github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 15:53:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github-mirrors:v0.2.5.2
Branches Tags
github-mirrors:master github-mirrors:feature/java-version-parse github-mirrors:cvedb-cache github-mirrors:reportGeneration github-mirrors:stevespringett-master github-mirrors:gh-pages github-mirrors:issue690_threadsafe
github-mirrors:v1.4.5 github-mirrors:v1.4.4 github-mirrors:1.4.3 github-mirrors:v1.4.2 github-mirrors:v1.4.1 github-mirrors:v1.4.0 github-mirrors:v1.3.6 github-mirrors:v1.3.5 github-mirrors:v1.3.4 github-mirrors:v1.3.3 github-mirrors:v1.3.2 github-mirrors:v1.3.1 github-mirrors:v1.3.0 github-mirrors:v1.2.11 github-mirrors:v1.2.9 github-mirrors:v1.2.8 github-mirrors:v1.2.7 github-mirrors:v1.2.6 github-mirrors:v1.2.5 github-mirrors:v1.2.4 github-mirrors:v1.2.3 github-mirrors:v1.2.2 github-mirrors:v1.2.1 github-mirrors:v1.2.0.1 github-mirrors:v1.2.0 github-mirrors:v1.1.4 github-mirrors:v1.1.3 github-mirrors:v1.1.2 github-mirrors:v1.1.1 github-mirrors:v1.1.0 github-mirrors:v1.0.8 github-mirrors:v1.0.7 github-mirrors:v1.0.6 github-mirrors:v1.0.5 github-mirrors:v1.0.4 github-mirrors:v1.0.3 github-mirrors:v1.0.2 github-mirrors:v1.0.1 github-mirrors:v0.3.2.4 github-mirrors:v0.3.2.3 github-mirrors:v0.3.2.2 github-mirrors:v0.3.2.0 github-mirrors:v0.3.1.1 github-mirrors:v0.3.1.0 github-mirrors:v0.3.0.0 github-mirrors:v0.2.6.0 github-mirrors:v0.2.5.2 github-mirrors:v0.2.5.1 github-mirrors:v0.2.5.0 github-mirrors:v0.2.4.0 github-mirrors:v0.2.3.2 github-mirrors:v0.2.3.1 github-mirrors:v0.2.3 github-mirrors:v0.2.2 github-mirrors:v0.2.1 github-mirrors:v0.2.0
..
compare: github-mirrors:v0.3.2.4
Branches Tags
github-mirrors:feature/java-version-parse github-mirrors:cvedb-cache github-mirrors:reportGeneration github-mirrors:master github-mirrors:stevespringett-master github-mirrors:gh-pages github-mirrors:issue690_threadsafe
github-mirrors:v1.4.5 github-mirrors:v1.4.4 github-mirrors:1.4.3 github-mirrors:v1.4.2 github-mirrors:v1.4.1 github-mirrors:v1.4.0 github-mirrors:v1.3.6 github-mirrors:v1.3.5 github-mirrors:v1.3.4 github-mirrors:v1.3.3 github-mirrors:v1.3.2 github-mirrors:v1.3.1 github-mirrors:v1.3.0 github-mirrors:v1.2.11 github-mirrors:v1.2.9 github-mirrors:v1.2.8 github-mirrors:v1.2.7 github-mirrors:v1.2.6 github-mirrors:v1.2.5 github-mirrors:v1.2.4 github-mirrors:v1.2.3 github-mirrors:v1.2.2 github-mirrors:v1.2.1 github-mirrors:v1.2.0.1 github-mirrors:v1.2.0 github-mirrors:v1.1.4 github-mirrors:v1.1.3 github-mirrors:v1.1.2 github-mirrors:v1.1.1 github-mirrors:v1.1.0 github-mirrors:v1.0.8 github-mirrors:v1.0.7 github-mirrors:v1.0.6 github-mirrors:v1.0.5 github-mirrors:v1.0.4 github-mirrors:v1.0.3 github-mirrors:v1.0.2 github-mirrors:v1.0.1 github-mirrors:v0.3.2.4 github-mirrors:v0.3.2.3 github-mirrors:v0.3.2.2 github-mirrors:v0.3.2.0 github-mirrors:v0.3.1.1 github-mirrors:v0.3.1.0 github-mirrors:v0.3.0.0 github-mirrors:v0.2.6.0 github-mirrors:v0.2.5.2 github-mirrors:v0.2.5.1 github-mirrors:v0.2.5.0 github-mirrors:v0.2.4.0 github-mirrors:v0.2.3.2 github-mirrors:v0.2.3.1 github-mirrors:v0.2.3 github-mirrors:v0.2.2 github-mirrors:v0.2.1 github-mirrors:v0.2.0

203 Commits
v0.2.5.2 ... v0.3.2.4

Author SHA1 Message Date
Jeremy Long
cc6f4803b9 updated to version 0.3.2.4 
Former-commit-id: 9d6644482abcfb4f69f360fa60cf08370579250c
 2013-06-17 20:42:07 -04:00
Jeremy Long
080ccbe7a0 updated logging 
Former-commit-id: a7b76150de7f5c2fe68ad648dcb3271380887c1d
 2013-06-17 20:40:29 -04:00
Jeremy Long
657891055b added message about BH Arsenal 
Former-commit-id: 01821d375cccd0cd9995e16a07cb11687a965dd8
 2013-06-17 20:25:40 -04:00
Jeremy Long
ce1c097136 checkstyle correction 
Former-commit-id: b04b910c546a0ff7f58ca8cfe1f8a3afd06a4d62
 2013-06-16 07:43:54 -04:00
Jeremy Long
f18827614d updated logging 
Former-commit-id: 149530418c3807d59c93615e9c5283e4a151576f
 2013-06-16 07:24:34 -04:00
Jeremy Long
a49a4ea059 updated logging 
Former-commit-id: 457f15cabd21e7fc4bea0b6baaa37234fdeb1176
 2013-06-16 06:36:14 -04:00
Jeremy Long
cb50651764 updated logging 
Former-commit-id: d1f027c888ef83e8b2b223f3864eedbd730aa8ce
 2013-06-15 23:42:45 -04:00
Jeremy Long
5a6a3dc17f fixed null pointer exception 
Former-commit-id: be278e1ce8479bb28912bee00eae1f1c1c0bbdf4
 2013-06-15 22:40:11 -04:00
Jeremy Long
d179b7bf3f minor updates - still no implementation though 
Former-commit-id: 53b5a5ad98e02cf9b18b167205079c489c75a336
 2013-06-11 06:23:05 -04:00
Jeremy Long
31e6d1e0c1 updated javadoc 
Former-commit-id: d8526a7b902438a83138a677a37c709684c76ed8
 2013-06-11 06:20:00 -04:00
Jeremy Long
13c239c9d4 fixed compilation issue due to changes in other classes 
Former-commit-id: 171336be7223c6ebf4a416dc55b98407aeb73f19
 2013-06-11 06:05:07 -04:00
Jeremy Long
e985ebff3f added a temp directory property 
Former-commit-id: 97cdce3ca6be8d599c3805d3316c09512ae38694
 2013-06-11 06:03:52 -04:00
Jeremy Long
3d00927033 added a getInt with a default value 
Former-commit-id: 61d31f994354bfb5047432424f8d34492023a73b
 2013-06-11 06:03:13 -04:00
Jeremy Long
8bdb7e239d minor update to support new analyzer 
Former-commit-id: 24224a255ebe67f31041716b3e2ab8b22a9273c0
 2013-06-11 06:00:09 -04:00
Jeremy Long
a5b0136897 added netbeans configuration files too 
Former-commit-id: 5c0704462790b8b1394532a73f12843d7796742a
 2013-06-11 05:58:06 -04:00
Jeremy Long
41ea697483 added throws clause to initialize and close as specified by the interface 
Former-commit-id: dca013ac170a09297bc5bbf96ee8fecc9d2baaef
 2013-06-07 22:24:01 -04:00
Jeremy Long
fb0f4dd2cf re-arranged code and improved documentation (some) 
Former-commit-id: 24b983d81673b2055bef970e04a040c334a716bb
 2013-06-07 22:04:35 -04:00
Jeremy Long
8eb373a612 made snapshot 
Former-commit-id: 5dd3bf273a5b76342ef03d90affd11d638cc73c7
 2013-06-07 22:00:36 -04:00
Jeremy Long
2933526aee v0.3.2.3 
Former-commit-id: f1a80ca108a9089e26c716bab8389844faa3e3a4
 2013-06-07 15:53:03 -04:00
Jeremy Long
ef2a22b216 v0.3.2.3 
Former-commit-id: dc8b892541970156a95a14d11c5eb3c5d610e676
 2013-06-07 15:52:24 -04:00
Jeremy Long
d4ab1a56e2 to revert 
Former-commit-id: 30a068f5e6a0ef6d5a2cd8c37f4b8b3d616d16b3
 2013-06-07 15:51:20 -04:00
Jeremy Long
0e351568f9 next snapshot 
Former-commit-id: b1e338bf6ff18bbc55e27ef26aa31d0913cd4d50
 2013-06-07 15:47:33 -04:00
Jeremy Long
4eab9d77ae removed deprecated code 
Former-commit-id: 07a96fff9c7ba0d0c5a56367937e9653c1717253
 2013-06-07 15:46:30 -04:00
Jeremy Long
afeecf9fa9 v0.3.2.3 
Former-commit-id: 0b33ececc336e9f060168b8bece28741cf3ea75d
 2013-06-07 15:46:17 -04:00
Jeremy Long
27affe8568 checkstyle fix 
Former-commit-id: 193f06ad6458fe0aead3703f6019e6dc6ac37aec
 2013-06-07 15:46:02 -04:00
Jeremy Long
5015686a8f checkstyle fix 
Former-commit-id: 3c9c00f8c03726603f708dd94f135001f29d5f41
 2013-06-07 15:45:32 -04:00
Jeremy Long
e72b97289d added vulnerable library count 
Former-commit-id: f01ff6a85098e91d9cfb6f83905e939e3cf84815
 2013-06-07 15:44:15 -04:00
Jeremy Long
dd497e5ffc added a new vulnerability report 
Former-commit-id: f36e328929921e4d278ee8fa5a7370d228bac299
 2013-06-07 15:20:38 -04:00
Jeremy Long
f100161f67 added Stupid Table Plugin 
Former-commit-id: 96c30d1cc8a175b6662cebbbf8e454ce07bd08df
 2013-06-07 15:20:23 -04:00
Jeremy Long
488305def1 version 0.3.2.3-SNAPSHOT 
Former-commit-id: 8b26510ff5255afb97bd66a780053e1f1cdf9b33
 2013-06-05 00:07:59 -04:00
Jeremy Long
dea5a6937e version 0.3.2.2 
Former-commit-id: e90cf514695052e64d4f26e108c3d2e0298b03d6
 2013-06-05 00:06:09 -04:00
Jeremy Long
545c324e56 checkstyle fix 
Former-commit-id: deb86ab62846aa9f2d63221dca5cfe52bbf244e4
 2013-06-05 00:05:46 -04:00
Jeremy Long
535d1e4aff checkstle fixes 
Former-commit-id: d7f55af71bca0347b03db5fb9660c3b391619100
 2013-06-04 23:47:22 -04:00
Jeremy Long
8debea384f checkstyle fixes 
Former-commit-id: c903dc9e96171a07c2d1473d59f53df4a1838128
 2013-06-04 23:40:37 -04:00
Jeremy Long
a0b6b66a5f updated javadoc 
Former-commit-id: d98e6f3a7be907ea4e15b4e2555f7566fc5c476b
 2013-06-04 23:40:11 -04:00
Jeremy Long
37d165d6cb updated javadoc 
Former-commit-id: 89eab3c72a4de3c95e5debc38e937166a93ad47d
 2013-06-04 23:40:02 -04:00
Jeremy Long
5b6eb13cf6 fixed bug where dependencies would get bundled even if they were different versions 
Former-commit-id: 910e26ad24be705750c71738d8518abc5b83e0f3
 2013-06-04 23:27:14 -04:00
Jeremy Long
5d68c9f1e1 added equals and hashCode 
Former-commit-id: 42b91e996715657069c58a6edbb52588a089c0db
 2013-06-04 23:06:02 -04:00
Jeremy Long
faff34a8c6 added filter to add the correct Maven namespace to the POM if it is missing 
Former-commit-id: c8e02d730b9c0195fa390b3cced77a4fd4410197
 2013-06-04 22:54:28 -04:00
Jeremy Long
c31be72c8a added filter to add the correct Maven namespace to the POM if it is missing 
Former-commit-id: 79efc8a8a876831739874914a97ba2d764dd6a7a
 2013-06-04 22:54:09 -04:00
Jeremy Long
1f0c13b7cb minor bug fix 
Former-commit-id: ec12f812c5170c72f20548b0e00cb5947aacb54d
 2013-06-04 05:09:04 -04:00
Jeremy Long
f06f1d1c42 checkstyle fixes (javadoc, final variables, etc) 
Former-commit-id: 1f8649c19d845cf3eb80730fb91b33c089e86aae
 2013-06-03 20:23:23 -04:00
Jeremy Long
2eca1f9702 added attribute to ignore a findbugs style error 
Former-commit-id: 0c34765ce1e4e9825083ed8afb6cbb76e0cc73ec
 2013-06-03 20:17:07 -04:00
Jeremy Long
ca6cb8811e findbugs fixes 
Former-commit-id: 124207a2cf9022c8e663313da847a76f639cd355
 2013-06-03 20:07:39 -04:00
Jeremy Long
ff14d8344f add jsoup to help convert the HTML, specified within nodes in the POM, into text. 
Former-commit-id: c6fd21572a01d2cdf457302c9739b54d20e27b05
 2013-06-02 21:45:49 -04:00
Jeremy Long
bfb6373742 added code to remove additional false positives 
Former-commit-id: 1a15cccd4790fee2044de40843305762cfbefe96
 2013-06-02 21:44:20 -04:00
Jeremy Long
e3f401debb added initial version filter - only supporting struts1/2 right now 
Former-commit-id: 353a6fec78140b50622b4d267ddf6de34461027c
 2013-05-31 22:57:04 -04:00
Jeremy Long
c515afd8eb added another manifest entry to ignore 
Former-commit-id: 63a6f3bd3f2d95ac6b101520b3974fc79286ec7b
 2013-05-31 22:32:56 -04:00
Jeremy Long
e028641861 added another manifest entry to ignore 
Former-commit-id: 7d647e2e298fe142e5230c479b7bd6b51cab5417
 2013-05-31 21:52:36 -04:00
Jeremy Long
72f9cb2ab2 fixed javadoc typo 
Former-commit-id: 625b8d9958d2cf6123fb583864720d4f5c0c9e01
 2013-05-31 21:24:33 -04:00
Jeremy Long
e8694de6fa fixed javadoc typo 
Former-commit-id: 5d2f64e0e13f595f08b8e984b422531f8b484321
 2013-05-31 21:24:06 -04:00
Jeremy Long
18d38592d4 reduced complexity around determining if the jar contains classes 
Former-commit-id: cc42a0c674bc0027c9bd53b250afa9e985b59da0
 2013-05-31 20:48:33 -04:00
Jeremy Long
b9767acd02 removed a reported exception for javadoc or sources jar files for not having a manifest 
Former-commit-id: 8dbe960af8c2391343d779708672d97a0c530a09
 2013-05-31 20:41:23 -04:00
Jeremy Long
c9060da46e minor update to text 
Former-commit-id: d413abef8fd16742abb47ef046807233dafc5d16
 2013-05-27 22:22:44 -04:00
Jeremy Long
ddbcea7abe v0.3.2.1-SNAPSHOT 
Former-commit-id: 9c7996f097e3fad59d99624cddf64b10be4c4524
 2013-05-27 22:18:20 -04:00
Jeremy Long
e488767cea 0.3.2.0 
Former-commit-id: 8431f1312204c78a829f269954161d7187245493
 2013-05-27 22:14:27 -04:00
Jeremy Long
85cacaf91e testing 
Former-commit-id: 7fd42dc4c273eff98a8fbc3e3a14f0ce1fd26abe
 2013-05-27 22:12:25 -04:00
Jeremy Long
a038bef7fe reset username and blank password 
Former-commit-id: 398c0723854c8c43d674d03a6433611c8572cec5
 2013-05-27 21:32:05 -04:00
Jeremy Long
539d3cbaba updated H2 version 
Former-commit-id: b7193bc7c2e256ebdcabc039d573994daab47415
 2013-05-27 20:47:13 -04:00
Jeremy Long
80784a44c5 added compile time support for findbugs suppress warning annotation 
Former-commit-id: 83d178ebafafe8ffc1f10b91d7336490c046990b
 2013-05-27 20:02:54 -04:00
Jeremy Long
b1a55e2df3 updated javadoc 
Former-commit-id: 2818f04997c8fa1c81c8e9bddaea0e9370b76350
 2013-05-27 20:01:47 -04:00
Jeremy Long
870d345de8 updated javadoc 
Former-commit-id: 3e05f7622618e2dc27fe40cfbdb488303d5c0ec9
 2013-05-27 20:01:16 -04:00
Jeremy Long
2b830dccfa added findbugs suppression for a non-issue and made a few checkstyle corrections 
Former-commit-id: a4a3c3503eee772c13d567d473f7ed5126941301
 2013-05-27 20:00:46 -04:00
Jeremy Long
9f08cf553b added findbugs suppress warning for a false positive 
Former-commit-id: c493f8178c129cb73f023b605599dc3dfa558f58
 2013-05-27 19:59:16 -04:00
Jeremy Long
7c14017db3 collapsed nested if statements 
Former-commit-id: e4d466f50e76659bece83b46f8a111a3d8225353
 2013-05-27 19:58:26 -04:00
Jeremy Long
e0e85c468a added supresswarnings for findbugs false positive 
Former-commit-id: 7423c03adb41f92e447aba5e58bc415d27c6c957
 2013-05-27 19:56:19 -04:00
Jeremy Long
6628fc3c33 updated javadoc 
Former-commit-id: 591bec1e2d5a2945a9cca5bf02cd1cea1bd8a38c
 2013-05-27 19:55:13 -04:00
Jeremy Long
61a1531e7b checkstyle fixes 
Former-commit-id: 5281b8ecb5163ce4a0a6464fea4f6d2a4baffafd
 2013-05-27 19:54:41 -04:00
Jeremy Long
933a8f8ec6 reduced size to make tests fasters 
Former-commit-id: d8a3b0c2382ae28a519c2cb44fb93205015e82b0
 2013-05-27 19:53:14 -04:00
Jeremy Long
f660afc6cb updated javadoc and copyright 
Former-commit-id: d48d9e1deed118e9b60d37185cdbfda47898ef6f
 2013-05-27 09:14:56 -04:00
Jeremy Long
a5dc79dffe Merge branch 'master' of https://github.com/jeremylong/DependencyCheck 
Former-commit-id: 9189529fca392ee1ef0b810528288e243dcdb6e4
 2013-05-27 09:07:18 -04:00
Steve Springett
dbc862ad39 Adding more control over data directory path 
Former-commit-id: 263475fc5b3aae04f2530ea78a0456deb18686fe
 2013-05-27 00:10:08 -07:00
Jeremy Long
e6efe6e610 Applied patch from Steve to change the loading of the H2 db 
Former-commit-id: cfce611fadbd2a39880f01d61054dbb8f72f81dc
 2013-05-25 10:56:41 -04:00
Steve Springett
9a7fbe44eb Adding more control over data directory path 
Former-commit-id: 966544bd738646ba57be087f413f686ecdfcee9c
 2013-05-24 23:53:24 -07:00
Steve Springett
adfc913a0e Fixed Velocity logging issues in server environment. 
Former-commit-id: 429105274ee0c2e78c3398e3c019feaaa056866d
 2013-05-24 16:00:10 -07:00
Steve Springett
8813652f0d Forcing the class loading of the H2 JDBC driver. 
Former-commit-id: d6c11d56afc04d115bbf1d0962072c70cb205dd8
 2013-05-22 01:11:02 -07:00
Jeremy Long
250444dd25 made outDir final 
Former-commit-id: 7987673433e91d54efa138bfafd7fbe1a22ee089
 2013-05-20 22:54:35 -04:00
Jeremy Long
a939d0c844 various updates recommended by intelliJ 
Former-commit-id: 2909f6b33224c74a2984f94651f6418bf60d88fc
 2013-05-20 22:50:21 -04:00
Jeremy Long
577b5ad704 various updates recommended by intelliJ 
Former-commit-id: 5ec42c1470384e9acd203819daa7d688ed10e965
 2013-05-20 22:17:19 -04:00
Jeremy Long
7476550356 version 0.3.1.1-snapshot 
Former-commit-id: 172a258ed0804641d1c6f73cb745330213014ceb
 2013-05-20 17:04:03 -04:00
Jeremy Long
c9077a151d version 0.3.1.1 
Former-commit-id: a47cc07a1a23ad75214fbedbe35c5e7cf72196f8
 2013-05-20 17:01:02 -04:00
Jeremy Long
7e650e05b2 fixed typo that prevented some information from being displayed 
Former-commit-id: 4823d74d2bfb31912715a363e9e56e7656f0e4b0
 2013-05-20 17:00:21 -04:00
Jeremy Long
8e6b8a092b corrected file path of related dependencies 
Former-commit-id: 62ffe2147fe1ed2e0126359371580cb0b098f4b1
 2013-05-19 08:29:00 -04:00
Jeremy Long
bd6aa7c61b bug fix, report generation failed if target directory didn't exist 
Former-commit-id: 41dacefc1453b7625ccee3c697e1348f36eebbd1
 2013-05-18 10:23:57 -04:00
Jeremy Long
300a3211ba updated exception logging message 
Former-commit-id: a63f99f7eb5ec2dbb60239d10aefd3f4f0387123
 2013-05-18 09:00:34 -04:00
Jeremy Long
d4084cfe85 PMD fix 
Former-commit-id: 7d7592cedc8d131811cfc33ad9272a360bc7acae
 2013-05-18 08:49:08 -04:00
Jeremy Long
7027109272 checkstyle fix 
Former-commit-id: 841f19eb4b9b210a060a1c200e250ffa9abb17c1
 2013-05-18 08:45:58 -04:00
Jeremy Long
f37f8a7025 updated global Settings and moved connectionTimeout, proxyUrl, and proxyPort from system properties to normal command line properties 
Former-commit-id: 2264d15e1e30034142554f93c92b30bd775083ee
 2013-05-18 08:45:16 -04:00
Jeremy Long
4758bea71b updated autor email address to my owasp address 
Former-commit-id: 4d5b9a406416032e6b53d7c4cdaa20a0c5dc80e4
 2013-05-17 23:57:59 -04:00
Jeremy Long
dcbe626d55 added equals and hashcode methods 
Former-commit-id: cf7b97b47b53fa5ad57cb15747e205d5e616760b
 2013-05-17 22:39:28 -04:00
Jeremy Long
1d8dddbfbf v0.3.1.0-snapshot 
Former-commit-id: 85ae4f6b22174a3226d4bc1b7141960fef06cb67
 2013-05-17 22:26:22 -04:00
Jeremy Long
1eae29e255 v0.3.1.0 
Former-commit-id: af198b8777439f63939bb67849bdd836e3da1a1d
 2013-05-17 22:24:24 -04:00
Jeremy Long
f1d76ecace fixed logging bug 
Former-commit-id: 41a3727c279f804ce4691f5d9ab1ce91310beae8
 2013-05-13 12:11:22 -04:00
Jeremy Long
e295bae27a Checkstyle fix 
Former-commit-id: d66c419a63c01b09e7a72647e7c495158c1f30c3
 2013-05-13 11:54:50 -04:00
Jeremy Long
2330e71b8a Improved logging on failed updates 
Former-commit-id: 76b8b8829276b32926e096b400e32f59dbaca8ea
 2013-05-13 11:54:25 -04:00
Jeremy Long
6a51fe9564 Improved logging on failed updates 
Former-commit-id: 4b08adcdeec38333e07e5ca42a658c98ac9b83a3
 2013-05-13 11:52:54 -04:00
Jeremy Long
c57c4b1184 minor update to prepareLogger 
Former-commit-id: 67135fe039ecfbea508418c844de3b44e0e23634
 2013-05-13 11:41:55 -04:00
Jeremy Long
7de83a77c2 source formating update 
Former-commit-id: da043ebca3e9a6b9b63c7b8c371563cc16121d4e
 2013-05-13 11:09:39 -04:00
Jeremy Long
0b04cc196a updated title 
Former-commit-id: 153aeace4c2709f5222a5b4d84e86f2ff36bf7ef
 2013-05-12 07:00:58 -04:00
Jeremy Long
5c37b6216f file header update 
Former-commit-id: e26b3651f6c4d9ce993da96a990f14a300aef8f9
 2013-05-10 06:34:45 -04:00
Jeremy Long
2cb56cb6fa minor bug fix 
Former-commit-id: 3daff3bc23acfd2e960df85fc8038beb62e0a6d1
 2013-05-10 06:29:08 -04:00
Jeremy Long
912b0ef8da checkstyle fix 
Former-commit-id: 07c248e22163c69f924e02932b94952c8a5ef3a1
 2013-05-10 06:05:59 -04:00
Jeremy Long
1fe56dbff7 updated file header 
Former-commit-id: 091fbe9d35dde27175c5c9e6782d4514f92ca0ca
 2013-05-10 06:04:28 -04:00
Jeremy Long
d7d6dd5a62 checkstyle fixes 
Former-commit-id: 6074262a482d3136e7a2b9e12c2b5448dd4d1426
 2013-05-10 06:03:00 -04:00
Jeremy Long
0c100c1372 updated file header comment 
Former-commit-id: 7398d863e1b4271bd39875644f2de3d3376d7e26
 2013-05-10 05:52:44 -04:00
Jeremy Long
73886ce46e minor correction 
Former-commit-id: a22f05e1f2446fa60d0b27c7019c0977bd9f103f
 2013-05-10 05:33:57 -04:00
Jeremy Long
55e61caf39 Fixed bug when analyzing maven repositories - related JARs would not get bundled 
Former-commit-id: a63d04d7d3674f1df6a98f7741867841f40093f9
 2013-05-09 23:03:03 -04:00
Jeremy Long
2e3331f568 bug fixes 
Former-commit-id: e6e1292842528039ab4498d65239759e6729a70a
 2013-05-09 22:34:47 -04:00
Jeremy Long
a1c7612a85 spelling fixes 
Former-commit-id: 1909bc5b30b2dfd4ece5c880aace9ca4fd830b48
 2013-05-09 19:49:25 -04:00
Jeremy Long
a70cbcc9d3 improved pom analysis 
Former-commit-id: d1f81329c4de99873e83f65a9abc0bef1e3c4552
 2013-05-03 20:23:42 -04:00
Jeremy Long
2a5b8943c3 minor update to references where the actual licenses are for the 3rd party components 
Former-commit-id: bebca29026d1429aaf386352be4e7226d9d4663d
 2013-04-24 20:03:02 -04:00
Jeremy Long
24d5616c45 changed logging level when logging update exceptions 
Former-commit-id: bb69814afc4a335342366fd5eaa4243cf8923f13
 2013-04-23 21:35:23 -04:00
Jeremy Long
43e1ee3e67 checkstyle/pmd/findbugs fixes 
Former-commit-id: b7b60a9649e79b1ea30d0a0601b8212679ad59b7
 2013-04-23 20:22:51 -04:00
Jeremy Long
f40fa460ca added commons-lang dependency 
Former-commit-id: 86d36425ad26dff6af427fcbe91077a53050da43
 2013-04-23 07:10:31 -04:00
Jeremy Long
210d8b9f49 added FileUtilsTest 
Former-commit-id: 0736d9241e72a08821321c226095497809be553c
 2013-04-23 07:09:56 -04:00
Jeremy Long
84f0a7e76a bug fixes 
Former-commit-id: 5800eee292f46fabbf0ca4f59e69d4b450b1cc5f
 2013-04-23 07:09:18 -04:00
Jeremy Long
bd71bb601e added removal off spurious CPE entries 
Former-commit-id: 3117c5a312eb57ec48e5686b5d3d2393364d5788
 2013-04-23 07:08:29 -04:00
Jeremy Long
116fe70061 added pre finding and post finding phases 
Former-commit-id: 7a5794735ad91a44f0c281c551fe7b8a79a9cdff
 2013-04-23 07:07:19 -04:00
Jeremy Long
231eb5067f added tests for DependencyVersionUtil 
Former-commit-id: ef73d9755d63561527d974775b73393cc780fd6e
 2013-04-23 07:06:30 -04:00
Jeremy Long
2562d6ff98 added better version analysis for dependency bundling 
Former-commit-id: c089750bbb5b23c7cca31138590b1dada55f59e5
 2013-04-23 07:05:42 -04:00
Jeremy Long
bb2abf4529 bug fixed regarding whether or not to include packages as evidence 
Former-commit-id: 0a180e491a630d6cbb1fb1083aabad97f44dc1fd
 2013-04-23 07:03:57 -04:00
Jeremy Long
9c0ef770b2 added axis and axis2 for testing 
Former-commit-id: eb21c8df788687269491b05f704a6ffe63d67e44
 2013-04-23 07:02:48 -04:00
Jeremy Long
43f0fa9e10 fixed bug in removing sources and javadoc JARs from analysis 
Former-commit-id: 044cbb59264adbc11f022b0b40e8a781b9c1a046
 2013-04-21 05:18:50 -04:00
Jeremy Long
6925ed78f6 added code to filter out sources.jar and javadoc.jar if no class files are contained 
Former-commit-id: 8c9ff1bdd942e0e1db80181196d8d23e17353b3a
 2013-04-20 15:43:12 -04:00
Jeremy Long
2ebe80b12f started snapshot 
Former-commit-id: 82092ccf6224eb8072476a48b937386cc3984ead
 2013-04-20 15:42:21 -04:00
Jeremy Long
34250f2cfe fixed line break issues 
Former-commit-id: 5f1310fb81d70c68d49e2479186949f1fae74caa
 2013-04-20 15:03:32 -04:00
Jeremy Long
d3153ef0f3 fixed line break issues 
Former-commit-id: 61c3e7e184fbdef8d0ada19d0366cd1b10cc1311
 2013-04-20 15:02:38 -04:00
Jeremy Long
5eaaa254ca fixed line breaks in the usage 
Former-commit-id: 186ade9f6b1c9b3fa1b5eab1cea6a2ce367a8b92
 2013-04-20 15:00:58 -04:00
Jeremy Long
c71bab2404 release 0.3.0.0 
Former-commit-id: f3069886fe0887a42f993eb344aacdf26a1c185d
 2013-04-20 14:55:28 -04:00
Jeremy Long
9d3cd0e13a minor bug fix 
Former-commit-id: cb65f6e4a1a38454760bbecef0246b9b014471b7
 2013-04-20 14:48:58 -04:00
Jeremy Long
033637dd92 added a schema for the dependency-check XML report 
Former-commit-id: a0df3302a9258bc0ac6933f1421913be21c89f74
 2013-04-20 14:41:08 -04:00
Jeremy Long
d6ba01f5f5 minor updates 
Former-commit-id: a3746443592105c7fb84d707a09c03dd83e378e1
 2013-04-20 13:36:44 -04:00
Jeremy Long
b3f0fb5392 removed un-necassary functionality from all analyzers and the base engine 
Former-commit-id: 255cddb785bc1bc5ee6c5c945280510201645d66
 2013-04-20 13:12:16 -04:00
Jeremy Long
df3aac0794 added related dependencies 
Former-commit-id: ed3ef90c1431cdff7d7a3ee52ee4f37f6feacdf1
 2013-04-20 13:11:31 -04:00
Jeremy Long
62b6bf9105 Correctly implemented this analyzer (hopefully) 
Former-commit-id: d65b60ee5212f3a10cc146a7f2aff345fd93695b
 2013-04-20 13:11:01 -04:00
Jeremy Long
dba1e0b316 checkstyle/PMD updates 
Former-commit-id: 3ea0d7bbe9842029bc1d2ab9d4bf168a27ab38e3
 2013-04-20 11:49:59 -04:00
Jeremy Long
0ad97dea0e added test case for VulnerableSoftware 
Former-commit-id: f91fcbbf9f29411459e3c667302b38ff6ea0dffc
 2013-04-20 07:18:27 -04:00
Jeremy Long
704f8e4f0b correct and issue with the comparable interface (invalid sort order) 
Former-commit-id: 4ed8acea596bd2e1bb7a1d7cd9beee367e2c4920
 2013-04-20 07:18:05 -04:00
Jeremy Long
2de68d9cda minor bug fix 
Former-commit-id: c61667a0382ce40fffc29b7290fb2bd5235edfff
 2013-04-20 06:28:40 -04:00
Jeremy Long
ca4a91d621 added vulnerable software to the report 
Former-commit-id: a301e9096ad4afc205f3b2cbb9b2eb27213f8e61
 2013-04-20 06:16:43 -04:00
Jeremy Long
c352cd63ac added a link to the NVD 
Former-commit-id: 4e105bafd0f508e6187b7852a2851034ef220140
 2013-04-20 06:03:37 -04:00
Jeremy Long
351817edf2 added license information 
Former-commit-id: 54a0c1e42a5aa6fab03bb208e168c26164ec1d93
 2013-04-20 06:00:36 -04:00
Jeremy Long
032015a70a updated license information 
Former-commit-id: 69776b7dc082cf132d6b9eca21347690629f9622
 2013-04-20 06:00:02 -04:00
Jeremy Long
096d136387 updated output format to accept 'ALL' to generated both HTML and XML reports 
Former-commit-id: 7ec90c7b40b6f23dc21739a72088931b5abc4d50
 2013-04-19 18:52:02 -04:00
Jeremy Long
616da84891 Updates to abstract analyzer and subclasses - removed duplicate code 
Former-commit-id: 618c113750bf2af612d9e476fd6992db5147fcdc
 2013-04-19 18:46:01 -04:00
Jeremy Long
811f85c127 Updated to accomadate removing dependencies (used by the DependencyBundlingAnalyzer) 
Former-commit-id: 3719925f410094d04d5276e118c48f6733d15a17
 2013-04-19 18:45:40 -04:00
Jeremy Long
1b021a2eec Updating Dependency Bundler to group related dependencies 
Former-commit-id: 7b77cffec9f6b9a5f01a3c47db0d00236bd4e8fb
 2013-04-19 18:44:25 -04:00
Jeremy Long
c05490ca09 Updating Dependency Bundler to group related dependencies 
Former-commit-id: 521c9be8621a24b42328ce2de81d22631f3a5dc5
 2013-04-19 18:43:31 -04:00
Jeremy Long
2223b3666f Adding Dependency Bundling to collapse multiple related dependencies into a single reportable instance 
Former-commit-id: a82034eaaa59e1ea9f69847135be01b5631d59cb
 2013-04-18 17:58:47 -04:00
Jeremy Long
561b9d78d4 checkstyle fix 
Former-commit-id: 4a0d9af646d6bd188fba48a4a7da94d2c2fc2371
 2013-04-18 07:02:05 -04:00
Jeremy Long
dc1e30bf39 PMD fixes 
Former-commit-id: 24dbeed70898d25700ab6ea9a2951ba2aac641fc
 2013-04-18 07:00:33 -04:00
Jeremy Long
28180267e4 checkstyle fixes 
Former-commit-id: eee44e97dc6e7ab3e84abfc49bb15263e5ee2225
 2013-04-18 06:54:36 -04:00
Jeremy Long
056b50aeba minor update to the description 
Former-commit-id: bf7bb530fa2b642c550faf60c3fb2e48b2acff93
 2013-04-18 06:54:24 -04:00
Jeremy Long
d3b16e5f75 bug fixes 
Former-commit-id: ce0654912058bdca615e265b8a3f946b4d488fb5
 2013-04-18 06:46:03 -04:00
Jeremy Long
c80b0b4286 minor update 
Former-commit-id: 20e8ddaede661b037475b65bf12c021079d17340
 2013-04-18 06:45:41 -04:00
Jeremy Long
b5c09528d0 added sorting for References via Comparable interface 
Former-commit-id: d7522ea20250c771d80f164f631107095c8c12c9
 2013-04-18 06:29:08 -04:00
Jeremy Long
99ce04a62f minor bug fix with sorted set 
Former-commit-id: 542d7f92b47cae01e16e59da3e66ee4e80d9d265
 2013-04-18 06:25:12 -04:00
Jeremy Long
d30910e711 added vulnerable software 
Former-commit-id: f573e77808357e7e48edbc394fac0ac71cebebb4
 2013-04-18 06:24:40 -04:00
Jeremy Long
f064c1a229 updated to use SortedSet instead of Set in a couple of places 
Former-commit-id: 87a86825e814d183af8957a0b0c284e20623fc19
 2013-04-18 05:50:17 -04:00
Jeremy Long
b888e1b5f8 implemented the Comparable interface 
Former-commit-id: 615f09c75ccdd2f526943a771fd724d8b90aea87
 2013-04-18 05:43:13 -04:00
Jeremy Long
1fcefb3bb7 implemented the Comparable interface 
Former-commit-id: 9e69353436d60bf42c851c8d7a9e8e3de5407571
 2013-04-18 05:42:25 -04:00
Jeremy Long
6143202428 checkstyle patches 
Former-commit-id: e65bd4197c8fb2d2dd5a0f5459f175eef31045fe
 2013-04-11 23:18:28 -04:00
Jeremy Long
3d15afa0b5 updated to release a snapshot 
Former-commit-id: 2ac4f44094dea5785cf9ad34a4b99ff1196eab87
 2013-04-11 23:01:18 -04:00
Jeremy Long
9f8270165a added functionality to remove some false positives 
Former-commit-id: cb57e83478e39b7145482214b45743e2e38e7faf
 2013-04-11 22:59:46 -04:00
Jeremy Long
cd4b02ba2f Implemented the Comparable interface 
Former-commit-id: 306cee400d6cc08ff2a61cd45019c3df8f223a29
 2013-04-11 06:05:58 -04:00
Jeremy Long
b88272802f added counts for imported quantities 
Former-commit-id: f3ceb36af76814dac70175126b1e10f32d5aef69
 2013-04-09 06:56:09 -04:00
Jeremy Long
0b8bb63f61 added counts for imported quantities 
Former-commit-id: cf2b0fda5e53fbd01280200814e49c5bdd5ef43c
 2013-04-09 06:55:43 -04:00
Jeremy Long
d6e387a29b checkstyle updates 
Former-commit-id: ab27a76b429996a66a4964d6d52aab97dd1f1bd1
 2013-03-30 22:11:04 -04:00
Jeremy Long
00a35ce93f checkstyle corrections 
Former-commit-id: 836c1ba05aa9daace394b44a6d25aca93d44e777
 2013-03-28 22:44:11 -04:00
Jeremy Long
2b1eca171c removed old file 
Former-commit-id: d2dc3cc856b0637f21c53ef998dfbe821e59196b
 2013-03-28 21:51:07 -04:00
Jeremy Long
84af7e0906 updated dependencies and plugins 
Former-commit-id: 1cc3f0d20c86159640f678c2b689af04431b8136
 2013-03-28 21:50:28 -04:00
Jeremy Long
d291033725 added ignores for Eclipse project files 
Former-commit-id: 64f078dc4e0473d6175144f8d298fe2313243bbc
 2013-03-27 07:22:47 -04:00
Jeremy Long
c9fd6d6cf8 version 0.2.6.1 
Former-commit-id: 216985f090c33a5d79c9389afd714a9423f15312
 2013-03-16 16:56:34 -04:00
Jeremy Long
bba3e85d0e checkstyle fixes 
Former-commit-id: a4197ab5fc0e6f0a927869a30cd5e302aed64a33
 2013-03-16 16:53:41 -04:00
Jeremy Long
05e480a3b7 added package name scanning back in if no other data was found 
Former-commit-id: d33a1fd126179ac5e191420541cf796c77c71c45
 2013-03-10 08:18:25 -04:00
Jeremy Long
d99e8f9ef5 Added 'deep scan' argument/property to indicate more evidence should be collected even if it increases false positives 
Former-commit-id: 200acdb012410df0cd59c164cd362f7940366fb1
 2013-03-08 17:33:01 -05:00
Jeremy Long
7d67d3fa86 fixed bug 
Former-commit-id: a9d2e22c806dc3bbd694f3d5f57d7aa11371fe44
 2013-03-08 17:32:16 -05:00
Jeremy Long
c7f7324d05 bug fix regarding duplicate terms being added to the lucene query 
Former-commit-id: beee4c78158abc0ffc1087d829ebd2ed747043b0
 2013-03-03 09:50:12 -05:00
Jeremy Long
5a5d699cab bug fixes 
Former-commit-id: 6411fe67e52a3eef4044b1d640bdfb6864c2dbf3
 2013-03-03 09:47:54 -05:00
Jeremy Long
ea1fb191a9 change in namespace as this is now an OWASP project 
Former-commit-id: dc00f98a142bef2560d90f3b851844f352fbf262
 2013-03-03 08:57:38 -05:00
Jeremy Long
f6f68655fb completed version 1 of XML report 
Former-commit-id: 329f048e5c1dca8173d5ce3ff7b22400577f392a
 2013-02-22 21:47:41 -05:00
Jeremy Long
5dcb68c07f added XML Report Template 
Former-commit-id: 73aa31a0322a46aaa189916712be13ff9e0f603a
 2013-02-21 02:33:11 -05:00
Jeremy Long
288b171f5a converted README.txt to MarkDown 
Former-commit-id: 60c7dfb0912bdf636173544fffe549a4f805aa0f
 2013-02-20 07:27:06 -05:00
Jeremy Long
d73ce5c1e2 updated 
Former-commit-id: 4d7c97d27286465773415fe50b70190d3c94dfc9
 2013-02-20 07:25:28 -05:00
Jeremy Long
d27cfe45ec updated 
Former-commit-id: df1f8fa51cfff15808799ac6f73bb402c68508e2
 2013-02-20 07:23:28 -05:00
Jeremy Long
dad343539e updated 
Former-commit-id: 521e29c94ac5235e01a6671d13f89b5a8fbcc160
 2013-02-20 07:22:30 -05:00
Jeremy Long
5c493248aa converted README.txt to MarkDown 
Former-commit-id: 382e7b832aff3f836fbd9857799e6b7803cd0d88
 2013-02-20 07:19:56 -05:00
Jeremy Long
708ba46040 spelling fixes 
Former-commit-id: 2e0c40c67da68f70be57e507b62e4df2dad8fc35
 2013-02-19 21:40:42 -05:00
Jeremy Long
b72a7d0440 cleanup and spelling fixes 
Former-commit-id: d966f548ebccb77139f668343459210022c4deaa
 2013-02-19 21:35:24 -05:00
Jeremy Long
b67092c472 add ignore for IntelliJ files 
Former-commit-id: a1f133a7808493eb4dd917504b49909d7c6696d5
 2013-02-19 20:25:00 -05:00
Jeremy Long
7220a2ca46 spelling errors corrected 
Former-commit-id: bf7ed2bf57b54a1acc916945963d07c0bb8f6675
 2013-02-17 07:46:10 -05:00
Jeremy Long
1165c11d2d Patches from Steve Springett for XML report format 
Former-commit-id: 56a6aaf8aa38904009d09c9192b3697de37be55a
 2013-02-17 07:27:01 -05:00
Jeremy Long
407aad924d updated failing test 
Former-commit-id: 172562190cccb5eddae8c4647351c9128680ca0b
 2013-02-13 21:38:03 -05:00
Jeremy Long
72fd37bfa8 updated notice 
Former-commit-id: e9e57757afd8530bdb9ba0d83daf04692b418eb2
 2013-02-03 08:20:47 -05:00
Jeremy Long
4dba00ad38 [maven-release-plugin] prepare release dependency-check-0.2.6.0 
Former-commit-id: 72f4e6be540edb2a8fd5ea3700a244e4aa0d9fbd
 2013-02-02 17:12:48 -05:00
Jeremy Long
283acc5e30 updated version 
Former-commit-id: f7ad88caa8ae9064d66c1bdff4d98c2dd0778d8b
 2013-02-02 16:50:29 -05:00
Jeremy Long
cfece9499b updated usage 
Former-commit-id: 807dd804fac2be34fb4a5c938e3e6bbdf694613e
 2013-02-02 16:49:11 -05:00
Jeremy Long
276078a2e3 bug fixes and additions 
Former-commit-id: 1eddb332f6dba5732284eda1ed1fa62cb196f7f9
 2013-02-02 16:44:46 -05:00
Jeremy Long
9e4b39988f bug fixes and additions 
Former-commit-id: 82130e779f30550ce08c7c90503c1cfce21e9b53
 2013-02-02 16:44:06 -05:00
Jeremy Long
9a9f03e730 added CWE Names 
Former-commit-id: e1d0daf70d7ba49b4667ecc9437c1b8f4efe036b
 2013-01-14 22:14:45 -05:00
Jeremy Long
d37ea348bf minor update 
Former-commit-id: abf23f47d2bf07f96200cf990a3c3a48179aedf9
 2013-01-13 17:05:19 -05:00
Jeremy Long
9478d5aea3 added CWE 
Former-commit-id: f47818f88a5fbbd883eb60709dab768f80e20c18
 2013-01-13 17:01:46 -05:00
Jeremy Long
c2dbe4c821 fixed analysis phase 
Former-commit-id: e28068852192aeba7912e434cde2ec207a679baa
 2013-01-13 16:53:28 -05:00
209 changed files with 191752 additions and 5022 deletions
Expand all files Collapse all files

12
.gitignore vendored
View File

@@ -1 +1,11 @@
/target/
/target/
# Intellij project files
*.iml
*.ipr
*.iws
.idea/
# Eclipse project files
.classpath
.project
# Netbeans configuration
nb-configuration.xml

20
NOTICES.txt
View File

@@ -1,11 +1,17 @@
DependencyCheck
Copyright (c) 2012 Jeremy Long. All Rights Reserved.
Copyright (c) 2012-2013 Jeremy Long. All Rights Reserved.
This product includes software developed by
The Apache Software Foundation (http://www.apache.org/).
The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
This product includes software developed by
Jquery.com (http://jquery.com/).
This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
This product includes software developed by
H2 (http://www.h2database.com).
This product includes software developed by Jquery.com (http://jquery.com/).
This product includs software developed by Jonathan Hedley (jsoup.org)
This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm

47
README.md Normal file
View File

@@ -0,0 +1,47 @@
Dependency-Check
=========
Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
More information can be found on the [wiki].
Notice
-
A very big release of new functionality and plugins will be made available during the BlackHat Arsenal on July 31st, 2013. If you are at BlackHat stop by and see the demos!
Usage
-
> $ mvn package
> $ cd target
> $ java -jar dependency-check-[version].jar -h
> $ java -jar dependency-check-[version].jar -a Testing -out . -scan ./test-classes -scan ./lib
Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.
Mailing List
-
Subscribe: [dependency-check+subscribe@googlegroups.com] [subscribe]
Post: [dependency-check@googlegroups.com] [post]
Copyright & License
-
Dependency-Check is Copyright (c) 2012-2013 Jeremy Long. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the GPLv3 license. See the [LICENSE.txt] [GPLv3] file for the full license.
Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt] [notices] file for more information.
[wiki]: https://github.com/jeremylong/DependencyCheck/wiki
[subscribe]: mailto:dependency-check+subscribe@googlegroups.com
[post]: mailto:dependency-check@googlegroups.com
[GPLv3]: https://github.com/jeremylong/DependencyCheck/blob/master/LICENSE.txt
[notices]: https://github.com/jeremylong/DependencyCheck/blob/master/NOTICES.txt

17
README.txt
View File

@@ -1,17 +0,0 @@
About:
DependencyCheck is a utility that attempts to detect publically disclosed
vulnerabilities contained within project dependencies. It does this by determining
if there is a Common Platform Enumeration (CPE) identifier for a given dependency.
If found, it will generate a report linking to the associated CVE entries.
Usage:
$ mvn package
$ cd target
$ java -jar DependencyCheck-0.2.5.2.jar -h
$ java -jar DependencyCheck-0.2.5.2.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan ./test-classes/struts2-core-2.1.2.jar -scan ./lib
Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.
Author: Jeremy Long (jeremy.long@gmail.com)
Copyright (c) 2012 Jeremy Long. All Rights Reserved.

129
pom.xml
View File

@@ -8,43 +8,51 @@ it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
DependencyCheck is distributed in the hope that it will be useful,
Dependency-Check is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
along with DependencyCheck. If not, see <http://www.gnu.org/licenses />.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.codesecure</groupId>
<artifactId>DependencyCheck</artifactId>
<version>0.2.5.2</version>
<groupId>org.owasp</groupId>
<artifactId>dependency-check</artifactId>
<version>0.3.2.4</version>
<packaging>jar</packaging>
<name>DependencyCheck</name>
<url>https://github.com/jeremylong/DependencyCheck.git</url>
<description>DependencyCheck is a utility that attempts to detect publically disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.</description>
<description>Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.</description>
<inceptionYear>2012</inceptionYear>
<organization>
<name>Jeremy Long</name>
<name>owasp</name>
</organization>
<developers>
<developer>
<name>Jeremy Long</name>
<email>jeremy.long@gmail.com</email>
<organization>Codesecure</organization>
<organizationUrl>http://codesecure.blogspot.com</organizationUrl>
<email>jeremy.long@owasp.org</email>
<organization>OWASP</organization>
<organizationUrl>https://www.owasp.org/index.php/OWASP_Dependency_Check</organizationUrl>
<roles>
<role>architect</role>
<role>developer</role>
</roles>
</developer>
<developer>
<name>Steve Springett</name>
<email>Steve.Springett@owasp.org</email>
<organization>OWASP</organization>
<organizationUrl>https://www.owasp.org/index.php/OWASP_Dependency_Check</organizationUrl>
<roles>
<role>contributor</role>
</roles>
</developer>
</developers>
<scm>
<connection>scm:git:git@github.com:jeremylong/DependencyCheck.git</connection>
@@ -103,20 +111,20 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.3.2</version>
<version>2.4.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.8.1</version>
<version>2.9</version>
<configuration>
<bottom>Copyright&#169; 2012 Jeremy Long. All Rights Reserved.</bottom>
<bottom>Copyright© 2012 Jeremy Long. All Rights Reserved.</bottom>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.5.1</version>
<version>2.7</version>
<executions>
<execution>
<phase>package</phase>
@@ -137,7 +145,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<configuration>
<archive>
<manifest>
<mainClass>org.codesecure.dependencycheck.App</mainClass>
<mainClass>org.owasp.dependencycheck.App</mainClass>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
<addClasspath>true</addClasspath>
<classpathPrefix>lib/</classpathPrefix>
@@ -148,11 +156,10 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
</excludes>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>2.5.1</version>
<version>2.5.2</version>
<configuration>
<instrumentation>
<ignores>
@@ -179,12 +186,12 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<lineRate>0</lineRate>
</regex>
<regex>
<pattern>org.codesecure.dependencycheck.data.cpe.Fields</pattern>
<pattern>org.owasp.dependencycheck.data.cpe.Fields</pattern>
<branchRate>0</branchRate>
<lineRate>0</lineRate>
</regex>
<regex>
<pattern>org.codesecure.dependencycheck.App</pattern>
<pattern>org.owasp.dependencycheck.App</pattern>
<branchRate>0</branchRate>
<lineRate>0</lineRate>
</regex>
@@ -203,7 +210,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.12</version>
<version>2.14</version>
<configuration>
<systemProperties>
<property>
@@ -228,7 +235,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId>
<version>2.12.4</version>
<version>2.14</version>
<configuration>
<systemProperties>
<property>
@@ -256,13 +263,13 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<version>3.0</version>
<version>3.2</version>
<configuration>
<reportPlugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<version>2.5.1</version>
<version>2.6</version>
<reportSets>
<reportSet>
<reports>
@@ -283,7 +290,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>1.3.1</version>
<version>2.0</version>
<reportSets>
<reportSet>
<reports>
@@ -301,7 +308,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.12.2</version>
<version>2.14</version>
<reportSets>
<reportSet>
<reports>
@@ -313,12 +320,12 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>2.5.1</version>
<version>2.5.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>2.7.1</version>
<version>3.0.1</version>
<configuration>
<targetJdk>1.6</targetJdk>
<linkXref>true</linkXref>
@@ -332,11 +339,30 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<groupId>org.codehaus.mojo</groupId>
<artifactId>taglist-maven-plugin</artifactId>
<version>2.4</version>
<configuration>
<tagListOptions>
<tagClasses>
<tagClass>
<displayName>Todo Work</displayName>
<tags>
<tag>
<matchString>todo</matchString>
<matchType>ignoreCase</matchType>
</tag>
<tag>
<matchString>FIXME</matchString>
<matchType>exact</matchType>
</tag>
</tags>
</tagClass>
</tagClasses>
</tagListOptions>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.8.1</version>
<version>2.9</version>
<reportSets>
<reportSet>
<id>default</id>
@@ -349,7 +375,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.9.1</version>
<version>2.10</version>
<configuration>
<enableRulesSummary>false</enableRulesSummary>
<configLocation>src/main/config/checkstyle-checks.xml</configLocation>
@@ -358,7 +384,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.12.4</version>
<version>2.14</version>
<reportSets>
<reportSet>
<id>integration-tests</id>
@@ -379,40 +405,49 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>annotations</artifactId>
<version>2.0.1</version>
<scope>provided</scope><!-- don't include this in the libs-->
</dependency>
<dependency>
<groupId>commons-cli</groupId>
<artifactId>commons-cli</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
<version>2.5</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.10</version>
<version>4.11</version>
<scope>test</scope>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-core</artifactId>
<version>4.0.0</version>
<!--<version>3.5.0</version>-->
<version>4.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-analyzers-common</artifactId>
<version>4.0.0</version>
<version>4.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.lucene</groupId>
<artifactId>lucene-queryparser</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>1.3.2</version>
<version>4.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
@@ -466,7 +501,13 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses/>.
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.3.170</version>
<version>1.3.172</version>
</dependency>
<dependency>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<version>1.7.2</version>
<type>jar</type>
</dependency>
<!-- The following dependencies are only scanned during integration testing -->

398
src/main/config/checkstyle-checks.xml
View File

@@ -1,205 +1,223 @@
<?xml version="1.0"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE module PUBLIC
"-//Puppy Crawl//DTD Check Configuration 1.2//EN"
"http://www.puppycrawl.com/dtds/configuration_1_2.dtd">
<!--
Checkstyle configuration that checks the maven coding conventions from:
-->
"-//Puppy Crawl//DTD Check Configuration 1.3//EN"
"http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
<module name="Checker">
<!--
If you set the basedir property below, then all reported file
names will be relative to the specified directory. See
http://checkstyle.sourceforge.net/5.x/config.html#Checker
<!-- Checks that each Java package has a Javadoc file used for commenting. -->
<!-- See http://checkstyle.sf.net/config_javadoc.html#JavadocPackage -->
<module name="JavadocPackage">
<!--property name="allowLegacy" value="true"/-->
</module>
<property name="basedir" value="${basedir}"/>
-->
<!-- Checks whether files end with a new line. -->
<!-- See http://checkstyle.sf.net/config_misc.html#NewlineAtEndOfFile -->
<!--module name="NewlineAtEndOfFile">
<property name="lineSeparator" value="system"/>
<property name="severity" value="error"/>
<module name="SuppressionFilter">
<property name="file" value="src/main/config/checkstyle-suppressions.xml"/>
</module>
<module name="JavadocPackage">
<property name="allowLegacy" value="false"/>
</module>
<module name="Translation">
<property name="severity" value="warning"/>
</module>
<module name="FileTabCharacter">
<property name="eachLine" value="false"/>
</module>
<module name="FileLength">
<property name="fileExtensions" value="java"/>
</module>
<module name="NewlineAtEndOfFile">
<property name="fileExtensions" value="java"/>
<property name="lineSeparator" value="lf"/>
</module>
<module name="RegexpHeader">
<property name="headerFile" value="src/main/config/checkstyle-header.txt"/>
<property name="fileExtensions" value="java"/>
<property name="id" value="header"/>
</module>
<module name="RegexpSingleline">
<property name="format" value="\s+$"/>
<property name="minimum" value="0"/>
<property name="maximum" value="0"/>
</module>
<module name="TreeWalker">
<property name="tabWidth" value="4"/>
<module name="AvoidStarImport"/>
<module name="ConstantName"/>
<module name="EmptyBlock"/>
<module name="EmptyForIteratorPad"/>
<module name="EqualsHashCode"/>
<module name="OneStatementPerLine"/>
<!-- module name="IllegalCatch"/ -->
<!--module name="ImportControl">
<property name="file" value="${checkstyle.importcontrol.file}"/>
</module-->
<module name="SuppressionFilter">
<property name="file" value="src/main/config/checkstyle-suppressions.xml"/>
<module name="IllegalImport"/>
<module name="IllegalInstantiation"/>
<module name="IllegalThrows"/>
<module name="InnerAssignment"/>
<module name="JavadocType">
<property name="authorFormat" value="\S"/>
</module>
<module name="JavadocMethod">
<property name="allowUndeclaredRTE" value="true"/>
<property name="allowThrowsTagsForSubclasses" value="true"/>
<property name="allowMissingPropertyJavadoc" value="true"/>
</module>
<module name="JavadocVariable"/>
<module name="JavadocStyle">
<property name="scope" value="public"/>
</module>
<!-- Checks that property files contain the same keys. -->
<!-- See http://checkstyle.sf.net/config_misc.html#Translation -->
<!-- module name="Translation"/ -->
<module name="FileLength"/>
<!-- Checks for Headers -->
<!-- See http://checkstyle.sf.net/config_header.html -->
<module name="RegexpHeader">
<property name="headerFile" value="src/main/config/checkstyle-header.txt"/>
</module>
<module name="FileTabCharacter">
<property name="eachLine" value="true"/>
<module name="LeftCurly">
<property name="option" value="eol"/>
<property name="tokens" value="CLASS_DEF"/>
<property name="tokens" value="CTOR_DEF"/>
<property name="tokens" value="INTERFACE_DEF"/>
<property name="tokens" value="METHOD_DEF"/>
<property name="tokens" value="LITERAL_CATCH"/>
<property name="tokens" value="LITERAL_DO"/>
<property name="tokens" value="LITERAL_ELSE"/>
<property name="tokens" value="LITERAL_FINALLY"/>
<property name="tokens" value="LITERAL_FOR"/>
<property name="tokens" value="LITERAL_IF"/>
<property name="tokens" value="LITERAL_SWITCH"/>
<property name="tokens" value="LITERAL_SYNCHRONIZED"/>
<property name="tokens" value="LITERAL_TRY"/>
<property name="tokens" value="LITERAL_WHILE"/>
</module>
<!-- Line with trailing spaces (disabled as it's too noisy) -->
<module name="RegexpSingleline">
<property name="format" value="\s+$"/>
<property name="message" value="Line has trailing spaces."/>
<module name="OuterTypeNumber"/>
<module name="LineLength">
<property name="ignorePattern" value="^ *\* *[^ ]+$"/>
<property name="max" value="150"/>
</module>
<module name="TreeWalker">
<property name="cacheFile" value="${checkstyle.cache.file}"/>
<property name="tabWidth" value="4"/>
<module name="LeftCurly">
<property name="option" value="eol"/>
</module>
<module name="RightCurly">
<!--property name="option" value="alone"/-->
</module>
<module name="LineLength">
<property name="max" value="150" />
<property name="ignorePattern" value="@version|@see|@todo|TODO"/>
</module>
<module name="MemberName" />
<!-- Checks for Javadoc comments. -->
<!-- See http://checkstyle.sf.net/config_javadoc.html -->
<module name="JavadocMethod">
<property name="severity" value="warning"/>
<property name="scope" value="protected"/>
</module>
<module name="JavadocType">
<property name="scope" value="protected"/>
<property name="allowUnknownTags" value="true" />
</module>
<module name="JavadocVariable">
<property name="severity" value="info"/>
<property name="scope" value="protected"/>
</module>
<!-- Checks for Naming Conventions. -->
<!-- See http://checkstyle.sf.net/config_naming.html -->
<module name="ConstantName"/>
<module name="LocalFinalVariableName"/>
<module name="LocalVariableName"/>
<module name="MethodName"/>
<module name="PackageName"/>
<module name="ParameterName"/>
<module name="StaticVariableName"/>
<module name="TypeName"/>
<!-- Checks for imports -->
<!-- See http://checkstyle.sf.net/config_import.html -->
<!--<module name="AvoidStarImport"/>-->
<module name="IllegalImport"/>
<module name="RedundantImport"/>
<module name="UnusedImports"/>
<!-- Checks for Size Violations. -->
<!-- See http://checkstyle.sf.net/config_sizes.html -->
<module name="MethodLength"/>
<module name="ParameterNumber"/>
<!-- Checks for whitespace -->
<!-- See http://checkstyle.sf.net/config_whitespace.html -->
<module name="EmptyForIteratorPad">
<property name="option" value="space"/>
</module>
<module name="OperatorWrap"/>
<!--module name="ParenPad">
<property name="option" value="space" />
</module-->
<module name="WhitespaceAfter"/>
<module name="WhitespaceAround"/>
<!-- module name="MethodParamPad"/ -->
<!-- Modifier Checks -->
<!-- See http://checkstyle.sf.net/config_modifiers.html -->
<module name="ModifierOrder"/>
<module name="RedundantModifier"/>
<!-- Checks for blocks. You know, those {}'s -->
<!-- See http://checkstyle.sf.net/config_blocks.html -->
<module name="AvoidNestedBlocks"/>
<module name="EmptyBlock">
<property name="option" value="text"/>
</module>
<module name="NeedBraces"/>
<!-- Checks for common coding problems -->
<!-- See http://checkstyle.sf.net/config_coding.html -->
<!-- module name="AvoidInlineConditionals"/ -->
<module name="DoubleCheckedLocking"/>
<module name="EmptyStatement"/>
<module name="EqualsHashCode"/>
<module name="HiddenField">
<property name="severity" value="warning"/>
<property name="ignoreSetter" value="true"/>
<property name="ignoreConstructorParameter" value="true"/>
</module>
<module name="IllegalInstantiation"/>
<module name="InnerAssignment"/>
<!--
<module name="MagicNumber">
<property name="ignoreNumbers" value="-4, -3, -2, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 14, 32, 64, 100, 128, 256, 512, 1000, 1024, 4096"/>
</module>
-->
<module name="MissingSwitchDefault"/>
<!--module name="RedundantThrows"/-->
<module name="SimplifyBooleanExpression"/>
<module name="SimplifyBooleanReturn"/>
<!-- Checks for class design -->
<!-- See http://checkstyle.sf.net/config_design.html -->
<!-- module name="DesignForExtension"/ -->
<!-- module name="FinalClass"/ -->
<module name="HideUtilityClassConstructor"/>
<module name="InterfaceIsType"/>
<module name="VisibilityModifier">
<property name="protectedAllowed" value="true"/>
<property name="packageAllowed" value="true"/>
</module>
<!-- Miscellaneous other checks. -->
<!-- See http://checkstyle.sf.net/config_misc.html -->
<!-- module name="ArrayTypeStyle"/ -->
<!-- module name="FinalParameters"/ -->
<!-- Let todo plugin handle this.
<module name="TodoComment"/>
-->
<module name="UpperEll"/>
<module name="MethodCount">
<property name="maxTotal" value="40"/>
</module>
</module>
<module name="LocalFinalVariableName"/>
<module name="LocalVariableName"/>
<module name="MemberName">
<property name="format" value="^[a-z][a-zA-Z0-9]*$"/>
</module>
<module name="MethodLength">
<property name="max" value="160"/>
<property name="countEmpty" value="false"/>
</module>
<module name="MethodName"/>
<module name="MethodParamPad"/>
<module name="ModifierOrder"/>
<module name="NeedBraces"/>
<module name="NoWhitespaceAfter">
<property name="tokens" value="ARRAY_INIT"/>
<property name="tokens" value="BNOT"/>
<property name="tokens" value="DEC"/>
<property name="tokens" value="DOT"/>
<property name="tokens" value="INC"/>
<property name="tokens" value="LNOT"/>
<property name="tokens" value="UNARY_MINUS"/>
<property name="tokens" value="UNARY_PLUS"/>
</module>
<module name="NoWhitespaceBefore"/>
<module name="NoWhitespaceBefore">
<property name="tokens" value="DOT"/>
<property name="allowLineBreaks" value="true"/>
</module>
<module name="OperatorWrap"/>
<module name="OperatorWrap">
<property name="tokens" value="ASSIGN"/>
<property name="tokens" value="DIV_ASSIGN"/>
<property name="tokens" value="PLUS_ASSIGN"/>
<property name="tokens" value="MINUS_ASSIGN"/>
<property name="tokens" value="STAR_ASSIGN"/>
<property name="tokens" value="MOD_ASSIGN"/>
<property name="tokens" value="SR_ASSIGN"/>
<property name="tokens" value="BSR_ASSIGN"/>
<property name="tokens" value="SL_ASSIGN"/>
<property name="tokens" value="BXOR_ASSIGN"/>
<property name="tokens" value="BOR_ASSIGN"/>
<property name="tokens" value="BAND_ASSIGN"/>
<property name="option" value="eol"/>
</module>
<module name="PackageName"/>
<module name="ParameterName">
<property name="format" value="^[a-z][a-zA-Z0-9]*$"/>
</module>
<module name="ParameterNumber">
<property name="id" value="paramNum"/>
</module>
<module name="ParenPad"/>
<module name="TypecastParenPad"/>
<module name="RedundantImport"/>
<module name="RedundantModifier"/>
<module name="RightCurly">
<property name="option" value="same"/>
</module>
<module name="SimplifyBooleanExpression"/>
<module name="SimplifyBooleanReturn"/>
<module name="StaticVariableName">
<property name="format" value="^[a-z][a-zA-Z0-9]*$"/>
</module>
<module name="TypeName"/>
<module name="UnusedImports"/>
<module name="UpperEll"/>
<module name="VisibilityModifier"/>
<module name="WhitespaceAfter"/>
<module name="WhitespaceAround"/>
<module name="GenericWhitespace"/>
<module name="FinalClass"/>
<module name="MissingSwitchDefault"/>
<!--module name="MagicNumber"/-->
<!--module name="Indentation">
<property name="basicOffset" value="4"/>
<property name="braceAdjustment" value="0"/>
<property name="caseIndent" value="0"/>
</module-->
<module name="ArrayTrailingComma"/>
<module name="FinalLocalVariable"/>
<module name="EqualsAvoidNull"/>
<module name="ParameterAssignment"/>
<!-- Generates quite a few errors -->
<module name="CyclomaticComplexity">
<property name="severity" value="ignore"/>
</module>
<module name="NestedForDepth">
<property name="max" value="2"/>
</module>
<module name="NestedIfDepth">
<property name="max" value="4"/>
</module>
<module name="NestedTryDepth">
<property name="max" value="2"/>
</module>
<!--module name="ExplicitInitialization"/-->
<module name="AnnotationUseStyle"/>
<module name="MissingDeprecated"/>
<module name="MissingOverride">
<property name="javaFiveCompatibility" value="true"/>
</module>
<module name="PackageAnnotation"/>
<module name="SuppressWarnings"/>
<module name="OuterTypeFilename"/>
<module name="HideUtilityClassConstructor"/>
</module>
</module>

10
src/main/config/checkstyle-header.txt
View File

@@ -1,19 +1,19 @@
^/\*\s*$
^ \* This file is part of DependencyCheck\.\s*$
^ \* This file is part of Dependency-Check\.\s*$
^ \*\s*$
^ \* DependencyCheck is free software\: you can redistribute it and/or modify it\s*$
^ \* Dependency-Check is free software\: you can redistribute it and/or modify it\s*$
^ \* under the terms of the GNU General Public License as published by the Free\s*$
^ \* Software Foundation, either version 3 of the License, or \(at your option\) any\s*$
^ \* later version\.
^ \*\s*$
^ \* DependencyCheck is distributed in the hope that it will be useful, but\s*$
^ \* Dependency-Check is distributed in the hope that it will be useful, but\s*$
^ \* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or\s*$
^ \* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more\s*$
^ \* details\.\s*$
^ \*\s*$
^ \* You should have received a copy of the GNU General Public License along with\s*$
^ \* DependencyCheck\. If not, see http://www.gnu.org/licenses/\.\s*$
^ \* Dependency-Check\. If not, see http://www.gnu.org/licenses/\.\s*$
^ \*\s*$
^ \* Copyright \(c\) 2012 Jeremy Long\. All Rights Reserved\.\s*$
^ \* Copyright \(c\) 201[23] (Jeremy Long|Steve Springett)\. All Rights Reserved\.\s*$
^ \*/\s*$
^package

6
src/main/config/checkstyle-suppressions.xml
View File

@@ -6,10 +6,10 @@
<suppressions>
<suppress checks=".*" files=".*[\\/]package-info\.java" />
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]Filter.java" />
<suppress checks=".*" files=".*org[\\/]codesecure[\\/]dependencycheck[\\/]utils[\\/]Checksum.java" />
<suppress checks=".*" files=".*org[\\/]owasp[\\/]dependencycheck[\\/]utils[\\/]Filter.java" />
<suppress checks=".*" files=".*org[\\/]owasp[\\/]dependencycheck[\\/]utils[\\/]Checksum.java" />
<suppress checks=".*" files=".*[\\/]generated[\\/].*.java" />
<suppress checks="MagicNumberCheck"
files="org[\\/]codesecure[\\/]dependencycheck[\\/]data[\\/]cpe/Entry.java"
files="org[\\/]owasp[\\/]dependencycheck[\\/]data[\\/]cpe/Entry.java"
lines="376"/>
</suppressions>

149
src/main/java/org/codesecure/dependencycheck/App.java
View File

@@ -1,149 +0,0 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;
import org.apache.commons.cli.ParseException;
import org.codesecure.dependencycheck.reporting.ReportGenerator;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.utils.CliParser;
/*
* This file is part of App.
*
* App is free software: you can redistribute it and/or modify it under the
* terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later
* version.
*
* App is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
* A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* App. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
/**
* The command line interface for the DependencyCheck application.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class App {
private static final String LOG_PROPERTIES_FILE = "configuration/log.properties";
/**
* @param args the command line arguments
*/
public static void main(String[] args) {
prepareLogger();
App app = new App();
app.run(args);
}
private static void prepareLogger() {
//while java doc for JUL says to use preferences api - it throws an exception...
//Preferences.systemRoot().put("java.util.logging.config.file", "log.properties");
//System.getProperties().put("java.util.logging.config.file", "configuration/log.properties");
//removed the file handler. since this is a console app - just write to console.
// File dir = new File("logs");
// if (!dir.exists()) {
// dir.mkdir();
// }
try {
InputStream in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
LogManager.getLogManager().reset();
LogManager.getLogManager().readConfiguration(in);
} catch (IOException ex) {
System.err.println(ex.toString());
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
} catch (SecurityException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* main CLI entry-point into the application.
*
* @param args the command line arguments
*/
public void run(String[] args) {
CliParser cli = new CliParser();
try {
cli.parse(args);
} catch (FileNotFoundException ex) {
System.err.println(ex.getMessage());
cli.printHelp();
Logger.getLogger(App.class.getName()).log(Level.WARNING, null, ex);
return;
} catch (ParseException ex) {
System.err.println(ex.getMessage());
cli.printHelp();
Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
return;
}
if (cli.isGetVersion()) {
cli.printVersionInfo();
} else if (cli.isRunScan()) {
runScan(cli.getReportDirectory(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate());
} else {
cli.printHelp();
}
}
/**
* Scans the specified directories and writes the dependency reports to the
* reportDirectory.
*
* @param reportDirectory the path to the directory where the reports will
* be written.
* @param applicationName the application name for the report.
* @param files the files/directories to scan.
*/
private void runScan(String reportDirectory, String applicationName, String[] files, boolean autoUpdate) {
Engine scanner = new Engine(autoUpdate);
for (String file : files) {
scanner.scan(file);
}
scanner.analyzeDependencies();
List<Dependency> dependencies = scanner.getDependencies();
ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
try {
report.generateReports(reportDirectory);
} catch (IOException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
} catch (Exception ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
}
}
}

660
src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java
View File

@@ -1,660 +0,0 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
import java.io.File;
import java.io.FileInputStream;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBException;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Evidence;
import org.codesecure.dependencycheck.dependency.EvidenceCollection;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.util.HashMap;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.jar.Attributes;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.Unmarshaller;
import org.codesecure.dependencycheck.analyzer.pom.generated.License;
import org.codesecure.dependencycheck.analyzer.pom.generated.Model;
import org.codesecure.dependencycheck.analyzer.pom.generated.Organization;
import org.codesecure.dependencycheck.utils.NonClosingStream;
/**
*
* Used to load a JAR file and collect information that can be used to determine
* the associated CPE.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
/**
* The system independent newline character.
*/
private static final String NEWLINE = System.getProperty("line.separator");
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Jar Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INITIAL;
/**
* A list of elements in the manifest to ignore.
*/
private static final Set<String> IGNORE_LIST = newHashSet(
"built-by",
"created-by",
"builtby",
"createdby",
"build-jdk",
"buildjdk",
"ant-version",
"antversion",
"import-package",
"export-package",
"importpackage",
"exportpackage",
"sealed",
"manifest-version",
"archiver-version",
"manifestversion",
"archiverversion",
"classpath",
"class-path",
"tool",
"bundle-manifestversion",
"bundlemanifestversion");
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("jar");
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_VERSION = "Bundle-Version"; //: 2.1.2
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_DESCRIPTION = "Bundle-Description"; //: Apache Struts 2
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_NAME = "Bundle-Name"; //: Struts 2 Core
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_VENDOR = "Bundle-Vendor"; //: Apache Software Foundation
/**
* The JAXB Contexts used to unmarshall the pom.xml from a JAR file.
*/
private JAXBContext jaxbContext = null;
/**
* The unmarshaller used to parse the pom.xml from a JAR file.
*/
private Unmarshaller pomUnmarshaller = null;
/**
* Constructs a new JarAnalyzer.
*/
public JarAnalyzer() {
try {
jaxbContext = JAXBContext.newInstance("org.codesecure.dependencycheck.analyzer.pom.generated");
pomUnmarshaller = jaxbContext.createUnmarshaller();
} catch (JAXBException ex) { //guess we will just have a null pointer exception later...
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, null, ex);
}
}
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by tihs
* analyzer.
*/
public boolean supportsExtension(String extension) {
return EXTENSIONS.contains(extension);
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* Loads a specified JAR file and collects information from the manifest and
* checksums to identify the correct CPE information.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
try {
parseManifest(dependency);
analyzePackageNames(dependency);
analyzePOM(dependency);
addPredefinedData(dependency);
} catch (IOException ex) {
throw new AnalysisException("Exception occured reading the JAR file.", ex);
} catch (JAXBException ex) {
throw new AnalysisException("Exception occured reading the POM within the JAR file.", ex);
}
}
/**
* Attempts to find a pom.xml within the JAR file. If found it extracts information
* and adds it to the evidence. This will attempt to interpolate the strings contained
* within the pom.properties if one exists.
*
* @param dependency the dependency being analyzed.
* @throws IOException is thrown if there is an error reading the zip file.
* @throws JAXBException is thrown if there is an error extracting the model (aka pom).
* @throws AnalysisException is thrown if there is an exception parsing the pom.
*/
protected void analyzePOM(Dependency dependency) throws IOException, JAXBException, AnalysisException {
Properties pomProperties = null;
Model pom = null;
FileInputStream fs = null;
try {
fs = new FileInputStream(dependency.getActualFilePath());
ZipInputStream zin = new ZipInputStream(fs);
ZipEntry entry = zin.getNextEntry();
while (entry != null) {
String entryName = (new File(entry.getName())).getName().toLowerCase();
if (!entry.isDirectory() && "pom.xml".equals(entryName)) {
if (pom == null) {
NonClosingStream stream = new NonClosingStream(zin);
JAXBElement obj = (JAXBElement) pomUnmarshaller.unmarshal(stream);
pom = (org.codesecure.dependencycheck.analyzer.pom.generated.Model) obj.getValue();
zin.closeEntry();
} else {
throw new AnalysisException("JAR file contains multiple pom.xml files - unable to process POM");
}
} else if (!entry.isDirectory() && "pom.properties".equals(entryName)) {
if (pomProperties == null) {
Reader reader = null;
try {
reader = new InputStreamReader(zin, "UTF-8");
pomProperties = new Properties();
pomProperties.load(reader);
} finally {
//zin.closeEntry closes the reader
//reader.close();
zin.closeEntry();
}
} else {
throw new AnalysisException("JAR file contains multiple pom.properties files - unable to process POM");
}
}
entry = zin.getNextEntry();
}
} catch (IOException ex) {
throw new AnalysisException("Error reading JAR file as zip.", ex);
} finally {
if (fs != null) {
fs.close();
}
}
if (pom != null) {
//group id
String groupid = interpolateString(pom.getGroupId(), pomProperties);
if (groupid != null) {
dependency.getVendorEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.HIGH);
dependency.getProductEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.LOW);
}
//artifact id
String artifactid = interpolateString(pom.getArtifactId(), pomProperties);
if (artifactid != null) {
dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.HIGH);
}
//version
String version = interpolateString(pom.getVersion(), pomProperties);
if (version != null) {
dependency.getVersionEvidence().addEvidence("pom", "version", version, Evidence.Confidence.HIGH);
}
// org name
Organization org = pom.getOrganization();
if (org != null && org.getName() != null) {
String orgName = interpolateString(org.getName(), pomProperties);
dependency.getVendorEvidence().addEvidence("pom", "organization name", orgName, Evidence.Confidence.HIGH);
}
//pom name
String pomName = interpolateString(pom.getName(), pomProperties);
if (pomName != null) {
dependency.getProductEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
}
//Description
if (pom.getDescription() != null) {
String description = interpolateString(pom.getDescription(), pomProperties);
dependency.setDescription(description);
dependency.getProductEvidence().addEvidence("pom", "description", description, Evidence.Confidence.MEDIUM);
dependency.getVendorEvidence().addEvidence("pom", "description", description, Evidence.Confidence.MEDIUM);
}
//license
if (pom.getLicenses() != null) {
String license = null;
for (License lic : pom.getLicenses().getLicense()) {
String tmp = null;
if (lic.getName() != null) {
tmp = interpolateString(lic.getName(), pomProperties);
}
if (lic.getUrl() != null) {
if (tmp == null) {
tmp = interpolateString(lic.getUrl(), pomProperties);
} else {
tmp += ": " + interpolateString(lic.getUrl(), pomProperties);
}
}
if (tmp == null) {
continue;
}
if (license == null) {
license = tmp;
} else {
license += "\n" + tmp;
}
}
if (license != null) {
dependency.setLicense(license);
}
}
}
}
/**
* Analyzes the path information of the classes contained within the
* JarAnalyzer to try and determine possible vendor or product names. If any
* are found they are stored in the packageVendor and packageProduct
* hashSets.
*
* @param dependency A reference to the dependency.
* @throws IOException is thrown if there is an error reading the JAR file.
*/
protected void analyzePackageNames(Dependency dependency) throws IOException {
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
java.util.Enumeration en = jar.entries();
HashMap<String, Integer> level0 = new HashMap<String, Integer>();
HashMap<String, Integer> level1 = new HashMap<String, Integer>();
HashMap<String, Integer> level2 = new HashMap<String, Integer>();
HashMap<String, Integer> level3 = new HashMap<String, Integer>();
int count = 0;
while (en.hasMoreElements()) {
java.util.jar.JarEntry entry = (java.util.jar.JarEntry) en.nextElement();
if (entry.getName().endsWith(".class") && entry.getName().contains("/")) {
String[] path = entry.getName().toLowerCase().split("/");
if ("java".equals(path[0])
|| "javax".equals(path[0])
|| ("com".equals(path[0]) && "sun".equals(path[0]))) {
continue;
}
count += 1;
String temp = path[0];
if (level0.containsKey(temp)) {
level0.put(temp, level0.get(temp) + 1);
} else {
level0.put(temp, 1);
}
if (path.length > 2) {
temp += "/" + path[1];
if (level1.containsKey(temp)) {
level1.put(temp, level1.get(temp) + 1);
} else {
level1.put(temp, 1);
}
}
if (path.length > 3) {
temp += "/" + path[2];
if (level2.containsKey(temp)) {
level2.put(temp, level2.get(temp) + 1);
} else {
level2.put(temp, 1);
}
}
if (path.length > 4) {
temp += "/" + path[3];
if (level3.containsKey(temp)) {
level3.put(temp, level3.get(temp) + 1);
} else {
level3.put(temp, 1);
}
}
}
}
if (count == 0) {
return;
}
EvidenceCollection vendor = dependency.getVendorEvidence();
EvidenceCollection product = dependency.getProductEvidence();
for (String s : level0.keySet()) {
if (!"org".equals(s) && !"com".equals(s)) {
vendor.addWeighting(s);
product.addWeighting(s);
vendor.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
product.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
}
}
for (String s : level1.keySet()) {
float ratio = level1.get(s);
ratio /= count;
if (ratio > 0.5) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
product.addWeighting(parts[1]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
}
}
for (String s : level2.keySet()) {
float ratio = level2.get(s);
ratio /= count;
if (ratio > 0.4) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
}
}
for (String s : level3.keySet()) {
float ratio = level3.get(s);
ratio /= count;
if (ratio > 0.3) {
String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
}
}
} finally {
if (jar != null) {
jar.close();
}
}
}
/**
* <p>Reads the manifest from the JAR file and collects the entries. Some
* key entries are:</p> <ul><li>Implementation Title</li> <li>Implementation
* Version</li> <li>Implementation Vendor</li> <li>Implementation
* VendorId</li> <li>Bundle Name</li> <li>Bundle Version</li> <li>Bundle
* Vendor</li> <li>Bundle Description</li> <li>Main Class</li> </ul>
* However, all but a handful of specific entries are read in.
*
* @param dependency A reference to the dependency.
* @throws IOException if there is an issue reading the JAR file.
*/
protected void parseManifest(Dependency dependency) throws IOException {
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
Manifest manifest = jar.getManifest();
if (manifest == null) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE,
"Jar file '{0}' does not contain a manifest.",
dependency.getFileName());
return;
}
Attributes atts = manifest.getMainAttributes();
EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
EvidenceCollection productEvidence = dependency.getProductEvidence();
EvidenceCollection versionEvidence = dependency.getVersionEvidence();
String source = "Manifest";
for (Entry<Object, Object> entry : atts.entrySet()) {
String key = entry.getKey().toString();
String value = atts.getValue(key);
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_DESCRIPTION)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
dependency.setDescription(value);
} else if (key.equals(BUNDLE_NAME)) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_VENDOR)) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(BUNDLE_VERSION)) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else {
key = key.toLowerCase();
if (!IGNORE_LIST.contains(key) && !key.endsWith("jdk")
&& !key.contains("lastmodified") && !key.endsWith("package")) {
if (key.contains("version")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("title")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("vendor")) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("name")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("license")) {
addLicense(dependency, value);
} else {
if (key.contains("description")) {
addDescription(dependency, value);
}
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
if (value.matches(".*\\d.*")) {
StringTokenizer tokenizer = new StringTokenizer(value, " ");
while (tokenizer.hasMoreElements()) {
String s = tokenizer.nextToken();
if (s.matches("^[0-9.]+$")) {
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
}
}
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
}
}
}
}
}
} finally {
if (jar != null) {
jar.close();
}
}
}
private void addDescription(Dependency d, String description) {
if (d.getDescription() == null) {
d.setDescription(description);
}
}
private void addLicense(Dependency d, String license) {
if (d.getLicense() == null) {
d.setLicense(license);
} else if (!d.getLicense().contains(license)) {
d.setLicense(d.getLicense() + NEWLINE + license);
}
}
/**
* The initialize method does nothing for this Analyzer
*/
public void initialize() {
//do nothing
}
/**
* The close method does nothing for this Analyzer
*/
public void close() {
//do nothing
}
/**
* A utiltiy function that will interpolate strings based on values given
* in the properties file. It will also interpolate the strings contained
* within the properties file so that properties can reference other
* properties.
*
* @param text the string that contains references to properties.
* @param properties a collection of properties that may be referenced within the text.
* @return the interpolated text.
*/
protected String interpolateString(String text, Properties properties) {
//${project.build.directory}
if (properties == null || text == null) {
return text;
}
int pos = text.indexOf("${");
if (pos < 0) {
return text;
}
int end = text.indexOf("}");
if (end < pos) {
return text;
}
String propName = text.substring(pos + 2, end);
String propValue = interpolateString(properties.getProperty(propName), properties);
if (propValue == null) {
propValue = "";
}
StringBuilder sb = new StringBuilder(propValue.length() + text.length());
sb.append(text.subSequence(0, pos));
sb.append(propValue);
sb.append(text.substring(end + 1));
return interpolateString(sb.toString(), properties); //yes yes, this should be a loop...
}
private void addPredefinedData(Dependency dependency) {
Evidence spring = new Evidence("Manifest",
"Implementation-Title",
"Spring Framework",
Evidence.Confidence.HIGH);
if (dependency.getProductEvidence().getEvidence().contains(spring)) {
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "SpringSource", Evidence.Confidence.HIGH);
}
}
}

158
src/main/java/org/codesecure/dependencycheck/analyzer/SpringCleaningAnalyzer.java
View File

@@ -1,158 +0,0 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Identifier;
/**
* This analyzer ensures that the Spring Framework Core CPE identifiers are only associated
* with the "core" jar files. If there are other Spring JARs, such as spring-beans, and
* spring-core is in the scanned dependencies then only the spring-core will have a reference
* to the CPE values (if there are any for the version of spring being used).
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class SpringCleaningAnalyzer extends AbstractAnalyzer {
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("jar");
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Jar Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_IDENTIFIER_ANALYSIS;
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by tihs
* analyzer.
*/
public boolean supportsExtension(String extension) {
return EXTENSIONS.contains(extension);
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
/**
* The initialize method does nothing for this Analyzer
* @throws Exception never thrown by this analyzer
*/
public void initialize() throws Exception {
//do nothing
}
/**
* The close method does nothing for this Analyzer
* @throws Exception never thrown by this analyzer
*/
public void close() throws Exception {
//do nothing
}
private List<Identifier> springVersions = null;
/**
* Determines if several "spring" libraries were scanned and trimes the
* cpe:/a:springsource:spring_framework:[version] from the none "core" framework
* if the core framework was part of the scan.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
collectSpringFrameworkIdentifiers(engine);
List<Identifier> identifiersToRemove = new ArrayList<Identifier>();
for (Identifier identifier : dependency.getIdentifiers()) {
if (springVersions.contains(identifier) && !isCoreFramework(dependency.getFileName())) {
identifiersToRemove.add(identifier);
}
}
for (Identifier i : identifiersToRemove) {
dependency.getIdentifiers().remove(i);
}
}
private void collectSpringFrameworkIdentifiers(Engine engine) {
//check to see if any of the libs are the core framework
if (springVersions == null) {
springVersions = new ArrayList<Identifier>();
for (Dependency d : engine.getDependencies()) {
if (supportsExtension(d.getFileExtension())) {
for (Identifier i : d.getIdentifiers()) {
if (isSpringFrameworkCpe(i)) {
if (isCoreFramework(d.getFileName())) {
springVersions.add(i);
}
}
}
}
}
}
}
private boolean isSpringFrameworkCpe(Identifier identifier) {
return "cpe".equals(identifier.getType())
&& identifier.getValue().startsWith("cpe:/a:springsource:spring_framework:");
}
private boolean isCoreFramework(String filename) {
return filename.toLowerCase().matches("^spring([ _-]?core)?[ _-]?\\d.*");
}
}

15
src/main/java/org/codesecure/dependencycheck/analyzer/package-info.java
View File

@@ -1,15 +0,0 @@
/**
* <html>
* <head>
* <title>org.codesecure.dependencycheck.scanner</title>
* </head>
* <body>
* The scanner package contains the utilities to scan files and directories for
* dependencies. Analyzers are used to inspect the identified dependencies and
* collect Evidence. This evidence is then used to determine if the dependency
* has a known CPE.
* </body>
* </html>
*/
package org.codesecure.dependencycheck.analyzer;

33
src/main/java/org/codesecure/dependencycheck/data/lucene/VersionAnalyzer.java
View File

@@ -1,33 +0,0 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
/**
* VersionAnalyzer is a Lucene Analyzer used to analyze version information.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class VersionAnalyzer {
//TODO Implement this...
// use custom attributes for major, minor, x, x, x, rcx
// these can then be used to weight the score for searches on the version.
// see http://lucene.apache.org/core/3_6_1/api/core/org/apache/lucene/analysis/package-summary.html#package_description
// look at this article to implement
// http://www.codewrecks.com/blog/index.php/2012/08/25/index-your-blog-using-tags-and-lucene-net/
}

104
src/main/java/org/codesecure/dependencycheck/dependency/VulnerableSoftware.java
View File

@@ -1,104 +0,0 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.dependency;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.codesecure.dependencycheck.data.cpe.Entry;
/**
* A record containing information about vulnerable software. This
* is referenced from a vulnerability.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class VulnerableSoftware extends Entry implements Serializable {
private static final long serialVersionUID = 307319490326651052L;
/**
* Parse a CPE entry from the cpe string repesentation
*
* @param cpe a cpe entry (e.g. cpe:/a:vendor:software:version)
*/
public void setCpe(String cpe) {
try {
parseName(cpe);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(VulnerableSoftware.class.getName()).log(Level.SEVERE, null, ex);
setName(cpe);
}
}
/**
* If present, indicates that previous version are vulnerable
*/
protected String previousVersion = null;
/**
* Indicates if previous versions of this software are vulnerable
*
* @return if previous versions of this software are vulnerable
*/
public boolean hasPreviousVersion() {
return previousVersion != null;
}
/**
* Get the value of previousVersion
*
* @return the value of previousVersion
*/
public String getPreviousVersion() {
return previousVersion;
}
/**
* Set the value of previousVersion
*
* @param previousVersion new value of previousVersion
*/
public void setPreviousVersion(String previousVersion) {
this.previousVersion = previousVersion;
}
@Override
public boolean equals(Object obj) {
if (obj == null) {
return false;
}
if (getClass() != obj.getClass()) {
return false;
}
final VulnerableSoftware other = (VulnerableSoftware) obj;
if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
return false;
}
return true;
}
@Override
public int hashCode() {
int hash = 7;
hash = 83 * hash + (this.name != null ? this.name.hashCode() : 0);
return hash;
}
}

70
src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java
View File

@@ -1,70 +0,0 @@
/*
* This file is part of DependencyCheck.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.utils;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
/**
* A collection of utilities for processing information about files.
*
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class FileUtils {
/**
* Private constructor for a utility class.
*/
private FileUtils() {
}
/**
* Returns the (lowercase) file extension for a specified file.
*
* @param fileName the file name to retrieve the file extension from.
* @return the file extension.
*/
public static String getFileExtension(String fileName) {
String ret = null;
int pos = fileName.lastIndexOf(".");
if (pos >= 0) {
ret = fileName.substring(pos + 1, fileName.length()).toLowerCase();
}
return ret;
}
/**
* Deletes a file. If the File is a directory it will recursively delete
* the contents.
*
* @param file the File to delete
* @throws IOException is thrown if the file could not be deleted
*/
public static void delete(File file) throws IOException {
if (file.isDirectory()) {
for (File c : file.listFiles()) {
delete(c);
}
}
if (!file.delete()) {
throw new FileNotFoundException("Failed to delete file: " + file);
}
}
}

181
src/main/java/org/owasp/dependencycheck/App.java Normal file
View File

@@ -0,0 +1,181 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;
import org.apache.commons.cli.ParseException;
import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.CliParser;
import org.owasp.dependencycheck.utils.Settings;
/*
* This file is part of App.
*
* App is free software: you can redistribute it and/or modify it under the
* terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later
* version.
*
* App is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
* A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* App. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
/**
* The command line interface for the DependencyCheck application.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class App {
/**
* The location of the log properties configuration file.
*/
private static final String LOG_PROPERTIES_FILE = "configuration/log.properties";
/**
* The main method for the application.
*
* @param args the command line arguments
*/
public static void main(String[] args) {
prepareLogger();
final App app = new App();
app.run(args);
}
/**
* Configures the logger for use by the application.
*/
private static void prepareLogger() {
InputStream in = null;
try {
in = App.class.getClassLoader().getResourceAsStream(LOG_PROPERTIES_FILE);
LogManager.getLogManager().reset();
LogManager.getLogManager().readConfiguration(in);
} catch (IOException ex) {
Logger.getLogger(App.class.getName()).log(Level.FINE, "IO Error preparing the logger", ex);
} catch (SecurityException ex) {
Logger.getLogger(App.class.getName()).log(Level.FINE, "Error preparing the logger", ex);
} finally {
if (in != null) {
try {
in.close();
} catch (Exception ex) {
Logger.getLogger(App.class.getName()).log(Level.FINEST, "Error closing resource stream", ex);
}
}
}
}
/**
* Main CLI entry-point into the application.
*
* @param args the command line arguments
*/
public void run(String[] args) {
final CliParser cli = new CliParser();
try {
cli.parse(args);
} catch (FileNotFoundException ex) {
System.err.println(ex.getMessage());
cli.printHelp();
return;
} catch (ParseException ex) {
System.err.println(ex.getMessage());
cli.printHelp();
return;
}
if (cli.isGetVersion()) {
cli.printVersionInfo();
} else if (cli.isRunScan()) {
updateSettings(cli.isAutoUpdate(), cli.isDeepScan(), cli.getConnectionTimeout(), cli.getProxyUrl(), cli.getProxyPort());
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
} else {
cli.printHelp();
}
}
/**
* Scans the specified directories and writes the dependency reports to the
* reportDirectory.
*
* @param reportDirectory the path to the directory where the reports will
* be written
* @param outputFormat the output format of the report
* @param applicationName the application name for the report
* @param files the files/directories to scan
*/
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files) {
final Engine scanner = new Engine();
for (String file : files) {
scanner.scan(file);
}
scanner.analyzeDependencies();
final List<Dependency> dependencies = scanner.getDependencies();
final ReportGenerator report = new ReportGenerator(applicationName, dependencies, scanner.getAnalyzers());
try {
report.generateReports(reportDirectory, outputFormat);
} catch (IOException ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an IO error while attempting to generate the report.");
Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
} catch (Exception ex) {
Logger.getLogger(App.class.getName()).log(Level.SEVERE, "There was an error while attempting to generate the report.");
Logger.getLogger(App.class.getName()).log(Level.INFO, null, ex);
}
}
/**
* Updates the global Settings.
* @param autoUpdate whether or not to update cached web data sources
* @param deepScan whether or not to perform a deep scan (increases false positives, but may reduce false negatives)
* @param connectionTimeout the timeout to use when downloading resources (null or blank will use default)
* @param proxyUrl the proxy url (null or blank means no proxy will be used)
* @param proxyPort the proxy port (null or blank means no port will be used)
*/
private void updateSettings(boolean autoUpdate, boolean deepScan, String connectionTimeout, String proxyUrl, String proxyPort) {
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
Settings.setBoolean(Settings.KEYS.PERFORM_DEEP_SCAN, deepScan);
if (proxyUrl != null && !proxyUrl.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
}
if (proxyPort != null && !proxyPort.isEmpty()) {
Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
}
if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
}
}
}

150
src/main/java/org/codesecure/dependencycheck/Engine.java → src/main/java/org/owasp/dependencycheck/Engine.java
View File

@@ -1,22 +1,22 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck;
package org.owasp.dependencycheck;
import java.util.EnumMap;
import java.io.File;
@@ -27,15 +27,17 @@ import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.codesecure.dependencycheck.analyzer.AnalysisException;
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
import org.codesecure.dependencycheck.analyzer.Analyzer;
import org.codesecure.dependencycheck.analyzer.AnalyzerService;
import org.codesecure.dependencycheck.data.CachedWebDataSource;
import org.codesecure.dependencycheck.data.UpdateException;
import org.codesecure.dependencycheck.data.UpdateService;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.analyzer.AnalysisException;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.analyzer.AnalyzerService;
import org.owasp.dependencycheck.data.CachedWebDataSource;
import org.owasp.dependencycheck.data.UpdateException;
import org.owasp.dependencycheck.data.UpdateService;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
/**
* Scans files, directories, etc. for Dependencies. Analyzers are loaded and
@@ -43,38 +45,50 @@ import org.codesecure.dependencycheck.utils.FileUtils;
* Analyzer is associated with the file type then the file is turned into a
* dependency.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class Engine {
/**
* The list of dependencies.
*/
protected List<Dependency> dependencies = new ArrayList<Dependency>();
private final List<Dependency> dependencies = new ArrayList<Dependency>();
/**
* A Map of analyzers grouped by Analysis phase.
*/
protected EnumMap<AnalysisPhase, List<Analyzer>> analyzers =
private final EnumMap<AnalysisPhase, List<Analyzer>> analyzers =
new EnumMap<AnalysisPhase, List<Analyzer>>(AnalysisPhase.class);
/**
* A set of extensions supported by the analyzers.
*/
protected Set<String> extensions = new HashSet<String>();
private final Set<String> extensions = new HashSet<String>();
/**
* Creates a new Engine.
*/
public Engine() {
doUpdates();
boolean autoUpdate = true;
try {
autoUpdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
} catch (InvalidSettingException ex) {
Logger.getLogger(Engine.class.getName()).log(Level.FINE, "Invalid setting for auto-update; using true.");
}
if (autoUpdate) {
doUpdates();
}
loadAnalyzers();
}
/**
* Creates a new Engine
* Creates a new Engine.
*
* @param autoUpdate indicates whether or not data should be updated from
* the Internet.
* the Internet
* @deprecated This function should no longer be used;
* the autoupdate flag should be set using:
* <code>Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, value);</code>
*/
@Deprecated
public Engine(boolean autoUpdate) {
if (autoUpdate) {
doUpdates();
@@ -92,10 +106,10 @@ public class Engine {
analyzers.put(phase, new ArrayList<Analyzer>());
}
AnalyzerService service = AnalyzerService.getInstance();
Iterator<Analyzer> iterator = service.getAnalyzers();
final AnalyzerService service = AnalyzerService.getInstance();
final Iterator<Analyzer> iterator = service.getAnalyzers();
while (iterator.hasNext()) {
Analyzer a = iterator.next();
final Analyzer a = iterator.next();
analyzers.get(a.getAnalysisPhase()).add(a);
if (a.getSupportedExtensions() != null) {
extensions.addAll(a.getSupportedExtensions());
@@ -114,7 +128,7 @@ public class Engine {
}
/**
* Get the dependencies identified
* Get the dependencies identified.
*
* @return the dependencies identified
*/
@@ -130,7 +144,19 @@ public class Engine {
* @param path the path to a file or directory to be analyzed.
*/
public void scan(String path) {
File file = new File(path);
final File file = new File(path);
scan(file);
}
/**
* Scans a given file or directory. If a directory is specified, it will be
* scanned recursively. Any dependencies identified are added to the
* dependency collection.
*
* @since v0.3.2.4
*
* @param file the path to a file or directory to be analyzed.
*/
public void scan(File file) {
if (file.exists()) {
if (file.isDirectory()) {
scanDirectory(file);
@@ -139,7 +165,6 @@ public class Engine {
}
}
}
/**
* Recursively scans files and directories. Any dependencies identified are
* added to the dependency collection.
@@ -147,12 +172,14 @@ public class Engine {
* @param dir the directory to scan.
*/
protected void scanDirectory(File dir) {
File[] files = dir.listFiles();
for (File f : files) {
if (f.isDirectory()) {
scanDirectory(f);
} else {
scanFile(f);
final File[] files = dir.listFiles();
if (files != null) {
for (File f : files) {
if (f.isDirectory()) {
scanDirectory(f);
} else {
scanFile(f);
}
}
}
}
@@ -165,18 +192,19 @@ public class Engine {
*/
protected void scanFile(File file) {
if (!file.isFile()) {
String msg = String.format("Path passed to scanFile(File) is not a file: %s.", file.toString());
Logger.getLogger(Engine.class.getName()).log(Level.WARNING, msg);
final String msg = String.format("Path passed to scanFile(File) is not a file: %s. Skipping the file.", file.toString());
Logger.getLogger(Engine.class.getName()).log(Level.FINE, msg);
return;
}
String fileName = file.getName();
String extension = FileUtils.getFileExtension(fileName);
final String fileName = file.getName();
final String extension = FileUtils.getFileExtension(fileName);
if (extension != null) {
if (extensions.contains(extension)) {
Dependency dependency = new Dependency(file);
final Dependency dependency = new Dependency(file);
dependencies.add(dependency);
}
} else {
String msg = String.format("No file extension found on file '%s'. The file was not analyzed.",
final String msg = String.format("No file extension found on file '%s'. The file was not analyzed.",
file.toString());
Logger.getLogger(Engine.class.getName()).log(Level.FINEST, msg);
}
@@ -186,31 +214,37 @@ public class Engine {
* Runs the analyzers against all of the dependencies.
*/
public void analyzeDependencies() {
//phase one initilize
//phase one initialize
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
final List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
try {
a.initialize();
} catch (Exception ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE,
"Exception occured initializing " + a.getName() + ".", ex);
final String msg = String.format("\"Exception occurred initializing \"%s\".\"", a.getName());
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, msg);
Logger.getLogger(Engine.class.getName()).log(Level.INFO, msg, ex);
try {
a.close();
} catch (Exception ex1) {
Logger.getLogger(Engine.class.getName()).log(Level.FINER, null, ex1);
Logger.getLogger(Engine.class.getName()).log(Level.FINEST, null, ex1);
}
continue;
}
}
}
// analysis phases
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
final List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
for (Dependency d : dependencies) {
/* need to create a copy of the collection because some of the
* analyzers may modify it. This prevents ConcurrentModificationExceptions.
* This is okay for adds/deletes because it happens per analyzer.
*/
final Set<Dependency> dependencySet = new HashSet<Dependency>();
dependencySet.addAll(dependencies);
for (Dependency d : dependencySet) {
if (a.supportsExtension(d.getFileExtension())) {
try {
a.analyze(d, this);
@@ -224,30 +258,32 @@ public class Engine {
//close/cleanup
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
final List<Analyzer> analyzerList = analyzers.get(phase);
for (Analyzer a : analyzerList) {
try {
a.close();
} catch (Exception ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(Engine.class.getName()).log(Level.FINEST, null, ex);
}
}
}
}
/**
*
* Cycles through the cached web data sources and calls update on all of them.
*/
private void doUpdates() {
UpdateService service = UpdateService.getInstance();
Iterator<CachedWebDataSource> iterator = service.getDataSources();
final UpdateService service = UpdateService.getInstance();
final Iterator<CachedWebDataSource> iterator = service.getDataSources();
while (iterator.hasNext()) {
CachedWebDataSource source = iterator.next();
final CachedWebDataSource source = iterator.next();
try {
source.update();
} catch (UpdateException ex) {
Logger.getLogger(Engine.class.getName()).log(Level.SEVERE,
"Unable to update " + source.getClass().getName(), ex);
Logger.getLogger(Engine.class.getName()).log(Level.WARNING,
"Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.");
Logger.getLogger(Engine.class.getName()).log(Level.FINE,
String.format("Unable to update details for %s", source.getClass().getName()), ex);
}
}
}
@@ -258,9 +294,9 @@ public class Engine {
* @return a list of Analyzers
*/
public List<Analyzer> getAnalyzers() {
List<Analyzer> ret = new ArrayList<Analyzer>();
final List<Analyzer> ret = new ArrayList<Analyzer>();
for (AnalysisPhase phase : AnalysisPhase.values()) {
List<Analyzer> analyzerList = analyzers.get(phase);
final List<Analyzer> analyzerList = analyzers.get(phase);
ret.addAll(analyzerList);
}
return ret;

37
src/main/java/org/codesecure/dependencycheck/analyzer/AbstractAnalyzer.java → src/main/java/org/owasp/dependencycheck/analyzer/AbstractAnalyzer.java
View File

@@ -1,29 +1,30 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
package org.owasp.dependencycheck.analyzer;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public abstract class AbstractAnalyzer implements Analyzer {
@@ -37,12 +38,26 @@ public abstract class AbstractAnalyzer implements Analyzer {
* @return a Set of strings.
*/
protected static Set<String> newHashSet(String... strings) {
Set<String> set = new HashSet<String>();
final Set<String> set = new HashSet<String>();
//yes, in Java7 we could use Array.toList(...) - but I'm trying to keep this Java 6 compliant.
for (String s : strings) {
set.add(s);
}
Collections.addAll(set, strings);
return set;
}
/**
* The initialize method does nothing for this Analyzer.
* @throws Exception thrown if there is an exception
*/
public void initialize() throws Exception {
//do nothing
}
/**
* The close method does nothing for this Analyzer.
* @throws Exception thrown if there is an exception
*/
public void close() throws Exception {
//do nothing
}
}

15
src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java → src/main/java/org/owasp/dependencycheck/analyzer/AnalysisException.java
View File

@@ -1,30 +1,33 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
package org.owasp.dependencycheck.analyzer;
/**
* An exception thrown when the analysis of a dependency fails.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class AnalysisException extends Exception {
/**
* The serial version UID for serialization.
*/
private static final long serialVersionUID = 1L;
/**

34
src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisPhase.java → src/main/java/org/owasp/dependencycheck/analyzer/AnalysisPhase.java
View File

@@ -1,56 +1,64 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
package org.owasp.dependencycheck.analyzer;
/**
* An enumeration defining the phases of analysis.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public enum AnalysisPhase {
/**
* The first phase of analysis.
* Initialization phase.
*/
INITIAL,
/**
* The second phase of analysis.
* Information collection phase.
*/
INFORMATION_COLLECTION,
/**
* The third phase of analysis.
* Pre identifier analysis phase.
*/
PRE_IDENTIFIER_ANALYSIS,
/**
* The fourth phase of analysis.
* Identifier analysis phase.
*/
IDENTIFIER_ANALYSIS,
/**
* The fifth phase of analysis.
* Post identifier analysis phase.
*/
POST_IDENTIFIER_ANALYSIS,
/**
* The sixth phase of analysis.
* Pre finding analysis phase.
*/
PRE_FINDING_ANALYSIS,
/**
* Finding analysis phase.
*/
FINDING_ANALYSIS,
/**
* The seventh and final phase of analysis.
* Post analysis phase.
*/
POST_FINDING_ANALYSIS,
/**
* The final analysis phase.
*/
FINAL
}

20
src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java → src/main/java/org/owasp/dependencycheck/analyzer/Analyzer.java
View File

@@ -1,39 +1,39 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
package org.owasp.dependencycheck.analyzer;
import java.util.Set;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
/**
* An interface that defines an Analyzer that is used to identify Dependencies.
* An analyzer will collect information about the dependency in the form of
* Evidence.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public interface Analyzer {
/**
* Analyzes the given dependency. The analysis could be anything from
* identifying an Idenifier for the dependency, to finding vulnerabilities,
* identifying an Identifier for the dependency, to finding vulnerabilities,
* etc. Additionally, if the analyzer collects enough information to add a
* description or license information for the dependency it should be added.
*
@@ -71,7 +71,7 @@ public interface Analyzer {
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by tihs
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
boolean supportsExtension(String extension);

28
src/main/java/org/codesecure/dependencycheck/analyzer/AnalyzerService.java → src/main/java/org/owasp/dependencycheck/analyzer/AnalyzerService.java
View File

@@ -1,37 +1,43 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
package org.owasp.dependencycheck.analyzer;
import java.util.Iterator;
import java.util.ServiceLoader;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class AnalyzerService {
private static AnalyzerService service;
private ServiceLoader<Analyzer> loader;
public final class AnalyzerService {
/**
* Creates a new instance of AnalyzerService
* The analyzer service singleton.
*/
private static AnalyzerService service;
/**
* The service loader for analyzers.
*/
private final ServiceLoader<Analyzer> loader;
/**
* Creates a new instance of AnalyzerService.
*/
private AnalyzerService() {
loader = ServiceLoader.load(Analyzer.class);

297
src/main/java/org/owasp/dependencycheck/analyzer/DependencyBundlingAnalyzer.java Normal file
View File

@@ -0,0 +1,297 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.HashSet;
import java.util.Iterator;
import java.util.ListIterator;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
/**
* <p>This analyzer ensures dependencies that should be grouped together, to
* remove excess noise from the report, are grouped. An example would be Spring,
* Spring Beans, Spring MVC, etc. If they are all for the same version and have
* the same relative path then these should be grouped into a single dependency
* under the core/main library.</p>
* <p>Note, this grouping only works on dependencies with identified CVE
* entries</p>
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Analyzer {
//<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
/**
* A pattern for obtaining the first part of a filename.
*/
private static final Pattern STARTING_TEXT_PATTERN = Pattern.compile("^[a-zA-Z]*");
/**
* a flag indicating if this analyzer has run. This analyzer only runs once.
*/
private boolean analyzed = false;
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = null;
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Dependency Bundling Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_FINDING_ANALYSIS;
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
* @param extension the file extension to test for support
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
return true;
}
/**
* Returns the phase that the analyzer is intended to run in.
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
//</editor-fold>
/**
* Analyzes a set of dependencies. If they have been found to have the same
* base path and the same set of identifiers they are likely related. The
* related dependencies are bundled into a single reportable item.
*
* @param ignore this analyzer ignores the dependency being analyzed
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency ignore, Engine engine) throws AnalysisException {
if (!analyzed) {
analyzed = true;
final Set<Dependency> dependenciesToRemove = new HashSet<Dependency>();
final ListIterator<Dependency> mainIterator = engine.getDependencies().listIterator();
//for (Dependency nextDependency : engine.getDependencies()) {
while (mainIterator.hasNext()) {
final Dependency dependency = mainIterator.next();
if (mainIterator.hasNext()) {
final ListIterator<Dependency> subIterator = engine.getDependencies().listIterator(mainIterator.nextIndex());
while (subIterator.hasNext()) {
final Dependency nextDependency = subIterator.next();
if (identifiersMatch(dependency, nextDependency)
&& hasSameBasePath(dependency, nextDependency)
&& fileNameMatch(dependency, nextDependency)) {
if (isCore(dependency, nextDependency)) {
dependency.addRelatedDependency(nextDependency);
//move any "related dependencies" to the new "parent" dependency
final Iterator<Dependency> i = nextDependency.getRelatedDependencies().iterator();
while (i.hasNext()) {
dependency.addRelatedDependency(i.next());
i.remove();
}
dependenciesToRemove.add(nextDependency);
} else {
if (isCore(nextDependency, dependency)) {
nextDependency.addRelatedDependency(dependency);
//move any "related dependencies" to the new "parent" dependency
final Iterator<Dependency> i = dependency.getRelatedDependencies().iterator();
while (i.hasNext()) {
nextDependency.addRelatedDependency(i.next());
i.remove();
}
dependenciesToRemove.add(dependency);
}
}
}
}
}
}
//removing dependencies here as ensuring correctness and avoiding ConcurrentUpdateExceptions
// was difficult because of the inner iterator.
for (Dependency d : dependenciesToRemove) {
engine.getDependencies().remove(d);
}
}
}
/**
* Attempts to trim a maven repo to a common base path. This is typically
* [drive]\[repo_location]\repository\[path1]\[path2].
*
* @param path the path to trim
* @return a string representing the base path.
*/
private String getBaseRepoPath(final String path) {
int pos = path.indexOf("repository" + File.separator) + 11;
if (pos < 0) {
return path;
}
int tmp = path.indexOf(File.separator, pos);
if (tmp <= 0) {
return path;
}
if (tmp > 0) {
pos = tmp + 1;
}
tmp = path.indexOf(File.separator, pos);
if (tmp > 0) {
pos = tmp + 1;
}
return path.substring(0, pos);
}
/**
* Returns true if the file names (and version if it exists) of the two
* dependencies are sufficiently similiar.
* @param dependency1 a dependency2 to compare
* @param dependency2 a dependency2 to compare
* @return true if the identifiers in the two supplied dependencies are equal
*/
private boolean fileNameMatch(Dependency dependency1, Dependency dependency2) {
if (dependency1 == null || dependency1.getFileName() == null
|| dependency2 == null || dependency2.getFileName() == null) {
return false;
}
final String fileName1 = dependency1.getFileName();
final String fileName2 = dependency2.getFileName();
//version check
final DependencyVersion version1 = DependencyVersionUtil.parseVersionFromFileName(fileName1);
final DependencyVersion version2 = DependencyVersionUtil.parseVersionFromFileName(fileName2);
if (version1 != null && version2 != null) {
if (!version1.equals(version2)) {
return false;
}
}
//filename check
final Matcher match1 = STARTING_TEXT_PATTERN.matcher(fileName1);
final Matcher match2 = STARTING_TEXT_PATTERN.matcher(fileName2);
if (match1.find() && match2.find()) {
return match1.group().equals(match2.group());
}
return false;
}
/**
* Returns true if the identifiers in the two supplied dependencies are equal.
* @param dependency1 a dependency2 to compare
* @param dependency2 a dependency2 to compare
* @return true if the identifiers in the two supplied dependencies are equal
*/
private boolean identifiersMatch(Dependency dependency1, Dependency dependency2) {
if (dependency1 == null || dependency1.getIdentifiers() == null
|| dependency2 == null || dependency2.getIdentifiers() == null) {
return false;
}
return dependency1.getIdentifiers().size() > 0
&& dependency2.getIdentifiers().equals(dependency1.getIdentifiers());
}
/**
* Determines if the two dependencies have the same base path.
* @param dependency1 a Dependency object
* @param dependency2 a Dependency object
* @return true if the base paths of the dependencies are identical
*/
private boolean hasSameBasePath(Dependency dependency1, Dependency dependency2) {
if (dependency1 == null || dependency2 == null) {
return false;
}
final File lFile = new File(dependency1.getFilePath());
String left = lFile.getParent();
final File rFile = new File(dependency2.getFilePath());
String right = rFile.getParent();
if (left == null) {
if (right == null) {
return true;
}
return false;
}
if (left.equalsIgnoreCase(right)) {
return true;
}
if (left.matches(".*[/\\\\]repository[/\\\\].*") && right.matches(".*[/\\\\]repository[/\\\\].*")) {
left = getBaseRepoPath(left);
right = getBaseRepoPath(right);
}
return left.equalsIgnoreCase(right);
}
/**
* This is likely a very broken attempt at determining if the 'left'
* dependency is the 'core' library in comparison to the 'right' library.
*
* TODO - consider splitting on /\._-\s/ and checking if all of one side is fully contained in the other
* With the exception of the word "core". This might work even on groups when we don't have a CVE.
*
* @param left the dependency to test
* @param right the dependency to test against
* @return a boolean indicating whether or not the left dependency should be
* considered the "core" version.
*/
private boolean isCore(Dependency left, Dependency right) {
final String leftName = left.getFileName().toLowerCase();
final String rightName = right.getFileName().toLowerCase();
if (rightName.contains("core") && !leftName.contains("core")) {
return false;
} else if (!rightName.contains("core") && leftName.contains("core")) {
return true;
} else {
//TODO should we be splitting the name on [-_(.\d)+] and seeing if the
// parts are contained in the other side?
if (leftName.length() > rightName.length()) {
return false;
}
return true;
}
}
}

234
src/main/java/org/owasp/dependencycheck/analyzer/FalsePositiveAnalyzer.java Normal file
View File

@@ -0,0 +1,234 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.cpe.Entry;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
/**
* This analyzer attempts to remove some well known false positives -
* specifically regarding the java runtime.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FalsePositiveAnalyzer extends AbstractAnalyzer {
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = null;
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "False Positive Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_IDENTIFIER_ANALYSIS;
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
* @param extension the file extension to test for support
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
return true;
}
/**
* Returns the phase that the analyzer is intended to run in.
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
//</editor-fold>
/**
* Analyzes the dependencies and removes bad/incorrect CPE associations
* based on various heuristics.
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
removeJreEntries(dependency);
removeBadMatches(dependency);
boolean deepScan = false;
try {
deepScan = Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN);
} catch (InvalidSettingException ex) {
Logger.getLogger(FalsePositiveAnalyzer.class.getName()).log(Level.INFO, "deepscan setting is incorrect; expected a boolean.", ex);
}
if (!deepScan) {
removeSpuriousCPE(dependency);
}
}
/**
* Intended to remove spurious CPE entries.
*
* @param dependency the dependency being analyzed
*/
private void removeSpuriousCPE(Dependency dependency) {
final List<Identifier> ids = new ArrayList<Identifier>();
ids.addAll(dependency.getIdentifiers());
final ListIterator<Identifier> mainItr = ids.listIterator();
while (mainItr.hasNext()) {
final Identifier currentId = mainItr.next();
final Entry currentCpe = parseCpe(currentId.getType(), currentId.getValue());
if (currentCpe == null) {
continue;
}
final ListIterator<Identifier> subItr = ids.listIterator(mainItr.nextIndex());
while (subItr.hasNext()) {
final Identifier nextId = subItr.next();
final Entry nextCpe = parseCpe(nextId.getType(), nextId.getValue());
if (nextCpe == null) {
continue;
}
if (currentCpe.getVendor().equals(nextCpe.getVendor())) {
if (currentCpe.getProduct().equals(nextCpe.getProduct())) {
// see if one is contained in the other.. remove the contained one from dependency.getIdentifier
final String mainVersion = currentCpe.getVersion();
final String nextVersion = nextCpe.getVersion();
if (mainVersion.length() < nextVersion.length()) {
if (nextVersion.startsWith(mainVersion)) {
//remove mainVersion
dependency.getIdentifiers().remove(currentId);
}
} else {
if (mainVersion.startsWith(nextVersion)) {
//remove nextVersion
dependency.getIdentifiers().remove(nextId);
}
}
} else {
if (currentCpe.getVersion().equals(nextCpe.getVersion())) {
//same vendor and version - but different products
// are we dealing with something like Axis & Axis2
final String currentProd = currentCpe.getProduct();
final String nextProd = nextCpe.getProduct();
if (currentProd.startsWith(nextProd)) {
dependency.getIdentifiers().remove(nextId);
}
if (nextProd.startsWith(currentProd)) {
dependency.getIdentifiers().remove(currentId);
}
}
}
}
}
}
}
/**
* Removes any CPE entries for the JDK/JRE unless the filename ends with
* rt.jar
*
* @param dependency the dependency to remove JRE CPEs from
*/
private void removeJreEntries(Dependency dependency) {
final Set<Identifier> identifiers = dependency.getIdentifiers();
final Iterator<Identifier> itr = identifiers.iterator();
while (itr.hasNext()) {
final Identifier i = itr.next();
if ((i.getValue().startsWith("cpe:/a:sun:java:")
|| i.getValue().startsWith("cpe:/a:sun:java_se")
|| i.getValue().startsWith("cpe:/a:oracle:java_se")
|| i.getValue().startsWith("cpe:/a:oracle:jre")
|| i.getValue().startsWith("cpe:/a:oracle:jdk"))
&& !dependency.getFileName().toLowerCase().endsWith("rt.jar")) {
itr.remove();
}
}
}
/**
* Parses a CPE string into an Entry.
* @param type the type of identifier
* @param value the cpe identifier to parse
* @return an Entry constructed from the identifier
*/
private Entry parseCpe(String type, String value) {
if (!"cpe".equals(type)) {
return null;
}
final Entry cpe = new Entry();
try {
cpe.parseName(value);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(FalsePositiveAnalyzer.class.getName()).log(Level.FINEST, null, ex);
return null;
}
return cpe;
}
/**
* Removes bad CPE matches for a dependency. Unfortunately, right now
* these are hard-coded patches for specific problems identified when
* testing this ona LARGE volume of jar files.
* @param dependency the dependency to analyze
*/
private void removeBadMatches(Dependency dependency) {
final Set<Identifier> identifiers = dependency.getIdentifiers();
final Iterator<Identifier> itr = identifiers.iterator();
while (itr.hasNext()) {
final Identifier i = itr.next();
//TODO move this startswith expression to a configuration file?
if (i.getValue().startsWith("cpe:/a:apache:xerces-c++:")
&& dependency.getFileName().toLowerCase().endsWith(".jar")) {
itr.remove();
}
}
}
}

46
src/main/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzer.java → src/main/java/org/owasp/dependencycheck/analyzer/FileNameAnalyzer.java
View File

@@ -1,36 +1,37 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.analyzer;
package org.owasp.dependencycheck.analyzer;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import java.util.Set;
import org.codesecure.dependencycheck.Engine;
import org.owasp.dependencycheck.Engine;
/**
*
* Takes a dependency and analyzes the filename and determines the hashes.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FileNameAnalyzer implements Analyzer {
public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The name of the analyzer.
*/
@@ -46,7 +47,6 @@ public class FileNameAnalyzer implements Analyzer {
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
@@ -55,7 +55,6 @@ public class FileNameAnalyzer implements Analyzer {
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
@@ -64,9 +63,8 @@ public class FileNameAnalyzer implements Analyzer {
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by tihs
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
@@ -75,12 +73,12 @@ public class FileNameAnalyzer implements Analyzer {
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
//</editor-fold>
/**
* Collects information about the file name.
@@ -93,9 +91,9 @@ public class FileNameAnalyzer implements Analyzer {
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
String fileName = dependency.getFileName();
int pos = fileName.lastIndexOf(".");
final int pos = fileName.lastIndexOf(".");
if (pos > 0) {
fileName = fileName.substring(0, pos - 1);
fileName = fileName.substring(0, pos);
}
dependency.getProductEvidence().addEvidence("file", "name",
@@ -109,18 +107,4 @@ public class FileNameAnalyzer implements Analyzer {
fileName, Evidence.Confidence.HIGH);
}
}
/**
* The initialize method does nothing for this Analyzer
*/
public void initialize() {
//do nothing
}
/**
* The close method does nothing for this Analyzer
*/
public void close() {
//do nothing
}
}

118
src/main/java/org/owasp/dependencycheck/analyzer/HintAnalyzer.java Normal file
View File

@@ -0,0 +1,118 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.util.Set;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Hint Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_IDENTIFIER_ANALYSIS;
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = null;
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
return true;
}
/**
* Returns the phase that the analyzer is intended to run in.
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
//</editor-fold>
/**
* The HintAnalyzer uses knowledge about a dependency to add additional information
* to help in identification of identifiers or vulnerabilities.
* @param dependency The dependency being analyzed
* @param engine The scanning engine
* @throws AnalysisException is thrown if there is an exception analyzing the dependency.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
final Evidence springTest1 = new Evidence("Manifest",
"Implementation-Title",
"Spring Framework",
Evidence.Confidence.HIGH);
final Evidence springTest2 = new Evidence("Manifest",
"Implementation-Title",
"org.springframework.core",
Evidence.Confidence.HIGH);
final Evidence springTest3 = new Evidence("Manifest",
"Bundle-Vendor",
"SpringSource",
Evidence.Confidence.HIGH);
Set<Evidence> evidence = dependency.getProductEvidence().getEvidence();
if (evidence.contains(springTest1) || evidence.contains(springTest2)) {
dependency.getProductEvidence().addEvidence("a priori", "product", "springsource_spring_framework", Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "SpringSource", Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "vmware", Evidence.Confidence.HIGH);
}
evidence = dependency.getVendorEvidence().getEvidence();
if (evidence.contains(springTest3)) {
dependency.getProductEvidence().addEvidence("a priori", "product", "springsource_spring_framework", Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("a priori", "vendor", "vmware", Evidence.Confidence.HIGH);
}
}
}

866
src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java Normal file
View File

@@ -0,0 +1,866 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import java.io.File;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBException;
import javax.xml.parsers.ParserConfigurationException;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.sax.SAXSource;
import org.jsoup.Jsoup;
import org.owasp.dependencycheck.analyzer.pom.MavenNamespaceFilter;
import org.owasp.dependencycheck.analyzer.pom.generated.License;
import org.owasp.dependencycheck.analyzer.pom.generated.Model;
import org.owasp.dependencycheck.analyzer.pom.generated.Organization;
import org.owasp.dependencycheck.utils.NonClosingStream;
import org.owasp.dependencycheck.utils.Settings;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLFilter;
import org.xml.sax.XMLReader;
/**
*
* Used to load a JAR file and collect information that can be used to determine
* the associated CPE.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
//<editor-fold defaultstate="collapsed" desc="Constants and Member Variables">
/**
* The system independent newline character.
*/
private static final String NEWLINE = System.getProperty("line.separator");
/**
* A list of elements in the manifest to ignore.
*/
private static final Set<String> IGNORE_LIST = newHashSet(
"built-by",
"created-by",
"builtby",
"createdby",
"build-jdk",
"buildjdk",
"ant-version",
"antversion",
"import-package",
"export-package",
"importpackage",
"exportpackage",
"sealed",
"manifest-version",
"archiver-version",
"manifestversion",
"archiverversion",
"classpath",
"class-path",
"tool",
"bundle-manifestversion",
"bundlemanifestversion",
"include-resource");
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_VERSION = "Bundle-Version"; //: 2.1.2
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_DESCRIPTION = "Bundle-Description"; //: Apache Struts 2
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_NAME = "Bundle-Name"; //: Struts 2 Core
/**
* item in some manifest, should be considered medium confidence.
*/
private static final String BUNDLE_VENDOR = "Bundle-Vendor"; //: Apache Software Foundation
/**
* A pattern to detect HTML within text.
*/
private static final Pattern HTML_DETECTION_PATTERN = Pattern.compile("\\<[a-z]+.*/?\\>", Pattern.CASE_INSENSITIVE);
/**
* The unmarshaller used to parse the pom.xml from a JAR file.
*/
private Unmarshaller pomUnmarshaller;
//</editor-fold>
/**
* Constructs a new JarAnalyzer.
*/
public JarAnalyzer() {
try {
final JAXBContext jaxbContext = JAXBContext.newInstance("org.owasp.dependencycheck.analyzer.pom.generated");
pomUnmarshaller = jaxbContext.createUnmarshaller();
} catch (JAXBException ex) { //guess we will just have a null pointer exception later...
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.SEVERE, "Unable to load parser. See the log for more details.");
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
}
}
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "Jar Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("jar");
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
return EXTENSIONS.contains(extension);
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
//</editor-fold>
/**
* Loads a specified JAR file and collects information from the manifest and
* checksums to identify the correct CPE information.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
boolean addPackagesAsEvidence = false;
//todo - catch should be more granular here, one for each call likely
//todo - think about sources/javadoc jars, should we remove or move to related dependency?
try {
final boolean hasManifest = parseManifest(dependency);
final boolean hasPOM = analyzePOM(dependency);
final boolean deepScan = Settings.getBoolean(Settings.KEYS.PERFORM_DEEP_SCAN);
if ((!hasManifest && !hasPOM) || deepScan) {
addPackagesAsEvidence = true;
}
final boolean hasClasses = analyzePackageNames(dependency, addPackagesAsEvidence);
if (!hasClasses
&& (dependency.getFileName().toLowerCase().endsWith("-sources.jar")
|| dependency.getFileName().toLowerCase().endsWith("-javadoc.jar")
|| dependency.getFileName().toLowerCase().endsWith("-src.jar")
|| dependency.getFileName().toLowerCase().endsWith("-doc.jar"))) {
engine.getDependencies().remove(dependency);
}
} catch (IOException ex) {
throw new AnalysisException("Exception occurred reading the JAR file.", ex);
}
}
/**
* Attempts to find a pom.xml within the JAR file. If found it extracts
* information and adds it to the evidence. This will attempt to interpolate
* the strings contained within the pom.properties if one exists.
*
* @param dependency the dependency being analyzed.
* @throws AnalysisException is thrown if there is an exception parsing the pom.
* @return whether or not evidence was added to the dependency
*/
protected boolean analyzePOM(Dependency dependency) throws AnalysisException {
boolean foundSomething = false;
final JarFile jar;
try {
jar = new JarFile(dependency.getActualFilePath());
} catch (IOException ex) {
final String msg = String.format("Unable to read JarFile '%s'.", dependency.getActualFilePath());
final AnalysisException ax = new AnalysisException(msg, ex);
dependency.getAnalysisExceptions().add(ax);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, null, ex);
return foundSomething;
}
List<String> pomEntries;
try {
pomEntries = retrievePomListing(jar);
} catch (IOException ex) {
final String msg = String.format("Unable to read Jar file entries in '%s'.", dependency.getActualFilePath());
final AnalysisException ax = new AnalysisException(msg, ex);
dependency.getAnalysisExceptions().add(ax);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.INFO, msg, ex);
return foundSomething;
}
for (String path : pomEntries) {
Properties pomProperties = null;
try {
pomProperties = retrievePomProperties(path, jar);
} catch (IOException ex) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINEST, "ignore this, failed reading a non-existent pom.properties", ex);
}
Model pom = null;
try {
pom = retrievePom(path, jar);
} catch (JAXBException ex) {
final String msg = String.format("Unable to parse POM '%s' in '%s'",
path, dependency.getFilePath());
final AnalysisException ax = new AnalysisException(msg, ex);
dependency.getAnalysisExceptions().add(ax);
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ax);
} catch (IOException ex) {
final String msg = String.format("Unable to retrieve POM '%s' in '%s'",
path, dependency.getFilePath());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex);
}
foundSomething = setPomEvidence(dependency, pom, pomProperties) || foundSomething;
}
return foundSomething;
}
/**
* Given a path to a pom.xml within a JarFile, this method attempts to load
* a sibling pom.properties if one exists.
* @param path the path to the pom.xml within the JarFile
* @param jar the JarFile to load the pom.properties from
* @return a Properties object or null if no pom.properties was found
* @throws IOException thrown if there is an exception reading the pom.properties
*/
@edu.umd.cs.findbugs.annotations.SuppressWarnings(value = "OS_OPEN_STREAM",
justification = "The reader is closed by closing the zipEntry")
private Properties retrievePomProperties(String path, final JarFile jar) throws IOException {
Properties pomProperties = null;
final String propPath = path.substring(0, path.length() - 7) + "pom.properies";
final ZipEntry propEntry = jar.getEntry(propPath);
if (propEntry != null) {
final Reader reader = new InputStreamReader(jar.getInputStream(propEntry), "UTF-8");
pomProperties = new Properties();
pomProperties.load(reader);
}
return pomProperties;
}
/**
* Searches a JarFile for pom.xml entries and returns a listing of these entries.
* @param jar the JarFile to search
* @return a list of pom.xml entries
* @throws IOException thrown if there is an exception reading a JarEntry
*/
private List<String> retrievePomListing(final JarFile jar) throws IOException {
final List<String> pomEntries = new ArrayList<String>();
final Enumeration<JarEntry> entries = jar.entries();
while (entries.hasMoreElements()) {
final JarEntry entry = entries.nextElement();
final String entryName = (new File(entry.getName())).getName().toLowerCase();
if (!entry.isDirectory() && "pom.xml".equals(entryName)) {
pomEntries.add(entry.getName());
}
}
return pomEntries;
}
/**
* Retrieves the specified POM from a jar file and converts it to a Model.
* @param path the path to the pom.xml file within the jar file
* @param jar the jar file to extract the pom from
* @return returns a {@link org.owasp.dependencycheck.analyzer.pom.generated.Model} object
* @throws JAXBException is thrown if there is an exception parsing the pom
* @throws IOException is thrown if there is an exception reading the jar
*/
private Model retrievePom(String path, JarFile jar) throws JAXBException, IOException {
final ZipEntry entry = jar.getEntry(path);
if (entry != null) { //should never be null
Model m = null;
try {
final XMLFilter filter = new MavenNamespaceFilter();
final SAXParserFactory spf = SAXParserFactory.newInstance();
final SAXParser sp = spf.newSAXParser();
final XMLReader xr = sp.getXMLReader();
filter.setParent(xr);
final NonClosingStream stream = new NonClosingStream(jar.getInputStream(entry));
final InputStreamReader reader = new InputStreamReader(stream, "UTF-8");
final InputSource xml = new InputSource(reader);
final SAXSource source = new SAXSource(filter, xml);
final JAXBElement<Model> el = pomUnmarshaller.unmarshal(source, Model.class);
m = el.getValue();
} catch (ParserConfigurationException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex);
} catch (SAXException ex) {
final String msg = String.format("Unable to parse pom '%s' in jar '%s'", path, jar.getName());
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.FINE, msg, ex);
}
return m;
}
return null;
}
/**
* Sets evidence from the pom on the supplied dependency.
* @param dependency the dependency to set data on
* @param pom the information from the pom
* @param pomProperties the pom properties file (null if none exists)
* @return true if there was evidence within the pom that we could use; otherwise false
*/
private boolean setPomEvidence(Dependency dependency, Model pom, Properties pomProperties) {
boolean foundSomething = false;
if (pom == null) {
return foundSomething;
}
//group id
final String groupid = interpolateString(pom.getGroupId(), pomProperties);
if (groupid != null) {
foundSomething = true;
dependency.getVendorEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.HIGH);
dependency.getProductEvidence().addEvidence("pom", "groupid", groupid, Evidence.Confidence.LOW);
}
//artifact id
final String artifactid = interpolateString(pom.getArtifactId(), pomProperties);
if (artifactid != null) {
foundSomething = true;
dependency.getProductEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("pom", "artifactid", artifactid, Evidence.Confidence.LOW);
}
//version
final String version = interpolateString(pom.getVersion(), pomProperties);
if (version != null) {
foundSomething = true;
dependency.getVersionEvidence().addEvidence("pom", "version", version, Evidence.Confidence.HIGH);
}
// org name
final Organization org = pom.getOrganization();
if (org != null && org.getName() != null) {
foundSomething = true;
final String orgName = interpolateString(org.getName(), pomProperties);
dependency.getVendorEvidence().addEvidence("pom", "organization name", orgName, Evidence.Confidence.HIGH);
}
//pom name
final String pomName = interpolateString(pom.getName(), pomProperties);
if (pomName != null) {
foundSomething = true;
dependency.getProductEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
dependency.getVendorEvidence().addEvidence("pom", "name", pomName, Evidence.Confidence.HIGH);
}
//Description
if (pom.getDescription() != null) {
foundSomething = true;
String description = interpolateString(pom.getDescription(), pomProperties);
if (HTML_DETECTION_PATTERN.matcher(description).find()) {
description = Jsoup.parse(description).text();
}
dependency.setDescription(description);
dependency.getProductEvidence().addEvidence("pom", "description", description, Evidence.Confidence.MEDIUM);
dependency.getVendorEvidence().addEvidence("pom", "description", description, Evidence.Confidence.MEDIUM);
}
//license
if (pom.getLicenses() != null) {
String license = null;
for (License lic : pom.getLicenses().getLicense()) {
String tmp = null;
if (lic.getName() != null) {
tmp = interpolateString(lic.getName(), pomProperties);
}
if (lic.getUrl() != null) {
if (tmp == null) {
tmp = interpolateString(lic.getUrl(), pomProperties);
} else {
tmp += ": " + interpolateString(lic.getUrl(), pomProperties);
}
}
if (tmp == null) {
continue;
}
if (HTML_DETECTION_PATTERN.matcher(tmp).find()) {
tmp = Jsoup.parse(tmp).text();
}
if (license == null) {
license = tmp;
} else {
license += "\n" + tmp;
}
}
if (license != null) {
dependency.setLicense(license);
}
}
return foundSomething;
}
/**
* Analyzes the path information of the classes contained within the
* JarAnalyzer to try and determine possible vendor or product names. If any
* are found they are stored in the packageVendor and packageProduct
* hashSets.
*
* @param dependency A reference to the dependency.
* @param addPackagesAsEvidence a flag indicating whether or not package
* names should be added as evidence.
* @return returns true or false depending on whether classes were identified in the JAR
* @throws IOException is thrown if there is an error reading the JAR file.
*/
protected boolean analyzePackageNames(Dependency dependency, boolean addPackagesAsEvidence)
throws IOException {
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
final Enumeration en = jar.entries();
final HashMap<String, Integer> level0 = new HashMap<String, Integer>();
final HashMap<String, Integer> level1 = new HashMap<String, Integer>();
final HashMap<String, Integer> level2 = new HashMap<String, Integer>();
final HashMap<String, Integer> level3 = new HashMap<String, Integer>();
final int count = collectPackageNameInformation(en, level0, level1, level2, level3);
if (count == 0) {
return false;
}
final EvidenceCollection vendor = dependency.getVendorEvidence();
final EvidenceCollection product = dependency.getProductEvidence();
for (String s : level0.keySet()) {
if (!"org".equals(s) && !"com".equals(s)) {
vendor.addWeighting(s);
product.addWeighting(s);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
product.addEvidence("jar", "package", s, Evidence.Confidence.LOW);
}
}
}
for (String s : level1.keySet()) {
float ratio = level1.get(s);
ratio /= count;
if (ratio > 0.5) {
final String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
} else {
vendor.addWeighting(parts[0]);
product.addWeighting(parts[1]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
}
}
}
}
for (String s : level2.keySet()) {
float ratio = level2.get(s);
ratio /= count;
if (ratio > 0.4) {
final String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
product.addWeighting(parts[2]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
}
}
}
}
for (String s : level3.keySet()) {
float ratio = level3.get(s);
ratio /= count;
if (ratio > 0.3) {
final String[] parts = s.split("/");
if ("org".equals(parts[0]) || "com".equals(parts[0])) {
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
} else {
vendor.addWeighting(parts[0]);
vendor.addWeighting(parts[1]);
vendor.addWeighting(parts[2]);
product.addWeighting(parts[1]);
product.addWeighting(parts[2]);
product.addWeighting(parts[3]);
if (addPackagesAsEvidence) {
vendor.addEvidence("jar", "package", parts[0], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
vendor.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[1], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[2], Evidence.Confidence.LOW);
product.addEvidence("jar", "package", parts[3], Evidence.Confidence.LOW);
}
}
}
}
} finally {
if (jar != null) {
jar.close();
}
}
return true;
}
/**
* <p>Reads the manifest from the JAR file and collects the entries. Some
* key entries are:</p> <ul><li>Implementation Title</li> <li>Implementation
* Version</li> <li>Implementation Vendor</li> <li>Implementation
* VendorId</li> <li>Bundle Name</li> <li>Bundle Version</li> <li>Bundle
* Vendor</li> <li>Bundle Description</li> <li>Main Class</li> </ul>
* However, all but a handful of specific entries are read in.
*
* @param dependency A reference to the dependency.
* @return whether evidence was identified parsing the manifest.
* @throws IOException if there is an issue reading the JAR file.
*/
protected boolean parseManifest(Dependency dependency) throws IOException {
boolean foundSomething = false;
JarFile jar = null;
try {
jar = new JarFile(dependency.getActualFilePath());
final Manifest manifest = jar.getManifest();
if (manifest == null) {
//don't log this for javadoc or sources jar files
if (!dependency.getFileName().toLowerCase().endsWith("-sources.jar")
&& !dependency.getFileName().toLowerCase().endsWith("-javadoc.jar")
&& !dependency.getFileName().toLowerCase().endsWith("-src.jar")
&& !dependency.getFileName().toLowerCase().endsWith("-doc.jar")) {
Logger.getLogger(JarAnalyzer.class.getName()).log(Level.INFO,
String.format("Jar file '%s' does not contain a manifest.",
dependency.getFileName()));
}
return false;
}
final Attributes atts = manifest.getMainAttributes();
final EvidenceCollection vendorEvidence = dependency.getVendorEvidence();
final EvidenceCollection productEvidence = dependency.getProductEvidence();
final EvidenceCollection versionEvidence = dependency.getVersionEvidence();
final String source = "Manifest";
for (Entry<Object, Object> entry : atts.entrySet()) {
String key = entry.getKey().toString();
String value = atts.getValue(key);
if (HTML_DETECTION_PATTERN.matcher(value).find()) {
value = Jsoup.parse(value).text();
}
if (key.equals(Attributes.Name.IMPLEMENTATION_TITLE.toString())) {
foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VERSION.toString())) {
foundSomething = true;
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR.toString())) {
foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.IMPLEMENTATION_VENDOR_ID.toString())) {
foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_DESCRIPTION)) {
foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
dependency.setDescription(value);
} else if (key.equals(BUNDLE_NAME)) {
foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.equals(BUNDLE_VENDOR)) {
foundSomething = true;
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(BUNDLE_VERSION)) {
foundSomething = true;
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.HIGH);
} else if (key.equals(Attributes.Name.MAIN_CLASS.toString())) {
foundSomething = true;
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else {
key = key.toLowerCase();
if (!IGNORE_LIST.contains(key)
&& !key.endsWith("jdk")
&& !key.contains("lastmodified")
&& !key.endsWith("package")
&& !key.endsWith("classpath")
&& !key.endsWith("class-path")
&& !isImportPackage(key, value)) {
foundSomething = true;
if (key.contains("version")) {
versionEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("title")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("vendor")) {
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("name")) {
productEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.MEDIUM);
} else if (key.contains("license")) {
addLicense(dependency, value);
} else {
if (key.contains("description")) {
addDescription(dependency, value);
}
productEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
vendorEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
if (value.matches(".*\\d.*")) {
final StringTokenizer tokenizer = new StringTokenizer(value, " ");
while (tokenizer.hasMoreElements()) {
final String s = tokenizer.nextToken();
if (s.matches("^[0-9.]+$")) {
versionEvidence.addEvidence(source, key, s, Evidence.Confidence.LOW);
}
}
//versionEvidence.addEvidence(source, key, value, Evidence.Confidence.LOW);
}
}
}
}
}
} finally {
if (jar != null) {
jar.close();
}
}
return foundSomething;
}
/**
* Adds a description to the given dependency.
*
* @param d a dependency
* @param description the description
*/
private void addDescription(Dependency d, String description) {
if (d.getDescription() == null) {
d.setDescription(description);
}
}
/**
* Adds a license to the given dependency.
*
* @param d a dependency
* @param license the license
*/
private void addLicense(Dependency d, String license) {
if (d.getLicense() == null) {
d.setLicense(license);
} else if (!d.getLicense().contains(license)) {
d.setLicense(d.getLicense() + NEWLINE + license);
}
}
/**
* The initialize method does nothing for this Analyzer.
*/
public void initialize() {
//do nothing
}
/**
* The close method does nothing for this Analyzer.
*/
public void close() {
//do nothing
}
/**
* A utility function that will interpolate strings based on values given in
* the properties file. It will also interpolate the strings contained
* within the properties file so that properties can reference other
* properties.
*
* @param text the string that contains references to properties.
* @param properties a collection of properties that may be referenced
* within the text.
* @return the interpolated text.
*/
protected String interpolateString(String text, Properties properties) {
//${project.build.directory}
if (properties == null || text == null) {
return text;
}
final int pos = text.indexOf("${");
if (pos < 0) {
return text;
}
final int end = text.indexOf("}");
if (end < pos) {
return text;
}
final String propName = text.substring(pos + 2, end);
String propValue = interpolateString(properties.getProperty(propName), properties);
if (propValue == null) {
propValue = "";
}
final StringBuilder sb = new StringBuilder(propValue.length() + text.length());
sb.append(text.subSequence(0, pos));
sb.append(propValue);
sb.append(text.substring(end + 1));
return interpolateString(sb.toString(), properties); //yes yes, this should be a loop...
}
/**
* Determines if the key value pair from the manifest is for an "import" type
* entry for package names.
* @param key the key from the manifest
* @param value the value from the manifest
* @return true or false depending on if it is believed the entry is an "import" entry
*/
private boolean isImportPackage(String key, String value) {
final Pattern packageRx = Pattern.compile("^((([a-zA-Z_#\\$0-9]\\.)+)\\s*\\;\\s*)+$");
if (packageRx.matcher(value).matches()) {
return (key.contains("import") || key.contains("include"));
}
return false;
}
/**
* Cycles through an enumeration of JarEntries and collects level 0-3 directory
* structure names. This is helpful when analyzing vendor/product as many times
* this is included in the package name. This does not analyze core Java package
* names.
*
* @param en an Enumeration of JarEntries
* @param level0 HashMap of level 0 package names (e.g. org)
* @param level1 HashMap of level 1 package names (e.g. owasp)
* @param level2 HashMap of level 2 package names (e.g. dependencycheck)
* @param level3 HashMap of level 3 package names (e.g. analyzer)
* @return the number of entries processed that were included in the above HashMaps
*/
private int collectPackageNameInformation(Enumeration en, HashMap<String, Integer> level0,
HashMap<String, Integer> level1, HashMap<String, Integer> level2, HashMap<String, Integer> level3) {
int count = 0;
while (en.hasMoreElements()) {
final JarEntry entry = (JarEntry) en.nextElement();
if (entry.getName().endsWith(".class")) {
String[] path;
if (entry.getName().contains("/")) {
path = entry.getName().toLowerCase().split("/");
if ("java".equals(path[0])
|| "javax".equals(path[0])
|| ("com".equals(path[0]) && "sun".equals(path[0]))) {
continue;
}
} else {
path = new String[1];
path[0] = entry.getName();
}
count += 1;
String temp = path[0];
if (level0.containsKey(temp)) {
level0.put(temp, level0.get(temp) + 1);
} else {
level0.put(temp, 1);
}
if (path.length > 2) {
temp += "/" + path[1];
if (level1.containsKey(temp)) {
level1.put(temp, level1.get(temp) + 1);
} else {
level1.put(temp, 1);
}
}
if (path.length > 3) {
temp += "/" + path[2];
if (level2.containsKey(temp)) {
level2.put(temp, level2.get(temp) + 1);
} else {
level2.put(temp, 1);
}
}
if (path.length > 4) {
temp += "/" + path[3];
if (level3.containsKey(temp)) {
level3.put(temp, level3.get(temp) + 1);
} else {
level3.put(temp, 1);
}
}
}
}
return count;
}
}

121
src/main/java/org/owasp/dependencycheck/analyzer/JavaScriptAnalyzer.java Normal file
View File

@@ -0,0 +1,121 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import java.util.Set;
import java.util.regex.Pattern;
/**
*
* Used to load a JAR file and collect information that can be used to determine
* the associated CPE.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
//<editor-fold defaultstate="collapsed" desc="All standard implmentation details of Analyzer">
/**
* The name of the analyzer.
*/
private static final String ANALYZER_NAME = "JavaScript Analyzer";
/**
* The phase that this analyzer is intended to run in.
*/
private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
/**
* The set of file extensions supported by this analyzer.
*/
private static final Set<String> EXTENSIONS = newHashSet("js");
/**
* Returns a list of file EXTENSIONS supported by this analyzer.
*
* @return a list of file EXTENSIONS supported by this analyzer.
*/
public Set<String> getSupportedExtensions() {
return EXTENSIONS;
}
/**
* Returns the name of the analyzer.
*
* @return the name of the analyzer.
*/
public String getName() {
return ANALYZER_NAME;
}
/**
* Returns whether or not this analyzer can process the given extension.
*
* @param extension the file extension to test for support.
* @return whether or not the specified file extension is supported by this
* analyzer.
*/
public boolean supportsExtension(String extension) {
return EXTENSIONS.contains(extension);
}
/**
* Returns the phase that the analyzer is intended to run in.
*
* @return the phase that the analyzer is intended to run in.
*/
public AnalysisPhase getAnalysisPhase() {
return ANALYSIS_PHASE;
}
//</editor-fold>
/**
* Loads a specified JAR file and collects information from the manifest and
* checksums to identify the correct CPE information.
*
* @param dependency the dependency to analyze.
* @param engine the engine that is scanning the dependencies
* @throws AnalysisException is thrown if there is an error reading the JAR
* file.
*/
public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
final Pattern extractComments = Pattern.compile("(/\\*([^*]|[\\r\\n]|(\\*+([^*/]|[\\r\\n])))*\\*+/)|(//.*)");
}
/**
* The initialize method does nothing for this Analyzer.
*
* @throws Exception thrown if there is an exception
*/
@Override
public void initialize() throws Exception {
//do nothing
}
/**
* The close method does nothing for this Analyzer.
*
* @throws Exception thrown if there is an exception
*/
@Override
public void close() throws Exception {
//do nothing
}
}

13
src/main/java/org/owasp/dependencycheck/analyzer/package-info.java Normal file
View File

@@ -0,0 +1,13 @@
/**
* <html>
* <head>
* <title>org.owasp.dependencycheck.analyzer</title>
* </head>
* <body>
* Analyzers are used to inspect the identified dependencies, collect Evidence,
* and process the dependencies.
* </body>
* </html>
*/
package org.owasp.dependencycheck.analyzer;

93
src/main/java/org/owasp/dependencycheck/analyzer/pom/MavenNamespaceFilter.java Normal file
View File

@@ -0,0 +1,93 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2013 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.analyzer.pom;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.XMLFilterImpl;
/**
* This filter is used when parsing POM documents. Some POM documents
* do not specify the xmlns="http://maven.apache.org/POM/4.0.0". This
* filter ensures that the correct namespace is added so that both
* types of POMs can be read.
* @author Jeremy Long (jeremy.long@gmail.com)
*/
public class MavenNamespaceFilter extends XMLFilterImpl {
/**
* The namespace to add for Maven POMs.
*/
private static final String NAMESPACE = "http://maven.apache.org/POM/4.0.0";
/**
* A flag indicating whether or not the namespace (prefix) has been added.
*/
private boolean namespaceAdded = false;
/**
* Called at the start of the document parsing.
* @throws SAXException thrown if there is a SAXException
*/
@Override
public void startDocument() throws SAXException {
super.startDocument();
startPrefixMapping("", NAMESPACE);
}
/**
* Called when an element is started.
* @param uri the uri
* @param localName the localName
* @param qName the qualified name
* @param atts the attributes
* @throws SAXException thrown if there is a SAXException
*/
@Override
public void startElement(String uri, String localName, String qName, Attributes atts) throws SAXException {
super.startElement(NAMESPACE, localName, qName, atts);
}
/**
* Indicatees the start of the document.
* @param uri the uri
* @param localName the localName
* @param qName the qualified name
* @throws SAXException thrown if there is a SAXException
*/
@Override
public void endElement(String uri, String localName, String qName)
throws SAXException {
super.endElement(NAMESPACE, localName, qName);
}
/**
* Called when prefix mapping is started.
* @param prefix the prefix
* @param url the url
* @throws SAXException thrown if there is a SAXException
*/
@Override
public void startPrefixMapping(String prefix, String url) throws SAXException {
if (!this.namespaceAdded) {
namespaceAdded = true;
super.startPrefixMapping("", NAMESPACE);
}
}
}

64
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Activation.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Activation.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -16,15 +16,15 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* The conditions within the build runtime environment which will trigger
* the automatic inclusion of the build profile.
*
*
*
*
* <p>Java class for Activation complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Activation">
* &lt;complexContent>
@@ -40,8 +40,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Activation", propOrder = {
@@ -64,11 +64,11 @@ public class Activation {
/**
* Gets the value of the activeByDefault property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isActiveByDefault() {
@@ -77,11 +77,11 @@ public class Activation {
/**
* Sets the value of the activeByDefault property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setActiveByDefault(Boolean value) {
@@ -90,11 +90,11 @@ public class Activation {
/**
* Gets the value of the jdk property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getJdk() {
@@ -103,11 +103,11 @@ public class Activation {
/**
* Sets the value of the jdk property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setJdk(String value) {
@@ -116,11 +116,11 @@ public class Activation {
/**
* Gets the value of the os property.
*
*
* @return
* possible object is
* {@link ActivationOS }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ActivationOS getOs() {
@@ -129,11 +129,11 @@ public class Activation {
/**
* Sets the value of the os property.
*
*
* @param value
* allowed object is
* {@link ActivationOS }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOs(ActivationOS value) {
@@ -142,11 +142,11 @@ public class Activation {
/**
* Gets the value of the property property.
*
*
* @return
* possible object is
* {@link ActivationProperty }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ActivationProperty getProperty() {
@@ -155,11 +155,11 @@ public class Activation {
/**
* Sets the value of the property property.
*
*
* @param value
* allowed object is
* {@link ActivationProperty }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setProperty(ActivationProperty value) {
@@ -168,11 +168,11 @@ public class Activation {
/**
* Gets the value of the file property.
*
*
* @return
* possible object is
* {@link ActivationFile }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ActivationFile getFile() {
@@ -181,11 +181,11 @@ public class Activation {
/**
* Sets the value of the file property.
*
*
* @param value
* allowed object is
* {@link ActivationFile }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFile(ActivationFile value) {

40
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/ActivationFile.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/ActivationFile.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -15,16 +15,16 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* This is the file specification used to activate the profile. The missing value will be the location
* of a file that needs to exist, and if it doesn't the profile will be activated. On the other hand exists will test
* for the existence of the file and if it is there the profile will be activated.
*
*
*
*
* <p>Java class for ActivationFile complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="ActivationFile">
* &lt;complexContent>
@@ -37,8 +37,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "ActivationFile", propOrder = {
@@ -54,11 +54,11 @@ public class ActivationFile {
/**
* Gets the value of the missing property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getMissing() {
@@ -67,11 +67,11 @@ public class ActivationFile {
/**
* Sets the value of the missing property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setMissing(String value) {
@@ -80,11 +80,11 @@ public class ActivationFile {
/**
* Gets the value of the exists property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getExists() {
@@ -93,11 +93,11 @@ public class ActivationFile {
/**
* Sets the value of the exists property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExists(String value) {

56
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/ActivationOS.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/ActivationOS.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -15,15 +15,15 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* This is an activator which will detect an operating system's attributes in order to activate
* its profile.
*
*
*
*
* <p>Java class for ActivationOS complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="ActivationOS">
* &lt;complexContent>
@@ -38,8 +38,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "ActivationOS", propOrder = {
@@ -59,11 +59,11 @@ public class ActivationOS {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -72,11 +72,11 @@ public class ActivationOS {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -85,11 +85,11 @@ public class ActivationOS {
/**
* Gets the value of the family property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getFamily() {
@@ -98,11 +98,11 @@ public class ActivationOS {
/**
* Sets the value of the family property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFamily(String value) {
@@ -111,11 +111,11 @@ public class ActivationOS {
/**
* Gets the value of the arch property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getArch() {
@@ -124,11 +124,11 @@ public class ActivationOS {
/**
* Sets the value of the arch property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setArch(String value) {
@@ -137,11 +137,11 @@ public class ActivationOS {
/**
* Gets the value of the version property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getVersion() {
@@ -150,11 +150,11 @@ public class ActivationOS {
/**
* Sets the value of the version property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVersion(String value) {

40
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/ActivationProperty.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/ActivationProperty.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -15,16 +15,16 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* This is the property specification used to activate a profile. If the value field is empty,
* then the existence of the named property will activate the profile, otherwise it does a case-sensitive
* match against the property value as well.
*
*
*
*
* <p>Java class for ActivationProperty complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="ActivationProperty">
* &lt;complexContent>
@@ -37,8 +37,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "ActivationProperty", propOrder = {
@@ -54,11 +54,11 @@ public class ActivationProperty {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -67,11 +67,11 @@ public class ActivationProperty {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -80,11 +80,11 @@ public class ActivationProperty {
/**
* Gets the value of the value property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getValue() {
@@ -93,11 +93,11 @@ public class ActivationProperty {
/**
* Sets the value of the value property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setValue(String value) {

232
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Build.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Build.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -18,11 +18,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* 3.0.0+
*
*
* <p>Java class for Build complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Build">
* &lt;complexContent>
@@ -97,8 +97,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Build", propOrder = {
@@ -138,11 +138,11 @@ public class Build {
/**
* Gets the value of the sourceDirectory property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSourceDirectory() {
@@ -151,11 +151,11 @@ public class Build {
/**
* Sets the value of the sourceDirectory property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSourceDirectory(String value) {
@@ -164,11 +164,11 @@ public class Build {
/**
* Gets the value of the scriptSourceDirectory property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getScriptSourceDirectory() {
@@ -177,11 +177,11 @@ public class Build {
/**
* Sets the value of the scriptSourceDirectory property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setScriptSourceDirectory(String value) {
@@ -190,11 +190,11 @@ public class Build {
/**
* Gets the value of the testSourceDirectory property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getTestSourceDirectory() {
@@ -203,11 +203,11 @@ public class Build {
/**
* Sets the value of the testSourceDirectory property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTestSourceDirectory(String value) {
@@ -216,11 +216,11 @@ public class Build {
/**
* Gets the value of the outputDirectory property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getOutputDirectory() {
@@ -229,11 +229,11 @@ public class Build {
/**
* Sets the value of the outputDirectory property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOutputDirectory(String value) {
@@ -242,11 +242,11 @@ public class Build {
/**
* Gets the value of the testOutputDirectory property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getTestOutputDirectory() {
@@ -255,11 +255,11 @@ public class Build {
/**
* Sets the value of the testOutputDirectory property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTestOutputDirectory(String value) {
@@ -268,11 +268,11 @@ public class Build {
/**
* Gets the value of the extensions property.
*
*
* @return
* possible object is
* {@link Build.Extensions }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Build.Extensions getExtensions() {
@@ -281,11 +281,11 @@ public class Build {
/**
* Sets the value of the extensions property.
*
*
* @param value
* allowed object is
* {@link Build.Extensions }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExtensions(Build.Extensions value) {
@@ -294,11 +294,11 @@ public class Build {
/**
* Gets the value of the defaultGoal property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDefaultGoal() {
@@ -307,11 +307,11 @@ public class Build {
/**
* Sets the value of the defaultGoal property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDefaultGoal(String value) {
@@ -320,11 +320,11 @@ public class Build {
/**
* Gets the value of the resources property.
*
*
* @return
* possible object is
* {@link Build.Resources }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Build.Resources getResources() {
@@ -333,11 +333,11 @@ public class Build {
/**
* Sets the value of the resources property.
*
*
* @param value
* allowed object is
* {@link Build.Resources }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setResources(Build.Resources value) {
@@ -346,11 +346,11 @@ public class Build {
/**
* Gets the value of the testResources property.
*
*
* @return
* possible object is
* {@link Build.TestResources }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Build.TestResources getTestResources() {
@@ -359,11 +359,11 @@ public class Build {
/**
* Sets the value of the testResources property.
*
*
* @param value
* allowed object is
* {@link Build.TestResources }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTestResources(Build.TestResources value) {
@@ -372,11 +372,11 @@ public class Build {
/**
* Gets the value of the directory property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDirectory() {
@@ -385,11 +385,11 @@ public class Build {
/**
* Sets the value of the directory property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDirectory(String value) {
@@ -398,11 +398,11 @@ public class Build {
/**
* Gets the value of the finalName property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getFinalName() {
@@ -411,11 +411,11 @@ public class Build {
/**
* Sets the value of the finalName property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFinalName(String value) {
@@ -424,11 +424,11 @@ public class Build {
/**
* Gets the value of the filters property.
*
*
* @return
* possible object is
* {@link Build.Filters }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Build.Filters getFilters() {
@@ -437,11 +437,11 @@ public class Build {
/**
* Sets the value of the filters property.
*
*
* @param value
* allowed object is
* {@link Build.Filters }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFilters(Build.Filters value) {
@@ -450,11 +450,11 @@ public class Build {
/**
* Gets the value of the pluginManagement property.
*
*
* @return
* possible object is
* {@link PluginManagement }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public PluginManagement getPluginManagement() {
@@ -463,11 +463,11 @@ public class Build {
/**
* Sets the value of the pluginManagement property.
*
*
* @param value
* allowed object is
* {@link PluginManagement }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPluginManagement(PluginManagement value) {
@@ -476,11 +476,11 @@ public class Build {
/**
* Gets the value of the plugins property.
*
*
* @return
* possible object is
* {@link Build.Plugins }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Build.Plugins getPlugins() {
@@ -489,11 +489,11 @@ public class Build {
/**
* Sets the value of the plugins property.
*
*
* @param value
* allowed object is
* {@link Build.Plugins }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPlugins(Build.Plugins value) {
@@ -503,9 +503,9 @@ public class Build {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -517,8 +517,8 @@ public class Build {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -532,25 +532,25 @@ public class Build {
/**
* Gets the value of the extension property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the extension property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getExtension().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Extension }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Extension> getExtension() {
@@ -565,9 +565,9 @@ public class Build {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -579,8 +579,8 @@ public class Build {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -594,25 +594,25 @@ public class Build {
/**
* Gets the value of the filter property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the filter property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getFilter().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getFilter() {
@@ -627,9 +627,9 @@ public class Build {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -641,8 +641,8 @@ public class Build {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -656,25 +656,25 @@ public class Build {
/**
* Gets the value of the plugin property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the plugin property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getPlugin().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Plugin }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Plugin> getPlugin() {
@@ -689,9 +689,9 @@ public class Build {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -703,8 +703,8 @@ public class Build {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -718,25 +718,25 @@ public class Build {
/**
* Gets the value of the resource property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the resource property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getResource().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Resource }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Resource> getResource() {
@@ -751,9 +751,9 @@ public class Build {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -765,8 +765,8 @@ public class Build {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -780,25 +780,25 @@ public class Build {
/**
* Gets the value of the testResource property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the testResource property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getTestResource().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Resource }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Resource> getTestResource() {

164
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/BuildBase.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/BuildBase.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -18,11 +18,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* 3.0.0+
*
*
* <p>Java class for BuildBase complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="BuildBase">
* &lt;complexContent>
@@ -81,8 +81,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "BuildBase", propOrder = {
@@ -110,11 +110,11 @@ public class BuildBase {
/**
* Gets the value of the defaultGoal property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDefaultGoal() {
@@ -123,11 +123,11 @@ public class BuildBase {
/**
* Sets the value of the defaultGoal property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDefaultGoal(String value) {
@@ -136,11 +136,11 @@ public class BuildBase {
/**
* Gets the value of the resources property.
*
*
* @return
* possible object is
* {@link BuildBase.Resources }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BuildBase.Resources getResources() {
@@ -149,11 +149,11 @@ public class BuildBase {
/**
* Sets the value of the resources property.
*
*
* @param value
* allowed object is
* {@link BuildBase.Resources }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setResources(BuildBase.Resources value) {
@@ -162,11 +162,11 @@ public class BuildBase {
/**
* Gets the value of the testResources property.
*
*
* @return
* possible object is
* {@link BuildBase.TestResources }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BuildBase.TestResources getTestResources() {
@@ -175,11 +175,11 @@ public class BuildBase {
/**
* Sets the value of the testResources property.
*
*
* @param value
* allowed object is
* {@link BuildBase.TestResources }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTestResources(BuildBase.TestResources value) {
@@ -188,11 +188,11 @@ public class BuildBase {
/**
* Gets the value of the directory property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDirectory() {
@@ -201,11 +201,11 @@ public class BuildBase {
/**
* Sets the value of the directory property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDirectory(String value) {
@@ -214,11 +214,11 @@ public class BuildBase {
/**
* Gets the value of the finalName property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getFinalName() {
@@ -227,11 +227,11 @@ public class BuildBase {
/**
* Sets the value of the finalName property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFinalName(String value) {
@@ -240,11 +240,11 @@ public class BuildBase {
/**
* Gets the value of the filters property.
*
*
* @return
* possible object is
* {@link BuildBase.Filters }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BuildBase.Filters getFilters() {
@@ -253,11 +253,11 @@ public class BuildBase {
/**
* Sets the value of the filters property.
*
*
* @param value
* allowed object is
* {@link BuildBase.Filters }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFilters(BuildBase.Filters value) {
@@ -266,11 +266,11 @@ public class BuildBase {
/**
* Gets the value of the pluginManagement property.
*
*
* @return
* possible object is
* {@link PluginManagement }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public PluginManagement getPluginManagement() {
@@ -279,11 +279,11 @@ public class BuildBase {
/**
* Sets the value of the pluginManagement property.
*
*
* @param value
* allowed object is
* {@link PluginManagement }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPluginManagement(PluginManagement value) {
@@ -292,11 +292,11 @@ public class BuildBase {
/**
* Gets the value of the plugins property.
*
*
* @return
* possible object is
* {@link BuildBase.Plugins }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BuildBase.Plugins getPlugins() {
@@ -305,11 +305,11 @@ public class BuildBase {
/**
* Sets the value of the plugins property.
*
*
* @param value
* allowed object is
* {@link BuildBase.Plugins }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPlugins(BuildBase.Plugins value) {
@@ -319,9 +319,9 @@ public class BuildBase {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -333,8 +333,8 @@ public class BuildBase {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -348,25 +348,25 @@ public class BuildBase {
/**
* Gets the value of the filter property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the filter property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getFilter().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getFilter() {
@@ -381,9 +381,9 @@ public class BuildBase {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -395,8 +395,8 @@ public class BuildBase {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -410,25 +410,25 @@ public class BuildBase {
/**
* Gets the value of the plugin property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the plugin property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getPlugin().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Plugin }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Plugin> getPlugin() {
@@ -443,9 +443,9 @@ public class BuildBase {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -457,8 +457,8 @@ public class BuildBase {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -472,25 +472,25 @@ public class BuildBase {
/**
* Gets the value of the resource property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the resource property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getResource().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Resource }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Resource> getResource() {
@@ -505,9 +505,9 @@ public class BuildBase {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -519,8 +519,8 @@ public class BuildBase {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -534,25 +534,25 @@ public class BuildBase {
/**
* Gets the value of the testResource property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the testResource property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getTestResource().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Resource }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Resource> getTestResource() {

64
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/CiManagement.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/CiManagement.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -18,11 +18,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* 4.0.0
*
*
* <p>Java class for CiManagement complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="CiManagement">
* &lt;complexContent>
@@ -46,8 +46,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "CiManagement", propOrder = {
@@ -65,11 +65,11 @@ public class CiManagement {
/**
* Gets the value of the system property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSystem() {
@@ -78,11 +78,11 @@ public class CiManagement {
/**
* Sets the value of the system property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSystem(String value) {
@@ -91,11 +91,11 @@ public class CiManagement {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -104,11 +104,11 @@ public class CiManagement {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {
@@ -117,11 +117,11 @@ public class CiManagement {
/**
* Gets the value of the notifiers property.
*
*
* @return
* possible object is
* {@link CiManagement.Notifiers }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public CiManagement.Notifiers getNotifiers() {
@@ -130,11 +130,11 @@ public class CiManagement {
/**
* Sets the value of the notifiers property.
*
*
* @param value
* allowed object is
* {@link CiManagement.Notifiers }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setNotifiers(CiManagement.Notifiers value) {
@@ -144,9 +144,9 @@ public class CiManagement {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -158,8 +158,8 @@ public class CiManagement {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -173,25 +173,25 @@ public class CiManagement {
/**
* Gets the value of the notifier property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the notifier property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getNotifier().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Notifier }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Notifier> getNotifier() {

128
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Contributor.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Contributor.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -19,16 +19,16 @@ import org.w3c.dom.Element;
/**
*
*
* Description of a person who has contributed to the project, but who does
* not have commit privileges. Usually, these contributions come in the
* form of patches submitted.
*
*
*
*
* <p>Java class for Contributor complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Contributor">
* &lt;complexContent>
@@ -67,8 +67,8 @@ import org.w3c.dom.Element;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Contributor", propOrder = {
@@ -96,11 +96,11 @@ public class Contributor {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -109,11 +109,11 @@ public class Contributor {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -122,11 +122,11 @@ public class Contributor {
/**
* Gets the value of the email property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getEmail() {
@@ -135,11 +135,11 @@ public class Contributor {
/**
* Sets the value of the email property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setEmail(String value) {
@@ -148,11 +148,11 @@ public class Contributor {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -161,11 +161,11 @@ public class Contributor {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {
@@ -174,11 +174,11 @@ public class Contributor {
/**
* Gets the value of the organization property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getOrganization() {
@@ -187,11 +187,11 @@ public class Contributor {
/**
* Sets the value of the organization property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOrganization(String value) {
@@ -200,11 +200,11 @@ public class Contributor {
/**
* Gets the value of the organizationUrl property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getOrganizationUrl() {
@@ -213,11 +213,11 @@ public class Contributor {
/**
* Sets the value of the organizationUrl property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOrganizationUrl(String value) {
@@ -226,11 +226,11 @@ public class Contributor {
/**
* Gets the value of the roles property.
*
*
* @return
* possible object is
* {@link Contributor.Roles }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Contributor.Roles getRoles() {
@@ -239,11 +239,11 @@ public class Contributor {
/**
* Sets the value of the roles property.
*
*
* @param value
* allowed object is
* {@link Contributor.Roles }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setRoles(Contributor.Roles value) {
@@ -252,11 +252,11 @@ public class Contributor {
/**
* Gets the value of the timezone property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getTimezone() {
@@ -265,11 +265,11 @@ public class Contributor {
/**
* Sets the value of the timezone property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTimezone(String value) {
@@ -278,11 +278,11 @@ public class Contributor {
/**
* Gets the value of the properties property.
*
*
* @return
* possible object is
* {@link Contributor.Properties }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Contributor.Properties getProperties() {
@@ -291,11 +291,11 @@ public class Contributor {
/**
* Sets the value of the properties property.
*
*
* @param value
* allowed object is
* {@link Contributor.Properties }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setProperties(Contributor.Properties value) {
@@ -305,9 +305,9 @@ public class Contributor {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -319,8 +319,8 @@ public class Contributor {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -335,25 +335,25 @@ public class Contributor {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {
@@ -368,9 +368,9 @@ public class Contributor {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -382,8 +382,8 @@ public class Contributor {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -397,25 +397,25 @@ public class Contributor {
/**
* Gets the value of the role property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the role property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getRole().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getRole() {

112
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Dependency.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Dependency.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -19,11 +19,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* 3.0.0+
*
*
* <p>Java class for Dependency complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Dependency">
* &lt;complexContent>
@@ -53,8 +53,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Dependency", propOrder = {
@@ -86,11 +86,11 @@ public class Dependency {
/**
* Gets the value of the groupId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getGroupId() {
@@ -99,11 +99,11 @@ public class Dependency {
/**
* Sets the value of the groupId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGroupId(String value) {
@@ -112,11 +112,11 @@ public class Dependency {
/**
* Gets the value of the artifactId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getArtifactId() {
@@ -125,11 +125,11 @@ public class Dependency {
/**
* Sets the value of the artifactId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setArtifactId(String value) {
@@ -138,11 +138,11 @@ public class Dependency {
/**
* Gets the value of the version property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getVersion() {
@@ -151,11 +151,11 @@ public class Dependency {
/**
* Sets the value of the version property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVersion(String value) {
@@ -164,11 +164,11 @@ public class Dependency {
/**
* Gets the value of the type property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getType() {
@@ -177,11 +177,11 @@ public class Dependency {
/**
* Sets the value of the type property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setType(String value) {
@@ -190,11 +190,11 @@ public class Dependency {
/**
* Gets the value of the classifier property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getClassifier() {
@@ -203,11 +203,11 @@ public class Dependency {
/**
* Sets the value of the classifier property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setClassifier(String value) {
@@ -216,11 +216,11 @@ public class Dependency {
/**
* Gets the value of the scope property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getScope() {
@@ -229,11 +229,11 @@ public class Dependency {
/**
* Sets the value of the scope property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setScope(String value) {
@@ -242,11 +242,11 @@ public class Dependency {
/**
* Gets the value of the systemPath property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSystemPath() {
@@ -255,11 +255,11 @@ public class Dependency {
/**
* Sets the value of the systemPath property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSystemPath(String value) {
@@ -268,11 +268,11 @@ public class Dependency {
/**
* Gets the value of the exclusions property.
*
*
* @return
* possible object is
* {@link Dependency.Exclusions }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Dependency.Exclusions getExclusions() {
@@ -281,11 +281,11 @@ public class Dependency {
/**
* Sets the value of the exclusions property.
*
*
* @param value
* allowed object is
* {@link Dependency.Exclusions }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExclusions(Dependency.Exclusions value) {
@@ -294,11 +294,11 @@ public class Dependency {
/**
* Gets the value of the optional property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isOptional() {
@@ -307,11 +307,11 @@ public class Dependency {
/**
* Sets the value of the optional property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOptional(Boolean value) {
@@ -321,9 +321,9 @@ public class Dependency {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -335,8 +335,8 @@ public class Dependency {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -350,25 +350,25 @@ public class Dependency {
/**
* Gets the value of the exclusion property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the exclusion property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getExclusion().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Exclusion }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Exclusion> getExclusion() {

52
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/DependencyManagement.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/DependencyManagement.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -17,14 +17,14 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* Section for management of default dependency information for use in a group of POMs.
*
*
*
*
* <p>Java class for DependencyManagement complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="DependencyManagement">
* &lt;complexContent>
@@ -46,8 +46,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "DependencyManagement", propOrder = {
@@ -61,11 +61,11 @@ public class DependencyManagement {
/**
* Gets the value of the dependencies property.
*
*
* @return
* possible object is
* {@link DependencyManagement.Dependencies }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public DependencyManagement.Dependencies getDependencies() {
@@ -74,11 +74,11 @@ public class DependencyManagement {
/**
* Sets the value of the dependencies property.
*
*
* @param value
* allowed object is
* {@link DependencyManagement.Dependencies }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDependencies(DependencyManagement.Dependencies value) {
@@ -88,9 +88,9 @@ public class DependencyManagement {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -102,8 +102,8 @@ public class DependencyManagement {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -117,25 +117,25 @@ public class DependencyManagement {
/**
* Gets the value of the dependency property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the dependency property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getDependency().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Dependency }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Dependency> getDependency() {

66
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/DeploymentRepository.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/DeploymentRepository.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -16,14 +16,14 @@ import javax.xml.bind.annotation.XmlType;
/**
*
* Repository contains the information needed for deploying to the remote repoistory.
*
*
*
* Repository contains the information needed for deploying to the remote repository.
*
*
* <p>Java class for DeploymentRepository complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="DeploymentRepository">
* &lt;complexContent>
@@ -39,8 +39,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "DeploymentRepository", propOrder = {
@@ -64,11 +64,11 @@ public class DeploymentRepository {
/**
* Gets the value of the uniqueVersion property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isUniqueVersion() {
@@ -77,11 +77,11 @@ public class DeploymentRepository {
/**
* Sets the value of the uniqueVersion property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUniqueVersion(Boolean value) {
@@ -90,11 +90,11 @@ public class DeploymentRepository {
/**
* Gets the value of the id property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
@@ -103,11 +103,11 @@ public class DeploymentRepository {
/**
* Sets the value of the id property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
@@ -116,11 +116,11 @@ public class DeploymentRepository {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -129,11 +129,11 @@ public class DeploymentRepository {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -142,11 +142,11 @@ public class DeploymentRepository {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -155,11 +155,11 @@ public class DeploymentRepository {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {
@@ -168,11 +168,11 @@ public class DeploymentRepository {
/**
* Gets the value of the layout property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getLayout() {
@@ -181,11 +181,11 @@ public class DeploymentRepository {
/**
* Sets the value of the layout property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLayout(String value) {

136
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Developer.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Developer.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -19,14 +19,14 @@ import org.w3c.dom.Element;
/**
*
*
* Information about one of the committers on this project.
*
*
*
*
* <p>Java class for Developer complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Developer">
* &lt;complexContent>
@@ -66,8 +66,8 @@ import org.w3c.dom.Element;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Developer", propOrder = {
@@ -97,11 +97,11 @@ public class Developer {
/**
* Gets the value of the id property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
@@ -110,11 +110,11 @@ public class Developer {
/**
* Sets the value of the id property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
@@ -123,11 +123,11 @@ public class Developer {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -136,11 +136,11 @@ public class Developer {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -149,11 +149,11 @@ public class Developer {
/**
* Gets the value of the email property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getEmail() {
@@ -162,11 +162,11 @@ public class Developer {
/**
* Sets the value of the email property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setEmail(String value) {
@@ -175,11 +175,11 @@ public class Developer {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -188,11 +188,11 @@ public class Developer {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {
@@ -201,11 +201,11 @@ public class Developer {
/**
* Gets the value of the organization property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getOrganization() {
@@ -214,11 +214,11 @@ public class Developer {
/**
* Sets the value of the organization property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOrganization(String value) {
@@ -227,11 +227,11 @@ public class Developer {
/**
* Gets the value of the organizationUrl property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getOrganizationUrl() {
@@ -240,11 +240,11 @@ public class Developer {
/**
* Sets the value of the organizationUrl property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOrganizationUrl(String value) {
@@ -253,11 +253,11 @@ public class Developer {
/**
* Gets the value of the roles property.
*
*
* @return
* possible object is
* {@link Developer.Roles }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Developer.Roles getRoles() {
@@ -266,11 +266,11 @@ public class Developer {
/**
* Sets the value of the roles property.
*
*
* @param value
* allowed object is
* {@link Developer.Roles }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setRoles(Developer.Roles value) {
@@ -279,11 +279,11 @@ public class Developer {
/**
* Gets the value of the timezone property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getTimezone() {
@@ -292,11 +292,11 @@ public class Developer {
/**
* Sets the value of the timezone property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTimezone(String value) {
@@ -305,11 +305,11 @@ public class Developer {
/**
* Gets the value of the properties property.
*
*
* @return
* possible object is
* {@link Developer.Properties }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Developer.Properties getProperties() {
@@ -318,11 +318,11 @@ public class Developer {
/**
* Sets the value of the properties property.
*
*
* @param value
* allowed object is
* {@link Developer.Properties }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setProperties(Developer.Properties value) {
@@ -332,9 +332,9 @@ public class Developer {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -346,8 +346,8 @@ public class Developer {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -362,25 +362,25 @@ public class Developer {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {
@@ -395,9 +395,9 @@ public class Developer {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -409,8 +409,8 @@ public class Developer {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -424,25 +424,25 @@ public class Developer {
/**
* Gets the value of the role property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the role property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getRole().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getRole() {

72
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/DistributionManagement.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/DistributionManagement.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -15,16 +15,16 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* This elements describes all that pertains to distribution for a project.
* It is primarily used for deployment of artifacts and the site
* produced by the build.
*
*
*
*
* <p>Java class for DistributionManagement complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="DistributionManagement">
* &lt;complexContent>
@@ -41,8 +41,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "DistributionManagement", propOrder = {
@@ -66,11 +66,11 @@ public class DistributionManagement {
/**
* Gets the value of the repository property.
*
*
* @return
* possible object is
* {@link DeploymentRepository }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public DeploymentRepository getRepository() {
@@ -79,11 +79,11 @@ public class DistributionManagement {
/**
* Sets the value of the repository property.
*
*
* @param value
* allowed object is
* {@link DeploymentRepository }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setRepository(DeploymentRepository value) {
@@ -92,11 +92,11 @@ public class DistributionManagement {
/**
* Gets the value of the snapshotRepository property.
*
*
* @return
* possible object is
* {@link DeploymentRepository }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public DeploymentRepository getSnapshotRepository() {
@@ -105,11 +105,11 @@ public class DistributionManagement {
/**
* Sets the value of the snapshotRepository property.
*
*
* @param value
* allowed object is
* {@link DeploymentRepository }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSnapshotRepository(DeploymentRepository value) {
@@ -118,11 +118,11 @@ public class DistributionManagement {
/**
* Gets the value of the site property.
*
*
* @return
* possible object is
* {@link Site }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Site getSite() {
@@ -131,11 +131,11 @@ public class DistributionManagement {
/**
* Sets the value of the site property.
*
*
* @param value
* allowed object is
* {@link Site }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSite(Site value) {
@@ -144,11 +144,11 @@ public class DistributionManagement {
/**
* Gets the value of the downloadUrl property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDownloadUrl() {
@@ -157,11 +157,11 @@ public class DistributionManagement {
/**
* Sets the value of the downloadUrl property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDownloadUrl(String value) {
@@ -170,11 +170,11 @@ public class DistributionManagement {
/**
* Gets the value of the relocation property.
*
*
* @return
* possible object is
* {@link Relocation }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Relocation getRelocation() {
@@ -183,11 +183,11 @@ public class DistributionManagement {
/**
* Sets the value of the relocation property.
*
*
* @param value
* allowed object is
* {@link Relocation }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setRelocation(Relocation value) {
@@ -196,11 +196,11 @@ public class DistributionManagement {
/**
* Gets the value of the status property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getStatus() {
@@ -209,11 +209,11 @@ public class DistributionManagement {
/**
* Sets the value of the status property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setStatus(String value) {

36
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Exclusion.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Exclusion.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -16,11 +16,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* 4.0.0
*
*
* <p>Java class for Exclusion complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Exclusion">
* &lt;complexContent>
@@ -33,8 +33,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Exclusion", propOrder = {
@@ -50,11 +50,11 @@ public class Exclusion {
/**
* Gets the value of the artifactId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getArtifactId() {
@@ -63,11 +63,11 @@ public class Exclusion {
/**
* Sets the value of the artifactId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setArtifactId(String value) {
@@ -76,11 +76,11 @@ public class Exclusion {
/**
* Gets the value of the groupId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getGroupId() {
@@ -89,11 +89,11 @@ public class Exclusion {
/**
* Sets the value of the groupId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGroupId(String value) {

44
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Extension.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Extension.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -16,11 +16,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* Describes a build extension to utilise.
*
*
* <p>Java class for Extension complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Extension">
* &lt;complexContent>
@@ -34,8 +34,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Extension", propOrder = {
@@ -53,11 +53,11 @@ public class Extension {
/**
* Gets the value of the groupId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getGroupId() {
@@ -66,11 +66,11 @@ public class Extension {
/**
* Sets the value of the groupId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGroupId(String value) {
@@ -79,11 +79,11 @@ public class Extension {
/**
* Gets the value of the artifactId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getArtifactId() {
@@ -92,11 +92,11 @@ public class Extension {
/**
* Sets the value of the artifactId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setArtifactId(String value) {
@@ -105,11 +105,11 @@ public class Extension {
/**
* Gets the value of the version property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getVersion() {
@@ -118,11 +118,11 @@ public class Extension {
/**
* Sets the value of the version property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVersion(String value) {

40
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/IssueManagement.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/IssueManagement.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -15,14 +15,14 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* Information about the issue tracking (or bug tracking) system used to manage this project.
*
*
*
*
* <p>Java class for IssueManagement complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="IssueManagement">
* &lt;complexContent>
@@ -35,8 +35,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "IssueManagement", propOrder = {
@@ -52,11 +52,11 @@ public class IssueManagement {
/**
* Gets the value of the system property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSystem() {
@@ -65,11 +65,11 @@ public class IssueManagement {
/**
* Sets the value of the system property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSystem(String value) {
@@ -78,11 +78,11 @@ public class IssueManagement {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -91,11 +91,11 @@ public class IssueManagement {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {

56
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/License.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/License.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -15,16 +15,16 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* Describes the licenses for this project. This is used to generate
* the license page of the project's web site, as well as being taken into consideration in other reporting and
* validation. The licenses listed for the project are that of the project itself, and not of dependencies.
*
*
*
*
* <p>Java class for License complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="License">
* &lt;complexContent>
@@ -39,8 +39,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "License", propOrder = {
@@ -60,11 +60,11 @@ public class License {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -73,11 +73,11 @@ public class License {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -86,11 +86,11 @@ public class License {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -99,11 +99,11 @@ public class License {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {
@@ -112,11 +112,11 @@ public class License {
/**
* Gets the value of the distribution property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDistribution() {
@@ -125,11 +125,11 @@ public class License {
/**
* Sets the value of the distribution property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDistribution(String value) {
@@ -138,11 +138,11 @@ public class License {
/**
* Gets the value of the comments property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getComments() {
@@ -151,11 +151,11 @@ public class License {
/**
* Sets the value of the comments property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setComments(String value) {

92
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/MailingList.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/MailingList.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -17,15 +17,15 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* This element describes all of the mailing lists associated with
* a project. The auto-generated site references this information.
*
*
*
*
* <p>Java class for MailingList complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="MailingList">
* &lt;complexContent>
@@ -52,8 +52,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "MailingList", propOrder = {
@@ -77,11 +77,11 @@ public class MailingList {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -90,11 +90,11 @@ public class MailingList {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -103,11 +103,11 @@ public class MailingList {
/**
* Gets the value of the subscribe property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getSubscribe() {
@@ -116,11 +116,11 @@ public class MailingList {
/**
* Sets the value of the subscribe property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSubscribe(String value) {
@@ -129,11 +129,11 @@ public class MailingList {
/**
* Gets the value of the unsubscribe property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUnsubscribe() {
@@ -142,11 +142,11 @@ public class MailingList {
/**
* Sets the value of the unsubscribe property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUnsubscribe(String value) {
@@ -155,11 +155,11 @@ public class MailingList {
/**
* Gets the value of the post property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getPost() {
@@ -168,11 +168,11 @@ public class MailingList {
/**
* Sets the value of the post property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPost(String value) {
@@ -181,11 +181,11 @@ public class MailingList {
/**
* Gets the value of the archive property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getArchive() {
@@ -194,11 +194,11 @@ public class MailingList {
/**
* Sets the value of the archive property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setArchive(String value) {
@@ -207,11 +207,11 @@ public class MailingList {
/**
* Gets the value of the otherArchives property.
*
*
* @return
* possible object is
* {@link MailingList.OtherArchives }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public MailingList.OtherArchives getOtherArchives() {
@@ -220,11 +220,11 @@ public class MailingList {
/**
* Sets the value of the otherArchives property.
*
*
* @param value
* allowed object is
* {@link MailingList.OtherArchives }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOtherArchives(MailingList.OtherArchives value) {
@@ -234,9 +234,9 @@ public class MailingList {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -248,8 +248,8 @@ public class MailingList {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -263,25 +263,25 @@ public class MailingList {
/**
* Gets the value of the otherArchive property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the otherArchive property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getOtherArchive().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getOtherArchive() {

484
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Model.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Model.java
View File

File diff suppressed because it is too large Load Diff

100
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Notifier.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Notifier.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -20,14 +20,14 @@ import org.w3c.dom.Element;
/**
*
*
* Configures one method for notifying users/developers when a build breaks.
*
*
*
*
* <p>Java class for Notifier complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Notifier">
* &lt;complexContent>
@@ -55,8 +55,8 @@ import org.w3c.dom.Element;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Notifier", propOrder = {
@@ -87,11 +87,11 @@ public class Notifier {
/**
* Gets the value of the type property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getType() {
@@ -100,11 +100,11 @@ public class Notifier {
/**
* Sets the value of the type property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setType(String value) {
@@ -113,11 +113,11 @@ public class Notifier {
/**
* Gets the value of the sendOnError property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isSendOnError() {
@@ -126,11 +126,11 @@ public class Notifier {
/**
* Sets the value of the sendOnError property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSendOnError(Boolean value) {
@@ -139,11 +139,11 @@ public class Notifier {
/**
* Gets the value of the sendOnFailure property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isSendOnFailure() {
@@ -152,11 +152,11 @@ public class Notifier {
/**
* Sets the value of the sendOnFailure property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSendOnFailure(Boolean value) {
@@ -165,11 +165,11 @@ public class Notifier {
/**
* Gets the value of the sendOnSuccess property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isSendOnSuccess() {
@@ -178,11 +178,11 @@ public class Notifier {
/**
* Sets the value of the sendOnSuccess property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSendOnSuccess(Boolean value) {
@@ -191,11 +191,11 @@ public class Notifier {
/**
* Gets the value of the sendOnWarning property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isSendOnWarning() {
@@ -204,11 +204,11 @@ public class Notifier {
/**
* Sets the value of the sendOnWarning property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSendOnWarning(Boolean value) {
@@ -217,11 +217,11 @@ public class Notifier {
/**
* Gets the value of the address property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getAddress() {
@@ -230,11 +230,11 @@ public class Notifier {
/**
* Sets the value of the address property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setAddress(String value) {
@@ -243,11 +243,11 @@ public class Notifier {
/**
* Gets the value of the configuration property.
*
*
* @return
* possible object is
* {@link Notifier.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Notifier.Configuration getConfiguration() {
@@ -256,11 +256,11 @@ public class Notifier {
/**
* Sets the value of the configuration property.
*
*
* @param value
* allowed object is
* {@link Notifier.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfiguration(Notifier.Configuration value) {
@@ -270,9 +270,9 @@ public class Notifier {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -284,8 +284,8 @@ public class Notifier {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -300,25 +300,25 @@ public class Notifier {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {

208
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/ObjectFactory.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/ObjectFactory.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.annotation.XmlElementDecl;
@@ -15,18 +15,18 @@ import javax.xml.namespace.QName;
/**
* This object contains factory methods for each
* Java content interface and Java element interface
* generated in the org.codesecure.dependencycheck.analyzer.pom.generated package.
* <p>An ObjectFactory allows you to programatically
* construct new instances of the Java representation
* for XML content. The Java representation of XML
* content can consist of schema derived interfaces
* and classes representing the binding of schema
* type definitions, element declarations and model
* groups. Factory methods for each of these are
* This object contains factory methods for each
* Java content interface and Java element interface
* generated in the org.owasp.dependencycheck.analyzer.pom.generated package.
* <p>An ObjectFactory allows you to programmatically
* construct new instances of the Java representation
* for XML content. The Java representation of XML
* content can consist of schema derived interfaces
* and classes representing the binding of schema
* type definitions, element declarations and model
* groups. Factory methods for each of these are
* provided in this class.
*
*
*/
@XmlRegistry
public class ObjectFactory {
@@ -34,15 +34,15 @@ public class ObjectFactory {
private final static QName _Project_QNAME = new QName("http://maven.apache.org/POM/4.0.0", "project");
/**
* Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.codesecure.dependencycheck.analyzer.pom.generated
*
* Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.owasp.dependencycheck.analyzer.pom.generated
*
*/
public ObjectFactory() {
}
/**
* Create an instance of {@link Model }
*
*
*/
public Model createModel() {
return new Model();
@@ -50,7 +50,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Reporting }
*
*
*/
public Reporting createReporting() {
return new Reporting();
@@ -58,7 +58,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Exclusion }
*
*
*/
public Exclusion createExclusion() {
return new Exclusion();
@@ -66,7 +66,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Build.Filters }
*
*
*/
public Build.Filters createBuildFilters() {
return new Build.Filters();
@@ -74,7 +74,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link ReportPlugin.Configuration }
*
*
*/
public ReportPlugin.Configuration createReportPluginConfiguration() {
return new ReportPlugin.Configuration();
@@ -82,7 +82,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link IssueManagement }
*
*
*/
public IssueManagement createIssueManagement() {
return new IssueManagement();
@@ -90,7 +90,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link PluginExecution.Goals }
*
*
*/
public PluginExecution.Goals createPluginExecutionGoals() {
return new PluginExecution.Goals();
@@ -98,7 +98,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link ReportPlugin }
*
*
*/
public ReportPlugin createReportPlugin() {
return new ReportPlugin();
@@ -106,7 +106,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Profile.Properties }
*
*
*/
public Profile.Properties createProfileProperties() {
return new Profile.Properties();
@@ -114,7 +114,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link ActivationProperty }
*
*
*/
public ActivationProperty createActivationProperty() {
return new ActivationProperty();
@@ -122,7 +122,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Build.Extensions }
*
*
*/
public Build.Extensions createBuildExtensions() {
return new Build.Extensions();
@@ -130,7 +130,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Plugin }
*
*
*/
public Plugin createPlugin() {
return new Plugin();
@@ -138,7 +138,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Profile.Dependencies }
*
*
*/
public Profile.Dependencies createProfileDependencies() {
return new Profile.Dependencies();
@@ -146,7 +146,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Resource.Excludes }
*
*
*/
public Resource.Excludes createResourceExcludes() {
return new Resource.Excludes();
@@ -154,7 +154,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Scm }
*
*
*/
public Scm createScm() {
return new Scm();
@@ -162,7 +162,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link ReportSet.Reports }
*
*
*/
public ReportSet.Reports createReportSetReports() {
return new ReportSet.Reports();
@@ -170,7 +170,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link PluginManagement }
*
*
*/
public PluginManagement createPluginManagement() {
return new PluginManagement();
@@ -178,7 +178,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link CiManagement.Notifiers }
*
*
*/
public CiManagement.Notifiers createCiManagementNotifiers() {
return new CiManagement.Notifiers();
@@ -186,7 +186,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.PluginRepositories }
*
*
*/
public Model.PluginRepositories createModelPluginRepositories() {
return new Model.PluginRepositories();
@@ -194,7 +194,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link ActivationFile }
*
*
*/
public ActivationFile createActivationFile() {
return new ActivationFile();
@@ -202,7 +202,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Developer.Roles }
*
*
*/
public Developer.Roles createDeveloperRoles() {
return new Developer.Roles();
@@ -210,7 +210,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link DeploymentRepository }
*
*
*/
public DeploymentRepository createDeploymentRepository() {
return new DeploymentRepository();
@@ -218,7 +218,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Contributor.Properties }
*
*
*/
public Contributor.Properties createContributorProperties() {
return new Contributor.Properties();
@@ -226,7 +226,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link DistributionManagement }
*
*
*/
public DistributionManagement createDistributionManagement() {
return new DistributionManagement();
@@ -234,7 +234,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link RepositoryPolicy }
*
*
*/
public RepositoryPolicy createRepositoryPolicy() {
return new RepositoryPolicy();
@@ -242,7 +242,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.Licenses }
*
*
*/
public Model.Licenses createModelLicenses() {
return new Model.Licenses();
@@ -250,7 +250,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Build.TestResources }
*
*
*/
public Build.TestResources createBuildTestResources() {
return new Build.TestResources();
@@ -258,7 +258,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Plugin.Goals }
*
*
*/
public Plugin.Goals createPluginGoals() {
return new Plugin.Goals();
@@ -266,7 +266,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Plugin.Executions }
*
*
*/
public Plugin.Executions createPluginExecutions() {
return new Plugin.Executions();
@@ -274,7 +274,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link DependencyManagement }
*
*
*/
public DependencyManagement createDependencyManagement() {
return new DependencyManagement();
@@ -282,7 +282,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.Reports }
*
*
*/
public Model.Reports createModelReports() {
return new Model.Reports();
@@ -290,7 +290,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Build }
*
*
*/
public Build createBuild() {
return new Build();
@@ -298,7 +298,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Build.Resources }
*
*
*/
public Build.Resources createBuildResources() {
return new Build.Resources();
@@ -306,7 +306,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link DependencyManagement.Dependencies }
*
*
*/
public DependencyManagement.Dependencies createDependencyManagementDependencies() {
return new DependencyManagement.Dependencies();
@@ -314,7 +314,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.Contributors }
*
*
*/
public Model.Contributors createModelContributors() {
return new Model.Contributors();
@@ -322,7 +322,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Build.Plugins }
*
*
*/
public Build.Plugins createBuildPlugins() {
return new Build.Plugins();
@@ -330,7 +330,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Extension }
*
*
*/
public Extension createExtension() {
return new Extension();
@@ -338,7 +338,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Organization }
*
*
*/
public Organization createOrganization() {
return new Organization();
@@ -346,7 +346,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link License }
*
*
*/
public License createLicense() {
return new License();
@@ -354,7 +354,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Activation }
*
*
*/
public Activation createActivation() {
return new Activation();
@@ -362,7 +362,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link ActivationOS }
*
*
*/
public ActivationOS createActivationOS() {
return new ActivationOS();
@@ -370,7 +370,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.Modules }
*
*
*/
public Model.Modules createModelModules() {
return new Model.Modules();
@@ -378,7 +378,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Profile.Repositories }
*
*
*/
public Profile.Repositories createProfileRepositories() {
return new Profile.Repositories();
@@ -386,7 +386,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.Dependencies }
*
*
*/
public Model.Dependencies createModelDependencies() {
return new Model.Dependencies();
@@ -394,7 +394,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link BuildBase.Resources }
*
*
*/
public BuildBase.Resources createBuildBaseResources() {
return new BuildBase.Resources();
@@ -402,7 +402,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Site }
*
*
*/
public Site createSite() {
return new Site();
@@ -410,7 +410,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link ReportPlugin.ReportSets }
*
*
*/
public ReportPlugin.ReportSets createReportPluginReportSets() {
return new ReportPlugin.ReportSets();
@@ -418,7 +418,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Plugin.Configuration }
*
*
*/
public Plugin.Configuration createPluginConfiguration() {
return new Plugin.Configuration();
@@ -426,7 +426,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Profile.PluginRepositories }
*
*
*/
public Profile.PluginRepositories createProfilePluginRepositories() {
return new Profile.PluginRepositories();
@@ -434,7 +434,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Dependency.Exclusions }
*
*
*/
public Dependency.Exclusions createDependencyExclusions() {
return new Dependency.Exclusions();
@@ -442,7 +442,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Prerequisites }
*
*
*/
public Prerequisites createPrerequisites() {
return new Prerequisites();
@@ -450,7 +450,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.Profiles }
*
*
*/
public Model.Profiles createModelProfiles() {
return new Model.Profiles();
@@ -458,7 +458,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.Properties }
*
*
*/
public Model.Properties createModelProperties() {
return new Model.Properties();
@@ -466,7 +466,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link BuildBase.Plugins }
*
*
*/
public BuildBase.Plugins createBuildBasePlugins() {
return new BuildBase.Plugins();
@@ -474,7 +474,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link BuildBase }
*
*
*/
public BuildBase createBuildBase() {
return new BuildBase();
@@ -482,7 +482,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link PluginManagement.Plugins }
*
*
*/
public PluginManagement.Plugins createPluginManagementPlugins() {
return new PluginManagement.Plugins();
@@ -490,7 +490,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Contributor.Roles }
*
*
*/
public Contributor.Roles createContributorRoles() {
return new Contributor.Roles();
@@ -498,7 +498,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link MailingList }
*
*
*/
public MailingList createMailingList() {
return new MailingList();
@@ -506,7 +506,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link CiManagement }
*
*
*/
public CiManagement createCiManagement() {
return new CiManagement();
@@ -514,7 +514,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.MailingLists }
*
*
*/
public Model.MailingLists createModelMailingLists() {
return new Model.MailingLists();
@@ -522,7 +522,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.Developers }
*
*
*/
public Model.Developers createModelDevelopers() {
return new Model.Developers();
@@ -530,7 +530,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Reporting.Plugins }
*
*
*/
public Reporting.Plugins createReportingPlugins() {
return new Reporting.Plugins();
@@ -538,7 +538,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Contributor }
*
*
*/
public Contributor createContributor() {
return new Contributor();
@@ -546,7 +546,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Profile.Reports }
*
*
*/
public Profile.Reports createProfileReports() {
return new Profile.Reports();
@@ -554,7 +554,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link BuildBase.TestResources }
*
*
*/
public BuildBase.TestResources createBuildBaseTestResources() {
return new BuildBase.TestResources();
@@ -562,7 +562,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Developer.Properties }
*
*
*/
public Developer.Properties createDeveloperProperties() {
return new Developer.Properties();
@@ -570,7 +570,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Plugin.Dependencies }
*
*
*/
public Plugin.Dependencies createPluginDependencies() {
return new Plugin.Dependencies();
@@ -578,7 +578,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Resource.Includes }
*
*
*/
public Resource.Includes createResourceIncludes() {
return new Resource.Includes();
@@ -586,7 +586,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Resource }
*
*
*/
public Resource createResource() {
return new Resource();
@@ -594,7 +594,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Repository }
*
*
*/
public Repository createRepository() {
return new Repository();
@@ -602,7 +602,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link BuildBase.Filters }
*
*
*/
public BuildBase.Filters createBuildBaseFilters() {
return new BuildBase.Filters();
@@ -610,7 +610,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link ReportSet }
*
*
*/
public ReportSet createReportSet() {
return new ReportSet();
@@ -618,7 +618,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Notifier.Configuration }
*
*
*/
public Notifier.Configuration createNotifierConfiguration() {
return new Notifier.Configuration();
@@ -626,7 +626,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Model.Repositories }
*
*
*/
public Model.Repositories createModelRepositories() {
return new Model.Repositories();
@@ -634,7 +634,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Dependency }
*
*
*/
public Dependency createDependency() {
return new Dependency();
@@ -642,7 +642,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Relocation }
*
*
*/
public Relocation createRelocation() {
return new Relocation();
@@ -650,7 +650,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link MailingList.OtherArchives }
*
*
*/
public MailingList.OtherArchives createMailingListOtherArchives() {
return new MailingList.OtherArchives();
@@ -658,7 +658,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link ReportSet.Configuration }
*
*
*/
public ReportSet.Configuration createReportSetConfiguration() {
return new ReportSet.Configuration();
@@ -666,7 +666,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Profile }
*
*
*/
public Profile createProfile() {
return new Profile();
@@ -674,7 +674,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link PluginExecution.Configuration }
*
*
*/
public PluginExecution.Configuration createPluginExecutionConfiguration() {
return new PluginExecution.Configuration();
@@ -682,7 +682,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Notifier }
*
*
*/
public Notifier createNotifier() {
return new Notifier();
@@ -690,7 +690,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Parent }
*
*
*/
public Parent createParent() {
return new Parent();
@@ -698,7 +698,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link PluginExecution }
*
*
*/
public PluginExecution createPluginExecution() {
return new PluginExecution();
@@ -706,7 +706,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Developer }
*
*
*/
public Developer createDeveloper() {
return new Developer();
@@ -714,7 +714,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link Profile.Modules }
*
*
*/
public Profile.Modules createProfileModules() {
return new Profile.Modules();
@@ -722,7 +722,7 @@ public class ObjectFactory {
/**
* Create an instance of {@link JAXBElement }{@code <}{@link Model }{@code >}}
*
*
*/
@XmlElementDecl(namespace = "http://maven.apache.org/POM/4.0.0", name = "project")
public JAXBElement<Model> createProject(Model value) {

36
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Organization.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Organization.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -16,11 +16,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* Specifies the organization that produces this project.
*
*
* <p>Java class for Organization complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Organization">
* &lt;complexContent>
@@ -33,8 +33,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Organization", propOrder = {
@@ -50,11 +50,11 @@ public class Organization {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -63,11 +63,11 @@ public class Organization {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -76,11 +76,11 @@ public class Organization {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -89,11 +89,11 @@ public class Organization {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {

52
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Parent.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Parent.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -17,11 +17,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* 4.0.0
*
*
* <p>Java class for Parent complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Parent">
* &lt;complexContent>
@@ -36,8 +36,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Parent", propOrder = {
@@ -58,11 +58,11 @@ public class Parent {
/**
* Gets the value of the artifactId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getArtifactId() {
@@ -71,11 +71,11 @@ public class Parent {
/**
* Sets the value of the artifactId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setArtifactId(String value) {
@@ -84,11 +84,11 @@ public class Parent {
/**
* Gets the value of the groupId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getGroupId() {
@@ -97,11 +97,11 @@ public class Parent {
/**
* Sets the value of the groupId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGroupId(String value) {
@@ -110,11 +110,11 @@ public class Parent {
/**
* Gets the value of the version property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getVersion() {
@@ -123,11 +123,11 @@ public class Parent {
/**
* Sets the value of the version property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVersion(String value) {
@@ -136,11 +136,11 @@ public class Parent {
/**
* Gets the value of the relativePath property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getRelativePath() {
@@ -149,11 +149,11 @@ public class Parent {
/**
* Sets the value of the relativePath property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setRelativePath(String value) {

172
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Plugin.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Plugin.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -21,11 +21,11 @@ import org.w3c.dom.Element;
/**
* 4.0.0
*
*
* <p>Java class for Plugin complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Plugin">
* &lt;complexContent>
@@ -85,8 +85,8 @@ import org.w3c.dom.Element;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Plugin", propOrder = {
@@ -118,11 +118,11 @@ public class Plugin {
/**
* Gets the value of the groupId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getGroupId() {
@@ -131,11 +131,11 @@ public class Plugin {
/**
* Sets the value of the groupId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGroupId(String value) {
@@ -144,11 +144,11 @@ public class Plugin {
/**
* Gets the value of the artifactId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getArtifactId() {
@@ -157,11 +157,11 @@ public class Plugin {
/**
* Sets the value of the artifactId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setArtifactId(String value) {
@@ -170,11 +170,11 @@ public class Plugin {
/**
* Gets the value of the version property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getVersion() {
@@ -183,11 +183,11 @@ public class Plugin {
/**
* Sets the value of the version property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVersion(String value) {
@@ -196,11 +196,11 @@ public class Plugin {
/**
* Gets the value of the extensions property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isExtensions() {
@@ -209,11 +209,11 @@ public class Plugin {
/**
* Sets the value of the extensions property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExtensions(Boolean value) {
@@ -222,11 +222,11 @@ public class Plugin {
/**
* Gets the value of the executions property.
*
*
* @return
* possible object is
* {@link Plugin.Executions }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Plugin.Executions getExecutions() {
@@ -235,11 +235,11 @@ public class Plugin {
/**
* Sets the value of the executions property.
*
*
* @param value
* allowed object is
* {@link Plugin.Executions }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExecutions(Plugin.Executions value) {
@@ -248,11 +248,11 @@ public class Plugin {
/**
* Gets the value of the dependencies property.
*
*
* @return
* possible object is
* {@link Plugin.Dependencies }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Plugin.Dependencies getDependencies() {
@@ -261,11 +261,11 @@ public class Plugin {
/**
* Sets the value of the dependencies property.
*
*
* @param value
* allowed object is
* {@link Plugin.Dependencies }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDependencies(Plugin.Dependencies value) {
@@ -274,11 +274,11 @@ public class Plugin {
/**
* Gets the value of the goals property.
*
*
* @return
* possible object is
* {@link Plugin.Goals }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Plugin.Goals getGoals() {
@@ -287,11 +287,11 @@ public class Plugin {
/**
* Sets the value of the goals property.
*
*
* @param value
* allowed object is
* {@link Plugin.Goals }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGoals(Plugin.Goals value) {
@@ -300,11 +300,11 @@ public class Plugin {
/**
* Gets the value of the inherited property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getInherited() {
@@ -313,11 +313,11 @@ public class Plugin {
/**
* Sets the value of the inherited property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setInherited(String value) {
@@ -326,11 +326,11 @@ public class Plugin {
/**
* Gets the value of the configuration property.
*
*
* @return
* possible object is
* {@link Plugin.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Plugin.Configuration getConfiguration() {
@@ -339,11 +339,11 @@ public class Plugin {
/**
* Sets the value of the configuration property.
*
*
* @param value
* allowed object is
* {@link Plugin.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfiguration(Plugin.Configuration value) {
@@ -353,9 +353,9 @@ public class Plugin {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -367,8 +367,8 @@ public class Plugin {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -383,25 +383,25 @@ public class Plugin {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {
@@ -416,9 +416,9 @@ public class Plugin {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -430,8 +430,8 @@ public class Plugin {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -445,25 +445,25 @@ public class Plugin {
/**
* Gets the value of the dependency property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the dependency property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getDependency().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Dependency }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Dependency> getDependency() {
@@ -478,9 +478,9 @@ public class Plugin {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -492,8 +492,8 @@ public class Plugin {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -507,25 +507,25 @@ public class Plugin {
/**
* Gets the value of the execution property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the execution property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getExecution().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link PluginExecution }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<PluginExecution> getExecution() {
@@ -540,9 +540,9 @@ public class Plugin {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -554,8 +554,8 @@ public class Plugin {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -570,25 +570,25 @@ public class Plugin {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {

100
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/PluginExecution.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/PluginExecution.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -21,11 +21,11 @@ import org.w3c.dom.Element;
/**
* 4.0.0
*
*
* <p>Java class for PluginExecution complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="PluginExecution">
* &lt;complexContent>
@@ -61,8 +61,8 @@ import org.w3c.dom.Element;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "PluginExecution", propOrder = {
@@ -85,11 +85,11 @@ public class PluginExecution {
/**
* Gets the value of the id property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
@@ -98,11 +98,11 @@ public class PluginExecution {
/**
* Sets the value of the id property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
@@ -111,11 +111,11 @@ public class PluginExecution {
/**
* Gets the value of the phase property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getPhase() {
@@ -124,11 +124,11 @@ public class PluginExecution {
/**
* Sets the value of the phase property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPhase(String value) {
@@ -137,11 +137,11 @@ public class PluginExecution {
/**
* Gets the value of the goals property.
*
*
* @return
* possible object is
* {@link PluginExecution.Goals }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public PluginExecution.Goals getGoals() {
@@ -150,11 +150,11 @@ public class PluginExecution {
/**
* Sets the value of the goals property.
*
*
* @param value
* allowed object is
* {@link PluginExecution.Goals }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGoals(PluginExecution.Goals value) {
@@ -163,11 +163,11 @@ public class PluginExecution {
/**
* Gets the value of the inherited property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getInherited() {
@@ -176,11 +176,11 @@ public class PluginExecution {
/**
* Sets the value of the inherited property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setInherited(String value) {
@@ -189,11 +189,11 @@ public class PluginExecution {
/**
* Gets the value of the configuration property.
*
*
* @return
* possible object is
* {@link PluginExecution.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public PluginExecution.Configuration getConfiguration() {
@@ -202,11 +202,11 @@ public class PluginExecution {
/**
* Sets the value of the configuration property.
*
*
* @param value
* allowed object is
* {@link PluginExecution.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfiguration(PluginExecution.Configuration value) {
@@ -216,9 +216,9 @@ public class PluginExecution {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -230,8 +230,8 @@ public class PluginExecution {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -246,25 +246,25 @@ public class PluginExecution {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {
@@ -279,9 +279,9 @@ public class PluginExecution {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -293,8 +293,8 @@ public class PluginExecution {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -308,25 +308,25 @@ public class PluginExecution {
/**
* Gets the value of the goal property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the goal property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getGoal().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getGoal() {

52
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/PluginManagement.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/PluginManagement.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -17,14 +17,14 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* Section for management of default plugin information for use in a group of POMs.
*
*
*
*
* <p>Java class for PluginManagement complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="PluginManagement">
* &lt;complexContent>
@@ -46,8 +46,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "PluginManagement", propOrder = {
@@ -61,11 +61,11 @@ public class PluginManagement {
/**
* Gets the value of the plugins property.
*
*
* @return
* possible object is
* {@link PluginManagement.Plugins }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public PluginManagement.Plugins getPlugins() {
@@ -74,11 +74,11 @@ public class PluginManagement {
/**
* Sets the value of the plugins property.
*
*
* @param value
* allowed object is
* {@link PluginManagement.Plugins }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPlugins(PluginManagement.Plugins value) {
@@ -88,9 +88,9 @@ public class PluginManagement {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -102,8 +102,8 @@ public class PluginManagement {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -117,25 +117,25 @@ public class PluginManagement {
/**
* Gets the value of the plugin property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the plugin property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getPlugin().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Plugin }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Plugin> getPlugin() {

28
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Prerequisites.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Prerequisites.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -17,11 +17,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* Describes the prerequisites a project can have.
*
*
* <p>Java class for Prerequisites complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Prerequisites">
* &lt;complexContent>
@@ -33,8 +33,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Prerequisites", propOrder = {
@@ -49,11 +49,11 @@ public class Prerequisites {
/**
* Gets the value of the maven property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getMaven() {
@@ -62,11 +62,11 @@ public class Prerequisites {
/**
* Sets the value of the maven property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setMaven(String value) {

240
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Profile.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Profile.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -19,14 +19,14 @@ import org.w3c.dom.Element;
/**
*
*
* Modifications to the build process which is activated based on environmental parameters or command line arguments.
*
*
*
*
* <p>Java class for Profile complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Profile">
* &lt;complexContent>
@@ -109,8 +109,8 @@ import org.w3c.dom.Element;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Profile", propOrder = {
@@ -146,11 +146,11 @@ public class Profile {
/**
* Gets the value of the id property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
@@ -159,11 +159,11 @@ public class Profile {
/**
* Sets the value of the id property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
@@ -172,11 +172,11 @@ public class Profile {
/**
* Gets the value of the activation property.
*
*
* @return
* possible object is
* {@link Activation }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Activation getActivation() {
@@ -185,11 +185,11 @@ public class Profile {
/**
* Sets the value of the activation property.
*
*
* @param value
* allowed object is
* {@link Activation }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setActivation(Activation value) {
@@ -198,11 +198,11 @@ public class Profile {
/**
* Gets the value of the build property.
*
*
* @return
* possible object is
* {@link BuildBase }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public BuildBase getBuild() {
@@ -211,11 +211,11 @@ public class Profile {
/**
* Sets the value of the build property.
*
*
* @param value
* allowed object is
* {@link BuildBase }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setBuild(BuildBase value) {
@@ -224,11 +224,11 @@ public class Profile {
/**
* Gets the value of the modules property.
*
*
* @return
* possible object is
* {@link Profile.Modules }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Profile.Modules getModules() {
@@ -237,11 +237,11 @@ public class Profile {
/**
* Sets the value of the modules property.
*
*
* @param value
* allowed object is
* {@link Profile.Modules }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setModules(Profile.Modules value) {
@@ -250,11 +250,11 @@ public class Profile {
/**
* Gets the value of the repositories property.
*
*
* @return
* possible object is
* {@link Profile.Repositories }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Profile.Repositories getRepositories() {
@@ -263,11 +263,11 @@ public class Profile {
/**
* Sets the value of the repositories property.
*
*
* @param value
* allowed object is
* {@link Profile.Repositories }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setRepositories(Profile.Repositories value) {
@@ -276,11 +276,11 @@ public class Profile {
/**
* Gets the value of the pluginRepositories property.
*
*
* @return
* possible object is
* {@link Profile.PluginRepositories }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Profile.PluginRepositories getPluginRepositories() {
@@ -289,11 +289,11 @@ public class Profile {
/**
* Sets the value of the pluginRepositories property.
*
*
* @param value
* allowed object is
* {@link Profile.PluginRepositories }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPluginRepositories(Profile.PluginRepositories value) {
@@ -302,11 +302,11 @@ public class Profile {
/**
* Gets the value of the dependencies property.
*
*
* @return
* possible object is
* {@link Profile.Dependencies }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Profile.Dependencies getDependencies() {
@@ -315,11 +315,11 @@ public class Profile {
/**
* Sets the value of the dependencies property.
*
*
* @param value
* allowed object is
* {@link Profile.Dependencies }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDependencies(Profile.Dependencies value) {
@@ -328,11 +328,11 @@ public class Profile {
/**
* Gets the value of the reports property.
*
*
* @return
* possible object is
* {@link Profile.Reports }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Profile.Reports getReports() {
@@ -341,11 +341,11 @@ public class Profile {
/**
* Sets the value of the reports property.
*
*
* @param value
* allowed object is
* {@link Profile.Reports }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReports(Profile.Reports value) {
@@ -354,11 +354,11 @@ public class Profile {
/**
* Gets the value of the reporting property.
*
*
* @return
* possible object is
* {@link Reporting }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Reporting getReporting() {
@@ -367,11 +367,11 @@ public class Profile {
/**
* Sets the value of the reporting property.
*
*
* @param value
* allowed object is
* {@link Reporting }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReporting(Reporting value) {
@@ -380,11 +380,11 @@ public class Profile {
/**
* Gets the value of the dependencyManagement property.
*
*
* @return
* possible object is
* {@link DependencyManagement }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public DependencyManagement getDependencyManagement() {
@@ -393,11 +393,11 @@ public class Profile {
/**
* Sets the value of the dependencyManagement property.
*
*
* @param value
* allowed object is
* {@link DependencyManagement }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDependencyManagement(DependencyManagement value) {
@@ -406,11 +406,11 @@ public class Profile {
/**
* Gets the value of the distributionManagement property.
*
*
* @return
* possible object is
* {@link DistributionManagement }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public DistributionManagement getDistributionManagement() {
@@ -419,11 +419,11 @@ public class Profile {
/**
* Sets the value of the distributionManagement property.
*
*
* @param value
* allowed object is
* {@link DistributionManagement }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDistributionManagement(DistributionManagement value) {
@@ -432,11 +432,11 @@ public class Profile {
/**
* Gets the value of the properties property.
*
*
* @return
* possible object is
* {@link Profile.Properties }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Profile.Properties getProperties() {
@@ -445,11 +445,11 @@ public class Profile {
/**
* Sets the value of the properties property.
*
*
* @param value
* allowed object is
* {@link Profile.Properties }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setProperties(Profile.Properties value) {
@@ -459,9 +459,9 @@ public class Profile {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -473,8 +473,8 @@ public class Profile {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -488,25 +488,25 @@ public class Profile {
/**
* Gets the value of the dependency property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the dependency property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getDependency().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Dependency }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Dependency> getDependency() {
@@ -521,9 +521,9 @@ public class Profile {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -535,8 +535,8 @@ public class Profile {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -550,25 +550,25 @@ public class Profile {
/**
* Gets the value of the module property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the module property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getModule().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getModule() {
@@ -583,9 +583,9 @@ public class Profile {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -597,8 +597,8 @@ public class Profile {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -612,25 +612,25 @@ public class Profile {
/**
* Gets the value of the pluginRepository property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the pluginRepository property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getPluginRepository().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Repository }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Repository> getPluginRepository() {
@@ -645,9 +645,9 @@ public class Profile {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -659,8 +659,8 @@ public class Profile {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -675,25 +675,25 @@ public class Profile {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {
@@ -708,9 +708,9 @@ public class Profile {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -722,8 +722,8 @@ public class Profile {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -738,25 +738,25 @@ public class Profile {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {
@@ -771,9 +771,9 @@ public class Profile {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -785,8 +785,8 @@ public class Profile {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -800,25 +800,25 @@ public class Profile {
/**
* Gets the value of the repository property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the repository property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getRepository().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Repository }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Repository> getRepository() {

52
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Relocation.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Relocation.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -17,11 +17,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* Describes where an artifact has moved to. If any of the values are omitted, it is assumed to be the
* same as it was before.
*
*
* <p>Java class for Relocation complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Relocation">
* &lt;complexContent>
@@ -36,8 +36,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Relocation", propOrder = {
@@ -57,11 +57,11 @@ public class Relocation {
/**
* Gets the value of the groupId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getGroupId() {
@@ -70,11 +70,11 @@ public class Relocation {
/**
* Sets the value of the groupId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGroupId(String value) {
@@ -83,11 +83,11 @@ public class Relocation {
/**
* Gets the value of the artifactId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getArtifactId() {
@@ -96,11 +96,11 @@ public class Relocation {
/**
* Sets the value of the artifactId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setArtifactId(String value) {
@@ -109,11 +109,11 @@ public class Relocation {
/**
* Gets the value of the version property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getVersion() {
@@ -122,11 +122,11 @@ public class Relocation {
/**
* Sets the value of the version property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVersion(String value) {
@@ -135,11 +135,11 @@ public class Relocation {
/**
* Gets the value of the message property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getMessage() {
@@ -148,11 +148,11 @@ public class Relocation {
/**
* Sets the value of the message property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setMessage(String value) {

108
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/ReportPlugin.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/ReportPlugin.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -21,11 +21,11 @@ import org.w3c.dom.Element;
/**
* 4.0.0
*
*
* <p>Java class for ReportPlugin complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="ReportPlugin">
* &lt;complexContent>
@@ -62,8 +62,8 @@ import org.w3c.dom.Element;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "ReportPlugin", propOrder = {
@@ -88,11 +88,11 @@ public class ReportPlugin {
/**
* Gets the value of the groupId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getGroupId() {
@@ -101,11 +101,11 @@ public class ReportPlugin {
/**
* Sets the value of the groupId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setGroupId(String value) {
@@ -114,11 +114,11 @@ public class ReportPlugin {
/**
* Gets the value of the artifactId property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getArtifactId() {
@@ -127,11 +127,11 @@ public class ReportPlugin {
/**
* Sets the value of the artifactId property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setArtifactId(String value) {
@@ -140,11 +140,11 @@ public class ReportPlugin {
/**
* Gets the value of the version property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getVersion() {
@@ -153,11 +153,11 @@ public class ReportPlugin {
/**
* Sets the value of the version property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setVersion(String value) {
@@ -166,11 +166,11 @@ public class ReportPlugin {
/**
* Gets the value of the inherited property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getInherited() {
@@ -179,11 +179,11 @@ public class ReportPlugin {
/**
* Sets the value of the inherited property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setInherited(String value) {
@@ -192,11 +192,11 @@ public class ReportPlugin {
/**
* Gets the value of the configuration property.
*
*
* @return
* possible object is
* {@link ReportPlugin.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ReportPlugin.Configuration getConfiguration() {
@@ -205,11 +205,11 @@ public class ReportPlugin {
/**
* Sets the value of the configuration property.
*
*
* @param value
* allowed object is
* {@link ReportPlugin.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfiguration(ReportPlugin.Configuration value) {
@@ -218,11 +218,11 @@ public class ReportPlugin {
/**
* Gets the value of the reportSets property.
*
*
* @return
* possible object is
* {@link ReportPlugin.ReportSets }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ReportPlugin.ReportSets getReportSets() {
@@ -231,11 +231,11 @@ public class ReportPlugin {
/**
* Sets the value of the reportSets property.
*
*
* @param value
* allowed object is
* {@link ReportPlugin.ReportSets }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReportSets(ReportPlugin.ReportSets value) {
@@ -245,9 +245,9 @@ public class ReportPlugin {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -259,8 +259,8 @@ public class ReportPlugin {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -275,25 +275,25 @@ public class ReportPlugin {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {
@@ -308,9 +308,9 @@ public class ReportPlugin {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -322,8 +322,8 @@ public class ReportPlugin {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -337,25 +337,25 @@ public class ReportPlugin {
/**
* Gets the value of the reportSet property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the reportSet property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getReportSet().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link ReportSet }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReportSet> getReportSet() {

92
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/ReportSet.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/ReportSet.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -21,11 +21,11 @@ import org.w3c.dom.Element;
/**
* Represents a set of reports and configuration to be used to generate them.
*
*
* <p>Java class for ReportSet complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="ReportSet">
* &lt;complexContent>
@@ -60,8 +60,8 @@ import org.w3c.dom.Element;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "ReportSet", propOrder = {
@@ -82,11 +82,11 @@ public class ReportSet {
/**
* Gets the value of the id property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
@@ -95,11 +95,11 @@ public class ReportSet {
/**
* Sets the value of the id property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
@@ -108,11 +108,11 @@ public class ReportSet {
/**
* Gets the value of the configuration property.
*
*
* @return
* possible object is
* {@link ReportSet.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ReportSet.Configuration getConfiguration() {
@@ -121,11 +121,11 @@ public class ReportSet {
/**
* Sets the value of the configuration property.
*
*
* @param value
* allowed object is
* {@link ReportSet.Configuration }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConfiguration(ReportSet.Configuration value) {
@@ -134,11 +134,11 @@ public class ReportSet {
/**
* Gets the value of the inherited property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getInherited() {
@@ -147,11 +147,11 @@ public class ReportSet {
/**
* Sets the value of the inherited property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setInherited(String value) {
@@ -160,11 +160,11 @@ public class ReportSet {
/**
* Gets the value of the reports property.
*
*
* @return
* possible object is
* {@link ReportSet.Reports }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public ReportSet.Reports getReports() {
@@ -173,11 +173,11 @@ public class ReportSet {
/**
* Sets the value of the reports property.
*
*
* @param value
* allowed object is
* {@link ReportSet.Reports }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReports(ReportSet.Reports value) {
@@ -187,9 +187,9 @@ public class ReportSet {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -201,8 +201,8 @@ public class ReportSet {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -217,25 +217,25 @@ public class ReportSet {
/**
* Gets the value of the any property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the any property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getAny().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link Element }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<Element> getAny() {
@@ -250,9 +250,9 @@ public class ReportSet {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -264,8 +264,8 @@ public class ReportSet {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -279,25 +279,25 @@ public class ReportSet {
/**
* Gets the value of the report property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the report property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getReport().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getReport() {

64
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Reporting.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Reporting.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -19,11 +19,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* Section for management of reports and their configuration.
*
*
* <p>Java class for Reporting complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Reporting">
* &lt;complexContent>
@@ -47,8 +47,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Reporting", propOrder = {
@@ -67,11 +67,11 @@ public class Reporting {
/**
* Gets the value of the excludeDefaults property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isExcludeDefaults() {
@@ -80,11 +80,11 @@ public class Reporting {
/**
* Sets the value of the excludeDefaults property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExcludeDefaults(Boolean value) {
@@ -93,11 +93,11 @@ public class Reporting {
/**
* Gets the value of the outputDirectory property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getOutputDirectory() {
@@ -106,11 +106,11 @@ public class Reporting {
/**
* Sets the value of the outputDirectory property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setOutputDirectory(String value) {
@@ -119,11 +119,11 @@ public class Reporting {
/**
* Gets the value of the plugins property.
*
*
* @return
* possible object is
* {@link Reporting.Plugins }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Reporting.Plugins getPlugins() {
@@ -132,11 +132,11 @@ public class Reporting {
/**
* Sets the value of the plugins property.
*
*
* @param value
* allowed object is
* {@link Reporting.Plugins }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setPlugins(Reporting.Plugins value) {
@@ -146,9 +146,9 @@ public class Reporting {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -160,8 +160,8 @@ public class Reporting {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -175,25 +175,25 @@ public class Reporting {
/**
* Gets the value of the plugin property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the plugin property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getPlugin().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link ReportPlugin }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<ReportPlugin> getPlugin() {

74
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Repository.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Repository.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -16,14 +16,14 @@ import javax.xml.bind.annotation.XmlType;
/**
*
* A repository contains the information needed for establishing connections with remote repoistory.
*
*
*
* A repository contains the information needed for establishing connections with remote repository.
*
*
* <p>Java class for Repository complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Repository">
* &lt;complexContent>
@@ -40,8 +40,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Repository", propOrder = {
@@ -66,11 +66,11 @@ public class Repository {
/**
* Gets the value of the releases property.
*
*
* @return
* possible object is
* {@link RepositoryPolicy }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public RepositoryPolicy getReleases() {
@@ -79,11 +79,11 @@ public class Repository {
/**
* Sets the value of the releases property.
*
*
* @param value
* allowed object is
* {@link RepositoryPolicy }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setReleases(RepositoryPolicy value) {
@@ -92,11 +92,11 @@ public class Repository {
/**
* Gets the value of the snapshots property.
*
*
* @return
* possible object is
* {@link RepositoryPolicy }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public RepositoryPolicy getSnapshots() {
@@ -105,11 +105,11 @@ public class Repository {
/**
* Sets the value of the snapshots property.
*
*
* @param value
* allowed object is
* {@link RepositoryPolicy }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setSnapshots(RepositoryPolicy value) {
@@ -118,11 +118,11 @@ public class Repository {
/**
* Gets the value of the id property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
@@ -131,11 +131,11 @@ public class Repository {
/**
* Sets the value of the id property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
@@ -144,11 +144,11 @@ public class Repository {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -157,11 +157,11 @@ public class Repository {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -170,11 +170,11 @@ public class Repository {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -183,11 +183,11 @@ public class Repository {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {
@@ -196,11 +196,11 @@ public class Repository {
/**
* Gets the value of the layout property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getLayout() {
@@ -209,11 +209,11 @@ public class Repository {
/**
* Sets the value of the layout property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setLayout(String value) {

44
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/RepositoryPolicy.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/RepositoryPolicy.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -17,11 +17,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* Download policy
*
*
* <p>Java class for RepositoryPolicy complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="RepositoryPolicy">
* &lt;complexContent>
@@ -35,8 +35,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "RepositoryPolicy", propOrder = {
@@ -55,11 +55,11 @@ public class RepositoryPolicy {
/**
* Gets the value of the enabled property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isEnabled() {
@@ -68,11 +68,11 @@ public class RepositoryPolicy {
/**
* Sets the value of the enabled property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setEnabled(Boolean value) {
@@ -81,11 +81,11 @@ public class RepositoryPolicy {
/**
* Gets the value of the updatePolicy property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUpdatePolicy() {
@@ -94,11 +94,11 @@ public class RepositoryPolicy {
/**
* Sets the value of the updatePolicy property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUpdatePolicy(String value) {
@@ -107,11 +107,11 @@ public class RepositoryPolicy {
/**
* Gets the value of the checksumPolicy property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getChecksumPolicy() {
@@ -120,11 +120,11 @@ public class RepositoryPolicy {
/**
* Sets the value of the checksumPolicy property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setChecksumPolicy(String value) {

104
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Resource.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Resource.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import java.util.ArrayList;
import java.util.List;
@@ -18,15 +18,15 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* This element describes all of the classpath resources associated with a project or
* unit tests.
*
*
*
*
* <p>Java class for Resource complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Resource">
* &lt;complexContent>
@@ -62,8 +62,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Resource", propOrder = {
@@ -86,11 +86,11 @@ public class Resource {
/**
* Gets the value of the targetPath property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getTargetPath() {
@@ -99,11 +99,11 @@ public class Resource {
/**
* Sets the value of the targetPath property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTargetPath(String value) {
@@ -112,11 +112,11 @@ public class Resource {
/**
* Gets the value of the filtering property.
*
*
* @return
* possible object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Boolean isFiltering() {
@@ -125,11 +125,11 @@ public class Resource {
/**
* Sets the value of the filtering property.
*
*
* @param value
* allowed object is
* {@link Boolean }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setFiltering(Boolean value) {
@@ -138,11 +138,11 @@ public class Resource {
/**
* Gets the value of the directory property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDirectory() {
@@ -151,11 +151,11 @@ public class Resource {
/**
* Sets the value of the directory property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDirectory(String value) {
@@ -164,11 +164,11 @@ public class Resource {
/**
* Gets the value of the includes property.
*
*
* @return
* possible object is
* {@link Resource.Includes }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Resource.Includes getIncludes() {
@@ -177,11 +177,11 @@ public class Resource {
/**
* Sets the value of the includes property.
*
*
* @param value
* allowed object is
* {@link Resource.Includes }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setIncludes(Resource.Includes value) {
@@ -190,11 +190,11 @@ public class Resource {
/**
* Gets the value of the excludes property.
*
*
* @return
* possible object is
* {@link Resource.Excludes }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public Resource.Excludes getExcludes() {
@@ -203,11 +203,11 @@ public class Resource {
/**
* Sets the value of the excludes property.
*
*
* @param value
* allowed object is
* {@link Resource.Excludes }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setExcludes(Resource.Excludes value) {
@@ -217,9 +217,9 @@ public class Resource {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -231,8 +231,8 @@ public class Resource {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -246,25 +246,25 @@ public class Resource {
/**
* Gets the value of the exclude property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the exclude property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getExclude().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getExclude() {
@@ -279,9 +279,9 @@ public class Resource {
/**
* <p>Java class for anonymous complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType>
* &lt;complexContent>
@@ -293,8 +293,8 @@ public class Resource {
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "", propOrder = {
@@ -308,25 +308,25 @@ public class Resource {
/**
* Gets the value of the include property.
*
*
* <p>
* This accessor method returns a reference to the live list,
* not a snapshot. Therefore any modification you make to the
* returned list will be present inside the JAXB object.
* This is why there is not a <CODE>set</CODE> method for the include property.
*
*
* <p>
* For example, to add a new item, do as follows:
* <pre>
* getInclude().add(newItem);
* </pre>
*
*
*
*
* <p>
* Objects of the following type(s) are allowed in the list
* {@link String }
*
*
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public List<String> getInclude() {

52
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Scm.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Scm.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -17,11 +17,11 @@ import javax.xml.bind.annotation.XmlType;
/**
* 4.0.0
*
*
* <p>Java class for Scm complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Scm">
* &lt;complexContent>
@@ -36,8 +36,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Scm", propOrder = {
@@ -58,11 +58,11 @@ public class Scm {
/**
* Gets the value of the connection property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getConnection() {
@@ -71,11 +71,11 @@ public class Scm {
/**
* Sets the value of the connection property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setConnection(String value) {
@@ -84,11 +84,11 @@ public class Scm {
/**
* Gets the value of the developerConnection property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getDeveloperConnection() {
@@ -97,11 +97,11 @@ public class Scm {
/**
* Sets the value of the developerConnection property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setDeveloperConnection(String value) {
@@ -110,11 +110,11 @@ public class Scm {
/**
* Gets the value of the tag property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getTag() {
@@ -123,11 +123,11 @@ public class Scm {
/**
* Sets the value of the tag property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setTag(String value) {
@@ -136,11 +136,11 @@ public class Scm {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -149,11 +149,11 @@ public class Scm {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {

48
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/Site.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/Site.java
View File

@@ -1,12 +1,12 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;
import javax.annotation.Generated;
import javax.xml.bind.annotation.XmlAccessType;
@@ -15,14 +15,14 @@ import javax.xml.bind.annotation.XmlType;
/**
*
*
* Contains the information needed for deploying websites.
*
*
*
*
* <p>Java class for Site complex type.
*
*
* <p>The following schema fragment specifies the expected content contained within this class.
*
*
* <pre>
* &lt;complexType name="Site">
* &lt;complexContent>
@@ -36,8 +36,8 @@ import javax.xml.bind.annotation.XmlType;
* &lt;/complexContent>
* &lt;/complexType>
* </pre>
*
*
*
*
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlType(name = "Site", propOrder = {
@@ -55,11 +55,11 @@ public class Site {
/**
* Gets the value of the id property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getId() {
@@ -68,11 +68,11 @@ public class Site {
/**
* Sets the value of the id property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setId(String value) {
@@ -81,11 +81,11 @@ public class Site {
/**
* Gets the value of the name property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getName() {
@@ -94,11 +94,11 @@ public class Site {
/**
* Sets the value of the name property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setName(String value) {
@@ -107,11 +107,11 @@ public class Site {
/**
* Gets the value of the url property.
*
*
* @return
* possible object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public String getUrl() {
@@ -120,11 +120,11 @@ public class Site {
/**
* Sets the value of the url property.
*
*
* @param value
* allowed object is
* {@link String }
*
*
*/
@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-11-09T12:33:57-05:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6")
public void setUrl(String value) {

10
src/main/java/org/codesecure/dependencycheck/analyzer/pom/generated/package-info.java → src/main/java/org/owasp/dependencycheck/analyzer/pom/generated/package-info.java
View File

@@ -1,9 +1,9 @@
//
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6
// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
// Any modifications to this file will be lost upon recompilation of the source schema.
// Generated on: 2012.11.09 at 12:33:57 PM EST
//
@javax.xml.bind.annotation.XmlSchema(namespace = "http://maven.apache.org/POM/4.0.0", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
package org.codesecure.dependencycheck.analyzer.pom.generated;
package org.owasp.dependencycheck.analyzer.pom.generated;

12
src/main/java/org/owasp/dependencycheck/analyzer/pom/package-info.java Normal file
View File

@@ -0,0 +1,12 @@
/**
* <html>
* <head>
* <title>org.owasp.dependencycheck.analyzer.pom</title>
* </head>
* <body>
* This package contains utility classes used to parse pom.xml files.
* </body>
* </html>
*/
package org.owasp.dependencycheck.analyzer.pom;

12
src/main/java/org/codesecure/dependencycheck/data/CachedWebDataSource.java → src/main/java/org/owasp/dependencycheck/data/CachedWebDataSource.java
View File

@@ -1,28 +1,28 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data;
package org.owasp.dependencycheck.data;
/**
* Defines an Index who's data is retrieved from the Internet. This data can be
* downloaded and the index updated.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public interface CachedWebDataSource {

15
src/main/java/org/codesecure/dependencycheck/data/UpdateException.java → src/main/java/org/owasp/dependencycheck/data/UpdateException.java
View File

@@ -1,32 +1,35 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data;
package org.owasp.dependencycheck.data;
import java.io.IOException;
/**
* An exception used when an error occurs reading a setting.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class UpdateException extends IOException {
/**
* The serial version uid.
*/
private static final long serialVersionUID = 1L;
/**

22
src/main/java/org/codesecure/dependencycheck/data/UpdateService.java → src/main/java/org/owasp/dependencycheck/data/UpdateService.java
View File

@@ -1,34 +1,40 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data;
package org.owasp.dependencycheck.data;
import java.util.Iterator;
import java.util.ServiceLoader;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class UpdateService {
public final class UpdateService {
/**
* the singleton reference to the service.
*/
private static UpdateService service;
private ServiceLoader<CachedWebDataSource> loader;
/**
* the service loader for CachedWebDataSource.
*/
private final ServiceLoader<CachedWebDataSource> loader;
/**
* Creates a new instance of UpdateService

120
src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java → src/main/java/org/owasp/dependencycheck/data/cpe/CPEAnalyzer.java
View File

@@ -1,22 +1,22 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.cpe;
package org.owasp.dependencycheck.data.cpe;
import java.io.IOException;
import java.net.URLEncoder;
@@ -29,28 +29,28 @@ import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.queryparser.classic.ParseException;
import org.apache.lucene.search.ScoreDoc;
import org.apache.lucene.search.TopDocs;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.analyzer.AnalysisException;
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
import org.codesecure.dependencycheck.data.lucene.LuceneUtils;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Evidence;
import org.codesecure.dependencycheck.dependency.Evidence.Confidence;
import org.codesecure.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.AnalysisException;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.data.lucene.LuceneUtils;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.Evidence.Confidence;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.analyzer.Analyzer;
/**
* CPEAnalyzer is a utility class that takes a project dependency and attempts
* to decern if there is an associated CPE. It uses the evidence contained
* to discern if there is an associated CPE. It uses the evidence contained
* within the dependency to search the Lucene index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Analyzer {
public class CPEAnalyzer implements Analyzer {
/**
* The maximum number of query results to return.
*/
static final int MAX_QUERY_RESULTS = 10;
static final int MAX_QUERY_RESULTS = 25;
/**
* The weighting boost to give terms when constructing the Lucene query.
*/
@@ -60,7 +60,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
* utilized within the CPE Names.
*/
static final String CLEANSE_CHARACTER_RX = "[^A-Za-z0-9 ._-]";
/*
/**
* A string representation of a regular expression used to remove all but
* alpha characters.
*/
@@ -73,12 +73,12 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
/**
* The CPE Index.
*/
protected Index cpe = null;
private Index cpe;
/**
* Opens the data source.
*
* @throws IOException when the Lucene directory to be querried does not
* @throws IOException when the Lucene directory to be queried does not
* exist or is corrupt.
*/
public void open() throws IOException {
@@ -99,7 +99,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
* @return true or false.
*/
public boolean isOpen() {
return (cpe == null) ? false : cpe.isOpen();
return (cpe != null) && cpe.isOpen();
}
/**
@@ -118,7 +118,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
/**
* Searches the data store of CPE entries, trying to identify the CPE for
* the given dependency based on the evidence contained within. The
* depencency passed in is updated with any identified CPE values.
* dependency passed in is updated with any identified CPE values.
*
* @param dependency the dependency to search for CPE entries on.
* @throws CorruptIndexException is thrown when the Lucene index is corrupt.
@@ -137,14 +137,13 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
boolean found = false;
int ctr = 0;
do {
List<Entry> entries = searchCPE(vendors, products, versions, dependency.getProductEvidence().getWeighting(),
final List<Entry> entries = searchCPE(vendors, products, versions, dependency.getProductEvidence().getWeighting(),
dependency.getVendorEvidence().getWeighting());
for (Entry e : entries) {
if (verifyEntry(e, dependency)) {
found = true;
dependency.addIdentifier(
"cpe",
e.getName(),
@@ -195,16 +194,16 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
* @param text the base text.
* @param ec an EvidenceCollection
* @param confidenceFilter a Confidence level to filter the evidence by.
* @return
* @return the new evidence text
*/
private String addEvidenceWithoutDuplicateTerms(final String text, final EvidenceCollection ec, Confidence confidenceFilter) {
String txt = (text == null) ? "" : text;
StringBuilder sb = new StringBuilder(txt.length() + (20 * ec.size()));
final String txt = (text == null) ? "" : text;
final StringBuilder sb = new StringBuilder(txt.length() + (20 * ec.size()));
sb.append(txt);
for (Evidence e : ec.iterator(confidenceFilter)) {
String value = e.getValue();
//hack to get around the fact that lucene does a realy good job of recognizing domains and not
//hack to get around the fact that lucene does a really good job of recognizing domains and not
// splitting them. TODO - put together a better lucene analyzer specific to the domain.
if (value.startsWith("http://")) {
value = value.substring(7).replaceAll("\\.", " ");
@@ -212,7 +211,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
if (value.startsWith("https://")) {
value = value.substring(8).replaceAll("\\.", " ");
}
if (sb.indexOf(value) < 0) {
if (sb.indexOf(" " + value + " ") < 0) {
sb.append(value).append(' ');
}
}
@@ -256,16 +255,17 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
protected List<Entry> searchCPE(String vendor, String product, String version,
Set<String> vendorWeightings, Set<String> productWeightings)
throws CorruptIndexException, IOException, ParseException {
ArrayList<Entry> ret = new ArrayList<Entry>(MAX_QUERY_RESULTS);
final ArrayList<Entry> ret = new ArrayList<Entry>(MAX_QUERY_RESULTS);
String searchString = buildSearch(vendor, product, version, vendorWeightings, productWeightings);
final String searchString = buildSearch(vendor, product, version, vendorWeightings, productWeightings);
if (searchString == null) {
return ret;
}
TopDocs docs = cpe.search(searchString, MAX_QUERY_RESULTS);
final TopDocs docs = cpe.search(searchString, MAX_QUERY_RESULTS);
for (ScoreDoc d : docs.scoreDocs) {
Document doc = cpe.getDocument(d.doc);
Entry entry = Entry.parse(doc);
final Document doc = cpe.getDocument(d.doc);
final Entry entry = Entry.parse(doc);
entry.setSearchScore(d.score);
if (!ret.contains(entry)) {
ret.add(entry);
@@ -287,14 +287,14 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
* @param version text to search the version field.
* @param vendorWeighting a list of strings to apply to the vendor to boost
* the terms weight.
* @param produdctWeightings a list of strings to apply to the product to
* @param productWeightings a list of strings to apply to the product to
* boost the terms weight.
* @return the Lucene query.
*/
protected String buildSearch(String vendor, String product, String version,
Set<String> vendorWeighting, Set<String> produdctWeightings) {
Set<String> vendorWeighting, Set<String> productWeightings) {
StringBuilder sb = new StringBuilder(vendor.length() + product.length()
final StringBuilder sb = new StringBuilder(vendor.length() + product.length()
+ version.length() + Fields.PRODUCT.length() + Fields.VERSION.length()
+ Fields.VENDOR.length() + STRING_BUILDER_BUFFER);
@@ -302,7 +302,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
return null;
}
if (!appendWeightedSearch(sb, Fields.PRODUCT, product, produdctWeightings)) {
if (!appendWeightedSearch(sb, Fields.PRODUCT, product, productWeightings)) {
return null;
}
sb.append(" AND ");
@@ -333,7 +333,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
/**
* This method constructs a Lucene query for a given field. The searchText
* is split into seperate words and if the word is within the list of
* is split into separate words and if the word is within the list of
* weighted words then an additional weighting is applied to the term as it
* is appended into the query.
*
@@ -349,7 +349,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
//TODO add a mutator or special analyzer that combines words next to each other and adds them as a key.
sb.append(" ").append(field).append(":( ");
String cleanText = cleanseText(searchText);
final String cleanText = cleanseText(searchText);
if ("".equals(cleanText)) {
return false;
@@ -358,12 +358,12 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
if (weightedText == null || weightedText.isEmpty()) {
LuceneUtils.appendEscapedLuceneQuery(sb, cleanText);
} else {
StringTokenizer tokens = new StringTokenizer(cleanText);
final StringTokenizer tokens = new StringTokenizer(cleanText);
while (tokens.hasMoreElements()) {
String word = tokens.nextToken();
final String word = tokens.nextToken();
String temp = null;
for (String weighted : weightedText) {
String weightedStr = cleanseText(weighted);
final String weightedStr = cleanseText(weighted);
if (equalsIgnoreCaseAndNonAlpha(word, weightedStr)) {
temp = LuceneUtils.escapeLuceneQuery(word) + WEIGHTING_BOOST;
if (!word.equalsIgnoreCase(weightedStr)) {
@@ -405,8 +405,8 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
return false;
}
String left = l.replaceAll(CLEANSE_NONALPHA_RX, "");
String right = r.replaceAll(CLEANSE_NONALPHA_RX, "");
final String left = l.replaceAll(CLEANSE_NONALPHA_RX, "");
final String right = r.replaceAll(CLEANSE_NONALPHA_RX, "");
return left.equalsIgnoreCase(right);
}
@@ -421,17 +421,31 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal
*/
private boolean verifyEntry(final Entry entry, final Dependency dependency) {
boolean isValid = false;
if (dependency.getProductEvidence().containsUsedString(entry.getProduct())
&& dependency.getVendorEvidence().containsUsedString(entry.getVendor())) {
//TODO - determine if this is right? Should we be carrying too much about the
// version at this point? Likely need to implement the versionAnalyzer....
if (dependency.getVersionEvidence().containsUsedString(entry.getVersion())) {
isValid = true;
}
if (collectionContainsString(dependency.getProductEvidence(), entry.getProduct())
&& collectionContainsString(dependency.getVendorEvidence(), entry.getVendor())
&& collectionContainsString(dependency.getVersionEvidence(), entry.getVersion())) {
isValid = true;
}
return isValid;
}
/**
* Used to determine if the EvidenceCollection contains a specific string.
*
* @param ec an EvidenceCollection
* @param text the text to search for
* @return whether or not the EvidenceCollection contains the string
*/
private boolean collectionContainsString(EvidenceCollection ec, String text) {
final String[] words = text.split("[\\s_-]");
boolean contains = true;
for (String word : words) {
contains &= ec.containsUsedString(word);
}
return contains;
}
/**
* Analyzes a dependency and attempts to determine if there are any CPE
* identifiers for this dependency.

62
src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java → src/main/java/org/owasp/dependencycheck/data/cpe/Entry.java
View File

@@ -1,22 +1,22 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.cpe;
package org.owasp.dependencycheck.data.cpe;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
@@ -28,10 +28,13 @@ import org.apache.lucene.document.Document;
/**
* A CPE entry containing the name, vendor, product, and version.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class Entry implements Serializable {
/**
* the serial version uid.
*/
static final long serialVersionUID = 8011924485946326934L;
/**
@@ -42,11 +45,11 @@ public class Entry implements Serializable {
* @return a CPE Entry.
*/
public static Entry parse(Document doc) {
Entry entry = new Entry();
final Entry entry = new Entry();
try {
entry.parseName(doc.get(Fields.NAME));
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(Entry.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(Entry.class.getName()).log(Level.FINE, null, ex);
entry.name = doc.get(Fields.NAME);
}
return entry;
@@ -54,10 +57,10 @@ public class Entry implements Serializable {
/**
* The name of the CPE entry.
*/
protected String name;
private String name;
/**
* Get the value of name
* Get the value of name.
*
* @return the value of name
*/
@@ -66,7 +69,7 @@ public class Entry implements Serializable {
}
/**
* Set the value of name
* Set the value of name.
*
* @param name new value of name
*/
@@ -76,10 +79,10 @@ public class Entry implements Serializable {
/**
* The vendor name.
*/
protected String vendor;
private String vendor;
/**
* Get the value of vendor
* Get the value of vendor.
*
* @return the value of vendor
*/
@@ -88,7 +91,7 @@ public class Entry implements Serializable {
}
/**
* Set the value of vendor
* Set the value of vendor.
*
* @param vendor new value of vendor
*/
@@ -98,10 +101,10 @@ public class Entry implements Serializable {
/**
* The product name.
*/
protected String product;
private String product;
/**
* Get the value of product
* Get the value of product.
*
* @return the value of product
*/
@@ -110,7 +113,7 @@ public class Entry implements Serializable {
}
/**
* Set the value of product
* Set the value of product.
*
* @param product new value of product
*/
@@ -120,10 +123,10 @@ public class Entry implements Serializable {
/**
* The product version.
*/
protected String version;
private String version;
/**
* Get the value of version
* Get the value of version.
*
* @return the value of version
*/
@@ -132,7 +135,7 @@ public class Entry implements Serializable {
}
/**
* Set the value of version
* Set the value of version.
*
* @param version new value of version
*/
@@ -142,10 +145,10 @@ public class Entry implements Serializable {
/**
* The product revision.
*/
protected String revision;
private String revision;
/**
* Get the value of revision
* Get the value of revision.
*
* @return the value of revision
*/
@@ -154,7 +157,7 @@ public class Entry implements Serializable {
}
/**
* Set the value of revision
* Set the value of revision.
*
* @param revision new value of revision
*/
@@ -164,10 +167,10 @@ public class Entry implements Serializable {
/**
* The search score.
*/
protected float searchScore;
private float searchScore;
/**
* Get the value of searchScore
* Get the value of searchScore.
*
* @return the value of searchScore
*/
@@ -176,7 +179,7 @@ public class Entry implements Serializable {
}
/**
* Set the value of searchScore
* Set the value of searchScore.
*
* @param searchScore new value of searchScore
*/
@@ -199,7 +202,7 @@ public class Entry implements Serializable {
public void parseName(String cpeName) throws UnsupportedEncodingException {
this.name = cpeName;
if (cpeName != null && cpeName.length() > 7) {
String[] data = cpeName.substring(7).split(":");
final String[] data = cpeName.substring(7).split(":");
if (data.length >= 1) {
vendor = URLDecoder.decode(data[0], "UTF-8").replaceAll("[_-]", " ");
if (data.length >= 2) {
@@ -225,10 +228,7 @@ public class Entry implements Serializable {
return false;
}
final Entry other = (Entry) obj;
if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) {
return false;
}
return true;
return !((this.name == null) ? (other.name != null) : !this.name.equals(other.name));
}
@Override

12
src/main/java/org/codesecure/dependencycheck/data/cpe/Fields.java → src/main/java/org/owasp/dependencycheck/data/cpe/Fields.java
View File

@@ -1,28 +1,28 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.cpe;
package org.owasp.dependencycheck.data.cpe;
/**
* Fields is a collection of field names used within the Lucene index for CPE
* entries.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public abstract class Fields {

99
src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java → src/main/java/org/owasp/dependencycheck/data/cpe/Index.java
View File

@@ -1,26 +1,25 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.cpe;
package org.owasp.dependencycheck.data.cpe;
import java.io.File;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import org.apache.lucene.analysis.Analyzer;
@@ -36,15 +35,18 @@ import org.apache.lucene.queryparser.classic.QueryParser;
import org.apache.lucene.store.Directory;
import org.apache.lucene.store.FSDirectory;
import org.apache.lucene.util.Version;
import org.codesecure.dependencycheck.data.lucene.AbstractIndex;
import org.codesecure.dependencycheck.utils.Settings;
import org.codesecure.dependencycheck.data.lucene.FieldAnalyzer;
import org.codesecure.dependencycheck.data.lucene.SearchFieldAnalyzer;
import org.owasp.dependencycheck.data.lucene.AbstractIndex;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.data.lucene.FieldAnalyzer;
import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer;
import org.owasp.dependencycheck.data.lucene.SearchVersionAnalyzer;
import org.owasp.dependencycheck.data.lucene.VersionAnalyzer;
/**
* The Index class is used to utilize and maintain the CPE Index.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class Index extends AbstractIndex {
@@ -55,10 +57,8 @@ public class Index extends AbstractIndex {
* @throws IOException is thrown if an IOException occurs.
*/
public Directory getDirectory() throws IOException {
File path = getDataDirectory();
Directory dir = FSDirectory.open(path);
return dir;
final File path = getDataDirectory();
return FSDirectory.open(path);
}
/**
@@ -69,21 +69,10 @@ public class Index extends AbstractIndex {
* @throws IOException is thrown if an IOException occurs of course...
*/
public File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
String filePath = Index.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create CPE Data directory");
}
final String fileName = Settings.getString(Settings.KEYS.CPE_INDEX);
final File path = FileUtils.getDataDirectory(fileName, Index.class);
if (!path.exists() && !path.mkdirs()) {
throw new IOException("Unable to create CPE Data directory");
}
return path;
}
@@ -95,18 +84,22 @@ public class Index extends AbstractIndex {
*/
@SuppressWarnings("unchecked")
public Analyzer createIndexingAnalyzer() {
Map fieldAnalyzers = new HashMap();
final Map fieldAnalyzers = new HashMap();
fieldAnalyzers.put(Fields.VERSION, new KeywordAnalyzer());
//fieldAnalyzers.put(Fields.VERSION, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.VERSION, new VersionAnalyzer(Version.LUCENE_40));
fieldAnalyzers.put(Fields.NAME, new KeywordAnalyzer());
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(
new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers);
return wrapper;
return new PerFieldAnalyzerWrapper(new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers);
}
private SearchFieldAnalyzer productSearchFieldAnalyzer = null;
private SearchFieldAnalyzer vendorSearchFieldAnalyzer = null;
/**
* The search field analyzer for the product field.
*/
private SearchFieldAnalyzer productSearchFieldAnalyzer;
/**
* The search field analyzer for the vendor field.
*/
private SearchFieldAnalyzer vendorSearchFieldAnalyzer;
/**
* Creates an Analyzer for searching the CPE Index.
@@ -115,23 +108,22 @@ public class Index extends AbstractIndex {
*/
@SuppressWarnings("unchecked")
public Analyzer createSearchingAnalyzer() {
Map fieldAnalyzers = new HashMap();
final Map fieldAnalyzers = new HashMap();
fieldAnalyzers.put(Fields.VERSION, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.NAME, new KeywordAnalyzer());
//fieldAnalyzers.put(Fields.VERSION, new KeywordAnalyzer());
fieldAnalyzers.put(Fields.VERSION, new SearchVersionAnalyzer(Version.LUCENE_40));
productSearchFieldAnalyzer = new SearchFieldAnalyzer(Version.LUCENE_40);
vendorSearchFieldAnalyzer = new SearchFieldAnalyzer(Version.LUCENE_40);
fieldAnalyzers.put(Fields.PRODUCT, productSearchFieldAnalyzer);
fieldAnalyzers.put(Fields.VENDOR, vendorSearchFieldAnalyzer);
PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper(
new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers);
return wrapper;
return new PerFieldAnalyzerWrapper(new FieldAnalyzer(Version.LUCENE_40), fieldAnalyzers);
}
/**
* Creates the Lucene QueryParser used when querying the index
* Creates the Lucene QueryParser used when querying the index.
*
* @return a QueryParser.
*/
public QueryParser createQueryParser() {
@@ -158,10 +150,9 @@ public class Index extends AbstractIndex {
* @throws IOException is thrown if an IOException occurs.
*/
public void saveEntry(Entry entry) throws CorruptIndexException, IOException {
Document doc = convertEntryToDoc(entry);
//Term term = new Term(Fields.NVDID, LuceneUtils.escapeLuceneQuery(entry.getNvdId()));
Term term = new Term(Fields.NAME, entry.getName());
indexWriter.updateDocument(term, doc);
final Document doc = convertEntryToDoc(entry);
final Term term = new Term(Fields.NAME, entry.getName());
getIndexWriter().updateDocument(term, doc);
}
/**
@@ -171,22 +162,22 @@ public class Index extends AbstractIndex {
* @return a Lucene Document containing a CPE Entry.
*/
protected Document convertEntryToDoc(Entry entry) {
Document doc = new Document();
final Document doc = new Document();
Field name = new StoredField(Fields.NAME, entry.getName());
final Field name = new StoredField(Fields.NAME, entry.getName());
doc.add(name);
Field vendor = new TextField(Fields.VENDOR, entry.getVendor(), Field.Store.NO);
final Field vendor = new TextField(Fields.VENDOR, entry.getVendor(), Field.Store.NO);
vendor.setBoost(5.0F);
doc.add(vendor);
Field product = new TextField(Fields.PRODUCT, entry.getProduct(), Field.Store.NO);
final Field product = new TextField(Fields.PRODUCT, entry.getProduct(), Field.Store.NO);
product.setBoost(5.0F);
doc.add(product);
//TODO revision should likely be its own field
if (entry.getVersion() != null) {
Field version = null;
Field version;
if (entry.getRevision() != null) {
version = new TextField(Fields.VERSION, entry.getVersion() + " "
+ entry.getRevision(), Field.Store.NO);

4
src/main/java/org/codesecure/dependencycheck/data/cpe/package-info.java → src/main/java/org/owasp/dependencycheck/data/cpe/package-info.java
View File

@@ -1,7 +1,7 @@
/**
* <html>
* <head>
* <title>org.codesecure.dependencycheck.data.cpe</title>
* <title>org.owasp.dependencycheck.data.cpe</title>
* </head>
* <body>
* Contains classes for working with the CPE Lucene Index.
@@ -9,4 +9,4 @@
* </html>
*/
package org.codesecure.dependencycheck.data.cpe;
package org.owasp.dependencycheck.data.cpe;

86
src/main/java/org/owasp/dependencycheck/data/cwe/CweDB.java Normal file
View File

@@ -0,0 +1,86 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cwe;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
/**
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public final class CweDB {
/**
* Empty private constructor as this is a utility class.
*/
private CweDB() {
//empty
}
/**
* A HashMap of the CWE data.
*/
private static final HashMap<String, String> CWE = loadData();
/**
* Loads a HashMap containing the CWE data from a resource found in the jar.
*
* @return a HashMap of CWE data
*/
private static HashMap<String, String> loadData() {
ObjectInputStream oin = null;
try {
final String filePath = "data/cwe.hashmap.serialized";
final InputStream input = CweDB.class.getClassLoader().getResourceAsStream(filePath);
oin = new ObjectInputStream(input);
return (HashMap<String, String>) oin.readObject();
} catch (ClassNotFoundException ex) {
Logger.getLogger(CweDB.class.getName()).log(Level.WARNING, "Unable to load CWE data. This should not be an issue.");
Logger.getLogger(CweDB.class.getName()).log(Level.FINE, null, ex);
} catch (IOException ex) {
Logger.getLogger(CweDB.class.getName()).log(Level.WARNING, "Unable to load CWE data due to an IO Error. This should not be an issue.");
Logger.getLogger(CweDB.class.getName()).log(Level.FINE, null, ex);
} finally {
if (oin != null) {
try {
oin.close();
} catch (IOException ex) {
Logger.getLogger(CweDB.class.getName()).log(Level.FINEST, null, ex);
}
}
}
return null;
}
/**
* <p>Returns the full CWE name from the CWE ID.</p>
* @param cweId the CWE ID
* @return the full name of the CWE
*/
public static String getCweName(String cweId) {
if (cweId != null) {
return CWE.get(cweId);
}
return null;
}
}

55
src/main/java/org/owasp/dependencycheck/data/cwe/CweHandler.java Normal file
View File

@@ -0,0 +1,55 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.cwe;
import java.util.HashMap;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
/**
* A SAX Handler that will parse the CWE XML.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class CweHandler extends DefaultHandler {
/**
* a HashMap containing the CWE data.
*/
private final HashMap<String, String> cwe = new HashMap<String, String>();
/**
* Returns the HashMap of CWE entries (CWE-ID, Full CWE Name).
* @return a HashMap of CWE entries <String, String>
*/
public HashMap<String, String> getCwe() {
return cwe;
}
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
if ("Weakness".equals(qName) || "Category".equals(qName)) {
final String id = "CWE-" + attributes.getValue("ID");
final String name = attributes.getValue("Name");
cwe.put(id, name);
}
}
}

12
src/main/java/org/owasp/dependencycheck/data/cwe/package-info.java Normal file
View File

@@ -0,0 +1,12 @@
/**
* <html>
* <head>
* <title>org.owasp.dependencycheck.data.cwe</title>
* </head>
* <body>
* Contains classes for working with the CWE Database.
* </body>
* </html>
*/
package org.owasp.dependencycheck.data.cwe;

88
src/main/java/org/codesecure/dependencycheck/data/lucene/AbstractIndex.java → src/main/java/org/owasp/dependencycheck/data/lucene/AbstractIndex.java
View File

@@ -1,22 +1,22 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
package org.owasp.dependencycheck.data.lucene;
import java.io.IOException;
import java.util.logging.Level;
@@ -41,38 +41,38 @@ import org.apache.lucene.util.Version;
* The base Index for other index objects. Implements the open and close
* methods.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public abstract class AbstractIndex {
/**
* The Lucene directory containing the index.
*/
protected Directory directory = null;
private Directory directory;
/**
* The IndexWriter for the Lucene index.
*/
protected IndexWriter indexWriter = null;
private IndexWriter indexWriter;
/**
* The Lucene IndexReader.
*/
private IndexReader indexReader = null;
private IndexReader indexReader;
/**
* The Lucene IndexSearcher.
*/
private IndexSearcher indexSearcher = null;
private IndexSearcher indexSearcher;
/**
* The Lucene Analyzer used for Indexing.
*/
private Analyzer indexingAnalyzer = null;
private Analyzer indexingAnalyzer;
/**
* The Lucene Analyzer used for Searching
* The Lucene Analyzer used for Searching.
*/
private Analyzer searchingAnalyzer = null;
private Analyzer searchingAnalyzer;
/**
* The Lucene QueryParser used for Searching
* The Lucene QueryParser used for Searching.
*/
private QueryParser queryParser = null;
private QueryParser queryParser;
/**
* Indicates whether or not the Lucene Index is open.
*/
@@ -98,16 +98,24 @@ public abstract class AbstractIndex {
try {
indexWriter.commit();
} catch (CorruptIndexException ex) {
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, null, ex);
final String msg = "Unable to update database, there is a corrupt index.";
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg);
Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex);
} catch (IOException ex) {
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, null, ex);
final String msg = "Unable to update database due to an IO error.";
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg);
Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex);
}
try {
indexWriter.close(true);
} catch (CorruptIndexException ex) {
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, null, ex);
final String msg = "Unable to update database, there is a corrupt index.";
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg);
Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex);
} catch (IOException ex) {
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, null, ex);
final String msg = "Unable to update database due to an IO error.";
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg);
Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex);
} finally {
indexWriter = null;
}
@@ -129,7 +137,9 @@ public abstract class AbstractIndex {
try {
directory.close();
} catch (IOException ex) {
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, null, ex);
final String msg = "Unable to update database due to an IO error.";
Logger.getLogger(AbstractIndex.class.getName()).log(Level.SEVERE, msg);
Logger.getLogger(AbstractIndex.class.getName()).log(Level.FINE, null, ex);
} finally {
directory = null;
}
@@ -155,7 +165,7 @@ public abstract class AbstractIndex {
if (!isOpen()) {
open();
}
IndexWriterConfig conf = new IndexWriterConfig(Version.LUCENE_40, indexingAnalyzer);
final IndexWriterConfig conf = new IndexWriterConfig(Version.LUCENE_40, indexingAnalyzer);
indexWriter = new IndexWriter(directory, conf);
}
@@ -241,7 +251,8 @@ public abstract class AbstractIndex {
}
/**
* Searches the index using the given search string
* Searches the index using the given search string.
*
* @param searchString the query text
* @param maxQueryResults the maximum number of documents to return
* @return the TopDocs found by the search
@@ -249,22 +260,16 @@ public abstract class AbstractIndex {
* @throws IOException is thrown if there is an issue with the underlying Index
*/
public TopDocs search(String searchString, int maxQueryResults) throws ParseException, IOException {
QueryParser parser = getQueryParser();
Query query = parser.parse(searchString);
final QueryParser parser = getQueryParser();
final Query query = parser.parse(searchString);
resetSearchingAnalyzer();
IndexSearcher is = getIndexSearcher();
TopDocs docs = is.search(query, maxQueryResults);
return docs;
final IndexSearcher is = getIndexSearcher();
return is.search(query, maxQueryResults);
}
/**
* Searches the index using the given query
* Searches the index using the given query.
*
* @param query the query used to search the index
* @param maxQueryResults the max number of results to return
* @return the TopDocs found be the query
@@ -272,23 +277,24 @@ public abstract class AbstractIndex {
* @throws IOException thrown if there is an IOException
*/
public TopDocs search(Query query, int maxQueryResults) throws CorruptIndexException, IOException {
IndexSearcher is = getIndexSearcher();
final IndexSearcher is = getIndexSearcher();
return is.search(query, maxQueryResults);
}
/**
* Retrieves a document from the Index
* Retrieves a document from the Index.
*
* @param documentId the id of the document to retrieve
* @return the Document
* @throws IOException thrown if there is an IOException
*/
public Document getDocument(int documentId) throws IOException {
IndexSearcher is = getIndexSearcher();
final IndexSearcher is = getIndexSearcher();
return is.doc(documentId);
}
/**
* Gets the directory that contains the Lucene Index
* Gets the directory that contains the Lucene Index.
*
* @return a Lucene Directory
* @throws IOException is thrown when an IOException occurs
@@ -296,21 +302,21 @@ public abstract class AbstractIndex {
public abstract Directory getDirectory() throws IOException;
/**
* Creates the Lucene Analyzer used when indexing
* Creates the Lucene Analyzer used when indexing.
*
* @return a Lucene Analyzer
*/
public abstract Analyzer createIndexingAnalyzer();
/**
* Creates the Lucene Analyzer used when querying the index
* Creates the Lucene Analyzer used when querying the index.
*
* @return a Lucene Analyzer
*/
public abstract Analyzer createSearchingAnalyzer();
/**
* Creates the Lucene QueryParser used when querying the index
* Creates the Lucene QueryParser used when querying the index.
* @return a QueryParser
*/
public abstract QueryParser createQueryParser();

15
src/main/java/org/codesecure/dependencycheck/data/lucene/DependencySimilarity.java → src/main/java/org/owasp/dependencycheck/data/lucene/DependencySimilarity.java
View File

@@ -1,31 +1,34 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
package org.owasp.dependencycheck.data.lucene;
import org.apache.lucene.search.similarities.DefaultSimilarity;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DependencySimilarity extends DefaultSimilarity {
/**
* the serial version uid.
*/
private static final long serialVersionUID = 1L;
/**

21
src/main/java/org/codesecure/dependencycheck/data/lucene/FieldAnalyzer.java → src/main/java/org/owasp/dependencycheck/data/lucene/FieldAnalyzer.java
View File

@@ -1,22 +1,22 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
package org.owasp.dependencycheck.data.lucene;
import java.io.Reader;
import org.apache.lucene.analysis.Analyzer;
@@ -34,17 +34,18 @@ import org.apache.lucene.util.Version;
* LowerCaseFilter, and StopFilter. The intended purpose of this Analyzer is
* to index the CPE fields vendor and product.</p>
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class FieldAnalyzer extends Analyzer {
/**
* The Lucene Version used
* The Lucene Version used.
*/
private Version version = null;
private final Version version;
/**
* Creates a new FieldAnalyzer
* Creates a new FieldAnalyzer.
*
* @param version the Lucene version
*/
public FieldAnalyzer(Version version) {
@@ -60,7 +61,7 @@ public class FieldAnalyzer extends Analyzer {
*/
@Override
protected TokenStreamComponents createComponents(String fieldName, Reader reader) {
Tokenizer source = new WhitespaceTokenizer(version, reader);
final Tokenizer source = new WhitespaceTokenizer(version, reader);
TokenStream stream = source;

25
src/main/java/org/codesecure/dependencycheck/data/lucene/LuceneUtils.java → src/main/java/org/owasp/dependencycheck/data/lucene/LuceneUtils.java
View File

@@ -1,33 +1,33 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
package org.owasp.dependencycheck.data.lucene;
/**
* <p>Lucene utils is a set of utilitize written to make constructing Lucene
* queries simplier.</p>
* <p>Lucene utils is a set of utilize written to make constructing Lucene
* queries simpler.</p>
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public final class LuceneUtils {
/**
* Provate contructor as this is a utility class.
* Private constructor as this is a utility class.
*/
private LuceneUtils() {
}
@@ -40,6 +40,9 @@ public final class LuceneUtils {
* @param text the data to be escaped
*/
@SuppressWarnings("fallthrough")
@edu.umd.cs.findbugs.annotations.SuppressWarnings(
value = "SF_SWITCH_NO_DEFAULT",
justification = "The switch below does have a default.")
public static void appendEscapedLuceneQuery(StringBuilder buf,
final CharSequence text) {
@@ -48,7 +51,7 @@ public final class LuceneUtils {
}
for (int i = 0; i < text.length(); i++) {
char c = text.charAt(i);
final char c = text.charAt(i);
switch (c) {
case '+':
case '-':
@@ -91,7 +94,7 @@ public final class LuceneUtils {
int size = text.length();
size = size >> 1;
StringBuilder buf = new StringBuilder(size);
final StringBuilder buf = new StringBuilder(size);
appendEscapedLuceneQuery(buf, text);

23
src/main/java/org/codesecure/dependencycheck/data/lucene/SearchFieldAnalyzer.java → src/main/java/org/owasp/dependencycheck/data/lucene/SearchFieldAnalyzer.java
View File

@@ -1,22 +1,22 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
package org.owasp.dependencycheck.data.lucene;
import java.io.Reader;
import org.apache.lucene.analysis.Analyzer;
@@ -32,22 +32,23 @@ import org.apache.lucene.util.Version;
/**
* A Lucene field analyzer used to analyzer queries against the CPE data.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class SearchFieldAnalyzer extends Analyzer {
/**
* The Lucene Version used
* The Lucene Version used.
*/
private Version version = null;
private final Version version;
/**
* A local reference to the TokenPairConcatenatingFilter so that we
* can clear any left over state if this analyzer is re-used.
*/
private TokenPairConcatenatingFilter concatenatingFilter = null;
private TokenPairConcatenatingFilter concatenatingFilter;
/**
* Constructs a new SearchFieldAnalyzer
* Constructs a new SearchFieldAnalyzer.
*
* @param version the Lucene version
*/
public SearchFieldAnalyzer(Version version) {
@@ -62,7 +63,7 @@ public class SearchFieldAnalyzer extends Analyzer {
*/
@Override
protected TokenStreamComponents createComponents(String fieldName, Reader reader) {
Tokenizer source = new WhitespaceTokenizer(version, reader);
final Tokenizer source = new WhitespaceTokenizer(version, reader);
TokenStream stream = source;

71
src/main/java/org/owasp/dependencycheck/data/lucene/SearchVersionAnalyzer.java Normal file
View File

@@ -0,0 +1,71 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.lucene;
import java.io.Reader;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.TokenStream;
import org.apache.lucene.analysis.Tokenizer;
import org.apache.lucene.analysis.core.LowerCaseFilter;
import org.apache.lucene.analysis.core.WhitespaceTokenizer;
import org.apache.lucene.util.Version;
/**
* SearchVersionAnalyzer is a Lucene Analyzer used to analyze version information.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class SearchVersionAnalyzer extends Analyzer {
//TODO consider implementing payloads/custom attributes...
// use custom attributes for major, minor, x, x, x, rcx
// these can then be used to weight the score for searches on the version.
// see http://lucene.apache.org/core/3_6_1/api/core/org/apache/lucene/analysis/package-summary.html#package_description
// look at this article to implement
// http://www.codewrecks.com/blog/index.php/2012/08/25/index-your-blog-using-tags-and-lucene-net/
/**
* The Lucene Version used.
*/
private final Version version;
/**
* Creates a new SearchVersionAnalyzer.
*
* @param version the Lucene version
*/
public SearchVersionAnalyzer(Version version) {
this.version = version;
}
/**
* Creates the TokenStreamComponents
*
* @param fieldName the field name being analyzed
* @param reader the reader containing the input
* @return the TokenStreamComponents
*/
@Override
protected TokenStreamComponents createComponents(String fieldName, Reader reader) {
final Tokenizer source = new WhitespaceTokenizer(version, reader);
TokenStream stream = source;
stream = new LowerCaseFilter(version, stream);
stream = new VersionTokenizingFilter(stream);
return new TokenStreamComponents(source, stream);
}
}

58
src/main/java/org/codesecure/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java → src/main/java/org/owasp/dependencycheck/data/lucene/TokenPairConcatenatingFilter.java
View File

@@ -1,22 +1,22 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.lucene;
package org.owasp.dependencycheck.data.lucene;
import java.io.IOException;
import java.util.LinkedList;
@@ -26,20 +26,35 @@ import org.apache.lucene.analysis.tokenattributes.CharTermAttribute;
import org.apache.lucene.analysis.tokenattributes.PositionIncrementAttribute;
/**
* <p>Takes a TokenStream and adds additional tokens by concatenating pairs of words.</p>
* <p><b>Example:</b> "Spring Framework Core" -> "Spring SpringFramework Framework FrameworkCore Core".</p>
* <p>Takes a TokenStream and adds additional tokens by concatenating pairs of
* words.</p>
* <p><b>Example:</b> "Spring Framework Core" -> "Spring SpringFramework
* Framework FrameworkCore Core".</p>
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public final class TokenPairConcatenatingFilter extends TokenFilter {
/**
* The char term attribute.
*/
private final CharTermAttribute termAtt = addAttribute(CharTermAttribute.class);
/**
* The position increment attribute.
*/
private final PositionIncrementAttribute posIncAtt = addAttribute(PositionIncrementAttribute.class);
private String previousWord = null;
private LinkedList<String> words = null;
/**
* The previous word parsed.
*/
private String previousWord;
/**
* A list of words parsed.
*/
private final LinkedList<String> words;
/**
* Consructs a new TokenPairConcatenatingFilter
* Constructs a new TokenPairConcatenatingFilter.
*
* @param stream the TokenStream that this filter will process
*/
public TokenPairConcatenatingFilter(TokenStream stream) {
@@ -48,8 +63,8 @@ public final class TokenPairConcatenatingFilter extends TokenFilter {
}
/**
* Increments the underlying TokenStream and sets CharTermAtttributes to
* construct an expanded set of tokens by concatenting tokens with the
* Increments the underlying TokenStream and sets CharTermAttributes to
* construct an expanded set of tokens by concatenating tokens with the
* previous token.
*
* @return whether or not we have hit the end of the TokenStream
@@ -58,16 +73,16 @@ public final class TokenPairConcatenatingFilter extends TokenFilter {
@Override
public boolean incrementToken() throws IOException {
//collect all the terms into the words collaction
//collect all the terms into the words collection
while (input.incrementToken()) {
String word = new String(termAtt.buffer(), 0, termAtt.length());
final String word = new String(termAtt.buffer(), 0, termAtt.length());
words.add(word);
}
//if we have a previousTerm - write it out as its own token concatonated
//if we have a previousTerm - write it out as its own token concatenated
// with the current word (if one is available).
if (previousWord != null && words.size() > 0) {
String word = words.getFirst();
final String word = words.getFirst();
clearAttributes();
termAtt.append(previousWord).append(word);
posIncAtt.setPositionIncrement(0);
@@ -76,7 +91,7 @@ public final class TokenPairConcatenatingFilter extends TokenFilter {
}
//if we have words, write it out as a single token
if (words.size() > 0) {
String word = words.removeFirst();
final String word = words.removeFirst();
clearAttributes();
termAtt.append(word);
previousWord = word;
@@ -86,9 +101,10 @@ public final class TokenPairConcatenatingFilter extends TokenFilter {
}
/**
* <p>Resets the Filter and clears any internal state data that may
* have been left-over from previous uses of the Filter.</p>
* <p><b>If this Filter is re-used this method must be called between uses.</b></p>
* <p>Resets the Filter and clears any internal state data that may have
* been left-over from previous uses of the Filter.</p>
* <p><b>If this Filter is re-used this method must be called between
* uses.</b></p>
*/
public void clear() {
previousWord = null;

70
src/main/java/org/owasp/dependencycheck/data/lucene/VersionAnalyzer.java Normal file
View File

@@ -0,0 +1,70 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.lucene;
import java.io.Reader;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.TokenStream;
import org.apache.lucene.analysis.Tokenizer;
import org.apache.lucene.analysis.core.LowerCaseFilter;
import org.apache.lucene.analysis.core.WhitespaceTokenizer;
import org.apache.lucene.util.Version;
/**
* VersionAnalyzer is a Lucene Analyzer used to analyze version information.
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class VersionAnalyzer extends Analyzer {
//TODO consider implementing payloads/custom attributes...
// use custom attributes for major, minor, x, x, x, rcx
// these can then be used to weight the score for searches on the version.
// see http://lucene.apache.org/core/3_6_1/api/core/org/apache/lucene/analysis/package-summary.html#package_description
// look at this article to implement
// http://www.codewrecks.com/blog/index.php/2012/08/25/index-your-blog-using-tags-and-lucene-net/
/**
* The Lucene Version used.
*/
private final Version version;
/**
* Creates a new VersionAnalyzer.
*
* @param version the Lucene version
*/
public VersionAnalyzer(Version version) {
this.version = version;
}
/**
* Creates the TokenStreamComponents
*
* @param fieldName the field name being analyzed
* @param reader the reader containing the input
* @return the TokenStreamComponents
*/
@Override
protected TokenStreamComponents createComponents(String fieldName, Reader reader) {
final Tokenizer source = new WhitespaceTokenizer(version, reader);
TokenStream stream = source;
stream = new LowerCaseFilter(version, stream);
return new TokenStreamComponents(source, stream);
}
}

121
src/main/java/org/owasp/dependencycheck/data/lucene/VersionTokenizingFilter.java Normal file
View File

@@ -0,0 +1,121 @@
/*
* This file is part of Dependency-Check.
*
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.owasp.dependencycheck.data.lucene;
import java.io.IOException;
import java.util.LinkedList;
import org.apache.lucene.analysis.TokenFilter;
import org.apache.lucene.analysis.TokenStream;
import org.apache.lucene.analysis.tokenattributes.CharTermAttribute;
/**
* <p>Takes a TokenStream and splits or adds tokens to correctly index version
* numbers.</p>
* <p><b>Example:</b> "3.0.0.RELEASE" -> "3 3.0 3.0.0 RELEASE
* 3.0.0.RELEASE".</p>
*
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public final class VersionTokenizingFilter extends TokenFilter {
/**
* The char term attribute.
*/
private final CharTermAttribute termAtt = addAttribute(CharTermAttribute.class);
/**
* A collection of tokens to add to the stream.
*/
private final LinkedList<String> tokens;
/**
* Constructs a new VersionTokenizingFilter.
*
* @param stream the TokenStream that this filter will process
*/
public VersionTokenizingFilter(TokenStream stream) {
super(stream);
tokens = new LinkedList<String>();
}
/**
* Increments the underlying TokenStream and sets CharTermAttributes to
* construct an expanded set of tokens by concatenating tokens with the
* previous token.
*
* @return whether or not we have hit the end of the TokenStream
* @throws IOException is thrown when an IOException occurs
*/
@Override
public boolean incrementToken() throws IOException {
if (tokens.size() == 0 && input.incrementToken()) {
final String version = new String(termAtt.buffer(), 0, termAtt.length());
final String[] toAnalyze = version.split("[_-]");
//ensure we analyze the whole string as one too
analyzeVersion(version);
for (String str : toAnalyze) {
analyzeVersion(str);
}
}
return addTerm();
}
/**
* Adds a term, if one exists, from the tokens collection.
*
* @return whether or not a new term was added
*/
private boolean addTerm() {
final boolean termAdded = tokens.size() > 0;
if (termAdded) {
final String version = tokens.pop();
clearAttributes();
termAtt.append(version);
}
return termAdded;
}
/**
* <p>Analyzes the version and adds several copies of the version as
* different tokens. For example, the version 1.2.7 would create the tokens
* 1 1.2 1.2.7. This is useful in discovering the correct version -
* sometimes a maintenance or build number will throw off the version
* identification.</p>
*
* <p>expected&nbsp;format:&nbps;major.minor[.maintenance[.build]]</p>
*
* @param version the version to analyze
*/
private void analyzeVersion(String version) {
//todo should we also be splitting on dash or underscore? we would need
// to incorporate the dash or underscore back in...
final String[] versionParts = version.split("\\.");
String dottedVersion = null;
for (String current : versionParts) {
if (!current.matches("^/d+$")) {
tokens.add(current);
}
if (dottedVersion == null) {
dottedVersion = current;
} else {
dottedVersion = dottedVersion + "." + current;
}
tokens.add(dottedVersion);
}
}
}

4
src/main/java/org/codesecure/dependencycheck/data/lucene/package-info.java → src/main/java/org/owasp/dependencycheck/data/lucene/package-info.java
View File

@@ -1,7 +1,7 @@
/**
* <html>
* <head>
* <title>org.codesecure.dependencycheck.data.lucene</title>
* <title>org.owasp.dependencycheck.data.lucene</title>
* </head>
* <body>
* Contains classes used to work with the Lucene Indexes.
@@ -9,4 +9,4 @@
* </html>
*/
package org.codesecure.dependencycheck.data.lucene;
package org.owasp.dependencycheck.data.lucene;

16
src/main/java/org/codesecure/dependencycheck/data/nvdcve/CorruptDatabaseException.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/CorruptDatabaseException.java
View File

@@ -1,30 +1,34 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve;
package org.owasp.dependencycheck.data.nvdcve;
/**
* An exception used to indicate the db4o database is corrupt.
* This could be due to invalid data or a complete failure of the db.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
class CorruptDatabaseException extends DatabaseException {
/**
* the serial version uid.
*/
private static final long serialVersionUID = 1L;
/**

201
src/main/java/org/codesecure/dependencycheck/data/nvdcve/CveDB.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -1,27 +1,26 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve;
package org.owasp.dependencycheck.data.nvdcve;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.sql.CallableStatement;
import java.sql.Connection;
import java.sql.DriverManager;
@@ -32,147 +31,148 @@ import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.codesecure.dependencycheck.data.cpe.Entry;
import org.codesecure.dependencycheck.dependency.Reference;
import org.codesecure.dependencycheck.dependency.Vulnerability;
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
import org.codesecure.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.data.cpe.Entry;
import org.owasp.dependencycheck.data.cwe.CweDB;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
/**
* The database holding information about the NVD CVE data.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class CveDB {
//<editor-fold defaultstate="collapsed" desc="Constants to create, maintain, and retrieve data from the CVE Database">
/**
* SQL Statement to create an index on the reference table
* SQL Statement to create an index on the reference table.
*/
public static final String CREATE_INDEX_IDXREFERENCE = "CREATE INDEX IF NOT EXISTS idxReference ON reference(cveid)";
/**
* SQL Statement to create an index on the software for finding CVE entries based on CPE data
* SQL Statement to create an index on the software for finding CVE entries based on CPE data.
*/
public static final String CREATE_INDEX_IDXSOFTWARE = "CREATE INDEX IF NOT EXISTS idxSoftware ON software(product, vendor, version)";
/**
* SQL Statement to create an index for retrieving software by CVEID
* SQL Statement to create an index for retrieving software by CVEID.
*/
public static final String CREATE_INDEX_IDXSOFTWARECVE = "CREATE INDEX IF NOT EXISTS idxSoftwareCve ON software(cveid)";
/**
* SQL Statement to create an index on the vulnerability table
* SQL Statement to create an index on the vulnerability table.
*/
public static final String CREATE_INDEX_IDXVULNERABILITY = "CREATE INDEX IF NOT EXISTS idxVulnerability ON vulnerability(cveid)";
/**
* SQL Statement to create the reference table
* SQL Statement to create the reference table.
*/
public static final String CREATE_TABLE_REFERENCE = "CREATE TABLE IF NOT EXISTS reference (cveid CHAR(13), "
+ "name varchar(1000), url varchar(1000), source varchar(255))";
/**
* SQL Statement to create the software table
* SQL Statement to create the software table.
*/
public static final String CREATE_TABLE_SOFTWARE = "CREATE TABLE IF NOT EXISTS software (cveid CHAR(13), cpe varchar(500), "
+ "vendor varchar(255), product varchar(255), version varchar(50), previousVersion varchar(50))";
/**
* SQL Statement to create the vulnerability table
* SQL Statement to create the vulnerability table.
*/
public static final String CREATE_TABLE_VULNERABILITY = "CREATE TABLE IF NOT EXISTS vulnerability (cveid CHAR(13) PRIMARY KEY, "
+ "description varchar(8000), cwe varchar(10), cvssScore DECIMAL(3,1), cvssAccessVector varchar(20), "
+ "cvssAccessComplexity varchar(20), cvssAuthentication varchar(20), cvssConfidentialityImpact varchar(20), "
+ "cvssIntegrityImpact varchar(20), cvssAvailabilityImpact varchar(20))";
/**
* SQL Statement to delete references by CVEID
* SQL Statement to delete references by CVEID.
*/
public static final String DELETE_REFERENCE = "DELETE FROM reference WHERE cveid = ?";
/**
* SQL Statement to delete software by CVEID
* SQL Statement to delete software by CVEID.
*/
public static final String DELETE_SOFTWARE = "DELETE FROM software WHERE cveid = ?";
/**
* SQL Statement to delete a vulnerability by CVEID
* SQL Statement to delete a vulnerability by CVEID.
*/
public static final String DELETE_VULNERABILITY = "DELETE FROM vulnerability WHERE cveid = ?";
/**
* SQL Statement to insert a new reference
* SQL Statement to insert a new reference.
*/
public static final String INSERT_REFERENCE = "INSERT INTO reference (cveid, name, url, source) VALUES (?, ?, ?, ?)";
/**
* SQL Statement to insert a new software
* SQL Statement to insert a new software.
*/
public static final String INSERT_SOFTWARE = "INSERT INTO software (cveid, cpe, vendor, product, version, previousVersion) "
+ "VALUES (?, ?, ?, ?, ?, ?)";
/**
* SQL Statement to insert a new vulnerability
* SQL Statement to insert a new vulnerability.
*/
public static final String INSERT_VULNERABILITY = "INSERT INTO vulnerability (cveid, description, cwe, cvssScore, cvssAccessVector, "
+ "cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact) "
+ "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
/**
* SQL Statement to find CVE entries based on CPE data
* SQL Statement to find CVE entries based on CPE data.
*/
public static final String SELECT_CVE_FROM_SOFTWARE = "SELECT cveid FROM software WHERE Vendor = ? AND Product = ? AND "
+ "(version = '-' OR previousVersion IS NOT NULL OR version=?)";
/**
* SQL Statement to select references by CVEID
* SQL Statement to select references by CVEID.
*/
public static final String SELECT_REFERENCE = "SELECT source, name, url FROM reference WHERE cveid = ?";
/**
* SQL Statement to select software by CVEID
* SQL Statement to select software by CVEID.
*/
public static final String SELECT_SOFTWARE = "SELECT cpe, previousVersion FROM software WHERE cveid = ?";
/**
* SQL Statement to select a vulnerability by CVEID
* SQL Statement to select a vulnerability by CVEID.
*/
public static final String SELECT_VULNERABILITY = "SELECT cveid, description, cwe, cvssScore, cvssAccessVector, cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact FROM vulnerability WHERE cveid = ?";
public static final String SELECT_VULNERABILITY = "SELECT cveid, description, cwe, cvssScore, cvssAccessVector, cvssAccessComplexity, "
+ "cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact FROM vulnerability WHERE cveid = ?";
//</editor-fold>
//<editor-fold defaultstate="collapsed" desc="Collection of CallableStatements to work with the DB">
/**
* delete reference - parameters (cveid)
* delete reference - parameters (cveid).
*/
private CallableStatement deleteReferences = null;
private CallableStatement deleteReferences;
/**
* delete software - parameters (cveid)
* delete software - parameters (cveid).
*/
private CallableStatement deleteSoftware = null;
private CallableStatement deleteSoftware;
/**
* delete vulnerability - parameters (cveid)
* delete vulnerability - parameters (cveid).
*/
private CallableStatement deleteVulnerabilities = null;
private CallableStatement deleteVulnerabilities;
/**
* insert reference - parameters (cveid, name, url, source)
* insert reference - parameters (cveid, name, url, source).
*/
private CallableStatement insertReference = null;
private CallableStatement insertReference;
/**
* insert software - parameters (cveid, cpe, vendor, product, version, previousVersion)
* insert software - parameters (cveid, cpe, vendor, product, version, previousVersion).
*/
private CallableStatement insertSoftware = null;
private CallableStatement insertSoftware;
/**
* insert vulnerability - parameters (cveid, description, cwe, cvssScore, cvssAccessVector, cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact)
* insert vulnerability - parameters (cveid, description, cwe, cvssScore, cvssAccessVector,
* cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact).
*/
private CallableStatement insertVulnerability = null;
private CallableStatement insertVulnerability;
/**
* select cve from software - parameters (vendor, product, version)
* select cve from software - parameters (vendor, product, version).
*/
private CallableStatement selectCveFromSoftware = null;
private CallableStatement selectCveFromSoftware;
/**
* select vulnerability - parameters (cveid)
* select vulnerability - parameters (cveid).
*/
private CallableStatement selectVulnerability = null;
private CallableStatement selectVulnerability;
/**
* select reference - parameters (cveid)
* select reference - parameters (cveid).
*/
private CallableStatement selectReferences = null;
private CallableStatement selectReferences;
/**
* select software - parameters (cveid)
* select software - parameters (cveid).
*/
private CallableStatement selectSoftware = null;
private CallableStatement selectSoftware;
//</editor-fold>
/**
* Database connection
*/
protected Connection conn = null;
private Connection conn;
/**
* Opens the database connection. If the database does not exist, it will
@@ -181,14 +181,19 @@ public class CveDB {
* @throws IOException thrown if there is an IO Exception
* @throws SQLException thrown if there is a SQL Exception
* @throws DatabaseException thrown if there is an error initializing a new database
* @throws ClassNotFoundException thrown if the h2 database driver cannot be loaded
*/
public void open() throws IOException, SQLException, DatabaseException {
String fileName = CveDB.getDataDirectory().getCanonicalPath()
@edu.umd.cs.findbugs.annotations.SuppressWarnings(
value = "DMI_EMPTY_DB_PASSWORD",
justification = "Yes, I know... Blank password.")
public void open() throws IOException, SQLException, DatabaseException, ClassNotFoundException {
final String fileName = CveDB.getDataDirectory().getCanonicalPath()
+ File.separator
+ "cve";
File f = new File(fileName);
boolean createTables = !f.exists();
String connStr = "jdbc:h2:file:" + fileName;
final File f = new File(fileName);
final boolean createTables = !f.exists();
final String connStr = "jdbc:h2:file:" + fileName;
Class.forName("org.h2.Driver");
conn = DriverManager.getConnection(connStr, "sa", "");
if (createTables) {
createTables();
@@ -197,7 +202,7 @@ public class CveDB {
}
/**
* Cleansup the object and ensures that "close" has been called.
* Cleans up the object and ensures that "close" has been called.
* @throws Throwable thrown if there is a problem
*/
@Override
@@ -215,28 +220,32 @@ public class CveDB {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
final String msg = "There was an error attempting to close the CveDB, see the log for more details.";
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, msg, ex);
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex);
}
conn = null;
}
}
/**
* Retrieves the vulnerabilities associated with the specified CPE cpe.
* Retrieves the vulnerabilities associated with the specified CPE.
*
* @param cpeStr the CPE cpe name
* @param cpeStr the CPE name
* @return a list of Vulnerabilities
* @throws DatabaseException thrown if there is an exception retrieving data
*/
public List<Vulnerability> getVulnerablilities(String cpeStr) throws DatabaseException {
public List<Vulnerability> getVulnerabilities(String cpeStr) throws DatabaseException {
ResultSet rs = null;
final Entry cpe = new Entry();
try {
cpe.parseName(cpeStr);
} catch (UnsupportedEncodingException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
final String msg = "There was an encoding error parsing a vulerability, see the log for more details.";
Logger.getLogger(CveDB.class.getName()).log(Level.WARNING, msg);
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, String.format("Error parsing '%s'", cpeStr), ex);
}
List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>();
final List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>();
try {
selectCveFromSoftware.setString(1, cpe.getVendor());
@@ -244,7 +253,7 @@ public class CveDB {
selectCveFromSoftware.setString(3, cpe.getVersion());
rs = selectCveFromSoftware.executeQuery();
while (rs.next()) {
Vulnerability v = getVulnerability(rs.getString("cveid"));
final Vulnerability v = getVulnerability(rs.getString("cveid"));
vulnerabilities.add(v);
}
} catch (SQLException ex) {
@@ -254,13 +263,20 @@ public class CveDB {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing RecordSet", ex);
}
}
}
return vulnerabilities;
}
/**
* Gets a vulnerability for the provided CVE.
*
* @param cve the CVE to lookup
* @return a vulnerability object
* @throws DatabaseException if an exception occurs
*/
private Vulnerability getVulnerability(String cve) throws DatabaseException {
ResultSet rsV = null;
ResultSet rsR = null;
@@ -273,7 +289,14 @@ public class CveDB {
vuln = new Vulnerability();
vuln.setName(cve);
vuln.setDescription(rsV.getString(2));
vuln.setCwe(rsV.getString(3));
String cwe = rsV.getString(3);
if (cwe != null) {
final String name = CweDB.getCweName(cwe);
if (name != null) {
cwe += " " + name;
}
}
vuln.setCwe(cwe);
vuln.setCvssScore(rsV.getFloat(4));
vuln.setCvssAccessVector(rsV.getString(5));
vuln.setCvssAccessComplexity(rsV.getString(6));
@@ -290,12 +313,12 @@ public class CveDB {
selectSoftware.setString(1, cve);
rsS = selectSoftware.executeQuery();
while (rsS.next()) {
String cpe = rsS.getString(1);
String prevVers = rsS.getString(2);
if (prevVers == null) {
final String cpe = rsS.getString(1);
final String prevVersion = rsS.getString(2);
if (prevVersion == null) {
vuln.addVulnerableSoftware(cpe);
} else {
vuln.addVulnerableSoftware(cpe, prevVers);
vuln.addVulnerableSoftware(cpe, prevVersion);
}
}
}
@@ -306,21 +329,21 @@ public class CveDB {
try {
rsV.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing RecordSet", ex);
}
}
if (rsR != null) {
try {
rsR.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing RecordSet", ex);
}
}
if (rsS != null) {
try {
rsS.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing RecordSet", ex);
}
}
}
@@ -336,7 +359,7 @@ public class CveDB {
*/
public void updateVulnerability(Vulnerability vuln) throws DatabaseException {
try {
// first delete any existing vulnerabilty info.
// first delete any existing vulnerability info.
deleteReferences.setString(1, vuln.getName());
deleteReferences.execute();
deleteSoftware.setString(1, vuln.getName());
@@ -379,8 +402,9 @@ public class CveDB {
}
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
throw new DatabaseException("Error updating '" + vuln.getName() + "'", ex);
final String msg = String.format("Error updating '%s'", vuln.getName());
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, null, ex);
throw new DatabaseException(msg, ex);
}
}
@@ -392,19 +416,8 @@ public class CveDB {
* @throws IOException is thrown if an IOException occurs of course...
*/
public static File getDataDirectory() throws IOException {
String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
String filePath = CveDB.class.getProtectionDomain().getCodeSource().getLocation().getPath();
String decodedPath = URLDecoder.decode(filePath, "UTF-8");
File exePath = new File(decodedPath);
if (exePath.getName().toLowerCase().endsWith(".jar")) {
exePath = exePath.getParentFile();
} else {
exePath = new File(".");
}
File path = new File(exePath.getCanonicalFile() + File.separator + fileName);
path = new File(path.getCanonicalPath());
final String fileName = Settings.getString(Settings.KEYS.CVE_INDEX);
final File path = FileUtils.getDataDirectory(fileName, CveDB.class);
if (!path.exists()) {
if (!path.mkdirs()) {
throw new IOException("Unable to create NVD CVE Data directory");
@@ -435,7 +448,7 @@ public class CveDB {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Error closing Statement", ex);
}
}
}
@@ -443,7 +456,7 @@ public class CveDB {
/**
* Builds the CallableStatements used by the application.
* @throws DatabaseException
* @throws DatabaseException thrown if there is a database exception
*/
private void buildStatements() throws DatabaseException {
try {

20
src/main/java/org/codesecure/dependencycheck/data/nvdcve/DatabaseException.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/DatabaseException.java
View File

@@ -1,32 +1,36 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve;
package org.owasp.dependencycheck.data.nvdcve;
/**
* An exception thrown if an operation against the database fails.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DatabaseException extends Exception {
/**
* the serial version uid.
*/
private static final long serialVersionUID = 1L;
/**
* Creates an DatabaseException
* Creates an DatabaseException.
*
* @param msg the exception message
*/
@@ -35,7 +39,7 @@ public class DatabaseException extends Exception {
}
/**
* Creates an DatabaseException
* Creates an DatabaseException.
*
* @param msg the exception message
* @param ex the cause of the exception

94
src/main/java/org/codesecure/dependencycheck/data/nvdcve/NvdCveAnalyzer.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/NvdCveAnalyzer.java
View File

@@ -1,42 +1,43 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve;
package org.owasp.dependencycheck.data.nvdcve;
import java.io.IOException;
import java.sql.SQLException;
import java.util.List;
import java.util.Set;
import org.codesecure.dependencycheck.Engine;
import org.codesecure.dependencycheck.analyzer.AnalysisException;
import org.codesecure.dependencycheck.analyzer.AnalysisPhase;
import org.codesecure.dependencycheck.dependency.Dependency;
import org.codesecure.dependencycheck.dependency.Vulnerability;
import org.codesecure.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.AnalysisException;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
/**
* NvdCveAnalyzer is a utility class that takes a project dependency and
* attempts to decern if there is an associated CVEs. It uses the the
* attempts to discern if there is an associated CVEs. It uses the the
* identifiers found by other analyzers to lookup the CVE data.
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.Analyzer {
public class NvdCveAnalyzer implements Analyzer {
/**
* The maximum number of query results to return.
@@ -45,16 +46,17 @@ public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.A
/**
* The CVE Index.
*/
protected CveDB cveDB = null;
private CveDB cveDB;
/**
* Opens the data source.
*
* @throws SQLException thrown wwhen there is a SQL Exception
* @throws SQLException thrown when there is a SQL Exception
* @throws IOException thrown when there is an IO Exception
* @throws DatabaseException thrown when there is a database exceptions
* @throws ClassNotFoundException thrown if the h2 database driver cannot be loaded
*/
public void open() throws SQLException, IOException, DatabaseException {
public void open() throws SQLException, IOException, DatabaseException, ClassNotFoundException {
cveDB = new CveDB();
cveDB.open();
}
@@ -102,10 +104,12 @@ public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.A
for (Identifier id : dependency.getIdentifiers()) {
if ("cpe".equals(id.getType())) {
try {
String value = id.getValue();
List<Vulnerability> vulns = cveDB.getVulnerablilities(value);
final String value = id.getValue();
final List<Vulnerability> vulns = cveDB.getVulnerabilities(value);
for (Vulnerability v : vulns) {
dependency.addVulnerability(v);
if (isValidMatch(dependency, v)) {
dependency.addVulnerability(v);
}
}
} catch (DatabaseException ex) {
throw new AnalysisException(ex);
@@ -159,4 +163,52 @@ public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.A
public void initialize() throws Exception {
this.open();
}
/**
* <p>Determines if this is a valid vulnerability match for the given dependency.
* Specifically, this is concerned with ensuring the version numbers are correct.</p>
* <p>Currently, this is focused on the issues with the versions for Struts 1 and Struts 2.
* In the future this will due better matching on more version numbers.</p>
* @param dependency the dependency
* @param v the vulnerability
* @return returns true if the vulnerability is for the given dependency
*/
private boolean isValidMatch(final Dependency dependency, final Vulnerability v) {
//right now I only know of the issue with Struts1/2
// start with fixing this problem.
//TODO extend this solution to do better version matching for the vulnerable software.
boolean struts1 = false;
boolean struts2 = false;
for (Identifier i : dependency.getIdentifiers()) {
if (i.getValue().startsWith("cpe:/a:apache:struts:")) {
final char version = i.getValue().charAt(21);
if (version == '1') {
struts1 = true;
}
if (version == '2') {
struts2 = true;
}
}
}
if (!struts1 && !struts2) {
return true; //we are not looking at struts, so return true.
}
if (struts1 && struts2) {
return true; //there is a mismatch here, but we can't solve it here so we return valid.
}
if (struts1) {
boolean hasStruts1Vuln = false;
boolean hasStruts2PreviousVersion = false;
for (VulnerableSoftware vs : v.getVulnerableSoftware()) {
hasStruts2PreviousVersion |= vs.hasPreviousVersion() && vs.getName().charAt(21) == '2';
hasStruts1Vuln |= vs.getName().charAt(21) == '1';
}
if (!hasStruts1Vuln && hasStruts2PreviousVersion) {
return false;
}
}
return true;
}
}

4
src/main/java/org/codesecure/dependencycheck/data/nvdcve/package-info.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/package-info.java
View File

@@ -1,7 +1,7 @@
/**
* <html>
* <head>
* <title>org.codesecure.dependencycheck.data.nvdcve</title>
* <title>org.owasp.dependencycheck.data.nvdcve</title>
* </head>
* <body>
* Contains classes used to work with the NVD CVE data.
@@ -9,4 +9,4 @@
* </html>
*/
package org.codesecure.dependencycheck.data.nvdcve;
package org.owasp.dependencycheck.data.nvdcve;

196
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/DatabaseUpdater.java
View File

@@ -1,22 +1,22 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
package org.owasp.dependencycheck.data.nvdcve.xml;
import java.io.File;
import java.io.FileInputStream;
@@ -27,7 +27,7 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import javax.xml.parsers.ParserConfigurationException;
import org.codesecure.dependencycheck.data.CachedWebDataSource;
import org.owasp.dependencycheck.data.CachedWebDataSource;
import java.net.MalformedURLException;
import java.net.URL;
import java.sql.SQLException;
@@ -40,21 +40,21 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.codesecure.dependencycheck.data.UpdateException;
import org.codesecure.dependencycheck.data.cpe.Index;
import org.codesecure.dependencycheck.data.nvdcve.CveDB;
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
import org.codesecure.dependencycheck.utils.DownloadFailedException;
import org.codesecure.dependencycheck.utils.Downloader;
import org.codesecure.dependencycheck.utils.FileUtils;
import org.codesecure.dependencycheck.utils.InvalidSettingException;
import org.codesecure.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.data.UpdateException;
import org.owasp.dependencycheck.data.cpe.Index;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
import org.xml.sax.SAXException;
import org.codesecure.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
/**
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class DatabaseUpdater implements CachedWebDataSource {
@@ -75,19 +75,20 @@ public class DatabaseUpdater implements CachedWebDataSource {
*/
private static final String LAST_UPDATED_BASE = "lastupdated.";
/**
* The current version of the database
* The current version of the database.
*/
public static final String DATABASE_VERSION = "2.1";
public static final String DATABASE_VERSION = "2.2";
/**
* <p>Downloads the latest NVD CVE XML file from the web and imports it into
* the current CVE Database.</p>
*
* @throws UpdateException is thrown if there is an error updating the database
* @throws UpdateException is thrown if there is an error updating the
* database
*/
public void update() throws UpdateException {
try {
Map<String, NvdCveUrl> update = updateNeeded();
final Map<String, NvdCveUrl> update = updateNeeded();
int maxUpdates = 0;
for (NvdCveUrl cve : update.values()) {
if (cve.getNeedsUpdate()) {
@@ -95,20 +96,20 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
}
if (maxUpdates > 3) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO,
"NVD CVE requires several updates; this could take a couple of minutes.");
}
int count = 0;
for (NvdCveUrl cve : update.values()) {
if (cve.getNeedsUpdate()) {
count += 1;
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO,
"Updating NVD CVE ({0} of {1})", new Object[]{count, maxUpdates});
URL url = new URL(cve.getUrl());
File outputPath = null;
File outputPath12 = null;
try {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO,
"Downloading {0}", cve.getUrl());
outputPath = File.createTempFile("cve" + cve.getId() + "_", ".xml");
@@ -118,11 +119,11 @@ public class DatabaseUpdater implements CachedWebDataSource {
outputPath12 = File.createTempFile("cve_1_2_" + cve.getId() + "_", ".xml");
Downloader.fetchFile(url, outputPath12, false);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO,
"Processing {0}", cve.getUrl());
importXML(outputPath, outputPath12);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING,
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO,
"Completed updated {0} of {1}", new Object[]{count, maxUpdates});
} catch (FileNotFoundException ex) {
throw new UpdateException(ex);
@@ -136,16 +137,29 @@ public class DatabaseUpdater implements CachedWebDataSource {
throw new UpdateException(ex);
} catch (DatabaseException ex) {
throw new UpdateException(ex);
} catch (ClassNotFoundException ex) {
throw new UpdateException(ex);
} finally {
boolean deleted = false;
try {
if (outputPath != null && outputPath.exists()) {
outputPath.delete();
deleted = outputPath.delete();
}
} finally {
if (outputPath != null && outputPath.exists()) {
if (outputPath != null && (outputPath.exists() || !deleted)) {
outputPath.deleteOnExit();
}
}
try {
deleted = false;
if (outputPath12 != null && outputPath12.exists()) {
deleted = outputPath12.delete();
}
} finally {
if (outputPath12 != null && (outputPath12.exists() || !deleted)) {
outputPath12.deleteOnExit();
}
}
}
}
}
@@ -164,9 +178,15 @@ public class DatabaseUpdater implements CachedWebDataSource {
*
* @param file the file containing the NVD CVE XML
* @param oldVersion contains the file containing the NVD CVE XML 1.2
* @throws ParserConfigurationException is thrown if there is a parser configuration exception
* @throws SAXException is thrown if there is a SAXException
* @throws IOException is thrown if there is a ioexception
* @throws SQLException is thrown if there is a sql exception
* @throws DatabaseException is thrown if there is a database exception
* @throws ClassNotFoundException thrown if the h2 database driver cannot be loaded
*/
private void importXML(File file, File oldVersion)
throws ParserConfigurationException, SAXException, IOException, SQLException, DatabaseException {
throws ParserConfigurationException, SAXException, IOException, SQLException, DatabaseException, ClassNotFoundException {
CveDB cveDB = null;
Index cpeIndex = null;
@@ -177,12 +197,12 @@ public class DatabaseUpdater implements CachedWebDataSource {
cpeIndex = new Index();
cpeIndex.openIndexWriter();
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser saxParser = factory.newSAXParser();
final SAXParserFactory factory = SAXParserFactory.newInstance();
final SAXParser saxParser = factory.newSAXParser();
NvdCve12Handler cve12Handler = new NvdCve12Handler();
saxParser.parse(oldVersion, cve12Handler);
Map<String, List<VulnerableSoftware>> prevVersionVulnMap = cve12Handler.getVulnerabilities();
final Map<String, List<VulnerableSoftware>> prevVersionVulnMap = cve12Handler.getVulnerabilities();
cve12Handler = null;
NvdCve20Handler cve20Handler = new NvdCve20Handler();
@@ -204,24 +224,23 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
//<editor-fold defaultstate="collapsed" desc="Code to read/write properties files regarding the last update dates">
/**
* Writes a properties file containing the last updated date to the
* VULNERABLE_CPE directory.
*
* @param timeStamp the timestamp to write.
* @param updated a map of the updated nvdcve
* @throws UpdateException is thrown if there is an update exception
*/
private void writeLastUpdatedPropertyFile(Map<String, NvdCveUrl> updated) throws UpdateException {
String dir;
try {
dir = CveDB.getDataDirectory().getCanonicalPath();
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, "Error updating the databases propterty file.", ex);
throw new UpdateException("Unable to locate last updated properties file.", ex);
}
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
Properties prop = new Properties();
final File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
final Properties prop = new Properties();
prop.put("version", DATABASE_VERSION);
for (NvdCveUrl cve : updated.values()) {
prop.put(LAST_UPDATED_BASE + cve.id, String.valueOf(cve.getTimestamp()));
@@ -234,17 +253,24 @@ public class DatabaseUpdater implements CachedWebDataSource {
out = new OutputStreamWriter(os, "UTF-8");
prop.store(out, dir);
} catch (FileNotFoundException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
throw new UpdateException("Unable to find last updated properties file.", ex);
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, null, ex);
throw new UpdateException("Unable to update last updated properties file.", ex);
} finally {
if (out != null) {
try {
out.close();
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, null, ex);
}
}
if (os != null) {
try {
os.close();
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, null, ex);
}
}
}
@@ -261,7 +287,8 @@ public class DatabaseUpdater implements CachedWebDataSource {
* data is incorrect.
* @throws DownloadFailedException is thrown if there is an error.
* downloading the nvd cve download data file.
* @throws UpdateException Is thrown if there is an issue with the last updated properties file.
* @throws UpdateException Is thrown if there is an issue with the last
* updated properties file.
*/
public Map<String, NvdCveUrl> updateNeeded() throws MalformedURLException, DownloadFailedException, UpdateException {
@@ -269,11 +296,12 @@ public class DatabaseUpdater implements CachedWebDataSource {
try {
currentlyPublished = retrieveCurrentTimestampsFromWeb();
} catch (InvalidDataException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
throw new DownloadFailedException("Unable to retrieve valid timestamp from nvd cve downloads page", ex);
final String msg = "Unable to retrieve valid timestamp from nvd cve downloads page";
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, msg, ex);
throw new DownloadFailedException(msg, ex);
} catch (InvalidSettingException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, "Invalid setting found when retrieving timestamps", ex);
throw new DownloadFailedException("Invalid settings", ex);
}
@@ -284,29 +312,29 @@ public class DatabaseUpdater implements CachedWebDataSource {
try {
dir = CveDB.getDataDirectory().getCanonicalPath();
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINE, "CveDB data directory doesn't exist?", ex);
throw new UpdateException("Unable to locate last updated properties file.", ex);
}
File f = new File(dir);
final File f = new File(dir);
if (f.exists()) {
File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
final File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE);
if (cveProp.exists()) {
Properties prop = new Properties();
final Properties prop = new Properties();
InputStream is = null;
try {
is = new FileInputStream(cveProp);
prop.load(is);
boolean deleteAndRecreate = false;
float version = 0;
float version;
if (prop.getProperty("version") == null) {
deleteAndRecreate = true;
} else {
try {
version = Float.parseFloat(prop.getProperty("version"));
float currentVersion = Float.parseFloat(DATABASE_VERSION);
final float currentVersion = Float.parseFloat(DATABASE_VERSION);
if (currentVersion > version) {
deleteAndRecreate = true;
}
@@ -315,22 +343,22 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
}
if (deleteAndRecreate) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.WARNING, "Index version is old. Rebuilding the index.");
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.INFO, "The database version is old. Rebuilding the database.");
is.close();
//this is an old version of the lucene index - just delete it
FileUtils.delete(f);
//this importer also updates the CPE index and it is also using an old version
org.codesecure.dependencycheck.data.cpe.Index cpeidx = new org.codesecure.dependencycheck.data.cpe.Index();
File cpeDir = cpeidx.getDataDirectory();
final Index cpeId = new Index();
final File cpeDir = cpeId.getDataDirectory();
FileUtils.delete(cpeDir);
return currentlyPublished;
}
long lastUpdated = Long.parseLong(prop.getProperty(LAST_UPDATED_MODIFIED));
Date now = new Date();
int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS);
int maxEntries = Settings.getInt(Settings.KEYS.CVE_URL_COUNT);
final long lastUpdated = Long.parseLong(prop.getProperty(LAST_UPDATED_MODIFIED));
final Date now = new Date();
final int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS);
final int maxEntries = Settings.getInt(Settings.KEYS.CVE_URL_COUNT);
if (lastUpdated == currentlyPublished.get("modified").timestamp) {
currentlyPublished.clear(); //we don't need to update anything.
} else if (withinRange(lastUpdated, now.getTime(), days)) {
@@ -341,13 +369,13 @@ public class DatabaseUpdater implements CachedWebDataSource {
} else { //we figure out which of the several XML files need to be downloaded.
currentlyPublished.get("modified").setNeedsUpdate(false);
for (int i = 1; i <= maxEntries; i++) {
NvdCveUrl cve = currentlyPublished.get(String.valueOf(i));
final NvdCveUrl cve = currentlyPublished.get(String.valueOf(i));
long currentTimestamp = 0;
try {
currentTimestamp = Long.parseLong(prop.getProperty(LAST_UPDATED_BASE + String.valueOf(i), "0"));
} catch (NumberFormatException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, "Error parsing " + LAST_UPDATED_BASE
+ String.valueOf(i) + " from nvdcve.lastupdated", ex);
final String msg = String.format("Error parsing '%s' '%s' from nvdcve.lastupdated", LAST_UPDATED_BASE, String.valueOf(i));
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, msg, ex);
}
if (currentTimestamp == cve.getTimestamp()) {
cve.setNeedsUpdate(false); //they default to true.
@@ -365,7 +393,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
try {
is.close();
} catch (IOException ex) {
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(DatabaseUpdater.class.getName()).log(Level.FINEST, null, ex);
}
}
}
@@ -386,7 +414,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
* @return whether or not the date is within the range.
*/
private boolean withinRange(long date, long compareTo, int range) {
double differenceInDays = (compareTo - date) / 1000.0 / 60.0 / 60.0 / 24.0;
final double differenceInDays = (compareTo - date) / 1000.0 / 60.0 / 60.0 / 24.0;
return differenceInDays < range;
}
@@ -394,18 +422,18 @@ public class DatabaseUpdater implements CachedWebDataSource {
* Retrieves the timestamps from the NVD CVE meta data file.
*
* @return the timestamp from the currently published nvdcve downloads page
* @throws MalformedURLException thrown if the URL for the NVD CCE Meta
* data is incorrect.
* @throws DownloadFailedException thrown if there is an error
* downloading the nvd cve meta data file
* @throws InvalidDataException thrown if there is an exception parsing
* the timestamps
* @throws MalformedURLException thrown if the URL for the NVD CCE Meta data
* is incorrect.
* @throws DownloadFailedException thrown if there is an error downloading
* the nvd cve meta data file
* @throws InvalidDataException thrown if there is an exception parsing the
* timestamps
* @throws InvalidSettingException thrown if the settings are invalid
*/
protected Map<String, NvdCveUrl> retrieveCurrentTimestampsFromWeb()
throws MalformedURLException, DownloadFailedException, InvalidDataException, InvalidSettingException {
Map<String, NvdCveUrl> map = new HashMap<String, NvdCveUrl>();
final Map<String, NvdCveUrl> map = new HashMap<String, NvdCveUrl>();
String retrieveUrl = Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL);
NvdCveUrl item = new NvdCveUrl();
@@ -417,7 +445,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
item.timestamp = Downloader.getLastModified(new URL(retrieveUrl));
map.put("modified", item);
int max = Settings.getInt(Settings.KEYS.CVE_URL_COUNT);
final int max = Settings.getInt(Settings.KEYS.CVE_URL_COUNT);
for (int i = 1; i <= max; i++) {
retrieveUrl = Settings.getString(Settings.KEYS.CVE_BASE_URL + Settings.KEYS.CVE_SCHEMA_2_0 + i);
item = new NvdCveUrl();
@@ -442,7 +470,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
private String id;
/**
* Get the value of id
* Get the value of id.
*
* @return the value of id
*/
@@ -451,7 +479,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
/**
* Set the value of id
* Set the value of id.
*
* @param id new value of id
*/
@@ -464,7 +492,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
private String url;
/**
* Get the value of url
* Get the value of url.
*
* @return the value of url
*/
@@ -473,7 +501,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
/**
* Set the value of url
* Set the value of url.
*
* @param url new value of url
*/
@@ -481,12 +509,12 @@ public class DatabaseUpdater implements CachedWebDataSource {
this.url = url;
}
/**
* The 1.2 schema URL
* The 1.2 schema URL.
*/
protected String oldSchemaVersionUrl;
private String oldSchemaVersionUrl;
/**
* Get the value of oldSchemaVersionUrl
* Get the value of oldSchemaVersionUrl.
*
* @return the value of oldSchemaVersionUrl
*/
@@ -495,22 +523,20 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
/**
* Set the value of oldSchemaVersionUrl
* Set the value of oldSchemaVersionUrl.
*
* @param oldSchemaVersionUrl new value of oldSchemaVersionUrl
*/
public void setOldSchemaVersionUrl(String oldSchemaVersionUrl) {
this.oldSchemaVersionUrl = oldSchemaVersionUrl;
}
/**
* a timestamp - epoch time.
*/
private long timestamp;
/**
* Get the value of timestamp - epoch time
* Get the value of timestamp - epoch time.
*
* @return the value of timestamp - epoch time
*/
@@ -519,7 +545,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
/**
* Set the value of timestamp - epoch time
* Set the value of timestamp - epoch time.
*
* @param timestamp new value of timestamp - epoch time
*/
@@ -532,7 +558,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
private boolean needsUpdate = true;
/**
* Get the value of needsUpdate
* Get the value of needsUpdate.
*
* @return the value of needsUpdate
*/
@@ -541,7 +567,7 @@ public class DatabaseUpdater implements CachedWebDataSource {
}
/**
* Set the value of needsUpdate
* Set the value of needsUpdate.
*
* @param needsUpdate new value of needsUpdate
*/

21
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/InvalidDataException.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/InvalidDataException.java
View File

@@ -1,34 +1,37 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
package org.owasp.dependencycheck.data.nvdcve.xml;
/**
* An InvalidataDataException is a generic exception used when trying to load
* An InvalidDataDataException is a generic exception used when trying to load
* the nvd cve meta data.
*
* @author Jeremy
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class InvalidDataException extends Exception {
/**
* the serial version uid.
*/
private static final long serialVersionUID = 1L;
/**
* Creates an InvalidDataException
* Creates an InvalidDataException.
*
* @param msg the exception message
*/
@@ -37,7 +40,7 @@ public class InvalidDataException extends Exception {
}
/**
* Creates an InvalidDataException
* Creates an InvalidDataException.
*
* @param msg the exception message
* @param ex the cause of the exception

98
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve12Handler.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve12Handler.java
View File

@@ -1,28 +1,28 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
package org.owasp.dependencycheck.data.nvdcve.xml;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotSupportedException;
@@ -34,22 +34,49 @@ import org.xml.sax.helpers.DefaultHandler;
* specified. The previous version information is not in the 2.0 version of the
* schema and is useful to ensure accurate identification (or at least complete).
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class NvdCve12Handler extends DefaultHandler {
/**
* the supported schema version.
*/
private static final String CURRENT_SCHEMA_VERSION = "1.2";
private String vulnerability = null;
private List<VulnerableSoftware> software = null;
private String vendor = null;
private String product = null;
/**
* the current vulnerability.
*/
private String vulnerability;
/**
* a list of vulnerable software.
*/
private List<VulnerableSoftware> software;
/**
* the vendor name.
*/
private String vendor;
/**
* the product name.
*/
private String product;
/**
* if the nvd cve should be skipped because it was rejected.
*/
private boolean skip = false;
/**
* flag indicating if there is a previous version.
*/
private boolean hasPreviousVersion = false;
private Element current = new Element();
private Map<String, List<VulnerableSoftware>> vulnerabilities = null;
/**
* The current element.
*/
private final Element current = new Element();
/**
* a map of vulnerabilities.
*/
private Map<String, List<VulnerableSoftware>> vulnerabilities;
/**
* Get the value of vulnerabilities
* Get the value of vulnerabilities.
*
* @return the value of vulnerabilities
*/
@@ -64,8 +91,8 @@ public class NvdCve12Handler extends DefaultHandler {
vendor = null;
product = null;
hasPreviousVersion = false;
String reject = attributes.getValue("reject");
skip = (reject != null && reject.equals("1"));
final String reject = attributes.getValue("reject");
skip = "1".equals(reject);
if (!skip) {
vulnerability = attributes.getValue("name");
software = new ArrayList<VulnerableSoftware>();
@@ -78,11 +105,11 @@ public class NvdCve12Handler extends DefaultHandler {
vendor = attributes.getValue("vendor");
product = attributes.getValue("name");
} else if (!skip && current.isVersNode()) {
String prev = attributes.getValue("prev");
final String prev = attributes.getValue("prev");
if (prev != null && "1".equals(prev)) {
hasPreviousVersion = true;
String edition = attributes.getValue("edition");
String num = attributes.getValue("num");
final String edition = attributes.getValue("edition");
final String num = attributes.getValue("num");
/*yes yes, this may not actually be an "a" - it could be an OS, etc. but for our
purposes this is good enough as we won't use this if we don't find a corresponding "a"
@@ -94,13 +121,13 @@ public class NvdCve12Handler extends DefaultHandler {
if (edition != null) {
cpe += ":" + edition;
}
VulnerableSoftware vs = new VulnerableSoftware();
final VulnerableSoftware vs = new VulnerableSoftware();
vs.setCpe(cpe);
vs.setPreviousVersion(prev);
software.add(vs);
}
} else if (current.isNVDNode()) {
String nvdVer = attributes.getValue("nvd_xml_version");
final String nvdVer = attributes.getValue("nvd_xml_version");
if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
}
@@ -128,29 +155,32 @@ public class NvdCve12Handler extends DefaultHandler {
protected static class Element {
/**
* A node type in the NVD CVE Schema 1.2
* A node type in the NVD CVE Schema 1.2.
*/
public static final String NVD = "nvd";
/**
* A node type in the NVD CVE Schema 1.2
* A node type in the NVD CVE Schema 1.2.
*/
public static final String ENTRY = "entry";
/**
* A node type in the NVD CVE Schema 1.2
* A node type in the NVD CVE Schema 1.2.
*/
public static final String VULN_SOFTWARE = "vuln_soft";
/**
* A node type in the NVD CVE Schema 1.2
* A node type in the NVD CVE Schema 1.2.
*/
public static final String PROD = "prod";
/**
* A node type in the NVD CVE Schema 1.2
* A node type in the NVD CVE Schema 1.2.
*/
public static final String VERS = "vers";
private String node = null;
/**
* The name of the current node.
*/
private String node;
/**
* Gets the value of node
* Gets the value of node.
*
* @return the value of node
*/
@@ -159,7 +189,7 @@ public class NvdCve12Handler extends DefaultHandler {
}
/**
* Sets the value of node
* Sets the value of node.
*
* @param node new value of node
*/
@@ -168,7 +198,7 @@ public class NvdCve12Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the NVD node
* Checks if the handler is at the NVD node.
*
* @return true or false
*/
@@ -177,7 +207,7 @@ public class NvdCve12Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the ENTRY node
* Checks if the handler is at the ENTRY node.
*
* @return true or false
*/
@@ -186,7 +216,7 @@ public class NvdCve12Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the VULN_SOFTWARE node
* Checks if the handler is at the VULN_SOFTWARE node.
*
* @return true or false
*/
@@ -195,7 +225,7 @@ public class NvdCve12Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the PROD node
* Checks if the handler is at the PROD node.
*
* @return true or false
*/
@@ -204,7 +234,7 @@ public class NvdCve12Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the VERS node
* Checks if the handler is at the VERS node.
*
* @return true or false
*/

165
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/NvdCve20Handler.java
View File

@@ -1,22 +1,22 @@
/*
* This file is part of DependencyCheck.
* This file is part of Dependency-Check.
*
* DependencyCheck is free software: you can redistribute it and/or modify it
* Dependency-Check is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation, either version 3 of the License, or (at your option) any
* later version.
*
* DependencyCheck is distributed in the hope that it will be useful, but
* Dependency-Check is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* DependencyCheck. If not, see http://www.gnu.org/licenses/.
* Dependency-Check. If not, see http://www.gnu.org/licenses/.
*
* Copyright (c) 2012 Jeremy Long. All Rights Reserved.
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
package org.owasp.dependencycheck.data.nvdcve.xml;
import java.io.IOException;
import java.util.List;
@@ -24,12 +24,12 @@ import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.lucene.index.CorruptIndexException;
import org.codesecure.dependencycheck.data.cpe.Index;
import org.codesecure.dependencycheck.data.nvdcve.CveDB;
import org.codesecure.dependencycheck.data.nvdcve.DatabaseException;
import org.codesecure.dependencycheck.dependency.Reference;
import org.codesecure.dependencycheck.dependency.Vulnerability;
import org.codesecure.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.data.cpe.Index;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotSupportedException;
@@ -38,16 +38,62 @@ import org.xml.sax.helpers.DefaultHandler;
/**
* A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
*
* @author Jeremy Long (jeremy.long@gmail.com)
* @author Jeremy Long (jeremy.long@owasp.org)
*/
public class NvdCve20Handler extends DefaultHandler {
/**
* the current supported schema version.
*/
private static final String CURRENT_SCHEMA_VERSION = "2.0";
private Element current = new Element();
StringBuilder nodeText = null;
Vulnerability vulnerability = null;
Reference reference = null;
boolean hasApplicationCpe = false;
/**
* the current element.
*/
private final Element current = new Element();
/**
* the text of the node.
*/
private StringBuilder nodeText;
/**
* the vulnerability.
*/
private Vulnerability vulnerability;
/**
* a reference for the cve.
*/
private Reference reference;
/**
* flag indicating whether the application has a cpe.
*/
private boolean hasApplicationCpe = false;
/**
* The total number of entries parsed.
*/
private int totalNumberOfEntries;
/**
* Get the value of totalNumberOfEntries.
*
* @return the value of totalNumberOfEntries
*/
public int getTotalNumberOfEntries() {
return totalNumberOfEntries;
}
/**
* The total number of application entries parsed.
*/
private int totalNumberOfApplicationEntries;
/**
* Get the value of totalNumberOfApplicationEntries.
*
* @return the value of totalNumberOfApplicationEntries
*/
public int getTotalNumberOfApplicationEntries() {
return totalNumberOfApplicationEntries;
}
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException {
@@ -59,7 +105,7 @@ public class NvdCve20Handler extends DefaultHandler {
} else if (current.isVulnProductNode()) {
nodeText = new StringBuilder(100);
} else if (current.isVulnReferencesNode()) {
String lang = attributes.getValue("xml:lang");
final String lang = attributes.getValue("xml:lang");
if ("en".equals(lang)) {
reference = new Reference();
} else {
@@ -73,7 +119,7 @@ public class NvdCve20Handler extends DefaultHandler {
} else if (current.isVulnSummaryNode()) {
nodeText = new StringBuilder(500);
} else if (current.isNVDNode()) {
String nvdVer = attributes.getValue("nvd_xml_version");
final String nvdVer = attributes.getValue("nvd_xml_version");
if (!CURRENT_SCHEMA_VERSION.equals(nvdVer)) {
throw new SAXNotSupportedException("Schema version " + nvdVer + " is not supported");
}
@@ -107,7 +153,9 @@ public class NvdCve20Handler extends DefaultHandler {
public void endElement(String uri, String localName, String qName) throws SAXException {
current.setNode(qName);
if (current.isEntryNode()) {
totalNumberOfEntries += 1;
if (hasApplicationCpe) {
totalNumberOfApplicationEntries += 1;
try {
saveEntry(vulnerability);
} catch (DatabaseException ex) {
@@ -121,10 +169,11 @@ public class NvdCve20Handler extends DefaultHandler {
vulnerability = null;
} else if (current.isCVSSScoreNode()) {
try {
float score = Float.parseFloat(nodeText.toString());
final float score = Float.parseFloat(nodeText.toString());
vulnerability.setCvssScore(score);
} catch (NumberFormatException ex) {
Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, null, ex);
Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.SEVERE, "Error parsing CVSS Score.");
Logger.getLogger(NvdCve20Handler.class.getName()).log(Level.FINE, null, ex);
}
nodeText = null;
} else if (current.isCVSSAccessVectorNode()) {
@@ -146,7 +195,7 @@ public class NvdCve20Handler extends DefaultHandler {
vulnerability.setCvssIntegrityImpact(nodeText.toString());
nodeText = null;
} else if (current.isVulnProductNode()) {
String cpe = nodeText.toString();
final String cpe = nodeText.toString();
if (cpe.startsWith("cpe:/a:")) {
hasApplicationCpe = true;
vulnerability.addVulnerableSoftware(cpe);
@@ -166,10 +215,14 @@ public class NvdCve20Handler extends DefaultHandler {
nodeText = null;
}
}
private CveDB cveDB = null;
/**
* the cve database.
*/
private CveDB cveDB;
/**
* Sets the cveDB
* Sets the cveDB.
*
* @param db a reference to the CveDB
*/
public void setCveDB(CveDB db) {
@@ -179,7 +232,7 @@ public class NvdCve20Handler extends DefaultHandler {
* A list of CVE entries and associated VulnerableSoftware entries that contain
* previous entries.
*/
private Map<String, List<VulnerableSoftware>> prevVersionVulnMap = null;
private Map<String, List<VulnerableSoftware>> prevVersionVulnMap;
/**
* Sets the prevVersionVulnMap.
@@ -191,7 +244,7 @@ public class NvdCve20Handler extends DefaultHandler {
/**
* Saves a vulnerability to the CVE Database. This is a callback method
* called by the Sax Parser Handler {@link org.codesecure.dependencycheck.data.nvdcve.xml.NvdCve20Handler}.
* called by the Sax Parser Handler {@link org.owasp.dependencycheck.data.nvdcve.xml.NvdCve20Handler}.
*
* @param vuln the vulnerability to store in the database
* @throws DatabaseException thrown if there is an error writing to the database
@@ -202,9 +255,9 @@ public class NvdCve20Handler extends DefaultHandler {
if (cveDB == null) {
return;
}
String cveName = vuln.getName();
final String cveName = vuln.getName();
if (prevVersionVulnMap.containsKey(cveName)) {
List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
for (VulnerableSoftware vs : vulnSoftware) {
vuln.updateVulnerableSoftware(vs);
}
@@ -216,10 +269,14 @@ public class NvdCve20Handler extends DefaultHandler {
}
cveDB.updateVulnerability(vuln);
}
private Index cpeIndex = null;
/**
* the cpe index.
*/
private Index cpeIndex;
/**
* Sets the cpe index
* Sets the cpe index.
*
* @param index the CPE Lucene Index
*/
void setCpeIndex(Index index) {
@@ -248,7 +305,7 @@ public class NvdCve20Handler extends DefaultHandler {
/**
* A node type in the NVD CVE Schema 2.0
*/
public static final String VULN_REFERNCES = "vuln:references";
public static final String VULN_REFERENCES = "vuln:references";
/**
* A node type in the NVD CVE Schema 2.0
*/
@@ -256,12 +313,11 @@ public class NvdCve20Handler extends DefaultHandler {
/**
* A node type in the NVD CVE Schema 2.0
*/
public static final String VULN_REFERNCE = "vuln:reference";
public static final String VULN_REFERENCE = "vuln:reference";
/**
* A node type in the NVD CVE Schema 2.0
*/
public static final String VULN_SUMMARY = "vuln:summary";
/**
* A node type in the NVD CVE Schema 2.0
*/
@@ -295,10 +351,13 @@ public class NvdCve20Handler extends DefaultHandler {
*/
public static final String CVSS_AVAILABILITY_IMPACT = "cvss:availability-impact";
private String node = null;
/**
* The current node.
*/
private String node;
/**
* Gets the value of node
* Gets the value of node.
*
* @return the value of node
*/
@@ -307,7 +366,7 @@ public class NvdCve20Handler extends DefaultHandler {
}
/**
* Sets the value of node
* Sets the value of node.
*
* @param node new value of node
*/
@@ -316,7 +375,7 @@ public class NvdCve20Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the NVD node
* Checks if the handler is at the NVD node.
*
* @return true or false
*/
@@ -325,7 +384,7 @@ public class NvdCve20Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the ENTRY node
* Checks if the handler is at the ENTRY node.
*
* @return true or false
*/
@@ -334,7 +393,7 @@ public class NvdCve20Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the VULN_PRODUCT node
* Checks if the handler is at the VULN_PRODUCT node.
*
* @return true or false
*/
@@ -343,25 +402,25 @@ public class NvdCve20Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the REFERENCES node
* Checks if the handler is at the REFERENCES node.
*
* @return true or false
*/
public boolean isVulnReferencesNode() {
return VULN_REFERNCES.equals(node);
return VULN_REFERENCES.equals(node);
}
/**
* Checks if the handler is at the REFERENCE node
* Checks if the handler is at the REFERENCE node.
*
* @return true or false
*/
public boolean isVulnReferenceNode() {
return VULN_REFERNCE.equals(node);
return VULN_REFERENCE.equals(node);
}
/**
* Checks if the handler is at the VULN_SOURCE node
* Checks if the handler is at the VULN_SOURCE node.
*
* @return true or false
*/
@@ -370,7 +429,7 @@ public class NvdCve20Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the VULN_SUMMARY node
* Checks if the handler is at the VULN_SUMMARY node.
*
* @return true or false
*/
@@ -379,7 +438,7 @@ public class NvdCve20Handler extends DefaultHandler {
}
/**
* Checks if the handler is at the VULN_CWE node
* Checks if the handler is at the VULN_CWE node.
*
* @return true or false
*/
@@ -387,7 +446,7 @@ public class NvdCve20Handler extends DefaultHandler {
return VULN_CWE.equals(node);
}
/**
* Checks if the handler is at the CVSS_SCORE node
* Checks if the handler is at the CVSS_SCORE node.
*
* @return true or false
*/
@@ -395,7 +454,7 @@ public class NvdCve20Handler extends DefaultHandler {
return CVSS_SCORE.equals(node);
}
/**
* Checks if the handler is at the CVSS_ACCESS_VECTOR node
* Checks if the handler is at the CVSS_ACCESS_VECTOR node.
*
* @return true or false
*/
@@ -403,7 +462,7 @@ public class NvdCve20Handler extends DefaultHandler {
return CVSS_ACCESS_VECTOR.equals(node);
}
/**
* Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node
* Checks if the handler is at the CVSS_ACCESS_COMPLEXITY node.
*
* @return true or false
*/
@@ -411,7 +470,7 @@ public class NvdCve20Handler extends DefaultHandler {
return CVSS_ACCESS_COMPLEXITY.equals(node);
}
/**
* Checks if the handler is at the CVSS_AUTHENTICATION node
* Checks if the handler is at the CVSS_AUTHENTICATION node.
*
* @return true or false
*/
@@ -419,7 +478,7 @@ public class NvdCve20Handler extends DefaultHandler {
return CVSS_AUTHENTICATION.equals(node);
}
/**
* Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node
* Checks if the handler is at the CVSS_CONFIDENTIALITY_IMPACT node.
*
* @return true or false
*/
@@ -427,7 +486,7 @@ public class NvdCve20Handler extends DefaultHandler {
return CVSS_CONFIDENTIALITY_IMPACT.equals(node);
}
/**
* Checks if the handler is at the CVSS_INTEGRITY_IMPACT node
* Checks if the handler is at the CVSS_INTEGRITY_IMPACT node.
*
* @return true or false
*/
@@ -435,7 +494,7 @@ public class NvdCve20Handler extends DefaultHandler {
return CVSS_INTEGRITY_IMPACT.equals(node);
}
/**
* Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node
* Checks if the handler is at the CVSS_AVAILABILITY_IMPACT node.
*
* @return true or false
*/

4
src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/package-info.java → src/main/java/org/owasp/dependencycheck/data/nvdcve/xml/package-info.java
View File

@@ -1,7 +1,7 @@
/**
* <html>
* <head>
* <title>org.codesecure.dependencycheck.data.nvdcve.xml</title>
* <title>org.owasp.dependencycheck.data.nvdcve.xml</title>
* </head>
* <body>
* <p>Contains classes used to parse the NVD CVE XML file.</p>
@@ -15,4 +15,4 @@
* </html>
*/
package org.codesecure.dependencycheck.data.nvdcve.xml;
package org.owasp.dependencycheck.data.nvdcve.xml;

Some files were not shown because too many files have changed in this diff Show More