mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 15:53:36 +01:00
Compare commits
11 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
c9077a151d | ||
|
|
7e650e05b2 | ||
|
|
8e6b8a092b | ||
|
|
bd6aa7c61b | ||
|
|
300a3211ba | ||
|
|
d4084cfe85 | ||
|
|
7027109272 | ||
|
|
f37f8a7025 | ||
|
|
4758bea71b | ||
|
|
dcbe626d55 | ||
|
|
1d8dddbfbf |
23
pom.xml
23
pom.xml
@@ -22,7 +22,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses />.
|
||||
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check</artifactId>
|
||||
<version>0.3.1.0</version>
|
||||
<version>0.3.1.1</version>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<name>DependencyCheck</name>
|
||||
@@ -36,7 +36,7 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses />.
|
||||
<developers>
|
||||
<developer>
|
||||
<name>Jeremy Long</name>
|
||||
<email>jeremy.long@gmail.com</email>
|
||||
<email>jeremy.long@owasp.org</email>
|
||||
<organization>owasp</organization>
|
||||
<organizationUrl>https://www.owasp.org/index.php/OWASP_Dependency_Check</organizationUrl>
|
||||
<roles>
|
||||
@@ -331,6 +331,25 @@ along with DependencyCheck. If not, see <http://www.gnu.org/licenses />.
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
<artifactId>taglist-maven-plugin</artifactId>
|
||||
<version>2.4</version>
|
||||
<configuration>
|
||||
<tagListOptions>
|
||||
<tagClasses>
|
||||
<tagClass>
|
||||
<displayName>Todo Work</displayName>
|
||||
<tags>
|
||||
<tag>
|
||||
<matchString>todo</matchString>
|
||||
<matchType>ignoreCase</matchType>
|
||||
</tag>
|
||||
<tag>
|
||||
<matchString>FIXME</matchString>
|
||||
<matchType>exact</matchType>
|
||||
</tag>
|
||||
</tags>
|
||||
</tagClass>
|
||||
</tagClasses>
|
||||
</tagListOptions>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
|
||||
@@ -51,7 +51,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
/**
|
||||
* The command line interface for the DependencyCheck application.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class App {
|
||||
|
||||
@@ -90,6 +90,7 @@ public class App {
|
||||
in.close();
|
||||
} catch (Exception ex) {
|
||||
//ignore
|
||||
in = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -119,8 +120,8 @@ public class App {
|
||||
if (cli.isGetVersion()) {
|
||||
cli.printVersionInfo();
|
||||
} else if (cli.isRunScan()) {
|
||||
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(),
|
||||
cli.getScanFiles(), cli.isAutoUpdate(), cli.isDeepScan());
|
||||
updateSettings(cli.isAutoUpdate(), cli.isDeepScan(), cli.getConnectionTimeout(), cli.getProxyUrl(), cli.getProxyPort());
|
||||
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
|
||||
} else {
|
||||
cli.printHelp();
|
||||
}
|
||||
@@ -135,12 +136,9 @@ public class App {
|
||||
* @param outputFormat the output format of the report
|
||||
* @param applicationName the application name for the report
|
||||
* @param files the files/directories to scan
|
||||
* @param autoUpdate whether to auto-update the cached data from the Internet
|
||||
* @param deepScan whether to perform a deep scan of the evidence in the project dependencies
|
||||
*/
|
||||
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files, boolean autoUpdate, boolean deepScan) {
|
||||
final Engine scanner = new Engine(autoUpdate);
|
||||
Settings.setBoolean(Settings.KEYS.PERFORM_DEEP_SCAN, deepScan);
|
||||
private void runScan(String reportDirectory, String outputFormat, String applicationName, String[] files) {
|
||||
final Engine scanner = new Engine();
|
||||
|
||||
for (String file : files) {
|
||||
scanner.scan(file);
|
||||
@@ -158,4 +156,26 @@ public class App {
|
||||
Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates the global Settings.
|
||||
* @param autoUpdate whether or not to update cached web data sources
|
||||
* @param deepScan whether or not to perform a deep scan (increases false positives, but may reduce false negatives)
|
||||
* @param connectionTimeout the timeout to use when downloading resources (null or blank will use default)
|
||||
* @param proxyUrl the proxy url (null or blank means no proxy will be used)
|
||||
* @param proxyPort the proxy port (null or blank means no port will be used)
|
||||
*/
|
||||
private void updateSettings(boolean autoUpdate, boolean deepScan, String connectionTimeout, String proxyUrl, String proxyPort) {
|
||||
Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, autoUpdate);
|
||||
Settings.setBoolean(Settings.KEYS.PERFORM_DEEP_SCAN, deepScan);
|
||||
if (proxyUrl != null && !proxyUrl.isEmpty()) {
|
||||
Settings.setString(Settings.KEYS.PROXY_URL, proxyUrl);
|
||||
}
|
||||
if (proxyPort != null && !proxyPort.isEmpty()) {
|
||||
Settings.setString(Settings.KEYS.PROXY_PORT, proxyPort);
|
||||
}
|
||||
if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
|
||||
Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -36,6 +36,8 @@ import org.owasp.dependencycheck.data.UpdateException;
|
||||
import org.owasp.dependencycheck.data.UpdateService;
|
||||
import org.owasp.dependencycheck.dependency.Dependency;
|
||||
import org.owasp.dependencycheck.utils.FileUtils;
|
||||
import org.owasp.dependencycheck.utils.InvalidSettingException;
|
||||
import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
* Scans files, directories, etc. for Dependencies. Analyzers are loaded and
|
||||
@@ -43,7 +45,7 @@ import org.owasp.dependencycheck.utils.FileUtils;
|
||||
* Analyzer is associated with the file type then the file is turned into a
|
||||
* dependency.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class Engine {
|
||||
|
||||
@@ -65,7 +67,15 @@ public class Engine {
|
||||
* Creates a new Engine.
|
||||
*/
|
||||
public Engine() {
|
||||
doUpdates();
|
||||
boolean autoupdate = true;
|
||||
try {
|
||||
autoupdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
|
||||
} catch (InvalidSettingException ex) {
|
||||
Logger.getLogger(Engine.class.getName()).log(Level.WARNING, "Invalid setting for auto-update.");
|
||||
}
|
||||
if (autoupdate) {
|
||||
doUpdates();
|
||||
}
|
||||
loadAnalyzers();
|
||||
}
|
||||
|
||||
@@ -74,7 +84,10 @@ public class Engine {
|
||||
*
|
||||
* @param autoUpdate indicates whether or not data should be updated from
|
||||
* the Internet.
|
||||
* @deprecated this function should no longer be used; the autoupdate flag should be set using
|
||||
* <code>Settings.setBoolean(Settings.KEYS.AUTO_UPDATE, value);</code>
|
||||
*/
|
||||
@Deprecated
|
||||
public Engine(boolean autoUpdate) {
|
||||
if (autoUpdate) {
|
||||
doUpdates();
|
||||
|
||||
@@ -24,7 +24,7 @@ import java.util.Set;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public abstract class AbstractAnalyzer implements Analyzer {
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ package org.owasp.dependencycheck.analyzer;
|
||||
/**
|
||||
* An exception thrown when the analysis of a dependency fails.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class AnalysisException extends Exception {
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ package org.owasp.dependencycheck.analyzer;
|
||||
/**
|
||||
* An enumeration defining the phases of analysis.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public enum AnalysisPhase {
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ import org.owasp.dependencycheck.dependency.Dependency;
|
||||
* An analyzer will collect information about the dependency in the form of
|
||||
* Evidence.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public interface Analyzer {
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ import java.util.ServiceLoader;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class AnalyzerService {
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@ import org.owasp.dependencycheck.dependency.Dependency;
|
||||
* <p>Note, this grouping only works on dependencies with identified CVE
|
||||
* entries</p>
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DependencyBundlingAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
|
||||
|
||||
@@ -37,7 +37,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
* This analyzer attempts to remove some well known false positives -
|
||||
* specifically regarding the java runtime.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class FalsePositiveAnalyzer extends AbstractAnalyzer {
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ import org.owasp.dependencycheck.Engine;
|
||||
*
|
||||
* Takes a dependency and analyzes the filename and determines the hashes.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class FileNameAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ import org.owasp.dependencycheck.dependency.Evidence;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class HintAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
|
||||
|
||||
@@ -58,7 +58,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
* Used to load a JAR file and collect information that can be used to determine
|
||||
* the associated CPE.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
|
||||
@@ -381,7 +381,7 @@ public class JarAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
JarFile jar = null;
|
||||
try {
|
||||
jar = new JarFile(dependency.getActualFilePath());
|
||||
final java.util.Enumeration en = jar.entries();
|
||||
final Enumeration en = jar.entries();
|
||||
final HashMap<String, Integer> level0 = new HashMap<String, Integer>();
|
||||
final HashMap<String, Integer> level1 = new HashMap<String, Integer>();
|
||||
final HashMap<String, Integer> level2 = new HashMap<String, Integer>();
|
||||
|
||||
@@ -28,7 +28,7 @@ import java.util.regex.Pattern;
|
||||
* Used to load a JAR file and collect information that can be used to determine
|
||||
* the associated CPE.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class JavaScriptAnalyzer extends AbstractAnalyzer implements Analyzer {
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ import org.owasp.dependencycheck.dependency.Identifier;
|
||||
* spring-core is in the scanned dependencies then only the spring-core will have a reference
|
||||
* to the CPE values (if there are any for the version of spring being used).
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
* @deprecated This class has been deprecated as it has been replaced by the BundlingAnalyzer
|
||||
*/
|
||||
@Deprecated
|
||||
|
||||
@@ -22,7 +22,7 @@ package org.owasp.dependencycheck.data;
|
||||
* Defines an Index who's data is retrieved from the Internet. This data can be
|
||||
* downloaded and the index updated.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public interface CachedWebDataSource {
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ import java.io.IOException;
|
||||
/**
|
||||
* An exception used when an error occurs reading a setting.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class UpdateException extends IOException {
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ import java.util.ServiceLoader;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class UpdateService {
|
||||
|
||||
|
||||
@@ -43,7 +43,7 @@ import org.owasp.dependencycheck.analyzer.Analyzer;
|
||||
* to discern if there is an associated CPE. It uses the evidence contained
|
||||
* within the dependency to search the Lucene index.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class CPEAnalyzer implements Analyzer {
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ import org.apache.lucene.document.Document;
|
||||
/**
|
||||
* A CPE entry containing the name, vendor, product, and version.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class Entry implements Serializable {
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ package org.owasp.dependencycheck.data.cpe;
|
||||
* Fields is a collection of field names used within the Lucene index for CPE
|
||||
* entries.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public abstract class Fields {
|
||||
|
||||
|
||||
@@ -46,7 +46,7 @@ import org.owasp.dependencycheck.data.lucene.VersionAnalyzer;
|
||||
/**
|
||||
* The Index class is used to utilize and maintain the CPE Index.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class Index extends AbstractIndex {
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ import java.util.logging.Logger;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class CweDB {
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ import org.xml.sax.helpers.DefaultHandler;
|
||||
/**
|
||||
* A SAX Handler that will parse the CWE XML.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class CweHandler extends DefaultHandler {
|
||||
|
||||
|
||||
@@ -41,7 +41,7 @@ import org.apache.lucene.util.Version;
|
||||
* The base Index for other index objects. Implements the open and close
|
||||
* methods.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public abstract class AbstractIndex {
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ import org.apache.lucene.search.similarities.DefaultSimilarity;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DependencySimilarity extends DefaultSimilarity {
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ import org.apache.lucene.util.Version;
|
||||
* LowerCaseFilter, and StopFilter. The intended purpose of this Analyzer is
|
||||
* to index the CPE fields vendor and product.</p>
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class FieldAnalyzer extends Analyzer {
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ package org.owasp.dependencycheck.data.lucene;
|
||||
* <p>Lucene utils is a set of utilize written to make constructing Lucene
|
||||
* queries simpler.</p>
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class LuceneUtils {
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ import org.apache.lucene.util.Version;
|
||||
/**
|
||||
* A Lucene field analyzer used to analyzer queries against the CPE data.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class SearchFieldAnalyzer extends Analyzer {
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ import org.apache.lucene.util.Version;
|
||||
/**
|
||||
* SearchVersionAnalyzer is a Lucene Analyzer used to analyze version information.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class SearchVersionAnalyzer extends Analyzer {
|
||||
//TODO consider implementing payloads/custom attributes...
|
||||
|
||||
@@ -31,7 +31,7 @@ import org.apache.lucene.analysis.tokenattributes.PositionIncrementAttribute;
|
||||
* <p><b>Example:</b> "Spring Framework Core" -> "Spring SpringFramework
|
||||
* Framework FrameworkCore Core".</p>
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class TokenPairConcatenatingFilter extends TokenFilter {
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ import org.apache.lucene.util.Version;
|
||||
/**
|
||||
* VersionAnalyzer is a Lucene Analyzer used to analyze version information.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class VersionAnalyzer extends Analyzer {
|
||||
//TODO consider implementing payloads/custom attributes...
|
||||
|
||||
@@ -30,7 +30,7 @@ import org.apache.lucene.analysis.tokenattributes.CharTermAttribute;
|
||||
* <p><b>Example:</b> "3.0.0.RELEASE" -> "3 3.0 3.0.0 RELEASE
|
||||
* 3.0.0.RELEASE".</p>
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class VersionTokenizingFilter extends TokenFilter {
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ package org.owasp.dependencycheck.data.nvdcve;
|
||||
* An exception used to indicate the db4o database is corrupt.
|
||||
* This could be due to invalid data or a complete failure of the db.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
class CorruptDatabaseException extends DatabaseException {
|
||||
|
||||
|
||||
@@ -42,7 +42,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
/**
|
||||
* The database holding information about the NVD CVE data.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class CveDB {
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ package org.owasp.dependencycheck.data.nvdcve;
|
||||
/**
|
||||
* An exception thrown if an operation against the database fails.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DatabaseException extends Exception {
|
||||
/**
|
||||
|
||||
@@ -34,7 +34,7 @@ import org.owasp.dependencycheck.analyzer.Analyzer;
|
||||
* attempts to discern if there is an associated CVEs. It uses the the
|
||||
* identifiers found by other analyzers to lookup the CVE data.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class NvdCveAnalyzer implements Analyzer {
|
||||
|
||||
|
||||
@@ -54,7 +54,7 @@ import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DatabaseUpdater implements CachedWebDataSource {
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ package org.owasp.dependencycheck.data.nvdcve.xml;
|
||||
* An InvalidDataDataException is a generic exception used when trying to load
|
||||
* the nvd cve meta data.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class InvalidDataException extends Exception {
|
||||
/**
|
||||
|
||||
@@ -34,7 +34,7 @@ import org.xml.sax.helpers.DefaultHandler;
|
||||
* specified. The previous version information is not in the 2.0 version of the
|
||||
* schema and is useful to ensure accurate identification (or at least complete).
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class NvdCve12Handler extends DefaultHandler {
|
||||
|
||||
|
||||
@@ -38,7 +38,7 @@ import org.xml.sax.helpers.DefaultHandler;
|
||||
/**
|
||||
* A SAX Handler that will parse the NVD CVE XML (schema version 2.0).
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class NvdCve20Handler extends DefaultHandler {
|
||||
|
||||
|
||||
@@ -37,7 +37,7 @@ import org.owasp.dependencycheck.utils.FileUtils;
|
||||
* the form of evidence. The Evidence is then used to determine if there are any
|
||||
* known, published, vulnerabilities associated with the program dependency.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class Dependency implements Comparable<Dependency> {
|
||||
|
||||
@@ -482,4 +482,93 @@ public class Dependency implements Comparable<Dependency> {
|
||||
public int compareTo(Dependency o) {
|
||||
return this.getFileName().compareToIgnoreCase(o.getFileName());
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of the equals method.
|
||||
* @param obj the object to compare
|
||||
* @return true if the objects are equal, otherwise false
|
||||
*/
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
if (obj == null) {
|
||||
return false;
|
||||
}
|
||||
if (getClass() != obj.getClass()) {
|
||||
return false;
|
||||
}
|
||||
final Dependency other = (Dependency) obj;
|
||||
if ((this.actualFilePath == null) ? (other.actualFilePath != null) : !this.actualFilePath.equals(other.actualFilePath)) {
|
||||
return false;
|
||||
}
|
||||
if ((this.filePath == null) ? (other.filePath != null) : !this.filePath.equals(other.filePath)) {
|
||||
return false;
|
||||
}
|
||||
if ((this.fileName == null) ? (other.fileName != null) : !this.fileName.equals(other.fileName)) {
|
||||
return false;
|
||||
}
|
||||
if ((this.fileExtension == null) ? (other.fileExtension != null) : !this.fileExtension.equals(other.fileExtension)) {
|
||||
return false;
|
||||
}
|
||||
if ((this.md5sum == null) ? (other.md5sum != null) : !this.md5sum.equals(other.md5sum)) {
|
||||
return false;
|
||||
}
|
||||
if ((this.sha1sum == null) ? (other.sha1sum != null) : !this.sha1sum.equals(other.sha1sum)) {
|
||||
return false;
|
||||
}
|
||||
if (this.identifiers != other.identifiers && (this.identifiers == null || !this.identifiers.equals(other.identifiers))) {
|
||||
return false;
|
||||
}
|
||||
if (this.vendorEvidence != other.vendorEvidence && (this.vendorEvidence == null || !this.vendorEvidence.equals(other.vendorEvidence))) {
|
||||
return false;
|
||||
}
|
||||
if (this.productEvidence != other.productEvidence && (this.productEvidence == null || !this.productEvidence.equals(other.productEvidence))) {
|
||||
return false;
|
||||
}
|
||||
if (this.versionEvidence != other.versionEvidence && (this.versionEvidence == null || !this.versionEvidence.equals(other.versionEvidence))) {
|
||||
return false;
|
||||
}
|
||||
if (this.analysisExceptions != other.analysisExceptions
|
||||
&& (this.analysisExceptions == null || !this.analysisExceptions.equals(other.analysisExceptions))) {
|
||||
return false;
|
||||
}
|
||||
if ((this.description == null) ? (other.description != null) : !this.description.equals(other.description)) {
|
||||
return false;
|
||||
}
|
||||
if ((this.license == null) ? (other.license != null) : !this.license.equals(other.license)) {
|
||||
return false;
|
||||
}
|
||||
if (this.vulnerabilities != other.vulnerabilities && (this.vulnerabilities == null || !this.vulnerabilities.equals(other.vulnerabilities))) {
|
||||
return false;
|
||||
}
|
||||
if (this.relatedDependencies != other.relatedDependencies
|
||||
&& (this.relatedDependencies == null || !this.relatedDependencies.equals(other.relatedDependencies))) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generates the HashCode.
|
||||
* @return the HashCode
|
||||
*/
|
||||
@Override
|
||||
public int hashCode() {
|
||||
int hash = 3;
|
||||
hash = 47 * hash + (this.actualFilePath != null ? this.actualFilePath.hashCode() : 0);
|
||||
hash = 47 * hash + (this.filePath != null ? this.filePath.hashCode() : 0);
|
||||
hash = 47 * hash + (this.fileName != null ? this.fileName.hashCode() : 0);
|
||||
hash = 47 * hash + (this.fileExtension != null ? this.fileExtension.hashCode() : 0);
|
||||
hash = 47 * hash + (this.md5sum != null ? this.md5sum.hashCode() : 0);
|
||||
hash = 47 * hash + (this.sha1sum != null ? this.sha1sum.hashCode() : 0);
|
||||
hash = 47 * hash + (this.identifiers != null ? this.identifiers.hashCode() : 0);
|
||||
hash = 47 * hash + (this.vendorEvidence != null ? this.vendorEvidence.hashCode() : 0);
|
||||
hash = 47 * hash + (this.productEvidence != null ? this.productEvidence.hashCode() : 0);
|
||||
hash = 47 * hash + (this.versionEvidence != null ? this.versionEvidence.hashCode() : 0);
|
||||
hash = 47 * hash + (this.analysisExceptions != null ? this.analysisExceptions.hashCode() : 0);
|
||||
hash = 47 * hash + (this.description != null ? this.description.hashCode() : 0);
|
||||
hash = 47 * hash + (this.license != null ? this.license.hashCode() : 0);
|
||||
hash = 47 * hash + (this.vulnerabilities != null ? this.vulnerabilities.hashCode() : 0);
|
||||
hash = 47 * hash + (this.relatedDependencies != null ? this.relatedDependencies.hashCode() : 0);
|
||||
return hash;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ package org.owasp.dependencycheck.dependency;
|
||||
/**
|
||||
* Evidence is a piece of information about a Dependency.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class Evidence implements Comparable<Evidence> {
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ import org.owasp.dependencycheck.utils.Filter;
|
||||
/**
|
||||
* Used to maintain a collection of Evidence.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class EvidenceCollection implements Iterable<Evidence> {
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ package org.owasp.dependencycheck.dependency;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class Identifier implements Comparable<Identifier> {
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@ import java.io.Serializable;
|
||||
* An external reference for a vulnerability. This contains a name, URL, and a
|
||||
* source.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class Reference implements Serializable, Comparable<Reference> {
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ import java.util.TreeSet;
|
||||
/**
|
||||
* Contains the information about a vulnerability.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class Vulnerability implements Serializable, Comparable<Vulnerability> {
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ import java.util.Comparator;
|
||||
|
||||
/**
|
||||
* Comparator for Vulnerability objects.
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class VulnerabilityComparator implements Comparator<Vulnerability>, Serializable {
|
||||
/**
|
||||
|
||||
@@ -28,7 +28,7 @@ import org.owasp.dependencycheck.data.cpe.Entry;
|
||||
* A record containing information about vulnerable software. This
|
||||
* is referenced from a vulnerability.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class VulnerableSoftware extends Entry implements Serializable, Comparable<VulnerableSoftware> {
|
||||
|
||||
|
||||
@@ -44,7 +44,7 @@ import org.owasp.dependencycheck.dependency.Dependency;
|
||||
* the generator uses the Velocity Templating Engine. The ReportGenerator exposes
|
||||
* a list of Dependencies to the template when generating the report.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class ReportGenerator {
|
||||
|
||||
@@ -193,6 +193,11 @@ public class ReportGenerator {
|
||||
OutputStream outputStream = null;
|
||||
|
||||
try {
|
||||
File foutDir = new File(outFileName).getParentFile();
|
||||
if (!foutDir.exists()) {
|
||||
foutDir.mkdirs();
|
||||
}
|
||||
|
||||
outputStream = new FileOutputStream(outFileName);
|
||||
writer = new OutputStreamWriter(outputStream, "UTF-8");
|
||||
//writer = new BufferedWriter(oswriter);
|
||||
|
||||
@@ -33,7 +33,7 @@ import org.apache.commons.cli.PosixParser;
|
||||
/**
|
||||
* A utility to parse command line arguments for the DependencyCheck.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class CliParser {
|
||||
|
||||
@@ -160,9 +160,6 @@ public final class CliParser {
|
||||
final Option help = new Option(ArgumentName.HELP_SHORT, ArgumentName.HELP, false,
|
||||
"print this message.");
|
||||
|
||||
final Option advancedHelp = new Option(ArgumentName.ADVANCED_HELP_SHORT, ArgumentName.ADVANCED_HELP, false,
|
||||
"shows additional help regarding properties file.");
|
||||
|
||||
final Option deepScan = new Option(ArgumentName.PERFORM_DEEP_SCAN_SHORT, ArgumentName.PERFORM_DEEP_SCAN, false,
|
||||
"extracts extra information from dependencies that may increase false positives, but also decrease false negatives.");
|
||||
|
||||
@@ -176,6 +173,18 @@ public final class CliParser {
|
||||
.withDescription("the name of the application being scanned.")
|
||||
.create(ArgumentName.APPNAME_SHORT);
|
||||
|
||||
final Option connectionTimeout = OptionBuilder.withArgName("timeout").hasArg().withLongOpt(ArgumentName.CONNECTION_TIMEOUT)
|
||||
.withDescription("the connection timeout (in milliseconds) to use when downloading resources.")
|
||||
.create(ArgumentName.CONNECTION_TIMEOUT_SHORT);
|
||||
|
||||
final Option proxyUrl = OptionBuilder.withArgName("url").hasArg().withLongOpt(ArgumentName.PROXY_URL)
|
||||
.withDescription("the proxy url to use when downloading resources.")
|
||||
.create(ArgumentName.PROXY_URL_SHORT);
|
||||
|
||||
final Option proxyPort = OptionBuilder.withArgName("port").hasArg().withLongOpt(ArgumentName.PROXY_PORT)
|
||||
.withDescription("the proxy port to use when downloading resources.")
|
||||
.create(ArgumentName.PROXY_PORT_SHORT);
|
||||
|
||||
final Option path = OptionBuilder.withArgName("path").hasArg().withLongOpt(ArgumentName.SCAN)
|
||||
.withDescription("the path to scan - this option can be specified multiple times.")
|
||||
.create(ArgumentName.SCAN_SHORT);
|
||||
@@ -192,8 +201,6 @@ public final class CliParser {
|
||||
.withDescription("the output format to write to (XML, HTML, ALL).")
|
||||
.create(ArgumentName.OUTPUT_FORMAT_SHORT);
|
||||
|
||||
//TODO add the ability to load a properties file to override the defaults...
|
||||
|
||||
final OptionGroup og = new OptionGroup();
|
||||
og.addOption(path);
|
||||
|
||||
@@ -207,7 +214,9 @@ public final class CliParser {
|
||||
opts.addOption(noupdate);
|
||||
opts.addOption(deepScan);
|
||||
opts.addOption(props);
|
||||
opts.addOption(advancedHelp);
|
||||
opts.addOption(proxyPort);
|
||||
opts.addOption(proxyUrl);
|
||||
opts.addOption(connectionTimeout);
|
||||
|
||||
return opts;
|
||||
}
|
||||
@@ -245,16 +254,6 @@ public final class CliParser {
|
||||
public void printHelp() {
|
||||
final HelpFormatter formatter = new HelpFormatter();
|
||||
final String nl = System.getProperty("line.separator");
|
||||
String advancedHelp = null;
|
||||
if (line != null && line.hasOption(ArgumentName.ADVANCED_HELP)) {
|
||||
advancedHelp = nl + nl
|
||||
+ "Additionally, the following properties are supported and can be specified either"
|
||||
+ "using the -p <file> argument or by passing them in as system properties." + nl
|
||||
+ nl + " " + Settings.KEYS.PROXY_URL + "\t\t the proxy URL to use when downloading resources."
|
||||
+ nl + " " + Settings.KEYS.PROXY_PORT + "\t\t the proxy port to use when downloading resources."
|
||||
+ nl + " " + Settings.KEYS.CONNECTION_TIMEOUT + "\t the connection timeout (in milliseconds) to use"
|
||||
+ nl + "\t\t\t when downloading resources.";
|
||||
}
|
||||
|
||||
formatter.printHelp(Settings.getString("application.name", "DependencyCheck"),
|
||||
nl + Settings.getString("application.name", "DependencyCheck")
|
||||
@@ -264,9 +263,6 @@ public final class CliParser {
|
||||
options,
|
||||
"",
|
||||
true);
|
||||
if (advancedHelp != null) {
|
||||
System.out.println(advancedHelp);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -308,6 +304,30 @@ public final class CliParser {
|
||||
return line.getOptionValue(ArgumentName.APPNAME);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the connection timeout.
|
||||
* @return the connection timeout
|
||||
*/
|
||||
public String getConnectionTimeout() {
|
||||
return line.getOptionValue(ArgumentName.CONNECTION_TIMEOUT);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the proxy url.
|
||||
* @return the proxy url
|
||||
*/
|
||||
public String getProxyUrl() {
|
||||
return line.getOptionValue(ArgumentName.PROXY_URL);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the proxy port.
|
||||
* @return the proxy port
|
||||
*/
|
||||
public String getProxyPort() {
|
||||
return line.getOptionValue(ArgumentName.PROXY_PORT);
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>Prints the manifest information to standard output.</p>
|
||||
* <ul><li>Implementation-Title: ${pom.name}</li>
|
||||
@@ -408,13 +428,29 @@ public final class CliParser {
|
||||
*/
|
||||
public static final String VERSION = "version";
|
||||
/**
|
||||
* The CLI argument name asking for advanced help.
|
||||
* The short CLI argument name indicating the proxy port.
|
||||
*/
|
||||
public static final String ADVANCED_HELP_SHORT = "ah";
|
||||
public static final String PROXY_PORT_SHORT = "p";
|
||||
/**
|
||||
* The short CLI argument name asking for advanced help.
|
||||
* The CLI argument name indicating the proxy port.
|
||||
*/
|
||||
public static final String ADVANCED_HELP = "advancedhelp";
|
||||
public static final String PROXY_PORT = "proxyport";
|
||||
/**
|
||||
* The short CLI argument name indicating the proxy url.
|
||||
*/
|
||||
public static final String PROXY_URL_SHORT = "u";
|
||||
/**
|
||||
* The CLI argument name indicating the proxy url.
|
||||
*/
|
||||
public static final String PROXY_URL = "proxyurl";
|
||||
/**
|
||||
* The short CLI argument name indicating the proxy url.
|
||||
*/
|
||||
public static final String CONNECTION_TIMEOUT_SHORT = "c";
|
||||
/**
|
||||
* The CLI argument name indicating the proxy url.
|
||||
*/
|
||||
public static final String CONNECTION_TIMEOUT = "connectiontimeout";
|
||||
/**
|
||||
* The short CLI argument name indicating a deep scan of the dependencies
|
||||
* should be performed.
|
||||
|
||||
@@ -35,7 +35,7 @@ import org.apache.commons.lang.StringUtils;
|
||||
* <p>Note, the parser contained in this class expects the version numbers to be
|
||||
* separated by periods. If a different seperator is used the parser will likely
|
||||
* fail.</p>
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DependencyVersion implements Iterable {
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ import java.util.regex.Pattern;
|
||||
* <p>A utility class to extract version numbers from file names (or other strings
|
||||
* containing version numbers.</p>
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class DependencyVersionUtil {
|
||||
/**
|
||||
|
||||
@@ -23,7 +23,7 @@ import java.io.IOException;
|
||||
/**
|
||||
* An exception used when a download fails.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DownloadFailedException extends IOException {
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@ import java.util.zip.InflaterInputStream;
|
||||
/**
|
||||
* A utility to download files from the Internet.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class Downloader {
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ import java.io.IOException;
|
||||
/**
|
||||
* A collection of utilities for processing information about files.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class FileUtils {
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@ import java.io.IOException;
|
||||
/**
|
||||
* An exception used when an error occurs reading a setting.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class InvalidSettingException extends IOException {
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ import java.io.InputStream;
|
||||
* processes the stream from closing it. This is necessary when dealing with
|
||||
* things like JAXB and zipInputStreams.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class NonClosingStream extends FilterInputStream {
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ import java.util.logging.Logger;
|
||||
/**
|
||||
* A simple settings container that wraps the dependencycheck.properties file.
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public final class Settings {
|
||||
|
||||
@@ -37,7 +37,6 @@ public final class Settings {
|
||||
* The collection of keys used within the properties file.
|
||||
*/
|
||||
public static final class KEYS {
|
||||
|
||||
/**
|
||||
* private constructor because this is a "utility" class containing constants
|
||||
*/
|
||||
@@ -45,6 +44,12 @@ public final class Settings {
|
||||
//do nothing
|
||||
}
|
||||
|
||||
/**
|
||||
* The properties key indicating whether or not the cached data sources
|
||||
* should be updated.
|
||||
*/
|
||||
public static final String AUTO_UPDATE = "autoupdate";
|
||||
|
||||
/**
|
||||
* The properties key for the path where the CPE Lucene Index will be
|
||||
* stored.
|
||||
@@ -145,7 +150,7 @@ public final class Settings {
|
||||
try {
|
||||
props.load(in);
|
||||
} catch (IOException ex) {
|
||||
Logger.getLogger(Settings.class.getName()).log(Level.SEVERE, null, ex);
|
||||
Logger.getLogger(Settings.class.getName()).log(Level.SEVERE, "Unable to load default settings.", ex);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
application.name=${pom.name}
|
||||
application.version=${pom.version}
|
||||
autoupdate=true
|
||||
|
||||
# the path to the lucene index to store the cpe data
|
||||
cpe=data/cpe
|
||||
@@ -8,7 +9,6 @@ cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-diction
|
||||
# the path to the cpe meta data file.
|
||||
cpe.meta.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.meta
|
||||
|
||||
|
||||
# the path to the lucene index to store the nvd cve data
|
||||
cve=data/cve
|
||||
# the path to the nvd cve "meta" page where the timestamps for the last update files can be found.
|
||||
|
||||
@@ -16,7 +16,7 @@ along with Dependency-Check. If not, see http://www.gnu.org/licenses/.
|
||||
|
||||
Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
|
||||
@author Jeremy Long (jeremy.long@gmail.com)
|
||||
@author Jeremy Long (jeremy.long@owasp.org)
|
||||
@version 1
|
||||
*#
|
||||
|
||||
@@ -314,7 +314,11 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
#end
|
||||
<p>
|
||||
#if ($dependency.license)
|
||||
#if ($dependency.license.startsWith("http://"))
|
||||
<b>License:</b><pre class="indent"><a href="$esc.html($dependency.license)">$esc.html($dependency.license)</a></pre>
|
||||
#else
|
||||
<b>License:</b><pre class="indent">$esc.html($dependency.license)</pre>
|
||||
#end
|
||||
#end
|
||||
<b>File Path:</b> $esc.html($dependency.FilePath)<br/>
|
||||
<b>MD5:</b> $esc.html($dependency.Md5sum)<br/>
|
||||
@@ -368,7 +372,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
#foreach($related in $dependency.getRelatedDependencies())
|
||||
<li>$esc.html($related.FileName)
|
||||
<ul>
|
||||
<li>File Path: $esc.html($dependency.FilePath)</li>
|
||||
<li>File Path: $esc.html($related.FilePath)</li>
|
||||
<li>SHA1: $esc.html($related.Sha1sum)</li>
|
||||
<li>MD5: $esc.html($related.Md5sum)</li>
|
||||
</ul>
|
||||
@@ -394,7 +398,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
#foreach($id in $dependency.getIdentifiers())
|
||||
##yes, we are HTML Encoding the href. this is okay. We can't URL encode as we have to trust the analyzer here...
|
||||
<li><b>$esc.html($id.type):</b> <a href="$esc.html($id.url)" target="_blank">$esc.html($id.value)</a>
|
||||
#if( $id.descrription )
|
||||
#if( $id.description )
|
||||
<br/>$esc.html($id.description)
|
||||
#end
|
||||
</li>
|
||||
|
||||
@@ -16,7 +16,7 @@ along with Dependency-Check. If not, see http://www.gnu.org/licenses/.
|
||||
|
||||
Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
|
||||
@author Jeremy Long (jeremy.long@gmail.com)
|
||||
@author Jeremy Long (jeremy.long@owasp.org)
|
||||
@version 1
|
||||
*#<?xml version="1.0"?>
|
||||
<analysis xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check">
|
||||
|
||||
@@ -29,7 +29,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class EngineIntegrationTest {
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class AbstractAnalyzerTest {
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class AnalyzerServiceTest {
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class FileNameAnalyzerTest {
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class JarAnalyzerTest {
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public abstract class BaseIndexTestCase {
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@ import org.owasp.dependencycheck.dependency.Identifier;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class CPEAnalyzerTest extends BaseIndexTestCase {
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ import org.junit.Assert;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class EntryTest {
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class IndexIntegrationTest {
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ import org.junit.Test;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class IndexTest {
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class CweDBTest {
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class FieldAnalyzerTest {
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class LuceneUtilsTest {
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ import org.owasp.dependencycheck.utils.Settings;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public abstract class BaseDBTestCase extends TestCase {
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ import org.junit.Test;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DatabaseUpdaterIntegrationTest {
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class NvdCve_1_2_HandlerTest {
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class NvdCve_2_0_HandlerTest {
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DependencyTest {
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class VulnerableSoftwareTest {
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ import org.junit.Test;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class ReportGeneratorTest {
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ import org.junit.Test;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class ChecksumTest {
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ import org.junit.Test;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class CliParserTest {
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DependencyVersionUtilTest {
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class DownloaderIntegrationTest {
|
||||
|
||||
|
||||
@@ -28,7 +28,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class FileUtilsTest {
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class FilterTest {
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ import org.junit.Test;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Jeremy Long (jeremy.long@gmail.com)
|
||||
* @author Jeremy Long (jeremy.long@owasp.org)
|
||||
*/
|
||||
public class SettingsTest {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user