamReader fr = null;
BufferedReader br = null;
Pattern rxEntry = Pattern.compile("^\\s*<entry\\s*id\\=\\\"([^\\\"]+)\\\".*$");
Pattern rxEntryEnd = Pattern.compile("^\\s*</entry>.*$");
Pattern rxFact = Pattern.compile("^\\s*<cpe\\-lang\\:fact\\-ref name=\\\"([^\\\"]+).*$");
//Pattern rxSummary = Pattern.compile("^\\s*<vuln:summary>([^\\<]+).*$");
try {
fr = new InputStreamReader(new FileInputStream(file), "UTF-8");
br = new BufferedReader(fr);
StringBuilder sb = new StringBuilder(7000);
String str = null;
String id = null;
Document doc = new Document();
boolean skipEntry = true;
boolean started = false;
while ((str = br.readLine()) != null) {
Matcher matcherEntryEnd = rxEntryEnd.matcher(str);
if (started && !matcherEntryEnd.matches()) {
sb.append(str);
}
//facts occur more often, do them first.
Matcher matcherFact = rxFact.matcher(str);
if (matcherFact.matches()) {
String cpe = matcherFact.group(1).trim();
if (cpe != null && cpe.startsWith("cpe:/a:")) {
skipEntry = false;
//TODO deal with other possible :-: scenarios. do we need to be concerned about those?
if (cpe.endsWith(":-")) {
cpe = cpe.substring(0, cpe.length() - 2);
}
addVulnerableCpe(cpe, doc);
}
continue;
}
Matcher matcherEntry = rxEntry.matcher(str);
if (matcherEntry.matches()) {
started = true;
id = matcherEntry.group(1);
sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>");
sb.append("<vulnerabilityType ");
//sb.append("xmlns=\"http://scap.nist.gov/schema/feed/vulnerability/2.0\" ");
//sb.append("xmlns:vuln=\"http://scap.nist.gov/schema/vulnerability/0.4\" ");
sb.append("xmlns=\"http://scap.nist.gov/schema/vulnerability/0.4\" ");
sb.append("xmlns:vuln=\"http://scap.nist.gov/schema/vulnerability/0.4\" ");
//sb.append("xmlns:vulnerability=\"http://scap.nist.gov/schema/feed/vulnerability/2.0\" ");
sb.append("xmlns:cpe-lang=\"http://cpe.mitre.org/language/2.0\" ");
sb.append("xmlns:cvss2=\"http://scap.nist.gov/schema/cvss-v2/0.2\" ");
sb.append("xmlns:cvss=\"http://scap.nist.gov/schema/cvss-v2/0.2\" ");
sb.append("xmlns:scap-core=\"http://scap.nist.gov/schema/scap-core/0.1\" ");
sb.append("xmlns:scap_core=\"http://scap.nist.gov/schema/scap-core/0.1\" ");
sb.append("xmlns:patch=\"http://scap.nist.gov/schema/patch/0.1\" ");
sb.append("xmlns:cve=\"http://scap.nist.gov/schema/cve/0.1\" ");
sb.append("xmlns:cce=\"http://scap.nist.gov/schema/cce/0.1\" ");
sb.append("id=\"").append(id).append("\">");
//sb.append(str); //need to do the above to get the correct schema generated from files.
Field name = new StringField(Fields.CVE_ID, id, Field.Store.NO);
doc.add(name);
continue;
}
// Matcher matcherSummary = rxSummary.matcher(str);
// if (matcherSummary.matches()) {
// String summary = matcherSummary.group(1);
// Field description = new Field(Fields.DESCRIPTION, summary, Field.Store.NO);
// doc.add(description);
// continue;
// }
if (matcherEntryEnd.matches()) {
sb.append("</vulnerabilityType>");
Field xml = new StoredField(Fields.XML, sb.toString());
doc.add(xml);
if (!skipEntry) {
Term name = new Term(Fields.CVE_ID, id);
indexWriter.deleteDocuments(name);
indexWriter.addDocument(doc);
//indexWriter.updateDocument(name, doc);
}
//reset the document
doc = new Document();
sb = new StringBuilder(7000);
id = null;
skipEntry = true;
started = false;
}
}
} catch (FileNotFoundException ex) {
Logger.getLogger(NvdCveParser.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(NvdCveParser.class.getName()).log(Level.SEVERE, null, ex);
} finally {
try {
if (fr != null) {
fr.close();
}
} catch (IOException ex) {
Logger.getLogger(NvdCveParser.class.getName()).log(Level.SEVERE, null, ex);
}
try {
if (br != null) {
br.close();
}
} catch (IOException ex) {
Logger.getLogger(NvdCveParser.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
/**
* Adds a CPE to the Lucene Document
* @param cpe a string representing a CPE
* @param doc a lucene document
* @throws CorruptIndexException is thrown if the CPE Index is corrupt
* @throws IOException is thrown if there is an IO Exception while writting to the CPE Index
*/
private void addVulnerableCpe(String cpe, Document doc) throws CorruptIndexException, IOException {
Field vulnerable = new StringField(Fields.VULNERABLE_CPE, cpe, Field.Store.NO);
doc.add(vulnerable);
//HACK - this has initially been placed here as a hack because not all
// of the CPEs listed in the NVD CVE are actually in the CPE xml file
// hosted by NIST.
Entry cpeEntry = new Entry();
try {
cpeEntry.parseName(cpe);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(NvdCveParser.class.getName()).log(Level.SEVERE, null, ex);
}
if (cpeIndexer != null) {
cpeIndexer.saveEntry(cpeEntry);
}
}
}

247
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilter.java
View File

@@ -1,247 +0,0 @@
package org.codesecure.dependencycheck.data.nvdcve.xml;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.IOException;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.bind.UnmarshallerHandler;
import org.apache.lucene.index.CorruptIndexException;
import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType;
import org.xml.sax.Attributes;
import org.xml.sax.Locator;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
import org.xml.sax.helpers.NamespaceSupport;
import org.xml.sax.helpers.XMLFilterImpl;
/**
*
* <p>This filter uses partial-unmarshalling to unmarshall single NVD CVE
* entries for use with a SAX Parser.</p>
*
* <p>This code was based off of an example found on <a
* href="http://stackoverflow.com/questions/6484681/jaxb-partial-unmarshalling-elements-without-xmlrootelement">stackoverflow</a></p>
*
* @author Jeremy
*/
@Deprecated
public class NvdCveXmlFilter extends XMLFilterImpl {
EntrySaveDelegate saveDelegate = null;
/**
* Register a EntrySaveDelegate object. When the last node of an entry is
* reached if a save delegate has been registered the save method will be
* invoked.
*
* @param delegate the delegate used to save an entry
*/
public void registerSaveDelegate(EntrySaveDelegate delegate) {
this.saveDelegate = delegate;
}
/**
* The JAXBContext
*/
private final JAXBContext context;
/**
* Constructs a new NvdCveXmlFilter
*
* @param context a JAXBContext
*/
public NvdCveXmlFilter(JAXBContext context) {
this.context = context;
}
/**
* The locator object used for unmarshalling
*/
private Locator locator = null;
/**
* Sets the document locator.
*
* @param loc the locator to use.
*/
@Override
public void setDocumentLocator(Locator loc) {
this.locator = loc;
super.setDocumentLocator(loc);
}
/**
* Used to keep track of namespace bindings.
*/
private NamespaceSupport nsSupport = new NamespaceSupport();
/**
* Stores the namespace prefix for use during unmarshalling.
*
* @param prefix the namespace prefix.
* @param uri the namespace.
* @throws SAXException is thrown is there is a SAXException.
*/
@Override
public void startPrefixMapping(String prefix, String uri) throws SAXException {
nsSupport.pushContext();
nsSupport.declarePrefix(prefix, uri);
super.startPrefixMapping(prefix, uri);
}
/**
* Removes the namespace prefix from the local support object so that
* unmarshalling works correctly.
*
* @param prefix the prefix to remove.
* @throws SAXException is thrown is there is a SAXException.
*/
@Override
public void endPrefixMapping(String prefix) throws SAXException {
nsSupport.popContext();
super.endPrefixMapping(prefix);
}
/**
* The UnmarshallerHandler.
*/
private UnmarshallerHandler unmarshallerHandler;
/**
* Used to track how deep the SAX parser is in nested XML.
*/
private int depth;
/**
* Fired when the SAX parser starts an element. This will either forward the
* event to the unmarshaller or create an unmarshaller if it is at the start
* of a new "entry".
*
* @param uri uri
* @param localName localName
* @param qName qName
* @param atts atts
* @throws SAXException is thrown if there is a SAXException.
*/
@Override
public void startElement(String uri, String localName, String qName, Attributes atts) throws SAXException {
if (depth != 0) {
// we are in the middle of forwarding events.
// continue to do so.
depth += 1;
super.startElement(uri, localName, qName, atts);
return;
}
//old - for cve 1.2 uri.equals("http://nvd.nist.gov/feeds/cve/1.2")
if (uri.equals("http://scap.nist.gov/schema/feed/vulnerability/2.0") && localName.equals("entry")) {
Unmarshaller unmarshaller;
try {
unmarshaller = context.createUnmarshaller();
} catch (JAXBException e) {
throw new SAXException(e);
}
unmarshallerHandler = unmarshaller.getUnmarshallerHandler();
setContentHandler(unmarshallerHandler);
// fire SAX events to emulate the start of a new document.
unmarshallerHandler.startDocument();
unmarshallerHandler.setDocumentLocator(locator);
Enumeration e = nsSupport.getPrefixes();
while (e.hasMoreElements()) {
String prefix = (String) e.nextElement();
String uriToUse = nsSupport.getURI(prefix);
unmarshallerHandler.startPrefixMapping(prefix, uriToUse);
}
String defaultURI = nsSupport.getURI("");
if (defaultURI != null) {
unmarshallerHandler.startPrefixMapping("", defaultURI);
}
super.startElement(uri, localName, qName, atts);
// count the depth of elements and we will know when to stop.
depth = 1;
}
}
/**
* Processes the end of an element. If we are at depth 0 we unmarshall the
* Entry and pass it to the save delegate
*
* @param uri the uri of the current element
* @param localName the local name of the current element
* @param qName the qname of the current element
* @throws SAXException is thrown if there is a SAXException
*/
@Override
public void endElement(String uri, String localName, String qName) throws SAXException {
// forward this event
super.endElement(uri, localName, qName);
if (depth != 0) {
depth -= 1;
if (depth == 0) {
// emulate the end of a document.
Enumeration e = nsSupport.getPrefixes();
while (e.hasMoreElements()) {
String prefix = (String) e.nextElement();
unmarshallerHandler.endPrefixMapping(prefix);
}
String defaultURI = nsSupport.getURI("");
if (defaultURI != null) {
unmarshallerHandler.endPrefixMapping("");
}
unmarshallerHandler.endDocument();
// stop forwarding events by setting a dummy handler.
// XMLFilter doesn't accept null, so we have to give it something,
// hence a DefaultHandler, which does nothing.
setContentHandler(new DefaultHandler());
// then retrieve the fully unmarshalled object
try {
if (saveDelegate != null) {
JAXBElement<VulnerabilityType> result = (JAXBElement<VulnerabilityType>) unmarshallerHandler.getResult();
VulnerabilityType entry = result.getValue();
saveDelegate.saveEntry(entry);
}
} catch (JAXBException je) { //we can continue with this exception.
//TODO can I get the filename somewhere?
Logger.getLogger(NvdCveXmlFilter.class.getName()).log(Level.SEVERE,
"Unable to unmarshall NvdCVE (line " + locator.getLineNumber() + ").", je);
} catch (CorruptIndexException ex) {
Logger.getLogger(NvdCveXmlFilter.class.getName()).log(Level.SEVERE, null, ex);
throw new SAXException(ex);
} catch (IOException ex) {
Logger.getLogger(NvdCveXmlFilter.class.getName()).log(Level.SEVERE, null, ex);
throw new SAXException(ex);
} finally {
unmarshallerHandler = null;
}
}
}
}
}

95
src/main/java/org/codesecure/dependencycheck/dependency/Reference.java
View File

@@ -1,95 +0,0 @@
package org.codesecure.dependencycheck.dependency;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
/**
* An external reference for a vulnerability. This contains a name, URL, and a
* source.
*
* @author Jeremy
*/
public class Reference {
/**
* The name of the reference.
*/
private String name;
/**
* Get the value of name
*
* @return the value of name
*/
public String getName() {
return name;
}
/**
* Set the value of name
*
* @param name new value of name
*/
public void setName(String name) {
this.name = name;
}
/**
* the url for the reference
*/
private String url;
/**
* Get the value of url
*
* @return the value of url
*/
public String getUrl() {
return url;
}
/**
* Set the value of url
*
* @param url new value of url
*/
public void setUrl(String url) {
this.url = url;
}
/**
* the source of the reference.
*/
private String source;
/**
* Get the value of source
*
* @return the value of source
*/
public String getSource() {
return source;
}
/**
* Set the value of source
*
* @param source new value of source
*/
public void setSource(String source) {
this.source = source;
}
}

106
src/main/java/org/codesecure/dependencycheck/dependency/Vulnerability.java
View File

@@ -1,106 +0,0 @@
package org.codesecure.dependencycheck.dependency;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.util.ArrayList;
import java.util.List;
/**
* Contains the information about a vulnerability.
*
* @author Jeremy
*/
public class Vulnerability {
/**
* The name of the vulnerability
*/
private String name;
/**
* Get the value of name
*
* @return the value of name
*/
public String getName() {
return name;
}
/**
* Set the value of name
*
* @param name new value of name
*/
public void setName(String name) {
this.name = name;
}
/**
* the description of the vulnerability
*/
private String description;
/**
* Get the value of description
*
* @return the value of description
*/
public String getDescription() {
return description;
}
/**
* Set the value of description
*
* @param description new value of description
*/
public void setDescription(String description) {
this.description = description;
}
/**
* References for this vulnerability
*/
private List<Reference> references = new ArrayList<Reference>();
/**
* Get the value of references
*
* @return the value of references
*/
public List<Reference> getReferences() {
return references;
}
/**
* Set the value of references
*
* @param references new value of references
*/
public void setReferences(List<Reference> references) {
this.references = references;
}
/**
* Adds a reference to the references collection
*
* @param ref a reference for the vulnerability
*/
public void addReference(Reference ref) {
this.references.add(ref);
}
}

70
src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java
View File

@@ -1,70 +0,0 @@
package org.codesecure.dependencycheck.utils;
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
/**
* A collection of utilities for processing information about files.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class FileUtils {
/**
* Private constructor for a utility class.
*/
private FileUtils() {
}
/**
* Returns the (lowercase) file extension for a specified file.
*
* @param fileName the file name to retrieve the file extension from.
* @return the file extension.
*/
public static String getFileExtension(String fileName) {
String ret = null;
int pos = fileName.lastIndexOf(".");
if (pos >= 0) {
ret = fileName.substring(pos + 1, fileName.length()).toLowerCase();
}
return ret;
}
/**
* Deletes a file. If the File is a directory it will recursively delete
* the contents.
*
* @param file the File to delete
* @throws IOException is thrown if the file could not be deleted
*/
public static void delete(File file) throws IOException {
if (file.isDirectory()) {
for (File c : file.listFiles()) {
delete(c);
}
}
if (!file.delete()) {
throw new FileNotFoundException("Failed to delete file: " + file);
}
}
}

677
src/main/java/org/codesecure/dependencycheck/utils/SSDeep.java
View File

@@ -1,677 +0,0 @@
/* ssdeep
Copyright (C) 2006 ManTech International Corporation
$Id: fuzzy.c 97 2010-03-19 15:10:06Z jessekornblum $
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
The code in this file, and this file only, is based on SpamSum, part
of the Samba project:
http://www.samba.org/ftp/unpacked/junkcode/spamsum/
Because of where this file came from, any program that contains it
must be licensed under the terms of the General Public License (GPL).
See the file COPYING for details. The author's original comments
about licensing are below:
this is a checksum routine that is specifically designed for spam.
Copyright Andrew Tridgell <tridge@samba.org> 2002
This code is released under the GNU General Public License version 2
or later. Alteratively, you may also use this code under the terms
of the Perl Artistic license.
If you wish to distribute this code under the terms of a different
free software license then please ask me. If there is a good reason
then I will probably say yes.
*/
//package eu.scape_project.bitwiser.utils;
//https://raw.github.com/openplanets/bitwiser/master/src/main/java/eu/scape_project/bitwiser/utils/SSDeep.java
package org.codesecure.dependencycheck.utils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Arrays;
import org.apache.commons.lang.StringUtils;
/**
* SSDeep
*
* <p>
* A Java version of the ssdeep algorithm, based on the fuzzy.c source
* code, taken from version 2.6 of the ssdeep package.
*
* <p>
* Transliteration/port to Java from C by...
*
* @author Andrew Jackson <Andrew.Jackson@bl.uk>
*
*/
public class SSDeep {
public class FuzzyHash {
/** the blocksize used by the program, */
int blocksize;
/** the hash for this blocksize */
String hash;
/** the hash for twice the blocksize, */
String hash2;
/** the filename. */
String filename;
}
/// Length of an individual fuzzy hash signature component
public static final int SPAMSUM_LENGTH = 64;
/// The longest possible length for a fuzzy hash signature (without the filename)
public static final int FUZZY_MAX_RESULT = (SPAMSUM_LENGTH + (SPAMSUM_LENGTH/2 + 20));
public static final int MIN_BLOCKSIZE = 3;
public static final int ROLLING_WINDOW = 7;
public static final int HASH_PRIME = 0x01000193;
public static final int HASH_INIT = 0x28021967;
// Our input buffer when reading files to hash
public static final int BUFFER_SIZE = 8192;
static class roll_state_class {
int[] window = new int[ROLLING_WINDOW];
int h1, h2, h3;
int n;
}
private static roll_state_class roll_state = new roll_state_class();
/*
a rolling hash, based on the Adler checksum. By using a rolling hash
we can perform auto resynchronisation after inserts/deletes
internally, h1 is the sum of the bytes in the window and h2
is the sum of the bytes times the index
h3 is a shift/xor based rolling hash, and is mostly needed to ensure that
we can cope with large blocksize values
*/
static int roll_hash(int c)
{
// System.out.println(""+roll_state.h1+","+roll_state.h2+","+roll_state.h3);
roll_state.h2 -= roll_state.h1;
//roll_state.h2 = roll_state.h2 & 0x7fffffff;
roll_state.h2 += ROLLING_WINDOW * c;
//roll_state.h2 = roll_state.h2 & 0x7fffffff;
roll_state.h1 += c;
//roll_state.h1 = roll_state.h1 & 0x7fffffff;
roll_state.h1 -= roll_state.window[(roll_state.n % ROLLING_WINDOW)];
//roll_state.h1 = roll_state.h1 & 0x7fffffff;
roll_state.window[roll_state.n % ROLLING_WINDOW] = (char)c;
roll_state.n = (roll_state.n+1)%ROLLING_WINDOW;
/* The original spamsum AND'ed this value with 0xFFFFFFFF which
in theory should have no effect. This AND has been removed
for performance (jk) */
roll_state.h3 = (roll_state.h3 << 5);// & 0xFFFFFFFF;
roll_state.h3 ^= c;
//roll_state.h3 = roll_state.h3 & 0x7FFFFFFF;
//if( roll_state.h3 > 0xEFFFFFFF ) roll_state.h3 -= 0xEFFFFFFF;
long result = ((roll_state.h1 + roll_state.h2 + roll_state.h3));//&0x7FFFFFFF;
//System.out.println("Result: "+result);
//System.out.println("Result2: "+(result&0xFFFFFFFF));
//System.out.println("Result3: "+(result&0x7FFFFFFF));
return (int) result;//&0xFFFFFFFF;
}
/*
reset the state of the rolling hash and return the initial rolling hash value
*/
static void roll_reset()
{
roll_state.h1 = 0;
roll_state.h2 = 0;
roll_state.h3 = 0;
roll_state.n = 0;
Arrays.fill(roll_state.window,(char)0);
}
/* a simple non-rolling hash, based on the FNV hash */
static int sum_hash(int c, int h)
{
h *= HASH_PRIME;
//h = h & 0xFFFFFFFF;
h ^= c;
//h = h & 0xFFFFFFFF;
return h;
}
class ss_context {
char[] ret;
char[] p;
long total_chars;
int h, h2, h3;
int j, n, i, k;
int block_size;
char[] ret2 = new char[SPAMSUM_LENGTH/2 + 1];
}
static void ss_destroy(ss_context ctx)
{
if (ctx.ret != null)
ctx.ret = null;
//free(ctx.ret);
}
static boolean ss_init(ss_context ctx, File handle)
{
if ( ctx == null )
return true;
ctx.ret = new char[FUZZY_MAX_RESULT];
if (ctx.ret == null)
return true;
if (handle != null)
ctx.total_chars = handle.length();
ctx.block_size = MIN_BLOCKSIZE;
while (ctx.block_size * SPAMSUM_LENGTH < ctx.total_chars) {
ctx.block_size = ctx.block_size * 2;
}
System.out.println("bs:"+ctx.block_size);
return false;
}
static char[] b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".toCharArray();
static void ss_engine(ss_context ctx,
byte[] buffer,
int buffer_size)
{
if (null == ctx || null == buffer)
return;
for ( int i = 0 ; i < buffer_size ; ++i)
{
/*
at each character we update the rolling hash and
the normal hash. When the rolling hash hits the
reset value then we emit the normal hash as a
element of the signature and reset both hashes
*/
System.out.println(""+ctx.h+","+ctx.h2+","+ctx.h3);
ctx.h = roll_hash(buffer[i]);// & 0x7FFFFFFF;
ctx.h2 = sum_hash(buffer[i], ctx.h2);// & 0x7FFFFFFF;
ctx.h3 = sum_hash(buffer[i], ctx.h3);// & 0x7FFFFFFF;
if (((0xFFFFFFFFl & ctx.h) % ctx.block_size) == (ctx.block_size-1)) {
/* we have hit a reset point. We now emit a
hash which is based on all chacaters in the
piece of the message between the last reset
point and this one */
ctx.p[ctx.j] = b64[(int)((ctx.h2&0xFFFF) % 64)];
System.out.println("::"+ctx.j+":"+new String(ctx.p));
// for( char c : ctx.p ) {
// System.out.print(c);
// }
// System.out.println();
if (ctx.j < SPAMSUM_LENGTH-1) {
/* we can have a problem with the tail
overflowing. The easiest way to
cope with this is to only reset the
second hash if we have room for
more characters in our
signature. This has the effect of
combining the last few pieces of
the message into a single piece */
ctx.h2 = HASH_INIT;
(ctx.j)++;
}
}
/* this produces a second signature with a block size
of block_size*2. By producing dual signatures in
this way the effect of small changes in the message
size near a block size boundary is greatly reduced. */
if (((0xFFFFFFFFl & ctx.h) % (ctx.block_size*2)) == ((ctx.block_size*2)-1)) {
ctx.ret2[ctx.k] = b64[(int) (ctx.h3&0xFFFF % 64)];
if (ctx.k < SPAMSUM_LENGTH/2-1) {
ctx.h3 = HASH_INIT;
(ctx.k)++;
}
}
}
}
static boolean ss_update(ss_context ctx, File handle) throws IOException
{
int bytes_read = 0;
byte[] buffer;
if (null == ctx || null == handle)
return true;
buffer = new byte[BUFFER_SIZE];
if (buffer == null)
return true;
// snprintf(ctx.ret, 12, "%u:", ctx.block_size);
ctx.ret = (ctx.block_size + ":").toCharArray();
// ctx.p = ctx.ret + strlen(ctx.ret);
ctx.p = new char[SPAMSUM_LENGTH];
//memset(ctx.p, 0, SPAMSUM_LENGTH+1);
Arrays.fill(ctx.p, (char)0 );
//memset(ctx.ret2, 0, sizeof(ctx.ret2.length));
Arrays.fill(ctx.ret2, (char)0 );
ctx.k = ctx.j = 0;
ctx.h3 = ctx.h2 = HASH_INIT;
ctx.h = 0;
roll_reset();
System.out.println("Opening file:"+handle);
FileInputStream in = new FileInputStream(handle);
// while ((bytes_read = fread(buffer,sizeof(byte),BUFFER_SIZE,handle)) > 0)
while (in.available() > 0 )
{
bytes_read = in.read(buffer);
ss_engine(ctx,buffer,bytes_read);
}
if (ctx.h != 0)
{
ctx.p[ctx.j] = b64[(int) ((ctx.h2 & 0xFFFF) % 64)];
ctx.ret2[ctx.k] = b64[(int) ((ctx.h3 &0xFFFF) % 64)];
}
// strcat(ctx.p+ctx.j, ":");
// strcat(ctx.p+ctx.j, ctx.ret2);
ctx.ret = (new String(ctx.ret) + new String(ctx.p) + ":" + new String(ctx.ret2)).toCharArray();
// free(buffer);
return false;
}
boolean fuzzy_hash_file(File handle) throws IOException
{
ss_context ctx;
int filepos;
boolean done = false;
if (null == handle)
return true;
ctx = new ss_context();
if (ctx == null)
return true;
// filepos = ftello(handle);
ss_init(ctx, handle);
System.out.println("bs-pre:"+ctx.block_size);
while (!done)
{
// if (fseeko(handle,0,SEEK_SET))
// return true;
ss_update(ctx,handle);
System.out.println("RESULT:"+new String(ctx.ret));
// our blocksize guess may have been way off - repeat if necessary
if (ctx.block_size > MIN_BLOCKSIZE && ctx.j < SPAMSUM_LENGTH/2)
ctx.block_size = ctx.block_size / 2;
else
done = true;
}
System.out.println("bs-post:"+ctx.block_size);
// strncpy(result,ctx.ret,FUZZY_MAX_RESULT);
System.out.println("RESULT:"+new String(ctx.ret));
ss_destroy(ctx);
// free(ctx);
// if (fseeko(handle,filepos,SEEK_SET))
// return true;
return false;
}
public boolean fuzzy_hash_filename(String filename) throws IOException
{
boolean status;
if (null == filename)
return true;
File handle = new File(filename);//,"rb");
if (null == handle)
return true;
status = fuzzy_hash_file(handle);
// fclose(handle);
return status;
}
boolean fuzzy_hash_buf(byte[] buf,
int buf_len,
char[] result)
{
ss_context ctx = new ss_context();
boolean done = false;
if (buf == null)
return true;
ctx.total_chars = buf_len;
ss_init(ctx, null);
System.out.println("total_chars: "+ctx.total_chars);
while (!done)
{
// snprintf(ctx.ret, 12, "%u:", ctx.block_size);
// ctx.p = ctx.ret + strlen(ctx.ret);
ctx.p = new char[SPAMSUM_LENGTH+1]; // TODO Duplication!
// memset(ctx.p, 0, SPAMSUM_LENGTH+1);
// memset(ctx.ret2, 0, sizeof(ctx.ret2));
ctx.k = ctx.j = 0;
ctx.h3 = ctx.h2 = HASH_INIT;
ctx.h = 0;
roll_reset();
System.out.println("h:"+ctx.h);
System.out.println("h2:"+ctx.h2);
ss_engine(ctx,buf,buf_len);
/* our blocksize guess may have been way off - repeat if necessary */
if (ctx.block_size > MIN_BLOCKSIZE && ctx.j < SPAMSUM_LENGTH/2)
ctx.block_size = ctx.block_size / 2;
else
done = true;
System.out.println("h:"+ctx.h);
System.out.println("h2:"+ctx.h2);
System.out.println("h3:"+ctx.h3);
System.out.println("bs:"+ctx.block_size);
System.out.println("ret:"+new String(ctx.ret));
System.out.println("p:"+new String(ctx.p));
System.out.println("ret2:"+new String(ctx.ret2));
if (ctx.h != 0)
{
ctx.p[ctx.j] = b64[(int) ((ctx.h2&0xFFFF) % 64)];
ctx.ret2[ctx.k] = b64[(int) ((ctx.h3&0xFFFF) % 64)];
}
// strcat(ctx.p+ctx.j, ":");
// strcat(ctx.p+ctx.j, ctx.ret2);
}
// strncpy(result,ctx.ret,FUZZY_MAX_RESULT);
System.out.println("bs:"+ctx.block_size);
System.out.println("ret:"+new String(ctx.ret));
System.out.println("p:"+new String(ctx.p));
System.out.println("ret2:"+new String(ctx.ret2));
System.out.println("h3:"+ctx.h3);
result = ctx.ret;
ss_destroy(ctx);
// free(ctx);
return false;
}
/*
we only accept a match if we have at least one common substring in
the signature of length ROLLING_WINDOW. This dramatically drops the
false positive rate for low score thresholds while having
negligable affect on the rate of spam detection.
return 1 if the two strings do have a common substring, 0 otherwise
*/
static int has_common_substring(char[] s1, char[] s2)
{
int i, j;
int num_hashes;
long[] hashes = new long[SPAMSUM_LENGTH];
/* there are many possible algorithms for common substring
detection. In this case I am re-using the rolling hash code
to act as a filter for possible substring matches */
roll_reset();
// memset(hashes, 0, sizeof(hashes));
/* first compute the windowed rolling hash at each offset in
the first string */
for (i=0;s1[i] != 0;i++)
{
hashes[i] = roll_hash((char)s1[i]);
}
num_hashes = i;
roll_reset();
/* now for each offset in the second string compute the
rolling hash and compare it to all of the rolling hashes
for the first string. If one matches then we have a
candidate substring match. We then confirm that match with
a direct string comparison */
for (i=0;s2[i] != 0;i++) {
long h = roll_hash((char)s2[i]);
if (i < ROLLING_WINDOW-1) continue;
for (j=ROLLING_WINDOW-1;j<num_hashes;j++)
{
if (hashes[j] != 0 && hashes[j] == h)
{
/* we have a potential match - confirm it */
/*FIXME
if (strlen(s2+i-(ROLLING_WINDOW-1)) >= ROLLING_WINDOW &&
strncmp(s2+i-(ROLLING_WINDOW-1),
s1+j-(ROLLING_WINDOW-1),
ROLLING_WINDOW) == 0)
{
return 1;
}
*/
}
}
}
return 0;
}
// eliminate sequences of longer than 3 identical characters. These
// sequences contain very little information so they tend to just bias
// the result unfairly
static char[] eliminate_sequences(String string)
{
char[] str = string.toCharArray();
StringBuffer ret = new StringBuffer();
// Do not include repeats:
for (int i=3;i<str.length;i++) {
if (str[i] != str[i-1] ||
str[i] != str[i-2] ||
str[i] != str[i-3]) {
ret.append(str[i]);
}
}
return ret.toString().toCharArray();
}
/*
this is the low level string scoring algorithm. It takes two strings
and scores them on a scale of 0-100 where 0 is a terrible match and
100 is a great match. The block_size is used to cope with very small
messages.
*/
static int score_strings(char[] s1, char[] s2, int block_size)
{
int score = 0;
int len1, len2;
len1 = s1.length;
len2 = s2.length;
if (len1 > SPAMSUM_LENGTH || len2 > SPAMSUM_LENGTH) {
/* not a real spamsum signature? */
return 0;
}
/* the two strings must have a common substring of length
ROLLING_WINDOW to be candidates */
if (has_common_substring(s1, s2) == 0) {
return 0;
}
/* compute the edit distance between the two strings. The edit distance gives
us a pretty good idea of how closely related the two strings are */
score = StringUtils.getLevenshteinDistance(new String(s1), new String(s2));
/* scale the edit distance by the lengths of the two
strings. This changes the score to be a measure of the
proportion of the message that has changed rather than an
absolute quantity. It also copes with the variability of
the string lengths. */
score = (score * SPAMSUM_LENGTH) / (len1 + len2);
/* at this stage the score occurs roughly on a 0-64 scale,
* with 0 being a good match and 64 being a complete
* mismatch */
/* rescale to a 0-100 scale (friendlier to humans) */
score = (100 * score) / 64;
/* it is possible to get a score above 100 here, but it is a
really terrible match */
if (score >= 100) return 0;
/* now re-scale on a 0-100 scale with 0 being a poor match and
100 being a excellent match. */
score = 100 - score;
// printf ("len1: %"PRIu32" len2: %"PRIu32"\n", len1, len2);
/* when the blocksize is small we don't want to exaggerate the match size */
if (score > block_size/MIN_BLOCKSIZE * Math.min(len1, len2)) {
score = block_size/MIN_BLOCKSIZE * Math.min(len1, len2);
}
return score;
}
/*
given two spamsum strings return a value indicating the degree to which they match.
*/
int fuzzy_compare(FuzzyHash fh1, FuzzyHash fh2 )
{
int score = 0;
char[] s1_1, s1_2;
char[] s2_1, s2_2;
// if the blocksizes don't match then we are comparing
// apples to oranges. This isn't an 'error' per se. We could
// have two valid signatures, but they can't be compared.
if (fh1.blocksize != fh2.blocksize &&
fh1.blocksize != fh2.blocksize*2 &&
fh2.blocksize != fh1.blocksize*2) {
return 0;
}
// there is very little information content is sequences of
// the same character like 'LLLLL'. Eliminate any sequences
// longer than 3. This is especially important when combined
// with the has_common_substring() test below.
s1_1 = eliminate_sequences(fh1.hash+1);
s2_1 = eliminate_sequences(fh2.hash+1);
s1_2 = eliminate_sequences(fh1.hash2+1);
s2_2 = eliminate_sequences(fh1.hash2+1);
// each signature has a string for two block sizes. We now
// choose how to combine the two block sizes. We checked above
// that they have at least one block size in common
if (fh1.blocksize == fh2.blocksize) {
int score1, score2;
score1 = score_strings(s1_1, s2_1, fh1.blocksize);
score2 = score_strings(s1_2, s2_2, fh2.blocksize);
// s.block_size = fh1.blocksize;
score = Math.max(score1, score2);
} else if (fh1.blocksize == fh2.blocksize*2) {
score = score_strings(s1_1, s2_2, fh1.blocksize);
// s.block_size = fh1.blocksize;
} else {
score = score_strings(s1_2, s2_1, fh2.blocksize);
// s.block_size = fh2.blocksize;
}
return (int)score;
}
/**
* Main class for quick testing.
* @param args
* @throws IOException
*/
public static void main( String[] args ) throws IOException {
SSDeep ssd = new SSDeep();
byte[] b2 = "Hello World how are you today...\n".getBytes();
byte[] b3 = "Helli".getBytes();
char[] h1 = null;
boolean t1 = ssd.fuzzy_hash_buf(b2, b2.length, h1);
System.out.println("Got "+h1);
ssd.fuzzy_hash_file(new File("test"));
//ssd.fuzzy_hash_file(new File("pom.xml"));
}
}

98
src/main/java/org/codesecure/dependencycheck/App.java → src/main/java/org/owasp/dependencycheck/App.java
View File

@@ -1,22 +1,22 @@
package org.codesecure.dependencycheck;
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck;
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -26,9 +26,10 @@ import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;
import org.apache.commons.cli.ParseException;
import org.codesecure.dependencycheck.reporting.ReportGenerator;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.utils.CliParser;
import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.CliParser;
import org.owasp.dependencycheck.utils.Settings;
/*
* This file is part of App.
@@ -50,33 +51,33 @@ import org.codesecure.dependencycheck.utils.CliParser;
/**
* The command line interface for the DependencyCheck application.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class App {
/**
* The location of the log properties configuration file.
*/
private static final String LOG_PROPERTIES_FILE = "configuration/log.properties";
/**
* The main method for the application.
*
* @param args the command line arguments
*/
public static void main(String[] args) {
prepareLogger();
App app = new App();
final App app = new App();
app.run(args);
}
/**
* Configures the logger for use by the application.
*/
private static void prepareLogger() {
//while java doc for JUL says to use preferences api - it throws an exception...
//Preferences.systemRoot().put("java.util.logging.config.file", "log.properties");
//System.getProperties().put("java.util.logging.config.file", "configuration/log.properties");
//removed the file handler. since this is a console app - just write to console.
// File dir = new File("logs");
// if (!dir.exists()) {
// dir.mkdir();
// }
InputStream in = null;
try {
InputStream in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
LogManager.getLogManager().reset();
LogManager.getLogManager().readConfiguration(in);
} catch (IOException ex) {
@@ -84,17 +85,24 @@ public class App {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
} catch (SecurityException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
} finally {
try {
in.close();
} catch (Exception ex) {
//ignore
in = null;
}
}
}
/**
* main CLI entry-point into the application.
* Main CLI entry-point into the application.
*
* @param args the command line arguments
*/
public void run(String[] args) {
CliParser cli = new CliParser();
final CliParser cli = new CliParser();
try {
cli.parse(args);
} catch (FileNotFoundException ex) {
@@ -112,11 +120,11 @@ public class App {
if (cli.isGetVersion()) {
cli.printVersionInfo();
} else if (cli.isRunScan()) {
runScan(cli.getReportDirectory(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate());
updateSettings(cli.isAutoUpdate(), cli.isDeepScan(), cli.getConnectionTimeout(), cli.getProxyUrl(), cli.getProxyPort());
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
} else {
cli.printHelp();
}
}
/**
@@ -124,26 +132,50 @@ public class App {
* reportDirectory.
*
* @param reportDirectory the path to the directory where the reports will
* be written.
* @param applicationName the application name for the report.
* @param files the files/directories to scan.
* be written
* @param outputFormat the output format of the report
* @param applicationName the application name for the report
* @param files the files/directories to scan
*/
private void runScan(String reportDirectory, String applicationName, String[] files, boolean autoUpdate) {
Engine scanner = new Engine(autoUpdate);
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files) {
final Engine scanner = new Engine();
for (String file : files) {
scanner.scan(file);
}
scanner.analyzeDependencies();
List<Dependency> dependencies = scanner.getDependencies();
ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
scanner.analyzeDependencies();
final List<Dependency> dependencies = scanner.getDependencies();
final ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
try {
report.generateReports(reportDirectory);
report.generateReports(reportDirectory, outputFormat);
} catch (IOException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
} catch (Exception ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Updates the global Settings.
* @param autoUpdate whether or not to update cached web data sources
* @param deepScan whether or not to perform a deep scan (increases false positives, but may reduce false negatives)
* @param connectionTimeout the timeout to use when downloading resources (null or blank will use default)
* @param proxyUrl the proxy url (null or blank means no proxy will be used)
* @param proxyPort the proxy port (null or blank means no port will be used)
*/
private void updateSettings(boolean autoUpdate, boolean deepScan, String connectionTimeout, String proxyUrl, String proxyPort) {
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
Settings.setBoolean(Settings.KEYS.PERFORM_DEEP_SCAN, deepScan);
if (proxyUrl != null && !proxyUrl.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
}
if (proxyPort != null && !proxyPort.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
}
if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
}
}
}

172
src/main/java/org/codesecure/dependencycheck/Engine.java → src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -1,27 +1,25 @@
package org.codesecure.dependencycheck;
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck;
import java.util.EnumMap;
import org.codesecure.dependencycheck.dependency.Dependency;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
@@ -29,15 +27,17 @@ import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.codesecure.dependencycheck.analyzer.AnalysisException;
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
import org.codesecure.dependencycheck.analyzer.Analyzer;
import org.codesecure.dependencycheck.analyzer.AnalyzerService;
import org.codesecure.dependencycheck.analyzer.ArchiveAnalyzer;
import org.codesecure.dependencycheck.data.CachedWebDataSource;
import org.codesecure.dependencycheck.data.UpdateException;
import org.codesecure.dependencycheck.data.UpdateService;
import org.codesecure.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.analyzer.AnalysisException;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.analyzer.AnalyzerService;
import org.owasp.dependencycheck.data.CachedWebDataSource;
import org.owasp.dependencycheck.data.UpdateException;
import org.owasp.dependencycheck.data.UpdateService;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
/**
* Scans files, directories, etc. for Dependencies. Analyzers are loaded and
@@ -45,38 +45,49 @@ import org.codesecure.dependencycheck.utils.FileUtils;
* Analyzer is associated with the file type then the file is turned into a
* dependency.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class Engine {
/**
* The list of dependencies.
*/
protected List<Dependency> dependencies = new ArrayList<Dependency>();
private final List<Dependency> dependencies = new ArrayList<Dependency>();
/**
* A Map of analyzers grouped by Analysis phase.
*/
protected EnumMap<AnalysisPhase, List<Analyzer>> analyzers =
private final EnumMap<AnalysisPhase, List<Analyzer>> analyzers =
new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
/**
* A set of extensions supported by the analyzers.
*/
protected Set<String> extensions = new HashSet<String>();
private final Set<String> extensions = new HashSet<String>();
/**
* Creates a new Engine.
*/
public Engine() {
doUpdates();
boolean autoUpdate = true;
try {
autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
} catch (InvalidSettingException ex) {
Logger.getLogger(Engine.class.getName()).log(Level.WARNING, "Invalid setting for auto-update.");
}
if (autoUpdate) {
doUpdates();
}
loadAnalyzers();
}
/**
* Creates a new Engine
* Creates a new Engine.
*
* @param autoUpdate indicates whether or not data should be updated from
* the Internet.
* @deprecated this function should no longer be used; the autoupdate flag should be set using
* <code>Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, value);</code>
*/
@Deprecated
public Engine(boolean autoUpdate) {
if (autoUpdate) {
doUpdates();
@@ -94,10 +105,10 @@ public class Engine {
analyzers.put(phase, new ArrayList<Analyzer>());
}
AnalyzerService service = AnalyzerService.getInstance();
Iterator<Analyzer> iterator = service.getAnalyzers();
final AnalyzerService service = AnalyzerService.getInstance();
final Iterator<Analyzer> iterator = service.getAnalyzers();
while (iterator.hasNext()) {
Analyzer a = iterator.next();
final Analyzer a = iterator.next();
analyzers.get(a.getAnalysisPhase()).add(a);
if (a.getSupportedExtensions() != null) {
extensions.addAll(a.getSupportedExtensions());
@@ -116,7 +127,7 @@ public class Engine {
}
/**
* Get the dependencies identified
* Get the dependencies identified.
*
* @return the dependencies identified
*/
@@ -132,7 +143,7 @@ public class Engine {
* @param path the path to a file or directory to be analyzed.
*/
public void scan(String path) {
File file = new File(path);
final File file = new File(path);
if (file.exists()) {
if (file.isDirectory()) {
scanDirectory(file);
@@ -149,12 +160,14 @@ public class Engine {
* @param dir the directory to scan.
*/
protected void scanDirectory(File dir) {
File[] files = dir.listFiles();
for (File f : files) {
if (f.isDirectory()) {
scanDirectory(f);
} else {
scanFile(f);
final File[] files = dir.listFiles();
if (files != null) {
for (File f : files) {
if (f.isDirectory()) {
scanDirectory(f);
} else {
scanFile(f);
}
}
}
}
@@ -167,18 +180,18 @@ public class Engine {
*/
protected void scanFile(File file) {
if (!file.isFile()) {
String msg = String.format("Path passed to scanFile(File) is not a file: %s.", file.toString());
final String msg = String.format("Path passed to scanFile(File) is not a file: %s.", file.toString());
Logger.getLogger(Engine.class.getName()).log(Level.WARNING, msg);
}
String fileName = file.getName();
String extension = FileUtils.getFileExtension(fileName);
final String fileName = file.getName();
final String extension = FileUtils.getFileExtension(fileName);
if (extension != null) {
if (extensions.contains(extension)) {
Dependency dependency = new Dependency(file);
final Dependency dependency = new Dependency(file);
dependencies.add(dependency);
}
} else {
String msg = String.format("No file extension found on file '%s'. The file was not analyzed.",
final String msg = String.format("No file extension found on file '%s'. The file was not analyzed.",
file.toString());
Logger.getLogger(Engine.class.getName()).log(Level.FINEST, msg);
}
@@ -188,75 +201,74 @@ public class Engine {
* Runs the analyzers against all of the dependencies.
*/
public void analyzeDependencies() {
//phase one initialize
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
final List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
try {
a.initialize();
} catch (Exception ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE,
"Exception occured initializing " + a.getName() + ".", ex);
"Exception occurred initializing " + a.getName() + ".", ex);
try {
a.close();
} catch (Exception ex1) {
Logger.getLogger(Engine.class.getName()).log(Level.FINER, null, ex1);
}
continue;
}
for (Dependency d : dependencies) {
if (a.supportsExtension(d.getFileExtension())) {
try {
if (a instanceof ArchiveAnalyzer) {
ArchiveAnalyzer aa = (ArchiveAnalyzer) a;
aa.analyze(d, this);
} else {
a.analyze(d);
}
} catch (AnalysisException ex) {
d.addAnalysisException(ex);
} catch (IOException ex) {
String msg = String.format("IOException occured while analyzing the file '%s'.",
d.getActualFilePath());
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, msg, ex);
}
}
}
try {
a.close();
} catch (Exception ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
//Now cycle through all of the analyzers one last time to call
// cleanup on any archiveanalyzers. These should only exist in the
// initial phase, but we are going to be thourough just in case.
// analysis phases
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
final List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
if (a instanceof ArchiveAnalyzer) {
ArchiveAnalyzer aa = (ArchiveAnalyzer) a;
aa.cleanup();
//need to create a copy of the collection because some of the
// analyzers may modify it. This prevents ConcurrentModificationExceptions.
final Set<Dependency> dependencySet = new HashSet<Dependency>();
dependencySet.addAll(dependencies);
for (Dependency d : dependencySet) {
if (a.supportsExtension(d.getFileExtension())) {
try {
a.analyze(d, this);
} catch (AnalysisException ex) {
d.addAnalysisException(ex);
}
}
}
}
}
//close/cleanup
for (AnalysisPhase phase : AnalysisPhase.values()) {
final List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
try {
a.close();
} catch (Exception ex) {
Logger.getLogger(Engine.class.getName()).log(Level.WARNING, null, ex);
}
}
}
}
/**
*
* Cycles through the cached web data sources and calls update on all of them.
*/
private void doUpdates() {
UpdateService service = UpdateService.getInstance();
Iterator<CachedWebDataSource> iterator = service.getDataSources();
final UpdateService service = UpdateService.getInstance();
final Iterator<CachedWebDataSource> iterator = service.getDataSources();
while (iterator.hasNext()) {
CachedWebDataSource source = iterator.next();
final CachedWebDataSource source = iterator.next();
try {
source.update();
} catch (UpdateException ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE,
"Unable to update " + source.getClass().getName(), ex);
Logger.getLogger(Engine.class.getName()).log(Level.WARNING,
"Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.");
Logger.getLogger(Engine.class.getName()).log(Level.INFO,
String.format("Unable to update details for %s",
source.getClass().getName()), ex);
}
}
}
@@ -267,9 +279,9 @@ public class Engine {
* @return a list of Analyzers
*/
public List<Analyzer> getAnalyzers() {
List<Analyzer> ret = new ArrayList<Analyzer>();
final List<Analyzer> ret = new ArrayList<Analyzer>();
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
final List<Analyzer> analyzerList = analyzers.get(phase);
ret.addAll(analyzerList);
}
return ret;

35
src/main/java/org/codesecure/dependencycheck/analyzer/AbstractAnalyzer.java → src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java
View File

@@ -1,29 +1,30 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public abstract class AbstractAnalyzer implements Analyzer {
@@ -37,12 +38,24 @@ public abstract class AbstractAnalyzer implements Analyzer {
* @return a Set of strings.
*/
protected static Set<String> newHashSet(String... strings) {
Set<String> set = new HashSet<String>();
final Set<String> set = new HashSet<String>();
//yes, in Java7 we could use Array.toList(...) - but I'm trying to keep this Java 6 compliant.
for (String s : strings) {
set.add(s);
}
Collections.addAll(set, strings);
return set;
}
/**
* The initialize method does nothing for this Analyzer.
*/
public void initialize() {
//do nothing
}
/**
* The close method does nothing for this Analyzer.
*/
public void close() {
//do nothing
}
}

15
src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java → src/main/java/org/owasp/dependencycheck/analyzer/AnalysisException.java
View File

@@ -1,30 +1,33 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
/**
* An exception thrown when the analysis of a dependency fails.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class AnalysisException extends Exception {
/**
* The serial version UID for serialization.
*/
private static final long serialVersionUID = 1L;
/**

34
src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisPhase.java → src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java
View File

@@ -1,56 +1,64 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
/**
* An enumeration defining the phases of analysis.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public enum AnalysisPhase {
/**
* The first phase of analysis.
* Initialization phase.
*/
INITIAL,
/**
* The second phase of analysis.
* Information collection phase.
*/
INFORMATION_COLLECTION,
/**
* The third phase of analysis.
* Pre identifier analysis phase.
*/
PRE_IDENTIFIER_ANALYSIS,
/**
* The fourth phase of analysis.
* Identifier analysis phase.
*/
IDENTIFIER_ANALYSIS,
/**
* The fifth phase of analysis.
* Post identifier analysis phase.
*/
POST_IDENTIFIER_ANALYSIS,
/**
* The sixth phase of analysis.
* Pre finding analysis phase.
*/
PRE_FINDING_ANALYSIS,
/**
* Finding analysis phase.
*/
FINDING_ANALYSIS,
/**
* The seventh and final phase of analysis.
* Post analysis phase.
*/
POST_FINDING_ANALYSIS,
/**
* The final analysis phase.
*/
FINAL
}

23
src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java → src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java
View File

@@ -1,46 +1,49 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.util.Set;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
/**
* An interface that defines an Analyzer that is used to identify Dependencies.
* An analyzer will collect information about the dependency in the form of
* Evidence.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public interface Analyzer {
/**
* Analyzes the given dependency. The analysis could be anything from
* identifying an Idenifier for the dependency, to finding vulnerabilities,
* identifying an Identifier for the dependency, to finding vulnerabilities,
* etc. Additionally, if the analyzer collects enough information to add a
* description or license information for the dependency it should be added.
*
* @param dependency a dependency to analyze.
* @param engine the engine that is scanning the dependencies - this is useful
* if we need to check other dependencies
* @throws AnalysisException is thrown if there is an error analyzing the
* dependency file
*/
void analyze(Dependency dependency) throws AnalysisException;
void analyze(Dependency dependency, Engine engine) throws AnalysisException;
/**
* <p>Returns a list of supported file extensions. An example would be an
@@ -68,7 +71,7 @@ public interface Analyzer {
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by tihs
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
boolean supportsExtension(String extension);

28
src/main/java/org/codesecure/dependencycheck/analyzer/AnalyzerService.java → src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java
View File

@@ -1,37 +1,43 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.util.Iterator;
import java.util.ServiceLoader;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class AnalyzerService {
private static AnalyzerService service;
private ServiceLoader<Analyzer> loader;
public final class AnalyzerService {
/**
* Creates a new instance of AnalyzerService
* The analyzer service singleton.
*/
private static AnalyzerService service;
/**
* The service loader for analyzers.
*/
private final ServiceLoader<Analyzer> loader;
/**
* Creates a new instance of AnalyzerService.
*/
private AnalyzerService() {
loader = ServiceLoader.load(Analyzer.class);

256
src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java Normal file
View File

@@ -0,0 +1,256 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.HashSet;
import java.util.Iterator;
import java.util.ListIterator;
import java.util.Set;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
/**
* <p>This analyzer ensures dependencies that should be grouped together, to
* remove excess noise from the report, are grouped. An example would be Spring,
* Spring Beans, Spring MVC, etc. If they are all for the same version and have
* the same relative path then these should be grouped into a single dependency
* under the core/main library.</p>
* <p>Note, this grouping only works on dependencies with identified CVE
* entries</p>
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = null;
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Dependency Bundling Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS;
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
return true;
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* a flag indicating if this analyzer has run. This analyzer only runs once.
*/
private boolean analyzed = false;
/**
* Analyzes a set of dependencies. If they have been found to have the same
* base path and the same set of identifiers they are likely related. The
* related dependencies are bundled into a single reportable item.
*
* @param ignore this analyzer ignores the dependency being analyzed
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency ignore, Engine engine) throws AnalysisException {
if (!analyzed) {
analyzed = true;
final Set<Dependency> dependenciesToRemove = new HashSet<Dependency>();
final ListIterator<Dependency> mainIterator = engine.getDependencies().listIterator();
//for (Dependency nextDependency : engine.getDependencies()) {
while (mainIterator.hasNext()) {
final Dependency dependency = mainIterator.next();
if (mainIterator.hasNext()) {
final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
while (subIterator.hasNext()) {
final Dependency nextDependency = subIterator.next();
if (identifiersMatch(dependency, nextDependency)
&& hasSameBasePath(dependency, nextDependency)) {
if (isCore(dependency, nextDependency)) {
dependency.addRelatedDependency(nextDependency);
//move any "related dependencies" to the new "parent" dependency
final Iterator<Dependency> i = nextDependency.getRelatedDependencies().iterator();
while (i.hasNext()) {
dependency.addRelatedDependency(i.next());
i.remove();
}
dependenciesToRemove.add(nextDependency);
} else {
if (isCore(nextDependency, dependency)) {
nextDependency.addRelatedDependency(dependency);
//move any "related dependencies" to the new "parent" dependency
final Iterator<Dependency> i = dependency.getRelatedDependencies().iterator();
while (i.hasNext()) {
nextDependency.addRelatedDependency(i.next());
i.remove();
}
dependenciesToRemove.add(dependency);
}
}
}
}
}
}
//removing dependencies here as ensuring correctness and avoiding ConcurrentUpdateExceptions
// was difficult because of the inner iterator.
for (Dependency d : dependenciesToRemove) {
engine.getDependencies().remove(d);
}
}
}
/**
* Attempts to trim a maven repo to a common base path. This is typically
* [drive]\[repo_location]\repository\[path1]\[path2].
*
* @param path the path to trim
* @return a string representing the base path.
*/
private String getBaseRepoPath(final String path) {
int pos = path.indexOf("repository" + File.separator) + 11;
if (pos < 0) {
return path;
}
int tmp = path.indexOf(File.separator, pos);
if (tmp <= 0) {
return path;
}
if (tmp > 0) {
pos = tmp + 1;
}
tmp = path.indexOf(File.separator, pos);
if (tmp > 0) {
pos = tmp + 1;
}
return path.substring(0, pos);
}
/**
* Returns true if the identifiers in the two supplied dependencies are equal.
* @param dependency1 a dependency2 to compare
* @param dependency2 a dependency2 to compare
* @return true if the identifiers in the two supplied dependencies are equal
*/
private boolean identifiersMatch(Dependency dependency1, Dependency dependency2) {
if (dependency1 == null || dependency1.getIdentifiers() == null
|| dependency2 == null || dependency2.getIdentifiers() == null) {
return false;
}
return dependency1.getIdentifiers().size() > 0
&& dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
}
/**
* Determines if the two dependencies have the same base path.
* @param dependency1 a Dependency object
* @param dependency2 a Dependency object
* @return true if the base paths of the dependencies are identical
*/
private boolean hasSameBasePath(Dependency dependency1, Dependency dependency2) {
if (dependency1 == null || dependency2 == null) {
return false;
}
final File lFile = new File(dependency1.getFilePath());
String left = lFile.getParent();
final File rFile = new File(dependency2.getFilePath());
String right = rFile.getParent();
if (left == null) {
if (right == null) {
return true;
}
return false;
}
if (left.equalsIgnoreCase(right)) {
return true;
}
if (left.matches(".*[/\\\\]repository[/\\\\].*") && right.matches(".*[/\\\\]repository[/\\\\].*")) {
left = getBaseRepoPath(left);
right = getBaseRepoPath(right);
}
return left.equalsIgnoreCase(right);
}
/**
* This is likely a very broken attempt at determining if the 'left'
* dependency is the 'core' library in comparison to the 'right' library.
*
* TODO - consider splitting on /\._-\s/ and checking if all of one side is fully contained in the other
* With the exception of the word "core". This might work even on groups when we don't have a CVE.
*
* @param left the dependency to test
* @param right the dependency to test against
* @return a boolean indicating whether or not the left dependency should be
* considered the "core" version.
*/
private boolean isCore(Dependency left, Dependency right) {
final String leftName = left.getFileName().toLowerCase();
final String rightName = right.getFileName().toLowerCase();
if (rightName.contains("core") && !leftName.contains("core")) {
return false;
} else if (!rightName.contains("core") && leftName.contains("core")) {
return true;
} else {
//TODO should we be splitting the name on [-_(.\d)+] and seeing if the
// parts are contained in the other side?
if (leftName.length() > rightName.length()) {
return false;
}
return true;
}
}
}

213
src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java Normal file
View File

@@ -0,0 +1,213 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.cpe.Entry;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
/**
* This analyzer attempts to remove some well known false positives -
* specifically regarding the java runtime.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FalsePositiveAnalyzer extends AbstractAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = null;
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "False Positive Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_IDENTIFIER_ANALYSIS;
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
return true; //EXTENSIONS.contains(extension);
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
*
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
removeJreEntries(dependency);
boolean deepScan = false;
try {
deepScan = Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN);
} catch (InvalidSettingException ex) {
Logger.getLogger(FalsePositiveAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
}
if (!deepScan) {
removeSpuriousCPE(dependency);
}
}
/**
* Intended to remove spurious CPE entries.
*
* @param dependency the dependency being analyzed
*/
private void removeSpuriousCPE(Dependency dependency) {
final List<Identifier> ids = new ArrayList<Identifier>();
ids.addAll(dependency.getIdentifiers());
final ListIterator<Identifier> mainItr = ids.listIterator();
while (mainItr.hasNext()) {
final Identifier currentId = mainItr.next();
final Entry currentCpe = parseCpe(currentId.getType(), currentId.getValue());
if (currentCpe == null) {
continue;
}
final ListIterator<Identifier> subItr = ids.listIterator(mainItr.nextIndex());
while (subItr.hasNext()) {
final Identifier nextId = subItr.next();
final Entry nextCpe = parseCpe(nextId.getType(), nextId.getValue());
if (nextCpe == null) {
continue;
}
if (currentCpe.getVendor().equals(nextCpe.getVendor())) {
if (currentCpe.getProduct().equals(nextCpe.getProduct())) {
// see if one is contained in the other.. remove the contained one from dependency.getIdentifier
final String mainVersion = currentCpe.getVersion();
final String nextVersion = nextCpe.getVersion();
if (mainVersion.length() < nextVersion.length()) {
if (nextVersion.startsWith(mainVersion)) {
//remove mainVersion
dependency.getIdentifiers().remove(currentId);
}
} else {
if (mainVersion.startsWith(nextVersion)) {
//remove nextVersion
dependency.getIdentifiers().remove(nextId);
}
}
} else {
if (currentCpe.getVersion().equals(nextCpe.getVersion())) {
//same vendor and version - but different products
// are we dealing with something like Axis & Axis2
final String currentProd = currentCpe.getProduct();
final String nextProd = nextCpe.getProduct();
if (currentProd.startsWith(nextProd)) {
dependency.getIdentifiers().remove(nextId);
}
if (nextProd.startsWith(currentProd)) {
dependency.getIdentifiers().remove(currentId);
}
}
}
}
}
}
}
/**
* Removes any CPE entries for the JDK/JRE unless the filename ends with
* rt.jar
*
* @param dependency the dependency to remove JRE CPEs from
*/
private void removeJreEntries(Dependency dependency) {
final Set<Identifier> identifiers = dependency.getIdentifiers();
final Iterator<Identifier> itr = identifiers.iterator();
while (itr.hasNext()) {
final Identifier i = itr.next();
if ((i.getValue().startsWith("cpe:/a:sun:java:")
|| i.getValue().startsWith("cpe:/a:oracle:jre")
|| i.getValue().startsWith("cpe:/a:oracle:jdk"))
&& !dependency.getFileName().toLowerCase().endsWith("rt.jar")) {
itr.remove();
}
}
}
/**
* Parses a CPE string into an Entry.
* @param type the type of identifier
* @param value the cpe identifier to parse
* @return an Entry constructed from the identifier
*/
private Entry parseCpe(String type, String value) {
if (!"cpe".equals(type)) {
return null;
}
final Entry cpe = new Entry();
try {
cpe.parseName(value);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(FalsePositiveAnalyzer.class.getName()).log(Level.FINEST, null, ex);
return null;
}
return cpe;
}
}

42
src/main/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzer.java → src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java
View File

@@ -1,34 +1,35 @@
package org.codesecure.dependencycheck.analyzer;
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.util.Set;
import org.owasp.dependencycheck.Engine;
/**
*
* Takes a dependency and analyzes the filename and determines the hashes.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FileNameAnalyzer implements Analyzer {
public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* The name of the analyzer.
@@ -65,7 +66,7 @@ public class FileNameAnalyzer implements Analyzer {
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by tihs
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
@@ -85,15 +86,16 @@ public class FileNameAnalyzer implements Analyzer {
* Collects information about the file name.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency) throws AnalysisException {
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
String fileName = dependency.getFileName();
int pos = fileName.lastIndexOf(".");
final int pos = fileName.lastIndexOf(".");
if (pos > 0) {
fileName = fileName.substring(0, pos - 1);
fileName = fileName.substring(0, pos);
}
dependency.getProductEvidence().addEvidence("file", "name",
@@ -107,18 +109,4 @@ public class FileNameAnalyzer implements Analyzer {
fileName, Evidence.Confidence.HIGH);
}
}
/**
* The initialize method does nothing for this Analyzer
*/
public void initialize() {
//do nothing
}
/**
* The close method does nothing for this Analyzer
*/
public void close() {
//do nothing
}
}

121
src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java Normal file
View File

@@ -0,0 +1,121 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.util.Set;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Hint Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_IDENTIFIER_ANALYSIS;
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = null;
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
return true;
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* The HintAnalyzer uses knowledge about a dependency to add additional information
* to help in identification of identifiers or vulnerabilities.
* @param dependency The dependency being analyzed
* @param engine The scanning engine
* @throws AnalysisException is thrown if there is an exception analyzing the dependency.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
final Evidence springTest1 = new Evidence("Manifest",
"Implementation-Title",
"Spring Framework",
Evidence.Confidence.HIGH);
final Evidence springTest2 = new Evidence("Manifest",
"Implementation-Title",
"org.springframework.core",
Evidence.Confidence.HIGH);
final Evidence springTest3 = new Evidence("Manifest",
"Bundle-Vendor",
"SpringSource",
Evidence.Confidence.HIGH);
Set<Evidence> evidence = dependency.getProductEvidence().getEvidence();
if (evidence.contains(springTest1) || evidence.contains(springTest2)) {
dependency.getProductEvidence().addEvidence("a priori", "product", "springsource_spring_framework", Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "SpringSource", Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "vmware", Evidence.Confidence.HIGH);
}
evidence = dependency.getVendorEvidence().getEvidence();
if (evidence.contains(springTest3)) {
dependency.getProductEvidence().addEvidence("a priori", "product", "springsource_spring_framework", Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "vmware", Evidence.Confidence.HIGH);
}
}
}

771
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java Normal file
View File

@@ -0,0 +1,771 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.io.FileInputStream;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBException;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.jar.Attributes;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.Unmarshaller;
import org.owasp.dependencycheck.analyzer.pom.generated.License;
import org.owasp.dependencycheck.analyzer.pom.generated.Model;
import org.owasp.dependencycheck.analyzer.pom.generated.Organization;
import org.owasp.dependencycheck.utils.NonClosingStream;
import org.owasp.dependencycheck.utils.Settings;
/**
*
* Used to load a JAR file and collect information that can be used to determine
* the associated CPE.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* The system independent newline character.
*/
private static final String NEWLINE = System.getProperty("line.separator");
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Jar Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
/**
* A list of elements in the manifest to ignore.
*/
private static final Set<String> IGNORE_LIST = newHashSet(
"built-by",
"created-by",
"builtby",
"createdby",
"build-jdk",
"buildjdk",
"ant-version",
"antversion",
"import-package",
"export-package",
"importpackage",
"exportpackage",
"sealed",
"manifest-version",
"archiver-version",
"manifestversion",
"archiverversion",
"classpath",
"class-path",
"tool",
"bundle-manifestversion",
"bundlemanifestversion");
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("jar");
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_VERSION = "Bundle-Version"; //: 2.1.2
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_DESCRIPTION = "Bundle-Description"; //: Apache Struts 2
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_NAME = "Bundle-Name"; //: Struts 2 Core
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_VENDOR = "Bundle-Vendor"; //: Apache Software Foundation
/**
* The unmarshaller used to parse the pom.xml from a JAR file.
*/
private Unmarshaller pomUnmarshaller;
/**
* Constructs a new JarAnalyzer.
*/
public JarAnalyzer() {
try {
final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.analyzer.pom.generated");
pomUnmarshaller = jaxbContext.createUnmarshaller();
} catch (JAXBException ex) { //guess we will just have a null pointer exception later...
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
return EXTENSIONS.contains(extension);
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* Loads a specified JAR file and collects information from the manifest and
* checksums to identify the correct CPE information.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
boolean addPackagesAsEvidence = false;
//todo - catch should be more granular here, one for each call likely
//todo - think about sources/javadoc jars, should we remove or move to related dependency?
try {
final boolean hasManifest = parseManifest(dependency);
final boolean hasPOM = analyzePOM(dependency);
final boolean deepScan = Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN);
if ((!hasManifest && !hasPOM) || deepScan) {
addPackagesAsEvidence = true;
}
final boolean hasClasses = analyzePackageNames(dependency, addPackagesAsEvidence);
if (!hasClasses
&& (dependency.getFileName().toLowerCase().endsWith("-sources.jar")
|| dependency.getFileName().toLowerCase().endsWith("-javadoc.jar")
|| dependency.getFileName().toLowerCase().endsWith("-src.jar")
|| dependency.getFileName().toLowerCase().endsWith("-doc.jar"))) {
engine.getDependencies().remove(dependency);
}
} catch (IOException ex) {
throw new AnalysisException("Exception occurred reading the JAR file.", ex);
}
}
/**
* Attempts to find a pom.xml within the JAR file. If found it extracts
* information and adds it to the evidence. This will attempt to interpolate
* the strings contained within the pom.properties if one exists.
*
* @param dependency the dependency being analyzed.
* @throws IOException is thrown if there is an error reading the zip file.
* @throws AnalysisException is thrown if there is an exception parsing the
* pom.
* @return whether or not evidence was added to the dependency
*/
@edu.umd.cs.findbugs.annotations.SuppressWarnings(
value = "OS_OPEN_STREAM",
justification = "The reader on line 259 is closed by closing the zipEntry")
protected boolean analyzePOM(Dependency dependency) throws IOException, AnalysisException {
boolean foundSomething = false;
Properties pomProperties = null;
final List<Model> poms = new ArrayList<Model>();
FileInputStream fs = null;
try {
fs = new FileInputStream(dependency.getActualFilePath());
final ZipInputStream zin = new ZipInputStream(fs);
ZipEntry entry = zin.getNextEntry();
while (entry != null) {
final String entryName = (new File(entry.getName())).getName().toLowerCase();
if (!entry.isDirectory() && "pom.xml".equals(entryName)) {
final NonClosingStream stream = new NonClosingStream(zin);
Model p = null;
try {
final JAXBElement obj = (JAXBElement) pomUnmarshaller.unmarshal(stream);
p = (Model) obj.getValue();
} catch (JAXBException ex) {
final String msg = String.format("Unable to parse POM '%s' in '%s'",
entry.getName(), dependency.getFilePath());
final AnalysisException ax = new AnalysisException(msg, ex);
dependency.getAnalysisExceptions().add(ax);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.INFO, msg);
}
if (p != null) {
poms.add(p);
}
zin.closeEntry();
} else if (!entry.isDirectory() && "pom.properties".equals(entryName)) {
//TODO what if there is more then one pom.properties?
// need to find the POM, then look to see if there is a sibling
// pom.properties and use those together.
if (pomProperties == null) {
Reader reader;
try {
reader = new InputStreamReader(zin, "UTF-8");
pomProperties = new Properties();
pomProperties.load(reader);
} finally {
//zin.closeEntry closes the reader
//reader.close();
zin.closeEntry();
}
} else {
final String msg = "JAR file contains multiple pom.properties files - unable to process POM";
final AnalysisException ax = new AnalysisException(msg);
dependency.getAnalysisExceptions().add(ax);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.INFO, msg);
}
}
entry = zin.getNextEntry();
}
} catch (IOException ex) {
throw new AnalysisException("Error reading JAR file as zip.", ex);
} finally {
if (fs != null) {
fs.close();
}
}
for (Model pom : poms) {
//group id
final String groupid = interpolateString(pom.getGroupId(), pomProperties);
if (groupid != null) {
foundSomething = true;
dependency.getVendorEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.HIGH);
dependency.getProductEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.LOW);
}
//artifact id
final String artifactid = interpolateString(pom.getArtifactId(), pomProperties);
if (artifactid != null) {
foundSomething = true;
dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.LOW);
}
//version
final String version = interpolateString(pom.getVersion(), pomProperties);
if (version != null) {
foundSomething = true;
dependency.getVersionEvidence().addEvidence("pom", "version", version, Evidence.Confidence.HIGH);
}
// org name
final Organization org = pom.getOrganization();
if (org != null && org.getName() != null) {
foundSomething = true;
final String orgName = interpolateString(org.getName(), pomProperties);
dependency.getVendorEvidence().addEvidence("pom", "organization name", orgName, Evidence.Confidence.HIGH);
}
//pom name
final String pomName = interpolateString(pom.getName(), pomProperties);
if (pomName != null) {
foundSomething = true;
dependency.getProductEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
}
//Description
if (pom.getDescription() != null) {
foundSomething = true;
final String description = interpolateString(pom.getDescription(), pomProperties);
dependency.setDescription(description);
dependency.getProductEvidence().addEvidence("pom", "description", description, Evidence.Confidence.MEDIUM);
dependency.getVendorEvidence().addEvidence("pom", "description", description, Evidence.Confidence.MEDIUM);
}
//license
if (pom.getLicenses() != null) {
String license = null;
for (License lic : pom.getLicenses().getLicense()) {
String tmp = null;
if (lic.getName() != null) {
tmp = interpolateString(lic.getName(), pomProperties);
}
if (lic.getUrl() != null) {
if (tmp == null) {
tmp = interpolateString(lic.getUrl(), pomProperties);
} else {
tmp += ": " + interpolateString(lic.getUrl(), pomProperties);
}
}
if (tmp == null) {
continue;
}
if (license == null) {
license = tmp;
} else {
license += "\n" + tmp;
}
}
if (license != null) {
dependency.setLicense(license);
}
}
}
return foundSomething;
}
/**
* Tracks whether the jar being analyzed contains classes.
*/
private boolean hasClasses = false;
/**
* Analyzes the path information of the classes contained within the
* JarAnalyzer to try and determine possible vendor or product names. If any
* are found they are stored in the packageVendor and packageProduct
* hashSets.
*
* @param dependency A reference to the dependency.
* @param addPackagesAsEvidence a flag indicating whether or not package
* names should be added as evidence.
* @return returns true or false depending on whether classes were identified in the JAR
* @throws IOException is thrown if there is an error reading the JAR file.
*/
protected boolean analyzePackageNames(Dependency dependency, boolean addPackagesAsEvidence)
throws IOException {
hasClasses = false;
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
final Enumeration en = jar.entries();
final HashMap<String, Integer> level0 = new HashMap<String, Integer>();
final HashMap<String, Integer> level1 = new HashMap<String, Integer>();
final HashMap<String, Integer> level2 = new HashMap<String, Integer>();
final HashMap<String, Integer> level3 = new HashMap<String, Integer>();
final int count = collectPackageNameInformation(en, level0, level1, level2, level3);
if (count == 0) {
return hasClasses;
}
final EvidenceCollection vendor = dependency.getVendorEvidence();
final EvidenceCollection product = dependency.getProductEvidence();
for (String s : level0.keySet()) {
if (!"org".equals(s) && !"com".equals(s)) {
vendor.addWeighting(s);
product.addWeighting(s);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
product.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
}
}
}
for (String s : level1.keySet()) {
float ratio = level1.get(s);
ratio /= count;
if (ratio > 0.5) {
final String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
} else {
vendor.addWeighting(parts[0]);
product.addWeighting(parts[1]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
}
}
}
for (String s : level2.keySet()) {
float ratio = level2.get(s);
ratio /= count;
if (ratio > 0.4) {
final String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
product.addWeighting(parts[2]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
}
}
}
for (String s : level3.keySet()) {
float ratio = level3.get(s);
ratio /= count;
if (ratio > 0.3) {
final String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
}
}
}
} finally {
if (jar != null) {
jar.close();
}
}
return hasClasses;
}
/**
* <p>Reads the manifest from the JAR file and collects the entries. Some
* key entries are:</p> <ul><li>Implementation Title</li> <li>Implementation
* Version</li> <li>Implementation Vendor</li> <li>Implementation
* VendorId</li> <li>Bundle Name</li> <li>Bundle Version</li> <li>Bundle
* Vendor</li> <li>Bundle Description</li> <li>Main Class</li> </ul>
* However, all but a handful of specific entries are read in.
*
* @param dependency A reference to the dependency.
* @return whether evidence was identified parsing the manifest.
* @throws IOException if there is an issue reading the JAR file.
*/
protected boolean parseManifest(Dependency dependency) throws IOException {
boolean foundSomething = false;
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
final Manifest manifest = jar.getManifest();
if (manifest == null) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE,
String.format("Jar file '%s' does not contain a manifest.",
dependency.getFileName()));
return false;
}
final Attributes atts = manifest.getMainAttributes();
final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
final EvidenceCollection productEvidence = dependency.getProductEvidence();
final EvidenceCollection versionEvidence = dependency.getVersionEvidence();
final String source = "Manifest";
for (Entry<Object, Object> entry : atts.entrySet()) {
String key = entry.getKey().toString();
final String value = atts.getValue(key);
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
foundSomething = true;
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_DESCRIPTION)) {
foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
dependency.setDescription(value);
} else if (key.equals(BUNDLE_NAME)) {
foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_VENDOR)) {
foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(BUNDLE_VERSION)) {
foundSomething = true;
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else {
key = key.toLowerCase();
if (!IGNORE_LIST.contains(key)
&& !key.endsWith("jdk")
&& !key.contains("lastmodified")
&& !key.endsWith("package")
&& !isImportPackage(key, value)) {
foundSomething = true;
if (key.contains("version")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("title")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("vendor")) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("name")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("license")) {
addLicense(dependency, value);
} else {
if (key.contains("description")) {
addDescription(dependency, value);
}
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
if (value.matches(".*\\d.*")) {
final StringTokenizer tokenizer = new StringTokenizer(value, " ");
while (tokenizer.hasMoreElements()) {
final String s = tokenizer.nextToken();
if (s.matches("^[0-9.]+$")) {
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
}
}
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
}
}
}
}
}
} finally {
if (jar != null) {
jar.close();
}
}
return foundSomething;
}
/**
* Adds a description to the given dependency.
*
* @param d a dependency
* @param description the description
*/
private void addDescription(Dependency d, String description) {
if (d.getDescription() == null) {
d.setDescription(description);
}
}
/**
* Adds a license to the given dependency.
*
* @param d a dependency
* @param license the license
*/
private void addLicense(Dependency d, String license) {
if (d.getLicense() == null) {
d.setLicense(license);
} else if (!d.getLicense().contains(license)) {
d.setLicense(d.getLicense() + NEWLINE + license);
}
}
/**
* The initialize method does nothing for this Analyzer.
*/
public void initialize() {
//do nothing
}
/**
* The close method does nothing for this Analyzer.
*/
public void close() {
//do nothing
}
/**
* A utility function that will interpolate strings based on values given in
* the properties file. It will also interpolate the strings contained
* within the properties file so that properties can reference other
* properties.
*
* @param text the string that contains references to properties.
* @param properties a collection of properties that may be referenced
* within the text.
* @return the interpolated text.
*/
protected String interpolateString(String text, Properties properties) {
//${project.build.directory}
if (properties == null || text == null) {
return text;
}
final int pos = text.indexOf("${");
if (pos < 0) {
return text;
}
final int end = text.indexOf("}");
if (end < pos) {
return text;
}
final String propName = text.substring(pos + 2, end);
String propValue = interpolateString(properties.getProperty(propName), properties);
if (propValue == null) {
propValue = "";
}
final StringBuilder sb = new StringBuilder(propValue.length() + text.length());
sb.append(text.subSequence(0, pos));
sb.append(propValue);
sb.append(text.substring(end + 1));
return interpolateString(sb.toString(), properties); //yes yes, this should be a loop...
}
/**
* Determines if the key value pair from the manifest is for an "import" type
* entry for package names.
* @param key the key from the manifest
* @param value the value from the manifest
* @return true or false depending on if it is believed the entry is an "import" entry
*/
private boolean isImportPackage(String key, String value) {
final Pattern packageRx = Pattern.compile("^((([a-zA-Z_#\\$0-9]\\.)+)\\s*\\;\\s*)+$");
if (packageRx.matcher(value).matches()) {
return (key.contains("import") || key.contains("include"));
}
return false;
}
/**
* Cycles through an enumeration of JarEntries and collects level 0-3 directory
* structure names. This is helpful when analyzing vendor/product as many times
* this is included in the package name. This does not analyze core Java package
* names.
*
* @param en an Enumeration of JarEntries
* @param level0 HashMap of level 0 package names (e.g. org)
* @param level1 HashMap of level 1 package names (e.g. owasp)
* @param level2 HashMap of level 2 package names (e.g. dependencycheck)
* @param level3 HashMap of level 3 package names (e.g. analyzer)
* @return the number of entries processed that were included in the above HashMaps
*/
private int collectPackageNameInformation(Enumeration en, HashMap<String, Integer> level0,
HashMap<String, Integer> level1, HashMap<String, Integer> level2, HashMap<String, Integer> level3) {
int count = 0;
while (en.hasMoreElements()) {
final java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement();
if (entry.getName().endsWith(".class")) {
hasClasses = true;
String[] path;
if (entry.getName().contains("/")) {
path = entry.getName().toLowerCase().split("/");
if ("java".equals(path[0])
|| "javax".equals(path[0])
|| ("com".equals(path[0]) && "sun".equals(path[0]))) {
continue;
}
} else {
path = new String[1];
path[0] = entry.getName();
}
count += 1;
String temp = path[0];
if (level0.containsKey(temp)) {
level0.put(temp, level0.get(temp) + 1);
} else {
level0.put(temp, 1);
}
if (path.length > 2) {
temp += "/" + path[1];
if (level1.containsKey(temp)) {
level1.put(temp, level1.get(temp) + 1);
} else {
level1.put(temp, 1);
}
}
if (path.length > 3) {
temp += "/" + path[2];
if (level2.containsKey(temp)) {
level2.put(temp, level2.get(temp) + 1);
} else {
level2.put(temp, 1);
}
}
if (path.length > 4) {
temp += "/" + path[3];
if (level3.containsKey(temp)) {
level3.put(temp, level3.get(temp) + 1);
} else {
level3.put(temp, 1);
}
}
}
}
return count;
}
}

Some files were not shown because too many files have changed in this diff Show More